Theory of Numbers (V63.0248) Professor M.

Hausner
Summary of lectures.
Monday, May 14.
Divisibility. The integers Z and the natural numbers N. (Non-negative integers)
The well-ordered property on N. (Every nonempty subset of N has a least.)
Notation a[b and a ,[ b.
Elementary divisibility theorems:
a[b and b[c a[c.
a[b and a[c a[(xa + yb) for all integers x, y.
a[0, a[a, 1[a.
a[b and b[a [a[ = [b[.
The Division Algorithm. For a, b > 0, there are numbers q and r, called the quotient and
the remainder such that a = bq + r with 0 r < b. Proved using well ordering.
Denition of (a, b), the greatest common divisor (GCD) of a and b.
The Euclidian Algorithm to compute the GCD of two numbers. Illustration and sample
format: Find (30,105):
Numerator Denominator Quotient Remainder
105 27 3 24
27 24 1 3
24 3 8 0
So (30, 105) = 3, the last non-zero remainder. Using this algorithm, we showed
Theorem. The GCD of a and b is a linear combination of a and b: (a, b) = xa + yb. The
text shows that (a, b) is the least positive value of all linear combinations xa + yb when a
and b are not both 0.
An important consequence of this theorem, proved in class, is the important:
a[bc and (a, b) = 1 a[c.
Note that the condition (a, b) = 1 states that a and b have no common divisors except the
obvious 1. In this case, we say that a and b are relatively prime.
1
Primes.
Theorem. Every integer greater than 1 is a product of prime. We proved this using the
well ordered property of the natural numbers.
Theorem. There are innitely many primes. We gave Euclids proof. Add 1 to the product
of all primes up through p and we either get a prime or a number divisible by a prime greater
than p.
***********************
Tues. May 15th
More on Divisibility.
Theorem. In any set of r consecutive numbers, one is divisible by r.
The proof is by induction on n. We show that one of n, n+1, . . . , n+r 1 is divisible by r.
It is true for n = 0 since r[0. Assuming it true for n = k, we prove it for n = k + 1 b y
separating into 2 cases: Either r[k or r ,[k. We leave out the details here.
An alternative proof, as in the text, that (a, b) is a linear combination of a and b. This
also works for the GCD of more than 2 numbers. This proof is an existence proof, but does
not yield an eective way of actually computing the linear combination. Letting M = the
set of all linear combinations xq + yb. Assuming that a and b are not both 0, M contains
a positive element. Let D be the smallest positive element of M. Writing D = ax
0
+ by
0
,
we rst show that D[a and D[b - that is, D is a common divisor of a and b. To show that
D[a, use the division algorithm to write a = Dq + r where 0 r < D. Solving for r using
D = ax
0
+ by
0
,, we nd that r is in M. Since it is less than D it cant be positive, since
D is the least positive element of M. Since 0 r, we must have r = 0, showing that D[a.
Similarly we can show D[b.
To show that D is the greatest common divisor of a and b, suppose c is a common divisor:
c[a and c[b. Then c[ax
0
+by
0
, so c[D. This shows that c D and incidentally shows that D
is a multiple of and common divisor of a and b.
More on Primes. We rst need the following
Theorem: If p is prime and p[ab, then p[a or p[b.
For the proof, suppose p does not divide a. The only common (positive) divisor of p and a
is 1. So (p, a) = 1, Since p[ab, we must have p[b. So either p[a or p[b.
Similarly, by induction we have: If p[a
1
a
3
a
n
, then p[a
i
for some i.
Theorem: The Unique Factorization Theorem. Let n > 1. Then any two factoriza-
tions of n are the same, except for the order of the factors.
For a proof, suppose this is not true. Then let N be the least number for which N does not
2
have a unique factorization. Then we have
N = p
1
p
r
= q
1
q
s
where the ps and qs are all primes and the factorization is dierent. Then p
1
[N so p
1
[q
1
q
s
.
So p
1
divides one of qs. Rearranging the qs, we may suppose p
1
[q
1
. Since the qs are primes,
we must have p
1
= q
1
. Dividing the equation by p
1
, we get
N/p
1
= p
2
p
r
= q
2
q
s
Since N was the least number with no unique factorization, and N/p
1
< N, this latter
factorization is the same except for order. So the original factorization was the same and
this is a contradiction proving the theorem.
Binomial Coecients.
These are a double array of numbers
_
n
r
_
dened for all integers r and n 0. We showed
that the following denitions are all equivalent.
I. Recursive Denition as in the Pascal Triangle:
A:
_
0
0
_
= 1,
_
0
r
_
= 0 for r ,= 0.
B:
_
n
r
_
=
_
n 1
r
_
+
_
n 1
r 1
_
for n > 0.
In the usual Pascal triangle, n is the row, and r is the column.
II. Formula Denition.
_
n
r
_
=
n!
r!(n r)!
, (0 r n) else
_
n
r
_
= 0.
III. Binomial Theorem Formulation.
(1 + x)
n
=
n

r=0
_
n
r
_
x
r
.
IV. Combinatoric Formulation.
_
n
r
_
is the number of subsets of size r of a set having n elements.
In lecture, we showed that II, and IV were equivalent to I, since they satisfy the same
recursive equation as in I. We can also show III is equivalent to I, using the identity (1+x)
n
=
(1 + x)(1 + x)
n1
and (1 + x)
0
= 1.
Some consequences, easily proved from this.
1.
_
n
r
_
is a non-negative integer, and
_
n
r
_
> 0 for 0 r n.
3
2. The product of r consecutive number is divisible by r!. In fact,
n(n 1) (n r + 1)
r!
=
_
n
r
_
3.
_
p
r
_
is divisible by p if 0 < p < r.
1
Wed, May 16.
Table of Primes and the Sieve of Eratosthenese.
This is an ancient method useful for creating relatively small tables of primes. To form a
table of primes from 2 to n, start with 2 and eliminate all multiples of 2 from 2 time 2 on.
The next number not eliminated is 3. It is a prime, and then eliminate all multiples of 3
from 3 time 3 on. The next number not eliminated is 5. It is prime and then eliminate
all multiples of 5 from 5 times 5 on. Continue up to

n. At this point, all numbers not
eliminated from 2 to n will be primes. This method is based on the result: If n is composite,
it will have a divisor d satisfying 1

n.
The problem of factoring large numbers (say 128 digits!) is extremely dicult and there are
very few algorithms to simplify this process.
Congruences.
Denition. a b mod n is dened to mean n[(b a). A few elementary results are
1. a a mod n (Reexive property).
2. If a b mod n then b a mod n (Symmetric property).
3. If a b mod n and b c mod n then a c mod n (Transitive property.)
4. If a b mod n then a + x b + x mod n.
5. If a b mod n then ax bx mod n.
6. If a b mod n and c d mod n then a + c b + d mod n.
7. If a b mod n and c d mod n then ac bd mod n.
8. If a b mod n then a
k
b
k
mod n.
Denition. A complete residue system mod n is a set of n numbers r
1
, r
2
, . . . , r
n
such
that no two are congruent mod n. That is: If r
i
r
j
mod n then i = j. The standard
complete residue system mod n are the remainders mod n: 0, 1, . . . , n1. We showed that
any complete residue system is (mod n) a rearrangement of the standard complete residue
system. Further, that any integer a is congruent mod n to one and only one number in a
complete residue system.
Denition. (n) is dened as then number of integers between 1 and n which are relatively
prime to n. For example, (8) = 4 since the numbers between 1 and 8 which are relatively
1
The letter p is always used in these notes to designate a prime.
4
prime to 8 are 1, 3, 5, 7. (4 in all). We stated, without proof, that (n) = n

p|n
p 1
p
. For
example, (8) = 8 1/2 = 4 and (21) = 21 (2/3) (6/7) = 12.
Denition. A reduced residue system mod n is a set of (n) numbers r
1
, r
2
, . . . , r
(n
, all
relatively prime to n such that no two are congruent mod n. That is: If r
i
r
j
mod n
then i = j. The standard reduce residue system mod n are the remainders mod n which
are relatively prime to n. For example, the standard reduced residue system mod 8 is 1,
3, 5, 7. We showed that any reduced residue system is (mod n) a rearrangement of the
standard reduced residue system. Further, that any integer a which is relatively prime to n
is congruent mod n to one and only one number in a reduced residue system.
Some results on division put into congruence form.
1. If ab 0 mod n and (a, n) = 1 then b 0 mod n.
This is equivalent to: If n[ab and (n, a) = 1, then n[b.
From this we easily show
The Cancelation Law.
if ax ay mod n and (a, n) = 1 then x y mod n.
If n is prime this is simply
If ax ay mod p and a , 0 mod p then x y mod p.
Note the similarity with the familiar algebraic law if congruence is replace by equality:
If ax = ay and a ,= 0 then x = y.
The result for primes is equivalent to
If ab 0 mod p then a 0 mod p or b 0 mod p.
Using these results, we have
Theorem: . If r
1
, . . . , r
n
is a complete residue system mod n and (a, n) = 1, then so is If
ar
1
, . . . , ar
n
. Similarly, if r
1
, . . . , r
(n)
is a reduced residue system mod n and (a, n) = 1, then
so is If ar
1
, . . . , ar
n
.
The proof uses the denition and cancelation. For example, 0, 1, 2, 3 Is a complete residue
system mod 4. Multiplying by 3, we have 0, 3, 6, 9 is also a complete residue system mod 4.
We can now prove Fermats Theorem
2
:
Theorem: If a is not divisible by p then a
p1
1 mod p
Proof: 1, 2, . . . , p 1 is a reduced residue system mod p. Therefore, so is a, 2a, . . . , a(p 1),
Since this latter is a rearrangement of the former, mod p, the product of the numbers in the
former system is congruent to the product of the numbers in the latter:
(p 1)! (p 1)!a
p1
mod p
We get the result by canceling of (p 1)!.
2
Also called Fermats Little Theorem to distinguish it from the so-called Fermats Last Theorem.
5
Working with a reduced residue system, the same method gives Eulers generalization of this
result.
Theorem: If (a, n) = 1, then
a
)n)
1 mod n
Thur, May17th
We reviewed the previous lecture.
Denition of inverse If ab 1 mod n, we say that a and b are inverses mod n. Also, b is
called the inverse of a mod n. The relation is symmetric: a is also the inverse of b mod n.
We write b = a mod n.
Note: a has an inverse mod n if and only if (a, n) = 1. To see this, rst suppose that
(a, n) = 1. Then we have 1 = ax + ny for some x, y. Then 1 ax + ny ax mod n. So x
is the inverse of a mod n. Conversely, if a has an inverse b mod n, we have ab 1 mod n
so n[(ab 1) and ab 1 = nq. This shows that any divisor of a and n must also divide 1.
Thus (a, n) = 1.
When is x its own inverse mod p? The answer is x 1 or x 1 mod p.
Theorem: x
2
1 mod p if and only if x 1 mod p.
Proof: If x
2
1 mod p, then x
2
1 0 mod p, or (x 1)(x + 1) 0 mod p This implies
x 1 mod p. These steps are all reversible.
Thus, Inverses occur in distinct pairs, with the exception of 1 and 1 which are their own
inverses.
Note: This result is not true if n is not a prime. For example (mod 8), 1
2
3
2
5
2
7
2

1 mod 8. I may have incorrectly used this result for non-primes in class.
This allows us to prove
Wilsons Theorem. (p 1)! 1 mod p.
Proof: This is true, and uninteresting for p = 2.. When p is odd, we look at the factorization
of (p1)! = 123 (p2)(p1). Except for the extreme factors 1 and (p1) ( 1 mod p),
the factors pair o into numbers and their inverse mod p. Any such pair multiplies out to 1
mod p. So the entire product is congruent to 1 (p 1) 1 mod p.
Note: The generalization mod n, as stated in class, is wrong for the reasons stated above.
This result allows us to answer the question: For what primes p can the congruence x
2

1 mod p be solved?
Theorem: The congruence x
2
1 mod p can be solved if and only if p = 2 or p = 4n + 1
for some n, or simply p 1 mod 4.
For example x
2
1 mod 41 can be solved, while x
2
1 mod 43 cannot. (The former
6
has the solution x 9 or 9 32 mod 41.)
Proof: p = 2 is trivial. Note that an odd prime is either of the form 4n + 1 or 4n + 3. We
separate the cases.
1. If p = 4n + 3, we show that we cannot have x
2
1 mod p. For suppose we had a
solution. Raise both sides to the power (p 1)/2 = 2n + 1 to get x
p1
(1)
2n+1
mod p.
But using Fermats theorem, this gives 1 1 mod p which is a contradiction.
2, Suppose p = 4n + 1. We use Wilsons theorem to get (4n)! 1 mod (4n + 1). This is
(1 2 3 2n)(2n + 1)(2n + 2) (4n 1)(4n) 1 mod (4n + 1).
This is equivalent to
(1 2 3 (2n)(2n)((2n 1)) (2)(1) 1 mod (4n + 1).
or simply (2n!)
2
1 mod p. So the solution of x
2
1 mod p is
_
p1
2
_
! Perhaps this is
best illustrated numerically for p = 13: 12! 1 mod 13 by Wilsons theorem. But
12! = 1 2 3 6 7 8 11 12 6!(6)(5) (2)(1) = 6!
2
mod 13
Mon, May 21
Review of some factoring results in algebra.
x
n
1 = (x 1)(1 + x + x
2
+ . . . + x
n1
)
This is the geometric series result. As a consequence, it follows that x
n
1 is composite
if x > 2 and n 2. However, even x = 2 is covered here if n is composite. For example, if
n = rs, 2
n
1 = 2
rs
1 = y
s
1 where y = 2
r
, and so has a factor y 1 = 2
r
1. For
example, 2
9
1 has a factor 2
3
1 = 7. Otherwise stated, the only possible primes of the form
2
n
1 are those primes of the form P = 2
p
1. These are called Mersenne primes
3
The
complete list of Mersenne primes through p = 257 are p = 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107
and 127. The primes turn up in the study of perfect numbers which we shall discuss later.
A similar factoring result in algebra involves odd powers:
x
2n+1
= (1 + x)
2n

k=0
(1)
k
x
k
= (1 + x)(1 x + x
2
. . . + x
2n2
x
2n1
+ x
2n
).
A consequence of this factorization is that any number of the form 2
n
where n has an odd
factor, is composite. For example, 2
15
+ 1 can be written (2
3
)
5
) + 1 = 8
5
+ 1 is divisible
by 2
3
+ 1 = 9. So the only primes of the form 2
k
+ 1 must have no odd divisors of k.
These are the numbers 2
2
n
+ 1. A prime number of the form 2
2
n
+ 1 is called a Fermat
3
After Marin Mersenne (1588-1648) who (incorrectly) listed alleged primes of this sort up to p = 257.
7
prime, after Fermat, who conjectured that all numbers of this form were prime. The rst
ve numbers of this form are 3, 5, 27, 257, and 65,537, which are in fact prime. The next is
4,294,967,297 which is not a prime it has the factor 641, In fact, no Fermat prime beyond
these 5 have been discovered, and it is not known if any exist. These primes turn up in
an unexpected way in geometry. Gauss proved that if p is a Fermat prime, then there is a
geometric construction using straight edge and compass constructing a regular polygon with
p sides. In fact, a regular polygon with n sides is constructible if and only if n is the product
of distinct Fermat primes and some power of 2.
Solving congruences. We rst practice computing solutions of linear congruences of the
form ax b mod p. For example, lets solve
31x 14 mod 83
We multiply the equation to bring the coecient of x closer to the modulus. Here, multi-
plying by 3 does it. Multiply by 3 to get
93x 42 mod 83
Now reduce the coecient of x mod 83:
10x 42 mod 83
Divide by 2:
5x 21 mod 83
Now again, multiply by 17 and reduce mod 83
85x 357 mod 83
2x 25 mod 83
Add 83 to make 25 even.
2x 108 mod 83
So the solution is
x 54 mod 83.
Of course, we know that if (a, n) = 1, we have ax + ny = 1 for an x, y pair derivable
from the Euclidean algorithm. This gives us ax 1 mod n. So by multiplying by b we get
abx b mod n, So y = ax solves the congruence ay b mod n. The method shown here
simplies it, from a practical standpoint, at least without a computer.
The Chinese Remainder Theorem. This states that if (m, n) = 1, the simultaneous
congruences
x r
1
mod m, x r
2
mod n
8
have a unique solution mod mn : x r mod mn.
We can see how to calculate the solution with the help of an example: Solve
x 7 mod 11, x 12 mod 17
Method: Rewrite the rst congruence as x = 7 + 11s. (s is arbitrary.). Substitute in
the second to get 7 + 11s 12 mod 17, or 11s 5 mod 17. Coincidentally, this is easy,
because we can write 5 22 mod 17, So we have 11s 22 mod 17, and canceling 11, we get
s 2 mod 17. Rewrite as s = 2+17t, and substitute into the original s equation x = 7+11s
to get x = 7 + 11(2 + 17t) = 29 + 189t. So nally, we can write this as x 29 mod 189.
More generally, the Chinese Remainder Theorem states that the k congruences x r
i
mod
n
i
, i = 1, . . . , k have a unique solution mod n
1
n
k
provided (n
i
, n
j
) = 1 for i ,= j.
Tues, May 22.
Proof of the Chinese Remainder Theorem. We illustrate by taking m = 4, n = 5 so
mn = 20. Take any number r from the complete residue system mod 20. and reduce it mod
4 to nd r
1
and then mod 5 to nd r
2
.. For example, take r = 14. Then r
1
= 14 mod 4 = 2
and r
2
= 14 mod 5 = 4. Then put 14 in the row 2 (r
1
) and column 4 (r
2
). Similarly, r = 7
yields r
1
= 3 and r
2
= 2. Finally ,choosing r = 16, we get r
1
= 0 and r
2
= 1. So we put 16
in row 0, column 1. These examples are indicated in the table below.
0 1 2 3 4
0 16
1
2 14
3 7
If we do this for every r between 0 and 19 inclusive, we end up with the following table
0 1 2 3 4
0 0 16 12 8 4
1 5 1 17 13 9
2 10 6 2 18 14
3 15 11 7 3 19
In this example, the 20 numbers from 0 through 19, all t into dierent locations and all
locations are lled. Note that there are 20 locations, so once we know that they all t into
dierent locations, we know that all locations are lled (and conversely). We can now give the
proof of the Chinese Remainder Theorem. Suppose that n, m) = 1. Let 0 r mn1. For
any such r dene r
1
= r mod m and r
2
= r mod n. We now show that the map r (r
1
, r
2
).
9
To prove this, suppose r and s both map onto (r
1
, r
2
). Then by denition r r
1
mod m
and s r
1
mod m. So r s mod m. Similarly, r s mod n. Since (m, n) = 1, this implies
r s mod mn. Therefore the map r (r
1
, r
2
) is 1-1. And therefore, the map is onto all
ordered pairs (a, b) where 0 a m1 and 0 b n1. Thus, the system x a mod m
and x b mod n has a unique solution mod mn.
Proof of the formula for (n). If we go through the proof of the Chinese Remainder
Theorem, using only integers r relatively prime to mn, we can compute (mn) in terms of
(m) and (n). Let r
1
= r mod m and r
2
= r mod n. For suppose (r, mn) = 1. Then,
If r
1
= r mod m then (r
1
, m) = 1, similarly, If r
2
= r mod n then (r
1
, n) = 1, So both
r
1
and r
2
are relatively prime to m and n respectively. Also, if (r, mn) = d > 1, then
some prime number p divides r and mn. Suppose, for example, that p divides m. Then since
r
1
= r mod m. Since p[m, we have r
1
r 0 mod m, This shows that if r
1
, m) = (r
2
, n) = 1,
we must have (r, mn) = 1. In terms of the table above, this shows that if we eliminate the
rows which are not relatively prime to m and the columns which are not relatively prime to
n, we are left with precisely those r which are relatively prime to mn. Thus, we have the
important result
(mn) = (m)(n) if (m, n) = 1
We say that is a multiplicative function. In general, a function f is said to be multiplicative
if f(mn) = f(m)f(n) when (m, n) = 1.
The above result is enough to show how to calculate (n) for any n. We rst nd (n) for
any prime power p
a
). In the range from 1 through p
a
, the multiples of p are the only ones
not relatively prime to p
a
. These are 1 p, 2 p, . . . , p
a1
p. There p
a1
of these. Thus there
are p
a
p
a1
= p
a1
(p 1) in the range from 1 though p
a
which are relatively prime to p
a
.
This gives
(p
a
) = p
a1
(p 1) = p
a
p 1
p
Using multiplicity, and factoring n into a product of prime powers, we have
(n) = n

p|n
p 1
p
We also showed that if we set d(n) equal to the number of divisors of n, then d(n) is
multiplicative. Since d(p
a
) = a + 1 (clearly), we nd
d(

i
p
a
1
i
) =

i
(a
i
+ 1)
Numbers Which are the Sum of Squares.
We rst note that numbers of the form 4n+3 cannot be the sum of two squares. To see
this, we need only consider odd and even possibilities. Suppose we have n = a
2
+ b
2
. Then,
10
depending on whether a and b are even or odd, we have a
2
0 or 1 mod 4, and similarly for
b
2
. Thus a
2
+ b
2
0, 1, or 2 mod 4. So n = a
2
+ b
2
3 mod 4 is not possible.
Of course, the even prime 2=1+1 is the sum of two square. We now consider primes of the
from 4n + 1.
Theorem: Any prime of the form 4n + 1 is the sum of two square.
The proof uses the pigeonhole (or shoe-box) principle. Let p = 4n + 1. Take K = [

p].
4
Then K <

p < K + 1. Since p 1 mod 4, we can solve the equation x
2
1 mod p.
Using this x, we form the numbers u +xv for all pairs (u, v) where 0 u, v K. There are
(K + 1)
2
pairs, and since

p < K + 1., we have p < (K + 1)
2
, there are more than p such
pairs. Therefore some two dierent numbers of the form u + xv are congruent mod p, say
u
1
+ xv
1
u
2
+ xv
2
mod p. This is equivalent to a + xb 0 mod p, where a = u
1
u
2
and
b = v
1
v
2
. Since (u
1
, v
1
) and (u
2
, v
2
) are dierent,, we have a
2
+ b
2
> 0. Now write the
congruence as a xb mod p. Squaring, we get a
2
x
2
b
2
b
2
mod p or a
2
+b
2
0 mod p.
We had 0 u
1
K <

p, and 0 u
2
K <

p. So 0 u
1
<

p, and

p < u
2
0.
Adding these inequalities we get

p < u
1
u
2
= a <

p. Similarly,

p < b <

p.
Thus, a
2
+b
2
< 2p. But we have a < 0
2
+b
2
and a
2
+b
2
0 mod p. Therefore, a
2
+b
2
= p.
This proves the result.
We now show that the product of two numbers which are the sum of two squares is also a
sum of 2 squares, This is simple algebra:
(a
2
+ b
2
)(c
2
+ d
2
) = (ac + bd)
2
+ (ad bc)
2
We also note the obvious fact that 2 = 1 + 1 is the sum of two squares. We therefore have
the following result
Theorem: Let n = 2
a
p
b
1
1
p
br
r
q
2c
1
1
q
2cs
s
where p
i
is a prime of the from 4n + 1 and q
j
is
a prime of the form 4n + 3. Then n is the sum of two squares.
Wed., May 23
We now show that conversely, if n is the sum of two squares, then n = 2
a
p
b
1
1
p
br
r
q
2c
1
1
q
2cs
s
where p
i
is a prime of the from 4n + 1 and q
j
is a prime of the form 4n + 3. To do this, we
need the following result.
Theorem: If n = a
2
+b
2
, q is a prime of the form 4k +3 and q[n, then q[a, q[b, and so q
2
[n.
Proof: We have
a
2
+ b
2
0 mod q.
We claim that q[a. For if not, a , 0 mod q, and so a has an inverse mod q: aa 1 mod q.
4
We use [x] to mean the greatest integer in x.
11
Multiply the congruence by a to get
(aa)
2
+ (ab)
2
0 mod q, or 1 + (ab)
2
0 mod q
Thus, the congruence x
2
1 mod q has the solution x ab mod q. But this is impossible
by a previous theorem since q 3 mod 4. This contradiction shows that q[a. Similarly, q[b.
Therefore q
2
[n = a
2
+ b
2
. This proves the result.
Now suppose n = 2
a
p
b
1
1
p
br
r
q
c
1
1
q
cs
s
= a
2
+ b
2
where p
i
is a prime of the from 4n + 1 and
q
j
is a prime of the form 4n +3. If q
j
appears in this factorization, then q
j
[a, q
j
[a, and q
2
j
[n.
So c
j
2 and we have n/q
2
j
= (a/q
j
)
2
+(b/q
j
)
2
. Continuing this process until all the qs are
eliminated, we nd that all the exponents of the qs are even. This is the result.
Pythagorean Triples. These are positive integers a, b, c satisfying
a
2
+ b
2
= c
2
.
Note that if p divides any two of a, b, c it divides the third. In that case, we have (a/p)
2
+
(b/p)
2
= (c/p)
2
. continuing this process we arrive at positive integers a, b, c satisfying
a
2
+ b
2
= c
2
, in which any two of these are relatively prime. This is called relatively prime
in pairs. Such a triple (a, b, c) is called a primitive Pythagorean triple. We now characterize
these.
Since (a, b) = 1, both cant be even. But also, both cant be odd. For if a and b were both
odd, we would have a
2
1 mod 4 and b
2
1 mod 4. So c
2
= a
2
+ b
2
2 mod 4. This is
impossible because the square of an even number is congruent to 0 mod 4. So with no loss
in generality, we take a odd, and b even. Since c
2
a
2
= b
2
, we can factor and divide by 4
to get
c a
2

c + a
2
=
_
b
2
_
2
But
c a
2
and
c + a
2
are relatively prime. To see this, suppose d divides each of them. Then
d would divide their sum c and their dierence a. Thus d = 1. But if the product of relatively
prime numbers is a square, each must be a square. Thus
c + a
2
= r
2
,
c a
2
= s
2
where r and s are relatively prime. Solving for c and a, we get c = r
2
+s
2
, and a = r
2
s
2
.
Sing b
2
= c
2
a
2
, we get b
2
= 4r
2
s
2
, so b = 2rs. Since c
2
and a
2
are the sum and dierence
of r
2
and s
2
, we must also have r and s of dierent parities.
5
Summarizing, all positive
primitive solutions of the equation a
2
+b
2
= c
2
, with b even, are given by the two parameter
system
a = r
2
s
2
, b = 2rs, c = r
2
+ s
2
, where r > s, (r, s) = 1, and r + s is odd.
5
This means that one is odd and one is even.
12
The rings Z
n
and the elds Z
p
.
For xed n > 0, we want to identify two numbers which are congruent mod n. For example,
we are accustomed to talk about even and odd numbers. Here we identify any numbers
congruent to 1 mod 2 as odd., and similarly for even. For any n > 0, we let a = the set
of all b a mod n. For example, if n = 2, 0 is the set of even numbers and 1 is the set of
odd numbers. For any n, we have for xed n,
a = b if and only if a b mod n
The eect of the overbar notation is to replace congruence mod n with equality.
6
We dene
Z
n
as the nite set 0, 1, . . . , n 1. In Z
n
we can dene addition and multiplication by the
formulas:
a b = ab and a + b = a + b
We can replace 0, 1,. . . , n 1 by any complete residue system mod n. Z
n
is a ring. This is
a term in algebra in which the usual laws of algebra hold. The exception is that there might
be non-zero elements without inverse. For example, In Z
6
, 2, 3, and 4 have no inverses. We
can construct addition and multiplication tables in Z
n
. The following table gives addition
and multiplication tables in Z
6
. From now on we omit the overbar, and simply write aas a.
NO confusion will occur, if we note that we are working in [Z
n
.
Z
6
:
+ 0 1 2 3 4 5
0 0 1 2 3 4 5
1 1 2 3 4 5 0
2 2 3 4 5 0 1
3 3 4 5 0 1 2
4 4 5 0 1 2 3
5 5 0 1 2 3 4
0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 0 2 4
3 0 3 0 3 0 3
4 0 4 2 0 4 2
5 0 5 4 3 2 1
For primes p, the algebra in [Z
p
is more like ordinary algebra because any element unequal
to 0 has an inverse. In such cases, the ring is called a eld. Here are similar tables for Z
5
.
Z
5
:
+ 0 1 2 3 4
0 0 1 2 3 4
1 1 2 3 4 0
2 2 3 4 0 1
3 3 4 0 1 2
4 4 0 1 2 3
0 1 2 3 4
0 0 0 0 0 0
1 0 1 2 3 4
2 0 2 4 1 3
3 0 3 1 4 2
4 0 4 3 2 1
6
More accurately, we should write a
n
instead of a, but in any context, we try to make it clear what the
underlying n is.
13
Note the 1s in the body of the multiplication tables. These occur when the row and column
corresponding to the 1 are inverses. For the Z
p
column, a 1 appears once in each row and
column other than the 0 row and column. We can see this above for Z
5
. We see that this
fails if n is composite, as in the multiplication table for Z
6
.
Thur., May 24
Lagranges Four Square Theorem.
This famous theorem states that ever positive number is the sum of four squares.
We started the proof, but left it unnished, referring the class to classic text by Hardy and
Wright, The Theory of Numbers Oxford at the Clarendon Press. This was rst published in
1938 and contains many beautiful results and methods. The Lagrange theorem is on page
302. It is accessible to anyone in the class, and uses little more than congruences.
The factorization of n! If p is a prime not more than n, we can nd the highest power
a of p which divides n! The text uses the notation p
a
[[n! The double divisor sign is used to
indicate that p
a
[n! but p
a+1
n! We illustrate by nding a such that 3
a
[[100! First pull out
all multiples of 3 from any of the factors of 100!
100! = 1 2 3 6 9 96 99 100 = 3
33
1 2 32 33 K
where (K, 3) = 1. (We will use K generically in this way.)
Tues., May 29
A number is said to be perfect if the sum of its proper divisors
7
is equal to that number.
For example, 6 is a perfect number: 6 = 1 + 2 + 3. In this section we show how to nd all
even perfect numbers. to date, no odd perfect number has been found, and it is not known
if there are any. We start with a denition:
(n) is the sum of all divisors of n. We write (n) =

d|n
d.
Thus the condition that a number n is perfect is (n) = 2n. This is so because (n) includes
the proper divisors and also n. We now show that (n) is multiplicative; i.e. if (m, n) = 1
then (mn) = (m)(n). To see this, let d
1
, . . . , d
j
be the divisors of m and let e
1
, . . . , e
k
be the divisors of n. Then d
r
e
s
is a divisor of mn and all divisors are of this form. Since
(m, n) = 1, a little consideration using unique factorization shows that all of the d
r
e
s
are
distinct. Therefore
(m)(n) = (

r
d
r
)(

s
e
s
) = (

r,s
d
r
e
s
) = (mn)
This easily permits us to compute (n), once we know its prime factorization. We rst
compute (p
a
):
(p
a
) = 1 + p + p
2
+ . . . + p
a
=
p
a+1
1
p 1
7
A proper divisor of n is a divisor unequal to n.
14
Therefore, since is multiplicative, for any product of distinct prime powers, we have
(

i
p
a
i
i
) =

i
p
a
i
+1
i
1
p
i
1
Note in particular that (2
a
) = 2
a+1
1. Also (p) = p + 1 for a prime p.
We rst note the following theorem: Let p be prime with 2
p
1 also a prime (a Mersenne
prime). Then n = 2
p1
(2
p
1) is a perfect number. The proof is direct. We have
(n) = (2
p1
)(2
p
1) = (2
p
1)(2
p
1 + 1) = 2
p
(2
p
1) = 2n
We now show that conversely, and even perfect number is of this kind. For suppose n is an
even perfect number. Write it as n = 2
a
R where a > 0 and R is odd. Then by denition,
(n) = 2n or (2
a
R) = 2
a+1
R. Thus
(2
a
)(R) = 2
a+1
R or (2
a+1
1)(R) = 2
a+1
R.
Thus (2
a+1
1)[2
a+1
R and so (2
a+1
1)[R since 2
a+1
1 and 2
a+1
are relatively prime. Thus,
R = c(2
a+1
1) and so (R) = c2
a+1
. Now we claim that c = 1. For if not, the divisors of R
are at least 1, c(2
a+1
1), and c. So (R) 1 +c +c(2
a+1
1) = 1 +c2
a+1
. This contradicts
(R) = c2
a+1
. Thus c = 1 and R = 2
a+1
1, and (R) = 2
a+1
. But two divisors of R are 1
and 2
a+1
1 whose sum is 2
a+1
= (R). So there are no further divisors of R and R must
be prime. This implies that R = 2
a+1
1 is a prime and from our discussion of Mersenne
primes, we know that a + 1 = p, a prime. So nally, n = 2
p1
(2
p
1).
The lecture included some discussion of continued fractions, to be repeated on the next day.
Wed. and Thur., May 30 and June 1
Continued Fractions. Any positive real number x can be written As x = [x] + f where
[x] is the greatest integer in x, and 0 f < 1. If f > 0, then we can write f = 1/g where
g > 1. This gives x = [x] + 1/g, We can continue this process with g. We illustrate with an
example:
11
3
= 3 +
2
3
= 3 +
1
3
2
= 3 +
1
1 +
1
2
The text uses the notation 3, 1, 2) for this latter expression. For any rational number x the
Euclidean algorithm for the computation of the GCD of the numerator and the denominator
will give the entries for this continued fraction. For example, consider the fraction 53/22.
We use the Euclidean algorithm to compute (58,21):
Numerator Denominator Quotient Remainder
58 21 2 16
21 16 1 5
16 5 3 1
5 1 5 0
15
So 58/21 = 2 + 16/21 = 2 + 1/(21/16) = 2 + 1/(1 + 5/16). Continuing in this manner we
arrive at the continued fraction
58
21
= 2 +
1
1 +
1
3+
1
5
= 2, 1, 3, 5).
Note that the entries in this continued fraction are the quotients in the order they appear in
the Euclidean algorithm. We can dene a continued fraction in general by induction:
a
0
) = a
0
; a
0
, a
1
, . . . , a
n
) = a
0
+
1
a
1
, . . . , a
n
)
for n > 0.
Note the useful identity a
0
, a
1
, ,a
n
) = a
0
, a
1
, ,a
n2
, a
n1
, a
n2
)).
We always assume that a
i
> 0. a
0
0 is also allowed. For a given continued fraction
a
0
, a
1
, . . . a
n
), We can compute the successive convergents as a
0
), a
0
, a
1
) . . . , a
0
, . . . , a
n
).
For our computed continued fraction 2, 1, 3, 5), these are 2, 3, 11/4, and 58/21. Numerically
these are 2, 3, 2.75, 2.762. Convergence to the actual answer is very rapid.
Recall that the convergents of a
0
, a
1
, . . . , a
n
) are a
0
), a
0
, a
1
), . . . . Writing these as fractions
p
0
/q
0
, p
1
/q
1
, etc. it looks like
p
n
= a
n
p
n1
+ p
n2
; p

2 = 1, p
1
= 1 and q
n
= a
n
q
n1
+ q
n2
; q

2 = 0, q
1
= 0 (1)
for n 0. (We will prove this in what follows.) We will introduce p
2
= 0, p
1
= 1 and
q
2
= 1, q
1
= 0 in order to get proper initial values for the ps and qs. We then construct
the following table:
n 2 1 0 1 2 . . .
a
n
a
0
a
1
a
2
. . .
p
n
0 1 a
0
p
1
p
2
. . .
q
n
1 0 1 q
1
q
2
. . .
Once the second row is lled in with the given continued fraction, we compute the third and
fourth row recursively using the above equations. We illustrate with the above continued
fraction2, 1, 3, 5):
n 2 1 0 1 2 3
a
n
2 1 3 5
p
n
0 1 2 3 11 58
q
n
1 0 1 1 4 21
Compare the convergents found above with the values p
k
/q
k
. We now prove that p
k
/q
k
are
the convergents.
16
Theorem: Let a
0
, a
1
, . . . , a
n
, . . . be a sequence with a
i
> 0 for i > 0. Dene the sequences
p
n
and q
n
using Equation (1). Then a
0
, a
1
, . . . , a
n
) = p
n
/q
n
..
Proof: . We prove this for rational a
i
> 0. We check that this is true for n = 0 and 1.
These are simply the equations a) = a/1 = p
0
/q
0
and a, b) = a +1/b = (ab +1)/b = p
1
/q
1
.
We assume it for all values less than n. We let x > 0 and compute
a
0
, a
1
, . . . , a
n1
, x) = a
0
, a
1
, . . . , a
n2
, a
n1
, x)). Using induction this is
a
0
, a
1
, . . . , a
n2
,
xa
n1
+ 1
x
) =
p
n2
xa
n1
+1
x
+ p
n3
q
n2
xa
n1
+1
x
+ q
n3
=
p
n2
(xa
n1
+ 1) + xp
n3
q
n2
(xa
n1
+ 1) + xq
n3
=
x(a
n1
p
n2
+ p
n3
) + p
n2
x(a
n1
q
n2
+ q
n3
) + q
n2
=
xp
n1
+ p
n2
xq
n1
+ q
n2
Finally, substituting x = a
n
, we get
a
0
, a
1
, . . . , a
n
) =
a
n
p
n1
+ p
n2
a
n
q
n1
+ q
n2
=
p
n
q
n
This is the required result.
Theorem: For any continued fraction, p
n
q
n1
q
n
p
n1
= (1)
n+1
Proof: By induction. It is true for n = 1. Assuming the truth for n, we compute:
p
n+1
q
n
q
n+1
p
n
= (a
n+1
p
n
+ p
n1
)q
n
(a
n+1
q
n
+ q
n1
)p
n
= a
n+1
p
n
q
n
a
n+1
q
n
p
n
+ q
n1
p
n
p
n1
q
n
= (1)
n+1
= (1)
n+2
.
This is the result for n + 1 proving the theorem.
Corollary. r
n
r
n1
=
(1)
n+1
q
n
q
n1
.
For this is simply
p
n
q
n

p
n1
q
n1
. This shows that the convergents oscillate.
Corollary. The convergents are in lowest terms.
This is so because we have a linear combination of p
n
and q
n
equal to 1.
Corollary. For an innite continued fraction, lim
n
(r
n
r
n1
) = 0.
This follows from r
n
r
n1
=
(1)
n+1
q
n
q
n1
. The denominators q
n
clearly approach as n
17
Theorem: p
n
q
n2
q
n
p
n2
= (1)
n
a
n
The proof is a direct computation:
p
n
q
n2
q
n
p
n2
= (a
n
p
n1
+ p
n2
)q
n2
(a
n
q
n1
+ q
n2
)p
n2
= a
n
p
n1
q
n2
a
n
q
n1
p
n2
= (1)
n
a
n
This shows that the oscillations of the r
n
are not extreme. When r
n
moves right, it returns
to the right of where it started. Similarly, when it moves left, it returns to the left of where
it started. Thus, combining these results, we see that for an innite continued fraction
a
0
, a
1
. . . .), the n-th convergent r
n
has a limit, which is called the value of this continued
fraction. The convergents oscillate about this value.
Tues., June 5
Polynomials over a eld F. We have noted that a eld is an algebraic system in which
the usual laws of algebra including addition, subtraction, multiplication and division, hold.
In particular, and element a ,= 0 F has an inverse a
1
F satisfying aa
1
= 1. We have
noted that Z
p
is a eld for any prime p. F[x] denotes the polynomials with coecients in
F. A polynomial f(x) can be put into the form a
n
x
n
+a
n1
x
n1
+. . . +a
0
. If f(x) ,= 0, the
standard form is to take a
n
,= 0. In this case, n is called the degree of f (written deg(f)). If
f = 0, f is not assigned a degree.
Multiplication and division are performed on polynomials in the usual way. It is easy to
see that deg(fg) = deg(f) + deg(g). For suppose f(x) = a
n
x
n
+ lower degree terms, and
g(x) = b
m
x
m
+ lower degree terms with a
n
, b
m
,= 0. Then f(x)g(x) = a
n
b
m
x
m+n
+ lower
degree terms. By the eld properties, a
n
b
m
,= 0 since a
n
and b
m
,= 0. This proves deg(fg) =
deg(f) + deg(g). The formulas for the degree of a sum are more complicated. It is easy to
see that if deg(f) > deg(g) then deg(f + g) = deg(f). But if deg(f) = deg(g), the leading
coecients might cancel, so all we can say is deg(f + g) max(deg(f), deg(g)). So in all
cases we have deg(f + g) max(deg(f), deg(g)).
There is a strong analogy between the polynomials in F[x] and the integers Z. This is
illustrated in what follows.
Division. We say that f(x)[g(x) if there is a polynomial h(x) such that g(x) = f(x)h(x).
For example, (x1)[(x
3
1) since x
3
1 = (x1)(x
2
+x+1). In Z
7
[x], we have (x+4)[(x
2
+5)
because x
2
+ 5 = (x + 4)(x + 3). (Check this.)
For integers, we have a division algorithm, in which for any n, m with m > 0, we can
divide to get a quotient q and remainder r with 0 r < m satisfying n = mq + r.
For polynomials, we have a division algorithm, in which for any f(x), g(x) with
g(x) ,= 0, we can divide (long division of polynomials) to get a quotient q(x) and remainder
r(x) with r = 0 or deg(r(x)) < deg(g(x)) satisfying f(x) = g(x)q(x) + r(x).
For integers, we have the Euclidean algorithm, in which a series of divisions with
18
remainders leads to nding the GCD d of the two numbers m and n. d is characterized by
two facts: 1) d[m and d[n. 2) If e[m and e[n, then e[d. (The GCD of m and n is a multiple
of any common divisor of m and n.
For polynomials, we have the Euclidean algorithm, in which a series of divisions with
remainders leads to nding the GCD d(x) of the two polynomials f(x) and g(x). d(x) is
characterized by two facts: 1) d(x)[f(x) and d(x)[g(x). 2) If e(x)[f(x) and e(x)[g(x), then
e(x)[d(x). (The GCD of f(x) and g(x) is a multiple of any common divisor of f(x) and g(x).
For integers, the GCD d = (a, b) is a linear combination of a and b: d = am + bn. a
and b can be computed from the Euclidean algorithm.
For polynomials, the GCD d(x) = (f(x), g(x)) is a linear combination of f(x) and
g(x): d(x) = a(x)f(x) + b(x)g(x). a(x) and b(x) can be computed from the Euclidean
algorithm.
For the integers, if a[bc and (a, b) = 1, then a[c. This same result holds for polynomial,
with the same proof.
For the integers, if a[b and b[a, then b = a. For polynomials, if f(x)[g(x) and
g(x)[f(x) then g(x) = cf(x) where c is a constant (that is, an element of F) unequal to 0.
For integers, the numbers 1 are the only integers dividing everything. These numbers are
called units. These are the integers of absolute value 1. For polynomials. the constants c ,= 0
are the only polynomials dividing all polynomials. These are the polynomials of degree 0.
Non-zero constants are called units.
For integers, primes are the integers n greater than 1, whose only positive divisors are 1 and
n. If we broaden this denition to include negatives numbers, we can say that n is a prime
if it is not a unit and its only divisors are units and a unit times n.
The corresponding polynomials are called irreducible. These are polynomials p(x)
whose only divisors are units or a unit times p(x).
We have unique factorization of polynomials. Any polynomial f(x) is the product of ir-
reducible polynomials. The factorization is unique up to order of factors and units. For
example,
x
2
4 = (x 2)(x + 2) = (1/2)(2x + 4)(x + 2)
All polynomials of the rst degree are irreducible. Polynomials xa and xb are relatively
prime if a ,= b. This can be seen since (x a) (x b) = b a. So any common divisor is
a unit.
Some Important Polynomials Results. These results do not have clear analogies in the
integers.
Theorem: (The Factor Theorem.) If f(x) is a polynomial in F[x] and f(a) = 0 for some
a F, then (x a) is a factor of f(x).
Proof: Divide f(x) by x a to get a remainder: f(x) = (x a)q(x) + r, where r F.
Substitute x = a, this gives 0 = f(a) = (a a)g(a) + r = r. So f(x) = (x a)q(x) and
19
(x a)[f(x).
Generalizing, we have: If f(x) has distinct zeros a
1
, a
2
, . . . , a
k
, then (xa
1
) (xa
k
)[f(x).
For a proof, we have f(x) = (x a
1
)f
1
(x). Substituting x = a
2
, we get 0 = (a
2
a
1
)f
1
(a
2
).
Since a
2
= a
1
,= 0, we have f
1
(a
2
) = 0 so f
1
(x) = (x a
2
)f
2
(x), and f(x) = (x a
1
)(x
a
2
)f
2
(x). Continuing in this way, or by induction, we get the result.
Corollary. A polynomial of degree n has at most n distinct roots.
Proof: Otherwise, The polynomial would be divisible by a polynomial of degree greater
than n which is impossible.
We can use this theorem to prove Wilsons Theorem, with the help of Fermats theorem. In
Z

p
, we have x
p
= x for x = 0, 1, . . . , p 1. So the polynomial x
p
x has these p elements
as zeros. Thus x
p
x = x(x 1)(x 2) . . . (x (p 1))
8
Now divide by x and substitute
x = 0 to get 1 = 1 2 (p 1). Taking p as odd, we get 1 = (p 1)! in Z

p
which
is Wilsons theorem. The case p = 2 is trivial, because here, 1 = 1.
Primitive Roots.
We let Z

p
be the set of non-zero elements of Z
p
. The Z

p
is closed under multiplication and
taking inverses. (Technically, it is a group.) Z

p
has p 1 elements. By Fermats theorem,
a
p1
= 1. For a Z

p
we dene the order of a as the least positive integer k such that a
k
= 1.
We now show:
Theorem: If the order of a is h, then h[(p 1).
For the proof, we divide p 1 by h and get a remainder: p 1 = hq + r with 0 r < h.
Then
1 = a
hq+r
= a
hq
a
r
= (a
h
)
q
a
r
= 1
q
a
r
= a
r
Since h was the least positive integer k with a
k
= 1, we must have r 0. But r 0 as a
remainder. It follows that r = 0, so p 1 = hq and h[(p 1). This is the result.
Theorem: Let a Z

p
. If h is the order of a, then the h elements 1, a, a
2
, . . . , a
h1
are all
distinct.
Proof: If a
i
= a
j
with 0 i < j h 1, then 0 j i < h, and a
ji
= 1. Since j i < h,
it follows that j i = 0 by the denition of order.
Theorem: Let a Z

p
. If h is the order of a, then a
m
= a
n
if and only if m n mod h.
Proof: If m n mod h, then m = n+hs. So a
m
= a
n+hs
= a
n
a
hs
= a
n
. Conversely, suppose
a
n
= a
m
. Then a
nm
= 1. Dividing n m by h, we get n m = hq + r, with 0 r < h.
Then a
hq+r
= 1. Using a
h
= 1, we get a
r
= 1. Since r < h, we must have r = 0 using the
denition of order. Thus, n m = hq and m n mod h.
Theorem: Let a Z

p
, and let h be the order of a. The any element of order h is necessarily
8
The polynomial result also calls for a non-zero constant. We can see it is 1 by comparing the coecient
of x
p
on both sides of this equation.
20
a power of a.
Proof: There are h powers of a by a previous theorem. They all satisfy the equation
x
h
1 = 0. But an equation of degree h has at most h solutions. So all the solutions of this
equation are powers of a. Therefore, since it satises this equation, every element of order h
must be a power of a.
Theorem: Let a Z

p
, and let h be the order of a. Then there are exactly (h) elements of
order h. These are a
k
where 1 k h with (k, h) = 1.
Proof: . We rst show that these (h) elements have order h. Let b = a
k
where (k, h) = 1
and 1 k h. Then b
h
= a
kh
= (a
h
)
k
= 1. Now suppose that b
s
= 1 with s > 0. This gives
a
ks
= 1, and so h[ks. Since (k, h) = 1 this implies h[s. Since s > 0. we have s h. This
shows that the smallest power of b equal to 1 is h. Thus the order of b is h.
We now show that no other power of a has order h. Let c = a
s
, with (s, h) > 1. Let d[h and
d[s with d > 1. So s = dt and c = a
dt
. Then c
h/d
= (a
dt
)
(h/d)
= a
ht
= 1. So c cannot have
order h since a smaller power than h can be used as a power of c to yield 1. This completes
the proof.
We know that the order of any element divides p 1. We now prove that any divisor d of
(p 1) is an order of some element (and so exactly (d) elements.)
Theorem: . Let d[(p 1). Then there are (d) elements in Z

p
with order d.
Proof: Let d[(p 1) and dene N(d) as the number of elements of order d. Then there are
either 0 elements of order d or (d) such elements. So N(d) (d). Since every element in
Z

p
has some order dividing p 1, we have

d|(p1)
N(d) = p 1. Thus,
p 1 =

d|(p1)
N(d)

d|(p1
(d) = p 1
(The last equality is a previous theorem.) This shows that all of the inequalities involving
must be replaced by equalities. Therefore N(d) = (d), and so, for any d[(p 1) there
are exactly (d) elements of Z

p
having order d.
An element of Z

p
is called a primitive element if it has order p 1. This analysis shows that
there are p 1 primitive elements, and shows how to nd them, once one is known. We
illustrate for p = 7. Here 2
3
= 1 so 2 is not a primitive element. 3
3
= 27 = 1, so 3 does
have order 6, and is a primitive root. We list the powers of 3 in the table below:
n 1 2 3 4 5 6
3
n
3 2 6 4 5 1
The above theory shows that the other primitive root is 3
5
= 5.
21
Thur, June 7
Number Theoretic Functions. All functions are understood to be functions of a positive
integer. A function f is called multiplicative if
f(mn) = f(m)f(n) when (m, n) = 1.
We rst note that if (m, n) = 1 any divisor d of mn can be written uniquely as d = d
1
d
2
with d
1
[m and d
2
[n. Conversely, if (m, n) = 1 and d
1
[m and d
2
[n, and d = d
1
d
2
then d[mn.
The proof is straightforward and is clear, using unique factorization.
Theorem: Let f(n) be multiplicative. Dene F(n) =

d|n
f(d). Then F(n) is multiplicative.
Proof: Let (m, n) = 1. Using the remark above about divisors of mn, we have
F(mn) =

d|mn
f(d) =

d
1
|m,d
2
|n
f(d
1
d
2
) =

d
1
|m,d
2
|n
f(d
1
)f(d
2
) = (

d
1
|m
f(d
1
))(

d
2
|n
f(d
2
)) = f(m)f(n).
We can use this theorem to prove

d|n
(d) = n. This was previously proved using the deni-
tion of (d). By the theorem just proved, we know that F(n) =

d|n
(d) is multiplicative.
We also know, from the denition, that (p
a
) = p
a
p
a1
. Therefore,
F(p
a
) =

d|p
a
(d) = 1 +
a

i=1
(p
i
p
i1
) = p
a
(The sum is a telescoping series and it can be proved by induction on a.) This computation
shows that F(p
a
) = p
a
. Therefore, since F is multiplicative, we have for any n,
F(n) = F(

p|n
p
an
) =

p|n
F(p
an
) =

p|n
p
an
= n
The Mobius Function (n). This function is dened as follows.
(n) = (1)
k
if n is the product of k distinct primes
Otherwise, (n) = 0.
Thus (n) = 0 when n is divisible by the square of a prime.
For example (5) = 1, (28) = 0, (35) = 1.
Theorem:

d|n
(d) = 0 if n > 1. If n = 1, the sum is 1.
It is easy to see that (n) is multiplicative. For if m and n are relatively prime
with m and n as the product of r and s distinct primes, then mn is the product of r + s
distinct primes, Therefore, (m)(n) = (1)
r
(1)
s
= (1)
r+s
= (mn). Therefore, (using
22
f(n) = 1 in the theorem on adding a function of the divisors of n) it follows that

d|n
(d)
is multiplicative. We now compute its value for prime powers. If a 1 then

d|p
a
(d) = (1) + (p) = 1 1 = 0.
Since F is multiplicative,, it follows that F(n) = 0 for n > 1. Clearly, F(1) = 1. This proves
the theorem.
An alternate proof is as follows. If n is product of k prime powers p
a
i
i
, then the only
contribution to the sum

d|n
(d) is when d is the product of some of the primes. The
possibilities are
1, p
i
, p
i
p
j
(i < j), . . . , p
1
p
k
.
The contribution to the sum from these divisors are
1 p +
_
p
2
_

_
p
3
_
+ . . . + (1)
k
But this is the expansion of (1 1)
k
which is 0 when k > 0.
Finally, we prove the famous Mobius Inversion Formula: If f(n) and F(n) are each dened
for n 1 and
F(n) =

d|n
f(n), n 1 (2)
Then
f(n) =

d|n
(d)F(n/d) (3)
For example, setting f(n) = a
n
, F(n) = b
n
, we are given
b
1
= a
1
, b
2
= a
1
+ a
2
, b
3
= a
1
+ a
3
, b
4
= a
1
+ a
2
+ a
4
, . . .
We can solve these successively for a
n
as functions of the bs::
a
1
= b
1
, a
2
= b
2
b
1
, a
3
= b
3
b
1
, a
4
= b
4
b
2
, . . .
The inversion formula gives the answer directly. For example, a
20
= b
20
b
10
b
4
+ b
2
.
To prove the inversion formula, we directly compute the right hand side of Equation (3). In
this case, we let D designate a divisor of n/d.

d|n
(d)F(n/d) =

d|n
(d)

D|(n/d)
f(D) =

d|n

D|(n/d)
(d)f(D)
Note that D[(n/d) and dD[n and d[(n/D) are all equivalent. In the above sum we combine
the coecients of f(D). They sum to

d|(n/D)
(n/D). But this has been shown to be 0,
23
except for D = n, when it is 1. This is the coecient of f(n). Thus, the sum is f(n) which
is the result.
Note: Rearranging such a double some can be confusing, so we illustrate with an example.
We give an example of this procedure for n = 6. We have
F(1) = f(1)
F(2) = f(1) + f(2)
F(3) = f(1) + f(3)
F(6) = f(1) + f(2) + f(3) + f(6)
We now multiply f(d) by (6/d) This gives
(6)F(1) = (6)f(1)
(3)F(2) = (3)f(1) + (3)f(2)
(2)F(3) = (2)f(1) + (2)f(3)
(1)F(6) = (1)f(1) + (1)f(2) + (1)f(3) + (1)f(6)
Adding, we get the result f(6) =

d|6
(d)F(6/d). We used the formula

d|n
(d) = 0 if n ,= 1,
and equals 1 if n = 1.
Mon, June 11.
Error checking. Any positive number n can be written uniquely in base 10 in the form
n = a
0
+ 10a
1
+ 10
2
a
2
+ . . . + 10
k
a
k
,
where each a
i
is a digit: 0 a
i
9 and a
k
, the leading digit, is not zero. The number
is written as a
k
. . . a
2
a
1
a
0
. There are a few simple ways to nd n mod 9, 10, and 11. Mod
10 is the simplest, since n a
0
mod 10.We can nd n mod 9 by noting that 10 1 mod 9.
Therefore
n = a
0
+ 10a
1
+ 10
2
a
2
+ . . . + 10
k
a
k
a
0
+ a
1
+ a
2
+ . . . + a
k
= S(n) mod 9
where we dene S(n) as the sum of the digits of n: S(n) =

a
i
. For example, if n = 345, 682,
S(n) = 28, so n 28 10 1 mod 9, where we have applied this formula repeatedly to the
sum. When nding n mod 9, we can simply add the digits mod 9. Mod 11 is similar. Using
10 1 mod 11 we nd:
n = a
0
+ 10a
1
+ 10
2
a
2
+ . . . + 10
k
a
k
a
0
a
1
+ a
2
. . . + (1)
k
a
k
= A(n) mod 11
where we dene A(n) as the alternating sum of the digits of n: A(n) =

(1)
i
a
i
. For
example, if n = 456, 821, A(n) = 1 2 + 8 6 + 5 4 = 14 12 = 2, so n 2 mod 11,
By checking a calculation mod 9, 10, or 11, many errors can be found. For example, we
immediately know that the alleged result 437 538 = 234, 109 is wrong because we see that
24
the last digit of the answer should be 6, not 9. By looking at the last digit, we have have
checked mod 10. This doesnt work for the alleged computation 437538 = 233, 106. But if
we check mod 9 we nd 437 5 and 538 7 mod 9. Their product should be congruent to
5 7 = 35 8 mod 9. But the alleged answer is congruent to 6. This inconsistency shows
that the calculation is incorrect. The calculation 437 538 = 231, 506 passes the mod 9 and
10 test, but it fails the 11 test: By observation 437 8 mod 11 and 538 10 mod 11, so
the product should be congruent to 80 or 3 mod 11. But the alleged answer is congruent
to 6 0 + 5 1 + 3 2 = 11 or 0 mod 11. The correct answer is 235,106. The mod 10
calculation check the last digit. The mod 9 calculation will usually catch an incorrect digit
in the answer. The mod 11 check will catch a transposition of 2 digits.
Realistically, if the numbers are not too large, a hand calculator is a ne direct check of the
answer. Also, the method is not fail-safe. By checking mod 9, 10, 11, your are checking
your answer mod 990. Any number congruent to the correct answer mod 990 will pass these
tests. So these techniques can be described as recreational mathematics.
The Legendre symbol. In what follows, we take p and q as odd primes. A number a
is called a quadratic residue mod p if a , 0 mod p and the equation x
2
a mod p has a
solution. That is, a = b
2
for some b. a is called a quadratic non-residue mod p if a , 0 mod p
and the equation x
2
a mod p has no solution. The Legendre symbol
_
a
p
_
is dened as
follows:
_
a
p
_
= 1 if a is a quadratic residue mod p
_
a
p
_
= 1 if a is a quadratic non-residue mod p
_
a
p
_
= 0 if a 0 mod p
While, on the face of, it, this symbol is simply a code to identify quadratic residues, it enjoys
many useful algebraic properties. Before beginning, we start with the following results.
Theorem: Any quadratic residue satises the equation x
(p1)/2
1 0 mod p.
Proof: If a is a quadratic residue mod p, then a = b
2
for some b Z

p
Therefore,
a
(p1)/2
= (b
2
)
(p1)/2
= b
p1
= 1 in Z

p
This proves the result.
Theorem: . There are (p 1)/2 quadratic residues, and (p 1)/2 quadratic non-residues.
Proof: We show that the numbers i
2
where 1 i (p 1)/2, namely the numbers
1
2
, 2
2
, 3
2
, . . . , ((p 1)/2)
2
are distinct quadratic residues mod p. To see this, suppose
i
2
j
2
mod p where 1 < i j (p 1)/2. Then (j i)(j + i) = j
2
i
2
0 mod p.
But 0 j i < j + i < p, since i, j (p 1)/2 < p/2. Since p (j + i), we must have
25
p[(j i) and so i = j. Thus, the powers i
2
are distinct for 1 i (p 1)/2. The numbers
(p+1)/2 i p1 can be written as (pi) for 1 i (p1)/2, so they are the negatives
mod p of the numbers i for which 1 i (p 1)/2. So they yield the same squares. Thus
the quadratic residues are simple the (p 1)/2 numbers i
2
, where 1 i (p 1)/2. The
remaining (p 1)/2 numbers mod p are non-residues.
We now state and prove the algebraic properties of the Legendre symbol.
1.
_
a
p
_
a
p1/2
mod p.
2,
_
ab
p
_
=
_
a
p
__
b
p
_
.
3. If a b mod p then
_
a
p
_
=
_
b
p
_
.
4.
_
a
2
p
_
= 1.
5.
_
1
p
_
= (1)
(p1)/2
.
Proofs. 1. We already know that if a is a quadratic residue, then a
p1/2
mod p. This is
equation 1 in that case.. We consider the equation x
p1
1 = (x
(p1)/2
1)(x
(p1)/2
+1) = 0.
We have shown that the rst factor has the (p 1)/2 quadratic residues as its zeros. These
are the only zeros because a polynomial of degree n can have at most n zeros. Therefore,
the non-residues are zeros of the second factor. Namely a
(p1)/2
+ 1 0 mod p for any non-
residue. We can rewrite as a
(p1)/2

_
a
p
_
mod p. This shows that equation 1 is true when
a is a non-residue mod p.
2. We have
_
ab
p
_
(ab)
(p1)/2
= a
(p1)/2
b
(p1)/2

_
a
p
__
b
p
_
mod p. But since both sides
of equation 2 are 1 the congruence implies equality.
3 and 4 follow from the denition.. We know 5 as a congruence mod p from 1. But since
both sides are 1, we have equality.
While the basic equation
_
a
p
_
a
(p1)/2
mod p can be used to calculate
_
a
p
_
, the following
method does not involve computing powers of a. It is used for a proof of the quadratic
reciprocity law, proved in the next section. We illustrate it with a simple computation to
26
calculate
_
5
13
_
. We start by multiplying 5 by all the numbers from 1 through 6 (This is
p 1/2 for p = 13. We then reduce mod 13: We get
5 1 5 mod 13
5 2 10 mod 13 xx
5 3 2 mod 13
5 4 7 mod 13 xx
5 5 12 mod 13 xx
5 6 4 mod 13
An xx mark was placed after each remainder which was bigger than 6 p 1/2 for p = 13.
IN these cases replace the remainder r by r 13. This has the eect of making it negative,
keeping the congruence, and except for the sign, putting the number in the range from1
through 6:
5 1 5 mod 13
5 2 3 mod 13 xx
5 3 2 mod 13
5 4 6 mod 13 xx
5 5 1 mod 13 xx
5 6 4 mod 13
Note that except for the sign, the remainders are a rearrangement of the numbers from
1 through 6. Now multiply these congruences to get 5
6
6! (1)36! mod 13, so 5
6

1 mod 13. This shows that

_
5
13
_
= 1, using the congruence 1.
We now state and prove this result in general.
Theorem: Let (a, p) = 1. For each i such that 1 i (p 1)/2, let u
i
be the remainder
of ia mod p. Let n = the number of remainders u
i
> p/2.. Then
_
a
p
_
= (1)
n
.
Proof: Suppose there are n remainders r
1
, . . . , r
n
which are greater than p/2, and k remain-
ders s
1
, . . . .s
k
which are less than p/2. Then k + n = (p 1)/2. Then
(a) The r
i
are distinct, since if 1 i j (p 1)/2, and ia ja mod p, we must
have i j and so i = j. Similarly, the s
i
are all distinct.
(b) The values of p r
i
are all distinct, since if p r
i
= p r
j
, we have r
i
= r
j
and
so i = j.
(c) Further, we cannot have p r
i
= s
j
. For r
i
a and s
j
a where 1
, < p/2. So if p r
i
= s
j
, we have p = r
i
+ s
j
a + s = ( + )a mod p. But
0 < + < p/2 + p/2 = p. So ( + , p) = 1. Canceling, we get 0 a mod p which is a
contradiction.
Thus the (p1)/2 elements (pr
1
), . . . , (pr)n), s
1
, . . . , s
k
are all distinct and in the range
27
from 1 through (p1)/2. Thus, they are a rearrangement of the numbers 1, 2, . . . , (p1)/2..
Since the remainders of ia are r
i
and s
j
, we get after multiplying
1a 2a
p 1
2
a = a
(p1)/2)
(p r
1
) (p r
n
)s
1
s
c
(1)
n
r
1
. . . r
n
s
1
s
k
mod p
(1)
n
1 2
p 1
2
mod p
Canceling, we get
a
(p1)/2
(1)
n
mod p. In view of the above theorem and the basic
_
a
p
_
a
(p1)/2
mod p,
this gives the result.
Tues., June 12
The Quadratic Reciprocity Law. The analysis continues. Recall that r
1
, . . . , r
n
, s
1
, . . . , s
k
is a rearrangement, mod p, of the numbers ia, 1 i (p 1)/2. Further, the numbers
p r
1
, . . . , p r
n
, s
1
, . . . , s
k
is a rearrangement of the numbers 1, 2, . . . , (p 1)/2.
If m is divided by n, leaving a remainder r, we have m = nq + r, where 0 r < n. So
m/m = q + r/n, and 0 r/n < 1. Thus, q = [m/n], and m = n[m/n] + r. Here [x] is the
greatest integer function. We now bring the quotient into play in the above analysis.
Write ia = p[ia/p] +r, for 1 i (p1)/2. Here r will be one of the r
i
or s
j
of the previous
theorem. We sum over all i to get
a
(p1)/2

i=1
i = p
(p1)/2

i=1
[ia/p] +

i
r
i
+

j
s
j
(4)
Since p r
1
, . . . , p r
n
, s
1
, . . . , s
k
is a rearrangement of the numbers from 1 to (p 1)/2,
(p1)/2

i=1
i can be computed in two ways. It is

(p r
i
) +

s
j
or np

r
i
+

s
j
. Also
we can use the high school result
n

i=1
i = n(n + 1)/2. In this case, n = (p 1/2 , so
n(n + 1)/2 =
1
2
p 1
2
p + 1
2
=
p
2
1
8
. Thus
(p1)/2

i=1
i = np

r
i
+

s
j
.
Subtracting this from Equation (4), we get
(a 1)(p
2
1)/8 = p
(p1)/2

i=1
[ia/p] + 2

r
i
np. (5)
28
Now take this mod 2:
(a 1)(p
2
1)/8 =
(p1)/2

i=1
[ia/p] n (mod 2) (6)
We take two cases:
Case 1. a is odd. Then we have
0 =
(p1)/2

i=1
[ia/p] n mod 2
So n

(p1)/2
i=1
[ia/p] mod 2, and so by the previous result
_
a
p
_
= (1)

(p1)/2
i=1
[ia/p]
when a is odd.
Case 2. a = 2. Here equation (6) becomes
(p
2
1)/8 =
(p1)/2

i=1
[2i/p] n (mod 2)
In this case, since i < p/2, we have 2i < p, so [2i/p] = 0, and the sum vanishes. Therefore
we have n (p
2
1)/8 mod 2, and by the previous theorem,
_
2
p
_
= (1)
(p
2
1)/8
This result can be read simply as
_
2
p
_
= 1 if p 1 mod 8
= 1 if p 4 1 mod 8
The quadratic reciprocity law states that if p and q are dierent odd primes, then
_
p
q
__
q
p
_
= (1)
p1
2
q1
2
Our result, so far, gives
_
p
q
__
q
p
_
= (1)

(p1)/2
1=1
[iq/p]+

(q1)/2
j=1
[jp/q]
We shall show these are equivalent by proving these two exponents are equal.
29
Wed., June 13
We now show that
p 1
2
q 1
2
=
(p1)/2

1=1
[iq/p] +
(q1)/2

j=1
[jp/q]]
for distinct odd primes p and q. The combinatorial proof is as follows. We consider all
ordered couples (i, j) with 1 i (p1)/2 and 1 j (q 1)/2. Since there are (p1)/2
choices for i and (q 1)/2 choices for j. There is a total of
p 1
2
q 1
2
such couples. We
now count these couples in a dierent way:
Case 1. jp < iq. This is the condition j < iq/p. For xed i, the js can be
1, 2, . . . , [iq/p] so there are [iq/p] possibilities for j. So for 1 i (p 1)/2, there is a total
of
(p1)/2

1=1
[iq/p] couples (u, v) for which jp < iq.
Case 2. iq < jp. The same proof shows that in this case there are
(q1)/2

j=1
[jp/q]]
couples satisfying this condition.
Finally, jp = iq is not possible, because this implies p[iq and so p[iq which is not
possible because 1 i (p 1)/2.
Summarizing, the full quadratic reciprocity law is: If p and q are distinct odd primes, then
_
p
q
_
= (1)
p1
2
q1
2
;
_
2
p
_
= (1)
(p
2
1)/8
;
_
1
p
_
= (1)
(p1)/2
The Congruence x
2
a mod p
n
. If p is any prime and x
2
a mod p
n
with n > 1, then
clearly x
2
a mod p. We shall show that the converse is true: If p is odd, n > 1 and
_
a
p
_
= 1, then the equation x
2
a mod p
n
has exactly two solutions, x b mod p
n
.
To see this, suppose, we have a solution x b mod p for the equation x
2
a mod p. We
shall show how to lift this solution to a solution mod p
2
. We have (a b
2
)/p = c. The
solution to the p congruence may be written x = b + pt. Substituting into the congruence
x
2
a mod p, we get (b+pt)
2
a mod p
2
, or b
2
+2pt +p
2
a mod p
2
. Using (ab
2
)/p = c,
this becomes 2pt pc mod p
2
, This is equivalent to 2t c mod p. this linear equation has a
unique solution mod p, say t = d +ps. this gives x = b +p(d +ps), or x b +pd mod p
2
. In
the same way, we can lift this solution to a solution mod p
3
, and ultimately, by induction,
to p
n
,
We illustrate with an example. Consider the congruence x
2
14 mod 125. We rst work
with x
2
14 4 mod 5. One solution is x 2 mod 5. Writing x = 2 + 5t, we work
with the congruence x
2
14 mod 25. This gives 4 + 20t + 25t
3
14 mod 25. Simplifying,
30
20t 10 mod 25. Dividing by 5, we get 4t 2 mod 5. Solving, t 3 mod 5. Writing
t = 3+5s, this gives x = 2+5(3+5s) = 17+25s. This gives x mod 25. Substituting into the
original congruence, we get (17+25s)
2
14 mod 125. Simplifying, 275+3425s 0 mod 125,
Dividing by 25, 11+34s mod 5 or 1+4s 0 mod 5.Solvings=1+5u, so x = 17+25(1+5u).
So nally, the solution is x 42 mod 125. This is lifted from x 2 mod 5. To lift from
x 2 mod 5, we would arrive at x 42 83 mod 125.
The case p = 2 needs special consideration. For example the congruence x
2
3 mod 4 has
no solution, although the congruence mod 2 has the obvious solution x 1 mod 2. 1 1
is the same solution. also, the congruence x
2
1 mod 8 has 4 solutions, x 1, 3, 5, 7 mod 8.
We do not consider the modulus 2
n
in these notes.
The congruence x
2
a mod n can now be reduced to a congruence mod prime powers. For,
writing n = n
1
n
k
, where n
i
= p
a
i
i
with distinct p
i
. Then the congruence is equivalent
to the system of congruences x
2
a mod n
i
, i = 1, . . . , k. If the congruence mod n
i
has a
i
solutions, then the congruence mod n will have a
1
a
k
solutions. This is so, because any
solution x b
i
mod n
i
give rise to a solution mod n by the Chinese remainder theorem.
The Gaussian Integers.
Gaussian integers Z[i] are dened as the set of complex numbers a + bi, where a and b are
integers in Z. This system is closed under addition, subtraction and multiplication. Division,
done by rationalizing the denominator yields complex number a + bi where a and b are
rational numbers. We use the notation z to indicate the conjugate of z. Thus, a + bi = abi.
The following results can easily be checked: z = z, and zw = zw.
We dene N(z) = zz. In coordinate form, N(a + bi) = (a + bi)(a bi) = a
2
+ b
2
. We have
N(zw) = N(z)N(w). This equation give a simple proof that the product of two sums of
squares is a sum of squares. For example, if n = a
2
+ b
2
and m = c
2
+ d
2
, then n = N()
and m = N(c + di), where = a + bi and = c + di. So nm = N(). Computing
= (ac bd) + i(ad + bc), this gives the identity
(a
2
+ b
2
)(c
2
+ d
2
) = (ac bd)
2
+ (ad + bc)
2
We had this before, but here it arises naturally. We get another expression if we choose
= c di.
Units, associates, and primes. The denition of division in Z[i] is as expected. [
if and only if = for some Z[i]. A unit u is an element which divides 1, and so
divides all elements. To nd the units, suppose u is a unit. Then 1 = uv. Taking norms,
1 = N(u)N(v), so N(u) = 1. If u = a + bi, this is a
2
+ b
2
= 1 Thus a = 1 and b = 0, or
b = 1 and a = 0. Thus there are 4 units: 1, 1, i, and i. If and divide each other:
[ and [, then it is easy to show that = u where u is a unit. In this case, we say that
and are called associates. A prime is an element whose only divisors are units and
associates of . A unit u is characterized by the condition N(u) = 1.
31
We can give a simple sucient condition for an element of Z[i] to be a prime:
Theorem: If N() is a prime in Z, then is a prime in Z[i]T.
Proof: For suppose is not a prime. Then = . Then N() = N()N(). But since
N() is a prime, N() = 1 or N() = 1, so either or is a unit. Therefore is a prime.
For example, 1 + i and 4 i are primes, because their norms are respectively 2 and 17.
Z[i] behaves like Z in a very important way. There is a division algorithm in Z[i] which
allows for a version of the Euclidean algorithm used to nd the GCD of two numbers.
Theorem: (The Division Algorithm.) Let and be elements of Z[i] with ,= 0. Then
there exists and in Z[i] such that = + , and N() < N().
Proof: . Let / = , where = c + di, with c and d rational. Now nd integers m and n
closest to m and n respectively, so that c = m+f
1
, d = n+f
2
with [f
i
[ 1/2 for i = 1 and
2. Then N(f
1
+ f
2
i) 1/4 + 1/4 = 1/2. By denition we have
/ = (m + ni) + (f
1
+ f
2
i)
so
= +
where = m + ni and = (f
1
+ f
2
i. We have
N() = N)N(f
1
+ f
2
i) N()/2 < N()
Finally Z[i] since it is .
The division algorithm allows us to use the Euclidean algorithm to nd the GCD of any two
elements, and to express it as linear combination (with coecients in Z[i]) of those elements.
As in the theory in Z this gives us unique factorization (up to order of primes and unit
factors).
What are the primes in Z[i]? First suppose that an integer prime p is the sum of two squares:
p = a
2
+b
2
. Then setting = a +bi, we have N() = a
2
+b
2
= p, so is a prime in Z[i]. So
is and p splits into two prime factors: p = . Note the associates of are , i, , i,
and similarly for . The 8 variations here correspond to p = (a)
2
+ (b)
2
and this sum in
reverse order. The only time there are overlaps here
9
are for the prime 2. Here = 1 + i,
and = 1 i = i(1 + i) = i. So the factorization 2 is 2 = i(1 + i)
2
.
The above analysis applies to the prime 2, and to any prime p 1 mod 4. If p 3 mod 4,
then p is a prime in Z[i]. To see this, suppose p 3 mod 4, and p is not a prime in Z[i].
Then p = with N() and N() > 1. Taking norms, p
2
= N()N(), and so N() = p.
But this give p as the sum of square which is not possible in Z. This is a contradiction.
9
This can be seen geometrically.
32
Summarizing, the distinct primes of Z[i] are:
Type 1. The prime 1 + i. Here 2 = i(1 + i)
2
.
Type 2. Integer primes p 3 mod 4.
Type 3. Each prime p 1 mod 4 generates two distinct primes (non-associates) and
satisfying p = .
Remark. To factor in Z[i], take norms. For example, lets factor 7 2i into primes. We
have N(7 i) = 49 +1 = 50 = 2 5
2
. So 1 +i is a factor, and an other is either 2 +i or 2 i
up to a unit factor. Since
7 + i
1 + i
=
(7 + i)(1 i)
2
=
8 6i
2
= 4 3i
Now (2+i)
2
= 3+4i = i(43i), so (43i)/(2+i)
2
= 1/i = i. so putting this all together,
we get 7 + i = i(1 + i)(2 + i)
2
.
What is the factorization of an integer n Z? In Z, the prime factorization of n is
n = 2
a
p
a
1
1
p
ar
r
q
b
1
1
q
bs
s
where p
i
1 mod 4 and q
i
3 mod 4. Each p
i
=
i

i
, so the factorization of n in Z[i] is:
n = 2
a

a
1
1

a
1
1

ar
r

ar
r
q
b
1
1
q
bs
s
When is a positive integer n a sum of two squares? This is true if n = a
2
+b
2
= N(a+bi) =
where alpha = a +bi. If we factor into primes, we have =
1

r
q
1
q
s
, where q
i
Z
and q
i
is a prime 3 mod 4, and p
i
= N(
i
) is 2, or a prime congruent to 1 mod 4. Therefore,
n = N() = = p
1
p
r
q
2
1
q
2
s
where p
i
= N(
i
) is 2, or a prime congruent to 1 mod 4 and q
i
is a prime 3 mod 4. Thus,
every prime q 3 mod 4 will appear in the factorization of n to an even power. Conversely.
if every prime q 3 mod 4 will appear in the factorization of n to an even power, then the
factorization of n in Z[i] has the form n = p
1
p
r
q
2
1
q
2
s
. In Z[i], this can be factored
further into n =
1

1

r

r
q
2
1
q
2
s
, where p
i
=
r

r
. So, taking =
1

r
q
1
q
s
,
we have n = . Note that we may choose
i
instead of
i
at any point in this factorization,
yielding a dierent , and so a dierent way of expressing n as the sum of two squares.
We can now answer the question: How many distinct ways can a positive integer n be
expressed as a sum of two squares? For simplicity, let us assume that n is square-free. Then
n cannot be expressed a sum of two squares if p 3 mod 4 and p[n. Suppose n = p
1
p
2
where p
i
1 mod 4. Writing p
1
= and p
2
= . Then n = . So we can write
n = N() = by choosing = or .
10
For example, take n = 85 = 5 17 Take
10
Choosing = gives nothing new, as this is the conjugate of . It gives a dierent answer, but only
a variant. For example, 5 = 1
2
+(2)
2
is a variant of the 5 = 1
2
+2
2
.. This is also the reason we omit units
in our analysis.
33
= 2 + i and = 4 + i Then
= = (2 + 1)(4 + i) = 7 + 6. Note that 49 + 36 = 85.
= = (2 + 1)(4 i) = 9 + 2. Note that 81 + 4 = 85.
Similarly if n is the product of k distinct primes congruent to 1 mod 4, then n can be
written as the sum of two square in 2
n1
dierent ways. We illustrate for n = 3. Take
n = 1105 = 5 13 17.. Let = 2 + i, So N() = 5. Let = 3 + 2i, with N( = 13 and
= 4 + i with N() = 17. Computing
= (2 + i)(3 + 2i)(4 + i) = 9 + 32i.
= (2 + i)(3 2i)(4 + i) = 33 + 4i.
= (2 + i)(3 + 2i)(4 i) = 23 + 24i
= (2 + i)(3 2i)(4 i) = 31 12i.
Note that 1, 105 = 9
2
+ 32
2
= 33
2
+ 4
2
= 23
2
+ 24
2
= 31
2
+ 12
2
.
Thur, 6/14
We shall try to analyze the equation z = x
2
+ 2y
2
in a way analogous to our consideration
of the equation z = x
2
+ y
2
.
For what values of p is
_
2
p
_
= 1? We compute
_
2
p
_
=
_
1
p
__
2
p
_
= (1)
p1)/2
(1)
(p
2
1)/8
.
By considering the cases p 1, 3, 5, 7 mod 8, we nd that
_
2
p
_
= 1 if and only if p
1 mod 8 or p 3 mod 8. Therefore, we can show:
Theorem: If p = x
2
+ 2y
2
, then p 1 or 3 mod 8.
Proof: If p = x
2
+ 2y
2
, then x
2
+ 2y
2
0 mod p, or x
2
2y
2
mod p, since 0 < x, y < p,
y has an inverse mod p, and multiplying by y
1
, we get (xy
1
)
2
2 mod p. Therefore
_
2
p
_
= 1 and so p 1 or 3 mod 8. The following table, computed in class shows the rst
4 primes in each category, together with x, y satisfying x
2
+ 2y
2
= p.
p 1 x y p 3 x y
17 3 2 3 1 1
41 3 4 11 3 1
23 1 6 19 1 3
89 9 2 43 5 2
Here p = x
2
+ 2y
2
, and the computation suggests that every prime congruent 1 or 3 mod 8
can be written uniquely as a sum x
2
+ 2y
2
. This is true, but the proof is deferred. We take
it as true, in the discussion below.
34
We now copy the results in Z[i] by constructing Z[i

2]. this is motivated by the algebraic

identity x
2
+ 2y
2
= (x i

2)(x + i

2) Set = i

2, so
2
= 2. We let Z[] be the
set of all numbers of the form a + b. This set is closed under addition, subtraction, and
multiplication. If we allow a and b to be rational, the resulting set is called Q[]. If z = a+b
we set z = a b. then zz = a
2
+ 2b
2
, and we write N(z) = zz. We can easily prove that
zw = zw. Hence N(zw) = zwzw = zwzw = zzww = N(z)(N(w). Thus, the product of two
numbers of the form a
2
+ 2b
2
is also of this form.
The Euclidean Algorithm in Z[]. Following the proof in Z[i], we have the following
division algorithm:
If , Z[] with ,= 0, then there exists , Z[] such that = + with N() <
N(). The proof is the same as in Z[i], except here we nd that we have N() (3/4)N().
Once we have the division algorithm, we can use the Euclidean algorithm to nd the GCD of
2 elements, express it as a linear combination of the elements, and prove unique factorization
into primes.
Units, Associates, and Primes in Z[].
As in Z[i], units are elements that divide 1, hence everything. If u is a unit in Z[], the
1 = uv, and taking norms, we have 1 = N(1) = N(u)N(v). So N(u) = 1. If u = a +b, this
gives 1 = a
2
+ 2b
2
, so a = 1 and b = 0. So the only units are 1 and 1, as in Z, and u is
a unit if and only if N(u) = 1. The associates of a prime are pi. An element is prime
if and only if its only divisors are units and associates. As in the theory of Z[i], with the
same proof, we have the sucient condition: If N(z) is a prime in Z, then z is a prime in
Z[]. For example 3 + 4 is a prime, since N(3 + 4) = 9 + 2 16 = 41. Thus, primes p Z
of the form p = a
2
+ 2b
2
split into two primes in Z[]: p = (a + b)(a b) = . As in the
discussion of Z[i], primes not of this form stay primes in Z[]. Note that 2 splits: 2 =
2
.
It is a square, up to a unit factor. Thus any prime congruent to 1 or 3 mod 8 splits into two
distinct primes and . The prime 2 splits into . A prime congruent to 5 or 7 mod 8
remains a prime in Z[theta].
Using unique factorization in Z[], we can now show:
A positive integer n Z can be written in the form a
2
+ 2b
2
if and only if p
a
[[n with odd a
implies p 1 or 3 mod 8.
The proof follows the reasoning of the similar result for Z[i]. Assume n = a
2
+ 2b
2
. Then
n = N(a + b) = where = a + b. Writing as a product of primes in Z[], the
factorization will contain primes , such that N() is a prime in Z congruent to 1 or 3
mod 8. The other primes are primes in Z congruent to 5 or 7 mod 8. This shows that the
factorization of n = primes q congruent to 5 or 7 will appear an even number of times.
The converse is also true, and the proof follows the lines of the corresponding result in Z[i].
If n is square-free and is not divisible by any prime congruent to 5 or 7, then the number of
35
ways n can be written in the form a
2
+ 2b
2
is, as in the result for Z[i], 2
k1
, where k is the
number of primes in the factorization of n.
There remains the result: If p 1 or 3 mod 8, then p can be written a
2
+ 2b
2
. The proof
follows the proof on page 11 on primes that are the sum of squares. However, what we end
up with are numbers x, y such that x
2
+ 2y
2
0 mod p, with 0 < x
2
+ 2y
2
< 3p. Thus we
can say x
2
+ 2y
2
= p or x
2
+2y
2
= 2p. In the latter case, working mod 2, it follows that x
2
,
hence x is even. So we have x = 2u, and 4u
2
+2y
2
= 2p. Dividing by 2, we get p = y
2
+2u
2
.
This is the result.
36