Rosen - Elementary Number Theory and Its Applications - 1st

Elementary
Number
Theory
andlts
Applications
KennethH. Rosen
AT&T Informotion
SystemsLaboratories
(formerly part of
Bell Laborotories)
A
YY
ADDISON-WESLEY
PUBLISHING COMPANY
Read ing, Massachusetts
Menlo Park, California
London
Amsterdam
Don Mills, Ontario
Sydney
Cover: The iteration of the transformation
T(n) :
if n is even
\ n/2
if n is odd
l Qn + l)/2
is depicted. The Collatz conjecture assertsthat with any

starting point, the iteration of ?"eventuallyreachesthe integer
o n e . ( S e eP r o b l e m 3 3 o f S e c t i o n l . 2 o f t h e t e x t . )
Library of Congress Cataloging in Publication Data

Rosen, Kenneth H.
Elementary number theory and its applications.
Bibliography: p.
Includes index.
l. Numbers, Theory of.
QA24l.R67 1984
rsBN 0-201-06561-4
I. Title.
512',.72
8 3 - l1 8 0 4
Reprinted with corrections, June | 986

Copyright O 1984 by Bell Telephone Laboratories and
Kenneth H. Rosen. All rights reserved. No part of this
publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, electronic,
mechanical,photocopying, recording, or otherwise, without
prior written permission of the publisher. printed in the United
States of America. Published simultaneously in Canada.
DEFGHIJ_MA_8987
Preface
Number theory has long been a favorite subject for students and teachersof
mathematics. It is a classical subject and has a reputation for being the
"purest" part of mathematics, yet recent developments in cryptology and
computer science are based on elementary number theory. This book is the
first text to integrate these important applications of elementary number
theory with the traditional topics covered in an introductory number theory
course.
This book is suitable as a text in an undergraduatenumber theory course at
any level. There are no formal prerequisitesneeded for most of the material
covered, so that even a bright high-school student could use this book. Also,
this book is designed to be a useful supplementarybook for computer science
courses,and as a number theory primer for computer scientistsinterested in
learning about the new developmentsin cryptography. Some of the important
topics that will interest both mathematics and computer sciencestudents are
recursion,algorithms and their computationai complexity, computer arithmetic
with large integers, binary and hexadecimal representations of integers,
primality testing, pseudoprimality,pseudo-randomnumbers, hashing functions,
and cryptology, including the recently-invented area of public-key
cryptography. Throughout the book various algorithms and their
computational complexitiesare discussed.A wide variety of primality tests are
developedin the text.
Use of the Book
The core material for a course in number theory is presentedin Chapters 1,
2, and 5, and in Sections 3.1-3.3 and 6.1. Section 3.4 contains some linear
algebra; this section is necessary background for Section 7.2; these two
sections can be omitted if desired. Sections 4.1, 4.2, and 4.3 present
traditional applications of number theory and Section 4.4 presents an
application to computer science; the instructor can decide which of these
sectionsto cover. Sections 6.2 and 6.3 discussarithmetic functions. Mersenne
primes, and perfect numbers; some of this material is used in Chapter 8.
Chapter 7 covers the applications of number theory to cryptology. Sections
7.1, 7.3, and 7.4, which contain discussionsof classical and public-key
vt
Preface
cryptography,should be included in all courses.Chapter 8 deals with primitive

roots; Sections 8.1-8.4 should be covered if possible. Most instructors will
want to include Section 8.7 which deals with pseudo-randomnumbers.
Sections 9.1 and 9.2 are about quadratic residues and reciprocity, a
fundamental topic which should be covered if possible;Sections 9.3 and 9.4
deal with Jacobi symbols and Euler pseudoprimesand should interest most
readers. Section 10.1, which covers rational numbers and decimal fractions.
and Sections I 1.1 and I 1.2 which discussPythagoreantriples and Fermat's
last theorem are coveredin most number theory courses. Sections 10.2-10.4
and I 1.3 involve continued fractions; these sectionsare optional.
The Contents
The reader can determine which chapters to study based on the following
descriptionof their contents.
Chapter I introduces two importants tools in establishing results about the
integers, the well-ordering property and the principle of mathematical
induction. Recursive definitions and the binomial theorem are also developed.
The concept of divisibility of integers is introduced. Representations of
integers to different bases are described, as are algorithms for arithmetic
operations with integers and their computational complexity (using big-O
notation). Finally, prime numbers, their distribution, and conjectures about
primes are discussed.
Chapter 2 introduces the greatest common divisor of a set of integers. The
Euclidean algorithm, used to find greatest common divisors, and its
computational complexity, are discussed, as are algorithms to express the
greatest common divisor as a linear combination of the integers involved. The
Fibonacci numbers are introduced. Prime-factorizations, the fundamental
theorem of arithmetic, and factorization techniques are covered. Finally,
linear diophantine equationsare discussed.
Chapter 3 introduces congruences and develops their fundamental
properties. Linear congruencesin one unknown are discussed,as are systems
of linear congruences in one or more unknown. The Chinese remainder
theorem is developed,and its application to computer arithmetic with large
integers is described.
Chapter 4 developsapplicationsof.congruences. In particular, divisibility
tests, the perpetual calendar which provides the day of the week of any date,
round-robin tournaments,and computer hashing functions for data storage are
discussed.
Preface
vtl
Chapter 5 developsFermat's little theorem and Euler's theorem which give

some important congruencesinvolving powers of integers. Also, Wilson's
theorem which gives a congruencefor factorials is discussed. Primality and
probabilistic primality tests based on these results are developed.
Pseudoprimes, strong pseudoprimes, and Carmichael numbers which
masquaradeas primes are introduced.
Chapter 6 is concernedwith multiplicative functions and their properties.
Special emphasisis devotedto the Euler phi-function, the sum of the divisors
function, and the number of divisors function and explicit formulae are
developed for these functions. Mersenne primes and perfect numbers are
discussed.
Chapter 7 gives a thorough discussionof applicationsof number theory to
cryptology, starting with classical cryptology. Character ciphers based on
modular arithmetic are described,as is cryptanalysisof these ciphers. Block
ciphers based on modular arithmetic are also discussed. Exponentiation
ciphers and their applications are described, including an application to
electronic poker. The concept of a public-key cipher system is introduced and
the RSA cipher is describedin detail. Knapsackciphers are discussed,as are
applicationsof cryptographyto computer science.
Chapter 8 includes discussionsof the order of an integer and of primitive
roots. Indices, which are similar to logarithms, are introduced. Primality
testing basedon primitive roots is described. The minimal universalexponent
is studied. Pseudo-random numbers and means for generating them are
discussed.An applicationto the splicingof telephonecablesis also given.
Chapter 9 covers quadratic residues and the famous law of quadratic
reciprocity. The Legendreand Jacobi symbolsare introduced and algorithms
for evaluating them are developed. Euler pseudoprimesand a probabilistic
primality test are covered. An algorithm for electronically flipping coins is
developed.
Chapter l0 coversrational and irrational numbers,decimal representations
of real numbers,and finite simple continuedfractionsof rational and irrational
numbers. Special attention is paid to the continued fractions of the square
roots of po"itive integers.
Chapter 1l treats some nonlinear diophantine equations. Pythagorean
triples are described. Fermat's last theorem is discussed. Finallv. Pell's
equation is covered.
vill
P reface
Problem Sets
After each sectionof the text there is a problem set containing exercisesof
various levelsof difficulty. Each set containsproblemsof a numerical nature;
these should be done to develop computational skills. The more theoretical
and challenging problems should be done by studentsafter they have mastered
the computationalskills. There are many more problemsin the text than can
be realistically done in a course. Answers are provided at the end of the book
for selectedexercises,mostly those having numerical answers.
Computer Projects
After each section of the text there is a selectionof computer projects that
involve concepts or algorithms discussedin that section. Students can write
their programs in any computer language they choose, using a home or
personal computer, or a minicomputer or mainframe. I encouragestudents to
use a structured programming languagesuch as C, PASCAL, or PL/ 1, to do
these projects. The projects can serve as good ways to motivate a student to
learn a new computer language, and can give those students with strong
computer science backgrounds interesting projects to tie together computer
scienceand mathematics.
Unsolved Problems
In the text and in the problem setsunsolvedquestionsin number theory are
mentioned. Most of these problems have eluded solution for centuries. The
reader is welcome to work on these questions,but should be forewarned that
attempts to settle such problems are often time-consuming and futile. Often
people think they have solved such problems,only to discover some subtle flaw
in their reasoning.
Bibliography
At the end of the text there is an extensivebibliography,split into a section
for books and one for articles. Further, each section of the bibliography is
subdivided by subject area. In the book section there are lists of number
theory texts and references, books which attempt to tie together computer
scienceand number theory, books on some of the aspectsof computer science
dealt with in the text, such as computer arithmetic and computer algorithms,
books on cryptography, and general references.In the articles section of the
bibliography, there are lists of pertinent expository and research papers in
number theory and in cryptography. These articles should be of interest to the
reader who would like to read the original sources of the material and who
wants more details about some of the topics coveredin the book.
Preface
tx
Appendix
A set of five tables is included in the appendix to help studentswith their
computations and experimentation. Students may want to compile tables
different than those found in the text and in the appendix; compiling such
tables would provide additional computer projects.
List of Symbols
A list of the svmbols used in the text and where they are defined is
included.
Acknowledgments
I would like to thank Bell Laboratoriesand AT&T Information Systems
Laboratories for their support for this project, and for the opportunity to use
the UNIX system for text preparation. I would like to thank George Piranian
for helping me develop a lasting interest in mathematics and number theory.
Also I would like to thank Harold Stark for his encouragementand help,
starting with his role as my thesisadvisor. The studentsin my number theory
courses at the University of Maine have helped with this project, especially
Jason Goodfriend, John Blanchard, and John Chester. I am grateful to the
various mathematicians who have read and reviewed the book, including Ron
Evans, Bob Gold, Jeff Lagarias and Tom Shemanske. I thank Andrew
Odlyzko for his suggestions,Adrian Kester for his assistancein using the
UNIX system for computations, Jim Ackermann for his valuable comments,
and Marlene Rosen for her editing help.
I am particularly grateful to the staff of the Bell Laboratories/American
Bell/AT&T Information Services Word ProcessingCenter for their excellent
work and patience with this project. Special thanks go to Marge Paradis for
her help in coordinating the project, and to Diane Stevens, Margaret
Reynolds, Dot Swartz, and Bridgette Smith. Also, I wish to express my
thanks to Caroline Kennedy and Robin Parson who typed preliminary versions
of this book at the University of Maine.
Finally, I would like to thank the staff of Addison-Wesley for their help. I
offer special thanks to my editor, Wayne Yuhasz, for his encouragement,aid,
and enthusiasm.
Lincroft, New Jersey

December.1983
Kenneth H. Rosen
Contents
Chapterl.
l.l
1.2
1.3
t.4
1.5
The Integers
The well-ordering
Divisibility
Representations
of int;;;;;....-'.....-'-.'.........
Computer operationswith integers............
Prime numbers...
Chapter2.
Greatest Common Divisors and Prime Factorization
2.1
2.2
2.3
2, 4
2.5
Greatest common divisors

The Euclideanalgorithm ...........
The fundamentaltheorem of arithmetic ............
Factorization of integers and the Fermat numbers
Linear diophantineequations...............
Chapter3.
3.1
3.2
3.3
3.4
Chapter4.
4.1
4.2
4.3
4. 4
4
l8
24
33
45
53
58
69
79
87
Congruences
Introduction to congruences
Linearcongruences..............
The Chinese remainder theorem
Systemsof linear congruences..............
9l
102
107
I 16
Applications of Congruences
D i v i s i b i l i t yt e s t s . . . . . . . . .
T h e p e r p e t u a cl a l e n d a r . . . . . . . . . . . . .
R o u n d - r o b i nt o u r n a m e n t s . . . . . . . . . .
Computer file storageand hashingfunctions...............
..
..
129
134
139
l4l
xl
Contents
Chapter 5.
5.1
5.2
5.3
Chapter6.
6.1
6.2
6.3
Chapter 7.
7 .l
7 .2
7.3
7.4
7.5
7.6
Chapter 8.
8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.8
Chapter 9.
9.I
9.2
9.3
9.4
Some Special Congruences

Wilson's theorem and Fermat's little theorem
Pseudoprimes..............
Euler's theorem
..
147
152
16l
MultiplicativeFunctions
E u l e r ' sp h i - f u n c t i o n. . . . . . . . . . . . . . .
T h e s u m a n d n u m b e ro f d i v i s o r s . . . . . . . . . . . . . .
Perfect numbersand Mersenneprimes
166
174
180
Cryptology
Character ciphers
Block ciphers
Exponentiation
ciphers...............
Public-keycryptography.............
Knapsack ciphers
Some applicationsto computer science
..
188
198
205
212
219
227
Primitive Roots
The order of an integer and primitive roots
Primitive roots for primes
Existenceof primitive roots
Index arithmetic
Primality testing using primitive roots.........
Universal exponents.
Pseudo-random
numbers............
The splicingof telephonecables
..
..
232
238
243
252
263
268
275
280
Quadratic Residuesand Reciprocity

Quadratic residues
Quadratic reciprocity
The Jacobi symbol
Euler pseudoprimes.............
..
288
304
314
325
Contents
xtl
Chapter 10.
10.1
10.2
10.3
10.4
Chapter I l.
l.l
t.2
1.3
Decimal Fractions and Continued Fractions

Decimal fractions...
Finite continuedfractions
Infinite continued fractions
Periodic continued fractions
336
350
361
315
Some Nonlinear Diophantine Equations

Pythagoreantriples....
F e r m a t ' sl a s t t h e o r e m. . . . . . . . . . . . .
Pell'sequations
391
397
401
Appendix..
Answers to selected problems
Bibliography.............
List of symbols....
Index
410
426
438
445
447
lntroduction
Number theory, in a general sense, is the study of numbers and their

p r o p e r t i e s .I n t h i s b o o k ,w e p r i m a r i l y d e a l w i t h t h e i n t e g e r s , 0 ,+ 1 , + 2 , . . . .
We will not axiomatically define the integers, or rigorously develop integer
arithmetic.l Instead, we discussthe interestingpropertiesof and relationships
between integers. In addition, we study the applicationsof number theory,
particularly thosedirected towardscomputer science.
As far back as 5000 years ago, ancient civilizations had developedways of
expressingand doing arithmetic with integers. Throughout history, different
methods have been used to denote integers. For instance, the ancient
Babyloniansused 60 as the base for their number system and the Mayans
used 20. Our method of expressing integers, the decimal system,was first
developed in India approximately six centuries ago. With the advent of
modern computers, the binary system came into widespreaduse. Number
theory has been used in many ways to devise algorithms for efficient computer
arithmetic and for computer operationswith large integers.
The ancient Greeks in the school of Pythagoras, 2500 years ago, made the
distinction betweenprimes and composites. A prime is a positive integer with
no positive factors other than one and the integer itself. In his writings,
Euclid, an ancient Greek mathematician, included a proof that there are
infinitely many primes. Mathematicians have long sought formulae that
generate primes. For instance, Pierre de Fermat, the great French number
theorist of the seventeenthcentury, thought that all integers of the form
22' + 1 are prime; that this is false was shown, a century after Fermat made
this claim, by the renowned Swiss mathematician Leonard Euler, who
demonstratedthat 641 is a factor of 22' + | .
The problem of distinguishing primes from compositeshas been extensively
studied. The ancient Greek scholarEratosthenesdeviseda method, now called
l.
S u c h a n a x i o m a t i c d e v e l o p m e n to f t h e i n t e g e r sa n d t h e i r a r i t h m e t i c c a n b e f o u n d i n L a n d a u
t6ll.
Introduction
the sieve of Eratosthenes, that finds all primes less than a specified
limit. It
is inefficient to use this sieve to determine whether a particular integer
is
prime. The problem of efficiently determining whether an integer is prirne
has
long challengedmathematicians.
Ancient Chinese mathematiciansthought that the primes were precisely
those positive integers n such that n divides 2' - 2. Fermat showed that if
n
is prime, then n does divide 2n - 2. However, by the early nineteenth
century, it was known that there are compositeintegersn such that n divides
2n - 2, such as n : 341 . These compositeintegers are called pseudoprimes
Becausemost compositeintegers are not pseudoprimes,it is possibleto develop
primality tests based on the original Chinese idea, together with extra
observations. It is now possibleto efficiently find primes; in fact, primes with
as many as 200 decimal digits can be found in minutes of computer time.
The fundamental theorem of arithmetic, known to the ancient Greeks,
says that every positive integer can be written uniquely as the product of
primes. This factorization can be found by trial division of the integer by
primes less than its square-root; unfortunately, this method is very timeconsuming. Fermat, Euler, and many other mathematicians have produced
imaginative factorization techniques. However, using the most efficient
technique yet devised, billions of years of computer time may be required to
factor an integer with 200 decimal digits.
The German mathematician Carl Friedrich Gauss, consideredto be one of
the greatest mathematicians of all time, developed the language of
congruences in the early nineteenth century. When doing certain
computations,integers may be replaced by their remainders when divided by a
specific integer, using the language of congruences. Many questions can be
phrased using the notion of a congruencethat can only be awkwardly stated
without this terminology. Congruenceshave diverse applications to computer
science,including applications to computer file storage, arithmetic with large
integers,and the generationof pseudo-randomnumbers.
One of the most important applications of number theory to computer
science is in the area of cryptography. Congruencescan be used to develop
various types of ciphers. Recently, a new type of cipher system, called a
public-key cipher system, has been devised. when a public-key cipher is
used, each individual has a public enciphering key and a private deciphering
key. Messagesare encipheredusing the public key of the receiver. Moreover,
only the receiver can decipher the message,since an overwhelming amount of
computer time is required to decipher when just the enciphering key is known.
The most widely used public-key cipher system relies on the disparity in
computer time required to find large primes and to factor large integers. In
lntrocluction
particular, to produce an enciphering key requires that two large primes be

found and then multiplied; this can be done in minutes on a computer. When
these large primes are known, the decipheringkey can be quickly found. To
find the deciphering key from the enciphering key requires that a large
integer, namely the product of the large primes, be factored. This may take
billions of years.
In the following chapters,we discussthese and other topics of elementary
number theory and its applications.
1
The Integers
1.1 The Well-OrderingProperty

In this section,we discussseveral important tools that are useful for proving
theorems. We begin by stating an important axiom, the well-ordering
property.
The Well-Ordering Property. Every nonempty set of positive integers has a
least element.
The principle of mathematical induction is a valuable tool for proving
results about the integers. We now state this principle, and show how to prove
it using the well-ordering property. Afterwards, we give an example to
demonstrate the use of the principle of mathematical induction. In our study
of number theory, we will use both the well-ordering property and the
principle of mathematical induction many times.
The Principle of Mathematical Induction. A set of positive integers that
contains the integer I and the integer n I I whenever it contains n must be
the set of all positive integers.
Proof. Let S be a set of positive integers containing the integer I and the
integer n * | whenever it contains n. Assume that S is not the set of all
positive integers. Therefore, there are some positive integers not contained in
.S. By the well-ordering property, since the set of positive integers not
contained in S is nonempty, there is a least positive integer n which is not in
. S . N o t e t h a t n 1 1 , s i n c el i s i n S . N o w s i n c en ) l , t h e i n t e g e r n - 1 i s
l.l
The Well-Ordering ProPertY
a positive integer smaller than n, and hence must be in S. But since S

contains n - l, it must also contain (n-t) + | : n, which is a contradiction,
since n is supposedlythe smallest positive integer not in S. This shows that S
must be the set of all positive integers. tr
To prove theorems using the principle of mathematical induction, we must
show two things. We must show that the statement we are trying to prove is
true for l, the smallest positive integer. In addition, we must show that it is
true for the positive integer n * I if it is true for the positive integer n. By
the principle of mathematical induction, one concludes that the set S of all
positive integers for which the statement is true must be the set of all positive
integers. To illustrate this procedure, we will use the principle of
mathematical induction to establish a formula for the sum of the terms of a
geometric progression.
Definition. Given real numbers 4 and r. the real numbers
a , a r , e r 2 ,o t 3 r . . .
are said to form a geometric progression. Also, a is called the initial term
and r is called the common ratio.
Exa m ple. T he num b e rs 5 , -1 5 ,4 5 , -1 3 5 ,... fo rm a geometri c progressi on
with initial term 5 and common ratio -3.
In our discussion of sums, we will find summation notation useful. The
following notation representsthe sum of the real numberse1, o2,...,on.
lan
2oo:er*az*
k-l
We note that the letter k, the index of summation, is a "dummy variable" and
can be replaced by any letter, so that
5,
ak:
k-l
Example. We see that
nn
2 oi
j-t
i-l
The Integers
)
2j:I+2+3+4+5:15,
j-r
)
2t2:2+2+2+2+2:10,
j-r
and
)
2 2i : 2 * 22+ 23+ 24+ 2s : 62 .
j-1
We also note that in summation notation, the index of summation may

range betweenany two integers,as long as the lower limit does not exceedthe
upper limit. If m and h are integers such that z ( n, then
b
oo:am*aâ1*
*an.
k-m
For instance.we have

5
> k 2 : 3 3+ 4 2+ 5 2 : 5 0 ,
k;t
> 3k:30 + 3t + 32: 13,
fr:0
and
I
k--2
We now turn our attention to sums of terms of geometricprogressions.The

su m of t he t er m s e ) e r, o r2 ,...,a rn i s
n
2ori:e*ar*ar2+
*arn,
j-0
where the summation beginswith 7 : g. We have the following theorem.

Theorem l.l.
If a and r ^re real numbersand r *
l. then
(1.1)
n),,narn*l-Q
r* a arn
r ' ' : T: T
: a * ar i*a rar2
-t +
E ori
j:o
Proof. To prove that the formula for the sum of terms of a geometric
progressionis valid, we must first show that it holds for n : l. Then, we must
show that if the formula is valid for the positive integer n, it must also be true
for the positive integer n * l.
To s t ar t t hings o ff, l e t n : l . T h e n , th e l e ft si de of (t.t) i s a * ar, w hi l e
on t he r ight s ideof (1 .1 ) w e h a v e
arL-a _ a?z-t)
r-l
r-l
_ ab*l)(r-1)
T:
a(r*l) : a * ar
So the formula is valid when n : l.

N ow we as s um eth a t (1 .1 ) h o l d s for the positive integer n.
assumethat
0.2)
That is, we
'tar'-arn*l-Q
alar+arz+
We must show that the formula also holds for the positive integer n * l.
What we must show is that
(t.:)
a*ar+ar2+
* arn * arn*l :
or@+t)+t_o
ar'+2-e
r-l
r-l
To show that (1.3) is valid, we add orn*r to both sidesof (1.2), to obtain
(t.+)
(a*ar*ar2+...+arn)
arn+t:o
+ arr+t,
r-l
a r ' + r-
The left side of (t.+) is identical to that of (1.3). To show that the right sides
are equal, we note that
arn*l-a
r-
1
T A ^r - n r r _
arn+l-e
r-l
, or'*l (r- I )
T-
orn*l-a*ar'+Z
r-1
arn*l
r-l
Since we have shownthat 0.2) i m p l i e s (t.:), w e can concl udethat (t.t)
The Integers
holds for all positive integers n. tr

Example. Let n be a positive integer. To find the sum
*2',
bro:r*2+22+
k:0
we use Theorem l.l with e : I and r : 2, to obtain
l+2+22+
J- 1n
1n*l _ I
2-l
rn*l_r
Hence, the sum of consecutivenonnegative powers of 2 is one less than the

next largest power of 2.
A slight variant of the principle of mathematical induction is also sometimes
useful in proofs.
The Second Principle of Mathematical Induction. A set of positive integers
which contains the integer 1, and which has the property that if it contains all
th e pos it iv eint eg e rs1 ,2 ,..., k , th e n i t a l s o c ontai nsthe i nteger k + l , must
be the set of all positive integers.
Proof. Let T be a set of integers containing I and containing k + I if it
co nt ains 1, 2, . . . , k . L e t S b e th e s e t o f a l l p osi ti vei ntegersn such that al l
the positive integers less than or equal to n are in Z. Then I is in S, and by
the hypotheses,we see that if k is in S, then k + | is in S. Hence, by the
principle of mathematical induction, S must be the set of all positive integers,
so clearly T is also the set of all positive integers. tr
The principle of mathematical induction provides a method for defining the
values of functions at positive integers.
Definition. We say the function f is defined recursively if the value of f at I
from f h) .
is specifiedand if a rule is providedfor determiningf h*l)
If a function is defined recursively, one can use the principle of
mathematical induction to show it is defined uniquely at each positive integer.
(See problem 12 at the end of this section.)
We now give an example of a function defined recursively. We define the
factorial function f fu) : nt . First, we specify that
1.1 The Well-Ordering ProPertY
f(r): I ,
and then we givethe rule for finding f h*1) from f fu), namely
f h+r) : (n+r)'ffu).
These two statementsuniquely define r!.
To find the value of f G) : 6! from the recursive definition of f h) : nl,
use the secondproperty successively,as follows
(2) :6's'4'3'2f0).
f 6) :6.f (5) : 6.5.f(4) : 6.s.4'f(3) : 6's'4'3'f
We now use the first statement of the definition to replacef 0) by its stated
value l. to concludethat
6 l : 6 ' 5 ' 4 ' 3 ' 2 ' :l 7 2 0 .
In general, by successivelyusing the recursive definition, we see that n! is the
product of the first n positive integers,i.e.
n! : l'2'3
For convenience,and future use, we specify that 0! : l.

We take this opportunity to define a notation for products, analogous to
summation notation. The product of the real numbers a1, a2,...,a, is denoted
by
ft o, : ere2
j -r
an
The letter 7 above is a "dummy variable", and can be replaced arbitrarily.

Example. To illustrate the notation for products we have
)
fI j:l'2'3'4'5:120.
j-r
5
I I 2 : 2 . 2 . 2 . 2 . 22: 5: 3 2 .
j-r
5
fI Zi :
j-r
2.22.23.24.2s:
2r5
l0
The Integers
We note that with this notation, n ! :
fI
.
j -r ,r
Factorials are used to define binomial cofficients.

Definition. Let m and k be nonnegativeintegers with k 4 m. The
r)
binomial
cofficien,lT I isoenneo
uy
(^ /
r)
mt
kt(m_k)t
l*|
lk J
t r t : -
l^)
In computing we see that there is a good deal of cancellation,because

lO ,J,
l^) : - lk )
m;
kt@_k)l
t . 2 . 3. . . @ - k ) @ - k + t ) . . . t u - t ) m
k! t.2.3
fu-k)
(m-k+r)
( m - r )m
kt
fzl
Example.To evaluatethe binomialcoefficien,

we notethat
L, ,J,
r\
1 7| : 7 t : 1 . 2 . 3 . 4 . s . 6 . 7s . 6 . 7
f3J
3t4t r23.r234:E:i)'
We now prove some simple propertiesof binomial coefficients.

Proposition 1.2. Let n and k be nonnegativeintegerswith k ( n . Then
(i)
[;]:[;]:,
r)
r )
( i i ) l l l : -l ' . 1
fkj l,-t,)'
Proof. To see that (i) is true, note that
11
[;]:#
and
t;]
_n,._
n !0!
:n'':l
nt
\:t
To verify (ii), we seethat
frl
n;
| . kJ
kth-k)t
l,l:
:-:l
nt
lr
t u - k ) r ( n -h - k ) ) t
,l
l-
ln-* )'
tr
An important property of binomial coefficientsis the following identity.

Theorem 1.2. Let n and k be positive integers with n > k. Then
|',]*, I n I _ |,,*'l
r
loj [o-,J:I
Proof. We perform the addition
[;]. lr:,
by using the c om m o nd e n o mi n a to rftl (n -k + t)!.
t.
+
Uc lr\,
Thi s gi ves
n th - k t l )
n tk
ktfn-k+l\
ktJtt-t(+il
nl((n-k +r) +k)
k th - k + t ) t
ntfu*l)
klfu-k+r)t
(n+l)!
kth-k +r)t
[l l nn + rI
f k )
t2
The Integers
Using Theorem 1.2, we can easily construct Pascal's triangle, which

displavsthe binomial coefficients. In this triangle, the binomial coefficient
|,,]
rs t he
|.r,l
( k + t)ttr n u m b e r i n th e (n + l )th
row . The fi rst ni ne row s of
Pascal'st r ianglea re d i s p l a y e di n F i g u re l .l .
I
ll
r2l
l33l
r4641
15101051
1615201561
172135352171
18285670562881
'Plr"urt
Figure1.1.
triangle.
We see that the exteriornumbersin the triangleare all l. To find an

interiornumber,we simplyadd the two numbersin the positionsabove,and to
either side,of the positionbeing filled. From Theorem1.2, this yieldsthe
correctinteger.
of powersof sums. Exactly
occur in the expansions
Binomial coefficients
how they occuris describedby the binomial theorem.
The BinomialTheorem. Let x and y be variablesand n a positiveinteger.
Then
:
y'+
(x*y)n
l:)..
[;]".. [T]".-',.
+ l,:r)*r.-,+ [,:,]'y n - +l:),'
-2
or using summation notation,
l3
G + y ) n: 2
j-0
(n]
l\ J; ll * " - t y t
We prove the binomial theorem by mathematical induction. In the proof we

make use of summation notation.
Proof. We use mathematical induction. When n : l, according to the
binomial theorem. the formula becomes
(x*y)r-frlfrl +
loj"'.yoI,,J"or'
lrlfrl
But because
lnl:
t"J
lil:t,this
\^/
s t a t e st h a t ( x + y ) r : x
*y,
w h i c hi s
obviously true.
We now assume the theorem is valid for the positive integer n, that is, we
assumethat
^ fn)
G+ y ) n: 2 l , l r ' - i r i .
\r )
j-0
We must now verify that the correspondingformula holds with n replaced by
n * l, assumingthe result holds for n. Hence, we have
(x+y)n+r - (xty)"(x+y)
'l
I
: l, |,,.l
l a l\ri l)" - t ' l l ( x + r )
|.i:o
, lnl
j-0
\r )
, fr)
j:0
\J ./
We see that by removing terms from the sums and consequently shifting
indices.that
t4
The Integers
21,).'-'."'
2l;).'-'.','
:'Al,).'-'''.'
3l:).'-'''*'
: In+l +
and
* yn+t
:21'!'1"-'*'
yj + yn*t
Hence, we find that

't
( x *Y )' + r -
xn+r
+>
lxn-i+tri I yn+t
I
j-r
By Theorem 1.2, we have
t;l+ [,1']:
[';']
so we conclude that
- ,,*, + bl':'fx,-i*,ri
k+y),,'+r
I r )
* yn+r
i-t
n * t [ n + rI
S
l*n+t-iri
t 1 ^l . j )
This establishesthe theorem. u

We now illustrate one use of the binomial theorem. If we let x : y : l. we
see from the binomial theorem that
^ lrl
2 n: ( t + t ) , : )
j-0
, rl
lnl
:
l\ r r )l t , - r l i j -)o LJ,l
This formula showsthat if we add all elementsof the fu+l)th row of Pascal's
triangle, we get 2n. For instance,for the fifth row, we find that
15
1.1 The Well-OrderingProPertY
:, +4+6+4+,:,6:24
.
.
.
.
[;] [l] [l] [l] [l]
Problems
l.l
l.
Find the values of the following sums

l0
l0
a) >2
j-r
c) 2j'
j-r
l0
t0
u) 2i
o) 22i.
j-r
j-l
2.
Find the values of the following products

55
c) r. j'
i l j -rl r 2
)
b) trj
0) il2i
j-t
j-l
3 . Find n ! for n equal to each of the first ten positive integers.

4.
fro)frolfrolfrol frol
Find
lo,|'|.,.l'I r.l'I tJ'^na
lroJ'
5 . Find the binomial coefficients
fnl , fnl
f,ol
|'qI fgI
froI
and o andverirvthat
l',l' loJ'
I ,J'
lrj*loj: loJ
6 . Show that a nonempty set of negative integers has a largest element.
7 . Use mathematical induction to prove the following formulae.
a) >,i:t+2+3+
+ ,:n(nlD.
L
j-l
U) 2i':
j-l
12+22+32+
.t
, a
n (n+l) (2n+l)
6
t6
The Integers
c ) i . r ' : t ' + 2 3+ 3 3+
i-tt2l
* n3: | 't'ftl
12
8.
Finda formula
rcrjft
Zi.
-l
9.
Use the principle of mathematical induction to show that the value at each
positive integer of a function defined recursivelyis uniquely determined.
r0.
what function f (n) is defined recursively by f 0) : 2 and

for n)l?
ll.
I f g i s d e f i n e d r e c u r s i v e l yb y g ( l ) : 2
what is S(02
t2.
The second principle of mathematical induction can be used to define functions

recursively. We specify the value of the function at I and give a rule for finding
from the values of f at the first n positive integers. Show that the
f h+l)
values of a function so defined are uniquely determined.
t3.
We define a function recursively for all positive integers n bV (l) : l,

"f
and for n 2 2, f h+t):f
Show that f (n) :
h) + 2f (n-t).
f (2):5,
2^ + el)n, using the secondprinciple of mathematical induction.
14. a)
g(n) :2sb-D
and
Let n be a positive integer. By expanding (l+(-l))'with

theorem. show that
f (n+D : 2f (n)
for
n 7 2,
the binomial
fr)
: o.
) (-r)o
lrJ
b) usepart(a),andthefactthat > f;l :2' , to find
\'' J
t-o
f,l* f,l* l,l *

loj IrJ loj
and
[,lf,l|,,l
['J*l,J* I'J*
c)
Findthesuml -2+22-23
15. Show by mathematical induction that

(2n)t < 22'(nl)z.
+2too.
if
is a
positive integer, then
t7
16. The binomial coefficients
x is a variable, and n is a positive integer,

[;],*nr."
: x and
can be defined recursivelyby the equations
[l ]
| .I ,_n [,1
In+tJ:R l;l
|.".l
x!
a)Showthatifxisapositiveinteger,then[oJ:ffi,wherekisan
integerwithl(k(x.
b)
["]
S h o w t h a tl - l +
l,?J
[*l
1.,,
| :
lt?+rj
f'+rl
l--*,
ln,'t
l,whenevernisapositiveinteger.
of inclusion - exclusion. Suppose

P2,.,., P, be t different properties
Pr,
that S is a set with n elements and let
that an element of S may have. Show that the number of elements of S
possessingnone of the / properties is
t 7 . In this problem, we develop the principle
+ n@)l
n -ln(rr) + n(p) +
+ n(P,-r,P,)l
+ l n ( P t , P z+
) n ( P t , P r+)
- { n ( P r , P z , P t )* n ( P r P z , P q ) +
+
+ (-l)'n (P1,P2,...,P,),
* n(P,-2,P,4,P,)|
where n(Pi,,Pi,,..., P,,) is the number of elements of S possessingall of the

properties Pi,,P;,,...,P;,.The first expressionin brackets contains a term for each
property, the secondexpressionin brackets contains terms for all combinations of
two properties, the third expressioncontains terms for all combinations of three
properties,and so forth. (Hint: For each element of S determine the number of
times it is counted in the above expression. If an element has k of the
properties,
showit is counted
tequals zeroby problem la(a).)
lrl + lpllrJ
Itl
+ (-l)ft
ltl ,i-.t.
lrJ
This
1 8 . The tower of Hanoi was a popular puzzle of the late nineteenth century. The
puzzle includes three pegs and eight rings of different sizes placed in order of
size, with the largest on the bottom, on one of the pegs. The goal of the puzzle is
to move all the rings, one at a time without ever placing a larger ring on top of a
smaller ring, from the first pbg to the second,using the third peg as an auxiliary
peg.
l8
The Integers
a)
Use mathematicalinduction to show that the minimum number of movesto

transfer n rings, with the rules we have described,from one peg to another
is 2n - 1.
b)
An ancient legend tells of the monks in a tower with 64 gold rings and 3
diamond pegs. They started moving the rings, one move per second, when
the world was created. When they finish transferring the rings to the second
peg, the world ends. How long will the world last?
19. Without multiplying all the terms, show that

il 6! 7!: l0!
b) l0!:7! 5! 3!
c) 16!: l4t 5t 2l
d ) 9 t - 7 13 ! 3 ! 2 ! .
20. Let
an : (af a2l.
ar-1!) - l,
and
on+t: af. a2t
o1,a2,...,etr-1
or positiveintegers. Show that an*1!: al. a2t
2 1 . F i n d a l l p o s i t i v ei n t e g e r sx , y , a n d z s u c h t h a t x t * y l :
l.l
an_tl,
onl.
where
z!.
Computer Projects
Write programs to do the following:
l.
Find the sum of the terms of a geometric series.
2.
Evaluate n !
3.
Evaluate binomial coefficients.
4.
Print out Pascal'striangle.
5.
List the movesirr the Tower of Hanoi puzzle (see problem l8).
6.
Expand (x*y)",
where n is a positive integer, using the binomial theorem.
1.2 Divisibility
When an integer is divided by a secondnonzerointeger, the quotient may or
m ay not be an i n te g e r. F o r i n s ta n c e ,2 4 /8 : 3 i s an i nteger,w hi l e l 7/5:3.4
is not. This observationleads to the following definition.
Definition. If a and b are integers, we say that a divides b if there is an
integer c such that b : ac. lf a divides b, we also say that a is a divisor or
factor of b.
t9
1.2 Divisibility
I f a d i v i d e sb w e w r i t e a l b , w h i l e i f a d o e s n o t d i v i d e b , w e w r i t e a t r U .
Example. The following examples illustrate the concept of divisibility of
i n t e g e r s1:3| 1 8 2-,5 | 9 0 ,t 7 l 2 8 g , e t r q q , l t r s o-,l | : 1 , a n d1 71 0 .
Example. The divisorsof 6 are +1, *2, +3, and +6. The divisorsof 17 are
+5, +10,
The divisors of 100 are +1, *2,+4,
tl
and tI7.
+20, +25, +50, and + 100.
In subsequentsections,we will need some simple properties of divisibility.
We now state and prove these properties.
1.3. If a,b,and c areintegerswitha
Proposition
l b a n db l r , t h e n a l c .
Proof. Since a I b and b I c, there are integers e and f with ae : b and
bf : ,. Hence, bf : be)f : aGf) : c, and we concludethat a I c. a
Exam ple. S inc e 1l | 6 6 a n d 6 6 | tl a , P ro p o s i ti on1.3 tel l s us that 11 | 198.
P r o p o s i t i o n1 . 4 . l f a , b , m ,
c | (ma+nb).
a n d n a r e i n t e g e r sa, n d i f c l a a n d c l D , t h e n
Proof. Since c I a and c | 6, there are integers e and / such that a : ce and
b: c f . Henc e, m a * n b : m c e * n c f : c (me + nf). C onsequentl y,
w e see
that c | f ua+ nb) . E
Exam ple. S inc e 3l2 l
a n d : I l l , Pro p o s i ti o n1 .4 tel l s us that
3 | 6 - z l - 3 . 3 3:) l o 5 - 9 9 : 6 .
The following theorem states an important fact about division.
The Divisionl$f$*
If a and b are integers such that b > 0, then there
are unique integers q and r such that a : bq * r with 0 ( r < b.
In the equation given in the division algorithm, we call q the quotient and r
the remainder.
We note that a is divisible by b if and only if the remainder in the division
algorithm is zero. Before we prove the division algorithm, consider the
following examples.
20
The Integers
Example. If a-.133 and b:21,

then Q:6
and r:7,
since
133:21'6+7.
L i k e w i s ei,f a : - 5 0 a n d b : 8 , t h e n q - - 7
and r:6,
s i n c e- 5 0 : 8 ( - 7 )
+ 6.
For the proof of the division algorithm and for subsequent numerical
computations,we need to define a new function.
Definition. Let x be a real number. The greatest integer in x, denoted by
[x ], is the largest integer lessthan or equal to x.
Example.
We
have the following values for
: 2,131: 3, andI-t.sl : -2.

x'. 12.21
the greatest integer in
The proposition below follows directly from the definition of the greatest
integer function.
Proposition 1.5. If x is a real number, then x-l
< [x] ( x.
We can now prove the division algorithm. Note that in the proof we give
explicit formulae for the quotient and remainder in terms of the greatest
integer function.
Proof. Let q:la/bl
a n d r : a - b l a / b l . C l e a r l ya : b q * r . T o s h o w
r
that the remainder
satisfies the appropriate inequality, note that from
Proposition1.5, it follows that
G/b)-l
< ta/bl 4a/b.
We multiply this inequality by b, to obtain

a - b < btalbl 4 a.
Multiplying by -1, and reversingthe inequality,we find that
-a(-b[a/bl<b-a.
By adding e, we seethat
0 ( r - a - bla/bl < n.
To show that the quotient q and the remainder r are unique, assume that
w e h a v e t w o e q u a t i o n sa : b q r * r r a n d a : b q z * r r , w i t h 0 ( r r ( b a n d
0 ( rz < b. By subtracting the secondof these from the first, we find that
2l
1.2 Divisibility
0:bQt-qr)+(r;r2)
Hence. we seethat
rz - rr: b(qt-qr).
Th i s tells us t hat D d i v i d e s rz - rr. Si n c e 0 ( rr I b and 0 ( rz ( b, w e
This shows that b can divide rz- 11 only if
have -b < rz- rr 1b.
r z - 1 1 : 0 , o r , i n o t h e r w o r d s ,i f 1 1 : 1 2 . S i n c e b q t + r t : b Q z * 1 2 a n d
rt: 1 2 we als o s ee th a t Qr: Qz . T h i s s h o w s th at the quoti ent q and the
remainder r are unique. tr
<b,
with 0(r
Then a:bq*r
E x a m p l e .L e t a : 1 0 2 8 a n d b : 3 4 .
w h e r e q : t t 0 2 8 / 3 4 1 : 3 0 a n d r : 1 0 2 8 - 1 1 0 2 8 / 3 4 1 . 3 4 : 1 0 2 8- 3 0 . 3 4 : 8 .
W i t h a : - 3 8 0 a n d b : 7 5 , w e h a v ea : b q * r w i t h 0 ( r < b , w h e r e
:
q
[-380/ 751 : - 6a n d r : -3 8 0 - t-3 8 0 /7 5 1 : -380 - (-6)75 : 70.
Given a positive integer d, we can classify integers according to their
remainders when divided by d. For example, with d : 2, we see from the
division algorithm that every integer when divided by 2leaves a remainder of
either 0 or l. If the remainder when n is divided by 2 is 0, then r : 2k for
some positive integer k, and we say n is even, while if the remainder when n
* I fo r s o mei n tegerk,and w e say n i sodd.
i s di videdby 2 is l, th e n n :2 k
Similarly, when d : 4, we see from the division algorithm that when an
integer n is divided by 4, the remainder is either 0,1,2, or 3. Hence, every
i nteger is of t he f orm 4 k ,4 k + l ,4 k * 2 , o r 4 k + 3, w here k i s a posi ti ve
integer.
We will pursue these matters further in Chapter 3.
1.2 Problems
l.
S h o wt h a t3 l g g , s I t + S , 7 l 3 4 3 ,a n d8 8 8| 0 .
2. Decidewhich of the followingintegersare divisibleby 22
il0
b) 444
c) 1716
d) r92s44
e) -325r6
f) -195518.
22
3.
The Integers
Find the quotient and remainder in the division algorithm with divisor 17 and
dividend
a) loo
b) 28e
c) -44
d) -100.
4.
What can you conclude if a and b are nonzero integers such that a I b and
bla?
5.
Show that if a, b, c, and d are integers with a and c nonzero such that a I b
and c I d, then ac I bd.
6 . A r e t h e r e i n t e g e ras, b , a n d c s u c h t h a t a l b c , b u t a
7 . Show that if a, b,and c l0
I b anda I c).
a r e i n t e g e r s t, h e n a I t i f a n d o n l y i f a c I b c .
8 . Show that if a and b are positive integers and a I D, then a ( D.

9 . Give another proof of the division algorithm by using the well-ordering property.
(Hint: When dividing a by b, take as the remainder the least positive integer in
the set of integersa-qb.)
1 0 . Show that if a and b are odd positive integers, then there are integers s and ,
s u c ht h a t a : b s * / , w h e r eI i s o d d a n d l r l < n .
When the integer a is divided by the interger b
algorithm gives a quotient of q and a remainder of r.
-a is divided by b, the division algorithm gives a
remainder of b - r, while if 6 | a, the quotient is -q
where b > 0, the division

Show that if 6 ,f a, when
quotient of -(q*l)
and a
and the remainder is zero.
1 2 . Show that if a, b, and c are integers with b ) 0 and c ) 0, such that when a
is divided by b the quotient is q and the remainder is r, and when q is divided
by c the quotient is / and the remainder is s, then when a is divided by bc, the
quotient is I and the remainder is bs * r.
1 3 . il
b)
Extend the division algorithm by allowing negative divisors. In particular,

show that whenever a and b # 0 are integers, there are integers q and r
such that a : bq * r, where 0 ( r < lAl .
Find the remainderwhen 17 is divided by -7.
1 4 . Show that if a and D are positive integers, then there are integers q,r and
e :
! . 1 s u c ht h a t a :
bq * er where-b/2 <er4
b/2.
1 5 . S h o w t h a t i f a a n d b a r e r e a l n u m b e r s ,t h e n l a + b l 2 l a ]
+ [r].
1 6 . Show that if a and b are positive real numbers, then labl 2 Laltbl .
What is the corresponding inequality when both a and b are negative? When
one is negative and the other positive?
23
1.2 Divisibilitv
17. What is the value of [a ] + l-a I when a is a real number?

18. Show that if a is a real number then
a)
-I-a
b)
la + %l is the integer nearest to a (when there are two integers equidistant

from a, it is the larger of the two).
I is the least integer greater than or equal to a.
19. Show that if n is an integer and x is a real number, then [x*n]

20. Show that if m and n \
(r
: [xl + n .
0 are integers, then
I 1I1 |
| * + r 1 . J L J'
I n_ i : l l
I
I
I
llyl*tif
if m :
kn - I for someintegerk.
m:kn-lforsomeintegerk.
ILnl
21. Show that the integer n is even if and only if n - 2ln /21 : 0.
22.
Show that if a is a real number, then [a ] + Ia + %l : l2al .
23.
a)
Show that the number of positive integers less than or equal to x that are
divisible by the positive integer d is given by [x/dl.
b)
Find the number of positive integers not exceeding 1000 that are divisible by
5 , b y 2 5 , b y 1 2 5 ,a n d b y 6 2 5 .
c)
How many integers between 100 and 1000 are divisible by 7? by 49'l
24. To mail a letter in the U.S.A. it costs 20 cents for the first ounce and l8 cents
for each additional ounce or fraction thereof. Find a formula involving the
greatest integer function for the cost of mailing a letter. Could it possibly cost
S 1.08 or ,$I .28 to mail a letter?
25. Show that if a is an integer, then 3 divides a3-a
26. Show that the sum of two even or of two odd integers is even, while the sum of
an odd and an even integer is odd.
27.
Show that the product of two odd integers is odd, while the product of two
integers is even if either of the integers is even.
28. Show that the product of two integers of the form 4ft * I is again of this form,
while the product of two integers of the form 4k * 3 is of the form 4ft * L
29. Show that the square of every odd integer is of the form 8k + l.
24
The Integers
30. Show that the fourth power of every odd integer is of the form l6k + l.
31. Show that the product of two integers of the form 6k * 5 is of the form 6k * L
32.
Show that the product of any three consecutiveintegers is divisible by 6.
33.
Let n be a positive integer. We define

f
T(n) :
ln/2
if n is even
1Qn*D/z
if n is odd.
We
then
form
the
sequence
obtained
by
iterating
T:
n , T ( n ) , T ( T Q ) ) , f ( f ( f ( n ) ) ) , . . . . F o r i n s t a n c e ,s t a r t i n g w i t h n : 7 w e h a v e
7 , 1 1 , 1 7 , 2 6 , 1 3 , 2 0 , 1 0 , 5 , 8 , 4 , 2 , 1 , 2 , 1 , 2. , 1A
... well-known conjecture,sometimes
called the Collatz coniecture, assertsthat the sequenceobtained by iterating Z
always reachesthe integerI no matter which positive integer n begins the sequence.
a)
Find the sequenceobtainedby iterating Z starting with n :29.
b)
Show that the sequenceobtained by iterating Z starting with n: (2k-l)/3,

where k is an even positive integer, k > l, always reachesthe integer l.
1.2 Computer Projects

l
Decide whether an integer is divisible by a given integer.
2.
Find the quotient and remainder in the division algorithm.
3.
Find the quotient, remainder, and sign in the modified division algorithm given in
problem 14.
4.
I n v e s t i g a t et h e s e q u e n c en , T ( n ) , T ( T h ) ) ,
33.
f (rQ
( n ) ) ) , . . . d e f i n e di n p r o b l e m
1.3 Representations
of Integers
The conventionalmanner of expressingnumbersis by decimal notation. We
write out numbers using digits to representmultiples of powers of ten. For
instance,when we write the integer 34765,we mea;r
3 . 1 0 4+ 4 . 1 0 3+ 7 . 1 0 2+ 6 . 1 0 1+ 5 . 1 0 0 .
There is no particular reasonfor the use of ten as the base of notation,other
than the fact that we have ten fingers. Other civilizations have used different
25
of Integers
1.3 Representations
bases,including the Babylonians,who used base sixty , and the Mayans, who
Electronic computers use two as a base for internal
used base twenty
representationof integers,and either eight or sixteen for display purposes.
We now show that every positive integer greater than one may be used as a
base.
Theorem 1.3. Let b be a positive integer with b > l.
integer n can be written uniquely in the form
n : a k b k * a p - 1 b k - rt
Then every positive
* a1b I oo,
w her e a; is an int eg e rw i th 0 ( o ; < b -l

coefficientak I O.
fo r,/ :0,
1,..., k and the i ni ti al
Proof . We obtain an expressionof the desired type by successivelyapplying

the division algorithm in the following way. We first divide n by b to obtain
n:beo*oo,
0(ao<b-1.
Then we divide qoby b to find that

0(ar(6-t.
eo:bq1ta6
We continue this processto obtain
Qt: bq2t a2,
qr= bq3l a3,
0 ( a2 ( b-1,
0 ( ar ( b-1,
Q k - z: b q * - r * a k - r , 0 ( a 1 - 1 ( b - 1 ,
Qk-t: b.0 * ap, 0 ( a1 ( b-t.
The last step of the processoccurs when a quotient of 0 is obtained. This is
guaranteedto occur, becausethe sequenceof quotients satisfies
n ) qo)
qr)
qz> "'>
0,
and any decreasing sequence of nonnegative integers must eventually

terminate with a term equaling 0.
26
The Integers
From the first equation above we find that

n:
beo* ao.
We next replace {6 using the secondequation, to obtain

n : b(bqfta1) + as : bzqrI a1b I as,
Successively
substituting for qr, Q2,..., Qk_r,we have
n:
b 3 q z + a 2 b 2* a 1 b * o r ,
: =i: ri::,-'**"::,t{,-'..**olr'u**ol'
: a t b k + a 1 r - 1 b k -*r
t aft * ao.
w her e 0 ( a; < b -l fo r 7 : 0 ,1 ,...,ka n d a * I 0, si nceek : 4r-r i s the l ast

nonzero quotient. Consequently,we have found an expansion of the desired
type.
To see that the expansion is unique, assume that we have two such
expansionsequal to n, i.e.
n : e k b k + a 1 r - y b k - *t
: c * b k * c 1 r-1 b k -r*
t a1b * ao
* cft * ro,
where 0 ( ar (b and 0 ( c1(b (and if necessarywe add initial terms with

zero coefficients to have the number of terms agree). Subtracting one
expansionfrom the other, we have
(ar,-c)bk +(o,,-r-c1,-)bk-t *
*(a;cr)b
+ (as-ca):0.
If the two expansionsare different, there is a smallest integer j, O (

< k,
"l
such that ai # ci. Hence,
.f
br
+
l(a*-c*)b(-r
* (ai+rci+r)b * G1-c1)] : o,
so that
Gr,-c)bk-i +
+ (a1+rci+)b
r (ai-c1) : O.
27
1.3 Representationsof Integers
Solving for ai-c; we obtain

aj- c j:
(c rr-a r)b k -j +
* (c 7+ r-ai + )b
: bl(c1,-a1)bk-j-t +
* (c7+r-or*,)
].
Hence, we see that
bl
G1 -c 1 ).
But since 0 ( a; < b and 0 ( c; < b, we know that -b < ai-c1 I b.

implies that ej : cj. This contradicts the
Consequently, b I h1-c)
assumptionthat the two expansionsare different. We concludethat our base
6 expansionof n is unique. !
For b - 2 . we see from Theorem 1.3 that the following corollary holds.
Corollary 1.1. Every positive integer may be represented as the sum of
distinct powersof two.
Proof.
Let n be a positive integer. From Theorem 1.3 with b : 2, we know
t h a t n : a t r T k * a 1 r - 1 2 k - t*
+ a Q * a s w h e r e e a c h a ii s e i t h e r 0 o r 1 .
Hence, every positive integer is the sum of distinct powersof 2. tr
In the expansionsdescribedin Theorem 1.3, b is called the base or radix of
the expansion. We call base l0 notation, our conventionalway of writing
integers, decimal notation. Base 2 expansionsare called binary expansions,
base 8 expansionsare called octal expansions,and base 16 expansionsare
called hexadecimal, or hex for short, expansions. The coefficients ai are
called the digits of the expansion. Binary digits are called bits (binary
digils) in computer terminology.
To distinguish representationsof integers with different bases, we use a
special notation. We write (apapa...aps) 6 to represent the expansion
a*bklapabk-rl
taft*ao.
Example. To illustrate base b notation, note that Q3Ot : 2.72+
a n d ( 1 0 0 1 0 0 1 1 :) 2 1 . 2 7+ 1 . 2 4+ 1 . 2 r+ 1 .
3.7 + 6
Note that the proof of Theorem 1.3 gives us a method of finding the base b
expansion of a given positive integer. We simply perform the division
algorithm successively,replacing the dividend each time with the quotient, and
28
The Integers
stop when we come to a quotient which is zero. We then read up the list of
remaindersto find the base b expansion.
Example. To find the base 2 expansionof 1864, we use the division algorithm
successively:
1 8 6 4: 2 . 9 3 2 + 0 ,
932:2'466 +0,
466:2'233 +0
233-2'116+1,
1 1 6: 2 ' 5 8 + 0 ,
58:2'29
+0,
29:2'14
+1,
14:2'7
+0,
7 : 2'3
+ 1,
3 : 2'l
+ l,
| : 2'O + 1.
To obtain the base 2 expansionof 1984, we simply take the remaindersof
t h e s ed i v i s i o n s .T h i s s h o w st h a t ( 1 8 6 4 ) r o : ( 1 1 1 0 1 0 0 1 0 0 0 ) 2 .
Computers represent numbers internally by using a series of "switches"
which may be either "on" or "off". (This may be done mechanically using
magnetic tape, electrical switches, or by other means.) Hence, we have two
possiblestates for each switch. We can use "on" to represent the digit I and
"off" to representthe digit 0. This is why computers use binary expansionsto
representintegers internally.
Computers use base 8 or base 16 for display purposes. In base 16, or
hexadecimal, notation there are l6
digits, usually denoted by
0 ,1, 2, 3, 4, 5, 6,, 8,
7 9 ,A,8 ,,C ,D ,,Ea n d F . T h e l e tters A ,B ,C ,D ,E , and F are
and l5 (written
used to representthe digits that correspondto 10,11,12,13,14
in decimal notation). We give the following example to show how to convert
from hexadecimalnotation to decimal notation.
Example. To convert (A35B0F) 16we write
( e l s n o r ) r e : 1 0 . 1 6 s + 3 ' 1 6 4+ 5 ' 1 6 3+ l l ' r c z + 0 ' 1 6 + 1 5
: ( t o7o5 679)rc.
29
A simple conversionis possible between binary and hexadecimal notation.

We can write each hex digit as a block of four binary digits according to the
correspondencegiven in T a b l e l . l .
Hex
Digit
Binary
Digits
Hex
Digit
Binary
Digits
0
I
2
3
4
5
6
7
0000
0001
0010
0 0 1l
0100
0101
0110
0l l1
8
9
A
B
C
D
E
F
r000
1001
1010
1011
l 100
I l0l
1110
llll
Table1.1. Conversion
from hex digits to blocksof binarydigits.
Example. An example of conversionfrom hex to binary is (zFBrrc:
(tOt t 1110110011)2 .E a c h h e x d i g i t i s c o n v e rt edto a bl ock of four bi nary
digits (the initial zeros in the initial block (OOIO)2correspondingto the digit
(2) rc are omitted).
To convert from binary to hex, consider(t t t tOl I I101001)2. We break this
into blocks of four starting from the right. The blocks are, from right to left,
1 001, 1110, 1101,an d 0 0 1 1 (w e a d d th e i n i ti a l z eros). Transl ati ngeach bl ock
to hex, we obtain GOng)ru.
We note that a conversionbetween two different basesis as easy as binary
hex conversion,wheneverone of the basesis a power of the other.
1.3 Problems
l.
Convert (1999)1sfrom decimal to base 7 notation. Convert (6tOS)t from base 7

to decimal notation.
2.
Convert (tOtOOtOOO),from binary to decimal notation and (tgg+),0 from

decimal to binary notation.
30
The Integers
3 . c o n v e r t ( 1 0 0 0 1 II l 0 l 0 l ) 2 a n d ( l I 1 0 1 0 0 1 1 1 0 ) 2f r o m b i n a r y t o h e x a d e c i m a l .
4 . convert (ABCDEF)rc, @nrecnD)to,
and (9A08)rc from hexadecimal to
binary.
5 . Explain why we really are using base 1000 notation when we break large decimal
integers into blocks of three digits, separatedby commas.
6 . a)
Show that if D is a negative integer less than -1, then every integer n can
be uniquer';:.])::'::;'
.
a 1 b*
oo,
where a1, I 0
and O <a, < lb I for ./ : 0,1,2,...,k.
n : (apa1,-r...ata6)6,just as we do for positivebases.
We
write
b)
Find the decimal representationof (tOtOOt)-2 and OZOTD-r.
c)
Find the base-2 representations

of the decimal numbers-7,-17, and 61.
7 . Show that any weight not exceeding 2k-l
may be measured using weights of

1,2,22,...,2ft-1,
when all the weights are placed in one pan.
8 . Show that every integer can be uniquely representedin the form

ep3k*ep-.3k-t*
*efiles
where i : -1,0, or I for ,/:0,1 ,2, ..., k.

balanced ternary expansion.
This expansion is called a
9.
Use problem 8 to show that any weight not exceeding $k -t) /Z may be
m e a s u r e du s i n g w e i g h t so f 1 , 3 , 3 ' , . . . , 3 f t - 1 , w h e n t h e w e i g h t sm a y b e p l a c e di n
either pan.
r0.
Explain how to convert from base 3 to base 9 notation, and from base 9 to base 3
notation.
ll.
Explain how to convert from base r to base rn notation, and from base rn
notation to base r notation, when r ) I and n are positive integers.
( a * a * - 1 . . . a p s ) 6 , t h e n t h e q u o t i e n t a n d r e m a i n d e rw h e n n i s
divided by bi are q : (apa1,-1...a)6and, : (aj-r...apo)t, respectively.
1 2 . Show that if r:
1 3 . If the base b expansion of n is n : (apa1,-1...aps)6,what is the base b

expansionof b^ n"l
14. A Cantor expansion of a positive integer n is a sum
fl:ommt * aâ(m-l)! +
* a 2 2 l* a 1 l !
3t
where each ai is an integer with 0 ( a; < i .

a)
Find Cantor expansionsof 14, 56, and 384.
b)
Show that every positive integer has a unique Cantor expansion.
15. The Chinese game of nim is played as follows. There are a number of piles of
matches, each containing an arbitrary number of matches at the start of the
game. A move consistsof a player removing one or more matches from one of
the piles. The players take turns, with the player removing the last match
winning the game.
A winning position is an arrangement of matches in piles so that if a player can
move to this position, then, no matter what the second player does, the first
player can continue to play in a way that will win the gom; An example is the
position where there are two piles each containing one match; this is a winning
position, becausethe second player must remove a match leaving the first player
the opportunity to win by removing the last match.
a)
Show that the position where there are two piles, each with two matches, is
a winning position.
b)
For each arrangement of matches into piles, write the number of matches in
each pile in binary notation, and then line up the digits of these numbers
into columns (adding initial zeroes if necessaryto some of the numbers).
Show that a position is a winning one if and only if the number of ones in
each column is even (Example: Three piles of 3, 4, and 7 give
0ll
llt
100
where each column has exactly two ones).
16. Let a be an integer with a four-digit decimal expansion,with not all digits the
same. Let a' be the integer with a decimal expansion obtained by writing the
digits of a in descending order, and let a" be the integer with a decimal
expansion obtained by writing the digits of a in ascending order. Define
T ( a ) : a ' - a " . F o r i n s t a n c ef,( 2 3 1 8 )
1378 : 7358.
8731
a)
Show that the only integer with a four-digit decimal expansion with not all
d i g i t s t h e s a m es u c h t h a t T ( a ) : a i s a : 6 1 7 4 .
b)
Show that if a is a positive integer with a four-digit decimal expansionwith

not all digits the same, then the sequence a, T (d,
f (f G)) ,
T'QQ(a))),...,
obtained by iterating T, eventually reaches the integer
6174. Becauseof this property, 6174 is called Kaprekar's constant.
32
The Integers
17. Let b be a positive integer and let a be an integer with a four-digit base b
expansion,with not all digits the same. Define TtG) : a'- a", where a'is the
integer with base D expansion obtained by writing the base 6 digits of a in
descending order, and let d " is the integer with base 6 expansion obtained by
writing the base b digits of a in ascendingorder.
il
Let b : 5. Find the unique integer a6 with a four-digit base 5 expansion

such that TsGl : ao. Show that this integer aq is a Kaprekar constant for
t h e b a s e 5 , i . e . , a , T ( a ) , r ( f b ) ) , f ( f Q ( a ) ) ) , . . . e v e n t u a l l yr e a c h e s
40, whenever a is an integer which a four-digit base 5 expansionwith not all
digits the same.
b)
Show that no Kaprekar constant exists for the base 6.

l.
Find the binary expansion of an integer from the decimal expansion of this
integer and vice versa.
2.
Convert from base 61 notation to base b2 notation, where D1 and b2are arbitrary
positive integers greater than one.
3.
Convert from binary notation to hexadecimal notation and vice versa.
4.
Find the base (-2) notation of an integer from its decimal notation (see problem
6).
5.
Find the balanced ternary expansion of an integer from its decimal expansion
(see problem 8).
6.
Find the Cantor expansionof an integer from its decimal expansion (see problem
14).
7.
Play a winning strategy in the game of nim (see problem l5).
8.
F i n d t h e s e q u e n c ea , T ( a ) , T ( T f u ) ) , r ( r O Q ) ) ) , . . .
definedin problem 16,
where a is a positive integer, to discoverhow many iterations are neededto reach
6174.
9.
Let b be a positive integer. Find the Kaprekar constant to the base b, when it
exists (see problem 17).
of Integers
1.3 Representations
33
1.4 Computer Operationswith Integers

We have mentioned that computers internally representnumbers using bits,
or binary digits. Computers have a built-in limit on the size of integers that
can be used in machine arithmetic. This upper limit is called the word size,
which we denote by w. The word size is usually a power of 2, such as 235,
although sometimesthe word size is a power of 10.
To do arithmetic with integers larger than the word size, it is necessaryto
devote more than one word to each integer. To store an integer n ) l4/, we
expressn in base w notation, and for each digit of this_expansionwe use one
computer word. For instance, if the word size is 23s, using ten computer
words we can store integers as large u, 23s0-1, since integers less than 2350
have no more than ten digits in their base 235expansions. Also note that to
find the base 235expansionof an integer, we need only group together blocks
of 35 bits.
The first step in discussing computer arithmetic with large integers is to
describehow the basic arithmetic operationsare methodically performed.
We will describe the classical methods for performing the basic arithmetic
operations with integers in base r notation where r ) | is an integer. These
methodsare examplesof algorithms.
An algorithm is a specified set of rules for obtaining a desired
Definition.
result from a set of input.
We will describe algorithms for performing addition, subtraction, and
and
two n-digit
integers a : (an4on-z...egi,
multiplication of
b: (bn- 1br - z . . . br b o )r,w h e re i n i ti a l d i g i ts o f z e ro are added i f necessaryto
make both expansionsthe same length. The algorithms described are used
both for binary arithmetic with integers less than the word size of a computer,
and for multiple precision arithmetic with integers larger than the word size
w, using lr as the base.
We first discuss the algorithm for addition. When we add a and b, we
obtain the sum
a I b : 5 a i r t+ ' i u , r t : 5 G i + b 1 ) r i .
j-o
j-0
j:o
To find the base r expansion of the a * b, first note that by the division
algorithm, there are integers Cs and ss such that
34
The Integers
ao* bs: Csr * r0,0 ( so 1 r.

Because as and bo are positive integers not exceeding r, we know that
0 ( ao * bo( 2 r - 2 , s o th a t c o :0
o r l ;h ere c6 i s the cany to the next
place. Next, we find that there are integersc1 and s1 such that
ar * br t Co: C{ t rr,0 ( s1 ( r.
Since0 ( art br * Co ( 2r - 1, we know that Cr:0or
i n d u c t i v e l y , w e f i n d i n t e g e r s Ca; n d s ; f o r 1 ( i ( n - I b y
l.
proceeding
Crr trr, 0 ( s; ( r,
ai * b; * Ci-r:
wit h C; : 0
or 1 . F i n a l l y , w e l e t s r: C n ; , si nce the sum of tw o i ntegers
with n digits has n * I digits when there is a carry in the n th place. We
co nc ludet hat t he b a s er e x p a n s i o nfo r th e s u m i s a * b: (srsn_,...J1.ss)7
.
When performing base r addition by hand, we can use the same familiar
technique as is used in decimal addition.
E x a m p l e . T o a d d ( 1 1 0 1 ) 2a n d ( l 0 l l ) 2 w e w r i t e
II
1l0l
+1001
10110
where we have indicated carries by I's in italics written above the appropriate
column. We found the binary digits of the sum by noting that I * I :
l'2+ 0,0+0+
1:0'2 * 1, I +0f 0: O'2+ l,and 1+ l:1.2 *0.
We now turn our attention to subtraction. We consider
a - b :';
airi -'i
j-o
j-0
u,rt: 5 Gi - b)ri ,
j-0
where we assumethat a ) b. Note that by the division algorithm, there are

integers ^Bsand ds such that
os- bo: 86r * dg, 0 ( do ( r,
and since as and bs are positive integers less than r, we have
35
1.4 Computer Operationswith Integers
-(r-l)<as-bo(r-1.
W h e n a o - b o ) 0 , w e h a v e , 8 6 : 0 . O t h e r w i s ew, h e n a s - b o 1 0 , w e h a v e
Bo: - 1;Bo is the borrow from the next place of the baser expansionof a.
We use the division algorithm again to find integersB1 and d1 such that
a1-bt+
Bo: B{ * dr. 0 <
d1 1 r.
From this equation, we see that the borrow B r : 0 as l o n g a s a 1 - b t + B o

- br * B o
(r-l.We
> 0 , a n d B t : - l o t h e r w i s e ,s i n c e - r ( a r
proceedinductively to find integers B; and d;, such that
ai - btf
Bi-r : Bir t di. 0 ( di 1 r
w i t h B ; : 0 o r - 1 , f o r I < t < n - 2. We seethat Bn4: 0, sincea ) b.

We can concludethat
a - b :
(dnadn-2...d1ds),.
When performing base r subtraction by hand, we use the same familiar

technique as is used in decimal subtraction.
Example. To subtract ( t o t t o ) 2f r o m ( t t o t l ) 2 , w e h a v e
-t
llotl
-10110
101
where the -l in italics above a column indicates a borrow. We found the
binary digits of the difference by noting that 1 - 0 : 0'2 * l,
0'2+0, and 1-l:
0-l:-1'2+1,
l-0-l:
1-l:0'2*0,
0'2+ 0.
Before discussing multiplication, we describe shifting. To multiply
(on-r...aps)7 by r^ , we need only shift the expansion left m places,
appending the expansionwith m zero digits.
Example. To multiply (tOtt01)2 by 2s, we shift the digits to the left five
placesand appendthe expansionwith five zeros,obtaining (10110100000)2.
36
The Integers
To deal with multiplication, we first discussthe multiplication of an n-place

i n t eger by a on e -d i g i t i n te g e r. T o m u l ti p l y (an_1...ori ;, by (i l ,,
w e fi rst
note that
oob:Qor*po,0(ps(r,
a nd 0 ( qo ( r - l , s i n c e0 ( a o b (
aft+Qo:Qf
and 0 ( qt ( r-1 .
(r-1 )2 . N ext, w e have
*pr,0(pt1t,
In g e n e ra l ,w e h a v e
Qir I pi, 0 ( p; -< r
a;b * 7i-r:
and 0 ( gr ( r - 1. Furthermore, we
(o r - 1. . . ar , o), ( b ) , : (p n p n -r...pg .o ),.
have pn:
Qn_r. This
yields
To perform a multiplication of two n-place integers we write

( n-t
n-t
l i -r
i -o
ab:al>biril:)Gb)ri.
For each -/, we first multiply a by the digit b;, then shift to the left 7 places,
and finally add all of the n integers we have obtained to find the product.
When multiplying two integers with base r expansions,we use the familiar
method of multiplying decimal integers by hand.
Ex am ple. T o m u l ti p l y (l l 0 l )2 a n d (t t tO)2 w e w ri te
ll0l
x1110
0000
I l0l
1l0l
l10l
l0ll01l
Note that we first multiplied (1101)2 by each digit of (t t 10)t, shifting each
time by the appropriate number of places, and then we added the appropriate
integers to find our product.
31
1.4 Computer Operations with Integers
We now discuss integer division. We wish to find the quotient q in the

division algorithm
+ R, 0 < R < b.
a:bq
If the base r expansionof q is q :

( n-r
a-b l>
(Qn-rQn-2...Q
1 4 o,) , then we have
eiril +R,0<R
<b.
[r-o
To determine the first digit Qrq of q, notice that
: uf'i qjri)+ R.
a - bqn-1vn-t
U-o )
The right-hand side of this equation is not only positive,but also it is less than
brn-t, since 2 qiri g rn-l-l.
Therefore,we know that
j-0
a - bqn-(n-l
0 (
< brn-t.
This tells us that
O: Tt, -tn.'l
4v n n { . t " ' ,
Qn-r: la/brn-rl'
(L
t-"rf
We can obtain Qn-r by successivelysubtracting br"-l from a until a negative

result is obtained, and then qn-1is one less than the number of subtractions.
To find the other digits of q,, we define the sequenceof partial remainders
Ri by
Ro: a
and
Ri:Ri-r
- bqn-trn-i
f o r i : 1 , 2 , . . . ,n . B y mathematical induction, we show that
(r.s)
Ri:
(n -i -t
I
qirtlb+R.
| >
lj-0
)
For i : 0, this is clearly correct, since R0 : a : qb + R. Now assumethat
38
The Integers
Rft:
Then
Rt+r :
:|
Rft - bqn-*-rrn-k-l
'l
(n-k-t
.
I U
l. .r-o
qirilb+R-bqn-*-rvn-k-l
)
fn-(k+r)-r
>
.l
qi"lb+R'
Ij-0)
e s t a b l i s h i n( 1g . 5 ) .
F r o m ( t . S ) , w e s e e t h a t 0 ( R i < r n - i b , f o r i : 1 , 2 , . . . ,f l , s i n c e
n-i -l
i-0
O ( Ri < rn-tb, we see that the digit qn-i is given by lRi-r/brn-il and can
be obtained by successivelysubtracting brn-t from Ri-1 until a negative result
is obtained,and then qn-; is one lessthan the number of subtractions. This is
how we find the digits of q.
E x a m p l e .T o d i v i d e( t t t O l ) 2 b y ( t t t ) 2 , w e l e t q : ( q r q r q i r . W e s u b t r a c t
Z2( t t l) z : ( t t t O O), o n c e fro m (t t tOt)z to obtai n (l )2, and once more to
o b t a i na n e g a t i v er e s u l t s, o t h a t Q 2 : l . N o w R l : ( t t t O l ) t - ( t t t 0 0 ) t :
(1)2. We find that ql:0,
s i n c eR 1 - 2 ( 1 l l ) 2 i s l e s st h a n z e r o ,a n d l i k e w i s e
q
u
o
ti
e
n
t
Henc
e
t
h
e
o f th e d i v i s i o ni s (1 00)2and the remai nderi s (l )2
Qz : 0.
We will be interested in discussinghow long it takes a computer to perform
calculations. We will measure the amount of time needed in terms of
bit operations. By a bit operation we mean the addition, subtraction, or
multiplication of two binary digits, the division of a two-bit integer by one-bit,
or the shifting of a binary integer one place. When we describethe number of
bit operations needed to perform an algorithm, we are describing the
computational complexity of this algorithm.
In describing the number of bit operations needed to perforrn calculations
we will use big-O notation.
39
1.4 ComputerOperationswith Integers
Definition. If f and g are functions taking positive values, defined for all x in
a set S, then we say f is OQ) if there is a positive constant K such that
f G) < K g( x ) f or a l l x i n th e s e t S .
Proposition 1.6. If / is OQ) and c is a positiveconstant,then cf is Ok).
Proof . If / is Ok), then there is a constantK such that f G) < Kg(x) for
Therefore, y' is
all x under consideration. Hence cf G) < GK)gG).
oQ). n
P r o p o s i t i o1n. 7 .l f f t i s O ( g r ) a n d f 2 i s O k z ) , t h e n" f t + - f z i s O Q f t g 2 )
andfJzisoQe).
Proof . If / is OQr) and f2 is Okz), then there are constantsK1 and K2
such t hat - f , ( *) < ,< 1 g 1 (x ) a n d " f z (x ) 1 K2g2(x) for al l x under
consideration. Hence
f 1G) +f2G)
( Krsr(x) + x2g2k)
( Kkr(x) + sz?))
where K is the maximum of K1 and K2. Hencef r + -f zis Ok,
+ gz).
Also
-f tk)f
so th at " f f z is 0( 96 ).
z(.x) ( Krsr G) K2s2G)

: (KrK2)kt?)g2(x)),
tr
C oro llar y 1. 2. I f / 1 a n d f 2 a re OG), th e n -f r + -f zi s Ok).

Proof .
Proposition 1.7 tells us that
But if
"f t + f z is O QS).
(
( (z x )g , s o th at -f r + .f zi s Ok). a
+
K Q s ) , t h e nf t +
f t "fz
" fz
Using the big-O notation we can see that to add or subtract two r-bit
integers takes Ofu) bit operations,while to multiply two n-bit integers in the
conventionalway takes OGz) bit operations(see problems 16 and 17 at the
end of this section). Surprisingly, there are faster algorithms for multiplying
large integers. To develop one such algorithm, we first consider the
multiplication of two 2n-bit integers, say a : (a2n4a2n_2...eflo)z and
2 .e w r i t e a : 2 n A t f 4 6 a n d b : 2 n B r t B s , w h e r e
b : ( b 2 , 6 b , 2 n - 2 . . . b f t iW
-l
40
The Integers
A t : ( a 2 r - 1 a 2 n * 2 . . . a 1 7 1 1 eA1o7: ) 2 (, a n - 1 a n - 2 . . . a p g ) 2B, t : ( b 2 n - f t 2 r - z . . . b n + t
br)2, and B0 : (br-t bn-z...brbiz. We will use the identity
(t.e)
a b : ( 2 2 , + 2 , ) A r B r r 2 n( A r A i ( a o - n r )
+ (2,+l)AoB0.
To find the product of a and 6 using (t.0), requires that we perform three
mu lt iplic at ions o f n -b i t i n te g e rs (n a me l y A r B r (A , - A d(B oB r), and
AsBs), as well as a number of additions and shifts. If we let M(n) denote the
number of bit operations needed to multiply two n -bit integers, we find from
(t.0) t t r at
(r.z)
M (2n) < ru h) + Cn.
where C is a constant, since each of the three multiplications of n -bit integers

takes M (n) bit operations,while the number of additions and shifts neededto
compute a'b via (t.0) does not depend on n, and each of these operations
takes O (n) bit operations.
From (t.Z), using mathematical induction, we can show that
a(zk) ( c(3k -2k),
(1.8)
where c is the maximum of the quantities M Q) and C (the constant in

(t.Z)). To carry out the induction argument, we first note that with k:
l,
we have MQ) ( c(3t -2t) : c, sincec is the maximum of M(2) and C.
As the induction hypothesis,we assumethat
M Qk )
( c (3 ft - 2 k).
Then, us ing ( 1. 7), w e h a v e

M (z k + t) (
(
(
(
3 u (z k )
3c (lt c a k + t_
c ( 3 f t + l-
+ czk
2k) + c2k
c . 3 . 2 k* c 2 k
zk+t).
This establishesthat (1.8) is valid for all positive integers ft.

Using inequality (t.8), we can prove the following theorem.
Theorem 1.4. Multiplication of two n-bit integers can be performed using
O(nto9'3) bit operations. (Note: log23 is approximately 1.585, which is
1.4 ComputerOperationswith Integers
4l
considerably less than the exponent 2 that occurs in the estimate of the
number of bit operations needed for the conventional multiplication
algorithm.)
Proof . From (t.8) we have
M h) : M (ztos'n)( lzlttloerl+t;
< , (3ttot'nl+t_rltoe'nl+t;
( 3 c .rl l o g Irn( 3 c .3 l o s r,:3rnto93
(since 3lo8'n: ,'ot").
Hence, Mh)
glnroe'3l. tr
We now state, without proof, two pertinent theorems. Proofs may be found
in Knuth [50] or Kronsjii tSgl.
Theorem 1.5. Given a positive number e ) 0, there is an algorithm for
multiplication of two n-bit integersusing O(nr+') bit operations.
Note that Theorem 1.4 is a specialcaseof Theorem 1.5 with e : log23- l,
which is approximately0.585.
Theorem 1.6. There is an algorithm to multiply two n-bit integers using
O(n log2n log2log2n)bit operations.
Since log2n and log2log2nare much smaller than n' for large numbers n,
Theorem 1.6 is an improvement over Theorem 1.5. Although we know that
M h) : O (n log2n log2log2n), for simplicity we will use the obvious fact that
M fu) : O (n2) in our subsequentdiscussions.
The conventionalalgorithm described above performs a division of a 2n-bit
integer by an n-bit integer with O(n2) bit operations. However, the number
of bit operations needed for integer division can be related to the number of
bit operations needed for integer multiplication. We state the following
theorem, which is basedon an algorithm which is discussedin Knuth 1561.
Theorem 1.7. There is an algorithm to find the quotient q:Ia/bl,
when
the 2n-bit integer a is divided by the integer b having no more than n bits,
using O(M Q))
bit operations, where M fu)
is the number of
bit operationsneededto multiply two n-bit integers.
42
The Integers
1.4 Problems
l.
Add (l0llll0ll)2 and(ttootll0ll)2.
2 . S u b t r a c t( t o t t l 0 l 0 l ) 2 f r o m ( 1 1 0 1 1 0 1 1 0 0 ) 2 .
3.
Multiply (t t rOr), and (l10001)2.
4.
F i n d t h e q u o t i e n ta n d r e m a i n d e rw h e n ( t t o t o o n l ) 2 i s d i v i d e db y ( 1 1 0 1 ) 2 .
5.
A d d ( A B A B ) 1 6a n d ( B A B A ) r c .
6.
Subtract (CAFE)16 from (rnno)ru.
7.
Multiply
8.
Find the quotient and remainder when Gneono),u
9.
Explain how to add, subtract, and multiply the integers 18235187and 22135674
on a computer with word size 1000.
(FACE) 16and (BAD)rc.

is divided by (enn.n)ru.
10. Write algorithms for the basic operations with integers in base (-2)
(see problem 6 of Section 1.3).
notation
11. Give an algorithm for adding and an algorithm for subtracting Cantor
expansions (see problem l4 of Section 1.3).
12. Show that if f 1 and f 2 are O(St) and O(g2), respectively,and c1 and c2 are
constants,then c;f1 * ,zf z is O(g1 * g).
13. Show that if f is O(g), then fr
it OQk) for all positiveintegersk.
14. Show that a function f is O(log2n) if and only if f is O(log,n) wheneverr )

(Hint: Recall that logon/log6n: logo6.)
l.
15. Show that the base b expansionof a positive integer n has llog6nl+t digits.
16. Analyzing the algorithms for subtraction and addition, show that with n-bit
integers these operationsrequire O h) bit operations.
17. Show that to multiply an n-bit and an m-bit integer in the conventional manner
requires OQm) bit operations.
18. Estimate the number of bit operationsneededto find l+2+
il
by performing all the additions.
b)
by using the identity l+2*

shifting.
I n:
nh+l)/2,
* n
and multiplying and
43
1.4 Computer Operations with Integers
19. Give an estimate for the number of bit operationsneededto find
b)
a) n'.
["1
|.o,|
20. Give an estimate of the number of bit operations needed to find the binary
expansionof an integer from its decimal expansion'
21.
22.
il
Show there is an identity analogousto (1.6) for decimal expansions.
b)
Using part (a), multiply 73 and 87 performing only three multiplications of

one-digit integers,plus shifts and additions.
c)
Using part (a), reduce the multiplication of 4216 and 2733 to three
multiplications of two-digit integers, plus shifts and additions, and then
using part (a) again, reduce each of the multiplications of two-digit
integers into three multiplications of one-digit integers, plus shifts and
additions. Complete the multiplication using only nine multiplications of
one-digit integers, and shifts and additions.
il
lf A and B are nxn
matrices, with entries aii and bii for I ( i ( n,
I ( f ( n, then AB
is the nxn matrix with entries cii :
Show that n3 multiplications of integers are used to find AB

its definition.
b)
ai*b*j.
dir:;;ly from
Show it is possible to multiply two 2x2 matrices using only seven

multiplications of integers by using the identity
o,rf lb,, D'tl
lo,,
l a z r o,,)
l"r r b r r*
II
lx
lr,, t,,)
anbzt
( a r r l a 1 2 - a 2 1 - a 2 2 )b 2 2
* (as-a2)(bzz-bn) -
a 2 2 ( br - b z r - b e * b 2 2 )
w h e r ex :
c)
* a22)(bn-b,+
, )l
x I (a21
|
x * ( a n - a z t ) ( b r r - b r+r ) I
( a 2 1* a 2 ) ( b r z - b ' , - )
a r r b r ,- ( a t t - c t 2 r - a 2 ) ( b n -
bp*
b2).
Using an inductive argument, and splitting 2nx2n matrices into four nxn
matrices, show that it is possibleto multiply two 2k x2k matrices using only
7ft multiplications, and less than 7ft+r additions.
44
The Integers
d)
23.
Conclude from part (c) that two nxn matrices can be multiplied using
O(nt"c7) bit operations when all entries of the matrices have less than c
bits, where c is a constant.
A dozen equals 12 and a gross equals 122. Using base 12, or duodecimal.
arithmetic answer the following questions.
il
If 3 gross, 7 dozen, and 4 eggs are removed from a total of l l gross and 3
dozen eggs, how many eggs are left?
b)
If 5 truckloads of 2 gross, 3 dozen, and 7 eggs each are delivered to the

supermarket, how many eggs were delivered?
c)
If I I gross, I 0 dozen and 6 eggs are divided in 3 groups of equal size, how
many eggs are in each group?
24.
A well-known rule used to find the square of an integer with decimal expansion
(an-1...apJro with final digit ao:5 is to find the decimal expansionof the
product (anan-1...a)rcl(anan-r...ar)ro* ll and append this with the digits
(25)ro. For instance, we see that the decimal expansion of (tOS)2 begins with
16'17 :272, so that (165)2 :27225. Show that the rule just describedis valid.
25.
In this problem, we generalizethe rule given in problem 24 to find the squaresof

integers with final base 28 digit 8, where I is a positive integer. Show that the
base 28 expansion of the integer (ana,-1...afl0)z,astarts with the digits of the
base 28 expansionof the integer (anana...aflo)zn l(anan-1...ap0)zn* ll and
ends with the digits Bl2 and 0 when B is even, and the digits G-l)12 and.B
when I is odd.

l.
Perform addition with arbitrarily large integers.
2.
Perform subtraction with arbitrarily large integers.
3.
Multiply two arbitrarily large integers using the conventionalalgorithm.
4.
Multiply two arbitrarily laige integers using the identity (1.6).
5.
Divide arbitrarily large integers, finding the quotient and remainder.
6.
Multiply two n xn matrices using the algorithm discussedin problem 22.
45
1.5 Prime Numbers
1.5 Prime Numbers

The positive integer I has just one positive divisor. Every other positive
integer has at least two positive divisors, becauseit is divisible by I and by
itself. Integers with exactly two positive divisors are of great importance in
number theory; they are called primes.
Definition. A prime is a positive integer greater than I that is divisible by no
positive integers other than I and itself.
Example. The integers2,3,5,13,101and 163 are primes.
Definition. A positive integer which is not prime, and which is not equal to l,
is called composite.
Example. The integers 4:2'2,8:4'2,
l 0 0l : 7' ll' 13 ar e co m p o s i te .
3 3 : 3 ' 1 1 ,1 l l : 3 ' 3 7 , a n d
The primes are the building blocks of the integers. Later, we will show that
every positive integer can be written uniquely as the product of primes.
Here, we briefly discuss the distribution of primes and mention some
conjecturesabout primes. We start by showing that there are infinitely many
primes. The following lemma is needed.
Lemma 1.1. Every positive integer greater than one has a prime divisor.
Proof . We prove the lemma by contradiction; we assume that there is a
positive integer having no prime divisors. Then, since the set of positive
integers with no prime divisors is non-empty, the well-ordering property tells
us that there is a least positive integer n with no prime divisors. Since n has
no prime divisors and n divides n, we see that n is not prime. Hence, we can
write n:ab with I 1 a 1 n and | < b 1 n. Becausea 1 n. a must have
a prime divisor. By Proposition 1.3, any divisor of a is also a divisor of n, so
that n must have a prime divisor, contradicting the fact that n has no prime
divisors. We can conclude that every positive integer has at least one prime
divisor. tr
We now show that the number of primes is infinite.
Theorem 1.8. There are infinitely many primes.
46
The Integers
Proof . Consider the integer

Qn: nt t l,
n 2 l.
Lemma 1.1. tells us that Q, has at least one prime divisor, which we denote
by gr. Thus, q, must be larger than n; for if 4, ( n, it would follow that
Qn I n!, and then, by Propositionl.!, Q, | (er-rr) : l, which is impossible.
Since we have found u priJ.''lur*r, tt*
there must be infinitely many primes. tr
r, for every positive integer n,
Later on we will be interested in finding, and using, extremely large primes.

We will be concerned throughout this book with the problem of determining
whether a given integer is prime. We first deal with this question by showing
that by trial divisions of n by primes not exceeding the square root of n, we
can find out whether n is prime.
Thedrem 1.9. If n is a composite integer, then n has a prime factor not
exceeding..1n.
Proof . Since n is composite, we can write n : ab, where a and b are
( D < n. we must have a 4 r/i, since otherwise
integers with | 1a
: n. Now, by Lemma I.l, a must have a
b 7 a > ,/; and ab > '/i.,/i
prime divisor, which by Proposition 1.3 is also a divisor of a and which is
clearly less than or equal to ,/i . D
We can use Theorem 1.9 to find all the primes less than or equal to a given
positive integer n. This procedure is called the steve of Eratosthenes. We
illustrate its use in Figure 1.2 by finding all primes less than 100. We first
note that every composite integer less than 100 must have a prime factor less
than J00-:
10. Since the only primes lessthan l0 are 2,3,4, and 7, we only
need to check each integer less than 100 for divisibility by these primes. We
first cross out, below by a horizontal slash -, all multiples of 2. Next we
cross out with a slash / those integers remaining that are multiples of 3.
Then all multiples of 5 that remain are crossedout, below by a backslash\.
Finally, all multiples of 7 that are left are crossedout, below with a vertical
slash l. ntt remaining integers (other than l) must be prime.
41
1.5 Prime Numbers
t23+
++
ll
13
l+-
2{-*23+g-.
3l+2Ii+
4r+43
1+
>{+*s3*r4*tr#
61
7t+73.+
y{
83
t.>
I
tlt
+>
yr
2<
\
,{
2{
+F
1?
+G
<G
\
\
't{=
+ 7 + , / - 1 +#17+h19+
+/*2e-3o+S37
3?
-7G
-8fi
9t
\
\
47
.yr
67
I
T
"Yr
9j
-5S+h
-?&
+h
-9t-
59
t{
7e
89
.y
{'F
{o-
-6F
1+
-8++
+OF
Figure1.2. Findingthe PrimesLessThan 100Usingthe Sieveof Eratosthenes.

Although the sieveof Eratosthenesproducesall primes lessthan or equal to
a fixed integer, to determine whether a particular integer n is prime in this
manner, it is necessaryto check n for divisibility by all primes not exceeding
G. This is quite inefficient;later on we will have better methodsfor deciding
whetheror not an integeris prime.
We know that there are infinitely many primes, but can we estimate how
many primes there are less than a positivereal number x't One of the most
famous theorems of number theory, and of all mathematics, is the
prime number theorem which answersthis question. To state this theorem,
we introducesomenotation.
Definition. The function r(x), where x is a positivereal number, denotesthe
number of primes not exceedingx.
Example. From our exampleillustrating the sieveof Eratosthenes,
we seethat
o ( t O ) : 4 a n d z r ( t O O:)2 5 .
We now state the prime number theorem.
The Prime Number Theorem. The ratio of zr'(x) to x/log x approachesone as
x grows without bound. (Here log x denotesthe natural logarithm of x. In
th e languageof lim i ts ,w e h a v e l i m z r(x )/+ :
.
IOBX
l ).
48
The Integers
The prime number theorem was conjectured by Gauss in 1793, but

it was
not proved until 1896, when a French mathematician J. Hadamard
and a
Belgian mathematician C. J. de la Vall6e-Poussin produced independent
proofs. We will not prove the prime number theorem here; the varioui proofs
known are either quite complicated or rely on advanced mathematics. In
Table I .l we give some numerical evidence to indicate the validitv of the
theorem.
rG)
x /log x
oG)/*
103
104
105
106
107
108
l0e
l0l0
l 0 rI
168
1 4 4 .8
t229
1085.7
9592
8 6 8 5 .9
78498
72382.4
664579
620420.7
5761455
5428681.0
50847534
48254942.4
455052512 43429448r.9
4 r 1 8 0 5 4 8 1 3 3948131663.7
l 0 l 2 3760791201836191206825.3
t 0 l 3 3460655 3 5 8 9t34072678387.r
8
log x
ti G)
r(x) /ti G)
1.160
1 7 8 0.9438202
-r
1.132
1246 0.9863563
l.104
9630 0.9960540
1.085
78628 0.9983466
1.071
664918 0.9998944
1.061
5762209 0.9998691
1.054
5084923s 0.9999665
1 .048
4 5 5 0 5 5 64 1 0.9999932
1 .043
4 1 1 8 1 6 5 4 0 1 0.999973r
r.039
3760795028r 0.9999990
1 . 0 3 6 34606564s8
10
0.9999997
Tablel.l. Approximations
to rG).
x'A"x
The prime number theorem tells us that x /log x is a good approximation to

rG) when x is large. It has been shown that an even better approximation is
given by
ld'i,
)':*4{
{-/d X/V614 -=1
I'
L
ti G)
:T O,
", log I
T d, -^^-,
(whe-," J,
represents
the areaunderthe curvey : lfiog t, and above
"* t :2 to / : x). In Table l.l, one seesevidencethat /i(x) is
the r-axis from
an excellent approximation of zr(x).
I'^
frtaft.1',
v
r ylr
nd
3
r l'^- -L- =O\ J
x4G
ltlx
1.5 PrimeNumbers
49
We can now estimate the number of bit operations neededto show that an
',,6-. The
integer n is prime by trial divisionsof n by ail primes not exceeding
there are approximately
prime
number theorem tells us that
',/n
fioeJ; : 2-/i /log n primes not exceeding-6. To divide n by an integer
m takes O(log2n.log2m) Uit operations. Therefore, the number of bit
operations needed to show that n is prime by this method is at least
log2n) - r,/i (where we have ignored thelog2m term since it
Q,/i/togilG
is at least l, even though it sometimesis as large as (log2n)/D . This method
of showing that an integer n is prime is very inefficient, for not only is it
necessaryto know all the primes not larger than ..li, but it is also necessaryto
do at least a constant multiple of ,/i bit operations. Later on we will have
more efficient methods of showing that an integer is prime.
We remark here that it is not necessaryto find all primes not exceedingx
in order to compute zr(x). One way that zr(x) can be evaluated without
finding all the primes less then x is to use a counting argument based on the
sieve of Eratosthenes (see problem l3). (Recently, very efficient ways of
finding r(x) using O (x3/s+c)bit operationshave been devisedby Lagarias and
Odlyzko t6ql.)
We have shown that there are infinitely many primes and we have discussed
the abundance of primes below a given bound x, but we have yet to discuss
how regularly primes are distributed throughout the positive integers. We first
give a result that shows that there are arbitrarily long runs of integers
containingno primes.
Proposition 1.8. For any positive integer n, there are at least n consecutive
compositepositive integers.
Proof. Consider the n consecutivepositive integers
h + l ) ! + 2 , ( n + 1 ) ! + 3 , . . . , h+ l ) ! + n t l .
*l,weknowthatTl(n
+ l ) ! . B y P r o p o s i t i o1n. 4 , i t
When 2< j(n
follows that 7 | (, + t)! +;.
Hence, these n consecutiveintegers are all
composite. tr
Example. The seven consecutiveintegers beginning with 8! + 2 : 40322 are
all composite. (However, these are much larger than the smallest seven
consecutivecomposites,90, 91, 92, 93, 94, 95, and 96.)
50
The Integers
Proposition1.8 showsthat the gap betweenconsecutiveprimes

is arbitrarily
long. On the other hand, primes may often be close iogether.
The only
consecutiveprimes are 2 and 3, because2 is the only even prime.
Howevei,
many pairs of primes differ by two; these pairs of pri-.,
are called
twin pr im es . E x a m p l e sa re th e p ri m e s 5 a n d 7,l l and 13, l 0l and
103, and
4967 and 4969. A famous unsettled conjecture assertsthat there are
infinitelv
many twin primes.
There are a multitude of conjecturesconcerningthe number of primes of
various forms. For instance,it is unknown whether there are infinitlly many
primes of the form n2 + | where n is a positiveinteger.
Questionssuch as this
may be easy to state, but are sometimesextremely difficult to resolve.
We conclude this section by discussing perhaps the most notorious
conjecture about primes.
Goldbach's Conjecture. Every even positive integer greater than two can be
written as the sum of two primes.
This conjecture was stated by Christian Goldbach in a letter to Euler in
1742. It has been verified for all even integersless than a million. One sees
by experimentation,as the following exampleillustrates,that usually there are
many sums of two primes equal to a particular integer, but a proof that there
always is at least one such sum has not yet been found.
Example. The integers 10,24, and 100 can be written as the sum of two
primes in the following ways:
l0:3+7:5t5,
24:5+lg:7+17:llf13,
100:3+97:ll*gg:17+93
:29*71:41+59:47+53.
1.5 Problems
l.
Determinewhichof the followingintegersare primes

a)
b)
l0l
103
c)
d)
l07
lll
e)
I 13
f)
tzt.
51
1.5 PrimeNumbers
2 . Use the sieveof Eratosthenesto find all primes lessthan 200'

3 . Find atl primes that are the difference of the fourth powers of two integers.
4 . Show that no integer of the form n3 * I is a prime, other than 2:
5 . Show that if a and n are positive integers such that an -l
and n is prime. (Hint: Use the identity ake-l
+ a k+ l ) .
a k Q - D+
13 + l.
is prime, then a : 2
(aka-t\ +
Qk-D
6 . In this problem, another proof of the infinitude of primes is given. Assume there
integer
Form
the
primes p r,Pz,...,Pn
finitely
many
only
... pn * l. Show that
Q h a s a p r i m e f a c t o r n o t i n t h e a b o v el i s t .
Q: prpz
Conclude that there are infinitely many primes.
are
7.
Let Qn : ptpz " ' pn t l where Pt,Pz, ..., Pn are the n smallest primes.
Determine the smallest prime factor of Q^ for n:1,2,3,4,5, and 6. Do you
think Q, is prime infinitely often? (tnis is an unresolvedquestion.)
8 . L e t p t , p 2 , . . . , p n b e t h e f i r s t n p r i m e sa n d l e t m b e a n i n t e g e rw i t h I 1 m
1n.
Let Q be the product of a set of z primes in the list and let R be the product of
is not divisible by any primes in the
the remaining primes. Show that Q + R
list, and hence must have a prime factor not in the list. Conclude that there are
infinitely many primes.
9.
Show that if the smallest prime factor p of the positive integer n exceedsd6
then n/p must be prime or 1.
1 0 . il
Find the smallest five consecutivecomposite integers.

b) Find one million consecutivecompositeintegers.
I l.
Show that there are no "prime triplets", i.e. primes p, p + 2, and p + 4, other
than 3,5, and 7.
12. Show that every integer greater than 11 is the sum of two compositeintegers.
( problem 17 of Section 1.1) to show that
13. Use the principle of inclusion-exclusion
-n
o(n):(o(.6-)-r)
tl*
.
l-l
l p ,I
+l-ll
l p ,l )
l*l .l*l . +lrnl

wherept,pz,...,p,are the primeslessthan or equal to ^6 (with r:zr<Jill.
(Hint: Let propertyPi,,...,i,be the propertythat an integeris divisibleby all of
52
The Integers
Pi,,...,pi,,and use problem 23 of Section 1.2.)

14. Use problem l3 to find zr(250).
15' il show that the polynomial x2 x * 4l is prime for all integers x with
0 ( I < 40. Show, however,that it is composite
for x : 4i.
b) Show that if f (x) : onxn + an-,x;-t +
* a1x r as where the
coefficientsare integers, then there is an integer y
such that f(y) is composite.
(Hint: Assume that
is prim., unJsho* p divides (x+kfl
f(x) :p
for ail
f
integers ft ' conclude from the faci that a polynomial
of degree z takes on each
value at most n times, that there is an integer y
suctr that f(y) is composite.)
16' The lucky numbers are generated by the following
sieving process. Start with
the positive integers. Begin the process by crossing
out every second integer in
the list' starting your count with the integer t. other
than I the smallestinteger
left is 3, so we continue by crossing out every third integer
left, starting the
count with the integer l. The next integer left is 7, so we cross
out every seventh
integer left. Continue this process,where at each stage we
cross out every kth
integer left where & is the smallest integer left other than
one. The integers that
remain are the lucky numbers.
a)
Find all lucky numbers less than 100.
b)
show that there are infinitery many rucky numbers.
17. Show that if p is prime and I ( t
( p, then the binomial coefficient
divisibleby p.
[;]
,,

l'
Decide whether an integer is prime using trial division of the

integer by all
primes not exceedingits square root.
2.
Use the sieve of Eratosthenesto find all primes less than 10000.
3'
Find zr(n), the number of primes lessthan or equal to rz, using problem
13.
4.
verify Goldbach's conjecture for all even integers less than 10000.
5.
Find all twin primes less than 10000.
6.
Find the first 100 primes of the form n 2 + l.
7.
Find the lucky numbers less than 10000 (see problem 16).
GreatestCommonDivisors
and Prime Factorization
2.1 GreatestCommonDivisors
If a and b are integers, that are not both zero, then the set of common
divisorsof a and 6 is a finite set of integers,alwayscontainingthe integers*l
and -1. We are interestedin the largest integer among the common divisors
of the two integers.
Definition. The greotest common divisor of two integers a and b, that are
not both zero, is the largest integer which divides both a and b.
The greatestcommondivisor of a and b is written as (a, b).
Example. The commondivisorsof 24 and 84 are t l, J.2, +3, 1.4, t6, and
+ 12. Hence Q+, g+) : 72. Similarly, looking at setsof commondivisors,we
f i n dt h a t ( 1 5 , 8 1 ): 3 , ( 1 0 0 , 5 ) : 5 , ( I 7 , 2 5 ) : l , ( 0 , 4 4 ): 4 4 , ( - 6 , - 1 5 ) : 3 ,
and (-17, 289) : 17.
We are particularly interested in pairs of integers sharing no common
divisorsgreaterthan l. Such pairs of integersare called relatively prime.
Definition. The integers a and b are called relatively prime if a and b have
greatestcommondivisor (a, b) : l.
Example. Since Q5,42) : 1,25 and 42 are relativelyprime.
53
54
GreatestCommonDivisorsand prime Factorization
Note that since the divisors of -c are the same as the divisors of a, it
follows that (a, b) : (lal, la ll (where lc I denotesthe absolute value of a
which equalsa if a )0 and equals -a if a <0). Hence, we can restrict our
attentionto greatestcommondivisorsof pairs of positiveintegers.
We now provesomepropertiesof greatestcommondivisors.
Proposition 2.1. Let a, b, and c be integerswith G, b) : d. Then
(;)
(ii)
b /d , b l d ) : I
(atcb, b) : (a, b).
Proof. (D Let a and b be integers with (a,b) : d. we will show that a /d

and b/d have no common positivedivisorsother than 1. Assume that e is a
positiveinteger such that e I Q/d) and e I Qtal. Then, there are integersk
and I with ald : ke and b/d :Qe, such that a : dek and b : de[. Hence.
de is a common divisor of a and b. Since d is the greatestcommon divisor of
o and b,e must be l . Consequently,G /d , b /d) : l.
(ii) Let a, b, and c be integers. We will show that the commondivisorsof a
and b are exactly the same as the common divisors of a t cb and b. This
will show that (a *cb , b) : G, b). Let e be a common divisor of a and b .
By Proposition1.4, we see that e I b*cb), so that e is a common divisor of
a * cb and 6. It,f is a commondivisor of a * cb and b, then by Proposition
1.4,we seethat/ dividesb+cb) - cb : a, so thatf is a commondivisorof
a and b. Hence G*cb, b) : (a, b'). a
We will show that the greatestcommon divisor of the integersa and b, that
are not both zero,can be written as a sum of multiplesof a and b. To phrase
this more succinctly,we use the following definition.
Definition. If a and b are integers,then a linear combination of a and b is a
sum of the form ma * nD, where both rn and,n are integers.
We can now state and prove the following theorem about greatest common
divisors.
Theorem 2.1. The greatest common divisor of the integers a and b, that are
not both zero, is the least positive integer that is a linear combination of a and
b.
Proof. Let d be the least positive integer which is a linear combination of a
and b. (There is a least such positive integer, using the well-ordering
property, since at least one of two linear combinations l'a t 0'b and
55
2,1 GreatestCommonDivisors
GDa + 0'b, wherea 10, is positive.)We write
rz.rlR==r*
d:ma*nb,
w h e r em a n d n a r e p b f t @ i n t e g e r s .W e w i l l s h o w t h a t d l a a n d d l b .
By the divisionalgorithm,we have
a:dq*r,
0(r<d.
From'n"'o:'1'::^r:
:' ;: ;';::,b)
: e-qm)a - qnb
This shows that the integer r is a linear combination of a and D. Since

0 ( r 1d, and d is the least positive linear combination of a and b, we
concludethat r : 0, and henced I o. In a similar manner,we can show that
d I b.
We now demonstratethat d is the greatest commondivisor of a and b. To
show this, all we need to show is that any common divisor c of a and D must
d i v i d e d . S i n c ed : m a * n b ,
i f c l a a n d c l b , P r o p o s i t i o nl . 4 t e l l s u s t h a t
c I d. tr
We have shown that the greatestcommon divisor of the integersa and b,

that are not both zero. is a linear combinationof a and b. How to find a
particular linear combinationof a and D equal to G, D) will be discussedin
the next section.
We can also definethe greatestcommondivisor of more than two integers.
Definition. Let e1, e2,...,en be integers, that are not all zero. The
greatest common divisor of these integers is the largest integer which is a
divisor of all of the integers in the set. The greatest common divisor of
a t, a2, . . .c, , is denot e db y (a 1 ,a 2 ,,...,
a n ).
Example. We easilyseethat 02, 18, 30) :6
and (10, 15, 25) : 5.
To find the greatestcommon divisor of a set of more than two integers,we

can use the following lemma.
L,emma2.1. If
a1, a2,...,an are integers, that are not all zero, then
(a1, a2,..., an-1, an) :
(a1, a2r..., (on-r, a)).
Proof. Any common divisor of the n integers ar, e2,...,en_t, en is, in

particular, a divisor of ar-1 and an, and therefore, a divisor of (an_1,an).
56
GreatestCommonDivisorsand PrimeFactorization
Also, any commondivisor of the n-2 integers4 t, a2,...,on_2,and (an_1,an),

must be a commondivisor of all n integers,for if it divides (on-r, an), it must
divide both cr-1 and an Since the set of n integersand the set of the first
n-2 integers together with the greatest common divisor of the last two
integers have exactly the same divisors, their greatest common divisors are
equal. tr
Example. To find the greatest common divisor of the three integers
105,140,and 3 5 0 , w e u s e L e mma 2 .1 to see that (105, 140.350) :
( 1 0 5 ,( 1 4 0 , 3 5 0 ):) ( l 0 5 , 7 0 ) : 3 5 .
Definition. We say that the integers a1.e2,...,e1 are mutually relatively
prime if (a1, e2,...,an) : l. These integers 4re called pairwise relatively
prime if for each pair of integers4; and a; from the set, (ai, a1): l, that is,
if each pair of integersfrom the set is relatively prime.
It is easy to see that if integersare pairwise relatively prime, they must be
mutually relatively prime. However, the converseis false as the following
exampleshows.
Example. Considerthe integers15, 21, and 35. Since
( 1 5 , 2 r , 3 5 ) (: t s ,( 2 t , 3 5 ) ) :( r 5 , 7 ) : r ,
we see that the three integersare mutually relatively prime. However, they
are not pairwise relatively prime, b e c a u s(et S . z l ) : 3 , ( 1 5 , 3 5 ): 5 , a n d
(21,35):7.
2.1 Problems
l.
Find the greatestcommon divisor of each of the following pairs of integers
il 15,35
b) 0,lll
c) -12.t8
d) 99, 100
e ) 1l , l 2 l
f) 100,102
Show that if a and b are integerswith (a, b) : l, then (a*b, a-b) : I or 2.

Show that if a and b are integers, that are not both zero, and c is a nonzero
i n t e g e r t, h e n ( c a, c b ) : l c l b , b \ .
4 . What is (a2+b2,a*b), where a and b are relatively prime integers,that are not
both zero?
57
2.1 GreatestCommonDivisors
5 . Periodicalcicadasare insectswith very long larval periodsand brief adult lives.

For each speciesof periodical cicada with larval period of 17 years, there is a
similar specieswith a larval period of 13 years. If both the l7-year and l3-year
speciesemerged in a particular location in 1900, when will they next both
emerge in that location?
6 . a) Show that if a and b are both even integers, that are not both zero, then
(a, b) : 2fu/2,b/2).
b) Show that if a is an even integer and b is an odd integer, then
G , b \ : G 1 2 b, ) .
7 . S h o w t h a t i f a , b , a n d c a r e i n t e g e r ss u c ht h a t G , b ) :
I and c I G*b), then
k,a):(c,D)-L
8 . il
Show that if a,b,

(a, bc) : L
and c
a r e i n t e g e r sw i t h b , b ) :
(a, c) : l, then
b) Use mathematicalinductionto showthat if at, a2,...,anare integers,and b is

: (on, b) - l, then
another integer such that (ar b) : (az, b) :
( a p 2 ' ' o n ,b ) : l .
9 . S h o wt h a t i f a , b , a n d c a r e i n t e g e r sw i t h c I a b , t h e n c | ( a , c ) ( b , c ) .
1 0 . a) Show that if a and b are positiveintegerswith (a , b) : l, then (an, bn) : I
for all positiveintegersn.
b) Use part (a) to prove that if a and b are integerssuch that a' I bn where n
is a positiveinteger,then c I b.
ll.
Show that if a, b and c are mutually relatively prime nonzero integers, then
G, bd : (a,b)(a,c),
T2, Find a set of three integersthat are mutually relatively prime, but not relatively
prime pairwise. Do not use examplesfrom the text.
1 3 . Find four integersthat are mutually relatively prime, such that any two of these
integersare not relativelyprime.
1 4 . Find the greatestcommondivisor of each of the following setsof integers

a) 8, lo, 12
b) 5,25,75
c ) 99,9999, 0
d) 6,15,21
e) -7,28, -35
f) 0,0, l00l .
1 5 . Find three mutually relatively prime integers from among the integers
6 6 , 1 0 5 ,4 2 , 7 0 , a n d 1 6 5 .
1 6 . Show that ar, a2,...,an are integers that are not all zero and c is a positive
integer,then (cat, caz,...,can)- c(a6 a2...,an).
58
t7.
Show that the greatestcommon divisor of the integersat, o2,...,an, that are not
all zero,is the least positiveinteger that is a linear combinationof a t, at,..., an.
r 8 . Show
that if k is an integer, then the six

6k+2, 6k +3, 6k+5, are pairwiserelativelyprime.
r 9 . Show that if
integers 6k-l, 6k +l ,
k is a positiveinteger,then 3k *2 and 5k +3 are relatively prime.
20.
Show that every positive integer greater than six is the sum of two relativelv
prime integersgreater than I .
2t.
a) Show that if a
(a'-b^)l(a-b).a-b)
and b are relatively prime positive integers, then

: I or n.
b) Showthat if o and b arepositiveintegers,

then ((an-b'\/G-b), a-b) :
( n ( a ,b ) r - t , a - b ) .
2.1 ComputerProjects
l.
Write a programto find the greatest

commondivisorof two integers.
2.2The Euclidean
Algorithm
We are going to develop a systematicmethod, or algorithm, to find the
greatestcommon divisor of two positive integers. This method is called the
Euclidean algorithm. Before we discuss the algorithm in general, we
demonstrateits use with an example. We find the greatestcommon divisor of
30 and 72. F i rs t, w e u s eth e d i v i s i o na l g o ri t hmto w ri teT2:30' 2 + 12, and
( 3 0 ,7 2 - 2 . 3 0 ) : ( 1 0 , t 2 ) .
w e u s e P r o p o s i t i o 2n . 1 t o n o t e t h a t $ 0 , 7 D :
Another way to see that (J,0,7D: (30, 12) is to notice that any common
divisor of 30 and 72 must also divide 12 because12 : 72 - 30'2. and
conversely,any common divisor of 12 and 30 must also divide 72, since
72: 30' 2+ 12 . N o te w e h a v e re p l a c e d7 2 b y the smal l ernumber 12 i n our
(30, l2). Next, we use the divisionalgorithm
computationssince 02,30):
again to write 30 : 2'12 + 6. Using the samereasoningas before,we seethat
( 30, 12) : ( 12 ,6 ).
we
now
see that
Be c a u s e 1 2 : 6 ' 2 * 0,
02, O : (6, 0) : 6. Consequently,we can conclude that (72,30) : 6,
without finding all the commondivisorsof 30 and 72.
We now set up the generalformat of the Euclideanalgorithm for computing
the greatestcommondivisor of two positiveinteger.
The EuclideanAlgorithm. Let rs : a and r r : b be nonnegativeintegerswith
b I 0. If the division algorithm is successively applied to obtain
r i : r i + t Q i * ,I r i + 2 w i t h 0 1 r i + 2 1 r i + t f o r 7 : 0 , 1 , 2 , . . . , n - 2 a n d r , : 0 ,
ot=bt *f^
O<rr<b
59
2.2 Th e E uc lideanA l g o ri th m
then (a , b) -- r,-1, the last nonzeroremainder.

From this theorem,we see that the greatestcommon divisor of c and b is
the last nonzero remainder in the sequenceof equations generated by
using the division algorithm, where at each step, the dividend and
successively
divisor are replacedby smaller numbers,namely the divisor and remainder.
To prove that the Euclidean algorithm producesgreatestcommon divisors,
the following lemma will be helpful.
Lemma 2.2. If c and d are integers and c : dq * r where c and d ate
i n teger st,hen ( c , d) : (d , r).
Proof. If an integer e dividesboth c and d, then sincer : c-dq, Proposition
from
I f e l d a n d e l r , t h e n s i n c ec : d q l r ,
1 . 4 s h o w st h a t e l r .
Proposition1.4, we seethat e I c. Since the common divisorsof c and d are
the sameas the commondivisorsof d and r, we seethat k, d) : (d, r). tr
We now prove that the Euclideanalgorithm works.
Proof. Let r0: e and rr : b be positive integers with a 7 b.
successively
applying the divisionalgorithm, we find that
0<
0<
fg
rtQt*rZ
f y
r2Q2* rt
tn-3
fn-2Qn-Z * fn-t
f n-2 :
I n-l :
fn-lQn-t
* fn
0
0
By
r2
r3
( rr-r
(r,
lnQn
We can assumethat we eventuallyobtain a remainder of zero since the

se quenc eof r em aind e rsa : ro l r1 > . 1 2 > .
) 0 cannot contain more
than c terms. Bv Lemma 2.2. we see that ( a , b ) : ( r s , r 1 ) : ( r l , r z ) :
(rn-r, fn-t) :
(rr-r, rr) :
(rr,0) : rn. H ence
(rr., r)
( a , b ) : r-. the last nonzeroremainder. tr
We illustrate the useof the Euclideanalgorithm with the following example.
Example. To find (252, 198), we use the division algorithm successivelyto
obtain
60
2 5 2 : l . 1 g g+ 5 4
198:3'54 +36
54:1'36 +18
36 : 2.18.
H e n c eQ S Z . 1 9 8 ) : 1 8 .
Later in this section, we give estimates for the maximum number of
divisions used by the Euclidean algorithm to find the greatest common divisor
of two positive integers. However, we first show that given any positive integer
n, there are integersa and b such that exactly n divisionsare required to find
G, b) using the Euclidean algorithm. First, we define a special sequenceof
integers.
Definition. The Fibonacci numbers ur, u2, u3,... are defined recursively by
t h e e q u a t i o nas t : u 2 : I a n d u n : u n - t * u n - 2 f o rn 2 3 .
Us ing t he de fi n i ti o n , w e s e e th a t u 3 : tt2 * yt: I t | : 2, u3l u2
: 2 * I : 3, and so forth. The Fibonacci sequencebegins with the integers
1 , 1 , 2 , 3 , 5 , 8 1 3 , 2 1 , 3 4 , 5 5 ,8 9 , I 4 4 , . . . . E a c h s u c c e e d i nt g
erm is obtained
by adding the two previousterms. This sequenceis named after the thirteenth
century ltalian mathematicianLeonardodi Pisa, also known as Fibonacci,who
used this sequenceto model the population growth of rabbits (see problem 16
at the end of this section).
In our subsequentanalysis of the Euclidean algorithm, we wil! need the
following lower bound for the nth Fibonacci number.
Theorem 2.2. Let n be a positive integer and let cu: ( l+-.8) /2.
unlan-2forn73.
Then
Proof. We use the second principle of mathematical induction to prove the

desired inequality. We have a 1 2: u3, so that the theorem is true for
n :3.
Now assumethat for all integersk with k 4 n, the inequality
ok-2 1 ut
holds.
S i n c ea : ( l + r f r / 2
Hence,
otn-l :
- I : 0 , w e h a v ea 2 : a * l .
i s a s o l u t i o no f x 2 - x
o2.on-3:
(a*l).ar-3
s1n-2 *
an-3
2.2 T he E uc lidean Al g o ri th m
61
By the induction hypothesis,we have the inequalities

an-2 < un, otn-31 un-t ,
Therefore, we conclude that
or'-l lun*un-l-un*l
This finishesthe proof of the theorem. tr

We now apply the Euclidean algorithm to the successiveFibonacci numbers
34 and 55 to find (34. 55). We have
55:34'l+21
34:21'l+13
2l: l3'l + 8
13:8'1 + 5
8 : 5'1 * 3
* 2
5:3'l
* I
3:2'l
2: l'2.
We observe that when the Euclidean algorithm is used to find the greatest
common divisor of the ninth and tenth Fibonacci numbers, 34 and 55, a total
of eight divisions are required. Furthermore, (34, 55) : 1. The following
theorem tells us how many divisions are needed to find the greatest common
divisor of successiveFibonacci numbers.
Theorem 2.3. Let unrr and unt2 be successive terms of the Fibonacci
sequence. Then the Euclidean algorithm takes exactly n divisions to show that
(u n*r , ur a2): l.
Proof. Applying the Euclidean algorithm, and using the defining relation for
the Fibonacci numbers ui : uj-r I ui-z in each step, we seethat
lln*2: Un*t'l t Un,
Un*l: Un'l + Un-1,
Lt4: u3'1* u2'

It3 : tt2'2.
Hence, the Euclidean algorithm
( u n q 2 , t l n q r ): u z - l . E
takes exactly
divisions, to show that
62
Greatest Common Divisorsand Prime Factorization
We can now prove a theorem first proved by Gabriel Lame', a French

mathematician of the nineteenth century, which gives an estimate for the
number of divisions needed to find the greatest common divisor using the
Euclidean algorithm.
Lam6's Theorem. The number of divisions neededto find the greatest common
divisor of two positive integers using the Euclidean algorithm does not exceed
five times the number of digits in the smaller of the two integers.
Proof. When we apply the Euclidean algorithm to find the greatest common
divisor of a : re and b :r 1 with a ) b, we obtain the following sequenceof
equations:
:
fg
f1
rtQt*rZ,
:rZ4Z*rt,
fn-2
fn-tQn-t
fn-l
tnQn,
0(rz1rr,
0(131rz,
rr,
0 (
rn 1
rn-t,
We have used n divisions. We note that each of the quotientsQt, Q2,...,Qn-l

is greater than or equal to l, and Qn 7 2, sincern 1rn-1. Therefore,
rr2l:ur,
rn-t 2 2rn 2 2u2: u3,
rn-z 2 rn-t * rn 2 ut * u2: u4,
rn-l 2 rn-z * rn-t 2 uq * u3: tt5,
rz)13*14
b:'r2rz
7 unq * un-z: u*
* rt 7 u n * u n-t : un+ l
Thus, for there to be n divisions used in the Euclidean algorithm, we must

have b 7 un+r. By Theorem 2.2, we know that unay ) qn-r for n ) 2 where
a: (l+.,8)/2. Hence, b ) an-r. Now, since loglsa > 1/5, we seethat
l o g rq b > h -l )l o g l s a
> (C I-l ) /5.
Consequently,
n-l(S'logleb.
63
2 .2 T he E uc lidean Al g o ri th m
Let b have k decimal {igits, so that b < 10ftand loglsb < k. Hence, we see
that n - I < 5k and since /c is an integer, we can conclude that n < 5k.
This establishesLam6's theorem. tr
The following result is a consequence
of Lam6's theorem.
Corollary 2.1. The number of bit operations needed to find the greatest
integers
of twopositive
a and, yy
divisor
common
ir;;i.:f$;:ri?',
Proof. We know from Lam6's theorem that O Qogra) divisions, each taking
O(log2a)2) bit operations,are neededto find fu, b). Hence, by Proposition
1.7, (a, b) may be found using a total of O((log2a)3) bit operations. D
The Euclideanalgorithm can be used to expressthe greatestcommon divisor
of two integers as a linear combination of these integers. We illustrate this by
expressing(252, 198) : l8 as a linear combinationof 252and 198. Referring
to the stepsof the Euclideanalgorithm used to find (252, 198), from the next
to the last step, we seethat
18:54-l'36.
From the secondto the last step, it follows that
36:198-3'54,
which implies that
1 8: 5 4 - t . ( 1 9 8 - 3 . 5 4: ) 4 . 5 4 - 1 . 1 9 8 .
Likewise, from the first stepwe have
54:252 - l'198.
so that
l 8 - 4 ( 2 5 2 - 1 . 1 9 8- ) 1 . 1 9 8: 4 . 2 5 2 - 5 . 1 9 8 .
This last equationexhibits l8 : (252, 198) as a linear combinationof 252 and
l 98.
In general,to see how d : (a, b) may be expressedas a linear combination
of a and 6, refer to the series of equations that is generated by use of the
Euclideanalgorithm. From the penultimateequation,we have
rn: (a, b) :
Thi s e x pr es s es
b, b) ' a s
r n - 2 - r n - r Q n - .r
a l i n e a r c o mb i n a ti o no f rr-2e,fi drr-1. The secondto
64
the last equation can be used to expressr2-1 &S rn-3 -rn-zen-z . Using this
last equation to eliminate rn-1 in the previousexpressionfor (4,6), we find
that
ln:
ln-3-
fn-24n-2,
so that
b, b) : rn-2- (rn4-rn-zQn-z)en-r
-- (l + q rn Qn -z )rn -zQn-rrn-3,
which expressesb, b) as a linear combinationof rn-2 zfid r,4. We continue
working backwards through the steps of the Euclidean algorithm to express
G, b) as a linear combinationof each precedingpair of remaindersuntil we
havefound (a, b) as a linear combinationof to: a and 11- b. Specifically,
if we have found at a particular stagethat
G,b):sriltrit,
then, since
ti:
ti_2- ri_tQi_r,
we have
b,b) : s (ri-z*ri-g1-r) * tr1-r
: Q-sqt-)ri-r * sri-2.
This showshow to move up through the equationsthat are generatedby the
Euclidean algorithm so that, at each step, the greatestcommon divisor of a
and b may be expressedas a linear combination of a and b.
This method for expressingG, b) as a linear combinationof a and b is
somewhatinconvenientfor calculation, becauseit is necessaryto work out the
steps of the Euclidean algorithm, save all these steps, and then proceed
backwardsthrough the steps to write G,b) as a linear combinationof each
successivepair of remainders. There is another method for finding b,b)
which requires working through the steps of the Euclidean algorithm only
once. The following theoremgivesthis method.
Theorem 2.4. Let a and b be positive integers. Then
fu,b):sna+tnb,
defined
for n:0,1,2,..., where,sn andtn are the nth terms of the sequences
recursivelyby
65
2.2 The Euclidean Algorithm
SO: l, /0:0,
sl :0, /l : l,
and
si : Si*z- ?i-tsi-t, tj : tj-z - Q1-zt1-t
for 7 :2,3, ..., fl, where the q;'s are the quotientsin the divisionsof the
Euclideanalgorithm when it is usedto find G,b).
Proof. We will prove that
ri : sia + tjb
Q.D
for 7 : 0, I ,...,fl. Since G,b) : r, once we have established(2.2), we will

know that
G,b):sna+tnb.
We prove (2.2) using the secondprinciple of mathematicalinduction. For
:0,
we hav e a : r0 : l ' a * 0 ' b : s s a* ts b . H ence, Q.D i s val i d for
l
j : 0 . L i k e w i s eb, : r r : 0 ' a + l ' b : s l c + t f t , s o t h a t Q . D i s v a l i d f o r
j : l.
Now, assumethat
ri:Sia+tjb
for 7 : 1,2,..., k-1. Then, from the kth step of the Euclideanalgorithm,we
have
tk : rk-2 - r*_lQt-l .
Using the inductionhypothesis,we find that
r1 : (s1-2a*tp-2b) - (s1raa*t1r-1b)
Q*-r
: (s 1 -2 -s * -tq * -)a * Qp 2 -t* -r q* -)b
:Ska+tkb.
This finishesthe proof. tr
The following example illustrates the use of this algorithm for expressing
(a,b) as a linear combinationof a and b.
Example. Let a :252 and D : 198. Then
66
so: l,
sl :0,
J2:S0-sql:l0'l:1,
J 3 : S t - S Z Q z : 0- l ' 3 : - 3 ,
s 4 : s 2- s t Q t : I - ( - l ) ' t : 4 ,
lo:0,
Ir : 1,
tZ:tO-ttQt:01 . 1: - 1 ,
t 3 : t t - 1 Z Q Z :1 - ( - l ) 3 : 4 ,
t q : t z - t t Q z : - l - 4 . 1: - 5 .
S i n c e1 4 : 1 8 : ( 2 5 2 , 1 9 8 )a n d 1 4 : s 4 o+ t 4 b , w e h a v e
1 8 - ( 2 5 2 ,1 9 8 ): 4 . 2 5 2- 5 . 1 9 8.
It should be noted that the greatestcommon divisor of two integersmay be
expressedin an infinite number of different ways as a linear combination of
theseintegers. To seethis, let d : (a,b) and let d : so I tb be one way to
write d as a linear combination of a and b, guaranteed to exist by the
previousdiscussion.Then
d : (s - k(b/d))a + Q - kb/d))b
for all integersk.
Example. With a :252 and b : 198, lB:
(-S - l4k)198 whcneverk is an integer.
(252, 198) :
(+ - t Ik)252 +
2.2 Problems
l.
Use the Euclidean algorithm to find the following greatest common divisors
il (45,75)
c) (ooo,
r+r+)
b) 002,22D
d) (2078S,44350).
2.
For each pair of integers in problem l, expressthe greatest common divisor of

the integers as a linear combination of these integers.
3.
For each of the following sets of integers, expresstheir greatest common divisor
as a linear combination of these integers
il
6, 10,l5
b)
7 0 , 9 8 ,1 0 5
c)
2 8 0 ,3 3 0 , 4 0 5 , 4 9 0 .
4. The greatest common divisor of two integers can be found using only
subtractions, parity checks, and shifts of binary expansions,without using any
divisions. The algorithm proceedsrecursively using the following reduction
67
2.2 The Euclidean Algorithm
I,
G.b):
if a:b
)2 k l L ,b/2 ) if a and 6 are even
l{o/z,t)
-D,b)
if a is even and b is odd

if a and b are odd.
[(a
a)
Find (2106,8318) usingthis algorithm.
b)
Show that this algorithm always produces the greatest common divisor of a
pair of positiveintegers.
5. In problem 14 of Section 1.2, a modified division algorithm is given which says

that if a and 6 > 0 are integers,then there exist unique integersq,r, and e
such that a : bq * er, where e - tl,r
) 0, and -blz < er { bl2. We can
set up an algorithm, analogous to the Euclidean algorithm, based on this
modified division algorithm, called the least-remainder algorithm. It works as
follows. Let rs: a and rr: b, where a ) b 7 0. Using the modified division
algorithm repeatedly,obtain the greatest common divisor of a and b as the last
nonzeroremainder rn in the sequenceof divisions
ro :
rn-Z :
fn-l :
rtQr * e2r2,
-rtlz
1 e2r2 4 ,tlz
ln-tQn-t I enrn,
7n4n'
-rn-tl2
enrn 4, rn-tl2
a)
Use the least-remainderalgorithm to find (384, 226).
b)
Show that the least-remainder algorithm always produces the greatest

common divisorof two integers.
c)
Show that the least-remainderalgorithm is always faster, or as fast, as the

Euclidean algorithm.
d)
Find a sequenceof integers v6, V1,v2,... such that the least-remainder

algorithm takes exactly n divisionsto find (vn*,, vn+z).
e)
Show that the number of divisions needed to find the greatest common
divisor of two positive integers using the least-remainderalgorithm is less
than 8/3 times the number of digits in the smaller of the two numbers,plus
413.
6 . Let m and n be positive integers and let a be an integer greater than one. Show
that (a^-1, an-l) - a(^' n)- l.
7 . In this problem, we discuss the game of Euclid. Two players begin with a pair
of positive integers and take turns making movesof the following type. A player
can move from the pair of positiveintegers{x,y} with x 2 y, to any of the pairs
where / is a positive integer and x-ty 2 0. A winning move
[x-ty,yl,
68
consistsof moving to a pair with one element equal to 0.

a)
Show that every sequence of moves starting with the pair {a, bl must
eventuallyend with the pair {0, (a, b)}.
b)
show that in a game beginning with the pair {a, b},1he first player may
play a winning strategy if a - 6 or if a 7 b0+ Jil/z;
otherwisethe
second player mgr play a winning strategy. (Hint: First show that if
y < x ( y(t+VS)/Z then thge is a unique move from l*,Ol that goes to
a pair lt, r| with y > ze+Jil/z.)
In problems8 to 16, un refers to the nth Fibonaccinumber.

8. Show that if n is a positiveinteger,then rz1l u2 I
I ttr:
9. Show that if n is a positiveinteger, then unapn-r - u] :
GD'.
10. Show that if n is a pqsitive integer, then un:

o : (t+.,6) /2 andp : Q-'./-il/2.
ll.
un+z- l.
(c'n-0\/'..fs, where
Show that if m and n arepositiveintegerssuch that m I n, then u^ | un.
12. Show that if m and n are positiveintegers,then (u^, un) : u(m,il.

13. Show that un is even if and only if 3 | n.
(t 'l
t4. Letu: li i,.

a)
b)
Show that Un :
Irn*, Itn I
lu,
u^_r)
Prove the result of problem 9 by consideringthe determinant of Un.
15. We define the generalized Fibonacci numbers recursively by the equations

gr- a, E2: b, and gn - gn-t* gr-zfor n 2 3. Showthat gn: oun-2* bun-1
for n )- 3.
16. The Fibonacci numbers originated in the solution of the following problem.
Supposethat on January I a pair of baby rabbits was left on an island. These
rabbits take two months to mature, and on March I they produce another pair of
rabbits. They continually produce a new pair of rabbits the first of every
succeeding month. Each newborn pair takes two months to mature, and
producesa new pair on the first day of the third month of its life, and on the first
day of every succeedingmonth. Show that the number of pairs of rabbits alive
after n months is precisely the Fibonacci number un, assuming that no rabbits
ever die.
17. Show that every positive integer can be written as the sum of distinct Fibonacci
numbers.
2.3 The Fundamental Theorem of Arithmetic
69

l.
Find the greatestcommondivisor of two integersusing the Euclideanalgorithm.
2.
Find the greatest common divisor of two integers using the modified Euclidean
algorithm given in problem 5.
3.
Find the greatest common divisor of two integers using no divisions (see problem
0.
4.
Find the greatest common divisor of a set of more than two integers.
5.
Express the greatest common divisor of two integers as a linear combination of

theseintegers.
6.
Express the greatest common divisor of a set of more than two integers as a
linear combination of these integers.
7.
List the beginning terms of the Fibonacci sequence.
8.
Play the game of Euclid describedin problem 7.
2.3 The FundamentalTheoremof Arithmetic

The fundamental theorem of arithmetic is an important result that shows
that the primes are the building blocks of the integers. Here is what the
theoremsays.
The Fundamental Theorem of Arithmetic. Every positive integer can be
written uniquely as a product of primes,with the prime factors in the product
written in order of nondecreasing
size.
Example. The factorizationsof somepositive integersare given by
2 4 0: 2 . 2 . 2 . 2 . 3:. 5 2 4 . 3 . 5 , 2 8: 9 1 7 . 1 7: 1 i 2 . 1 0 0 1: 7 . 1 1 . 1 3
.
Note that it is convenient to combine all the factors of a particular prime
into a power of this prime, such as in the previous example. There, for the
factorization of 240, all the fdctors of 2 were combined to form 24.
Factorizationsof integers in which the factors of primes are combined to form
powersare called prime-power factorizations.
To prove the fundamental theorem of arithmetic, we need the following
lemma concerningdivisibility.
Lemma 2.3. lf a, b, and c are positive integers such that (a, b) : I and
70
a I bc , t hen a I c ,
Proof. Since G,b):
1, there are integersx and y such that ax * by : y.
Multiplying both sides of this equation by c, we have acx * bcy: c. By
Proposition1.4, a divides acx * 6cy, since this is a linear combinationof a
and bc, both of which are divisibleby a. Hencea I c. a
The following corollary of this lemma is useful.
Corollary 2.2. If p dividasap2
an wherep is a prime and c r, a2,...,on
are positive integers, then there is an integer i with I < t ( n such that p
dividesa;.
Proof. We prove this result by induction. The case where n : I is trivial.
Assume that the result is true for n. Consider a product of n * t, integers,
ar az
aral that is divisibleby the prime p. Sincep I ar az
on*t:
(a1a2
an)ana1,we know from Lemma 2.3 that p I ar az
en or
p I ar+r. Now, it p I ar az
a' from the induction hypothesisthere is an
integer i with 1 < t ( n such Ihat p I ai. Consequentlyp I a; for some i
w i t h l < t < n * 1 . T h i s e s t a b l i s h e s t h e r e s ut rl t .
We begin the proof of the fundamental theorem of arithmetic. First, we
show that every positive integer can be written as the product of primes in at
least one way. We use proof by contradiction. Let us assume that some
positive integer cannot be written as the product of primes. Let n be the
smallest such integer (such an integer must exist from the well-ordering
property). lf n is prime, it is obviously the product of a set of primes, namely
t h e o n e p r i m e n .S o n m u s t b e c o m p o s i t Le e. t n : a b , w i t h | 1 a ( n a n d
| 1 b I n. But since a and b are smaller than n they must be the product
of primes. Then, since n : ab, we conclude that n is also a product of
primes. This contradictionshowsthat every positiveinteger can be written as
the product of primes.
We now finish the proof of the fundmental theorem of arithmetic by
showing that the factorization is unique.
Supposethat there is a positive interger that has more than one prime
factorization. Then, from the well-ordering property, we know there is a least
integer n that has at least two different factorizationsinto primes:
fl:PtPz
Ps:QtQz
Qt,
w h e r ep t , p 2 , . . . , p s , Q t , . . . , 4atr e a l l p r i m e s ,w i t h p r ( p z (
(q'.
{r(42(
( p, and
71
We will s how t ha t p t: Qr,p 2 : Q2 ,...,a n d c o nti nueto show that each of

p's and q's are equal, and that the number of prime factors in
the successive
the two factorizations must agree, that is s : /. To show that pr: Qr,
assumethat pr * qy Then, either pr ) 4r or pr 1 Qr By interchanging
we can assumethat pr ( qr. Hence,pr 1q; for
the variables,if necessary,
i : 1, 2, . . . , ts inc e41 i s th e s m a l l e sot f th e q ' s . H e nce,pr tr qi for al l i . B ut,
from Corollary 2.2, we see that pr I qflz
et : tt. This is a
pr : Qr
contradiction.
Hence, we
can
conclude that
and
p s : QzQt
n/pr: pz pt
n
l
p
l
i
s
i
nteger
smal
l
er
than
S
i
n
c
e
an
Qt.
n, and since n is the smallest positive integer with more than one prime
factorization,nfpl con be written as a product of primes in exactly one way.
Hence, each pi is equal to the correspondingq;, and s : /. This proves the
uniquenessof the prime factorization of positive integers. tr
The prime factorization of an integer is often useful. As an example, let us
find all the divisorsof an integer from its prime factorization.
Example. The positivedivisorsof 120 : 233'5 are thosepositiveintegerswith
prime power factorizationscontaining only the primes 2,3, and 5, to powers
lessthan or equal to 3, 1, and l, respectively.Thesedivisorsare
I
2
22: 4
23:8
3
2 ' 3: 6
22.3: 12
z3-3: 24
5
2 ' 5: 1 0
22.5: 20
23.5: 40
3'5:15
2 ' 3 ' 5: 3 0
223.5: 6o
: l2o .
23.3.s
Another way in which we can use prime factorizations is to find greatest

common divisors. For instance,supposewe wish to find the greatest common
divisor of 720 : 2432'5and 2100 : 223'52'7. To be a commondivisor of both
720 and 2100, a positiveinteger can contain only the primes 2, 3, and 5 in its
prime-power factorization, and the power to which one of these primes appears
cannot be larger than either of the powersof that prime in the factorizations
of 720 and 2100. Consequently,to be a common divisor of 720 and 2100, a
positive integer can contain only the primes 2,3, and 5 to powers no larger
than2, l, and l, respectively.Therefore,the greatestcommon divisor of 720
and 2100is 22. 3. 5: 6 0 .
To describe, in general, how prime factorizations can be used to find
greatestcommondivsors,let min(a, D) denotethe smaller or minimum, of the
two numbers d and 6. Now let the prime factorizationsof a and b be
o : pi,pi2 .. . p:., b : p'r,plz.. . p:,,

where each exponent is a nonnegativeinteger and where all primes occurring
72
in the prime factorizationsof c and of b are included in both products,

perhapswith zero exponents. We note that
fu,b):
pl'"k"0,)plinb,'b,
p:'n(oro,) ,
sincefor eachprimepi, a and b shareexactlymin(a;,6;) factorsof p;.

Prime factorizationscan also be used to find the smallestinteger that is a
multiple of two positive integers. The problem of finding this integer arises
when fractions are added.
Definition. The least common multiple of two positive integersa and D is the
smallestpositiveinteger that is divisibleby a and b.
The leastcommonmultiple of a and b is denotedby Io, bl.
Example. We have the following least common multiples: ll5,2l l:
lZ q, X l : 72, l Z , Z 0 l : 2 A ,a n d [7 , l l l : 7 7.
105,
Once the prime factorizations of a and b are known, it is easy to find

p l r. a n d ,b : p i ,pur2 .. . pun,w herept,pz,...,pn
I a, bl. I f a : p i ,p i ,
are the primes occurring in the prime-powerfactorizationsof a and b, then
for an integer to be divisible by both c and D, it is necessarythat in the
factorization of the integer, eachp; occurs with a power at least as large as ai
and bi. Hence, [a,b], the smallestpositiveinteger divisible by both a and b
is
la,bl:
pl
*Grb,)
Omaxb,'b,)
pf
*Gru')
where max(x, /) denotesthe larger, or maximum, of x andy.

Finding the prime factorization of large integers is time-consuming.
Therefore, we would prefer a method for finding the least common multiple of
two integers without using the prime factorizations of these integers. We will
show that we can find the least common multiple of two positiveintegersonce
we know the greatest common divisor of these integers. The latter can be
found via the Euclideanalgorithm. First, we prove the following lemma.
Iemma 2,4. If x
:x+y.
and y are real numbers, then max(x,y) + min(x,y)
then min(x,y):y and max(x,!):x, so that

P r o o f .I f x ) y ,
and
m a x ( x , y ) +m i n ( x , y ) : x * y .
If x <y, then min(xy):x
max(x,y): y, andagainwe findthat max(x,y)+ min(x,y) - x + y. tr
73
To find Ia, b l, once b, b) is known, we use the following theorem.

ab/G,b),,
Theorem 2.5. lf a and b ate positive integers,then la,bl:
where Ia, b I and G, b) are the least common multiple and greatestcommon
divisor of c and b, respectively.
pl' and
Proof. Let a and b have prime-power factorizations a : p\'pi'
t : pl'p!2 " ' p:', where the expnents are nonnegativeintegers and all
primes occurring in either factorization occur in both, perhaps with zero
exponents.Now let M1: max(c;, b;) and ffii -min(a1,b1). Then, we have
' pf'
l a , b l b , i l : p Y ' p Y ' p { ' p T ' p T' ' 2
: O{,+^,r{'*^' bY'*^'
: pl'+b'Oo'+b'
: p\'p;'
p:'*o'
pi'p"'
po^'
: ab.
si nceM i + f f ij:
m ax (a y ,b j ) + m i n (a r' ,b ):
a 1 * b 1 by Lemma2.4. tr
of the fundamentaltheoremof arithmetic will be

The following consequence
neededlater.
Lemma 2.5. Let m and n be relatively prime positive integers. Then, if d is
a positivedivisor of mn, there is a unique pair of positivedivisorsd 1 of m and
d2of n such that d : diz. Conversely,if dl and d2 are positivedivisor of z
then d : dfl2is a positivedivisors of mn.
andn, respectively,
Proof. Let the prime-power factorizations of m and n be m : pT'pT'
p : ' and n: q i ' q i 2 " ' q i ' . Si n c e (m,n ) - l , the set of pri mes
ptPz,. . . , P s and t he s e t o f p ri me s Qt,4 2 ,...,4 th a ve no common el ements.
Therefore,the prime-powerfactorizationof mn is
mn: pT'pT'
p!'qi'qi'
q:' .
Hence,if d is a positivedivisor of mn, then
d:pi'piz "' pi'q{'qI'

w h e r e0 ( e i
Now let
(mi
for i:1,2,...,s and 0(f
q{'
(n;
for 7:1,2,...,t.
74
dt : p't'ptz'
and
dr: q{'qI'
q{' .
Clearly
d : dfi2and(dr,d) : l. Thisis thedecomposition
of d wedesire.
Conversely,let dy and d2be positivedivisorsof m and n, respectively.Then
dr: p'r'ptr' p:'

wher e0 ( ei ( m i fo r i : 1 ,2 ,...,s , a n d
dr:
where0 < /j
q{'q['
( n; for j : 1,2,...,t.
q{'
The integer
d : dfi2: p'r'pi, . -. pi,q{,q[,
q{'
is clearly a divisor of
mn: p?'pT'
p!'qi'qi,
ql,,
sincethe power of such prime occurring in the prime-powerfactorizationof d

is less than or equal to the power of that prime in the prime-power
factorization of mn. tr
A famous result of number theory deals with primes in arithmetic
progressions.
Dirichlet's Theorem on Primes in Arithmetic Progressions. Let a and b be
relatively prime positive integers. Then the arithmetic progression
an * b, f l : 1,2 ,3 ,..., c o n ta i n si n fi n i te l ym a n y pri mes.
G. Lejeune Dirichlet, a German mathematician, proved this theorem in
1837. Since proofs of Dirichlet's Theorem are complicated and rely on
advanced techniques, we do not present a proof here. However, it is not
difficult to prove special cases of Dirichlet's theorem, as the following
propositionillustrates.
Proposition 2.2. There are infinitely many primes of the form 4n * 3, where
n rs a positiveinteger.
75
Beforewe provethis result, we first prove a useful lemma.

Lemma 2.6. lf a and b are integers both of the form 4n * l, then the
product ab is also of this form.
Proof. Since a and b are both of the form 4n * l, there exist integers r and
s such that a : 4r * 1 and D : 4s * 1. Hence,
ab:
( + r + t ) ( 4 s + 1 ): 1 6 r s* 4 r * 4 s * l : 4 ( 4 r s + r * s )
* l,
which is again of the form 4n * 1. tr

We now provethe desiredresult.
Proof. Let us assume that there are only a finite number of primes of the
f o r m 4 n f 3 , s a yP o : 3 , P t , P 2 ,. . . ,P r . L e t
Q:4prpz
P,*3.
Then, there is at least one prime in the factorizationof Q of the form 4n * 3.

Otherwise,all of these primes would be of the form 4n * 1, and by Lemma
2.6, this would imply that O would also be of this form, which is a
contradiction. However, none of the primes po, Pr,...,,Pndivides 0. The
p,,
prime 3 does not divide Q, for if 3 I Q, then I I (0-ll : 4pt pz
which is a contradiction. Likewise, none of the primes p; can divide Q,
p) :3 which is absurd. Hence,
becausepj I Q impliespi | (Q-4pr pz
there are infinitely many primesof the form 4n * 3. tr
2.3 Problems
L
of
Find the primefactorizations
a) 36
e) 222
b) 3e
c) 100
D 2s6
d sr5
j) sooo
k) 9s5s
D 5o4o
d) 289
h) 989
D 9999.
2. Show that all the powers in the prime-power factorization of an integer n are
even if and only if n is a perfect square.
3.
Which positive integers have exactly three positive divisors? Which have exactly
four positivedivisors?
4.
Show that every positive integer can be written as the product of a square and a
square-freeinteger. A square-free integer is an integer that is not divisible by
76
any perfect squares.

5. An integer n is called powerful if whenevera prime p divides n, p2 divrdesn.
Show that every powerful number can be written as the product of a perfect
squareand a perfect cube.
6. Show that if a and b are positiveintegersand a3 | b2, then a I b.
7.
Let p be a prime and n a positiveinteger. If p' I n, but po*' It n, we say that

po exactly divides n, and we write po ll n.
a)
Show that if po ll m andpb ll n, then po*b ll mn.
b)
S h o wt h a t i f p o l l m , t h e np k o l l m k .
c)
Show that if po ll m andpb ll n, then ominb'b)

il m+ n.
8. a) Let n be a positiveinteger. Show that the power of the prime p occurring in

the prime power factorization of n ! is
ln/pl + Inlpzl + ln/p3l +
b) Use part (a) to find the prime-power factorization of 20!.
9.
How many zerosare there at the end of 1000! in decimal notation? How many
in baseeight notation?
10. Find all positive integersn such that n! ends with exactly 74 zeros in decimal
notation.
ll.
Show that if n is a positiveintegerit is impossiblefor n! to end with exactly 153,

154, or 155 zeroswhen it is written in decimal notation.
12. This problem presentsan example of a system where unique factorization into
primes fails. Let H be the set of all positiveintegersof the form 4ft*1, where k
is a positiveinteger.
a)
Show that the product of two elementsof 11 is also in fI.
b)
An element h*l in 11 is called a"Hilbert prime" if the only way it can be

written as the product of two integersin ^FIis h: h'l : l'ft, Find the 20
smallestHilbert primes.
c)
Show every element of H can be factored into Hilbert primes.
d)
Show that factorization of elements of FI into Hilbert primes is not

necessarilyunique by finding two different factorizationsof 693 into Hilbert
primes.
13. Which positiveintegersn are divisibleby all integersnot exceeding,,/;t

14. Find the least common multiple of each of the following pairs of integers
77
a)
b)
c)
8,12
14,15
28, 35
d)
e)
f)
lll,3o3
2 5 6 ,5 0 4 0
3 4 3 ,9 9 9 .
15. Find the greatestcommondivisorand leastcommonmultipleof the following

pairsof integers
a) 22335s11,27355372
b)
2 . 3 . 5 . 7 I. '11 3 , 1 7 . t 9 . 2 3 . 2 9
c)
2 3 5t7t ' 3 , 2 . 3 . 5 . 1 t. .1t 3
d)
4 7 t t 7 g t n l 0 lr m r , 4 rl r 8 3 r r r l 0 l1 0 0 0 .
1 6 . Show that every common multiple of the positiveintegersa and b is divisibleby

the leastcommon multiple of a and b.
t 7 . Which pairs of integers a and D have greatest common divisor 18 and least
commonmultiple 540?
1 8 . Show that if a and b are positive integers, then (a , il
fu, b) : la, bl?
| la, bl. When does
1 9 . Show that if a and b are positive integers, then there are divisors c of a and d
o f b w i t hG , d ) :
I a n dc d : l a , b l .
20. Show that if a, b, and c are integers,then [a, Ull c if and only if a I c and
b I c.
21. a) Show that if a and b are positiveintegersthen (a,b) :
(a*b,la,bD.
b) Find the two positive integers with sum 798 and least common multiple
l 0780.
22. Show that if a,b, and c are positiveintegers,then (la, bl, t) : lG, c), (b, c)l
and lfu, b) , cJ : ([4, cl, lb , cl) .
23. a) Show that if a,b, and c are positiveintegers,then

m a x ( a , b , c ): a * b * c - m i n ( a , b ) - m i n ( a , c ) - m i n ( D , c )
* min(a,b,c).
b) Use part (a) to show that
a,brcla
'br'c.) .
.
G , b ) G , c ) ( b, c )
where
24. Generalizeproblem 23 to find a formula for (ay,a2,...,on)'1d1,a2,...,an1
positive
are
a 1.a2,...,a
integers.
n
[a,b,clla,b,cl :
25. The least common multiple of the integers a1,a2,...,an,

that are not all zero, is
it is
the smallestpositiveinteger that is divisible by all the integerso1,ct2,...,a,;
78
denotedby Ia 5a2,...,an1.
il
F i n d[ 6 , 1 0 , 1 5
a ]n d[ 7 , 1 1 , 1 3 j .
b)
: l[,a1,a2,...,an-1l,anl.
Show that laya2,...,an-1,anl
26. Let n be a positive integer. How many pairs of positive integerssatisfy

Ia,bl: n?
27. Prove that there are infinitely many primes of the form 6ft * 5, where k is a
positive integer.
28. Show that if a
and b are integers, then the arithmetic progression

a, a*b, a*Zb,... containsan arbitrary number of consecutivecompositeterms.
29. Find the prime factorizationsof

a) l06- l
b) lo8-l
c ) 2r 5- l
d)
e)
f)
224-l
230-l
236-t.
30. A discount store sells a camera at a price less than its usual retail price of ,S99.
If they sell 88137 worth of this camera and the discounteddollar price is an
integer, how many camerasdid they sell?
31. il
show that if p isa prime and,a is a positiveintegerwithp I a2, then p I a.
b) Show that if p is a prime, c is an integer, and n is a positive integer such

t h a t p l a n , t h e np l a .
32. Show that if a and b are positive integers, then a2 | b2 implies that a I b.
3 3 . Show that if a,b, and c are positive integers with (a ,b) : I and ab : cn, then
there are positive integers d and,e such that a : dn and b : en.
34. Show that
if aya2,...,an are pairwise relatively prime

l a 1 , c t 2 , . . . ,: a a
np
l 2''' sn.
integers, then

1. Find all positivedivisors of a positive integer from its prime factorization.
2.
Find the greatest common divisor of two positive integers from their prime
factorizations.
3.
Find the least common multiple of two positive integers from their prime
factorizations.
4.
Find the number of zeros at the end of the decimal expansionof n ! where n is a
positiveinteger.
2.4 Factorization of Integers and the Fermat Numbers
79
5. Find the prime factorizationof n! where n is a positiveinteger.
2.4 Factorization of Integersand the Fermat Numbers

From the fundamental theorem of arithmetic, we know that every positive
integer can be written uniquely as the product of primes. In this section,we
discussthe problem of determiningthis factorization. The most direct way to
find the factorization of the positive integer n is as follows. Recall from
Theorem 1.9 that n either is prime, or else has a prime factor not exceeding
6 . Consequently,when we divide n by the primes 2,3,5,...not exceeding
,/i,*"
either find a prime factorpr of n or elsewe concludethat r is prime.
If we have located a prime factor p r of n, we next look for a prime factor of
nt: nlp1, beginningour searchwith the prime p1, since n I has no prime
factor lessthan p1, nnd any factor of n1 is also a factor of n. We continue,if
necessary,determining whether any of the primes not exceeding rlr r divide
n1. We continue in this manner, proceedingrecursively,to find the prime
factorizationof n.
Example. Let n : 42833. We note that n is not divisible by 2,3 and 5, but
that 7 | n. We have
4 2 8 3 3- 7 . 6 1 1 9 .
Trial divisions show that 6119 is not divisible by any of the primes
7,11,13,17,I9,and 23. However,we seethat
6l19:29'2ll.
we know that 211 is prime. We conclude that the prime
Since 29 > ,m,
factorizationof 42833is 42833 - 7 ' 29 ' 2ll.
Unfortunately,this method for finding the prime factorizationof an integer
is quite inefficient. To factor an integer N, it may be necessaryto perform as
divisions, altogether requiring on the order of JF bit
many as r(JF)
operations,since from the prime number theorem zr(JF) is approximately
,N /tog..N : 2,N AogN, and from Theorem 1.7, thesedivisionstake at least
log N bit operations each. More efficient algorithms for factorization have
been developed, requiring fewer bit operations than the direct method of
factorization previously described. In general, these algorithms are
complicatedand rely on ideasthat we have not yet discussed.For information
about thesealgorithms we refer the reader to Guy [66] and Knuth [561. We
note that the quickest method yet devised can factor an integer N in
80
approximately
e*p(@)
bit operations,where exp standsfor the exponentialfunction.
In Table 2.1, we give the time required to factor integersof various sizes
using the most efficient algorithm known, where the time for each bit
operation has been estimated as one microsecond(one microsecondis 10-6
seconds).
Number of decimal digits
Number of bit operations
Time
50
l.4x10r0
3.9hours
75
9 . 0 xl 0 r 2
104days
100
2 . 3 xl 0 r 5
74 years
200
1.2x1023
3.8xl0e years
300
l.5xl02e
years
4.9x1015
500
l.3xl03e
years
4.2x102s
Table2.1. Time RequiredFor Factorization

of LargeIntegers.
Later on we will show that it is far easier to decide whether an integer is
prime, than it is to factor the integer. This difference is the basis of a
cyptographicsystemdiscussedin Chapter 7.
We now describea factorizationtechniquewhich is interesting,although it
is not always efficient. This technique is known as Fermat factorization and
is basedon the following lemma.
Lemma 2.7. lf n is an odd positive integer, then there is a one-to-one
correspondencebetween factorizations of n into two positive integers and
differencesof two squaresthat equal n.
Proof. Let n be an odd positive integer and let n : ab be a factorization of n
into two positive integers. Then n can be written as the differenceof two
squares,since
n:aD:
l o + u l ' - ll-ol - u l '

l:l
| 2 ,l t 2 )'
81
2.4 Factorizationof Integersand the FermatNumbers
where G+b)12 and b-b)/2
are both integerssincea and b are both odd.
Conversely,if n is the differenceof two squares,say n:

tr
can factor n by noting that n : (s-l)(s+t).
s2 - /2, then we
To carry out the method of Fermat factorization,we look for solutionsof

the equation,, : *2 - yz by searchingfor perfect squaresof the form xz - n.
Hence, to find factorizationsof n, we search for a square among the sequence
of integers
t2-n, Q+Dz-n, (t+2)2-n,...
where I is the smallest integer greater than ,/i . This procedureis guaranteed
to terminate,sincethe trivial factorizationn : n'l leadsto the equation
n: fn+rl'
I r l-
lr-rl'
|. , ,l
Example. We factor 6077 using the method of Fermat factorization. Since

< 78, we look for a perfect square in the sequence
77 < ffi1
7 8 27 9 28 0 2812-
6 0 7 7: 7
6 0 7 7: 1 6 4
6 0 7 7:3 2 3
6077:484:222.
Since 6077:812 - 222. we conclude that

59.103.
6077: $l-2D(8t+zz)
Unfortunately, Fermat factorization can be very inefficient. To factor n

using this technique, it may be necessary to check as many as
Q + D 12 - ,/n integers to determine whether they are perfect squares.
Fermat factorization works best when it is used to factor integers having two
factorsof similar size.
The integers Fn :22' + I are called the Fermat numbers. Fermat
conjectured that these integers are all primes. Indeed, the first few are
p r i m e s , n a m e l y F o : 3 , F 1 : 5 , F 2 : 1 7 ,F 3 : 2 5 7 , a n d F + : 6 5 5 3 7 .
1 is compositeas we will now demonstrate.
Unfortunately,F5 :22'*
Proposition 2,3. The Fermat number F5:
22'+ 1 is divisibleby 641.
Proof. We will prove that 641 | fr without actually performing the division.
Note that
82
6 4 1: 5 . 2 7 + l : 2 a
Hence.
+ 54.
22'+'
-?;î?ii:,:;o,2ii,Ii:,
=Z'ile
fil 'r'*'
Therefore,we seethat 64t I F's. tr

The followingresult is a valuableaid in the factorizationof Fermat
numbers.
Proposition 2.4. Every prime divisor of the Fermat number F, :22' + | is
of the form2n+2k+ I.
The proof of Proposition2.4 is left until later. It is presentedas a problem
in Chapter 9. Here, we indicate how Proposition2.4 is useful in determining
the factorizationof Fermat numbers.
Example. From Proposition 2.4, we know that every prime divisor of
F 3: 22' + | :2 5 7 m u s t b e o f th e fo rm 2sk * l : 32.k + l . S i nce there
are no primes of this form less than or equal to ,/81, we can concludethat
Ft : 257 is prime.
Example. In attempting to factor F 6 : 22'+ l, we use Proposition2.4 to see
that all its prime factors are of the form 28k + l:256.k * l. Hence, we
need only perform trial divisionsof Foby those primes of the form 256'k + |
that do not exceed -,,/Fu. After considerablectmputation, one finds that a
pr im e div is o ri s o b ta i n e dw i th k : l 0 ? l ,i .e . Z74l i ' l : (256.10?l+ l ) I F6.
A great deal of effort has been devoted to the factorization of Fermat
numbers. As yet, no new Fermat primes have been found, and many people
believe that no additional Fermat primes exist. An interesting, but
impractical, primality test for Fermat numbers is given in Chapter 9.
It is possibleto prove that there are infinitely many primes using Fermat
numbers. We begin by showing that any two distinct Fermat numbers are
relativelyprime. The following lemma will be used.
Lemma 2.8. Let F1, :22' * I denote the kth Fermat number, where k is a
nonnegativeinteger. Then for all positiveintegersn , we have
FoFf z
Fn-t: Fn - 2.
Proof. We will prove the lemma using mathematical induction. For n : 1,

the identity reads
83
Fo : Fr - 2 '
This is obviouslytrue since F0 : 3 and Fr : 5. Now let us assumethat the
identity holds for the positiveinteger n, so that
FoFf z' ' ' Fn-r: F, - 2.
With this assumptionwe can easilyshow that the identity holds for the integer
n * I, since
Fn-rFr: (FsFf2 "' Fr-)Fn
FoFfz
- ( F n - z ) F n : ( 2 2 '- D ( 2 2 ' + t )
-2. tr
- ( 2 2 ' 1 2- l - 2 2 ' * ' - 2 : F r a 1
This leadsto the following theorem.
Theorem 2.6. Let m and n be distinct nonnegative integers. Then the
Fermat numbersF^ and F, are relatively prime.
Proof. Let us assumethat m 1 n. From Lemma 2.8, we know that
Fffz'''
F^' "
F r - r: F n - 2 .
Assumethat d is a commondivisor of F* and Fo. Then, Proposition1.4 tells

us that
d I G, -
F s F .o
2
Fm
F , -1) :2.
Hence, either d:l or d:2. However,since F, and Fn are odd, d cannot be

2. Consequently,
d:l and (F^,F) : I. tr
Using Fermat numbers we can give another proof that there are infinitely
many primes. First, we note that from Lemma 1.1, every Fermat number Fn
has a prime divisor pr. Since (F*,F):
l, we know that p^ # p, whenever
m # n. Hence,we can concludethat there are infinitely many primes.
The Fermat primes are also important in geometry. The proof of the
following famoustheoremmay be found in Ore [28].
Theorem 2.7. A regular polygon of n sidescan be constructedusing a ruler
" ' pt w here p;,
and c om pas sif and o n l y i f n i s o f th e fo rm n :2 opl
i:1,2,...,t are distinct Fermat primes and a is a nonnegativeinteger.
84
2.4 Problems
l.
Find the prime factorizationof the following positiveintegers

il
2.
egzgzt
b) 1468789
c) SSOO8OZ9.
Using Fermat's factorization method, factor the following positive integers

a)
7709
d)
I l02l
b)
73
e)
3200399
c)
10897
f)
24681023.
3. a) Show that the last two decimal digits of a perfect squaremust be one of the
followingpairs: 00, el, e4,25, o6, e9, where e standsfor any even digit and o
stands for any odd digit. (Hint: Show that n2, (50+n)2, and (50-n)2 all have
the same final decimal digits, and then consider those integers n with
0(n<2s.)
b) Explain how the result of part (a) can be used to speed up Fermat's
factorization method.
4. Show that if the smallestprime factor of n is p, then xz-n will not be a perfect
squarefor x )
h+pz) lLp .
5 . In this problem, we developthe method of Draim factorization. To search for a
factor of the positiveinteger n - nr, we start by using the division algorithm, to

obtain
i l 1: 3 q y * r y ,
0(11
(3.
Settingntr - nr, we let

t/12:
t/lt -
Zqt,
fl2:
ttt2*
11.
We use the divisionalgorithm again, to obtain

f l 2 : 5 q 2 * 1 2 , 0 ( 1 2( 5 ,
and we let
3:
rtl2 -
2qZ,
fl1 :
t 1 4 3*
t2.
We proceedrecursively,using the division algorithm, to write

nx : (2k+l)qy * ry, 0 ( 11 < 2k+1,
and we define
85
fllk :
m*-t-2Qt-t,
ttk :
ttl* *
rt-t.
We stop when we obtain a remaindet/1 : 0.

q2*' ' ' + q,-)
a)
Show that n1 : knr *qo-r).

2'(qftq2*
b)
S h o wt h a t i f ( z * + t ) I , , t h e n ( 2 k + l ) I n r a n dn : ( 2 k * l ) m 1 , 1 1 .
c)
Factor 5899 using the methodof Draim factorization.
Qk+l)
(qft
and rltk:
n1-
6 . In this problem, we devel<lpa factorization technique known as Euler's method.

It'is applicablewhen the integer being factored is odd and can be written as the
sum of two squares in two different ways. Let n be odd and let
w h e r ea a n d c a r e o d d p o s i t i v ien t e g e r sa,n d b a n d d
n:a2*b2:c2+d2,
are evenpositiveintegers.
a)
Let u: (a-c,b-d).
S h o w t h a t u i s e v e na n d t h a t i f r : ( a - c ) l u
s : ( d - i l f u , t h e n ( r , s ) : l , r ( a * c ) : s ( d + b ) , a n ds I a + c .
b)
L e t s v : a * c . S h o wt h a t r v : d + b , e :
c)
Concludethat n may be factoredas n:1fu12)2 + (v/2)zl(r2 + s2).
d)
U s e E u l e r ' sm e t h o dt o f a c t o r 2 2 1 : 1 0 2 + l l 2 : 5 2 + 1 4 2 , 2 5 0 1: 5 0 2 + 1 2
: 492+ 102and 1000009: 10002+ 32 :9722 + 2352.
and
(a+cd+b), andv is even.
7 . Show that any number of the form 2an+2* I can be easily factored by the use of
(2x2+2x+l)(Zx2-Zx+t\.
the identity 4xa + 1 :
Factor 218+1 using this
identity.
8 . Show that if a is a positiveinteger and a^ *l is a prime, then m:2n for some

positive integer
(ak9-t)-akQ-D +
n.
(Hint:
Recall the identity
-ae+l) wherem:kQ and { is odd).
a^*l:
(aft + l)
9 . Show that the last digit in the decimal expansionof F, - 2r + | is 7 if n 7 2.

(Hint: Using mathematicalinduction, show that the last decimal digit of 22' is
6.)
10. Use the fact that every prime divisor of Fa:2t + I :65537 is of the form
26k + | - 64k * I to verify that F4 is prime. (You should need only one trial
division.)
I l.
Use the fact that every prime divisor of Fz: 22'+ | is of the form
21k + | : l28k * 1 to demonstrate that the prime factorization of F5 is
F. : 641'6700417.
r2.
Find all primesof the form 2T * 5, where n is a nonnegativeinteger.
1 3 . Estimate the number of decimal digits in the Fermat number Fn.
86

l.
Find the prime factorization of a positive integer.
2.
Perform Fermat factorization.
3. Perform Draim factorization (see problem 5).

4.
Check a Fermat number for prime factors, using Proposition 2.4.
2.5 LinearDiophantineEquations
Consider the following problem. A man wishes to purchase $510 of
travelers checks. The checks are available only in denominationsof $20 and
$50. How many of each denominationshould he buy? If we let x denotethe
number of $20 checks and y the number of $50 checks that he should buy,
then the equation 20x * 50y : 510 must be satisfied. To solvethis problem,
we need to find all solutions of this equation, where both x and y are
nonnegativeintegers.
A related problem arises when a woman wishes to mail a package. The
postal clerk determinesthe cost of postageto be 83 cents but only 6-cent and
15-centstampsare available. Can some combinationof thesestampsbe used
to mail the package? To answer this, we first let x denote the number of 6cent stampsand y the number of l5-cent stamps to be used. Then we must
have 6x + I5y : 83, where both x and y are nonnegativeintegers.
When we require that solutionsof a particular equationcome from the set
of integers,we have a diophantine equation. Diophantineequationsget their
name from the ancient Greek mathematician Diophantus, who wrote
extensivelyon such equations. The type of diophantine equation ax * by : c,
where a, b, and c are integersis called a linear diophanttne equations in two
variables. We now develop the theory for solving such equations. The
following theorem tells us when such an equation has solutions,and when
there are solutions,explicitly describesthem.
Theorem 2.8. Let a and D be positiveintegerswith d : (a,b). The equation
ax*by:c
h a s n o i n t e g r a ls o l u t i o n si f d l c .
lf dlc, then thereare
infinitely many integral solutions. Moveover, if x : x0, | - lo is a particular
solutionof the equation,then all solutionsare given by
x : xo+ (b/d)n, ! : yo- fuld)n,
87
Equations
2.5 LinearDiophantine
where n is an integer.
Proof. Assumethat x and y are integerssuch that ax I by : g. Then, since
d l o a n d d l b , b y P r o p o s i t i o1
n . 4 ,d l t a s w e l l . H e n c e , ' rdf t r c , t h e r e a r e
no integral solutionsof the equation.
Now assumethat d | ,. From Theorem2.1, there are integerss and t with
(2.3)
d:as+bt.
Sinced l r, there is an integere with de : c. Multiplying both sidesof (2.3)

bv e. we have
c:de:(as+bt)e:a(se)
+ bQe).
Hence, one solution of the equation is given by @Io,.wlere

X * S rtacl
=7.
-x0-'Ftf11*}f
I --te
and
To show that there are infinitely many solutions,let x:nfo+
$liln
y:Y0G / d) n, wh e re n i s a n i n te g e r. W e s e e that thi s pai r (x,y) i s a
solution, since
V rfi"v g rof14
ax t by : oxs* a(bld)n * byo- bGld)il: oxst bys: c.
We now show that every solutionof the equationax * by : c must be of the
form described in the theorern. Suppose that x and y are integers with
ax I bY : c. Since
a x s* b y o : , ,
by subtractionwe find that
G x * b y ) - ( a x s + b y s ): 0 ,
which impliesthat
a& - x/ + bU -.yd :0.

Hence,
a(x - xo): bjo-
y).
Dividingboth sidesof this last equalityby d, we seethat

Gl d ) (x - x s ) : (b l d ) U t - y).
2.1, we know that bld,bld):
By Proposition
l.
Using Lemma 2.3, it
88
follows that Q/d) | 9o- y).

Hence,
G/d)n:lo-l;
t h i s m e a n st h a t y - l o of y
int o th e e q u a ti o n a (x - x d
aG - x d : b b /d )n , w h i c h i mp l i e sth a t x
there is an integer n with

G / i l n . N o w p u t t i n gt h i s v a l u e
: bOo- y),
w e fi nd that
: x0 + (bl d)n. D
We now demonstratehow Theorem 2.8 is used to find the solutions of

particular linear diophantineequationsin two variables.
Consider the problems of finding all the integral solutions of the two
diophantine equationsdescribedat the beginning of this section. We first
considerthe equation6x + I5y : 83. The greatestcommon divisor of 6 and
15 is (6,15) : 3. Since I / gl, we know that there are no integral solutions.
Hence,no combinationof 6- and l5-cent stampsgivesthe correct postage.
Next, consider the equation 20x t 50y :519.
The greatest common
divisor of 20 and 50 is (20,50): 10, and since l0 | 510, there are infinitely
many integral solutions. Using the Euclidean algorithm, wo find that
20eD * 50 : 10.
Multiplying both sides by
51, we obtain
20(-102) + 50(51) : 510. Hence, a particular solution is given by
x 0: - 102 an d ./o :5 1 . T h e o re m2 .8 te l l s u s that al l i ntegralsol uti onsare
of the form x : -102 * 5n and y : 5l - 2n. Since we want both x and y
to be nonnegative,we must have - I02 + 5n ) 0 and 5l - 2n ) 0; thus,
n ) 20 2/5 and n 4 25 l/2. Since n is an integer, it follows that
n : 2 1 , 2 2 , 2 3 , 2 4 , o r 2 5 . H e n c e ,w e h a v et h e f o l l o w i n g5 s o l u t i o n sG: y ) :
( 3 , 9 ) ,( 8 , 7 ) ,( 1 3 , 5 ) ,( 1 9 , 3 ) ,a n d ( 2 3 , t ) .
2.5 Problems
l.
For eachof the followinglineardiophantine

equations,
eitherfind all solutions,
or
showthat thereare no integralsolutions
a) 2x I 5y:11
b) l7x * l 3 y : 1 g g
c ) Z I x * l 4 y :1 4 7
d) 60x * l 8 y :9 7
e) t4o2x + t969y : r.
2. A studentreturningfrom Europechangeshis Frenchfrancs and Swissfrancs

into U.S. money. If he receives
$ll.9l and has receivedI7a for eachFrench
franc and 480 for eachSwissfranc, how much of eachtype of currencydid he
exchange?
89
2.5 Linear Diophantine Equations
3. A grocer orders apples and orangesat a total cost of $8.39. If apples cost him
25c each and oranges cost him 18c each and he ordered rnore apples than
l I
oranges,how many of each type of fruit did he order?
4.
A shopper spends a total of .85.49 for oranges, which cost l8o each, and
grapefruits, which cost 33c each. What is the minimum number of pieces of
fruit the shoppercould have bought?
5. A postal clerk has only l4-cent and 2l-cent stamps to sell. What combinations
of these may be used to mail a packagerequiring postageof exactly
a)
6.
.t3.50
b)
c)
$4.00
$ 7 .7 7 2
At a clambake, the total cost of a lobster dinner is $ I I and of a chicken dinner

is ,$8. What can you conclude if the total bill is
a)
$777
b)
$96
c)
$692
I anxn: b has
7. Show that the linear diophantineequationafi1* a2x2*
and has infinitely many solutionsif
no solutionsif d / D, where d : (a1,a2,...,a11),
d I b.
equations
8. Find all integersolutionsof the followinglineardiophantine
a) 2x*3yl4z:5
b) 7x*2ly*352:8
d
l0lx * 10 2 y+ 1 0 3 2:1 .
9. Which combinations
of pennies,
dimes,and quartershavea total value99c?
10. How manywayscanchangebe madefor onedollarusing
a) dimesand quarters
b) nickels.dimes,and quarters
nickels,dimes,and quarters?
c) pennies,
I l.
Find all integersolutionsof the followingsystems

of lineardiophantineequations
a) x* y*
z:100
x*8y*502:156
b) x+ y + z:100
x * 6y * 2lz :121
c) x* y* z + w-100
xt2y13z*4w-300
x*4y*9z1'16w-1000.
12. A piggy bank contains24 coins,all nickels,dimes,and quarters. If the total

valueof the f,oinsis two dollars,what combinations
of coinsare possible?
90
13. Nadir Airways offers three types of tickets on their Boston to New York flights.
First-classtickets are $70, second-class
tickets are $55, and stand-by tickets are
$39. If 69 passengersp^y a total of $3274 for their tickets on a particular
flight, how many of each type of tickets were sold?
14. Is it possibleto have 50 coins,all pennies,dimes,and quartersworth,$3?
15. Let a and b be relatively prime positive integers and let n be a positive integer.
We call a solution x )) of the linear diophantine equation ax * by : n
nonnegativewhen both x and y are nonnegative.
il
Show that whenevern 2 G-l)(6-l)

this equation.
b)
Show that if n:
c)
Show that there are exactly (a-1)$-D/2

the equation has a nonnegativesolution.
d)
The post office in a small Maine town is left with stamps of only two
values. They discover that there are exactly 33 postage amounts that
cannot be made up using thesestamps,including 46c. What are the values
of the remainingstamps?
there is a nonnegativesolution of
ab - a - 6, then there are no nonnegativesolutions.

positive integers n such that

1. Find the solutionsof a linear diophantine equation in two variables.
2.
Find the positivesolutionsof a linear diophantine equation in two variables.
3.
Find the solutionsof a linear diophantine equation in an arbitrary number of

variables.
4.
Find all positive integers n for which the linear diophantine equation
ax * by : n has no positive solutions (see problem I 5).
Congruences
3.1 Introduction to Congruences

The special language of congruencesthat we introduce in this chapter is
extremely useful in number theory. This language of congruences was
developedat the beginning of the nineteenthcentury by Gauss.
Definition. lf a and b are integers, we say that a is congruent to b modulo
mif m l(a-b).
I f a i s c o n g r u e n t t o Dm o d u l om , w e w r i t e a = b ( m o d z ) . l f m I G - b ) ,
we write a # b (mod m), and say that a and b are incongruent modulo m.
Example. We have 22 = 4 (mod 9), since 9 | QZ-D
3 = -6 (mod 9) and 200 = 2 (mod 9).
: 18.
Likewise
Congruencesoften arise in everyday life. For instance, clocks work either

modulo 12 or 24 for hours, and modulo 60 for minutes and seconds.calendars
work modulo 7 for days of the week and modulo 12 for months. Utility
meters often operate modulo 1000, and odometers usually work modulo
100000.
In working with congruences, it is often useful to translate them into
equalities. To do this, the following proposition is needed.
Proposition 3.1. If a and b are integers,then a = b (mod m) if and only if
there is an integer k such that a : b * km.
92
Congruences
Proof. If a:- b (mod m), then m I b-b).

This means that there is an
integer k with km : a - b, so that A : b * km.
Conversely,if there is an integer /< with a : b * km, then km : a - b.
Hence m I G-b), and consequently,a = b (mod rn ). tr
Example. We have 19 :
The following
congruences.
-2 (mod 7) and 19 : -2 + 3'7.
proposition establishes some important
properties of
Proposition 3.2. Let m be a positive integer. Congruencesmodulo rn satisfy

the following properties:
(i)
Reflexive property. If a is an integer, then a = a (mod m).
(ii)
Symmetric property.
If a and b are integers such that
a = b (m o d m),th e n b = a (mo d rn ).
(iii)
Transitive property.
If e, b, and c are integers with
a = b (m o d m ) a n d b :- c (m o d m),then a 4 c (mod m ).
Proof.
( i)
W e s e e th a t a = a (mo d m ), s i n c em I G-a)
:0.
(iil
If a:
b ( m o d m ) , t h e n m I Q - b ) . H e n c e ,t h e r ei s a n i n t e g e rf t
w i t h k m : a - b . T h i s s h o w st h a t ( - k ) m :
b - a. so that
(b
-d
.
(mod
=
a
m |
C o n s e q u e n tl yD,
m).
(iii)
If a = b (mod rz) and b =c (mod la), then m I G-b)

and
m | (b -d .
H e n c e , th e re a re i n te gersk and 0 w i th km: a - b
and
T h e re fo re , e - c : (a-D ) + (b-c) :
Qm : b - c .
k m * Qm : (k + D m.
and
C o n s e quentl y,
m I G-d
a ? c (m o d z ). tr
From Proposition 3.2, we see that the set of integers is divided into m
different sets called congruenceclasses modulo m, each containing integers
which are mutually congruent modulo m.
Example. The four congruenceclassesmodulo 4 are given by
93
3.1 Introductionto Congruences
Let a be an integer. Given the positive integer m, m ) l, by the division

algorithm, we have a : bm * r where 0 ( r ( ru - 1. From the equation
a: bm f r, we see that a 3 r (mod z). Hence, every integer is congruent
modulo m to one of the integers of the set 0, 1,...,m - l, namely the
remainderwhen it is dividedby m. Since no two of the integers0, 1,...,m - |
are congruent modulo m, we have m integers such that every integer is
congruent to exactly one of these ln integers.
Definition. A complete system of residues modulo m is a set of integers
such that every integer is congruent modulo m to exactly one integer of the
set.
Example. The division algorithm shows that the set of integers

modulorn. This is called the
0, 1,2,...,m- | is a completesystemof residues
residues
nonnegative
modulo
m.
set of least
Example. Let m be an odd positive integer. Then the set of integers
-3
,, r . . . tm
TrT
_ m-l
2
m-l
is a complete system of residues called the set of absolute least residues

modula m.
We will often do arithmetic with congruences. Congruenceshave many of
the same properties that equalities do. First, we show that an addition,
subtraction, or multiplication to both sides of a congruence preserves the
congruence.
Theorem 3.1. If a, b, c, and m are integers with m ) 0 such that

a = b (mod m ). then
(il a*c=b+c(modm),
(iD e - c -- S - c (modz).
(iiD ac
bc (mo d m ).
Proof. Sincea = b (mod m), we know that m I G-b). From the identity
G + d - ( b + d - a - b , w e s e em l l f u + d - $ + c ) 1 , s o t h a t ( i ) f o l l o w s .
Likewise,(ii) followsfrom the fact that fu-c) - (b-c): a - b. To show
that (iiD holds,note that ac - bc : cG-D.
Sincem I Q-b), it follows
that m I cb-b), and hence,ac = bc (modm). tr
Example.
Since l9
3 (mod 8),
it
follows from
Theorem 3.1 that
94
C ongruences
26: 19+7 = 3 +7 : l0 (mod8), 15: 19 -4:

and 38 : l9'2 = 3'2: 6 (mod8).
3-
4:
-l
(mod8),
What happens when both sides of a congruenceare divided by an integer?

Consider the following example.
E x a m p l e .W e h a v e 1 4 : 7 . 2 : 4 . 2 : 8
( m o d6 ) . B u t 7 * 4 ( m o d6 ) .
This example shows that it is not necessarily true that we preserve a

congruencewhen we divide both sides by an integer. However, the following
theorem gives a valid congruencewhen both sides of a congruenceare divided
by the same integer.
Theorem 3.2. If a, b, c and m are integers such that m > 0, d : (c,m),
and ac = bc (mod z), then a :- b (mod m/d).
Pro of . lf ac = bc (mo d m),w e k n o w th a t m I Gc-bc):
c(a-b). H ence,
there is an integer k with cb-b):
km. By dividing both sides by d, we
have G /il G-b) : k fu /d). Since (m /d ,c/d) : 1, from Proposition2.1 it
follows that m/d I Q-b).
a
Hence, a :- b (mod m/il.
Example. Since 50 = 20 (mod 15) and
5 0/10 : 20/ 10 ( mo d l 5 /i l , o r 5 = 2 (m o d 3 ).
(10,5) : 5,
we
see
that
The following corollary, which is a special case of Theorem 3.2, is used

often.
C or ollar y 3. 1. I f a ,b ,c , a n d m a re i n te g e rssuch that m 7 0, (c,m) : 1,
and ac = bc (mod la), then a = b (mod llz).
Example. Since 42 = 7 (mod 5) and (5,7) = 1, we can conclude that
42/7 : 7/ 7 ( m od 5 ), o r th a t 6 : I (m o d 5 ).
The following theorem, which is more general than Theorem 3.1, is also
useful.
Theorem 3.3. If e, b, c, d, and m are integers such that
a = b (mod nc), and c = d (mod rn ), then
(i)
( ii)
( iii)
m ) 0,
a * c = b + d (modm),
a - c
fi - d (mo d m),
ac ? b d (mo d m).
Proof. Since a = b (mod m) and c = d (mod m), weknow that m I G-U)
95
andmlk-d).
Qm: c - d.
H e n c e ,t h e r e a r e i n t e g e r sk a n d . 0 w i t h k m : a - b
and
km * Qm:
T o p r o v e( i ) , n o t et h a t ( c + c ) - ( b + d ) : f u - b ) + k - d ) :
(
U
+
a
)
|
.
* c = b *
Q
T
h
e
r
e
f
o
r
e
,
(k+Dm.
Hence, m ll,(a+c)
(
m
o
d
m).
d
- Qm :
To pr ov e ( ii) , not e th a t (a -c ) - O-d ) : b -b ) - k-d) : km
(
m
o
d
m)'
d
$
c
s ot h a t a
H e n c e ,m l t G - c ) - $ - i l 1 ,
&-Dm.
(iii),
bc* bc - bd :
ac - bd :ac
that
note
prove
To
Hence, m I Qc - bil.
ckm t bQm: mkk+bD.
cG-b) + OG-d):
Therefore,ac = bd (mod m). tr
Exa mp le. S inc e 13 = 8 (mo d 5 ) a n d 7 = 2 (mo d 5), usi ng Theorem 3.3 w e
-8-7=I
:8+2:-0
(mod5), 6:13-7
see that 2O-13+7
( m o d 5 ) , a n d 9 l : l 3 ' 7 : 8 ' 2 : 1 6 ( m o d5 ) .
Theorem 3.4. If r612,,...,rîs a completesystemof residuesmodulo m, and if
a is a fositive integer with (a ,fti) : 1, then
ar1 t b, ar2 * b,..., ar^ * b
is a completesystemof residuesmodulo z.
Proof. First, we show that no two of the integers
a r 1 * b , a r 2 * b , . . . ,a r ^ * b
are congruent mod ulo m. To see this, note that if
ari*b=arr
*b
(modz),
then, from (ii) of Theorem 3.1, we know that

ari = ar1, (mod m) '
Because(a,m) : 1, Corollary 3.1 showsthat
rj :
rp (mod m) .
Since ,i # rp (mod m) if i # k, we concludethat i : k.

Since the set of integers in question consists of m incongruent integers
modulo m, theseintegers must be a complete system of residuesmodulo ru. tr
96
Congruences
The following theorem shows that a congruenceis preservedwhen both sides

are raised to the same positive integral power.
Theorem 3.5. rf a, b, k, and m are integers such that k 7 0, m ) 0, and
a = b (mod m), then ak = bk (mod m) .
Proof. Becausea = b (mod m), we have ml?
- b). Since
ak - bk : (a-b) (ak-t+ak-zb+ . . . *abk-216k-11,

we see that G - DlGk - bk). Therefore, from Proposition1.2 it follows
that mlGk - Uk). Hence, ek : bk (mod m). tr
Example. Since 7 = 2 (mod 5), Theorem 3.5 tells us that
= 23 = 8 ( m od 5 ).
343 : 73
The following result shows how to combine congruencesof two numbers to

different moduli.
( m o d f f i z ) , . . . a, = b ( m o d m 1 , )
T h e o r e m3 . 6 . l f a : b ( m o d m y ) , a = b
where a,b,ml, frt2,...,t/t1,
a;fointegerswith mt,frl2 ,...,t/r1positive,then
a = b (mod lmpm2,...,mpl),
where Lm1,m2,...,rup1
is the leastcommon multiple of mr,rrr2,...,t/tk.
( m o d z l ) , a : - b ( m o df f i z ) , . . .a, = b
( m o dm t ) , w e
P r o o f . S i n c ea = b
(
o
know that m, |
b ) , . . . ,m * I G - D .
D,mzl G
From problem20 of
Section2.3, we seethat
[ , m 1 , m 2 , . . . , m *Q] l - b ) .
Consequently,
a = b ( m o d L m 1 , m 2 , . . . , m * l )E.
An immediate and useful consequenceof this theorem is the following
result.
( m o df f i z ) , . . . ,a = b
(modz1)
C o r o l l a r y3 . 2 . l f a :
D (modz1), a=b
where a and b are integers and ftt1,r/t2,...,,r,rt1,
are relatively prinie positive
integers,then
a = b (modn4rtltz." m).
3.1 In t r oduc t ion t o C o n g ru e n c e s
zfa pairwise relatively prime, problem 34 of Section

Proof. Since ffi1,ftt2,...,t?11,
2.3 tells us that
l m 1 , m 2 , . . . , m k: l f t l i l l 2 ' ' '
mk
Hence,from Theorem 3.6 we know that

a :- b (m o d w tfl tz ' ' ' m).
In our subsequentstudies, we will be working with congruencesinvolving

large powers of integers. For example,we will want to find the least positive
residue o1 26+amodulo 645. If we attempt to find this least positive residueby
first computing 2644,wewould have an integer with 194 decimal digits, a most
undesirable thought. Instead, to find 26aamodulo 645 we first express the
exponent644 in binary notation:
G4qro: (lolooooloo)2.
,...,2tt' by
Next, we compute the least positive residues of 2,22,24,28
gives
the
congruences
us
This
645.
reducing
modulo
and
squaring
successively
2
22
2+
28
216
232
264
2128
22s6
2srz
2
4
16
256
391
16
256
391
l6
256
(mod 645),
(mod645),
(mod649,
(mod 645),
(mod 645),
(mod 645),
(mod645),
(mod 645),
(mod649,
(mod 64il.
We can now compute 2644modulo 645 by multiplying the least positive

residuesof the appropriatepowersof 2. This gives
: 2512212824
= 256.391.16
26aa- 2512+128+4
:1601536=I(mod645).
We have just illustrated a general procedure for modular exponentiation,
that is, for computing 6N modulo m where b, ffi, and N are positive integers.
We first expressthe exponentN in binary notation, as l{ : (arar-t...apo)2.
We then find the least positive residues of b ,b2,b4,...,b2'modulo rn, by
squaring and reducing modulo rn. Finally, we multiply the least
successively
positive residuesmodulo m of bv for those j with ai : l, reducing modulo rn
after each multiplication.
Congruences
98
In our subsequentdiscussions,we will need an estimate for the number of

bit operations needed for modular exponentiation. This is provided by the
following proposition.
Proposition 3.3. Let b,m, and ,A/ be positive integerswithD < m.
Then the least positive residue of bN modulo m can be computed using
O (0og2m)2log2N)bit operations.
Proof. To find the least positive residue of bN (mod rn), we can use the
algorithm just described. First, we find the least positive residues of
b,b2,b4,...,62'modulom, where 2k < N < 2k*t, by successively
squaring and
reducing modulo ru. This requiresa total of O(0og2m)2log2N) bit operations,
becausewe perform [log2lf I squarings modulo m, each requiring o(Iogzm)2)
bit operations. Next, we multiply together the least positive residues of the
integers bl correspondingto the binary digits of N which are equal to one,
and we reduce modulo m after each multiplication. This also requires
O(Qog2m)2log2,n/) bit operations, because there are at most log2N
multiplications, each requiring O((log2m)2) Uit operations. Therefore, a total
of O((log2m)2log2lf) bit operationsare needed. tr
3.f
l.
Problems
For which positive integers m are the following statementstrue
il
27 :5
b)
1000 -- 1 (mod rn )
c)
l33l :
( m o dz )
0 (mod ln)?
2.
Show that if a is an even integer, then a2 = 0 (mod 4), and if a is an odd

integer, then a2 = I (mod 4).
3.
Show that if a is an odd integer,then az = I (mod 8).
4.
Find the least nonnegativeresidue modulo l3 of
a) 22
b) 100
c ) i00l
d) -l
e) -loo
f) -1000.
5 . Show that if a, b, m, and n are integers such that m ) 0, n ) 0, n I m, and

a = b (mod rn ), then a = b (mod n).
6. Show that if a,b,c,
a n d m a r e i n t e g e r ss u c h t h a t c ) 0 , m l O ,
a = b (mod rn ), then ac J bc (mod mc).
and
99
7. Showthatif a,b,andc
(a,c): (bd .
8.
a r e i n t e g e r s w i t h c) 0 s u c h t h a t a = b ( m o d c ) , t h e n
Show that if ai =bi (mod z) for j : 1,2,...,n,where m is a positiveinteger and

Q i , b i , i : 1 , 2 , . . . , n ' a r e i n t e g e r s t, h e n
nn
il
)a1
=)b1
j-t
nn
b)
f l a'i : -
j-l
(modz)
j-l
f l br; ( m o d r n) .
t-t
In problems 9-11 construct tables for arithmetic modulo 6 using the least
nonnegativeresiduesmodulo 6 to representthe congruenceclasses.
9.
Construct a table for addition modulo 6.
10. Construct a table for subtraction modulo 6.

I l.
Construct a table for multiplication modulo 6.
12. What time does a clock read

a)
29 hours after it reads I I o'clock
b)
100 hours after it reads 2 o'clock
c)
50 hours before it reads 6 o'clock?
13. Which decimal digits occur as the final digit of a fourth power of an integer?
14. What can you conclude if a2 = 62 (mod p), where a and b are integers and p is
prime?
15. Show that if ak = bt (mod nr) and ak+t : bk+l (mod nr), wherea,b,k, and
then
such that (a,m):1,
and m)0
m a r e i n t e g e r sw i t h k > 0
I is dropped, is the conclusionthat
a = b (mod rn ). If the condition (a,m):
a = b (mod z) still valid?
16. Show that if n is a positive integer, then
+(n-l)
il
t+2+3+
b)
13+23+33+
=0(modn).
(n-l)3=o(modn).
17. For which positive integers n is it true that

1 2+ 2 2 + 3 2 +
* ( n - l ) 2 = o ( m o dn ) ?
18. Give a complete system of residuesmodulo l3 consistingentirely of odd integers.

19. Show that if n = 3 (mod 4), then n cannot be the sum of the squares of two
integers.
20.
il
Show that if p is prime, then the only solutions of the congruence

x 2 = x ( m o d p ) a r e t h o s ei n t e g e r sx w i t h x = 0 o r I ( m o d p ) .
100
Congruences
b)
21.
Show that if p is prime and ft is a positive integer, then the only solutionsof
x2 =x (mod pk) arethoseintegersx such that x E 0 or I (modpe).
Find the least positive residuesmodulo 47 of

a)
232
b)
c)
247
22w
22. Let
t/t1,t/t2,...,n\r be pairwise relatively prime positive integers.

M : mifiz' ' ' mp and Mj : M/mi for; - 1,2,...,k. Show that
M(tr*
M2a2*
Let
* Mpap
runs through a complete system of residues modulo M when a1,a2,...,a1,run

through complete systemsof residuesmodulo rn1,nt2,...,r/t1,
respectively.
2 3 . Explain how to find the sum z * v from the least positive residue of u * v
modulo m, where u and. v are positive integers less than z . (Hint: Assume
that u ( v and consider separately the cases where the least positive residue of
u I v is less than a, and where it is greater than v.)
24. on a computer with word size w, multiplicertion modulo n, where n I w f2, can
be performed as outlined. Let T:IJn

+ %1, and t : T2 - n. For each
computation, show that all the required computer arithmetic can be done without
exceedingthe word size. (This method was describedby Head t67]).
a)
Show that lr | < r.
b)
Show that if x and y are nonnegativeintegers less than n, then

x:aT*b,
y:cT*d
where a,b,c, and d are integers such that 0 ( a (

0 ( c < T, and 0 < d < T.
c)
Letz = ad * bc (mod n), with 0 ( z ( z. Show that
d)
Let ac:eT*f
where e
0</(r.
Showthat
xy :
e)
Letv:z*
(z*et)T
and f
Z, 0 < , < T,
areintegerswith0(e<Tand
+ ft * bd (mod n).
er (modn),with0(v
(n.
Showthatwecanwrite
v : gT * h,
where g and h are integers with 0 ( g (
xy :
hT + V+S)t
f,0
< h < T, and such that
+ bd (mod n).
f)
101
Show that the right-hand side of the congruence of part (e) can be
computed without exceeding the word size by first finding j with
j = (f +s)l
(mod n)
and 0 < j < n, and then finding /c with

k=j+Dd(modn)
and0<k<n.sothat
xy:hT+ft(modn).
This gives the desired result.
25. Develop an algorithm for modular exponentiation from the base three expansion
of the exponent.
26.
27.
Find the least positive residue of

a)
3ro modulo I I
b)
2r2 modulo 13
c)
516modulo 17
d)
322modulo 23.
e)
Can you propose a theorem from the above congruences?
Find the least positive residuesof

a)
5! modulo 7
b)
10! modulo 11
c)
12! modulo 13
d)
16! modulo 17.
e)
Can you propose a theorem from the above congruences?
28. Prove Theorem 3.5 using mathematical induction.

29.
Show that the least nonnegative residue modulo m of the product of two positive
integers less than m can be computed using O(logzm) bit operations.
30.
a)
Five men and a monkey are shipwrecked on an island. The men have
collected a pile of coconuts which they plan to divide equally among
themselves the next morning. Not trusting the other men, one of the group
wakes up during the night and divides the coconuts into five equal parts with
one left over, which he gives to the monkey. He then hides his portion of
the pile. During the night, each of the other four men does exactly the
same thing by dividing the pile they find into five equal parts leaving one
coconut for the monkey and hiding his portion. In the morning, the men
102
Congruences
gather and split the remaining pile of coconuts into five parts and one is left
over for the monkey. What is the minimum number of coconuts the men
could have collected for their original pile?
b)
Answer the same question as in part (a) if instead of five men and one
monkey, there are n men and k monkeys, and at each stage the monkeys
receive one coconut each.

Write computer programs to do the following:
l.
Find the least nonnegativeresidue of an integer with respectto a fixed modulus.
2.
Perform modular addition and subtraction when the modulus is less than half of
the word size of the computer.
3.
Perform modular multiplication when the modulus is less than half of the word
size of the computer using problem 24.
4.
Perform modular exponentiationusing the algorithm describedin the text.
3.2 Linear Congruences

A congruenceof the form
ax = b (mod m)'
where x is an unknown integer, is called a linear congruencein one variable.
In this section we will see that the study of such congruencesis similar to the
study of linear diophantine equationsin two variables.
We first note that if x : xo is a solution of the congruence
ax 7 b (modm), and if x1 : r0 (mod m), then ax13 axs- b (modz),
so that x 1 is also a solution. Hence, if one member of a congruence class
modulo m is a solution, then all members of this class are solutions.
Therefore, we'may ask how many of the m congruenceclassesmodulo m give
solutions; this is exactly the same as asking how many incongruent solutions
there are modulo m. The following theorem tells us when a linear congruence
in one variable has solutions, and if it does, tells exactly how many
incongruent solutionsthere are modulo m.
Theorem 3.7. Let a, b, and m be integers with ru ) 0 and (a,m) : d. lf
d I b, then
has no solutions. If
d I b, then ax j D (mod rn )
ax 7 b (mod rn ) has exactly d incongruent solutionsmodulo z .
103
3.2 LinearGongruences
Proof. From Proposition 3.1, the linear congruence ax 7 b (mod m) is

equivalent to the linear diophantine equation in two variables ax - m! : b.
The integer x is a solution of ax 7 b (mod m) if and only if there is an
integer y with ax - my : b. From Theorem 2.8, we know that if d tr b,
there are no solutions, while if d I b, ax - my : b has infinitely many
solutions,given by
x : ro * (m/d)t,l : lo+
b/d)t,
where x : xo and y : !0 is a particular solution of the equation. The values

of x given above,
x:xo*'(mld)t,
are the solutionsof the linear congruence;there are infinitely many of these.
To determine how many incongruent solutions there are, we find the
condition that describeswhen two of the solutions xl : x0 + (m/d)tt and
x2: xo * (mld)tz are congruent modulo m. If these two solutions are
cbngruent, then
r o * fu /d )tr
z x o * fu /d )t2 ( mod m).
Subtracting xo from both sidesof this congruence,we find that

fu/d)tr
@/d)t2 (modm).
Now (m,m/d) : m/d since@/d)
| z, so that by
t r z 1 2( m o d d ) .
tt
,ry*"seethat
"ore#
A=h
This shows that a complete set of incongruent solutions is obtained by taking

xo+ (m/d)t, where / ranges through a complete system of residues
x:
where
One such set is given by x : xo + @/d)t
modulo d.
/ : 0,1,2,...,d l. n
We now illustrate the use of Theorem
Example. To find allsolutions of 9x = 12 (mod l5), we first note that since
(9,tS) :3 and I l{hnere are exactly three incongruent solutions. We can
find these solutions by first finding a particular solution and then adding the
appropriatemultiples of l5/3 : 5.
To find a particular solution, we consider the linear diophantine equation
9x - l5y : 12. The Euclidean algorithm showsthat
A C,q,
r "v
104
Congruences
/'
\
n
0.t5)- ,))
1 5: 9 ' l + 6
9 :6'1 + 3
6:3'2,
s o t h a # s 9 : ' e . l : 9 - ( t S - q . D : 9 - 2 - 1 5 . H e n c e9 . 8 - 1 5 . 4 : 1 2 , a n d
: 8 and lo : 4.
a particular solutionof 9x - l5y : 12 is given by
"o
From the proof of Theorem 3.7, we see that a complete set of 3 incongruent
solutionsis given by t : x0 = 8 (mod l5), x : x0 + 5 = 13 (mod l5), and
x : x o + 5 ' 2 : 1 8 = 3 ( m o dl 5 ) .
We now consider congruencesof the special form ax ? I (mod la). From
Theorem 3.7, there is a solution to this congruenceif and only if (a,m): l,
and then all solutions are congruent modulo rn. Given an integer a with
(a,m) : l, a solution of ax 7 I (mod lz) is called an inverse of
a m odulo m .
/
\
73 )ly =\
lF ai= F7 r3 ?- 2.5.I
i =7- L{a,-'}'f.?{ ti'L
Example. Since the solutionsof 7x = I (mod 31) satisfy x = 9 (mod 3l),9,

and all integers congruent to 9 modulo 31, are inverses of 7 modulo 31.
Analogously, since 9'7 = I (mod 3l) , 7 is an inverseof 9 modulo 31.
When we have an inverse of a modulo z, we can use it to solve any
congruenceof the form ax 2 b (mod m). To see this, let a be an inverse of
a modulo m , so that aa:
I (mod rn ). Then, if ax = D (mod m), we can
multiply
both sides of
this congruence by
a
to
find that
a Gx) : ab (mod rn ), so that x
[[ (mod ln ) .
Exa m ple. T o f ind th e s o l u ti o n so f 7 x :2 2 (m o d
31), w e mul ti pl y both si des
of this congruence by 9,, an inverse of 7 modulo 31, to obtain
9 -7 x = 9- 22 ( m od 3 1 ). H e n c e ,x = 1 9 8 : 1 2 (mod 31).
(a ,m) : l, then
We note here that if
j
(mod
ax
b
m) has a unique solution modulo rn.
the
linear
congruence
Example. To find all solutions of 7x = 4 (mod l2), we note that since

l, there is a unique solution modulo 12. To find this, we need only
0,t2):
obtain a solution of the linear diophantine equation 7x - l2y :4.
The
Euclidean algorithm gives
12:7' l + 5
7:5'l+2
5:2'2*l
2 : 1 . 2.
Hence
[ : 5 - 2 . 2 : 5 - 0 - 5 . 1 ) . 2: 5 . 3- 2 . 7 : ( 1 2 - 7 . 1 :) 3 - 2 . 7-
105
3.2 Linear Congr u e n c e s
12.3 - 5.7. Therefore,a particular solution to the linear diophantineequation

is xs : -20 and ys : 12. Hence, all solutionsof the linear congruencesare
given by x = -20 = 4 (mod 12).
Later otr, we will want to know which integers are their own inverses
modulo p where p is prime. The following propositiontells us which integers
have this property.
Proposition 3.4. Let p be prime. The positive integer a is its own inverse
modulop if and on l y i f a = | (m o d p ) o r e : -l (mod p).
or a :
Proof. lf a :l(modp)
is its own inversemodulo p.
-l(modp),
then a2 = l(modp), so that a
I (modp).
C o n v e r s e l yi ,f a i s i t s o w n i n v e r s em o d u l op , t h e n a 2 : a ' o :
(
a
l
)
(
a
+
l
)
,
p
or
either
Since a2 l:
Hence, p I Gz-t).
I G-l)
p I G + t ) . T h e r e f o r ee, i t h e ra = I ( m o dp ) o r q : - - 1 ( m o d p ) . E
3.2 Problems
l.
Find all solutionsof eachof the following linear congruences.

a)
b)
c)
2.
3x = 2 (mod 7)
6x = 3 (mod 9)
l7x = 14 (mod2l)
d)
e)
f)
l5x = 9 (mod 25)

l28x = 833 (mod 1001)
987x = 610 (mod 1597).
The
L e t a , b , a n d m b e p o s i t i v e i n t e g e r s w i t h7a0 , m ) 0 , a n d ( a , m ) : L
following method can be used to solve the linear congruenceax 2 b (mod m).
a)
Show that if the integer x is a solution of ax = b (mod m), then x is also

a solution of the linear congruence
ag
-b[m/al
(modzr).
where c1 is the least positive residue of m modulo a. Note that this

congruence is of the same type as the original congruence,with a positive
integer smaller than a as the coefficientof x.
b)
When the procedure of part (a) is iterated, one obtains a sequence of

with
of
equal
to
linear
congruences
x
coefficients
oo: cr ) a1) a2)
S h o w t h a t t h e r e i s a p o s i t i v ei n t e g e r n w i t h
d, : l, so that at the nth stage, one obtains a linear congruence
x=B(modn).
106
Congruences
c)
Use the method described in part (b) to solve the linear congruence
6x = 7 (mod 23).
3.
An astronomer knows that a satellite orbits the earth in a period that is an

exact multiple of I hour that is less than I day. If the astronomer notes that
the satellite completes 11 orbits in an interval starting when a 24-hour clock
reads 0 hours and ending when the clock reads l7 hours, how long is the orbital
period of the satellite?
4.
F o r w h i c h i n t e g e r s cw i t h 0 ( c
< 3 0 d o e s t h e c o n g r u e n c e l 2 x= c ( m o d 3 0 )
have solutions? When there are solutions, how many incongruent solutions are
there?
5.
Find an inversemodulo 17 of
a)
b)
4c)7
d) re.
6.
Show that if d'is an inverse of a modulo m and D is an inverse of D modulo m.

then a- i ir un inverse of ab modulo z.
7.
Show that the linear congruence in two variables ax * by = c (mod z),

where a,b,c,and, m are integersm
, ) 0 , w i t h d : G , b , m ) , h a s e x a c t l yd m
incongruent solutions ,f d I c, and no solutionsotherwise.
8.
Find all solutionsof the following linear congruencesin two variables

a)
b)
2x * 3 y : I ( m o d 7 )
2x + 4 v = 6 ( m o d 8 )
c)
d)
6x * 3y =0 (mod9)
lOx * 5v = 9 (mod l5).
9.
Let p be an odd prime and k a positive integer. Show that the congruence
x2 = I (mod pt)
has
exactly
incongruent solutions, namely
two
xE-fl(modpt).
10.
Show that the congruence x2 = I (mod 2ft) has exactly four incongruent
solutions,namely x E tl or +(t+Zk-t) (mod 2ft), when k > 2. Show that
when k : I there is one solution and when k :2 there are two incongruent
solutions.
I l.
Show that if a and m ^re relatively prime positive integers with a ( rn, then
an inverse of a modulo m can be found using O (log m) bit operations.
12.
Show that if p is an odd prime and a is a positive integer not divisible by p,

then the congruence x2 = a (mod p) has either no solution or exactly two
incongruent solutions.

107
3.3 Th e Chines e Rem a i n d e r T h e o re m
l.
Solve linear congruenceusing the method given in the text.
2.
Solve linear congruencesusing the method given in problem 2.
3 . Find inversesmodulo m of integers relatively prime to ln where m is a positive

integer.
4 . Solve linear congruencesusing inverses.

5 . Solve linear congruencesin two variables.
3.3 The ChineseRemainderTheorem

In this sectionand in the one following, we discusssystemsof simultaneous
congruences. We will study two types of such systems. In the first type, there
are two or more linear congruencesin one variable, with different moduli
(moduli is the plural of modulus). The secondtype consistsof more than one
simultaneouscongruencein more than one variable, where all congruences
have the same modulus.
First, we considersystemsof congruencesthat involveonly one variable, but
different moduli. Such systemsarose in ancient Chinese puzzlessuch as the
following: Find a number that leavesa remainder of I when divided by 3, a
remainder of 2 when divided by 5, and a remainder of 3 when divided by 7.
This puzzle leadsto the following systemof congruences:
I (m o d 3 ). x
2 (mod5), x
3 (mod 7)
We now give a method for finding all solutions of systems of simultaneous

congruencessuch as this. The theory behind the solution of systemsof this
type is provided by the following theorem, which derives its name from the
ancient Chineseheritageof the problem.
The Chinese Remainder Theorem. Let rlt1,r/t2,...,trtrbe pairwise relatively
prime positiveintegers. Then the systemof congruence
x
x
a 1 ( m o dz 1 ) ,
a2(mod,m2),
ar(modm,),
has a unique solution modulo M - tltfitz
108
Congruences
Proof. First, we construct a simultaneous solution to the system of

congruences. To do this, let Mk : M/mt : fttlll2. . . tytk_rntk+l . mr.
we know that (Mr, mt) : I from problem 8 of Section2.1, since
(mi, mp) : I wheneveri I k. Hence, from Theorem 3.'7, we can find an
inverse ./r of M1 modulo mp, so that Mt lr, = I (mod mt). We now form
the sum
x :
atM01*
a2M21,t2*
* arMry,
The integer x is a simultaneous solution of the r congruences. To

demonstrate this, we must show that x ? ar, (mod m1) for k : 1,2,...,r.
since mt I Mi wheneverj * k, we have Mj :0 (mod nzp). Therefore, in
the sum for x, all terms except the kth term are congruent to 0 (mod m).
Hence, x ? etM*lr:
= I (mod m).
ak (mod m*), sinceM*t
We now show that any two solutions are congruent modulo M. Let xs and
x 1 both be simultaneoussolutions to the system of r congruences. Then, for
each k, x0 E xr E ar (mod m*), so that mr | (xo-x).
Using Theorem 3.7,
we see that M l(xe-x1). Therefore,x0 E x1 (mod M). This shows that the
simultaneoussolution of the system of r congruencesis unique modulo M. tr
We illustrate the use of the Chinese remainder theorem by solving the
system that arises from the ancient Chinese puzzle.
Example. To solve the system
x = I (mod3)
x=2(mod5)
x = 3 (mod 7),
w e h a v e M - 3 . 5 . 7: 1 0 5 , M r :
1 0 5 / 3 : 3 5 , M z : I A 5 / 5: 2 1 , a n d
Mt:
105/ 7 : 1 5 . T o d e te rm i n e !r, w e sol ve 35yr= I (mod 3), or
equiv alent ly , 2y r = I (m o d 3 ). T h i s y i e l d sj zr E 2 (mod 3). W e fi nd yzby
solving 2lyz:
I (mod 5); this immediately gives lz = I (mod 5). Finally,
wef ind y t by s o l v i n g r5 y t= 1 (m o d 7 ). T h i sgi ves/r E I (mod 7). H ence,
x E l ' 3 5 ' 2+ 2 . 2 1 . +
1 3.15.1
-157= 52 (mod105).
There is also an iterative method for solving simultaneous systems of
congruences. We illustrate this method with an example. Supposewe wish to
solve the system
3 .3 T he Chines e R e ma i n d e r T h e o re m
x=l(mod
s)
x = 2 ( m o d6)
x = 3 ( m o d7 ) .
We use Proposition 3.1 to rewrite the first congruenceas an equality, namely
x : 5t * l, where / is an integer. Inserting this expressionfor x into the
second congruence, we find that
5r+l:2(mod6).
Using Proposition
which can easily be solved to show that / : 5 (mod 6)
:
6u * 5 where u is an integer. Hence,
3.1 again, we write t
:
:5(6rz+5)
* I
30u 126. When we insert this expressionfor x into the
x
third congruence,we obtain
30u t 26 = 3 (mod 7).
When this congruenceis solved, we find that u : 6 (mod 7). Consequently,
Proposition3.1 tells us thatu -7v * 6, where v is an integer. Hence,
x : 3 0 (7 v + 6 ) + 2 6 :2 1 0 v
+ 206.
Translating this equality into a congruence,we find that

x :
2O6 (mod 210),
and this is the simultaneoussolution.

Note that the method we have just illustrated shows that a system of
simultaneous questions can be solved by successively solving linear
congruences. This can be done even when the moduli of the congruencesare
not relatively prime as long as congruencesare consistent. (See problems 7-10
at the end of this section.)
The Chinese remainder theorem provides a way to perform computer
arithmetic with large integers. To store very large integers and do arithmetic
with them requires special techniques. The Chinese remainder theorem tells
a positive integer
us that given pairwise relatively prime moduli r/t1,r/12,...,ffi,,
'
'
:
rltiltz'
mr is uniquely determined by its least positive
n with n < M
:
j
1,2,...,r. Supposethat the word size of a computer
residuesmoduli mi for
wish
we
100,
but
that
to do arithmetic with integers as large as 106.
is only
prime integers less than 100 with a product
pairwise
we
relatively
find
First,
r/t2:98, m3:97, and
i
n
s
t
a
n
c
e
w
,
e
c
an take mt:99,
1
0
6
;
f
o
r
exceeding
4-tuples
consistingof their
integers
less
than
106
into
95.
We
convert
mq:
(To
positive
fti4.
integers as
n43,
convert
residues
modulo
ffi2,
a;fid
mt,
least
Congruences
110
large as 106 into their list of least positive residues,we need to work with large
integers using multiprecision techniques. However, this is done only once for
each integer in the input and once for the output.) Then, for instance,to add
integers, we simply add their respective least positive residues modulo
tntt, t/t2, rn3, ?,fid ftr4, rrrzking use of the fact that if x = xi (mod m) and
: xi * y; (mod m). We then use the Chinese
! = li (mod m), then x * y
remainder theorem to convert the set of four least positive residuesfor the sum
back to an integer.
The following example illustrates this technique.
Example. We wish to add x : 123684 and y : 413456 on a computer of
word size 100. We have
x = 33 (mod99),
x?8(mod98),
x:9(mod97),
x = 89 (mod95).
y
y
y
y
=
=
:
=
32 (mod99),
92 (mod98),
42 (mod97),
1 6 ( m o d9 5 ) ,
so that
x+Y=65(mod99)
x+y:2(mod98)
x + Y = 51 (mod 97)
x+y:10(mod95).
We now use the Chinese remainder theorem to find x * y modulo
9 9 ' 9 8 ' 9 7 ' 9 5 .W e h a v e M : 9 9 ' 9 8 . 9 7 . 9 5 : 8 9 4 0 3 9 3 0 M
, r: M/99:903070,
Mz: Ml98:912288, Mt: Ml97:921690, and Mq: Ml95:941094.
We need to find the inverse of Mi (mod /i) for i : 1,2,3,4. To do this, we
solve the following congruences(using the Euclidean algorithm):
9O307Oy
t = 9ly r
912285y2: 3yz:
921690y3 : 93y3 =
941094ya = 24yq =
1
I
I
I
(mod 99),
(mod98),
(mod 97),
(mod 95).
(mod 99), yz = 38 (mod 98), /r -- 24 (mod 97), and

We find that yr:37
(
m
o
d
95). Hence,
!+= 4
x * y = 65'903070'37+ 2'912285'33+51'921690'24+ l0'941094'4
: 3397886480
= 53 7 1 4 0(m o d 3 9 4 0 3 9 3 0 ).
Since 0 ( x * y < 89403930,we concludethat x + y :
537140.
111
3.3 Th e Chines e Rem a i n d e r T h e o re m
On most computersthe word size is a large power of 2, with 235a common

value. Hence, to use modular arithmetic and the Chineseremainder theorem
to do computer arithmetic, we need integers less than 235 that are pairwise
relatively prime which multiply together to give a large integer. To find such
integers,we use numbers of the form 2m - l, where m is a positive integer.
Computer arithmetic with these numbersturns out to be relatively simple (see
Knuth t57l). To produce a set of pairwise relatively prime numbers of this
form, we first prove somelemmata.
Lemma 3.1. If a and b are positive integers,then the least positive residueof
Za - I modulo 2b - I is 2' - 1, where r is the least positive residue of a
mo dul o b.
Proof. From the division algorithm, c : bq * r where r is the least pos'itive
(2o-l) : 12b++r-1) :
We
have
b.
modulo
a
residue of
(
2
,
l
)
,
w h i c h s h o w s that the
(Zb_DebQ-t)+r a
+ 2b+,+2,)+
l; this is the least positive
I is 2'
I is divided by 2b
remainderwhen 2a
1. D
1 modulo 26
residue of 2o
We u s e Lem m a 3. 1 t o Pro v ethe following result.
Lemma 3.2. lf a and b are positive integers, then the greatest common
divisor of 2o - 1 and 2' - 1 is 2 k , b )- 1 .
Proof. When we perform the Euclidean algorithm with a : ro and b obtain
f g
rtQt *
f 1
r2Q2-t r3
0(r:(-rz
ln-2Qn-2*
0<
where the last remainder,
rZ
we
0(12(11
is the greatestcommon divisor of a and b.
Using Lenrma 3.1. and the steps of the Euclidean algorithm with a : rs
and b : , r, when we perform the Euclidean algorithm on the pair
2a - I : Ro and2b - I : R 1 , w o b ta i n
112
Congruences
Rs :RrQr*Rz
R1 :RzQz*R:
Rn-r :
Rn-z:
Rn-zQn-z* --,'-r
Rn-l
Rn-tQn-t.
R2 :2"-|
R3 :2"-\
^
: 2r'-t-1
Rn-t
Here the last non-zeroremainder,Rn-l : )r'-r - I : 2G'b)- l, is the greatest

common divisor of Ro and R1. tr
From Lemma 3.2, we have the following proposition.
Proposition 3.5. The positive integers 2a - 1 and 2b - I are relatively prime
if and only if a and b are relatively prime.
We can now use Proposition 3.5 to produce a set of pairwise relatively prime
integers, each of which is less than 235,with product greater than a specified
integer. Supposethat we wish to do arithmetic with integers as large as 2186.
We p:gk lfir:2t5 - I, tltz:zto - l,
t/t3:233 - l,
t7t4- ztt - l,
tns: 22e- l, and r/t6:22s - l. Since the exponentsof 2 in the expressions
for the mi are relatively prime, by Proposition 3.5 the M
i's are pairwise
relatively prime. Also, we have M : H!fl2nt3n4qrflsftio2 2t86. we can now
use modular arithmetic and the Chinese remainder theorem to perform
arithmetic with integersas large as 2186.
Although it is somewhat awkward to do computer operations with large
integers using modular arithmetic and the Chinese remainder theorem, there
are some definite advantages to this approach. First, on many high-speed
computers, operations can be performed simultaneously. So, reducing an
operation involving two large integers to a set of operations involving smaller
integers, namely the least positive residuesof the large integers with respectto
the various moduli, leads to simultaneous computations which may be
performed more rapidly than one operation with large integers. Second, even
without taking into account the advantages of simultaneous computations,
multiplication of large integers may be done faster using these ideas than with
many other multiprecision methods. The interested reader should consult
K nut h t 561.
113
3 .3 The Chines e Re ma i n d e r T h e o re m
3.3 Problems
l.
Find all the solutionsof each of the following systemsof congruences.

a)
x:4(modll)
x = 3(mod 17)
b)
x = l(mod2)
x = 2(mod 3)
x = 3(mod 5)
c)
x
x
x
x
=
=
E
=
d)
x
x
x
x
x
:2(mod ll)
= 3(mod 12)
= 4(mod 13)
E 5(mod 17)
= 6(mod l9).
0(mod 2)
O ( m o d3 )
l(mod 5)
6(mod 7)
2 . A troop of 17 monkeys store their bananas in eleven piles of equal size with a
twelfth pile of six left over. When they divide the bananas into 17 equal groups
none remain. What is the smallest number of bananasthey can have?
3 . As an odometer check, a special counter measuresthe miles a car travels modulo

7. Explain how this counter can be used to determine whether the car has been
driven 49335, 149335, or 249335 miles when the odometer reads 49335 and
works modulo 100000.
4.
Find a multiple of I I that leavesa remainder of I when divided by each of the

integers2,3,5,and 7.
5.
Show that there are arbitrarily long strings of integers each divisible by a perfect
square. (Hint: Use the Chinese remainder theorem to show that there is a
simultaneous solution to the system of congruences x 5 0 (mod 4),
-2 (mod 25),..., x - -ls*l (mod p|), where p1, is the
x = -l (mod 9), x:
kth prime.)
6" Show that if a,b, and c are integerswith (a,b) :1,

s u c ht h a t G n * b . c ) : l .
then there is an integer n
In problems 7-10 we will consider systemsof congruenceswhere the moduli of

the congruencesare not necessarilyrelatively prime.
7 . Show that the system of congruences

x 4 a1 (mod rn 1)
x :- a2 (mod m2)
Show that when there is a
has a solution if and only if (m6m2) | Gra).
solution, it is unique modulo (lmvmzl). (Hint: Write the first congruenceas
x : a, * km, where ft is an integer, and then insert this expressionfor x into
the secondcongruence.)
8 . Using problem 7, solvethe following simultaneoussystem of congruences
114
Congruences
\-
at
x:
y -
9.
4 (mod 6)
13 (mod15)
b)
x =7 (modl0)
x=4(mod15).
Show that the systemof congruences

x t a1 (modz1)
x z az (mod m2)
v, 3 4, (mod ln")
has a solution if and only if (m;,m1) | G, - a) for all pairs of integers (i,7)
with I (i
<l (r.
S h o w t h a t i f a s o l u t i o ne x i s t s ,t h e n i t i s u n i q u e m o d u l o
lm1, m2,...,ffi,l. (Hint: Use problem 7 and mathematicalinduction.)
10. Using problem 9, solve the following systemsof congruences
a) x= 5 (mod6)
(modl0)
x=3
(mod15)
x=8
d) .r = 2 (mod 6)
(mod8)
x=4
(mod14)
x=2
x = 14 (mod 15)
b) x = 2 (mod 14)
x = 16 (mod 2l)
x : l0 (mod 30)
(mod9)
c) x = 2
(mod15)
x=8
x = l0 (mod 25)
ll.
(mod9)
e) x = 7
x = 2 (mod l0)
(mod12)
x=3
(modl5).
x=6
What is the smallest number of eggs in a basket if one egg is left over when the
eggs are removed 2,3,4,5, or 6 at a time, but no eggs are left over when they are
removed7 ata time?
t 2 . Using the Chinese remainder theorem, explain how to add and how to multiply
784 and 813 on a computer of word size 100.
13. A
positive integer x * |
with n
base b
digits is called an
automorph to the base b if the last n base b digits of xz are the same as those
of x.
a)
Find the base l0 automorphs with four or fewer digits.
b)
How many base b automorphs are there with n or fewer base b digits, if b
has prime-power factorization 6 : pl' pl' ' ' ' pl,' Z
14. According to the theory of biorhythms, there are three cycles in your life that
start the day you are born. These are the physical, emotional, and intellectual
cycles, of lengths 23,28, and 33 days, respectively. Each cycle follows a sine
115
3.3 The ChineseRemainderTheorem
curve with period equal to the length of that cycle, starting with amplitude zero,
climbing to amplitude I one quarter of the way through the cycle, dropping back
to amplitude zero one half of the way through the cycle, dropping further to
amplitude minus one three quarters of the way through the cycle, and climbing
back to amplitude zero at the end of the cycle.
Answer the following questionsabout biorhythms, measuringtime in quarter
days (so that the units will be integers).
a)
For which days of your life will you be at a triple peak, where all of your
three cyclesare at maximum amplitudes?
b)
For which days of your life will you be at a triple nadir, where all three of
your cycles have lowest amPlitude?
c)
When in your life will all three cyclesbe a neutral position (amplitude 0) ?
15. A set of congruencesto distinct moduli greater than one that has the property
that every integer satisfiesat least one of the congruencesis called a covering set
of congruences.
a)
x = 0 (mod 3),
congruences x = 0 (mod 2),
set of
the
Show
(mod
(mod
=
(mod
is
12)
a covering set of
ll
6), and x
4), x = I
x = |
congruences.
b)
), x=0(mod3),
Show that the set of congruences x = 0 (mod 2)
(
m
o
d
6
)
,
rl (modl0), x=l
(
m
o
d
7
)
,
(
m
o
d
=
x
=
=
I
x
0
5
)
,
x
0
x
(mod30),x-4
( m o d l 4 ) , x = 2 ( m o d l 5 ) , x = 2 ( m o d2 l ) , x 7
(
m
o
d
(
m
o
d
104(mod 105)is a
(mod 35), x = 5
70), and x
42), x = 59
covering set of congruences.
it
factorization
prime-power
(mod
m) has exactly
p:' . Show that the congruencex2 = 1
^ : zo'p'r'pi'
2 ' + ' s o l u t i o n sw h e r e e : } i f a 6 : 0 o r l , : I i f a 6 : 2 , a n d e : 2 i f a s } 2 .
(Hint: Use problems 9 and l0 of Section 2.3.)
Let
be
positive
integer
with
The three children in a family have feet that are 5 inches,7 inches,and 9 inches
long. When they measure the length of the dining room of their house using
their feet, they each find that there are 3 inches left over. How long is the
dining room?
the Chinese remainder
l.
Solve systemsof linear congruencesof the type found

theorem.
2.
Solve systemsof linear congruencesof the type given in problems7-10.
3.
Add large integers exceedingthe word size of the computer using the Chinese
remainder theorem.
116
Congruences
4.
Multiply large integers exceeding the word size of the computer using the
Chinese remainder theorem.
5.
Find automorphsto the base D, where b is a positive integer greater than one
(seeproblem 13).
6.
Plot biorhythm charts and find triple peaks and triple nadirs (see problem l4).
3.4 Systemsof Linear Congruences

We will considersystemsof more than one congruenceinvolving the same
number of unknowns as congruences,where all congruenceshave the same
modulus. We begin our study with an example.
Suppose we wish to find all integers x and y
congruences
3x * 4y :5 (mod13)
2x t 5y = 7 (mod 13)
such that both of the
are satisfied. To attempt to find the unknownsx and |, we multiply the first
congruenceby 5 and the secondby 4, to obtain
I 5x * 20y = 25 (mod 13)

8x * 20y :- 28 (mod 13).
We subtractthe first congruence
from the second,to find that
7x = -3 (mod l3).
Since 2 is an inverse of 7 (mod 13), we multiply both sides of the above
congruencesby 2. This gives
2'7 x :
-2'3 (mod 13),
which tells us that

x = 7 (modl3).
Likewise, we can multiply the first congruenceby 2 and the secondby 3, to
seethat
117
3 .4 Sy s t em s of Line a r C o n g ru e n c e s
6x * 8y = l0 (mod 13)
-2l (modl3).
6x * l5y
we obtain
from the second,
Whenwe subtractthe first congruence
7y = 11 (mod13).
To solve for y, we multiply both sidesof this congruenceby 2, an inverseof 7
modulo 13 . We get
( m o dl 3 ) ,
Z"ly :2'll
so that
v = 9 (mod l3).
What we have shown is that any solution (xy)
must satisfy
x = 7 (mod l3), y = 9 (mod l3).

When we insert these congruencesfor x and y into the original system,we see
that thesepairs actually are solutions,since
3x * 4y : 3'7 + 4'9 : 57 =5 (mod l 3 )

2 x * 5 v = 2 ' 7 + 5 ' 9 : 5 9 : 7 ( m o dI 3 ) .
Hence, the solutions of this system of congruencesare all pairs G,y) with
x = 7 ( m od 13) and v = 9 (m o d l 3 ).
We now give a general result concerningcertain systernsof two congruences
in two unknowns.
T h e o r e m 3 . 8 . L e t a , b , c , d , , f
, a n d m b e i n t e g e r sw i t h m ) 0 , s u c ht h a t
(L ,m) : l, wher eA : a d -b c . T h e n , th e s y s te mo f congruences
ax*by:e(modm)
cx*dy:f(modm)
has a unique solution modulo m given by
=
@e-bfl (mod ln)
"y = 4
L Gf -ce) (mod m),
where A ir un inverseof A modulo m.
Proof. We multiply the first congruenceof the system by d and the secondby
b . to o bt ain
118
C ongruences
adx * bdy = de (mod m)

bcx * bdy = bf (mod m) .
Then, we subtract the secondcongruencefrom the first, to find that
Gd -b c ) x = d e -b f
o r , s i n c eA :
(mod m),
ad-bc,
Ax = de-bf
(mod rn ).
Next, we multiply both sidesof this congruenceby A, an inverseof A modulo

m, to concludethat
x = A @e-bfl
(mod la).
In a similar way, we multiply the first congruenceby c and the secondby a,

to obtain
acx * bcy = ce (mod m)
acx * ady = af (mod m).
We subtract the first congruencefrom the second,to find that
Gd-bc)y
of -ce (mod z)
or
Ly :
af -ce (mod na).
Finally, we multiply both sidesof the abovecongruenceby r to seethat

y = I bf -cd
(mod z).
We have shown that if (x,y) is a solution of the system of congruences,

then
x = A @ e -b f) (m o d z ) , y = L bf -ce) (mod z).
We can easily check that anX such pair G,y) is a solution. When
x=A @e-bfl (mod m) andy: ibf -tri (mod m), we have
3.4 S y s t em s of Lin e a r C o n g ru e n c e s
119
gE @r-bn + bA Gf -ce)
-abf -bce)
L bde-abf
L, fud-bc) e
e (modm),
ax*by
and
cx * dy : 4 tat-bn + dE Gf -ce)
:- L Gde-brf + adf-cde)
= a bd-bdf
= A'L,f
:
( m o dm ) .
This establishesthe theorem. tr

By similar methods, we may solve systemsof r congruencesinvolving n
unknowns. However, we will develop the theory of solving such systems,as
well as larger systems, by methods taken from linear algebra. Readers
unfamiliar with linear algebra may wish to skip the remainder of this section.
Systems of r linear congruencesinvolving n unknowns will arise in our
subsequentcryptographicstudies. To study these systemswhen r is large, it
is helpful to use the language of matrices. We will use some of the basic
notions of matrix arithmetic which are discussedin most linear algebra texts,
such as A nt on t 0O l .
We need to define congruencesof matrices before we proceed.
Definition. Let A and B be nxk matrices with integer entries, with (i,/)th
entries aii and br7 , respectively. We say that A is congruent to B modulo m
i f a i i - b i j ( m o dm ) f o r a l l p a i r s ( i , 7 ) w i t h I < t ( n a n d t ( , r < k . W e
write A
B (mod m) if I is congruentto B modulo m.
The matrix congruence A = B (mod m) provides a succinct way of
expressing the nk congruences o,j = bi1 (mod m) for I ( i ( rz and
I ( 7 < /c.
Example. We easily seethat
f" 13l
2)
L8
The following proposition
(q 3l
( m ordr ) '
l: rJ
be needed.
120
Gongruences
Proposition 3.6. lf A and B are nxk matriceswith A : B (mod m), C is

an k x p m at r ix a n d D i s a p x n ma tri x , al l w i th i nteger entri es, then
AC = ^BC (mod m) and DA = DB (mod m).
Proof. Let the entries of A and B be a;i and b,7, respectively,for I ( i ( n
a n d l e t t h e e n t r i e so f C b e c i i n f o r l < i
and l(7<k,
and
<k
The (i,/)th entries of AC and BC are ) ai1c1iand 2 bi,c,j,
--B (mo d
re s pec t iv ely .S inc e A
m ),w e k n o w thuto,,' --Lb;, (mod ,)j ' rc, utt
1 ( 7 ( p.
and
k.
Hence, from
Theorem
3.3
we
see that
b o,,r,j z
':l
--BC (mod la).

2 bnc,i (mod ne). Consequently,AC
t:l
The proof that DA :
DB (mod m) is similar and is omitted. tr
Now let us consider the system of congruences

QttXtl
anxz*
A Z t X t * a Z ZX Z t
--- (mod
*er, xn
b1
m)
*?r, x, 2 b2 (modm)
QnrXt *
lann xn :
anZXZ *
bn (mod rn ).
Using matrix notation, we see that this system of /, congruencesis equivalent

to the matrix conqruenceAX = B (mod lz ).
Qtt an
Qln
X1
by
azt azz
Q2n
X2
bz
where A :
,X:
Anl
An2
,andB:
Onn
xn
3x*.4y :{
2xt5y
(mo d 13)
(mo d l 3)
Example. The system
can be wr it t en as
bn
121
3.4 Systemsof LinearCongruences
4l| f'l
b
|
|
[
12 sJ lyj
fsl ( m o d l 3 ) .
Ll
L7J
We now develop a method for solving congruences of- the form

AX = B (mod m). This method is based on finding a matrix I such that
7Z - 1 (mod m), where 1 is the identity matrix.
Definition. lf A and ,q are nxn matrices of integers and if
f'o
ol
ol
t
( m o zd ) , w h e rIe: l o . . .
t ya t r iox f
i s t h ei d e n t i m
ll
t,l
100
l l
tra -,qI:/
order n, then 7 is said to be an inverse of A modulo m .
If A is an inverse of A and B : 7 (moO rn ), then ^B is also an inverse of

A. This follows from Proposition3.6, sinceBA = AA = I (mod m).
sf A,then Br= 82(modm). To
C o n v e r s e l yi f, 8 1 a n d 8 2 a r e b o t h i n v e r s e o
seethis, using Proposition3.6 and the congruenceB1A = BzA = I (modm),
( m o dm ) , w e c o n c l u d e
B 2 A B r ( m o d l c l ) . S i n c eA B t : 1
w e h a v eB A B I :
that Bt Z Bz (mod ln).
Example. Since
(m.d
=
:;l [t:): [t,[] [; ?] 5,
and
1,r4l Ir 3.l: f" xl : |,rol (mod5),

|.12) l.24)
w e s e et h a t t h e 1natrix
- ^ + r i v[ '
ol
15il,l
l0rJ
[r l]
,is
. an
^ inverse
of o)modulo5.
l, r,J
l,
The followingpropositiongivesan easymethodfor finding inversesfor 2x2

matrices.
be a matrix of integers, such that
Proposition3.7. Let A t:')
A : det A : ad-bc ts relativelyprime to the positiveintegerm . Then, the
122
C ongruences
mat r ix
r : o=fl -o-ul
. o)'
wher ea is t he in v e rs eo f A m o d u l o m,i s a n i n verseof I
modul o m.
Proof. To verify that tbg matrix 7 ir an inverse of A modulo ra, we need

only verify that AA = AA =I (mod z).
To see this, note that
f" u ) - l a - oll: n -l f a d - b c o l
|
,l4l
- b c + a.dl )
AA:
Va)-l-c
oJ--l
-faol faao I frol

= ^|-ooj=l
z)
o ooj=lo',l: 1 (mod
and
-f a -n) (" ol
A A = -L -I f - .
| |
a)lrd)
-t:
- fad-bc o I
I
aA l 0I
-bc+ad)
: A [aol: faaol = l,rol : I (mod

m)'
fooJ I o lo,l [o',l
where f ir un inverseof A (mod m), which existsbecause(a,.d :
Example.Let A :
have
ir +l
Since2 is an inversedetA:7
lr r,J.
l. tr
modulo13, we
_+l:
= |'rosl(moar).
tr_2 1.s
|,ro_sl
l-23)
l-46)
l.e6J
To provide a formula for an inverse of an nxn matrix where n is a positive

integer, we need a result from linear algebra. This result may be found in
Anton [60; page 791. It involvesthe notion of the adjoint of a matrix, which
is defined as follows.
Definition. The adjoint of an nxn malrix A is the n\n matrix with (i,;)th
entry Cyi, where Cii is (-l)t+i times the determinant of the matrix obtained
by deleting the ith row and 7th column from A. Thg adjoint of I is denoted
123
3 .4 S y s t em s of Lin e a r C o n g ru e n c e s
by adj(l).
matrix with
is an nxn
A
Theorem 3.9. If
A GdjA) : (det A) I , where adj A is the adjoint of A.
det A*
0,
then
Using this theorem,the following propositionfollows readily.

Proposition 3.8. If A is an n\n matrix with integer entries and rn is a
p osi tiv eint eger s uc h th a t (d e t ' q ,U ) :1 , th e n th e matri x A : A (adj A ) i s
an inverseof I modulo m, where A is an inverseof A : det A modulo m.
Proof. If (det A,m) :
Theorem 3.9. we have
l, then we know that det A * 0.
Hence, from
AadjA:(detnl:A1.
Since (det Z,nl) : l, there is an inverseA of A : det I
A (A adj A) = A ' {.zLdj
nE
afl
modulo z.
Hence,
= I (mod m),
and
- [ (uojA ' A) - aar : 1 (modrn).
e tuolilA
This showsthat 7 :^
Example. Let A :
' (adj l)
is an inverseof I
fzsol
2 | . . T h e n d e tA :
120
modulo ru. tr
- 5 . S i n c e( d e t A , 7 ) : 1 ,
and an
u 23J
inverseof det A : -5 is 4 (mod 7), we find that
I:4(.:,djA):4
-2-3 sl
-s o tol:
4
We can use an inverseof I
r-r0J
l-a-tz2ol
fezel
o
o
l
o
l-ro
ltosl(modi),
t
0 4-40)
1242)
modulo m to solvethe system

AX :
B (m o d m),
where (det A,m) : l. By Proposition3.6, when we multiply both sidesof this

congruenceby an inverseA of A, we obtain
124
Congruences
A Ux): LB (modm)
(,q,4x - 4B (modm)
X :
A B (modn).
Hence, we find the solutionX by forming A B (mod m ).

Note that this method providesanother proof of Theorem 3.8. To seethis,
ret AX: B, whereA :
x :
l:'),
and B -
t;]
A : det A : ad - bc is relativelyprime to ln, then
[;]
If
- nrl
a -t)| |f,l| - ^ ,-, _fa,
f"l - 1 ' - 1 ' " -B- l--A-f
),1(m
odm).
. i_,
l . .l : X = A
lyj
")lf)-ulo,
..r
This demonstratesthat (x,y) is a solutionif and only if

x = A,(de-bfl
(mod z),
y = I bf -ce) (mod lz).
Next, we give an example of the solution of a system of three congruences

in three unknownsusing matrices.
Example. We consider the system of three congruences
2 x 1 * 5 x 2t 6 x t :
2x1 * xt j
xr * 2x2* 3x::
3 ( m o d7 )
4 (mod 7)
I ( m o d7 ) .
This is equivalentto the matrix congruence
,l
lzosol
I [",] f
- lalr.noo
rl.
'^'^"12z I l"'l =
r,l
lr
l",j I'J
we have previouslyshownthat the matrix ll 3 :
|.242
lzsel
z) Hence'
wehave
tmoo
:
lJ
l?
is an inverse of
125
3.4 Systems of Linear Congruences
[*,1 fozellrl [r'l

lrosll.l : ltl:
l",l
l-l:l^.^lll:l-.1:
l',J
lz+zjL'J lro)
lol
I'l(mod7)
lrj
Before leaving this subject,we should mention that many methodsused for
solving systems of linear equations may be adapted to solve systems of
congruences. For instance, Gaussian elimination may be adapted to solve
systemsof congruenceswhere division is always replacedby multiplication by
inversesmodulo ru. Also, there is a method for solvingsystemsof congruences
analagousto Cramer's rule. We leave the developmentof these methods as
problemsfor thosereadersfamiliar with linear algebra.
3.4 Problems
l.
Find the solutionsof the followingsystemsof linearcongruences.

a)
x*2y
2x* y
I (mod 5)
I (mod 5)
b)
x*3y
3xt4y
I (mod 5)
2 (mod 5)
d4x +y
2x + 3 v
Z.
3.
(mod 5)
(mod 5).
Find the solutionsof the following systemsof linear congruences.

(mod 7)
(mod 7)
a)
2x*3y
x*5y
b)
(mod7)
4x* y=5
x*2y=4(mod7).
What are the possibilitiesfor the number of incongruent solutions of the system
of linear congruences
ax*by:c(modp)
dx * ey : f (mod fl,
where p is a prime and a,b,c d,e, and f are positiveintegers?
4.
Find the matrix C such that
126
C ongruences
fz'l f+ol( m o d 5 )
Q-
lor,l llJ
and all entries of C are nonnegativeintegers less than 5.
5 . Use mathematical induction to prove that if A and B are nxn matrices with
integer entries such that A = B(mod m ), then Ak :
positiveintegersk.
Bk(modm)
for all
6 . A matrix A * I is called involutory modulo m if 42 = 1 (mod z).
1 4n l
a)
Show that
b)
Show that if A
detA:tl(modrn).
| | 22)
is involutory modulo 26.

is
2x2
involutory
matrix
modulo
m,
then
7 . Find an inverse modulo 5 of each of the.following matrices
il
f or l
lr ol
i',i
b) |.,oJ
z)
c ) l z, J
lt
8 . Find an inverse modulo 7 of each of the following matrices
a)
frrol
0t
lt
[0 1 lJ
fr z:l
b) lr2sl
u 46J
r)
lr r r 0l
^)
v'
ll l0ll
|
|
ll0rll'
l 0r r r , J
9.
Use the results of problem 8 to find all solutionsof each of the following systems
a)
x+y : I (mod 7)
x*zz2(mod7)
Y*z=3(mod7)
3.4 Systemsof LinearCongruences
b)
x*2y*32 : I (mod 7)
x*3y*52=l(mod7)
x*4yl6z=l(mod7)
c)
x*y *z
x*y *w
xtz iw
Y*z *w
127
(mod 7)
(mod 7)
(mod 7)
(mod 7).
=
:
:
=
1 0 . How many incongruent solutions does each of the following systems of

congruenceshave
2x*4y*32:
I (mod 5)
I (mod 5)
b) 2x*3y*
z
x*2y*32
2x* z
3 (mod 5)
I (mod 5)
I (mod 5)
a)
x*
y*
c) 3x* y*32 = I (mod5)

:2(mod5)
x*2yt4z
(mod5)
4x *3y *22:3
il2x*y*z
x *2y * z
x * y *22
(mod 5)
(mod 5)
(mod 5).
Develop an analogueof Cramer's rule for solving systemsof n linear congruences

in n unknowns.
t2.
Develop an analogue of Gaussian elimination to solve systems of n linear

congruencesin z unknowns (where m and n may be different).
1 3 . A magic square is a square array of integers with the property that the sum of
the integers in a row or in a column is always the same. In this problem, we
present a method for producing magic squares.
a)
Show that the n2 integers 0,1,...,n2-l are put into the n2 positionsof an
n x/, square, without putting two integers in the same position, if the integer
k is placed in the i th row and 7th column, where
i=a*ck*e{klnl
j=b+dk+flk/nl
I < t ( n, 1 ( / ( n,
k f - de, n) : l .
b)
and
(modn),
(modn),
a,b,c d,e, and f
Show
that
a
magic square
( c , n ) : ( d , n ) : ( e, n ) : ( 7 , n ) : l .
produced
are
integers
part
(a)
with
Congruences
128
c)
The positive and negative diagonals of an nxn square consist of the

integers
positions (t1),
in
where
i + j = k (mod n)
and
, herek isa giveninteger. Asquareis
t - j = f t ( m o d n ) , r e s p e c t i v e l yw
called diabolic if the sum of the integers in a positive or negative diagonal is
always the same. Show that a diabolic square is produced using the
procedure given in part (a) if
Gtd,n) : (c-d,n) : G*f ,n) :
G-f ,n) : l.

l.
Find the solutions of a system of two linear congruencesin two unknowns using
Theorem 3.8.
2.
Find inversesof 2x2 matrices using Proposition 3.7.
3.
Find inversesof nxn
4.
Solve systemsof n linear congruencesin n unknowns using inversesof matrices.
5.
Solve systems of n linear congruences in n unknowns using an analogue of

Cramer's rule (seeproblem ll).
6.
Solve system of n linear congruences in m unknowns using an analogue of

Gaussianelimination (seeproblem l2).
7.
Produce magic squaresby the method given in problem 13.
matncesusing Theorem 3.9.
Applicationsof Gongruences
4.1 Divisibility Tests

Using congruences,we can develop divisibility tests for integers based on
their expansionswith respectto different bases'
We begin with tests which use decimal notation. In the following discussion
* 4 1 1 0* o o ,
letn: (oooo-r...apo)rc. Thenfl:QklOft + arr-J0t-l+
with 0 ( o.r ( 9 for,t:0,1, 2,...,k.
First, we develop tests for divisibility. by powers.. of 2. Since
l0 = 0 (mod 2), Theorem 3.5 tells us that 10/ :0 (mod 2r) for all positive
integers7. Hence,
n = (a) 1s (mod 2),
n = ( a r a o ) r o( m o d 2 2 ) ,
n 3 (a z a ra o )ro(mo d 2 3 ),
n:
( a i - f i i - 2 . . . a z a r a ot)o ( m o d 2 / )
These congruencestell us that to determine whether an integer n is divisible

by 2, we only need to examine its last digit for divisibility by 2. Similarly, to
determine whether n is divisible by 4, we only need to check the integer made
up of the last two digits of n for divisibility by 4. In general, to test n for
divisibility by 2i, we only need to check the integer made up of the last 7
digits of n for divisibility by 2i .
r29
130
A ppl i cati ons of C ongruences
E x a m p l e .L e t n : 3 2 6 8 8 0 4 8 . w e s e e t h a t 2 l n s i n c e z l g , a l ,
since
4 | 4 9 , 8 l , s i n c es | + a , 1 6 | n s i n c e t 6 | g 0 4 g ,b u t 3 2
/ r s i n c e ' l zi g s o + g . To develop tests for divisibility by powers of 5, first note that since
l 0 = 0 ( m od 5), w e h a v e l Y :0 (mo d 5 /). H ence, di vi si bi l i ty tests for
powers of 5 are analogousto those for powers of 2. We only need to check the
integer made up of the last 7 digits of n to determinewhether n is divisiblebv
5i.
E x a m p l e . L e t n : 1 5 5 3 5 3 7 5 .S i n c e s I s , 5 | n , s i n c e z s
lls,25
1 2 5 | 3 7 5 , 1 2 5 | n , b u t s i n c e 6 2 5| s l l s , 6 2 5 I n .
| n, since
Next, we develop tests for divisibility by 3 and by 9. Note that both the
congruences l0 : I (mod 3)
and
l0 = I (mod 9)
hold.
Hence,
10e : I (mod 3) and (mod 9). This givesus the useful congruences
( a p a 1 r - 1 . . . a p s: ) e k l 0 & + a * _ t l 0 k - l +
* alO * a6
: ek * ap4 *' . . + ar *as (mod
3 ) a n d ( m o d9 ) .
Hence, we only need to check whether the sum of the digits of n is divisible by
3, or by 9, to seewhether n is divisibleby 3, or by 9.
Example. Let
n : 412783s. Then, the sum of
the digits of
4 + | + 2 + 7 + 8 + 3 + 5 : 3 0 . S i n c Ie l r o b u t 9 l t } , 3 l n b u t gl n .
A
l0 :
rather simple test can be found for divisibility

-l (mod I l), we have
( a 1 r a 1 r - 1 . . . a p s ) t 0a:k l O k + a 1 r - 1 1 0 k *- r
: ak(-l)ft * a*-r(-t)t-t
by
IL
is
Since
* alO * as
-at * as (modI l).
This shows that (apap-1....aps)

rc is divisible by I l, if and only if
os - at * o2+ (-I)k a p , th e i n te g e r formed by al ternatel y addi ng
and subtracting the digits, is divisible by I l.
Example. We see that 723160823is divisible by 11, since alternately adding
a n d s u b t r a c t i n gi t s d i g i t s y i e l d s i - z + g - 0 + 6 - l + 3 - z * 7 : 2 2
which is divisible ll. On the other hand, 33678924is not divisible bv 11.
s i n c e4 - 2 + 9 - 8 + 7 - 6 + 3 - 3 : 4 i s n o t d i v i s i b l eb y l l .
Next, we develop a test to simultaneouslytest for divisibility by the primes
7 , l l , a n d 1 3 . N o t e t h a t 7 ' l l ' 1 3 : l 0 0 l a n d 1 0 3 : 1 0 0 0: - l ( m o d l 0 0 l ) .
Hence.
131
4.1 D iv is ibilit y T es ts
* alO * c6
( a 1 , a 1 r - r . . . a d r oa :k l O k + a * - J O f t - l +
: ( a o * l 0 a r * 1 0 0 a ) + 1 0 0 0 ( a r* 1 } a a * 1 0 0 4 5 )*
(tOOO)'(ou
+ l 0 a 7 t 1 0 0 a 6 )r
= (100a2* 10cr+ a0)- (l00ar * l}aa* a) *
(t00ar * l0a7+ a) (mod 1001).
* (a s a 7a6)rc= ( a2 a ,a s ),. - (o 5 a a a 3 ),s
This congruencetells us that an integer is congruent modulo l00l to the
integer formed by successivelyadding and subtracting the three-digit integers
with decimal expansionsformed from successiveblocks of three decimal digits
of the original number, where digits are grouped starting with the rightmost
since 7,11, and l3 are divisorsof 1001,to determine
digit. As a consequence,
whetheran integeris divisibleby 7,11, or 13,we only needto checkwhetherthis
a l te rn at ings um and d i ffe re n c eo f b l o c k so f th re e d i gi ts i s di vi si bl eby 7,11, or
13.
Example. Let n - 59358208. Since the alternating sum and difference of the
-91, is
integers formed from blocks of three digits, 208 358 + 59 :
divisible by 7 and 13, but not by 11, we seethat r is divisibleby 7 and 13, but
notbyIL
-----*?.ll
of theTvisibility tests we have developedthus far are based on decimal
representations. We now develop divisibility tests using base b
representations,where b is a positive integer.
Divisibility Test 1. If d I b and 7 and k are positive integers with i < k,
then ( a1. . . aps ) 6 is d i v i s i b l e b y d i i f a n d o n l y i f (a1-r...apo)ui s di vi si bl eby
4i.
Proof. Since b = 0 (mod d), Theorem 3.5 tells us t h a t b j : 0
Hence,
( a p a 1 r - 1 . . . a p s ) 6a: r r b k* " ' + a l b l + a i - f t i - l
=aj-ftj-r+"'+a1b*as
: (a i -t...a P s )6 (m o d d /).
( m o dd / ) .
+ "'+aft*as
i f a n d o n l y i f d I G1-t...aps)6. Conse quent lyd, I Q 1 ,a 1 r-1 ...a p s )6

Di vi sibilit yT es t 2. lf d | (b -t), th e n n : (a p ...a ps)6 i s di vi si bl eby d i f and
o n l y i f a p t ' ' ' + a r t a s i s d i v i s i b l eb y d .
we have b = I (mod d), so that by Theorem 3.5 we
Proof. Since d | $-l),
(
m
o
d
d ) fo r a l l p o s i ti v ei n te g e rsb. H ence, (ap...afl o)r:
I
know t hat bj
132
.
Oppl i cati ons of C ongruences
a l r b kI
t aft I aoz at *
* a 1 t a 6 ( m o d d ) . T h i s s h o w st h a t
dlnifandonlyifdl(a*+
* a1t as). tr
Divisibility Test.3. lf d | (b + l), then n : (ap...aps)6 is divisible by d if
-a r * a 6 i s d i v i s i bl eby d.
a nd only if ( - I ) k a p *
-l (mod d). H ence, bi = (-l )/
Pr oof . S inc e d I ft + 1 ), w e h a v e g :
(mod d) , and c o n s e q u e n tl yn, : (a 1 , ...a p s ) b : (-t)k a1, +
- o1
-a1
* ao ( m od d) . H e n c e , d I n i f a n d o n l y i f d | ((-l )o oo +
* as). n
Example.Let n: (7F28A6)16(in hex notation).Then, sincezl te, from

DivisibilityTest l, we know that 2 | n, sincezl e. Likewise,since4 | 16,we
s e e t h a t a l n , s i n c e4 t r 6 . B y D i v i s i b i l i t T
y e s t Z , s i n c e3 l ( f 6 - l ) ,
5 l ( t 6 - 1 ) , a n d 1 5l ( 1 6 - t ) , a n d 7 + F + 2 + 8
+A *6:(30),u, we
knowthat 3 | n, sinceI | (:O)16,
while 5 tr, and I 5 I n, since5 / (30)roand
ts / (30)ro. Furthermore,by Divisibility Test 3, since 17 | (16 + l) and
( , q ) r u( m o dl 7 ) , w e c o n c l u dt h
n =6- A +8 -2* F -7:
e a tl 7 t r r ,
since17 I (D rc.
Example.Let n : (1001001
I ll)2. Then, using Divisibility Test 3, we see
t h a t 3 l r , s i n c en = | - 1 + 1 - I + 0 - 0 + 1 0+0-l:0(mod3)
a n d3 l ( z + t ) .
4.1 Problems
l.
Determinethe highestpowerof 2 dividingeachof the followingpositiveintegers

a)
b)
2.
c)
d)
89375744
4t578912246.
Determine the highest power of 5 dividing each of the following positive integers
a)
b)
3.
201984
1423408
112250
4860625
c)
d)
235555790
48126953125.
Which of the following integers are divisible by 3? Of those that are, which are
divisible by 9?
a)
b)
18381
65412351
c)
d)
987654321
78918239735
133
4.1 D iv is ibilit y T es ts
4.
Which of the following integers are divisible by I I

a)
b)
5.
6.
7.
10763732
108632001s
c)
d)
674310976375
89243t00645372
A repunit is an integer with decimal expansioncontainingall l's.

a)
Determine which repunits are divisible by 3; and which are divisible by 9.
b)
Determine which repunits are divisible by I l.
c)
Determine which repunits are divisible by 1001. Which are divisible by 7?

by 13?
d)
Determine which repunits with fewer than l0 digits are prime.
A base b repunit is an integer with base b expansioncontaining all 1's.

il
Determine which base D repunits are divisible by factors of 6 - l.
b)
Determine which base b repunits are divisible by factors of b * l.
A base b palindromic integer is an integer whose base 6 representation reads

the same forward and backward.
il
Show that every decimal palindromic integer with an even number of digits
is divisibleby I l.
b)
Show that every base 7 palindromic integer with an even number of digits is
divisibleby 8.
8.
Develop a test for divisibility by 37, based on the fact that 103 = I (mod 37).
Use this to check 443692 and I 1092785for divisibility by 37.
9.
Devise a divisibility test for integers representedin base b notation for divisibility
by n where n in a divisor of b2 + l. (Hint: Split the digits of the base b
representationof the integer into blocks of two, starting on the right).
10. Use the test you developedin problem 9 to decide whether
ll.
il
( t o t t 1 0 1 l o ) 2 i s d i v i s i b l eb y 5 .
b)
(12100122)3rs divisibleby 2, and whether it is divisibleby 5.
c)
(36470124$8 is divisible by 5, and whether it is divisible by 13.
d)
(SS:ZO+t320219)rois divisibleby 101.
An old receipt has faded. It reads 88 chickens at a total of $x4.2y where x and
y ^re unreadable digits. How much did each chicken cost?
12. Use a congruence modulo 9 to find the missing digit, indicated by a question
mark: 89878'58965: 5299?56270.
13. We can check a multiplication c : ab by determining whether the congruence
c 2 ab (mod rn ) is valid. where m is anv modulus. If we find that
134
c # ab (mod z), then we know an error has been made. When we take m :9
and use the fact that an integer in decimal notation is congruent modulo 9 to the
sum of its digits, this check is called casting out nines. Check each of the
following multiplications by casting out nines
il
875961-2753: 2410520633
b)
t4789.23567 : 348532367
c)
24789'43717:
d)
Are your checks foolproof?
1092700713.
14. What combinations of digits of a decimal expansionof an integer are congruent

to this integer modulo 99? Use your answer to devise a check for multiplication
based on casting out ninety nines. Then use the test to check the
multiplicationsin problem 13.
1.
Determine the highest powers of 2 and of 5 that divide an integer.
2.
Test an integer for divisibility by 3,7,9, ll, and 13. (Use congruencesmodulo
l00l for divisibility by 7 and 13.)
3.
Determine the highest power of each factor of b that divides an integer from the
base b expansionof the integer.
4.
Test an integer from its base b expansion,for divisibility by factors of b - I and

of b + L
4.2 The PerpetualCalendar

In this section,we derive a formula that gives us the day of the week of any
day of any year. Since the days of the week form a cycle of length seven,we
use a congruencemodulo 7. We denote each day of the week by a number in
t h e s e t 0 , I , 2 , , 3 , 4 , 5 , 6 , s e t t i n gS u n d a y : 0 , M o n d a y : l , T u e s d a y: 2 ,
Wednesda! : 3, Thursday : 4, Fridey :5, and Saturday : $.
Julius Caesarchangedthe Egyptian calendar,which was basedon a year of
exactly 365 days, to a new calendar with a year of averagelength 365 V4days,
with leap years every fourth year, to better reflect the true length of the year.
However, more recent calculations have shown that the true length of the year
is approximately 365.2422days. As the centuries passed,the discrepanciesof
0.0078 days per year added up, so that by the year 1582 approximately l0
extra days had been added unnecessarilyas leap years. To remedy this, in
4 .2 T he P er pet ua l C a l e n d a r
13s
1582 Pope Gregory set up a new calendar. First, l0 days were added to the
date, s o t hat O c t ob e r 5 , 1 5 8 2 ,b e c a meOc to b e r 1 5, 1582 (and the 6th through
the l4th of October were skipped). It was decided that leap years would be
preciselythe years divisible by 4, except those exactly divisible by 100, i.e.,
the years that mark centuries,would be leap years only when divisible by 400.
As an example,the years 1700, 1800, 1900, and 2100 are not leap years but
1600 and 2000 are. With this arrangement, the average length of a calendar
year is 365.2425days, rather close to the true year of 365.2422 days. An
error of 0.0003 days per year remains, which is 3 days per 10000 years. In
the future, this discrepancy will have to be accounted for, and various
possibilitieshave been suggestedto correct for this error.
In dealing with calendar dates for various parts of the world, we must also
take into account the fact that the Gregorian calendar was not adopted
everywherein 1582. In Britain, the Gregorian calendar was adopted only in
1752,and by then, it was necessaryto add I I days. Japan changedover 1873,
the Soviet Union and nearby countries in 1917. while Greece held out until
1923.
We now set up our procedure for finding the duy of the week in the
Gregorian calendar for a given date. We first nrust make some adjustments,
becausethe extra day in a leap year colmesat the end of February. We take
care of this by renumbering the months, starting each year in March, and
consideringthe months of January and February part of the precedingyear.
For instance,February 1984, is consideredthe 12th month of 1983, and May
1984, is consideredthe 3rd month of 1984. With this convention,for the day
of interest, let k : day of the month, z : month, and N : year, with
N : 100C + IZ, where C : century and Y : particular year of the century.
F o r e x a m p l e J, u n e 1 2 , 1 9 5 4 ,h a s k : 1 2 , f r 7 : 4 , N : 1 9 5 4 , C : 1 9 ,
and
Y :54.
We use March 1, of each year as our basis. Letdy representthe day of the
week of March 1, in year I{. We start with the year 1600 and compute the
day of the week March l, falls on in any given year. Note that between
March I of year l/ - I and March I of year ly', if year N is not a leap year,
365 days have passed,and since 365 : I (mod 7), we seethat du : dN_,
* I (mod 7), while if year l/ is a leap year, since there is an extra day
between the consecutivefirsts of March, we see that dy = dx_r + 2 (mod 7).
Hence, to find dys from drooo,we must find out how many leap years have
occurred between the year 1600 and the year N (not including 1600, but
including N). To compute this, we first note that there are [(nrr - 160c)/41
years divisible by 4 between 1600 and N, there are [Or-t600)/1001 years
divisible by 100 between 1600 and N, and there are ICnr - 1600)/4001years
divisible by 400 between 1600 and N. Hence, the number of leap years
136
Applicationsof Congruences
between1600 and N is
+ tcnr- 1600)/4001
t0,r - rc00D/41-tor - 1600)/1001
: lN /41- 400- lX /t001+ t6 + Ir{/4001- 4
: lN /41- lw /tool + It//4ool - 388.
(We have used Proposition1.5 to simplify this expression). Now putting this
in terms of C and Y , we see that the number of leap years between 1600 and
l/ is
lzsc+ v/Dl - tc + v/r0o)l+ 1,rc/0+ v/400)l- ras

: 2 5 C + I Y / 4 1- C + t C/ 4 1 - 3 8 8
= 3 C + l C / 4 1+ l Y / 4 1 - 3 ( m o d7 ) .
Here we haveagainusedProposition1.5,the inequalityY/100 ( 1, and the

equation |,rc /4 + V /4001 : lc /+l (which follows from problem 20 of
Section1.2,sinceY/400 < llq.
We can now compute d1y from drcooby shifting drcooby one day for every
year that has passed,plus an extra day for each leap year between 1600 and
N. This gives the following formula:
dx=drcoo+100c+Y-1600+
3 C + I C / 4 1+ l Y l 4 l -
3 ( m o d7 ) .
Simplifying, we have
- 2c + y + tc/41 + ly/41 (mod7).

dx : drcoo
Now that we have a formula relating the day of the week for March l, of any
year, with the day of the week of March 1, 1600, we can use the fact that
March |, 1982, is a Monday to find the day of the week of March I , 1600.
F o r 1 9 8 2 ,s i n c e . l y ' : 1 9 8 2 , w eh a v eC : 1 9 , a n d Y : 8 2 , a n d s i n c ed p t z : l ,
it follows that
| = drcoo- 38 + 82 + [19/41 + ts2/41 :- drcoo- 2 (mod 7).
H enc e, dr c oo: 3, s o th a t M a rc h 1 , 1 6 0 0 ,w a s a W ednesday. W hen w e i nsert
the value of d16ss,the formula for d1,,becomes
du :
3 - 2 C + Y + l C /4 1 + IY l 4l (mod 7).
We now use this formula to compute the day of the week of the first day of
each month of year l{. To do this, we have to use the number of days of the
week that the first of the month of a particular month is shifted from the first
of the month of the preceding month. The months with 30 days shift the first
of the following month up 2 days, because30 : 2 (mod 7), and thosewith 31
137
4.2 Th e P er pet ual C a l e n d a r
:
days shift the first of the following month up 3 days, because31
Therefore, we must add the following amounts:
from March l, to APril l:

from April l, to May I :
from May l, to June l:
from June l, to July I :
from July 1, to August 1:
from August 1, to Septemberl:
from September 1, to October I :
from October l, to November l:
from November 1, to December 1:
from December l, to January l:
from January 1, to February 1:
3 (mod 7) '
3 daYs
2 daYs
3 daYs
2 daYs
3 daYs
3 daYs
2 daYs
3 days
2 days
3 daYs
3 daYs.
We need a formula that gives us the same increments. Notice that we have
1l incrementstotaling 29 days, so that each increment averages2.6 days. By
inspection, we find that the function lZ.6m - 0.21- 2 has exactly the same
increments as rn goes from I to I l, and is zero when m : l. Hence, the day
of the week of the first day of month m of year N is given by by the least
positiveresidueof dy + [2.6m - 0.21 - 2 modulo 7.
To find W, the day of the week of day k of month m of year.ly', we simply
add k-l to the formula we have devised for the day of the week of the first
day of the same month. We obtain the formula:
- o.2l- 2C + Y + IYl4l + lcl4l (mod7).

w - k + 12.6m
We can use this formula to find the day of the week of any date of any year
in the Gregorian calendar.
Example. To find the duy of the week of January 1, 1900, we have
c : 1 8 , I r : 9 9 , m : l l , a n d k : | ( s i n c e w e c o n s i d e rJ a n u a r y a s t h e
have
Hence, we
preceding year).
the
of
eleventh month
I + 28 - 36 + 99 + 4 + 24 :- I (mod 7), so that the first day of the
w
twentieth century was a Monday.
4.2 Problems
l.
Find the day of the week of the day you were born, and of your birthday this
Year.
138
2.
Find the day of the week of the following important dates in U. S. history (use
the Julian calendar before 1752, and the Gregorian calendar from I 7 52 to the
present)
October 12, 1492
May 6, 1692
June 15, 1752
July 4, 1776
March 30, 1867
March 17, 1888
d February 15, 1898
h) July 2, 1925
i) July 16, 1945
j) July 20, 1969
k) August 9,1974
l) March 28, 1979
il
b)
c)
d
e)
f)
(Columbus sights land in the Caribbean)

(peter Minuit buys Manhattan from the natives)
(Benjamin Franklin inventsthe lightening rod)
(U. S. Declaration of Independence)
(U. S. buys Alaska from Russia)
(Great blizzard,in the Eastern u. s.)
(U. S. BattleshipMaine blown up in Havana Harbor)
(Scopesconvicted of teaching evolution)
(First atomic bomb exploded)
(First man on the moon)
(Nixon resigns)
(Three Mile Island nuclear mishap).
3'
To correct the small discrepancy between the number of days in a year of the
Gregorian calendar and an actual year, it has been suggestedthat the years
exactly divisible by 4000 should not be leap years. Adjust the formula for the
day of the week of a given date to take this correction into account.
4.
Which of your birthdays, until your one hundredth, fall on the same dav of the
week as the day you were born?
5.
Show that days with the same calendar date in two different years of the same
century, 28, 56, or 84 years apart, fall on the identical day of the week.
6.
A new calendar called the International Fixed Calendar has been proposed. In
this calendar, there are 13 months, including all our present months, plus a new
month, called So/, which is placed between June and July. Each month has 28
days, except for the June of leap years which has an extra day (leap years are
determined the same way as in the Gregorian calendar). There is an extra day,
Year End Day, which is not in any month, which we may consider as December
29. Devise a perpetual calendar for the International Fixed Calendar to give day
of the week for any calendar date.

l.
To give the day of the week of any date.
2.
To print out a calendar of any year.
3.
To print out a calendar for the International Fixed Calendar (See problem 6).
4.3 Round-RobinTournaments
139
4.3 Round-RobinTournaments
Congruences can be used to schedule round-robin tournaments. In this
section, we show how to schedulea tournament for I/ different teams, so that
each team plays every other team exactly once. The method we describe was
developedby Freund t65].
First note that if N is odd. not all teams can be scheduled in each round,
since when teams are paired, the total number of teams playing is even. So, if
N is odd, we add a dummy team, and if a team is paired with the dummy
team during a particular round, it draws a bye in that round and does not
play. Hence, we can assume that we always have an even number of teams,
with the addition of a dummy team if necessary.
Now label t he N t e a ms w i th th e i n te g e rs1 ,2 ,3 ,...,If-1, N . W e construct
a schedule,pairing teams in the following way. We have team i, with i * N,
play team j,
with j I N
and j # i, in the kth round if
This schedulesgames for all teams in round k,
i + j:
k (mod /V-l).
There
except for team N and the one team i for which 2i : k (mod li-l).
is one such team because Theorem 3.7 tells us that the congruence
2x :- k (mod /V-l)
has exactly one solution with I ( x < .A/-1, since
(2, N-l) : 1. We match this team i with team Â{in the kth round.
We must now show that each team plays every other team exactly once.
We consider the first tr/-l teams. Note that team i, where I < t <,Af-l,
plays team l/ in round k where 2i : k (mod lf-l),
and this happensexactly
once. In the other rounds, team i does not play the same team twice, for if
team i played team 7 in both rounds k and k', then i + j = k (mod l/-l),
and i + j = k' (mod N-l)
which is an obvious contradiction because
k # k'(mod N-l).
Hence, since each of the first lf-l
teams plays .Af-l
games, and does not play any team more than once, it plays every team
games, and since every other team
exactly once. Also, team I{ plays N-l
plays team N exactly once, team N plays every other team exactly once.
Example. To schedule a round-robin tournament with 5 teams, labeled
I,2 ,3,4, and 5, we i n c l u d e a d u m m y te a m l a b e l ed6. In round one, team I
p l a y st e a m T w h e r e| + j = l ( m o d 5 ) . T h i s i s t h e t e a m j : 5
sothat teamI
plays team 5. Team 2 is scheduled in round one with team 4, since the
s o l u t i o no f 2 + j = l ( m o d 5 ) i s 7 : 4 .
S i n c ei : 3
i s t h e s o l u t i o no f t h e
congruence2i = 1 (mod 5), team 3 is paired with the dummy team 6, and
hence,draws a bye in the first round. If we continue this procedureand finish
schedulingthe other rounds,we end up with the pairings shown in Figure 4.1,
where the opponent of team i in round k is given in the kth row and i th
column.
140
Team
bye
bye
bye
bye
bye
Round
Figure 4.1. Round-Robin Schedule for Five Teams.
4.3 Problems
1. Set up a round-robin tournament schedulefor
a)
b)
7 teams
8 teams
c)
d)
9 reams
10 teams.
2.
In round-robin tournament scheduling, we wish to assign a home team and an

away team for each game so that each of n teams, where n is odd, plays an
equal number of home games and away games. Show that if when i + j is odd,
we assign the smaller of i and 7 as the home team, while if i + 7 is even, we
assign the larger of f and 7 as the home team, then each team plays an equal
number of home and away games.
3.
In a round-robin tournament scheduling, use problem 2 to determine the home

team for each game when there are
a)
5 teams
b)
7 teams

l.
Schedule round-robin tournaments.
c)
9 teams.
4.4 Computer File Storage and Hashing Functions
2.
t4l
Using problem 2, scheduleround-robin tournaments for an odd number of teams,

specifying the home team for each game.
4.4 ComputerFile Storage And Hashing Functions

A university wishes to store a file for each of its students in its computer.
The identifying number or key for each file is the social security number of
the student enrolled. The social security number is a nine-digit integer, so it is
extremely unfeasible to reserve a memory location for each possible social
security number. Instead, a systematic way to arrange the files in memory,
using a reasonableamount of memory locations, should be used so that each
file can be easily accessed. Systematic methods of arranging files have been
developedbased on hashtng functions . A hashing function assignsto the key
of each file a particular memory location. Various types of hashing functions
have been suggested, but the type most commonly used involves modular
arithmetic. We discuss this type of hashing function here. For a general
discussionof hashingfunctionsseeKnuth [52] or Kronsjii t581.
Let k be the key of the file to be stored; in our example, k is the social
security number of a student. Let m be a positive integer. We define the
hashingfunction h (k) by
h(k) =k
(mod,m),
where 0 < ft(k) < m,so that h(k) is the least positiveresidueof k modulo
m. We wish to pick n intelligently, so that the files are distributed in a
reasonableway throughout the z different memory locations0, 1,2,..., m-|.
The first thing to keep in mind is that z should not be a power of the base
b which is used to representthe keys. For instance,when using social security
numbers as keys, ra should not be a power of 10, such as 103, becausethe
value of the hashing function would simply be the last several digits of the
k"y; this may not distribute the keys uniformly throughout the memory
locations. For instance, the last three digits of early issued social security
numbers may often be between 000 and 099, but seldom between 900 and
ggg. Likewise, it is unwise to use a number dividing 6t * a where k and a
are small integers for the modulus rn. In such a case, h (k) would depend too
strongly on the particular digits of the key, and different keys with similar, but
rearranged, digits may be sent to the same memory location, For instance, if
m : l l l , t h e n , s i n c el l l | ( t O 3- l ) : 9 9 9 , w e h a v e 1 0 3= 1 ( m o d 1 1 1 ) , s o
that the social security numbers 064212 848 and 064 848 212 are sent to the
same memory location, since
142
h@64 2r2 S4$ = 064 2r2 848= 064 + 2r2+ 848 = ll24 :
14 (mod111),
and
= 0 6 48 4 82 r 2 : 0 6 4 + 8 4 8+ 2 r 2 = r r 2 4 : 1 4( m o dl l l ) .
h(0648482rD
To avoid such difficulties, z should be a prime approximating the number
of available memory locations devoted to file storage. For instance, if there
are 5000 memory locations available for storage of 2000 student files we could
pick m to be equal to the prime 49G9.
We have avoided mentioning the problem that arises when the hashing
function assignsthe same memory location to two different files. When this
occurs, we say the there is a collision. We need a method to resolvecollisions,
so that files are assignedto different memory locations. There are two kinds
of collision resolution policies. In the first kind, when a collision occurs. extra
memory locations are linked together to the first memory location. When one
wishes to accessa file where this collision resolution policy has been used, it is
necessaryto first evaluate the hashing function for the particular key involved.
Then the list linked to this memory location is searched.
The secondkind of collision resolution policy is to look for an open memory
location when an occupied location is assignedto a file. Various suggestions,
such as the following technique have been made for accomplishingthis.
Starting with our original hashing function ho(k): h(k), we define a
sequenceof memory locationsft1(ft),h2(k),... . We first attempt to place the
file with key ft at location hs(k). If this location is occupied, we move to
l o c at ionht ( k ) . If th i s i s o c c u p i e d w
, e m o v e to l ocati onh2& ), etc.
We can choose the sequence of functions hj(k)
simplestway is to let
in various ways. The
h j ( k ) = h ( k ) * 7 ( m o d m ) , 0 ( f t ;( k ) < m .
This placesthe file with key ft as near as possiblepast location h &). Note
that with this choice of h1(k), all memory locationsare checked,so if there is
an open location, it will be found. Unfortunately, this simple choice of h1(k)
leads to difficulties; files tend to cluster. We see that if kt * k2 and
hi(k):
h1(k) for nonnegative
i n t e g e r si a n d 7 , t h e n h ; q , ( k ) :
hi+1,(k2)
for k : 1,2,3,...,so that exactly the same sequenceof locationsare traced out
once there is a collision. This lowers the efficiencyof the search for files in the
table. We would like to avoid this problem of clustering, so we choose the
function h1(k) in a different way.
143
4.4 ComputerFile Storageand HashingFunctions
To avoid clustering, we use a technique called double hashtng. We choose,

as before,
h(k) =k
(modm),
with 0 < ft (/c) < m, where m is prime, as the hashing function. We take a
secondhashing function
g(k):
where 0 < g(k) < m - l,
probing sequence
k + I ( m o dm - 2 ) ,
so that G(k), m) : l.
hj(k) -
We
take
as a
h ( k ) + i s ( k ) ( m o dz ) ,
w here 0 ( f t ; ( k ) < m. Si n c e Q(k ), tn ) : l , a s 7 runs through the i ntegers

0 , 1 ,2, . . . , m - 1, al l me mo ry l o c a ti o n sa re tra c ed out. The i deal si tuati on
would be for m-2 to also be prime, so that the valuesg(ft) are distributed in
a reasonableway. Hence, we would like m-2 and m to be twin primes.
Example. In our example using social security numbers, both m : 4969, and
m-2 : 4967 are prime. Our probing sequenceis
h j (k ) -
h (k ) + i s (k ) (mo d 4e6e),
where0<
hj (k)<4969,
(mod 4967).
h(k)=k
( m o d 4 9 6 9 ) ,a n d s ( k ) = k + l
Supposewe wish to assign memory locations to files for students with social
securitv numbers:
k t : 3 4 44 0 16 5 9
k z : 3 2 5 5 1 07 7 8
kt:2t2 228844
kq: 329938 t57
k s : 0 4 7 9 0 0l 5 l
k6 :
k7 :
ks :
ks :
krc:
3 J 25 0 0 1 9 1
0 3 43 6 79 8 0
546332 t90
509 496993
1 3 24 8 99 7 3 .
Sincekt = 269,kz = 1526,and k3 : 2854(mod 496r, we assignthe first

three files to locations 269, 1526, and 2854, respectively. Since kq =
1526(mod 4969),but location1526is taken,we computeh1 (k) = h(k) +
: I + kq =
since
S(k) : 1526+ 216: 1742(mod 4969,
S(k)
216 (mod496D. Sincelocation1742is free,we assignthe fourth file to this
location. The fifth, six, seventh,and eighthfilesgo into the availablelocations
3960,4075,2376, and 578, respectively,becauseks = 3960,ko = 4075,
k.t = 2376,and frs - 578 (mod 4969). We find that ks = 578 (mod 496il:
144
b e c a u s el o c a t i o n5 7 8 i s o c c u p i e dw
, e c o m p u t eh 1 ( k q ) + s & ) : 5 7 g
+ 2002
: 2580 (mod 4969), where
S(k) : I * ks = 2002 (mod 4g6D. Hence, we
assign the ninth file to the free location 2580. Finally, we find that kro E
1526 ( m od 4967 ),b u t l o c a ti o n1 5 2 6 i s ta k e n . w e computehr (krd = h(Lrc)
+ g ( k , o ) : 1 5 2 6+ 2 1 6 : 1 7 4 2 ( m o d 4 9 6 r , b e c a u s e
216
S : ( / c r o :)' k r c :
(mod 4967), but location 1742 is taken. Hence, we continue
by finding
h2(krc)_ h(krc) + 2g(kd:
l 9 5 g ( m o d 4 9 6 q i )a n d i n t h i s a v a i l a b l e
location,we place the tenth file.
Table 4.1 lists the assignmentsfor the files of students by their social
security numbers. [n the table, the file locationsare shown in boldface.
Social Security
Number
344 40r 659

325 510778
2r2 228 844
329 938 ts7
0 4 79 0 0 l 5 l
3 7 25 0 0l 9 l
0 3 4 3 6 79 8 0
546 332 r90
509 496 993
t32 489973
h1(k)
269
r526
2854
1526
3960
4075
2376
s78
578
r526
h2(k)
1742
2580
t 74 2
1958
Table 4.1. Hashing Function for Student Files.
We wish to find conditions where double hashing leads to clustering.

Hence, we find conditionswhen
(4.1)
hi(k) : h1(k2)
a nd
(4. 2)
hi+t(k1): hi+r(k),
so that the two consecutiveterms of two probe sequencesagree. If both (+.t)

and @.D occur, then
h(k)
+ ig(k1) = h(k)
+ j g ( k 2 ) ( m o dz )
145
4.4 C om put er F ile Sto ra g e a n d H a s h i n g F u n c ti o ns
and
= h&)
h(k)+(t+l)g(kr)
+ (j + r)g(k)
( m o dz ) .
Subtracting the first of thesetwo congruencesfrom the second,we obtain
g ( k ) : g (k 2 ) (m o d rn),
so that
kr = kz (modm-2)'
Since S(k)
: g(k),
we can substitutethis into the first congruenceto obtain

h(k)
h ( k z ) ( m o d r n) ,
which showsthat
k r = k 2 ( m o dm ) .
Consequently,since (m-2, m) : 1, Theorem 3.6 tells us that
k t = k 2 ( m o dm ( m - D ) .
Therefore, the only way that two probing sequencescan agree for two
consecutiveterms is if the two keys involved,k1 and k2,lre congruentmodulo
Hence, clustering is extremely rare. Indeed, rf m(m-z) > k for
m(m-Z).
all keys k, clusteringwill never occur.
4.4 Problems
l.
A parking lot has l0l parking places. A total of 500 parking stickers are sold
and only 50-75 vehicles are expected to be parked at a time. Set up a hashing
function and collision resolution policy for assigning parking places based on
licenseplates displaying six-digit numbers.
2.
Assign memory locations for students in your class, using as keys the day of the
month of birthdays of students with hashing function hG) = K (mod l9),
3.
a)
with probing sequenceh1(K) -
b)
with probing sequence hjK)

g(r):
I +K(mod l7).
h(K) + 7 (mod l9).

= h(K) + i's(r<),0
( .l (
16, where
Let the hashing function be ft(rK) = K(mod rn ), with 0 < ft(f) < m, andlet
the probing sequencefor collision resolution be lr; (f ) = h K) + jq (mod m) ,
0 ( f t ; ( f ) < m , f o r j : 1 , 2 , . . . , m - 1 . S h o w t h a t a l l m e m o r y l o c a t i o n sa r e
146
probed
4.
a)
if ln is prime and I ( q ( m -1.
b)
if m :2'
and q is odd.
probing sequence for resolving collisions where the hashing function

is
h&) = K(modz),
+ jQh (f)
5.
0 < l, (K) < m,
is
+ 1) (mod m), O < lij(K) < m.
given by
nifn = hG)
il
Show that if z is prime, then all memory sequencesare probed.
b)
Determine conditions for clustering to occur, i.e., when hj(K)

hi*,(K) : hi+,(K) for r : I,2,...
: h1(K)
and
Using the hashing function and probing sequenceof the example in the text, find
open memory locations for the files of students with social security numbers:
: 25 0 5 5 7 6 4 5 2 ,k n :
krr: 137612044,k1
1 5 7 1 7 0 9 9 6k, r o : 1 3 1 2 2 0 4 1 8 . ( e a a
these to the ten files already stored.)

Write programs to assign memory locations to student files, using the hashing
function h(k) = ft(modl02l), 0 < l,(k) < l}2l, where the keys
the social
"r.
security numbers of students.
l.
Linking files together when collisionsoccur.
2.
Using hj(D
= h ( k ) * 7 ( m o d l 0 2 l ) , - / : 0 , 1 , 2 , . . . a s t h e p r o b i n gs e q u e n c e .
3 . U s i n gh j ( k ) = h ( k \ + j ' S & ) , j : 0 ,
as the probing sequence.
1 , 2 , . . . w h e r eg ( k ) :
| + k (modl0l9)
Some Special Congruences
5.1 Wilson's Theoremand Fermat's Little Theorem

In this section,we discusstwo important congruencesthat are often useful
in number theory. We first discussa congruencefor factorialscalled Wilson's
theorem.
Wilson's Theorem. If p is prime, then (p-t)t
= -t
(mod p).
The first proof of Wilson's Theorem was given by the French mathematician
Joseph Lagrange in 1770. The mathematician after whom the theorem is
named, John Wilson, conjectured, but did not prove it. Before proving
Wilson's theorem,we use an exampleto illustrate the idea behind the proof.
Example. Let p:7. We have (7-l)! :6! : l'2'3'4'5'6. We will rearrange
the factors in the product, grouping together pairs of inversesmodulo 7. We
(mod 7).
(mod 7)
Hence,
2'4
I
and 3'5 = I
note that
l
:
(
m
o
d
7 ) . T h u s , w e h a v e v e r i f i e da s p e c i a l
1.O.4.(g.S).6= 1.6=
6!
caseof Wilson's theorem.
We now use the technique illustrated in the example to prove Wilson's
theorem.
Pro of. W hen p: 2, w e h a v e Q-l )t = t : -l (mod 2). H ence,the theorem
is true for p:2. Now, let p be a prime greater than 2. Using Theorem 3.7,
t h e r e i s a n i n v e r s et , I < a 4 p - 1 ,
f o r e a c h i n t e g e ra w i t h I ( a { p - I ,
wi th aa:
1 ( m odp) . F ro m Pro p o s i ti o n3 .4 , th e onl y posi ti vei ntegersl ess
than p that are their own inversesare I and p-1. Therefore,we can group
l4'I
148
S ome S peci al C ongruences
the integersfrom 2 to p-2 into Q4)/2 pairs of integers,with the product of

each pair congruentto I modulop. Hence, we have
2.3
Q-).Q-D
= r ( m o dp ) .
We concludethe proof by multiplying both sidesof the abovecongruenceby I

and p-l to obtain
b-1)! :1.2.3' .Q-3)b-Db-l)
= t . ( p - r ) = - r ( m o d p ) .t r
An interestingobservationis that the converseof Wilson's theorem is also

true, as the following theorem shows.
Theor em 5. 1. I f n i s a p o s i ti v ei n te g e rs u c h th at h-l )t
n is prime.
= -l
(mod n), then
Proof. Assume that n is a compositeinteger and that (n-l)! = -l (mod n).

since n is composite,we have n:ob, where | 1 a I n and | < b 1 n.
Sinc e a 1n, we k n o w th a t a I h -l )!, b e c a usea i s one of the n-l numbers
m ult iplied t ogeth e r to fo rm (n -l )!. S i n c e h -l )t = -l (mod n), i t fol l ow s
th at n I t ( r - l) ! + l l . T h i s m e a n s ,b y th e u se of P roposi ti on1.3, that a al so
div ides h- l) t + t.
F ro m P ro p o s i ti o n 1.4, si nce a | (n-D l
and
al[h-l)!
+ l l , w e c o n c l u d et h a t a l t ( : n - l ) ! + I ] - ( n - l ) ! : l . T h i s i s
an obviouscontradiction,sincea ) l. tr
We illustrate the use of this result with an example.
Example. Since (6-l)! : 5! : 120 = 0 (mod 6) , Theorem 5.1 verifies the
obviousfact that 6 is not prime.
As we can see, the converseof Wilson's theorem gives us a primality test.
To decide whether an integer n is prime, we determine whether
h - l) ! : - 1 ( mo d n ). U n fo rtu n a te l y , th i s i s an impractical test because
n - 1 multiplications modulo n are needed to find (rr'-l)|, requiring
O h (log2n)z) bit operations.
When working with congruencesinvolving exponents,the following theorem
is of great importance.
'(-o,r),=L
Fermat's Little Theorem. If p is prime and a is a positive integer with p I a,

then aP-t = I (mod p).
C , ( P S 6 ' " , " 1, )
Proof. Con'sider'the p - | i n te g e rsa ,2 a , ..., ( p-l )a. N one of these i ntegers
are divisible by p, for if p I i a , th e n b y L e m m a 2.3, p I j , si ncep tr a. Thi s
149
5.1 W ils on' s T heor e m a n d F e rma t' s L i ttl e T h e orem
Furthermore, no two of the integers

is impossible because I ( 7 ( p-1.
(
pDa
mo
d
u l o p . To S ee thi s, assume that
c
o
n
g
ru
e
n
t
a re
a , 2 a, . . . ,
ja = ka (mod fl.
Then, from Corollary 3.1, since (a,p) : l, we have
j = k (modp). This is impossible,since 7 and k are positive integers less
thanp - I .
i ntegers al l
a re a set of p-l
Si nc e t he int ege rs a , 2 a , ..., (p -l )a
incongruent to zero, and no two congruent modulo p, we know that the least
taken in some order, must be the
positive residues of c, 2e,..., (p-l)a,
, e product of the i ntegers
A s a c o n s e q u e n c eth
i n teger s 1, 2, . . . ,p- 1 .
a,2a,. . . , ( p- l) a is c o n g ru e n t mo d u l o p to th e product of the fi rst p-l
positiveintegers. Hence,
a'2a
Q-I)a
( p - r ) ( m o dp ) .
l'2
Therefore,
aP-t(p-l)! :
S i n c e( p - l ) ! ,
p) :
(p-l)! (modp) .
l , u s i n g C o ro l l a ry3 .1 , w e c a ncelQ-l )!
to obtai n
a P-t = I (mo d p ). tr
We illustrate the ideasof the proof with an example.
Exa m ple. Let p: 7 a n d a :3 . T h e n , l ' 3 = 3 (mod 7), 2' 3 = 6 (mod 7),
3.3 = 2 ( m od 7) , 4' 3 = 5 (m o d 7 ), 5 ' 3 = I (mod 7), and 6' 3 = 4 (mod 7).
Consequently,
( t . l ) .Q . r . ( r . r ) . ( + . 1 ) . ( 5 . 3 ) . (=6 .33.)6 . 2 . s . 1( m
. 4o d7 ) ,
s o t h a t 3 6 . 1 . 2 . 3 . 4 . 5=. 6 3 . 6 . 2 ' 5 ' l ' 4( m o d 7 ) . H e n c e ,3 6 ' 6 != 6! (mod 7), and
therefore.36 = I (mod 7).
On occasion, we would like to have a congruence like Fermat's little
theorem that holds for all integersa, given the prime p. This is suppliedby
the following result.
Theorem 5.2. If p
eP:
a (modp).
is
prime
and
is
positive integer,
then
I (modp).
Pro of . lf p I a, by F e rm a t' sl i ttl e th e o re mw e k now that ap-t:
Multiplying both sidesof this congruenceby a, we find that ap = a (mod p).
(modp). Thisfinishesthe
l f p l a , t h e n p l a p a s w e l l , s o t h a ta P = a = O
proof, sinceaP = a (mod p) it p I a and if pla. tr
150
Some SpecialCongruences
Fermat's little theorem is useful in finding the least positive residuesof

powers.
Example. We can find the least positive residue of 3201modulo I I with the
help of F er m at ' s l i ttl e th e o re m . W e k n o w th at 310: I (mod l l ). H ence.
3 2 o r: ( 3 r o ) 2 03. = 3 ( m o d l l ) .
A useful application of Fermat's little theorem is provided by the following
result.
Theorem 5.3. If p is prime and a is an integer with p I a, then aP-2 is an

inverseof c modulop.
Proof.
If
p tr a,
then
Fermat's little theorem tells us

H e n c e ,a P-2 is an inverseof a modulo p.
that
Example. From Theorem 5.3, we know t h a t 2 e : 5 1 2 = 6 ( m o d l l )

inverseof 2 modulo I 1.
is an
a 'aP - 2 : s P - t = I (m o d p ).
Theorem 5.3 gives us another way to solve linear congruenceswith respect

to pr im e m oduli.
Corollary 5.1. lf a and b are positive integers and p is prime with p I a,
then the solutionsof the linear congruenceax = 6 (mod p) are the integers
x s uc h t hat x = a P-2 b (mo d p ).
Proof. Suppose that ax = b (mod p). Since p I a, we know from Theorem
5 .2 t hat aP - 2 is a n i n v e rs e o f c (mo d i l .
Mul ti pl yi ng both si des of the
original congruenceby sP-z, we have
aP-2ax = aP-2b(mod p).
Hence,
x 7 aP-2b (mod p). tr
5.1 Problems
l.
U s i n g W i l s o n ' s theorem, find the least positive r e s i d u e o f 8 ' 9 ' 1 0I. l . 1 2 .I 3

modulo 7.
2.
Using Fermat's little theorem, find the least positive residue oP 2toooooo
modulo
t1.
151
5 .1 W ils on' s T heore m a n d F e rma t' s L i ttl e T h e o rem
?,
S h o w t h a t 3 1 s:
I (mod I l2).
4 . Using Fermat's little theorem,find the last digit of the base7 expansionof 3r00.
5 . Using Fermat's little theorem,find the solutionsof the linear congruences
a)
6.
7x = 12 (mod 17)
4x=ll(modl9).
b)
S h o w t h a t i f n i s a c o m p o s i t ei n t e g e r w i t h n * 4 , t h e n h - \ ) t = O ( m o d n ) .
7 . S h o w t h a t i f p i s a n o d d p r i m e ,t h e n 2 Q - 3 ) ! :
-l
(modp).
8.
Show that if n is odd and 3 /n, then n2 = | (mod 24).
9.
Show that 42 | h' - n) for all positive integers n.
1 0 . S h o w t h a t i f p a n d q a r e d i s t i n c tp r i m e s ,t h e n p e - t * q P - r :
I l.
I (modpq).
Show that p is prime and a and b are integerssuch that ap = bP (mod p), then
aP = bP (modp2).
12. Show that if p

1-11b+t)/z(mod p).
is
an
prime,
odd
13. Showthatifp isprimeandp =3
then
1232
( m o d 4 ) , t h e n{ ( p - t \ l Z l l =
(p-42(p-2)2
I (modp).
14. a) Let p be prime and supposethat r is a positive integer less then p such that
: - l ( m o dp ) .
( - l ) ' r ! _ - l ( m o dp ) . S h o wt h a t Q - r * l ) !
b ) U s i n g p a r t ( a ) , s h o wt h a t 6 l ! = 6 3 ! = - l
(mod 71).
15. Using Wilson's theorem,show that if p is a prime and p = I (mod 4), then the
- -l (mod
p)
has two incongruent solutions given by
congruence x2
x E t l(p-)/zll
(modp).
16. Show that if p
= ( - l ) e ( m o dp ) .
is a
prime and O1k<-p,
1 7 . S h o w t h a t i f p i s p r i m e a n d a i s a n i n t e g e r t, h e n p l l a p
then Q-k)!(k-l)!
+ Q-l)!
al.
18. For which positiveintegersn is na * 4n prime?

19. Show that the pair of positiveintegersn and n * 2 are twin primes if and only if
4 l ( n - l ) l + t l + n = 0 ( m o d n ( n * 2 ) ) , w h e r en I l .
2 0 . S h o w t h a t t h e p o s i t i v e i n t e g e r s an n d n * k , w h e r e n ) k a n d k i s a n e v e n
(k!)'z[(n-t)t + t]
positive integer, are both prime if and only if
+ n ( k ! - l ) ( k - l ) ! = 0 ( m o dn ( n + k ) ) .
lzo)
2 1 . S h o w t h a t i f p i s p r i m e ,t h e n l l | = 2 ( m o d p ) .
lp )
22. a) In problem 17 of Section 1.5, we showed that the binomial coefficient
['),
where I < k ( p - l, is divisibleby p when p is prime. Use this fact and the
binomial theorem to show that if a and b are integers, then
152
( a + b ) p = a p * 6 z ( m o dp ) .
b) Use part (a) to prove Fermat's little theorem by mathematical induction.
(Hint: In the induction step, use part (a) to obtain a congruencefor
fu + l)p.)
23. Using problem 16 of Section 3.3, prove Gauss' generaltzation of Wilson's
theorem, namely that the product of all the positive integers less than m that are
relatively prime to rn is congruent to I (mod z), unless ffi : 4,p,, or 2p, where
p is an odd prime and I is a positive integer, in which case, it is congruent to
-l (mod rn ).
24.
25.
A deck of cards is shuffied by cutting the deck into two piles of 26 cards. Then,
the new deck is formed by alternating cards from the two piles, starting with the
bottom pile.
a)
Show that if a card begins in the cth position in the deck, it will be in the
Dth positionin the new deck where b = 2c (mod 53) and I < 6 <52.
b)
Determine the number of shuffies of the type described above that are
needed to return the deck of cards to its original order.
Let p be prime and let a be a positive integer not divisibleby p. We define the
Fermat quotient qob) by qp(a): (ap-t-l)/p.
Show that if a and, b are
positive
integers
not
divisible
by
the
prime
p,
then
q G b ) : e r ( a ) + q o $ ) ( m o dp ) .
26. Let p be prime and let a1,a2,...,ap

and b ,,b2,...,b,be completesystemsof residues
modulo p
Show that a1bya2b2,...,aobois not a complete system of residues
modulo p.
l.
Find all Wilson primes less than 10000. A Wilson prime is a prime p for which
( p - l ) ! : - l ( m o dp 2 ) .
2.
Find the primesp lessthan 10000 for which Zp-t = I (mod p2).
3.
Solve linear congruenceswith prime moduli via Fermat's little theorem.
5.2 Pseudoprimes
Fermat's little theorem tells us that if n is prime and b is any integer, then
bn = b (mod n). Consequently, if we can find an integer b such that
b' + b (mod n ), then we know that n is composite.
Example. We can show 63 is not prime by observingthat
5.2 P s eudopr im es
153
-__ = g
23
+ 2 (mod 63).
263:2eo.2t : (26)ro.23:64to23
Using Fermat's little theorem,we can show that an integer is composite. It
would be even more useful if it also provided a way to show that an integer is
prime. The ancient Chinesebelievedthat if 2'= 2 (mod n ), then n must be
prime. Unfortunately, the converseof Fermat's little theorem is not true, as
the following example shows.
Exa m ple. Let n - 3 4 1 : 1 1 .3 1 . By F e rma t' s l i t tl e theorem,w e see that 210
= I ( m od l1) , s o th a t 2 3 a o : (2 t0 ;3 + t (mo d l 1). A l so 23a0: (25)68=
(32)6 s= t ( m od 3l ). H e n c e ,b y T h e o re m 3 .1 , we have 2340: I (mod 341).
By multiplying both sides of this congruence by 2, we have
2341 2 (mod 341), even though 341 is not prime.
Examples such as this lead to the following definition.
Definition. Let b be a positive integer. If n is a composite positive integer
and b' = b (mod n), then n is called a pseudoprime to the base b.
Not e t hat if ( b, n ): 1 , th e n th e c o n g ru e n c eb n = b (mod n) i s equi val ent
I (mo d n ). T o s e eth is, note that by C orol l ary 3.1
to the c ongr uenc eb n -t:
we can divide both sides of the first congruenceby b, since (b,n) : l, to
obtain the secondcongruence. By Theorem 3.1, we can multiply both sidesof
the second congruencs by b to obtain the first. We will often use this
equivalentcondition.
Exa m ple. T he inte g e rs 3 4 1 : I l ' 3 1 , 5 6 1 : 3 ' l 1' 17 and 645 : 3' 5' 43 are
pseudoprimesto the base 2, since it is easily verified that 2340: I (mod 341),
-256o I (mod 561). and 26aa= I (mod 645).
If there are relatively few pseudoprimesto the base b, then checking to see
whether the congruence b' = D (mod n) holds is an effective test; only a
small fraction of composite numbers pass this test. In fact, the pseudoprimes
to the base b have been shown to be much rarer than prime numbers. In
particular, there are 455052512 primes, but only 14884 pseudoprimesto the
base 2, less than 1010. Although pseudoprimesto any given base are rare,
there are, nevertheless,infinitely many pseudoprimesto any given base. We
will prove this for the base 2. The following lemma is useful in the proof.
Lemma 5.1. lf d and n are positive integers such that d divides rz, then
2d - 1 divides 2n - l.
Proof. Since d I n, there is a positive integer / with dt : n. By setting
+ l), we find
i n t h e i d e n t i t vx t - I - ( x - 1 ) ( x t - l + x t - z +
x:2d
154
that 2n-t:(2d-l)
12dQ-r+
) 2do-Da
Od - t) | Q' - D. tr
+2d +l).
Consequently,
We can now prove that there are infinitely many pseudoprimesto the base
2.
Theorem 5.4. There are infinitely many pseudoprimesto the base 2.
Proof. We will show that if r is an odd pseudoprimeto the base 2, then
m : 2' - I is also an odd pseudoprimeto the base 2. Since we have at least
o ne odd ps eudo p ri meto th e b a s e 2 , n a m e l y fl s:341, w e w i l l be abl e to
construct infinitely many odd pseudoprimesto the base 2 by taking ns: 341
a n d n 1 r a :12 n ' I f o r k : 0 , 1 , 2 , 3 , . . . . T h e s eo d d i n t e g e r sa r e a l l d i f f e r e n t ,
s i n c en o I n t 1 n z 1 . ' . 1 n * ( n 1 1 1(
To continue the proof, let n be an
and 2n-t = I (mod n). Since n
11d1n
and l</1n.
we
pseudoprimeby first showing that it
2^-t = I (modz).
odd pseudoprime,so that n is composite

is composite, w have n : dt with
will show that m:2n-r
is also
is composite,and then by showing that
To see that m is composite, w use Lemma 5.1 to note that

Qd - t) | (Z' - l): m. To show that 2^-t:
I (modre), we first note
t h a t s i n c e2 n : 2 ( m o d n ) , t h e r e i s a n i n t e g e rk w i t h 2 n - 2 : k n . H e n c e ,
2^-t : 22' - 2: 2k n .
By
Lemma
5.1,
we
know
that
m : ( 2 n - l ) | ( 2 k n- l ) : 2 ^ - l - l . H e n c e , 2 m - t - I : 0 ( m o d z ) , s o
that 2^-t = I (mod re). We conclude that z is also a pseudoprimeto the
base 2. rl
If we want to know whether an integer n is prime, and we find that
2n-t : I (mod n), we know that n is either prime or n is a pseudoprimeto
the base 2. One follow-up approachis to test n with other bases. That is, we
check to see whether bn-r : I (mod n) for various positiveintegers6. If we
fi n d any v alues o f b w i th (b ,n ): I a n d b n -r # | (mod n), then w e know
that n is composite.
Example. We have seenthat 341 is a pseudoprimeto the base 2. Since
7 3 : 3 4 3 = 2 ( m o d3 4 1 )
and
zto: 1024:
I (mod341) .
155
5.2 Pseudoprimes
we have
7 3 a 0:
0 3 ) t t 3 l = 2 t 1 3 7: ( 2 1 0 ) 1 t . 2 3 . 7
8.7 = 56 # I (mod 341).
Henc e,we s eet hat 3 4 1 i s c o m p o s i tes, i n c eT z to1 l
(mod 341).
Unfortunately, there are compositeintegers r? that cannot be shown to be

composite using the above approach, becausethere are integers which are
pseudoprimesto every base, that is, there are compositeintegersn such that
b'-t = I (modn), for all b with (b,n): l. This leadsto the following
definition.
Definition. A composite integer which satisfies bn-t : I (mod n) for all
positiveintegersb with (b,il : I is called a Carmichael number.
E x a m p l e . T h e i n t e g e r 5 6 1 : 3 ' 1 1 ' 1 7 i s a C a r m i c h a e ln u m b e r . T o s e e t h i s ,
n o t e t h a t i f ( b , 5 6 1 ) : l , t h e n ( b , 3 ) : ( b , l l ) : ( b , 1 7 ) : l . H e n c e ,f r o m
Fermat's little theorem, we have b2 = I (mod 3), 610: I (mod I l), and
-6 1 6 I ( m o d 1 7 ) . C o n s e q u e n t l yb,5 6 0 : ( b 2 ) 2 8 0 : I ( m o d 3 ) , b s 6 0 : ( b 1 0 ) 5 6
= I ( m o d l l ) , a n d 6 5 6 0 : ( b l 6 ) 3 5= I ( m o d l 7 ) . T h e r e f o r e ,b y T h e o r e m
3 . 1 , b 5 6 0= I ( m o d 5 6 1 ) f o r a l l b w i t h ( b , n ) : L
It has been conjecturedthat there are infinitely many Carmichael numbers,
but so far this has not been demonstrated. We can prove the following
thecrem,which providesconditionswhich produceCarmichael numbers.
q 1 , w h e re th e q i ' s are di sti nct pri mes that
Th eor em 5. 5. I f n: Qt Qz
(,4
j,
l) for all then n is a Carmichael number.
satisfy Qi
1) |
Proof . Let b be a p o s i ti v e i n te g e r w i th (b ,n ) : l . Then (b,q1): I for
j :1,2,...,k,
a n d h e n c e ,b y F e r m a t ' sl i t t l e t h e o r e m ,b Q t - r I ( m o d Q ) f o r
j : 1 , 2 , . . . , k . S i n c e Q i - l ) | ( n - l ) f o r e a c h i n t e g e rj : 1 , 2 , . . . , k ,
there ar e int eger s/.; w i th r;(q , - l ) : n - L H ence, for each /, w e know
th at b ' - t : 6\ Q ' - r ) tt' -t t-o O q rl . T h e re fo re ,b y C orol l ary 3.2, w e see that
bn-t : I (mod n), and we concludethat n is a Carmichael number. D
Exam ple. T heor em 5 .5 s h o w sth a t 6 6 0 1 :7 ' 2 3 ' 4 1 i s a Carmichael number,
a re a l l p ri m e , 6 : Q - t ) | o o o o2, 2 :
beca us e J , 23, a n d 4 I
and4o: (+t - t) | oooo.

Ql - t) | oooo,
The converseof Theorem 5.5 is also true, that is, all C armi chaelnumbers
are of the form Qflz
Q* where the Qj's are distinct primes and
Qi -l ) | t r - l) f or a l l j . We p ro v eth i s fa c t i n Chapter 8 .
156
Once the congruencebn-r : I (mod n ) has been verified, another possible

approach is to consider the least positive residue oS 6h-D/2 modulo r. We
not e t hat if x : 6 (,-t)/2 , th e n x 2 : b n -t: I (mod r). rf n i s pri me, by
Proposition 3.4, we know that either x = I or x = -l (mod n).
Consequently,once we have found that b"-t:
I (mod n), we can check to
see wheth", 6tu-t)/2 = + I (mod n). If this congruencedoes not hold. then
we know that n is composite.
Example. Let b:5
and let n:561, the smallesC
t a r m i c h a e ln u m b e r . w e
fi nd t hat 5( 561- t )/2 :5 2 8 =
0 6 7 (mo d 5 6 1 ). H e nce,56l i s composi te.
We continuedevelopingprimality testswith the following definitions.
Definition. Let n be a positive integer with n-l : 2't, where s is a
nonnegative integer and / is an odd positive integer. We say that n passes
Miller's test for the base b if either bt = I (mod n) or b/' : -l (mod n)
forsomeTwith0<l(s-1.
We now show that if n is prime, then /, passesMiller's test for all basesD
with n I b.
Theorem 5.6. lf n is prime and b is a positive integer with n I b, then n
passesMiller's test for the baseD.
Proof. Let n-l :2"/, where s is a nonnegativeinteger and I is an odd
positive
i n t e g e r .L e t x 1 r : 6 { J . - t ) / z ' - 6 ? : - ' t , f o rk : 0 ,
l,2,...,s.Since n is
pri m e, F er m at ' s l i ttl e th e o re m te l l s u s th a t x0: bn-t :1 (mod n). B y
Proposition
3.4,, since
x? : 16{n-r)/z1z: xo E I (mod n ),
either
l
(
m
o
d
xt i
n)
or
rr E I (modn).
If
rr E I (modn),
since
x ? , : x r E I ( m o d n ) , e i t h e r x z ? - l ( m o dn ) o r x z 7 1 ( m o d r u ) . I n
: xk = I (mod n),
g ener al, if we ha v e fo u n d th a t x s : x l : x 27
(
:
with k
s, then, since x?+t
x* 3 I (mod n), we know that either
x*+ r 7 - l ( m od n ) o r x r+ r t 1 (mo d n ).
Continuing this procedure for k : l, 2,...,s, we find that either
x * ? I ( m o d n ) , f o r k : 0 , 1 , . . . , s , o r x t 7 - l ( m o d n ) f o r s o m ei n t e g e r/ c .
Hence, n passesMiller's test for the baseb. n
If the positive integer n passes Miller's test for the base 6, then either
bt = I ( m od n) o r b v t : -l (m o d n ) fo r s o m e7 w i th 0 < j ( s -1, w here
n - | :2't and r is odd.
In either case, we have bn-t = I (mod n ), since bn-\ - 162tt12'-tfor
1 , 2 , . . . , s , s o t h a t a n i n t e g e rn t h a t p a s s e sM i l l e r ' s t e s t f o r t h e b a s eb
J:0,
is automatically a pseudoprimeto the base b. With this observation,we are
157
5.2 Pseudoprimes
led to the following definition.

Definition. lf n is compositeand passesMiller's test for the base 6, then we
say n is a strong pseudoprime to the base b.
: ' ( 2 1 r ) 1 8 6 : ( Z O + A ) 1 8: 6 1
Example. Let n :2047 :23'89. Then 220a6
:
(mod 204D, so that 2047 is a pseudoprime to the base 2. Since 22046/2
l)e3
:
:
:
(mod
(zo+g)e3
(2t
passes
for
test
Miller's
2047),
2047
I
2to23
the base 2. Hence, 2047 is a strong pseudoprimeto the base 2.
Although strong pseudoprimesare exceedinglyrare, there are still infinitely
many of them. We demonstrate this for the base 2 with the following
theorem.
Theorem 5.7. There are infinitely many strong pseudoprimesto the base 2.
Proof. We shall show that if n is a pseudoprime to the base 2, then
is a s t r on g p s e u d o p ri meto th e b a s e2 .
N :2 ' - l
Let n be an odd integer which is a pseudoprimeto the base 2. Hence, n is
composite, and Zn-r : I (mod n). From this congruence, we see that
2'-r -l : nk for some integer k; furthermore,k must be odd. We have
,A f- I : 2 n -2 : 2 (2 n -r-l ) : Ztnk;
this is the factorizationof /V-l
into an odd integer and a power of 2.
We now note that

2?v-r)/2:2nk
b e c a u s 2e n : ( z n - t )
passesMiller's test.
+ t:I{*
: (Zn)k = I (mod /V)

I = I ( m o d , n { ) .T h i s d e m o n s t r a t e s t h a t N
In the proof of Theorem 5.4, we showed that if n is composite, then

N : 2'-l
also is composite. Hence, N passes Miller's Test and is
composite, so that N is a strong pseudoprime to the base 2. Since every
pseudoprimen to the base 2 yields a strong pseudoprime2n-1 to the base 2
and since there are infinitely many pseudoprimesto the base 2, we conclude
that there are infinitely many strong pseudoprimesto the base 2. tr
The following observationsare useful in combination with Miller's test for
checking the primality of relatively small integers. The smallest odd strong
pseudoprimeto the base 2 is 2047, so that if n 1 2047, r is odd, and n passes
Miller's test to the base 2, then n is prime. Likewise, 1373653is the smallest
158
odd strong pseudoprimeto both the bases2 and 3, giving us a primality test
for integers less than 1373653. The smallest odd strong pseudoprimeto the
bases2,3, and 5 is 25326001,and the smallestodd strong pseudoprimeto all
t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 1 5 0 3 1 7 5 1 .A l s o , l e s st h a n 2 5 . 1 0 e t, h e o n l y o d d
i n t e g e rw h i c h i s a p s e u d o p r i m teo a l l t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 5 1 0 3 1 7 5 1 .
This leads us to a primality test for integersless than 25.10e. An odd integer
n is pr im e if n < 2 5 ' 1 0 e ,n p a s s e sMi l l e r' s te st for the bases2,3,5, and 7,
a n dn I 3 2 1 5 0 3 1 7 5 1 .
There is no analogy of a Carmichael number for strong pseudoprimes.This
is a consequenceof the following theorem.
Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's
tes t f or at m os t Q -l )/4 b a s e sb w i th I < b ( n - l .
We prove Theorem 5.8 in Chapter 8. Note that Theorem 5.8 tells us that if
t? passesMiller's tests for more than (n-l)/4 basesless than n, then n must
be prime. However, this is a rather lengthy way, worse than performing trial
divisions,to show that a positiveinteger n is prime. Miller's test does give an
interestingand quick way of showingan integer n is "probablyprime". To see
this, take at random an integer b with I < D ( n - I (we will see how to
make this "random"choice in Chapter 8). From Theorem 5.8, we seethat if n
is composite the probability that r? passesMiller's test for the base b is less
than I/4. If we pick k different basesless than n and perform Miller's tests
for each of thesebaseswe are led to the following result.
Rabin's Probabilistic Primality Test. Let n be a positive integer. Pick k
different positive integers less than n and perform Miller's test on n for each
of these bases. If n is composite the probability that n passesall k tests is
l e s st h a n 0 / 4 k .
Let n be a compositepositiveinteger. Using Rabin's probabilisticprimality
test, if we pick 100 different integers at random between I and n and,perform
Miller's test for each of these 100 bases,then the probability than n passesall
the tests is less than 10-60,an extremely small number. In fact, it may be
more likely that a computer error was made than that a compositeinteger
passesall the 100 tests. Using Rabin's primality test does not definitely prove
that an integer n that passesall 100 tests is prime, but does give extremely
strong,indeedalmost overwhelming,evidencethat the integer is prime.
There is a famous conjecture in analytic number theory called the
generalized Riemann hypothesis. A consequenceof this hypothesis is the
following conjecture.
1s9
5.2 Pseudoprimes
Conjecture 5.1. For every compositepositiveinteger n, there is a base b with

b < 70 (log2n)2,such that n fails Miller's test for the base b.
If this conjecture is true, as many number theorists believe,the following
result providesa rapid primality test.
Proposition 5.1. If the generalizedRiemann hypothesisis valid, then there is
an algorithm to determine whether a positive integer n is prime using
O ((log2n)5)Uit operations.
Proof. Let b be a positive integer less than n. To perform Miller's test for
the base b on n takes O (logzn)3) bit operations,becausethis test requires
that we perform no more than log2n modular exponentiations,each using
O(logzb)2) Ult operations. Assume that the generalizedRiemann hypothesis
is true. lf n is composite,then by Conjective 5.1, there is a base 6 with
| < b < 70 (log2n)2such that n fails Miller's test for b. To discoverthis b
requires less than O(log2n)3)'O((togzn)z) : O((log2n)5) Uit operations,by
Proposition 1.7. Hence, after performing O((log2n)s) bit operations,we can
determinewhether n is compositeor prime. I
The important point about Rabin's probabilistic primality test and
Proposition 5.1 is that both results indicate that it is possibleto check an
i n teger n f or pr im a l i ty u s i n g o n l y O((l o g 2 n )ft) bi t operati ons,w here k i s a
positive integer. This contrasts strongly with the problem of factoring. We
have seen that the best algorithm known for factoring an integer requires a
number of bit operationsexponentialin the squareroot of the logarithm of the
number of bits in the integer being factored, while primality testing seemsto
require only a number of bit operationsless than a polynomial in the number
bits of the integer tested. We capitalize on this difference by presentinga
recently inventedcipher systemin Chapter 7.
5.2 Problems
l . Show that 9l is a pseudoprimeto the base 3.

2 . Show that 45 is a pseudoprimeto the bases17 and 19.
3 . Show that the even integer n : 161038:2'73' l 103 satisfiesthe congruence
2n = 2 (mod n).
base 2.
The integer 161038 is the smallest even pseudoprimeto the
4 . Show that every odd composite integer is a pseudoprimeto both the base I and
t h e b a s e- 1 .
5 . Show that if n is an odd compositeinteger and n is a pseudoprimeto the base a,

then n is a pseudoprimeto the base n - a.
160
Some SpecialCongruences
6 , S h o w t h a t i f n : ( a z p - - l ) / G 2 - l ) , w h e r e a i s a n i n t e g e ra, ) l , a n d p i s a n
odd prime not dividing a(a2 - l), then n is a pseudoprimeto the base a.
Conclude that there are infinitely many pseudoprimesto any base a. (Hint: To
establish that ao-t = I (mod n), show that 2p | (, - 1), and demonstrate that
a 2 P: 2 ( m o d n ) . )
7.
Show that every composite Fermat number F^ : 22' + I is a pseudoprimeto the

base 2.
8.
Show that if p is prime and the Mersenne number Mo : 2P - I is composite,

then Mo is a pseudoprime to the base 2.
9 . Show that if z is a pseudoprime to the bases a and b, then n is also a

pseudoprimeto the base aD.
1 0 . Show that if n is a pseudoprimeto the base a, then n is a pseudoprimeto the

base a-, where d' is an inverseof a modulo n.
l l . a) Show that if n is a pseudoprimeto the base c, but not a pseudoprimeto the
base 6, then n is not a pseudoprimeto the base aD.
b) Show that if there is an integer b with (b,n) : I such that n is not a
pseudoprimeto the base D, then n is a pseudoprimeto lessthan or equal 6 Ah)
different basesa with I ( a ( n. (Hint: Show that the sets c t, o2,..., a, and
ba1,ba2,...,
ba, have no common elements,where ot, o2, ..., ar are the basesless
than n to which n is a pseudoprime.)
12. Show that 25 is a strong pseudoprimeto the base 7.
13. Show that 1387 is a pseudoprime,but not a strong pseudoprimeto the base 2.
14. Show that 1373653 is a strong pseudoprimeto both bases2 and,3.
15. Show that25326001 is a strong pseudoprimeto bases2,3, and 5.
1 6 . Showthat the followingintegersare Carmichaelnumbers
il
2 8 2 1: 7 ' 1 3 ' 3 1
b)
1 0 5 8 5: 5 . 2 9 ' 7 3
c)
29341: l 3 ' 3 7 ' 6 1
d ) 3 1 4 8 2 1: 1 3 . 6 r . 3 9 7
e) 27845: 5'17'29.113
f)
1 7 2 0 8:17 - 1 3 . 3 1 . 6 1
g)
: 43.3361.3907.
564651361
1 7 . Find a Carmichaelnumberof the form7.23.qwhereg is an odd prime.

1 8 . a) S howt ha t e v e ryi n te g e o
r f th e fo rm (6 m +l )(l 2m+ l )(tg,n + t), w herem i sa
pos it iv eint e g e rs u c h th a t 6 m* l ,l 2 ml l ,
and l 8m* l are al l pri mes,i s a
Carmichaelnumber.
161
5.2 Pseudoprimes
109,55164051
l , 2 9 4409: 37' 73'
b) Conclude from part (a) th a t 1 7 2 9- 7 ' 1 3 ' 9
:
: 2 t 1 . 4 2 1 . 6 3 1I 1
. 8 9 0 1 5 2 1 2 7 1 ' 5 4 1 ' 8 1al .n d 7 2 9 4 7 5 2 -9 3 0 7 ' 6 1 3 ' 9 1a9r e
Carmichael numbers.
with n = 3 (mod 4), then Miller's test takes
19. Show that if n is a positive

O ((logzn)2) bit operations.
I.
Given a positive integer n, determine whether n satisfies the congruence

bn-t = I (mod n) where b is a positive integer less than n; if it does, then n is
either a prime or a pseudoprimeto the base D.
2.
Given a positive integer integer n, determine whether n passesMiller's test to the

base b; if it does then n is either prime or a strong pseudoprimeto the base b.
3.
Perform a primality test for integers less than 25'l0e based on Miller's tests for
the bases2,3,5, and 7. (Use the remarks that follow Theorem 5.7.)
4.
Perform Rabin's probabilistic primality test.
5.
Find Carmichael numbers.
5.3 Euler's Theorem

Fermat's little theorem tells us how to work with certain congruences
involving exponentswhen the modulus is a prime. How do we work with the
correspondingcongruencesmodulo a compositeinteger? For this purpose,we
first define a specialcounting function.
Definition. Let n be a positive integer. The Euler phi-function Qh) is
defined to be the number of positive integers not exceeding n which are
relatively prime to n.
In T abt e 5. 1 we dis p l a yth e v a l u e so f @ (n ) fo r I ( r ( 12. The val uesof
d(,n) for I ( n < 100 are given in Table 2 of the Appendix.
n
l0
il
I2
6h)
l0
n <
12.
Table 5.1. The Valuesof Euler's Phi-functionfor I (
162
In Chapt er 6, w e s tu d y th e E u l e r p h i -fu n c t i onfurther. In thi s secti on,w e

use the phi-function to give an analogue of Fermat's little theorem for
compositemoduli. To do this, we need to lay somegroundwork.
Definition. A reduced residue system modulo n is a set of Ofu) integers
such that each elementof the set is relatively prime to n, and no two different
elementsof the set are congruentmodulo n.
E x a m p l e . T h e s e t 1 , 3 , 5 , 7 i s a r e d u c e dr e s i d u es y s t e mm o d u l o 8 . T h e s e t
- 3 , - 1 , l , 3 i s a l s os u c ha s e t .
we will need the following theorem about reducedresiduesystems.
Theor em 5. 9. lf r1 ,r2 ,...,t6 G) i s a re d u c e dresi duesystemmodul o n, and i f
a i s a pos it iv eint e g e rw i th (a ,fl ) : l , th e n th e set et1, et2, ..., ot6h) i s al so a
reducedresiduesystemmodulo r.
Proof. To show that each integer ari is relatively prime to n, we assumethat
(ar 1, n) ) l. T he n , th e re i s a p ri m e d i v i s o r p of (ari ,n). H ence, ei ther
p I a or p I 11. T h u s , w e e i th e r h a v e p I a a nd p I n,' o, p I ri and p I n.
However, we cannot have both p I r; and p I n, since r; is a member of a
reduced residue modulo n, and both p I a and p I n cannot hold since
(a,n): l. Hence, we can conclude that ar1 and n are relatively prime for
j : l , 2 , . . ' ,Q h ) .
To demonstratethat no two ari's are congruent modulo n, we assumethat
arj = ar1, (mod n), where j and k are distinct positive integers with
1 < j ( d ( n ) a n d I < k ( d ( n ) . S i n c e( a , n ) : l , b y C o r o l l a r y 3 . l w e s e e
that r; : rk (mod n). This is a contradiction, since r7 and r,1 coffie from the
original set of reducedresiduesmodulo r?,so that ri # rr (mod n). tr
We illustrate the use of Theorem 5.9 by the following example.
Ex am ple. T he se t 1 ,3 ,5 ,7 i s a re d u c e d re si duesystem modul o 8. S i nce
( 3 , 8 ): l , f r o m T h e o r e m5 . 9 , t h e s e t 3 ' l : 3 , 3 ' 3 : 9 , 3 . 5 : 1 5 , 3 ' 7 : 2 1 i s
also a reducedresiduesystemmodulo 8.
We now state E,uler'stheorem.
Euler's Theorem. If m is a positive integer and a is an integer with
(a, m ) : l, t hen s o tu ) = I (mo d rn ).
Before we prove Euler's theorem, we illustrate the idea behind the proof
w i th an ex am ple.
163
5 .3 Euler ' s T heor em
Example. We know that both t h e s e t s l , 3 , 5 , 7 a n d 3 ' 1 , 3 ' 3 , 3 ' 5 , 3 ' 7 a r e

reduced residuesystemsmodulo 8. Hence, they have the same least positive
residuesmodulo 8. Therefore,
( 3 .l ) . ( 3 . 3 )(.3 . s )(.3 . 7 ):
l ' 3 ' 5 ' 7( m o d8 ) ,
3 4 ' l ' 3 ' 5 ' 7= l'3'5'7 (mod8).

8) : l , w e c o n c l u d eth a t
3 + _ 3 d (a ):
I (m o d g ) .
We now use the ideas illustrated by this exampleto prove Euler's theorem.
Proof. Let rr,rZ, ..., ro(^) denote the reduced residuesystem made up of the
positiveintegersnot exceedingm that are relatively prime to m. By Theorem
5 . 9 , s i n c e ( a , m ) : l , t h e s e t Q t 1 ,a t y , . . . , a r 6 ( m ) i s a l s o a r e d u c e dr e s i d u e
system m odulo lz . H e n c e , th e l e a s t p o s i ti v e re si duesof ar1, Qr2,...,or6(m)
must be t he int ege rs 1 1 ,1 2 ,..., r6 (m ) i n s o me o rder. C onsequentl y,i f w e
multiply togetherall terms in each of thesereducedresiduesystems,we obtain
ar pr 2
aryfu't -- r| rz
16(^) (mod la) .
Thus,
a 6 ( ^ )r { z
' r 6 ( m )j
r o(m) (mod z ) .
r(z
r a( ^ ), m ) : l , fro m C o ro l l a ry 3.1, w e can concl ude that

Si nce ( r g2
(
m
o
d
m). D
o o ( m )= I
We can use Euler's Theorem to find inversesmodulo m.
relatively prime, we know that
s ' t6 (m)-t :
4 4 (m)
lf a and m are
1 (mo d rn).
H enc e,o6( m ) - tis an i n v e rs eo f a m o d u l om.

Example. We know that 20@-t - 26-t : 25 :
of 2 modulo 9.
32:5
(mod 9) is an inverse
We can solve linear congruences using this observation. To solve

a x j D ( m od z ) , w h e re (a ,m) : I , w e mu l ti pl y both si des of thi s
164
co ngr uenc eby aa h )-l to o b ta i n

o o (m)-to * - : q Q ( m ) - t b( m o d m ) .
Therefore, the
Solutions
y : of(m)-tb (modm).
are
those
integers
Example.
The
solutions o f
3 x = 7 (mod l 0)
x = 3d( 10) - 1. 7 3 3 .J:9 (mo d l 0 ) , s i n c ed ( I 0 ) : 4 .
such
are
given
that
by
5.3 Problems
l.
Find a reducedresiduesystemmodulo
a)6
b)e
c)
lo
d)
e)
f)
t4
16
17.
2. Find a reduced residue system modulo 2^ , where m is a positive integer.

3 . Show if c t, c2, ..., c6(m) is a reduced residue system modulo m , then
c1* c2*
0 ( m o dl n ) .
* ,oh):
4 . Show that if m is a positive integer and a is an integer relatively prime to m,

then I I a * a2 *
I ofh)-t = 0 (mod m).
5 . Use Euler's theorem to find the least positive residueo1 3100000

modulo 35.
6 . Show that if a is an integer, then a7 = a (mod 63).
7 . Show
an
8 . Show that cd(b) I 6ab) :
I (mod ab), if a and b are relatively prime positive
that if a is
at2=l(mod3276CD.
integer
relatively prime
to
integers.
9 . Solve the following linear congruencesusing Euler's theorem
il
5x = 3 (mod 14)
b)
4x = 7 (mod 15)
c)
3x = 5 (mod 16).
1 0 . Show that the solutions to the simultaneoussystem of congruences
32760, then
165
5 .3 E uler ' s T heor e m
x i
*
ar (mod rn r)
o, (mod mz)
x ? a, (mod m),
where the mi are pairwise relatively prime, are given by
x j
a,ul'^)
w h e r eM : m 1 m 2
I l.
+ a,M!t^') (mod u)'
+ a2M!@) a
m , a n dM j :
M/mi forT:
1,2,...,r.
Using Euler's theorem,find

a)
the last digit in the decimal expansiono1 7t000
b)
the last digit in the hexadecimalexpansionoP 51100$000.
1 2 . F i n d @ ( n ) f o r t h e i n t e g e r sn w i t h 1 3 ( n < 2 0 .
13. a) Show every positive integer relatively prime to l0 divides infinitely many
repunits (see problem 5 of Section 4.1). (Hint: Note that the n -digit repunit
lil ... ll : (to'-t)/q.)
b) Show every positiveinteger relatively prime to b divides infinitely many base
b repunits (seeproblem 6 of Section4.1).
14. Show that if m isa positiveinteger,m )
positiveintegersa.
1, then o^ = am-6(m)(mod rn ) for all

Write programsto do the following:
l.
Solve linear congruencesusing Euler's theorem.
2.
Find the solutionsof a system of linear congruencesusing Euler's theorem and

the Chineseremaindertheorem (seeproblem l0).
6.1 The Euler Phi-function

In this chapter we study the Euler phi-function and other functions with
similar properties. First, we presentsomedefinitions.
Definition. An arithmetic function is a function that is defined for all positive
integers.
Throughoutthis chapter,we are interestedin arithmetic functionsthat have
a specialproperty.
Definition. An arithmetic function f
is called multiplicative if
f fun) : f (m)f fu) wheneverm and n are relatively prime positiveintegers.
Example. The function f h) : I for all n is multiplicative because
and f(n):1,
so that fhn):f(m)fh).
f(mn):1,
f(m):1,
Similarly,
function
g(n) : n
the
is
multiplicative,
since
g(mn) :mn : g(m)efu).
Notice that ffun) :1(m)fh)
and
g( m n) : g( m ) S h ) fo r a l l p a i rs o f i n te g ersm and n, w hether or not
(m,n) : l. Multiplicative functions with this property are called completely
mult ip licative functions.
If / is a multiplicativefunction, then we can find a simple formula for f fu)
given the prime-powerfactorizationof n.
T heor em6. 1. I f /
166
i s a m u l ti p l i c a ti v efu n c ti onand i f n:
pi ' pi ,
...
pi ' i t
167
6.1 The EulerPhi'function
the
prime-power factorization of
f tu): f Qi)f Qi) "

Proof. Since f
the
positive
integer
n,
then
"fQi).
is multiplicativeand Qi',pi' ' ' ' p!) : l, we see that
f Qi)-Q
f i ' p \"' ' p : ' ) .
f t u ): f b i ' p i '" ' p : ) : f Q i ' ' Q ? " ' p i ) ) :
S i n c eb i ' , p \ ' " ' p ! ' ) : 1 , w e k n o wt h a ft b i ' p \ ' " ' p ! ' ) : f b i ' )
p:). continuing
-f Qi'... pl'), ro thatf(n): -f Qi') f Qi) f Qi'
in thisway,we findthatf h) : f Qi) f bi) .f (p\')
f Q?) a
We now return to the Euler phi'function. First, we considerits values at
primesandthenat primepowers.
Theorem 6.2. If p is prime. then 0b) : p - l.
positiveintegerwith d(p) - p - l, thenp is prime.
Conversely, if p is a
Proof. If p is prime then every positiveinteger lessthan p is relatively prime

to p. Sincethere arep - I suchintegers,we haveQQ) : p - l.
, e n p h a s a d i v i s ord w i th | < d 1p,and,
Conv er s ely , ifp is c o mp o s i teth
of course,p and d are not relatively prime. Since we know that at least one
of the p - | integers| ,2, ...,p - l, namely d, is not relativelyprime to p,
- l , t h e n p m u s t b e p r i m e t. r
H e n c e , i 0f Q ) : p
d0) ( p-2.
We now find the value of the phi-functionat prime powers.
Theorem 6.3. Let p
be a
prime and a
6e\:po-po-t. = f o-'fp_D
' zZ\
a positive integer.
Then
Proof. The positive integers'less-thanpo that are not relatively prime to p are
thoseintegersnot exceedingpo that are divisibleby p. There are exactlypo-l
such integers,so there are po - po-r integersless than po that are relatively
p ri me t o po. Henc e ,6 b " ) : p o - P o -r. n
Example. Using Theorem6.3, we find that d(53) : 53 - 52 : 100,
O ( z t } ): 2 t 0 - 2 e: 5 1 2 , a n dd ( t t 2 ) : 1 1 2- 1 1 : 1 1 0 .
To find a formula for @(n), given the prime factorization of n, we must
show that d is multiplicative. We illustrate the idea behind the proof with the
following example.
E x a m p l e .L e t m : 4 a n d n : 9 , s o t h a t m n : 3 6 . W e l i s t t h e i n t e g e r sf r o m
I to 36 in a rectangularchart, as shownin Figure 6.1.
168
OOe@@2,@@33
l0
t4
18
22
34
,O@,5@@27@@
t2
l6
20
24
28
32
36
Figure6.1.
Neither the second nor fourth row contains integers relatively prime to 36,
since each element in these rows is not relatively prime to 4, and hence not
relatively prime to 36, We enclosethe other two rows; each element of these
rows is relatively prime to 4. Within each of theserows, there arc 6 integers
relatively prime to 9. We circle these; they are the 12 integers in the list
relativelyprime to 36. HenceOGO : 2.6 - OU)O(il.
We now state and prove the theorem that showsthat @is multiplicative.
Theorem 6.4. Let m and n be relatively prime positive integers. Then
Q f u n ): Q ( m ) t h ) .
Proof. We display the positive integers not exceeding mn in the following

way.
m*l
2m*l
m*2
2m*2
h-l)m*2
m*3
2m*3
h-I)m*3
2m
... 6-l)m*l
3m
Now suppose r l s a
posltlve lnteger not exceeding m.
Suppose
(m,r):d)1.
Then no number in the rth row is relatively prime to mn,
since anv element of this row is of the form km * r, where k is an integer
6.1 The EulerPhFfunction
169
with I < t < n - l, and d | &m*r),
and d I r.
sinced | *
Consequently,to find those integers in the display that are relatively prime
to mn, we need to look at the rth row only if (m,r) : l. If fuI) :1 and
I ( r ( m, we must determinehow many integersin this row are relatively
prime to mn.
The elements in
this row are r , m * r ,
2m * r,..., h-l)m * r. Since (r,m) : l, each of these integers is
relatively prime to m. By Theorem 3.4, the n integersin the rth row form a
completesystemof residuesmodulo r. Hence, exactly Qh) of these integers
are relatively prime to n. Since these d(n) integersare also relatively prime
to m, they are relativelyprime to mn.
Since there are S(m) rows, each containing d(n) integersrelatively prime
to mn, we can concludethal Q(mn) : O(m)efu). tr
CombiningTheorems6.3 and 6.4, we derive the following formula for 0Q).
Theorem 6.5. Let n : por'pi' . . . pir' be the prime-power factorization of
the positive integer n. Then
l)
6h):n0-lttr-
Pr
Pz
tr-.!l
Pt
Proof. Since @is multiplicative, Theorem 6.1 tells us that if the prime-power
factorization of n is n : pl,pl,
pf,,, th"n
0h) : o?i)obi,)
oht').
In addition, from Theorem 6.3 we know that
Obi')- pf'- p?-t: p;,(l- +)

Pi
forT : 1,2,...,k.Hence,
Qh): pi'T - L)ri,(l - I)

Pr
Pz
pi:oftt: n ( L- I l ( l
Pr
- !)
Pz
This is the desiredformula for d(n). D
pi,'o- t )
P*
Lt
(r-!)
P*
(l-I).
Pr,
170
Multiplicative Functions
we illustrate the use of rheorem 6.5 with the following example.

Example. Using Theorem6.5, we note that
: o(22s2):
:
loo(ld(roo)
il(l +) 4o.
and
: t2oe0020: o(2432s)
ilrr |l tr
l.
=)-192.
)
We now introduce a type of summation notation which is usefulin working

with multiplicativefunctions.
Let f be an arithmetic function. Then
2,f (d)
dln
representsthe sum of the valuesof f at all the positivedivisorsof n.

Example. If / is an arithmetic function, then
> f U) : f (r)+ f Q)+ f 0) + f U) + f (O+ f 0D .
dlt2
For instance.
> d 2 : 1 2+ 2 2 + 3 2 + 4 2 + 6 2 + 1 2 2
dlt2
:l*
4+g+16+36+
144:ZlO.
The following result, which states that n is the sum of the values of the
phi-functionat all the positivedivisorsof n, will also be useful in the sequel.
Theorem 6.6. Let n be a positive integer. Then
2A@l:n'
dln
Proof. We split the set of integersfrom I to n into classes. Put the integer m
into the classCa if the greatestcommondivisor of m and n is d. We seethat
m is in C4, i. e . (m ,n ) : d ,i f a n d o n l y i f fu /d ,n/d) : l . H ence,the number
of integersin Ca is the number of positiveintegersnot exceedingn/d that are
relatively prime to the integer n/d. From this observation,we see that there
171
6.1 The Euler Phi'function
are gh/d) integersin C1. Since we divided the integers I to n into disjoint
classesand each integer is in exactly one class,n is the sum of the numbersof
elementsin the different classes.Consequently,we seethat
n : > Qhld)
dln
As d runs through the positiveintegersthat divide n, nfd also runs through

thesedivisors,so that
n:>0fu1d)-DfU)
dln
dl,
This provesthe theorem.tr

Example.We illustratethe proofof Theorem6.6 whenn : 18. The integers
C4 whered I 18 suchthat the classC7
from I to 18 can be split into classes
: d . We have
(m,18)
containsthoseintegersm with
c 1 : { 1 ,5 , 7 , l l , 1 3 ,1 7 } C 6 : { 6 ,1 2 }
c 2 : { 2 , 4 ,8 , 1 0 ,1 4 ,1 6 } C g : { g }
C r r : { t g }.
C 3 : { 3 ,1 5 }
We see that the classCa contains0081d) integers,as the six classes
c o n t a i nd ( 1 8 ): 6 , O ( 9 ): 6 , 0 ( 6 ) : 2 , O ( 3 ): 2 , 0 ( 2 ) : l , a n d d ( 1 ) : I
We notethat 18: d(18) + O(g)+ ,O(0)+ ,0(3)+
respectively.
integers,
QQ)+d(1):2atal.
dll8
6.1 Problems
l.
Find the value of the Euler phi-function for each of the following integers
a) 100
b) 2s6
d) 2.3.5.7'rr.13
e) lo!
c) l00l
f)
20t .
2. Find all positiveintegersn such that d(n) has the value
ill
b)2
c)3
d)6
e) 14
f) 24.
172
3.
For which positiveintegersn is 6fu)

a) odd
b) divisible by 4
c) equal to n/2 ?
4.
Show that if n is a positive integer, then
QQn):
fa@
lrrh)
if n is odd
if n is even.
5'
Show that if z is a
.positive integer having k distinct odd prime divisors, then
d(n) is divisibleby 2k.
6.
For which positive integers n is Qh) a power of 2?
7. Show that if n and k are positiveintegers,then Q(mk) : mk-16(m) .

8.
For which positive integers lz doesQfu) divide m ?
9. Show that if a and b are positive integers,then
Qbb) : (a,b)6G)O$)lOKa,il)
.
10. Show that if m and,n are positiveintegerswith nr I n, then
Qfu) | oh).
11. Prove Theorem6.5, using the principle of inclusion-exclusion(seeproblem lZ of
Section 1 l).
12. show that a positive integer n is compositeif and only if
oh)
( n - .,,6-.
13. Let n be a positive integer. Define the sequenceof positive integers fl1,n2,13,...
recursivelyby nr: Qh) and n1.,1: 6(n*') for ft : r,2,3,... . show that there is
a positive integer r such that n, - 1.
14. Two arithmetic functions/ and I may be multiplied using the Dirichlet product
which is defined bv
V*s)(n): 2f @)shlil .
a) Showthat f*g : g*.f .
b) Showthat (/*g) *h : f* Q*h) .
c) Showthat if r is the multiplicativefunctiondefinedby
,{n):
then rf
- f*t : f
|,r
if n:
lo
i fn ) l ,
for all arithmetic functions/.
173
6.1 The Euler Phi-function
d)
The arithmetic function g is said to be the inverse of the arithmetic functton

: ,. Show that the arithmetic function / has an inverse if
.f it f*S : g*-f
and only if f 0) I 0. Show that if / has an inverse it is unique. (Hint:
When f 0) # 0, find the inverse.f-t of/ by calculating/(n) recursively,
using the fact that '(n) - > f U)f-tfuld).)
dln
1 5 . Show that if f and g arc multiplicative functions, then the Dirichlet product /*g
is also multiplicative.
t6.
Show that the Miibius function defined by
t
It
l(-t)'
p.\n):1
I
lO
t
if n - I
if z is square-freewith primefactorization
n:prpz...ps
if n has squarefactor larger than I
is multiplicative.
1 7 . Showthat if n is a positiveintegergreaterthanone,then ) p@) :0.
dln
be an arithmetic function. Show that if F is the arithmetic function

defined by
1 8 . Let f
F ( n ): > f @ ),
'
dln
then
f h):2p@)Fhld).
dln
This result is called the Miibius inversion formula.
1 9 . Use the Mobius inversion formula to show that if f is an arithmetic function and
F is the arithmetic function defined by
F ( n ): > f @ ),
dln
then if F is multiplicative,so is /.
20. Usingthe Mobius inversionformulaand the fact that n - > 0h /il , provethat
a) Q(p') : p' -
p'-',wherep is a primeandt is . *rr;:,
integer.
174
b)
d(n ) is multiplicative.
21. Show that the function f (n):ne

number k.
22. a)
b)
is completely multiplicative for every real
we define Liouville's function r(n) by I(r) : l and for n ) |

\(n) : (-l)4'|+4r+"'+a', if the prime-power factorization of n
n: pi'pi' .'. p:'. Show that tr(n) is completelymultiplicative.
Show that if n is a positive integer then )
by
is
tr(n) equals 0 if z is not a
perfect square,and equals I if n is a perfect square.

23. a)
b)
Show that it f
multiplicative.
and g are multiplicative functions then fg
is also
Show that if f and g arc completely multiplicative functions then /g is also

completely multiplicative.
24. Show that tf f

is completely multiplicative, then f (il : f @r)",.f(pr)o,
'
(p^)"'
when
the prime-power factorization of n is n : pi'pi' . . . p:"..
f
25. A function f that satisfiesthe equationf (mn) :7(m)
+ "f (n ) for all relatively
prime positive integers m and n is called additive, and if the above equation
holds for all positive integers m and n, f is called completely additive.
a)
Show that the function -f (n) : log n is completely additive.
b)
Show that if <^r(n)is the function that denotesthe number of distinct prime
factors of n, then <^ris additive, but not completely additive.
c)
Show that if /
multiplicative.
is an additive function and if g(n):zfb),
then g is

l.
Find valuesof the Euler phi-function.
2.
Find the integerr in problem 13.
6.2 The Sum and Number of Divisors

We will also study two other arithmetic functions in some detail. One of
theseis the sum of the divisorsfunction.
Definition. The sum of the divisors function, denoted by o, is defined by
settingo(n ) equal to the sum of all the positivedivisorsof n.
175
6 .2 Th e S um and Nu mb e r o f D i v i s o rs
The val ues of o(n) for

In Table6. 1 we giv e o h ) fo r 1 ( n < 1 2
Appendix'
(
given
Table
2
of
the
in
100
are
n <
I
I
oQ) I
2 3 4 5 6
a
4 7 6
r0
t2
ll
t2 8 l 5 l 3 1 8 t2 2 8
Table6.1. The Sumof the Divisorsfor I ( n (
12 .
The other function which we will study is the number of divisors.

Definition. The number of divisorsfunction, denotedby r, is definedby setting
r(n) equal to the number of positivedivisorsof n.
In Table6.2 we give ,h) for I ( n ( tZ. The values of ,Q)
1 ( n < 100 are givenin Table 2 of the Appendix.
n
3 4
rh)
5 6
3 2 4
8 9
2 4
10 ll
4
Table6.2. The Number of Divisorsfor I ( n (
for
t2
6
12 '
Note that we can expresso(n) and z(n) in termsof summationnotation. It

is simple to seethat
oh):Dd
dln
a nd
,(n):>1.
dln
To provethat o and r are multiplicative,we use the following theorem.

Theorem 6.7. If /
F (n)
is a multiplicative function, then the arithmetic function
dln
Beforewe prove the theorem,we illustrate the idea behind its proof with the
following example. Let "f be a multiplicative function, and let
Ffu)
dln
176
r(60) : r(4)F(15). Each of the divisors of 60 may be written as the

pr oduc tof a d i v i s o ro f 4 a n d a d i v i s o ro f 15 i n the fol l ow i ngw ay: l :1.1,
2 : 2 ' 1 , 3 : 1 . 3 , 4 : 4 . 1 , 5 - 1 . 5 ,6 : 2 . 3 , I 0 : 2 . 5 , 1 2 - 4 . 3 , 1 5 : 1 . 1 5 .
20 :4'5, 30 : 2'15, 60 : 4-15 (in each product, the first factor is the divisor
of 4 , and the secondis the divisor of I 5). Hence,
F ( 6 0:) f ( r ) + / o + f $ ) + f ( q ) + f $ ) + f 6 ) + / ( 1 0 )+ f 0 2 )
+ f (rs)+/(zo) + f Q0 +/(60)
: . f ( r ' 1 )+ f Q . D+ f 0 . 3 )+ f u . D + f 0 . 5 )+ o . 3 )
f
+ f Q . i l + f ( 4 . , + f ( r . l s ) + f ( 4 . i l + f Q . l 5 )+ f Q . r s )
:f (t)f(l) + f Q)f(r) + f (l)7(:)+ f @)f(r)+ (fDj6)
f
+f Q)f(r)+ f Ql|(s) + f (Df(g)+ f ol7(rs)+ f @f 6)
+ f Q)f (rs)+ f Q)f 0s)
: ( / ( t ) + f Q ) + 7 Q ) ) ( / ( r l+ f G ) + f $ ) + / ( l s ) )
: F(4)F(rS).
we nowproveTheorem6.7 usingthe ideaillustratedby the example.

Proof. To showthat F is a multiplicativefunction,we must show that if m
andn are relativelyprimepositiveintegers,
thenF (md : F (m)r 0). So let
us assumethat (m,n) : l. We have
F (mn) :
u) '
02,^n"f
By Lemma2.5,since(m,n): l , eachdivisorof mn canbe writtenuniquely

as the productof relatively
primedivisors
dlof m andd2of n, andeachpair
of divisorsd1 of m and d2 of n corresponds
to a divisord - dfi2 of mn.
Hence,we canwrite
F(mn) :
> f Utd2)
drl^
drln
Since/ is multiplicativeand since(dbd):
l, we seethat
177
6.2 The Sum and Numberof Divisors
F (m n ) :
2 f Q)f @z)
drln
drln
2fQ)ZfVz)
drl,
drl^
Ffu)Ffu).tr
Now that we know o and r are multiplicative, we can derive formulae for
their values based on prime factorizations. First, we find formulae for o(r)
and rh) when n is the power of a prime.
Lemma 6.1. Let p be prime and a a positive integer. Then
o ( p o ): ( t + p + p 2 +
Po*'-l
p-l
*po) :
and
r(po):a*1.
po has
Proof. The divisors of po are l, p, p' ,...,po-t, po. Consequently,
:
note
we
that
*
l.
Also,
that
a
so
r(po)
div
is
o
rs
,
a*l
exa ctl y
*
o(po):1*p+pz+
pa-t * po :
Theorem1.1. tr
where we have used

#,
Example. When we apply L e mma 6 .1 w i th p :5

s4- I
o(53):1*5+52+53:
a nd a:
3, w e fi nd that
fi:156andz(53)-l*3:4.
The above lemma and the fact that o and r ate multiplicative lead to the
following formulae.
Theorem 6.8. Let
n:pi'pi2...
the
positive integer
have prime
factorization
p:'. Then
l'*'-l
o(n):ry p Pz-l
Pt-r
pl'*'-l
p!'*'-l :
i
j -r
P,-l
P i -l
178
r(n) : (c1+l)(az+D
Proof.
Since both o and r
pi) :
o(pi'p3'
' ' ' p:') :
,Qi)
(c,*t) :
rI,
G1+D.
are multiplicative, we see that o(n) :
o(pi) and r(n) :
obi)obi)
,ei,pi,
,(p1') ,Qi')
,Qi').
Inserting the values for oe!,)
found in Lemma 6.1, we obtain the desiredformulae. D
we illustrate how to use Theorem6.8 with the following example.

Example. Using Theorem 6.8, we find that
: r!-,,
o(200): o(2352)
2-t
g
: 15.31
: 465
5-l
and
r(2 o o ) :
" (2 3 5 2 ):
(3 + t ) Q+ D : 12.
Also
32-l . 52-l :31.
o ( l z 0 : o ( 2 a . 3 2 . s: ) T - , 1 .
13.6:241g
2-l
3-l
5-l
and
r ( 2 4 . 3 2 . i l(:4 + l ) ( z + t ) ( t + t:) 3 o.
6.2 Problems
l.
Find the sumof the positiveintegerdivisorsof

a) 35
b) te6
c) looo
d) 2r0o
2.
2'3'5'7'll
2s345372t1
lo!
201.
Find the number of positive integer divisors of

il 36
b) 99
c) r44
3.
e)
f)
g)
h)
d) 2.3.s.7.11.13.17.19
e) 2i2.s3.74.115.134.17s.19s
f) 20t.
Which positive integers have an odd number of positive divisors?
and
179
6.2 The Sum and Numberof Divisors
4.
For which positive integers n is the sum of divisors of n odd?
5. Find all positiveintegersn with a(n) equal to
d) 48
e) 52
f) 84
a) 12
b) l8
c) 24
6.
Find the smallestpositiveinteger n with r(n) equal to

d)6
dt4
f) 100.
a)l
b)2
c) 3
7. Show that if k > | is an integer,then the equationrh)

solutions.
8.
g.
: ft has infinitely many
Which positive integers have exactly

a)
two positive divisors
b)
three positive divisors
c)
four positive divisors?
What is the product of the positive divisors of a positive integer n ?
10. Let o1,h) denote the sum of the kth powers of the divisors of n, so that
o1,h) : 2 dk. Note that o1h) : sfu).
dln
a)
Find or(4), or(6) and o{12).
b)
Give a formula for o1(p), wherep is prime'
c)
Give a formula for o1(po), wherep is prime, and a is a positiveinteger.
d)
Show that the function op is multiplicative'
e)
Using parts (c) and (d), find a formula for o;(n), where n has prime-power
factorizationn : pi'pi' . . . p:;.
11. Find all positiveintegersn such that d(n) + oQ):2n.

12. Show that no two positive integers have the same product of divisors.
13. Show that the number of pairs of positiveintegerswith least common multiple
equal to the positive integer n is r(nz).
14. Let n be a positive integer. Define the sequence of integers fl1,tr2,rt3,...b!
n 1 : r ( n ) a n d n 1 . , 1: r ( n * ) f o r f t : 1 , 2 , 3 , . . . . S h o w t h a t t h e r e i s a p o s i t i v e
integer r such that 2 : f,r : flr1t : rlr+2:
15. Show that a positiveinteger n is compositeif and only if o(n) > n + ,/i.
180
16. Show that if n is a positiveinteger then r(n)z :

)r(d)3
dln

l.
Find the number of divisorsof a positive integer.
2.
Find the sum of the divisors of a positive integer.
3.
Find the integer r defined in problem 14.
6.3 Perfect Numbersand MersennePrimes

Becauseof certain mystical beliefs, the ancient Greeks were interested in
those integers that are equal to the sum of all their proper positive divisors.
Theseintegersare called perfect numbers.
Definition. If n is a positive integer and o(n) : 2n, then n is called a perfect
number.
E x a m p l e . S i n c eo ( 6 ) : l + 2 + 3 + 6 : 1 2 ,
w e s e et h a t 6 i s p e r f e c t . w e
a l s on o t et h a t o ( 2 8 ) : 1 + 2 + 4 + 7
+14*28:56.
sothat28 is another
perfect number.
The ancient Greeks knew how to find all even perfect numbers. The
following theorem tells us which even positive integersare perfect.
Theorem 6.9. The positiveinteger n is an even perfect number if and only if
n :2m-r(2^-l)
where m is a positiveinteger such that 2^-l
is prime.
Proof. First, we show that if n:2m-r(2^-l)

where 2^-l is prime, then n
is perfect. We note that sincezn-l is odd, we have (2m-r,2m-l) : 1. Since
o is a multiplicative function, we seethat
o (n ) - o (2 ^ -t)o (2 ^-l )
L e m m a 6 . 1 t e l l su s t h a t o ( 2 ^ - r ) : 2 ^ - l
and o(2^-l):2^,
assumingthat 2m-l is prime. Consequently,
s i n c ew e a r e
181
6.3 PerfectNumbersand MersennePrimes
o(n) : Q^-l)2^
:2n
demonstratingthat n is a perfect number.

To show that the converseis truen let n be an even perfect number. Write
: 1, we
n :2'l wheres and t arepositiveintegersand f is odd. Since (2t,t)
seefrom Lemma 6.1 that
(6.1)
o(n) : o(2':) : o(2')o(t) : (2'+t-t)o(l)
Since n is perfect, we have

o (n ) : 2 n : 2 s + r1
G'D
Combining (6.1) and (6.2) showsthat

(2 ' + r-1 )o(i
(6.3)
: 2 s + t1
Si nce( 2s + r , 2s + t - l) : l , fro m L e mma 2 .3 w e s e eth a t 2' + 1 l o(r). Therefore,

there is an integerq such that o(t) - 2'+rQ. Inserting this expressionfor o(t)
into (6.3) tells us that
(2 s + r_ l )2 s * rq- 2 ' * rt ,
and, therefore,
(2'+t-l)q
(6.4)
: 1.
Hence,q I t and q # t.
When we replace / by the expressionon the left-hand side of (6.4), we find
that
(6.5)
t +q:
( 2 s + t - t ) q+ q : 2 ' + r q : o Q ) .
We will show that q : 1. Note that if q * l, then there are at least three
distinct positive divisors of t , namely 1, q, and t . This implies that
oQ) 2 t + q -| 1, which contradicts(6.5). Hence,4: I and, from (6.4), we
concludethat / :2s+l-1. Also, from (6.5), we seethat oQ): t + l, so that
t must be prime, since its only positive divisors are I and t. Therefore,
n :2 t ( 2r + l- 1) , where2 s + l -1 i s p ri me . tr
From Theorem 6.9 we see that to find even perfect numbers, we must find
primes of the form 2t-1. In our searchfor primes of this form, we first show
that the exponentru must be Prime.
Theorem 6.10. If la is a positiveinteger and2^-l
is prime, then m must be
182
pnme.
Proof. Assume that m is not prime, so that m : ab where | 1 a 1 m and,
| < b 1m. Then
2m-l
: 2ab-, - (Zo-l) 12a(b-D

a2a(b-Dq...q1o+l) .
Since both factors on the right side of the equationare greater than I, we see
that 2m-l is compositeif m is not prime. Therefore,if 2^-l is prime, then
nr must also be prime. tr
From Theorem6.10 we seethat to searchfor primes of the form 2^-1, we
need to consideronly integersm that are prime. Integers of the form 2m-l
have been studied in great depth; these integers are named after a French
monk of the seventeenth
century, Mersenne,who studiedtheseintegers.
Definition. If m is a positiveinteger, then M^:2^-I
is called the mth
Mersennenumber, and, if p is prime and Mp:2p-l
is also prime, then M,
is called a Mersenneprime.
Example. The Mersennenumber M7:27-I
is prime, whereasthe Mersenne
:2 0 4 7 : 2 3 .8 9i s c o m posi te.
num berM n: 2rr-I
It is possibleto prove various theoremsthat help decide whether Mersenne
numbers are prime. One such theorem will now be given. Related results are
found in the problemsof Chapter 9.
Theorem 6.11. rf p is an odd prime, then any divisor of the Mersenne
number Mp :2p-l
is of the form 2kp + I where k is a positiveinteger.
- 2p - I. From Fermat's little
Proof. Let q be a prime
-dividing Mp
theorem,we know thatql(ze-t-t). Also, from Lemma 1.2 we know that
ll\
(6.6)
(T -t, 2c-t-t) : 2$t-D - f.
Since q is a common divisor of zp-l and zc-t-L
we know that
> l . H e n c e , (p ,q -l ):
Q p- t , 24- t - l)
p , si ncethe onl y other possi bi l i ty,
namely (p,q-l) : I, would imply from (6.6) that (Zp-t,2Q-t-l) : l.
Hence p | (q-t),
and, therefore, there is a positive integer m with
q - | : mp. Since q is odd we see that m must be even, so that m : Zk.
w h e r e k i s a p o s i t i v e i n t e g e rH
. e n c eq
, :mp * I - 2kp+1 . tr
We can use Theorem6.1I to help decide whether Mersenne numbers are
prime. We illustrate this with the following examples.
183
8191 is prime, we only needlook

Example. To decidewhetherMB:2r3-l:
: 90.504.... Furthermore, from
for a prime factor not exceeding lml
Theorem6.11, any such prime divisor must be of the form 26k + L The only
candidatesfor primesdividinB Mnless than or equal to1fTp are 53 and79.
Trial divisioneasilyrules out thesecases,so that M s is prime.
i s pri me,w e onl y need
Exa m ple. T o dec idew h e th e rM z t:2 2 3 -r:8 3 8 8 6 0 7
prime
less
than or equal to
by
a
is
divisible
whether
M
to determine
zt
prime
this form is 47.
of
+
first
l.
The
form
46k
the
of
2896.309...
ffi:
A trial divisionshowsthat 8388607:47'178481, so that M4is composite.
Becausethere are specialprimality tests for Mersennenumbers,it has been
possibleto determine whether extremely large Mersennenumbers are prime.
Following is one such primality test. This test has been used to find the
largest known Mersenne primes, which are the largest known primes. The
proof of this test may be found in Lenstra [7t] and Sierpifiski[351.
The Lucas-LehmerTest. Let p be a prime and let Mo : 2! -l denote the pth
Mersennenumber. Define a sequenceof integersrecursivelyby setting tr:4,
andfork>2,
r * ? rtq -2
(m o d M),
0 ( rr I Mo .
Then, M, is prime if and only if rp-1 - 0 (mod M)
We use an exampleto illustrate an applicationof the Lucas-Lehmertest.

4,
Exam ple. c ons idert h e Me rs e n n en u m b e rM5 :2 5 - I - 3l ' Then r,:
2
(
m
o
d
3
1
)
,
(
m
o
d
3
l
)
,
r
+
2
a
n
d
rt4
8
A2
rzz42-2:14
( m o d3 1 ) . S i n c e r t t 0 ( m o d 3 1 ) , w e c o n c l u d et h a t M 5 : 3 1 i s
8 2- 2 : 0
prime.
The Lucas-Lehmer test can be performed quite rapidly as the following
corollary states.
Corollary 6.1. Let p be prime and let Mp : 2p - | denotethe pth Mersenne
number. It is possibleto determine whether Mo is prime using OQ3) bit
operations.
Proof. To determine whether Mp is prime using the Lucas-Lehmer test
O(p2)
requiresp - | squaringsmodulo iV* each requiring O((log M)2):
bit operations. Hence, the Lucas-Lehmer test requires O Q3) bit
operations.tr
184
Much activity has been directed toward the discoveryof Mersenneprimes,

especiallysince each new Mersenne prime discoveredhas become the largest
prime known, and for each ngw Mersenne prime, there is a new perfect
number. At the presenttime, a total of 29 Mersenneprimes are known and
these include all Mersenne primes Me with p ( 62981 and with
75000 < p < 100000. The known Mersenneprimes are listed in Table 6.3.
Number of decimal
digits in M o
2
3
5
2
7
2
l3
6
+ I1
2
t9
1'2 3 l
9a
'zz 68 9l
ig
107
zf)
q + t27
)q
52r
8 t ) 607 I
(, 72
r279
? 2^ lh
2203
-7s
2281
3 b 32r7
4253
4423
9689
Lbb
5z
994r
I 1213
r9937
2r701
23209
44497
86243
r32049
I
9l
Table 6.
I
I
2
3
4
6
6
10
19
27
33
39
157
183
386
664
687
969
1281
t332
29r7
2993
3376
6002
6533
6987
I 3395
25962
3975I
5050
Date of Discovery
anclenttrmes
ancienttimes
ancienttimes
ancienttimes
Mid 15thcentury
1603
1603
1772
18 8 3
l91l
l9l4
t876
t952
t952
1952
1956
1952
t957
1961
1961
I 963
I 963
1963
t97|
I 978
r979
1979
1983
I983
f9t
re Known Mersenne Primes.
185
Computers were used to find the 17 largest Mersenne primes known. The
discovery by high school students of the 25th and 26th Mersenne prime
received much publicity, including coverageon the nightly news of a major
television network. An interesting account of the search for the 27th
Mersenne prime and related historical and computational information may be
found in [77]. A report of the discoveryof the 28th Mersenne prime is given
in [64]. It has been conjectured but has not been proved, that there are
infinitely many Mersenneprimes.
We have reduced the study of even perfect numbers to the study of
Mersenne primes. We may ask whether there are odd perfect numbers. The
answer is still unknown. It is possibleto demonstratethat if they exist, odd
perfect numbers must have certain properties (see problems 1l-14, for
example). Furthermore, it is known that there are no odd perfect numbers
less than 10200,and it has been shown that any odd perfect number must have
at least eight different prime factors. A discussionof odd perfect numbers
may be found in Guy [17], and information concerningrecent results about
odd perfect numbersis given by Hagis [681.
6.3 Problems
l.
Find the six smallesteven perfect numbers.
2 . Show that if n is a positive integer greater than l, then the Mersenne number
Mn cannot be the power of a positive integer.
3 . If n is a positive integer, then we say that n is deficient if ofu) 1 2n , and we

say that n is abundant if oh)
or abundant.
4.
) 2n. Every integer is either deficient, perfect,
a)
Find the six smallestabundant positive integers.
b)
Find the smallestodd abundant positive integer.
c)
Show that every prime power is deficient.
d)
Show that any divisor of a deficient or perfect number is deficient.
e)
Show that any multiple of an abundant or perfect number is abundant.
f)
Show that if n -2m-t(2^-l)

, where ra is a positive integer such that
2 -l is composite, then n is abundant.
if
Two positive integers m and n are called an amicable pair
o(m\ : o(n) : m * n. Show that each of the following pairs of integers are
amicable pairs
186
a) 220,294
b) 1 1 8 4l ,2 1 0
c) 7975A,98730.
5. a) Showthat if n is a positiveintegerwith n ) 2, suchthat3.2n-t-1,3.2n-1,
and32'22n-r-1
are all prime,then2n(3'2'-t-DQ.2'-l) and2n(32.22n't-l)
form an amicablepair.
b)
Find three amicablepairs using part (a).
6 . An integer n is called k-perfect if o(il:

2-perfect.
kn. Note that a perfect number is
a)
Show that 120 : 23.3.5is 3-perfect.
b)
Show that 30240 : 2s32.5., is 4-perfect.
c)
- 27.34.5.7.n2.17.19
Show that 14182439040
is 5-perfect.
d)
Find all 3-perfectnumbersof the form n -2k.3.p,

prime.
e)
Show that if n is 3-perfectand 3 I n, then 3n is 4-perfect.
7 . A positiveinteger n is called superperfectif oGh))
where p is an odd
: Zn.
a)
Show that 16 is superperfect.
b)
Show that if n : 2e where 2q+t-l is prime, then n is superperfect.
c)
Show that every even superperfect number is of the form n : 2q where

zq+t-l is prime.
d)
Show that if n : p2 wherep is an odd prime,'then n is not superperfect.
8 . Use Theorem6.ll to determine whether the following Mersenne numbers are

pnme
a) M7
b) Mn
9'
c) Mn
d) Mzs.
Use the Lucas-Lehmer test to determine whether the following Mersenne

numbersare prime
a) M3
b) M7.
10. a)
b)
c) Mn
d Mn.
Show that if n is a positive integer and 2n i L is prime, then either

(Hint: Use Fermat's little theorem to
Qn+l) | M^ or Qn+D | (a,+D.
showthat Mn(Mn+z) = O (mod 2z+l).)
Use part (a) to show that Ms and My are composite.
187
6.3 Perfect Numbers and Mersenne Primes
11.
t2.
a)
Show that if n is an odd perfect number, then n : po m2 wherep is an odd

I (mod4).
p r i m e a n d p7 a z
b)
Use part (a) to show that if

n=l(mod4).
is an odd perfect number, then
Show that if n - po m2 is an odd perfect number where p is prime, then

n=p(mod8).
that if n is an odd perfect number, then 3, 5, and 7 are not all divisors of
13.
:**
1 4 . Show that if n is an odd perfect number then n has

a)
at least three different prime divisors.
b)
at least four different prime divisors.
1 5 . Find all positive integers n such that the product of all divisors of n other than n
is exactly n 2. (These integers are multiplicative analoguesof perfect numbers.)
recursively by
1 6 . Let n be a positive integer. Define the sequenca fl1,tt2,rt3,...,
n 1 : o ( n ) - n a n df l k + r : o Q )
- np fot k - 1,2,3,...
tt3 :
a)
Show that if n is perfect,then n : nt : fi2:
b)
Show that if n and m are an amicablepair, then n1 : ftt, ttz- tt, tt3: t/t,
is periodicwith period 2.
n4: n,... and so on, f.e.,the sequencefl1,tt2,t13,...
c)
of integersgeneratedif n :12496:24'll'71.
Find the sequence
It has been conjecturedthat for all

is pefiodic.
n 1,n2,n3,...
n, the sequence of integers
l.
Classifypositiveintegersaccordingto whether they are deficient, perfect, or

abundant(seeproblem3).
2. Use Theorem6.ll to look for factorsof Mersennenumbers.

3. Determine whether Mersenne numbers are prime using the Lucas-Lehmer test.
4. Given a positive integer n, determine if the sequencedefined in problem 16
peric.ic.
5. Find amicablepairs.
Cryptology
7.1 CharacterCiphers
From ancient times to the present, secret messages have been sent.
Classically, the need for secret communication has occurred in diplomacy and
in military affairs. Now, with electronic communication coming into
widespread use, secrecy has become an important issue. Just recently, with
the advent of electronic banking, secrecy has become necessary even for
financial transactions. Hence, there is a great deal of interest in the
techniquesof making messagesunintelligible to everyoneexcept the intended
receiver.
Before discussing specific secrecy systems, we present some terminology.
The discipline devoted to secrecy systems is called cryptology. Cryptography
is the part of cryptology that deals with the design and implementation of
secrecy systems, while cryptanalysis is aimed at breaking these systems. A
messagethat is to be altered into a secret form is called plaintext. A cipher is
a method for altering a plaintext message into ciphertext by changing the
letters of the plaintext using a transformation. The key determines the
particular transformation from a set of possibletransformations that is to be
used. The processof changing plaintext into ciphertext is called encryption or
enciphering, while the reverse process of changing the ciphertext back to the
plaintext by the intended receiver, possessingknowledge of the method for
doing this, is called decryption or deciphering. This, of course, is different
from the process someone other than the intended receiver uses to make the
messageintelligible through cryptanalysis.
188
189
7.1 Character Ciphers
In this chapter, we present secrecy systems based on modular arithmetic.

The first of these had its origin with Julius Caesar. The newest secrecy
system we will discusswas invented in the late 1970's. In all thesesystemswe
start by translating letters into numbers. We take as our standard alphabet
the letters of English and translate them into the integers from 0 to 25, as
sh ownin T able 7. 1.
letter
A B C D E F G H I J K L M N
numerical
0 I
equivalent
R S T
I I
X Y Z
2 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25
Table7.1. The NumericalEquivalents

of Letters.
Of course, if we were sending messagesin Russian, Greek, Hebrew or any
other languagewe would use the appropriate alphabet range of integers. Also,
we may want to include punctuation marks, a symbol to indicate blanks, and
perhaps the digits for representingnumbers as part of the message. However,
for the sake of simplicity, we restrict ourselvesto the letters of the English
alphabet.
First, we discuss secrecy systems based on transforming each letter of the
plaintext message into a different letter to produce the ciphertext. Such
ciphers are called character or monographic ciphers, since each letter is
changed individually to another letter by a substitution. Altogether, there are
26! possibleways to produce a monographic transformation. We will discuss
a set that is basedon modular arithmetic.
A cipher, that was used by Julius Caesar, is based on the substitution in
which each letter is replaced by the letter three further down the alphabet,
with the last three letters shifted to the first three letters of the alphabet. To
describe this cipher using modular arithmetic, let P be the numerical
equivalent of a letter in the plaintext and C the numerical equivalent of the
correspondingciphertext letter. Then
C:P+3(mod26), 0<C<25.
The correspondencebetweenplaintext and ciphertext is given in Table 7.2.
190
Cryptology
plaintext
A B
0 I
c
2
D E F G H
3 4 5 6
I J K L M N o P
R S T U V w X Y Z
8 9 l 0 l l t 2 l 3 l 4 l 5 l 6 t 7 l 8 t 9 20 21 22 23 24 25
3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 1 8 l 9 20 2 l 22 23 24 25 0 I 2
ciphertextD E F G H I J K L M N o P
R S T U V w X Y z A B c
Table 7.2. The Correspondence

of Letters for the CaesarCipher.
To encipher a messageusing this transformation, we first change it to its
numerical equivalent, grouping letters in blocks of five. Then we transform
each number. The grouping of letters into blocks helps to prevent successful
cryptanalysis based on recognizing particular words. We illustrate this
procedure by enciphering the message
THIS MESSAGE IS TOP SECRET.
Broken into groups of five letters, the messageis
THISM ESSAG EISTO PSECR ET.
Converting the letters into their numerical equivalents,we obtain
19 7
15 l8
81812
4
3 17
4
4
l8
19.
Using the Caesar transformation Q
22 l0
18 2t
11 2t 15
721
7
620722
1806
8181914
P*3 (mod 26), this becomes

2t
11 21 22
17
Translating back to letters, we have

WKLVP
HVVDJ
HLVWR
SVHGU
HW.
This is the messagewe send.

The receiver deciphers it in the following manner. First, the letters are
converted to numbers. Then, the relationship P = C-3 (mod 26),
0 < P ( 25, is used to change the ciphertext back to the numerical version
of the plaintext, and finally the messageis convertedto letters.
We illustrate the deciphering procedure with
encipheredby the Ceasar cipher:
the following message
191
7.1 CharacterCiPhers
VKP.ZZ HGHFL
WKLVL
SKHU.
First, we change these letters into their numerical equivalents,to obtain

22|0ll2ll121l0|725257675||1810720.
:
Next, we perform the transformation P
plaintext, and we obtain
1978188
187142222
C-3 (mod 20 to change this to
43428
157417.
We translate this back to letters and recoverthe plaintext message

THISI
SHOWW
EDECI PHER.
By combining the appropriate letters into words, we find that the message
reads
THIS IS HOW WE DECIPHER.
The Caesar cipher is one of a family of similar ciphers described by u
shft transformation
C:P+k
(mod26),0<C<25,
where k is the key representingthe size of the shift of letters in the alphabet.
There are 26 different transformations of this type, including the case of
k = 0 (mod 26), where letters are not altered, since in this case
P (mod 26).
C
More generally, we will considertransformationsof the type
(z.t)
C-aP*b
(mod26), 0<C<25,
These are called

a and b are integers with (a,26) : l.
with
ffine transformations. Shift transformations are affine transformations
complete
a
through
a:1. We require that G,26): 1, so that as P runs
system of residuesmodulo 26, C also does. There are O(2O : 12 choices for
a, and 26 choices for b, giving a total of 12'26:312 transformations of this
type (one of these is C = P (mod 26) obtained when a:l and D-0). If the
rliationship between plaintext and ciphertext is described by (7.1), then the
inverse relationship is given bY
where
192
Cryptology
P = arc-b) (mod26), 0 < P < 25.

where a is an inverseof a (modZO.
As an example of such a cipher, let a:7
and b:r},
so that
c = 7P + l0 ( mo d 2 6 ). H e n c e , p = l 5 (c -1 0) = l 5c+ 6 (mod 26). si nce
15 is an inverse of 7 modulo 26. The correspondencebetween letters is given
in Table 7.3.
A B C D E F G H I
K L M N
R S T U V
X Y Z
plaintext
r0
2 3 4 5 6
8 9 l 0 l l t 2 l 3 1 4 1 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25
t 7 24 5 t2 l 9 0 7 T4 2 l 2 9 l 6 23 4 l l l 8 25 6 l 3 20
8 l 5 22 3
ciphertext
K R Y F M T A H
X E L
G N
Tabfe7.3. TheCorrespondence
of Lettersfor theCipherwith C = 7p+10 (mod 26).
To illustratehow we obtainedthis correspondence,
note that the plaintext
letter L with numericalequivalent1l corresponds
to the ciphertextletter J,
since7'll + l0:87 = 9 (mod 26) and9 is the numericalequivalent
of J.
To illustrate how to encipher,note that
PLEASE SEND MONEY
is transformedto
LJMKG MGXFQ EXMW.
Also notethat the ciphertext
FEXEN XMBMK JNHMG MYZMN
corresponds
to the plaintext
DONOT REVEA LTHES ECRET.
or combiningthe appropriateletters
193
7.1 GharacterCiPhers
DO NOT REVEAL THE SECRET.

of
We now discusssome of the techniquesdirected at the cryptanalysis
to break a
ciphers based on affine transformations. In attempting
is compared
monographiccipher, the frequencyof letters in the ciphertext
gives
information
This
text.
i;
ordinary
letters
with the frequency of
countsof
frequency
various
In
letters.
between
concerningthe .orr"rpondence
listed in Table 7.4 fot the occurrenceof
Englishtext, one findi the percentages
languages
tne Ze lettersof the alphabet. Countsof letter frequenciesin other
and
[52].
may be foundin [48]
letter
A B
frequency
7 I
(in Vo)
D E F G H I
K L M N
3 4 l3 3 2 3 8 <l <l 4 3 8
'l
3 <l 8 6 9 3
R S T U V
w
I
X Y
<l
<1
Table 7.4. The Frequencies of Occurrence of the Letters of the Alphabet.
are
From this information, we see that the most frequentlyoccurring letters
determine
to
information
E,T,N,O, and A, in that order. We can use this
which cipher basedon an affine transformationhas been used to enciphera
message.
First, supposethat we know in advance that a shift cipher has been
letter- of the messagehas been
employed io encipher a message;each
- P+k (mod
26),0 < C < 25. To
C
correspondence
;
by
transformed
ciPhertext
yze
the
cryptanal
YFXMP
NTAS P
CESPZ
CTYRX
C J TDF
PDDLR
DPQFW
PD ,
QZCPY
of eachletter in the ciphertext. This

we first count the numberof occurrences
?.5.
is displayedin Table
194
Cryptology
letter
A B C D E F G H I J K L M N
number of
I 0 4 5 I 3 0 0 0
occurrences
aR
S T
2 2
a
J
U V w X Y Z
0 0 I
3 2
Table7.5. The Numberof Occurrences

of Lettersin a Ciphertext.
We notice that the most frequently occurring letter in the ciphertext p
is with
the letters c,D,F,T, and y occurring with relatively high
frequency. our
initial guess would be that P represents E, since E is the
-ort frequently
oc c ur r ing let t er i n E n g l i s h te x t. If th i s i s s o , then 15:4fk
(mod i 6), s;
that ft = I I (mod 26)
Consequently,we would have C = p+11 (mod 26)
and P : c-l1 (mod 26). This correspondence
is given in Table 7.6.
B C D E F G H
K L M N
R S T U V
X Y Z
ciphertext
2 3 4
7 8 9 l 0 l l l 2 l 3 t 4 l 5 l 6 1 1 l 8 t 9 20 21 22 23 24 25
l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 0
2 3 4
5 6
l 0 il
K L M N
t2 l 3 t 4
plaintext
P
R S T U V
Z Y
B C D E F G H
Table 7.6. correspondenceof Letters for the Sample ciphertext.

Using this correspondence, we attempt to decipher the message.
we obtain
NUMBE RTHEO RYI SU SEFUL

CIPHE RINGM ESSAG ES.
FOREN
This can easily be read as

NUMBER THEORY IS USEFUL FOR
ENCIPHERING MESSAGES.
Consequently,we made the correct guess. If we had tried this transformation,
and instead of the plaintext, it had produced garbled text, we would have
tried
another likely transformation based on the frequency count of letters in
the
ciphertext.
195
7.1 CharaeterCiPhers
the form
Now, supposewe know that an affine transformationof
For
enciphering'
for
C : a p+i (mod 26), 0 < C < 25, has been used
message
we wish to cryptanalyzethe enciphered
instance,suppose
USLEL
ELYUS
QL LQL
RYZDG
FALGU
SLJFE
JUTCC
LRYXD
YXS RV
HRGUS
PT G V T
OLPU.
YRTPS
JURTU
L BRYZ
L J LLM
JULYU
URKLT
ULVCU
CYREK
LYPD J
SLDAL
YGGFV
URJRK
LVEXB
LJTJU
TJRWU
The first thing to do is to count the occurrencesof each letter; this count is
in Table7.7
displayed
letter
A B
D E F G H I J K L M N
number of
2 2 4 4 5 3 6
occurrences
0 l 0 3 22 I
R S T U
0 I 4 2 t2 5 8 l6
vw
J
X Y
3 l0 2
Table 7.7. The Number of Occurrencesof Letters in a Ciphertext.

With this information, we guessthat the letter L, which is the most frequently
occurring letter in the ciphertext, corresponds to E, while the letter U, which
occurs with the second highest frequency, correspondsto T. This implies, if
-aP*b (mod 26), the pair of
the transformation is of the form C
congruences
-11 (mod 26)
4a*b
l9a+b : 20 (mod 26).
By Theorem 3.8, we see that the solution of this system is a E 11 (mod 26)
and b : 19 (mod 26).
If this is the correct enciphering transformation, then using the fact that 19 is
an inverse of I I modulo 26, the deciphering transformation is
p - - _19 ( C- 19 ) : t9 C -3 6 1 = 1 9 C + 3 (mod 26), 0 < P < 25.
This gives the correspondencefound in Table 7.8.
196
Cryptology
A B C D E F G H I
K L M N
R S T U V
X Y
ciphertext
0 I
2 3 4 5 6 ,7 8 9 l 0 l l
3 22 l 5 8 I 20 l 3 6 25 l 9 l l
t2 l 3 t 4 l 5 l 6 t 7
4 23 t6 9
r8 l9
2 2 l r4
I B
N G
E X
C V
20 21 22 23 24 25
0 t 9 t2 5 24 t 1 t 0
plaintext
D
A T M P Y R K
Table 7.8. The correspondence of Letters for the Sample

ciphertext.
With this correspondence,

we try to read the ciphertext. The ciphertext
becomes
THEBE
BERTH
VE EVE
ORKIN
UDENT
HESUB
STAPP
EORYI
RYHOM
GONTH
CANMA
JECT.
ROACH
STOAT
EWORK
ESEEX
STERT
TOL EA
TEMPT
P R O BL
ERCIS
HEIDE
RNNUM
TOSOL
EMBYW
ESAST
ASOFT
We leave it to the reader to combine the appropriate letters into words

to see
that the messageis intelligible.
7.1 Problems
1 . using the caesar cipher, encipher the messageATTACK AT DAWN.
2 . Decipher the ciphertext message LFDpH LVDZL FRerx
HUHG
been enciphered using the Caesar cipher.
3 . Encipher the message SURRENDER

transformationC = llp+18
(mod 26).
4. Decipher the message RToLK
TOIK,
transformation C = 3p+24 (mod 26).
IMMEDIATELY
that has
using the affine
which was enciphered using the affine
5 . If the most common letter in a long ciphertext, enciphered by a shift

transformation C = P+k
k1
(mod 26) is
Q, then what is the most likely value of
197
7.1 CharacterCiPhers
6 . If the two most common letters in a long ciphertext, enciphered by an affine

transformation C = aP*b (mod 26) are W and B, respectively, then what are
the most likely values for a and b?
7 . Given two ciphers, plaintext may be enciphered by using one of the ciphers, and
by then using the other cipher. This procedure produces a product cipher '
: 5P +13
a) Find the product cipher obtained by using the transformation C
(mod 26) followed by the transformation c = l7P+3 (mod 26).
b)
: aP+b
Find the product cipher obtained by using the transformation C
(mod 26), where
(mod 26) followed by the transformation C = cP*d
Q,26):(c,26)*1.
Vignbre cipher operates in the following way. A sequence of letters

Qr!r,...,0r, with numerical equivalents k1,k2,...,kn, servesas the key. Plaintext
messages are split into blocks of length n. To encipher a plaintext block of
letters with numerical equivalents PbPz,..., P, to obtain a ciphertext block of
letters with numerical equivalentscr,cz,...,cn, we use a sequenceof shift ciphers
8. A
with
ci 7 pi * k; (mod 26), 0 ( ci (
25,
for i : 1,2,...,n. In this problem, we use the word SECRET

a Vigndre cipher.
a)
as the key for
Using this Vigndre cipher, encipher the message
DO NOT OPEN THIS ENVELOPE.

b)
Decipher the following message which was enciphered using this

Vigndre cipher:
WBRCSL AZGJMG
c)
KMFV.
Describe how cryptanalysis of ciphertext, which was enciphered

using a Vigndre cipher, can be carried out.

l.
Encipher messagesusing the Caesar cipher.
2.
Encipher messagesusing the transformation C : P+k (mod 26), where k

is a given integer.
3.
Encipher messagesusing the transformation C = aP+6 (mod 26), where

a and b are integers with (a ,26) : I.
198
Cryptotogy
Decipher messagesthat have been encipheredusing the caesar

cipher.
Decipher messagesthat have been enciphered using the transformation
C = P+k (mod 26), where ft is a given integer.
Decipher messagesthat have been enciphered using the transformation
c = aP+6 (mod 26), where a and b are integers with (a,26) : r.
Cryptanalyze, using frequency counts, ciphertext that was enciphered
using a transformation of the form c = p+k (mod26) where k is an
unknown integer.
cryptanalyze, using frequency counts, ciphertext that was enciphered
using a transformation of the form c = ap*D (mod26) where a and b
are unknown integers with (a,26) - l.
Encipher messagesusing vigndre ciphers (see problem g).
Decipher messagesthat have been encipheredusing vigndre ciphers.
7.2 Block Ciphers

We have seen that monographic ciphers basedon substitution are vulnerable
to cryptanalysis based on the frequency of occurrence of letters in the
ciphertext. To avoid this weakness, cipher systems were developed that
substitute for each block of plaintext letters of a specified length, a block of
ciphertext letters of the same length. Ciphers of this sort are called block or
polygraphic ciphers. In this section, we will discuss some polygraphic ciphers
basedon modular arithmetic; these werOdevelopedby Hill [87] around 1930.
First, we consider digraphic ciphers; in these ciphers each block of two
letters of plaintext is replaced by a block of two letters of ciphertext. We
illustrate this processwith an example.
The first step is to split the message into blocks of two letters (adding a
dummy letter, say X, at the end of the message,if necessary,so that the final
block has two letters). For instance,the message
THE GOLD IS BURIED IN ORONO

is split up as
199
7.2 Block Giphers
(as
Next, these letters are translated into their numerical equivalents
previouslydone) to obtain
19 7
13 14
14 11
13 14.
4 6
17 14
38
l8r
20t7
84
38
Each block of two plaintext numbers P,Pz is converted into a block of two
ciphertextnumbers C 1C2:
C r = 5 Pr + l T P z (mo d 2 6 )
C z = 4 P t + l S P z ( m o d2 6 ) .
For instance,the first block l9 7 is convertedto.6 25, because
Cr = 5'19+ l7'7 : 6 (mod26)
C z = 4 ' 1 9 + 1 5 ' 7 : 2 5 ( m o d2 6 ) .
After performing this operation on the entire message,the following ciphertext
is obtained:
625 t82 23 13 21 2 3 9 2523 4 r42r 217 2 1l l8 l7 2.
When these blocks are translated into letters, we have the ciphertext message
GZ SC XN
VC DJ ZX
EO VC RC LS RC.
The deciphering procedure for this cipher system is obtained by using

Theorem 3.8. To find the plaintext block Pfz correspondingto the ciphertext
block CrCz, we use the relationship
P r = l T C t t 5 C z (m o d 26)
P z = l 8 C r * 2 3 C z (m o d 26).
The digraphic cipher system we have presented here is conveniently
describedusing matrices. For this cipher system,we have
'r
/
/
)r
)
l c , l l s 1 7 l l Pl,
I l=t
tl l(mod26).
lc,) L4 tsj lP,j
In 5'l
From Proposition 3.7, we see that the matrix |
6 r7'|
|
| modulo 26.
l+ lsJ
| is an inverse of
lts n)
Hence, Proposition 3.6 tells us that deciphering can be
done using the relationship
200
Cryptology
=
[;;]
[:
;]
(mod 26).
[:;]
ln general, a Hill cipher system may be obtained by splitting plaintext into

blocks of n letters, translating the letters into their numerical equivalents,and
forming ciphertext using the relationship
AP (mod20.
C1
P1
C2
P2
where A is an nxn matrix with (det A,26) : I, C :
and P:
cn
Pn
and where C1C2...C, is the ciphertext block that correspondsto the plaintext
block P1P2...Pn Finally, the ciphertext numbers are translated back to letters.
For deciphering, we use the matrix A, an inverse of A modulo 26, which may
be obtained using Proposition 3.8. Since AA : / (mod 26), we have
Zc = Z<,qn = (2,4p -p
(mod26).
Hence, to obtain plaintext from ciphertext, we use the relationship

P :
ZC
(JrrlOd2f.).
We illustratethis procedureusin g n : 3
and the encipheringmatrix

l9
A:
["2
ls
2 3 25
lro 7
Since det A = 5 (mod 26), we have (det A,26) : l. To encipher a plaintext

block of length three, we use the relationship
201
7.2 Block CiPhers
[c'
)
Ittt
["'l
26).
lcrl = e lP'l (mod
[',1 [",J
To encipher the message STOP PAYMENT, we first split the message into
blocks of tht"" letters, adding a final dummy letter X to fill out the last block.
We have plaintext blocks
STO PPA YME NTX.

We translatetheselettersinto their numericalequivalents
181914 15150
24124
131923.
We obtain the first block of ciphertextin the followingway:
z 'nl ["] [ ']

["
[.'l
tllll.ll.l
n rtl |tnl-ltnl (mod26).
1.,l:ls
Itlllll^l
[.,j
[ro 7 t J |.toj U3,;
Encipheringthe entire plaintext messagein the same manner,we obtain the

ciphertextmessage
81913
13415
0222
20110.
into letters,we haveour ciphertextmessage

Translatingthis message
TTN NEP ACW ULA.
The deciphering process for this polygraphic cipher system takes a
ciphertext block and obtains a plaintext block using the transformation
f"'l
[.'l
tt_tl
= 7 lrrl (mod
26)
lprl
rrll
L",J lt'j
where
202
Cryptology
6 -5
Z:
is an inverse of I
-l
ll
-10
modulo 26, which may be obtained using proposition 3.g.
Becausepolygraphic ciphers operate with blocks, rather than with

individual
letters, they are not vulnerable to cryptanalysis based on
letter frequency.
However, polygraphic ciphers operating with blocks of sizen are vulnerable
to
cryptanalysis based on frequencies of blocks of size n. For instance,
with a
digraphic cipher system, there are 262: 676 digraphs, blocks of length
two.
Studies have been done to compile the relative fiequencies of digraphs in
typical English text. By comparing the frequenciis of digraphs in the
ciphertext with the average frequencies of digraphs, it is ofGn possible to
successfullyattack digraphic ciphers. For example, according to some counts,
the most common digraph in English is TH, followed closely by HE. If a Hill
digraphic cipher system has been employed and the most common digraph is
KX, followed by YZ, we may guess that the ciphertext digraphs KX and vZ
correspond to TH and HE, respectively. This would mean that the blocks
19 7 andT 4 are sent to 1023 and21 25, respectively. If A is the enciphering
matrix, this implies that
?l_
:
t ,lrn
a
Iz 4)
is an inverse
"t [?
l0
2l
23 25
l)
(mod 26).
(mod 26)
, wefindthat
r7')
: lzt
(mod
26)'
ltt 2)
whichrgives possiblekey. After attemptingto decipherthe ciphertextusing
A-
12e
to transform the ciphertext, we would know if our guesswas
[s 23
correct.
In general, if we know n correspondencesbetween plaintext blocks of size n

and ciphertext blocks of size n, for instance if we know that the ciphertext
blocks C1iC2i...Cni,j : 1,2,...,n, correspond to the plaintext blocks
P r y P 2 i . . . P n ji , : 1 , 2 , . . . , nrespectively,
,
then we have
7.2 Bl oc k Cipher s
fo r 7 - 1, 2 , . . . ,f l.
,[:]il
(mod26),
These n congruencescan be succinctly expressedusing the matrix congruence

AP=C
(mod26),
where P and C arc nxn matrices with ryth entries Pl; and Cii, respectively.
l, then we can find the enciphering matrix A via
If (det p,26):
A = CF
(mod 26),
where P is an inverseof P modulo 26.

Cryptanalysis using frequenciesof polygraphs is only worthwhile for small
valuesof n, where n is the size of the polygraphs. When n:10, for example,
there are 26t0, which is approximately l.4x10la, polygraphs of this length.
Any analysis of the relative frequencies of these polygraphs is extremely
infeasible.
7.2 Problems
l.
Using the digraphic cipher that sends the plaintext block Pf2to
block CrCz with
the ciphertext
Cr = 3Pt + I0P2 (mod 26)

Cz = 9Pt + 7P2 (mod 26),
encipher the messageBEWARE OF THE MESSENGER.
2.
Decipher the ciphertext message UW DM NK QB EK, which was enciphered

into the
using the digraphic cipher which sends the plaintext block Pfz
ciphertext block CrCz with
Cr = 23Pt + 3Pz (mod 26)
Cz = IOP | + 25P2 (mod 26).
3.
A cryptanalyst has determined that the two most common digraphs in a

ciphertext messageare RH and NI and guessesthat these ciphertext digraphs
correspond to the two most common diagraphs in English text, TH and HE. If
204
Cryptotogy
the plaintext was encipheredusing a Hill digraphic cipher

describedby
Cr = aP1* bP2 (mod 26)
Cz = cP1 * dP2 (mod 26).
what are a,b,c, and,d2
4. How many pairs of letters remain unchanged when encryption performed

is
using
the following digraphic ciphers
il
Cr E 4pt + 5p2 (mod 26)

Cz = 3Pt + P2 (mod 26)
b)
Cr = lpt + I7p2 (mod26)

Cz = Pt + 6Pz (mod 26)
c)
Cr = 3Pt + 5Pz (mod26)

Cz = 6Pt + 3P2 (mod26)?
5. Show that if theênciphering

matrix A in the Hill cipher systemis involutory
modulo 26, i.e, 42 = 1 (mod 26), then A alsoservesas a decipheringmatrix for
this cipher system.
6.
A cryptanalysthas determinedthat the three most commontrigraphs (blocksof

length three) in a ciphertextare, LME, wRI and zyC and gu"rr", that these
ciphertext trigraphs correspondto the three most commontrigraphs in English
text, THE, AND, and THA. If the plaintext was encipheredusing a Hill
trigraphic cipher describedby C = AP (mod 26), what are the entries of the
3x3 encipheringmatrixA?
7 . Find the product cip^her.obtained by using the digraphic Hill cipher with
encipherinsmatrix
followedby using the digraphicHill cipher with
.[f lij
encipherins."tri*
[r5, \)
8 . Show that the productcipher obtainedfrom two digraphicHill ciphersis again a
digraphicHill cipher.
9 . Show that the product cipher obtainedby encipheringfirst using a Hill cipher
with blocksof size m and then using a Hill cipher with blocksof sizen is again
a Hill cipherusingblocksof sizelm,nl.
1 0 . Find the 6x6 encipheringmatrix corresponding
to the productcipher obtainedby
first usingthe Hill cipherwith encipheringmatrix
rotto*"d by usingthe
t} | J,
Hillcipher
withenciphering.",r,*
fl A ?l
[0 I
lJ
1 1 . A transposition cipher is a cipher where blocks of a specified size are enciphered

by permuting their characters in a specified manner. For instance, plaintext
blocks of length five, P1P2P3PaP5, may be sent to ciphertext blocks
c1c2c3cac5:
P4PIPIPP3. Show that every such transposition cipher is a
205
7.3 ExPonentiationCiphers
Hill cipher with an enciphering matrix that contains only 0's and I's as entries
with the property that each row and each column contains exactly one 1.
7.2 Computer Proiects
l.
Encipher messagesusing a Hill cipher.
2.
Decipher messagesthat were encipheredusing a Hill cipher.
3.
Cryptanalyze messagesthat were enciphered using a digraphic Hill cipher, by

analyzing the frequency of digraphs in the ciphertext.
7.3 ExponentiationCiphers
In this section, we discuss a cipher, based on modular exponentiation,that
was invented in 1978 by Pohlig and Hellman [9t1. We will see that ciphers
produced by this system are resistant to cryptanalysis.
Let p be an odd prime and let e, the enciphering key, be a positive integer
with (e,p-l) : l. To encipher a message,we first translate the letters of the
message into numerical equivalents (retaining initial zeros in the two-digit
numerical equivalentsof letters). We use the same relationship we have used
before. as shown in Table 7.9.
letter
A B
numerical
00
equivalent
0r
D E F G H
K L M N
R S T U V
X Y
02 03 04 05 06 0'l 08 09 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25
Table 7.9. Two-digit Numerical Equivalentsof Letters.

Next, we group the resulting numbers into blocks of 2m decimal digits,
where 2m is the largest positive even integer such that all blocks of numerical
equivalents corresponding to m letters (viewed as a single integer with 2m
d e c i m a l d i g i t sa) r e l e s s t h a n p , e . g .i f 2 5 2 5 < p < 2 5 2 5 2 5 , t h e n m : 2 .
For each plaintext block P, which is an integer with 2m decimal digits, we
form a ciphertext block C using the relationship
C=Pe
(modp),0(C<p.
The ciphertext messageconsistsof these ciphertext blocks which are integers
206
Cryptology
less than p.
example.
we illustrate the encipheringtechniquewith the following
Example' Let the prime to be used as the modulus in

the enciphering
procedurebe p : 2633and let the encipheringkey to be
usedas the .*ponrni
in the modularexponentiation
be e :29, so thai (r,p-l) - (2g,2$;): l.
To encipherthe plaintextmessage,
THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER,
we first convertthe lettersof the message
into their numericalequivalents,
and
then form blocksof length four from thesedigits, to obtain
1907 0818 0818 0013
0012 l5l I
0414 0500
2315 l4l3
0413 1908
0814 1302 081s
07a4
0423
1304
0019
nn .
Note that we haveaddedthe two digits 23, corresponding

to the letter X, at
the end of the message
to fill out the final blockof fbur digits.
We next translateeach plaintext block P into a ciphertextblock C using
the relationship
C=pzs
(mod263r,0< C <2633.
For instance,to obtain the first ciphertextblock from the first plaintextblock
we compute
C :
= 2199 (mod 263i.

19072e
To efficientlycarry out the modular exponentiation,

we use the algorithm
givenin Section3.1. When we encipherthe blocksin this way, we find that
the ciphertextmessage
is
2199
2425
to72
2064
t745
t729
l54l
l35l
1745
1619
1701
t704
r206
0935
I 553
1841
2437
0960
0735
r459
To decipher a ciphertext block c, we need to know a deciphering key,

namely an integer d such that de = | (mod p-l), so that d is an inverse of
e (mod p-l), which exists since (e,p-l):
l. If we raise the ciphertext
block C to the dth power modulo p,wa recover our plaintext block p, since
207
7.3 ExponentiationGiphers
Cd = ( p" ) d : p e d =
p k Q-t)+ t = (p p -t)k p = P (mod p),
(mod p-l)'
+ l, for some integer k, since de = I
where de : ki-l)
(Note that we have used Fermat's little theorem to see that
pn-t - I (modp).)
the prime
Example. To decipher the ciphertext blocks generated using
:
of e
inverse
an
we
need
29,
:
e
key
enciphering
2633 and the
moduius p
that
shows
3.2,
Sectionin
:
done
j-t
as
computation,
2632. An easy
modulo
to
in
order
C
block
ciphertext
the
:
decipher
To
2269 is such an inverse.
d
relationship
the
we
use
P,
block
plaintext
find the corresponding
P : 9226e (mod 263i.
For instance,to decipher the ciphertext block 2199, we have
P = 2lgg226e: 1907 (mod 263r.
Again, the modular exponentiationis carried out using the algorithm given in
Section3.2.
(mod p), we
For each plaintext block P that we encipher by computing P'
Before
demonstrates.
3.3
Proposition
use only O(tog2il3) bit operations, as
done
can
be
This
p-1.
modulo
e
we decipher we need to find an inverse d of
needs
(see
this
and,
3.2),
Section
problem
of
ll
using O(log il bit operations
to be done only once. Then, to recover the plaintext block P from a ciphertext
block C, we simply need to compute the leait positive residueof Cd modulop;
we can do this using OKlog2p)3) bit operations. Consequently, the processos
of enciphering and deciphering using modular exponentiation can be done
rapidly.
On the other hand, cryptanalysis of messagesenciphered using modular
exponentiation generally cannot be done rapidly. To see this, suppose we
know the prime p used as the modulus, and moreover, suppose we know the
plaintext block P correspondingto a ciphertext block C, so that
0.2)
C = P'
( m o dp ) .
For successfulcryptanalysis, we need to find the enciphering key e. When the

relationship Q.D holds, we say that e is the logarithm of C to the base
p modulo p. There are various algorithms for finding logarithms to a given
base modulo a prime. The fastest such algorithm requires approximately
.*p(.,,6Ep log-mgp) bit operations(see [81]). To find logarithms modulo a
prime with n decimal digits using the fastest known algorithm requires
approximately the same number of bit operations as factoring integers with
208
Cryptology
the same number of decimal digits, when the

fastest known factoring
algorithm is used. Consulting Table 2.1, we see that
finding logarithms
modulo a prime p requires an extremely long time. For
instance, when p has
100 decimal digits, finding logarithmr rnodulo p requires
approximately
74yearc, whereas when p has 200 decimal digiis, approxim"i"ry
3.gxl0!
years are required.
we should mention that for primes p where p-l
has only smalr prime
factors, it is possible to use special techniques to find logarithms
modulo p
using o (logzp) bit operations. Clearly, this sort of prime
should not be used
as a modulus in this cipher system. Taking a prime p :
2q * l, where q is
also prime, obviates this difficulty.
Modular exponentiation is useful for establishing common
keys to be used
by two or more individuals. These common keys may, for instance,
be used as
keys in a cipher system for sessionsof data communication, and
should be
constructed so that unauthorized individuals cannot discover them in
a feasible
amount of computer time.
Let p be a large prime and let a be an integer relatively prime to p.
Each
individual in the network picks a key k that is an integei relatively prime
to
p-l ' When two individuals with keys
&1 and k2 wisi to exchange a key, the
first individual sends the second the inieger-71, where
./r E at'(modp),
0 < yr ( p,
and the second individual finds the common key K by computing
K:
yf'=a&'&'(-odp),
o <K
<p.
similarly, the secondindividualsendsthe first the integery2 where

l z = a k ' ( m o dp ) ,
o 1 yz 1 p,
and the first individualfinds the commonkey K by computing

K : yl' =o&'&'(*od p),
o < K < p.
We note that other individualsin the networkcannotfind this commonkey

K in a feasibleamountof computertime, sincethey must computelogarithmi
modulop to find K.
In a similar manner,a commonkey can be sharedby any group of z
individuals. If theseindividualshave keys k t,k2, ..., kn, ihey can sharethe
commonkey
209
7.3 ExponentiationCiPhers
K - ak'k""4 (mod P)'

common key
We leave an explicit description of a method used to produce this
K as a problem for the reader.
by
An amusing application of exponentiation ciphers has been described
exponentiation
using
Shamir, Rivest, una eat.man [961. They show that by
via
ciphers, a fair game of poker may be played by two players communicating
jointly
they
computers. Suppose Alex and Betty wish to play poker. First,
chooie a large pii-" p. Next, they individually choosesecret keys e1aJrd 2'
to be used as exponents in modular exponentiation. Let Er, and Er, represent
the corresponding enciphering transformations, so that
8",(M) = M"
Er,(M) = M"
(mod p)
(mod p),
where M is a plaintext message. Let dl and d2be the inversesof el and e2

modulo p respectively, and let Dr, and D", be the corresponding deciphering
transformations, so that
D",(C) = cd.' (mod p)
D ,:,(c ) = c d ' (m o d p ),
where C is a ciphertext message.
Note that enciphering transformations commute, that is
: E r,(Er,(M)),
E r,(E
" ,(M))
slnce
(M")', :_ (M',)', (modp).

To play electronic poker, the deck of cards is representedby the 52
messages
M r : .TWO OF CLUBS'
,r:."THREE oF CLUBS"
M sz: "ACE OF SPADES."

When Alex and Betty wish to play poker electronically, they use the
following sequenceof steps. We supposeBetty is the dealer.
210
Cryptotogy
Betty uses her enciphering transformation to encipher

the 52 messages
for the cards. She obtains Er,(M
1), Er,(Mr),...,er, (arl.-Betty
shuffies the d".,k, by randomly riordering the enciphered
messages.
Then she sends the 52 shuffied encipheredmessagesto
Alex.
ll.
lll.
Alex selects,at random, five of the enciphered messagesthat

Betty has
sent him. He returns these five messagesto Betty and
she deciphers
them to find her hand, using her deciphering transformation
Drr, since
D,,(E",(M)) : M for all messagesM. Alex cannot determine
which
cards Betty has, since he cannot decipher the enciphered
messages
Er,(M), j : 1,2,...,52.
Alex selects five other enciphered messages at random.
messagesbe C1, Cz, Cl, Ca, and C5, where
Let these
Cj : Err(Mi,),
i : r,2,3,4,5. Alex enciphers these five previously enciphered messages
using his enciphering transformation. He obtains the fivi messages
Cjr : E r,(C) : E r,(Er,(1,t,,))
i : 1,2,3,4,5. Alex sends these five messagesthat have been enciphered
twice (first by Betty and afterwards by Alex) to Betty.
lv.
Betty uses her deciphering transformation D", to find
D",(C;*): D",(E
",(n",(*t,)))
: Drr(Er,(Er,(M,,)))
-
Eer(Mi,),
since Er,(Er,(M)) :8",(Er,(M))

and Dr.(Er,(M)) - M
for
messagesM. Betty sendsthe fives messageE",(Mi) back to Alex.
v.
Alex useshis deciphering transformation Dr,
all
to obtain his hand, since
D",(E",(M;,)) : M;,.
When a game is played where it is necessaryto deal additional cards,
such as draw poker, the same steps are followed to deal additional cards
from the remaining deck. Note that using the procedure we have
described, neither player knows the cards in the hand of the other
player, and all hands are equally likely for each player. To guarantee
that no cheating has occurred, at the end of the game both players
reveal their keys, so that each player can verify that the other player was
7.3 ExponentiationCiPhers
211
actually dealt the cards claimed.

may
A description of a possible weaknessin this scheme, and how it
9.1.
Section
of
problem
38
in
found
be
be overcome,may
7.3 Problems
l.
: 3, encipher the message

Using the prime p - l0l and enciphering key e
GOOD MORNING using modular exponentiation'
is the plaintext message that corresponds to the ciphertext
l2t3Og02053g 120g 1234 1103 1374 produced using modular exponentiation
: 13 2
with modulus p : 2591 and enciphering key e
2 . What
3.
4.
when
Show that the enciphering and deciphering procedures are identical
- 3l and
modulus
with
exponentiation
P
modular
enciphering is done using
enciphering key e : ll
With modulus p - 29 and unknown enciphering key e, modular exponentiation
produces the ciphertext 04 19 19 ll 04 24 09 15 15. Cryptanalyze the
ubou" cipher, if it is also known that the ciphertext block 24 corresponds to the
plaintexi letter U (with numerical equivalent 20). (Hint: First find the
iogarithm of 24 to the base 20 modulo 29 using some guesswork.)
5 . Using the method described in the text for exchanging common keys, what is the
key that can be used by individuals with keys kt:27
"o..on
when the modulus is p : l0l and the base is a : 51'
6.
7.
and kr:31
What is the group key K that can be shared by four individuals with keys
* 1 0 0 9 a n d base
k1 : ll, k2:12, k3:17, kc:19 using the modulusP
a:31.
Describe a procedure to allow n individuals to share the comrnon key described
in the text.
7.3 Computer Proiects

l.
Encipher messagesusing modular exponentiation.
2.
Decipher messagesthat have been enciphered using modular exponentiation.
3.
Cryptanalyze ciphertext that has been enciphered using modular exponentiation

when a correspondencebetween a plaintext block P and a ciphertext block C is
known.
4.
Produce common keys for individuals in a network.
212
5.
Gryptology
Play electronic poker using encryption via modular

exponentiation.
7.4 Public-KeyCryptography
If one of the cipher systems previously described in this
chapter is used to
establish secure communications within a network,
then each pair of
communicants must employ an enciphering key that
is kept secret from the
other individuals in the network, sincl once the enciphering
key in one of those
cipher systems is known, the deciphering key can be fiund
using a small
amount of computer time. Consequently,to maintain secrecy
the enciphering
keys must themselvesbe transmitted ovei a channel of securecommunications.
To avoid assigninga key to each pair of individuals that must
be kept secret
from the rest of the network, a new type of cipher system,
called a
public-key cipher system, has been recentiy introduced.
In ttris type of
cipher system, enciphering keys can be made-public, since an
unrealistically
large amount of computer time is required to find
a deciphering
transformation from an enciphering transformation. To use
a public-key
cipher system to establish secret communications in a network
of n
individuals, each individual produces a key of the type specified by the
cipher
system, retaining certain private information that went into the construction
of
the enciphering transformation E (D, obtained from the key ft according
to a
specifiedrule. Then a directory of the n keys k1, k2,...,k, is published. wtrn
individual i wishes to send a message to individual
], the letters of the
message are translated into their numerical equivalents and combined
into
blocks of specified size. Then, for each plaintlxt block p a corresponding
ciphertext block c - E1,, (p)
is computed using the enciphering
transformation Ekt. To decipher the message, individual
7 applies the
deciphering transformation D1r,to each ciphertext block C to find p, i.e.
Dk,(C) - Pkt(Eo,(r)) : f.
Since the deciphering transformation Do, cannot be found in a realistic
amount of time by anyone other than individual
-/, no unauthorized individuals
can decipher the message,even though they know the key k;. Furthermore,
cryptanalysis of the ciphertext message, even with knowiedge of ki, is
extremely infeasible due to the large amount of computer time needed.
tgl?
The Rfl
cipher system, recently invented by Rivest, Shamir, and
Adleman lgl], is a puitic-key cipher system based on modular exponentiation
where the keys are pairs (e,n), consisting of an exponent e and a modulus n
that is the product of two large primes, i.e. n: pq, where p and.q are large
7.4
,n+t -,,"lulus, P '^ 1 q',te

f\rirte
{
;
p ubi,c
e^qvh7
L L
21s
Public-KeYCrYPtograPhY
Secm{:
do cryrily
P'1
l. To encipher a message,we first translate the

primes, so that G,Q(il):
equivalents and then form blocks of the largest
numerical
ietters into their
possible size (with an even number of digits). To encipher a plaintext block
P, we form a ciphertext block C bY
E@) :C
zP'
(modn), 0 1 C 1 n.
The deciphering procedure requires knowledge of an inverse d of e modulo

Qh), which existssince G,Qh)) : l. To decipherthe ciphertext block C, we
e"l- | - ri 4{")
find
+t
D ( O = C d : (P ' )d : P e d : P k dh)
_ (p o ft);k p = p (m o d
n ),
where ed: kth) * I for some integer k, since ed = I (mod Ob)), and by
-Euler's theorem, we have pa(fi) 1 (mod n), when (P, n) : | (the
probability that P and n are not relatively prime is extremely small; see
problem 2 at the end of this section ) . The pair (d, n) is a deciphering key.
To illustrate how the RSA cipher system works, we present an example
where the enciphering modulus is the product of the two primes 43 and 59
(which are smaller than the large primes that would actually be used). We
have n : 43 ' 59 : 2537 as the modulus and e - 13 as the exponent for the
RSA cipher. Note that we have (e, Qh)) : (13, 42' 58) : l. To encipher
the message
PUBLIC KEY CRYPTOGRAPHY.
wq first translate the letters into their numerical equivalents,and then group
these numbers together into blocks of four. We obtain
1520
2402
1700
0 1I l
1724
1507
0802
l5l9
2423,
1 004
1406
where we have added the dummy letter X : 23 at the end-of the passageto
fill out the final block.
We encipher each plaintext block into a ciphertext block, using the
relationship
C = Prt
(mod 2537)
For instance, when we encipher the first plaintext block 1520, we obtain the
ciphertext block
214
Cryptology
C = (1 5 2 0 )1 3= 9 5
(m od 253D .
Enciphering all the plaintext blocks, we obtain the ciphertext

message
0095
081I
I 185
1648
2333
1457
l4l0
2132
1084.
t299
0370
In order to decipher messagesthat were enciphered using the RSA cipher,

we must find an inverse of e : 13 modulo
: o(43. 5i) :
oeslil
42' 58 : 2436- A short computation using the Euclidean algorithm, as done
in section 3.2, shows that d :937 is an inverse of 13 modulo 2436.
Consequently,to decipher the cipher text block C, we use the relationship
- g e 3 7 (m o d
P
2 5 3 D ,0 < p < 2532,
which is valid because
ge37 :
(pr3)e37-
(p2az6)sp= p
(mod 2537):
note that we have used Euler's theorem to see that

pQQs37)- p2436- t (mod 2537),
when (P, 2537) : | (which is true for all of the plaintext blocks in our
example).
To understand how the RSA cipher system fulfills the requirements of a
public-key cipher system, first note that each individual can find two large
primes p and q, with 100 decimal digits, in just a few minutes of computer
time. These primes can be found by picking odd integers with 100 digits at
random; by the prime number theorem, the probability that such an integer is
prime is approximately 2tog 10100. Hence, we expect to find a prime after
examining an average of l/OAog 10100),or approximately ll5, such integers.
To test these randomly chosen odd integers for primality, we use Rabin's
probabilistic primality test discussedin Section 5.2. For each of these 100digit odd integers we perform Miller's test for 100 basesless than the integer;
the probability that a compositeinteger passesall these tests is less than 10-60.
The procedure we have just outlined requires only a few minutes of computer
time to find a 1OO-digitprime, and each individual need do it only twice.
Once the primes p and q have been found, an enciphering exponent e
should be chosen with (e,e(pq)) : l. One suggestion for choosing e is to
take any prime greater than both p and q. No matter how e is found, it
should be true that 2' > fl : pQ, so that it is impossible to recover the
7.4 Pu blic - K eYCr Y P to g ra Ph Y
215
eth root of the integer C

plaintext block P, P # O or 1, just by taking the
withC=P,(modn),01C1n.Aslongas2,}||,everymessageother
followed by u reduction
than p : 0 and l, is enciphered by exponentiation
modulo n.
enciphering messages
We note that the modular exponentiation needed for
a few seconds of
using the RSA cipher system can be done using only
base in the modular
computer time when th; modulus, exponent, and
the Euclidean
exponentiationhave as many as 200 decimal digits' Also, using
exponent e
algorithm, we can rapidly find an inverse d of the enciphering
and q are known' so that
when the primes p
rnldulo 6(r)
: (P-l)(q-l) is known'
0h) :6(Pq)
(e, n) does not easily lead to
To see why knowledge of the enciphering key
inverse of e modulo 6h),
an
(d]
d,
find
to
that
note
n),
the deciphering key
(
p
l
)
(
q
-l)'
Note that finding
r e q u i r e st h a t w e f i r s t f i n d Q h ) : O Q q ) :
. To se7-y!5 no.!1 that

Q0) is not easier than factoring the JIlSgg-t?
:!Q+d'-4n'
- :'/mq
i i n : n - o 0 ) + l a n dp q :
so
V z l | + q ) + (p-q)| , and consequentl y

and q
i f,u , p : t / 2lQ + Q + Q -i l \
: p q a n d 6h) : b-l )Q-l )
are
n
w
h
e
n
fo
u
n
d
p a nd q c an eas ily U "
digits,
decimal
100
around
q
have
both
p
and
known. Note that when
n - pq has around 200 decimal digits. From Table 2.1, we seethat using the
fastest factorization algorithm known, 3.8xlOe years of computer time are
required to factor an inleger of this size. Also, if the integer d is known, but
- I is a multiple of
o(n) is not, then n may also be factored easily, since ed
an integer n using any
eh) and there are special algorithms for factoring
proven
that it is impossible
(see
been
has
not
It
Mill.r
t72D.
multiple of 6h)
system without
cipher
RSA
the
using
enciphered
messages
to decipher
As yet,all
discovered'
been
has
method
no
such
far
so
but
factoring n,
factoring
to
equivalent
general
are
in
work
that
suggested
methods
decipherlng
be an
to
Seems
integers
large
factoring
remarked,
we
have
n, and as
time.
computer
of
amounts
tremendous
problem,
requiring
intractable
A few extra precautionsshould be taken in choosingthe primes p and q to
be used in the RSA cipher system to prevent the use of special rapid
- | and q - I should have
techniquesto factor n : pq. For example, both p
large pri-. factors, (p - l, q - l) should be small, and p and q should have
decimal expansionsdiffering in length by a few digits'
For the RSA cipher system, once the modulus n has been factored, it is
easy to find the deciphering transformation from the enciphering
transformation. It may be possible to somehow find the deciphering
transformation from the enciphering transformation without factoring n,
although this seemsunlikely. Rabin [92] has discovereda variant of the RSA
216
Cryptotogy
cipher system for which factorization of

the modulus n has almost the same
computational complexity as obtaining the
deciphering transformation from
the enciphering transformation. To describe
Rabin,s cipher system, ret
n : pq, where p and q are odd primes,
and let b be an integer with
0 < 6 1 n. To encipher the plaintexi messagep,
we form
e :
p@+b)
(modn).
We will not discussthe deciphering procedure for Rabin

ciphers here, because
it relies on some concepts we havi not yet developed (see
problem 36 in
Section 9'l). However, we remark that there are foui possible
ualue, of p for
each ciphertext c such that e - p(p+b) (mod n),
an ambiguity which
complicates the deciphering process. when p and q
are known, the
deciphering procedure for a Rabin cipher can be carriei
out rapidly since
O(log n ) bit operationsare needed.
Rabin has shown that if there is an algorithm for deciphering in
this cipher
system, without knowledge of the primes p and q, that ."qui.",
f hf ait
operations, then there is an algorithm for the factorization of n requiiing
only
2$ (n) * log n ) bit operations. Hence the process of deciphering messages
encipheredwith a Rabin cipher without knowledgeof p and-q is a problern
of
computational complexity similar to that of factori zation.
Public-key cipher systemscan also be used to send signed messages.
When
signaturesare used, the recipient of a messageis sure that the message
came
from the sender, and can convince an impartial judge that only the sender
could be the source of the message. This authentication is needed for
electronic mail, electronic banking, and electronic stock market transactions.
To see how the RSA cipher system can be used to send signed messages,
supposethat individual i wishes to send a signed messageto individ ual j. itr.
first thing that individual i does to a plaintext block p is to compute
S - Do,(P) = pd' (mod n;),
where (di, n) is the deciphering key for individual f which only individual
,
i
knows. Then, if ni t n1, where (ei, n) is the enciphering key ior individual
7, individual i enciphersS by forming
,:Ekt(S)=S',
(modn;),
0<C
1nj.
wh..l ni I n; individual i sprits ,s into blocks of size less than nj and

enciphers each block using the enciphering transformation 81r,.
For deciphering, individual 7 first
transformation Dp, to recover S, since
uses the
private
deciphering
217
7.4 Public-Key CrYPtograPhY
D1,,(C) - PktGp, (S)) : s.

To find the plaintext message P , supposedly sent by individual i, individual 7
next uses the pubtic enciphering transformation Eq, since
81,(s) - fi,kt(Dr,(P)) : P.
Here, we have used the identity Ep,(Dp,(P)) : P, which follows from the fact
that
= (P d ' )" - Pd ' e ': P (mod n;)'
E p, (D p ,(P))
since
diei :- I
(mod Oh)).
The combination of the plaintext block P and the signed version S convinces
individual 7 that the message actually came from individual i. Also,
individual i cannot deny sending the message, since no one other than
individual f could have produced the signed message S from the original
messageP.
The RSA cipher system relies on the difference in the computer time needed
to find primes and the computer time needed to factor. In Chapter 9, we will
use this same difference to develop a technique to "flip coins" electronically.
7.4 Problems
l.
Find the primesp andq if n : PQ - 4386607and d(n) : 4382136.
2. Supposea cryptanalystdiscoversa messageP that is not relativelyprime to the

encipheringmodulusn : pq usedin a RSA cipher.
a) Showthat the cryptanalystcan factorn.
fP," ) . p or 1
b) Show that it is extremelyunlikely that sucha messagecan be discoveredby
demonstratingthat the probability that a messageP is not relativelyprime
1-!,
to n i, !+
a n d i f p a n d q a r e b o t h l a r g e rt h a n l 0 r m , t h i s
pqpq
probabilityis leis thin 10-s.
3 . What is the ciphertext that is produced when the RSA cipher with key
(e,n) : G,266il is usedto encipherthe messageBEST WISHES?
4 . If the ciphertext message produced by the RSA cipher with key
(e,n) : (s,zggt) is 0504 1874034705152088235607360468, what is the
218
Cryptology
plaintext message?
5.
Harold and Audrey

respectively.
a)
have as their
RSA
keys (3,23.4D
and
(7,31.59),
Using the method in the text, what is the signed ciphertext sent by Harold
to Audrey, when the plaintext messageis cHEERs tranorot
b)
Using the method in the text, what is the signed ciphertext sent by Audrey
to Harold when the plaintext messageis SINCERELY AUDREY?
In problems 6 and '7, we present two methods for sending signed messagesusing the
RSA cipher system, avoiding possible changes in block sizes.
6.
7 . il
Let H be a fixed integer. Let each individual have two pairs of enciphering keys:
k - (e,n) and k* - (e,n*) with n < H <n*, where n and n* are both the
product of two primes. Using the RSA cipher system, individual f can send a
signed messageP to individual T by sending E*.(D1,,(p)).
il
Show that is is not necessaryto change block sizes when the transformation
Eor. is applied after Dp, has been applied.
b)
Explain how individual 7 can recover the plaintext message P, and why no
one other than individual l' could have sent the message.
c)
Let individual f have enciphering keys (3,11.71) and Q2}.4D so that

781 : 1l'71 < 1000 < ll89 - 29'41, and let individual j have enciphering
k e y s ( 7 , 1 9 . 4 7 )a n d ,( 7 , 3 1 . 3 D ,s o t h a t g 9 3 : l g . 4 j < 1 0 0 0 < I I 4 7 : 3 1 . 3 7 .
What ciphertext message does individual f send to individual
7 using the
method given in this problem when the signed plaintext messageis HELLO
ADAM?
What ciphertext message does individual j send to individual f
when the signed plaintext messageis GOODBYE ALICE?
Show that if individuals f and y have enciphering keys k; - (ei,n) and

ki : (ei,n), respectively, where both n; and ni are products of two distinct
primes, then individual i can send a signed message P to individual
7 without
needing to change the size of blocks by sending
Er,(Dr,(P)) if n, < n,
Dp,(Ep,@)) if ni ) ni .
b)
How can individual T recover p?
c)
How can individual j/ guarantee that a messagecame from individual i ?
d)
Let ki - (11,47.61) and ki - (13,43.59). Using the method described in part

(a), what does individual f send to individual
7 if the message is REGARDS
FRED, and what does individual 7 send to individual i if the message is
REGARDS ZELDA?
2r9
1.5 Knapsack CiPhers
8.
Encipher
the
message
SELL
NOW
using
the
Rabin
ciPher
C = P(r+s) (mod2573).
?.4 Computer Projects

1.
Encipher messageswith an RSA cipher'
2.
Decipher messagesthat were enciphered using an RSA cipher.
4.
in the text'
Send signed messagesusing an RSA cipher and the method described
problem 6'
Send signed messagesusing an RSA cipher and the method in
5.
problem 7'
Send signal messagesusing an RSA cipher and the method in
6.
Encipher messagesusing a Rabin cipher'
3.
7.5 KnapsackCiphers
In this section, we discuss cipher systems based on the knapsack problem.
Given a set of positive integers Qr,a2,..., an and a Sum S of a subset of these
integers, the knapsack problem asks which of these integers add together to
give S. Another way to phrase the knapsack problem is to ask for the values
of xyx2,..., xn, each either 0 or 1, such that
(7.3)
S:arxr*a2x2*
larxn'
We use an example to illustrate the knapsack problem.

: (2,'7,8,11,12). By inspection, w see that
Example. Let (a1,o2,o3,aa,a5)
there are two subsets of these five integers that add together to give 21,
Equivalently, there are exactly two
namely 2l -- 2+8+l | : 2*7*12.
8x3 * llxa * l2x5:21, with Ii :0
7
x
2
*
s o l u t i o n st o t h e e q u a t i o n2 x 1 *
:
x
1,2,3,4,5,namely r : x3: x4: l, x2: 15 : 0, and
or I for i
Xl: XZ: X5: l, X3: I+ : 0.
To verify that equation (7.3) holds, where each.x, is either 0 or 1, requires
that we perform at most n additions. On the other hand, to search by trial
and error for solutions of (2.3), may require that we check all 2n possibilities
for (x1, x2,..., rn). The best method known for finding a solution of the
knapsack problem requires O(2n/2) bit operations, which makes a computer
solution of a general knapsack problem extremely infeasible even when
n : 100.
220
Gryptology
certain values of the integers e1, a2,...,en make

the solution of the
knapsack problem much easier than the- solutlon
in the general case. For
instance,
if
ai : )i-1,
to
find
the
solution
of
S - Ar xr * a2x2-l ":
I an xr, where ri:0
or I for i: 1,2,...,ft,
simply requires that we find the binary expansionof S. We
can also produce
easy knapsackproblemsby choosingthe integersd1, oz,...,cn so
that the sum
of the first 7-l of these integers is alwayrl.r, than the
Tiir int"ger, i.e. so
that
j-r
2o,{oi,
j : 2 , 3 ,. . . , n .
i-l
If a sequenceof integers d1, e2,...,an satisfiesthis inequality,we call the

sequencesuper -increasing.
Example.
The
sequence 2, 3,7, 14, 27
is
super-increasing because
3 > 2,7 > 3+2,14 > 7+3+2,and27 > l4+i+3+2.
To see that knapsack problems involving super-increasingsequencesare easy

to solve,we first consideran example.
Example. Let us find the integersfrom the set 2,3,7,14,27 that have 37 as
their sum. First, we note that since 2+ 3 + 7 + 14 < 27, a sum of integers
from this set can only be greater than 27 if the sum contains the integer 27.
H e n c e ,i f 2 x 1 * 3 x 2 * 7 x 3 * l 4 x a *
2 7 x 5- 3 7 w i t h e a c h . x ; : 0 o r l , w e
must have 15 : I and 2x1* 3x2* 7x3| l4xa: 19. Since 14 > 10, x4
m us t be 0 and w e h a v e 2 x 1 * 3 x 2 * 7 x 3 : 10. S i nce 2 + 3 ( 7, w e must
hav e x , : 1 and th e re fo re 2 x 1 l 3 x 2 :3 .
O bvi ousl y,w e hava x2: I and
rr - 0. The solutionis 37 - 3 + 7 + 27.
In general, to solve knapsack problems for a super-increasingseeuolco 41,
a 2, . . . ,an, i. e. t o fi n d th e v a l u e s o f x t, x 2 , ..., xn w i th ,S : atxl * a2x2*
* enxnand x;:0
o r I f o r i : 1 , 2 , . . . , n w h e n . S i s g i v e n ,w e u s e t h e
following algorithm. First, we find x, by noting that
[r ir
r,:toif
S Z an
S(an.
Then, we find xn-r, xn-2,...,x1, in succession,using the equations
221
7.5 KnapsackCiphers
if
s-
t-i+l
xj-
.s-
;-;+l
for7 : n-l,n-2,...,1.
To seethat this,algorirhmworks, first note that if xn :0
then)orrr(
when S 7 an,
g condition !
2 o , l e n < S , c o n t r a d i c t i n the
i-l
i-l
Similarly, if xy : 0 when S -
7 oj, then ) a;x; (
;-j+l
j-'
i-l
o1*i : S
j-r
2 *, +
t-l
aj*
i-j+1
r-i+l
Using this algorithm, knapsack problems based on super-increasing

sequencescan be solved extremely quickly. We now discuss a cipher system
based on this observation. This cipher system was invented by Merkle and
Hellman [90], and was considered a good choice for a public-key cipher
system until recently. we will comment more about this later.
The ciphers that we describe here are based on transformed super-increasing
sequences.To be specific,let or, a2,...,an be super-increasingand let m be a
positive integer with lz ) 2ao. Let w be an integer relatively prime to m
with inverse w modulo m. We form the sequence b1, b2,...,b, where
bj : wai (mod m) and 0 < bi 1 m. we cannot use a special technique to
solve a knapsack problem of the type ^g :
integer, since the sequence
when fr is known. we can find
(7.4)
b b,", where ,S is a positive

i-l
is not super-increasing. However,
wT : i fr|,r, : h o,r, (modlz)

j-l
i-l
since fibi =ai
(mod m). From (7.0 we see that
So: Zo,r,
t-l
where Ss is the least positiveresidueof frS modulo z.

the equation
We can easilv solve
222
Cryptology
So : D o,r,,
i-l
since er, e2,...,an is super-increasing.This solvesthe knapsack problem
s : !, b,r,,
i-l
since bi = wa; (mod m) and 0 ( D; I

an example.
m. We illustrate this procedure with
Example. The super-increasingsequence (oya2,a3,a4,a5):(3,5,9,20,44) can

be transformed into the sequence(b3 b2, by bq, b5): (23,6g,69,5,11)by
taking bi = 67a1 (mod 89), for 7 : 1,2,3,4,5. To solve the knapsack problem
2 3 x 1 + 6 8 x z * 6 9 x 3 * S x a* l l x 5 : 8 4 ,
w e c a n m u l t i p l y b o t h s i d e so f t h i s
equation by 4 , an inverse of 67 modulo 89 , and reduce modulo 89, to obtain
the
congruence 3x1 * 5x2 * 9x3 * 20xa * 44x5 = 336 = 69 (mod g9).
since 89>3+5+9+20+44,
w e c a n c o n c l u d et h a t 3 x 1 * 5 x 2 *
9x3 * 20xa * 44x5: 69. The solution of this easy knapsack problem is
xs : x4: x2: I and x3 : rr : 0. Hence, the original knapsack problem
has as its solution 68 * 5 + 1l : 84.
The cipher system based on the knapsack problem works as follows. Each
individual chooses a super-increasing sequence of positive integers of a
specified length, say N, e.g. ar, a2,..., aN, as well as a modulus m with
m ) 2ay and a multiplier w with (m,w) :1.
The transformed sequence
b 1, b2, . . . by
, , whe re b i = w a i (m o d m ), 0 < bi 1 m, for j - 1,2,...,N , i s
made public. When someonewishes to send a messageP to this individual,
the messageis first translated into a string of 0's and I's using the binary
equivalentsof letters, as shown in Table 7.10. This string of zeros and ones is
next split into segmentsof length N (for simplicity we supposethat the length
of the string is divisible by N; if not, we can simply fill out the last block with
all l's). For each block, a sum is computed using the sequencebvbz,...,bxi
for ins t anc e, t he b l o c k x 1 x 2 ...x 1 1g i v e s S: D rxr * b2x2*
* byxy.
Finally, the sums generatedby each block form the ciphertext message.
We note that to decipher ciphertext generated by the knapsack cipher,
without knowledge of m and w, requires that a group of hard knapsack
problems of the form
(7.s)
S : brxr f b2x2*
* byxy
be solved. on the other hand, when m and w are known, the knapsack
problem (z.s) can be transformed into an easy knapsack problem, since
223
7.5 KnapsackCiphers
letter
binary
equivalent
letter
00000
00001
00010
0001I
00100
00101
001r0
00111
01000
0100r
01010
01011
0l100
A
B
C
D
E
F
G
H
I
J
K
L
M
o
P
a
R
S
T
U
V
w
X
Y
Z
binary
equivalent
01101
0lll0
0llll
10000
10001
10010
l00l I
10100
l0l0l
10110
l0l l1
l 1000
11001
Table 7.10. The Binary Equivalents of Letters.
wIS: frbp1 * frb2x2I

z
where frbj:
(7.6)
atxl * a2x2*
' * wbyx7,1
(mod m ),
* ayxy
a; (mod 22), where w- is an inverseof w modulo m, so that

So - afi1 * a2x2l
* a1vx1v,
where Ss is the least positive residue of wlS modulo rn. We have equality in
(7.6), since both sides of the equation are positive integers less than m which
are congruent modulo ltt.
We illustrate the enciphering and deciphering proceduresof the knapsack
cipher with an example. We start with the super-increasing sequence
: (2,1I '14'29'58'lI9'24I'480'959'1917)' We
(a1,a2,a3,Q4,Q5tA6,A7,Qg,Qg,,Ato)
: l00l
take m: 383? as the encipheringmodulus,so that m ) 2a1s,?fld w
(m,w):1,
super-increasing
the
to transform
as the multiplier, so that
sequenceinto the sequence(2002,3337,2503,2170,503,172,3347,855,709,417).
To encipher the message
REPLY IMMEDIATELY,
Cryptology
we first translate the letters of the message

into their five digit binary
equivalents,as shown in Table 7.10,,and thenlroup
these digits into blocks of
ten, to obtain
1000100100 0llltOl0ll
1100001000
0110001100 0010000011 0100000000
1001100100 0101I11000.
For each block of ten binary digits, we form a sum
by adding together the
appropriate terms of the sequence(2002, 3337, 2503,
2170, sd:, t 72, 3347,
855,709, 417) in the slots correspondingto positionsof the
block containing a
digit equal to l. This gives us
3360
12986 8686
10042 3629 3337 5530
s72s.
For instance,we compute the first sum, 3360, by adding 2002,503, and g55.
To decipher, we find the least positive residue modulo 3837 of 23 times each
sum' since 23 is an inverse of 1001 modulo 3837, and then we solve the
corresponding easy knapsack problem with respect to the original superincreasing sequence (2,11,14,29,59,119,241,4g0,959,lglT). For example, to
decipher the first block, we find that 3360.23:540(mod 3837), and then note
that 540 : 480 + 58 + 2. This tells us that the first block of plaintext binary
digit s is 10001 0 0 1 0 0 .
Recently, Shamir [g+] tras shown that knapsack ciphers are not satisfactory
for public-key cryptography. The reason is that there is an efficient algorithm
for solving knapsack problems involving sequences b1, b2,...,b, with
bi:
wai (modm), where w and m are relatively prime poritiue integers and
ar, o2,...,an is a super-increasingsequence. The algorithm found by Shamir
can solve these knapsack problems using only O @ hD bit operations, where
P is a polynomial, instead of requiring exponential time,
ir required for
general knapsack problems, involving sequencesof a general "r
nature.
There are several possibilities for altering this cipher system to avoid the
weakness found by Shamir. One such possibility is to choose a sequence of
pairs of relatively prime integers (w1,m1),,(w2,m2),..., (w,mr), and then
form the series of sequences
22s
7.5 Knapsack GiPhers
b9) 7 w 1 a i ( m o d z r )
(mod m z)
;;,, :rrijt'
bj') =w,b j'-rt (mod z"),

for j : l, 2, ..., n. We then use the final sequenceb[') , b$'),..., bl') as the
encipheringsequence.As of mid-1983,no efficientalgorithmhad beenfound
for solving knapsack problems involving sequencesobtained by iterating
modular multiplications with different moduli (although there are several
promisingmethodsfor the productionof suchalgorithms).
7.5 Problems
l.
is super-increasing
Decidewhethereachof the followingsequences
a)
b)
(3,5,9,19,40)
c)
( 2, 6, 10, 15 ,3 6 ) d
(3 ,7 ,1 7 ,3 0 ,5 9 )
(l l,2l,4l,8l,l5l).
sequence,then c; 2 A-r for

2 . Show that if 41, a2,...,dn is a super-increasing
j - 1 , 2 ,. " , f , '
3 . Show that the sequencea1, a2,...,a21is super-increasingif ai+r ) 2ai for
j - 1, 2,. . . ,f l- l' .
of the integers2,3,4,7, 11, 13, 16 that have18 as their sum.
4. Find all subsets
5 . Find the sequence obtained from the super-increasing sequence
(1,3,5,10,20,41,80)
when modular multiplication is applied with multiplier
:
w
17 and modulvsm : 162.
6 . Encipher the messageBUY NOW using the knapsackcipher based on the
by
sequence(17,19,37,81,160),
sequenceobtained from the super-increasing
and modulus
performing modular multiplication with multiplier w :29
m :331.
7 . Decipherthe ciphertext402 105 150 325 that was encipheredby the knapsack
This sequenceis obtained
cipher basedon the sequence(306,374,233,L9,259).
by using-modularmultiplicationwith multiplier w : 17 and modulusm : 464,
sequence(I8,22,4I,83,179).
to transformthe super-increasing
the modularmultiplications
8 . Find the sequenceobtainedby applyingsuccessively
on the
with multipliersand moduli (7,92), (11,95),and (6,101),respectively,
(3,4,8,I7,33,67)
.
sequence
super-increasing
226
Cryptology
9 . What process can be employed to decipher messagesthat have been enciphered

using knapsack ciphers that involve sequences arising from iterating modular
multiplications with different moduli?
1 0 . A multiplicative knapsack problem is a problem of the following type: Given

positive integers aya2,...,an and a positive integer P, find the subset, or subsets,
of these integers with product P, or equivalently, find all solutions of
P - ai'ai'." oi'
where xj - 0 or I for j :
1,2,...,n.
il
Find all products of subsetsof the integers 2,3,5,6,and l0 equal to 60.
b)
Find all products of subsetsof the integers 8,13,17,21,95,121equal to 15960.
c)
Show that if the integets a1,a2,...,anare mutually relatively prime, then the
multiplicative knapsack problem P:ai'ai'"'oI',
rj-0
or I for
j : I,2,...,n, is easily solved from the prime factorizations of the integers
P,ayo2,...,an, and show that if there is a solution, then it is unique.
d)
Show that by taking logarithms to the base b modulo m,where (b,m):

and 0 < b < m, the multiplicative knapsack problem
P-ai'ai'"'ol'
is converted into an additive knapsack problem
S - a1x1 * a2x2 *
* anxn
where S, @1,e20...;dn ate the logarithms of

modulo m, respectively.
e)
to the base 6
Explain how parts (c) and (d) can be used to produce ciphers where
messagesare easily deciphered when the mutually relatively prime integers
a1, a2t...; an are known, but cannot be deciphered quickly when the integers
d\, dzr...,an Are knOwn.
1. Solveknapsackproblemsby trial and error.
2 . Solve knapsack problems involving super-increasing sequences.
3 . Encipher messagesusing knapsack ciphers.
Decipher messagesthat were enciphered using knapsack ciphers.
Encipher and decipher messages using knapsack ciphers involving sequences
arising from iterating modular multiplications with different moduli.
7.6 Some Applicationsto ComputerScience
6.
227
mutually relatively
Solve multiplicative knapsack problems involving sequencesof
prime integers (see Problem 10).
7.6 Some Applications to Computer Science

In this section we describe two applications of cryptography to computer
science. The Chinese remainder theorem is used in both applications.
The first application involves the enciphering of a database. A database is
a collection of computer files or records. Here we will show how to encipher
an entire databasi so that individual files may be deciphered without
jeopardizing the security of other files in the database'
Supposethat a databaseB contains the n files Fv Fz,,-.-,Fn' Since each
file is a string of 0's and I's, we can consider each file to be a binary integer.
We first choose n distinct primes rltr, t7r2,...1r/tn with m1 ) F1 for
j :1,2, . . . , f r .
A s t h e c i p h e rte x tw e u s e a n i n te g erC that i s congruentto F;_
th e e x i s te n c eo f s u c h an i nteger i s guaranteed
modulo m i f or j : 1, 2 ,...,n ;
- fttr trtz
mn and
remainder theorem. We let M
by the ihin.t"
w
h
e
r
e
y; is an
:
1
,
2
,
.
.
.
,
n
.
l
e
t
,
i
Furthermore,
fui: M/ry forT
!i.'-lf
with
C
integer
the
we
take
inverse of Ml modulo rz;. For the ciphertext,
C:br,r,(modM),
0<C <M.
j-r
The integers e r, 2, ..., n serve as the write subkeys of the cipher.

To retrieve the 7th file F; from the ciphertext C, we simply note that
Fi=C(modm),0(F;1mi.
We call the moduli my r/121...r mn the read subkeys of the cipher. Note that
knowledgeof mi permits accessonly to file7; for accessto the other files, it is
necessaryto know the moduli other than mi.
We illustrate the enciphering and deciphering proceduresfor databaseswith
the following examPle.
Example. Suppose our database contains four files Fr, Fz, F3,lfid Fa,
re pre s ent edby ih" b i n u .y i n te g e rs(0 1 I l )2 , (1 0 0 1 )r, (t t00)2, i ID d (t t t t)2, or
Fz:9, Ft: 12 and Fq: 15' We pick four
in decimal notationFr:7,
p r i m e s , f i l r : 1 1 ,m 2 : 1 3 , t r l 3 : 1 7 , a n d t r l 4 : 1 9 , g r e a t e r t h a n t h e
corresponding integers representing the files. To encipher this database, we
228
Cryptology
use the chinese remaindertheorem to find the ciphertext

c which is the
p o s i t i vien t e g ew
r ith C=7(modlt), C=9(moit3),
C= 12(modl7),
a n d c = 1 5 ( m o dl 9 ) , l e s st h a nM : l l . l 3 . l 7 . l 9 : 4 6 1 g 9 .
T o c o m p u t ec
we
first
find
M r - . 1 3 . 1 7 . 1: 9 4 1 9 9 , M z : 1 l . l 7 . l g : 3 5 5 3 ,
M t : l 1 ' 1 3 ' 1 9 : 2 7 1 7 ,a n d M t - l l . l 3 . 1 7 : 2 4 3 1 .
W . e a s i l yf i n d t h a t
l 0 , . p r : l l a n d / + : l g a r e i n v e r s eosf M i m o d u l o
lr-7,y2:
mj for
j:1,2,3,4.
H e n c e t, h e w r i t e s u b k e y sa r t ae 1 : 4 1 9 9 . i : 2 9 3 9 3e, 2 :
3 5 5 3 ' 1 0 : 3 5 5 3 0 e, 3- 2 7 l 7 . l l : 2 g g g 7 a
, n de, o : 2 4 3 l . l g : 4 3 7 5 g .T o
constructthe ciphertext,we note that
Q :
e1F1l
e 2 F 2 * e 3 F 3* e q F c
= 2 9 3 9 3 .7+ 3 5 5 3 0 .9+ 2 9 887.12+ 43758.15

= 1540535
= 1 6 2 9 8 (m o d 4 6 1 8 9 ),
so that c:16298.
The read subkeys are the integers mi, j - 1,2,3,4. To
recover the file F7 from C, we simply find the least positive residue
of C
modulo rn7. For instance,we find F1 by noting that
Fr=16298=7(modtl).
We now discuss another application of cryptography, namely a method
for
sharing secrets. Suppose that in a communications network,- there
is some
vital, but extremely sensitiveinformation. If this information is distributed
to
several individuals, it becomesmuch more vulnerable to exposure; on the other
hand, if this information is lost, there are serious consequences.An example
of such information is the master key K used for accessto the password file
in a computer system.
In order to protect this master key K from both loss and exposure, we
construct shadows kv kz, ..., k, which are given to r different individuals.
We will show that the key K can be produced easily from any s of these
shadows, where s is a positive integer less than r, whereas the knowledge of
less than s of these shadows does not permit the key K to be found. Because
at least s different individuals are needed to find K, the key is not vulnerable
to exposure. In addition, the key K is not vulnerable to loss, since any .t
individuals from the r individuals with shadows can produce K. Schemeswith
the propertieswe have just describedare called (s,r) threshold schemes.
To develop a system that can be used to generate shadows with these
properties, we use the chinese remainder theorem. we choose a prime p
greater than the key K and a sequence of pairwise relatively prime integeis
rTtb ftiz, ..., ffir that are not divisible by p, such that
229
7.6 Some Applications to Computer Science
1lttr,
mt1mz1
and
0.7)
tTlt lllz
ffi,
frlFs*z
Pffirffir-t
of the
Note that the inequality (7.7) states that the product of the s smallest
the
of,
largest
s-l
p
the
and
product
of
integers n; is g."utr.- than the
is
A/p
then
n'
tttttTtz
M
if
intelgersm'1. nt-om Q.l), we see ttrat
mi.
intege$
of
the
s-l
of
greater than the product of any set
Now let I be a nonnegativeinteger less than M /p that is chosenat random.
Let
Ko: K * tP'
Ko(
sothat0(
(M/p)p: M).
M-l
(since0(
Ko:K*tp<
p+tp:(l+l)p(
To producethe shadowskr kz, ..., kr, we let k1 be the integer with

ki = Ks (mod rn;), 0 (
k; I
mi,
for 7 : 1,2,...,r. To see that the master key K can be found by any s
individuals possessingshadows,from the total of r individuals with shadows,
supposethat the s shadows ki,,ki,,..., ki, are available. Using the Chinese
remainder theorem, we can easily find the least positive residue of Ks modulo
ftri,. Since we know that 0 ( Ko < M 4 Mi,
Hj,ffij,
Mi where Mi:
- tp.
we can determine Ks, and then find K : Ko
On the other hand, suppose that we know only the s 1 shadows
kr,, k,r, ..., k,,-r. By the Chinese remainder theorem' we can determine the
: ffii,ffii,
Hi,-,' With
least positive residue a of Ks modulo M; where Mi
is the least
a
is
that
Ks
these shadows, the only information we have about
(
we only
<
Consequently,
M
Ko
0
positive residue of Kq modulo Mi and
know that
Ko:a*xM;,
From 0.1), we can conclude that M /Mi ) p, so
where 0 ( x < M/Mt
that as .r ranges through the positive integers less than M lM, o x takes every
: 1,2, ...,s ,
va l u e i n a f ull s et of r e s i d u e smo d u l op . Si n c e (m 1 ,P ): I for i
:
l, and consequently,a * xMi runs through a full set
we know that (Mi,p)
of residues modulo p as x does. Hence, we see that the knowledge of s-l
shadows is insufficient to determine Ko, as Ks could be in any of the p
230
Cryptology
congruenceclassesmodulo p.
we use an example to illustrate this threshold scheme.
Example. Let K :4 be the master key. we will
use a
s c h e m e o f t h e k i n d j u s t d e s c r i b e dw i t i r p - 7 , r 1 1 :
ll,
trt3:17, so thatM : Dtirt2:132 ) pmt: ll9.
We pickt
from among the positive integers less than M
/p : 132/7. This
Ko: K i tp :4
(2,3) threshold
ftr2:12, and
:iqrandomly
gives us
* 1 4 . 7: 1 0 2 .
The three shadows kvkz, and ft3 are the least positive residues
of Ks modulo
l7lt, f/12,and m3, i.e.
kr = 102= 3 ( m o dl l )
kz = 102 = 6 (mod 12)
kt = 102 = 0 (modl7),
so that the three shadowsare kl : 3, kz:6,
and kr : 0.
We can recover the master key K from any two of the three shadows.
Suppose we know that kr: 3 and kr : 0. Using the Chinese remainder
theorem, we can determine Ks modulo n7t/tt: ll.lj - lg7, i.e. since
Ko = 3 (mod ll)
and Ko = 0 (mod 17) we have ko = 102 (mod 1g7).
S inc e 0 ( K o < M :1 3 2 < 1 8 7 , w e k n o w t hat K 6 :102, and consequentl y
the master key is K : Ks - tp : lO2 - 14.7 : 4.
We will develop another threshold scheme in problem 12 of Section g.2.
The interested reader should also consult Denning [47] for related topics in
cryptography.
7.6 Problems
l.
2.
Supposethat the databaseI contains four files, F1 :4, Fz- 6, Ft: 10, and
F + : 1 3 . L e t m l : 5 , n t z : 7 , f t i 3 - l l , a n d m a - 1 6 b e t h e r e a d s u b k e v so f t h e
cipher used to encipher the database.
il
What are the write subkeysof the cipher?
b)
what is the ciphertext c corresponding to the database?
When the database I with three files Fr Fz, and ^F3is enciphered using the
method described in the text, with read subkeys ft:1 : 14, fir2: 15, and
nt3:19, the correspondingciphertext is c:619.
If file F3 is changed from
Fr - ll to F3 : 12, what is the updated value of the ciphertext c?
7.6 So m e A pplic at ion s to C o m p u te r Sc i e n c e
3.
4.
231
a (2'3) threshold
Decompose the master key K : 3 into three shadows using
:
8' t/tz: 9' m3 : ll
5' mr
schemeof the type describedin the text with p
and with t -- 13.
three pairs of shadows
Show how to recover the master key K from each of the
found in Problem 3.

2.
files from
Using the system describedin the text, encipher databasesand recover
databases'
of
version
the ciphertext
(see problem 2)'
Update files in the ciphertext version of databases
3.
Find the shadowsin a threshold schemeof the type describedin the text.
4.
Recover the master key from a set of shadows'
l.
Primitive Roots
8.1 The Order of an Integer and primitive Roots

From Euler's theorem, if m is a positive integer and if a is an integer
relatively prime to m, then s6(m) = | (mod m). Therefore, at least one
positive integer x satisfiesthe congrueneea* = 1 (mod rz). Consequently,by
the well-ordering property, there is a least positive integer x satiifying this
congruence.
Definition. Let a and m be relatively prime positive integers. Then, the least
positive integer x such that e* = I (mod z) is called the order of a
modulo m.
We denote the order of a modulo m by ord_a.
Example. To find the order of 2 modulo 7, we compute the least positive
residuesmodulo 7 of powers of 2. We find that
2t = 2 (mod7), 22
4 (mod 7), 23
I (mod 7).
Therefore, ord,72: 3 .
Similarly, to find the order of 3 modulo 7 we compute
3t
3e
3 (mod 7), 32 : 2 (mod 7), 33 = 6 (mod 7)

4 (mod 7) , 3s = 5 (mod 7) , 36 = I (mod 7).
We see that ord73 : 6.
233
8.1 The Order of an Integer and PrimitiveRoots
a* = I (mod m), we need

In order to find all solutionsof the congruence
the followingtheorem.
> 0, then the
Theorem 8.1. lf a and n ate relatively prime integerswith n
(mod
if and only
=
n)
I
a'
positiveintegerx is a solutionof the congruence
if ord,a I x.
Proof. If ordra I x, then x : k'ordnc wherek is a positiveinteger' Hence,
(modn).
a* -ok'ord'a:(ao'd'o)k =l
write
Conversely,if a* = I (mod n ), wo first use the division algorithm to
0 ( r ( ordra.
x : q'ordna * r,
From this equation, we see that
a,
oa'ord.a*r -
(aord,o)e gr -
a,
(mod n).
(mod n). From the inequality

Since a' = I (mod n), we know that a' = I
: ordna is the
0 ( r ( ord, Q, we conclude that r:0, since, by definition, y
(mod
n). Because f :0, we have
least positive integer such that.av = I
x : a'ordna. Therefore,ordna I x. D
This theorem leads to the following corollary'
Corollary 8.1. lf a and n are relatively prime integers with n ) 0, then
ordna
I Ofu).
Proof. Since (a,n) : 1, Euler's theorem tells us that
qb('\:
l (modn).
Using Theorem 8.1, we concludethat ordra I O(n)' n

We can use Corollary 8.1 as a shortcut when we compute orders. The
following example illustrates the procedure.
: 16.
Example. To find the order of 5 modulo 17, we first note that 0(ll7)
sinceihe onty positivedivisorsof 16 are 1,2,4,8, and 16, from corollary 8.1
these are the only possiblevalues of ord175. Since
5r = 5 (mod l7),52 = 8 (mod l7),54:13 (modl7),
58 = 16 ( mo d 1 7 ), 5 1 6= I (mo d l 7 ),
we conclude that ord175- 16.
234
Primitive Roots
The following theorem will be useful in our subsequentdiscussions.

Theorem 8.2. rf a and n are relatively prime integers with n ) 0, then
ai = aj , (mod n) where r and 7 are nonnegative integers, if and only if
i = j (mod ordna).
Proof. Supposethat i = j (mod ordna), and 0 < j < t. Then, we have

i : j * k'ordra, wherek is a positiveinteger. Hence,
ai : ojrk'ord'a : aj(ao'd.o)o = a/ (mod n ).
sinceoord'a=l(modn).
Conv er s elyas
, s u meth a t a i = a r (mo d n ) w i th i > j . S i nce (a,n):
know that (ai,n) : 1. Hence, using Corollary 3.1, the congruence
l, we
ai = ai ai-i = ai (mod n)
implies, by cancellationof a/, that
ai-j:
I (modn).
From Theorem 8.1, it follows that ordra divides i - j, or equivalently,

j (mod ord,a). tr
=
i
Given an integer n, we are interested in integers a with order modulo n
equal to Qfu). This is the largest possibleorder modulo r.
Definition. If r and n are relatively prime integers with n ) 0 and if
ordrr :6h),
then r is called a primitive root modulo n.
Example. We have previously shown that ord73 : 6 : 00). Consequently,3
is a primitive root modulo 7. Likewise, since ord75 : 6, as can easily be
verified, 5 is also a primitive root modulo 7.
Not all integers have primitive roots. For instance, there are no primitive
roots modulo 8. To see this, note that only integers less than 8 and relatively
p r i m e t o 8 a r e 1 , 3 , 5 , a n d 7 , a n d o r d 3 l : l , w h i l eo r d s 3 : o r d s 5 : o r d s 7 : 2 .
Since d(8) : 4, there are no primitive roots modulo 8. In our subsequent
discussions,we will find all integers possessingprimitive roots.
To indicate one way in which primitive roots are useful, wo
following theorem.
the
Theorem 8.3. lf r and n are relatively prime positive integers with n ) 0

and if r is a primitive root modulo n, then the integers
235
8.1 The O r der of an I n te g e r a n d P ri mi ti v e R o o ts
tl , f2' "'' '6b)
form a reduced residue set modulo n.

root r form
Proof. To demonstratethat the first @(r) powers of the primitive
they are all
a reduced residue set modulo n, we only need to show that
n.
modulo
congruent
are
no
two
that
relatively prime to n, and
(rk,n):1
i t f o l l o w sf r o m p r o b l e m8 o f S e c t i o n2 ' 1 t h a t
Since G,n):1,
prime
to n '
relatively
all
for any positive integer k. Hence, these powers are
that
To show that no two of these powers are congruent modulo n, assume
ri = r/ (mod n ) .
(mod Qfu))'
However' for
From Theorem 8.2, we see that i = i
(mod
=
i
d(n)) implies
/
I < t ( O(n) and 1 < j < 0h), the congruence
n. This
modulo
congruent
are
powers
:
j . Hence, no i*o of these
that i
D
r.
modulo
showsthat we do have a reduced residue system
Note that 2 is a primitive root modulo 9, since
Example.
first
22 = 4,2t = g, and 26 = I (mod 9). From Theorem 8.3, we see that the
are
These
9.
modulo
system
residue
:6
powers of 2 form a reduced
OO)
(mod
=
(mod
9),
7
24
(mod
=
9),
8
23
(mod
=
9),
4
22
9),
Zt = 2
(mod
=
(mod
9).
1
9), and 26
2s = 5
a primitive root, it usually has many primitive
When an integer possesses
roots. To demonstratethis, we first prove the following theorem'
Theorem 8.4. If ord-a : / and if r,l is a positive integer, then
o rd - (a " ) : t l Q,D .
v:(t,u),
Proof. Let J:ord-(a"),
(r
yu1) : l.
that
know
Proposition2.1, we
t:tvv,
and u:tltv'
From
Note that
(a")t':
( a r ' , ) Q l v ): ( a t ) u ' :
I ( m o d r n) ,
since ord.â : t. Hence, Theorem 8.1 tells us that s I tr'

On the other hand, since
(a \t
: e u s = I (mo d rn ),
we know that I I zs. Hence, tp
I u1vs, slld consequently,tt | ,tt.
Since
236
Primitive Roots
Q6u):
l , u s i n gL e m m a 2 . 3 , w e s e et h a t / , |
".
N o w , s i n c es I t r a n d t , I r , w e c o n c l u d et h a t , s : I
t:
proves the result. tr
t/v : t/(t,u). This
We have the following corollary of Theorem g.4.

Corollary 8.2. I et r be a primitive root modulo z where
m is an integer,
m 2 r. Then r' is a primitive root modulo m if and,only if (u,o(d
) : l:
Proof. From Theorem 8.4, we know that
ord,^r' : ord^rf (u,ord*r)
: Q ( m ) / f u , 0 @. D
consequently, ord- ru : efu),

onlyif (u,Q(m)) : t. D
and ru is a primitive root modulo m, if and
This leads immediately to the following theorem.

Theorem 8.5' If the positive integer m has a primitive root, then
it has a
total of Q@fu)) incongruent primitive roots.
Proof. Let r be a primitive root modulo rn. Then Theorem 8.3
tells us that
the integers r, 12,...,vbh) form a reduced residue system modulo ,,.
From
Corollary 8.2, we know that r" is a primitive root modulo rn if
and only if
(u , a( *) ) :
l. s i n c e th e re u t" r* " " i l y o @ @)) such i ntegersa, there are
exactly 0@@)) primitive roots modulo ru. tr
Example. Let m: 11. A little computationtells us that 2is a primitive
root
m odulo 11. s inc e l l h a s a p ri mi ti v e ro o t, w e know that 11 has
a@ ol )) :4
incongruent primitive roots. It is easiry seen that 2, 6,7, and g are
four
incongruent primitive roots modulo I l.
8.1 Problems
1. Determine the
a) order of 2 modulo 5
b) order of 3 modulo l0
c) order of l0 modulo 13
d) order of 7 modulo 19.
237
8.1 The Order of an Integer and Primitive Roots
2.
Find a primitive root modulo
il4
b)5
c) l0
d) 13
e) 14
f) 1 8 .
3.
Show that the integer 12 has no primitive roots'
4.
How many incongruent primitive roots does 13 have? Find a set of this many
incongruent primitive roots modulo 13.
5.
Show that if dis an inverseof c modulo n, then ordna:
6.
Show that if n is a positive integer and a and 6 are integers relatively prime to n
: ordna'ordnb'
such that (ordna, ordnD) : l, then ord'(ab)
7.
when
Find a formula for ordn Gil if a and b are integers relatively prime to n
ordna and ordrb are not necessarily relatively prime'
ordnd.
g.
Decide whether it is true that if n is a positive integer and d is a divisor of Qh),

then there is an integer a with ordna : d.
g.
Show that if a is an integer relatively prime to the positive integer m and

ordâ : s/, then ordât : s .
10. Show that if m is a positive integer and a is an integer relatively prime to z

such that ordâ - tlt - 1, then rr is prime.
I 1. Show that r is a primitive root modulo the odd prime p if and only if
,e_D/e *
I (modp)
for all prime divisors q of P-1.
12.
Show that if r is a primitive root modulo the positive integer m, then i is also a
primitive root modulo m, if i is an inverse of r modulo m '
1 3 . Show that ordp 2 ( 2'*1, where Fn : 2T * I is the nth Fermat number.

1 4 . Let p be a prime divisor of the Fermat number Fn:2v
a)
Show that ordo2 :Zn*r.
b)
From part (a), conclude that 2n+r | (p-1),

z"+rk + l.
* l'
so that p must be of the form
15.
: n and
Let m: an - 1, where a andn are positiveintegers. Show that ordra
conclude that n I O@).
16.
a)
Show that if p and q are distinct odd primes, then pq is a pseudoprime to

and ordo2 | Q-D.
the base 2 if and only if ordo2 | 0-t)
b)
Use part (a) to decide which of the following integers are pseudoprimes to
the base 2: 13'67, 19'73,23'89,29'97.
238
PrimitiveRoots
1 7 . Show that if p and q are distinct odd primes,

then pq is a pseudoprime to the
base
2 if and only if MoMo:
(2p-r)ei-D
ir" prrriJoprime to the base 2.
1 8 . There is a method for deciphering messagesthat

were enciphered by an RSA
cipher, without knowledge of the deciphering key.

This method is based on
iteration. Suppose that the public key ie,il ir"o
ro. enciphering is known, but
the deciphering key (d,il is not. To decipher a ciphertext
block C, we form a
s e q u e n cCet , C z , C 3 , . . . s e t t i n g C r = C " ( m o d n ) , 0
< C 1 1 n a n d C ; + 1E
C7Y(mod n), 0 < Ci+t 1 n for j - 1,2,3,....
a)
Show that C1 = Cd (mod n), 0 1 C1 1 n.
b)
Show that there is an index such that C1: C

and Cj_t : p, where p is
7
the original plaintext message. Show that this
indei 7' is a divisor of
ord,61n,1e
c)
Let n:47'59
and e :17.
to the ciphertext 1504.
Using iteration, find the plaintext corresponding
(Note: This iterative method for

attacking RSA ciphers is seldom successfulin a
reasonable amount of time. Moreover, the primes p
and q may be chosen so
that this attack is almost always futile. See pioblem l3
of Section g.2.)
Write projects to do the following:
l.
Find the order of c modulo rn, when a and m are

relatively
lntegers.
2 . Find primitive roots when they exist.

3 . Attempt to decipher RSA ciphers by iteration (see problem g).
r
8.2 PrimitiveRootsfor primes

In this section and in the one following, our objective
is to determine which
integers have primitive roots. In this ,..tion, we show
that every prime has a
primitive root. To do this, we first need to study porynomial
congru"nces.
Let
c is a
c is a
also a
f (x) be a polynomial with integer coefficients. We say that an integer

root of f (x) modulo m it f(c) = 0 (mod z). It i, *ryio
rr. that if
root of f (x) modulo m, then every integer congruent to c
modulo m is
root.
Example. The polynomial f (i : x2 * x * t has exactly

two incongruent
roots modulo T,namely x = 2 (mod 7) andx = 4 (mod 7).
239
8.2 PrimitiveRoots for Primes
Example. The polynomial gG) : x7 * 2 has no roots modulo 5.

Example. Fermat's little theorem tells us that if p is prime, then the
polynomial hQ) - rP-t - t has exactly p-l incongruent roots modulo p,
n a m e l yx = I , 2 , 3 , . . . ,P - l ( m o dP ) .
We will need the following important theorem concerning roots of
polynomials modulo p where p is a prime.
+ afi * cs be a
Lagrange'sTheorem. Let f (x) : arxn + an4xn-r *
coefficient an
leading
with
potyno.nial of degree n with integer coefficients and
p.
modulo
roots
noi Oiuirible by p. Then f k) has at most n incongruent
rt : l'
Proof. To prove the theorem, we use mathematical induction' When
s
olution
p
r
s
a
m
o
d
u
l
o
o
f
atx I aowithp f c1. A root /G)
* e h a u ef ( ; :
-as
since
(mod
3'7,
Theorem
p).
By
2
of the linear congruence a 1x
is
there
that
so
one
solution,
(a1,p): l, this linear congruencehas exactly
:
l
'
n
for
true
is
theorem
exactly one root modulo p of f G). Clearly, the
- l' and
Now supposethat the theorem is true for polynomials of degree n
by
let fk) U" a polynomial of degree n with leading coefficient not divisible
p'
modulo
roots
incongruent
f
I
n
has
polynomial
G)
ihe
that
p. Assume
f
:0
,1,,...,,fl
.
W e have
s? r!cs , c r , , . . , c sn,o t hat f k ) = 0 (mo d p ) fo r k
rG)- rGo)
]] i .,a_ii',[.,,",
=i:l:'_-,iirr;.,:,;'y,"_;,;;q
"+
ar)y(x-cs) (xn-z * x'-3cg*

* a1(x-cs)
+
: ( x -c s )g (x ),
+ xcfi-3 + c6-2')
- | with leading coefficient a,. we

where g(x) is a polynomial of degree n
g(x)
modulop. Letk be an integer,
are all roots of
now show that c r,cz,....,cn
:
:
(mod
(c)
we have
p),
0
1 < k ( r. Sincef G)
f
: (ct -co)skt) = 0 (mod P) '
f Gr,) f (rr)
: 0 (mod p),
since
gk)
know that
Corollary 2.2, we
From
This
shows
p'
c1,- co# 0 (modp). Hence, c1 is a root of g(x) modulo
- | and has a leading
that the polynomial g(x), which is of degree n
coefficient not divisible by P, has n incongruent roots modulo p' This
contradicts the induction hypothesis. Hence, f G) must have no more than n
incongruent roots modulo p. The induction argument is complete' tr
We use Lagrange's theorem to prove the following result.
240
PrimitiveRoots
Theorem 8.6. Let p be prime and let d be a divisor of p-1.

polynomial xd - I has exactly d incongruent roots modulo p.
Proof. Let p-l
Then the
: de. Then
xP-r- | : (xd-1;1"d(e-t) a rdG-D I

: (xd-l)g(x) .
* x, * l)
From Fermat's little theorem, we see that xP-r - I hasp-l incongruent roots
modulo p. Furthermore, from Corollary 2.2, we know that any root of
xP-t - I modulo p is either a root of x7 - I modulo p or u rooi of g(x)
modulo p.
Lagr ange' st h e o re m te l l s u s th a t g (x ) h as at most dG-l ):
p - d - |
roots modulo p. Since every root of xP-r - I modulo p that is not a root of
- I modulo p, we know that the
g(x) modulo
.p must be a root of xd
poly nom ial x d - | h a s a t l e a s t Q-D d i ncongruent roots
Q-d-r):
modulo p. On the other hand, Lagrange's theorem tells us that it has at most
d incongruent roots modulo p. Consequently, xd - I has precisely d
incongruent roots modulo p. tr
Theorem 8.6 can be used to prove the following result which tells us how
many incongruent integers have a given order modulo p.
Theorem 8.7. Let p be a prime ancl let d be a positive divisor of p-1. Then
the number of incongruent integers of order d modulo p is equat to
o@).
Proof. For each positive integer d dividing p-1, let F@) denote the number
of positive integers of order d modulo p that are less than p. Since the order
modulop of an integer not divisiblebyp dividesp-1, it follows that
p-l :
d lp-l
From Theorem6.6,we knowthat

p-l :
dlp-r
We will showthat F(d) < O@) when d I e-D.

with the equality
dlp-r
dlp-r
This inequality,together
241
8.2 Primitive Roots for Primes
implies that F (d) : O@) for each positive divisor d of p-1.
If F(d) :0, it is clear that F(d) < O@). Otherwise,

L e t d l b-l).
of orderd modulop. Sinceotdra : d, the integers
a
integer
is
an
there
a, a2t .", Qd
are incongruent modulo p. Furthermore, each of these powers of a is a root

- (ad)k = | (modp) for all positive
of *d -1 modulo p, since bk)d
- I has exactly d
integers k. From Theorem 8.6, we know that xd
incongruent roots modulo P, So every root modulo p is congruent to one of
these powers of a. However, from Theorem 8.4, we know that the powers of
l' There are exactly
a with order d are those of the form a& with (kd):
if there is one
consequently,
and
d,
O@) such integers k with I < k <
exactly
be
p,
must
there
0U) such positive
element of order d modulo
'd(d).
integerslessthan d. Hence, FU) <
Therefore, we can conclude that F (d) : OU), which tells us that there are
precisely O@) incongruent integers of order d modulo p ' D
The following corollary is derived immediately from Theorem 8'7'
Corollary 8.3. Every prime has a primitive root'
Proof. Let p be a prime. By Theorem 8.7, we know that there ate |Q-l)
modulo p. Since each of these is, by
incongruent integers of order p-l
primitive roots.
p
has
6Q-l)
definition, a primitive root,
The smallest positive primitive root of each prime less than 1000 is given in
Table 3 of the APPendix.
8.2 Problems
1. Find the numberof primitive rootsof the followingprimes:
a)
b)
c)
2.
3.
7
l3
t7
d)
e)
f)
19
29
47.
-r
Let r be a primitive root of the prime p with p = | (mod 4)' Show that
also a primitive root.
is
: I (mod 4), there is an integer x such that

Show that if p is a prime and p
-l
(Hint:
(modp).
Use Theorem 8.7 to show that there is an integer x
x2 =
of order 4 modulo P.)
242
PrimitiveRoots
4 . a)
b)
5 . il
6.
Find the number of incongruent roots modulo 6 of the polynomialx2 - x.

Explain why the answer to part (a) does not contradict Lagrange's theorem.
Use Lagrange's theorem to show that if p is a prime and
is a
/(x)
polynomial of degree n with integer coefficients and more than n roots
modulo p, then p divides every coefficientof /(x).
b)
Let p be prime. Using part (a), show that every coefficient of the
p o l y n o m i afl ( x ) : ( x - l ) ( x - D . . . ( * - p + l )
- x p - t + I i s d i v i s i b t e b yp .
c)
Using part (b), give a proof of Wilson's theorem. (Hint:

constant term of f (x).)
Find the least positive residue of the product of a set of

d(p_t)
primitive roots modulo a prime p.
Consider the
incongruent
7 . A systematic method for constructing a primitive root modulo a prime p is

outlined in this problem. Let the prime factorization of
ee)
: q\'q';
q',, whereQr, ez, ..., qt areprime.
: p-l
be
p-l
a)
Use Theorem 8.7 to show that there are integers d1, a2,...,a, such that
o r d r a t : q ' i , o r d r a 2 : q | , . . . , o r d o a ,: q : , .
b)
Use problem 6 of section 8.1 to show that a : aflz-.. a, is a primitive root

modulo p.
c)
Follow the procedure outlined in parts (a) and (b) to find a primitive root
modulo 29.
8 . Let the positive integer n have prime-power factorization n:
pl,pi,...p?.
Show that the number of,incongruent bases modulo n for *tti.tt
n is a
pseudoprimeto that base is I
(n -1, pi-D .
9 . Use problem 8 to show that every odd composite integer that is not a power of 3
is a pseudoprimeto at least two basesother than i l.
1 0 . Show that if p is prime and p :2q
! l, where q is prime and a is a positive

integer with I 1 a I p-1, then p -a2 is a primitive root modulo p.
I l.
il
Suppose that /(x) is a polynomial with integer coefficientsof degree n-1.

Let x1,x2,...,xn be n incongruent integers modulo p. Show that for all
integers x, the congruence
.f k)
i-t
i-_t,
t^rold^s'
is an inverse of xj-xi (mod n ). This technique
-.*h"1". F
for finding f (x) modulo p is called Lagrange interpolation.
243
8 .3 Th e E x is t enc e o f P ri mi ti v e R o o ts
b)
Find the least positive residue of /(5) modulo 1l if /(x) is a polynomial of

-S,f Q) = 2,andf G) = 4 (mod l1).
d e g r e e3 w i t h f 0 )
12. In this problem, we develop a threshold scheme for protection of master keys in a
computer system, different than the scheme discussed in Section 7.6. Let f (x)
be a randomly chosen polynomial of degree r-1, with the condition that K, the
master key, is the constant term of the polynomial. Let p be a prime, such that
p > K and p ) s. The s shadows krkz, ..., k, are computed by finding the
least positiveresidueof f G) modulo p for i :1,2,..., s where xt,xz,...,.xr are
randomly chosenintegers incongruent modulo p, i.e.,
ki = f(x;)
(modp), o (
k; ( p,
for; a)
Use Lagrange interpolation, described in problem I l, to show that the

master key K can be determined from any r shadows.
b)
Show that the master key K

shadows.
c)
4x3+xz+
Let fG):
t:4,
and s:7.
p:47,
Let K:33,
3lx + 33. Find the seven shadows correspondingto the values of /(x) at
1 , 2 , 3 , 4 , 5 , 6a,n d 7 .
d)
Show how to find the

and / (4) .
cannot be determined from less than r
key from the four shadows

f 0), f Q), f Q),
13. Show that an RSA cipher with enciphering modulus n: pq is resistant to attack
l,
I and q:2q'*
b y i t e r a t i o n ( s e e p r o b l e m 1 8 o f S e c t i o n8 . 1 ) i f p : 2 p ' +
where p' and q' are primes.
1.
Find a primitive root of a prime using problem 7.
2.
Implement the threshold schemegiven in problem 12.
8.3 The Existenceof Primitive Roots

In the previous section,we showed that every prime has a primitive root. In
this section, we will find all positive integers having primitive roots. First, we
will show that every power of an odd prime possessesa primitive root. We
begin by consideringsquaresof primes.
Theorem 8.8. If p is an odd prime with primitive root r, then either r or
244
PrimitiveRoots
r * p is a primitive root modulo p2.

Proof. Since r is a primitive root modulo p, we know that
ordrr:0Q):p-1.
Let n : ordozr,so that
r'=
I (modp2).
since a congruencemodulo p'obviously holds modulo p, wa have

rn = I (modp).
From Theorem 8.1, it follows that
p-l:
ordrrl n.
On the other hand, Corollary g.l tells us that
nlOQ2):p(p-t).
Since n I p(p-t) and p-l I n,, either n : p-l o r n : p ( p - l ) .
If
n : p (p-l), then r is a primitive root modulop2, since
ordrrr : Q(pz).
Otherwise,
we haven : p-1, so that
(s.1)
rP-t=1(modp2).
Let s : r+p. Then, sinces E r (mod p), s is also a primitive

root modulo
p. Hence, ordo"r equals either p-l
or p (p-l).
we will show that
ordo,r * p-1. The binomial theorem tells us that
. r p- r : ( r t p) o -r
: 7 p -t +
Q_ D ro -rp
z
* 1p;I)rr_rp, +
v 4 -t + (p -D p .rP-2 (mod p2).
Hence, using (S.t), we seethat

sP-r = I + (p-l)p.70-2:
l - prp-z (modp2).
From this last congruence,we can conclude that

sp-t# l (modp2).
To see this, note that if 5P-l : l^(mod p2), then prp-z = 0 (modp2).
This
last congruence implies that rp-2 = 0 (mod p), which is impossible,
since
245
8 .3 Th e E x is t enc e o f Pri m i ti v e R o o ts
:
p tr , (remember r is a primitive root of p). Hence, ordrus
:
a
p'
'
r*p is a primitive root of
Consequently,s
O $\.
p (p -l)
Example. The prime p :7 has r : 3 as a primitive root. From the proof of

:49' si nce
Theore m8. 8, we s eet h a t r : 3 i s a l s o a p ri mi ti v e ro ot modul op2
rP-t - 36 + I (mod 49) '
We note that it is extremelyrare for the congruence
rP-t = I (modp2)
to hold when r is a primitive root modulo the prime p. Consequently,it is
very seldom that a primitive root r modulo the prime p is not also a primitive
root modulo p'. The smallestprime p for which there is a primitive root that
is not also a primitive root modulo p2 is p : 497. For the primitive root l0
modulo 487, we hav e
10486: 1 (mod 4872).
Hence, l0 is not a primitive root modulo 4872,but by Theorem 8.8, we know
that 497: 10 + 487 is a primitive root modulo 4872.
We now turn our attention to arbitrary powersof primes.
Theorem 8.9. Let p be an odd prim e, then pk has a primitive root for all
positive integers ft . Moreover, if r is a primitive root modulo p2, then r is a
primitive root modulo po, for all positiveintegersk.
Proof. From Theorem 8.8, we know that p has a primitive root r that is also
a primitive root modulo P2, so that
(8.2)
rp-t # 1 (modp2).
Using mathematicalinduction,we will prove that for this primitive root r,
(8.3)
yn'-'$-t) 1 I (m o d p ft)
for all positive integersk. Once we have establishedthis congruence,we can

show that r is also a primitive root modulo pk by the following reasoning. Let
n : ord6r.
From Theorem 6.8, we know that n I OQ\:
h and, s inc e
O*-r(p-l).
On the other
246
PrimitiveRoots
7n -
I (modpk),
we also know that

rn = I (modp).
Fr om T heor em 8 .1 , w e s e e th a t p -l : 6 e )
r, and
| n. B ecausee-D l
n I o*-rQ-I),
we know that n:'p'(p-l),
w h ' e r el i s a n i n t e g e rs u c h t h a t
0 ( r ( k-t. If n: p'(p-l) with/ < k-2, then
7p'-2(p-t): (7p'@-t)1r'-rn:
l (mod pk),
whic h would c o n tra d i c t (8 .3 ). H e n c e , ordotr : pk-t

b-D
Consequently,r is also a prirnitive root modulo pk.
: oeo).
All that remains is to prove (8.3) using mathematical induction. The case
of k:2 follows from (8.2). Let us assumethe assertionis true for the positive
integerk>2.Then
7 n t-t(t_ t)# l (mo dpk).
since G,p) : l, we know that (r,pk-t) : 1. consequently, from Euler's
theorem,we know that
vPL-2(o-D :
Therefore,there
,Q(Pk-tt
an integer d such that

y o ' -' Q-t): I * d p k -t,
wherep trd, sinceby hypothesisyP'-'(P-t)* t (moApk). W e take the pth

powerof both sidesof the aboveequation,to obtain, via the binomial theorem,
yP'-'(P-l)
0 + dp*-t1o
| + p@pt-r, * (|)o'Urk-t)2 +
* (dpk-t1n
| * dpk (modpo*').
Sincep I d, we can conclude
that
,.P^-'(P-r)
# I (mod po*t).
completesthe proof by induction. tr
Example. From a previous example, we know that r : 3 is a primitive root
247
8.3 The Existenceof PrimitiveRoots
: 3 is also a primitive
modulo 7 and 72. Hence, Theorem 8.9 tells us that r
root modulo 7k for all positive integers k.
It is now time to discusswhether there are primitive roots modulo powers of
Z. We first note that both 2 and 22: 4 have primitive roots, narnely 1 and 3,
respectively. For higher powers of 2, the situation is different, as the following
theorem shows;there are no primitive roots modulo these powers of 2.
Theorem 8.10. If a is an odd integer, and if k is an integer, k )
: e 2 ' -' :
a OQL )/2
3, then
1 (mo d 2 k).
We prove this result using mathematical induction. If a is an odd

integer, then a : 2b t 1, where b is an integer. Hence,
proof.
a 2 : ( 2 b + 1 ) 2:
4 b 2+ 4 b * I : 4 b $ + 1 ) + 1 .
Since either b or b * 1 is even, we see that 8 | 4b (b + l), so that

a2 :- I (mod 8).
This is the congruenceof interestwhen k :3.
Now to complete the induction argument, let us assumethat
a2'-' = I (mod 2k) .
Then there is an integer d such that
e2'-': l+d'zk.
Squaring both sides of the above equality, we obtain
e 2 ' -' : | + d 2 k + r q 4 2 2 zk.
This yields
e2'-'= 1 (modzk+r),
which completes the induction argument. n
Theorem 8.10 tells us that no power of 2, other than 2 and 4, has a
primitive root, since when a is an odd integer, ord2ta # OQk) , since
a6Q')lz : 1 (mod 2k) .
Even though there are no primitive roots modulo 2k for k > 3, there always
is an element of largest possible order, namely OQ\ I 2, as the following
theorem shows.
248
PrimitiveRoots
Theorem 8.11. Let k 7 3be an integer. Then

o r d 2 . 5: O ( Z k ) D : 2 k - 2 .
Proof. Theorem 8.10 tells us that
52'-' = I (mod 2k).
for k 2 3. From Theorem 8.1, we see that ordr.S I Z*-2. Therefore, if we
show that ordr.5 | 2l"-t , we can conclude that
ord2.5- 2k-2.
To show that ordr,S tr 2k-3, we will prove by mathematical induction that
fork)3,
52,-'= | + 2k_t *
I (mod 2k).
For k : 3. we have
5:l+4(mod8).
Now assumethat
52'-': l+zk-I (mod2ft).

This meansthat thereis a positiveintegerd suchthat
S 2 ' - ' _ ( 1+ 2 k - r ) + d Z k .
Squaringboth sides,we find that
52'-': (l + 2k-t)2 + 20 + zk-t)dZk + (dzk)z
so that
52,-,= 0 + 2k-r)2 : | + 2k + 22k-2 :
I + 2t (mod Zk+\ .
This completesthe induction argument and showsthat

ordr'5 : O(2k)/2' tr
We have now demonstratedthat all powers of odd primes possessprimitive
roots, while the only powers of 2 having primitive roots are 2 and 4. Next, we
determine which integers not powers of primes, i.e. those integers divisible by
two or more primes, have primitive roots. We will demonstrate that the only
positive integers not powers of primes possessingprimitive roots are twice
249
powers of odd primes.

We first narrow down the set of positive integers we need consider with the
following result.
Theorem 8.12. If r is a positive integer that is not a prime power or twice a
prime power, then n does not have a primitive root.
Proof. Let n be a positive integer with prime-power factorization
,-p\,p'i...p';.
Let us assume that the integer n has a primitive root r. This means that
(r,n ) : I and or dn r :6 h ).
Si n c e (r,n ) : l , w e know that (r,p' ) : l ,
wheneverpt is one of the prime powers occurring in the factorization of r. By
Euler's theorem, we know that
ro@') :
I (mod P) .
Now let U be the least common multiple of Q(p'r), OQ'il,..-,0(p';), i-e.
u : [oQ\'),aQ'il,...,0b'il1.
SinceObh I U, we know that
ru = t (modP,l')
we seethat
for i : l, 2 ,...,m . From this last congruence,
ordrr:6Q)<U.
From Theorem6.4, since@is multiplicative,we have
Qh) : oi\'p?''' p';): 6(p't')o7'il
ob';l'
This formulafor d(n ) and the inequality$fu) < U imply that
ob'il\.
oQ\')o,'il''' oa'il ( td(p'r'),oQ';)'...,
Since the product of a set of integers is less than or equal to their least
common multiple only if the integers are pairwise relatively prime (and then
the less than or equal to relation is really just an equality), the integers
Q(p'r'),0$';),..., OQ';) must be pairwise relatively prime'
250
Primitive Roots
We notethat e(pt) : rt-r(p-l), so that ee,) is evenif p is odd,or if

p : 2 and t > Z. Hence,the numberse(p'r'),Oe'il,...,
Oe,;\ are not
p air wis er elat iv e l yp ri m e u n l e s sm: I a n d n i s a pri mspow er o,
* :2
and
the factorization of n is n : 2p', where p is an odd prime and / is a positive
integer. tr
We have now limited considerationto integers of the form n : 2p,, where

p is an odd prime and r is a positive integer. We now show that
all such
integers have primitive roots.
Theorem 8.13. rf p is an odd prime and r is a positive integer, then 2pt
possesses
a primitive root. In fact, if r is a primitive root modulopt, then if r
is odd it is also a primitive root modulo 2pt, while if r is even, r * pt is
a
primitive root modulo 2pt.
Proof. If r is a primitive root modulo pt , then
rob') = I (modp,),
and no positive exponent smaller than 6(pt) has this property. From Theorem
-6.4, we note that O(zp') :
0Q) 66t7 :
e(p,), so that ,6(2n')
1 (mod p') .
If r is odd, then
,o(zp')= I (mod 2).
Thus, by corollary 3.2, we see that rQQp';: I (mod 2p,). since no smaller
power of r is congruent to I modulo 2pt , we conclude that r is a primitive
root modulo 2pt .
On the other hand, if r is even, then r * p '
(r + P'10{zP')
Hence,
I (mod 2)
Since r * p' = r (mod p'), we see that

G * pt )QQP')
I (mod p' )
Therefore, (r + ot1oQfl:
I (mod 2p'), and as no smaller power of r *pr is
congruent to 1 modulo 2pt , we conclude that r * p' is a primitive root modulo
2 p' . r t
Example. Earlier
this section we showed that 3
a primitive root modulo
251
7t for all positive integers /. Hence, since 3 is odd, Theorem 8.13 tells us that
3 is also a primitive root modulo 2'7t for all positive integers /. For instance,
3 is a primitive root modulo 14.
positive
Similarly, we know that 2 is a primitive root modulo 5' for all
*
5t is a
integers/. Hence, since 2 + 5t is odd, Theorem 8.13 tells us that 2
primitive root modulo 2.5t for all positive integers f. For instance,2T is a
primitive root modulo 50.
Combining Corollary 8.3 and Theorems8.9, 8.12,8.13, we can now describe
which positive integers have a primitive root.
Theorem 8.14. The positive integer n possessesa primitive root if and only if
fr :2,4, p', or 2pt,
where p is an odd prime and / is a positive integer.
8.3 Problems
l.
Which of the integers 4,10,16,22and 28 have a primitive root?
2.

a)
b)
3.
c)
d)
r72
D2.
Find a primitive root, for all positive integers k, modulo

a)
b)
4.
lf
B2
3k
lle
c)
d)
l3k
nk.

a)6c)26
18
b)
e)
338.
5.
Find all the primitive roots modulo 22.
6.
Show that there are the same number of primitive roots modulo 2pt as there are
of p' , where p is an odd prime and r is a positive integer.
7.
Show that if rn has a primitive root, then the only solutions of the congruence
x2 = I (mod m) are x E t I (mod z).
252
PrimitiveRoots
8.
Let n be a positive integer possessinga primitive root. Using this primitive root,
prove that the product of all positive integers less than n and relatively prime to
n is congruent to -l modulo n. (When n is prime, this result is Wilson's
Theorem.)
9.
Show that although there are no primitive roots modulo 2& where k is an integer,
k > 3, every odd integer is congruent to exactly one of the integers (-1)"50,
where a:0
or I and B is an integer satisfying0 < B ( 2ft-2-1.

l.
Find primitive roots modulo powers of odd primes.
2.
Find primitive roots modulo twice powers of odd primes.
8.4 Index Arithmetic

In this section we demonstrate how primitive roots may be used to do
modular arithmetic. Let r be a primitive root modulo the positive integer m
(so that m is of the form describedin Theorem 8.14). From Theorem 8.3, we
know that the integers
r, 12, 13
form a reduced system of residuesmodulo nr. From this fact, we see that if a
is an integer relatively prime to m, then there is a unique integer x with
1(x46@)suchthat
r'
a (modm).
This leads to the following definition.

Definition. Let m be a positive integer with primitive root r. If a is a positive
i n t eger wit h ( a, m): l , th e n th e u n i q u e i n t eger x w i th I (x(d(z)
and
r* = a (mod m) is called the index of a to the base r modulo m. With
this definition, we have a - ,ind'a (mod m ).
If x is' the index of a to the base r modulo m, rhen we write x : indra,
where we do not indicate the modulus m in the notation, since it is assumed"to
be fixed. From the definition, we know that if a and b are integers relatively
prime lo m and a = b (mod m), then ind,a : indrb.
Example. Let m : 7. We have seen that 3 is a primitive root modulo 7 and
253
8.4 l n dex A r it hm eti c
(mod7),
3 r = 3 ( m o d 7 ) , 3 2 = 2 ( m o d 7 ) , 3 3= 6 ( m o d 7 ) , 3 4 = 4
that
(mo
d
=
(
m
od
7
).
I
5) . and 3 6
3 5= 5
Hence, modulo 7 we have
i n d 3 l : 6 , i n d t2 : 2 , i n d l 3 : 1,
i n d 3 4: 4 , i n d r5 : 5 , i n d r6 : 3.
With a different primitive root modulo 7, we obtain a different set of indices.
For instance,calculationsshow that with respectto the primitive root 5,
i n d 5 l : 6 , i n d s 2: 4 , i n d s 3: 5,
ind54 : 2, ind.55: l, inds6 : 3.
We now develop some properties of indices. These properties are somewhat
similar to those of logarithms, but instead of equalities, we have congruences
modulo6@) .
Theorem 8.15. Let m be a positive integer with primitive root r, and let a
and b be integersrelativelyprime to m. Then
( i)
(ii)
(iii)
ind, l = 0 (mo d Qfu )).

ind,Gb) = ind,a * ind,b (mod O@))
-la. ind,a (mod 6h)) if k is a positive integer.
ind,ak
Proof of G). From Euler's theorem, we know that ,6(m): I (mod z).
Since r is a primitive root modulo m, no smaller positive power of r is
congruentto 1 modulo rn. Hence, ind,l : 6(m) = O (mod Qfu)) .
Proof of (ii).
indices,
To prove this congruence, note that from the definition of

,ind'Qil :
ab (mod ,,, )
and
,ind,a*ind,b-
,ind,o
,ind,b = Ab (mOd ,, ).
Hence,
,ind,Gb) =
7ind,a
* ind,D
(mod
rn ).
Using Theorem 8.2, we concludethat

in d ,(a b ) :
i n d ,a * i n d ,b (m o d 6@ )).
254
PrimitiveRoots
Proof of Gii). To prove the congruence of interest, first note that, by

definition, we have
-:
,ind',ar ak (mod m )
and
,k'ind'a
(rind'o)P :
(mod rn).
ak
Hence,
,ind,aL =
rk'
ind'o
(mod
rn ).
Using Theorem 8.2, this leads us immediately to the congruence we want,

namely
ind,ak
ft. ind,a (mod 6fuD,
Example. From the previous examples,we see that modulo 7, ind52: 4 and
i n d 5 3 : 5 . S i n c eA Q ) : 6 , p a r t ( i i ) o f T h e o r e m8 . 1 5 t e l l su s t h a t
i n d 5 6- i n d s 2 . 3 : i n d s 2t i n d 5 3: 4
t 5:9
= 3 ( m o d6 ) .
Note that this agreeswith the value previously found for ind56.
From part (iii) of Theorem 8.15, we seethat
ind53a= 4'inds3 = 4.5 : 20 = 2 (mod 6).
Note that direct computation gives the same result, since
i n d 5 3 a- i n d s Sl - i n d s 4 : 2.
Indices are helpful in the solution of certain types of congruences. Consider
the following examples.
Example. We will use indices to solve the congruence 6xr2 : I 1 (mod 17).
We find that 3 is a primitive root of 17 (since 38 = -l (mod l7)). The
indicesof integersto the base 3 modulo l7 are given in Table 8.1.
a
ind3a
16 14 I
r2 5 l 5
ll
l0
10 1l
3 7
t2
13 l4
t5
16
l3
Table8.1. Indicesto the Base3 Modulo 17.

Taking the index of each side of the congruenceto the base 3 modulo 17,
we obtain a congruencemodulo d(t7) : 16, namely
255
in d 3 (6 x r2 )= i n d 3 l| :' l
(m o d 16).
Using (ii) and (iii) of Theorem 8.15, we obtain

:,
(mod 16).
ind3( 6x r 2)- i n d 3 6* i n d 3 (x 1 2 ) 1 5 + 1 2 ' i nd3x
Hence,
15+12'ind3x=7(mod16)
or
12'ind3x=8(mod16).
Using Corollary 3.1, upon division by 4 we find that
ind3x : 2 (mod 4).
Hence,
ind3x :
2 , 6 , 1 0 ,o r 1 4 ( m o d 1 6 ) .
consequently, from the definition of indices,we find that

x 2 3 2 , 3 6 ,3 t o o r 3 l a ( m o d 1 7 ) ,
(note
this
that
32:- 9,36 : 15,310
17)'
modulo
holds
congruence
(
m
o
d
t
hat
c
o
n
c
l
u
d
e
w
e
l
7
)
,
2
3
1
4
:
8, and
Since
x 3 9 , 1 5 , 8 , o r 2 ( m o d1 7 ) .
Since each step in the computations is reversible, there are four incongruent
solutions of the original congruencemodulo l7'
(mod 17).
Example. We wish to find all solutionsof the congruence7'= 6
of this
sides
both
When we take indices to the base 3 modulo 17 of
congruence,we find that
i n d 3 (7 ' ) :
i n d 3 6: 1 5 (m o d 16).
From part (iii) of Theorem 8.15, we obtain

i n d 3 ( 7 ' ) : x ' i n d 3 7: l l x
Hence.
(mod 16).
256
PrimitiveRoots
llx
15 (mod16).
Since 3 is an inverseof I I modulo 16, we multiply both

sides of the linear
congruence
aboveby 3, to find that
x = 3 . 1 5: 4 5 :
1 3 ( mod 16).
All stepsin this computationare reversible.Therefore, the

solutionsof
7* = 6 (mod 1 7 )
are given by
x = t3 (mod 16).
Next, we discusscongruencesof the form xk = a (mod
m), where m is a
positive integer with a primitive root and (a,m) :
l. First, we present a
definition.
Definition' lf m and k are positive integers and a is an integer
relatively
prime to ffi, then
.we say that a is a kth power residue if * if the
congruencexk = a (mod,m) has a solution.
When z is an integer possessinga primitive root, the following
theorem
gives a useful criterion for an integer a relatively prime
to m to be a kth
power residue of m.
Theorem 8.16. Let m be a positive integer with a primitive root.
If k is a
positive integer a1d o is an integer relatively prime to
m, then the congruence
xk = a (mod m) has a solutioriif and only-ii
oQh)ld=l(modln)
where d : (k,6(m)).
Furthermore, if
there are solutions of
xk : a (mod m)' then there are exactly d incongruentsolutionsmodulo
rn.
Proof. Let r be a primitive root modulo the positive integer 17.
We note that
the congruence
xk
(mod z)
holds if and only

( 8 .1 )
Now let d:
k ' i n d ,x
( k ,e (m))
i n d ,a (m o d 6@ )).
a n d y : i n d ,x , s o that x
(mod z ).
From
257
8 .4 Index A r it hm et ic
Theorem 3.?, we note that it d tr indra, then the linear congruence

(8.2)
k y : i n d " o (m o d Qfu ))
(8
has no solutions, and hence, there are no integers x satisfying
l). If
d lind'a, then there are exactly d integersy incongruentmodulo d(z) such
that (8.2) holds, and hence,exactly d integersx incongruentmodulo z such
rhat (8.1) holds. Since d I ind,a if and only if
@@)/ilind,a
= o (mod Q(m)),
and this congruenceholds if and only if

ooh)/d:1(modrz).
the theorem is true. tr
We note that Theorem 8.16 tells us that if p is a prime, k is a positive
integer, and a is an integer relatively prime to p, then a is a kth power
residue of p if and only if
oQ-D/d: 1 (modp),
where d : (k,p-l).
We illustrate this observationwith an example.
Example. To determine whether 5 is a sixth power residue of 17, i.e. whether

the congruence
x 6 = 5 (mo d 1 7 )
has a solution, we determine that
5 t6 /(6 ,1:6 ) 5 8 = -l
(m o d l 7).
Hence, 5 is not a sixth power residueof 17.

A table of indices with respectto the least primitive root modulo each prime
lessthan 100 is given in Table 4 of the Appendix.
We now present the proof of Theorem 5.8. We state this theorem again for
convenience.
Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's
te st for at m os t f u- l) / 4 b a s e sb w i th I < , 1 n -1 .
We need the following lemma in the proof of Theorem 5.8.
258
PrimitiveRoots
Lemma 8.1. Let p be an odd prime and let e and q be positive

integers.
Then the number of incongruent solutions of
the congruence
x e - t = I ( m o dp r ) i s ( q , p r - r e - D .
Proof' Let r be a primitive root of p' . By taking indiceswith
respectto r,
we see that x4: I (modp,) if and only if qy = 0 (mod
6e,D where
y : ind'x . using Theorem3.j, we see that there are
exactli e,6er))
incongruentsolutionsof gy :0 (mod|e"D.
consequently,there are
Q,6Q")) : (q,p'-tb-l)) incongruent
solutions
of xe = 1 {-oAp'). tr
We now proceedwith a proof of Theorem5.g.
Proof. Let n-l : 2't, wheres is a positiveinteger and,t is an odd positive
integer. For n to be a strongpseudoprime
to the baseD, either
bt :
b2tt :
I (mod n )
-1 (mod n)
( s - l.
f o r s o m e i n t e g e r T w i t h 0( 7
bn-t=
Ineithercase,wehave
I (modn).
Let the prime-powerfactorizationof n be n : pi,pi, . . . p',,. From Lemma

8.1, we know that there are (n-r, p'/Qi-l)) : h-l,pi-l)
incongruent
solutionsof xn-r: I (modp7) , j :1,2,...,r. Consequently,
the Chinese
remaindertheoremtells us that thereare exactlv h-\,p1-l)
fI
solutionsof x'-l
= I (mod n ).
j-r
incongruent
To prove the theorem, we first consider the case where the prime-power
flactorizationof n contains a prime power p[. with exponente* 2 2. Since
bo-D /pt : t/p't-t - t/p't < z/g

(the largest possiblevalue occurswhen pj :3
and ei :2),
we seethat
259
tu-r,pj-r)< fI Q;t)
fI
j -r
;:l
l+,r)
li-l
ll**
"+"
Since
?"*f
0n-l) for n > 9 , we seethat

r
u (n-l ,p,-l) (
(r -r)14.
j:r
Consequently,there are at most Q-Dla

is a strong pseudoprimeto the base b.
T h e o t h e r c a s et o c o n s i d e ri s w h e n n :
distinct odd primes. Let
integersb, I < 6 ( n , for which n

w h e r eP t , P z , . - . , Par r e
PPz"'P.
p t - | : 2 t' tr, i : 1 ,2 ,.. .,r,

where s; is a positive integer and /; is an odd positive integer. We reorder the
( s, ' We note that
primespr,p2,...,p,,(if necessary)so thatsr ( sz (
h-l,pi-l)
: 2*ink') (t,t,).
: (t,t;). From
The number of incongruentsolutionsof x' = I (mod pi) is T
solutions of
incongruent
2il;
are
there
problem 15 at the end of this section,
* y''= - l ( m odp; ) w h e n O ( f ( s i -I, a n d n o s ol uti onsotherw i se. H ence,
i ncongruent
u si ng t he Chines e r e ma i n d e r th e o re m , th e re a r e TrTz" ' 7,
incongruent solutions of
solutions of xt : I (mod n), and 2i' TrTz"'7,
x/, = - 1 ( m od n) w h e n 0 ( 7 ( s 1 -1 . T h e re fo re,there area total of
[ ,,-' I
Z"'-t I
TrTz"' T, lt* > 2t'l- TrTz"' T,lt + .;;

l,r-oJtL)
integers b with 1< D ( n-1, for which n is a strong pseudoprimeto the

Uasetr. (We have used Theorem l.l to evaluatethe sum in the last formula.)
Now note that
260
PrimitiveRoots
6h) : (pr-l) (pz-l)
(pr-l)
tiz
tr1t'*s'*
"' *s,
We will showthat
rrrz'" r,[,*ro]
2 ' ,-t
*,,r,ro,
which provesthe desired result. Because TrTz. . . 7, ( r1r,

achieveour goal by showing that
(8.3)
*r,< r/4.
[,*l'-t
lrr',*',*''
z',-t
|
)
Since sr ( sz (
( s, , we seethat
tr, we can
' as,
* Uf
( f^,* ''.'-t
,r',*',*
f,
f,r,,,
2
'
t
|
)'
l . 2 ,- l
J''
--
2"r-l
2"r(2, -l)
2",
:l++-l
2,-l
2"t
|
2'-l
- -< l
I-
2rtr(2, -l)
2',-2
2"'(2'-l)
2r-r
From this inequality,we concludethat (s.r) is valid when r (

When r:2,
w e h a v en : p p 2 w i t h p r | : 2 t r t 1
rr ( sz. If s1 ( s2, then (S.f) is againvalid, since
3.
and pz-l:2trtz,
with
''"
rt',-, I -L.
I r ^
)
.
.
?)/2',*',:
+]/lz",z',-',)
[t
['
I
:[+.#),,"-"
*+
W h e n s r : J 2 , w e h a v e( n - l , p r l ) : 2 ' T r
and(n-l,pz-l):2tTz.
Let
us assume that pr ) pz.
Note that T1 * t1, for if Tr: tr, then
261
( p t - l ) I ( n - l ) , s ot h a t
n : p r p z Z p z = 1 ( m o dp r - l ) ,
which impliesthat P2 ) Pr, a c o n tra d i c ti o n . S i n c e T1# t' 1 , we know that
T r ( t r / 3 . S i m i l a r l v , l f t 1 pz then T2 # tr, so that 7"2( t2l3 . Hence,
7
^2s, , I
2
'":t
, w eh a v e
T r T z4 t 1 2 / 3 , a n ds i n c el r *
l/r"'*
|
-,2 r, , l
: 6h)16,
| < r t222"16
TtTzlr+ f
lr)
proves
which
the
3)
theorem
oh) /6 ( (n -r) /6 < (/,-r) /4. tr
for
this
final
case'
since
By analyzing the inequalities in the proof of Theorem 5.8, we can see that
the probability that n is a strong pseudoprimeto the randomly chosenbase D,
1 < b ( n-1, is close to ll4 only for integers n with prime factorizations of
t h e f o r m n : p r p 2 w i t hP r : | + 2 q 1a n d P z : I t 4 q 2 , w h e r e{ 1 a n d Q 2 a r e
o d d p r i m e s , o r n : q f l z Q t w i t h P r : | + 2 q r ,P 2 : | * 2 q 2 , a n d
pz: I t 2q3, wher e Qr,e z ,a n dq 3 a re d i s ti n c to d d pri mes (seeprobl em 16).
8.4 Problems
l.
Write out a table of indices modulo 23 with respectto the primitive root 5.
2.
Find all the solutions of the congruences

a) 3xs = I (mod 23)
3.
b) 3xta = 2 (mod 23).
Find all the solutionsof the congruences

il
3' :- 2 (mod 23)
b) 13" = 5 (mod 23)'
4.
For which positive integers a is the congruence axa =
2 (mod 13) solvable?
5.
For which positive integers 6 is the congruence 8x7 :
b (mod 29) solvable?
6.
Find the solutionsof 2x = x (mod 13), using indices to the base 2 modulo 13.
7.
Find all the solutionsof x' :
8.
Show that if p is an odd prime and r is a primitive root of p, then ind,(p-|)
(p-r) /2.
x (mod 23).
:
262
9.
Primitive Roots
Let p be an odd prime. Show that the congruence x4 =

solution if and only if p is of the form gfr + l.
_l(modp)
has a
1 0 . Prove that there are infinitely many primes of the form 8ft*1.
(Hint: Assume
that p6p2,...,pn are the only primes of this form. Let
. . p)a+l .
(ppz.
e
Show that Q must lave an odd prime factor different than j1p2,...,pn,
and by
problem 9, necessarilyof the form 8k+l .)
ll.
From problem 9 of Section 8.3, we know that if a is a positive integer, then

there
are unique integers a and B with a : 0 or I and 0 <
B ( Z*-i-t such that
a = (-l)" 5p (mod 2ft). Define the index system of a modulo 2k to be equal
to the pair (a,B).
a)
Find the index systemsof 7 and 9 modulo 16.
b)
Develop rules for the index systems modulo 2& of products and powers
analogousto the rules for indices.
c)
Use the index system modulo 32 to find all solutions of j xs = I I (mod 32)
and 3' = 17 (mod 32).
12. Let n : 2"p\'pj ' ' ' ph be the prime-power factorization of n. Let a be an
integer relatively prime to n. Let r1,r2,...,r^ be primitive roots of pti,p'i,..., p';,
respectively,
and
let
71 : ind", a (mod p'1),
72 : ind", a (mod ptl),
(mod p'il. rc /o ( 2, let rs be a primitive root of 2t,,and let
...,1m:ind,.a
:
(mod
ind,.
a
2t). If ls 2 3,let (a,p) be the index systemof c modulo 2k,
7e
(-l)'5P
(mod 2t). Define the index system of a modulo n to be
=
so that a
( 1 o , 1 r , 7 2 , . . . , y ) i f t o ( 2 a n d ( a , 8 , 7 t , ^ 1 2 , . . . , 1i ^f )t o
Z 3.
a)
Show that if n is a positive integer, then every integer has a unique index
system modulo n.
b)
Find the index systemsof 17 and 4l (mod lZ0) (in your computations, use
2 as a primitive root of the prime factor 5 of 120).
c)
Develop rules for the index systems modulo n of products and powers
analogousto those for indices.
d)
Use an index system

I lx7 : 43 (mod 60).
modulo
60
to
find
the
solutions
of
Let p be a prime, p ) 3. Show that if p =2 (mod 3) then every integer not

divisible by 3 is a third-power, or cubic , residue of p, while if p : I (mod 3), an
integer a isa cubic residueof p if and only i1 o@-t)/3: I (modp).
Let e be a positive integer with e 7 2.
il
Show that if ft is a positive integer, then every odd integer a is a kth power
residue of 2" .
b)
Show that if /c is even, then an integer a isa /<th power residue of 2" if and
only if a ? | (mod (4k ,2')).
263
8.5 PrimalityTests Using PrimitiveRoots
c)
kth
Show that if /< is a positive integer, then the number of incongruent
power residues of 2" is
2"-r
b.2) h,2"-2)
'
(Hint: Use problem I 1.)
1 5 . Let N - 2ju be a positive integer with 7 a nonnegative integer and a an odd

where s and t are positive integers with I
positive integer and let p-l:2"/,
- -l (modp) if
(t,u)
solutions of xN
incongruent
2j
aie
there
that
Show
odd.
0 ( ,l ( s-1, and no solutionsotherwise'
1 6 . a)
b)
b
Show that the probability that n is a strong pseudoprime for a base
(n-l)/4
a
has
n
when
only
near
randomly chosen with I < 6 < n-l is
:
and
*
Zqr
|
where
ptPz
n
form
Pr:
prime factorization of the
pz: | * 4qz with q1 and q, prime or n: PPtPt where Pt: | * Zqr,
pz: | * 2qz,pt : | * 2q3with q r,Tz,Qtdistinct odd primes.
Find the probability that n : 49939'99877 is a strong pseudoprime to the
- l'
base b randomly chosen with 1 < b < n

l.
Z.
Construct a table of indices modulo a particular primitive root of an integer.

(mod nr) where
Using indices, solve congruences of the form axb = c
has a primitive
where
z
)
and
0,
)
0,
m
with
c
are
integers
a,b,c,andm
root.
3.
Find kth power residues of a positive integer m having a primitive root, where k
is a positive integer.
4.
Find index systemsmodulo powers of 2 (see problem l1)'
5.
Find index systemsmodulo arbitrary positive integers (see problem l2).
8.5 Primality TestsUsing PrimitiveRoots

From the conceptsof orders of integers and primitive roots, we can produce
useful primality tests. The following theorem presentssuch a test.
Theorem 8.f 7. If n is a positive integer and if an integer x exists such that
xn-t = I (mod n)
and
264
PrimitiveRoots
*G-t)/a#l(modn)
for all prime divisors q of n - 1, then n is prime.
Proof. Since xn-r:
I (mod n), Theorem g.l tells us that ord,x
| (n -l).
we will show that ordrx : n - r. Suppose that ord,,x # n - l.
Since
ordrx | (n -t), there is an integer k with n - | : k.ordrx and
since
ordrx lnl , w e k n o w t h a t k > l . L e t q b e a p r i m e d i v i s o r o fk . T h e n
*h-r)h
: *klqord,r: (xord.xS&/d= I (mod n).
However, this contradicts the hypothesesof the theorem, so we must have

ordnx : n - l. Now, since ordnx ( O(n) and 6h) ( n _ l, it follows that
Qh) : n - l. Recalling Theorem 6.2,we know that n must be prime. tr
Note that Theorem 8.17 is equivalent to the fact that if there is an integer
with order modulo n equal to n-\ , then n must be prime. We illustrate the
use of Theorem 8.17 with an example.
Ex am ple. Let n :1 0 0 9 .
T h e n l l r0 0 8 : I (mod 1009). The pri me di vi sors
o f 1008 ar e 2 ,3 , a n d 7 . w e s e e th a t rl t008/2:11504- -i (mod 1009),
1 1 1 0 0 8 /: 3 1 1 3 3 =
6 3 : 4 ( m o d 1 0 0 9 ) , a n d 1 1 l 0 0 t f: 1 1 1 4 _
4 934 (mod l00g).
Hence, by Theorem 8.17 we know that 1009 is prime.
The following corollary of Theorem 8.17 gives a slightly more efficient
primality test.
Corollary 8.4. If n is an odd positive integer and if x is a positive integer
such that
*h-D/2
--l
(modru)
and
,h_r)/c*l(modn)
for all odd prime divisors q of n - l, then n is prime.
Proof. Since *b-r)/2:
- I (mod n), we see that
x r-r : 1 * b -D /2 1 2= (-l )2 = | (mod n).

Since the hypothesesof Theorem 8.17 are met, we know that n is prime. D
E x am ple. Let n :2 0 0 3 .
T h e o d d p ri m e d i vi sorsof n-l
:2002
are 7,l l ,
8.5 Primality Tests Using Primitive Roots
265
u:874
1 -1 (m o d 2 0 03), 52002/t
S inc e 5 2 0 0 2 /25: 1 0 0 =
an d 13.
= .5T
: 5154
52oo2/13
and
(mod 2 003) ,
lz ooz ,tr- 5 1 8 3 8 8 6 (m o d 2 0 0 3 ),
: 633 (mod 2003), we seefrom Corollary 8.4 that 2003 is prime.
To determine whether an integer n is prime using either Theorem 8.17 or
- l' As we
Corollary 8.4, it is necessaryto know the prime factorizationof n
is a timeinteger
have remarked before, finding the prime factorization of an
consuming process. Only when we have some a priori information about the
factorization of n - | are the primality tests given by these results practical.
Indeed, with such information these tests can be useful. Such a situation
occurs with the Fermat numbers; in Chapter 9 we give a primality test for
these numbers based on the ideas of this section.
It is of interest to ask how quickly a computer can verify primality or
compositeness.We answer these questionsas follows.
Theorem 8.18. If n is composite, this can be proved with O(logzilz)
operations.
bit
Proof. If n is composite, there are integers a and b with | 1 a 1 fi,

| < b 1 n, and n - ab. Hence, given the two integers a and b, we multiply
a and,b and verify that n : ab. This takes O (logzn)2) bit operations and
proves that n is comPosite. tr
We can use Theorem 8.17 to estimatethe number of bit operationsneeded
to prove primality when the appropriate information is known.
Theorem 8.19. If n is prime, this can be proven using O((logzn)a) bit
operations.
Proof. We use the secondprinciple of mathematical induction. The induction
hypothesis is an estimate for f h), where f h) is the total number of
multiplications and modular exponentiationsneeded to verify that the integer
n is prime.
We demonstratethat
f b) ( 3 (lognltosD 2.
First, we note that / (2) :
q < n , t he inequalit y
l.
We assume that for all primes Q, with
f ( q ) ( 3 ( l o eq l t o s D- 2
holds.
266
PrimitiveRoots
To prove that n is prime, we use Corollary 8.4. Once we have

the numbers
2o, qr,..., Qt, and x that supposedlysatisfy
(i)
n-l:2oqfl2..
Qt,
(ii)
q; is prime for i : L, 2,..., t,

(iii) *G-t)/2--l
(modn),
and
(iv)
r(/.-t)/L = I (mod n), for i : l, 2,... t,
we need to do I multiplications to check (i), t * 1 modular exponentlatrons

to
check (iii) and (iv), and -f (q) multiplications and modular exponentiationsto
check (ii), that q; is prime for i : I ,2,..., t. Hence.
fh):t*(r+t)+ifQ,)
( 2l + I +
)
t-'
((l togq;fiogD - 2)
:t*(fnogDtoeQflz...Q)
: Gflog2)log2qflz...q) - 2
( (3/og z)log(Z'qfl2. . . q) - 2
: 3(log ntog D - 2 .
Now each multiplication requires O ((logzil2) bit operationsand each
modular exponentiation
requiresO(logzd3) bit operations.Since the total
number of multiplications and modular exponentiationsneeded is
f h) : o (log2n), the total number of bit operations needed is
oKlogzn)(log2n)3): o((logzn)a). n
Theorem8.19 was discoveredby Pratt. He interpreted the result as
showingthat everyprime has a "succinctcertificationof primality." It should
be noted that Theorem8.19 cannot be used to find this short proof of
primality, for the factorizationof n - | and the primitive root x of n are
required. More informationon this subjectmay be foundin Lenstra[Zt].
Recently, an extremely efficient primality test has been developedby
Adleman, Pomerance,and Rumely. We will not describethe test here
becauseit relies on conceptsnot developedin this book. We note, that to
8.5 Primality Tests Using Primitive Roots
267
less than
determine whether an integer is prime using this test requires
log,logrlog,n
(log2n;c
bit operations, where c is a constant. For instance, to
just 40 secondsand to
determine whether a too-digit integer is prime requires
just
l0 minutes' Even
determinewhether a 200-digit integer is prime requires
amount of
a 1000-digit integer may be checked for primality in a reasonable
time, one week. Fo, more information about this test see [63] and [74].
8.5 Problems
:2'
Show that l 0 l i s p r i m e u s i n gT h e o r e m8 . 1 7 w i t h x
: 3'
2 . Show that 257 rs prime using Corollary 8.4 with x
l.
a
J .
Show that if an integer x exists such that

x2r:1
(mod F")
and
4.
*'r-l*
I (mod F,),
then the Fermat number Fn :2Y
* I is prime.
- |
Let n be a positive integer. Show that if the prime-power factorization of n
p i ' a n d f o r 7 : 1 , 2 , . . . , / , t h e r e e x i s t sa n i n t e g e rx y s u c h
is n - l: pi'pi'..'
that
*|n-'t', *
1(modn)
and
I (modn),
xi-t=
then n is prime.
5.
Let n be a positive integer such that
n - l : m i r nj -ir'
w h e r e m i s a p o s i t i v e i n t e g e r , o t , a 2 , . . . , a r A r e p o S i t i v e i n t e g e r S , a n d q t , Q 2 , . . . ,Q r
are relatively prime integers greater than one. Furthermore, let br, b2,"', b, be
positive integers such that there exist integers xt, xz,"', x, with
x,!-r
and
--
I (mod n )
268
Primitive Roots
6'!'-t)/e'-l,n)
for;:
1 , 2 , . . . , r , w h e r e e v e r y p r i m e f a c t o r o f q ; i s g r e a t e r than or equal
to b;
f o r ; : 1 , 2 , . . . ,r , a n d
< ( r +jf- 1i u ? 1 , .
Show that n is prime.
write programsto showthat a positiveintegern is prime using
l. T heor em8 .1 7 .
2. Corollary8.4.
3. Problem4.
4. Problem5.
8.6 Universal Exponents

Let n be a positive integer with prime-power factori zation
, : p\,p,i
p,; .
If a is an integerrelatively
primeto n, thenEuler'stheorem
tellsusthat
a A Q ' )= I ( m o d p t )
whenever pt is one of the prime powers occurring in the factorizatron of n
As in the proof of Theorem 8.12, let
u : l6Qi'),07,il,...,ob,;)l,
the leastcommonmultipleof the integers
OQ! ), i : 1,2,...,m. Since
ohhlu
f or i : 1, 2, . . . , n , u s i n g T h e o re m8 .1 w e s e ethat
a u = t(m o d p ,1' )
for i : 1,2, ..., m. Hence,from Corollary 3.2, it follows that
269
8.6 UniversalExPonents
aU = I (modn).
This leads to the following definition.
Definition. A universal exponent of the positive integern is a Positiveinteger
U such that
a u = I (mo d n ),
for all integers a relatively prime to n.
Example. Since the Prime Powerfactorization of 600 is 23'3'52, it follows

t h a t u : l O Q 3 ) ,O ( : ) , d ( 5 2 ) l : 12,2,201 : 20 is a universal exponent of
600.
From Euler's theorem, we know that d(n) is a universal exponent. As we
is also a
have already demonstrated,the integer (J - IAQ\),,0|'il,...,ybh)l
p';. We are interested in finding the
universal exponent of n: p'ip';
n.
of
smallest positive universal exponent
Definition. The least universal exponent of the positive integer n is called the
minimal universal exponent of n, and is denoted by I(n)'
We now find a formula for the minimal universal exponent l,(n), based on
the prime-power factorization of n.
First, note that if n has a primitive root, then tr(n) - 6fu).
of odd primes possessprimitive roots, we know that
Since powers
I(p') : 6(p'),
whenever p is an odd prime and / is a positive integer. Similarly, we have
tr(2): b(2): I and tr(4): O(4):2, sinceboth 2 and 4 have primitive
roots. On the other hand, if t 2 3, then we know from Theorem 8.10 that
a2'-' : 1(mod 2t)
and ord, a :
2'-2, so that we can conclude that X(2t) : zt-z 1f t > 3.
We have found tr(r) when n is a power of a prime. Next, we turn our

attention to arbitrary positive integers n '
Theorem 8.20. Let n be a positive integer with prime-power factorization
270
P ri mi ti ve R oots
, : 2'"p\'p'i
rm.
Then \(n ), the minimal universarexponentof n, is given by
tr(n) : h(2'.), eb'r,),...,

Oe';)l,
Moreover, there exists an integer a such that ord,na: ), (r),
possibleorder of an integer modulo n.
Proof. Let a be an integer with (a , n) :
the largest
l. For convenience,let
M - tr(zt), o(p'i),o7'il,...,
Qbill .
S inc e M is d i v i s i b l e b y a l l o f th e i ntegers X (2/g
, e(p' r,) : x(pl ,),
:
^(p';),..., QQil : xb'il,
6Q';l
and since oxb') : t (moo p,) for all
prime-powersin the factorization of n, we see that
aM = l (modp,),
wheneverp' is a prime-power occurring in the factorizationof n.
Consequently,from Corollary 3.2, we can concludethat
a M = I ( m o dn ) .
The last congruenceestablishesthe fact that M is a universal exponent.
We must now show that M is the least universal exponent. To do this, we
find an integer a such that no positivepower smaller than the Mth powerof a
is congruent to I modulo n. With this in mind, let r; be a primitive root of
Pi
We considerthe systemof simultaneouscongruences

x=3(mod2")
x j11 (modpl')
x : 12 (moa p';)
r- (mod p';).
By the Chineseremainder theorem, there is a simultaneoussolution a of this
system which is unique modulo n : 2'"p'ip'i
p';: we will show that
271
ordn a - M.
that
such
To prove this claim, assume that .l{ is a positive integer
aN = I (modn).
Then, if pt is a prime-powerdivisor of n, we have

aN = 1(modp'),
so that
ordo,c | .lf.
we have
But, since a satisfieseach of lhe m * I congruencesof the system,
o rd o ,a: X(p t),
we have
for each prime power in the factorization. Hence, from Theorem 8'1,
\b,) | r{
for all prime powers p' in the factorization of n. Therefore, from Corollary
3.2.weknowthatM:
x(pti),...,xb';)l | /{'
[tr(2"),\(p1'),
Since aM = I (modn) and MIN

conclude that
w h e n e v e ra N = 1 ( m o d n ) , w e c a n
ordna : M.
This shows that M - \(n)
with ord, a : )r(n). tr
and simultaneously produces a positive integer a
Example. Since the prime-power factorization of 180 is 2232'5, from Theorem

8.20 it follows that
x ( 18 0 ) : Io (2 2 ), o (3 2 ), d (5 ) | : 1 . 2,6, 4l : 12.
To find an integer a with ordlsga : 12, first we find primitive roots modulo 32
5,
and 5. For instance, we take 2 and 3 as primitive roots modulo 32 and
solution
a
find
we
theorem,
remainder
Chinese
the
using
Then,
respectively.
of the system of congruences
1=iiililil
272
Primitive Roots
obtaining a = 83 (mod 180). From the proof of Theorem g.20,

we see that
ord1ss83- 12.
Ex am ple. Let n :2 6 3 2 5 .7 .1 3 .1 7 .1 9 -3 7 .7 3T.h en. w e have
\(n ) : [x(26),
a(32),.d(5),
oOD, d(I9), o(37),o(7rl
: [,24,2.3, 22, 24, 2.32, 2232,23321
:24.32
: 144.
Hence, whenever a
is a positive integer relatively prime to
2 6' 32' 5' 17' 17' rg ' 3 7 .7w3e k n o w th a t a t4 4: r ( moo 26.32.5.17.rg.37.37.7r.
We now return to the Carmichael numbers that we discussed
in Section 5.2.
Recall that a Carmichael number is a composite integer
that satisfies
bn-r : I (mod n) for all positive integers D with (b, n) : r-.
we proved that
if rt : Q.r4z
4k, where Qv Q2,...,e* are distinct primes satisfying
@i - 1) | tn-l) for i : r,2,...,,k, ih.n i it u carmichaer number. Here, we
prove the converseof this result.
Theorem 8.21. rf n ) 2 is a carmichael number, then n :
Qtez
yh.r-. ^the - q;'s are distinct primes such that (qi - r)'l'(n-rl
j : 1 , 2 , . . .k, .
Qk,
i;;
Proof. If n is a Carmichael number, then

br-t :
I (mod n )
for all positiveintegers6 with (b,n):

l. Theorem 8.20 tells us that there is
an integer a with ordna : X(n), where I(n) is the minimal universal
exponent,and sincean-r = I (mod re), Theorem g.l tells us that
r(n)l(n_l).
Now n must be odd, for if n was even, then n-l would be odd, but
even (sincen ) 2), contradictingthe fact that ),(n) (r-l).
|
tr(n ) is
We now show that n must be the product of distinct primes. Suppose has
r
a prime-powerfactor pt with t>2. Then
rQ') :0(p')
: pt-t (p-l) | x(n) : n-t.
This implies that p | (n-l), which is impossiblesincep n.Consequently,

n
I
must be the product of distinct odd primes, say
273
tt :
QtQz
We conclude the proof by noting that

\(qi) : O(q) : (qi-D
Qtc'
I r(n) :
n-l'
Carmichael
We can easily prove more about the prime factorizations of
numbers.
different odd
Theorem 8.22. A Carmichael number must have at least three
prime factors.
just one prime
Let n be a carmichael number. Then n cannot have
So assume
primes.
factor, since it is composite, and is the product of distinct
p>q'
Then
that n : pq, where p and q are odd primes with
(p-Dq + Q-1) = q-l + 0 (modp-l)'
pq-l:
n-l:
proof.
Hence, n cannot be a Carmichael number

which shows that (p-l) I (n -l)
E
factors.
prime
just
different
two
if it has
8.6 Problems
l.
n
Find tr(n). the minimal universal exponent of n, for the following values of
il
b)
c)
d)
100
r44
222
884
e) 2n3t'52'7
f ) 2 s 3 2 ' 5 2 ' 7 3l'2l ' 1 3 '1 7 ' 1 9
e) 1o!
h) 20!.
2. Find all positiveintegersn suchthat tr(n) is equalto
02
d)4
e)5
c)3
CI6.
a)l
3. Find the largestintegern with tr(z) : 12.

4. Find an integerwith the largestpossibleorder modulo
a) 12
b) ls
c) 20
d) 36
e) 40
f) 63.
274
Primitive Roots
5 . Show that if m is a positive integer, then tr(rr) divides

6fu) .
6. show that if m and n are rerativery prime positive
|r(mn) : [tr(re), tr(n)].
integers, then
7. Let n be the largest positive integer satisfying the equation

),(n ) : a, where c is
a fixed positive integer. Show that if la is another solution
of tr(z) : a,then m
dividesn.
8 . Show that if n is a positive integer, then there are exactly

d(I(n))
integers with maximal order modulo z.
incongruent
9 . Show that if a and m are relatively prime positive integers, then

the solutions of
the
congruence ax = b(mod m)
x = at'(m)-tb (mod m ).
are
the
integers
such
that
1 0 . show that if c is a positive integer greater than one,

then the integers
l' ,2' ,-.-, (m-l)'
form_a complete system of residuesmodulo m if and,only if
z
is square-freeand (c,tr(m )) : l.
ll.
a)
Show that if c and m are positive integers then the

congruence
x" = r (mod m) has exactly
(l + (c-t , Obi))
fI
j-l
incongruent
solutions,
m : pi'pi, . .. p:..
b)
where
Show that x' = x(mod z)

(c-1, 6(m)) :2.
has
prime-power
has exactly 3, solutions if
factorization
and only if
12. Use problem l1 to show that there are always at least 9 plaintext messages
that
are not changed when encipheredusing an RSA cipher.
1 3 . Show that there are no carmichael numbers of the form 3pq where p and q
are
primes.
t 4 . Find all carmichael numbers of the form 5pq where p and q are primes.
1 5 . Show that there are only a finite number of carmichael numbers of the form
fl : pqr, where p is a fixed prime, and q and r are also primes.
1 6 . Show that the deciphering exponent d for an RSA cipher with enciphering
key
(e,n) can be taken to be an inverseof e modulo ),(n)
.

l.
Find the minimal universal exponent of a positive integer.
8.7 Pseudo'RandomNumbers
2.
;j"O
""
275
exponent of
integer with order modulo n equal to the minimal universal
find all positive integers n with minimal universal
3.
Given a positive integer M,

exponent equal to M.
4.
Solve linear congruencesusing the method of problem 9'
8.7 Pseudo-RandomNumbers
of
Numbers chosen randomly are often useful in computer simulation
generating
for
method
some
simulations,
perform
complicated phenomena. To
means for
random numbers is needed. There are various mechanical
use'
computer
for
ineffficient
are
these
but
generating random numbers,
One
preferable'
is
arithmetic
computer
Instead, a systematic method using
by Von
such method, called the middte ' square method, introduced
we start
numbers,
random
four-digit
generate
To
Neumann, works as follows.
to
number
this
square
We
6139.
say
number,
with an arbitrary four-digit
second
the
as
6873
digits
four
middle
the
tuk.
*.
obtain 37687321',and
of random
random number. We iterate this procedure to obtain a sequence
a new
obtain
to
four-digits
middle
the
removing
and
numbers, always squaring
number
(ttre
four-digit
of
a
square
one.
preceding
the
random number from
considered
has eight or fewer digits. Those with fewer than eight digits are
of
0')
digits
initial
adding
eigtrt-digit numbers by
not
Sequences produced by the middle-square method are' in reality,
entire
the
known,
is
number
randomly chosen. When the initial four-digit
appears
,"qu.n.. is determined. However, the sequenceof numbers produced
simulations.
computer
for
useful
to be random, and the numbers produced are
The integers in sequencesthat have been chosen in some methodical manner,
but appear to be random, are called pseudo-random numbers.
It turns out that the nriddle-square method has some unfortunate
weaknesses. The most undesirable feature of this method is that, for many
choices of the initial integer, the method produces the same small set of
numbers over and over. For instance,starting with the four-digit integer 4100
and using the middle-square method, we obtain the sequence
8 100, 6100, 2100,41 0 0 , 8 1 0 0 , 6 1 0 0 , 2 1 0 0 ,... w h i ch onl y gi ves four di fferent
numbers before rePeating.
The most commonly used method for generating pseudo-randomnumbers is
called the linear congruential method which works as follows. A set of
integerst/t, e, c, and xs is chosenso that m ) 0, 2 < a 4' m, 0 < c 4 m'
The sequence of pseudo-random numbers is defined
and 0 ( xo ( z.
276
Primitive Roots
recursivelyby
xn+r 3 axn * c (mod m),
0 ( xr+r 1 r/t,
fo r f t : 0, 1, 2, 3 ,... . We c a l l m th e mo dul us,

a the mul ti pl i er, c the
increment, and xs the seed of the pseudo-random
number generator. The
following examplesillustrate the lineai congruential
method.
Example. With m:12,
a-3,
c:4,
and r0:5,
we obtain
xt E 3'5 + 4=7 (mod12),so that xr: j. Similarly,
we find that x2: 1,
s i n c ex z = 3 . 7 + 4 : I ( m o d I 2 ) , x 3 : 7 , s i n c e x : E
3 . 1+ 4 = 7 ( m o d l 2 ) ,
and so on' Hence, the generator producesjust three
different integers before
repeating. The sequence of pseudo-iandom numbers
obtained is
5,7,I,7,1,7,1,....
With frt : 9, e : '1, c : 4, and x0 : 3, we obtain
the sequence
3, 7, 8, 6, l, 2, 0, 4, 5,3,... . This sequence contains g
different numbers
before repeating.
The following theorem tells us how to find the terms
of a sequence of
pseudo-randomnumbers generated by the linear
congruential method directly
from the multiplier, the increment, and the seed.
Theorem 8.24. The terms of the sequence generated
by
congruential method previously describedare given by
X1,
akxo+ c(ak-l) /(a-l)
the
linear
( m o dl a ) , 0 ( x r 1 m .
Proof. We prove this result using mathematical induction.

For k : l, the
formula is obviously true, since rr E axs* c (mod
m),0 ( xr 1m.
Assume that the formula is valid for the ftth term. so that
x* z akxo + c(ak-l)/b_l)
xk+t
*c
(modt?t), 0 ( xr I
(modz),
0(xr+r
m.
1t/t,
we have
xr+r s a(akxs+ c(ak-l)/fu-l))
= a k + t x o* c ( a G k - l ) / G - t )
= a k + l x o* c ( a k + r - D / G - D
+ c
+ t
( m o dz ) ,
which is the correct formula for the (k+t)ttr term. This demonstrates
that
the formula is correct for all positive integers k. tr
277
Numbers
8.7 Pseudo-Random
The period length of a linear-congruential pseudo-random number generator

is the maximum length of the sequenceobtained without repetition. We note
that the longest possible period length for a linear congruential generator is
the modulus m. The following theorem tells us when this maximum length is
obtained.
Theorem 8.25. The linear congruential generator produces a sequence of
period length m if and only if (c, m) : l, a = 1 (mod p) for all primes p
dividing m, and a = | (mod 4) if a | ^.
Because the proof of Theorem 8.25 is complicated and quite lengthy we
omit it. For the proof, the reader is referred to Knuth t561.
The case of the linear congruential generator with c : 0 is of special
interest becauseof its simplicity. In this case, the method is called the pure
multiplicative congruential method. We specify the modulus la, multiplier a,
and seed xs. The sequenceof pseudo-randomnumbers is defined recursively
by
xnal -
axo (mod m), 0 1 xn+t 1 m.
In general, we can expressthe pseudo-randomnumbers generatedin terms of

the multiplier and seed:
--xn
a'xo (mod m), 0 1 xn+t 1 m.
If { is the period length of the sequenceobtained using this pure multiplicative
generator,then f is the smallest positive integer such that
x s :- a [x s (m o d l a ).
If (xo, m) : l, using Corollary 3.1, we have
oI=1
(modz).
From this congruence,we know that the largest possibleperiod length is tr(lrr),
where X(rz) is the minimal universal exponentmodulo z.
For many applications, the pure multiplicative generator is used with the
modulus m equal to the Mersenne prime M3r:23r - l. When the modulus
m is a prime, the maximum period length is rn -1, and this is obtained when
a is a primitive root of rn. To find a primitive root of M 31 that can be used
with good results, we frrst demonstratethat 7 is a primitive root of M t.
Proposition 8.1. The integer 7 is a primitive root of M31:23r-1.
278
PrimitiveRoots
Proof. To show that 7 is a primitive root of M31- )31

showthat
it is sufficientto
( m o dM t )
,wt'-Dh 1y
for all prime divisors q of Mt-r.

with this information, we can conclude
that ord2r,,7 : My-|.
To find the factorizationof M31_1, we note that
My-l
: 2 3 1- 2 :
2(230-l) : 2(215-t)(Zl5+t)
: z(zs-t)(2to+2s+t)
(zs+t) (210-zs+t)
: 2.32-7
1. 1
3l . I 5 1 . 313.
If we show that
,(Mrr_t)/q
q-
I (mod M y)
f o r q : 2 , 3 , 7 , I l , 3 1 , l 5 l , a n d 3 3 1 ,then we know that 7

is a primitive root
of M31 - 214748364j. Since
7{Mil-t)/2
7(Mrrt)13
7(M\-Dn
t)/rr
7(Mr
7(Mrfr)/3r
7(M,t-r) /rsl
7(Mrft)/33r
2147483646
+
rsr347773s
+
12053628s
+
1969212174
+
s t 2+
s35044134
+
1 7 6 1 8 8 s 0+8 3
I (mod M y)
1(mod M t)
1(mod M t)
I (mod M y)
I (mod M y)
1(mod M z)
I (mod M y)
we see that 7 is a primitive root of M31. E

In practice' we do not want to use the primitive root 7
as the generator,
since the first few integers generated are imall. Instead,
we find a larger
primitive root using Corollary 8.2. We take a power
of 7 where the exponent
i s r elat iv elypr im e _to M 3 ;r.
F o r i n s ta n c e ,s ince (s, Mrr-1):
l , corol l ary
8 . 2 t e l l s u s t h a t 7 5 : 1 6 8 0 7 i s a l s o a p r i m i t i v er o o t . s i n c e ( l 3 , M r r l) : l,
another possibility is to use 7t3 : 2s22462g2 (mod Mt) as
the multiplier.
We havely touched briefly on the important subject of pseudo-random
numbers' For a thorough discussion of the generation
and statistical
propertiesof pseudo-randomnumbers see Knuth tse
t.
8.7 Problems
l
Find the sequence of two-digit pseudo-random numbers generated

using the
middle-squaremethod, taking 69 as the seed.
279
8 .7 Ps eudo- Random N u mb e rs
by
2. Find the first ten terms of the sequenceof pseudo-random numbers generated
: 6 and xn+r z
the linear congruential method with x0
What is the period length of this generator?
5x, * 2 (mod 19)'
generated by
3 . Find the period length of the sequenceof pseudo-random numbers
:2
the linear congruential method with x6
and xn+t 7 4xn * 7 (mod 25)'
of
4 . Show that if either a : 0 or a - I is used for the multiplier in the generation
pseudo-random numbers by the linear congruential method, the resulting

numbers'
."qu.n"" would not be a good choice for a sequenceof pseudo-random
length .m, where
5 . Using Theorem 8.25, find those integers a which give period
-:axn
I c (mod m),
(r, i) : l, for the linear congruential generator xnal
where
a)
b)
6.
c)
d)
m:1000
nr - 30030
m : 106-l
m :225-1.
be
Show that every linear congruential pseudo-random number generator can
increment
with
generator
congruential
linear
a
of
terms
in
simply expressed
c : 1 and seed 0, by showing that the terms generated by the linear congruential
=
generator xn+r7 axn * c (mod lrt), with seed xe, can be expressedas xn
?
:
(
m
o
d
y
o
:
0
'
a
n
d
(
a
1
)
m
)
,
*
c
(
m
o
d
x
o
l
n
+
t
m), where b
6 y, + xo
aln* I (modln).
7 . Find the period length of the pure multiplicative pseudo-random number

generator xn Z cxn-r (mod 231-l) when the multiplier c is equal to
a)z
b)3
c)
e)
13.
d)s
8 . Show that the maximal possibleperiod length for a pure multiplicative generator
-3
QXn (mod 2"), e 2 3, is 2'-2. Show that this is obtained
of the form xnal
-:
(mod
8).
t3
when a
way to generate pseudo-random numbers is to use the
Let m be a positive integer. Two initial integers x6 and x1
generator.
Fibonacci
less than m are specified and the rest of the sequenceis generated recursively by
0 ( xn+r 1 m'
the congruolce.r2al :- xn * xn-1 (mod rn),
9 . Another
Find the first eight pseudo-random numbers generated by the Fibonacci

g e n e r a t o rw i t h m o d u l u sn : 3 l a n d i n i t i a l v a l u e sx 0 : I a n d x t : 2 4 .
1 0 . Find a good choice for the multiplier a in the pure multiplicative pseudo-random
number generator xn+rZ axn (mod l0l).
that is not too small.)
ll.
(Hint: Find a primitive root of 101
Find a good choice for the multiplier c in the pure multiplicative pseudo-random
number generator xn i axn-r (mod 22s-1). (Hint: Find a primitive root of
280
PrimitiveRoots
225-l and then take an appropriate power of this root.)

12. Find the multiplier a and increment c of the linear congruential pseudo-random
number generator xn+rt
axn * c (mod 1003), 0 ( xn+r < 1003, if xs: l,
x 2 : 4 O 2 , a n dx 3 : 3 6 1 .
13. Find the multiplier a of the pure multiplicative pseudo-random number
generator xnal- QXn (mod 1'000), 0 ( xn11 < 1000, if 313 and 145 are
consecutive terms generated.
Write programs to generate pseudo-randomnumbers using the following generators:
l.
The middle-sequencegenerator.
2.
The linear congruential generator.
3.
The pure multiplicative generator.
4.
The Fibonacci generator (see problem 9).
8.8 An Application to the Splicing of TelephoneCables

An interesting application of the preceding material involves the splicing of
telephonecables. We base our discussionon the exposition of Ore [28], who
relates the contents of an original article by Lawther [70], reporting on work
done for the SouthwesternBell TelephoneCompany.
To develop the application, we first make the following definition.
Definition. Let m be a positive integer and let a be an integer relatively prime
to m. The + I - exponent of a modulo ru is the smallest positive integer x
such that
et
+ I (mod rn ).
We are interested in determining the largest possible + 1 - exponent of an

integer modulo m; we denote this by },s(rn). The following two theorems
relate the value of the maximal + I - exponent trs(z) to }.(m ), the minimal
universal exponentmodulo rz.
First, we consider positive integers that possessprimitive roots.
Theorem 8.26. lf m isa positiveinteger,m ) 2, with aprimitive root, then
the maximal *l - exponenttrs(rn) equals0@) / 2: )r@) / 2.
8.8 An Applicationto the Splicingof TelephoneCables
281
Proof. We first note that if m has a primitive root, then \(z) : 6(m).
From problem 5 of Section 6.1, we know that g(m) is even, so that 0@) I Z
is an integer, if m ) 2. Euler's Theorem tells us that
I (mo d l z),
o o tu ) :1 o a tu ) l z l z
for all integersa with (a,m) : 1. From problem 7 of Section8.3, we know
that when m has a primitive root, the only solutions of x2 = I (mod m) are
(modru). Hence,
x=-tl
sfh) l2:
( m o dz ) .
This implies that
\s(r,)(d(z)lz.
Now let r be a primitive root of modulo m with f I - exponent e. Then
re = t
(m o d l a ),
so that
r2'=
1 (modz).
Since ord^r : 6(m), Theorem 8.1 tells us that 6fu) | 2e, or equivalently,
that (6(m) /D I e. Hence, the maximum +l - exponentL6(z) is at least
Consequently,
Q@) / Z. However, we know that l(rn ) 4 6fu) /2.
l , s ( r z r ) :6 f u ) / 2 : \ f u )
/2. tr
We now will find the maximal + I - exponent of integers without primitive

roots.
Theorem 8.27. lf m is a positive integer withciut a primitive root, then the
maximal +1 - exponent \6(rn) equals I(m), the minimal universal exponent
of m.
Proof. We first show that if a is an integer of order )t(m) modulo z with + I
- exponente such that
ottu)/2# _t (mod z),
then e : X(z). Consequently,once we have found such an integer a, we will
have shown that ),q(tn) : tr(lz).
Assume that a is an integer of order xfu)
such that
modulo m with + I - exponent e
282
PrimitiveRoots
o)'tu)/2 # -r
(mod ru).
Since o" = + I (mod rn ), it follows that az, = I (mod

z).
From
T h e o r e m8 . 1 , w e k n o w t h a t > r f u ) l 2 e . s i n c e x @ )
a
n
d
e ( \(z),
l2e
either e:t(m)/2
or e:x(m).
To see that er\,(m)/2,
note that
ae : - + 1 ( m od ln ), b u t o ),@ )/2* I (m o d rn), si nce ordô:\(m),
and
o>'(-)/z # -t (mod z) , by hypothesis. Therefore, we can conclude
that if
or d. a : ) r ( m ) , a h a s + l - e x p o n e n t e , and a, = _l (mod
z), then
e : h,(m).
We now find an integer a with the desired properties. Let the prime-power
factorization of m be m - 2'op'r' p'; . . . p'r'. we consider several
cases.
We first consider those rn with at least two different odd prime
factors.
Among the prime-powers p!' diriding ffi,, let pl be one with the
smallest power
of 2 dividi"g Obh.
Let ri be a primitive root of p',, for i: 1,2,...,s. Let a
be an integer satisfying the simultaneouscongruences
(mod 2')
Q:5
alri
o-ri )
(mod pj') for all i with i # j
(moap!).
Such an integer a is guaranteed to exist by the

Note that
remainder theorem.
ord.a: [I(2tg, Ob','),...,

Oe!) / 2 , . . . , 6 Q b 1 ,
,.
and, by our choice or^ pl, we know that this least common multiple
equals
) (mod
\,(m).
e:rjp!),
we
know
that
otb/) /' =
(modp!).
',!(P'j'
l
Because
Oeh / z I x@) / z,weknowthat
It(d /2 - t (modp!),
so that
otr(*)/' * -t
(mod rn ).
Consequently,the + I - exponentof a is I(z).

The next case we consider deals with integers of the form rn - 2toott
where
p is an odd prime,tr2l
a n d t o ) 2 , s i n c em h a sn o p r i m i t i v er o o t s . When
to: 2 or 3, we have
8.8 An Application to the splicing of Telephone Gables
283
x ( , n :)1 2 ,e Q \ ' ):l d Q i ' ) .

Let. a be a solution of the simultaneouscongruences
(mod4)
a=l
a t
(mod p'i),
: lr(m) ' Because

where r is a primitive root of p'1'. We seethat ord- a
1 (mo d 4 ),
o x @ )/2
we know that
o x (n )/2 + _ l (m o d ru ).
(z)'
Consequently,the +1 - exponentof a is f
When ts 2
,,let a be a solutionof the simultaneouscongruences

a=3
-:
r
a
(mod2t')
(mod p'il;
We see
the Chinese remainder theorem tells us that such an integer exists.
:
ordthat
" ^::,:;,:':',i :i:':';:,*ll;:'l
',::';, ""n"'
Thus,
/2 + _t
ox('.'.)
(mod rc),
of a is tr(rn).
so that the 1l - exponent
F i n a l l y ,w h e n m : 2 ' o
ord-5 : X(na),but
8.tl we know that

with ts2 3, from Theorem
/4 - 1 (mod8).
/2 = 152)0(m)
5r(nr)
Therefore,we seethat
) / , + _ 1 ( m o dr u ) ;
5r(m
we concludethat the +1 - exponentof 5 is l(lz)'
This finishes the argument since we have dealt with all caseswhere m
not have a primitive root. tr
284
PrimitiveRoots
We now develop a system for splicing telephone cables. Telephone cables

are made up of concentric layers of insulated copper wire, as illustrated in
Figure 8.1, and are produced in sectionsof specifiedlength.
Figure8.1. A cross-section
of one layer of a telephonecable.
Telephone lines are constructed by splicing together sectionsof cable. When

two wires are adjacent in the same layer in multiple sections of the cable,
there are often problems with interference and crosstalk. Consequently,two
wires adjacent in the same layer in one section should not be adjacent in the
same layer in any nearby sections. For practical purpose,the splicing system
should be simple. We use the following rules to describethe system. Wires in
concentric layers are spliced to wires in the corresponding layers of the next
section, following identical splicing direction at each connection. In a layer
with m wires, we connect the wire in position j in one section, where
I < i ( rn to the wire in position S(j) in the next section,where S(i) is the
least positive residue of I + (j-l)s
modulo m. Here, s is called the spread
of the splicing system. We see that when a wire in one section is spliced to a
wire in the next section, the adjacent wire in the first section is spliced to the
wire in the next section in the position obtained by counting forward s modulo
m from the position of the last wire spliced in this section. To have a one-toone correspondencebetween wires of adjacent sections, we require that the
spread s be relatively prime to the number of wires z. This shows that if
wires in positions j and k are sent to the same wire in the next section, then
.S(j) : S (k) and
8.8 An Applicationto the Splicingof TelephoneCables
I + (j-l)s
I + (k-l)s
285
( m o dz ) ,
so that js = ks (mod m ). Since (m, s) : l, from Corollary 3.1 we seethat

j = k (mod z ), which is imPossible.
Example. Let us connect 9 wires with a spread of 2.
correspondence
I *l
4-7
7 -4
2-3
5*9
8*6
We have the
3*5
6-2
9-8.
This is illustratedin figure8.2.
Figure8.2. Splicingof 9 wireswith spreadof 2.

The following proposition tells us the correspondenceof wires in the first
section of cable to the wires in the n th section.
Proposition 8.2. Let S'(7) denote the position of the wire in the nth section
spliced to the 7th wire of the first section. Then
.S'(j) = I + (7-l)s'-r
(modz).
Proof. For n : 2, by the rules for the splicing system, we have

s 2 (j ) :
I + (r-l )s
(mo d rn ),
so the proposition is true for n : 2. Now assumethat

S'(j)
Then,
I + (7-1)sn-r (modla).
the next section, we have the wire in position S'(7)
spliced to the
286
PrimitiveRoots
wire in position
gn+r(r) = I + (,Sr(,r)-t),
=li f1;i)',*dm)
This shows that the proposition is true. D
In a splicing system, we want to have wires adjacent
in one section
separated as long as possible in the following sections.
After n splices,
Proposition8.2 tells us that the adjacentwires in the
7th and j+l th positions
are connected to wires in positions Sr(j) = I + (7_l)s,
(mod rn ) and
,s'(j+l):
I t jsn (mod m), respectively.These wiies are adjacent
in the
n th section if, and only if,
.S' (i ) - S ' i n (i + t) :
(mod m).
or equivalently,
(t + (j-l)s')
- (l+7sn) = + I
(modln),
which holds if and onlv if

sn:
tl
(modm).
We can now apply the material at the beginning of

this section. To keep
adjacent wires in the first section separatedas long as possible,
we should pick
for the spreads an integer with maiimar + l - .^ponrnt
\o(n).
Example. with 100 wires, we should choose a spread
s so that the f I
exponentof s is ro(too) : ^,(100) : 20. The appropriate
computationsshothat s : 3 is such a spread.
8.8 Problems
l.
Find the maximal t I - exponent of

a)
b)
c)
2.
t7
22
24
d) 36
e) 99
f) 100.
Find an integer with maximal * I - exponent modulo
il 13
il2s
8.8 An Application to the Splicing of Telephone Cables
e) 3 6
f) 6 0 .
b) 14
c) t5
3.
Devise a splicing scheme for telephonecables containing

a)
4.
50 wires
b)
76 wires
c)
125 wires.
Show that using any splicing system of telephone cables with ln wires arranged
in a concentric layer, adjacent wires in one section can be kept separated in at
most [ @-l)
/ 2] successivesectionsof cable. Show that when lz is prime this
upper limit is achievedusing the system developedin this section.

1. Findmaximal tl
2.
287
-exPonents.
Develop a scheme for splicing telephonecables as describedin this section.
Quadratic Residues
9.1 Quadratic Residues

Let p be an odd prime and a an integer relatively prime
to p. In this
chapter, we devote our attention to the question: Is a
a perfect square modulo
p? We begin with a definition.
Definition. If m is a positive integer, we say that
the integer a is a
quadratic residue of m if (a,/k) : I and the
ctngruence ,, = a (mod m)
has a solution. If the congruence x2 = a (moa
d has no solution, we say
that a is a quadratic nonresidue of m.
Example. To determine which integers are quadratic
residues of I l, we
co m put e t he s q u a re s o f th e i n te g e rs r ,2, 3,...,r0.
w e fi nd that
'
^
1 2 : 1 0 2 : t ( m o dt t ) , 2 2= 9 2 : i t , n o O - i i i , 3 2 : g 29 ( m o dl l ) ,
42: '12:5 (modll), and 52: 62= t frnoJrrl. Hence,
the quadratic
re s iduesof I I a re I, 3 , 4 , 5 , a n d 9 ; th e i ntegers
2, 6,7, g, and 10 are
quadratic nonresiduesof I l.
Note that the quadratic residuesof the positive integer

m arejust the ftth
power residuesof m with /<:2, as defined in Section
8.4. We will show that if
p is an odd prime, then there are exactly as many
quadratic residues as
quadratic nonresiduesof p among the integlrs r,2,...,p r. To demonstrate
this fact, we use the following lemma.
Lemma 9.1. Let p be an odd prime and a an integer
not divisible by p.
Then, the congruence
288
289
9.1 QuadraticResidues
x2= a (modp)
has either no solutionsor exactly two incongruent solutionsmodulo p.
Proof. lf x2 : c (mod p)
demonstrate that x : -r0
(-xo )':
*& = c ( m o d p ),
-x
s
( m od p) ,
fo r
xo #
( m od p) . T h i s i s
2 xo :0
has a solution, say x : xo, then we can easily

is a second incongruent solution. Since
w e s e e th a t -x s i s a sol uti on. W e note that
we
have
then
x o E -xs (mod p),
if
(since
p
xo
i m Po s s i b l esince p is odd and
tr
x & = a ( m o d p )a n dp t r a ) .
To show that there are no more than two incongruent solutions,assumethat
x : xo and x : xt are both solutions of x2 = a (mod p). Then, we have
x & = x ? = a ( m a d p ) , s o t h a t x & - x ? : (xo*x r) (xo-x r) = 0 (mod p).
so that x | :- -xe (mod P) or
or pl(xo-xr),
Hence, pl(xs+x1)
xr E xe (mod p). Therefore,if there is a solution of x2 = a (mod p), there
are exactly two incongruent solutions. tr
This leads us to the following theorem.
Theorem 9.1. If p is an odd prime, then there are exactly Q-l)12 quadratic
residues of p and Q-l) /2 quadratic nonresiduesof p among the integers
1 , 2 , ' . ' , p- l '
Proof. To find all the quadratic residuesof p among the integers 1,2,...,p-l
we compute the least positive residuesmodulo p of the squaresof the integers
1,2,...,p - l. Since there are p - | squares to consider and since each
congruencex2: c (mod p) has either zero or two solutions,there must be
exactly Q-D/2 quadraticresiduesof p among the integers 1,2,...,p-1. The
are
positive integers less than p-l
remaining p-l - (p-l)/zQ-l)lZ
quadratic nonresiduesof p. tr
The special notation associatedwith quadratic residues is described in the
following definition.
Definition. Let p b e a n odd prime and a an integer not divisible by p.
frl
The
L'J
f,l _ {
IrJ l.
Legendre symbol
is defined by
-l
I if a is a quadratic residue of p
if a is a quadratic nonresidueof p.
I o I
Example. The previousexampleshowsthat the Legendresymt' o r s
Itt ,J'
290
Q:
QuadraticResidues
l,
2,...,10,have the following values:
lrl :lrl :fol[",l-[,,l:[,J:
:
[+][#]:'
lal :fgl :f'l-f'l-f'ol

,
[,' ,l- [u ,J:[" ,l: l" ,J:l" ,l:-r
we now present a criterion for deciding whether
an integer is a quadratic
residueof a prime. This criterion is useful
in demonstratingpropertiesof the
Legendresymbol.
Euler's criterion' Let p be an odd prime and
let a be a positive integer not
d iv is ibleby p. T h e n
r
ob-D/27ôdp).
lgl=
lp )
Proof. First, assume that
rl
l* |
lp )
: t Then,thecongruence
x2 : a (modp)
has a solution,say x : ro. Using Fermat'slittle

theorem,we seethat
ob-r)/2 Hence, if
G l 1 < n - r t t ' :* B - t = t ( m o d p ) .
know that
o b -t)/2(modp).
Now consider the case where
: - t
Then, the congruence
l* I
x.2= a (modp) hasno solutions.o-i?{.orem
3.7,for eachintegeri such
that I
t < p-1, thereis a uniqueinteger with I
S
7
< j ( p_1, suchthat
ii - c(mod p). Furthermore,sin-cethe ioniruence L
*i
otiroo pl has no
solutions,
we know that i * j. Thus,*.."i
groupthe integersr,Z,...,p-l
i.nto(r -l) /2 pairs eachwith productc. Multipiying
thesepairs together,we
find that
(p-l)t
= ah-t)/21-odp).
W ils on' st he o re mte l l s u s th a t (p -l )t

-l
= _l (modp), w e seethat
= o b -t)/2 (mo dp).
291
9.1 Quadr at ic Res i d u e s
In this case,we also have |,"]
l . pJ
Exam ple. Lel p : 23

re l l s u s t hat
rs'l
a n d c :5 .
: -1 .
o$-t)/2(modp).
Since5ll :
-l
(mod 23), E ul er' scri teri on
H e n c e ,5 i s a q u a d ra ti cnonresi dueof 23.
l; l
We now prove some propertiesof the Legendre symbol.
Theorem 9.2. ilet p be an odd prime and a and b integers not divisible by p .
Then
:
( i ) i r a = D ( m o pd ) , t h e n
t;]
[;]
(ii) ["] fbI-f4)

lp)lp)
Lp )
(iii) f4l :,
Ip )
Pro of of 0.
lf a = D (m o d p ), th e n x 2 = a
(m odp)
l tut.,u
sol uti on i f and
Hence,l* I : l+ |
onlyif x2 = b (modp) hasa solution.
lp )
lp )
Proof of (iil. By Euler's criterion, we know that
(mod
(mod
p),
\ ' ^ ! v sp),
r l ' Iql = 6b-D/z
f al = o(o-r)/z
l.pJ--
V)-"
a nd
[ a ) = G D e - t ) / 2( m o dp ) .
Ip )
Hence.
- o$-t)/z6b-r)/z
: ltl
(modp).
: (ab1e-t)/z
lp )
Since the only possiblevaluesof a Legendresymbol are * I, we concludethat
292
QuadraticResidues
[;]itl:l+)
Proofof Gii).sincef:l : *r , frompart(ii) it follows
that
lp )
r-lr
)
lor)
l,): tflt?):,tr
Part (ii) of Theorem 9.2 has the following interesting

consequence.The
product of two quadratic residues,or of two quadratic
nonresidues,of a prime
is a quadratic residue of that prime, whereas the
product of a quadratic
residue and a quadratic nonresidueis a quadratic
nonresidue.
using Euler's criterion, we can classify those primes
having _ l as a
quadratic residue.
Theorem 9.3. If p is an odd prime, then
r)(
l-rl
f p J
l - ,
J r i f p :- - l l ( m o d 4 )
(mod4).
t-r if p
I
Proof. By Euler'scriterion,we know that

[ -'' ]
I
| = (-1)(r-t)/21-odp).
[r )
If p :
I (mod 4), then p :4k
* I for some integer ft. Thus,

(1){o-Dtz: (_l)2k : l,
r)
s ot h a t l + f : r . r f p = 3 ( m o d 4 )t,h e np : 4 k * 3
lp )
Thus.
1-9{o-D/t:
( - ,^ l
sothat |
| =-t.
Lp )
f o rs o m e
i n t e g ef r .
(-l)zk+t - -1.
tr
The following elegant result of Gauss provides

another criterion to
determine whether an integer a relatively prime to the prime
p is a quadratic
residueof p.
293
9,1 Qu adr at ic Res id u e s
(a ,p) : l. Ii s
Gauss' Lemma. LeI p be an odd prime and a an integer with
integers
the
is the number of least positive residues modulo p of
Q , 2 A , 3e,...,((p-D/Da that are greater than p/2, then the Legendresymbol
Irl
l-l=
= (-l)'.
lp )
Let u1, u2,...,1tsrepresent the least positive residues of the integers

a , 2a, 3 o, . . . , ( ( p- D / D a th a t a re g re a te rth a n p /2 , and l et v 1, v2,...,v;be the
least positive residues of these integers that are less than p 12. Since
(,r ( b-l)/2, allof theseleastpositiveresidues
Qa,p): I forall 7 with t
arein theset 1,2,...,P l.
proof.
W e w i l l s h o w t h a t p - u t , P - u 2 , . . . , P - u r , v 1 , v 2 , . ' . , vc1o m p r i s et h e s e t o f
integers 1,2,...,(p-D/2, in some order. To demonstratethis, it sufficesto
show that no two of these integers are congruent modulo p, since there are
exactly Q-l)/2 numbers in the set, and all are positiveintegersnot exceeding
(p-D/2.
It is clear that no two of the ai's are congruent modulo p and that no two
of the v;'s are congruentmodulo p;if a congruenceof either of thesetwo sorts
held, wb would have ma z na (mod p) where m and n are both positive
Since p tr a, this implies that
integers not exceeding Q-D12.
(mod
p) which is impossible.
7n - n
for if
In addition, one of the integers P - 4 cannot be congruent to a, vit
l)
such a congruence held, we would have ma 3 p --na (modp), so that
-n (modp) . This
ma t -na (modil. Sincep tr a, this impliesthat m
both m andn arein the set l, 2,...,(p-l)/2.
because
is impossible
Now that we know that p - U l , P - 1 1 2 , . . . ' P- U r , V l ,
i nteger sl, 2, . . . , ( p- l) 1 2 , i n some order. we conclude that
(P-')(P-uz)
' '
(p-u)v
1v2
vt :-
V 2 , ,. . . , V t
afe
the
t+l
(mod p ),
which implies that
( e . )l
BUt,
(-t)'ultz'
urv1v2
vt
s i n C e l l 1 , l l 2 , . . . r l l s ,v l , V Z , . . . r v t a r e
we also know that
a,2a,...,((p-t)/Da,
[n:i,
(mod p ).
z
f
the
least positive residues of
294
@.2)
QuadraticResidues
utuz'
L t , v t v 2 - . . vzt a . 2 a . . . 1 + 1 "
lz
)
p-r(
: oT l+lr (moo
p).
l.)
Henc e,f r om ( 9.1 ) a n d (9 .2 ), w e s e eth a t

p-t(
(-r)'a' lf
lL
Because(p,((p-D/DD:
lr= ll+lr(moap).
t
)
l, this congruence
impliesthat
(-t),a+:l
By multiplying both sidesby (-l)',
(modp).
we obtain
p-l
a 2
(-t)'(modp).
p-tr)
Since Euler's criterion tells u s t h a t a 2 :
r)
l i l ( m o dp ) , i t f o l l o w s t h a r
lp )
l * | = ( - l ) ' ( m o pd ) ,
tp )
establishing
Gauss
tr
Exampte.Let o:5
andp:
ll.
To find
by Gauss.
lemma,we
t+l
compute
the leastpositive
residues
of r.5,2.5: llslo s,and5.5. Theseare
5, 10, 4,9, and 3, respectively. Since.,exactlytwo
of these are greater than
ll/2,Gauss'lemm
t eal l su sr h a t
l+ |
l rr J
: (-l)2: l.
Using Gauss' lemma, we can characterize

all primes that have 2 as a
quadratic residue.
Theorem 9.4. If p is an odd prime, then
r)
lZl:(-1)g,-rvs.
[p J
29s
9.1 Qu adr at ic Res id u e s
Hence, 2 is a quadratic residue of all primes p :

+ 3 (mo d 8 ) .
quadratic nonresidueof all primes p
+ I (mod 8) and a
Proaf. From Gauss'lemma,we know that if s is the numberof leastpositive

residuesof the integers
r)
3.2,
...,l+1.'
1.2,
2.2,
\-
rl
areless
thataregreaterthanpl2,then l+ | : (-l)'. Sinceall theseintegers
lp )
than p, we only need to count those greater than p /2 to find how many have
least positive residue greater than p /2.
i s l e ss than pl 2w hen i 4 pl a.
Th e int eger 2j, wh e re I ( 7 ( b -l )/z ,
less
than p /2. Consequently,there
in
the
set
Hence, there are Ip /41 integers
n-l
are s
L
that
: (-D+-tP/al
To prove the theorem, we must show that
2).
' 4 - = {p'-1)/8(mod
+ 2 - el
To establish this, we need to consider the congruence class of p modulo 8,
since, as we will see, both sides of the above congruencedepend only on the
congruenceclass of p modulo 8.
W e f i r s t c o n s i d e rb ' - l ) / 5 .
is an integer,so that
I f p = + l ( m o d 8 ) , t h e np : 8 k
(p'-l)/8 - ((sk+t)2-t)/8: G+k2+r6k)/8:8k2+ 2k:0

If p :
+ l w h e r ef t
( m o d2 ) .
+ 3 (mod 8), then P : 8k + 3 where k is an integer,so that
(p'-l)/8
: ((st + iz-D/s:
: I (mod 2).
Nowconsider
+
integer k and
l'
- b /ql. rf p
(64k2+ 48k + 8)/8 :8k2 + 6k + l
I ( m o d8 ) , t h e np : 8 k
+ | for some
296
QuadraticResidues
d - - t p / + l : 4 k - l z t c + t / 4 1: 2 k = ( m o d
0
2);
2
if p :3
( m od 8 ), th e n p : g k * 3 fo r
s o mei ntegerk, and
- b / q l : 4 k + I - t 2 * + 3 / 4 :1 2 k + l = ( m o d
I
2);
l f p = 5 (mod 8), then p : Bk f 5 for some integer

k, and
n-l
-tp/ql : 4k + 2 - [ztc+ S/4]:

2k +l = I (mod2);
i f p = 7 (mod 8), then p : Bk * 7 for some integer k,

and
n-l
- lp/ql:4k + 3 - Izn + 7/41:2k

+ 2 = 0 (mod2).
Comparing the congruence classesmodulo Z of

*
for the four possiblecongruenceclassesof the odd
that we alwavs nar"
b/ql
- Ip /41 and (pz-D

/A
g,
p
modulo
we see
irime
= {pr-1)/8 (mod 2).
Hence,(Z) : 1-1y(r,-r)/8
.
p
From the computations
of the congruence
classof (pz_l) /g
2), w e see
,(mod
that
if
p:+l(mod8),
l3l:l
while
-,
l?): if
lp )
p = r 3 (mod8). tr
Example. From Theorem9.4,we seethat
while
: [+]-[*):[+]
:,
[+]
:
f+l:f+l:fal :fzl : [+]
[3J [sJ It'.l
( "L. l
Ir,l-
l:_.1
[2eJ
We now present an example to show how to evaluateLegendre

symbols.
Exampte.To evaluatef+1,
Iu )'
we usepart (i) of Theorem 9.2 to obtain
297
9.1 Quadr at ic Res id u e s
lvt
|."
To
lg
L'
rt2
= | 3 | : t . s i n c e3 1 7= 9 ( m o d1 l ) .
lilJ
Iesl
evaluate
lii l,
since 8e: -2 (mod13)'
we
have
e.3
t3 = I (mod4), Theorem
t1l [U l. Because
t
3
1
3
. L , lI J
I
: t. Since 13 = -3 (mod 8), we see from Theorem 9.4
,n
., fql :_1.
Consequently,
[ ,, t
In the next section, we state and prove a theorem of fundamental

importance for the evaluation of Legendre symbols. This theorem is called
the law of quadratic reciProcitY.
The difference in the length of time needed to find primes and to factor is
the basis of the RSA cipher discussedin Chapter 7. This differenceis also the
basis of a method to "flip coins" electronically that was invented by Blum [821.
Results about quadratic residuesare used to developthis method.
Suppose Ihat n : pq, where p and q are distinct odd primes and suppose
t h a t t h e c o n g r u e n c ex 2 = a ( m o d n ) , O 1 a 1 t t , h a s a s o l u t i o nx : x 0 .
We show that there are exactly four incongruent solutions modulo n. To see
1p,
and let xoEx2(modq),
0(xt
this, let xoExl(modp),
(mod p) has exactly two
(
=
x2
a
congruence
x2 < q. Then the
0
' and
(mo
d
p
)
z
x = P -x1 (modp).
x
x
'
n
a
m
e
l
y
i nco ngr uent s olut ion s ,
Similarly the congruence x2 : c (mod g) has exactly two incongruent
solutions,namely x 2 xz (mod q) and x = Q - x2 (mod g).
From the Chinese remainder theorem, there are exactly four incongruent
solutions of the congruencex2 = a (mod n) ; these four incongruent solutions
are the unique solutions modulo pq of the four sets of simultaneous
congruences
x
x
(ii)
x
x
(mod p)
(mod q)
x 1 (m o d p )
Q x z (mo d q )
(iii)
x = p - x 1 ( m o dp )
x z x z (mod q)
(iv)
x
x
- x1 (mod p)
- x2 (modq).
We denote solutions of (i) and (ii) by x and y, respectively.Solutionsof (iii)

and (iv) are easily seento be n-y and n-x, respectively.
298
QuadraticResidues
We also note that when p = q =

3 (mod 4), the solutions of
x 2: a ( m odp ) a n d o f x 2 : a (mo d q )
ur" , - ;' o< i * r\to (modp) and
x = t oQ+1)/4(mod g), respectively. ny
eut.r,, criterion, we know that
oQ-D/2- l:l:
lp)
I (mod
p
r ) a n d o e - D / z -l + l : l
lq)
l at
^ \ r(rm
r vo
u Yd/ q )( r e c atl h
we are assuming that x2 : a (mod pq)

hur'
solution, so that a is a
quadratic residueof both p and q) .
"
Hence.
1 o V + r ) / t 7:2 e Q + D / 2- o b - D / z . a = a
( m o dp )
1 o Q + t ) / t 1:2 e Q + o / z: o e - D l z . a = a
(modq).
a nd
Using the chinese remainder theorem, together

with the explicit solutions
just constructed' we can
easily find the four incongruent solutions
of
x2 = a (mod n) . The following example illustrates
this procedure.
Example' Supposewe know a priori that the
congruence
x2 = 860 (mod I l02t)
h as a s olut ion's i n c e 1 1 0 2 1:1 0 3 ' 1 0 7 ,
to fi nd the four i ncongruentsol uti ons
we solve the congruences
x2 :860
= 36 (mod103)
and
x2:g60:4(modl07).
The solutionsof these congruencesare
; :
+ 3 6 ( r o : + D / q - + 3 6 2 6 = + 6 (mod
103)
and
r = + 4Qo7+D/a
= t
427: * 2 (mod 107),
respectively. Using the chinese remainder

theorem, we obtain x 4 *. 2r2,
* 109 (mod ll02l) as the solutions of the
four systems of congruences
described by the four possible choices of signs
in the system of congruences
x = + 6 ( m od 1 0 3 ),x = + 2 (mo d 1 0 7 ).
we can now describe a method for electronicaily
flipping coins. suppose
that Bob and Alice are communicating electronically.
etice !i.t, two distinct
299
9.1 QuadraticResidues
large primes p and q, with p = q = 3 (mod 4). Alice sendsBob the integer
n : pq. Bob picks, at random, a positive integer x less than n and sends to
Al i ce the int eger a w i th x 2 : a (m o d n ),0 ( a I n. A l i ce fi nds the four
sol u ti o nsof x 2 = a ( mo d n ), n a me l yx , !, fr-x , a nd n-y. A l i ce pi cksone of
: 2* #
t
these four solutions and sends it to Bob. Note that since x + y
(
m
o
d
q
,
s
i
m
i
larly
(
m
o
d
p
)
a
n
d
=
q
)
,
h
a
v
e
w
e
y
+
0
G
+
y
,
n
)
:
x
a
n
d
0
:
rapi
dl y
y
he
can
or
n-y,
e
i
th
e
r
re
c
e
i
v
e
s
p.
i
f
B
o
b
Th
u
s
,
n)
G+h -y) ,
factor n by using the Euclidean algorithm to find one of the two prime factors
of n. On the other hand, if Bob receiveseither x or n-x, he has no way to
factor n in a reasonablelength of time.
Consequently,Bob wins the coin flip if he can factor n, whereas Alice wins
if Bob cannot factor n. From previous comments, we know that there is an
equal chance for Bob to receive a solution of x2 = a (mod n) that helps him
rapidly factor n, or a solution of x2 = a (mod r) that does not help him
factor n. Hence, the coin flip is fair.
9.1 Problems
l.
Find all the quadratic residuesof

a)
b)s
c)13
d) te.
r.t
: 1,2,3,4,5,and
6.
symbols
2. Findt he v alueof t h e L e g e n d re
l + I,fo r7
3.
Evaluate the Legendre symbol

il
using Euler's criterion.
b)
u s i n gG a u s s ' l e m m a .
4.
Let a and b be integers not divisible by the prime p. Show that there is either
one or three quadratic residuesamong the integers a, b , and ab .
5.
Show that if p is an odd prime, then

-1
6.
(
ll
l-r
ifp
itp
I or 3 (mod 8)
-l or -3 (mod 8).
Show that if the prime-power factorization of n is
pl"*t ' " pi"*tpili'

n : p?"*t
and q is a prime not dividing n, then
)r
Pn
300
QuadraticResidues
lorl
t7l
7 . S h o w t h a t i f p i s p r i m e a n dp - 3 ( m o d 4 ) , t h e n
te_0/Zll
= (_t), (modp),
where I is the number of positive integers less
than p /2 that are quadratic
residuesof p.
8 . show that if b is a positive integer not divisibre by the prime

p, then
. l p ) i+l.
i*l
l p ) l+1.
[pJ
:o
+If"'-pol
p ) "
9 . Let p be prime and a a quadratic residue of p.

Show that if p = | (mod 4),
then -a
is also a quadratic residue of p, whili it p = 3 (mod

i), th"n _a is a
quadratic nonresidueof p.
1 0 . Consider the quadratic congruence ax2 * bx * c =

0 (modp), where p is
prime
il
b)
and a,b, and c are integers with p a.

I
Let' p :2.
Determine which quadratic congruences(mod 2)
havesolutions.
Let p be an odd prime and let d : b2 - 4ac.
show that the congruence
axz + bx * r
0 (mod p)
is
equivarent
to
the
congruence
=
y2 = d (modp), where y :2ax t b.
Concludethat if d =0 (modp),
then there is exactly one solution x modulo p, if
d is a quadratic residue of
p, then there are two incongruent solutions,
while if d is a quadratic
nonresidueof p, then there are no solutions.
Find all solutionsof the quadratic congruences

a)
b)
x2+ x*l=0(mod7)
x2+5x+l:0(mod7)
c)
x2+3x+l=0(mod7).
12. Show that if p is prime and p 2 7, then

a)
there are always two consecutivequadratic residues p

(Hint: First show
of
that at least one of 2,5,and r0 is a quadratic residu.
oip.)
b)
there are always two quadratic residuesof p that differ

by 2.
c)
there are always two quadratic residuesof p that differ

by 3.
1 3 . Show that if a is a quadratic residue of the
p, then the solutions of
x2 = a (mod p) are
il
x E - F a n + l ( m o dp ) , i f p : 4 n
b)
x E * 2 2 n + r o n +(rm o d p ) , i f p : g n
* 3.
* 5.
301
9.1 Ouadratic Residues
|4.Showthatifpisaprimeandp:8n*l,andrisaprimitiverootmodulop,
then the solutionsof x2 = I 2 (mod p) are given by
x E t
(r1n t
r ' ) ( m o dp ) ,
where the * sign in the first congruencecorrespondsto the + sign inside the
parenthesesin the secondcongruence.
15. Find all solutionsof the congruencex2 = I (mod l5).
16.
Let p be an odd prime, e a positive integer, and a an integer relatively prime to

p.
a)
Show that the congruencex2: a (modp"), has either no solutions or

exactly two incongruent solutionsmodulo p".
b)
Show that there is a solution to the congruence x2 = a (mod p'*') if and

only if there is a solution to the congruencex2 = a(mod p"). Conclude
that the congruencex2 = c(modp") has no solutionsif a is a quadratic
nonresidueof p, and exactly two incongruent solutions modulo p if a is a
quadratic residueof p.
c)
Let n be an odd integer. Find the number of incongruent solutions modulo

n of the congruencex2 = a(mod n), where n has prime-powerfactorization
| !-l
lgl
' a - - - symbols
n : p'ipti ' . ' p';, in terms of the Legendre
J
l[p, j""', lo.
)'
t 7 . Find the number of incongruent solutionsof

il
b)
c)
d)
x2
x2
x2
x2
3l (mod 75)
16 (mod 105)
46 (mod 231)
= l156 (mod 32537stt6).
:
:
1 8 . Show that the congruencex2 = a(mod 2"), where e is an integer, e 2 3, has

either no solutionsor exactly four incongruent solutions. (Hint: Use the fact that
( * x ) 2 : ( 2 e - t* x ) 2 ( m o d 2 " ) . )
Show that there are infinitely many primes of the form 4k * l. (Hint: Assume
* l, and
t h a t p t , p 2 , . . . , p na r e t h e o n l y s u c h p r i m e s . F o r m N : 4 ( p p z " ' P ) 2
show, using Theorem 9.3, that N has a prime factor of the form 4k * I that is
not one of p1,p2,...,pn.)
20. Show that there are infinitely many primes of the form
a)
8k-l
b)
8&+r
c)
8fr+5.
(Hint: For each part, assumethat there are only finitely many primes Pr,P2,...,Pn
- 2, for part (b),
of the particular form. For part (a) look at @ppz"'P)2
(
p
p
z
"
'
p
,
)
z
(
c
)
,
+ 4. In each
* 2, and for part
l o o ka t
l o o ka t ( p r p r " ' p ) 2
302
Quadratic Residues
part' show that there is a prime factor

of this integer of the required form not
among the primes pr,p2,...,pn use Theorems
9.3 and 9.4.)
21. Show that if p is an odd prime,.then
the congruencex2 = a (modpn) has a
solution for all positive integers n if and only
if a" is a quadratic residue of p.
22' show that if p is an odd prime with primitive
root r , and a is a positive integer
not divisibleby p, then a is a quadratic
residue of p if and onty irino"a is even.
23' Show that every primitive root of an
odd primep is a quadratic nonresidueof p.
24. Let p be an odd prime. Show that
there are (p-D/z _ 6e_D
quadratic
nonresiduesof p that are not primitive roots
of p.
25'
26'
27'
Let p and' q :2p * I both be odd primes.

Show that the p-l primitive roots
of q are the quadratic residuesof g, other
than the nonresidue2p of q .
show that i! p and' q - 4p
I are both primes and if a is a quadratic
.*
nonresidueof q with ordoa * 4,thena
is a primitive root of q.
Show that a prime p is a Fermat prime if
and only
if every
- '-'J quadratic
J -1-*uras1 nonresidue
of p is also a primitive root of p.
.
28. Show that a prime divisor p of the Fermat

number Fn : 22.* I must be of the
form
(Hint, show that
2n+2k+ r.
irioz - 2n+1. Then show that
2$-tttz = I (mod p) using Theorem 9.4.
conclude that 2n+tle-D/2)
29. a) Show that if p isa primeof the form4ft *
3 and q :Zp * I is prime, then
q dividesthe Mersenne number Mo :
2p-L (Hint: Consider thl Legendre
s y m b o ll : 1 . )
lq)
Frompart (a), showthat nl Mr,47l M23,and
5031 Mrr.
30. S how t hat if n i s a p o s i ti v ei n te g e ra n d
2n* r i s pri me,and i f n s0 or
3( m od4) , t h e n 2 n * | d i v i d e sth e M e rs enne
numberMo:2n_1, w hi te i f
j
l
n
o r 2 ( m o d 4 ) , t h e n * I d i v i d eM
s n * 2 : 2 n t L ( H i n t :C o n s i d e r t h e
r2n
Legendresymbol
useTheorem9.4.)
l+
|
l z n + r ) "na
Showthat if p is an odd prime,then
b)
-2
'p >
(.'.
t-"- [
(Hint:Firstshow
thar
f+l
I P
p).
32'
-'
l / ( i + l ) l : _ , .'
:
J
*n".r7-is
- " aninverse
of 7 modulo
[+l
t P )
Let p be an odd prime. Among pairs of consecutive

positive integers less than p,
let (RR), (RN), (NR), ano (Nu) denote the number
of pairs of two quadratic
303
9 .1 Q uadr at ic Res id u e s
residues, of a quadratic residue followed by a quadratic nonresidue, of a

quadratic nonresidue followed by a quadratic residue, and of two quadratic
nonresidues,respectively.
Show that
il
b)
(RR) + (RN)
(NR) + (NN)
(RD + (NR)
l<n-r>'r
(RN) + (NN)
lr-u
lU-'-t-17{n-r\/21
-'*t-11{r-D/21
lb
Using problem 30, show that

't
,il^ ( t(t+l)
- + (NN)- (RN)- (NR): -r.
l
| : (no
P
t:' I
)
c)
From parts (a) and (b), find (RD, (RN), (NR), and (NN).
3 3 . Use Theorem 8.15 to prove Theorem 9.1.

3 4 . Let p and q be odd primes. Show that
a)
2 is a primitive root of q, if q : 4p * 1.
b)
2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 / < * I a n d Q : 2 p
c)
- 2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 k - I a n d Q : 2 p
d)
-4 is a primitive root of q, if q : 2p * | '
* l.
* l.
35. Find the solutionsof x2 = 482 (mod 2773) (note that 2773:41'59).
36. In this problem, we develop a method for deciphering messagesencipheredusing
a Rabin cipher. Recall that the relationship between a ciphertext block C and
is
Rabin
cipher
in
a
P
block
corresponding plaintext
the
C = P Q+O) (mod n), where n: pq, p and q are distinct odd primes, and b
is a positive integer less than n.
(modn), and 2 is
a)
Show that C *a 3 (f+6)2(modn), wherea =(lD2

an inverseof 2 modulo n.
b)
Using the algorithm in the text for solving congruences of the type
x2 = a (mod n), together with part (a), show how to find a plaintext block
P from the correspondingciphertext block C. Explain why there are four
possible plaintext messages. (This ambiguity is a disadvantage of Rabin
ciphers.)
c)
Using problem 35, decipher the ciphertext message 1819 0459 0803 that
w a s e n c i p h e r e du s i n g t h e R a b i n c i p h e r w i t h D - 3 a n d n : 4 7 ' 5 9 : 2 7 7 3 .
304
QuadraticResidues
37'
Let p be an odd prime and let c be the ciphertext

obtained by modular
exponentiation, with exponent e and modulus p,
from the plaintext p, Le.,
c = p' (modp),0 < c ( n, where(e,p-l) :1.
show tnalc is a quadratic
residue of p if and only if p is a quadratic residue p
of .
38'
a)
b)
39'
Show that the second player in a game of electronic poker (see

Section 7.3)
can obtain an advantage by noting which cards have
numerical equivalents
that are quadratic residuesmodulo p . (Hint: Use proble
m 37.)
Show that the advantage of the second player noted
in part (a) can be
eliminated if the numerical equivalents of cards
thai are quadratic
nonresiduesare all multiplied by a fixed quadratic nonresidue.
Show that if.the probing sequencefor resolving collisions

in a hashing scheme is
h1(K) = h(K) + ai * biz (modn), wherJ n<x>
i r u 6 u r t i n g *f u n c t i o n ,z i s
a positive integer, and a and 6 are integers with (b
,m) : l, thJn only half the
possible file locations are probed. This is called
the quadratic search.

l.
Evaluate Legendre symbols using Euler's criterion.
2.
Evaluate Legendre symbols using Gauss' lemma.
3'
Flip coins electronically using the proceduredescribed

in this section.
Decipher messagesthat were encipheredusing a Rabin
cipher (see problem 35).
4'
9.2 The Law of QuadraticReciprocity

Ol elegrant.,
theorem of Gauss relates the two Legendre symbols
f
| 9 I "'o | * I, wherep and,q are both odd
This theorem, called
lq)
lp)
the law of quadratic reciprocity, tells us whether

the congruence
x2 : p (mod q) has solutions, once we know whether
there are solutions of
the congruencex2 = p(mod q), where the roles of p and q
are switched.
We now state this famous theorem.
The Law of Quadratic Reciprocity. Let p and q be odd prirnes.
Then
^,
,l
lzlle_l_ eD-, .
f
)f
tq ) lp )
p-t.q-l
305
9.2 The Law of Quadratic Reciprocity
and its use. We

Before we prove this result, we will discussits consequences
=-l(mod
4) and odd
is even when p
first note that the quantity Q-D/2
we see that
when p = i(mod 4). Consequently,
+
p =t (mod4) or q = | (mod4), while +
+
is even if
+
is
odd if
p = q = 3 (mod 4). Hence, we have
(orboth)
Jr rf p:l(mod4)orq=t(mod4)
l-t irP:q=3(mod4)'
.|
t l, weseethat
values l+'l uno [+
Sincetheonlypossible
l p ) "r.
" lq)
folInl
|.;l F)--
{r
I l"l
t t p = t ( m o d 4 ) o r q = t ( m o d 4 ) ( o rb o t h )
[n-l:.lt'.o'.,
lq,|
l-["I uo =q=3(mod4).
I tp J
both
primes,
then [+l : [*'l
Thismeansthat if p andq areodd
l q , ) . , l P J ,""t.ss
: -[;]
4,andinthat.ur.,
to 3 modulo
q arecongruent
p and
[t]
Example. Let p:
13 and q:17.
Since =rq = | (mod4), the law of

,P
:
Frompart(i) of rheorem
tellsusthat
quadratic
reciprocity
| # 'I I\ i+ 'l.'
lq \
e . 2 , w e k n o w t. l I t t ' l
i:11
,;il1l;
1""""
r ;:il ;:.'il.":'_.
followsthat
l",J:
/\\
t h a tl * l : t
|.,, j:
I I/ J
4) , from the law of

Example. Let P : 7 and Q : 19- Sincerp = q = 3r(mod
)
that :- I 12 l. From Dart (i) of

L7 )
lil
using the iaw of quadratic
Again'
I:
) l+l
quadratic reciprocity, we know
9.2,weseethat t+
Theorem
l./
306
Quadratic Residues
: [+]
+J
reciprocity,since5 = l(mod 4) and 7 = j(mod

4), we have
part ., (i) of Theorem
f-T
2.2 and Theorem 9.4, we know that
r' rrv','lvutrl
[5J
[5J
l+l - l?l : -' Hence

[+l : ,
we can use the law of quadratic reciprocity

and Theorems 9.2 and 9.4 to
evaluate Legendre symbols. Unfortunately, "pii..
factorizations must be
computed to evaluate Legendre symbols in
this wav.
Example.We will calculate

l:rt
73: 233"";;,;,"_ ,"Jm,::""::1,:'j:;:"'"""
, wefactor
[+l :[+l :l-,' lfg-l
IrooeJtroorJ- [t*n,Ji,*r,J
To evaluate the two l-sgsndre symbors
on the right side of this equarity, we
use the law of quadratic reciprocity. Since
tOoq i I (mod 4), ;. see that
Izt ] frooeIIr' l:[1ql

=
Irooej:tr ,|'lrootj l3r )
Using Theorem 9.2, paft (i), we have
Irooql lzol
lx ,l:t",l
By parts (ii) and (iii) of Theorem9.2.
:[+]
[+]
lpl :lzri :l
123) [zr )- t
The law of quadratic reciprocity, part
tell us that
[' l-
(rtl
IzrJ- ITj
and Theorem 9.4
:t+]
: -1
9.2 T he Law of Q u a d ra ti c R e c i p ro c i ty
307
Likewise, using the law of quadratic reciprocity, Theorem 9.2, and Theorem
9.4, we find that
-: fll ::
lul
|.r' ,| |.tt .|
lzl:
[+]: [+][+]-[+]: [+]: [+]
:-[+):-'
l3 J
consequently,
[*]
(-
:
\
Therefore,
I : t-r)(-l) : t
l#
[,009 )
We now present one of the many possibleapproachesfor proving the law of

quadratic reciprocity. Gauss, who first proved this result, found eight different
what was facetiously
iroofs, and an article published a few years ago offered
ialled the l52nd proof of the law of quadratic reciprocity. Before presenting
the proof, we give a somewhat technical lemma, which we use in the proof of
this important law.
Lemma
then
rfp
an odd prime and a is an odd integer not divisible by p,
r)
lgl:
lp)
1-11rb'il,
where
Tb,p)
(P-r) /2
j -r
integers
the
least positive residues of
Consider the
Proof.
p
greater
than /2 and let
It, be those
a , 2 a , . . . , ( ( p - l )l D a ; l e t u1, 112,...,
tells
us that
v t, v2,...,v, be those less than p /2. The division algorithm
ja : pljo lpl + remainder,
where the remainder is one of the uj's or vj's. By adding the Q-l)/Z
equationsof this sort, we obtain
308
QuadraticResidues
@-D lz
(e.3)
.Z ia:
r-'
b-D /2
a p f , i a / p* ilju: l i + i v 1j : l.
J-t
As we showedin the proof of Gauss'lemma,the

integersp _ ur,...,p _ us,
vt,...,vt are precis.ely
the integers1,2,...,b-l)/2, ii someo.j... Hence,
summingall theseintegers,we obtain
(e.4)
b-r)/2
\ Q-u)+ ) vi:ps- i q+
!,r1.
j:r
j_r
j:l
i:
j :Z
r
t*l
Subtracting (9.4) from (9.3), we find that

g_r)/z
(p_D/2
(p_D/2
j:t
j-t
j_t
or equivalently,
sinceT(a,p) :t')''
j _l
Ija/pl,
i'l
.
(a-l)
(p-t) /2
j: I
j:r
Reducing this last equation modulo 2, since

a and,p are odd, yields
o = T(a,p) - s (modD.
Hence,
T(a,p) =s
(mod2).
To finish the proof, we note that from Gauss, lemma

|,)
tLl:
tp )
Consequently,
(-t)"
(-t)'.
: (-1)r6,e), it follows that
r)
lgl:1-1;r(a,r). g
lp )
Although Lemma 9.2 is usedprimarily as a tool in
the proof of the law of
quadraticreciprocity,it can alsobe usedto evaruate
Legend^re
symbols.
Example.To find
the sum
|'+ I , usingLemma9.2, weevaluate
l'^
The Law of OuadraticReciprocity
5
j-1
309
1 7j / r r l : I 7l u l + t r 4 / r t l + I 2 r l t l l + [ 2 8 / l l ] + t 3 s / l 1 l
:0+ I + I +2+3:7.
(tl
H e n cle+,l : ( - l ) 7 : - 1 .
L"
to find I + t, wenotethat
Likewise,
l./ )
3
: lrrl7l + t22l7l+ l33l7l: 1 * 3 * 4 - 8,

) tr rilll
j:l
r)
s ot h a rt + | : ( - l ) 8 : l .
L/ )
Beforewe presenta proof of the law of quadraticreciprocitY,we use an

exampleto illustratethe methodof proof.
Let p : 7 and Q : ll. We consider pairs of integers k ,y) with
llll
7-l :3
: 5 . T h e r ea r e 1 5 s u c hp a i r s ' W e
l(x<;:3andl(Y
'- andI ( v <
2
:7y
note that no-n.of thesepairs satisfyllx : 7y, sincethe equalityllx
i.pfi"r that 1t l1y, so tirat eitherit I Z, whichis absurd,or 11 ly, whichis
impossiblebecauset ( y ( 5.
We dividethese15 pairs into two groups,dependingon the relativesizesof
llx and7y.
The pairs of integersG,y) with I ( x < 3, I ( y { 5, and llx > 7y
urc pr..isely thosepairs satisfyingI ( x ( 3 and 1 ( y ( 11xl7. For a
fixed integerx with 1 ( x ( 3, there are lttx/ll allowablevaluesof y.
Hence, the total number of pairs satisfying I ( x < 3, 1 ( / ( 5, and
llx ) 1y is
3
+ I33l7l: I * 3 + 4 : 8;
2 tt tlTl : ttt/tl + 122/71
j:1
(3,4)'
thes eeight pair s ar e (l ,l ), (2 ,D , (2 ,2 ), (2 ,3 ), (3 ,1), (3,2), (3,3) and
The pairs of integers G,y) with I ( x < 3, I ( y ( 5, and llx 1 7y
For a
*r. pr..isely those pairs satisfying I ( y ( 5 and 1 ( x 4 7y /tt.
allowable values of x.
fixed integer y with I ( y ( 5, there are lly/ttl
Hence, the total number of pairs satisfying I ( x < 3, I ( y ( 5, and
llx ( 7y is
310
Quadratic Residues
5
j-r
ltj /ttl : Ij lrrl + [ t L l t r ] + [ 2 r / r t l+ I 2 8 l n] + [ 3 s l l1 ]

:0*l
+ 1+ 2*3:7.
Thesesevenpairs are (l,2) , ( 1 , 3 ) ,( 1 , 4 ) ,( 1 , 5 ) ,( 2 , 4 ) ,( 2 , 5 ) ,a n d ( 3 , 5 )

Consequently,we seethat
1l-1
35
7-l
1 5: ) t r r j l l l + > l t j l t l l : 8 * 7 .
j-r
j-r
T;:5'3:
Hence,
rr-l .7-l
(_t)
2:(_l);*'
i,rrrr,r,* i, rtinl
i-l
35
2lni/tl
)Iti/rrl
(- I )i-'
(- I )r-'
3
Since Lemma
(t
'l
l#l
r,'J
g.2
t e l l s rrs
.^
5t/
: ( -.1. )I it-ttr,rw"et s e e t h a t
+
L^+ | rr I
that
17 |
Z,'rj/tl
: (-1;r-t
lI t ll fl r r" l | : ( - t )
[11J|.7 )
and
t-'rr-r
2
This establishesthe special case of the law of quadratic reciprocity when

p:7andq:ll.
We now prove the law of quadratic reciprocity, using the idea illustrated in
the example.
We consider pairs of integers (x,y) with I ( x ( Q -l) /2 and
o -l
such pairs. We divide t-hesepairs
I ( y ( ( q - D/ 2. T h e re u r" 2 -l
;
T
into two groups, dependingon the relative sizesof qx and py.
Proof.
First, we note that qx I py for all of these pairs. For if qx : py, then
q l p y , w h i c h i m p l i e st h a t q l p o r q l y .
H o w e v e r ,s i n c e q a n d p a r e
w e know
di s t inc t pr im es ,w e k n o w th a t q l p ,a n d s i n c e I ( y ( (q-i 12,
that q I y.
w i th I ( x ( Q-I)/z,
To enum er at e th e p a i rs o f i n te g e rs (x y)
-l)
(q
(
(
y
1
/2, and qx > py, we note that these pairs are precisely those
(p-l)/2and
(
(
x
For each fixed value of the
I (y
where I
4qx/n.
(
with
are
1
x 4 b-1012, there
Iqx/pl integers satisfying
integer x,
(
number
of pairs of integers G,y)
y
qx
total
the
Consequently,
I
4
/n.
311
9.2 The Law of Quadratic Reciprocity
withl (x
( Q-D/2,andqx>
( Q-D/2,t (v
Q-t)t2
Pvis
Iqilpl'
?,
-l) 12,
We now considerthe pairs of integersG,il with 1 ( x ( b
1 ( y ( (q-D 12,and qx < py . These pairs are preciselythe pairs of
i n t e g l r sG , i l w i t h 1 ( y ( ( q - D / Z a n d 1 ( x 4 p y l q . H e n c e , f o r e a c h
-1) 12, there are exactly
fixed value of the integer y, where I ( y ( (q
(
shows that the total
This
py
x
I
4
lq.
lpy lql integers x satisfying
(q-t)/z,
(
(i,y)
(
x
I
with
b-D/2,1 (y (
nurnu..of pairselil/r.g"rt
andqx < py is
j- r
Adding the numbers of pairs in these classes,and recalling that the total
' = rt ' + ,w e
s e eth a t
numb er of s uc h pair s ,,
')''
j-|
,r,,d:+'+
hilpt*'ni''
i-r
or using the notation of Lemma 9.2,

p-l .q-l
22
T(q,p) + TQ,q) Hence,
1-11r{n'c): (-t)
,-t1rQ'il+r@,q): (- 11r(e'n)
Lemma 9.2 tellsus that 1-1yr(a,r):
f
lf
["'l
lp J
lzll4l:(-t)
l . qJ l . pJ
p-l .q-r
22
."0 1-gr{o.o): [" .|
H ence
lq)
P-t.q-l
2 2
This concludesthe proof of the law of quadratic reciprocity. n

The law of quadratic reciprocity has many applications. One use is to prove
the validity of the following primality test for Fermat numbers.
Pepin's Test. The Fermat number F^ : 22' + I is prime if and only if
3 G' -r)1 2 : -l
(m o d F - ).
proof. We will first show that F* is prime if the congruencein the statement
of the theorem holds. Assume that
312
QuadraticResidues
3G^-r)/2: -l
(mod F*).
Then, by squaring both sides,we obtain

3F.-1 = I (mod F*).
From this congruence,we seethat if p is a prime dividing F*,then
3F.-l = I (modp),
and hence,
ordo3 | {f ^-I)
: 22'.
Consequently,ordr3 must be a power of 2. However,
ordo3tr2''-': (F^-D/2,
since 3G^-t)/2 - -l (mod F*) .
Hence, the only possibility is that
o 1do3: 22^ : F ^ - l . Si n c e o rd o 3 : F m-t ( p - I and p F*, we see
I
that p : F^, and consequently,F^ must be prime.
C o n v e r s e l y , i fF r : 2 2 ' *
reciprocity tells us that
(e.5)
I is prime for m )
l , t h e n the law of quadratic
:[+]
t*l:[+J
since F^ = | (mod 4) and F^ = 2 (m o d 3 ).

Now, using Euler's criterion, we know that
(e.6)
t*l
3 G' -t)/' (-o d
F-).
From the two equationsinvolving I I I (9.5)and (s.e),we conclude that
[". j'
_ _1 (mod
3(J'._r)/2
F).
This finishesthe proof.
E x a m p l e .L e t m : 2 .
tr
Then F2: 2 2 ' + l : 1 7 a n d
aFr-t)lz _ 3 8 :
-1 (mod l7).
9.2 The Law of QuadraticReciprocity
313
By Pepin'stest, we seethat F2 : l7 is prime'

: 4 2 9 4 9 6 7 2 9 7W
- e n o t et h a t
Let m :5. Then Fs:22' + l:232 t I
-l (mod 4294967297).
3G,-D/2: 12": 32t4148364810324303 *
Hence, by Pepin'stest, we seethat F5 is composite'
9.2 Problems
l.
Evaluate the following Legendre symbols
a,
d)
[-u]
e)
f:ul
[ 6 4 r. J
[*]
u,[+l
c,t*l
2.
l e e rJ
Iros]
l*'l
prime, then
Using the law of quadratic reciprocity, show that if p is an odd
:
[;]
3.
{lii
p = tl (mod 12)
p = t 5 ( m o d 12 ) .
Show that if p is an odd Prime, then
[-r I :
[7J
{l
ifp=t(mod6)
if p = -l (mod 6).
4. Find a congruencedescribing all primes for which 5 is a quadratic residue'

5 . Find a congruencedescribing all primes for which 7 is a quadratic residue.
(Hint: Let n be
6 . Show that there are infinitely many primes of the form 5Ic * 4'
of
a positive integer and form Q : 5(tnr'\2+ 4' Show that Q has a prime divisor
reciprocity
quadratic
of
law
the
use
do
this,
To
n.
greater
than
+
4
5k
the form
- t I
to show that if a primep dividesQ, then | ? |
t)l
314
Quadrati c R esi dues
7 . Use Pepin'stest to show that the following Ferntat numbersare primes

a)
Fr : 5
b)
F3 - z5i
c)
F4: 65537.
8.
From Pepin'stest, concludethat 3 is a primitive root of every Fermat prime.
9.
In this problem, we give another proof of the law of quadratic reciprocity. Let p
and q be distinct odd primcs. Let R be the interior of the rectanglewith vertices
o:
( o , o )A, : b / 2 , 0 , B : Q / 2 , 0 ,a n dC : b / 2 , q / D .
a)
Show that the number of lattice points (points with integer coordinates)in
R i, P-l .q-l
22
b)
Show that there are no lattice points on the diagonalconnectingO and C.
c)
Show that the number of lattice points in the triangle with verticesO, A, C
Q-D/2
is
i-l
d)
Show that the number of lattice points in the triangle with verticesO, B,
Q_r)/2
and C is
j-l
e)
Concludefrom parts (a), (b), (c), and ( d ) t h a t

Q-t)/2
Q-D/2
j-t
j-l
Derive the law of quadratic reciprocityusing this equationand Lemma

l.
Evaluate Legendresymbols,using the law of quadratic reciprocity.
2.
Determine whether Fermat numbersare prime using Pepin'stest.
9.3 The Jacobi symbol

I n t his s ec t ion ,w e d e fi n eth e J a c o b is y m b o l . Thi s symboli s a general i zati on
of the Legendresymbol studied in the previoustwo sections. Jacobi symbols
a r e us ef ul in t he e v a l u a ti o no f L e g e n d res y m bol sand i n the defi ni ti onof a
ty pe of ps eudop ri me .
Definition.
n : p' ipt i
Let n be a positive integer with prime factorization

' p; a n d l e t a b e a p o s i ti v ei n te ger rel ati vel ypri me to n. Then,
315
9.3 The J ac obi s Y mb o l
the Jacobi symbol
[.]
l, ,|
; I
bY
t' denned
p\'p'; " ' p';
l:[*]'t;l lh)'
Legendre
S on the right-hand side of the equality are
where the symbol
symbols.
Example. From the definition of the Jacobi symbol, we see that
: lz)'let:(-r)2(-r):-r'
['l: lzl :lil
l45,11."ij
l;l
#l:[+*l:[+l[+l[+]:[+l[+l
l*l
-r
and
: '-D2
t2(-'l):
[+]'[+l'[+]
When r is prime,the Jacobisymbolis the sameas the Legendresymbol'

the valueof the Jacobisymbol
'
However,whenn is composite,
lq I Oott nor
lr)
tell us whether the congruencex2 = a (mod n) has solutions..,*.

that if the congruencex2 = a (mod n) has solutions,then l*
ln)
- t
do know
To see
(modn) has
thi s, not e t hat if p i s a p ri me d i v i s o r o f n and i f x2 = a
solutions, then the congruencex2 = a (mod p) also has solutions. Thus,
r I
Ii | : t
lp)..
tl
that I
m ( ^ )t
f -l
: l. To seethat it is possible
:
Consequently,
'
| + I II | * I
ln)
i-1lPi)
:
| : 1 when there are no solutions to xz
a (mod n), let a : 2 and
ln )
: (-r)(-1): r. However,
:
are
there
that[+l
n: t5.Nore
t?l
t+.|
)
^l.
,l
t J
t
r
no solutionsto x2 i 2 (mod i S), rin*
x2 = 2 (mod 5) have no solutions.
the congruencesx2 = 2 (mod 3) and
We now show that the Jacobi symbol enjoys some propertiessimilar to those
of the Legendresymbol.
316
QuadraticResidues
Theorem 9.5. Let n be an odd positive integer and let

a and b be integers
relativelyprime to n. Then
(i)
(ii)
(iii)
if a:
D (modn),then
ll: l*)
lol: l["]
fql
n ) ln )
I n )
r )- t
|
| : t _ 1 1 h - D / z'
f tr )
/)
(iv)
.
I Ll :1-1) (n':-r)/a
ln )
Proof- In the proof of all four parts of this theorem we use the prime
factorizationn : p\,p'i . . p';.
Proof of (i). we knowthat if p is a rrime.,dividinqn,then a =b (modp).
Hence,from Theoremg.z G\ we have
:
we see
l* |
l+ | consequentry,
IDJ
lp)
that
: f*l"l+J" [-tL'lo)"lol" I ol'': fal

:lr'l
i*l
f,,J lo,Jlp,) lo^,|
lo,t lp^):l;j
Proof of (i). From
r v " ' Theorem
r r r v v r w t t9.2
7t ' L (ii),
w s know
\ I r ' f ' we
K l l u w that fq)
lo, ,l
Hence.
: | , I i a I
ltl
F)'
[+):l*)"[#]"
l*)': [;]"l*)"
"
{t)"
[*] l*)'l*)''
:
[;]
[*]
317
9 .3 The J ac obi s Y m b o l
t+l
if
Theorem 9.3 tells us that
Proof of Gril.
is
prime' then
- (-11 Q-r)/2.ConsequentlY,
f-r
I
l-l:
l'-rl"l-r
ll_
ln,|
LP,)lPrJ
(- ,1tJn;t\/2+
'l"
l"'rll
. [-' ]"
tP^)
t'(p'-t)/Z + '"
+ t^(p^-r)/2
From the prime factorization of n, we have

n-
(r + Qr-l))"(l + bz-l))"'''
(t * (p^-l))''
is even. it follows that
Si n ce Q i- l)
(t + (pi-l))"
= | + tib,-t)
(mod4)
and
(l + r,(pi-l))(r + r, Qi-D):
I + tiQl-t)
+ tibi-l)
( m o d4 ) .
Therefore,
n = 1+ tlpr-t)
+ t2(p2-i + '''+
t^(p^-l)
( m o d4 ) '
Thi s i m pliest hat
+
Q-D/2 = tJprD12 * tz(pz-D12
+ t^(p*-D12 (mod2) .
for
for (n-1) lZ wittttheexpression
this congruence
Combining
r'
'no*t
l+J
/)n-l
-'
rlr-
that |
| :
(-l)
l,r )
r)
(
i
i
l
t
h
e
n
p
r
i
m
e
,
p
i
s
.If
Proofof
l+l
: ( - 1 ; ( r ' l - r ) /'8H e n c e '
lp)
Izl : Il" [z]

L,J lp'J lp,)
+t^Qi-r\tt
t+'lt : (_l),,bi_t,tts+t,gt-r)/8+
lp^)
As in the proof of (iii), we note that
n 2: ( r + ( p ? - r ) 0" + @ ? - l ) ) "" ' ( t + b T - l ) ) " .
318
QuadraticResidues
Sincepl-I = 0 (mod8), weseethat

0 + Q?-l))', = | + tie?-l) (mod64)
and
( l + r , b ? - l ) ) ( l+
4 e l - t ) ) = | * t ; e ? _ D+ t , A ? t ) ( m o d
64).
Hence,
n2:t+tJp?-D+tze?-D+
+ t ^ ( p T - l ) ( m o d6 4 ) .
This implies that
( n 2 - t ) / 8 : t J p ? - D / B+ t z e ? - D / s + . . . +
t * ( p 3 , _ l ) / (8m o ds ) .
combiningthis congruence
for (n2- l)/g with the expression
for [el teils
ln )
f
u s t h a t l L"l' l : 1 - 1 ; ( n ' - t ) / 8 . D
ln )
We now demonstratethat the reciprocity law holds for the

Jacobi symbol as
well as the Legendre symbol.
Theorem 9.6. Let n and m be relatively prime odd positive integers.
Then
m-t n-l
f
lf
I
l r l -| l L l :
lm )l n )
( _t ) ,
Proof. Let the prime factorizations of rn and

n : ql' q! , . . . qo r,.w e s e eth a t
, .
n be m : pl,pl, . " p!' and
w)'"'
lr):,4
tt)':,q,s
a nd
l*):
t
( n l4/
IIl;l
j-t
I'J
Thus,
s
r
:rtrt
j-t
i-t
It)"''
319
9.3 The Jacobi symbol
,sti*lt
l+l[*]:,g
q'l
h)
10tu'
From the law of quadratic reciProcity, we know th at
[ o , - ,f n,-,
1 I
t*ltr)
lr
:(-rllrj
t-)
Hence,
|^) [ , I
[7Jl;):
We note that
( '
f| ff(-l)
(-l)'-'l-' \
r \ "):
j-l
t-l
:z",1+]
',[+]
,.a''t+]
",1+l
t,p,
As we demonstratedin the proof of Theorem 9.5 (iii),
(mod2)
=*
Doif+]
j-t(o)z
and
5u,[+]=
n-l
2
(m od 2).
Thus,
(e.8)
r s
i-t
^fr,-tl
^[Qr-tl =.-l
J
i-r
+(mod2).
Therefore,from (g.Z) and (9.8), we can concludethat

f
)f
l Lnl l a l : ( _ r )
I
m-l
n-l
2 tr
)lm )
We now develop an efficient algorithm for evaluating Jacobi symbols. Let a

:
and b be relatively prime positive integers with a < b. Let Ro Q and
R r : D Using the division algorithm and factoring out the highest power of
two dividing the remainder, we obtain
32A
Quadratic Residues
Ro:
Rflr+2t'R2,,
where s1 is a nonnegativeinteger and R2 is an odd positive

integer less than
R I ' When we successivelyuse the division algorithm, and
factor out the
highest power of two dividing remainders,we obtain
Rr:
*r:
Rr-r :
R n -z :
Rzez+2"'R3
Rflt+2"Ra
Rn_2Qn_2
* 2t.-rRn_1
R n -tQr-, + 2 t .-t. I ,
where s; is a nonnegativeinteger and R; is an odd positive integer

less than
: 2,3,...,n-l
Note that the number of division, ,"qu-ir"d to reach
&-r for i
the final equation does not exceed the number of divisions requiied to find
the
greatestcommon divisor of a and b using the Euclidean algorithm.
we illustrate this sequenceof equationswith the following example.
E x a m p l e .L e t a : 4 0 1
andb:
lll.
Then
4 0 1: 1 1 1 . 3 + 2 2 . n
lll17.6+20.9
17:9.1+23.1.
Using the sequence of equations we have described, together with the
properties of the Jacobi symbol, we prove the following theorem, which
gives
an algorithm for evaluating Jacobi symbols.
Theorem 9.7. Let a and b be positive integers with a > b . Then
ni-r
R,-r
f ^'l
+ " ' + s ' - r&
- !a!**f,
+...+R"_,-tR._r_r
t
8
r
z
2
2
2
l+l:(-l)''
lb )
where the integersR; and s;,,t :1,2,...,n-l
:
i+l:[+]
'
, are as previouslydescribed.
Proof. From the first equation and (i), (ii) and (iv) of Theorem 9.5. we have
fglla,|-
: (-1)
321
9 .3 The J ac obi s y m b o l
we have
using Theorem9.6,the reciprocitylaw for Jacobisymbols,
+
:'-')+
t#l
t*l
so that
f ^ I
R,-l
l+l:(-r)T
LDJ
R,-l
ni-t-
[ n, I
IR,J
Similarly, using the subsequentdivisions,we find that
ry*n#i+l
:,-,rT
'/
lgl
^,
1R;+rJ
,|
[
* n e n w e c o m b i n ea l l th e e q u al i ti es,w e obtai n the desi red
fo rT :2, 3, . . . , n- t \
for l+ I tr
expression
'
[b ,l
The followingexampleillustratesthe useof Theorem9.7.
Example. To evaluate
we use the sequenceof divisionsin the
[++],
previousexampleand Theorem9.7. This tells us that
[+orl:,-,lt F*o'"lt*'
n't'.ttr!:r
+*!+
+:r.
l.111
J
The following corollary describes the computational complexity of the

algorithm for evaluating Jacobi symbols given in Theorem 9.7.
relatively prime positive integers with a > b '
,,be
O(loezb)3) bit
Then the Jacobi symbol
l+ | can be evaluated using
"
lb)
operations.
Corollary 9.1. Let a and D
rt
Proof. To find lf
of O1ogzb)
a sequence
I uting Theorem9.7,we perform
t . DJ
divisions. To see this, note that the number of divisions does not exceed the
number of divisions needed to find G,b) using the Euclidean algorithm.
Thus, by Lam6's theorem we know that O (log2b) divisions are needed. Each
322
QuadraticResidues
divisioncan be doneusing o ((lo^gzD2) operations.

Each pair of integers
si can be found using o(logzb).bit
bit operationson"" ih" appropriate
fl.u.nd
divisionhasbeencarriedout.
consequently,o((log2D)3)bit operationsare required
to find the integers
R;,s7,i :1,2,"',n-t
a andb. Finaily,to evaluate
the exponent
of -l
lr.T
in the expression
for
l+l in Theorem9.7, we usethe last threebits in the
lD )
binary expansion:of Ri,i : r,2,...,,n-r and the last
bit in the binary
expansions
of sy,,r: r,,2,...,n-r. Therefore,we use 0(lo926) additional
bit
operations
to find I+l
Sinceo((log2D)3)+ ooog2b): o(tog2,D2) the
,
lD )
corollarvholds. tr
9.3 Problems
I.
Evaluatethe followingJacobisymbols
a, t+]
b, [*]
b, [*]
, lx)
c,[*] 'tml
2 . For which positive integers n that are relatively
to 15 does the Jacobi
symbor equar
r?
t*l
3 . For which positive integers n that are relatively
to 30 does the Jacobi
symbor equar
r?
|.+l
4 . Let a and b be relatively prime integers such that b is odd and positive
and
a :
(-l)'2'q
where q is odd. Show that

b-l
(-l)--'r
br-l
l-''
["1
lb )
5.
Let n be an odd square-free.,

positive integer. Show that there is an integer a
: -t
such
that(a,n): I and
l;,J
323
9.3 Th e J ac obi s Y m b o l
6.
Let n be an odd square-freepositive integer'

r\
w h e r et h e s u m i s t a k e n o v e r a l l k i n a r e d u c e ds e t
a ) S h o wt h a t ) l + l : 0 ,
ln )
of residuesmodulon. (Hint: Use problem5')

b)
,n. numberof integersin a reduc?O"ti'ofresidues

From part (a), show
11"\
O
: -t.
- r - - to the number*itn l* I
modulon suchttut I | : I" -is- equal
l'J
lrj
7 . Let a and b:ro be relatively prime odd positive integers such that
A :
lOQt *
e1r1
tO:
rlQ2 I
e2r2
enfn
fn-tQn-t*
fn-l:
with
where q; is a nonnegative even integol, ; : t l, r; iS a positive integer
by
:
obtained
are
l. These equations
ri 1 ri t, for t : 1,2,...,frj , and rn
Section
l0
of
problem
in
given
algorithm
successivelyusing the modified division
t.2.
f^'l
a)
Show that the Jacobi symbol

|*
f"l
Irl
b)
I i, given by
l . DJ
:(-l)[
l++*++:.
2
*t-f'+l
2
Showthat the Jacobisymbol [+.| t, givenbv

lD )
t'^l
l+ | : (-r)r'
lb;
w h e r e T i s t h e n u m b e r o f i n t e g e r si , I < ,
(mod 4).
8.
( n, with ri-r 7 ciri = 3
Show that if a and b are odd integers and (a,b):

reciprocity law holds for the Jacobi symbol:
" lt
a-t b-t
b l -:l - ( - r ) ; - ;
a-'b-'
' ) \ll;l-J
'--'J
lr;l-l
l,_
[(-l)2
l, then the following
ira<oandb<o
otherwise.
324
QuadraticResidues
In problems9-15 we dealwith the Kronecker symbol which

is definedas follows. Let
u positiveintegerthat is not a perfect,quu." such that a E0
or I (mod4). We
1
P"
oenne
i'
l")
ttt:
ifa=l(mod8)
-lifa=5(mod8).
\l
L e g e n d r es y m b o '
[;):the
[;]
9.
[;]
:,q[f]"
if p is an odd prime such that p/a
i r ( o " t ) : I a n d:nIIpi
is the prime factorizationof n.
./- I
Evaluate the following Kronecker symbols

a,
b,
[*]
c,
[*]
[*]
For problems 10-15 let a be a positive integer that is not a perfect

square such that
a= 0 or I (mod 4).
l0' Showthat
symbol.
("1: ( z l "
it zla, wherethe svmbolon the right is a Jacobi
[;]
tftl
Show that if n1and,n2t,re positiveintegersand if (app2)
[*):
Show that if n is a positive integer relatively prime to a and if a is

odd, then
rl
r
)
I L I ::
f ;J
I n I w h i l ei f a i s e v e na, n da :2 ' t w heret i s odd,then

[ l] J '
['l
(_r)2 2
r-l.z-l
l;J
1 3 . Show that if
tt1 and
,? uti
flt 7 nz (mod I a l ) , t h e n
lsl:
f't ,J
Show that if alo,
tTrll
positive.,integers relatively prime to a and
lLl.
lnz)
then there exists a positive integer n with
,l
-tn)
325
9 .4 Euler P s eudopr i me s
15. Show that if a 10. then
al
IFJ
: Jrr ii ff aa >< 00.

[-

l.
EvaluateJacobi symbolsusing the method of Theorem 9.7.
2.
Evaluate Jacobi symbols using problems 4 and 7.
3.
Evaluate Kronecker symbols (defined in the problem set).
9.4 Euler Pseudoprimes

Let p be an odd prime number and let b be an integer not divisible by p.
By Euler's criterion, we know that
('t
6b-t)lz
_ l4l(modp).
lp )
Hence, if we wish to test the positive integer n for primality, we can take an
integer b, with (b , il : l, and determinewhether
r,'l
6 h - D / 2: l g I ( m o dn ) ,
ln )
where the symbolon the right-handside of the congruence is the Jacobi
fails,thenr is composite.
symbol. If we find that this congruence
Example. Let n :341
and b :2.
We calculatethat 2r7o= 1 (mod 341).
(t
Since341: -3 (mod8), usingTheorem9.5 (iv), w e s e et h a t | - .
I : -1.
l . 3 4 r. l
g
ntly, 2t7o
Conseque
prime.
(mod 341). This demonstratesthat 341 is not
[+
Thus, we can define a type of pseudoprimebased on Euler's criterion.

Definition. An odd, composite,positive integer n that satisfiesthe congruence
326
QuadraticResidues
__ ql ,_"d n),
6h_D/2
f
l" )
where 6 is a positive integer is called an Euler pseudoprime
to the baseb.
An Euler pseudoprime to the base b is a composite
integer that
masqueradesas a prime by satisfying the congruencegiven in
the definition.
E x a m p l e .L e t n : 1 1 0 5
andb:2.
w e c a l c u l a t e t h a t 2 s . s 2 -I ( m o dl l 0 5 ) .
Since '1105= I (mod8), we see that

: t.
Hence,
l+]
l
l
l
o
s
)
r
I
-2552
I +1105| (-oa l 105). BecauseI r05 is composite,
it is an Euler
l,l
pseudoprime
to the base2.
The following proposition shows that everv Euler pseudoprime
to the baseD
is a pseudoprimeto this base.
Proposition 9.1. If n is an Euler pseudoprime to the base b, then n is
a
pseudoprimeto the baseD.
Proof. If n is an Euler pseudoprime

to the base6, then
- al (mod
6G-t)/2
n).
f
ln )
Hence, by squaring both sidesof this congruence,we find that

(
1 6 b - D / 2 1 2l -q l
lr)
(. )
S i n c el g l :
l, )
t l , w e s e et h a t
\2
(modz).
= I (mod n ). This means that n
pseudoprime
to the baseD. tr
Not every pseudoprimeis an Euler pseudoprime. For example, the integer
341 is not an Euler pseudoprime to the base 2, as we have shown. but is a
pseudoprimeto this base.
we know that every Euler pseudoprime is a pseudoprime. Next, we show
that the converse is true, namely that every strong pseudoprime is an Euler
pseudoprime.
327
9.4 EulerPseudoPrimes
b, then n is an Euler
Theorem 9.8. lf n is a strong pseudoprimeto the base
pseudoprimeto this base .
if n - | : 2't '
Proof. Let n be a strong pseudoprime to the base b. Then
-1
(mod
:
=
n) where
I (mod n) or b2"
where / is odd, eithe-r bt
of n '
0 ( r ( s - 1. Let n: fI p i ' b e th e p ri m e -p o w e rf actori zati on
f:l
prime divisor of
First, consider the case where b' = I (mod n)' Let p be a
i s odd, w e see
n. Si nc e b, = l( m od p ), w e k n o w th a t o rd o 6 l r. B ecauser
an odd divisor
that ordob is also odd. Hence, ordrb I b-l)12,since ordob is
-1.
Therefore,
of the even integer 6Q) - p
6 Q - r ) / 2= I ( m o d P ) '
by Euler'scriterion, we have
Consequently,
fal : t
|-;j
r\
To computethe Jacobisymbol I + I' we notethat
ln )
p dividingn. Hence,
lil:'
for all primes
-ft Illo':r.
:
lnl
Inr l+] =tI P ' J
lfrrl
: (b')2' = I (mod n). Therefore,

Since bt =1 (mod n), we know that b'-r
we have
|r
b,-t:[a[=t(modn).
ln )
We conclude that n is an Euler pseudoprimeto the base b.

Next. consider the casewhere
6rt :
-l
(modn)
for some r with 0 ( r ( s - 1. If p is a prime divisor of n, then

b2't= -l (modp).
Squaring both sidesof this congruence'we obtain
328
Quadrati c R esi dues
b2"', = l (modp).
This implies that ordob | 2'+rv, but that ordob z,t.
Hence,
I
o rd rb : 2 ' * rc,
where c is an odd integer. Since ordobl(p-l)
2' + t l( p- l) .
and 2,+tlordrb, it follows that
Therefore, we h a v e p :2 r+ rd
* l , w h e red i s an i nteger. S i nce

- -l (mod
6(ord,b)/2
p),
we have
r\
I A | = 6Q-D/z :
lp )
66rd,b/z)((p-D/ord,b)
(- r!Q-l)/otd,u : (-11Q-r)/2*', (mod p).
Becausec is odd, we knowthat (-t)'
: -1. Hence,
r)
(e.e)
: (-l)d,
l+ | : (-1)rr-r)rz'*'
lp)
r e c a l l i n g t h a t d : ( p -I) /2'+t. Since each prime p; divid ing n

is of the form
pr : 2'rrdi + l, it follows that
m
n : fI pj'.
t-l
:
:
fI (2'+td, + l)o,
,;,
fI (l + 2'+raid;)
t-l
= I + 2'+t
> aidi (mod 22r+2).
Therefore.
t2'-t : h-D/2
) r s Z/ a ; d i ( m o d 2 ' + t ) .
i-l
329
9.4 EulerPseudoprimes
This congruenceimPlies that

12s-t-r = i
aidi (mod 2)
i-l
and
(9.10)
66-r\/2 : (6rt7z:-'- :
(-t)'.*
2 o'd'
(mod n).
(-1)t-t
On the other hand, from (9.9), we have
m
^)
: fI el)"'"' :
((-r)d,).,
:
:
fr
lnl
ft [+.|.
I n J , . : r| . p , J i _ r
.fo,o,
(-1)i-t
t-l
Therefore, combining the previousequation w i th (9 .10),w e seethat
- [ql
6(n-t)/z
ln)
(m o d n ).
Consequently,n is an Euler pseudoprimeto the base D' tr

Although every strong pseutloprimeto the base D is an Euler pseudoprime
to this base, note that not every Euler pseudoprimeto the base b is a strong
pseudoprime to the base b, as the following example shows.
Example. We have previously shown that the integer 1105 is an Euler
pseudoprimeto the base 2. However, 1105 is not a strong pseudoprimeto the
base 2 since
:2552:
2(llos-l)/2
I (mod 1105),
while
2 0 t 0 s - r ) / 2: 222 7 6 :
7gl + t
1 (mod ll05).
Although an Euler pseudoprime to the base b is not always a strong

pseudoprime to this base, when certain extra conditions are met, an Euler
pseudoprimeto the base D is, in fact, a strong pseudoprimeto this base. The
following two theoremsgive results of this kind.
Theorem 9.9. If n : 3 (mod 4) and n is an Euler pseudoprime to the base
b, then n is a strong pseudoprimeto the baseb.
330
Quadratic Residues
Proof. From the congruence n = 3 (mod 4), we know

that n-l : 22.t where
t : (n-l)/z is odd' Since n is an Euler pseudoprime
to the base b, it follows
that
- ql (mod
bt : 6..'-t)/2
n).
f
ln )
r\
tbl :
Drnce l- |
+1, we know that either bt = l (mod
n)
or
ln )
-l
(modn). Hence,oneof the congruences
b' =
in the definitionof a strong
pseudoprimeto the base b must hold. consequently,
n is a strong
pseudoprime
to the baseb. tr
Theorem9.10. If n is an Euler pseudoprime
to the base6 and lal
l\ n l '/
then n is a strong pseudoprimeto the base b.
: -r.
Proaf. We write n-l : 2't , where / is odd and s is a positive

integer. Since
n is an Euler pseudoprimeto the base b, we have
br-,t: 6,.'-r)/2
fa l (modn).
ln)
r)
B u t s i n c el 4 I : - t , w e s e et h a t
ln)
b ' r-' = -l
(m o d r).
This is one of the congruencesin the definition of a strong pseudoprime

to the
base b. Since n is composite,it is a strong pseudoprimeto ihe base ,. tr
Using the concept of Euler pseudoprimality, we will develop a probabilistic
primality test. This test was first suggestedby Solovay and Stiassen
[7g].
Before presentingthe test, we give some helpful lemmata.
Lemma 9.3. If n is an odd positive integer that is not a perfect sguare,then
there is at least one integer b with | < b I
ft,(b ,n) :
r , a n dl 4 | : - , ,
ln )
where
is the Jacobi symbol.
331
9 .4 E uler P s eudop ri me s
Proof. If n is prime, the existence of such an integer b is guaranteed by

Theorem 9.1. If n is composite,since n is not a perfect square,we can write
n : rs wher e ( r , s ) : I a n d r: p ' , w i th p a n odd pri me and e an odd
positive integer.
Now let / be a quadratic nonresidue of the prime p; such a / exists by
Theorem 9.1. We use the Chinese remainder theorem to find an integer b
with 1 < b 1 n, (b ,n) : 1, and such that b satisfiesthe two congruences
b = t (mod r)
b = | (mods).
Then,
fal : (ul
|,bl"-(_r),-_r,
f;J l7): tp)
that : -' r
ro,,ows
and : , Since :
[*]
[*]
[*] ii] t1],',
Lemma 9.4. Let n be an odd compositeinteger. Then there is at least one
integerD with | < b I n, (b,n) : 1, and
r\
6 6 - D / z1 l 4 | ( m o dn ) .
ln)
Proof. Assume that for
primeto n, that
positiveintegers not exceeding n and relatively

r)
6h-t)/2 :
( e . 1l )
d).
l4 | (mon
ln)
Squaring both sides of this congruence tells us that

r
t2
b,-t :
lAl
l 3 I = ( + l ) z : I ( m o dn ) ,
ln )
if (b,n) : I
Hence, n must be a Carmichael number. Therefore, from
a rr e d i s t i n c t
T h e o r e m8 . 2 1 , w e k n o w t h a t n : Q t 4 z " ' e ,
, whereQt,Qz,...,Q
odd primes.
We will now show that
332
QuadraticResidues
6 h - t ) / 2= 1 ( m o d n )
for all integers b with I ( b ( n and (b,n) :1.
integer such that
6 h -r)/2 :
-l
Suppose that b is an
(mod n).
we use the chinese remainder theorem to

find an integer a
| 1 a { fl, (a,n): l. and
with
a=b(modq1)
a : - | ( m o d Q z Q s .. . q , ) .
Then, we observethat
o.r2)
o G - 1 ) / 2-
6b-D/z:
_ l ( m o dq 1 ) ,
while
(e.13)
= I (mod ezQt...Q,).
o(n-r)/Z
From congruences O . l D a n d ( 9 . 1 3 ) ,w e s e et h a t
o h _ t ) / 2*
contradictingcongruence(q.tt).
+ 1(modn),
Hence, we must have
6 (,-t)/2= I (m o d n),
for all D with I < , ( n and (b,n) - r. Consequentry,
from the definition
of an Euler pseudoprime,we know that
6".-t)/2:|,aj : I (modn)
l, )
for all D with I < b ( n and (b,n) : r. However, Lemma

9.3 tells us that
this is impossible. Hence, the original assumption is false. There
must be at
l e as tone int eger6 w i th | < b 1 fl , (b ,,D : l , and
6G-D/z1
|r
l4 | (modn). tr
ln )
We can now state and prove the theorem that

probabilistic primality test.
the basis of the
333
9.4 Euler Pseudoprimes
Theorem 9.11. Let n be an odd composite integer. Then, the number of

positive integers less then n, relatively prime to n , that are basesto which n is
an Euler pseudoprime,is less than 6fu) /2.
Proof. From Lemma 9.4, we know that there is an integer b with
I < b 1 n, (b,n): l, and
ql (mod
n).
6b-r)/2
l f
lnJ
(s.rq
Now, let e1,e2,...,e^denote the positive integers less than n satisfying

1 ( a; ( n, ( ai, n) : l , a n d
r)
n),
afn-rtrzlLl (mod
(e.ls)
In )
for; : 1,2,...,m.
Let rr{2,...,rm be the least positive residuesof the integers bayba2,...,ba^
I for
modulo n. We note that the integers rj are distinct and (ri,n):
j : 1,Z,...,frt.Furthermore,
, ( n - , ) t 2 1 ( m ond) .
[+]
(e.16)
For, if it were true that
,e-,)/2-
[+]
(mod
n),
then we would have
$a)(n-,)/2
l+l r-"0,r
This would imply that,
: t+l
6h-t)/2o(n-t)/2
I r 1J
and since (9.14) holds.we would have
[+]
(mod n ),
334
QuadraticResidues
_ fqI
6."-t\/2
l, )'
c ont r adic t ing( 9 .1 4 ).

S inc e aj, j :1 ,2 ,...,m ,
s a ti s fi e s th e
congruence (9.15) w hi l e
r j, j : 1, 2, . . . , n, d o e sn o t, a s (g .to ) s h o w s ,w e know
thesetw o setsof i ntegers
share no common elements. Hence, looking at the two
sets together, we have
a total of 2m distinct positive integers less than n and,
relativ-elyprime to n.
Since there are Qh) integers less than n that are relatively
prime to /r, we
-filis
can conclude that 2m < qfu), so that m <
proves the
eh)/2.
theorem. tr
From Theorem 9.1l, we see that if n is an odd composite
integer, when an
integer b is selectedat random from the integers 1,2,,....,n-1,
th; probability
that n is an Euler pseudoprimeto the base 6 is less than
I/2. This leads to
the following probabilistic primality test.
The Solovay-StrassenProbabilistic Primality Test. Let n be a positive
integer.
Select, at random, ft integers bpb2,...,boLorr the integers i,2,...,r-r.
For
each of theseintegersbj,j : 1,2,...,k,determinewhether
6Q-t)/2
t+]
(modn)
If any of these congruencesfails, then n is composite. If n

is prime then all
these congruences hold. If n is composite, the probability
that all k
congruenceshold is less than l/2k. Therefore, if n passesthis test
n is ,,almost
certainly prime."
Since every strong pseudoprime to the base b is an Euler pseudoprime
to
this base, more composite integers pass the Solovay-Strassenprobabilistic
primality test than the Rabin probabilistic primality test,
altirough both
require O(kQag2n)3) bit operations.
9.4 Problems
l.
Show that the integer 561 is an Euler pseudoprimeto the base 2.
2.
Show that the integer 15841 is an Euler pseudoprime to the base

2, a strong
pseudoprimeto the base 2 and a Carmichael number.
3.
Show that if n is an Euler pseudoprimeto the basesa and 6. then

n is an Euler
pseudoprimeto the base a6.
335
9.4 EulerPseudoprimes
4.
Show that if n is an Euler pseudoprimeto the base b, then n is also an Euler

pseudoprimeto the basen-b.
5 . Show that if n= 5 (mod 8) and n is an Euler pseudoprimeto the base 2, then r

is a strong pseudoprimeto the base 2.
6.
Show that if n = 5 (mod 12) and n is an Euler pseudoprimeto the base 3, then
n is a strong pseudoprimeto the base 3.
7.
Find a congruencecondition that guaranteesthat an Euler pseudoprimeto the

base 5 satisfying this congruencecondition is a strong pseudoprimeto the base 5.
8.
Let
the
composite positive integer
, : pl,pi, . . . ph,
where pi : | *
kr ( kz (
< k-, and where n:
pseudoprimeto exactly
have
prime-power factorization
where
for
zfqi
i:1,2,...,ffi,
| * 2kq. Show that n is an Euler
6" II ((n-l)/2, p1-t)

j-l
different basesb with l < b ( n , w h e r e
12
D r : 1 1/Z
It
t
if kr:
1,
if kj < k and a; is odd for some j

otherwise.
Determine if an integer passesthe test for Euler pseudoprimesto the base b.
Perform the Solovay-Strassenprobabilistic primality test.
10
Decimal Fractions and
GontinuedFractions
10.1 DecimalFractions
In this chapter, we will discuss rational and irrational numbers
and their
representationsas decimal fractions and continued fractions.
we begin with
definitions.
Definition. The real number a is called rational
are integers with b * 0. If a is not rational. then
a - a /b, where a and b

say that u is irrational.
If a is a rational number then we may write a as the quotient

of two
integers in infinitely many ways, for if ot : a b, where o
f
uni b are integers
with b ;t' 0, then a : ka f kD whenever fr is a nonzero integer.
It is easy to
see that a positive rational number may be written uniquely as
the quotient of
two relatively prime positive integers; when this is done we
say that the
rational number is in lowest terms.
Example. We note that the rational number ll/Zl
also see that
is in lowest terms. We
-tt/-21 - tt/2r : 22/42: 33/63:

The following theorem tells us that the sum, difference, product,
and
quotient (when the divisor is not zero) of two rational number
is again
rational.
337
1O.1 DecimalFractions
Then a + 0, a - 0' a9'

Theorem 10.1. Let a and B be rational numbers.
and a/0 (when P+0 are rational'
: alb and B : cld' where
Proof. Since a and p are rational, it follows that a
* O' Then' each of the
e, b, c, and d are integers with b * 0 and d
numbers
a * B : a /b + c l d : (a d * b c)/bd'
a - 0: a/b - c/d : (ad-bc)lbd'
a0-b/b)'k/d)-acfbd,
a/0 : b /b) lG ld) : ad lbc @*0 '
denominatcr different
is rational, since it is the quotient of two integers with
from zeto. D
We start by
The next two results show that certain numbers are irrational'
considering ,/T
Proposition 10.1. The number '/T is irrational'
prime integers
Proof. Suppose that .,,6 : a lb, where c and b are relatively
with b I 0. Then, we have
2:
a2lb2,
so that
2b2 : a2.
Since 2lor,problem 3l of Section2.3 tells us that2la.
b2:2c2.
Let q :2c,
so that
6. H ow ever,
Henc e, 21b, , and b y p ro b l e m 3 l o f Se c ti o n2 .3 ,2 al so di vi des
a
nd b' This
a
b
o
t
h
d
i
v
i
d
e
c
a
n
n
o
t
we^know that 2
since G,b)':1,
B
contradiction shows that .6 is irrational'
it
We can also use the following more general result to show that .6
irrational.
* cnlxn-t *
Theorem 10.2. Let o( be a root of the polynomial x'
with cs * 0.
integers
* cp * cs where the coefficientsca, ct,...,cn-r,are
Then a is either an integer or an irrational number'
and b
Proof. Supposethat a is rational. Then we can write ot: alb whete a
338
DecimafFractionsand ContinuedFractions
are relatively prime integers with b o.

x' + c r - 1x n- l *
* c p * ,0 , w e h a v e
b/b),
rc,_tG/6y,-t *
Since ot is
+cJa/D
root
of
*ca:0.
Multiplying by bn, we find that

an + cn_pn-tb +
* c p b o - r + c s b n: 0 .
Since
' '!n',*n',
^:,,;;'i-. ,,n*'u* * ,
u'ô!,',
u"rli-"
o;ui,
orp
x,'-::'il
Since p I b and b I an , we know that p
Hence, by problem 3l of
I a,
Sec t ion 2. 3, w: s e e th a t p l a .
H o w i v e r, si nce (a, b) : l , thi s i s a
contradiction which shows that b : t 1. Consequently,
if a is rational then
d : * o, so that a must be an integer. tr
we illustrate the use of Theorem 10.2 with the following
example.
Example' Let a be a positive integer that is not the
mth power of an integer,
so that "\/i it not an integer. ThJn x/i i, irrationat
by Theorem 10.1, since
"</7 it a root of xm - a. consequently,

such
";;.^
are irrational.
ur'^.,8,-18,-r:g'fr:";;
The numbers zr and e are both irrational. We will not prove

that either of
thesenumbersare irrational here; the reader can find proofs
in Itg].
We now consider base 6 expansionsof real numbers, where
b is a positive
i n teger ,b > l. L e t a b e a re a l n u mb e r, a n d ret a:Ial
be the i ntegerpart
of a, so that r:o--[a]
i s t h e f r a c t i o n a lp a r t o f a a n d o t : a * 7 w i t h
0 < 7 < I' From Theorem 1.3, the integer a has a unique
baseb expansion.
We now show that the fractional part ^yalso has a unique
base 6 expansion.
Theorem 10.3. Let 7 be a real number with 0 ( y ( l,
and let b be a
positive integer, b > | . Then can be uniquely written
T
as
r:
; ci/bi
j-r
where the coefficientsc; are integers with 0 ( c;

< 6-l for j : 1,2,..w
., ith
the restriction that for every positive integer l/ there is an integer
n with
n2Nandc,
lb-1.
339
1O,1 D ec im al F r ac t i o n s
series' We will use the

In the proof of Theorem 10.3, we deal with infinite
geometric series'
following formula for the sum of the terms of an infinite
< t. Then
Theorem 10.4. Lets and r be real nurnberswith lr[
V o r i: a / 0 - ' ) .
j-0
(Most calculusbookscontain a proof')

For a proof of Theorem 10.4,see [62].
We can now ProveTheorem 10'3'
Proof. We first let
c1: IbTl ,
l et
so that 0 ( c r ( b_ 1 , s i n c e0 < b 7 < b . In a d di ti on,
^ fr : b l - c r : b ^ Y- l b l l '
sothat0(?r(land
^Y:
c1 , 7l
'
1
b
b
^yg for k : 2,3,..., bY

We recursivelYdefine c1 and
ck :
[bfr-r]
and
nlk-t:+.+'
so that 0(cr
follows that
(b-t,
C"t
C1
7:T*
Si nc e 0 ( ln (
and 0(rt
s i n c e0 ( b z t - r 1 b ,
Ur*
l, w e s e eth a t a 4 l r/b n
)tgntO'
Therefore. we can conclude that
< I'
Cn
n,
+^Y,
b,
< l /b n . consequentl y,
:0.
Then'
340
DecimalFractionsand ContinuedFractions
lim
7:
n<6
6
')
r,
"J
.{,t
j:l
To show that this expansionis unique, assume

that
c1/bi:;
r:;
j -l
dj/bi,
j:l
whereo
r, < b-l and 0 ( d, < b-1, and, for everypositive
integer.v,
5
thereare integersn and m with i, * D-l and d* r
b-1. Assumethat k is
the smallestindex-for which cr, * d1r, and assume
that c1,7 dr, (the case
cr 4 dp is handledby switchingthe roresof the two expansions).
Then
o: ;
k1-d1) lbi : (c*-d) /bk *
_k+l
j ,i',
ki-d)
/bj ,
so that
(10.1)
G1,-d1)/bk :
j-k+t
e1-c1) /bi
Since c; ) d*, we have

(10.2)
b*-d) /bo > , /uo.
while
(10.3)
j:k+t
j-k+l
:(b-l)
l lLK+l
,
"u
| _ t/b
: l / b k,
where we have used Theorem 10.4 to evaluatethe sum
on the right-hand side
of the inequality. Note that equality holds in (10.3)
if and only if
d j - c . i: b- l f o r a l ! i w i th
7 ) t 1 t, a nd thi s occurs i f and onl y i f
dj : . b- l- and c i:0
fo r i 2 k + t. H o w e v e r,such an i nstancei s excl uded
by
the hypothesesof the theorem. Hence, the inequality in (tO.:)
is strict, and
therefore, (to.z) and (10.3) contradict (to.t). ttris shows
that the baseb
\
expansionof a is unique. tr
341
1 O.1 Dec im al F r ac ti o n s
The unique expansion of a real number in the form ). c1/bi is called the
J-t
base b expansionof this number and is denotedby kp2ca..)6.

To find the base b expansion(.cp2ca..)6 of a real number 7, wo can use
the recursive formula for the digits given in the proof of Theorem 10.3,
namely
^ fk : b y * -t - l bl t -J ,
ck : lbt*-J ,
where ^Yo: ^Y,for k : 1,2,3,...
Example. Let ( . c p2 c a ..)6 b e th e b a s e8 e x p a n s ionof l /6. Then

tc 1: [ 8 ' ; l :
o
_
1,,
l_
c2:[8';'l:2,
J
_ )_
ca:[8']l-5,
J
_
tca:[8'Tl:2,
J
cs:[8'?t:t,
^yt:8 -l : I
+
T,
^y2:s -2: 2
t'
+
^y3:B -5 - I
T'
+
2
74:8 + -2 - T'
I
^ys-s
+-s: T,
and so on. We see that the expansionrepeatsand hence,

t/6 : (1 2 5 2 5 2 5 ..)8.
We will now discussbase b expansionsof rational numbers. We will show
that a number is rational if and only if its base D expansion is periodic or
terminates.
Definition. A base D expansion (.cp2ct..)r is said to terminate if there is a
: 0.
positiveinteger n such that c, - cn*l - cn+z:
Example. The decimal expansionof l/8, (.125000...)ro: (.125)ro,terminates.
Also, the base 6 expansionof 419, (.24000...)o- (24)6, terminates.
To describethose real numbers with terminating base b expansion,we prove
the following theorem.
342
Theorem 10.5. The real number a, 0 < q I 1, has

a terminating base D
expansion
if and only if a is rationaland a : r/s, where 0 ( r ( s
and every
prime factor of s also divides D.
Proof. First, supposethat a has a terminating base 6 expansion,

(c 1c2...c)6 .
d:
Then
Q:
b'
so that a is rational, and can be written with a denominator
divisible only by
primes dividing b.
Conversely,supposethat 0 ( a (
l, and
a:
rfs .
where each prime dividing s also divides 6. Hence, there is power

a
of D, say
bN, that is divisible by s (for instance, take N to be the largest
exponent in
the prime-power factorization of s). Then
bNot:b*r/t:er,
where sa : bN ,, and a is a positive integer since slbr.
(a*a^-1...aps)6 be the baseb expansionof
or. ln"n
a^b^*o^-tb^-r + . . . * atb*ag
Now
let
ar/bN :
a:
6u
:
d*b--N
(.00...a
m o m - t . . . a , a s )y .
+ am_tbm-l-fl
*a1b|-tr+ aob-N
Hence, a has a terminating base6 expansion. D

Note that every terminating base b expansion can be written
as a
nonterminatingbase6 expansionwith a tail-end consistingentirely of the digit
b-1, since (.cp2...
c^)r- (cp2...
pir
cm-lb-lbi...lu
(.ttl l l ...)ro . T h i s i s w h y w e requi re i n Theorem
i n stanc e,( 12) t o:
10.3
that for every integer N there is an integer n, such that n ) N and
343
1 O.1 Dec im al F r ac ti o n s
cn# b-l;
A base
without this restrictionbaseb expansionswould not be unique.

instance
b expansionthat does not terminate may be periodic, for
I 1 3 : ( . 3 3 3 . . .1)s'
| / 6 : ( . 16 6 6 . ' . t) o '
and
| /7 : (.t+ztst 142857142857..) rc'
if there are
Definition. A base b expansion (.cp2ca..)6 is called periodic
:
'
N
n
for
cn
7
positive integers N and k such that cn11
Wedenoteby(cp2...cv1-,']]-"*1-')6theperiodicbaseb
(.cp 2...c7,1"') a' For instance'we have
t -( t t...cN+t-rc.nv
rclr...cry+
expanslon
r/3 : (.J)_.,0
,
7 1 6: ( . 1 6r)o,
and
ll7 : (.taxsz)ro.
begin
Note that the periodic parts of the decimal expansionsof 1/3 and l/7
the
proceeds
I
immediately, while in the decimal expansion of l/6 the digit
b
base
periodic
periodic pirt of the expansion. We call the part of a
part
periodic
L*punsion preceding the periodic part the pre-period, and the
thi period, where we take the period to have minimal possiblelength'
(.ootorzr)r.
Example. The base 3 expansionof 2/45 is
(001) 3and t he per io di s (Ot2 l )3 .
The pre-period is
The next theorem tells us that the rational numbers are those real numbers
gives
with periodic or terminating base b expansions. Moreover, the theorem
of
rational
expansions
b
base
periods
of
and
the lengths of the pre-period
numbers.
Theorem 10.6. Let b be a positive integer. Then a periodic base b expansion
representsa rational number. Conversely,the base b expansionof a rational
( 1, a: rfs,
number either terminates or is periodic. Furthero if 0 < a
:
T(J where every
where r and J are relatively prime positive integers, and s
prime factor af T divides 6 and (U ,b) : 1, then the period length of the base
of a is ordy b, and the pre-period length is .l/, where N is the
b
""punrion
smaliestpositiveinteger such that TlbN.
344
Proof. First, suppose

that the baseD expansion
of a is periodic,so that
a: (.crrr...r*ffi)o
c1
I-J-
ct
b62
C1
C';
I-J-
b62
where we have used Theorem 10.4 to see that
l
6tc
s^_
t"^ ojo
,r - . _
bk-l
bk
Since a is the sum of rational numbers, Theorem l0.l

rational.
tells us that a is
Conversely,supposethat 0 ( a ( l, a : r /s, where r and s

are relatively
prime positive integers, s : T(J , where every prime factor
of T divides b,
Ql,b):
1, and I/ is the smallestinteger such-that Tlb*
Since Tlb*, we have aT:
(10.4)
bN, where c is a positiveinteger. Hence

bNa:bN
LTUU
or
Furthermore,we can write

(r0.5)
ar
i:n*i,
where A and C are integers with
0 < I < 6N,

and (c,u):
0 < c < u.
l. (the inequalityfor A followssince0 ( bNa: +
< bN.
U
which results from the inequality 0 ( a ( I when both sides are multiplied
by bN) . The fact that (C,tl):
I follows easily from the condition (r,s) : l.
Fr om T heor em 1 .3 ,A h a s a b a s eb e x p a n s i o nA : (anan_t...epo)u.
lf U : l, then the base b expansion of a terminates as shown above.

Otherwise, Iet v : ord,ub. Then,
34s
b'#:
(10.6)
Q u+ t )c
U
+t,
where/ is an integer, since b' = | (mod U). However, we also have

(t
(-
+ c' * al.
b')
-C+j
62
b'+:b'l]+
U
(10.7)
LA
b'
that
o'
where(cp2ca...)6is the baseb expansion
t,so
c k : l b l t -J ,
where To :
T, f o r k
(10.8)
: 1 , 2 , 3 , . . . . F r o m ( 1 0 . 7 )w e s e et h a t
(-(
b' *:
U\
^ y k- b ' y t -r - l bl * -J
l r , b u - t+ c 2 b ' - z+
* r"] t ru.
( T, ( l,
Equatingthe fractionalparts of (10.6) and (tO.S),notingthat 0
we find that
C
4 t : -
Iv
u'
ConsequentlY,we seethat
^Yv:
": t'
so that from the recursivedefinition of c1,c2,...we can concludeIhzt cpau: c1,
nuta periodic baseb expansion
for k : 1,2,3,.,.. Hence
$
c - (n-rcr-Q6.
U
Combining (tO.+) and (10.5), and inserting the base b expansionsof A and
9. *. huu,
U'
(ro.s)
bNa :
( a n a n - 1 . . . a t a o. c p 2 . . . c v 6) .
Dividing both sidesof (10.9) by bN, we obtain

a : ( . 0 0... a n a n - r . . . o p o f f i )
u,
(where we have shifted the decimal point in the base b expansion of brya N
346
D e c i ma l F ra c ti ons and C onti nued Fracti ons
spaces to the left to obtain the base b expansion

of a). In this base D
expansionof a, the pre-period (.00...a,an-t...ipo)a is
of length N, beginning
with.A/ - h*1) zeros,and the period f.ngit, ir r.
We have shown that there is a base b expansionof
a with a pre-period of
length r/ and a period of length v. To finish the proof,
we must ,t o* that we
cannot regroup the base b expansion of a, so that either
the pre-period has
length less than ry', or the period has length less than v.
To do this, suppose
that
q: (.crrr...trffi)u
:
C1
Ct
*;*
*#*(*)la.
k f t M - t + c2 b M - 2 q
+cM)(bk-t) + Gyar6k-t+
bM (bk -t)
, cM+k
-;m
f cTaap)
S i n c eq . : r f s , w i t h ( r , s ) : l , w e s e et h a t s l b M $ k _ D . C o n s e q u e n t l y ,
TlbM
uTd ul(tk-o.
H e n c e , M > N , a n d v l k ( f r o m T h e o r e mg . l , s i n c e
bk = I (mod tD and v : ord,ub). Therefore,'the pre-period
length cannot be
less than ,^/ and the period length cannot be less than v. D
We can use Theorem 10.6 to determine the lengths of the pre-period
and
per iod of dec im a l e x p a n s i o n s . L e t a : r/s , 0 < a (
l , and , :2" , 5r,, ,
where (1,10) : l. Then, from Theorem 10.6 the pre-period
has length
max (s1,s2)and the period has length ord,l0.
Example. Let ot:5/28. since 2g - 22.7,,Theorem10.6 tells us
that the prehas length 2 and the period has length ord710 : 6.
Since
rylt:d:
(fiasll4z),
5/28
we seethat theselengthsare correct.
Note that the pre-period and period lengths of a rational numb
er r f s, in
lowestterms, dependsonly on the denominators, and not on the
numerator /.
we observe that from Theorem r 0.6, a base b expansion
that is not
terminating and is not periodic representsan irrational number.
Example. The number with decimal expansion
o r: . 1 0 1 0 0 1 0 0 0 1 0 0 0 0 . . . ,
consisting of a one followed by a zero, a one followed by two zeros,
a one
followed by three zeroes, and so on, is irrational because this
decimal
expansiondoes not terminate, and is not periodic.
347
so that its decimal

The number d in the above example is concocted
occurring numbers
expansion is clearly not periodic. To show that naturally
becausewe do
10.6,
Theorem
such as e and 7( are irrational, we cannot use
No matter
numbers'
these
of
not have explicit formulae for the decimal digits
cannot
still
we
compute,
we
how many decimal digits of their expansions
could
period
the
because
conclude that they are irrational from ihis evidence,
be longer than the number of digits we have computed'
10.1 Problems
l.
Show that dE is irrational

a)
by an argument similar to that given in Propositionl0'l'
b)
using Theorem 10.2.
2.
Show that :/i
3.
Show that
a)
+ ..6 is irrational.
log23 is irrational.
which
logob is irrational, where p is a prime and b is a positive integer
is not a Power of P rational or
4 . show that the sum of two irrational numbers can be either
irrational.
either rational or
5. Show that the product of two irrational numbers can be
irrational.
b)
6.
Find the decimal expansionsof the following numbers
d) 8lrs
a) 2/5
b) slt2
c) r2113
7.
e) lllll
f) 1/1001.
Find the base 8 expansionsof the following numbers
d) r16
e) rlrz
f) r122.
a) rl3
b) rl4
c) rls
8.
Find the fraction, in lowest terms, representedby the following expansions
a) .rz
b) .i
c) n.
348
D e c i ma l F ra c t i ons and C onti nued Fracti ons
9'
Find the fraction, in lowest terms, representedby

the following expansions
a) (.rzi,
b) (.oar6
l0'
Il'
For which positive integers D does the base 6 expansion

of l r/zro terminate?
Find the pre'period and period lengths of the decimal
expansions of the
following rational numbers
il 7/t2
b) tt/30
c) t/7s
12'
c) (.iT),,
d) (M),6.
d) rc/23
e) B/s6
f) t/6t.
Find the pre'period and period lengths of the

base 12 expansions of the
following rational numbers
a) t/+
b) r/B
c) 7/ro
d) s/24
e) 17h32
f) 7860.
13' Let b be a positiveinteger.Showthat the period

lengthof the base6
expansion
of l/m is m - I if andonlyif z is piimeand, i, primitiveroot
of m.
"
14. For which primesp doesthe decimalexpansion
of l/p haveperiodlengthof
a)l
b)2
c)3
d)4
e)5
f) 6?
15. Find the baseb expansions

of
a) r/(b-r)
b) r/6+D .
16. Showthat the baseD expansion

of t/G-1)z;, 1.9ffirJp1;u.
17. Showthat the real numberwith base6 expansion
(otzt.,.o-tlol rr2..)t,
constructed by successivelylisting the base b expansions
of the integers, is
irrational.
18. Show that
+.#.#.#.#
349
1 O.1 Dec im al F r ac t i o n s
r9.
one.
is irrational, whenever D is a positive integer larger than
integers greater than one'
Let byb2,fur... !s an infinite sequence of positive
as
represented
be
can
Show that every real number
,o*?.#+#;+,
( ct ( bp for k : I'2'3'""
where cs,c1,cz,c!,...are integers such that 0
20.
a)
Show that every real number has an expansion

CrCtrt+
to+l!
zl* 3!
:
are integers and 0 ( ct ( k for k
where cs,c1,c2,c!,-.-
l'2'3'""
of the type
show that every rational number has a terminating expansion
(a).
describedin Part
llp is ('t,tr'-oJ"
Supposethat p is a prime and the base b expansionof
is p - l. show that
llp
of
expansion
b
base
so that the period length of the
( p, then.
if z is a positive integer with I ( ln
b)
Zl.
( 2...c1sacP)
6'
m /p : (.cya1...coac
where k : indtm modulo P.
has an even period length'
2 2. Show that if p is prime and l/p - ('ffi)6

k :2t,
f o r . , ;:r 1 , 2 , " ' , t
thenci * ci+t: b-l
whete h and' k
23. The Farey series Fn of order n is the set of fractions hlk
(h,k):
are integers,0 ( ft < k ( n, and
include 0 and I in the forms i
1, in ascendingorder' Here, we
and I respectively' For instance, the Farey

I
seriesof order 4 is
3l
0l112
T ' T , T ' T ' 7 , 7 ,T

a)
Find the Farey series of order 7.
b)
Show that if a/b

bd - ac :1.
c)
Show that if a/b, c/d, and e/f

then
and c/d
are successiveterms of a Farey series' then
a*e
are successiveterms of a Farey series,
7- E7'
3so
DecimalFractions and ContinuedFractions
d)
Show that if a/b

ordern, then b*d
and, c/d
) n.
are successiveterms of the Farey series of
24. Let n be a positiveinteger,n ) l. Show that I

not an integer.
l0.l
ComputerProjects
Write computerprogramsto do the following:

I'
2'
Find the base 6 expansionof a rational number, where

b is a positive integer.
Find the numerator and denominator of a rational
number in lowesr rerms
from its base b expansion.
3'
Find the pre-period and period lengths of the base

D expansion of a rational
number, where b is a positive integer.
4'
List the terms of the Farey series of order n where n

is a positive integer (see
problem 23).
10.2 Finite Continued Fractions

Using the Euclidean algorithm we can express rational
numbers as
continued fractions. For instance, the Euclidean algorithm produces
the
following sequenceof equations:
62:2.23 +
2 3 : l . 1 6+
1 6: 2 - 7 +
7:3-2 +
lG
7
2
l.
When we divideboth sidesof eachequationby the divisorof that

equation,we
obtain
62:r*16:,)r
23
23
I
nlr6
I
?3-:t+L:t*
16
16
16/7
16 : I
I
Z
:
r +
+
7
7
7/2
L
+ !.
+:3
2
2'
By combiningtheseequations,
we find that
351
1 O.2 F init e Cont inu e d F ra c ti o n s
62 :2+
23
:2+
1
23116
t
r '- L :
:2*
rc17
I
1+h
I
:2*
1+
2++3*;
in the abovestring of equationsis a continuedfraction

The final expression
of 62123.
expansion
We now definecontinuedfunctions'
of the form
. A finite continuedfraction is an expression
Definition
I
aot
atl
ctz *
+-
1
a n - rt L
an
an positive' The real
ale real numbers with Q1,Q2,Q3',"''
where Qg,a1,a2,...,an
continued fraction'
the
quotients
of
numbers ej,a2,...,Q'nare called lhe partial
as,c r,..., an are all
numbers
real
the
if
The continued fraction is called simple
integers.
we use the
Because it is cumbersome to fully write out continued fractions,
the above
in
fraction
to represent the continued
notation Lso;a1,e2,...,Ctn|
definition.
a
We will now show that every finite simple continued fraction represents
can
number
rational
every
that
will
demonstrate
we
rational number. Later
be expressedas a finite simple continued fraction'
352
DecimalFractions and ContinuedFractions
Theorem l0'7 ' Every finite simple continued

fraction represents a rational
number.
Proof' we will prove the theorem using mathematical
induction. For n : 1
we have
[ao;arl:oo+
I *aoar*l
al
og
which is rational. Now assume.that for the positive

integer k the simple
continuedfraction [ag;at,e2,...,eklis rational whlnevst
as,or,...,okare integers
with a r,...,ak positive. Let as,at,...,ek+tbe integers
with er,...,ek+t positive.
Note that
[ a g . a 1 , . . . , a k +: t la g +
Ia;a2,..., a1r.a1ra1l
By the induction hypothesis,[a

ria2,...,ek,ek+r] is rational; hence, there are
integers r and s, with s*0, such that this continued
fraction equals r/s.
Then
l a o ; a 1 , . . . ,a k , o k + t l : a g +
I
r/s
agr*S
which is again a rational number. tr

We now show, using the Euclidean algorithm, that
every rational number
can be written as a finite simple continued fraction.
Theorem 10.8. Every rational number can be expressed
by u finite simple
continued fraction.
Proof. Letx:a/b
w h e r ea a n d b a r e i n t e g e r s w i t h b > 0 . L e t r s - a
and
r't : b. Then the Euclidean algorithm prodr.", the
following sequenceof
equations:
353
1O.2 Finite ContinuedFractions
rO :
r| :
r1Q1* 12
r2Q2* 13
Q 1r2 ( tt,
0(131rr,
12:
r3Qtl 14
0(ra113,
:
ln-3
fn'ZQn-Z*
tnQn
fn-1Qn-1*fn
fn-Z:
fn-l
0(rn-11tn-z,
0(rnlrn-t
fr-t
Writing these
In the above equations 4z,Qt,.",Qn are positive integers.
equations in fractional form we have
L:
b
lo
tt
tt:
13
q2+;:Q2.Trt
r2
rZ:
ta,
nr*;:et*
r3
ln-3
rn-2
ln-2:
rn-l'
fn-l
Qr*;:qt+
/1
tn-l
Qn-2
tn-2
L
Qn-l t
,n
rrt^
I
-L -t
rn-2/rn-t
: - nq- -n.-+l 4- , n - r , / r ,
: ,QN
rn
first equation'
Substitutingthe value of r1/r2from the secondequation into the
we obtain
(l 0.10)
al
T:4tt
,
4z r
t
,rlry
into (10.10)
Similarly, substituting the value of r2fr3 from the third equation
we obtain
3 54
Qr*
Qz*
Q t *+rilrt
Continuing in this manner, we find that
T:
q ' t+
Qz*
Qt*
Qn-t
,l
Qn
Hence
q n l . T h i s s h o w s t h a t e v e r yrational number can

be
t:rnriQz,...,
written as a finite simple continuedfraction. !
We note that continued fractions for rational numbers
are not unique.
From the identity
an :
Gn-l)
we seethat
[ a g ; a1 , e 2 , . .e. ,n _ t , o n l: I a g ; a 1 , c t 2 ,e. .n. ,_ t , e n
whenevera, )
Example. We have
1
#I I
: [ o ;I , l , l , 3 1: [ o ; l, l , l , 2 ,I ] .
In fact, it can be shown that every rational number can

be written as a
finite simple continued fraction in exactly two ways, one
with an odd number
of terms, the other with an even number (see problem
8 at the end of this
sec t ion) .
Next, we will discussthe numbers obtained from a finite continued
fraction
by cutting off the expressionat variousstages.
Definition. The continued fractions [as;a1,o2,...,
a1l, where ft is a nonnegative
integer less than n, is called the kth convergenr of the continued
fraction
355
1O.2 Finite ContinuedFractions
by Ct '
[ao;a1,e2,...,Qnl The kth convergentis denoted
the convergentsof
In our subsequentwork, we will need some properties of
starting with a
properties,
these
a continued fraction. We now develop
formula for the convergents.
an be real numbers,with a 1;a/;...,a, positive'
Theorem 10.9. Lel ag,a1,e2,...,
recursivelyby
Let the sequencesP0,Pt,...,
Pn and qs,qt,"', Qn be defined
Qo: I
q1: ar
Po: aO
Pt : asol*l
a nd
P * : o k P k - t t P*-z
Qk:
q*-z
apQt-t t
t k : I' ao;at,.' .,okl i s gi ven by

for /c : 2, 3, . . . ,n . Then the k th c o n v e rg e n C
Cp -- P*lqr'
: 0
proof. we will prove this theorem using mathematical induction. For k
we have
Co: lael : asll : Polqo.
For k : l, we seethat
Cr : l a o ;a 1 l : a s + ! :
a1
aoat*l
a1
:Pt
Qt
Hence. the theorem is valid for k : 0 a n d k : l

where
Now assume that the theorem is true for the positive integer k
Thismeansthat
1n
2<k
(10.11)
C k : [ ' a o ; a r , .Q
. . k, l :
Pk:a*Px-r*Pt-z
a trQ-t
t * qtr-z'
Q*
real
Becauseof the way in which the p;'s and 4y's are defined, we see that the
quotients
numbers p*-r,p*-z,Qk-1, and Q*-z depend only on the partial
by
e0,er,...,ak-r . Conr"quently, we can replace the real number ap
a* * lla*+t in (t0'l I), to obtain
3s6
C t + r : [ a g ; a t , . . . , o k , o k +: r l
I a o : a 1 , . .(. t, k _ t , o k+ ! l
ap
+l
["^
.
l"r
ok+t
P*-r t p*-z
*)nr-,*q*-z
a*n(arp*-r * p*-z) * p1,-1

apal(alrQrr-t *
Qt_)
qt_t
_ o * + Pt * P * -r
a * + fi * * q* -r
_ P*+t
Q*+t
This finishesthe proof by induction. D

we illustrate how to use Theorem 10.9 with the following
example.
E x am ple. we h a v e 1 7 3 /5 5 : [3 ;6 ,r,7 1. w e c omputethe sequences
p1 andq,
f o rj : 0 , 1 , 2 , 3 , b y
Po: 3
19
Pt:3'6+l:
Pz: l'19+3:22
P t : 7 ' 2 2 + 1 9: 1 7 3
Qo: I
Ql:6
Qz: l'6*l
4 3- 7 ' 7 + 6 : 5 5 .
Hence, the convergentsof the abovecontinuedfraction are

Co : po/qo: 3/l : 3
Ct:Pt/qt:19/6
C z : p z /q z : 2 2 /7
Ct: pJqt: 173/55.
We now state and prove another important property of the convergents
of a
continued fraction.
Theorem 10.10. Let k be a positiveinteger, k 2 |
Let the /cth convergent
of the continuedfraction las;ar,...,onlbe c1 : p*/qt, where pt< and,q1,
ai as
357
'1O.2Finite ContinuedFractions
definedin Theorem 10.9. Then

PrrT*-r' P*-t4t'
: (-l)k-l'
For k : I we
Proof. We use mathematical induction to prove the theorem'
have
(asal+l)'l - asat: l'
PtQo-PoT1:
Assume the theorem is true for an integer k where I < ft I
: (-l)t-l'
PtQ*-r P*-rQt
tt , so that
Then, we have
Pt+rQt
P * Q t+ t
(a rr+ rp t* p r-)q r, - P* (arrttQ* * Qr-)

- (-l)k-t:
(-1)k'
Pt-tQt Ptq*-t:
so that the theorem is true for k + l.
This finishesthe proof by induction. tr
we illustrate this theorem with the example we used to illustrate Theorem

10.9.
Example. For the continuedfraction [3;6,1,71we have
: -l
PoQt PrQo: 3'6 19'l
:
:
PrQz- PzQl 19'7 22'6 I
: -1'
PzQt PtQz: 22'55 173'7
As a consequenceof Theorem 10.10, we see that the convergentspt lqx for
thi s.
k:1 ,2, . . . ar e in low e s tte rm s . C o ro l l a ry 1 0 .1d e monstrates
Corollary 10.1. Let C*: p*lqr, be the kth convergent of the simple
where the integersPt and qp are as definedin
continuedfraction las;ar,...,8211,
Theorem 10.9. Then the integersPr, and qy are relatively prime.
Proof. Let d : (p*,q*). From Theorem 10.10,we know that
P*Q*-r Q*P*-r: (-l)k-l'
Hence, from ProPosition1-2 we have
d I el)k-r.
Therefore,d : l. B
3s8
D e c i m a l F ra cti ons and C onti nued Fracti ons
we als o hav e th e fo i l o w i n gu s e fu rc o ro i l a ry
of Theorem r0.10.
corollary 10.2- L?t ck : pr/qp be the
c ont inuedf r ac t i o nl a o :a 1 ,e 2 ,...,
e11l Then
kth convergent of t h e s i m p l e
{- ) * - r
C1,- Cr-r :
QtrQ*_r
for all inregers

k with I < ft
Cp-
Also,
alrG)k
^
-x-2:
QtQt-z
for all int eger sk w i th 2 < k ( n .

Pr oof . F r om T h e o re m 1 0 .1 0w e k n o w th a t p l r Q* _tQ* pr_r: (_l )k-l
W e obt ain t he f i rs t i d e n ti tv .
Ck - Cft-r :
nr
''n
Qr
pr_r
(_t)k-l
Qt-r
QtQ*_r
by div iding bot h s i d e sb y q rQ* _ r .

To obtain the secondidentity, note that
r .t - r- L k - z : L
Pt'-z:- P*Qr-z-P*-zQ*
-Pt'
Q*
Q*-z
Q*Q *-z
sinc e P k : at p*- r * p * -z a n d q 2 : o k e k -r * q * -2, w e seethat

the numerator
of the fraction on the right is
P *Q *- z - p rr-z Q*: (a * p * _ t * p * _ z )q k _2- p* _z(arQr,_r* Qr_z)
- a t(P tr-tQtt-z- p * -z Q * -)
: a rr(-l )k - 2 ,
where
Pr - t Q t , - z-
we
have
used
P t - z Q* -r : (- D k -z .
Theorem
Therefore,we find that

Cp -
Ck-z:
a1,GDk
Q*4 tr-z
is the second identity of the corollary. tr
10.r0
that
359
1O.2 Finit e Cont inue d F ra c ti o n s
theorem w hi ch i s useful
Usi ng c or ollar y 10 .2 w e c a n p ro v e th e fo l l o w i ng
fractions'
when developinginfinite continued
o f t he fi ni te si mpl econti nued
Theore m l0. ll. Let c 1 b e th e k th c o n v e rg e n t
., l . T h e n
fracti on lag: at , Q 2, . . Qn
Cr)Cl)Cs)
Co ( Cz 1 Cq 1
'
'
:0 ' l ' 2 " "

and ev er y odd- num be rc dc o n v e rg e n tC ri * r ' i
:
e ve n num ber edc onve rg e n tC z i ,-l 0 ,1 .2 ," '
i s greater than every
: /'3' " ' ' rt'

Proof. S inc eCor olla ry 1 0 .2 te l l s u s th a t, fo r k
C1r-C*-z:#'
we know that
Cp 1 C*-z
when k is odd, and
C* )
C*-z
when k is ev en. Hen c e

Ct 7 Ct ) Cs
a nd
Co (
Cz 1 Cq 1
To show that every odd-numbered convergent is greater than every even'

numberedconvergent,note that from Corollary 10.2 we have
(-l)2--r'o'
C z ^ - C z r n - l' -Qz^Qz^'t
so th at Cz ^- t 7 Cz ^ . T o c o m p a reC 2 1 ,a n d C ri -r , w e seethat
Czj-r)
Crj*z*-l > Crj*ro )
Cz*'
-numbered
so that every odd-numberedconvergentis greater than every even
convergent. tr
360
Example. Consider the finite simple continued

fraction 12:3,1,1,2,41.
Then the
convergentsare
CoC1 CzC: :
C+:
Cs :
2/l-2
7/3:2.3333...
9/4:2.25
16/7:2.2857...
4l/lS:2.2777...
ftA /7 9 : 2 . 2784....
We seethat
Co : 2 1 Cz: 2.25I Ca : 2.2777...
( Cs :2.2784... ( Cr :2.2957... ( Cr :2.3333...
10.2 Problems
l'
2'
Find the rational number, expressedin lowest terms, representedby each

of the
following simple continued fractions
a)
b)
c)
IZ;ll
[t;z,z]
[0;5,0]
d)
e)
f)
e)
[ r ;r ]
[ l ;l , l ]
[ I ; t , l, l ]
5 , 1]
[3;7,1
h)
[ l; I ,l ,l,l ].
Find the simple continued fraction expansion not terminating with the partial
quotient one, of each of the following rational numbers
il
6/s
d)
b)
c)
22t7
t9/29
e)
f)
slsss
-4311001
873/4867.
Find the convergentsof each of the continued fractions found in problem 2 .

Let up denote the kth Fibonaccci number. Find the simple continued fraction,
terminating with the partial quotient of one, of u1,-,1fup,where ft is a positive
lnteger.
5. Show that if the simple continued fraction expressionof the rational number
a , a . ) 1 , i s [ a 6 ; a t , . . . , a kthen
l,
the simple continued fraction expressionof l/a is
l};a o,ar,...,a k'l.
6.
S h o w t h a t i f a e * 0, then
1O.3 InfiniteContinuedFractions
P*/p*-r
361
: I o o i a * - t ., - . , a 1 , a s l
and
q* / q tr-r: I'au:ar-r,"',a2,a11,
convergentsof the
where Ck-r: p*-t/qrr-r and C* : pt lq*,k ) l,are successive
:
(Hint:
a*P*-1 * pp-2 to
relation
the
Use
P*
continued fraction la6;a1,...,an1
*
I
/
(
p
x
t
/
p
*
)
.
a
r
s h o wt h a t p t / p * - r :
of the
7 . Show that q1,) u1, for k:1,2,... where c*: p*lqr is the kth convergent
and all denotesthe kth Fibonacci number'
simple continued fraction las;a1,...,an1
8 . Show that every rational number has exactly two finite simple continued fraction
expansions.
be the simple continued fraction expansion of rls where
9 . Let lao;ar,a2,...,a211
Show that this continued fraction is symmetric, i'e.
I and r)l
:
o s : a 2 1 t a t a n - t d 2 : a n - 2 , . .i.f, a n d o n l y i f s l ( r 2 + t ) i f n i s o d d a n d s l ( r 2 - t ) i f
n is even. (Hint: Use problem 6 and Theorem 10.10).
(r,s):
10.
Explain how finite continued fractions for rational numbers, with both plus and
minus signs allowed, can be generated from the division algorithm given in
problem 14 of section1.2'
ll.
be real numbers with a r,o2,...positiveand let x be a positive

Let as,ar,a2,...,ak
real number. Show that Ias;a1,.'.,ar,l1 lao;a6--.,a1,*xl if k is odd and
I a s ; a 1 , . . . , a t>1 [ a o ; a 1 , . ' . , o 1 r * xi f] t i s e v e n .

l.
Find the simple continued fraction expansionof a rational number
2.
Find the convergentsof a finite simple continued fraction.
10.3 InfiniteContinuedFractions
.
Supposethat we have an infinite sequenceof positive integersQo,Qt,ay,...
How can we define the infinite continued fraction Las,at,a2,...l? To make
sense of infinite continued fractions, we need a result from mathematical
analysis. We state the result below, and refer the reader to a mathematical
analysisbook, such as Rudin lezl, for a proof.
Theorem ll.l2. Let xs,x r,x2,... be a Sequenceof real numbers Such that
xo ( x r ( x z ( . . . a n d x 7 , < u fo r k : 0 ,1 ,2 ,... for somereal number u, or
x o 2 x r 2 x z 7 . . . a n d x t 2 L f o r k : 0 , 1 , 2 , . . . f o r s o m er e a l n u m b e rl .
362
D e c i ma l F ra cti ons and C onti nued Fracti ons
Then the terms of the sequencexu,xr,x2,...

tend to a limit x, i.e. there exists
a real number x such that
14to:"'
Theorem 10'12 tells us that the terms of an infinite
sequencetend to a limit
in two specialsituations,when the terms of the sequence
are increasingand all
less than an upper bound, and when the terms of the
sequenceare decreasing
and all are greater than a lower bound.
We can now define infinite continued fractions as limits
of finite continued
fractions, as the following theorem shows.
Theorem 10.13. Let as,e1,ct2,...be an infinite sequenceof integers
with
ar,Qz,... positive, and let ck : lag;a1,a2,...,e1a1Then the convergents
cp
tend to a limit ot.i.e
J4to:"'
Before proving Theorem l0.l 3 we note that the limit a described in
the
statement of the theorem is called the value of the infinite simple continued
fraction [as;at,o2,...1.
To prove Theorem 10.13, we will show that the infinite sequenceof evennumbered convergents is increasing and has an upper bound and that the
infinite sequenceof odd-numbered convergentsis decreasingand has a lower
bound. We then show that the limits of these two sequences,guaranteedto
exist by Theorem 10.12,are in fact equal.
W e now will p ro v eT h e o re m 1 0 .1 3 .
Proof. Let m be an even positive integer. From Theorem 10.1l, we seethat
cr ) ct) cs )
ca1cz1cq1
C^-t
1C^,
and C2i 7 Czn+t whenever 2j 4 m and 2k + | <. m . By considering all

possiblevaluesof m, we seethat
Cr ) Ct>. Cs)
co(czlc+(
) C z n - t ) C zn+ ,
1 Czn-z 1 C2n I
and czi ) Cz**t for all positive integers j and k. we see that the
hypothesesof Theorem rc.12 are satisfied for each of the two sequences
C 1, C3, C2, . . and
.
C s ,C z ,C 4 ,.... H e n c e , th e s equenceC 1,C 3,C 5,...tends to a
363
1O.3 lnfinite Continued Fractions
a2 ' i'e'
limit d1 and the sequenceCs,C2,C4,"' tends to a limit
: dr
)i*c"*r
and
: o(2'
)*c"
Using
Our goal is to show that these two limits a1 and oQ are equal'
Corollary 10.2 we have
(-l)(z'+tl-t
: lzn*t - Pzn * zt n
C z n +-r C
n
Qzn+t
Qzn
Qzn+lQz,
Qzn+lQzn
Since e* 2 k for all positive integers /c (see problem 7 of Section 10.2), we

know that
I
(
z
n
+
l
)Qn)
ezn+rQzn
and hence
Czn*t - Cz,
Qzn+tQzn
tends to zero, i.e.

nlim
(C z ra 1- C 2 n ) : 0 .
s 1,C 3 ,C s ,...a n d C g ,C 2 ,C 4 ,...have the S amel i mi t, si nce

H enc e,t he s equenc eC
j*
(cr,*t - cz) :
,lg
Czn*t-
,lg
cz, : o.
Therefore ayr: aq, z11dwe conclude that all the convergentstend to the limit
d : (rr : dz. This finishesthe proof of the theorem' D
Previously, we showed that rational numbers have finite simple continued
fractions. Next, we will show that the value of any infinite simple continued
fraction is irrational.
Th eor em 10. 14. Le t o s ,,o 1 ,e 2 ,...b e i n te g e rs w i th a1,Q2,...posi ti ve. Then
Ia o ;ar , , a2, . . . 1is ir r ati o n a l .
Proof. Let a : las;at,ctz,...land let
364
Cr : pr/qp : [ a o ; at , . . . , a k l
denote the /cth c o n v e r g e n t o af . W h e n n is positive
a
integer,Theorem 10.I I
shows that C2, ( a ( C z r + t , s o t h a t
0 ( a - Czn I
Czn*t - Czo .
However, from Corollary 10.2, we know th a t

I
Czn*t - C2n :
4zn+tQzn
'
this meansthat
Pzn
0(a-Czn:a-
4zn
a
Qzn+ tQzn
and therefore, we have

0 1 a q 2 , - p z n 1 l / qzr+ t .
Assume that a is rational, so that ot : e /b where a and b are integerswith
b + A. Then
oaoQr"
b
-pzn<
I
Qzr+t
and by multiplying this inequality by b we seethat

01aq2n-bpzn
Qz n + t
Note that aq2, - bpzn is an integer for all positive integersn. However, since
Qz r + r ) 2n*I , th e re i s a n i n te g e r n s u ch that Qzn+ t> b, so that
b/Qzr+t < I . This is a contradiction,sincethe integer aQzn- bprn cannot be
between0 and I . We concludethat a is irrational. n
We have demonstrated that every infinite simple continued fraction
representsan irrational number. We will now show that every irrational
number can be uniquely expressedby an infinite simple continuedfraction, by
first constructing such a continued fraction, and then by showing that it is
unique.
365
1O.3 Infinite Continued Fractions
and define the sequence

Theorem f0.15. Let a: cvObe an irrational number
Q0 ,Qt, Q 2, ' . . r eCuf s iv e l bYY
Qk : lapl,
c r k + :l I / b t - a )
continued
fo r k : 0, l, 2, . . . . Th e n a i s the value of the infinite, simple
fracti on Lag;ar , az , - ..1 .
is an integer
Proof. From the recursivedefinition given above, we see that ap
that
induction
mathematical
using
show
easily
we
can
for every k. Further,
: a is irrational' Next, if
d0
that
note
first
We
k.
every
for
a7, is irrational
is also
we assume that a1, is irrational, then we can easily see that a,p1'
relation
irrational, sincethe
dk+r:l/(at-a*)
impliesthat
(10.12)
otk:A**Ls
I
qk+l
and if d;611were rational, then by Theorem10.1,a7. would also be rational'

Now, since a7, is irrational andap is an integer,we know that 47, I at, and
aplatlap*|,
so that
0(a1-ap<1.
Hence,
a(k+t: 1l@* - ap) )
l,
and consequently,
ak+r: [ar+rl )
fsr k : 0, I , 2, ... . This meansthat all the integers

Note that by repeatedlyusing (tO.t2) we seethat
366
Q:
d0:
: [as;al
ao* I
ul
l.
ao*
: Ia 6 ;a 1 ,a 2 l
at-fL
a2
Qo*
I a g ; al , o z , . . . , c t k , a t r + l l .
at i
az -f
*a1r*
otk+l
what we m us t n o w s h o w i s th a t th e v a l u e of l as;at,o2,...,ek,c,k+tends
1]
to a
as ft tends to infinity, i.e., as k grows without bound. From Theorem 10.9,we
seethat
a :
a*+tP* * pt+t
f a g ; a r , . . . , o k , a k + l l:
at+rT* * q*-r
where Cj : pi/qi is the 7th convergentof las;afl2,...1. Hence

a-Cp
a * + rP r * p * -t
pt
dtc+tQ* *
q*-t
Q*
-(Prqrr-t
Prr-tQ*)
(ar+gr, * q*-)q*
(-t)t
(a r+ g * * q * r)qt
'
where we have used Theorem 10.10 to simplify the numerator on the righthand side of the secondequality. Since
a * + rQ* * q t-r ) a t+ fl t * q* -r :
we seethat
Qk+|,
367
1O.3 Infinite Continued Fractions
l o - c * L' *
QtrQx+t
note that l l q* qn* t tends

Si nce Q r , 2 k ( f r om p ro b l e m7 o f Se c ti o n 1 0 .2 ),w e
k tends to infinity' or
to zero as k tends to infinity. Hence, Cp tends to a as
fraction
phrased differently, the value of the infinite simple continued
l a s ; a 1 , a 2 , . . . 1ai.s t r
representsan
To show that the infinite simple continued fraction that
theorem.
irrational number is unique, we prove the following
Theorem 10.16. If the two infinite simple continued fractions las;at,a2,...1
bx for
and lbo;br,bz,...l representsthe same irrational number, then ar:
k :0,1,2,...
Suppose that a: lag;at,a2,...1. Then,
Proof.
C t : a o * l / a t , T h e o r e m1 0 . 1 1t e l l su s t h a t
ao 1a
so that ao:
since
Ifa1,
1ag*
lc-l. Further, we note that

[ a g ; a 1 , a 2 , .:" 1a o
since
a : l a s ;ar,a2 ,...1:
1 ,a2 , ...,apl
o l g l [a o i a
I
:lim(ao+,
/ <- -
do*
lim Ia1,o2,...,apl
/< --
aol
,)
l q 1 i a 2 , Q3 , . . . , a pI
--.
l O 1 i O2 , O3 , .. . I
Supposethat
: l b o i br , b2 , . . . 1 .
l a s ; a1 , a2 , . . . 1
Our remarks show that
aO: bO: lol
Co : 4o
and
368
and that
a o *+ : b o
'
Ib ,.bz,...l
"
Io 1;a2,...1
so that
I a ; a 2 , . . . !: [ b t i b z , . . ..l
N o w a s s u m et h a t a 1 r : b k , a n d t h a t l a p t l ; a 1 r a 2 , .:.[.b1n * r ; b t + 2 , . . . 1 .
U s i n gt h e
same argument, we see that apal : bpa1,o.1d,
I
: bk-t+ '
a*+rl +'
Lapa2io1ra3,...l
lb**t;b*+t,..1
which implies that
['a p,z;a1ra3,...
] : lb 1ra2;b
I .
1ra3,...
Hence, by mathematicalinduction we see that a2 : b1, for k :0,1,2,... . D
To find the simple continued fraction expansion of a real number, we use
the algorithm given in Theorem 10.15. We illustrate this procedurewith the
following example.
Example. Let a : G.
We find that
t
:G5:T
ao:lrfil:2,
"E+Z
ant,
Qt:r*r:2,
s.)__
(J6,*2
)-z
'2'
e z : [ J o + z l: q
Since d3 :
w e S e et h a t a 3 :
q{
........:-:
ot, a4:
Qo+D-4
: J6+2
{e+z _
2
e 2 , . . . , a n d s OOn
d1
Hence
^f6 : 12;2,4,2,4,2,4,...1.
The simple continued fraction of -,.6' is periodic. We will discuss
simple continued fractions in the next section.
The convergents of the infinite simple continued fraction of an irrational
number are good approximations to a. In fact, if p*/qt, is the
7th convergenr
of this continued fraction, then, from the proof of Theorem 10.15, we know
that
369
1O.3 InfiniteContinuedFractions
l"-polqol < llq*qx+t

so that
lo - polqxl< tlq? ,
si nceQt I
Q *+ r .
of the simple
The next theorem and corollary show that the convergents
to a, in the sense
continued fraction of a are the best rational approximations
with a denominator
that prrlql is closer to a than any other rational number
l e ssth an q1.
:1,2,"', be
Theorem 10.17. Let a be an irrationalnumberand let n1le1,i
r
and s are
If
a'
of
the convergentsof the infinite simplecontinuedfraction
integers with s ) 0 such that
lso-rl < lqo"-pol

thens 7 qr*t.
( s I
Assume that lso-r | < lqr,o-pnl, but that 1
considerthe simultaneousequations
proof.
q*+r.
We
Ptx*Pt+rl:r
Qtx*Q*+t!:5.
then
By multiplying the first equation by Q* and the second by px, and
subtracting the secondfrom the first' we find that
(Pt +rqr-PxQt +)Y - tQk - sP* '
: (-l)fr, so that
Pt Qt+l
From Theorem 10.10,we know thar ppag*
y : (-l)k (rq1,-sP).
ppal and
Similarly, multiplying the first equation by Qlray and the second by
that
then subtracting the first from the second,we find
x : (-l)k(sppa;rQ*+).
If x:0thensPt+t:r4k+t'Since
and y#Q.
Wenotethat x#O
(px*t,qrr*) :
l, Lemma 2.3 tells us that q*+tls, which implies that
:0 , then r : pkx and s : Qkx'
Qt+t ) s , c ont r ar y to o u r a s s u mp ti o n .If y
so that
370
D e c i ma l F ra c ti ons and C onti nued

Fracti ons
lso-rl : l" llqp-pr,l ) lqro-p*l,

sinceIrl > l, contraryto our assumption.
we will now showthat x and y haveopposite
signs. First, supposethat
y < 0 . S i n c eQ k x : s - Q t < + t l , w e k n o w t h a t x
) 0 , b e c a u s e { 1)x 0 and
When / ) 0, since Qtc+r!2 q1ra1
Q* ) 0.
) s, we see
Qkx: s - Q*+r! ( 0,sothatx ( 0.
that
F r om T heor em l 0 .l l , w e k n o w th a t e i th e r
P t/qt ( a ( p* + r/qx+ t or that
Pt+t/q*+r ( a ( Pr/q1r. In either case. we easily see that
Qtea- pt, and
Qr+p - p*+r have oppositesigns.
From the simultaneous

equations
we startedwith, we seethat
lso-r | : lQorIql,lp)a - (po*+p**t)l
: lx(qp-pr) + yQ1,ap-p;-;it
combining the conclusionsof the previoustwo paragraphs,
we see that
x(qpa-pr) and!(Q*+p-p,t*r) havethe samesign,so that
lso-rl : l{ llqoo-pol
+ lyllq**p-pr,+rl
2 lxllqoo-pnl
) lqto-pr,l,
sincel*l>t.
This contradicts
our assumption.
We haveshownthat our assumptionis false,and consequently,

the proof is
complete.tr
Corollary 10.3. Let q b e a n i r r a t i o n a ln u m b e r a n d l e t p i / q i , j : 1 , 2 , . . .
be
the convergentsof the infinite simple continued fraction-of
*. lf r/s is a
rational number, where r and .r are integerswith s ) 0, such
that
lo-r/tl < l"-p*/qol ,

then s ) q*.
Proof. Suppose that s ( qt and that
lo-r/sl < l"-pr,lqr,l.
1 O.3 Inf init e Cont in u e d F ra c ti o n s
371
that
By multiplying thesetwo inequalities,we find
sla-r lsl < qol"-Polqol

so that
lsa-tl < lqod-Pxl ,
violating the conclusionof Theorem l0'17' tr
is
7(
of
fraction
continued
simple
The
Example.
i
n
p
a
t
t
e
r
n
d
i
s
c
e
r
n
i
b
l
e
n
o
i
s
o : l i ; j , 1 5 , 1 , 2 9 2 , 1 , 1 , 1 , 2 , 1 , j , . . . 1 .N o t e t h a t t h e r e
fraction
continued
this
of
the sequenceof partial quotients. The convergents
22/7' 3331106'
are the best rational approximationsto r. The first five are 3,
that 2217 i s
10.3
C
orol
l
ary
3351113,and 1039 9 3 /3 3 1 0 2 .We c o n c l u d efro m
106, that
than
less
the best rational approximation of t with denominator
less than
denominator
with
zr
31.5lll3 is the besi rational approximation of
3 3 1 0 2 .a n d s o o n .
Fi n ally , we conclude this section with a result that shows that any
be a
sufficiently close rational approximation to an irrational number must
number.
of
this
expansion
fraction
continued
simple
infinite
the
convergentof
Theorem 10.18. lf a is an irrational number and if r ls is a rational number
in lowestterms, where r and s are integerswith s ) 0, such that
lo-r/sl < t/2s2,
then r/s is a convergentof the simple continued fraction expansionof a.
proof. Assume that r/s is not a convergent of the simple continued fraction
expansion of a. Then, there are successiveconvergentspxlqx and ppallqp*t
su ch t hat Q n 4 s I Qrr+ t F ro m T h e o re m 1 0 .1 7,w e seethat
lqoo-pol< It ".-rl: slq-r/sl < t/zs'

Dividing by qr we obtain
l o -p o l q o l < 1l 2 s q * .
Since we know that \tpo-rqol > t (we know that sP*-rQr is a nonzero
integer sincer ls #pplqr), it follows that
372
DecimalFractionsand Continued
Fractions
-x
sQ*
lspt-rq*l
': lor tl
sl
,
sQ*
lqo
ll
qrl
.l*l
2tq*
F:l
2s2
(where we have used the triangle

inequality to obtain the second inequality
above). Hence, we seeth a t
t/2sqp I
t/2s2
Consequently,
Zsqp ) 2s2,
which implies that q1, ) s, contradicting the assumption. tr
10.3 Problems
L
2'
Find the simple continued fractions of the following real numbers
a)
,rf2
b)
^f3
c)
d)
-,/i
r+.6
Find the first five partial quotients of the simple continued fractions
of the
following real numbers
a)
b)
1/,
2r
c)
d)
(e-l)/(e+l)
(e 2 -t)/(e 2 + D .
Find the best rational approximation to zr with a denominator less than

10000.
The infinite simple continued fraction expansionof the number e is
e : l 2 ; 1 , 2 , 1 , 1l , 1
4 , 61, ,1 , g , . . . 1 .
a)
the first eight convergents

of the continuedfractionof e
1O.3 I nf init e Cont in u e d F ra c ti o n s
b)
373
less than
Find the best rational approximation to e having a denominator
100.
expansion
5 . Let d be an irrational number with simple continued fraction
-ot
is
Show that the simple continued fraction of
o : loo;ot,a2,...f
at: 1'
a
n
d
I
[
a
s
l
;
a
2
l
l
d
v
"
'
l
i
f
a
1
2
[-as-l;1,a,-l,as,a3,...lif
simple
6 . Show that if p*lqx and,p1,a/q1a1 2f consecutive convergents of the
continued fraction of an irrational number a, then
l o - p r/q rl < tl z q o '
( l /2 q l a.
l o - p o * r/q o * ,1
( Hint : F ir s t s h o wth a t l o - p r* r/q * * ,1+ l o - pol qol- l po* r/q& +- r pr,/qtl :
l/q*q**t using CorollarY 10.2.)
7.
Let a be an irrational number , a ) I . Show that the kth convergent of the

simple continued fraction of l/a is the reciprocal of the (k-t)th convergent of
the simple continued fraction of a .
8 . Let a be an igational number, and let pllei denote the jth convergent of the
simple continued fraction expansion of a. Show that at least one of any three
consecutiveconvergentssatisfiesthe inequality
la- pileil < t/G/-sqil.

Conclude that there are infinitely many rational numbers plq, where p and q
are integers with q # O, such that
l''- plql<rlG6q\.
then there are only a finite number of rational
q
integers,q # 0, such that
p
are
and
plq
where
numbers
,
9 . Show that if a - (l +lf9/2,
lo-plql<t/(,/-sq2).
(Hint: Consider the convergents of the simple continued fraction expansion
or..6.)
10. If a and B are two real numbers, we say that p is equivalent to a if there are
integersa,b,c, andd ,such that ad - bc : il and 0 :
#
a)
Show that a real number a is equivalent to itself.
b)
Show that if a and p are real numbers with p equivalent to a , then a is

Hence, we can say that two numbers a and B are
equivalent to B
equivalent.
3 74
II'
c)
Show that if a,S, and l, are real numbers such

that a and B are equivalent
and B and l, are equivalent, then a and l, are equivalent.
d)
Show that any two rational numbers are equivalent.
e)
Show that two irrational numbers a and p are equivalent

if and only if the
tails
of
their
simple
continued
fractions
agree,
i.e.
:
a
I a g ; a 1 , a 2 , . . . , a i , c 1 , c 2 , c 3a, n
. .d. 1 g : [ b o : b 1 , b 2 , . . . , b 1 r , c 1 , c 2 , c a , . . . 1 .
where
ai,t:0,1,2,...j, b1,i:0,1,2,...,k and c;, j : 1,2,3,...are intejers,
all positive
except perhaps as and bs .
Let a be an irrational number, and let the simple continued

fraction expansion of
a be a : Ias;aba2,.-.1. Let p*/q* denote, as usual, the &th convergent
of this
continued fraction. We define the pseudoconvergnts of this continued fraction
to
be
P*t/q*., :
(tP*-r + pr-)/QQ*t
* Q*-z),
where k is a positive integer, k > 2, and t is an integer with 0 < r I
at, .
a)
Show that each pseudoconvergentis in lowest terms
b)
Show that the sequenceof rational numbers pt

pk,o,-,/Qk,a,_,,
p*/e*
,z/q*,2,...,
is increasing if k is even, and decreasingif ft is odd
c)
Show that if r and r are integers with s ) 0 such that
lo-rlsl
( l" -p*.,/q*.,|
w h e r e k i s a p o s i t i v ei n t e g e r a n d 0 < r
rfs : p*_t/q*_r.
d)
1ak, then slqt ,, or
Find the pseudoconvergents

of the simple continued fraction of zr for
k -2.

l.
2.
Find the simple continued fraction of a real number.

the best rational approximationsto an irrational number.
10.4 Periodic Continued Fractions

We call the infinite simple continued fraction [as;at,az,...lperiodic if there
are positive integers N and k such that an : ara1, for all positive integers n
with n > N. We use the notation
375
1O.4 PeriodicContinuedFractions
lag;at,o2,...,oN-r,m
to expressthe periodicinfinitesimplecontinuedfraction
I a o : a l , a 2 , . . . , QN - l , a N r QN + 1 ," ' , a N + k - 1 ' 4 1 y ' 4 1 y1 1 '" ' l '
For instance, tt;Z,lAl

I I ;2,3,4,3,4,3,4,...1.
denotes the infinite simple continued fraction
In Section 10.1, we showed that the base b expansion of a number is

periodic if and only if the number is rational. To characterizethose irrational
numbers with periodic infinite simple continued fractions, we need the
following definition.
Definition. The real number a is said to be a quadratic irrational if a is
irrational and if a is a root of a quadratic polynomial with integer coefficients,
i .e .
Aa2+Ba*C:0,
where A,B, and C are integers.
Example. Let a :2 * ,/7. Then a is irrational, for if a were rational, then
.,,6 w o u l d b e ra ti o n a l ,contradi cti ngTheorem 10.2.
by Th eor em 10. 1,a -2 Next, note that
a2 - 4a t | : (7+4,fi
- 4Q+,/t
* I : o.
Hence a is a quadratic irrational.

We will show that the infinite simple continued fraction of an irrational
number is periodic if and only if this number is a quadratic irrational. Before
we do this, we first developsome useful results about quadratic irrationals.
Lemma 10.f . The real number a is a quadratic irrational if and only if there
are integers a,b, and c with , > 0 and c 10, such t"hatb is not a perfect
square and
: : (a+Jt) lc.
Proof. If a is a quadratic irrational, then a is irrational, and there are
From the quadrati c
i n teger s A , B , and C s u c h th a t A a z + Ba t C :0.
formula. we know that
376
DecimafFractionsand ContinuedFractions
-B*GQAC
(I:-
2A
Since a is a real number, we have 82 - 4AC )
0, and since a is irrational,
82 - 4AC is
a perfect square and A r^0.
By either
-r^:
-not
taking
e: -B,b:
82 - 4AC, c :24
o, o: b, b : g2 _ 4;t,
_ZU, wO
have our desired representationof a.
Conversely,if
'r"
wherea,b, andc areinte*.r-,;;
,ti"i:O,
and6 nota perrect

square,
then by Theorems 10.1 and 10.2, we can easily see that a is irrational.
Further, we note that
co2-2aca+(a2-b2):0.
so that c is a quadratic irrational. tr
The following lemma will be used when we show that periodic simple
continued fractions representquadratic irrationals.
Lemma 10.2. If a is a quadratic irrational and if r,s ,t, and u are integers,
then (ra*s)/(to*u)
is either rational or a quadratic irrational.
Proof. From Lemma 10.1, there are integersa,b, and,c with b > 0. c # 0.
and b not a perfect square such that
a:
(a+Jb)/c.
fur*cl)+rJb
(at rcu) +t Jt
I Gr + cil + r JF lI ht + cil -t.'.6 |
IGt *cu) +t .,/blt(at +cu)-t ./n I
lGr *cs\ (at*cu) -rtblt[r (attcD -t Gr *cl)l../T
(at *cu)2-t2b
377
1 O.4 P er iodic Cont i n u e d F ra c ti o n s
i s a q u a drati ci rrati onal ' unl essthe

H ence ,f r om Lem m a l 0 .l (ra * s )/Qa + d
rational' tr
G is zero, which would imply that this number is
;;;d;i";,
"t
fractions of quadratic
In our subsequentdiscussionsof simple continued
irrational'
quadratic
irrationals we *iil use the notion of the conjugateof a
-- (a+JD lc be a quadratic irrational' Then the coniugate
Definition. Let a
: (a -J b )l c '
of a, denot edby o' , i s d e fi n e db y a '
the polynomial
Lemma 10.3. If the quadratic irrational d. is a root of
the conjugate
a',
is
Axz + Bx * C : 0, then the other root of this polynomial
of a.
Proof. From the quadratic formula, we see that
Axz+Bx*C:0are
the two
roots of
_B*[EW
ZA
of
If a is one of these roots, then a' is the other root, because the sign
is reversedto obtain a' from a. tr
tr4AC
The following lemma tells us how to find the conjugates of arithmetic
expressionsinvolvingquadratic irrationals'
Lemm a 10. 4. I f a' : (a ftb ffd )/c 1
irrationals,then
(i)
(a1+a2)' -- al t
(ii)
(a;c.2)'
a n d ,,2 : (a2* bzJd)f cz are quadrati c
a'2
: o| - d'2
: d'td2
(iii)
(ap)'
(iv)
(c"rlc.)':
a't/o.z.
parts are easier.

The proof of (iv) will be given here; the proofs of the other
reader'
the
problems
for
as
section
this
These appear at the end of
Proof
of
(iv).
Note that
378
D e c i m a l F ra cti ons and C onti nued Fracti ons
G ftbr.'./Z)
/r,
".'
v l l q )
Gr+bz,/cl)/cz
_ cr(a ,+b r/7) G 2-.bz,/T)
lb2)''/7
:
,,
While
,
- t--,
" "
.^lrsl---7
G;brE)/cz
(or-brrE) /cz
cz(arbtQ)Gr+br,/V)
c {a 2- b 2,/7 ) (a z+ b 2,/7 )
k z a p z -c z b ftz d ) - (czazbrczaft)fi
Hence (at/a)' : or'r/a'2. D

The fundamental result about periodic simple continued fractions
is
Lagrange's Theorem. (Note that this theorem is different than Lagrange,s
theorem on polynomial congruncesdiscussedin Chapter 8. In this chapter we
do not refer to that result.)
Lagrange'sTheorem. The infinite simple continued fraction of an irrational
number is periodic if and only if this number is a quadratic irrational.
We first prove that a periodic continued fraction represents a quadratic
irrational. The converse,that the simple continued fraition of a quadratic
irrational is periodic, will be proved after a special algorithm for obtaining
the
continued fraction of a quadratic irrational is developed.
Proof. Let the simple continued fraction of a be periodic, so that
a : la g;at,,e2,..,,a
N -r,ffi|
Now let
0 : la1s;aN+r,...,41r+ft
l
Then
379
1O.4 P er iodic G on ti n u e d F ra c ti o n s
g : lal;aN*I,...,4N
**,01,
and from Theorem 10.9,it follows that
(10.13)
^
t) -
1 P * tP* -t
oq*tq*-r'
Since the
where p*lq* and p1r-r/Q1r-1ata convergentsof Ia11;av"1'"''oru+kl'
(tO't3)
we
from
and
simple continued f.u.tlon of p is infinite, B is irrational,
have
qr,02t Qr,-r-P)0 - P*-r : a'

so that p is a quadratic irrational. Now note that
a : l a g ;a1 ,Q2 ,...,Q
N -r, 01,
so that from Theorem 10'9 we have
'a;;:fr; '
0pr,r-ftPN-z
Since B
where pN-t/qN-1 and pr,t-zlqN-2uteconvergentsof [ao;a t.a2'"''o7'1-11'
quadratic
a
is
also
a
that
us
tells
10.2
Lemma
is a q*Oruii. irrational,
irrational (we know that at is irrational because it has an infinite simple
continuedfraction exPansion). D
To develop an algorithm for finding the simple continued fraction of a
quadratic irrational, we need the following lemma'
Lemma 10.5. If a is a quadratic irrational, then d. can be written as
: @+,/V)/Q,
w h e r eP , Q , a n d d a r e i n t e g e f s , Q* O , d
QIQ-P2) .
> O , d i s n o t a p e r f e c ts q u a r ea, n d
Proof. Since a is a quadratic irrational, Lemma 10.1 tells us that
, : (a+Jb)lc,
where a,b, and c are integers, b > 0 , and c # 0 . We multiply both the
numerator and denominator of this expressionfor q by Itl to obtain
380
DecimalFractionsand Continued
Fractions
a.-
(wherewe haveusedthe fact

that lrl: -,tr\. Now let p : alcl,
clcl,
e:
a n dd : b c 2 .
T h e np , e , a n dd a r e i n t e g e r s , l 0
s i n c e, 7 0 , d
e
>O
(since6 > 0), d is not iperfect
sinceb is not a perfectsquare,and
f i n a l l ye l @ - p \ s i n c ed - p 2 : 6 r z 'lQuare
oirz :;rbjoif:;T'(ilorl.
n
We now presentan algorithmfor findingthe sample
continuedfractionsof
quadraticirrationals.
Theorem 10.19. Let a be a quadratic irrational, so
that by Lemma 10.5there
are integers Ps,Qs, and d such that
@o+,/7)/Qo ,
whereQ0*0,d > 0, d is not a perfectsquare,
and eel @-p&).
define
Recursively
dk:(ro+,/7)/Qr,
C tk: [a 1 ],
Pk+r:atQt-Pk,
Q**r : (d-roL*t)/Q*,
for k : 0,1,2,... Thena : fag;at,a2,...1.
Proof. using mathematical induction, we will show that pk
and e* are
i n t e g e r sw i t h Q 1 ,* 0 a n d e * l @ - r p ,
for k:0,r,2,....
F i r s t ,n o t e t h a t t h i s
assertion is true for k : 0 from the hypothesesof the theorem. Now
assume
that P1 and Qp are integerswith
e* * 0 and e*l@_p?i. Then
Pk+r:
a*Qt - Pp
is also an integer. Further,
Q*+r: @-rf *r11qo

: [d-(o*Q,,-pr)2]/e*
: @-rfi/Qo + (2a1,P1,-a?er).
Since Qrl@-pil,
by the induction hyporhesis,we see that
Qpal is an integer,
and since d is not a perfect square, we see that d I Pi, so
that
t o . Since
Q*+t : @-rf*;/Qo
Q* : U-rf*1/Qo*t
381
1O.4 PeriodicContinuedFractions
we can concludethat Q1,ql@-pt*t)
. This finishesthe inductive argument.
To demonstratethat the integerses,a1,a2,...are the partial quotientsof the

simple continuedfraction of a', we use Theorem 10.15. If we can show that
o ( k + t:
llbr-ap),
t he n w e k n o w th a t a : fa s ;a 1 ,a 2,...1.N ote that
fork:
ap-ak:
Pk + ,/7
-ap
Af
: l^/7 - G*Qr,- P)llQ*

: G/7 - pt +) lQ*
: G/V- P**')(JV+ P*+)/er,G/T+ P**r)

: @-rl*)/Q*QI + Pr*r)
: Q*Qr,n/Qr,G/7+ Pt*,)
: Q**r/('/i + Pr,*)
: lla*+r ,
where we have used the definingrelation for Qp* to replaced-Ppzar with
that a : las;a1,e2,...f
. D
QtQ**r. Hence,we canconclude
We illustratethe use of the algorithmgiven in Theorem10.19with the
followingexample.
Example. Let a : Q+J1)/2 . Using Lemma 10.5,we write
: G+.,/N)/4
wher e we s et P o : 6 , Q.o : 4 , a n d d : 2 8 . H e n c eoo:
2'4-6:2,
(28-22)/4:6,
a1
Qr
:
:
P2
l'6-2:4,
ot2
Og-+2)/o:2,
A2
Pr
Qz :
O1
[a] : 2, and
Q + ..E)/e,
: r,
IQ+,/z$/61
G+,,/Tg/2,
382
P3 Qt :
4'2-!:4,
Qg-+2)/2:6
d3 :
o3 :
e+.,m)/6,
tG+6>Jil:r,
P4
Qq
:
-
l'6-4:2,
(28-22)/6:4,
d4
a4
:
:
e+rFZ$/q,
t7+.'-z$/il:
Ps
Qs
l'4-2:2,
Q8-22)/4:6,
a5
a5
:
:
e+r/-Z$/6,
t ( z + , , / N ) / 6 :1 l ,
andso,with repetition,
sincepr:
t,
p5 and
er: es. Hence,we seethat

:
G + . n ) / 2 I 2 ; 1 , 4 , 1 , 1 , r , 41,,r. ,.I .
: I2;1,4,1,11.
We now finish the proof of Lagrange'sTheoremby showingthat

the simple
continuedfractionexpansion
of a quadraticirrationalis periodic.
Proof (continued). Let a be a quadraticirrational,so that by Lemma
10.5
we can write a as
o : (po + .,8) /eo .
Furthermore,
by Theorem10.19we haveo:
dk
ap
Pwr
Q*r
:
:
:
:
lao;ar,ez,...l
where
(r1, + ,,/7)/Q* ,
[apl,
atQ*-Pk*t,
Q -rf *1 /Qo*r,
fork:
Since a
: Ias;a'
"")'lrl,o;
]:ffi _ll;l
Ijl "_
that
* q*-).
Taking conjugates of both sides of this equation, and using Lemma 10.4,
see that
(ro.r+)
o' : (pr,-p'* * p*-) /(qt,-p'n * q * - ) .
When we solve (tO.t4) for ol1,, ws find that
383
1O.4 Periodic Continued Fractions
dk:
( - P*-zI
-ex-,l" tr- |
qk^ t ,
p*t t
,*t l
to a as k tends to
Note that the convergents p*-z/Q1r-2 and p*-rlqrr-t tend
infinity, so that
| , - P*-z
la.
Q*-z
I
t fr' -
P*-t
Q*-t
Since
tends to 1. Hence, there is an integer N such that a ' * 1 0 f o r k > N .
o ' t > - 0 for k > l, we have
Pp
otk-Otk :
+ Jd
Q*
Po-Jd
Q*
Zfi r0.
Qr
sothatQ*> 0fork>N.
SinceQ*Qrr*,- d - P?*r, we seethat for k 2 ly',
0t ( Q*Q**r-- d P?*t < d .
Alsofork>N,wehave
Pl*, (d:
Pl*t-Q*Qx*r,
sothat
- ,/7 I P*+r < -,/7.
- -,[d < P*+r <-r/7, that hold for
From the inequalities 0 ( 0r ( d and
k > N , we see that there are only a finite number of possiblevalues for the
pair of integers Px,Qx for k > N . Since there are infinitely many integers k
with k > N,therearetwointegersi andT suchthatPi:Pi andQi:Qi
:
with i < j . Hence, from the defining relation for cu;., we see that o(i di
Hence
conseque
"t'*:;:;,";:"',i: ,-,,i:"',oi,*,'lo,ol,.;:,,':,.:,:
i:i-,,,
:
I a g ; al , o 2 , . . . , a i - 1 , Q i i,+o 1 , . . . ,ia- t l .
This shows that a has a periodic simple continued fraction.
384
Next, we investigate those periodic simple

continued fractions that are
purely periodic, i.e. those without a pre_period.
Definition. The continued fraction
[as;at,ez,...f is called purely periodic if
t h e r ei s a n i n t e g e rn s u c h t h a t a 1 r : e n t k ,
f o r k : 0 , 1 , 2 , . . . , s ot h a t
lag;at,az,...l:Iffi.
Example' The continued fraction tl;jl:
[2;2,41: JA is not.
(t+.1:) /2 is purely periodic while
The next definition and theorem describe those quadratic

irrationals with
purely periodic simple continued fractions.
Definition. A quadratic irrational at if called reduced
if
-l ( a' ( 0, w h e rea ' i s
th e c o n j u g a teo f a .
a )
and
Theorem 10.20. The simple continuedfraction of the quadratic irrational

a is
purely periodic iI-and only if a is reduced. Further, if
a is reduced and
a: l,as;at,e2,...,enl
then the continuedfraction of - l/oi i, to;o,,_ffi
Proof. First, assume that a is a reduced quadratic irrational.
Recall from
Theorem 10.15 that the partial fractions of the simple continuedfraction
of a
are given by
ek :
fork:
where ato: d
lapl, otk+t :
l/@tr-o*),
We see that
l/qt+t:ek-ak,
and taking conjugates,using Lemma 10.4, we see that
(ro.
rs)
l/a'*+t:
c , ' k- a 1 r .
we can prove, by mathematical induction, that - I ( a1 (

0 for
k:0,1,2,....
F i r s t , n o t e t h a t s i n c e c . 0 : a i s r e d u c e d ,- l l a o < 0 . N o w
a ss um et hat - r 1 a ' 1 ,< 0 . T h e n , s i n c ea * 2 1 for k :0,1,2,-... (note that
a o 2 I s i n c ea > 1 ) , w e s e ef r o m ( t O . t 5 ) t h a t
l / o t t+ r < - 1 ,
so that -l
1 a'k+t < 0 . Hence, -l
< a) 10
for /c :
38s
1O.4 P er iodic Conti n u e d F ra c ti o n s
Next. note that from ( t o . t 5 ) w e h a v e

d'k:a**lla'*+t
and since -l
1 a'* < 0 , it follows that

-l 1a**lfa'1ra1
<0.
Consequently,
-l
l / a ' * + t 1 ax 1 -lf
a'rr+r,,
so that
ek:
[ - 1 / o r * r ].
Since a is a quadratic irrational, the proof of Lagrange's Theorem shows that

there u.. nonn.gative integers i and i' i,< 7, such that ai 7-oi, and hence
i l a n O oji--l t : I - t / a , | j t ,, w e s e e t h a t
Since ai-t:l-t/ai
with - 1 / u ' ; : - l / a j .
oi-l
ej-'..
Furthermore, since oti-t:
ai-t I
llai
and , dj-:
oj-t + llai
we a l s o s e e t h a t a i - 1 : o
di-z
: o(j-z)ai-3:
i - r C o n t i n u i n g t h i s a r g u m e n t ' w s e e t h a t
aj-30..', and finally, that ag : aj-i ' Since
d0 :
a :
Iag;a1,...,oi-i-t,ai-il
la o;a 1,...,ei -i -1,041
:loo.gr,Gl,
we see that the simple continued fraction of a is purely periodic.
To prove the converse,assumethat a is a quadratic irrational with a purely
periodiccontinuedfractiono:|ffio|.Sincea:|ag;a1,Q2,,...,a2,ot|,
Theorem 10.9 tells that
( 10 . 16 )
aP* * P*-t
a:ffi,
and kth convergentsof the

where pr,_tlq*_r and p1rlq1, 3;fe the (k-l)th
(tO.t6),
we seethat
From
.
of
a
expansion
fraction
continued
(1 0. 17)
Pt-r : 0.
e r,a 2* (q * -rP )o
Now, let p be the quadratic irrational such t h a t g : l a t i a t c - l , . . . , a t , a o ,l i . e .
with the period of the simple continued fraction for a reversed. Then
that
0 : lo*iek - r , . . . , at,a o ,Al ,s o th a t b y T h e o re m 10.9, it follows
386
(ro.rs)
opi + pi-,
P--._-
Fqr * q*-r
where pi-t/qL
and pr,/q* are the (ft-l)th
and kth convergents of the
continued fraction expansionof . Note, however,
B
from probremi of section
1 0. 2.t hat
Pt /p1r-1: lanian-1,...,et,eol: pi/qi
a nd
Qt/q2-1 : farion-r,...,a2,e
l! : pL
/qi_t.
Since pi-t /qi-,

pi/qi are convergents,we know that they are in lowest
?d
terms' Also, P*/pp-, and qp/q1-1 ilre in lowest terms, since
Theorem 10.10
tells us that ppqp-r - p*-rQk : (-t)e-t . Hence,
pi - p*, Qt : pk-r
and
Pk -t - 4 t< ,Qt< -t: ek-t.
Inserting thesevaluesinto (l0.lg). we see that
p,:
0p* * qr
1p*-r * qrt
Therefore, we know that

Pr$2*(q*t-pr)|-Q*:o
This impliesthat
(ro.rq)
er,Gt/ilz * (q*-r- pt) Gtlp) - pk_t:
From(to.tz)and (1 0 .1 9 ),w e s e eth a t th e tw o r ootsof the quadratic equation

4 * x 2 * (q * -r - p )x
- p* -t : 0
are a and -1/0, so that by the quadratic equation, we have a : -t/8. Since
0 : l a n i a n - t , . . . , a t , a o lw, e s e e t h a t p > I , s o t h a t - l < s 7 ' : - l / p < 0 .
Hence, a is a reduced quadratic irrational.
Furthermore, note that since fi :
-l/ot,. it follows that
387
10.4 PeriodicContinuedFractions
tr
-l/o':ffiol'
fraction of '/D ,
We now find the form of the periodic simple continued
Although \6 is not
where D is a positive integer that is not a perfect square'
-l
-,/D
and 0, the quadratic
is not between
reduced, since its conjug-ate
.6-ii
r.*,o*r"i6-t;
l,/Dl - '[5 ' doeslie

r.duced,sinceits conjugate,
that the
between-1 and 0. Therefore,from Theorem 10.20, we know
initialpartial
the
continuedfractionor [.lill +.,/D is purely periodic. Since
is
quotient of the simple continued fraction of tJD | + "/D
w h e r ea o : I . . / D l ' w e c a nw r i t e
if faf + ,/Dl:21,/Dl:2a0,
I,/DI+-,/D:tml-
: I 2 ao ; at , Q2 , . . . ,na, 2 Qg , al , . . . , Q
rl'
Subtracting ao : ,/6
from both sidesof this equality, we find that

./ D : l a g ;a3 a 2 ,...,2 a g 1
0,...1
,a2 ,...2a
,,a
:log;orro'zmol.
To obtain even more information about the partial quotients of the
continued fraction of ,/D, we note that from Theorem 10.20, the simple
be obtained from that
continued fraction expansionof -l /$'IDl
"/D) can
period,
that
so
..lD
the
reversing
by
for t.,6l +
,
r/G/D-t.D1):tffi.
But also note that
-t-6-l:lo;orprGol,
so that by taking reciprocals,we find that
| / G/D - t.D-l) - tor;orGrl
for the simple continued

Therefore,when we equatethese two expressions
we
obtain
t.D]) ,
fractionof llG/D
Al:
QnrQ2:
Cln-ys...;On: Ol,
so that the periodic part of the continued fraction for ..lD is symmetricfrom
the first to the penultimate term.
In conclusion, we see that the simple continued fraction of 16
..ld:loo;ffi.
has the form
388
We illustrate this with some examples.

Example. Note that
8-
[ 4 ; l, 3 , 1, 8 ]
.16l
ts,ffii.rol
,,/Te :
,Fqe -
1 6 ;,l 2 , 1, 1 , 2 , 6 , 2, l, ,12 , 1, l 2 l
[ 8 ; 1 , 2l ,,I , 5 , 4 , 1
5 , 1 , 2 ,I16 ,l
-,/ri:
tq;ml,
and
where each continued fraction has a pre-period

of rength l and a period
ending with twice the first partial quotient which is symmetric
from the first to
the next to the last term.
The simple continued fraction expansionsof ,E fo, positive integers
d such
that d is not a perfect square and d < 100 can be found in Table
5 of the
Appendix.
10.4 Problems
l.
Find the simplecontinuedfractionsof

a)
b)
c)
Jt
Jr r
Jzt
d)
,/41
e)
r)
6
,/-gq.
2 . Find the simple continued fractions of
il
o+,fi /z
b) Qq+,81)lt
c) (tt-.E)t.
3 . Find the quadratic irrational with simple continued fraction expansion
il [z;t,5]
b) tz;rSI
c) t2JJI.
4.
il
Letd
,,/N
beapositive
isla:Tdl.
Show that the simple continued fraction of
389
1 O.4 P er iodic Cont i n u e d F ra c ti o n s
fractionsoi tffit't'fZgg' and

b) Uggrrt (a) to find the simplecontinued
J22r0.
5.
Let d be a integer,d 2 2'

a)
Show that the simple continued fraction of ,/F
b)
show that the simple continued fraction of JFd
c)
Ugparts
is [d-l ;@l'
is [d- t;zla-zl.
(a) and (b) to find the simple continued fractions of rfg9' tffg'
,lnz. and..G60'
6.
a)
of
Shory lhat if d ,l un int"g.t, d > 3 , then the simple continued fraction
,tm
7.
i s[ d - 1 ' l H , l 2 d - 2 1 .
b)
of
Show that if d is a positive integer, then the simple continued fraction
c)
Find the simple continued fraction expansionsof ,/6,.6f
'/fu.
rsld;c$71.
-l,ft-gt
, anO
Let d be an odd positive integer'

a)
that
Show
the
simple
continued
fraction
of
JF+
continued
fraction
of
J d2-q
is
ld;ffil,ird>l'
b)
that
Show
thr __qgple
la-lM,zd-zi,\f
d>3.
, where d is a positive integer,

:
a is a nonnegativeinteger.
*here
a2+l
has period length one if and only if d
8 . Show that the simple continued fraction of Ji
, where d is a positive integer,

:
where a and b are integers,
+
b
a2
if
d
only
if
and
has period length two
b > l , a n db l \ a .
9 . Show that the simple continued fraction of Jd
6,1: (ar+brJrl)lct
10. prove that if
and a2-- (a2*urJd)/c,
^re quadratic
irrationals, then
a)
(a1*42)'
c , ' t*
o''2
b)
(a1-a2)'
d'r -
d2
c)
(c''c.z)'
ot't'or2.
1 1 . Which of the following quadratic irrationals have purely periodic continued

fractions
a)
b)
l+.6
2 + ,/-B
c) 4+',m
c)
d)
e)
(tt - ,/-toltg
e + ,f?l)/z
(tz + -'.ft-g)l:t
12. Supposethat a : G+JF)/c, where 4,b, and c are integers,b ) 0, and b is

noi u perfecl square. Show that is a reduced quatratic irrational if and only if
<JU andJb-a 1c 1'Jb *a 12Jb
ola
390
13. Show that if

ir-u reduced quadratic jrrational, then _ l/a,
is also a reduced
1
quadratic irrational.
14'
Let k be a positive integer. Show that there

are infinitely mgy positive integers
D, such that the simple continued fraction
expansion of ,/6 h., , period of
length k. (Hint: Let at:2,
e2:5, and for k > 3 let a1,:2ak_t I a*_z
Show that if p : (tar + l)2 * 2a1,-1* r, where
/ is a nonnegativeinteger,
then rD has a period of length k + l.)
15' Let k be a
iF:r.
Let Dk - (3k+t)2 + 3
lgsitiu:
continued fraction
of JOp has a period of length 6ft.
Show that the simple

1'
Find the quadratic irrational that is the value of a periodic

simple continued
fraction.
2'
Find the periodic simple continued fraction expansionof a quadratic

irrational.
11
some NonlinearDiophantine
Equations
11.1 PythagoreanTriPles
The Pythagoreantheorem tells us that the sum of the squaresof the lengths
of the legs of a right triangle equals the square of the length of the
hypothenrur.. Conversely, any triangle for which the sum of the squares of
the lengths of the two shortest sides equals the square of the third side is a
right triangle. Consequently,to find all right triangles with integral side
lengths, we need to find all triples of positive integ ers x ,y ,z satisfying the
diophantine equation
(rr.t)
positive
Triples of
Pythagorean triPles.
x2+!2:22
integers
satisfying
this
equation
are
called
Example. The triples 3,4,5; 6,8,10; and 5,12,,13are Pythagorean triples

beca us e32 + 42 : 5 ' .6 2 + 8 2 : 1 0 2 ,a n d 5 2 + 1 22: 132.
Unlike most nonlinear diophantine equations, it is possible to explicitly
Before developing the result
describe all the integral solutions of (ll.l).
definition.
we
a
need
triples,
Pythagorean
all
describing
: l.
Definition. A Pythagoreantriple x,!,2 is calledprimitive if (x,y,z)
Example. The Pythagoreantriptes 3,4,5 and 5,I2,I3 are primitive' whereas
391
392
S o m e N onl i near D i ophanti ne E quati ons
the Pythagoreantriple 6,g,10 is not.

Let x,!,2 be a pythagorean triple with (x,y,z) :
d . Then,
there are
" i -r' r,,r1,21):
int eger s x r , t,z r w i th x : d x i ,y :
d yt,, J i r,
l.
Furthermore, because
""A
x2+y2:22,
we have
G/d)2+(y/il2:(z/d)2,
s o t hat
x?+y?:r?.
Hence, xt,!t,21 is a primitive pythagoreantriple, and the original
triple x,!,2
is simply an integral multiple of this primitive pytgagoreantriple.
Also, note that any integral multiple of a primitive (or for that matter
any)
Pythagoreantriple is again a pythagorean triple. If x1
])t,zt is a primitive
Pythagoreantriple, then we have
x?+ y?: r?,,

and hence.
@x)2+(dyr)r:(dz)2,
so that dx 1,dy1,dz1 is a Pythagoreantriple.
Consequently, all Pythagorean triples can be found by forming integral
multiples of primitive Pythagorean triples. To find all primitive pythago*un
triples, we need some lemmata. The first lemma tells us that any two integers
of a primitive Pythagoreantriple are relatively prime.
Lemma 11.1. If
x,!,z
is
G,y) : (x ,z) : (y,z) : l.
primitive
Pythagorean
triple,
then
Proof. suppose x ,! ,z is a primitive pythagorean triple and (x

,y) > l. Then,
ther e is a pr im e p s u c h th a ,tp ^ l (x y ), s o th at p I x andp y. S i ncep x
I
I
a n d p l . - y ,* . k n o w t h a t p | ( r ' + y ' ) : 2 2 . B e c a u s p
e l;r,'*..un
conclude
that p I z (using problem 32 of Section 3.2). This is a contradiction since
(x ,y ,z) : l. Therefore, (x g) : l. In a similar manner
we can easilv show
that ( x , z ) : ( y ,z ) : l . D
393
1 1.1 P y t hagor ean T ri Pl e s
integers of a primitive
Next, we establish a lemma about the parity of the
PythagoreantriPle.
then x is even and y
Lemma 11.2. If x,y,z is a primitive Pythagoreantriple,
is odd or x is odd and Y is even'
1l '1, we know
Proof. Let x ,!,z be a Primitive Pythagoreantriple. By Lemma
x and y cannot
that (x ,y\ : 1, so that x and y cannot both be even. Also
(from
2
problem of Section 2'1)
both be odd. If x and Y were both odd, then
we would have
)
x - = v z = I (mo d 4 ),
so that
22:x2*y2
= 2(mod4).
x is even
This is impossible (again from problem 2 of Section2.1). Therefore,
and y is odd, or vice versa. E
The final lemma that we need is a consequenceof the fundamental theorem
of arithmetic. It tells us that two relatively prime integers that multiply
together to give a square must both be squares'
(r,s) : I and
Lemma 11.3. If r,s, and t are positive integers such that
: m2 and s : n2.
; : t2, then there are integersz and n such that r
Proof. If r :1
,upptr. that r )
lbe
or s : l, then the lemma is obviously true, so we may

I and s ) 1. Let the prime-power factorizationsof r,,s, and
,:p1,pi2... p:",
p:"
s : p:,i\ p:,it
and
t : ql' ql'
quo'.
Since (r,s ) : l, the primes occurring in the factorizations of r and s are

distinct. Since rs : t2, we have
pi'pi'
pi"pi,+ipi,n pl,': q?"q'ru'
qiur'
From the fundamental theorem of arithmetic, the prime-powers occurring on
394
S o m e N onl i near D i ophanti ne E quati ons
the two sides of the above equation are the

same. Hence, eachpi must be
equal to Qi for some j
with matching exponents, so that a; :
2bi.
consequently,every exponenta; is even,and therefore
ai/2 is an integer. we
seethat r - m2 and , : 12, where m and n arethe
integers
a./2 a-/z
m : pt' P2'
a/2
Pu"
a nd
n : pi,r('pi,C'
a/2
Pr"
We can now prove the desired result that describes all

Pythagoreantriples.
primitive
Theorem ll.l. The positive integers x,l,z form a primitive pythagorean

triple, with y even,if and only if there are relatively prime positiveintegers
172
and n, |/t ) n, with m odd and n even or m even and,n odd, such that
x : m2-n2
'r7-'#ir'
Prot{. Let x ,y ,z be a primitive Pythagoreantriple. Lemma I 1.2 tells us that
x is odd and y is even, or vice versa. Since we have assumed that y is even,
x and z are both odd. Hence, z*x and z-x are both even,so that there are
p os it iv eint eger sr a n d s w i th r : (z + i /2 a n d s : (z-i l /2.
S i n c ex 2 + y 2 : 2 2 , w e h a v ey 2 :
Ir)'
z2-x2:
(z*x)G-x).
Hence.
lz+x] f ,-"1
lr): I , .lt ' J:"

w e n o t et h a t ( r , s ) : 1 .
T o s e et h i s , l e t ( r , s ) : d . S i n c ed l , a n d d l s ,
dlG+s)z and,dl(r-s):x.
T h i s m e a n st h a t d l ( * , r ) : 1 ,
sothat
d :1.
Using Lemma I 1.3, we see that there are integers la and n such that
r : m 2 and,s : n 2 . W ri ti n g x ,y ,a n d z i n te r msof m andn w e have
x:r-.s:m2-n2.
y:rM:rffi:2mn.
395
1 1 . 1 PY t hagor ean Tri P l e s
z:r*s:m2+n2.
and n must also
- xalso that (m ,n) : 1, since any common divisor of m
we see
(x,y,z) : l '
that
:
know
w
e
* ' + r' , a n d
Oi "i O" : m 2- n2' ,y :2 m n , a n d z
then x y '
were'
if
they
We also note that rn and n cannot both be odd, for
:
(x,y
l ' Since
,z)
and z would all be even, contradicting the condition
n is odd,
and
is
even
(m,n) : I and m and n cannot both be odd, we seem
has the
triple
or vice versa. This shows that every primitive Pythagorean
appropriate form.
To seethat everYtriPle
x : m2-n2
y:2mn
:2m2*n2,
: 1,
are positive integers, m ) n, (m,n)
where m and n
that
note
first
m * n (mod 2), forms a primitive Pythagoreantriple,
x 2 + y 2 : ( m 2 - n 2 ) 2+ ( 2 m n ) 2
: (ma -2 m2 n 2 + n 4 )* 4m2n2
: ^ 4 * 2 m 2 n 2t n a
: (m2+n2)2
: 22.
and
To see that these values of x,y, and z are mutually relatively .prime, assume
t h a t ( x , y , z ) : d ) ! . T h e n , t h e r e i s a p r i m e p - s u c h t h a t p l ^ ( x , y , z ) ^ .W e
note that p * 2, since x is odd (becausex: m2-n2 where mz and n2 have
ofpor it " par it y ) . A l s o , n o te th a t b e c a u s ep I,x and p l t, p I G+ i :2m2
H e n c e p I m a n d p I n , c o n t r a d i c t i n gt h e f a c t t h a t
a n ' dp l i t - ; : 2 n 2 .
(* ,i ) : 1.
T her efo re , (r,y ,z ) : l , a n d x o y ,z i s a pri mi ti ve P ythagorean
triple. This concludesthe proof. D
The following example illustrates the use of Theorem I I .l to produce
PythagoreantriPles.
so that (m,n):
and n:2,
Example. Let m:5
us that
I
.1
tells
1
m ) n. Hence, Theorem
x:m2-n2:52-22:21
Y:2mn:2'5'2:20
z:m2+n2:52+22:29
is a primitive Pythagoreantriple.
I , f f i * n ( m o d2 ) , a n d
396
S o m e N o nl i near D i ophanti ne E quati ons
We list the primitive pythagorean triples generated

using Theorem I l.l with
rn : < 6 in T abl e I l .l .
2
3
4
4
5
5
6
6
I
2
I
3
2
4
I
5
x :
m2-n2
y:2mn
3
5
15
7
2l
9
35
1l
t : m2+n2
4
t2
8
24
20
40
5
l3
l7
25
29
4l
37
6t
r2
60
Table 11.1. Some Primitive pythagoreanTriples.
I l.l
l.
Problems
Find all
il
primitive Pythagoreantriples x,l,z
b)
Pythagoreantriples x,!,2 with z < 40.
2 . Show that if x,!,2

divisibleby 3.
with z
< 40.
is a primitive pythagorean triple, then either x or y is
3 . Show that if x ,!,z is a Pythagorean triple, then exactly one of x,y and,z is
,
divisibleby 5.
4 . Show that if x,l,z is a Pythagorean triple, then at least one of x,y, and z is
divisible by 4.
5 . Show that every positive integer greater than three is part of at least one
Pythagoreantriple.
6 . L e t x l - 3 ,l t :
recursivelv bv
4,zt:
5, and let
for n :2,3,4, ..., be defined
397
11.2 Fermat'sLast Theorem
xntl- 3xn*Zzn*l
!n+r-3xn*2zo*2
zn+t-4xn*3zn*2'
Show that xnln,zn is a Pythagoreantriple'
+ l, thenx,l,Z isoneof
7.
S h o w t h a t i f x , ! , 2 i s a P y t h a g o r e a tnr i p l e w i t h y : x
the Pythagorean triples given in problem 6'
g.
:
Find all solutions in positive integers of the diophantine equation x2 I 2y2 t2'
g.
Find all solutions in positive integers of the diophantine equation x2 * 3y2:
10. Find all solutions in

w2+xzry':t'.
I l.
positive integers of
the
t2-
Find all Pythagorean triples containing the integer 12.
12. Find formulae for the integers of all Pythagoreantriples x,l,z with z y*l
1 3 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y * 2'
1 4 . Show that the number of Pythagorean triples x,-y,z (with x2 + y2 : z2) with a
fixed integer x is (rk2)-l)/2if
x is odd, and (r!2l4-1)/2
if x is even.
1 5 . Find all solutions in positive integers of the diophantine equation *' * py' : 22,
wherep isaprime.
with xy,and
z lessthan a given bound.
l.
Find all Pythagoreantriples xJ,z
2.
Find all Pythagorean triples containing a given integer'
ll.2
Fermat's Last Theorem
In the previous section, we showed that the diophantine equation

x2 + y2 : z2 has infinitely many solutionsin nonzerointegersx, !, z . What
happens when we replace the exponent two in this equation with an integer
grrut.. than two? Next to the discussionof the equation xz + y2 : z2 in his
copy of the works of Diophantus, Fermat wrote in the margin:
"However, it is impossibleto write a cube as the sum of two cubes, a fourth
power as the sum of two fourth powers and in general any power the sum of
two similar powers. For this I have discovereda truly wonderful proof, but
the margin is too small to contain it."
398
So me N onl i near D i ophanti ne E quati ons
Since Fermat made this statement many people

have searchedfor a proof of
this assertion without success. Even trrouitr
no ,or...t proof has yet been
discovered,the foilowing conjecture is knowi
as Fermat,s rasttheorem.
Fermat's Last Theorem.
The diophantine equation

x'+ln:zn
has no solutionsin nonzerointegersx,

r, z when n is an integer with n D 3.
Currently' we know that Fermat's last theorem is true
for all positive integers
n wit h 3 ( n < 1 2 5 0 0 0 . In th i s s e c ti o n ,w e wi l l show
that the speci alcaseof
Fermat's last theorem with n: 4 is true. That is, we
will ,ho* that the
diophantineequation
xa+!4:24
has no solutionsin nonzerointegersx,
!, z. Note that if we could also show
that the diophantineequations
xP + YP:7P
has no solutionsin nonzero integersx,!,2 wheneverp is an odd prime,
then
we would know that Fermat's last theorem is true (seeproblem 2 at
the end of
this section).
The proof we will give of the special case of n - 4 uses
the
method of infnite descent devised by Fermat. This method is an offshoot
of
the well-ordering property, and shows that a diophantine equation has
no
solutions by showing that for every solution there is a "smaller', solution.
contradicting the well-ordering property.
Using the method of infinite descent we will show that the diophantine
equationxa + !4 : 22. has no solutionsin nonzerointegersx,
!, and z. This
is strongerthan showingthat Fermat's last theorem is true for n: 4, because
a n y s o l u t i o no f x a + y 4 : t a : ( 2 2 ) 2g i v e sa s o l u t i o no f x a * v a : 2 2 .
Theorem 11.2. The diophantine equation
**',ro,r:
t'
hasnosolutions
in nonzer"
,",.*1,
Proof. Assume that the above equation has a solution in nonzero integers
x,l,z. Since we may replaceany number of the variableswith their negatives
399
11.2 F er m at ' s Las t T h e o re m
we may assumethat x,Y,z are

without changing the validity of the equation'
positiveintegers'
: 1' To see this, let (x,Y) : d. Then
We may also supposethat (x,y)
(x v Yt) : 1 ' w h e re x 1 and y 1 itro Positiveintegers'
x : dx 1 and y = dY ,, w i th
since xa + Y4 : '2 ' vte have
(dx)4+(dYr)4:22,
so that
d a ( x f + Y f ): ' 2 '
2'2' we know t h a t d ' I t .
Hence do | ,', and, by problem 32 of Section
Thus'
integer'
positive
Therefore, z : d'r r, where z 1is a
da(xf + yf): (d2tr)': dor?,
so that
xf+yl:t?.
Thi s giv esa s olut io no f x a + y a :
with (xr,yr) : 1.
: l r' z : zr
' 2 i n p o s i ti v ei n tegersx : xt' !
z2'where
t h a t x : x , , l : 1 0 , z : z . ' i s a . s o l u t i o no f x a + y 4 :
So, suppose
:
that
there
(xe,-/o)
will
show
1 ' We
xo, lo, andzsare positiveintegerswith
: 1'
(xr'
yl
)
:
:
w
i
th
zt
x r,!
l t, z:
i s a not hers olut ioni n p o s i ti v ei n te g e rsx
su ch t hat 21 1 z s .
S i n c ex d + y t : z l , w e h a v e
G i l z + ( y & ) 2 :z E ,
we have
so that x&, y&, ,o is a Pythagoreantriple. Furthermore,
p I xs
y&'
then
p
and
I
l-fi, r&> - i, ro. if p is a prime suchthat p I x3
is a
zs
(xq,lrq):
*3,yE,
Hence,
l.
the fact that
contradicting
;;';'l'ro,
afe
there
that
know
we
11.1,
prim-itiveiythagoreantriple, and by Theorem(mod
(z
2)
and
rl
'
,n), m #
positiveintegersz andn with
x& : m2-n2
!& : Zmn
zo: m2+n2,
yfr the even
where we have interchangedx62 andyfr, if necessary'to make
integerof this Pair.
400
From the equationfor xfr, we seethat

x&+n2:m2.
Since (m,n) : l, it foilows that x,s,n,m
is a primitive pythagorean tripre.
Again using Theorem I I .1, we seethat
there are fositive integersr and s with
(r,s) : l, r # s (mod
2). and
ro : ,2-s2
n:2rs
m - r2+s2.
Si nc e m is odd a n d (m,n ) : l , w e k n o w
that (m,2d : l . W e note that
bec aus ey & : ( 2 d m, L e mma l l .3 te l l s u s
th at there are posi ti vei ntegersz1
andw with m:t?
a n d 2 n : w 2 . S i n c ew i s e v e n ,w : 2 v
w h e r ev i s a
positiveinteger,so that
v2: n/2:
rs.
si nc e ( r , s ) : I , L e m m a 1 1 .3 te l l s u s th a t th ere
are posi ti vei ntegersx1 erd
y1 s uc h t hat r : x l a n d s : y ? . N o te th a t
si nce (r,s) : l , i t easi ryfol ow s
th at ( x l, - y r ) : l. H e n c e .
x{+yf:
-2
zl
where x t,! t,z 1 ?re positive integers with (r

r,y1) : l.
zt I 26, because
Moreover, we have
zr(zf:m2<m2+n2-ro.
To complete the proof, assumethat xa * y4 : z2
has at least one integral
solution' By the well-orderingproperty, we know that
among the solutionsin
positiveintegers,there is a solution with the
smallestvalue is of the variable
z
However, we have shown that from this solution
we can find another
solution with a smaller value of the variable z,
leading to a contradiction.
This completesthe proof by the method of infinite descent.
n
Readers interested in the history of Fermat's
last theorem and how
investigationsrelating to this conjecture led to
the genesisof the theory of
algebraicnumbers are encouragedto consult the books
of Edwards Il4l and
Ribenboim Irt]. A great deal of researchrelating
to Fermat's last theoremis
underway. Recently, the German mathematicianFaltings
establisheda result
that showsthat for a fixed positiveinteger n, n
> 3, the diophantineequation
xn + yn : z' has at most a finite number of solutions
where x g, and,z are
integersand (x,-y) : l.
401
1 1.3 Pell's Equation
Problems
ll.2
n is an integer n ) 2' then

show that if x,! ,z is a Pythagorean triple and
x"*yn#zn.
of Theorem I l '2' and the
2.. Show that Fermat's last theorem is a consequence
integers when p is an
nonzero
:
in
solutions
no
zP has
assertion that xP * yp
odd prime.
l.
prime and
Using Fermat's little theorem, show that if p is
3.
a)
if xp-l * yn-t : zP-r, then p | *yt .
b)
if xP + lP : zP, then p | (x+Y-z).
Show that the diophantine equation xo-yo:

integers using the method of infinite descent'
4.
z2 has no solutions in nonzero
5.Usingproblem4,showthattheareaofarighttriangle
never a Perfect square.
with integer sides is
in nonzero
Show that the diophantine equation xa + 4ya z2 has no solutions
integers.
- 8y4 : z2 has no solutions in nonzero
i. Show that the diophantine equation x'
integers.
:
many solutions'
8 . Show that the diophantine equation xa + 3ya z4 has infinitely
square'
9. Show that in a Pythagorean triple there is at most one perfect
many integer
1 0 . Show that the diophantine equation xz + y2: z3 has infinitely
k
the integers
solutions by showing that for each positive integer
:
a
solution.
k2 * I form
x : 3k2-1, | - k(k2-3), z
6.
tt.2
l.
Computer Proiects
such
Write a computer program to search for solutions of diophantine equations
asxn
*Yn:zn.
11.3 Pell's Equation

In this section,we study diophantine equationsof the form
( 11 . 2 )
x2-dy',:r,
(0, there are no

where d and n are fixed integers. When d <0 and n
most a finite
solutionsof (11.2). When d < 0 and n ) 0, there can be at
402
Some Nonlinear Diophantine Equations
numberof solutions,
sincethe equationx2 - dyr: n impliesthat
l"l < fi
lrl < JM.
Also, note that when d is a perfect,quur.,
say
d : D2,
il*
x2 - dy': x2 - Dry : G+Dfl(x-Dy) - n
Hence,any solutionof Qt.D, when d is a perfect
square,corresponds
to a
simultaneous
solutionof the equations
::'d=;,
where a and b are integers such that n : ab.
In this case, there are only a
finite number of solutions, since there is at most
one solution in integers of
these two equationsfor each factorization n : ab
For the rest of this section,we are interestedin the
x2 - dy':n,
where d and n are integers and d is a positiveinteger which
is
not a perfect square. As the following theorem shows,
the simpL continued
fraction of -,/v is very useful for the study of this equation.
Theorem 11.3. Let d and n be integers such that d >
0, d is not a perfect
square, and lrl < r/7. .lf x2 - dyI: n, then xfy is
a convergentof the
simple continued fraction of ^/7.
Proof. First considerthe casewhere n ) A. Since x2 _ dyr:
( tr . : )
From (tt.:), we seethat x - y.,/7 ) 0, so that x > yrT.
* _,/7>0,
v
and since 0 1 n < ,8,
n,wesee that
G +y./7) G -y,/V) : n
we see that
G -,/7v)
ta
YW
v
:
x 2 -d Y2
y G + y,/7)
consequently,
403
1 1 .3 P ell' s E quat io n
\- f r
YQYJA)
fi
t
\ q I 1
Zy'rld
:l
)
L!
Since 0 <
x_
.,17 < +,
2v'
-r
rr2
Theorem10.18 tells us that x ly must be a
convergentof the slmple contlnueo1 fractionof JL

- dy' : n by -d, to obtain
When n ( 0. we divide both sidesof x2
v2- ,fr*': -3
we see that y /x is a
By a similar argument to that given when n ) 0 o
of ll.r/7' Therefore'
convergent of the simple continuid fraction expansion
must be a
from problem 7 of Slction 10'3, we know tB *l!,:1l,j.,/x)
:
u
'
)
l/(l/{cl
converyentof the simple continuedfraction of './d
x2 - dy': n,
we ^1"1
have shown that solutions of the diophantine equation
. .n, are gifn by the convergents of the simple continued
*h;;
The next theorem will help us use these
fraction expansion of fi.
convefgentsto find solutionsof this diophantine equation'
^ perfect square'
Theorem 11.4. Let d be a positive integer that is not
--!*Q! - 'o''
and
P*+r
',/hlQr,
:
(io
[47.1,
oo:
+
dk
il;
pt *' J l Q* ,
t* L :0 ,1 ,2 ,... w h ere ao: Jd ' Furthermore'Iet
O;';- r : ( ; " expansionof
denote tie kth convergentof the simple continued fraction
;J;r
Jd. Then
pt-dqt:(-1)&-rgp*1.
Before we prove Theorem 1 1.4, we prove a useful lemma.
w h e r er , s , t , a n d u ^ t e r a t i o n a l
L e m m a 1 1 . 4 .L e t r * s r / V : t + r t / l
not a perfect square. Then r : t
is
numbers and d is a positive integer that
ands:u.
proof. Since r * s,/7 : t * u,/7, *"see that if s # u then
r-t
,/7 u-s
444
So me N onti near D i ophanti ne E quati ons
B y T heor em 10 .1 , (r-t)/(u -s )
i s ra ti o n a l , and by Theorem r0.2 Jv
irrational. Hence,s : u, and consequently :
r
t. A
We can now prove Theorem I 1.4.
Proof. Since Ê :
i,
o,0: Ias;ar, e2,...,ek,otk+tL,

Theorem 10.9 tells us that
- vtjs
ott+tp* I p*_t
, r t " r r q k+ q r r '
Since dk+t : (pt *, + ,/7)/er+r
JV:
(P**t
we have
+ ,8)p* * e*+pr,_t
(P**, + ,/V)qr *
et +rQ*_t
Therefore, we see that

dqt t (Pt+flt, I Qt +rQtr-r)fi : (pr,+tpr,*
e*+rpt,-r) + p*fi.
From Lemma
11.4, we find that dqr, : P*+tPt, *
and
Q*+et -r
Pt+ f l* f Q t + r Q n -t: p k W h e n w e mu l ti p l y t t.
first of these two equations
by qt and the second by pt, subtract the first
from the second, and then
simplify, we obtain
pt - dqi : (ptqt -t - pr-tQ*)eo*,:
(- l)o-teo*r,
where we have used rheorem 10.10to completethe proof.

tr
The special case of the diophantine equation x2 _
dy, : , with n : I is
called Pell's equation. we will use Theorems ll.3
and rr.4 to find all
solutionsof Pell's equationand the related equationx2 dy, : -t.
Theorem 1l'5' Let d be a positive integer that is not
a perfect square. Let
px/qt denote the kth convergent of the simple
continued fraction of .8,
k : 1,2,3,"' and let n be the period length of this continued
fraction. Then,
even, the positive solutions of the diophantine
y.!"n ,r,
equation
:
x- - ay" : I are
: Q i r - t , j : 1 , 2 , 3 , . . .a, n d
t
,
!
t
h
e
d
i
o
phantine
equation x2 - dy'r *: - ll i n has
no solutions. when n is odd, the positive
s o l u t i o n so f x 2 - d ! ' : 1
a r e x : p 2 j n - r , ! : Q z i n _ r j, : 1 , 2 , 3 , . . . a n d t h e
s o l u t i o n so f x z - d y ' : - l a r ex : p e i _ D n _ r , l :
Q e i _ r ) n _ rj, - 1 , 2 , 3 , . . . .
Pyoof. Theorem 1r.3 tells us that if xo,ro is a positive
solution of
x2 - dy': tl, then x0: p*2!o:
Q * w h e r e p * / q 1 , i s a c o n v e r g e n ot f t h e
simple continued fraction of ,/7 . On the other hand, from
Theorem I 1.4 we
know that
405
1 1.3 P ell' s E quat io n
pt-dq?:(-l)ft-r21*1,
whereQx*tisasdefinedinthestatementofTheoremll.4.
is n, we know that
Becausethe period cf the continued expansion oL"/j
('int" J'l :
' Hence'
:
Qjn: Qo:I for7 1,2,3,"',
"tf
pk-, - d q?^-t: (- l)i'Qni : (- I )/n'
a solution of
This equation shows that when n is even Pin-t, Qin-t is
f o r 7 : 1 , 2 , 3 , . . . , a n d w h e n n i s o d d , P z i n - t , 4 2 1 n - it s - a s o l u t i o n
x2-dyz:l
-l for
o f x 2 - d y ' : I an d Pz (j -D r-r,Qz (i -D n -, i s a s ol uti on of x2 dy' :
j : 1,2,3,...
:1 and x2 - dy2: -1
To show that the diophantine equations x 2 d y '
I
have no solutions other than those already found, we will show that Qpal:
-l
:
1
.
2
.
3
.
.
.
#
for
7
implies that n lk and that Q1
We f ir s t not e t ha t i f Qt* t:
l , th e n
* 'ftr'
c,k+l: P1ra1
the continuedfraction expansiOnof a1a1 is purely

Since ok+l : la1ra,.a1r1z,...l,
-1 1 a*+r: Pk+r- ''17 < O'
periodic. Hence, Theoiem !0.20 tells us that
, nd nl k'
Thi s im pliest hat P k + t:l r/7 1 , s o th a t d k : c " o a
T o s e e t h a t Q l-'Sin""
#-lfor7:l,2,3,""notethatQi:-limpliesthat
ct; has a purely periodic simple continued fraction
dj : -pi -G.
expansion,we know that
-l
< ei:-Pi+^ftt
<0
and
dj:-Pj--./7>t.
-r/7
and, from the
From the first of these inequalities, we see that Pi >
-fi.
-l
for p1 are
inequalities
two
these
Since
second, we see that Pi <
-1contradictory,we seethat Qt #
-1, where
Since we have found all solutionsof x2-dy2: I and x2-dy2:
x and y arc positive integers,we have completed the proof. n
We illustrate the use of Theorem 11.5 with the following examples'
Example. Since the simple continued fraction of .,8
is tl;f ,f 'f ,f ,el the
406
pos it iv es olut io n so f th e d i o p h a n ti n e
e q u a ti o n
x2
I are pni _t,et.' j _t,
. .l 3yr:
i : l'2'3"" *T]: p1_o1/e.roi-r
is the (roi-l)th
ctnvergent
or ,r," simple
continued fraction expansion of .,m.

The least po-ritiu" sorution is
pe: 649, { e : 1 8 0 . T h e p o s i ti v e s o l u ti o n s
of the di ophanti ne equati on
x 2- 13y 2 : - I a re Prc i -o ,Qto i -o i : 1 ,2 ,3 ,. ..;
the l east posi ti ve sol uti on i s
P q : 1 8 , q a: 5 .
Example. Since the continued fraction of -,.fr
is t3;Wl,
the positive
solut ionsof x 2 - t4 y 2 _ : I a re p a i -1 ,e 4 j -r,j : r,.2,3,...
w here p+ i -tbqi -r i s
the 7th convergentof the simple continued fraction
expansionof Vl4. The
l eas t pos it iv e s o h l ti o n i s p t:
1 5 , Qt: 4. The di ophanti ne equati on
xz - l4y2 : -1 has no rotuiionr, since the period
length of the simple
continued fraction expansionaf ,/la is even.
We conclude this section with the following theorem that
shows how to find
all the positive solutionsof pell's equation x2-- dyt : I from
the least positive
solution, without finding subsequentconvergentsof the continued
fraction
expansionof ,/7.
Theorem 11.6. L9t xg1 be the least positive solution of
the diophantine
equation x2 - dyL : l, where d is a positive integer that is not
a perfect
square. Then all positive solutionsxk,lk are given by
xtr*yrfi:(xt*yrr/v)o
fork:
I 1.4).
(Note that xp andy1,are determinedby the use

of Lemma
Proof. We need to show that x1r,y1,is a solution for k :

every solution is of this form.
and that
To show that x1,/r

-.!! a solution, tst note that by taking conjugates, it
follows that x1, - ytrfi:
(x r- lr,,/T)k, because from Lemma 10.4,
the
conjugate of a power is the power of the conjugate. Now, note that
xt - dyt : (xp+ yr,fi)G,, - yr,fi)
: ( xr t y 1 6 ) o ( " , - y r E ) k
: (x?- ayilo
1.
Hence xk,lt is a solution for fr :

To show that every positive solution is equal to x*,lt< for some positive
integer ft, assume that X,y is a positive solution different from x*,lk for
k : 1, 2, 3, . . . . T h e n th e re i s a n i n te g e rr s u c h t hat
407
1 1.3 P ell' s E quat io n
(xl + yJ7)" < x + Y./7 ( (xt * v]/a)n*t'

(x t * y rfi)-"'
When we multiply this inequality by
we obtain
I < ( xr - r r f i ) n ( x + Y J d ) ( x t + Y I I A '
thatx t - !t,[i : (x1* yt,[d)-t.
x? - dy? :1 implies
since
Now let
s * /./7 :(r, - yrfi)'(x + YJI),

and note that
s2-dtz:(s
- t J a ) ( s+ t , / D
+ yf/7)'8 - Y,l7)Gt - y r f i ) n ( X + Y J A )
(*?- dy?)'8' - dYz)
(xt
-- l
t.
We see that s,/ is a solution of x2 dy':
l, and furthermore,we know that
1,
,fr'.'"*;;';r",lV.--Mor.oner, sincewe knowthat s + t-,/7>
i .;
weseethat0 < (s + tJa)-r < 1. Hence
1r : +t(s t r,/7>+(s - r.'.ff)l> o
/-
and
, : 1[(s
2Jd
+ t-./7)- (s - t',17)]> o.
t' 2 y1, by the

Th i s m eanst hat s,/ i s a p o s i ti v es o l u ti o n ,s o th a t s 2 x1,and
the
contradicts
this
But
choice of x1,y1 as the smallest-positivesolution'
some
for
xpy1,
be
must
X,I'
Therefore
inequality s * f ../7 < xr * ytfi.
choice of /c. tr
To illustrate the use of Theorem I1.6, we have the following example'
positive solution of
Example. From a previous example we know that the least
l3y': I is xt:649,
-Pr: 180' Hence' all
t h e d i o p h a n t i n ee q u a t i o nx 2
positive solutions are given by xt, yp where
x* * yr,./n : (649+ tgo\[Lte .

For instance,we have
408
Some NonlinearDiophantineEquations
x z * y 2,8
: 842361+ 233640.,/l
t
H e n c e x 2 : 8 4 2 3 6 1 , y 2 : 233640 is the
least positive solution of
x 2 - l 3 y 2 : l , o t h e rt h a n X 1 - 6 4 9 ,y ' : 1 8 0 .
ll.3
l'
2'
3'
Problems
Find all the solutionsof each of the foilowing
diophantine equations
a)
x2+ 3y2:4
b)
x 2 + 5 y 2: 7
c)
2 x 2+ 7 y 2 : 3 0 .
Find all the solutionsof each of the following

diophantine equations
a)
x'-y':B
b)
x2 - 4y2: 40
c)
4xz - 9/2 : loo.
For which of the following values of n

x2 - 3ly' : n havea solution
a)l
b) - 1
c)2
4.
does the diophantine equation
d ) -3
d4
f) -s ?
Find the least positive solution of the diophantine

equations
a)
b)
x2 - 29y2: -1
x2 - 29yz: 1.
5.
Find the three smallest positive solutions of

x2-37y2:1.
6.
For each of the following values of d determine

whether the diophantine
equationx2 - drz : -l has solutions
il2
b)3
c)6
d)
7.
13
e)
f)
tj
3l
e)
h)
4r
s0.
the diophantine equation
The least positive solution of the diophantine equation

xz - 6lyz : 1 is
xt:1766319049, lt2261i398A. Find the least positive solution other than
x t,l t.
409
1 1 .3 P ell' s E quat i o n
8.
S!g* that if pr/qt is a converggntof the simple continued fraction expansionof
9.
Show that if d is a positive integer divisible by a prime of the form 4ft * 3, then
the diophantineequationx2 - dy': -l has no solutions.
Jd thenlp?- dq?l < | + zJd.
Let d and n be positive integers.
I l.
il
Show that if r,s is a solution of the diophantine equation x2 - dyz : I and

X,Y is a solution of the diophantine equation x2 - dy' : , then
Xr + dYs, Xs t Yr is alsoa solutionof x2 - dy': r.
b)
Show that the diophantine equation x2 - dyz:

infinitelv many solutions.
n either has no solutions,or
Find those right triangles having legs with lengths that are consecutiveintegers.
(Hint: use Theorem 11.1 to write the lengths of the legs as x -.r2 - 12 and
y :2st, where s and t are positiveintegerssuch that (s,t) : l, s ) / and s
and
t
have opposite parity.
Then x-y:il
implies that
(s - r)2- 2t2: +1.)
12. Show that each of the following diophantine equationshas no solutions

a)
xa-2ya:1
b)
x4-2y2--1.

1.
Find those integers n with lrl < Ji

x2 - dyz: rz has no solutions.
2.
Find the least positive solutions of the diophantine equations x2 - dy':

x 2 - d y 2- - 1 .
3.
Find the solutionsof Pell's equation from the least positive solution (see Theorem
I 1.6).
such that the diophantine equation

I and
Appendix
412
Appendix
Tabfe 1. FactorTable.
The leastprimefac1o1,of
.::h.odd positiveintegerlessthan 10000and not
divisibleby
five is givenin the table. ThJinitial digits
of tile integeiare listedto the sideand the
lastdigit is at the top of the column. primes
are indicatedwith a dash..
1379
0
I
2
3
4
)
6
7
8
9
t0
1379
3
3-
33-
3-
3
7
3-
337 3-
3
7^
33
n 3- 3 7
t2 ll 33
13
7-14
3 ll 3 15
33
l6
7--13
t7
33l8
3 11 3
l9
20
3 7 3 ll
2l
373
22 1 3 23
3324
313 3
25 - l l 7
26
3327
33
28
717
29
33 13
30
7 33
- ll
3l
32
3t7 3 7
33
33
34 l l 7 - 35
33-
4A
4l
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
6l
62
63
64
65
66
67
68
69
70
7l
72
73
74
75
-131180
3 7 38l
373
82
19_
83
3384
lt 33
85
7
86
3 ll 3 87
13 33
88
-r7
7_
89
3390
7 3lI 3
9r
1 72 3
92
313 3 7
93
33
94
19 7-13
95
3396
33
97
7ll-19
98
3399
33 100
13l0l
3 7 3t7
t02
373
103
_ ll
rc4
33105
3 2 3 3 106
l l - - 7 107
3 - 3 r 3 r0 8
3 1 7 3 109
-19 7ll0
323 3lll
7 33 lt2
t7 - 1l ll3
33 7 rt4
33 ll5
1379
3 ll 3 319 3
1379
t20
t2l
r22
3 7 329373
23-3 - 3 lr
13 33
7
3 19 329
t7 33
- ll 7 313 37 33
-23 - 13
3 8 37
3t 33
7 -tl
3323
33
7t71933313 3
t73 7 337 3
1t 329 313
23 33
7
33lt 33
19- 73 ll 3 t7
7 331 3
1 31 9
123
t24
125
r26
t27
128
t29
130
131
r32
r33
134
135
136
r37
r38
139
140
t4l
r42
r43
317 3
7 --23
3333
17fi29_
3 7 313373
3 11 9
3333
7
3 13 3 33
rr 31 7 13
317 319
7 323 3
-29-37
33 7
319 3
13 7tt323 317 313 3
7--33ll 33
3 13 7 313
37 3
144
145
t46
147
148
r49
33150 1 9 3 1 1 3
r5l -1737 7
rs2 3 - 3 1 1
153
329 3
r54 2 3 - 7 t55 3 - 3 -
413
Appendix
Table 1. (Continued).
r379
19 33
7-t333t7 33
7-3333
723-ll
331 317
t3 33
ll 3 7 323
41 373
19313 329 3r7 3
- - ll 7
3337
33
r77341 329
7 33
133ll 3 7
313 3
723t7
r82 3 - 3 3 1
r83
3 ll 3
184 7 1 9 - 4 3
185 3 1 7 3 l r
186
33
t87
188 3 7 3189 3 1 3 7 3
r90 - l t - 2 3
l9l
33r9
36
37
38
39
160
r6l
t62
r63
t64
r65
r66
r67
r68
r69
170
17l
172
173
174
175
176
177
178
179
180
l8l
76
77
78
79
2m
201
202
203
204
205
206
207
208
209
210
2tl
2t2
2r3
2t4
2t5
2r6
217
2t8
2r9
220
22r
222
223
224
225
226
227
228
229
230
231
7t33r9
33
ll 3713-17
3 7
33
343 7 -3r9 313 323 3
7-tl29
33t9 33t 3
3 7 3u373
2 9 t3
3 ll 3 33
--19
7
33t7
3 ll 3
l34t 7 337 3rl
7 313 3
3r--47
33 7
317 3
23 7-33r3
337 3
731-3343
33
29--ll
3 7 337 3
1379
1379
1379
3 7
3 lt 3
7 -29
118
3
ll9
3 ll
7 329 3
240
241 - 1 9 - 4 1
242
33 7
243 l l 3 3
244
7 -31
245
3 ll 3 246 2 3 3 3
247
7 --37
248
313 319
249 4 7 3 l l 3
250 4 t - 2 3 1 3
251
3 7 3 ll
252
37 3
253 - t 7 4 3 254
33?5S
33
256 t 3 l t 1 7 7
257
331 32s8 2 9 3 1 3 3
259
723
260
3r9 326r
7 33
262 - 4 3 3 7 r 1
263
33 7
264 1 9 3 3
265 l l 7 - 266
33t7
267
33
268
7--269
33270 3 7 3 3
27r
ll ll6
rt7
3-
3
7 31 1t 9 3 7
33
37 3753
329 37 3rt 3
19--17
33 7
33
747t9
313 343 33
7rl-13
334t 33
2 3 3 7- 2 9
3 7 3l7 37 3
29s t 3 - - l l
296
33297
313 3
298 t t t 9 2 9 7
299
341 3300
331 3
301 - 2 3 7 302
33 13
7 3303
3
304 - t 7 1 1305
343 3 7
306
33
307 3 7 7 1 7 308
33309 1 1 3 1 9 3
3r0 729133ll
3 l1 3 156
t57
158
159
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
414
Appendix
l3
192
r93
r94
195
r96
r97
198
r99
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
7 9
t7 341 3
--13
7
329 3319 3
3713 7tl
337 33
1 1-
3-
3-
13 33
- l1 7 353 34r
7 317 3
313 3 7
329 3
r 7 7 1 9l l
337 333
7-3r-
3-
3347 3
13-_-17
3 7 337 3
- - ll 3l
3r7 3343 3
l94r7
3313
ll 323 3
47- 719
3 ll 3 7 33
323 3 7
1379
232
233
234
235
236
237
238
239
:oo
361
362
363
364
365
366
367
368
369
370
37r
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
n23t3t7
3333
-137
3r7 323
33
73313 33
23-7
3319
33
ll - 7 4l
313 37 319 3
-13
329 3 7
33
7tt_
347 361 33
7-37319 323
ll 313 3
-53
3 7 319373
t7--29
3331
37 3ll 3
--43
7
3311
23 33
717
3353
7 33
1379
272
3 7 3273
37 3
274 - 1 34 t 275
33 3l
276 l l 3 3
277 1 7 4 7 - 7
278
3 11 3 279
33
_19
400
40r
33402
33
403 2 9 3 7t t 7
404
313 3405
33
406 3 t t 7 7 1 3
40'7 3 3408
7 361 3
409
l74r0
3ll 3 7
4tr
323 3
412 t 3 7 - 413
33414 4 1 3 1 l 3
4t5
7--416
323 311
4t7 4 3 3 3
4 1 8 37 47 53 59
419
3 7 313
420
37 3
421 - l t
422
341 3423
319 3
424 - - 3 1
7
42s
33426
3t7 3
427
7tl
1379
3t2
353 3
3r3 ; 13-43
3r4
3 7 347
3 1 5 23 3 7 3
316 2 9 317
3 19 3 ll
318
33
3le- * 3 r z 37
440
44r
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
4s9
460
461
462
463
464
465
466
467
3 7 3lr 3 7 3
1943
3ll 323
33
-6t7
334r
17 3 11 3
767
33 ll
7 33
1333 7
23 313 3
19 7*329 347
33
71723t9
3 - 3 13
33
43-t7lI
3 7 331
373
tt4t-3333
59-13 7
33-
415
Appendix
468 3 1 3 4 3 3
33-1113428
348 5 9 3 1 l 3 3 8 8
469 - 1 3 7 3 7
3
3
7
429
7
3r7 3
389
713349
317
3470
3 430 1 11 35 9 3 l
390 4 7 3 't 353 3
3 31 3 ll
350
471
3
'
,
l
319
431
7 -3 39r
3351
293 4',72
29 3432
3
3
392
7
1
3
352
3',l
3
473
7
6
1
433
3
33r
393
333s3
3
4
7 3
1
1
474
343 3434
7 --rl
3 394
3354
7
6
7
475
3
3
3 5 9 3 3 7 435 1 9
39s
355 5 3 1 1
3
1
9
3
1
1
476
7
l
r
1
7
436
3
356 3 7 3 4 3 396 t 7 3 3
3
1
7
1
3
477
3
2
9
3
437
2
3
4
1
3 7 3 397 t r 2 9
357
--4 3 8 1 3 3 4 1 3 478 7
3 7 31 73 7 398
358
3- _
3
2
3
5
3
479_
439
13373
3 5 9 399 -Tt1
3359
3
31
7
600
7t
qt*r
:-Tl
560
3- 5zo
480 :tn7tl13
601
3
3
4
1
3
1
5
6
1
3
1
7
313
6 1 521
481 t7 3r9 3602
7-1713
3 562
3 7 3 1 1 522 2 3 3 482
3
3
7 3603
3
1
3
3
4
3
563
3 7 3 523
483
--23
7
604
3
3
564
3 7 329
484 47 29 37 13 524
373
3605
565
3 2 3 3 4 3 525 5 9 3 7 3
485
3
3
1
1
606
3
7
3
3 3 1 3 526 - 1 9 2 3 r r 566
486
1
3
5
9
607
5
3
3
7
3
s67
3- 37 527
487 - 1 l 3 7 3608
3 1 7 3 568 1 3- 1 1s28
319 3488
37 3
- 7 s69
3 4 1 609
3489 6 7 3 5 9 3 s29 1 1 6 7
r
7
3141
6
1
0
3
313
570
33530
490 1 3 - 7 329
3
2
9
6
1
1
7
571
531 47 313 3
317 3491
3 11 3
-r
612
3
t
7
3
5
9
572
7
7
3
t
7
3 1 3 3 532
'7
492
1'1
- 1 l 533
3 1 9 573 1 1 3 - ' t - 3 6 1 3
3493
3 l1
3
614
3 5',74
7 33 7 534
3494
3
4
7 3
6
1
5
1
3
3
1
1
5
3
1
1
2
3
3
)
t
)
3 535
3495
731
6
r
6r6
3
3
7
3
7
576
7
3
3
3
1
s36
496 1 1 7
337
3617
3 1 3 537 4 1 3 1 9 3 5',77 2 9 2 3 s 3 3497
'7
3
323
6
1
8
7
1
7
3
3
578
7
3 538
498 1 7 3 1
1
4
1
6
1
9
3
1
1
3
579
3
3s39
7-19499
3 7
3620
JI
| 3 580
540 1 1 3 33s00
3
3
621
1
1
3
581 3
7--3 2 9 3 54r
' 71 3 5 01
622
J
5
582
311 361
l l 4 7 542
502
323 3r7
623
719133 583
3543
3 7 3503
I
4 ^ -
^ a
416
Appendix
504 7 r 3 7 3
544
13_
584
3- 3624 7 9 3 3
505 - 3 1 1 3 _
545
3 7 3 5 3 585
3
_
3
625
713-tr
506
3 6 1 3 3 7 546 4 3 3 7 3
586 - l l
626
33507 I r 3 3 547 - 1 3
587
3 7 3627
3
3
508 - 1 3 7 548
33 ll
588
373
628 l l 6 l - 1 9
509
3 lt 3 _
549 1 7 3 2 3 3 589 4 3 7 1- 1 7
629
3 7 3510
33 550
7 590
33 1 9 630
373
5ll
19- 7551
337 3591 2 3 3 6 1 3 6 3 1 - 5 9 - t l
512 3 4 7 3 2 3 552
33 592 3 t - - 7 632
335 1 3 7 3 l l 3 553 - l l 7 2 9
593
317 3_
633
1
3 33
514 5 3 3 7 - 1 9
s54
3 2 3 3 3 1 594 1 3 3 1 9 3 634 t 7 - t t
7
515 33 7 555
7 33 595 1 1- 7 s 9 635
33516 1 3 3 3 556 6 7 - 1 9 596
3 6 7 3 4 7 636
33
517
731_
s57
33 7 597
7 3 4 3 3 637 2 3 - 7 518 37r 3s58
3 3 7 3 598 - 3 1 - 5 3
638
313 3_
519 29 33 559
729tl
599
3 1 3 3 7 639
7 33
640 3 7 1 94 3 t 3 680
33 1 l 720 1 9 3 3 760 l l - 7
64r
3 1 l 3 7 6 8 1 7 3 t 7 3 721
7761
323 319
642
33 682 t 9 722
3 31 3 762
329 3
643 s 9 7 4 1 4 7 683
33 7 723
7 33 763 1 3 1 7 7 644
317 3684
3 4 r 3 724 1 3 - - l l
764
33645
3 l l 3 685 1 3 7 - 1 9
725
33 7 765
7
3
t
3
3
646
7 2 3 2 9 - _ 686
33726 5 3 3 1 3 3 766 4 7 7 9 1 1 647
3
3 ll
687
3 1 3 3 727 il 7 1929 767
33 7
648
3 1 3 3 688
7 -7t83
728
33
3
7
768
33
649 - 4 3 7 3 6 7
689
361 3129 2 3 3 3 769
7
4
3
_
650
3 7 3 2 3 690 5 7 3 3 730
767-770
33 13
651 1 7 3 7 3
69r - 3 1 - l t
73r
3 7 t 3 1 3 771 l l 3 3
652 - l l 6 l _
692
3 7 3 1 3 732
3 t 7 3 772
7--59
6s3
3 4 7 3 1 3 693 2 9 3 7 3
733 - - l t 4 l
773
311 371
654 3 1 3 3 694 l l 5 3
734
3 7 3774
361 3
655 - - 7 9
7 695
317 3735
3 7 3 775 2 3 656
33696
33 736 1 7 3 7 5 3 776
3 7 317
657
33 697 - 1 9 - 7 737
3 7 3 3 4 7 777 t 9 3 7 3
2
9
658
7 1 1 698
33 2 9 738 1 l 3 8 3 3 778 3 1 4 3 1 3 659
319 3699
33 739 1 9 - 1 3 7 779
3 - 3 1l
417
Ap pendix
Table 1. (Continued)'
1379
1379
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
- 4 7 7 4 3 '740 3 1 1 3 3 1
3
3741
333 742 4 1 1 3 1 1 7
7 3343
3743
703 7 9 1 3 3 1 7 3ll 3
3 7 744
3704
3 745 - 2 9
705 1 l 3 3r7 3 7
746
7
3
7
2
3
706
3
747 3 1 3 3 11 3 707
7-708 7 3 3 1 9 3 748
359 37 4 1 4 7 3 r 749
709
3
750 1 3 3 7r0 3 - 3 13 3 11 3 751 7 rl -73
7tl
33752
7t2
3
3 7 3 1 1 753 t 7 3 713
7t4 3 7 3 7 3 754 - 1 9
755 3 7 3 715 - 2 3 1 7 37 3
3 1 3 3 6 7 756
7t6
3 757 6 7 - - 1 l
717 7 r 3 337 1 8 4 3 r r - 7 758
371 3
3 2 3 759
37t9
840 3 1 3 7 3 880 1 3 - - 2 3
881 3 7 3 841 t 3 4 7 1 9 37 3
882
5842
3 l l 3 883 - l l
843
7 884 3 3 7 3 844 2 3 - 885 5 3 3 1 7 3
3
l
l
3
7
9
845
7
3 - 3 886
846
319 313
847 4 3 3 7 7 6 r 887
3 r 7 3 1 3 888 8 3 3 - 3
848
7 3 2 9 3 889 t 7 - 7 l l
849
329 3s9
8 5 0 - 1 1 4 7 6 7 890
7
337 3
7
8
9
1
3
851 33 - 3 892 1 1- 7 9 852
3 7
3893
8s3 1 9 7 - 323 3
3 - 3 8 3 894
854
7 r7-29
71317
3 3 1 3 4 r 8 5 5 r 7 3 4 3 3 895
3
7 3111713337 3 7
3
19 329 71761
33359 3
7-lr341 3337 3
193 7 3ll 3 7 3
53--23
3 ll 317
43 329 3
--67
7
313 33 1l 3
713
353 33
31371237
329 31l 3 13 3
83- 73 ll 3 7 341 3
-59
3 7
33 ll 3
7 -23
3 1l
3
47 379 3
700
701
'702
a a
1379
1379
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
920
92r
922
923
924
925
926
927
928
929
930
931
932
933
934
935
29 331 3
7313- 7
3341 3t7 3
- 11 7 47
329
33
7 33 7
313 353 3
7 -rl
341 3*
3
89 37 --r7
3r3 3*
373 3
19-3113
3 7 379
23373
6l-1119
3361 3r3 3
-23 - l1
3 7 337 3
i l 1 9- 4 7
3s9 313
3
73 3--37
7
3r7
371 34r 3
-67 7 319
33
7 313347 3 7
418
Appendix
1379
816
33
817 -1113818 3 7 319
819
373
820 5 9 1 3 2 9 _
821
343 3_
822
319 3
823
7
824
3373
825 3 7 3 2 3 3
826 l 1 7827
33r7
828
7 33
_43
829
830
319 3 7
831
33
832 5 3 7 t t 833
3 13 3 31
834 t 9 3 1 7 3
835
7-6r13
836
33837 i l 3 3
838 1 78 3
839 3 7 3 3 7
960
3 13 3
961
7-59962
33963
323 3
964 3 l - l l 965
3 7 313
966
37 3
967 t 9 t 7
968
323 3 969 l 1 3 3
1379
856
7-1311
857
3323
858
331 3
859 l l 1 3
860
3 7 386r 7 9 3 7 3
862 3 7 - 863
389 353
864
33
865 4 t t 7 t t 7
866
33867 1 3 3 3
868 - 1 9 7 869
33870
7 33
871 3 1 - 2 3 872
311 3 7
873
33
874
7-13
875
3319
876
3 ll 3
877
73167878
33 1l
879 5 9 3 1 9 3
970 8 9 3 11 8 7
971
3 ll 3 972
37t 3
973
t974
33975
7 3rt 3
976 4 3 t 3
977
329 3 7
978
33
979
19741
a n 4
1379
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
9 tl
912
913
9r4
915
916
917
9r8
919
980
981
982
983
984
985
986
987
988
989
1379
3-
3936 l l 3 1 7 3
3 4 7 3 937
7 _83
7 1 3 1 1 8 9 938
3ll 341
317 3939
33
33 940
7 -2397
7l 29 94r
333 7 3942
3 ll 3
l r 3 7 3 943
83944
3 7 3 ll
3 ll 3 945 t 3 3 7 3
13 3-17
3 946
4 7 4 3 2 9 7 947
333 3 1 3 6 1 948 1 9 3 5 3 3
3 l l 3 949 - l l - 7
19- 7950
3 13 337
3 3 1 3 1 l 951
3 31 3
7 33 952 - 8 9 7 t 3
2 3 - - 1 3 953
333 4 t 3 7 954
7 33
33 955 - 4 1 1 9 l 1
7 8 9 s 3 956
373 3 7
33 6 7 957 t 7 3 6 1 3
33 958 1 1 7 - 4 3
72917959
353 329
33 1 7 990
33
33 991 r r 2 3 4 7 7
7tt3r992
3333993
319 3
1 3 3 4 3 3 994 - 6 1 7 -59
99s
337 323
3 7 3 7 r 996
7 33
373
997 1 3 - u t 7
4t - - ll
998
367 3 7
3 1 3 3 1 9 999 9 7 3 1 3 3
Reprinted with permission from u. Dudley, Elementary Number

Theory, Second
Edition, copyrighto 1969 and l97g by w. H. Freeman and
company. All rights
reserved.
419
Appendix
Table 2. Values of Some Arithmetic Functions'
I
2
3
4
5
6
'l
I
9
l0
ll
t2
l3
l4
l5
l6
t'l
l8
l9
2A
2l
22
23
24
25
26
2'I
28
29
30
3l
32
33
34
35
36
5I
38
39
40
4l
42
43
44
45
46
4"1
48
49
I
I
2
2
4
2
6
4
6
4
l0
4
t2
6
I
8
l6
6
l8
8
t2
l0
22
8
20
t2
l8
t2
28
I
30
l6
20
l6
24
t2
36
l8
24
l6
40
t2
42
20
24
22
46
l6
42
I
2
2
I
3
4
2
4
2
4
3
4
2
6
2
4
4
5
2
6
2
6
4
4
2
8
3
4
4
6
2
8
2
6
4
4
4
9
2
4
4
8
2
8
2
6
6
4
2
l0
3
6
t2
I
l5
l3
l8
t2
28
t4
24
24
3l
l8
39
20
42
32
36
24
60
3l
42
40
56
30
72
32
63
48
54
48
9l
38
60
56
90
42
96
44
84
78
72
48
124
57
420
A ppendi x
50
5l
52
53
54
55
56
57
58
59
60
6r
62
63
64
65
66
67
68
69
7A
7l
72
73
74
75
76
11
78
79
80
8l
82
83
84
85
86
87
88
89
90
9l
92
93
94
95
96
9',|
98
99
100
20
32
24
52
l8
40
24
36
28
58
l6
60
30
36
32
48
20
66
32
44
24
70
24
72
36
40
36
60
24
78
32
54
40
82
24
64
42
56
40
88
24
72
44
60
46
72
32
96
42
60
40
6
4
6
2
8
4
8
4
4
2
t2
2
4
6
7
4
8
2
6
4
8
2
t2
2
4
6
6
4
8
2
t0
5
4
2
t2
4
4
4
8
2
t2
4
6
4
4
4
t2
2
6
6
9
93
72
98
54
120
72
120
80
90
60
168
62
96
104
127
84
144
68
r26
96
t44
72
r95
74
n4
t24
140
96
168
80
186
t2r
r26
84
224
108
t32
120
180
90
234
n2
r68
128
t44
t20
252
98
t7l
r56
217
421
Appendix
Table 3. PrimitiveRootsModulo Primes
prime p, p < 1000is givenin the table'

The leastprimitive root r modulop for each
2
3
5
7
1l
l3
t7
l9
23
29
31
3',1
4l
43
47
53
59
6l
67
7I
73
79
83
89
97
l0l
103
107
109
113
127
131
r37
139
t49
l5l
157
163
r67
r73
179
l8l
1
2
2
3
2
2
3
2
5
2
3
2
6
3
5
2
2
2
2
7
5
3
2
3
5
2
5
2
6
3
3
2
3
2
2
6
5
2
5
2
2
2
l9l
193
r97
199
2tl
223
227
229
233
239
241
251
257
263
269
271
277
28r
283
293
307
311
313
317
331
33',1
347
349
3s3
359
367
373
379
383
389
397
401
409
419
421
43r
433
l9
5
2
t
2
3
2
6
3
7
7
6
3
5
2
6
5
3
3
2
5
T7
l0
2
3
10
2
2
3
7
6
2
2
5
2
5
3
21
2
2
7
5
439
443
449
457
46r
463
467
479
487
49r
499
s03
s09
521
523
541
547
5)/
563
569
57r
577
587
593
599
601
607
613
617
6r9
63r
641
643
647
653
659
601
6 73
677
683
691
701
r5
2
3
l3
2
J
2
13
n
J
2
1
)
2
3
2
2
2
2
2
3
3
5
2
3
7
7
3
2
3
2
3
3
ll
5
2
2
z
5
2
5
3
2
709
719
727
733
739
743
75r
751
76r
769
773
787
797
809
811
82r
823
827
829
839
853
857
859
863
877
881
883
887
907
9ll
919
929
937
94r
947
953
967
97r
977
983
991
997
2
ll
5
6
3
5
3
2
6
ll
2
2
2
3
3
2
J
2
2
ll
2
3
I
5
2
3
2
5
2
l7
7
3
5
2
2
3
5
6
3
5
6
7
422
Appendix
Table 4. Indices
Numbers
I r(
I to
I
l: lt2
l:
l!
l8
22
)1
29 28
3 r 30
3 i 36
4l
43
47
53
59
6l
67
7l
73
79
83
89
97
40
42
46
52
58
60
66
70
72
78
82
88
96
'il;ilîlrrl
'ilil,Y,l
trlfr|JIl,li
Numbers
t 7 1 8 l 1 9 20 2 l 22 23 24 25 26 27 28 29 30 3 l
32 33
l9
23
29
3l
37
4l
43
47
53
59
6l
67
7l
73
79
83
89
97
l0
7
2l
7
7
33
38
t6
l0
40
47
64
49
2l
2l
56
6
89
el
r z lr s
5
l l I e 24
z6i 4 8
1 7 1 3 5 25
1 6I e 34
z s l r c 37
1 2 l 4 s 37
3 s l ' 3 7 49
43138 8
t 3 l i 2 6 24
1 3 ll 0 17
5 8 11 6 40
2 0 1 6 2 17
6 1 3 2 70
6 3 1 4 7 29
r 8 1 3 5 t4
7 8 1 8 1 69
l3
t7
29
22
t4
36
6
3l
t0
55
62
27
39
54
80
82
5
lt
26
t7
3l
29
t5
25
7
26
l6
60
37
63
72
25
t2
24
20
27
l5
36
t6
5
39
l5
57
28
l5
46
26
60
57
77
8
l3
29
l3
40
28
20
53
9
42
44
30
l3 I
75
49
76
l6
l0
l0
4
8
2
42
t2
44
30
56
2
46
54
52
2
l9
5
t2
l7
l7
29
25
46
4l
20
45
67
38
78
39
59
Indices
tl
r s lr + l
rlrol I
6l34l2l
s rr j
3 Il s Il 4 r
l5
t4
23
ll
t 4 l 2 2 l 3 s 39
sl116146 l3
3 4 1 2 0 1 2 857
29
s t l 2 s l 4 4 55
aI rr I oa 60
18l4el35 l5
3l6llll
67
s2lt0l12 l8
3 l 2 s l s e 87
l8l 3l13
9
nlsrlrs
9
28
34
3
33
49
59
47
ll
ll
56
38
3l
46
5 20
l0 l8
9 3l
44 27
f
23
5 t7
5 2l
5 32
30 57
40 6 l
20 69
5 t4
80 85
74 60
Reprintedwith permissionfrom J. V. Uspenskyand M. A. Heaslet,Elementary

Number Theory,
McGraw-Hill Book Company.Copyright O 1939.
423
Appendix
Numbers
p
3'l I
4l r9
43 23
47 34
s3 l l
59 4 l
6 l 48
67 65
7 l 55
7 8 29
79 25
83 5 7
89 22
97 27
l9
2l
l8
33
9
24
ll
38
29
34
37
35
63
32
t8
2
l4
30
36
44
l4
l4
64
28
l0
64
34
t6
32 35
4
42 l 7
30 3 8
55 39
39 27
22 l l
2A 22
64 70
t 9 36
20 48
ll 5l
9l l9
20
22
9
50
9
6
33
3l
4l
3'l
46
58
65
65
35
67
24
95
I n dices
6 l2l
I
t s l 2 4 1 3 | 4314 l
'))
| 8 l 29
4s132
1 4 l l l 33I 27148
2s 5 4 1 5 6 431r i I 34
l 8 s 3 1 6 3 e l 6 r l 27
46 2 5 1 3 3 481431 l 0
25 t l + t 5 r I 7 r I l 3
74 7 5 1 5 8 4 e l76164
30 4 0 1 8 1 7 t l 26 1 7
2 e l28172
30 2 l l l 0
8 5 1 3 9 4 l 5 8 1 45
23
40
16
58
29
2l
54
30
6l
73
l5
23
20
50
9
3l
59
23
54
84
2l
54
l0
43
50
38
l7
76
65
l4
23
36
38
46
2
66
28
l6
74
62
63
64
65
44
Numbers
p
53
59
6l
67
7l
'73
79
83
89
97
50 5 l
52
43 27
r3 32
45 5 3
3l 5t
62 5
l 0 27
50 22
5 5 46
7
68
36 63
76
47
42
2l
5l
3
42
79
55
93
53
))
3l
37
8
59
56
52
59 5 3 5 l
78 l 9 66
l 0 \) 8 7
22
33
57
23
53
'7'7
35
t9
52
l4
26
56
)t
5 8 5 9 60
2l
52
26
t9
57
65
ll
4l
37
30
32
49
42
68
33
37
36
55
29
36
45
4
43
t5
13
75
47
6l
62
IncLices
3 l 30
36 56
J
66
5 23
3l 7l
34 l 9
43 l 5
67 43
48
69 I 1 7
58 l l e
45 1 6 0
66 l 3 e
69 1 4 7
64 t 8 0
3 5 6 34
5 3 36 67
45 48 60
5 5 24 1 8
70 6 22
5
83 8
75 t 2 26
Numbers
67
7l
78
79
83
89
97
54
66
67
68
33
63
69
73
t5
13
94
47
50
48
45
56
57
6l
69
4l
52
29 2'7
5 8 50
38 58
6l 5l
JI
't0
'tl
7 2 7 3 74 7 5
35
42
4l
36
79
66
44
5l
33
62
lt
36
t4
65
50
50
't6
II
7 8 79 80
8l
Inclices
44
69
20
28
23 4'l
z l 44
27 5 3
29 72
40
49
67
53
43 39
32 68 1 4 3 3 l 42
77 40 1 4 2 46 4
2 l J J t 3 0 4 l 88
Numbers
p
82
83
84
85
86
87
88
83 4 l
89 3 7
97 23
6l
t7
26 76
'73
90
45
38
60
83
44
92
89
90
91
92
93
94
95
96
82
48
I n d lces
s 4 l ' 7 e 1 5 61 4 9
20122
Appendix
Indices
p
2
2l rl | |
21 41 3l rl
e{t0llt
|
I
I rl '
l!
2.
2l
3l
3''
41
43
4'l
53
59
6l
67
7l
73
79
83
89
97
l3
t4
l5
t6
ll
3l 21 6l 41 5l I
2l 4l8l slrol I
2l 4l 8l 3l aln
lI l
l2
Numbers
7l3l6l
'l
I
ul el slrol zl I
3l elrolnl slrs trlrolr+l al tl 4 t2 2l
al r
l
21 4l sl rol rgl 7) t4l elrs;rzlrslrrl
5 l 2 l t o l + l z o l r l 1 7 l1 6 ll l I t l z z l r s l zrrl o l r z l s
l lsl I
21 4l altol :l 6l rz z+ rs I rs t vl I n
z
a
1
!
!
I
I
I
3 l e l 2 7 1 r o l z e l r c lt 7 2 0 2 e z s n a l z + l r o lz t I z s
I
I : o I z sI
2 1 4 l a l r o l t z l z t l t 7 | 3 4I I I n
sI : o I z : I s I
o l r e l r r l z s l z t l : B l z eIl t ol 3 t l 2 s I I z+el zlr +
lztl glrsl
l28l
3 l s l z t l l s l z e l + r l 3 7 l rrez l 3r 2
o
r
o
+
l
r
z
s l z sI r r I r +l z z l u l n |l 28s|; 4 0Il r zII r : |I r e| + l Il zr ct ll +z zt ll nz t Il
2 l 4 l 8 l t 6 l : z l r r l z 2 l 4 4 lr s r z : + r s
| I m I t I Al zal
z l + l s l r o l r z l s i t0 z0 40I 2t | +z
|
|
|
|
!
I soI +r I zt I +eI
z l 4 l a l r e l : z l : l 6 l t 2 1z + l+ t I t s I zs
q I r sI : o I r t I z z l
2 l 4 l s l r o l t z l e q lr 5 s l + r l u l r s l o l r s l : o l s l r o i
T l 4 e l s q l s r l s r l z l 1 4I 1 2 1+ 2 1+ s : r + l z t l
s l z s l s z l + r l s t l s l r i l 2 l1l o l s o|l: r | e l + s l so+lIszo: Il ras II
3 l e l z t l z l e l r s l , 1 1+ l r z l x l z t I s l z + l z
zlsslrol
z l 4 l s l r o l t z l o a l 15| t I t+ | zaI seII zqI ssI t: I ee| +qI
3 l e l 2 7l s r l o s l r z l i t l 6 4 l t + l + z l y l z z I e oI z oI o oI z l
sl2sl28l43l2tl
s l o l o l l o l s : I z r I u l z g l+ s| + e l: e I
Indices
p
t7
l8
1 9 l0
23 l 5
29 2 l
3 l 22
37 l 8
4 1 26
43 26
47 3 8
53 J
59 3 3
6 l 44
67 20
7 l 62
7 3 20
79 48
83 l 5
89 6
9? 83
I
6
l3
4
36
33
35
2
6
27
40
8
27
65
30
t8
2t
t 9 20 2 l 22 23 24 25 26 27 28 29 30 3r 32 33
I
26
l2
35
34
l9
l0
t2
t4
54
t3
56
62
37
60
54
38
t2
23
5
33
40
l4
3
24
28
47
26
37
l8
32
37
73
93
l4
t7
l5
29
35
42
l5
48
56
33
s2
46
t7
t7
74
4l
77
t4
21
5
40
28
43
53
5
37
38
t2
5l
65
34
94
l0
II
)
30
34
46
33
47
l0
7
53
60
74
47
I3
82
20
2
l0
t6
t6
42
l3
35
20
l4
t6
8
64
ll
39
22
I Numbers
l l 22
6 l8
I
20 3 | 6 l t 2 l 2 4 l l
t4 2
Irzltrlzz 9
) l5 | 2l 6l18 II
22 1 6 3 3 1 2 4 1 2 36
6
26 52 s l l 4 e l 4 s 3 7
l l 22 4 4 l 2 e l s 8 57
40 l 9 3 8 l 1 5 l 3 0 60
l
28 56 4 s l 2 3 l 4 6 25
l
4l
3 2 t l 5 1 3 5 1 32
40 54
24
34 23 6 e l 4 e l 6 8 l 46
22 44 s | 'o I zoI 40
28 84 t + 1 + + l + t l40
t 3 65 z + l t s l u l 79
I r sI r I
lr:l tlzr
srl:el:+l
22
l 3 37
33 I 3
39
2 1 42
)5
5l
59 5 7
50 3 3
ll
6
47 1 6
59 t 9
80 't7
3l
4
35
1
t4
t'l
39
35
3r
43
53
66
42
57
7l
t2
78
425
Appendix
Indices
p
42
3 5 1 3 6 37 3 8 39 40 4 l
34
17 28
4 l 20
43 3 l
47 34
53 9
5 9 27
6 l 45
6',1 65
7l l0
73 35
79 l 3
83 59
89 36
97 2
19 I
3 8 23
zl
t
29 4
l 8 36
54 49
29 5 8
63 59
70 &
29 72
39 3 8
3 5 70
l 9 57
l 0 50
8
17
6
38
l9
49
35
t2
48
26
3l
68
86
15
20
20
l9
39
55
5l
22
68
35
57
82
56
8
30
23
38
37
3
l3
2l
78
62
26
42
I
24
9
46
l7
l3
6
20
32
76
4l
78
l6
4 4 i | 4 5 i . 4 64',1 48 49
4t
I
Numbers
29
45
39
34
26
t2
69
l4
70
82
56
80
I
37
25
9
52
24
57
70
52
8l
79
12
M
50
l8
43
48
44
58
77
79
59
60
rl
32llel I
4 7 l 4 r l 2 e 5 l 0 20
3 6 1 1 3 1 2 652 45 3 t
2 5 l 5 0 l 3 e t'l 34
2 e l 5 8 l 4 e 3 l 1 6 2l 5 i
2 4 l | 2 6 1 4 067 1 4 3I 1 7
7 1 1 6 3 1 2 342 1 6 41 2 8
? 3 l 6 r l 2 s t) :l611 4 3
? 5 1 6 7 1 5 1l 9 1 3 8| t 1 6
8 8 1 8 6 1 8 062 l 8 1 2 4
e l 4 5 l 3 1 58 t 9 6 1 9 2
1
lndices
5 3 40
59 3
6r l4
67 47
'll 48
1 3 61
19 50
8 3 69
89 72
97 72
27
6
28
27
52
43
7l
55
38
69
I
t2
56
54
9
69
55
27
25
54
48
4l
t5
l5
46
zl
I
54 25
7 5 47
76 89
24
5l
4l
63
53
l5
42
60
25
))
31
30
23
53
33
56
t4
l 7 34
<)
6',7 23
5 7 9 l 67
37
2l
30
34
ll
63
50
I
46
39
18
6l
42
68
69
44
N mbers
3l
1l
55
l3
47
53
29
26
I
22
30
65
62
23
87
33
M
68
33
28
46
83
68
21l|42
50166
rel22
5t15
17
36
37
45
36
7 1 1 3 5 l6
4 9 1 5 1 6l
rlrs
34
39
39
56
72
48
t4
Indices
o o el tl o al o sl i o l u r l n l t t l r a l r s l t t l t t l z t l r e 1 8 0| 8 t
67
7l
73
19
83
89
97
I
60
49
10
6l
55
70
.,'riiiiii
65
26
30
39
76
59
I
29 6 l
5 7 66 3 8 44
{umbt
I
l l 3 3 20 60 22 66 40
6 l2
3
7 8 7 3 63 43
5 l 5 45 46 49
50 6 l
3 1 5 75 84 32
4 20
4l
24
58
63
44 5 3
48 l 3 2(' l s 2 l 2 r 42
85 7',| ) i ' 1 7 01 3 2
24 23 I ti l 9 0 1 6 2 l 9
Indices
p
82
83 I
89 2r
97 95
83184
85186187188 89190 9t192193
63I ll 3 3 l l o l 3 0
87147 4l I ll I 55
I
8l
1 7 1 8 5 37
88
52
94
95
96
N umbrlrs
66 l r s
Table 5. Simple Continued Fractions

for Square Roots of positive lntegers
J7
| , I r,,ll
l: lrr:1-l
is ltz,ql
lolt2:2+t
lt lrz;r,TJ'+t
l sl 0 ) r 2 ; y e t
| [3:6]
Itt I l:;:,ot
I tz I t:;Nl
InItl,r.r,T,l,ol
| 'o I f3:LAGt
i t5 I [3;t,6]
ln|t+:st
Jt s J l + ; + , a l
I ,n I r+;1i;l)"rl
I 20 I I a :2 ,8 1
I zt I t4;iJJJJst
|,z I t+rr,xJ.r"sl
I 2 3| [ + : t . l , r , s ]
I z q I t 4 ;,l 8 1
I zeI ts;rol
ror
I ,, I rs:s,
j 2 8 j t s ; 3 , 2 ,r :o, l
I 2 eI t s : t t J ; J o t
I :o I Is:z,rol
I ,' I ts;r,r-:_:;rr,rol
I 32 | t5:l,l,l,lol
| : l I t s ; r ,rf, r o 1
l:+ I ts;r,+rlot
l:s lts:_ol
I i7 | t6:l2l
i:a j to;o,ut
l:r 116'aJI
] q ol t o ; : J 2 l
io'lto:fut
I 42 ) [ 6: 2 ,t2 1
l aoa, l l u , @ , , r l
l|.6:l.l,l,2,l.l.t.l2l
4slt6;r,t]Jm1
+e1ro,ffirli
4 7 [ [ o ; t , rs,t, z l
48lle;r,rzl
soltz;l+l
5r I tt:t.tql
szltt:+ttfV.u,
426
J7
i 53 I
t-
t7;3,1,1,3.141
54 I t z ; z r e ; J . r + t
I 5 5 tt,T,zl,tqi
I 5 6 II t't;zr+l
l 57 I t7;l,t,4,l.l.l4l
I 58 I I 7 : l , l , l , l . l . l . t 4 l
| 59
I 60 |I t[tl;:nl, dz ,. tt ,qt t+ 1
I 6 l tz;r,q3JJtr,raJJat
I 6 2 II t 7 ; 1 , |6, ,l 4 l
I 63 I t z ; 1 r + t
| 65 I [ a ; t o ]
I 66 I t s ; s T ' t
I 6 1 l E -; 5 2 1 . 1 , 7 , 1 . t . 2 , 5 , t 6 1
I
6 8 | [s:+.
ro]
i 6 9 t-8-: 3 , 3,,41. .13 . 3 . 1 6 1
I 70 ts;zT;,
rJ,lot
-I 7 l l8;22,-l
,1.t ,z,z,tol
| 72 [8;2,16J
| 73 [ 8 ; 1 . 1 , 5 , 5 , 1 . 1 . 1 6 1
I
t g ;l , r J , l , G t
/ ) | [ 8 -;l , r , l , l 6 ]
I 76 I E 1; , 2l , 1 , 5 , 4 ,t 5, t., Z t, , t
I 77 11 [ 8 : 1 , 3 , 2 , 3 , l , l 6 J O ]
l 7 8 I t s :r , q , Tt.6 l
t -
t -
I 11I
I 7 e l ta;ffi.I
80 [ 8 ; l , l 6 l
| 8 2 II [ 9 ;I 8 ]
I 8 3I I q ; e J8 t
I 34 1 [ 9 ; 6 , l 8 l
I
-t -5l
| t q ; {I , l , a , I 8 t
L 16 tq:1.1..-r'r.sJJJmr
l ; J 7 ll [ 9 ; 3 , 1 8 1
l ; 1 8 itq;2JJ,l2,l8t
i ; r e l [\ry,zJal
| .' o i [ 9 ; 2 , 1 8 ]
l;
ll
I [ 9 ;l , l , 5 ,I . 5 .l . I . l 8 l
l . t't- l I l 9 : l , l , 2 . 4 . 2 ..11. 18 1
-l; 3l _
I 9 : 1, 1, 4 . 6 . 4. 1t. 1S l
4l
I g' t
lq6l
l;
I ;8 i
lnq i
- l
rg;mr
[9;1,2,1,18]
lq;t,:,r,rsl
tg:t,s],rrr;l,l.ill
[q;t,a,t,te]
lg;iJTl
Answers to Selected Problems
Sectionl.l
1.
2.
3.
4.
5.
a) 20 b) s 5 c ) : as d ) 2 0 4 6
a ) 3 2 b ) 1 2 0c ) 1 4 4 0 0d ) 3 2 7 6 8
t. 2. 6, 24, 120, 72 05, 0 4 0 ,4 0 3 2 0 3, 6 2 8 8 03, 6 2 8 8 00
l , 1 2 0 2, 5 2 , 1 2 0I ,
8 4 .1 2 6 2. 1 0
g.
2n
\ n + D/ 2
10.2n
rr. 65536
2 1. x : y : l . z : 2
Section 1.2
:
l . 9 9 : 3 ' 3 3 , 1 4 5: 5 ' 7 9 ,3 4 3 : 7 ' 4 9 , 0
e
)
2. a).c), d),
3. a) 5,15 b) 17,0 c)-3,7 d)-6,2
*.b
4. a:
13. b) 3
1 1 . 0 i f a i s a n i n t e g e r ,- l o t h e r w i s e .
2 3 . b ) 2 0 0 . 4 0 , 8 , I c ) 1 2 8 ,l 8
2 4 . 2 0 + l 8 [ x - l ] , S t . 0 8n o , $ 1 . 2 8Y e s
888'0
Section 1.3
l.
2.
3.
4.
( 5 5 5 4 ) r ,( 2 f i 2 ) r c
( 3 2 8 ) r o (. l I I I l o o o o o o ) 2
( t r s ) , u , ( 7 4 E )6
( t O t O t 0 lI I l 0 0 l l 0 l I l l 0 l I I l ) 2 , ( t t O t I 1 l 0 l I I I l 0 l 0 l l 0 0 l I l 0 l l 0 l ) 2 ,
( r o o tl o l o o o o o l ol )l 2
6 . b ) - 3 9 , 2 6c ) ( t o o l ) - 2 (, l l 0 0 l l ) - 2 ,( 1 0 0 1 l 0 l ) - z
t l ' 3 ! + l ' 2 ! , 3 8 4 : 3 ' 5 !+ l ' 4 !
1 4 .i l t + : 2 ' 3 1 + l ' 2 1 . , 5 6 : 2 ' 4 +
Section1.4
l.
2.
3.
4.
5.
6.
't
.
8.
( r o o t 0l o l l o ) 2
(rttilolll)z
( r o tt 0 0 0 l l 0 l ) 2
( l l l o ) 2 .( l o o o l ) 2
(too65)ro
( 3 3 8 F )r e
(8705736)
r6
( l I C) r c ,( 2895)r o
428
A nsw ers to S el ected probl ems
2 3 ' a ) 7 g r o s s , 7 d o , z e n , a n d g e gb
g )s i l g r o s s , 5 d o z e n , a n d
lreggs
c) 3 gross,I I dozen,and 6 eggs
Section 1.5
a) prime b) prime c) prime d) compositee) prime f)
I
composite
7. 3,7,31,211,2311,59
r 0 . i l 2 4 , 2 5 , 2 6 , 2 7 , 2 9b ) 1 0 0 0 0 0 +
. l 2 , 1 0 0 0 0 0 1 !3+, . . . , 1 0 0 0 0 0 11!0+0 0 0 0 1
t4.53
16. a) 1, 3, 7, 9 ,1 3 ,1 5 ,2 1 ,2 5 ,3 1 ,3 3 ,3 7 ,4 3 ,49,51,63,67,69,73,75,7g,g7.93.99
Section 2.1
l. il5 b) lll c)o d) I e)rr il2
4. I if a is odd and b is evenor vice versa,2 otherwise
5. 2t2l
14.il2 b)sc)ssd)3
e)t f)1001
15. 66, 70, 105
; ,7 0 ,1 6 5
66
o ;r 4 2 ,7 0 ,1 6 5
1 9 . ( 3 k + 2 ,5 k + 3 ) : I s i n c es 3 k + D _ 3 ( 5 k + 3 ) : I
Section 2,2
l.a)rsb)6dZd)s
2 . a ) r s : 2 . 4 5 + ( - l ) 7 5 b ) 6 - 6 . 2 2 2+ ( _ 1 3 ) 1 0 2
c ) z : 6 5 ' 1 4 1 4 + ( - r 3 8 ) 6 6 6d ) 5 : 8 0 0 . 4 4 3 5 0+ ( - 1 1 0 1 ) 2 0 1 8 5
3 . a ) I : l ' 6 + l . l 0 + ( - t ) t 5 b ) 7 : 0 . 7 0 + ( _ l ) 9 g+ 1 . 1 0 5
c ) 5 : - 5 . 2 8 0 + 4 . 3 3 0+ ( - t ) + o s + 1 . 4 9 0
4. ilZ
s. il2
Section 2.3
l . i l 2 2 . 3 2b ) 3 . 1 3 c ) 2 2 . 5 2d ) 1 7 2 d , 2 . l . l l f ) 2 8 g ) s . r o l i l 2 3 . 4 3i ) 2 4 . 3 2 . 5 . 7
| 2 6 5 3 k ) 3 . 5 . 7 I23. l ) 9 . 1l . l 0 l t , 1 t,,l i
8 . b ) 2 r 8 3' 8 . 5 7
4 . 11 . 1 3t 7. . t g
9. 249,331
1 0 . 3 0 0 ,3 0 1 ,3 0 2 ,3 0 3 ,3 0 4
| 2 . b ) 5 , 9 |, 3 , 17 , 2l , Z g , 3 , 3 7 ,14, 4 9 , 5 3 , 517,,669 ,37, 77 , g g ,3g. g 7
.lOl
d ) 6 9 3 : 2 1 . 3 3: 9 . 7 7
1 4 . il 24 b) 210 c) r+o d) I l2l I e) soo+oil 3426s7

1 5 . i l 2 2 3 35 37 2 . 2 1 3 s s 5 7 7 b ) 1 , 2 . 3 . 5 . 7 . 1 1 . 1 3 . 1 7 . 1 9 . 2 3 . 2 9
d 2 . s . 1 1 , 2 3 . 3 . 5 7 1. 71.1 3 . 1 3d ) 1 0 1 1 0 0 0 , 44l f7i r r 7 g | rg 3 i l r l 0 l r 0 0 l
1 7 . 1 8 , 5 4 0 3; 6 , 2 7 0 : 5 4 ,1 8 0 ;9 0 . 1 0 8
2 1 . 308,490
25. a ) 3 0 , l 0 0 l
29. a f u c ) 2 . : r , r 5 r
f ) 3 3 . 5 . I73. .1 9 . 3 7 . 7130. 9
3 0. 1 0 3
d ) 3 2 . 5 ..71 3 . t 7 . 2 4 te ) 5 2 1. 3 . 4 1 . 6 t . 1 3 2 1
429
Section 2.4
l . i l z z ' q l ' e u b ) 7 ' 3 7 ' 5 3 ' 1 0 7c ) t 9 2 ' 3 r ' 4 9 6 9
toot'1999 f) 4957'4967
2 . u ) r : . s q r b ) 7 3 c ) t z ' 6 + t d ) 1 0 3 ' 1 0 7e )
lz' 5 l3' 2nlogrc2
7
.
5
'
5. d17,347 6. d)13'17,41.61,293'341313'3?'109
Section 2.5
l. a)x:33
*5n.1:-ll-2n
l 3 n'il
'y -4OO-11n
d)nosorution ,x'ZI cb1 y =-zi^\n
b) x:*300*
-;13:::il;4,-"44r,
i l x : 8 8 9 + 1 9 6 9n , Y : - 6 3 3 - 1 4 0 2 n
2. 39 Frenchfrancs,I I Swissfrancs
0f
3. 17 apples,23 oranges 8-'l.
"Pt
4. l8
=(25,0),(22,2),(19,4),(16,6),(13,8)'
5. a) (14-centstamps,2l-centstamps)
(
1
,
( 1 0 , 1 o ) ,( ? , 1 2 ) , ( 4 ,1 4 ) , 1 6 )
b) no solution
=(54,1)' (51'3)' (48' 5)'(45'7)'
c ) ( 1 4 - c e nst t a m p s , 2 l - c e ns t a m p s )
(
(
3
3
,
1 5 ) , 3 0 , l 7 ) , ( 2 7' 1 9 ) '( 2 4 ' , 2 r \ ' , ( 2 1 ' , 2 3 ) ' ,
( 4 2 , g ) , ( 3 9 ,1 1 ) ,( 3 6 , l 3 ) ,
3 1 ) ,( 6 , 3 3 ) ,( 3 , 3 5 ) ,( 0 ' ,3 7 )
2
9
)
,
(
9
,
( 18 , 2 5 ) ,( 1 5 , 2 : 7 ) , ( 1 2 ,
10.a)3 t)ze d242
- l-n
b) no solution
I l . a ) x : 9 8 - 6 n , ! : | * 7 n ,z
: 150-3n, w -- fr
c ) x : 5 0 * n , l : - 1 0 0 + 3n, z
( 1 4 ,8 , 2 ) , ( 1 1 , 1 2 , 1 ) '
(1
:
t2. (nickels,dimes,quarters) ( 2 0 ,0 . 4 ) , 7 , 4 , 3 ) ,
( 8 .1 6 , 0 )
4 l s t a n d b y 1 4 . n o 1 5 . 7 c e n t sa n d 1 2 c e n t s
1 3 . 9 first-class,l9 second-class,
Section 3.1
l. a) l,2JlP$ 1,3,9,27,3J,111,33
. .3' i,t9 9 9
"ff2,
4 . i l g b) b c ) o d ) 1 2 d + f) I
9.
0
I
2
J
4
5
0 | 2 3 4 5 10.
0
l0r 2345
I
2
3450
lr
z
4501
3
lt 32 4
5012
4
0r23
5
ls 0 t234
J
t -
l o,
0 | 2
054
105
2r0
321
432
543
3 4 5ll. x 0r23
0 0 0 0 0
321
I 0 I 2 J
432
2 0 L + 0
543
J
0 J 0 J
054
.+ 0 4 2 0
105
5 0 5 4
210
J
5
0
5
A
J
2
I
12. a) 4 o'clock b) 6 o'clock c) 4 o'clock

I 3 . 0 . I, 5 , 6
14.a 7 + b (modp)
17. n 7 + I (mod 6)
l 3,15,17,19,21,23,25
1 8 . 1 , 3 , 5 , 7 , 9l , 1
2t.a\qzlr)zc)t8
(modp) whenp is prime andpla
26. a) t b) I cl f O) I e) ap-t = 1
l
t
(
p
l ) ! : - l ( m o d p ) w h e np i s p r i m e
l
e)
d)
c)
27. a) -1 b)
30. a) 15621
430
Section 3.2
L a) x:3 (mod 7) b) x:2,5,g (mod
9) c) x=7 (mod 2l)
e) x=812 (modl00l) f) x:1596 (mod
t5g7)
2. c) x=5 (mod 23)
3. I t hours
4 . 6 - 0 , 6 , 1 2 , 1 8 , 2 4( m o d 3 0 ) , 6 s o l u t i o n s
d) no solurion
s.a)r:D7c)sd)t6
8 . a ) ( x , y )= ( 0 , 5 ) , \ t , D . , e . O , ( 3 , 3 ) , ( 4 , 0 ) , ( 5 ,(4m) o
, (d6 , 1 )
7)
b ) ( x , y )= ( t , l ) , ( 1 , 3 ) , ( t , 5 ) , t r , z l , t : , o l
,
G
,
z
i
,
i
i
'
,
q
j
,
i
r
,
ul,(5,1),(5,3),(5,5),(5,7),
(7,0),
(7,2).(7,4),(l.0
(modg)
c ) ( x , y )= ( 0 , 0 )( ,0 , 3 )( ,0 , 6 )( I, , I ) ,( I ( I
, 5()2, , g )( ,3 , 0 )( ,3 , 3 )( ,3 , 6 ) ,
( 4 , 1 ) , ( 4 , 4 ) , ( 4 , D , $(,5D, 5, ) , ( 5,,4g)l ,, r,e7,),o( l2, ,r2o, )(, 2
:J,-ii,il
,
(7,1),(7,4),(7,7),(g,2),
( 8 , 5 ) , ( g , g )( m o d
9)
d) no solution
Section 3.3
l ' a ) x = 3 7 ( m o dl g 7 ) b ) x : 2 3
( m o d3 0 ) c ) x : 6
( m o d2 r 0 )
d ) x = 1 5 0 9 9 9( m o d 5 5 4 2 6 8 )
*201
4. 2l0l
8. a) x = 28 (mod 30) b) no solution
10. a) x :23 (mod30) b) x = 100 (mod
210) c) no solurion
d) x : 44 (mod g40) e) no solution
il. 30t
| 3. 0000,0001,0625,9376
1 7 . 2 6 f e e t6 i n c h e s
Section 3.4
l . a ) ( x , y ) = ( 2 , 2 ) ( m o d 5 ) b ) n o s o l u ti o n
c ) (x,y) = (0,2),(1,3),(2,4),(:,0) or
(4,1) (mod5)
2 . a ) ( x , y ) = ( 0 , 4 ) ,( l , l ) , (2 ,5 ),(3 ,2 ),(4 ,6 ),(5 ,3),(6,0)
(mod7) b) no sol uti on
3. 0, l, p, orp2
l0
4. a)
tt -)
1. a)
8. a)
l 0 orll b ) ls rl c ) fr 4 l
l\ o 2/ l
lt -, rJ
U /
{q
I
4 3J
[z o 6l
ls 5 5 4
ll 4 oj
l5
l) 545
l 4 t o l b )l z ' o l c ) 4 5 5
4 4)
lr
lr
[4 555
9. a) x :0,y
E 7,2 -2 (mod7) b) x :
= 5 , - y = 5 , , = 5 , w = 5 ( m o d7 )
c)
r 0 . i l 0"b ) 5 c ) 2 s d ) l
l , - y E 0 , 2 = 0 ( m o d7 )
431
Answ er s t o S elec t e d P ro b l e ms
Section 4.1
a) 28 b) 24 c) 2ro d) 2t
a) 53 b) 54 c) 5r c) 5e
9 d) not bv 3
a) by 3, not by 9 b) by 3, and 9 c) by 3' and
no
d)
no
c)
b)
a) no
Yes
3, and by 9 b) those with an
a) thosewith their number of digits divisibleby
of digits divisibleby 6
numbcr
with
their
even number of digits c) those
(same ior 7 and for 13) d) I 1
* a5 aaa3l at apo (mod 3l)'
8 . o z r o 2 n - t . . . a p s - a z n o 2 n -at z n - z*
l.
2.
3.
4.
5.
3 7t r4 $ 6 e 2 . 3 7l1019 2 7 8 s
10.
ll.
12.
I 3.
d) yes
a) no b) not by 3, by 5 c) not by 5' not by 13
73e
'!-6
check d) no' for example
a) incorrect b) incorrect c) passescastingout nines
check
passes
part (c) is incorrect,but
Section 4.2
2.
a) Friday
e) Saturday
i) Monday
c) Monday
g) Tuesday
k) Friday
b) Friday
f) Saturday
j) Sunday
d) Thursday
h) Thursday
l) Wednesday
Section 4.3
l. a)
')
Tcanr
()
,4
t
Round
b)'c
')
b-vc
b)'c
b\,c
brc
,|
't -l - l
-l
')l
-l
-- ----- 1
I
,1
.4
bvc
blc
4 : 3 , 4 ' R o u n d5 :
: o u n d l : 4 , 5 . R o u n d2 : 2 , 3 , R o u n d3 : 1 , 5 ,R o u n d
3 . a ) H o m et e a m s R
t.2
Section 4.4
5 . 5 5 8 , 1 0 0 2 ,2 t - t 4 ,4
432
Section 5.1
l. _l
l"
2. I
4.4
5. a) x : 9 (mod 17) b) ,r :
18. I
24. 52
17 (mod 19)
Section 5.2
t7. 7.23.67
Section 5.3
l . a ) 1 , 5 b ) 1 . 2 , 4 , 5 , 7 , cg ) 1 , 3 , 7 , 9 d )
1 , 3 , 5 , 9 , , . 1 3e ) t , : . s , 2 , 9 . , , t 3 . 1 5
11\
1m-l
a r . J \ . . , \ L
5. ll
9. a) x :9 (mod 14) b) x : 13 (mod
15) c) -r = 7 (mod t6)
ll. a) r b) I
1 2 . d ( 1 3 ): 1 2 , 0 0 4 : 6 . a ( 1 6 ) : 8 ,
d ( I 7 ) : 1 6 , , r ( r 8 :) 6 , o ( t g ) :
Section 6.1
il
t 8 , d ( 2 0 ): 8
l. il +o b) t28 d t2o il 5760

2' a) 1,2 b) 3, 4, 6 d no sorurion d) 7,
9 , 1 4 ,a n d r g e ) n o s o r u t i o n
f ) 3 5 , 3 9 , 4 5 , 5 2 , 5 6 , 7 0 ,J 2 , 7 g , g 4 , g 0
3 ' i l l ' z b ) t h o s ei n t e g e r sn s u c h t h a t 8 n : a l
n . a n dn h a s a t l e a s to n c o d d p r i n r c
|
factor; n has at reasttwo odd prime factors;or
n has a prime factor p = t (mod 4)
c)zk,k:1,2,._.
Section 6.2
1. a) 48 b) 399 d 2sqo d) 2r0r_l e)
6912
2.il9
b)6 c)rs
il2s6
3. perfect squares
4' thosepositiveintegersthat have only even powers
of odd primes in their primepower factorization
5 . a ) 6 , r r b ) r 0 ,r 7 c ) | 4 , | 5 , 2 1
, 2 3 d ) 3 3 , 3 5 ,74 e ) n o s o r u t i o n f ) 4 4 ,6 5
6.a)t
02
dq
d)t2
dtgz
f)45360
8' a) primes b) squaresof primes c) products
to two distinct primes or cubesof
primes
9.
nr(n) /2
1 0 .a ) 7 3 , 2 5 2 . 2 0 4 4
b ) r + p k c ) ( p k u + r t _ D / g k _ Do
ii<tta,*t)_D/Qf_t)
j:l
Section 6.3
1 . 6 , 2 9 , 4 9 6 ,g I 2 g , 3 3 5 5 0 3 3 6g, 5 g g g 6 9 0 5 6
An sw er s t o S elec t e d Pro b l e m s
b) 945
3. il t2,18,20,24,30,36
7. a ) , c ) P r im e
8. a),b),d) Prime
Section7.1
l . D W W D FN D W G D Z Q
2. I CAME I SAW I coNQUERED
3. IEXXK FZKXCUUKZC STKJW
4 . P H O N EH O M E
5. t2
6. 9.t7
'r d (mod 26)
7 . i l C : 7 P + 1 6 ( m o d2 6 ) b ) C : a c P * bc
EXPLOSIVESINSIDE
8 . A ) V S P F X HH I P K L BK I P M I EG T G b )
Section 7.2
RL OQ NZ OF XM CQ KE QI VD AZ
THIS
2. IGNORE
2
4
]
Il
12425)
l.
J.
4. a) t b) l3 d 2 6
6.
Iz t: I I
I I 23101
1 2 5 37 )
matrix Itj 163]

i. digraphicHill cipherwith enciphering
000
310
12 310
l o 0o 22 tt 37
l0
l.00 00s
[52
ro
1 3rI
ol
ol
0l
r lI
'l
rl
Section 7.3
l.
Z.
4.
5.
6.
t 4 t 7 t 7 2 7 l l 1 7 6 5 7 6 0 77 6 t 4
D O N O T R E A DT H I S
G O O DG U E S S
92
150
Section 7.4
l . 1 4 5 33, 0 1 9
3 . 1 2 1 51 2 2 4t 4 7 l 0 0 2 30 l 1 6
4 . E A T CHO CO L A T EC AK E
433
434
5 ' a) 037103540 8 5 80 8 5 80 0 8 71 3 5 9
0 3 5 40 0 0 000871543I 7g7 053sb) g
001 0977
0274
0872
ffi8 #l
3l1i'u*
082r0073084s
07400000
0008
0r480803
04r5
6' d 004200560481048107630000
00510000 029402620995049505:|'
ag72
00000734 015206470972
7 ' d ) 1 3 8 31 8 1 2 0 3 5 2 0 0 01 03 8 30 1 3 0
1 0 8 0r 3 5 r r 3 8 3r 8 1 2 0 1 3 0 0 g 7 2 r 2 0 8
0956
00000972l5l5 0 9 3 7 1 2 9 71 2 0 82 2 7 3
l 5 l 5 0 0 00
8. 0872I 152 15 3 70 1 6 9
Section 7.5
l. a) yes b) no c) yes d) no
4 . l 8 : 2 * 1 6 : 2 * 3 * 1 3: 3 * 4 * l I :
7*l I
5 . ( t z , s t , g 5 , g1,6 , 4 g , 6 4 )
6. 6242382306332274
g. (44,37,7
4,72,50,24)
1 0 .a ) 0 o: 2 . 3 . 1 0 : 2 . 5 . 6 : 6 . 1 0
b ) 1 5 9 6 0 :g . 2 1 . 9 5
Section 7,6
l. a) 36962
, 6 4 0 , 5 6 0 0 , 3 g 5b ) 5 3 g 9
2. 829
Section8.1
l. il4 04
c)6
2 . a ) 3 b ) 2 ,3 c ) 3 , 7 d ) 2 , 6 , 7 ,l l
4.4
1 6. il 23. 89
18. d 2209
e ) 3 ,5 f ) 5 , I I
Section 8.2
L a)2 04 c)8 d)6 e)t2 f)22
4. il q b) the modulusis not prime
6. 1
i l . b) 6
1 2 . c ) 2 2 , 3 7 g, , 6 , g , 3 g .2 6
Section 8.3
l.
2.
3.
4.
5.
4 , 1 0 ,2 2
ilz
02
c): il2
il2 02 dz
d)3
a)5 b)5 c)rs d)15
7 . 1 3 . 1 7 t. 9
Section 8.4
l . i n d 5 l: 2 2 , i n d 5 2 : 2 . i n d 5 3: 1 6 , i n d 5 4 : 4 ,
i n d 5 J : I , i n d 5 6:
1 8 ,i n d 5 7:
19.
435
ind58:6,ind59:l0.ind5l0:3'indsll:9'ind:12:20'ind5l3:14'indi14:71'
ind5l5:l7,ind5l6:8.ind5l7:7'ind5l8:12'indslg:15'indr2O:5'
i n d 5 2 l: 1 3 ,i n d 5 2 2 : l l
(mod23)
2. a) -r=9 (mod23) b) x=9'14
s
olution
:
(
m
o
d
n
o
b
)
2
2
)
1
8
7
,
x
3. .)
- 1 . a : 2 . 5 ,t l r 6 ( r n o d l 3 )
(mod29)
5 . b : 8 . 9 . 2 0 o. r 2 l
5
9
.
9
0 . 9 9 .I 15 . 13 4 , 1 4 4 . 41 5 .I 4 9 , o r | - 5 2( r . I l o dI - 5 6 )
3
10,16,57,
6. ,r
( r n o d2 3 ) , o r x E 1 , 1 2 . 4 5 . 4 1 . 7 t t ' 9 1 ' 9 3 ' 1 0 0 ' 1 3 7 ' 1 3 9 ' 1 4 4 '
T . x = I ( m o d 2 2 ) .a - 0
3 6 7 ' 3 6 9 ' 36t ,t , 1 | 3 . 451, 4 . ] 0 '
' 32 3 2 . ? . 5 2 . 2 5 45,,2277 7. 3 2l , 3 2 3 ,
1 8 3 l' 8 5 . 1 8 8 , 2 1 0 , 2 2 9 l, 2
4 5 9 , 4 6 1o. r 4 9 6 ( m o d 5 0 6 )
( m o d l 2 ) , ' t - 4 2 ( n r o d8 )
lt. a) (t,Z), (0,2) c) -x = 29
= 1 7 ( m o d6 0 )
12 b) (0,0, 1, l), (0,0' 1,4) d) 'x
l6.b)(49938.gg8.7O1@.4993999811):'74999249..,
Section 8.6
g o f) 3 8 8 0 8 0 g ) 8o+ o h) I 254I l 328000

r . a ) 2 0 b ) 1 2 c ) : 0 d ) 4 8 e) t
d ) 5 , l 0 ' 1 5 .1 6 , 2 0 ,3 0 ' 4 0 ' 4 8 ' 6 0 '
2 . a ) t , z b ) 3 , 4 , 6 ' 8 . 1 2 .2 4 c ) n o s o l u t i o n
1 2 ' 8 4 '1 2 6 '
q,
8 0. 120,240 e) no s o l u ti o n f ) z . 1 4 ,1 8 .2 1 . 2 8 , 3 6 . 4 2 . 5 6 , 6 3 .
I 6 8. 252.504
3.65520
4. a)tt b)2 c)l d)ll e)tg f)38
I 4 . 5 .I 3 ' l ' l ' 2 9 .5 ' l T ' 2 9 5, ' , 2 9 ' 1 3
Section 8.7
62'"
5 , 2 5 .6 2 . 8 4 .- s '2 5 .
l . 6 9 , 7 6 , 1 7 , 9 2 , 4 6I, I ' 1 2 .1 4 .1 9 .3 6 , 2 9 , 8 4 ,
p
e
r
i
o
dl e n g t hi s 9
.
.
.
.
7 . 6 . 1 3 , 1 0 , 1 4 , 1 5 , l , 7 ' 1 8 .1 6 .6 , l 3 3. l0
tttz:
6) l o z 3 z +
" 7 .a ) l t
b ) 7 1 5 8 2 7 8 8 2c ) 3 l d ) 1 9 5 2 2 5 7 8 c
9 . 1 , 7 4 , 2 5 ,I 8 , I 2 , 3 0 ' l l . l 0
Section 8.8
l . a ) s b ) 5 d 2 d ) 6 e) 30 i) 20
2. a)2 b)3 d2 il2 e)5 t)7
3. a) usesPreads : 3 b) u s es p r e a sd : 2 l
c ) u s cs P r c a sd : 2
Section 9.1
l, l6.l7
I . a ) t b ) I , 4 c ) I , 3 , 4 , 9 , 1 02, 1 d ) 1 , 4 , - s , 6 , 7 , 9 . 1
2. l,l,-1,1,-1,-l
(mod 7) c) no solution
I l. a) -r = 2,4 (mod 7) b) -r = |
(
m
o
d
l5)
15. .r = 1,4,11,14
36. c) DETOUR
436
Answersto Setectedproblems
Section 9.2
l.a)-l
b)-l
c)_l
d)_l
4.p=+l(mod5)
+1,*3,+g(mod2g)
5.p=
e)r
f)l
Section 9.3
l.a)r
b)-lc)r
d)l
e)_l
f)l
2. n :
1 , 7 , 1 1 , 1 7 , 4 3 , 4 9 , 5 3 , o r 5 9( m o d 6 0 )
3. n = 1,7,13,17,19,2937,71
9 ,1g, 3
1 ,0 1 , 1 0 3 , 1 0 7 , 1 0 9 ,o1r1 I3l,9 ( m o d 1 2 0 )
9. a) -l
b) -l
c) -r
Section l0.l
6. a) .lb) .ar6c) .92nr6 d) .5 e) xOq f) .000999

i. a) (:s)g b) (.2)sc) (.r+o:), ai'f.'i6, e ) (.052)6f) (.02721350564)R
8 u)3 b)+ dL
25
90
33
s.u)Sb)+.)Ad)
el6
343
70
20
I 365
10. b :2s'3s'5"7"',wheres1,.92,s3,
and sa are nonnegative
integers,
not a1 zero
ll. a) 2,1 b) l,t c) z,t d) 0,22 e) 3.e rl o.o1
12. a) l, o b) 2 ,0 c ) 1 ,4 d ) 2 ,1 e ) l ,l f) 2 .4
t4. a) 3 b) l1 d tt d) l0l d +t.zT D 7.13
0 l I 1 I 2 t_2 3 1 4 3 2 5 3 4 5 6l
23. a)
T'i' 6'T';'t't't';,r,7,T';,;';,;';,;,;
Section10.2
l . i l t 5 / 7 0 t 0 / 7 d o l z l d ) 3 s s / l l 3 d z f ) 3/2
d s/3 h) 8/5
2 . a ) [ t ; s ] U )B ; z l c ) [ 0 ; 1 , 1 , 1 , 9 d] ) [ 0 ; 1 9 9 , 1 , e
4 )] [ - | ; 1 , 2 2 , 3 , 1 , 1 . 2 , 2 1
f ) [ o ; 5l , l , z , l , 4 , l , 2 l l
Section10.3
I . a ) [ l ; 2 , 2 , 2 , . . .b1) [ t ; 1 , 2 , 1 , 2, 2, 1, . . . )c ) [ 2 ; 4 , 4 , 4 , . .d) ) t
[ ;1,1,1,...J
2 . 4 _ l , L ! , s , t b ) 6 J , l , l , J c ) 0 , 2 , 6 , 1 0 , 1 4d ) 0 , 1
,3,5,7
? 312689
99532
/^\238il1997106193
l- l'3'4 ^7'32'39'7t:
4t 69
o,
9 l l 1 3 -1 3 5 ' 1 5 7t 7 g ' 2 0 12 2 3 z 4 s 2 6 7 z } s 3 l l
l l . d ) 2g1
'7g 'g5 ,lt,f
t5'22'29'36,Jt,E-'T,d,7l
Section 10.4
l.
a) to;FrZt
IU,t,t,+1b) t3;:,61c) ta;l":,r.sl
3. a) (z: +.,/Til/rc b) (-l +,/+sl/z c) (s + .,Fazlto
4. b) [ lo;20]
I4t:il)
, 117:frl,
2 . ")
a) [l;2]
437
tt o:z2o|lte;Tt4I?q,2,+t1
5. c) [q;j,J8],
I l6;l,t5,1,321
6. d to:ffil, 17:7,t41,
I l. b), c), e)
Section I l.l
; ',12',13;9'
b) 3'4'5;6'8'105
l . a ) 3 , 4 , 5 : 5 , 1 2 , 1 31;5 , 8 , 1 7 : ' 7 , 2 4 , 2 5 : 2 1 , 2 O , 2 9 : 3 5 , 1 2 , 3 7
l ;8 ' 2 4 ' 3 0 ; 3 0 ' 1 6 ' 3 4 ;
1
0
'
2
4
'
2
6
:
2
1
'
2
0
'
2
9
12,15;15,8,17:12,16,20:7,24,25;15,20,25;
; I 5,36,39;24,32,40
21,28,35,35,12,37
I (m2+Zn2)
1
' - 2\
w h e r em a n d n a r e p o s i t i v e i n t e g e r s .
: n l n , z- - :
:
8. x
;(m"-Zn"),Y
t
i^l
where m and n a(e positiveintegers,
: ^r,, :
L(2^2-nz),!
,:
+Q.m2+n2)
*>it,li,
9. , -
andn is even
l-{^z-3n2),y
*rrTln,andm
|
,
) , r
?\
r- - ^^ --- ^-,{
-o
^^"iti'r,
integers,
positive
m and n, - âre
: mn,, where
f,(^2+3n2)
= n(mod 2)
Section 11.3
+ l'y:
b)nosolutionc)x:
a)x:!2,y:0;x:+l,y:!l
+
5
'
l
:
0
;
x
:
*
1
3
'
y:+3
b)nosolution c)xt3,y:*l
a)x:
:
:
9
8
0
1
,
:
:
1
8
2
0
x
13 b)
70,y
Y
a) x
: 829920;x : 42703566796801,
X : l 52Q,y : 273 ; x : 4620799,y
: 766987012160
Y
6. a), d), e), g), h) Yes b)' c)' f) no
'1.
! : 19892016576262330040
x : 6239'765965'120528801,
l.
2.
3.
5'
+2
Bibliography
BOOKS
Number Theory
l'
w. W. Adams and L. J. Goldstein, Intoduction to Number Theory,

Prentice-Hall,EnglewoodCliffs, New Jersey,1g76.
2.
G. E. Andrews, Number Theory, w. B. Saunders,philadelphia, lg7l.
3.
T. A. Apostol, Introduction to Analytic Number Theory, SpringerVerlag, New York, 1976.
4.
R' G. Archibald, An Introduction to the Theory of Numbers, Merrill,

Columbus,Ohio, 1970.
5.
I. A. Barnett, Elements of Number

Schmidt, Boston, 1969.
6.
A. H. Beiler, Recreations in the Theory of Numbers, 2nd ed., Dover,

New York, 1966.
7.
E. D. Bolker, Elementary Number Theory, Benjamin, New york, 1970.
8.
Z. I. Borevich and I. R. Shafarevich, Number Theory, Academic press,

New York, 1966.
9.
D. M. Burton, Elementary Number Theory, Allyn and Bacon, Boston,

t976.
Theory, prindle, weber,
and
10. R. D. Carmichael, The Theory of Numbers and Diophantine Analysis,

Dov er , New Y o rk , 1 9 5 9 (re p ri n t o f th e o ri gi nal 1914and l 9l 5 edi ti ons).
I l.
H. Davenport, The Higher Arithmetic, 5th ed., Cambridge University

Press,Cambridge, 1982.
12. L. E, Dickson, History of the Theory of Numbers, three volumes,

chelsea, New York, 1952 (reprint of the l9l9 original).
13. L. E. Dickson, Introduction to the Theory of Numbers,
New York 1957 (reprint of the original 1929 edition).
438
Dover,
Bi b l i ogr aP hY
439
N ew Y ork'
1 4 . H. M . E dwar d s , F e rm a t' s L a s t T h e o re m,Spri nger-verl ag,
1911.
15. A.A.Gioia,TheTheoryofIYttmbers,Markham'Chicagol970.
Birkhausero
1 6 . E. Grosswald,,Topicsfrom the Theory of Numbers, 2nd ed.,
B o s t o n ,1 9 8 2 .
t'7. R. K. Guy, l.)nsolvedProblems in l,{umber Theory, springer-verlag,

N e w Y o r k , 1 9 8 1.
Theory of
1 8 . G . H. Har dy a n d E. M . W ri g h t, A n In troducti on to the
1919'
Oxford,
5th ed., Oxford University Press,
1,,{umbers,
New York
1 9 . L. Hua, Introduction to Number Theory, Springer-verlag,
l 982.
20. K. Ireland and M. L Rosen, A Classical Introduction to Modern
I Y um berT heo ry ,Sp ri n g e r-Ve rl a gN, e w Y o r k, 1982'
2 1 . E . Landau,E l e m e n ta ryN u m b e r T h e o ry ,C hel sea,N ew Y ork, 1958'

2 2 . W. J. LeVeque, Fundamentals of Number Theory, Addispn-Wesley,
1977.
Reading,Massachusetts,
2 3 . w. J. LeVeque, Reviewsin Number TheOry, six volumes, American

M at hem at ic a lS o c i e ty ,W a s h i n g to n ,D .C ., 1974'
2 4 . C. T. Long, Elementary Introduction to Number Theory, 2nd ed.,

Heat h, Lex in g to n ,M a s s a c h u s e tts1,9 7 2 .
(no date)'
25. G. B. Matthews, Theory of Numbers, Chelsea,New York
26. I. Niven and H. S. Zuckerman, An Introduction to the Theory of
Num ber s , 4t h e d ., W i l e y , N e w Y o rk , 1 9 8 0 .
2l.
O. Ore, An Invitation to Number Theory, Random House, New York'

t967.
28. O. Ore, Number Theory and its History, McGraw-Hill, New York,
I 948.
29. A. J. Pettofrezzo and D. R. Byrkit, Elements of Number
Prentice-Hall,EnglewoodCliffs, New Jersey,1970'
Theory,
30.
H. Rademacher, Lectures on Elementary [t{umber Theory, Blaisdell,

New York 1964,reprint Krieger, 1977.
31.
P. Ribenboim,1-JLectures on Fermat's Last Theorem,Springer-Verlag,

New Y or k , 1 9 1 9 .
440
B i bl i ography
32. J. Roberts, Elementary Number Theory, MIT

Massachusetts,
1977.
press, cambridge,
33. D. shanks,solved and unsolvedproblemsin Number

Theory,2nd ed.,
Chelsea,
New york. 197g.
3 4 . J. E. Shockley, Introduction to Number Theory, Holt,
Rinehart, and
Winston, 1967.
3 5 . w. Sierpifski, Elementary Theory of Numbers, polski

Akademic Nauk,
Warsaw, 1964.
3 6 . w. Sierpifiski, A selection of problems in the Theory

of Numbers,
PergammonPress,New york, 1964.
3 7 . w. Sierpirlski, 250 problems in Elementory Number

Theory, polish
ScientificPublishers,Warsaw, 1g70.
3 8 . H. M. Stark, An Introduction to Number Theory, Markham,

chicago,
1970;reprint MIT press,cambridge, Massachuseits,r9ig.
3 9 . B. M. Stewart,
The
New York, 1964.
Theory
of
Numbers,
40. J. v. Uspensky and
2nd, ed., Macmiilan,
M. A. Heaslet, Elementary
McGraw-Hill, New York. lg3g.
Number
Theory,
4l'
C' Vanden Eyden, Number Theory, International Textbook,

Scranton,
Pennsylvania,1970.
42.
I. M. vinogradov. Elements of Number Theory, Dover, New york,

t 954.
Number Theory with Computer Science
4 3 . A. M. Kirch, Elementary Number Theory: A computer Approach,

Intext, New York, 1974.
44. D. G. Malm, A computer Laboratory Manual

for Number Theory,
COMPress, Wentworth, New Hampshire, 1979.
4 5 . D. D. spencer, computers in Number Theory, computer science press,

Rockville, Maryland, 1982.
Bi bl i ogr aP hY
441
CryptographY
Hayden, Rochelle Park,
46. B. Bosworth, codes, ciphers, and computers,
New JerseY,1982.
Addison.Wesley,
47. D. E. R. Denning, Cryptography and Data Security,
1982'
Reading, Massachusetts,
Aegean Park Press,
48. w. F. Friedman, Elements of Cryptanalysis,
Laguna Hills, California, 1978'
49.A.Gersho,ed.,AdvancesinCryptography'Dept'ofElectricaland
1982.
computer Engineering,Univ. calif. Santa Barbara,
50.
51.
Macmillan'
D. Kahn, The Codebreakers,the Story of Secret Writing'
New York' 1967.
1981'
A. G. Konheim, Cryptography: A Primer, Wiley' New York'
Park Press,
5 2 . S. Kullback, s/atis tical Methods in cryptanalysis, Aegean
Laguna Hills, California, 1976.
Dimension
5 3 . C. H. Meyer and S. M. Matyas' Cryptography: A New
tn
Computer Data Security, Wiley, New York, 1982'
Association of
5 4 . A. sinkov, Elementary cryptanalysis, Mathematical
America, Washington,D.C., 1966'
Computer Science
and Design'
K. Hwan g, Computer Arithmetic: Principles, Architecture
WileY, New York, 1979.
'of computer Programming: semi-Numertcal
56. D. E. Knuth, Art
2, 2nd d., Addison wesley, Reading
volume
Algorithms
Massachusetts,l98l .
55.
and searching,
57. D. E. Knuth, Art of computer Programming: sorting
1973.
volume 3, Addison-wesley,Reading,Massachusetts,
wiley, New
58. L. Kronsjo, Algorithms: Their complexity and Efficiency,
York, 1979.
its Applications
59. N. S. Szab5 and R. J. Tanaka, ResidueArithmetic and
1967'
to Computer Technology,McGraw-Hill'
442
Bibliography
General
60. H. Anton, Elementary Linear Algebra, 3rd ed., Wiley, New York, 1981.
6 1 . E. Landau, Foundations of Analysfs, 2nd ed., Chelsea,New York, 1960.
6 2 . W. Rudin, Principles of Mathematical Analysis, 2nd ed., McGraw-Hill,
New York 1964.
ARTICLES
NumbenTheory
63. Ll M. Adleman, C. Pomerancq and R. S. Rumely, "On distinguishing
prlime numbers from composite numbers," Annals of Mathematics,
v o l u m e 1 1 7 ( 1 9 8 3 ) ,1 7 3 - 2 A 6 .
64. J. Ewing, t 286243-lis prime," The Mathematical Intelligencer, Volume
5 (1983),60.
65. J.lE. Freund, "Round Robin Mathematicso" American Mathematical
tullonthly,Volume 63 (1 956), ll2-114.
66. R. K. Guy, "How to factor a number" Proceedings of the Ftfth
Manitoba Coderence on Numerical Mathematics, Utilitas, Winnepeg,
Manitoba, 1975, 49-89.
I ot.
A . K . Hea d , " Mu l ti p l i c a ti o n mo d u l o n , " B IT, V ol ume 20 (tgS O), 115I16.
6 8 . P. Hagis, Jr., "Sketch of a proof that an odd perfect number relatively

prime to 3 has at least eleven prime factors," Mathematics of
Computations, Volume 46 0983), 399-404.
69. J. C. Lagarias and A. M. Odlyzko, "New algorithms for computing

n(ff)," Bell LaboratoriesTechnical Memorandum TM-82-1 I 218-57.
7 0 . H. P. Lawther, Jr., "An application of number theory to the splicing of
telephonecables,"American Mathematical Monthly,Yolume 42 (tggS),

8 l - 9 1.
7 1 . H.1 W. Lenstra, Jr., "Primality testing," Studieweek Getaltheorie en

Co[nputers, 1-5 September 1980, Stichting Mathematisch Centrum,
Arfrsterdam. Holland.
443
Bi b l i ogr aP hY
and testsfor primality Proceedings

72. G. L. Miller, "Riemann'shypothesis
on the Theory of
"' computing,
of thq seventhAnnual Ac:M symposium
234-239.
1,73.
in primality testing"' The
-' C. pomerance, "Recent developments
(l
g
g
l ), 97-105.
In te l l i g e n c e r,v o l u m e 3
ur r ir *" r ic al
i'
\lq. C. pomerance, "The search for primes," Scientific American' Volume
241(tgSD, 136'147.
,,probabilisticalgorithms for lesting primality," Journal of
.15.
M. o. Rabin,
1 2 8 -138'
Num ber T he o ry ,V o l u me 1 2 0 9 8 0 )'
of the
./6. R. Rumely, ,,Recent advances in primality testing," Notices
30 (1983), 4,75-47,7,
American Mathematical Sociely, Volume
2'7th Mersenne prime"' Journal of
77. D. Slowinski, "searching for the
(1 9 18/9),258-261'
Rec r eat ionaM
l a th e m a ti c s ,Vo l u m e I I
Monte Carlo test for PrimalitY,"
7 8 . R. Solovay and V. Strassen' "A fast
84-85 and erratum,
6 09ll)'
Volume
SIAM Journal for Computing,
v o l u m e7 ( 1 9 7 8 ) ,1 1 8 .
in the develoPment of
7 9 . H. C. Williams, "The influence of computers
with APPlications,
number theory," Computers and Mathematics
V o l u m e8 ( 1 9 8 2 ) , 7 5 - 9 3 '
g0. H. c. williams, "Primalitytestingon a computer",Ars combinatorica'

v o l u m e5 ( 1 9 7 8, )1 2 7 - 1 8 5 '
CryptograPhY
81.
for the discrete logarithm

L. M. Adleman, "A subexponentialalgorithm
Proceedings of the 2ath
problem with applications to cryptogiaphy,"
Science' 1979' 55'
Computer
of
Annual Sy*:,porium on the Fonia'tioit
60.
impossible
g2. M. Blum, "coin-flipping by telephone- a protocol for solving
133-137'
problems,"IEEE Proceedings'Spring Compcon"
in cryptography"' IEEE
83. w. Diffie and M. Hellman, "New directions (l976),644-655'
22
Transactionson Idormation Theory, Volume
public key
g4. D. R. Floyd, "Annotated bibliographicalin conventionaland
(1983)
12'24'
'
cryptograpnr,. Cryptologia, Volume 7
444
B i bl i ography
8 5 . J. Gordon, "Use of intractable problems

rn cryptography," Information
Privacy, Volume 2 (19g0), l7g-fg4.
8 6 . M.
E. Hellman, "The mathematics of public-key

cryptography,"
Scientffic American, Volume 241 (1979) t 4 6 - t 5 7 .
8 7 . L. S. Hill, "Concerning certain linear

transformation apparatus of
cryptography,"
l 3 5 -15 4 .
American Mathematical Monthl y, V ol ume 3g (1931).
8 8 . A. Lempel, "cryptology in transition," computing

surveys, volume ll
Q 979) , 28 5 -3 0 3 .
8 9 . R. J. Lipton, "How to cheat at mental poker,,,

and ,,An improved power
encryption method," unpublished reports, Department
of computer
Science,University of California, Berklir'y, 1979.
90. R. c. Merkle and M. E. Hellman, "Hiding information

and signaturesin
trapdoor knapsacks," IEEE
V olum e 24 (1 9 7 9 ), 5 2 5 -5 3 0 .
Transactiins
in
Idormatioi
Theory,
9 1 . s. Pohlig and M. Hellman, "An improved

argorithm for computing
logarithms over GF(p) and its .ryptog.upt
i. significance,,' IEEE
Transactionson Information Theory, volume 24 (rgj"$,
roC_iio.
9 2 . M. o.
Rabin,. "Digitalized signatures and public-key functions

as
intractable as factorization," MIT Laboratory for
computer science
Technical Report LCS/TR-212, cambridge, Massachusetts,
rg7g.
9 3 . R. L. Rivest, A. Shamir, and L. M. Adleman, "A method

for obtaining
digital signaturesa1d public-key cryptosystems,"communications

of the
ACM, Volume 2t (1979), tZO-126.
9 4 . A. shamir, uA polynomial time algorithm for
breaking the basic
Merkle-Hellman cryptosystem," proceedings of the
2ird Annual
symposium of the Foundations of computeiscie,nce, r45-r52.
9 5 . A. Shamir, "How to share a secret," communications
of the ACM,
V olum e 22 0 9 7 9 ), 6 1 2 -6 t3 .
9 6 . A. Shamir, R. L. Rivest, and L. M. Adleman, "Mentar poker,,,

The
Mathematical Gardner, ed. D. A. Klarner, wadsworth

International,
Belmont, California, 198l, 37-43.
List of SYmbols
t2
nt
Summation, 5
Factorial, 8
II
l*)
It
Product, 9
olb
olt
lxl
Divides, 19
Doesnot divide, 19
Greatestinteger, 20
Baseb exPansion,27
t.kJ
( a 1 r a 1 r - 1 . . . a f l 0t )
ov)
,r(.x)
G,b)
(a 1,,a2,..-,an)
un
la,bl
min(xy)
max ( x , y )
p'lln
ta 1, a2, . . . , anl
F,
a = b(mod z)
a # b(mod nr)
a
A:B(modra)
7
I
adj Ca)
h (k)
6h)
Binomial coeficient, l0
Computerword size, 33
Big-O notation, 38
Number of Primes, 47
Greatestcommondivisor, 5 3
Greatestcommondivisor (of n integers), 5 5
Fibonaccinumber, 60
Least commonmultiPle, 7 2
Minimum, 72
Maximum, 72
Exactlydivide, 76
Leastcommonmultiple (of n integers),7 7
Fermatnumber, 81
Congruent,9l
Not congruent,91
Inverse, 104
Congruent(matrices), I l9
Inverse(of matrix), l2l
Identity lnatrix, l2l
Adjoint, 122
Hashingfunction, 141
Euler'sphi-function, l6l
List of Symbols
Summationoverdivisors, 170
dln
f*s
Dirichletproduct, 172
Miibius function. 173
ph)
o(n)
Sum of divisorsfunction, I74
r(n)
Number of divisorsfunction, 17s

Mersennenumber.l g2
Encipheringtransformation,ZI2
Decipheringtransformation,212
ME*(P)
D*(c)
ord.a
Orderof a modulom. Z3Z

Index of a to the baser, 252
ind,a
I(n )
Minimal universalexponent,269
Maximal +l - exponent,2g0
X6(n)
|t
Is-l
Legendresymbol, 289
lLl
Jacobisymbol, 314
lp )
r)
ln J
(c p2ca..)
6
( . c1 . . . c r - 1 r
Fn
Iag;a1,a2,...,,e111
Ck : Pr/qr
[ a g ; at , a z , . . . l
Iag;ar,...,o
* - ,,ffifr|'
Q,
BaseD expansion,341
Periodicbase6 expansion,343
Fareyseriesof ordern, 349
Finitesimplecontinuedfraction, 351
Convergent
of a continuedfraction, 354
Infinite simplecontinuedfraction, 362
Periodiccontinuedfraction, 3i4
Conjugate, 377
lndex
Absolute least residues, 93

Abundant integer, 185
Additive function, 174
Affine transformation, l9l
Algorithm, 33,58
division, 19
Euclidean, 58
for addition, 33
for division, 3'7,41
for matrix multiPlication, 43
for modular exPonentiation, 97
for modular multiPlication, 100
for multiplication, 35,39
for subtraction, 34
least-remainder, 67
Amicable pair, 185
Approximation,
best rational, 37 |
by rationals, 369
Arithmetic function, 166,418
Arithmetic, fundamental
theorem of, 2,69
Arithmetic progression,
primes in, 74
AutomorPh, 114
B a b y l o n i a n s ,1 , 2 5
Balanced ternary exPansion, 30
Base, 27
BaseD expansion, 27,341
Best rational aPProximation, 371
Big-O notation, 38,39
Binary notation, 27
Binomial coeffficient, l0
Binomial theorem, 12
Biorhythms, I l4
Bit operation, 38
Bits, 27
Block cipher, 198
Borrow, 35
Caesar.Julius, 189
Caesarcipher, 189
Calendar, 134
Gregorian, 135
International Fixed, 138
Cantor expansion, 30
Card shuffiing, 152
Carmichael number, 155'272
Carry, 34
Casting out nines, 134
Character ciPher, 189
Chinese,ancient, 2,107,
Chinese remainder theorem, 107
Cicada, periodic, 5'l
Cipher, 188
block, 198
Caesar, 189
character, 189
digraphic, 198
exponentiation, 205
Hill, 198
iterated knapsack, 224
knapsack, 221
monographic, 189
polygraphic, 198
product, 19'l
public-key, 2,212
Rabin, 215
RSA, 212
substitution, 189
transposition, 204
Vigndre, 197
Ciphertext, 188
Clustering, 142
Coconut problem, 101
Coefficients,binomial, 10
Coin flipping, 298
Collatz conjecture, 24
Collision. 142
Common key, 208
Common ratio, 5
Complete system of residues, 93
Completelyadditive function, 174
448
Index
Completelymultiplicative
function, 166
Composite, 1,45
Computationalcomplexity, 3g
of addition, 39
of Euclidean algorithm, 62
of division,4 of matrix multiplication, 43
of multiplication, 39
of subtraction, 39
Computer arithmetic, 33,109
Computer files, 141,227
Computer word size, 33,109
Congruence, 2,gl
linear, 102
of matrices, I l9
Congruenceclass. 92
Conjecture,
Ccllatz, 24
Goldbach, 50
Conjugate, 377
Continued fraction, 350
finite, 351
infinite, 362
periodic, 374 425
purely periodic, 3g3
simple,351
Convergent, 354
Coversionof bases, Zg
Coveringset of congruences,I l5
C r y p t a n a l y s i s ,1 8 8
Cryptography, 188
Cryptology, 188
Cubic residue, 262
Database, 227
Day of the week, 134
Decimal notation, 27
Deciphering, 186
Decipheringkey, 213
Decryption, 188
Deficient integer, 185
Descent,proof by, 398
Diabolic matrix, 127
Digraphic cipher, 198
Diophantineequations, 86,391
linear, 86
Diophantus, 86
Dirichlet, G. Lejeune, 74
Dirichlet product, 172
Dirichlet's theorem on primes in
arithmetic progression, 74
Divide, l8
Divisibility, l8
Divisibilitytests, lZ9
Division algorithm, l9
Divisor, l8
Double hashing, 143
Draim factorization, g4
Duodecimal notation, 44
Electronic poker, 209,304
Enciphering, 188
Encryption, 188
Equation,
diophantine, 86
Pell's, 404
Eratosthenes, I
Eratosthenes,sieveof, 2,46
Euclid, I
Euclideanalgorithm, 5g
Euler. L.. I
Eu l e rphi -functi on,l 6l ,l 67

Euler pseudoprime,325
Euler'scriterion. 290
Euler's factorizationmethod, g5
Euler's theorem, 161
Exactly divide. i6
Expansion,
base b, 27
Cantor, 30
continuedfraction, 350
periodic base b, 343
periodiccontinuedfunction, 374
terminating, 341
t l-exponent, 280
Exponentiationcipher, 205
Factor, l8
Factor table, 4ll
Factorial function, 8
Factorization, 69,79
Draim, 84
Euler, 85
lndex
Fermat. 80
prime, 68
prime-power, 69
speedof, 80,215
Faltings,G., 400
Farey series, 349
Fermat, P. de, 1,397
Fermat factorization, 80
F e r m a t n u m b e r , 8 1 , 3 0 2 , 31
Fermat prime, 8l
Fermat quotient, 152
Fermat's last theorem, 398
Fermat's little theorem, 148
Fibonacci, 60
Fibonacci numbers, 60
generalized, 68
Fibonacci pseudo-randomnumber
generator, 219
Frequencies,
of letters, 193
of digraphs, 202
of polygraphs, 203
Function.
additive, 174
arithmetic, 166
completely additive, l7 4
completely multiPlicative, 166
Euler phi, 161
factorial, 8
greatest integer, 20
hashing, 141
Liouville's, 174
Mobius, l'73
multiplicative, 166
number of divisors. 175
sum of divisors. 174
Fundamental Theorem of
Arithmetic, 69
Game of Euclid, 67
Gauss,C. G., 2,47
Gauss' generalization of
Wilson's theorem, 152
Gauss'lemma, 293
Generalized Riemann hypothesis, 158
Generalized Fibonacci numbers, 68
Geometric progression, 5
Goldbach,C., 50
Goldbach's conjecture, 50
Greatest common divisor, 53
Greatest integer function, 20
Greeks, ancient, 2
Hadamard, J., 48
Hanoi, tower of, l'l
Hashing, 141
double, 143
quadratic, 304
Hashing function, 141
Hexadecimal notation, 27
Hilbert prime, 76
Hill cipher, 198
Identity matrix modulo z, l2l
principle of, 17,51
Inclusion-exclusion,
Incongruent, 9l
Index of an integer, 252,421
Index of summation, 5
Index system, 262
Induction, mathematical, 4
Infinite simple continued fraction, 362
Infinitude of primes, 45,82
Integer,
abdundant,185
deficient, 185
palindromic, 133
powerful, 16
square-free,75
Inverse of an arithmetic function, t73
Inverse modulo lrr, 104
Inverse of a matrix modulo nr, l2I
Involutory matrix, 126,244
Irrational number, 336,36'l
Jacobi symbol, 314
Kaprekar constant, 3l
Key, l4l
common, 208
deciphering, 213
enciphering, 212
mastero 228
public, 212
shared, 208
450
Knapsack cipher, 221

Knapsack problem, 219
k-perfect number, 186
Kronecker symbol, 324
k th power residue, 256
Lagrange,J., 147
Lagrange interpolation, 242
Lagrange's theorem
(on continued functions), 378
Lagrange's theorem
(on polynomial congruences), 219
Lam6, G., 62
Lam6's theorem, 62
Law of quadratic reciprocity, 297,314
Least common multiple, 72
Least nonnegativeresidue, 93
Least-remainderalgorithm, 67
Legendre symbol, 289
Lemma, Gauss'. 293
Linear combination, 54
greatest common divisor as a, 54,63
Linear congruence, 102
Linear congruential method, 275
Liouville's function, 114
Logarithms modulo p, 207
Lowest terms, 336
Lucas-Lehmertest, 183
Lucky numbers, 52
Magic square, 127
Master key, 228
Mathematical induction. 4
Matrix, involutory, 126
Matrix multiplication, 43
Maximal t1-exponent, 280
Mayans, 1,25
Mersenne,M., 182
Mersenne number. 182
Mersenne prime, 182
Method of infinite descent, 398
Middle-squaremethod, 275
Miller's test, 156
Minimal universal exponent, 269
Mobius function, 173
Mobius inversion formula, 173
Modular exponentiation, 97
Index
algorithm for, 97
Monographic cipher, 189
Monkeys, l0l
Multiple precision, 33
Multiplication, 35,39
matrix, 43
Multiplicative function, 166
Multiplicative knapsackproblem, 226
Mutually relatively prime, 56
Nim. 3l
Notation,
big-O, 38
binary, 27
decimal, 27
duodecimal, 44
hexadecimal, 27
octal, 27
product, 9
summation,5,l70
Number,
Carmichael, 155,2'12
Fermat, 8l
Fibonacci, 60
generalizedFibonacci, 68
irrational. 336
k-perfect, 186
lucky, 52
Mersenne, 182
perfect, 180
rational, 336
superperfect, 186
Number of divisors function. 175
Octal notation, 27
Operation, bit, 38
Order of an integer, 232
Pairwise relatively prime, 56
Palindromic integer, 133
Partial remainder, 37
Partial quotient, 351
Pascal'striangle, 12
Pell's equation, 404
Pepin'stest, 3l I
Perfect number, 180
Period,
451
lndex
of a base b exPansion, 343

of a continued fraction, 374
Periodic base b exPansion, 343
Periodic cicada, 5'l
Periodiccontinuedfraction, 374
Plaintext, 188
Poker. 209,304
PolygraphicciPher, 198
Powerful integer, 76
Prepperiod, 343
Primality test, 153,263
probabilistic, 158,334
Primes, 1,45
Fermat, 8l
Hilbert, 76
in arithmetic Progressions,74
infinitude of, 45
Mersenne, 182
Wilson, 152
Prime number theorem, 47
Prime-power factorization, 69
Primitive root, 234,243 42O
Primitive PythagoreantriPle, 391
Principleof inclusion-exclusion,l7
Principleof mathematicalinduction,
second, 8
Probabilisticprimality test, 158'334
Probing sequence, 143
Problem,
knapsack, 219
multiplicativeknaPsack, 226
Product, Dirichlet, 172
Product ciPher, 192
Property,
reflexive, 92
symmetric, 92
transitive, 92
well-ordering, 4
Pseudoconvergent,374
Pseudoprime,2,153
Euler, 325
strong, 157
Pseudo-randomnumbers, 275
Pseudo-randomnumber generator'
Fibonacci, 279
linear congruential, 275
middle'square, 275
pure multiPlicative, 277

P u b l i c - k e yc i P h e r , 2 , 2 1 2
Purely periodiccontinuedfraction' 383
Pythagoras, 1
PythagoreantriPle, 391
Pythagoreantheorem, 391
Quadratic hashing, 304
Quadratic irrational, 375
Quadratic nonresidue,288
Quadratic reciProcitYlaw, 297,304
Quadratic residue, 288
Quotient, l9
Fermat, l52
partial, 351
Rabbits, 68
R a b i n ' sc i p h e r s y s t e m , 2 1 5 , 3 0 3
Rabin's probabilisticPrimalitY
t e s t , I 5 8 , 2 1 4 ,3 4
Rational number, 336
Read subkeY, 227
Recursivedefinition, 8
Reducedresiduesystem, 162
Reducedquadratic irrational, 384
ReflexiveproPertY, 92
Regular polygon,
constructabilitY, 83
Relativelyprime, 53
mutually, 56
pairwise, 56
Remainder, l9
Repunit, 133,165
Residue,
cubic, 262
k th power, 256
least nonnegative, 93
quadratic, 288
Residues,
absoluteleast, 93
complete sYstemof, 93
reduced, 162
Root of a polynomialmodulo rn, 238
Round-robintournament, 139
RSA cipher system, 212,274
Second princiPle of
4s2
mathematical induction. 8
Seed, 276
Shadows, 228
Shift transformation. l9l
Shifting, 35
Sieve of Eratosthenes, 2,46
Signature, 216
Signed message, 216,218
Solovay-Strassenprobabilistic
primality test, 334
Splicing of telephonecables, 284
Spread of a splicing scheme, 284
Square-free integer, 7 5
Strong pseudoprime, 157
Subkey,
read, 227
write, 227
Substitution cipher, 189
Succinct certificate of primality, 266
Sum of divisors function, 174
Summation notation, 5
Super-increasingsequence, 22O
Superperfect number, 186
Symbol,
Jacobi. 314
Kronecker, 324
Legendre, 289
Symmetric property, 92
System of residues,
complete, 93
reduced, 162
System of congruences,107,1l6
Telephonecables, 284
Terminating expansion, 341
Test,
divisibility, 129
Lucas-Lehmer, 183
Miller's, 156
Pepin's, 3l I
primality, 153,263
probalisticprimality, 158,334
Theorem,
binomial, 12
Chineseremainder. 107
Dirichlet's, 74
Eulerns, l6l
lndex
Fermat's last, 398

Fermat's little. 148
Lagrange's (on continued
fractions), 378
Lagrange's (on polynomial
congruences), 239
Lam6's, 62
Wilson's, 147
Threshold scheme, 228,243
Tower of Hanoi. 17
Transitive property, 92
Transpositioncipher, 204
Triangle,
Pascal's, l2
Pythogrean, 391
Twin primes, 50
Universal exponent, 269
Vall6e-Poussin,
C. de la, 48
Vignrire ciphers, 197
Weights, problem of, 30
Well-ordering property, 4
Wilson, J., 147
Wilson prime, 152
Wilson's theorem, 147
Gauss' generalization of, 152
Word size, 33,104
Write subkey, 22'l

Rosen - Elementary Number Theory and Its Applications - 1st

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Rosen - Elementary Number Theory and Its Applications - 1st

Caricato da

Copyright:

Formati disponibili

Elementary

Cover: The iteration of the transformation

is depicted. The Collatz conjecture assertsthat with any

Library of Congress Cataloging in Publication Data

Reprinted with corrections, June | 986

cryptography,should be included in all courses.Chapter 8 deals with primitive

Chapter 5 developsFermat's little theorem and Euler's theorem which give

Lincroft, New Jersey

Greatest Common Divisors and Prime Factorization

Greatest common divisors

Some Special Congruences

Quadratic Residuesand Reciprocity

Decimal Fractions and Continued Fractions

Some Nonlinear Diophantine Equations

Number theory, in a general sense, is the study of numbers and their

particular, to produce an enciphering key requires that two large primes be

1.1 The Well-OrderingProperty

The Well-Ordering ProPertY

a positive integer smaller than n, and hence must be in S. But since S

Example. We see that

We also note that in summation notation, the index of summation may

For instance.we have

> 3k:30 + 3t + 32: 13,

We now turn our attention to sums of terms of geometricprogressions.The

where the summation beginswith 7 : g. We have the following theorem.

If a and r ^re real numbersand r *

1.1 The Well-OrderingProperty

So the formula is valid when n : l.

Since we have shownthat 0.2) i m p l i e s (t.:), w e can concl udethat (t.t)

holds for all positive integers n. tr

we use Theorem l.l with e : I and r : 2, to obtain

Hence, the sum of consecutivenonnegative powers of 2 is one less than the

1.1 The Well-Ordering ProPertY

For convenience,and future use, we specify that 0! : l.

The letter 7 above is a "dummy variable", and can be replaced arbitrarily.

We note that with this notation, n ! :

Factorials are used to define binomial cofficients.

In computing we see that there is a good deal of cancellation,because

Example.To evaluatethe binomialcoefficien,

We now prove some simple propertiesof binomial coefficients.

1.1 The Well-OrderingProperty

To verify (ii), we seethat

An important property of binomial coefficientsis the following identity.

Proof. We perform the addition

Using Theorem 1.2, we can easily construct Pascal's triangle, which

row . The fi rst ni ne row s of

We see that the exteriornumbersin the triangleare all l. To find an

or using summation notation,

1.1 The Well-Ordering ProPertY

We prove the binomial theorem by mathematical induction. In the proof we

Hence, we find that

By Theorem 1.2, we have

This establishesthe theorem. u

1.1 The Well-OrderingProPertY

Find the values of the following sums

Find the values of the following products

3 . Find n ! for n equal to each of the first ten positive integers.

5 . Find the binomial coefficients

what function f (n) is defined recursively by f 0) : 2 and

The second principle of mathematical induction can be used to define functions

We define a function recursively for all positive integers n bV (l) : l,

Let n be a positive integer. By expanding (l+(-l))'with

f,l* f,l* l,l *