FOUNDATIONS AND UNIQUE FACTORIZATION

PETE L. CLARK

1. Foundations What is number theory? This is a dicult question to answer: number theory is an area, or collection of areas, of pure mathematics that have been studied for well over two thousand years. As such, it means dierent things to dierent number theorists (of which I am one). Nevertheless the question is not nearly as subjective as What is truth? or What is beauty?: all of the things that various people call number theory are related, in fact deeply and increasingly related over time. If you think about it, it is hard to give a satisfactory denition of any area of mathematics that would make much sense to someone who has not taken one or several courses in it. One might say that analysis is the study of limiting processes, especially summation, dierentiation and integration; that algebra is the study of algebraic structures like groups, rings and elds; and that topology is the study of topological spaces and continuous maps between them. But these descriptions function more by way of dramatis personae than actual explanations; less pretentiously, they indicate (some of) the objects studied in each of these elds, but they do not really tell us which properties of these objects are of most interest and which questions we are trying to answer about them.1 Such motivation is hard to provide in the abstract much easier, and more fruitful, is to give examples of the types of problems that mathematicians in these areas are or were working on. For instance, in algebra one can point to the classication of nite simple groups, and in topology the Poincar e conjecture. Both of these are problems that had been open for long periods of time and have been solved relatively recently2, so one may glean that these topics have been central to their various subjects for some time. What are the objects of number theory analogous to the above description? A good one sentence answer is that number theory is the study of the integers, i.e., the positive and negative whole numbers. Of course this is not really satisfactory: astrology, accounting and computer science, for instance, could plausibly be described in the same way. What properties of the integers are we interested in?
Actually it seems easier to describe analysis than algebra or topology. Whether or not the three-dimensional Poincar e conjecture has truly been solved is not really clear at the moment of writing December 2006 but there is no apparent reason to doubt that it has.
2 1

PETE L. CLARK

The most succinct response seems to be that we are interested in the integers as a ring : namely, as endowed with the two fundamental operations of addition + and multiplication and especially the interactions between these two operations. Let us elaborate on this a bit. Consider rst the non-negative integers which, as is traditional, we will denote by N endowed with the operation +. This is a very simple structure: we start with 0, the additive identity, and get every positive integer by repeatedly adding 1.3 In some sense the natural numbers under addition are the simplest nontrivial algebraic structure. Note that subtraction is not in general dened on the natural numbers: we would like to dene a b = c in case a = b + c, but of course there is not always such a natural number c e.g. 3 5. There are two complementary responses to this: the rst is to formally extend the natural numbers so that additive inverses always exist: in this way we get the integers Z under addition.4 The second response is to record the relation between two natural numbers a and b such that b a exists as a natural number. Of course this relation is just that a b. This is quite a simple relation on N: indeed, for any pair of integers, we have either a b or b a, and we have both exactly when a = b.5 Now for comparison consider the positive integers Z+ = 1, 2, 3, . . . under the operation of multiplication. This is a richer structure: whereas additively, there is a single building block 1 the multiplicative building blocks are the prime numbers 2, 3, 5, 7, . . .. Of course the primes are familiar objects, but the precise analogy with the additive case may not be as familiar, so let us spell it out carefully: just as subtraction is not in general dened on N, division is not in general dened on Z+ . On the one hand we can formally complete Z+ by adjoining multiplicative inverses, getting this time the positive rational numbers Q+ . However, again one can view the fact that a/b is not always a positive integer as being intriguing rather than problematic, and we again consider the relation between two positive integers a and b that b/a be a positive integer: in other words, that there exist a positive integer c such that b = a c. In such a circumstance we say that a divides b, and write it as a|b.6 It is easy to see that the relation of divisibility is more complicated than the relation since divisibility is not a total ordering: e.g. 2 | 3 and also 3 | 2. What are we to make of this divisibility relation? First, on a case-by-case basis, we do indeed know how to determine whether or not a|b: we have the following fact which is truly one of the rst pieces of mathematics we learn:
3Here I am alluding to the fact that in the natural numbers, addition can be dened in terms of the successor operation s(n) = n + 1, as was done by the 19th century mathematical logician Giuseppe Peano. No worries if you have never heard of the Peano axioms their importance lies in the realm of mathematical logic rather than arithmetic itself. 4When regarded in proper generality, the process which gets us from N to Z can be viewed as the group completion of any commutative monoid. In this course, we shall only pursue algebraic formalism when it is essential to do so: in this case, it is not. 5That is to say, the relation on N is a linear, or total, ordering. 6Careful: a|b b is an integer: sorry about that! a

FOUNDATIONS AND UNIQUE FACTORIZATION

Proposition 1. (Division Theorem) For any positive integers n and d, there exist unique non-negative integers q and r with 0 r < d and n = qd + r. This is a very useful tool, but it does not tell us the structure of Z+ under the divisibility relation. To address this, the primes inevitably come into play: there is a unique minimal element of Z+ under divisibility, namely 1 (in other words, 1 divides every positive integer and is the only positive integer with this property): it therefore plays the analogous role to 0 under on N. In N \ 0, the unique smallest element is 1. In Z+ \ 1 the smallest elements are the primes p. Given that the denition of a prime is precisely an integer greater than one divisible only by one and itself, this is clear. The analogue to repeatedly adding 1 is taking repeated powers of a single prime: e.g., 2, 22 , 23 , . . .. However, we certainly have more than one prime in fact, as you probably know and we will recall soon enough, there are innitely many primes and this makes things more complicated. This suggests that maybe we should consider the divisibility relation one prime at a time.
b So, for any prime p, let us dene a|p b to mean that a is a rational number which, when written in lowest terms, has denominator not divisible by p. For instance, 5 3|2 5, since 3 , while not an integer, doesnt have a 2 in the denominator. For that matter we see that 3|p 5 for all primes p dierent from 3, and this suggests the following:

Proposition 2. For any a, b Z+ , a|b a|p b for all primes p.

b Proof: Certainly if a|b, then a|p b for all primes p. For the converse, write a in B lowest terms, say as A . Then a|p b i A is not divisible by p. But the only positive integer which is not divisible by any primes is 1.

In summary, we nd that the multiplicative structure of Z+ is similar but innitely more complicated than the additive structure of N: instead of there being one generator, namely 1, such that every element can be obtained as some power of that generator, we have innitely many generators the primes and every element can be obtained (uniquely!) by taking each prime a non-negative integer number of times (which must be zero for all but nitely many primes). Nevertheless this switch from one generator to innitely many does not in itself cause much trouble: given an 1 a = pa 1 pn and bn 1 b = pb 1 pn we nd that a | b i a |p b for all p i ai bi for all i. Similarly, it is no problem to multiply the two integers: we just have
1 +b1 n +bn ab = pa pa . n 1

Thus we can treat positive integers under multiplication as vectors with innitely many components, which are not fundamentally more complicated than vectors with a single component. The real trouble begins when we attempt to mix the additive and multiplicative structures. If we write integers in standard decimal notation, it is easy to add them, and if we write integers in the above vector factored form, it is easy to multiply

PETE L. CLARK

them. But what is the prime factorization of 213 + 312 ? Its not trivial to say: in practice, the problem of given an integer n, nding its prime power factorization (1) is extremely computationally dicult, to the extent that most present-day security rests on this diculty.7 If we ask even the easiest questions which mix the additive and multiplicative structure, we nd ourselves in trouble fast. For instance, although in the multiplicative structure, each of the primes just rests on its own axis as a generator, in the additive structure we can ask where the primes occur with respect to the relation . We do not have anything approaching a formula for pn , and the task of describing the distribution of the pn s inside N is a branch of number theory in and of itself (we will see a taste of it later on). For instance, consider the quantity g (n) = pn+1 pn , the nth prime gap. For n > 1, the primes are all odd, so g (n) 2. Computationally one nds lots of instances when g (n) is exactly 2, e.g. 5, 7, 11, 13, and so forth: an instance of g (n) = 2 equivalently, of a prime p such that p + 2 is also a prime is called a twin prime pair. The trouble is that knowing the factorization of p tells us exactly nothing about the factorization of p + 2. Whether or not there are innitely many twin primes is a big open problem in number theory. It goes on like this: suppose we ask to represent numbers as a sum of two odd primes. Then such a number must be even and at least 6, and experimenting, one soon is led to guess that every even number at least 6 is a sum of two odd primes: this is known as Goldbachs Conjecture, and is about 400 years old. It remains unsolved. There are many, many such easily stated unsolved problems which mix primes and addition: for instance, how many primes p are of the form n2 +1? Again, it is a standard conjecture that there are innitely many, and it is wide open. Note that if we asked instead how many primes were of the form n2 , we would have no trouble answering the innocent addition of 1 gives us terrible problems. Lest you think we are just torturing ourselves by asking such questions, let me mention three amazing positive results: Theorem 3. (Fermats Two Squares Theorem) A prime p > 2 is of the form x2 + y 2 i it is of the form 4k + 1. This is arguably the rst beautiful theorem of number theory. It says that to check whether an odd prime satises the very complicated condition of being a sum of two (integer, of course!) squares, all we need to do is divide it by four: if its remainder is 1, then it is a sum of two squares; otherwise its remainder will be 3 and it will not be a sum of two squares. Theorem 4. (Lagranges Four Squares Theorem) Every prime number indeed, every positive integer is of the form x2 + y 2 + z 2 + w2 . Theorem 5. (Dirichlet, 1837) Suppose a and b are coprime positive integers (i.e., they are not both divisible by any integer n > 1). Then there are innitely many primes of the form an + b.
7A systematic study of the diculty of factoring and its cryptographic implications is the topic of our sister course 4450, so I will say almost nothing about it here.

FOUNDATIONS AND UNIQUE FACTORIZATION

Remark: In particular, taking a = 4, b = 1, see that there are innitely many primes of the form 4k + 1, so in particular there are innitely many primes which are a sum of two squares. We will see proofs of Theorems 3 and 4 in this course: indeed we will prove Theorem 3 several times and try to extract as much insight as possible from the dierent proofs. The proof of Theorem 5 is beyond our ambitions in this course: it requires more sophisticated techniques both algebraic and analytic than we shall introduce. Admission: In fact there is a branch of number theory which studies only the addition operation on subsets of N: if A and B are two subsets of natural numbers, then by A + B we mean the set of all numbers of the form a + b for a A and b B . For a positive integer h, by hA we mean the set of all h-fold sums a1 + . . . + ah of elements of A (repetitions allowed). There are plenty of interesting theorems concerning these operations, and this is a branch of mathematics called additive number theory. In truth, though, it is much more closely related to other branches of mathematics like combinatorics, Fourier analysis and ergodic theory than to the sort of number theory we will be exploring in this course. 2. The Fundamental Theorem (in Z) We had better pay our debts by giving a proof of the uniqueness of the prime power factorization. This is justly called the Fundamental Theorem of Arithmetic. For completeness, we nail down the existence of a prime power factorization, although as mentioned above this is almost obvious:
ar 1 Proposition 6. Every positive integer n is a product of primes pa 1 pr (when n = 1 this is the empty product).

Proof: By induction on n, the case of n = 1 being trivial. Assume n > 1 and the result holds for all m < n. Among all divisors d > 1 of n, the least is necessarily a prime, say p. So n = pm and apply the result inductively to m. Important Remark: Note that the result seemed obvious, and we proved it by induction. Formally speaking, just about any statement about the integers contain an appeal to induction at some point, since induction or equivalently, the wellordering principle that any nonempty subset of integers has a smallest element is (along with a few much more straightforward axioms) their characteristic property. But induction proofs can be straightforward, tedious, or both. Often I will let you ll in such induction proofs; I will either just say by induction or, according to taste, present the argument in less formal noninductive terms. To be sure, sometimes an induction argument is nontrivial, and those will be given in detail.
ar 1 Let us say that a factorization n = pa 1 pr is in standard form if p1 < . . . < pr . Clearly any factorization can be put in standard form just by correctly ordering the prime divisors.

Theorem 7. The standard form factorization of a positive integer is unique. The proof is, perhaps surprisingly, not trivial. Indeed it requires several steps. The key is the following, an important result in its own right:

PETE L. CLARK

Theorem 8. (Euclids Lemma) Suppose p is prime and p | ab. Then p | a or p | b. Remark: This result, and not the uniqueness of factorization, appears in Euclids Elements. But, as we are about to see, the uniqueness of factorization follows readily enough from this result (which is itself less than easy to prove!) that it is traditional to credit Euclid with essentially proving the fundamental theorem. The rst explicit statement and proof is due to Gauss. Theorem 8 = Theorem 7: Let us induct on the (minimal!) number r of factors in a prime factorization of n. The case of r = 0 i.e., n = 1 is trivial. Suppose the result holds for numbers with < r factors, and consider
b1 ar bs 1 n = pa 1 pr = q1 qs .

Now p1 | n, so by Theorem 8 p1 divides some qj j , and this implies that p1 | qj . Therefore we can cancel a common prime factor of both sides, reducing to the case where n has a factorization with r 1 prime factors, and the induction hypothesis does the rest. Now we prove Theorem 8 by introducing the following important notion: An ideal of Z is a nonempty subset I of Z such that a, b I implies a + b I and a I, c Z implies ca I .8 For any integer d, the set (d) = {nd | n Z} of all multiples of d is an ideal. Proposition 9. Any nonzero ideal I of Z is of the form (d), where d is the least positive element of I . Proof: Suppose not: then there exists an element n which is not a multiple of d. Applying the Division Theorem (Proposition 1), we may write n = qd + r with 0 < r < d. Since d I , qd I and hence r = n qd I . But r is positive and smaller than d, a contradiction. In the next couple of results we would like to refer to the greatest common divisor of two integers, but since we have two dierent orderings on the positive integers an additive ordering () and a multiplicative ordering (|) the terms is ambiguous, and the ambiguity is a key point! Watch for it in the following: Proposition 10. For integers a and b, not both zero, the set Ia,b = {xa + yb | x, y Z} is a nonzero ideal. Its positive generator d has the following property: (1) e|a & e|b e|d. Proof: It is easy to see that the set Ia,b is closed under addition and under multiplication by all integers, so it is an ideal. By the previous result, it is generated by its smallest positive element, say d = Xa + Y b. Now, suppose e|d. Then, since a (d), (a) (d) and thus d|a (to contain is to divide) and by transitivity e|a; similarly e|b. (In fact we made a bigger production of this than was necessary: we could have said that d is a multiple of e, and a and b are multiples of d, so of course a and b are multiples of e. This is the easy
8We hope that the reader recognizes this as a special case of an ideal in a commutative ring.

FOUNDATIONS AND UNIQUE FACTORIZATION

direction.) Conversely, suppose that e|a and e|b (so e is a common divisor of a and b). Then e | Xa + Y b = d. (Since d could be smaller than a and b e.g. a = 17, b = 1010 , d = 1, this is the nontrivial implication.) We have therefore shown the existence of a common divisor d > 0 of a and b which is divisible by all other common divisors: in other words, it is the unique maximal common divisor of a and b in the multiplicative sense. From this it follows immediately that it is also the largest common divisor in the additive sense: i.e., d e for any common divisor e of a and b (because, among positive integers, a|b = a b), but the multiplicative sense is nontrivial and more useful. Henceforth we will always use greatest common divisor in this multiplicative sense: a common divisor which is divisible by all other common divisors. We shall denote it either by gcd(a, b), or just (a, b) (the latter notation is suggestive of the ideal generated by a and b). Corollary 11. If a and b are integers, not both zero, then for any integer m there exist integers x and y such that xa + yb = m gcd(a, b). Proof: This follows immediately from the equality of ideals Ia,b = (gcd(a, b)): the left hand side is an arbitrary element of Ia,b and the right hand side is an arbitrary element of (gcd(a, b)). An important special case is when gcd(a, b) = 1 we say a and b are relatively prime. The corollary then asserts that for any integer m, we can nd integers x and y such that xa + yb = m. Indeed we can use this to prove Euclids Lemma (Theorem 8): if p | ab and p does not divide a, then the greatest common divisor of p and a must be 1. Thus there are integers x and y such that xa + yp = 1. Multiplying through by b we get xab + ypb = b. Since p | xab and p | ypb, we conclude p | b. This completes the proof of the Fundamental Theorem of Arithmetic. 3. A Rng without unique factorization The train of thought involved in proving the fundamental theorem is quite subtle. The rst time one sees it, it is hard to believe that such complications are necessary: is it not obvious that the factorization of integers into primes is unique? It is not obvious, but rather familiar and true. The best way to perceive the non-obviousness is to consider new and dierent contexts. Consider the following example: let E denote the set of even integers.9 Because this is otherwise known as the ideal (2) = 2Z, it has a lot of structure: it forms a group under addition, and there is a well-dened multiplication operation satisfying all the properties of a ring except one: namely, there is no 1, or multiplicative identity. (A ring without identity is sometimes wryly called a rng, so the title of this section is not a typo.)
9This example is taken from Silvermans book. In turn Silverman took it, I think, from Harold Starks introductory number theory text. Maybe it is actually due to Stark (but probably not...)

PETE L. CLARK

Let us consider factorization in E: in general, an element x of some structure should be prime if every factorization x = yz is trivial in some sense. However, in E, since there is no 1, there are no trivial factorizations, and we can dene an element x of E to be prime if it cannot be written as the product of two other elements of E. Of course this is a new notion of prime: 2 is a conventional prime and also a prime of E, but clearly none of the other conventional primes are E-prime. Moreover there are lots of E-primes which are not prime in the usual sense: e.g., 6 is E-prime. Indeed, it is not hard to see that an element of E is an E-prime i it is divisible by 2 but not by 4, because then it is impossible to factor it as a product of two even numbers. (So, in fact, the E-primes are much simpler in structure than the usual primes.) Now consider 36 = 2 18 = 6 6. Since 2, 18 and 6 are all divisible by 2 and not 4, they are E-primes, so 36 has two dierent factorizations into E-primes. This example begins to arouse our skepticism about unique factorization: it is not, for instance, inherent in the nature of factorization that factorization into primes must be unique. On the other hand, the rng E is quite articial: it is an inconveniently small substructure of a better behaved ring Z. Later we will see more distressing examples. 4. Consequences Even if we were not seriously in doubt of unique factorization, the previous proof exposes quite a lot of other useful material. Let us look at some of it in more detail: 4.1. Applications of the prime power factorization. There are certain functions of n which are most easily dened in terms of the prime power factorization. This includes many so-called arithmetic functions that we will discuss a bit later in the course. But here let us give some basic examples. First, let us write the prime power factorization as n=
i
i pa i ,

where pi denotes the ith prime in sequence, and ai is a non-negative integer. This looks like an innite product, but we impose the condition that ai = 0 for all but nitely many i,10 so that past a certain point we are just multiplying by 1. The convenience of this is that we do not need dierent notation for the primes dividing some other integer. Now suppose we have two such factored positive integers
i pa i ,

a=
i

10In fact, this representation is precisely analogous to the expression of (Z, ) = (N, +) of problem G1).

FOUNDATIONS AND UNIQUE FACTORIZATION

b=
i

i pb i .

Then we can give a simple and useful formula for the gcd and the lcm. Namely, the greatest common divisor of a and b is gcd(a, b) =
i

pi

min(ai ,bi )

where min(c, d) just gives the smaller of the two integers c and d (and, of course, the common value c = d when they are equal). More generally, we have that, writing out two integers a and b in factored form above, we have that a | b ai bi for all i. In fact this is exactly the statement that a|b a|p b for all p that we expressed earlier. We often (e.g. now) nd ourselves wanting to make reference to the ai in the prime power factorization of an integer a. The ai is the highest power of pi that ai +1 ai i divides a. One often says that pa i exactly divides a, meaning that pi |a and pi does not. So let us dene, for any prime p, ordp (a) to be the highest power of p that divides a: equivalently: ordp (n) n= pi i .
i

Notice that ordp is reminiscent of a logarithm to the base p: in fact, thats exactly what it is when n = pa is a power of p only: ordp (pa ) = a. However, for integers n divisible by some prime q = p, logp (n) is nothing nice in fact, it is an irrational number whereas ordp (n) is by denition always a non-negative integer. In some sense, the beauty of the functions ordp is that they allow us to localize our attention at one prime at a time: every integer n can be written as pr m with gcd(m, p) = 1, and the ordp just politely ignores the m: ordp (pr m) = ordp (pr ) = r. This is really just notation, but it is quite useful: for instance, we can easily see that for all p, ordp (gcd(a, b)) = min(ordp (a), ordp (b)); this just says that the power of p which divides the gcd of a and b should be the largest power of p which divides both a and b. And then a positive integer n is determined by all of its ordp (n)s via the above equation. Similarly, dene the least common multiple lcm(a, b) of positive integers a and b to be a positive integer m with the property that a|e & b|e = m|e. Then essentially the same reasoning gives us that ordp (lcm(a, b)) = max(ordp (a), ordp (b)), and then that lcm(a, b) =
p

pmax(ordp (a),ordp (b)) .

We can equally well dene ordp on a negative integer n: it is again the largest power i of p such that pi |n. Since multiplying by 1 doesnt change divisibility in any way, we have that ordp (n) = ordp (n). Note however that ordp (0) is slightly problematic every pi divides 0: 0 pi = 0 so if we are going to dene this at all it would make sense to put ordp (0) = .

10

PETE L. CLARK

We do lose a little something by extending the ord functions to negative integers: namely, since for all p, ordp (n) = ordp (n), the ord functions do not allow us to distinguish between n and n. From a more abstract algebraic perspective, this is because n and n generate the same ideal (are associates; more on this later), and we make peace with the fact that dierent generators of the same ideal are more or less equivalent when it comes to divisibility. However, in Z we do have a remedy: we could dene a map ord1 : Z \ {0} 1 such that ord1 (n) = +1 if n > 0 and 1 if n < 0. Then 1 acts as a prime of order 2, in contrast to the other innite order primes, and we get a corresponding unique factorization statement.11 But although there is some sense to this, we will not adopt it formally here.12 Proposition 12. For p a prime and m and n integers, we have: a) ordp (mn) = ordp (m) + ordp (n). b) ordp (m + n) min(ordp (m), ordp (n)). c) If ordp (m) = ordp (n), ordp (m + n) = min(ordp (m), ordp (n)). We leave these as exercises: suitably decoded, they are familiar facts about divisibility. Note that part a) says that ordp is some sort of homomorphism from Z \ {0} to Z. However, Z \ {0} under multiplication is not our favorite kind of algebraic structure: it lacks inverses, so is a monoid rather than a group. This perhaps suggests that we should try to extend it to a map on the nonzero rational numbers Q (which, if you did problem G1), you will recognize as the group completion of Z \ {0}; if not, no matter), and this is no sooner said than done: For a nonzero rational number
a b,

we dene

a ordp ( ) = ordp (a) ordp (b). b In other words, powers of p dividing the numerator count positively; powers of p dividing the denominator count negatively. There is something to check here, namely that the denition does not depend upon the choice of representative of a b. But it clearly doesnt: ac ordp ( ) = ordp (ac) ordp (bc) bc a = ordp (a) + ordp (c) ordp (b) ordp (c) = ordp (a) ordp (b) = ordp ( ). b So we get a map ordp : Q Z which has all sorts of uses: among other things, we can use it to recognize whether a rational number x is an integer: it will be i ordp (x) 0 for all primes p.
1 Example: Let us look at the partial sums Si of the harmonic series n=1 n . The 1 rst partial sum S1 = 1 thats a whole number. The second one is S2 = 1 + 2 =3 2 1 11 which is not. Then S3 = 1 + 2 + 1 3 = 6 is not an integer either; neither is 1 1 25 S4 = 1 + 1 2 + 3 + 4 = 12 . It is natural to ask whether any partial sum Sn for n 1 is an integer. Indeed, 11This perspective is apparently due to John Horton Conway, and was explained to me by Manjul Bhargava. 12By the way, Manjul never told me what ord (0) should be... 1

FOUNDATIONS AND UNIQUE FACTORIZATION

11

this is a standard question in honors math classes because...well, frankly, because its rather hard.13 But using properties of the ord function we can give a simple proof. The rst step is to look carefully at the data and see if we can nd a pattern. (This is, of course, something to do whenever you are presented with a problem whose solution you do not immediately know. Modern presentations of mathematics including, alas, these notes, to a large extent often hide this experimentation and discovery process.) What we see in the small partial sums is that not only are they not integers, they are all not integers for the same reason: there is always a power of 2 in the denominator. So what wed like to show is that for all n 1, ord2 (Sn ) < 0. It is true for 1 n = 2; moreover we dont have to do the calculation for n = 3: since ord2 ( 3 )= 1 0 = ord2 (S2 ), we must have ord2 (S2 + 3 ) = min(ord2 (S2 ), ord2 (S3 )) = 1. And 1 then we get 4 , which 2-order 2, which is dierent from ord2 (S3 ), so again, using that when we add two rational numbers with dierent 2-orders, the 2-order of the sum is the smaller of the 2 2-orders, we get that ord2 (S4 ) = 2. Excitedly testing 1 a few more values, we see that this pattern continues: ord2 (Sn ) and ord2 ( n+1 ) are always dierent; if only we can show that this always holds, this will prove the result. In fact one can say even more: one can precisely what ord2 (Sn ) is as a function of n and thus see in particular that it is always negative. I will leave the nal observation and proof to you why should I steal your fun? (Here is one hint: consider for each k the set of integers n such that ord2 (n) = k .) 4.2. Linear Diophantine equations. Recall that one of the two main things we agreed that number theory is about was solving Diophantine equations, i.e., looking for solutions over Z and/or over Q to polynomial equations. Certainly we saw some primes in the previous section; now we solve the simplest class of Diophantine equations, namely the linear ones. Historical remark: as I said before, nowadays when someone says Diophantine equation, they mean that we are interested either in solutions over Z or solutions over Q, or both. Diophantus himself considered positive rational solutions. Nowadays the restriction to positive numbers seems quite articial (and I must wonder whether Diophantus massaged his equations so as to get positive rather than negative solutions); it also makes things quite a bit more dicult: it stands to reason that since equations become easier to solve if we allow ourselves to divide numbers, correspondingly they become more dicult if we do not allow subtraction! This also means that the term Linear Diophantine equation is, strictly speaking, an anachronism. If you want to solve any number of linear equations with coecients in Q, then since Q is a eld you are just doing linear algebra, which works equally well over Q as it does over R or C. For instance, suppose we want to solve the equation ax + by = c in rational numbers, where a and b are nonzero rational numbers and c is any rational number. Well, its not much fun, is it? Let x be any rational number at
13When I rst got assigned this problem (my very rst semester at college), I found or looked up? some quite elaborate solution which used, in particular, Bertrands Postulate that for n > 1 there is always a prime p with n < p < 2n. (This was proven in the latter half of the 19th century by Cebyshev. One of Paul Erd os early mathematical triumphs was an elegant new proof of this result.)

12

PETE L. CLARK

c ax . b Speaking more geometrically, any line y = mx + b in the plane passing through one rational point and with rational slope roughly speaking, with m and b rational will have lots of rational solutions: one for every rational choice of x. y= Exercise: Consider the line y = mx + b for m, b R. As above, if m and b are rational, there are clearly innitely many rational points on the line. a) Suppose m is rational and b is irrational. Show that there are no rational points on the line. b) Suppose m is irrational and b is rational. Show that there is exactly one rational point on the line. c) Now suppose that m and b are both irrational. What are the possibilities for the number of rational solutions? So for Diophantus, the rst interesting example was quadratic polynomial equations. Indeed, after this section, the quadratic case will occupy our interest for perhaps the majority of the course. However, over Z things are never so easy: for instance, the equation 3x + 3y = 1 clearly does not have an integer solution, since no matter what integers x and y we choose, 3x + 3y will be divisible by y . More generally, if a and b have a common divisor d > 1, then it is hopeless to try to solve ax + by = 1. But this is the only restriction, and indeed we saw this before: en route to proving the fundamental theorem, we showed that for any integers a and b, not both zero, then gcd(a, b) generates the ideal {xa + yb | x, y Z}, meaning that for any integer m, the equation ax + by = m gcd(a, b) has solutions in x and y . In other words, we can solve ax + by = n if n is a multiple of the gcd of a and b. By the above, it is also true that we can only solve the equation if n is a multiple of the gcd of x and y the succinct statement is the equality of ideals Ia,b = (gcd(a, b)) so we have (and already had, really) the following important result. Theorem 13. For xed integers a and b, not both zero, and any integer m, the equation ax + by = m has a solution in integers (x, y ) i gcd(a, b) | m. In particular, if gcd(a, b) = 1, then we can solve the equation for any integer m. The fundamental case is to solve ax + by = 1,

all, and solve for y :

FOUNDATIONS AND UNIQUE FACTORIZATION

13

because if we can nd such x and y , then just by multiplying through by m we can solve the general equation. This is a nice result, but it raises two further questions. First, we found one solution. Now what can we say about all solutions?14 Second, given that we know that solution(s?) exist, how do we actually n them? Example: We are claiming that 3x + 7y = 1 has an integer solution. What could it be? Well, a little experimentation yields x = 2, y = 1. Is this the only solution? Indeed not: we could add 7 to x and the sum would increase by 21, and then subtract 3 from y and the sum would decrease by 21. This leads us to write down the family of solutions xn = 2 + 7n, yn = 1 3n. Are there any more? Well, we have found one integral solutions whose x-coordinates are evenly spaced, 7 units apart from each other. If there is any other solution 3X + 7Y = 1, there must be some n such that 0 < X xn < 7. This would give a solution 3(X xn ) = 7(Y yn ) with 0 < X xn < 7. But this is absurd: the left hand side would therefore be prime to 7, whereas the right hand side is divisible by 7. So we evidently found the general solution. A similar argument shows: Theorem 14. For a and b coprime positive integers, the general integral solution to xa + yb = 1 is xn = x0 + nb, yn = y0 na, where x0 a + y0 b = 1 is any particular solution guaranteed to exist by Theorem 13. We ask the reader to verify this as an informal exercise (i.e., not to be turned in). Note that although one might have thought that in addressing the question of how to nd all solutions we would necessarily have had to nail down how to nd a particular solution, this turned out not to be the case: Theorem 14 cleverly evades the question of nding the rst solution (x0 , y0 ).15 It should be said that the above theorem does suggest an algorithm (is eective, in the standard mathematical jargon): there will be exactly one solution (x0 , y0 ) with 0 x < |b|, so what we could do is check, each integer x in this range until we nd the one for which 1 xa is a multiple of b. But this is a terribly inecient algorithm, and in fact Euclid famously had a better one. In the exercises we describe Euclids algorithm for computing gcds and how to use it to obtain a solution much faster. 4.3. The Fundamental Theorem in a PID. Conceptually, our proof of the fundamental theorem can be broken down into several steps: Step 1: We show that the integers Z form a principal ideal domain (PID), i.e., a commutative ring without zero divisors in which every ideal is principal.

14Diophantus was for the most part content with nding a single solution. The more penetrating inquiry into the set of all solutions was apparently rst made by Fermat. 15Those who have studied dierential equations will nd this situation familiar: the general solution of an inhomogeneous equation is obtained by nding the general solution of the associated homogeneous equation and adding to it some particular solution of the inhomogeneous equation. But how that particular solution is found is often left unclear.

14

PETE L. CLARK

Step 2: We show that greatest common divisors exist in a PID, and more precisely, that the equation xa + yb = gcd(a, b) has a solution. Step 3: We use Step 2 to show that the unfactorable elements p in a PID satisfy Euclids Lemma. Step 4: We deduce unique factorization from Euclids Lemma. Or, we can compress the argument and see that we are really proving two dierent kinds of statements: (i) Z is a PID; and (ii) every PID has unique factorization. The second statement is of quite a general (and hence abstract algebraic) character: once we have the correct terminology and denitions to express what it means for an integral domain to have unique factorization, one sees that Steps 2-4 of the argument apply to prove (ii). On the other hand, not every integral domain has unique factorization (since an integral domain necessarily has a multiplicative identity, the earlier business with E is not an example of this; we will see examples later on), so it follows that not every integral domain is a PID. (In fact being a PID is sucient but not necessary for unique factorization; however, among the rings of most interest to us in this course certain rings of integers in number elds the two are equivalent.) Thus what seemed like the easiest part of the proof namely that Z is a PID is in fact the part that we are most eager to see to what extent it can be generalized. It turns out that there is an idea to the proof of Step 1, the existence of a so-called Euclidean norm, which we will be able to generalize to prove that some other rings are PIDs, most notably the Gaussian integers and the Eisenstein integers. We could throw ourselves into this right now and prove that the ring Z[ 1] (the Gaussian integers) has unique factorization. However, this would be treading rather far down the path in the algebraic direction. We would rather like to see a bit of the analytic, combinatorial and geometric sides of the subject before delving into any more technical matters, so we will come back to this later on in the course. In the meantime, I have prepared an algebra handout on the theory of factorization in integral domains which discusses the general part of the argument in a modern way. Those with a good algebra background / taking the course for graduate credit should look through these notes in the meantime. Those whose algebra backgrounds are more modest may prefer to wait and see these ideas used in the relatively concrete context of Z[ 1] and closely related rings. 5. Homework Here is an explanation of the strange letters and symbols which follow many of the problems: (E) This denotes an easier problem. Students who nd these problems too easy can write OK as the solution to the problem; but students with more modest backgrounds might appreciate having a supply of more straightforward problems. (*) This denotes a harder problem. Harder problems are almost optional: in 4400 one can get up to an A grade without doing any star problems; in 6400 one

FOUNDATIONS AND UNIQUE FACTORIZATION

15

can get up to a B grade without doing any star problems and up to an A by doing only a few starred problems. It should be said that the diculty varies more widely in these problems than in any other. If I were to be honest about things, there may be a few problems which could be labelled: (**) It may not be possible to solve this problem without more advanced knowledge (and/or I might not quite remember how to solve it!), or indeed (***) This problem is to the best of my knowledge unsolved, and it is not at all clear to me how to solve it. But I am not above leaving out the second and third stars to try to get you to think about problems you might otherwise skip over: welcome to the deep end of the pool. (O) This problem is open-ended, meaning exactly what is being asked may not be quite clear, and several solutions (or in some cases, no solution) may be equally acceptable. These problems are all optional, and can be omitted by all students without penalty. (G) This means graduate-level. In many cases it would have deserved a (*), but in addition to being challenging it may also be more abstract and may call upon more background: in particular more abstract algebra. All (G) problems are optional at the 4400 level and if solved have the same benets as (*) problems. Not every 6400 student is expected to be able to solve every 6400 problem. (H) This means a historical problem. Historical problems are also optional; however, students at the 4400 level may do (H) problems instead of (*) problems and still get an A in the course. Can you...? In multi-part problems, one of the parts might ask for a sharpening of the previous parts in an interrogative way. These are also optional, and in some cases they are quite unreasonable, e.g., can you write a computer program which plays Schuhs divisor game better than humans do? Clearly this is not required. 6. Problem Set 2 2.1)(E) Prove the Division Theorem (Proposition 1). Hint: It suces to take q to be the largest non-negative integer such that n qd 0. 2.2)(E) Show that d|n we have r = 0 in the Division Theorem. 2.3) Prove the converse of Euclids Lemma: suppose d is a positive integer such that whenever d|ab, d|a or d|b. Then d is prime. Remark: Among other things, this allows us to generalize the notion of primes to not-necessarily principal ideals. 2.4) To contain is to divide: for integers a and b, we have a|b (a) (b).

16

PETE L. CLARK

2.5) For any integers a and b, not both zero, there are exactly two integers d1 and d2 with the property that e|a & e|b = e|d, and d2 = d1 . 2.6) Show that if a = b = 0, there is no integer d such that e|a & e|b = e|d. The next 2 exercises concern the rng E. 2.7)(O) Should the factorizations 6 = 2 3 and 6 = (2) (3) be counted as essentially dierent or not? (I could go either way on this one.) 2.8) Give a necessary and sucient condition on a positive element x E to have two dierent factorizations into positive E-primes.16 Hint: pay attention to ord2 (x) and also to the number of odd primes dividing x. 2.9) Prove Proposition 12. 2.10) Complete the proof that Sn = 1 + 1 2 +...+ 1 that for all n 1, ord2 (Sn ) = ord2 ( n+1 ).
1 n

is never an integer by showing

2.11)** Show that except for n = 1, 2, 6, the decimal expansion of Sn is nonterminating. (I.e., show that except for these values, ordp (Sn ) < 0 for some prime p = 2, 5.)17 2.12) For any nonzero integers a and b, show that gcd(a, b) lcm(a, b) = ab. 2.13) For integers a and b, show that the intersection of the two ideals (a) (b) is an ideal of Z. In fact, if you know the denition of an ideal in a commutative ring, show that the intersection of any two (or more. . .) ideals is always an ideal.18 Because Z is a PID, we must have (a) (b) = (c) for some c Z, well-determined up to a sign. What is c in terms of a and b? 2.14) a) Let a1 , . . . , an be a (nite) set of integers, not all zero. Dene the greatest common divisor gcd(a1 , . . . , an ) of the set, and show that it exists and is unique up to a sign. In fact, show that the set (a1 , . . . , an ) = {x1 a1 + . . . + xn an | xi Z} is an ideal of Z, and that the positive generator of this (necessarily principal!) ideal is the gcd we are looking for. b)* Dene lcm(a1 , . . . , an ), show it exists, and explain how to get it from the ideals (a1 ), . . . , (an ). 2.15) Show that gcd(a1 , a2 , a3 ) = gcd(gcd(a1 , a2 ), a3 ).
16Note that the positives are to avoid the problems of 2.7. 17Note the double-star: this is quite dicult.

18It is a metatheorem of algebra that if H and H are some substructures of a structure G, 1 2 then H1 H2 is also a substructure. Unions do not work nearly as nicely.

FOUNDATIONS AND UNIQUE FACTORIZATION

17

2.16)* Find an identity relating gcd(a1 , a2 , a3 ), lcm(a1 , a2 , a3 ) and a1 a2 a3 . Can you extend this to more than three numbers? (Hint: inclusion/exclusion.) 2.17) One says that a set of integers a1 , . . . , an is relatively prime in pairs if for all i = j , gcd(ai , aj ) = 1. a) Show that if a1 , . . . , an are relatively prime in pairs, then gcd(a1 , . . . , an ) = 1. b) Show that the converse does not hold when n 3: indeed, nd the smallest example of three integers which are not simultaneously divisible by any d > 1 but for which any two have a nontrivial common divisor.19 Remark: The phrase let a1 , . . . , an be relatively prime integers is therefore ambiguous when n 3. Probably it ought to mean the weaker condition that gcd(a1 , . . . , an ) = 1 but careful authors rephrase to avoid the ambiguity. If you hear someone say it, stop and ask them which one they mean! G2) Let F be a eld and let v : F Z be a surjective map satisfying properties a) and b) of Proposition 12; v is said to be a discrete valuation of F . a) Let Rv := {x F | v (x) 0} {0}. Show that Rv is a subring of F , the valuation ring. (It is common to formally set v (0) = to avoid having to keep manually inserting 0.) c) Since v is surjective, there is an element Rv with v ( ) = 1.20 Show that for any n 1, {x F | v (x) n} {0} = ( n ), the principal ideal of Rv generated by n (of course 0 = 1). d) Show that every ideal of Rv is of the form ( n ) for a suitable n N. In particular, every ideal of Rv is principal, and there is a unique maximal ideal, ( ). e) When F = Q, v = ordp , what is the valuation ring Rv ? f) Suppose k is a eld, and consider F = k (t), the quotient eld of the ring of polynomials k [t] with coecients in k . Show that the map v which takes a rational (x) function p q (x) to deg(q (x)) deg(p(x)) is a discrete valuation of k (t). Note that this is consistent with our previous convention that the degree of the zero polynomial is !

19This is reminiscent of the fact that a set of vectors can be linearly dependent even when any two of them are linearly independent from each other, a fact that gives linear algebra students no end of trouble. 20Denoting this element by is traditional. Needless to say (?) it has nothing to do with 3.1415926535897. . .