KARNATAKA STATE OPEN UNIVERSITY

Mukthagangothri, Mysuru – 570006

M.Sc. MATHEMATICS (CBCS)

(THIRD SEMESTER)

Course-MMDSE 3.4

Number Theory
M.Sc. MATHEMATICS (CBCS)
THIRD SEMESTER

Course: MMDSE 3.4

NUMBER THEORY
Programme Name: M.Sc. Mathematics (CBCS) Year/Semester: III Semester
Course Code: MMDSE 3.4 Course Name: Number Theory
Credit: 3 Unit Number : 1-16
COURSE DESIGN COMMITTEE
Dr. Sharanappa. V. Halse Chairman
Vice Chancellor
Karnataka State Open University
Mukthagangothri, Mysuru-570006
Prof. N. Lakshmi Member
Dean (Academic)
Karnataka State Open University
Mukthagangothri, Mysuru-570006
Dr. Pavithra. M Course coordinator
Assistant Professor
DoS in Mathematics, KSOU, Mukthagangothri, Mysuru-06
EDITORIAL COMMITTEE
1. Dr. K. Shivashankara Chairman
BOS Chairman(PG), DoS in Mathematics, KSOU
Associate Professor, Yuvaraja College,
University of Mysore, Mysuru-06

2. Mr. S. V. Niranjana Member & Convener

Coordinator, (DoS in Mathematics)
Assistant Professor, DoS in Physics,
KSOU, Mysuru-06

3. Dr. Pavithra. M Member

Assistant Professor
DoS in Mathematics, KSOU, Mysuru-06

4. Dr. Chandru Hegde Member

Assistant Professor,
DoS in Mathematics,
Mangalagangotri, Mangaluru.
 COURSE WRITER

Dr. Madhusudhan H S Block 3.4A to Block 3.4 D

Associate Professor (Block I - IV)
Department of Mathematics (Unit 01 to Unit 16)
Govt. First Grade College
Pandavapura, Mandya

COURSE EDITOR

Dr. Pavithra M Block 3.4A to Block 3.4 D

Assistant Professor (Block I - IV)
DOS in Mathematics (Unit 01 to Unit 16)
KSOU, Mysuru.

The Registrar
Karnataka State Open University
Mukthagangothri, Mysuru-570006

Developed by the Department of Studies in Mathematics under the guidance of Dean

(Academic), KSOU, Mysuru.
Karnataka State Open University, 2023.
All rights reserved. No part of this work may be reproduced in any form or any other means, without
permission in writing from the Karnataka State Open University.
Further information on the Karnataka State Open University Programmes may be obtained from the
University’s Office at Mukthagangothri, Mysuru – 570 006.
 TABLE OF CONTENTS
Page No.

BLOCK 3.4 A (BLOCK I)

Unit-1 The Fundamental Theory of Arithmetic, Euclid’s Theorem 1-13

Unit-2 Prime Number Theorem And Goldbach Conjecture 14-20

Unit-3 Fermat’s Factorization and Fermat’s Little Theorem 21-38

Unit-4 Euler’s Theorem And Wilson’s Theorem 39-49

BLOCK 3.4 B (BLOCK II)

Unit-5 Multiplicative Function τ And σ, M𝑜̈ bius Function And M𝑜̈ bius Inversion 51-61
Formula
Unit-6 The Greatest Integer Function, Euler’s Phi Function And Its Properties 62-69

Unit-7 Application to Cryptography 70-83

Dirichlet Product of Arithmetical Functions And Averages of Arithmetical

Unit-8 84-94
Functions
BLOCK 3.4 C (BLOCK III)

Unit-9 Order of An Integer Modulo N, Primitive Roots For Primes 96-103

Unit-10 Composite Numbers Having Primitive Roots 104-115

Unit-11 Euler’s Criterion, Legendre Symbol And Its Properties 116-128

Unit-12 Quadratic Reciprocity Law And Quadratic Congruences 129-137

BLOCK 3.4 D (BLOCK IV)

Unit-13 Sum Of Two Squares & Sums Of More Than Two Squares 139-150

Unit-14 The Fibonacci Sequence, Identities Involving Fibonacci Numbers 151-158

Finite Continued Fractions, Convergents of A Continued Fraction, simple 159-165

Unit-15
continued Fractions

Unit-16 Infinite Continued Fraction, Periodic Continued Fraction And Pell’s Equation 166-184
 BLOCK – I

PRIMES AND THEIR DISTRIBUTION,

FERMAT’S THEOREM

0
 UNIT – 1
THE FUNDAMENTAL THEOREM OF ARITHMETIC, EUCLID’S THEOREM

Structure:

1.0. Objective
1.1. Introduction
1.2. The Division Algorithm
1.3. The Greatest Common Divisor
1.4. The Least Common Multiple
1.5. The Linear Diophantine Equations
1.6. Summary
1.7. Keywords
1.8. Exercises
1.9. References

1.0. Objective:
This chapter discusses some of the basic properties of the integers, including the notions of
divisibility and primality, unique factorization into primes, greatest common divisors, and least
common multiples.
1.1. Introduction:
In this section we describe some preliminary tools we need before embarking into the core of
Number Theory.
1. Well Ordering Principle: Every non-empty set S of non-negative integers contains a
least element i.e, there exists an integer m such that m ≤ n .
2. Archimedean Property: If a and b are any two positive integers, then a positive
integer n such that na ≥ b.
3. First Principal of Mathematical Induction.
Let S be a set of positive integer satisfying the following properties:
(1) 1 S
(2) Whenever .
Then S is the set of all positive integers.

1
 n  n  1 2n  1
Example 1: We prove P(n) : 12  22  n2  (1)by mathematical
6
induction.
1 2  3
Proof: Suppose n = 1. Then LHS = 12=1 and RHS =  1.
6
Therefore LHS = RHS. So P(1) is true.
k  k  1 2k  1
Suppose P(n) is true for n = k i.e, 12  22  k 2  (2)
6
Now we prove P(n) is true for n = k + 1.
Add (k + 1)2 to both sides of (2). Then
k (k  1)(2k  1)
12  22   k 2  (k  1) 2   (k  1) 2
6
(k  1)(2k  7k  6) (k  1)(k  2)(2k  3)
2
 
6 6
which is exactly the right hand side of (1) for n = k + 1. Hence P(n) is true for all positive
integers n.
4. Second Principal of finite induction :
Let S be a set of positive integer satisfying the following properties:
(1) S
(2) if k is a positive integer such that 1, 2, 3, …, .
Then S is the set of all positive integers.
Example 2: Consider the Lucas sequence: 1, 3, 4, 7, 11, 18, 29, 47, 76, …
Sequence is defined by the following relation:
a1 = 1
a2 = 3
an = an–1 + an–2 for all n ≥ 3.
Our proposition is an < (7 / 4)n holds for every positive integer n.
For n = 1 and 2, we have a1 = 1 < (7 / 4)n = 7 / 4 and a2 = 3 < (7/ 4)2 = 49 / 16 and hence the
inequality holds in these two cases. For the induction step, choose an integer k ≥ 3 and assume
that the inequality is valid for n = 1, 2, …, k – 1. Then, ak–1 < (7 / 4)k–1 and ak–2 < (7 / 4)k–2 .
By the way in which the Lucas sequence is formed, it follows that

7 / 4  7 / 4
k –1 k –2
ak  ak –1  ak –2 
=  7 / 4    7 / 4   1  7 / 4  11/ 4    7 / 4   7 / 4  7 / 4 
k –2 k –2 k –2 2 k
  .

2
Because the inequality is true for n = k whenever it is true for the integers 1, 2, …, k – 1, we
conclude by the second induction principal that an < (7 / 4)n for all n ≥ 1.
5. The Binomial Theorem
Let n be a positive integer and r another positive integer such that 0 ≤ r ≤ n. Then,

binomial coefficient ( ) is defined as

( ) ( )( )
( )
( ) ( )
( ) ( )

Binomial coefficients are denoted by nCr . We state some of the results connected with Binomial
coefficients.

a) Pascal’s Rule: This rule says that ( ) ( ) ( )

b) Newton’s Identity: ( ) ( ) ( )( )

c) Binomial Theorem: If n is a positive integer, then ( ) ∑ ( )

1.2. The Division Algorithm

Theorem 1: Let a be any integer and b a positive integer. Then there exists unique integers q
and r such that a = bq + r with 0 ≤ r < b. Here q is called quotient and r is called remainder.
Proof: We consider the infinite sequence of multiples of b given below:
…, –b, 0, b, …, bq, b (q+1), …
Then obviously either a must be equal to one of the multiples of b say bq or it must lie between
two consecutive multiples say bq and b (q+1). Thus, we have
bq a < b(q+1) for some q ⇒ 0 a – bq < b.
Let a – bq = r. Then we have a = bq + (a – bq) = bq + r, 0 r < b.
This completes the existence part of the theorem. For uniqueness we assume the possibility of
two different representations of a as given below:
a = bq + r, 0 r<b and a = bq1 + r1, 0 r1 < b for some integers q, q1, r, and r1.
These two equations imply that
bq + r = bq1 + r1 Or b(q – q1) = r1 – r.
This shows that b divides r1 – r. But this is not possible because both r and r1 are positive
integers less than b. Hence, q and r must be unique.

3
Corollary 1: If a and b are integers with b ≠ 0, then unique integers q and r such that
a = bq + r, 0 ≤ r < |b|.
Proof: We consider the case when b is negative. Clearly |b| > 0. Hence by Theorem (1)
unique integers q and r such that a = q'|b| + r, 0 ≤ r < |b|. Take q = -q' then a = bq + r, 0 ≤ r < |b|.
Definition 1: An integer n is called even if n = 2k and it is called odd if n = 2k + 1 for some
integer k.
Example 3: We prove square of any integer is of the form 4k or 4k + 1.
Proof: Any integer n is of the form 2m or 2m+1 by division algorithm. Hence square of n is
either 4m2 or 4m(m+1) + 1 which implies n is either of the form 4k or 4k+1.
Example 4: We prove that square of any integer is of the form 3k or 3k+1.
Proof: Let a be any integer. When a is divided by 3 it leaves the remainder 0, 1, or 2. a is of
the form 3q, 3q+1 or 3q+2. So, let a = 3q. Then a2 = 9q2 = 3·3q2 = 3k.
When a = 3q+1, then a2 = 9q2 + 6q+1= 3(3q2 +2)+1= 3k+1.
When a = 3q+2, then a2 = 9q2 + 12q+4= 3·(3q2 +4q+1)+1= 3k+1.
Hence a2 is of the form 3k or 3k+1.
Example 5: We show that n(n+1)(2n+1) / 6 is an integer for n ≥ 1.
Proof: When n is divided by 6 it leaves the remainder 0, 1, 2, 3, 4, or 5 by division algorithm.
Any integer n can be written in the form 6k, 6k+1, 6k+2, 6k+3, 6k+4 or 6k+5. So, when n = 6k,
n(n+1)(2n+1) is divisible by 6. When n = 6k+1, then
n(n+1)(2n+1) = (6k+1)(6k+2)(12k+3) = 6(6k+1)(3k+1)(4k+1)
which when divided by 6 gives an integer. Similarly we can prove the result in other cases.
Definition 2 (Divisibility): An integer b is said to be divisible by an integer a ≠ 0 if there exists
an integer c such that b = ac and we write it as a | b (a divides b). If b is not divisible by a then
we write it as a | b (a does not divides b).

Theorem 2: For integers a, b, c the following hold:

(a) a | 0, 1 | a, a | a
(b) a | 1 if and only if a = ± 1
(c) if a | b and c | d then ac | bd
(d) if a | b and b | c then a | c
(e) a | b and b | a if and only if a = ±b
(f) if a | b and b ≠ 0 then |a| ≤ |b|
(g) if a | b and a | c then a | bx+cy for arbitrary integers x and y.

4
Proof: Proofs of (a) and (b) are very easy.
Let us prove (c). a | b ⇒ b = k1a and c | d ⇒ d = k2c, k1, k2 .
Multiplying these two, we obtain bd = (k1 k2)ac ⇒ ac | bd.
Proof of (d) : a | b ⇒ b = k1a and b | c ⇒ c = k2b, k1, k2 . Substituting for b in c = k2b, we
obtain c = k2 (k1a) i.e, c = (k1 k2)a ⇒ a | c.
Proof of (e) : a | b ⇒ b = k1a and b | a ⇒ a = k2b, k1, k2 . Hence a = (k1 k2)a ⇒ k1 k2 = ±1.

Proof of (f) : Since a | b ⇒ b = ka, ⇒ | | | |

| || | | |≥ | | | || | ≥ | |.
Proof of (g) : Since a | b ⇒ b = k1a and a | c ⇒ c = k2a, k1, k2 .

( ) |( )
Similarly we can show that a | bx-cy.
Property (g) of Theorem 2 can be extended by induction to sums of more than two terms. That is
if a | bk for k = 1, 2, 3, |

1.3. Greatest Common Divisor

Definition 3 (Greatest Common Divisor) : Let a and b be any two integers, with at least one of
them is not zero. Then greatest common divisor of a and b denoted by gcd(a, b) is the positive
integer d satisfying the following:
(a) d | a and d | b
(b) if c | a and c | b then c ≤ d.
Example 6: gcd(12, 30) = 6, for divisors of 12 are 1, 2, 3, 4, 6, 12 and that of 30 are 1, 2, 3, 5, 6,
10, 15, and 30. common divisors are 1, 2, 3, and 6. Among these 6 is the largest. Hence
gcd(12, 30) = 6.
Theorem 3: If a and b are any two integers, not both of them are zero, then there exits integers x
and y such that gcd(a, b) = ax + by.
Proof: Let { | }. Since | | where we
choose x = 1 or -1 according as a is positive or negative, S is non-empty. Clearly S is a set of
positive integers. by Well-ordering principle, S has a least element, say d. By very definition
of S, there exists integers x0, y0 such that d = ax0 + by0.
Now, we prove that d is the gcd of a and b. By division algorithm we can find integers q
and r such that

5
 ( ) ( ) ( )
If r were positive, then this representation would imply contradicting the fact that d
is the least integer in S. Therefore ⇒ ⇒ | Similarly we can prove that d | b.
Hence d is a common divisor of a and b.
Now if c is a positive integer such that c | a and c | b then c | ax + by Hence
| ( ) | | | | ⇒ Hence gcd(a, b) = d.
Corollary 2: If a and b are given integers, not both zero then the set
{ | }
is precisely the set of all multiples of d = gcd(a, b).
Proof: Since | | | Thus every element of T is a multiple of d.
Conversely since d is expressed as , any multiple nd of d is of the form
( ) ( ).
Hence nd is an element of T.
Definition 4: Two integers a and b, not both of which are zero are said to be relatively prime if
gcd(a, b) = 1.
Theorem 4: Let a and b be integers, not both zero. Then a and b are relatively prime if and
only if there exists integers x and y such that ax + by = 1.
Proof: Suppose gcd(a, b) = 1. Then by Theorem 3 there exists integers x and y such that 1=
ax + by.
Conversely suppose ax + by = 1 and let gcd(a, b) = d. Then | | ⇒ |
| . Since d is positive d = 1. This completes the proof.

Corollary 3: If ( ) ( ) .

Proof: Since gcd(a, b) = d, there exists integers x and y such that Dividing both

( ) ( ) Since d | a and d | b,

( ) .

Corollary 4: If a | c and b | c and (a, b) = 1, then ab | c.

Proof: Since gcd(a, b) = 1 there exists integers x and y such that ⇒
(3)
Since | | ⇒ . By appropriate substitution
in (1.1.3), we have ( ) ( )
i.e., ( ) ( ) i.e., ( ) ⇒ | .

6
Theorem 5 (Euclid’s Lemma): If | ( ) | .
Proof: | ( ) there exist
integers .
Since , we have ( ) ⇒ | .
Corollary 5: ( ) ( ) ( ) .
Proof: ( ) . Similarly (a, c) = 1, implies
there exists integers . Multiplying these two, we obtain
( )( )
i.e, ( ) ( ) .
This implies (a, bc) = 1.
The Euclidean Algorithm: There are several methods for finding gcd of two positive integers.
Among these Euclidean algorithm is the efficient algorithm. In fact, it is one of the fastest
algorithm to find gcd of two positive integers and most simple one.
First let us prove the following theorem.
Theorem 6: Let a and b be any two positive integers and r is the remainder when a is divided
by b. Then gcd(a, b) = gcd(b, r).
Proof : Let gcd(a, b) = d. Divide a by b. Then there exists unique integer q and r such that a =
bq + r, 0 ≤ r < b. Since | | | ⇒ | d is a common divisor of b and r.
Suppose c is a common divisor of b and r, then | ⇒ | . Hence c is a common
divisor of a and b. Since d is the gcd of a and b, by definition c ≤ d. Hence gcd(b, r) = d.
Now, we explain Euclid’s Algorithm. Let a and b be any two positive integers with a >
b. [If a = b then gcd(a, b) = a]. Then applying division algorithm repeatedly we have the
following sequence of equations:
,
,
,

Continuing like this, we get the following sequence of remainders:

≥ .
Since remainders are non-negative and getting smaller and smaller, this sequence should
eventually terminate with . Thus, the last two equations in the above procedure are
and .

7
 By Theorem 6 we have,
( ) ( ) ( ) ( ) , the last two non-zero remainders.
Theorem 1.2.3 asserts that gcd(a, b) can be expressed in the form ax + by, but proof of
the theorem gives no hint as to how to find x and y. For this we use Euclidean Algorithm.
Starting with equation
We write .
Now solve preceding equation in the algorithm for and substitute to obtain
( )
( ) ( ) .
This represents as linear combination of and . . Continuing backward through
system of equations, we successively eliminate the remainders until a stage
is reached where ( ) is expressed as a linear combination of a and b.
Example 7: Let us find gcd of 256 and 1166.
Proof: Since

and
.
To represent 2 as a linear combination of 256 and 1166, consider

( )

( )
( ) ( )
( )
( )( )
( ).
.
Theorem 7: If k > 0 then gcd(ka, kb) = k·gcd(a, b).
Proof: Multiply each of the equations in Euclidean Algorithm by k.
Corollary 6: For any integer k ≠ 0, gcd(ka, kb) = |k| gcd(a, b).

8
1.4. Least Common Multiple

Definition 5: Let a and b be any two integers. Then least common multiple of a and b denoted
by lcm(a, b) is the positive integer c satisfying the following :
(a) a | m and b | m
(b) if a | c and b | c then m ≤ c.
Example 8: Consider a = 12 and b = 30. Then common multiples of a and b are 60, 120, 180,
240, ···. Among these 60 is the least. Therefore lcm(12, 30) = 60.
Theorem 7: For positive integers a and b
lcm(a, b) × gcd(a, b) = a·b.

Proof: Let d = gcd(a,b). Then we can find integers r and s such that .

Then m = as = rs. Hence m is a common multiple of a and b. Let c be any positive integer that is a
common multiple of a and b i.e, there exists integers u and v such that c = au = bv. Since d =
gcd(a, b) there exists integers x and y such that d = ax + by. Hence
( )

⇒ | ⇒ ( ) .
( ) ( )
1.5. Linear Diophantine Equation
Definition 6: An equation of the form ax + by = c, where a, b, c are integers and a, b
are not both zero is called linear Diophantine equation in two unknown.
A solution of this equation is a pair of integers that satisfy the above equation.
Theorem 8: The linear Diophantine equation ax + by = c has a solution if and only if d | c where
d = gcd(a, b). If ( ) is any particular solution, then all other solutions are given by

( ) ( )

where t is any arbitrary integer.

Proof: First, let us prove the second part. Suppose ( ) is a particular solution of the
equation and ( ) is any other solution. Then
⇒ ( ) ( )
Since d | a and d | b, there exists integers r and s with gcd(r, s) = 1 such that a = dr and b
= ds. Substituting, we have
( ) ( )
( ) ( ).

9
 This implies | ( ). Since gcd(r, s) = 1, by Euclid’s lemma, we have |( )
⇒ where t is an integer.

( )

Since ( ) ( ) we have ( ) ( ) ( )

or ( ) .

Now, we show that satisfies the equation ax + by = c.

Consider

[ ( ) ] [ ( ) ]

( ) [ ]

Thus, there are an infinite number of solutions.

Example 9: Consider the linear Diophantine equation 172x + 20y = 1000. By using Euclid’s
algorithm, gcd(172, 20) = 4. Since 4 | 1000, a solution of this equation exists. Since 4 can be
expressed as linear combination of 172 and 20, by using Euclid’s algorithm we find
4 = 2·172 + (–17)·20.
Multiplying both sides by 250, we obtain
1000 = (500)172 + (–4250)20.
is a solution of 172x + 20y = 20.
general solution is given by

where t is an integer.

Definition 7: An integer p > 1 is called a prime number if the only divisors of p are ±1 and ±p.
If p is not a prime then it is called composite.

For example 2, 3, 5, 7, 11, · · · are primes whereas 4, 6, 8, 9, 10, · · · are composite numbers.
Note that 2 is the only even prime.

Note: 1 is neither prime nor composite.

Theorem 9: If p is a prime and p | ab then p | a or p | b.

Proof: If p | a then there is nothing to prove. So, assume . Then gcd(a, p) = 1. Hence, by
Euclid’s lemma, p | b.

10
Corollary 7: If p is prime and | | for some k, where 1 ≤ k ≤ n.
Proof: The proof is by induction on n. When n = 1, the stated conclusion obviously holds;
whereas when n = 2 the result true by Theorem 9. Suppose n > 2 and assume whenever p divides
a product of less than n factors, it divides at least one of the factors that if
| | for some k, 1 ≤ k ≤ n – 1.
Now suppose |( ) . Then, by Theorem 9, either | or
| . If | then the proof is complete. Otherwise, by induction hypothesis | for some k,
1 ≤ k ≤ n – 1. In any case, p divides one of the integers a1, a2, …, an.

Corollary 8: If are all primes and | then for some k, 1 ≤ k ≤ n.

Proof: By Corollary 7, we know that p / qk for some k, with 1 ≤ k ≤ n. Being a prime, qk is not
divisible by any positive integer other than 1 or qk itself. Because p > 1, we are forced to
conclude that p = qk.

Theorem 10: (Fundamental Theorem of Arithmetic): Every integer n > 1 can be expressed as
a product of primes in a unique way apart from the order of the prime factors.

Proof: We prove it by induction. Clearly the theorem is true for n = 2 (as 2 is prime). Suppose
that every integer less than n can be written as a product of primes. Now, we show that n can be
expressed as product of primes.

If n is prime, then there is nothing to prove. If not, there exists integers a and b such that
n = ab and 1 < a, b < n. By our induction hypothesis, a and b can be expressed as product of
primes and hence n can also be expressed as product of primes and that completes the first part.

Uniqueness: Suppose n can be expressed as a product of primes in two different ways:

n = p1 p2 p3 pr = q1 q2 q3 qs, with r < s (4)

where pi and qi are primes in the increasing order i.e., p1 p2 p3 pr and q1 q2 q3

qs.

Since p1 | n implies p1 | q1 q2 q3 qs, by Corollary 8, p1 = qk for some k with 1 ≤ k ≤ s.

But then p1 ≥ q1. Similar reasoning gives q1 ≥ p1, and hence p1 = q1. We may cancel this
common factor in (4) and obtain

p2 p3 pr = q2 q3 qs.

Now repeat the process to get p2 = q2 and, in turn,

p3 p4 p5 pr = q3 q4 q5 qs.

11
If this process is continued and if r < s, then we would eventually arrive at

1 = qr+1 qr+2 qs

which is absurd, because each qj > 1. Hence r = s and p1 = q1, p2 = q2, … pr = qr making the two
fractorizations of n identical. The proof is now complete.

Corollary 9: Any positive integer n > 1 can be written uniquely in a canonical form

where, each ki is a positive integer and each pi is a prime, with p1 < p2 < < pr.

For example, 360 = 23 32∙5.

We now prove a famous result due to Pythogoras.

Theorem 11: The number √2 is irrational.

Proof: If √2 = a / b where a and b are integers with gcd(a, b) = 1. Then there exists integers r
and s satisfying ar + bs = 1. As a result,

√2 = √2 1 = √2(ar + bs) = (√2a)r + (√2b)s = 2br + as.

This shows that √2 is an integer, an obvious contradiction since 1 < √2 < 2.

1.6. Summary: In this Chapter, we have studied one of the fundamental results in Number
theory “The division algorithm”. Also we studied several divisibility properties, gcd, lcm of
two integers. As an application of Euclid’s algorithm which is used to find gcd of two
integers, we solved linear diaphantine equation. At the end of the chapter we proved a very
important theorem, “The fundamental theorem of Arithmetic”.
1.7. Keywords: Integer, prime number, composite number, divisibility, factorization, greatest
common divisor, least common multiple, relatively prime numbers.
1.8. Exercises:
1. Find the gcd and lcm of (a) 143, 227 (b) 1976, 1776 (c) 306, 657 and
express the gcd as linear combination ax + by in each case.
2. Prove that gcd(n – 1, n + 1) = 1 or 2 for each n ≥ 2 and (2n – 1, 2n + 1) = 1 for each
n≥7
3. Prove that (n – 1)2 | nk – 1 if and only if n – 1 | k.
4. Show that any integer of the form 6k + 5 is also of the form 3j + 2 but not conversely.
5. Use the division algorithm to establish the following:
a. Square of any integer is either of the form 3k or 3k + 1
12
 b. The cube of any integer has one of the forms 9k, 9k + 1 or 9k + 8.
6. Prove that 3a2 – 1 is never a perfect square.
7. Prove that no integer in the following sequence is a perfect square:
11, 111, 1111, 11111, …
8. Find the number of positive integers 3076 and (a) divisible by 19 (b) not divisible by
17.
9. Prove that the sum of two integers of the form 4k + 1 is even.
10. Prove by mathematical induction
(a) 2n3 + 3n2 + n is divisible by 6
(b) 5 | 33n + 1 + 2n + 1.
11. Find the largest non-trivial factor of 230 – 1.
12. Given an odd integer a, establish that a2 + (a + 2)2 + (a + 4)2 + 1 is divisible by 12.
13. Which of the following Diophantine equation can be solved:
(a) 6x + 51y = 22 (b) 33x + 14y = 115
(c) 12x + 13y = 14 (d) 1076x + 2076y = 1155
14. Find the solutions of
(a) 5x + 14y = 620 (b) 31x – 7y = 2
(c) 2x + 3y = 4 (d) 28x + 91y = 119
15. If a and b are relatively prime positive integers, prove that the Diophantine equation
ax – by = c has infinitely many solutions in positive integers.
16. Find two fractions whose denominators are 7 and 13 and their sum is 33 / 91.

1.9. References
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

13
 UNIT – 2
PRIME NUMBER THEOREM AND GOLDBACH CONJECTURE

Structure:

2.0. Objective
2.2. Trial Division
2.3. Sieve of Eratosthenes
2.4. Goldbach Conjecture
2.5. Prime Number Theorem
2.6. Summary
2.7. Keywords
2.8. Exercises
2.9. References

2.0. Objective
This chapter concerns itself with the question: how many primes are there? In this chapter we
prove that there are infinitely many primes; however, we are interested in a more quantitative
answer to this question; that is, we want to know how “dense” the prime numbers are and also
how they are distributed among integers.

2.1. Trial Division

Since an even integer is always divisible by 2, a prime number is always odd except 2. So, given
large odd integer, how can we determine whether n is prime or composite. The obvious
approach is dividing n by all primes less than n. If n is not divisible by any of them, then n must
be prime. Otherwise n is composite. This method is called Trial division. This method not
only determines whether n is prime or not, it also gives a non-trivial divisor of n, if n is
composite. But the following theorem show that there always exists a prime divisor p of n which
is less than or equal to √ if n is composite. This implies, to find whether n is prime or
composite, it is enough to divide n by all primes less than or equal to √ .

Theorem 1: Let n > 1 be a composite integer, then there exists a prime p such that p | n and p ≤
√ .

14
Proof: If n is composite then n = a·b for some integers a and b with 2 ≤ a,b < n and a ≤ b.
Since n = a·b ≥ a2, a ≤ √ . Now, by FTA, either a is a prime or has a prime divisor p. p|a⇒
p | n and p ≤ √ .

For example, take n = 271. Then 16 < √ 7 < 17 and 2, 3, 5, 7, 11 and 13 all do not
divide 271. Hence 271 is a prime number.

Even though the method looks very simple, it is not useful in practice. For example, if a
positive integer is less than a million is given, we can find all factors fairly quickly. If an integer
of the order of say 50 digits is given, then using best computers that exists today, finding a factor
would be impractical.

2.3. The Sieve of Eratosthenes

Suppose we want to list all primes p ≤ n, where n is an integer > 1. We know that if n is
composite then it is divisible by a prime p < √ . First, list all integers from 1 to n. Underline 2
and strike out all multiples of 2. The first of the remaining integers is 3. Underline 3 and strike
out all multiples of 3. The smallest integer after 3 that is left out is 5. Continuing this procedure,
suppose we have struck off all multiples of a prime p, the next integer left in the list is prime next
to p, say q. We continue repeating the process till q > √ and then quit. The remaining unstruck
integers are primes. For example, we list all primes ≤ 50.
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30
31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50
Now the question arises. Are there infinitely many primes? Answer is yes and it was
proved by Euclid in his book ‘Elements’.

Theorem 2: There is an infinite number of primes.

Proof: The proof is by contradiction. Suppose, there are only finitely many primes say
. Let . If P is prime then there is nothing to prove. If P is
composite the P has a non-trivial divisor, say .

Since, | | ⇒ | ⇒ , which is a contradiction.

Hence there are infinitely many primes.

15
 Now, the next question is ‘Is there a simple formula for the nth prime pn, like 2n that
produces all even integers. Answer is no. Also given a large odd integer, it is difficult to find
whether the number is prime or composite. But, more difficult is finding the factors, if the
number is composite. More over their distribution with in the positive integers is most
mystifying and irregular. Sometimes they are very close together like 3 & 5, 11 & 13, 17 & 19
or 1000000000061 & 1000000000063 and at the same time there exists arbitrarily large gaps
between consecutive primes that is given any positive integer n, there exists n consecutive
integers, all of which are composite. To prove this, consider the integers, (n+1)!+2, (n+1)!+3,
···, (n+1)!+(n+1) where n! = n·(n – 1) ··· 3·2·1. Clearly each integer is composite: (n+1)!+2 is
divisible by 2, (n+1)!+3 is divisible by 3 and so on.

2.4. Goldbach Conjecture

Another famous unsolved problem is “Goldbach conjecture”. It states that every even
integer is the sum of two numbers that are either primes or 1.

For example: 2 = 1+1, 4 = 2+2 = 1+3, 6 = 3+3 = 1+5,

8 = 3+5 = 1+7, 10 = 3+7 = 5+5 etc.

In the year 1742, Goldbach wrote a letter to Leonard Euler about his conjecture. In reply
Euler wrote to Goldbach another conjecture which states

“Any even integers (≥ 6) of the form 4n+2 is a sum of two numbers each being either a
prime of the form 4n+1 or 1.

All attempts to obtain a proof of Goldbach conjecture have been completely unsuccessful
so far. The first real progress on the conjecture is nearly 200 years was made by Hardy & Little
wood in 1922. On the basis of a certain unproved hypothesis, the so called generalized Riemann
hypothesis, they showed that every significantly large odd number is the sum of three odd
primes. In 1937, Russian mathematician Vinogradov showed that if A(x) is the number of even
integers n ≤ x that are not sum of two primes, then

( )

This shows that almost all even integers satisfy the conjecture.

Now, by division algorithm any integer can be written in the form 4n, 4n+1, 4n+2 or 4n+3.
Therefore all odd integers are of the form either 4n+1 or 4n+3.

16
 Since all primes are odd, the primes must be of the form either 4n+1 or 4n+3. Let us
write down some of the primes of the form 4n+1 and 4n+3.

4n+3 : 3 7 11 19 23 31 43 47 59 67 71 79 83

4n+1 : 5 13 17 29 37 41 53 61 73 89 97.

Let us denote ( ) as the function which counts the number of primes of the form p = an+b
not exceeding x. Then

( ) ( )
⇒ ( ) ( )

In 1914, J.E. Littlewood showed that the inequality fails infinitely often. For x = 26,861,

( ) ( )

The next prime at which the reversal occurs is x = 616,841.

Number theorists often dream of finding formulas that generate primes for consecutive values of
the integral variable n. Euler found one such formula in 1772; E(n) = n2 – n + 41 yields a prime
for every positive integer n ≤ 40. But when n = 41, E(41) = 412 is not a prime.

Theorem 3: There is no polynomial f(n) with integral coefficients that will produce primes for
all integers n.

Proof: We prove it by contradiction. Suppose there is a polynomial

( )

Where ak ≠ 0. Let b be some integer. Since f(n) is always a prime, f(b) must be a prime p; that
is,
( ) (1)

Let t be an arbitrary integer. Then

( ) ( ) ( ) ( )

( ) ( )

Where g(t) is a polynomial in t. Thus,

( ) ( ) ( )

( )]

17
So p | f (b+tp). But every value of f is a prime, so f (b+tp) must be a prime and hence
f (b+tp) = p. Thus, f (b) = p = f(b+tp). This implies f takes on the same value infinitely many
times, since t is an arbitrary integer.

But f (n) is a polynomial of degree k, so it cannot assume the same value more than k
times, yielding a contradiction.

Thus, no polynomial with integral coefficients exists that will generate only primes. All
this shows that prime numbers are distributed irregularly among integers.

But the average distribution of primes is very regular, its density shows a steady but slow
decrease. The number of primes between 2 to 1000, 1001 to 2000, 2001 to 3000, 3001 to 4000
and 4001 to 5000 are 168, 135, 127, 120, and 119 and those in the last five blocks of 1000 below
10,000,000 are 62, 58, 67, 64 and 53.

Let ( ) denote the number of primes less than or equal to x. Then ( )

( ) etc., Using the summation notation, ( ) can be defined as

( ) ∑ Where p denotes a prime.

2.4. The Prime Number Theorem

  x
lim  1 (That is, as x gets larger and larger, ( ) approaches x / ln x.)
x  x / lnx

Gauss noticed the similarity between the values of ( ) and x/ln x, as x gets larger and
conjectured the theorem in 1793, but did not provide a proof. In 1850, the Russian
mathematician Pafnuty Lvovich Chebychev made significant progress toward a proof; he proved
that there are positive constants a and b, such that

( ) where x ≥ 2.

In 1896, the French mathematician Jacques Hadamard and the Belgian mathematician
Charles-Jean-Nicholas de la Vallee-Poussin, working independently, proved the theorem using
advanced mathematics. This proof was a milestone in the development of number theory. But in
1950, the Hungarian mathematician Paul Erdos and Norwegian mathematician Alte Selberg
proved the theorem using elementary calculus.

According to the prime number theorem, when x is sufficiently large, ( ) can be

approximated by x / ln x. But a better approximation is the function li(x), defined by Gauss,
where
18
 ( ) ∫

( ) ( )
Let us construct a table comparing with that of .
ln li

( ) ( )
x π(x)
ln l
103 168 1.160 0.9438202
104 1229 1.132 0.9863563
105 9592 1.104 0.9960540
106 78498 1.085 0.9983466
107 664579 1.071 0.9998944
108 5761455 1.061 0.9998691
109 50847534 1.054 0.9999665
1010 455052512 1.048 0.9999932
( ) ( )
From the table it is clear that approaches 1 more rapidly than .
li ln

2. 5. Summary

In this chapter we have studied the properties of primes which are considered as building blocks
of integers. We have seen in this chapter how haphazardly primes are distributed among integers
and also there exists no simple formula to find nth prime. At the end of the chapter we stated one
of the most important theorem “Prime number theorem”.

2.6. Keywords
Trial division, sieve, conjecture, polynomial.
2.7. Exercises:
1. Prove that if p is a prime such that p + 2 is also a prime then
(a) p(p + 2) + 1 is a perfect square
(b) 12 | p + (p + 2) whenever p > 3.
2. Determine whether the integer 1013 is prime by testing all primes p 1013 as possible
divisors.

3. Prove that p is irrational for any prime p.

4. Show that any composite three digit number must have a prime factor less than or equal
to 31.

19
 5. Show that if n > 2, there exists a prime p such that p < n < 2p.
6. Prove that if p and p2 + 8 are primes, p3 + 4 is also prime.
 p
7. If p is a prime and 1 k < p, then prove that p |  .
k

8. Let p and q be successive odd primes and p + q = 2r, then prove that r is composite.
9. If n is composite then prove that 2n – 1 is composite.
10. Prove that the Goldbach conjecture that every even integer greater than 2 is the sum of
two primes is equivalent to the statement that every integer greater than 5 is the sum of
three primes.
11. Let pn denote the nth prime number. For n ≥ 3, prove that pn23  pn pn1 pn2 .

2.8. References:
1. An Introduction to Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
2. Elementary Number Theory, David M. Burton, McGraw Hill Publication
3. The New Book of Prime Number Record, Paulo Ribenboim, Springer Verlag
4. Elementary Number Theory with Applications, Thomas Koshy, Elsevier.
5. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley.

20
 UNIT – 3
FERMAT’S FACTORIZATION AND FERMAT’S LITTLE THEOREM

Structure:

3.0. Objective
3.1. Congruences
3.2. Linear Congruences
3.3. System of Linear Congruences
3.4. Fermat’s Little Theorem
3.5. Fermat’s Factorization Technique
3.6. Summary
3.7. Keywords
3.8. Exercises
3.9. References

3.0. Objective
This chapter introduces the basic properties of congruences modulo n, along with the related
notion of congruence classes modulo n. Other items discussed include the Chinese remainder
theorem to solve a system of linear congruences, Fermat’s little theorem and Fermat’s
factorization technique.

3.1. Congruences
Definition 1: Let n be a fixed positive integer. Two integers a and b are said to be congruent
modulo n, symbolized by a  b ( mod n) if n divides the difference a – b; that is provided that a –
b = kn for some integer k.
To fix the idea, consider n = 7. It is routine to check that
3  24 (mod 7) –31  11 (mod 7) –15  – 64(mod 7)
Because 3 – 24 = (–3) 7, (-31) –11 = (– 6) 7 , and –15 – (– 64) = 7 7.
When n |  a  b  , we say that a is incongruent to b modulo n, and in this case we write a  b

(mod n).
For a simple example: 25  12 (mod 7), because 7 fails to divide 25 – 12 = 13.

21
It is to be noted that any two integers are congruent modulo 1, whereas two integers are
congruent modulo 2 when they are both even or both odd. In as much as congruence modulo 1 is
not particularly interesting, the usual practice is to assume that n > 1.
Given an integer a, let q and r be its quotient and remainder upon division by n, so that
a = qn + r 0  r < n.
Then, by definition of congruence, a  r (mod n). Because there are n choices for r, we see that
every integer is congruent modulo n to exactly one of the values 0,1,2,...,n – 1; in particular, a 
0 (mod n) if and only if n | a. The set of n integers 0, 1, 2 ,…,n – 1 is called the set of least
nonnegative residues modulo n.
In general, a collection of n integers a1, a2,…, an is said to form a complete set of residues (or a
complete system of residues) modulo n if every integer is congruent modulo n to one and only
one of the ak. To put it another way, a1, a2 , …, an are congruent modulo n to 0, 1, 2 ,..., n – 1,
taken in some order. For instance,
–12, –4, 11, 13, 22, 82, and 91
constitute a complete set of residues modulo 7; here, we have
–12  2 –4  3 11  4 13  6 22  1 82  5 91  0
all modulo 7. An observation of some importance is that any n integers form a complete set of
residues modulo n if and only if no two of the integers are congruent modulo n. We shall need
this fact later.
Our first theorem provides a useful characterization of congruence modulo n in terms of
remainders upon division by n.
Theorem 1: For arbitary integers a and b, a  b (mod n) if and only if a and b leave the same
nonnegative remainder when divided by n.
Proof. First take a  b (mod n), so that a = b + kn for some integer k. Upon division by n, b
leaves a certain remainder r; that is, b = qn + r, where 0  r < n. Therefore.
( ) ( )
which indicates that a has the same remainder as b.
On the other hand, suppose we can write a = q1n + r and b = q2n + r, with the same remainder r
( 0  r < n). Then
a  b   q1n  r    q2n  r    q1  q2  n

whence n | a – b. Therefore by the definition of congruences, we have a  b (mod n).

22
Example 1: Because the integers –56 and –11 can be expressed in the form (– 56) = (–7)9+7
– 11 = (– 2)9+7 with the same remainder 7, Theorem 1 tells us that –56  –11 (mod 9). Going
in the other direction, the congruence – 31  11(mod 7) implies that – 31 and 11 have the same
remainder when divided by 7; this is clear from the relations –31 = (–5)7+4 and 11=1.7+4
Theorem 2: Let n >1 be fixed and a, b, c, d be arbitrary integers. Then the following properties
hold:
a) a  a (mod n).
b) If a  b (mod n), then b  a (mod n).
c) If a  b(mod n) and b  c(mod n), then a  c(mod n).
d) If a  b(mod n) and c  d(mod n), then a + c  b + d(mod n) and ac  bd(mod n).
e) If a  b(mod n), then a +c  b +c(mod n) and ac  bc(mod n).
f) If a  b(mod n), then ak  bk(mod n) for any positive integer k.
Proof. For any integer a, we have a – a = 0 n, so that a  a(mod n). Now if a  b(mod n) , then
a – b = kn for some integer k. Hence, b – a = -(kn) = (-k)n and because – k is an integer, this
yields property (b).
Property (c) is slightly less obvious: Suppose that a  b(mod n) and also b  c(mod n).
Then there exists integers h and k satisfying a – b = hn and b – c = kn. It follows that
a – c = (a – b) + (b – c) = hn +kn = (h + k)n.
This implies n | a – c and hence a  c(mod n) in congruence notation.
In the same vein, if a  b (mod n) and c  d(mod n), then we are assured that a – b = k1n
and c – d = k2n for some choice of k1 and k2. Adding these equations, we obtain
 a  c   b  d    a  b    c  d   k1n  k2n   k1  k2  n
or, as a congruence statement, a+c  b+d (mod n). As regards the second assertion of property
(d), note that
ac   b  k1n  d  k2n   bd   dk2  dk1  k1k2n  n

Because bk2 +dk1+k1k2n is an integer, this says that ac – bd is dividable by n, whence ac  bd

(mod n).
The proof of property (e) is covered by (d) and the fact that c  c (mod n). Finally, we
obtain property (f) by making an induction argument. The statement certainly holds for k = 1,
and we will assume it is true for some fixed k. From (d), we know that a  b(mod n) and ak ≡ bk

23
(mod n) together imply that aak  bbk (mod n) or equivalently ak+1  bk+1 (mod n). This is the
form the statement should take for k+1 and so the induction step is complete.
Before going further, we should illustrate that congruences can be a great help in carrying out
certain types of computations.
Example 2: Let us show that 41 divides 220 – 1. We begin by noting that 25  –9 (mod 41).
Whence (25)4  (–9)4 (mod 41) by Theorem 2 (f); in other words, 220  81 81(mod 41). But 81 
–1 (mod 41), and so 81 81  1(mod 41). Using parts (b) and (e) of Theorem 2, we finally arrive
at
220  1  (81  81)  1  1  1  0  mod 41 .

Thus, 41 | 220 – 1, as desired.

Example 3: For another example, let us find the remainder obtained upon dividing the sum
1! +2! +3! +4!+......+99!+ 100!
by 12. Without the aid of congruences, this would be an awesome calculation. Observe that
4!  24  0 (mod 12).
Thus, for k  4
k!  4! 5 6 … k  0 5 6 … k  0 (mod 12).
In this way, we find that
1! +2! +3!+4!+....+100!  1!+2!+3!+0+....+0  9 (mod 12).
Accordingly, the sum in question leaves a remainder of 9 when divided by 12.
In Theorem 2 we saw that if a  b (mod n), then ca  cb (mod n) for any integer c. The
converse, however, fails to hold. As an example, perhaps as simple as any, note that 2 4  2 1
(mod 6), whereas 4  1 (mod 6). In brief: one cannot unrestrictedly cancel a common factor in
the arithmetic of congruences.
With suitable precautions, cancellation can be allowed; one step in this direction.
Theorem 3: If ca  cb(mod n), then a  b(mod n /d), where d = gcd(c, n)
Proof: Given ca  cb(mod n). Hence there exists some integer k, such that
c(a – b) = ca – cb = kn. (1)
Since, gcd(c, n) = d, there exists relatively prime integers r and s satisfying
c = dr, n = ds.
When these values are substituted in the equation (1) and the common factor d cancelled, the net
result is r(a – b) = ks.

24
Hence s|r(a – b) and gcd (r, s) = 1. Euclid’s lemna yields s|a – b, which may be written as a  b
(mod s); in other words, a  b (mod n /d).
Theorem 3 gets its maximum force when the requirement that gcd(c, n) = 1 is added, for then the
cancellation may be accomplished without a change in modulus.
Corollary 1: If ca  cb (mod n) and gcd(c, n) = 1, then a  b(mod n).
Corollary 2. If ca  cb (mod p) and p | c and p a prime imply that gcd(c, p) = 1.

Example 4: Consider the congruence 33  15(mod 9) or, if one prefers, 3 11  3 5(mod 9).
Because gcd(3, 9) = 3, Theorem 3 leads to the conclusion that 11  5 (mod 3). A further
illustration is given by the congruence – 35  45 (mod 8), which is the same as 5 (–7)  5 9 (mod
8). The integers 5 and 8 being relatively prime, we may cancel the factor 5 to obtain a correct
congruence –7  9(mod 8).
3.2. Linear Congruences
Congruence of the form ax  b(mod n) where a, b, n are integers and x is unknown is called
linear congruence. The solution of this linear congruence is an integer x0 such that

a x0  b(mod n).

Theorem 4: The linear congruence ax  b(mod n) has a solution if and only if d |b, where d =
gcd (a, n). If d | b, then it has d mutually incongruent solutions modulo n.
Proof. We already have observed that the given congruence is equivalent to the linear
Diophantine equation ax – ny = b. From Theorem 8 of Chapter 1, it is known that the latter
equation can be solved if and only if d | b; moreover, if it is solvable and x0, y0 is one specific
solution, then any other solution has the form
n n
x  x0  t, y  y0  t , for some choice of t.
d d
Among the various integers satisfying the first of these formulas, consider those that occur when
t takes on the successive values t = 0, 1, 2,…,d – 1:

x0 , x0 
n 2n
, x0  , ...... x0 
 d  1 n
d d d
We claim that these integers are incongruent modulo n, and all other such integers x are
n n
congruent to some one of them. If it happened that x0  t1  x0  t2  mod n  , where 0  t1 <
d d
n n
t2  d –1, then we would have t1  t2  mod n  .
d d

25
Now gcd(n /d, n) = n /d, and therefore by Theorem 3 the factor n /d could be canceled to arrive
at the congruence t1  t2(mod d) which is to say that d |t2 – t1. But this is impossible in view of the
inequality 0 < t2 – t1 < d.
It remains to argue that any other solution x0+(n /d)t is congruent modulo n to one of the d
integers listed above. The Division Algorithm permits us to write t as t = qd+r, where 0r
d – 1. Hence
n n
t  x0   qd  r 
x0 
d d
n
 x0  nq  r
d
n
 x0  r  mod n 
d
with x0+(n /d)r being one of our d selected solutions. This ends the proof.
The argument that we gave in Theorem 4 brings out a point worth starting explicitly; If x0
is any solution of ax  b(mod n), then the d = gcd(a, n) incongruent solutions are given by
n n n
x0 , x0  , x0  2   , , x0   d  1  
d d  d 
Corollary 3: If gcd(a, n) = 1, then the linear congruence ax  d(mod n) has a unique solution
modulo n.
Given relatively prime integers a and n, the congruence ax  1(mod n) has a unique
solution. This solution is sometimes called the (multiplicative) inverse of a modulo n.
We now pause to look at two concrete examples.
Example 5: First consider the linear congruence 18x  30 (mod 42). Because gcd(18, 42) = 6
and 6 divides 30, Theorem 4 guarantees the existence of exactly six solutions, which are
incongruent modulo 42. By inspection, one solution is found to be x = 4. Our analysis tells us
that the six solutions are as follows:
x  4 + (42/6)t  4+7t(mod 42), t = 0, 1,…,5
or, plainly enumerated,
x  4, 11, 18, 25, 32, 39(mod 42).
Example 6: Let us solve the linear congruence 9x  21(mod 30). At the outset, because gcd(9,
30) = 3 and 3 | 21, we know that there must be three incongruent solutions.
One way to find these solutions is to divide the given congruence throughout by 3,
thereby replacing it by the equivalent congruence 3x  7(mod 10). The relative primeness of 3

26
and 10 implies that the latter congruence admits a unique solution modulo 10. Although it is not
the most efficient method, we could test the integers 0, 1, 2,…,9 in turn until the solution is
obtained. A better way is this: Multiply both sides of the congruence 3x  7(mod 10) by 7 to get
21x  49 (mod 10) which reduces to x  9(mod 10). (This simplification is no accident, for the
multiples 0 3, 1 3, 2 3,…,9 3 form a complete set of residues modulo 10; hence, one of them is
necessarily congruent to 1 modulo 10). But the original congruence was given modulo 30, so that
its incongruent solutions are sought among the integers 0, 1, 2,…,29. Taking t = 0, 1, 2 in the
formula.
x = 9+10t
we obtain 9, 19, 29 whence
x  9 (mod 30) x  19 (mod 30) x  29 (mod 30)
are the required three solutions of 9x  21 (mod 30).
A different approach to the problem is to use the method that is suggested in the proof of
theorem 4. Because the congruence 9x  21 (mod 30) is equivalent to the linear Diophantine
equation
9x – 30y = 21
we begin by expressing 3 = gcd(9, 30) as a linear combination of 9 and 30. It is found, either by
inspection or by using the Euclidean Algorithm, that 3 = 9(–3) +30 1, so that,
21 = 7 3 = 9 (–21) – 30 (–7)
Thus, x = –21, y = –7 satisfy the Diophantine equation and, in consequence, all solutions of the
congruence in question are to be found from the formula
x = –21 + (30/3)t = –21 +10t.
The integers x = –21 + 10t, where t = 0, 1, 2, are incongruent modulo 30 (but all are congruent
modulo 10); thus, we end up with the incongruent solutions.
x  –21(mod 30) x  –11(mod 30) x  –1(mod 30)
or, if one prefers positive numbers, x  9, 19, 29 (mod 30).
3.3. System of linear Congruences
Having considered a single linear congruence, it is natural to turn to the problem of solving a
system of simultaneous linear congruences:
a1x  b1(mod m1), a2x  b2(mod m2),…, arx  br (mod mr).
We shall assume that the moduli mk are relatively prime in pairs. Evidently, the system will
admit no solution unless each individual congruence is solvable; that is, unless dk|bk for each k,

27
where dk = gcd (ak, mk). When these conditions are satisfied, the factor dk can be canceled in the
kth congruence to produce a new system having the same set of solutions as the original one:
a1x  b1  mod n1  , a2 x  b2  mod n2  , , ar x  br  mod nr 

where nk = mk /dk and gcd(ni, nj) = 1 for i  j; in addition, gcd  aj , ni   1 .

The solutions of the individual congruences assume the form

x  c1 (mod n1), x  c2 (mod n2),…, x  cr (mod nr).
Thus, the problem is reduced to one of finding a simultaneous solution of a system of
congruences of this simpler type.
The kind of problem that can be solved by simultaneous congruences has a long history,
appearing in the Chinese literature as early as the 1st century A.D sun-Tsu asked; Find a number
that leaves the remainders 2,3,2 when divided by 3,5,7 respectively. (such mathematical puzzles
are by non means confined to a single cultural sphere; indeed, the same problem occurs in the
28ntroduction Arithmeticae of the greek mathematician Nicomachus, circa 100 AD) In honor of
their early contributions, the rule for obtaining a solution usually goes by the name of the
Chinese Remainder Theorem.
Theorem 5: (Chinese Remainder Theorem) Let n1, n2,…....nr be positive integers such that
gcd(ni, nj ) = 1 for i  j. Then the system of linear congruences.
x  a1(mod n1)
x  a2(mod n2)

x  ar (mod nr)
has a simultaneous solution, which is unique modulo the integer n1n2,…,nr.
Proof: We start by forming the product n=n1n2…nr. For each k = 1, 2,…, r, let
n
Nk   n1...nk 1nk 1....nr
nk
In words, Nk is the product of all the integers ni with the factor nk omitted. By hypothesis, the ni
are relatively prime in pairs, so that gcd(Nk, nk) = 1. According to the theory of a single linear
congruence, it is therefore possible to solve the congruence Nkx  1(mod nk); call the unique
solution xk. Our aim is to prove that the integer
x  a1N1 x1  a2 N 2 x2  ....  ar N r xr
is a simultaneous solution of the given system.

28
First, observe that Ni ≡ 0(mod nk) for i  k, because nk | Ni in this case. The result is
x  a1N1 x1  ......  ar N r xr  ak N k xk (mod nk)

But the integer xk was choosen to satisfy the congruence, NK x  1(mod nk), which forces
x  ak .1  ak  mod nk 

This shows that a solution to the given system of congruences exists.

As for the uniqueness assertion, suppose that ‘x’ is any other integer that satisfies these
congruences. Then,
x  ak  x  mod nk  k  1,2,....r

and so nk | x  x for each value of k. Because gcd(ni, nj) = 1, Corollay 4 of Chapter 1 supplies

us with the crucial point that n1n2 ….. nr| x  x; hence x  x  mod n  . With this, the Chinese

Remainder Theorem is proved.

Example 7: Let us solve the system of three congruences
x  2 (mod 3)
x  3 (mod 5)
x  2 (mod 7)
In the notation of Theorem 5, we have n = 3. 5. 7 = 105 and
n n n
Ni   35 N2   21 N3   15
3 5 7
Now the linear congruences
35x  1 (mod 3) 21x  1 (mod 5) 15x  1 (mod 7)
are satisfied by x1 = 2, x2 =1, x3 = 1, respectively. Thus, a solution of the system is given by
x = 2 35 2+3 21 1+2 15 1 = 233 (mod 105),
we get the unique solution x = 233  23 (mod 105).
Example 8: For a second illustration, let us solve the linear congruence 17x  9 (mod 276)
Because 276 = 3 4 23, this is equivalent to finding a solution for the system of congruences
17x  9 (mod 3) or x  0 (mod 3)
17x  9 (mod 4) or x  1 (mod 4)
17x  9 (mod 23) or 17x  9 (mod 23)
Note that if x  0 (mod 3), then x = 3k for any integer k. We substitute into the second
congruence of the system and obtain 3k  1 (mod 4).

29
Multiplication of both sides of this congruence by 3 gives us
k  9k  3 (mod 4)
so that k = 3 +4j, where j is an integer. Then x = 3(3+4j) = 9+12j
For x to satisfy the last congruence, we must have
17(9+12j)  9 (mod 23)
or 204j  –144 (mod 23), which reduces to 3j  6(mod 23); in consequence, j  2 (mod 23). This
yields j = 2 + 23t, with t an integer, whence
x = 9 +12 (2 + 23t) = 33 + 276t
All in all, x  33 (mod 276) provides a solution to the system of congruences and, in turn, a
solution to 17x  9 (mod 276).
Let us now consider linear congruences in two variables; that is congruences of the form
ax+by  c(mod n).
In analogy with Theorem 4 such a congruence has a solution if and only if gcd(a, b, n) divides c.
The condition for solvability holds if either gcd(a, n) = 1 or gcd(b, n) = 1, say gcd(a, n) = 1.
When the congruence is expressed as
ax  c – by(mod n)
the Corollary 3 guarantees a unique solution x for each of the n incongruent values of y. Take as
a simple illustration 7x + 4y  5(mod 12), that would be treated as 7x  5 – 4y(mod 12).
Substitution of y  5 (mod 12) gives 7x  –15 (mod 12); but this is equivalent to –5x  –15 (mod
12) so that x  3 (mod 12), y = 5(mod 12) is one of the 12 incongruent solutions of 7x + 4y 
5(mod 12). Another solution having the same value of x is x  3 (mod 12), y  8 (mod 12).
The focus of our concern here is how to solve a system of two linear congruences in two
variables with the same modulus. The proof of the coming theorem adopts the familiar procedure
of eliminating one of the unknowns.
Theorem 6: The system of linear congruences
ax  by  r  mod n 
cx  dy  s  mod n 
has a unique solution modulo n whenever gcd(ad – bc, n) = 1.
Proof. Let us multiply the first congruence of the system by d, the second congruence by b, and
subtract the lower result from the upper. These calculations yield
 ad  bc  x  dr  bs  mod n  (2)

30
The assumption gcd (ad – bc, n) = 1 ensures that the congruence
(ad – bc) z  1(mod n)
possesses a unique solution; denote the solution by t. When congruence (2) is multiplied by t, we
obtain.
x  t (dr – bs) (mod n)
A value for y is found by a similar elimination process. That is, multiply the first congruence of
the system by c, the second one by a, and subtract to end up with
(ad – bc) y  as – cr (mod n).
Multiplication of this congruence by t leads to
y  t (as – cr) (mod n).
A solution of the system is now established.
We close this section with an example illustrating Theorem 6
Example 9: Consider the system
7x + 3y  10(mod 16)
2x + 5y  9(mod 16)
Because gcd(7 5 – 2 3, 16) = gcd(29, 16) = 1, a solution exists. It is obtained by the method
developed in the proof of Theorem 6. Multiplying the first congruence by 5, the second one by
3, and subtracting, we arrive at
29x  5.10 – 3.9  23(mod 16)
or, what is the same thing, 13x  7 (mod 16). Multiplication of this congruence by 5 (noting that
5 13  1(mod 16)) produces x  35  3(mod 16). When the variable x is eliminated from the
system of congruences in a like manner, it is found that
29y  7 9 – 2 10  43(mod 16)
But, then 13y  11 (mod 16), which upon multiplication by 5, results in y  55  7(mod 16). The
unique solution of our system turns out to be
x  3 (mod 16) y  7 (mod 16)
3.4. Fermat’s Little Theorem
Theorem 7: Let p be a prime and suppose that p | a. Then
ap-1  1 (mod p).
Proof. We begin by considering the first p-1 positive multiples of a ; that is, the integers
a, 2a, 3a, …(p – 1)a.

31
None of these numbers is congruent modulo p to any other, nor is any congruent to zero. Indeed,
if it happened that
ra  sa (mod p) 1  r < s  p – 1,
then a could be canceled to give r  s (mod p). Hence a, 2a, …, (p – 1)a mod p are the integers
1, 2, 3, …, (p – 1) arranged in some different order. Therefore,
ap-1(p – 1)!  (p – 1)!(mod p)
Once (p – 1)! is canceled from both sides of the preceding congruence (this is possible because
p |  p  1! ) our line of reasoning culminates in the statement that ap-1  1(mod p), which is

Fermat’s theorem.
This result can be stated in a slightly more general way in which the requirement that p | a is
dropped.
Corollary 4: If p is a prime, then ap  a (mod p) for any integer a.
Proof. When p | a, the statement obviously holds; for, in this setting, ap  0  a(mod p). If p | a ,

then according to Fermat’s theorem, we have ap-1  1(mod p). When this congruence is
multiplied by a, the conclusion ap  a(mod p) follows.
Theorem 8: Let p1, p2, … , pk be any distinct primes, a any positive integer, and l = [p1 – 1,
p2 – 1, …, pk – 1]. Then al + 1 ≡ a(mod p1p2…pk).
Proof: By Fermat’s theorem, a pi 1  1(mod pi ), where 1 i k. Since pi – 1 | l, this implies

(a pi 1 )l /( pi 1)  1(mod pi ); that is, al ≡ 1(mod pi). Thus al + 1 ≡ a(mod pi). Consequently, al + 1 ≡

a(mod [p1, p2, …, pk]); that is al + 1 ≡ a(mod p1p2…pk).

Fermat’s theorem has many applications and is central to much of what is done in
number theory. In the least, it can be a labor – saving device in certain calculations. If asked to
verify that 538  4 (mod 11), for instance, we take the congruence 510  1 (mod 11) as our starting
point. Knowing this,

538  51038  510  52   1  34  81  4  mod 11

3 4

as desired. Another use of Fermat’s theorem is as a tool in testing the primality of a given integer
n. If it could be shown that the congruence a n  a  mod n  fails to hold for some choice of a,

then n is necessarily composite. As an example of this approach, let us look at n = 117. The
computation is kept under control by selecting a small integer for a, say, a = 2. Because 2117

may be written as 2117  27.165   27  25 and 27  128  11 mod117  .

16

32
We have 2117  1116  25  121 25  48  25  221  mod 117  .
8

But 221   27  , which leads to 221  113  121.11  4.11  44  mod117  .

3

Combining these congruences, we finally obtain 2117  44  2  mod 117 

so that 117 must be composite; actually, 117 = 13 9.

It might be worthwhile to give an example illustrating the failure of the converse of Fermat’s
theorem to hold, in other words, to show that if a n1  1 mod n  for some integer a such that

gcd(a, n) = 1, then n need not be prime. As a prelude we require a technical lemma.

Lemma 1: If p and q are distinct primes, with
a p  a  mod q  and a q  a  mod p  , then a pq  a  mod pq  .

Proof. The last corollary tells us that  a q   a q  mod p  , whereas aq  a(mod p) holds by
p

hypothesis. Combining these congruences, we obtain a pq  a  mod p  or, in different terms,

p | a pq  a. In an entirely similar manner, p | a pq  a. Corollary 4 of Chapter 1 now yields

pq | a pq  a, which can be recast as a pq  a  mod pq  .

Our contention is that 2340  1 mod 341 , where 341  11  31.

In working toward this end, notice that 210  1024  31.33  1

Thus, 211  2  210  2 1  2  mod 31 and 231  2  210   2 13  2  mod 11
3

Exploiting the lemma, 21131  2  mod 11.31 or 2341  2  mod 341 .

After cancelling a factor of 2, we pass to 2340  1 mod 341 , so that the converse to Fermat’s

theorem is false.
3.5. Fermat’s Factorization Technique
In Chapter 2, we have seen that in order to find the factors of an odd composite integer, trial
division could be used. But trial division becomes impractical if the number has more than
twelve digits.
Fermat’s factorization scheme has at its heart the observation that the search for factors of
an odd integer n is equivalent to obtaining integral solutions x and y of the equation
n  x2  y2 (3)

If n is the difference of two squares, then n can be factored as n  x 2  y 2  ( x  y )( x  y ).

33
Conversely, when n has the factorization n = ab, with a ≥ b ≥ 1, then we may write

ab ab
2 2

n    .
 2   2 
Moreover, because n is taken to be an odd integer, a and b are themselves odd; hence (a + b) / 2
and (a – b) / 2 will be non-negative integers.
For example, consider n = 8051. Now, 8051 can be written as 8051 = 902 – 72. Hence, 8051 =
83 × 97.
Observe that (3) can be written as x 2  n  y 2
Set k = [n] + 1, where [ ] denotes the greatest integer function. Then, look successively at the
numbers k2 – n, (k+1)2 – n, (k+2)2 – n, (k+3)2 – n, … until a value of m is found such that m2 – n
is a square. The process cannot go on indefinitely, because we eventually arrive at

 n 1  n 1
2 2

  n   .
 2   2 
The representation of n corresponding to the trivial factorization n = n 1. In this case, we have
trivial divisors 1 and n and hence n is prime.
Fermat used the procedure just described to factor
2027651281 = 44021 46061
in only 11 steps, as compared with making 4580 divisions by the odd primes up to 44021.
Example 10: Let n = 10541. Then [ n ]  1  103. Therefore, we have to consider the values
k2 – 10541 for k ≥ 103. Taking k = 103, 104, … we have
1032 – 10541 = 68
1032 – 10541 = 275
1032 – 10541 = 484 = 222.
Last relation gives
10541 = 1032 – 222 = (105 + 22) (105 – 22) = 127 × 83.
Example 11: Let n = 23449. [ n ]  1  154. Therefore, we have to consider the values k2 –
23449 for k ≥ 154. Taking k = 154, 155, … we have
1542 – 23449 = 267
1552 – 23449 = 576 = 242.
The last relation gives
23449 = 1552 – 242 = (155 + 24) (155 – 24) = 179 × 131.

34
 In the 1920s Maurice Kraitchik came up with an interesting enhancement of Fermat’s
difference-of-squares technique, and it is this enhancement that is at the basis of most modern
factoring algorithms. Instead of trying to find integers a and b with a2 – b2 equal to n, Kraichik
reasoned that it might suffice to find a and b with a2 – b2 equal to a multiple of n, that is a2 ≡ b2
(mod n). Such a congruence can have uninteresting solutions, those where a ≡ ±b(mod n), and
interesting solutions, where a  b(mod n) . In fact, if n is odd and divisible by at least two
different primes, then at least half of the solutions to a2 ≡ b2 (mod n), with ab coprime to n, are of
the interesting variety. And for an interesting solution a, b, the greatest common factor of
gcd(a – b, n) must be a non-trivial factor of n. Indeed, n divides a2 – b2 = (a – b)(a + b) but
neither factor. So n must be somehow split between a – b and a + b.
Example 12: Let us use Kraitchik’s method to factor n = 2041. [ n ]  1  462. Consider the

sequence of numbers Q( x)  x 2  n for n = 46, 47, …, we get

75, 168, 263, 360, 459, 560, ….
So far no squares have appeared. Let us find several numbers x with the product of the
corresponding numbers Q(x) equal to a square. For if Q(x1) Q(x2) Q(xk) = b2 and x1 x2 xk =
b, then
a 2  x12  x12 x12  ( x12  n ) ( x12  n )
 Q( x1 ) Q( xk )  b2 (mod n );
That is, we have found a solution to a2 ≡ b2 (mod n). But how to find the set x1, x2, …, xk?
Consider the numbers Q(x) which factor very easily:
75 = 3 × 52 168 = 23 × 3 × 7 360 = 23 × 32 × 5 560 = 24 × 5 × 7
Then, clearly the product of these four numbers is 210 × 34 × 54 × 72, a square. Thus, we have
a  46  47  49  51  311(mod 2041)
and
b  25  32  52  7  1416(mod 2041) .
Notice that 311  1416(mod 2041) . Then gcd(1416 – 311, 2041) = 13 and so 2041 = 13 × 157.
Example 13: Let n = 12499 be the integer to be factored. The first square just larger than n is
1122 = 12544. So we begin by considering the sequence of numbers x2 – n for x = 112, 113, ….
As before, our interest is in obtaining a set of values x1,x2,…..xk for which the product (xi –
n)…(xk – n) is a square, say y2. Then (x1…xk)2 ≡ y2(mod n), which might lead to a nontrivial
factor of n.

35
A short search reveals that
1122 – 12499 = 45
1172 – 12499 = 1190
1212 – 12499 = 2142
Or, written as congruences,
1122 ≡ 32 · 5 (mod 12499)
1172 ≡ 2 · 5 · 7 · 17 (mod 12499)
1212 ≡ 2 · 32 · 7 · 17 (mod 12499)
Multiplying these together results in the congruence
(112 · 117 · 121)2 ≡ (2 · 32 · 5 · 7 · 17)2 (mod 12499)
that is,
15855842 ≡ 107102 (mod 12499)
But we are unlucky with this square combination. Because
1585584 ≡ 10710 (mod 12499)
only a trivial divisor of 12499 will be found. To be specific,
gcd(1585584 + 10710, 12499) = 1
gcd(1585584 – 10710, 12499) = 12499
After further calculation, we notice that
1132 ≡ 2 · 5 · 33 (mod 12499)
1272 ≡ 2 · 3 · 5 · 112 (mod 12499)
which gives rise to the congruence
(113 · 127)2 ≡ (2 · 32 · 5 · 11)2 (mod 12499)
This reduces modulo 12499 to
18522 ≡ 9902 (mod 12499)
and fortunately 1852  990(mod12499) . Calculating
gcd(1855 – 990, 12499) = gcd(862 , 12499) = 431
produces the factorization 12499 = 29 · 431.

3.6. Summary
In this chapter we studied the properties of congruences and learned to solve a system of linear
congruences using Chinese remainder theorem. Also, we proved one of the most celebrated
theorem “Fermat’s little theorem”. At the end of the chapter we learned to factorize a given
integer using Fermat’s factorization technique.

36
3.7. Keywords
Congruence, modulo, residue, remainder, linear congruence, incongruent solution, pairwise
relatively prime.

3.8. Exercises
1. Prove that if a ≡ b(mod m) and n | m, then a ≡ b(mod n). Also prove that gcd(a, m) =
gcd(b, m).
2. Find the remainder when 214 is divided by 17 and 3100 is divided by 5.
3. Compute the multiplicative inverse of 160 modulo 841.
4. What is the remainder when
15 + 25 + 35 + … + 995 + 1005
is divided by 4?
5. Prove that the integer 53103 + 10353 is divisible by 39.
6. Give an example to show that ak ≡ bk(mod n) and k ≡ j(mod n) need not imply that aj ≡
bj(mod n).
7. Find the last two digits in the decimal value of 17761976.
8. Prove that n2 + n ≡ 0(mod 2).
9. Solve the following linear congruences:
a. 25x ≡ 10(mod 29)
b. 5x ≡ 2(mod 26)
c. 140x ≡ 133(mod 301)
d. 9x ≡ 12(mod 15)
e. 30x ≡ 52(mod 49).
10. Solve each of the following sets of simultaneous congruences:
a. x ≡ 1(mod 3), x ≡ 2(mod 5), x ≡ 3(mod 7)
b. x ≡ 5(mod 11), x ≡ 14(mod 29), x ≡ 15(mod 31)
c. 2x ≡ 1(mod 5), 3x ≡ 9(mod 6), 4x ≡ 1(mod 7), 5x ≡ 9(mod 11).
11. Solve the linear congruence 17x ≡ 3(mod 2 3 5 7).
12. Prove that the congruences x ≡ a(mod n) and x ≡ b(mod m) admits a simultaneous
solution if gcd(n, m) | a – b.
13. Find the solutions of the system of congruences:
3x + 4y ≡ 5(mod 13)
2x + 5y ≡ 7(mod 13).

37
 14. Use Fermat’s theorem to verify that 17 divides 11104 + 1.
15. If 7 | a , then prove that either a3 + 1 or a3 – 1 is divisible by 7.
16. Prove that 18351910 + 19862061 ≡ 0(mod 7).
17. Employ Fermat’s theorem to prove that if p is an odd prime, then
a. 1p – 1 + 2p – 1 + 3p – 1 + … + (p – 1)p – 1 ≡ –1(mod p)
b. 1p + 2p + 3p + … + (p – 1)p ≡ 0(mod p).
18. Use Fermat’s method to factor each of the following numbers: (a) 2279 (b) 10541
19. For any integer a
a. a7 ≡ a(mod 42)
b. a19 ≡ a(mod 57)
c. a31 ≡ a(mod 77).
20. Use Kraichik’s mdthod to factor 20437.

3.9. References
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

38
 UNIT – 4
EULER’S THEOREM AND WILSON’S THEOREM

Structure:

4.0. Objective
4.1. Wilson’s Theorem
4.2. Euler’s Totient Function
4.3. Euler’s Theorem
4.4. Summary
4.5. Keywords
4.6. Exercises
4.7. References

4.0. Objective:
The objective of this chapter is to prove two important theorems, one is Wilson’s theorem and
another is Euler’s theorem. In order to prove Euler’s theorem which has many applications, we
introduce Euler’s Totient function and study some of its properties.

4.1. Wilson’s Theorem

Theorem 1: If p is a prime, then (p – 1)!  –1 (mod p).
Proof: Dismissing the cases p = 2 and p = 3 as being evident, let us take p > 3. Suppose that a
is any one of the p – 1 positive integers 1, 2, 3,…, p – 1 and consider the linear congruence
ax  1(mod p).
Then gcd(a, p) = 1. By Theorem 4 of Chapter 3, this congruence admits a unique solution
modulo p; hence, there is a unique integer a′, with 1  a′  p – 1, satisfying aa′  1 (mod p).
Because p is prime, a = a′ if and only if a =1 or a = p – 1. Indeed, the congruence a2 1 (mod p)
is equivalent to (a – 1) (a+1)  0 (mod p). Therefore, either a – 1  0 (mod p), in which case a =
1, or a +1  0(mod p), in which case a = p – 1.
If we omit the numbers 1 and p – 1, the effect is to group the remaining integers 2, 3,…,p – 2
into pairs a, a′, where a  a′, such that their product aa′  1(mod p). When these (p – 3) / 2

39
congruences are multiplied together and the factors rearranged, we get 2 3 … (p – 2)  1 (mod
p) or rather (p – 2)!  1(mod p).
Now multiply by p – 1 to obtain the congruence ( p  1)!  p  1  1(mod p) as was to be
proved.
Example 1: A concrete example should help to clarify the proof of Wilson’s theorem.
Specifically, let us take p = 13. It is possible to divide the integers 2, 3,…,11 into (p – 3) /2 = 5
pairs, each product of which is congruent to 1 modulo 13. To write these congruences out
explicitly:
2 7  1(mod 13)
3 9 1 (mod 13)
4 10 1 (mod 13)
5 8  1 (mod 13)
6 11 1 (mod 13)
Multiplying these congruences gives the result
11! = (2 7) (3 9) (4 10) (5 8) (6 11)  1(mod 13),
and so,
12!  12  –1(mod 13)
Thus, (p – 1)!  –1(mod p), with p = 13.
The converse of Wilson’s theorem is also true. If (n – 1)!  –1(mod n), then n must be
prime. For, if n is not a prime, then n has a divisor d with 1 < d < n. Furthermore, because d  n
– 1, d occurs as one of the factors in (n – 1)!, whence d | (n – 1)!. Now we are assuming that n |
(n – 1)!+1, and so d | (n – 1)!+1, too. The conclusion is that d | 1, which is nonsense.
Taken together, Wilson’s theorem and its converse provide a necessary and sufficient
condition for determining primality; namely, an integer n > 1 is prime if and only if (n – 1)! 
–1(mod n). Unfortunately, this test is of more theoretical than particle interest because as n
increases, (n – 1)! rapidly becomes unmanageable in size.
We now give an application of Wilson’s theorem to the study of quadratic congruences. [It is
understood that quadratic congruence means a congruence of the form ax 2  bx  c  0  mod n  ,

with a  0  mod n ].

Theorem 2: The quadratic congruence x 2  1  0  mod p  where p is an odd prime, has a

solution if and only if p  1 (mod 4).

40
Proof. Let a be any solution of x 2  1  0  mod p  , so that a 2  1 mod p  . Because p | a the

outcome of applying Fermat’s theorem is

1  a p1   a 2 
 p 1/2  p 1/2
  1  mod p 
The possibility that p = 4k +3 for some k does not arise. If it did, we would have

 1
p 1 /2
  1
2 k 1
 1

Hence, 1  –1(mod p). The net result of this is that p | 2, which is false. Therefore, p must be of
the form 4k+1.
Now, for the opposite direction, in the product
p 1 p 1
 p  1!  1  2... . ...  p  2  p  1
2 2
we have the congruences
p  1  1(mod p )
p  2  2  mod p 

p 1 p 1
  mod p  .
2 2
Rearranging the factors produces
p 1  p 1
 p  1!  1   1 .2.  2  ... .    mod p 
2  2 
p 1
2
 p 1 /2 
  1  1.2...   mod p  .
 2 
Because there are (p – 1)/2 minus sings involved, it is at this point that wilson’s theorem can be
brought to bear. For, (p – 1)!  –1(mod p), whence
2
 p 1/2  p  1  
1   1  2 !  mod p  .
 
If we assume that p is of the form 4k +1, then (-1)(p-1)/2 =1, leaving us with the congruence
2
 p  1  
1   ! (mod p).
 2  

The conclusion is that the integer  p  1 / 2 ! satisfies the quadratic congruence x2+1 = 0 (mod p).

41
4.2. Euler’s Totient Function
Let us now prove another famous theorem “Euler’s Generalized Theorem”. To prove this
theorem we need some preparations.
Definition 1: For n  1, let (n) denote the number of positive integers not exceeding n that are
relatively prime to n.
As an illustration of the definition, we find that (30) = 8; for, among the positive
integers that do not exceed 30, there are eight that are relatively prime to 30; specifically, 1, 7,
11, 13, 17, 19, 23, and 29.
Similarly, for the first few positive integers, the reader may check that
(1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6, …
Notice that (1) =1, because gcd(1, 1) = 1. In the event n > 1, gcd(n, n) = n  1, so that (n) can
be characterized as the number of integers less than n and relatively prime to it. The function  is
usually called the Euler’s phi - function (sometimes, the indicator or totient) after its originator.
The functional notation (n), however, is credited to Gauss.
If n is a prime number, then every integer less than n is relatively prime to it; whence,
(n) = n – 1. On the other hand, if n > 1 is composite, then n has a divisor d such that 1 < d < n. It
follows that there are at least two integers among 1,2,3, …, n that are not relatively prime to n,
namely, d and n itself. As a result, (n)  n – 2. This proves that for n > 1, (n) = n – 1 if and
only if n is prime.
The first item on the agenda is to derive a formula that will allow us to calculate the value
of (n) directly from the prime-power factorization of n. A large step in this direction stems from
Theorem 3.
Theorem 3. If p is a prime and k > 0, then
 1
  p k   p k  p k 1  p k 1  
 p

Proof. Clearly gcd(n, pk) = 1 if and only if p | n . There are pk-1 integers between 1 and pk
divisible by p, namely, p, 2p, 3p ,…, (pk-1)p. Thus, the set {1,2,…,pk} contains exactly pk –pk–1
integers that are relatively prime to pk, and so by the definition of the phi-function, (pk) = pk –
pk-1.
For an example, we have   9     32   32  3  6 the six integers less than and

relatively prime to 9 being 1, 2, 4, 5, 7, and 8. To give a second illustration, there are 8 integers

42
that are less than 16 and relatively prime to it; they are 1, 3, 5, 7, 9, 11, 13, and 15. Theorem 3
yields the same count;  16     24   24  23  16  8  8 . We now know how to evaluate the

phi-function for prime powers, and our aim is to obtain a formula for (n) based on the
factorization of n as a product of primes. The missing link in the chain is obvious; show that  is
a multiplicative function. We pave the way with an easy lemma.

Lemma 1: Given integers a, b, c, gcd(a, bc) =1 if and only if gcd (a, b) =1 and gcd (a, c) =
Proof: First suppose that gcd(a, bc) =1, and put d = gcd(a, b). Then d | a and d | b whence d | a
and d | bc. This implies that gcd(a, bc)  d, which forces d = 1. Similar reasoning gives rise to the
statement gcd(a, c)=1.
For the other direction, take gcd(a, b) =1 = gcd(a, c) and assume that gcd(a, bc) = d1 > 1.
Then d1 must have a prime divisor p. Because d1 | bc, if follows that p | bc; in conseqence, p | b or
p | c. If p | b, then (by virtue of the fact that p | a) we have gcd(a, b)  p, a contradiction. In the
same way, the condition p | c leads to the equally false conclusion that gcd(a, c)  p. Thus, d1 = 1
and the lemma is proven.
Note: Any function whose domain of definition is the set of positive integers is said to be a
number-theoretic (or arithmetic) function.
Definition 2: A number-theoretic function f is said to be multiplicative if
f(mn) = f(m)f(n)
whenever gcd(m, n) = 1.
Theorem 4: The function  is a multiplicative function.
Proof: It is required to show that (mn) = (m) (n), whenever m and n have no common factor.
Because (1) = 1, the result obviously holds if either m or n equals 1. Thus, we may assume that
m > 1 and n > 1. Arrange the integers from 1 to mn in m columns of n integers each, as follows:
1 2 r m
m 1 m2 mr 2m
2m  1 2m  2 2m  r 3m

(n  1)m  1 ( n  1)m  2 ( n  1) m  r nm
We know that (mn) is equal to the number of entries in this array that are relatively prime to
mn: by virtue of the lemna, this is the same as the number of integers that are relatively prime to
both m and n.

43
Before embarking on the details, it is worth commenting on the tactics to be adopted; Because
gcd(qm + r, m) = gcd(r, m), the numbers in the rth column are relatively prime to m if and only if
r itself is relatively prime to m. Therefore, only (m) columns contains integers relatively prime
to m, and every entry in the column will be relatively prime to m. The problem is one of showing
that in each of these there are exactly (n) integers that are relatively prime to n: for then
altogether there would be (m)(n) numbers in the table that are relatively prime to both m and n.
Now the entries in the rth column (where it is assumed gcd(r, m) = 1) are
r, m+r, 2m+r, …, (n – 1)m+r.
There are n integers in this sequence and no two are congruent modulo n. If
km+r  jm +r (mod n) with 0  k < j < n,
it would follow that
km  jm (mod n).
Because gcd(m, n) = 1, we could cancel m from both sides of this congruence to arrive at the
contradiction that k  j (mod n).
Thus, the numbers in the rth column are congruent modulo n to 0, 1, 2,…,n – 1 in some order.
But if s  t(mod n), then gcd(s, n) = 1 if and only if gcd(t, n) = 1. The implication is that the rth
column contains as many integers that are relatively prime to n as does the set (0, 1, 2,…,n-1),
namely, (n) integers. Therefore, the total number of entries in the array that are relatively prime
to both m and n is (m) (n). This completes the proof of the theorem.
With these preliminaries in hand, we now can prove Theorem 5.
Theorem 5: If the integer n > 1 has the prime factorization n  p1k1 p2k2 prkr , then

    1 
  n    p1k  p1k 1  p2k  p2k 1  ....  prk  prk
1 1 2 2 r r 1
  n 1  p1 1  p1  1  
 1  2   pr 

Proof: We intend to use induction on r, the number of distinct prime factors of n. By Theorem 3,
result is true for r =1. Suppose that it holds for r = i. Because


gcd p1k1 p2k2 
piki , piki 11  1

the definition of multiplicative function gives

  p
k1
1   
p1ki piki 11   p1k1   
piki  piki 11   p1k1  piki  p ki 1
i 1  piki 11 1 
Invoking the induction assumption, the first factor on the right-hand side becomes
  p1k p2k
1 2

piki   p1k1  p1k11  p2k2  p2k21  p
ki
i  piki 1 

44
and this serves to complete the induction step, and the proof.
Example 2: Let us calculate the value (360),for instance. The prime power decomposition of
360 is 23. 32.5, and Theorem 5 tells us that
 1  1  1
  360   360 1   1   1  
2 3 5 
1 2 4
 360. . .  96
2 3 5
Apart from (1) and (2), the values of (n) in our examples are always even. This is no
accident, as the next theorem shows.
Theorem 6: For n > 2, (n) is an even integer.
Proof: First, assume that n is a power of 2, let us say that n = 24, with k  2. By Theorem 5

 1
  n     2k   2k 1    2k 1
2 
an even integer. If n does not happen to be a power of 2, then it is divisible by an odd prime p;
we therefore may write n as n = pkm, where k 1 and gcd (pk, m) = 1. Exploiting the
multiplicative nature of the phi-function, we obtain
  n     p k    m   p k 1  p  1   m  , which again is even because 2 | p-1.

4.3. Euler’s Theorem

As remarked earlier, the first published proof of Fermat’s theorem (namely that of
a p1  1 mod p  if p | a ) was given by Euler in 1736. Somewhat later, in 1760, he succeeded in

generalizing Fermat’s theorem from the case of a prime p to an arbitrary positive integer n. This
n
landmark result states: If gcd(a, n) = 1, then a  1 (mod n).
For example, for n = 30 and a = 11, we have

11 30  118  112   121  14  1 mod 30 

4 4

As a prelude to lunching our proof of Euler’s generalization of Fermat’s theorem, we require a

preliminary lemma.
Lemma 2: Let n > 1 and gcd (a,n) =1. If a1, a2,…,a(n) are the positive integers less than n and
relatively prime to n, then aa1, aa2,…,aa(n) are congruent modulo n to a1, a2,…,a(n) in some
order.

45
Proof: Observe that no two of the integers aa1, aa2,…,aa(n) are congruent modulo n. For if aai 
aaj(mod n), with 1  i < j  (n), then the cancellation law yields ai  aj (mod n), and thus ai = aj,
a contradiction. Furthermore, because gcd(ai, n) = 1 for all i and gcd(a, n) = 1, the Lemma 1
guarantees that each of the aai is relatively prime to n.
Fixing on a particular aai, there exist a unique integer b, where 0  b < n, for which aai 
b(mod n). Because gcd(b, n) = gcd (aai, n) =1, b must be one of the integers a1, a2,…,a(n). All
this proves that the numbers aa1, aa2,…, aa(n) and the numbers a1, a2,…,a(n) are identical
(modulo n) in a certain order.
Theorem 7: (Euler) If n  1 and gcd (a, n) = 1, then a(n)  1 (mod n).
Proof: There is no harm in taking n > 1. Let a1, a2,…,a(n) be the positive integers less than n that
are relatively prime to n. Because gcd (a, n) =1, it follows from the lemma that aa1, aa2,…,aa(n)
are congruent, not necessarily in order of appearance, to a1, a2,…,a(n) Then,
aa1  a1  mod n 
aa2  a2  mod n 

aa  n   a ( n )  mod n 

where a1 , a2 .....a  n  are the integers a1, a2,…,a(n) in some order. On taking the product of these

(n) congruences, we get

 aa1  aa2  aa     aa ...a   mod n  a a ...a    mod n 

 n 1 2  n 1 2  n

and so

 
a  n  a1a2 ...a  n   a1a2 ...a  n   mod n  .

Because gcd (ai, n) = 1 for each i, the Lemma 1, implies that gcd(a1a2 ...a(n), n) = 1. Therefore,
we may cancel both sides of the foregoing congruence by the common factor a1a2 ....a(n),

 1 mod n .
n
leaving us with a

For example, let n = 9. Then the positive integers less than and relatively prime to 9 are
1, 2, 4, 5, 7, and 8. These play the role of the integers a1, a2, …, a(n) in the proof of Theorem 7.
If a = –4, then the integers aai are –4, –8, –16, –20, –28, –32 where, modulo 9,
–4  5 –8  1 –16  2 –20  7 –28  8 –32  4
When the above congruences are all multiplied together, we obtain.
(–4) (–8) (–16) (–20) (–28)(–32)  5 1 2 7 8 4 (mod 9),

46
which becomes
(1 2 4 5 7 8) (–4)6  (1 2 4 5 7 8 4) (mod 9).
Being relatively prime to 9, the six integers 1, 2, 4, 5, 7, and 8 may be canceled successively to
give
(–4)6  1 (mod 9).
The validity of this last congruence is confirmed by the calculation:
(–4)6  46  (64)2 12  1 (mod 9).
Note that Theorem 7 does indeed generalize the one credited to Fermat, which we proved earlier.
For if p is a prime, then (p) = p – 1; hence, when gcd(a, p) = 1, we get

 1 mod p 
 p
a p1  a
and so we have the following corollary.
Corollary 1: (Fermat) If p is a prime and p | a then a p1  1 mod p 

Example 3: Euler’s theorem is helpful in reducing large powers modulo n. To cite a typical
example, let us find the last two digits in the decimal representation of 3256. This is equivalent to
obtaining the smallest nonegative integer to which 3256 is congruent modulo 100. Because
gcd(3, 100) = 1 and
 1  1
 100     22  52   100 1  1    40
2 5  
Euler’s theorem yields 340  1(mod 100). By the Division Algorithm, 256= 6 40+16: whence
3256  36 40+16  (340)6316  316(mod 100) and our problem reduces to one of evaluating 316,
modulo 100. The method, of successive squaring yields the congruences.
32  9  mod 100 34  81 mod100  38  61 mod100  316  21 mod100  .

Hence, 2 and 1 are the last two digits in the decimal representation of 3256.
Corollary 2: Let gcd (a, n) = 1 and n have the prime–power factorization n  p1k1 p2k2 ... prkr . Then


a  n   1 mod piki  i  1,2, ,r

Proof: In view of what already has been proved, each of the congruences

   1 mod p k
a
 pi ki
 i
i
 i  1, 2, ,r (1)

47
holds. Noting that (n) is divisible by   piki  , we may raise both sides of Eq(1) to the power

 (n) /   pik i
 and arrive at

a  n   1 mod piki  i  1,2, ,r

Inasmuch as the moduli are relatively prime, this leads us to the relation


a  n   1 mod piki p2k2 .... prkr 
 1 mod n  .
n
or a

Corollary 3: Let a be any integer and n  p1k1 p2k2 ... prkr . Let l  [ ( piki ),  ( p2k2 ), ,  ( prkr )] . Then

al + 1 ≡ a(mod n).

4.4. Summary
In this chapter we proved two important theorems: Wilson’s theorem and Euler’s generalization
of Fermat’s theorem. Also we studied some of the properties of Euler’s Phi function.
4.5. Keywords
Phi function, quadratic congruence, number theoretic function, multiplicative function.
4.6. Exercises
1. Find the remainder when 15! Is divided by 17.
2. Show that 18! ≡ –1(mod 437).
3. If p is prime number, then prove that (p – 1)! ≡ (p – 1)(mod 1 + 2 + 3 + + (p – 1)).
4. If p is a prime, prove that for any integer a,
p | ap + (p – 1)! a and p | ap (p – 1)! + a.
5. Using Wilson’s theorem, prove that for any odd prime p,
12 32 52 (p – 2)2 ≡ (–1)(p + 1)/2(mod p).
6. Prove that the odd prime divisors of the integer n2 + 1 are of the form 4k + 1.
7. Find ϕ(360), ϕ(1001), ϕ(5040).
8. Prove in each of the following cases:
a. If n is an odd integer, then ϕ(2n) = ϕ(n)
b. If n is an even integer, then ϕ(2n) = 2ϕ(n)
c. ϕ(3n) = 3ϕ(n) if and only if 3 | n.
9. Prove that if the integer n has r distinct prime factors, then 2r | ϕ(n).
10. Prove that the equation ϕ(n) = ϕ(n + 2) is satisfied by n = 2(2p – 1) whenever p and
2p – 1 are both odd primes.

48
 11. Prove or disprove each:
a. ϕ(gcd(a, b)) = gcd(ϕ(a), ϕ(b))
b. ϕ([a, b]) = [ϕ(a), ϕ(b)].
12. Use Euler’s theorem to establish the following: For any integer a
a. a37 ≡ a(mod 1729)
b. a13 ≡ a(mod 2730)
c. a33 ≡ a(mod 4080).
13. Using Euler’s theorem, prove that for n ≥ 0
51 | 1032n + 9 – 7.
14. Using Euler’s theorem find the remainder when 71020 is divided by 15.
15. If m and n are relatively prime positive integers, prove that mϕ(n) + nϕ(m) ≡ 1 (mod mn).

4.7. References
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

49
 BLOCK – II

NUMBER THEORETIC FUNCTIONS

&
THEIR APPLICATIONS

50
 UNIT – 5

MULTIPLICATIVE FUNCTIONS  AND  , MÖBIUS FUNCTION AND

MÖBIUS INVERSION FORMULA
Structure:

5.0. Objective
5.1. (n) and (n) functions
5.2. Multiplicative function
5.3. The MÖbius inversion formula
5.4. Summary
5.5. Keywords
5.6. Exercises
5.7. References

5.0. Objective
The objective of this chapter is to study a special class of functions on the set of integers
called multiplicative functions. These functions play an important role in the study of
divisibility properties of integers and the distribution of primes.

5.1. (n) and (n) functions

Definition 1: Given a positive integer n, let (n) denote the number of positive divisors of n
and (n) denote the sum of these divisors.
For an examples of these notions, consider n = 12. Because 12 has positive divisors 1, 2, 3, 4,
6, and 12, we find that
(12) = 6 and (12) = 1+2+3+4+6+12 = 28. For the first few integers,
(1) = 1 (2) = 2 (3) = 2  (4) = 3 (5) = 2 (6) = 4,… and
(1) = 1, (2) = 3, (3) = 4, (4) = 7, (5) = 6, (6) = 12,…
It is not difficult to see that (n) = 2 if and only if n is a prime number; also, (n) =
n+1 if and only if n is a prime.
Before studying the functions  and  in more detail, we wish to introduce notation
that will clarify a number of situations later. It is customary to interpret the symbol  f  d 
d /n

to mean, “sum the values f(d) as d runs over all the positive divisors of the positive integer n”.
For instance, we have  f  d   f 1  f  2   f  4   f 5  f 10  f  20
d |20

51
With this understanding,  and  may be expressed in the form
  n   1 &   n    d .
d |n d |n

The notation  d |n 1, in particular, says that we are to add together as many 1’s as there are

positive divisors of n. To illustrate; the integer 10 has the four positive divisors 1, 2, 5, 10.
Whence
 10   1  1  1  1  1  4 and  10    d  1  2  5  10  18.
d |10 d |10

Theorem 1: If n  p1k1 p2k2 ... prkr is the prime factorization of n > 1, then the postive divisors of

n are precisely those integers d of the form d  p1a1 p2a2 ... prar , where 0  ai  ki i  1,2, ,r

Proof. Note that the divisor d = 1 is obtained when a1 = a2= … = ar = 0, and n itself occurs
when a1 = k1, a2 = k2 = … = ar = kr. Suppose that d divides n nontrivially; say, n = dd′,
where d > 1, d′ > 1. Express both d and d′ as products of (not necessarily distinct) primes:
d = q1q2 … qs d′ =t1t2 … tu
with qi, tj prime. Then
p1k1 p2k2 prkr  q1 qst1 tu
are two prime factroization of the positive integer n. By the uniqueness of the prime
factorization, each prime qi must be one of the pj. Collecting the equal primes into a single
integral power, we get.
d  q1q2 qr  p1a1 p2a2 ... prar
where the possibility that ai = 0 is allowed.
Conversely, every number d  p1a1 p2a2 ... prar  0  ai  ki  turns out to be a divisor of n. For we

can write
n  p1k1 p2k2 ... prkr
 p1a1 p2a2 ... prar  p1k1 a1 p2k2 a2 ... prkr ar 
 dd 
with d   p1k1 a1 p2k2 a2 .... prkr ar and ki  ai  0 for each i. Then d   0 and d | n
We put this theorem to work at once.

Theorem 2: If n  p1k1 p2k2 .... prkr is the prime factroization of n > 1, then

(a)   n    k1  1 k2  1 ....  kr  1 ,

p1k1 1  1 p2k2 1  1 prkr 1  1

(b)   n   ....
p1  1 p2  1 pr  1

52
Proof. According to Theorem 1, the positive divisors of n are precisely those integers
d  p1a1 p2a2 ... prar
where 0  ai  ki. There are k1 + 1 choices for the exponent a1; k2 + 1 choices for a2, … ; and
kr + 1 choices for ar. Hence, there are  k1  1 k2  1 ...  kr  1 possible divisors of n.

To evaluate (n), consider the product

1  p  p
1
2
1  ....  p1k1 1  p2  p22  ...  p2k2  .... 1  pr  pr2  ...  prkr  .

Applying the formula for the sum of a finite geometric series to the ith factor on the right-
hand side, we get,
piki 1  1
1  pi  p  ...  p 
2 ki
.
pi  1
i i

It follows that
p1k1 1 p2k2 1  1 prkr 1
 n  .
p1  1 p2  1 pr  1
Corresponding to the ∑ notation for sums, the notation for products may be defined using ,
the Greek capital letter pi. The restriction delimiting the numbers over which the product is to
be made is usually put under the  sign. Examples are

 f  d   f 1 f  2  f  3 f  4  f 5
1 d 5

 f  d   f 1 f  3 f  9 
d |9

 f  p   f  2  f  3 f 5.
d |30
p prime

With this convention, the conclusion to Theorem 2 takes the compact form: If
n  p1k1 p2k2 ..... prkr is the prime factorization of n > 1, then

piki 1  1
  n     ki  1 and   n    .
1i  r 1i  r pi  1
Example 1: The number 180 = 22∙ 32 ∙5 has
(180) = (2+1) (2+1) (1+1) = 18
positive divisors. These are integers of the form 2a1  3a2  5a3
where a1 = 0, 1, 2; a2 = 0, 1, 2; and a3 = 0, 1 specifically, we obtain
1, 2, 3, 4, 5, 6, 9, 10, 12, 15, 18, 20, 30, 45, 60, 90, and 180.
The sum of these integers is
23  1 33  1 52  1 7 26 24
 180     7  13  6  546.
2 1 3 1 5 1 1 2 4

53
One of the more interesting properties of the divisor function  is that the product of the
positive divisors of an integer n >1 is equal to n  n /2 .
It is not difficult to get at this fact: Let d denote an arbitrary positive divisor of n, so
that n = dd′ for some d′. As d ranges over all (n) positive divisors of n, (n) such equations
occur. Multiplying these together, we get,
 d   d .
 n
n
d |n d |n

But as d runs through the divisors of n, so does d′; hence,  d   d .

d |n d |n

2
 
 d  Or equivalently n ( n )/2   d .
 n
The situation is now this: n
 d |n  d |n

The reader might (or, at any rate, should) have one lingering doubt concerning this equation.
For it is by no means obvious that the left-hand side is always an integer. If (n) is even, there
is certainly no problem. When (n) is odd, n turns out to be a perfect square say, n = m2; thus

n  n /2  m  n  , settling all suspicions.

For a numerical example, the product of the five divisors of 16 (namely, 1, 2, 4, 8, and 16) is

 d  16 
d |16
16  / 2
 165/2  45  1024.

Multiplicative functions arise naturally in the study of the prime factorization of an integer.
Before presenting the definition, we observe that
(2∙10) = (20) = 6  2∙4 =  (2)∙(10)
At the same time,  (2∙10) =  (20) = 42  3∙8 =  (2)∙(10)
These calculations bring out the nasty fact that, in general, it need not be true that
(mn) = (m)(n) and (mn) = (m)(n).
But, equality always holds provided m and n are relatively prime integers. This circumstance
is what prompts Definition 2. We are once again giving this definition.

5.2. Multiplicative function

Definition 2: A number theoretic function f is said to be multiplicative if f (mn) = f (m) f (n),
whenever gcd(m, n) = 1.
For simple illustrations of multiplicative functions, we need only consider the functions given
by f(n) = 1 and g(n) = n for all n  1. It follows by induction that if f is multiplicative and n1,
n2,…, nr are positive integers that are pairwise relatively prime, then
f(n1n2…nr) = f(n1) f(n2) … f(nr).

54
Multiplicative functions have one big advantage for us: they are completely determined once
their values at prime powers are known. Indeed, if n > 1 is a given positive integer, then we
can write
n  p1k1 p2k2 ... prkr
in canonical form; because the piki are relatively prime in pairs, the multiplicative property

   
ensures that f  n   f p1k1 f p2k2 .... f prkr .  
If f is a multiplicative function that does not vanish identically, then there exists an integer n
such that f(n)  0. But f (n) = f (n∙1) = f (n) f (1).
Being nonzero, f(n) may be canceled from both sides of this equation to give f (1) = 1. The
point to which we wish to call attention is that f (1) = 1 for any multiplication function not
identically zero.
We now establish that  and  have the multiplicative property.
Theorem 3: The functions  and  are both mutiplicative functions.
Proof: Let m and n be relatively prime integers. Because the result is trivially true if either m
or n is equal to 1, we may assume that m > 1 and n > 1. If m  p1k1 p2k2 ... prkr and n  qiji q2 j ...qsjs
j

are the prime factorizations of m and n, then because gcd(m, n) =1 no pi can occur among the
qj . It follows that the prime factorization of the product mn is given by
mn  p1k1 .... prkr q1ji ....qsjs .
Appealing to Theorem 2, we obtain
  mn    k1  1 ...  kr  1  j1  1 ...  jr  1
   m   n 

In a similar fashion, Theorem 2 gives

 p1k1 1  1 prkr 1  1   q1j1 1  1 qsjs 1  1 
  mn   
pr  1   q1  1 qs  1 
.... ...
 p1  1
   m   n  .

Thus,  and  are multiplicative functions.

Lemma 1: If gcd(m, n) = 1, then the set of positive divisors of mn consists of all products
d1d2, where d1|m, d2|n and gcd(d1, d2) = 1; furthermore, these products are all distinct.
Proof: It is harmless to assume that m > 1 and n >1; let
m  p1k1 p2k2 .... prkr and n  p1j1 q2j2 ...qsjs
be their respective prime factorizations. In as much as the primes p1,…, pr, q1, …, qs are all
distinct, the prime factorization of mn is
mn  p1k1 ...... prkr q1j1 ....qsjs .

55
Hence, any positive divisor d of mn will be uniquely representable in the form
d  p1a1 ... prar q1b1 ....qsbs 0  ai  ki , 0  bi  ji

This allows us to write d as d = d1d2, where d1  p1a1 ... prar divides m and d 2  p1b1 ... psbs
divides n. Because no pi is equal to any qj, we surely must have gcd(d1, d2) = 1.
Theorem 4: If f is a multiplicative function and F is defined by
F n    f d 
d |n

then F is also multiplicative.

Proof: Let m and n be relatively prime positive integers. Then
F  mn    f  d    f  d1d 2 
d |mn d1 |m, d 2 |n

because every divisor d of mn can be uniquely written as a product of a divisor d1 of m and a

divisor d2 of n, where gcd (d1, d2) = 1. By the definition of a multiplicative function, we have
f  d1d 2   f  d1  f  d 2  .

It follows that
  
F  mn    f (d1 ) f (d 2 )  F  mn     f  d1     f  d 2    F  m  F  n  .
d1|m ,d 2 |m  d1|m   d2 |n 
It might be helpful to take time out and run through the proof of Theorem 6.4 in a concrete
case. Letting m = 8 and n = 3, we have
F 8  3 =  f d 
d |24

 f 1  f 2  f 3  f 4  f 6  f 8  f 12  f 24

 f 1  1  f 2  1  f 1  3  f 4  1  f 2  3  f 8  1  f 4  3  f 8  3
 f 1 f 1  f 2 f 1  f 1 f 3  f 4 f 1  f 2 f 3  f 8 f 1  f 4 f 3  f 8 f 3
  f 1  f 2  f 4  f 8   f 1  f 3
  f d    f d 
d |8 d |3

 F 8 F 3.
Theorem 4 provides a deceptively short way of drawing the conclusion that  and  are
multiplicative.
Corollary 1: The functions  and  are multiplicative functions.
Proof: We have mentioned that the constant function f(n) = 1 is multiplicative, as is the
identity function f(n) = n. Because  and  may be represented in the form
  n   1 and   n    d
d |n d |n

The stated result follows immediately from Theorem 4.

56
5.3. The MÖbius inversion formula
We introduce another naturally defined function on the positive integers, the mobius 
function.
Definition 3: For a positive integer n, define  by the rules
1 if n  1

  n   0 if p 2 | n for some prime p

 1 if n  p1 p2 .... pr , where pi are distinct primes
r

Put somewhat differently Definition 3 states that (n) = 0 if n is not a square free integer,

whereas   n    1 if n is square free with r prime factors. For example: (30) = (2∙3∙5) =
r

(–1)3 = –1. The first few values of  are

 1  1   2   1  3  1  4   0  5  1  6   1

If p is a prime number, it is clear that (p) = –1; in addition, (pk) = 0 for k  2.

As the reader may have guessed already, the mobius  function is multiplicative. This is the
content of Theorem 5.
Theorem 5: The function  is a multiplicative function.
Proof: We want to show that (mn) = (m)(n), whenever m and n are relatively prime. If
either p2 | m or p2 | n, p a prime, then p2 | mn; hence, (mn) = 0 = (m)(n), and the formula
holds trivially. We therefore may assume that both m and n are square free integers, say, m =
p1p2 ... pr, n = q1q2 ... qs, with all the primes pi and qj being distinct. Then

  mn     p1 pr q1...qs    1
rs

  1  1    m    n 
r s

which completes the proof.

Let us see what happens if (d) is evaluated for all the positive divisors d of an integer n and
the results are added. In the case where n = 1, the answer is easy here,

   d    1  1.
d |1

Suppose that n > 1 and put

F  n      d .
d |n

To prepare the ground, we first calculate F(n) for the power of a prime say, n = pk. The
positive divisors of pk are just the k +1 integers 1, p, p2,…, pk, so that
F  p k      d    1    p     p 2      pk 
d | pk

  1    p   1   1  0.

57
Because  is known to be a multiplicative function, an appeal to Theorem 4 is legitimate; this
result guarantees that F also is multiplicative. Thus, if the canonical factorization of n is
n  p1k1 p2k2 .... prkr , then F(n) is the product of the values assigned to F for the prime powers in
this representation:

F  n   F  p1k1  F  p2k2  F  prkr   0

We record this result as Theorem 6.6

Theorem 6: For each positive integer n 1,

1 if n  1
   d   0
d |n  if n  1
where d runs through the positive divisors of n.
For an illustration of this last theorem, consider n =10. The positive divisor of 10 are 1, 2, 5,
and 10 and the desired sum is

   d   1    2    5   10  1   1   1  1  0

d |10

The full significance of the mobius -function should become apparent with the next
theorem.
Theorem 7: (MÖbius inversion formula) Let F and f be two number–theoretic functions
related by the formula
F  n    f  d .
d |n

Then,
n n
f  n      d  F        F  d .
d |n  d  d |n  d 
Proof: The two sums mentioned in the conclusion of the theorem are seen to be the same
upon replacing the dummy index d by d′ = n / d; as d ranges over all positive divisors of n, so
does d′.
Carrying out the required computation we get

n    
   d  F  d       d   f  c         d  f  c   (1)
d |n d |n  c | n/d   d |n  c | n/d  
It is easily verified that d | n and c | (n / d) if and only if c | n and d | (n / c). Because of this,
the last expression in Eq. (1) becomes.
     
     d  f  c       f  c    d      f  c     d   (2)
d |n  c | n/d   c |n  d | n/c   c|n  d | n/c  

58
In compliance with Theorem 6, the sum   (d ) must vanish except when n / c = 1 (that is
d |( n / c )

when n = c), in which case it is equal to 1; the upshot is that the right hand side of Eq (2)
 
simplifies to   f  c     d     f  c  .1  f  n 
c/n  d | n/c   c n

giving us the stated result.

Let us use n = 10 again to illustrate how the double sum in eq (2) is turned around. In this
instance, we find that
 
    d  f c    1  f 1  f 2  f 5  f 10   2  f 1  f 5   5  f 1  f 2
d /10 c | 10/ d  
  10 f 1
 f 1  1   2   5   10  f 2  1   5  f 5  1   2
 f 10  1
 
    f c  d  
c|10 d | 10/ c 
To see how the mobius inversion formula works in a particular case, we remind the reader
that the functions  and  may both be described as “sum functions”.
  n   1 and   n    d
d |n d |n

Theorem 7 tells us that these formulas may be inverted to give

n n
1       d  and n        d 
d |n d  d |n d 
which are valid for all n  1.
Theorem 4 ensures that if f is a multiplicative function, then so is F  n    f  d  . Turning
d |n

the situation around, one might ask whether the multiplicative nature of F forces that of f.
Surprisingly enough, this is exactly what happens.

Theorem 8: If F is a multiplicative function and f  n    F  d , then f is also

d |n

multiplicative.
Proof: Let m and n be relatively prime positive integers. We recall that any divisor d of mn
can be uniquely written as d = d1d2, where d1 | m, d2 | n, and gcd(d1, d2) = 1. Thus, using the
inversion formula,

59
  mn 
f  mn      d  F 
d |mn d 


 mn 
 d1|m   d1d 2  F  
d 2 |n  d1d 2 

m  n 
 d1|m   d1    d 2  F   F  
d 2 |n  d1   d 2 

m  n 
    d1  F     d 2  F  
d1|m  d1  d2 |n  d2 
 f m f n 

which is the assertion of the theorem. Needles to say, the multiplicative character of  and of
F is crucial to the previous calculation.
5.4. Summary
In this chapter we have studied four important multiplicative functions which have played a
significant role in the development of number theory: ϕ, τ, σ, μ.

5.5. Keywords
Multiplicative function, Mobius inversion formula, divisor function.
5.6. Exercises
1. Evaluate τ(n) for n = 987, 3655. Also find σ(n).
1  (n)
2. Prove that d 
d |n n
for each integer n ≥ 1.

3. Let n be a square free integer having r prime factors. Prove that τ(n) = 2r.
4. Find all positive integers n such that τ(n) = 10 and σ(n) = 10.

5. For any integer n ≥ 1, establish the inequality τ(n) ≤ 2 n .

6. Prove the following:
a. τ(n) is an odd integer if and only if n is a perfect square
b. σ(n) is an odd integer if and only if n is a perfect square of twice a perfect
square.
7. If n > 1 is a composite number, then σ(n) > n + n.
8. Verify that σ(n) = σ(n + 1) for n = 14, 206 and 957.
9. Verify
a. ϕ(σ(666)) = 2 ϕ(666).
b. σ(668) = 2 σ(ϕ(668)).
10. If p is a prime, then prove that ϕ(p) + σ(p) = 2p.

60
 11. Compute μ(n) for each n, where n = 101, 496, 2047 and 11319.
12. For each positive integer n, show that
μ(n) μ(n + 1) μ(n + 2) μ(n +3) = 0.
n
13. For any integer n ≥ 3, show that   (k !)  1 .
k 1

14. If an integer n > 1 has a prime factorization n  p1k1 p2k2 prkr , then prove that

a.   (d ) (d )  (1)
d |n
r

b.   (d ) (d )  (1) p p
d |n
r
1 2 pr .

 (n)  (d )
15. Prove that  .
n d |n d

5.7. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

61
 UNIT – 6

THE GREATEST INTEGER FUNCTION, EULER’S PHI FUNCTION AND

ITS PROPERTIES
Structure:

6.0. Objective
6.1. The greatest integer function
6.2 Some properties of the Euler’s phi-function
6.3 Summary
6.4 Keywords
6.5 Exercises
6.6 References
6.0. Objective
The objective of this chapter is to study greatest integer or “bracket” function [ ] which is
especially suitable for treating divisibility problems.
6.1. The greatest integer function
Definition 1: For an arbitrary real number x, we denote by [x] the largest integer less than or
equal to x; that is [x] is the unique integer satisfying x – 1 < [x]  x.
By way of illustration, [ ] assumes the particular values

3 / 2  2  2 1
  1 / 3  0    3    4
The important observation to be made here is that the equality [x] = x holds if and only if x is
an integer. Definition 1 also makes plain that any real number x can be written as x = [x] + 
for a suitable choice of , with 0   < 1.
We now plan to investigate the question of how many times a particular prime p appears in
n!. For instance, if p = 3 and n = 9, then
9! = 1∙2∙3∙4∙5∙6∙7∙8∙9 = 27∙34 ∙5∙7
so that the exact power of 3 that divides 9! is 4. It is desirable to have a formula that will give
this count, without the necessity of always writing n! in canonical form. This is accomplished
by Theorem 1.
Theorem 1: If n is a positive integer and p a prime, then the exponent of the highest power
of p that divides n! is

n 
 p
k 1 
k k
k  , where the series is finite, because [n / p ] = 0 for p > n.


62
Proof: Among the first n positive integers, those divisible by p are p, 2p, …, tp, where t is the
largest integer such that tp  n; in other words, t is the largest integer less than or equal to n /
p (which is to say t = [n / p]). Thus, there are exactly [n / p] multiples of p occurring in the
product that defines n!, namely,
n
p, 2 p, ...,   p (1)
 p
The exponent of p in the prime factorization of n! is obtained by adding to the number of
integers in Eq (1) the number of integers among 1,2, …, n divisible by p2, and then the
number divisible by p3, and so on. Reasoning as in the first paragraph the integers between 1
and n that are divisible by p2 are
n
p 2 ,2 p 2 ,...,  2  p 2
p 
which are [n / p2] in number. Of these, [n / p3] are again divisible by p:
n
p 3 ,2 p 3 ,...,  3  p 3
p 
After a finite number of repetitions of this process, we are led to conclude that the total
number of times p divides n! is

n 
 p
k 1 
k 

This result can be cast as the following equation, which usually appears under the name of
the Legendre formula:


 n / pk 
n !   p k 1
pn

Example 1: We would like to find the number of zeros with which the decimal
representation of 50! terminates. In determining the number of times 10 enters into the
product 50!, it is enough to find the exponents of 2 and 5 in the prime factorization of 50!,
and then to select the smaller figure. By direct calculation we see that

50 / 2  50 / 22   50 / 23   50 / 24   50 / 25 

 25  12  6  3  1  47
Theorem 1 tells us that 247 divides 50!, but 248 does not. Similarly,

50 / 5  50 / 52   10  2  12
and so the highest power of 5 dividing 50! is 12. This means that 50! ends with 12 zeros.

63
Theorem 2: If n and r are positive integers with 1 r < n, then the binomial coefficient,
n n!
 r   r! n  r !
   
is also an integer.
Proof. The argument rests on the observation that if a and b are arbitrary real numbers, then
a  b  a   b. In particular, for each prime factor p of r!(n – r)!.
 n   r   n  r  
 pk    pk    pk  k  1, 2,...
     
Adding these inequalities, we obtain
n   r   n  r  
 p
k 1 
k 
  k    k  (2)
 k 1  p  k 1  p 
The left-hand side of Eq. (2) gives the exponent of the highest power of the prime p that
divides n!, where as the right hand side equals the highest power of this prime contained in
n!
r!(n – r)!. Hence, p appears in the numerator of at least as many times as it occurs
r !  n  r !

in the denominator. Because this holds true for every prime divisor of the denominator, r!(n
– r)! must divide n!, making r!(n – r)! an integer.
Corollary 1: For a positive integer r, the product of any r consecutive positive integers is
divisible by r!.
Proof: The product of r consecutive positive integers, the largest of which is n, is
n  n  1 ,...,  n  r  1 . We have

 n! 
n  n  1 ,...,  n  r  1  
 r ! n  r ! 
r!
 
Because n! / r!(n – r)! is an integer by Theorem 2, it follows that r! must divide the product
n(n – 1) … (n – r + 1), as asserted.
Having introduced the greatest integer function, let us see what it has to do with the study of
number- theoretic functions. Their relationship is brought out by Theorem 3.
Theorem 3: Let f and F be number theoretic functions such that
F n    f d 
d |n

Then, for any positive integer N,

N N
N 

n 1
F  n   
k 1
f k   
k

64
Proof: We begin by noting that
N N

 F  n    f  d 
n 1 n 1 d |n
(3)

The strategy is to collect terms with equal values of f(d) in this double sum. For a fixed
positive integer k  N , the term f(k) appears in  f (d ) if and only if k is a divisor of n.
d |n

(Because each integer has itself as a divisor, the right hand side of eq(3) includes f(k), at least
once). Now, to calculate the number of sums  f (d ) in which f(k) occurs as a term, it is
d |n

sufficient to find the number of integers among 1, 2,…,N, which are divisible by k. There are
exactly [N / k] of them:
N 
k , 2k , 3k ,...,   k .
k
Thus, for each k such that 1  k  N , f  k  is a term of the sum  f (d ) for [N / k] different
d |n

positive integers less than or equal to N. Knowing this, we may rewrite the double sum in eq
(3) as
N N
N 
 f  d    f  k   k 
n 1 d |n k 1

and our task is complete.

As an immediate application of Theorem 3, we deduce Corollary 2.
N N
N 
Corollary 2: If N is a positive integer, then   n     n 
n 1 n 1

Proof. Noting that (n) = 1 , we may write  for F and take f to be the constant function
d |n

f(n) =1 for all n.

In the same way, the relation   n    d yields Corollary 2.
d |n

N N
N 
Corollary 3: If N is a positive integer, then   n    n 
n 1 n 1  n 
These last two corollaries, can perhaps, be clarified with an example,
Example 2: Consider the case N = 6. The definition of  tells us that
6

  n   14
n 1

6
6
From Corollary 2,   n   6  3  2  3 / 2  6 / 5  1  6  3  2  1  1  1 = 14,
n 1

65
as it should. In the present case, we also have
6

  n   33
n 1

And a simple calculation leads to

6
6
 n  n   16  2 3  32  4 3 / 2  5 6 / 5  6 1
n 1

 1.6  2.3  3.2  4.1  5.1  6.1  33

6.2. Some properties of the phi-function

The next theorem points out a curious feature of the phi-function; namely, that the sum of the
values of (d), as d ranges over the positive divisors of n, is equal to n itself. This was first
noticed by Gauss.
Theorem 4: (Gauss) For each positive integer n 1 .
n    d  ,
d |n

the sum being extended over all positive divisors of n.

Proof: The integers between 1 and n can be separated into classes as follows: If d is a
positive divisor of n, we put the integer m in the class Sd provided that gcd(m, n) = d. Stated
in symbols:
Sd  {m | gcd  m, n   d ;1  m  n}

Now gcd(m, n) = d if and only if gcd(m /d , n /d) =1. Thus, the number of integers in the class
Sd is equal to the number of positive integers not exceeding n /d that are relatively prime to
n /d; in other words, equal to (n /d). Because each of the n integer in the set {1, 2,…,n} lies
in exactly one class Sd, we obtain the formula.
n
n    
d /n  d 

But as d runs through all positive divisors of n, so does n /d; hence,

n
  d     d 
d /n d /n

which proves the theorem.

Example 3: A simple numerical example of what we have just said is provided by n = 10.
Here, the classes Sd are
S1  1,3,7,9 S2  2,4,6,8 S5  {5} S10  {10}

These contain (10) = 4, (5) = 4, (2) = 1, and (1) = 1 integers, respectively, Therefore,

66
  d    10   5    2    1  4  4  1  1  10
d /10

We should mention in passing that there is another interesting identity that involves the phi-
function.
Theorem 5: For n > 1, the sum of the positive integers less than n and relatively prime to n is
1
n  n  .
2
Proof: Let a1, a2 ,…, a(n) be the positive integers less than n and relatively prime to n. Now
because gcd(a, n) =1 if and only if gcd(n – a, n) = 1, the numbers n – a1, n – a2 ,…, n – a(n)
are equal in some order to a1, a2 ,…, a(n). Thus,
a1+a2+ … + a(n) = (n – a1) + (n – a2) + … + (n – a(n)) = (n)n – (a1+a2+ … +a(n)).
Hence 2(a1+a2 + … + a(n)) = (n)n leading to the stated conclusion.
Example 4: Consider the case when n = 30. The (30)=8 integers that are less than 30 and
relatively prime to it are 1, 7, 11, 13, 17, 19, 23, and 29.
In this setting, we find that the desired sum is
1
1+7+11+13+17+19+23+29=120=  30  8
2
Also note the pairings
1 + 29 = 30 7 + 23 = 30 11 + 19 = 30 13 + 17 = 30
This is a good point at which to give an application of the Mobius inversion formula.
Theorem 6: For any positive integer n
 d 
  n   n
d |n d
Proof: The proof is deceptively simple. If we apply the inversion formula to
F  n   n    d 
d |n

the result is
n n
  n      d F       d  .
d |n  d d
d |n

Let us again illustrate the situation where n = 10. As easily can be seen
 d     2    5  10  
10  10   1    
d |n d  2 5 10 
  1  1  12   1 1 1 2
 10 1      10 1      10.  4   10 
 2 5 10   2 5 10  5

67
Starting with Theorem 6, it is an easy matter to determine the value of the phi-function for
any positive integer n. Suppose, that the prime power decomposition of n is n = p1k1 p2k2 ... prkr ,
and consider the product
   pi    pik  
i

P  n   1    
pi |n  pi piki 
 
Multiplying this out, we obtain a sum of terms of the form
 1   p1a    p2a  ....  pra
1 2 r

a1 a2 ar
0  ai  ki
p p
1 2 p r

or, because  is known to be multiplicative,

  p1a p2a ... pra
1 2 r
   d 
a1 a2 ar
p p ... p
1 2 r d

 (d )
where the summation is over the set of divisors d  p1a1 p2a2 ... prar of n. Hence P   .
d |n d
It follows from Theorem 6 that

 d     pi    pik  i

  n   n  n   1    .
d pi |n  pi piki 
d |n
 

 
But  piai  0 , whenever ai  2. As a result, the last-written equation reduces to

   pi    1
  n   n   1    n  1  
pi |n  pi  pi |n  pi 

which agrees with the formula established earlier by different reasoning. What is significant
about this argument is that no assumption is made concerning the multiplicative character of
the phi-function, only of .

6.3. Summary
In this chapter we have studied greatest integer function which is also called bracket function
and some properties of Euler’s Phi function.

6.4. Keywords
Greatest integer function, phi function.

6.5. Exercises
1. Find the highest power of 7 dividing 1000! and highest power of 5 dividing 500!
2. For any integer n ≥ 0, show that [n / 2] – [–n / 2] = n.
3. For n ≥ 1 and p is a prime, prove that (2n)! / (n!)2 is an even integer.

68
 4. Let x and y be real numbers. Then prove that
a. [x + n] = [x] + n, for any integer n
b. [x] + [–x] = 0 or –1 according as x is an integer or not
c. [x + y] ≤ [x] + [y].
5. Find an integer n ≥ 1 such that the highest power of 5 contained in n! is 100.
 2 (d ) n
6. For a positive integer n, prove that 
d |n  ( d )

 (n)
.

n
7. Verify the formula  (d )[n / d ]  n(n  1) / 2 for any positive integer n.
d 1

8. If n is a square free integer, prove that  ( d

d |n
k 1
) (d )  n k for all integers k ≥ 2.

9. For n > 2, establish the inequality  (n2 )   ((n  1)2 )  2n2 .

10. Prove that  (d ) (n / d )  n (n) and  (d ) (n / d )   (n) .

d |n d |n

6.6. References

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

69
 UNIT – 7

APPLICATIONS TO CRIPTOGRAPHY
Structure:

7.0. Objective
7.1. Introduction
7.2. Cryptography
7.3. Affine, Vigenere and Hill ciphers
7.4. RSA Public-key cryptosystem
7.5. Summary
7.6. Keywords
7.7. Exercises
7.8. References

7.0. Objective
The objective of this chapter is to study a very important application of number theory to
cryptography. We will study some simple cryptosystems and also cryptanalyze them. Also
we see that how RSA cryptosystem leads to the study of another important mathematical
problem “Factorization”.

7.1. Introduction
The proliferation of computers and communication systems in the 1960s brought with it a
demand from the private sector for means to protect information in digital form and to
provide security services. In this age of universal electronic connectivity, of viruses and
hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which
security does not matter. Two trends have come together to make the topic of vital interest.
First, the explosive growth in computer systems and their interconnections via networks has
increased the dependence of both organizations and individuals on the information stored and
communicated using these systems. This, in turn, has led to a heightened awareness of the
need to protect data and resources from disclosure, to guarantee the authenticity of data and
messages, and to protect systems from network-based attacks. Second, the disciplines of
cryptography and network security have matured, leading to the development of practical,
readily available applications to enforce network security.

70
Security attacks : The following figure shows 4 types of typical security attacks.

• Interruption: An asset of the system is destroyed or becomes unavailable or

unusable. This is an attack on availability. Examples include destruction of a piece
of hardware, such as hard disk, the cutting of a communication line etc.,
• Interception: An unauthorized party gains access to an asset. This is an attack on
confidentiality. Examples include wiretapping to capture data in a network, and the
illicit copying of files or programs
• Modification: An unauthorized party not only gains access to but tampers with an
asset. This is an attack on integrity. Examples include changing values in a data file,
altering a program so that it performs differently etc.,
• Fabrication: An unauthorized party inserts counterfeit objects in the system. This is
an attack on authenticity. Examples include the insertion of spurious message in a
network or the addition of records to a file.

71
7.2. Cryptography

Definition 1: Cryptography is the study of methods of sending messages in disguised form

so that only the intended recipients can remove the disguise and read the message. The
message we want to send is called the plaintext and the disguised message is called the
ciphertext. The plaintext and ciphertext are written in some alphabet (usually, but not always,
they are written in the same alphabet) consisting of a certain number N of letters. The term
“letter” (or “character”) can refer not only to the familiar A-Z, but also to numerals, blank,
punctuation marks, or any other symbols that we allow ourselves to use when writing the
messages. The process of converting a plaintext to a ciphertext is called enciphering or
encryption, and the reverse process is called deciphering or decryption.
The plaintext and ciphertext are broken up into message units. A message unit might
be a single letter, a pair of letters (digraph), a triple of letters (trigraph), or a block of 50
letters. An enciphering transformation is a function that takes any plaintext messages unit
and gives us a ciphertext message unit. In other words, it is a map f from the set P of all
possible plaintext message units to the set C of all possible ciphertext message units.We shall
always assume that f is a 1-to-1 correspondence. That is, given a ciphertext message unit,
there is one and only one plaintext message unit for which it is the encryption. The
-1
deciphering transformation is the map f which goes back and recovers the plaintext from
the ciphertext. We can represent the situation schematically by the diagram

→ →
Any such set-up is called a cryptosystem.
The first step in inventing a cryptosystem is to “label” all possible plaintext message
units and all possible ciphertext message units by means of mathematical objects from which
functions can be easily constructed. These objects are often simply the integers in some
range. For example,if our plaintext and ciphertext message units are single letters from the
26- letter alphabet A-Z, then we can label the letters using the integers 0, 1, 2,…, 25, which
we call their “numerical equivalents”. Thus, in place of A we write 0, in place of S we write
18, in place of X we write 23, and so on. As another example, if our message units are
digraphs in the 27- letter alphabet consisting of A-Z and a blank, we might first let the blank
have numerical equivalent 26 (one beyond Z), and then label the digraph whose two letters
correspond to x, y { }.
Thus, we view the individual letters as digits to the base 27 and we view the digraph as a
2-digit integer to that base. For example, the digraph “NO” corresponds to the integer 27. 13
+ 14 = 365. Analogously, if we were using trigraphs as our message units, we could label

72
them by integers 729x+27y+z { } In general, we can label blocks of k letters
in an N-letter alphabet by integers between 0 and N k – 1 by regarding each such block as a k-
digit integer to the base N.
Examples. Let us start with the case when we take a message unit (of plaintext or of
ciphertext) to be a single letter in an N-letter alphabet labeled by the integers 0, 1, 2,…, N – 1.
Then, by definition, an enciphering transformation is a rearrangement of those N integers.
To facilitate rapid enciphering and deciphering, it is convenient to have a relatively
simple rule for performing such a rearrangement. One way is to think of the set of integers
{ } as Z/NZ, and make use of the operations of addition and multiplication
modulo N.
Suppose we are using the 26–letters alphabet A – Z with numerical equivalents 0 –
25. Let the letter P { }, stand for a plaintext message unit. Define a function f
from the set { } to itself by the rule

f(P) = {
≥
In other words, f simply adds 3 modulo 26: f (P) The definition using
modular arithmetic is easier to write down and work with. Thus, with this system, to encipher
the word “YES” we first convert to numbers: 24 4 18, then add 3 modulo 26: 1 7 21, then
translate back to letters: “BHV.” To decipher a message, one subtracts 3 modulo 26. For
example, the ciphertext “ZKB” yields the plaintext, “WHY.” This cryptosystem was
apparently used in ancient Rome by Julius Caesar, who supposedly invented it himself.
The above example can be generalized as follows. Suppose we are using an N-letter
alphabet with numerical equivalent 0, 1,··· , N – 1. Let b be a fixed integer. By a shift
transformation we mean the enciphering function f defined by the rule C = f (P) P + b mod
N. Julius Caesar’s cryptosystem defined by the rule C = f (P) P + b mod N. Julius
Caesar’s cryptosystem was the case N = 26, b = 3. To decipher a ciphertext message unit C
{ } we simply compute P = f -1(C) Here b is the encryption
key and is usually deonated by e and N – b is the decryption key and is denoted by d.

Definition 2: A cryptosystem is called a block cipher if its plaintext space and its ciphertext
space are the set all possible message units of a fixed length n. The block length n is a
positive integer. A simple example of a block cipher is the Caesar cipher. It has block length
1. In general, block ciphers with block length 1 are called substitution ciphers.

73
Symmetric and Asymmetric Cryptosystems
We briefly explain the difference between symmetric and asymmetric cryptosystems.
If Veena wants to send an encrypted message to Varun, then she uses an encryption key e and
Varun uses the corresponding decryption key to recover the plaintext. If in a cryptosystem
the encryption key e is always equal to the decryption key d, or if d can be easily computed
from e, then the cryptosystem is called symmetric. If Veena and Varun use a symmetric
cryptosystem, they must exchange the secret key e before they start their communication.
Secure key exchange is a major problem. The key e must be kept secret since anybody who
knows e can determine the corresponding decryption key d. The Caesar cipher is an example
of a symmetric cryptosystem. The keys for encryption and decryption are equal in this
system.
In asymmetric cryptosystems, the keys d and e are distinct, and the computation of d
from e is infeasible. In such systems, the encryption key can be made public. If Varun wants
to receive encrypted messages, he publishes an encryption key e and keeps the corresponding
decryption key d secret. Anybody can use e to encrypt messages for Varun. Therefore, e is
called the public key. But only Varun can decrypt the messages, so d is called the private key.
Asymmetric cryptosystems are also called public-key cryptosystems.

Definition 3: An encryption scheme is said to be breakable if a third party, without prior

knowledge of the key pair (e, d), can systematically recover plaintext from corresponding
ciphertext within some appropriate time frame.

Cryptanalysis: Cryptanalysis deals with the attacks on cryptosystems. In this section, we

classify those attacks.

To make attacks on cryptosystems more difficult, one can keep the cryptosystem
secret. However, it is not clear how much security is really gained in this way because an
attacker has many ways of finding out which cryptosystem is used. He can try to tell from
intercepted ciphertexts which system is used. He can also try to get information from people
who have information about the encryption scheme in use. Modern cryptanalysis therefore
assumes that an attacker knows which cryptosystern is used. Only the (private) keys and the
plaintexts are assumed to be secret. The attacker tries to recover plaintexts from ciphertexts
or even tries to find out which keys are used. There are the following types of attacks:
 Ciphertext-only attack. The attacker knows ciphertexts and tries to recover the
corresponding plaintexts or the key.

74
  Known-plaintext attack: The attacker knows a plaintext and the corresponding
ciphertext or several such pairs. He tries to find the key used or to decrypt other
ciphertexts.
 Chosen-plaintext attac:. The attacker is able to encrypt plaintexts but does not know
the key. He tries to find the key used or to decrypt other ciphertexts.
 Adaptive chosen-plaintext attack: The attacker is able to encrypt plaintexts. He is
able to choose new plaintexts as a function of the ciphertexts obtained but does not
know the key. He tries to find the key used or to decrypt other ciphertexts.
 Chosen-ciphertext attack: The attacker can decrypt but does not know the key. He
tries to find the key.

There are many ways to mount these attacks. A simple ciphertext-only attack consists
of decrypting the ciphertext with all possible keys. This attack is called exhaustive search.
The correct plaintext is among the few sensible texts that the attacker obtains. Given the
speed of modern computers, this attack is successful for many cryptosystems. It works, for
example, for the DES (Data Encryption Standard) system, which until recently was the U.S.
encryption standard. A known-plaintext attack may use the statistical properties of the
plaintext language. For example, if we apply the Caesar cipher, then for a fixed key any
plaintext symbol is replaced by the same ciphertext symbol. The most frequent plaintext
symbol is encrypted to the most frequent ciphertext symbol. Since we know the most
frequent symbol of the plaintext language, we have a good guess how to decrypt the most
frequent ciphertext symbol. Analogously, the frequency of other individual symbols, of pairs,
triplets, etc., in the plaintext may be reflected in the ciphertext and can be used to decrypt the
ciphertext or to recover the key.
Let us cryptanalyse the the Caesar cipher. The most frequently occurring letter in the
ciphertext correspond to those in the plaintext. For example, E is the most frequently
occurring letter in an arbitrary text, occurring about 12.5% of the time; the next three letters
are T, A, and O, occurring about 9%, 8%, and 8% of the time, respectively.
Consider the ciphertext message:
SLABZ ULCLY ULNVA PHALV BAVMM LHYIB
ASLAB ZULCL YMLHY AVULN VAPHA L
The most frequently occurring letter in the ciphertext is L, so our best guess is that it must
correspond to the plaintext letter E. Since their ordinal numbers are 11 and 4, this implies
; that is, k = 7. Then . Using this congruence, we

75
 can determine the ordinal number of each letter in the plaintext. After obtaining the ordinal
number of each plaintext letter, the plaintext message reads as
LET US NEVER NEGOTIATE OUT OF FEAR BUT LET US NEVER FEAR TO
NEGOTIATE

7.3. Affine, Vigenere and Hill Ciphers

Affine Ciphers: Shift ciphers belong to a large family of affine ciphers defined by the
formula

where a is a positive integer ≤ 25 and (a, 26) = 1. Since (a, 26) = 1, inverse of a exists and so
.
Since (a, 26) = 1, there are = 12 choices for a, so there are 12·26 = 312 affine ciphers.
One of them is the identity transformation corresponding to a = 1 and k = 0.
When a = 5 and k = 11, . If P = 8, then ∙
, so under the affine cipher , the letter I is transformed into
Z and letter Q into N. Table shows the plaintext letters and the corresponding ciphertext
letters created by this affine cipher, which shifts A to L and in which each successive letter is
paired with every fifth letter.
Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
letter
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Ciphertext 11 16 21 00 05 10 15 20 25 04 09 14 19 24 03 08 13 18 23 02 07 12 17 22 01 06
letter
L Q V A F K P U Z E J O T Y D I N S X C H M R W B G

Hence, under the above affine transformation, the plaintext message THE MOON IS MADE
OF CREAM CHEESE will be transformed into THEMO ONISM ADEOF CREAM CHEES
E (grouping into 5 letters).
To decipher the message, we use the congruence
.
Let us cryptanalyze the ciphertext BYTUH NCGKN DUBIH UVNYX HUTYP QNGYV
IVROH GSU that was generated by an affine cipher.
First make the frequency analysis of the letters in the ciphertext. According to it U
occurs 5 times, H, N, and Y occurs 4 times each. It is reasonable to assume that the letter U
corresponds to the letter E in the plaintext message, that is, . If we
assume H corresponds to T, then . Solving this linear system, we get

76
 , so . But (13, 26) ≠ 1, so
this is not a valid cipher. Thus, our guess that H corresponds to T was not a valid one.
So let us assume that N corresponds to T. This yields the linear system
and . Solving this system,
. Since (3, 26) = 1, this yields a valid cipher
.
Ciphertext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
letter
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Plaintext 06 15 24 07 16 25 08 17 00 09 18 01 10 19 02 11 20 03 12 21 04 13 22 05 14 23
letter
G P Y H Q Z I R A J S B K T C L U D M V E N W F O X

Using this table, we can translate the given ciphertext message as POVER TYIST HEPAR
ENTOF REVOL UTION ANDCR IME, that is, POVERTY IS THE PARENT OF
REVOLUTION AND CRIME.

Vigenere Ciphers: The Vigenere cryptosystem employs a keyword w1w2 … wn of length n

and n shift ciphers to each block length n, where ki is the ordinal
number of the letter wi and 1 ≤ i ≤ n.

For example, using the keyword CIPHER and a Vigenere cipher, let us encrypt the message
CRYPTOGRAPHY IS FUN. Since the ordinal numbers of the letters C, I, P, H, E, and R are
02, 08, 15, 07, 04 and 17, respectively, they serve as the shift factors for each shift cipher for
every block. So the six shift ciphers are , where k = 2, 8, 15, 7, 4 and
17.
Since the keyword is a six-letter word, first we group the letters of the plaintext into
blocks of length six: CRYPTO GRAPHY ISFUN.
Now apply the ith cipher to the letter wi in each block, where 1 ≤ i ≤ n. For instance,
consider the first CRYPTO. Since the ordinal number are 02, 17, 24, 15, 19 and 14,
respectively, add to them the key values 2, 8, 15, 7, 4 and 17 in that order modulo 26. The
resulting numbers are 4, 25, 13, 22, 23 and 4, and the corresponding letters are E, Z, N, W, X,
and F, respectively, so the first ciphertext block is EZNWXF. Thus the resulting ciphertext is
EZNWXF IZPWLP KAUBR.

77
Hill Cipher: The above cryptosystems are very weak in the sense they can be easily
cryptanalyzed. Let us try block ciphers of length 2 and they are called digraphs. In such a
system, we group the letters of the plaintext into blocks of length 2, adding a dummy letter X
at the end, if necessary, to make all blocks of the same length, and then replace each letter
with its ordinal number. Each plaintext block P1P2 is then replaced by a numeric ciphertext
block C1C2, where C1 and C2 are different linear combinations of P1 and P2 modulo 26:

(1)
where (ad – bc, 26) = 1. This condition is necessary to uniquely solve the linear system of P1
and P2. Then we translate each number into a ciphertext letter, the resulting text is the
ciphertext.
The following example illustrates this algorithm.
Using the 2 x 2 linear system

. (2)
encipher the message SLOW AND STEADY WINS THE RACE.

SOLUTION
Step 1 Assemble the plaintext into blocks of length two:
SL OW AN DS TE AD YW IN ST HE RA CE
Step 2 Replace each letter by its cardinal number:
18 11 14 22 00 13 03 18 19 04 00 03
24 22 08 13 18 19 07 04 17 00 02 04
Step 3 Using the linear system (2), convert each block into a ciphertext numeric block:
When P1 = 18 and P2 = 11, we have

So the first block 18 11 is converted into 25 18. Transforming the other blocks in a similar
fashion yields the numeric string.

25 18 18 22 13 00 15 21 17 25 13 02
16 00 01 24 25 06 09 15 07 25 10 00
Step 4 Translate the numbers into letters.
The resulting ciphertext is ZS SW NA PV RZ NC QA BY ZG JP HZ KA.

78
Matrices are useful in the study of Hill cryptosystems. For example, that the linear system
can be written as

[ ] [ ][ ] .

Since | | the matrix [ ] is invertible modulo 26, with

inverse [ ] modulo 26. So the deciphering procedure can be effected using the

congruence

[ ] [ ][ ] (3)

as the following example demonstrates.

Using congruence (3), let us decipher the ciphertext
ZS SW NA PV RZ NC QA BY ZG JP HZ KA
Translating the ciphertext letters into numbers, we get
25 18 18 22 13 00 15 21 17 25 13 02
16 00 01 24 25 06 09 15 07 25 10 00
The plaintext numbers corresponding to the block 25 18 are given by

[ ] [ ][ ] [ ]

So P1 = 18 and P2 = 11. The other blocks can be converted similarly.

It is obvious from the preceding two examples that the size of a block can be any size
n ≥ 2, and that the enciphering and deciphering tasks can be accomplished by choosing an
nxn enciphering matrix A modulo 26 such that (|A|, 26) = 1, where |A| denotes the
determinant of A. Let P1, P2, …, Pn be the ordinal numbers of an arbitrary plaintext block
and C1, C2, …, Cn the corresponding ciphertext numbers. Let

[ ] [ ].

The congruence providing the enciphering transformation.

7.4. RSA Public Key Crypto-System

Let p and q be distinct large primes and let n be their product. Assume that we also have two
integers, d (for decryption) and e (for encryption) such that
d×e .
The integers n and e are made public, while p,q and d are kept secret.

79
 Let M be the message to be sent where M is a positive integer less than and relatively
prime to n. If we keep M less than both p and q,then we will be safe. In practice, if is enough
to keep M less than n for the probability than a random M is divisible by p or q is so small as
to be negligible. A plaintext message is easily converted to a number by using, say,
Blank = 99, A = 10, B = 11, , Z = 35,
So that HELLO becomes 1714212124. If necessary, the message can be broken into blocks of
smaller messages:
17142 12124.
The encoder computes and sends the number E = M e MOD n.
which we know from Algorithm 3.3 can be done very quickly. To decode, we simply
compute
Ed MOD n.
By Theorem 3.4 and our equation (4.1) we have that
Ed (Me)d Me x d M(multiple of ϕ(n)) + 1 (mod n)
1xM M (mod n).
d
Since M and E MOD n both lie between 0 and n, they must be equal.
If e has been chosen relatively prime to , then we know that there exists d,
uniquely such that
e×d 1 (mod .
As we shall prove later in this chapter, if we know the factorization of n, namely n = p x q
where p and q are distinct primes, then we can easily compute by
= (p – 1) x (q – 1).
There is no simpler way of computing . In fact, knowing ϕ (n) equivalent to knowing the
factorization becase we can find p + q:

and the p – q is
√ √

√ ,
and finally:
[ ] [ ]

The problem of finding d, the decryption key, has been reduced to find the factorization of n.
For this example, the keys were generated as follows:
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 × 11 = 187.

80
3. Calculate = (p – 1)(q – 1) = 16 × 10 = 160.
4. Select e such that e is relatively prime to = 160 and less than ; we choose e = 7.
5. Determine d such that de 1 (mod 160) and d < 160.
The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1; d can be calculated
using the extended Euclid’s algorithm. The resulting keys are public key PU = {7, 187} and
private key PR = {23, 187}. The example shows the use of these keys for a plaintext input of
M= 88.
For encryption, we need to calculate C = 887 mod 187. Exploiting the properties of
modular arithmetic, we can do this as follows:
887 mod 187 = [(884 mod 187) × (882 mod 187) × (881 mod 187)] mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187 = 59,969,536 mod 187 = 132
887 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11
For decryption, we calculate M = 1123 mod 187:
1123 mod 187 = [(111 mod 187) × (112 mod 187) × (114 mod 187) × (118 mod 187) × (118
mod 187)] mod 187
111 mod 187 = 11
112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187 = 88
The Security of RSA
Four possible approaches to attacking the RSA algorithm are
• Brute force: This involves trying all possible private keys.
• Mathematical attacks: There are several approaches, all equivalent in effort to
factoring the product of two primes.
• Timing attacks: These depend on the running time of the decryption algorithm.
• Chosen ciphertext attacks: This type of attack exploits properties of the RSA
algorithm.
The defense against the brute-force approach is, to use a large key space. Thus, larger the
number of digits in d, the better. However, because the calculations involved, both in key
generation and in encryption/decryption, are complex, the larger the size of the key, the
slower the system will run.

81
THE FACTORING PROBLEM We can identify three approaches to attacking RSA
mathematically.
1. Factor n into its two prime factors. This enables calculation of = (p - 1) × (q - 1),
which in turn enables determination of d e-1 (mod .
2. Determine directly, without first determining p and q. Again, this enables
determination of d e-1 (mod ).
3. Determine d directly, without first determining .

7.5. Summary
In this chapter we studied several cryptosystems and how to cryptanalyse them. We note
here that in this generation of networking how important is to protect data from intruders.

7.6. Keywords
Computer, communication, cryptosystem, cryptanalysis, factorization, plaintext, ciphertext,
symmetric and asymmetric keys, enciphering and deciphering keys, encryption and
decryption, RSA cryptosystem.

7.7. Exercise

1. Using the Ceaser cipher, encipher the following:

a. ALL IS WELL THAT ENDS WELL
b. ALL THAT GLITTERS IS NOT GOLD
2. Decipher each ciphertext created by the Ceaser cipher:
a. QHFHV VLWBL VWKHP RWKHU RILQY HQWLR Q
b. PDWKH PDWLF VLVWK HTXHH QRIWK HVFLH QFHV
3. Encipher each using affine cipher C ≡ 3P + 7(mod 26): A THING OF BEAUTY IS
JOY FOR EVER.
4. The enciphered message were generated by affine cipher C ≡ 5P + 3(mod 26).
Decipher each:
a. UMXIZ NBPUV APMXK X
b. XEXKT IVSTP IZPRQ XPPRP QVIVS TPIZP RQXPP.
5. Cryptanalyze the ciphertext created by an affine cipher C ≡ aP + k(mod 26):
a. IRCCH EKKEV CLLFK EIOKL
b. XKKLF ILIGM EKOIV EKKE
 1 25 25 
6. Using enciphering matrix  25 1 24  encipher the plain text: TIME AND TIDE
 
2 9 5
 
WAIT FOR NO MAN.

82
  7 18 19 
7. Using deciphering matrix  15 1 19  decipher the cipher text: ZTH QLJ MOA
 
 17 17 0 
 
NLG GPN EXA OCA QTY.
8. Using RSA enciphering key (e, n) = (11, 2867), encrypt each message SEAFOOD and
OPEN DOOR.
9. Each ciphertext below was generated by the RSA enciphering key (e, n) = (11, 2867).
Decipher each:
a. 1420 0614 1301 1694
b. 1959 1384 1174 2050
10. Let n = pq, where p and q are primes with p > q. Show that p + q = n – ϕ(n) + 1.

7.9. References
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. A Course in Number Theory and Cryptography, Neal Koblitz, Springer
4. Elementary Methods in Number Theory, Melvyn B. Nathanson, Springer
5. Handbook of Applied Cryptography, A. Menezes, P. van Ooschot and S. Vanstone,
CRC Press, Inc.

83
 UNIT – 8

DIRICHLET PRODUCT OF ARITHMETICAL FUNCTIONS

AND AVERAGES OF ARITHMETICAL FUNCTIONS
Structure:

8.0. Objective
8.1. Dirichlet product
8.2. Averages of Arithmetical Functions
8.3. The big O (oh) notatin
8.4. Euler’s Summation Formula
8.5. Some Elementary Asymptotic Formulas
8.6. The Average Order of d(n), 𝝈(n), and ϕ(n)
8.7. Summary
8.8. Keywords
8.9. Exercises
8.10. References

8.0. Objective
The objective of this chapter is to study Dirichlet product of arithmetical functions and also
asymptotic behavior of arithmetical functions.

8.1. Dirichlet product

Definition 1: If f and g are two arithmetical functions we define their Dirichlet product to be the
arithmetical function h defined by the equation

n
( f * g )(n)  h(n)   f (d ) g  
d /n d 
Theorem 1: Dirichlet multiplication is commutative and associative

Proof: Note that f * g can also be written as ( f * g )(n)  

abn
f (a ) g  b 

where a and b vary over all positive integers whose product is n. This definition of Dirichlet
product clearly shows product is commutative.

To prove the associative property we let A = g * k and consider f * A = f * (g * k). We have

( f * A)(n )  
ad  n
f (a ) A  d   
ad  n
f (a )   g ( b) k ( c )
bc  d

 
abc n
f ( a ) g ( b)k ( c )

84
In the same way, if we let B = f * g and consider B * k we are led to the same formula for
(B * k)(n). Hence f * A = B * k which means that Dirichlet multiplication is associative.

We now introduce an identity element for this multiplication.

Definition 2: The arithmetical function I given by

 1   1 if n  1
I (n)     
 n  0 if n  1

is called the identity function.

Theorem 2: For all f we have I * f  f * I  f

Proof: We have

n d 
I (n )   f (d ) I     f (d )    f ( n)
d |n  d  d |n n

since [d /n] = 0 if d < n

Dirichlet inverses :

Theorem 3: If f is an arithmetical function with f(1) there is a unique arithmetical function

f -1, called the Dirichlet inverse of f, such that
f * f 1  f 1 * f  I
Moreover, f -1 is given by the recursion formulas

1 1 n
f 1 (1)  , f 1 (n)    f   f 1 (d ) for n  1
f (1) f (1) d |n  d 
d n

 
Proof: Given f, we shall show that the equation f * f 1 (n)  I (n) has a unique solution for
the function values f -1(n). For n = 1 we have to solve the equation

 f * f  (1)  I (1)
1

which reduces to
f (1)  f 1 (1)  1
1
Since f(1) ≠ 0 there is one and only one solution, namely f (1)  1/ f (1). Assume now that the
1
function values f (k ) have been uniquely determined for all k < n. Then we have to solve the
 
equation f * f 1 (n)  I (n) , or
n
 f  d  f  d   0
d |n
1

This can be written as

n
f (1)  f 1 (n)   f   f 1  d   0
d |n d 
d n

85
 1
If the values f (d ) are known for all divisors d < n, there is a uniquely determined values for
f 1 (n), namely
1  n  1
f 1 (n )  f
f (1) d |n
  f  d ,
d 
d n

Since f(1) ≠ 0. This establishes the existence and uniqueness of f –1 by induction.

Note: We have (f * g) (1) = f(1)g(1). Hence, if f(1) ≠ 0 and g(1) ≠ 0 then (f * g)(1) ≠ 0. This
fact, along with Theorem 1, 2, and 3, tells us that the set of all arithmetical functions f with
f(1) ≠ 0 forms an abelian group with respect to the operation *, the identity element being the
function I. The following can be easily verified:
( f * g )1  f 1 * g 1 if f (1)  0 and g (1)  0.
Definition 3: We define the unit function u to be the arithmetical function such that u(n) = 1
for all n.
From Theorem 6.6 we see that    d   I (n ) .
d |n
In the notation of Dirichlet multiplication

this becomes μ * u = I. Thus u and μ are Dirichlet inverses of each other.

Recall that f is said to be multiplicative if f(mn) = f(m)f(n) whenever gcd(m, n) = 1.
Theorem 4: If f and g are multiplicative, so is their Dirichlet product f * g.
Proof: Let h = f * g and let m and n be relatively prime integers. Then
 mn 
h(mn )   f  c  g  
c|mn  c .

Now every divisor c of mn can be expressed in the form c = ab where a | m and b | n.

Moreover, gcd(a, b) = 1, (m / a, n / b) = 1, and there is a one-to-one correspondence between
the set of products ab and the divisor c of mn. Hence
 mn  m n
h(mn )   f  ab  g     f  a ) f (b  g   g  
a|m  ab  a|m  a  b
b|n b|n

m n
  f (a ) g   f (b) g    h(m)h(n ).
a|m  a  b|n b
This completes the proof.

Theorem 5: If both g and f * g are multiplicative, then f is also multiplicative.

Proof: We prove it by contradiction. Assume f is not multiplicative. Let h = f * g. Since f is
not multiplicative there exists positive integers m and n with gcd(m, n) = 1 such that
f(mn) ≠ f(m)f(n).
We choose such a pair m and n for which the product mn is as small as possible.

86
1. If mn = 1 then f(1) ≠ f(1)f(1) so f(1) ≠ 1. Since h(1) = f(1)g(1) = f(1) ≠ 1, this shows that h
is not multiplicative.
2. If mn > 1, then we have f(ab) = f(a)f(b) for all positive integers a and b with gcd(a, b) = 1
and ab < mn. Now, we argue as in the proof of Theorem 4, except that in the sum defining
h(mn) we separate the term corresponding to a = m, b = n.
We then have
 mn  m n
h(mn )   f  ab  g  ab   f (mn) g (1)  
a|m a|m
f (a ) f (b) g  g    f (mn )
 a  b
b|n b|n
ab mn ab mn

m n
  f (a ) g   f (b) g    f (m) f (n )  f (mn )
a|m  a  b|n b
 h(m)h( n )  f (m) f (n )  f (mn ).

Since f(mn) ≠ f(m)f(n) this shows that h(mn) ≠ h(m)h(n) so h is not multiplicative.

Theorem 6: If g is multiplicative, so is g-1, its Dirichlet inverse.

Proof: This follows at once from Theorem 5 since both g and g * g-1 = I are multiplicative.

8.2. Averages of Arithmetical Functions

We have discussed various identities satisfied by arithmetical functions such as μ(n), ϕ(n)
etc., . We now inquire about the behavior of these and other arithmetical functions f(n) for
large values of n.
For example, consider d(n), the number of divisors of n. This function takes on the
value of 2 infinitely often (when n is prime) and it also takes on arbitrarily large values when
n has a large number of divisors. Thus the values of d(n) fluctuate considerably as n
increases.
Many arithmetical functions fluctuate in this manner and it is often difficult to
determine their behavior for large n. Sometimes it is more fruitful to study the arithmetic
mean
1 n
f (n)   f (k )
n k 1
Averages smooth out fluctuations so it is reasonable to expect that the values f (n ) might
behave more regularly than f(n). This is indeed the case for the divisor function d(n). We

will prove later that the average d (n ) grows like log n for large n; more precisely,

d (n)
lim 1 (1)
n  log n

This is described by saying that the average order of d(n) is log n.

87
 To study the average of an arbitrary function f we need a knowledge of its partial sums
n

 f (k ) .
k 1
Sometimes it is convenient to replace the upper index n by an arbitrary positive real

number x and to consider instead sums of the form  f (k ).

kx

Here it is understood that the index k varies from 1 to [x], the greatest integer ≤ x. If 0 < x < 1
the sum is empty and we assign it the value 0. Our goal is to determine the behavior of this
sum as a function of x, especially for large x.
For the divisor function we will prove a result obtained by Dirichlet in 1849, which is
stronger than (1), namely

 d (k )  x log x  (2C  1) x  O(
k n
x) (2)

For all x ≥ 1. Here C is Euler’s constant, defined by the equation

 1 1 1 
C  lim  1     log n  (3)
n
 2 3 n 
The symbol O( x ) represents an unspecified function of x which grows no faster than some

constant times x . This is an example of the “big oh” notation which is defined as follows.

8.3. The big O (oh) notatin

Definition 4: If g(x) > 0 for x ≥ a, we write f(x) = O(g(x)) (read: “f(x) is big oh of g(x)”) to
mean that the quotient f(x) / g(x) is bounded for x ≥ a; that is , there exists a constant M > 0
such that
f ( x)  Mg ( x) for all x  a.

An equation of the form f(x) = g(x) + O(g(x)) means that f(x) – g(x) = O(g(x)). We note that

f(t) = O(g(t)) for t ≥ a implies a

x
f (t )dt  O  g(t)dt  for x  a.
x

f ( x)
Definition 5: If lim  1 we say that f (x) is asymptotic to g(x) as x →∞, and we write
x  g ( x)
f (x) ~ g(x) as x →∞.
In equation (2) the term xlogx is called the asymptotic value of the sum; the order two terms
represent the error made by approximating the sum by its asymptotic value. If we denote this
error by E(x), then (2) states that

E ( x)  (2C  1) x  O( x ). (4)

This could also be written E(x) = O(x), an equation which is correct but which does not convey
the more precise information in (4). Equation (4) tells us that the asymptotic value of E(x) is
(2C – 1)x.

88
8.4. Euler’s Summation Formula

Sometimes the asymptotic value of a partial sum can be obtained by comparing it with an
integral. A summation formula of Euler gives an exact expression for the error made in such an
approximation. In this formula [t] denotes the greatest integer ≤ t.
Theorem 7: If f has a continuous derivative f on the interval [y, x], where 0 < y < x, then


x x
f (n)   f (t )dt   (t  [t ]) f (t )dt  f ( x )([ x ]  x )  f ( y )([ y ]  y ) (5)
y y
y n  x

Proof: Let m = [y], k = [x]. For integers n and n – 1 in [y, x] we have

n n

n 1
[t ] f (t )dt   (n  1) f (t )dt  (n  1){ f (n)  f (n  1)}
n 1

={nf ( n)  ( n  1) f ( n  1)}  f ( n).

Summing from n = m + 1 to n = k we find

k

 {nf (n)  (n  1) f (n  1)}  

k
 m
[t ] f (t )dt 
n  m 1 y n x
f ( n)

=kf ( k )  mf ( m)  
y n  x
f ( n),

hence


k
f (n )    [t ] f (t )dt  kf (k )  mf (m)
m
y n  x
x
=   [t ] f (t )dt  kf ( x )  mf ( y ). (6)
y

Integration by parts gives us

x x
 y
f (t )dt  xf ( x )  yf ( y )   tf (t )dt ,
y

and when this is combined with (6) we obtain (5).

8.5. Some Elementary Asymptotic Formulas

The next theorem gives a number of asymptotic formulas which are easy consequences of
Euler’s summation formula. In part (a) the constant C is Euler’s constant defined in (3). In part
(b), ζ(s) denotes the Riemann zeta function which is defined by the equation

1
 ( s)   s
if s  1,
n 1 n

and by the equation

 1 x1 s 
 ( s)  lim    if 0  s  1.
x 
 n s 1  s 

89
Theorem 8: If x ≥ 1 we have:

1 1
(a)  n  log x  C  O  x .
n x

x1s
  ( s)  O  x  s  if s  0, s  1.
1
(b) 
n x n
s

1 s
1
(c)  s  O x1s if s  1.  
n x n

x 1
(d)  O  x  if   0.
 n 
n x  1
Proof: For part (a) we take f (t) = 1/t in Euler’s summation formula to obtain

1 dt x t  [t ] x  [ x]
n  
x
 2
dt  1 
n x
1 t 1 t x
x t  [t ] 1
 log x   dt  1  O  
 x
2
1 t
 t  [t ]  t  [t ] 1
 log x  1   dt   dt  O   .
x
2 2
1 t x t

 t  [t ]  1
Since t – [t] ≤ 1, the improper integral 1 t2
dt exists since 1 t2
dt converges. Also,

 t  [t ]  1 1
0 2
dt   2 dt 
1 t 1 t x
so the last equation becomes
1  t  [t ] 1
 n  log x  1  
n x
1 t 2
dt  O   .
x
This proves (a) with
 t  [t ]
C  1  dt .
1 t2
Letting x → ∞ in (a) we find that
 1   t  [t ]
lim    log x   1   dt ,
x 
 n x n  1 t2
so C is also equal to Euler’s constant.

To prove part (b) we use the same type of argument with f(x) = x–s, where s > 0, s ≠ 1. Euler’s
summation formula gives us

1 dt x t  [t ] x  [ x]
n
x
s
 s
 s  s 1
dt  1 
n x
1 t 1 t x
x1 s 1  t  [t ] 1
   1  s s 1
dt  O  s  .
1 s s 1 1 t x 

1 x1 s
Therefore 
n x n
s

1 s
 C ( s)  O( x  s ), (7)

90
 1  t  [t ]
Where C ( s)  1   s dt.
s 1 1 t s 1

If s > 1, the left member of (7) approaches ζ(s) as x → ∞ and the terms s1–s and x–s both approach
0. Hence C(s) = ζ(s) if x > 1. If 0 < x < 1, x–s → 0 and (7) shows that

 1 x1 s 
lim   s    C ( s).
x 
 n x n 1  s 

Therefore C(s) is also equal to ζ(s) if 0 < s < 1. This proves (b).

To prove (c) we use (b) with s > 1 to obtain

1 1 x1s  1

n x n
s
  ( s )  
n x n
s

1 s
 O  s   O( x1s ),
x 
since x–s ≤ s1–s.
Finally, to prove (d) we use Euler’s summation formula once more with f(t) = tα to obtain
 
 n  
n x
1
t     t  1 (t  [t ])dt  1  ( x  [ x ])
1

=
x 1

1
 1  1
x

 O   t  1dt  O ( x )
1 
x 1
=  O( x ).
 1

8.6. The Average Order of d(n)

Theorem 9: For all x ≥ 1, we have

 d (n)  x log x  (2C  1) x  O(

n x
x ), (8)

where C is Euler’s constant.

Proof: Since d (n)  1 we have  d (n) 1.

d |n n x n  x d |n

This is a double sum extended over n and d. Since d | n, we can write n = qd and extend the sum
over all pairs of positive integers q, d with qd ≤ x. Thus

 d (n)   1.
n x q ,d
(9)
qd  x

(A lattice point is a point with integer co-ordinates). The lattice points with qd = n lie on a
hyperbola, so the sum in (9) counts the number of lattice points which lie on the hyperbolas
corresponding to n = 1, 2, …, [x]. For each fixed d ≤ x we can count first those lattice points
on the horizontal line segment 1≤ q ≤ x / d, and then sum over all d ≤ x. Thus (9) becomes

 d (n)   1.
n x d  x q x / d
(10)

91
Now we use Theorem 2 (d) with α = 0 to obtain

x
 1  d  O(1).
q x / d

Using this along with Theorem 2 (a) we find

x  1
 d (n)    d  O(1)   x  d  O( x)
n x d x d x

 x log x  C  O ( x )  O ( x )  x log x  O ( x ).
1

This is a weak version of (8) which implies

 d (n)
n x
x log x x  

and gives log n as the average order of d(n).

To prove the more precise formula (8) we return to the sum (9) which counts the number of
lattice points in a hyperbolic region and take advantage of the symmetry of the region about
the line q = d. The total number of lattice points in the region is equal to twice the number
below the line q = d plus the number on the bisecting line segment. Therefore,
x 
 d (n)  2   d  d  O(1)   O(
n x
x)
d x

1
 2x   2  d  O( x )
d x d d x

 x
2


 2 x log x  C  O ( x 1/2 )  2   O ( x )   O ( x )

 x log x  (2C  1) x  O ( x ).

This completes the proof of Dirichlet’s formula.

The Average Order of the Divisor Function 𝝈(n)

Theorem 10: For all x ≥ 1 we have

1
 (n)  2  (2) x
n x
2
 O( x log x ). (11)

2
Note: It can be shown that  (2)  . Therefore (11) shows that the average order of σ(n)
6
 2n
is .
12

Proof: The method is similar to that used to derive the weak version of Theorem 3. We have

92
 (n)   q   q    q
n x n  x q|n q ,d d  x q x /d
qd  x

 1  x  2  x   x
2
1  1
      O     2  O  x 
d x 2  d   d   2 d  x d  d x d 
x 2  1  1  1
    (2)  O  2    O ( x log x )   (2) x  O ( x log x ),
2

2 x  x  2

where we have used parts (a) and (b) of Theorem 2.

The Average Order of ϕ(n)

The asymptotic formula for the partial sums of Euler’s totient involves the sum of the series

 (n)

n 1 n
2
.



This series converges absolutely since it is dominated by n 1
n 2 . It can be proved that


 (n) 1 6
n 1 n 2
  2.
 (2) 
(12)

If we assume this result, then we have

 (n) 
 (n )  (n )

n x n 2

n 1 n 2

n x n2
6  1 6
  O   2   2  O ( x 1 )
 2
 n x n  

by part (c) of Theorem 2. We now use this to obtain the average order of ϕ(n).

Theorem 11: For x > 1 we have

3
 ( n )  
n x
2
x 2  O( x log x ),

3n
so the average order of ϕ(n) is .
2
n
Proof: We have  (n)    (d ) .
d |n d
Therefore
n
 (n)    (d ) d    (d )q    (d )  q
n x n  x d |n q ,d d x q x /d
qd  x


1  x 
2
 x 
 x2  (d )  1
   (d )     O      2  O  x  
d x 2  d 
  d 
 2 d x d  d x d 
x2  6  1  3 2
  2  O     O ( x log x )  2 x  O ( x log x ).
2   x  

This completes the proof.

93
8.7. Summary

In this chapter we introduced Dirichlet product and studied some properties of Dirichlet
product. Also we studied asymptotic behavior of some arithmetical functions.

8.8. Keywords
9. Dirichlet product, asymptotes, average order.
8.9. Exercises

1. Prove the following statement or exhibit a counter example. If f is multiplicative then

F (n)   f (d ) is multiplicative.
d |n

2. Assume f is multiplicative. Prove that

a. f 1 (n)   (n) f (n) for every square free n

b. f 1 ( p 2 )  f ( p)2  f ( p 2 ) for every prime p.

3. Use Euler’s summation formula to deduce the following for x ≥ 2:
log n 1 2  log x 
a. 
n x n
 log x  A  O 
2  x 
 , where A is a constant

1  1 
b.   log(log x )  B  O   , where B is a constant
2  n  x n log n  x log x 
4. If x ≥ 2, prove that
d (n) 1

n x n
 log2 x  2C log x  O 1 , where C is Euler’s constant.
2

5. If x ≥ 2 and α > 0, α ≠ 1, prove that

d (n) x1 log x
    ( )2  O  x1  .
n x n

1

8.10. References

1. Introduction to Analytic Number Theory, Tom M. Apostol, Springer

2. An Introduction to Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
3. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and
Hugh L. Montgomery, John Wiley & Sons, Inc.

94
 BLOCK – III

PRIMITIVE ROOTS
&
QUADRATIC RECIPROCITY LAW

95
 UNIT – 9
ORDER OF AN INTEGER MODULO N, PRIMITIVE ROOTS FOR PRIMES

Structure:
9.0. Objective
9.1. Order of an integer modulo n
9.2. Primitive Root
9.3. Primitive roots for primes
9.4. Summary
9.5. Keywords
9.6. Exercises
9.7. References

9.0. Objective
Gauss defined primitive roots in his book Disquisitions Arithmeticae (1801), where he credited
Euler coining the term. Primitive roots are often used in Cryptography. In this chapter we study
two important concepts: the order of an element a and the primitive root modulo m. Also, we
will then identify those positive integers that possess primitive roots and study some interesting
applications.

9.1. Order of an integer modulo n

Definition: Let a and m be positive integers such that gcd(a, m) = 1. A positive integer h is
called order (or exponent) of a modulo m if it is the least integer such that
.
Euler’s theorem guarantees such an exponent always exists, for by Euler’s Theorem
given integers a, m > 1 with gcd(a, m) = 1, . But need not be the least
one. By well-ordering principal there always exists such a least positive integer.
Example 1: The order of 5 modulo 13 is 4.
Consider

96
Example 2: The order of 7 mod 13 is 12.
Consider

.
Theorem 1: Let an integer a has order h modulo m that is . Then the following
holds:
(i) If , for some integer k then h | k.
(ii) If , then b has order h modulo m.
(iii) if and only if .
Proof of (i) : By the definition of order of a , we have k ≥ h. Also by division algorithm
integers q and r such that
Consider .
[
Hence . This is a contradiction if Hence
r = 0.
Proof of (ii) : Let Then for any positive integer t, . This
implies
Proof of (iii): Consider where i and j are positive integers. Suppose i > j.
Then . By (i) we have
Note: By (iii) we have are mutually incongruent modulo m.

Theorem 2: If a has order h modulo m, then has order , where d = gcd(h, k).

Proof: Since Then

.
This implies . Since such that
. This implies

( ) (1)

Consider . Hence

( ) (2)

97
From (1) and (2) and since t and are positive t = . This completes the proof.

Corollary 1: If order of a modulo m is h, then order of ak, where k is a positive integer, is h if

and only if (h, k) = 1.
Example 3: If order of a modulo p, p a prime, is 3 then we show that the order of a + 1 modulo
p is 6.
Proof: Given that is that is .
Since .

.
Example 4: We show that every odd prime divisor of is of the form 4k + 1.
Also we show that every odd prime divisor of is of the form 8k + 1.
Given where p is an odd prime. Hence This implies
. This implies for some integer k.
Similarly, we can prove the other result.

9.2. Primitive Root

Definition 2: Let m be a positive integer and ‘a’ be any integer such that gcd(a, m) = 1. Then ‘a’
is called primitive root modulo m if .
Example 5: Let m = 7 and a = 2. Then ord a = 3. But . Hence 2
is not a primitive root modulo 7.
Example 6: Let a = 3 and m = 7. Then ord a = 6. Hence Hence 3 is a
primitive root modulo 7.
Theorem 3: If a is a primitive root modulo m, then
(i) { } is a reduced residue system modulo m.
(ii) is also a primitive root modulo m if k and are relatively prime.
(iii) there are ( ) primitive roots modulo m.
Proof of (i): Since a is relatively prime to m, (ak, m) = 1 k, 1 ≤ k ≤ . Also 1, a, a2, …,
are mutually incongruent mod m. For, consider with
. Suppose . Then Hence which is impossible
because .

98
 Let a1, a2, …, is a reduced residue system modulo m. Let r be an integer coprime
to m. Then (r, m) = 1 and
for some unique j, . (3)
Hence, for each k, , there exist a unique t such that Thus
for some unique h, . Hence
. (4)
Hence from (3) and (4) 1, a, a2, …, is a RRS mod m.
Proof of (ii) and (iii) : If a is a primitive root modulo m, then { } is a reduced
residue modulo m. Hence if b is any other primitive root modulo m, then there exists a unique k,
such that such that
By Carollary 1, is primitive root if (k, ) = 1. Thus there are ( ) such k exists.
Hence there are ( ) primitive roots modulo m.
Example 7: If 5 is a primitive root modulo 54, then we find the remaining incongruent primitive
roots.
Solution: By above result, 54 has ( ) primitive roots mod 54. Hence 54 has
( ) 6 primitive roots. Since 5 is a primitive root, the remaining roots are of
the form 5k with (k, 18) = 1. Hence, the positive integers < 18 and relatively prime to 18 are 1,
5, 7, 13 and 17. Therefore, primitive roots are 51, 55, 57, 511 and 513 mod 54 i.e, 5, 47, 41, 29, 23,
and 11 respectively. Thus, the remaining primitive roots are 11, 23, 29, 41 and 47.

9.3. Primitive Roots for Primes:

By (iii) of Theorem 3, if m has a primitive root modulo m then it has ( ) primitive
roots. But this does not assures us that whether a positive integer m has a primitive root or not.
For example, 8 has no primitive root. Therefore the question arises: what kind of positive
integers m have primitive roots? To answer this question let us consider some polynomial
congruence.
Definition 3: Let f(x) be a polynomial with integral co-efficient. An integer α is a solution of
.

99
Clearly if then and hence β is also a solution of
. For example, consider . It has two
incongruent solutions, namely 4 and 10.
Theorem 4: [Lagrange's theorem] Given a prime p, let f(x) = a0 + a1x + … + anxn; ai Z be a
polynomial of degree n such that (mod p): Then the polynomial congruence f(x) 0
(mod p) has at most n solutions.
Proof: We prove this theorem by induction. Since (mod p), the equation a1x + a0 0
(mod p) has a unique solution. Thus, the theorem is true for n = 1. Suppose that the theorem is
true for polynomials of degree n – 1. Assume, also, that the equation
a0 + a1x + … + an xn 0 (mod p); (mod p)
has n + 1 incongruent solutions mod p; say x0, x1, … , xn: We have
∑
where degree of g(x) is n – 1 and the leading coefficient of g(x) is cn which is (mod p). We
observe that for every 1 ≤ k ≤ n, f(xk) f(x0) (mod p).
Thus, f(xk) – f(x0) = (xk – x0) g(xk) 0 (mod p).
Since xk and x0 are incongruent (mod p), we get g(xk) 0 (mod p)
for every 1 ≤ k ≤ n. Thus, g(x) 0 (mod p) has n incongruent solutions (mod p), which
contradicts our induction hypothesis that it can have at most n – 1 solutions. Therefore,
a0 + a1x + … + an xn 0 (mod p); (mod p)
has at most n solutions. By induction, we have proved the result for all n ≥ 1.
Corollary 2: If p is a prime number and d | p – 1, the congruence

has exactly d incongruent solutions mod p.

Proof: Since d | p – 1 implies p – 1 = dk for some k. Then

where the polynomial f(x) is of degree p – 1 – d. Hence, the congruenc has

atmost p – 1 – d incongruent solutions mod p. Since the congruence has
exactly p – 1 incongruent solutions (1, 2, 3, … , p – 1) (by Fermat’s Theorem),
has at least (p – 1) – (p – 1 – d) = d incongruent solutions mod p. But again by
Fermat’s Theorem, has exactly d incongruent solutions mod p.

100
Theorem 5: If p is a prime number and d | p – 1, then there are exactly incongruent
integers having order d mod p.
Proof: Let d | p – 1 and denote the number of integers k, with that have
order d mod p. Because each integer between 1 and p – 1 has order d for some d | p – 1,

At the same time putting these together

∑ ∑ (5)
Next, we need to show that for every d. To this end, we consider two
cases:
Case 1: Let . Then clearly, .
Case 2: Suppose . Then there exist an integer a of order d mod p. Then the d integers
a, a2, … , ad are incongruent mod p and each of them satisfies the polynomial congruence
(6)
for .
But by Corollary 2, there can be no other solutions of equation (6). Hence any integer
having order d mod p must be congruent to one of a, a2, … , ad. But, we know that ak has order
d if and only if gcd(k, d) = 1. Hence only integers a, a2, … , ad have order d. Hence
.
Thus, in both cases . But, the equality (5) to hold, for all
d | p – 1.
Example 8: Let p = 19. Then 1, 2, 3, 6, 9 and 18 are the divisors of p – 1 = 18. Let us form the
table with .

d 1 2 3 6 9 18

Incongruent integers having 4, 5, 6, 9, 2, 3, 10, 13,

1 18 7, 11 8, 12
order d 16, 17 14, 15

1 1 2 2 6 6

1 1 2 2 6 6

Corollary 3: If p is prime, then there are exactly incongruent primitive roots of p.

101
9.4. Summary
In this chapter, we gave two important definitions of order of an element modulo n and primitive
root and studied some properties of them. Also, we answered the question which we asked in
the beginning, not completely, what kinds of integers have primitive roots? We answered this
question partly by showing that all prime numbers have primitive roots. In the next chapter we
completely answer this question.

9.5. Keywords
Order of an element, primitive root, polynomial, incongruent solution.

9.5. Exercises
1. Compute the order of 2 with respect to the prime moduli 3, 5, 7, 11, 13, 17, and 19.
2. Compute the order of 10 with respect to the modulus 7.
3. Find a primitive root modulo 23.
4. Find a primitive root modulo 41.
5. Prove that 2 is a primitive root modulo 101.
6. What is the order of 3 modulo 101? Is 3 a primitive root modulo 101?
7. Prove that 2 is a primitive root modulo 53.
8. Let g be a primitive root modulo the odd prime p. Prove that −g is a primitive root
modulo p if and only if p ≡ 1 (mod 4).
9. Suppose the exponent of an integer a modulo m is m – 1. Prove that m is a prime.
10. If a has order hk mod n, then prove that ah has order k modulo n.
11. If a has order n – 1 mod n, then n is a prime.
12. Show that the odd prime divisors of the integer n2 + n + 1 that are different from 3 are of
the form 6k + 1.
13. Prove that there are infinitely many primes of the form 4k + 1 and 8k + 1.
14. Let p and q be odd primes such that q | ap – 1. Then prove that either q | p – 1 or q =
2kp + 1 for some integer k.
15. Verify that each of the congruences x2 ≡ 1(mod 15) and x2 ≡ -1(mod 65) has four
incongruent solutions and hence Lagrange’s theorem need not hold if the modulus is a
composite number.
16. Determine all the primitive roots of the primes 11, 19 and 23.

102
 17. Let r be a primitive root of the odd prime p. Prove the following:
a. If p ≡ 1(mod 4), then –r is also a primitive root of p
b. If p ≡ 3(mod 4), then –r has order (p – 1) / 2 mod p.

9.6. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

103
 UNIT –10
COMPOSITE NUMBERS HAVING PRIMITIVE ROOTS

Structure:
10.0. Objective
10.1. Composite Numbers Having Primitive Roots
10.2. Theory of Indices
10.3. Summary
10.4. Keywords
10.5. Exercises

10.0. Objective
In the last chapter, we saw that all the prime numbers have primitive roots. In this chapter, our
aim is to find all composite numbers which have primitive roots.

10.1. Composite Numbers Having Primitive Roots

Theorem 1: Show that the integers 2 and 4 possess one primitive root each which are 1 and 3
respectively.
Proof: We have   2   2  1  1 and 11  1 mod 2  . This shows that 1 is the primitive root of 2.

 
Similarly,   4    22  22  21  4  2  2 and 12  1 mod 4  and 32  1 mod 4  . This shows

that 3 is the primitive root of 4. Thus, 2 and 4 possess one primitive root each which are 1 and 3
respectively.
Theorem 2: Integer of the form 2n has no primitive root for n  3.

 
Proof: Let a be an odd integer. We will show that a 2 n2  1 mod 2n for n  3.

For n = 3 we have
a 2  1 mod 8

Since a is odd, it is congruent to 1, 3, 5 or 7 (mod 8). Thus, a 2  1 mod 8 . Suppose the

statement holds for n = m  3 i.e.,

 1 mod 2m 
m2
a2
m2
This implies a 2  1    2m .

104
Consider,
 m 1  2
   1   2 
m 1 m2 2
m 2
a2  a2  a2  1  2 2m   2 22 m

 m 1
Therefore, a 2  1   2m1   2 22 m
 1   2m1   2 2m1  2m1
 1  mod 2m1  or a 2  1  mod 2m1  .
 m 1  m 1  2
Therefore, a 2

This shows that the result is true for n = m+1. Hence, by mathematical induction the result is
true for all values of n.

Also, the integers relatively prime to 2m are the odd integers and  2m  2m1. Therefore  
a (2  1 mod 2m  and hence there is no primitive root of 2n.
m
)/2

Theorem 3: If m, n > 2 and gcd(m, n) = 1 then there exists no primitive root (mod mn).
Proof: Suppose, if possible a is a primitive root to mn. Then (a, mn) = 1 and a has order (mn)
(mod mn).
Now (a, mn) = 1  (a, m) = 1 and (a, n) = 1.

 1 mod m  and a  1 mod n  . Let d = gcd(ϕ(m), ϕ(n)).

  m n
Therefore, a

Let

  m   n 
h  (1)
d

Clearly, d  2.    m  ,   n  both are even  (2)

  m   n    mn 
Hence, h    (mn)
2 2
n

Now a  a h
 m
 d
 1 mod m  (3)

 m

and a  a h
 n
 d
 1 mod n  (4)

From (3) and (4), we have a h  1 mod mn   gcd  m, n   1 . This contradicts the assumption

that order of a is (mn). This contradiction proves that mn has no primitive root.

105
Lemma 1: If p is an odd prime, then there exists a primitive root r of p such that

r p1  1 mod p 2  .

Proof: Since p is an odd prime it has a primitive root. Let r be a primitive root of p. If

r p1  1 mod p 2  then the proof is complete. If r p1  1 mod p 2  we replace r by r1 given by r1

= r+ p which is also a primitive root of p. Now, by binomial theorem

r1 p 1   r  p 
p 1

 r p 1   p  1 pr p 2  mod p 2 

 1  pr p 2  mod p 2   r p 1  1  mod p 2  
 
Since r is a primitive root of p, we have (r, p) = 1. Therefore,

p | r p1. Hence, r1 p1  1 mod p 2  , which proves the lemma.

Corollary 1: If p is an odd prime then p2 has a primitive root. In other words for a primitive
root r of p, either r or r + p is a primitive root of p2.
Proof: If r is a primitive root of p, then the order of r modulo p2 is either p – 1 or p(p – 1) =
(p2). If r has order p – 1 modulo p2, then r + p is a primitive root of p2.
Lemma 2: If p is an odd prime and r a primitive root of p such that r p-1  1 mod p 2 , then for  
each positive integer k  2, r p  p-1
 1 mod p k  .
k -2

Proof: For k = 2 the result is true by the hypothesis. Let the result be true for k > 2. We shall
show that the result is true for k + 1.

   
Since gcd r, p k 1  gcd r, p k  1, by Euler s theorem we have,

   1 mod p k 1 .
r
p k  2  p 1
r
 pk 1
 
Therefore, there exists an integer a such that
p k  2  p 1
r  1  ap k 1 , p | a
 1  ap k 1   1  ap k  mod p k 1 
p k 1  p 1 p
 r

Since p | a, p k 1 | ap k . Hence

 1 mod p k 1  .
k 1
( p 1)
rp

106
This shows the result is true for k + 1. Hence, by mathematical induction the given result will be
true for all values of k  2.
Theorem 4: There exists a primitive root for pk when p is an odd prime and k  1.
Proof: Let p be an odd prime. If k = 1 then there exists a primitive root (mod p). Suppose
k > 1. By Lemma 1 and 2 there exists a primitive r (mod p) such that

 1 mod p k  .
k 2
( p 1)
rp

 
In fact, any integer satisfying the condition r p 1  1 mod p 2 will do. We will show that r is a

primitive root for all powers of p.

Let n be the order of r mod pk. Then n must divide  p k  p k 1  p  1 . Also  

r n  1 mod p k  implies r n  1 mod p  and  p  1 | n. Therefore, n takes the form

n  p n1  p  1 ,0  n1  k  1. Now, if n  p k 1 ( p  1) then p k 2 ( p  1) will be divisible by n and

we can write

 1 mod p k  .
k 2
( p 1)
rp

This contradicts the earlier assumed value of r. Therefore, n  p k 1 ( p  1) and r is a primitive

root of pk.
Corollary 2: There are primitive roots for 2pk where p is an odd prime and k  1.
Proof: Let r be an odd primitive root for pk. Then (r, 2pk) = 1. The order n of r modulo 2pk

      
should divide  2 p k    2   p k   p k . Now, r n  1 mod 2 p k  r n  1 mod p k .   
   
Therefore,  p k | n and so n   2 p k . Hence r is a primitive root of 2pk.

Example 1: Find the primitive root of 15.

Solution: The relatively primes to 15 are 2, 4, 7, 8, 11, 13, and 14.
Also
 15    3  5   3  15  1  2  4  8  23
Thus, 2 is the only prime divisor of (15)
 m  15 8
  4
p 2 2

Now a is a primitive root of 15 if a 4  1 mod 15 .

107
We have 24  1 mod 15 , 44  1 mod 15 , 74  1 mod 15 , 84  1 mod 15 , 114  1 mod 15 ,

134  1 mod 15 and 144  1 mod 15

This shows that there exists no primitive root of 15.

10.2. The Theory of Indices

If r is a primitive root of n and (a, n) = 1 then the smallest positive integer h such that a 
rh (mod n) is called the index of a relative to r. It is denoted by indr a. This can also be written as
r ind .a  a  mod n  .

Example 2: Find the index of 9 (mod 19).

Solution: 2 is a primitive root of 19 and 28  9(mod 19). Therefore, ind2 9 = 8.
Example 3: Find the index of 5 (mod 13).
Solution: 2 is a primitive root of 13 and 29  5(mod 13). Therefore, ind2 5 = 9.
6, 7 and 11 are the other primitive roots of 13. Also, 69  5 (mod 13) and hence ind6 5  9.
73  5 (mod 13) and hence ind7 5 = 3 and 113  5 (mod 13) and hence ind11 5 = 3
Example 4: Obtain the index of 17 (mod 18).
Solution: We can show that 5 is the smallest primitive root of 18. Now 53  17 (mod 18) and
therefore, ind517 = 3.
Theorem 5: Let a be a primitive root modulo n and b, c and k be any integers. Then
i) b  c  mod n   ind a b  ind a c(mod  (n))
ii ) ind a  bc   ind a b  ind a c(mod  (n))

iii ) ind a bk  k  ind a b(mod  (n ))

iv ) ind a 1  0(mod  (n)).

Proof: Let indab = r1 and indac = r2. Then

b  a r1  mod n  and c  a r2  mod n  . Now,

i ) b  c  mod n   a r1  a r2  mod n   a r1 r2  1 mod n  .

By definition,   n  | r1  r2  r1  r2 (mod  (n)) which proves i)

We have,
bc  a r1  a r2 (mod n)
 a r1  r2 (mod n).

108
ii) Now, if r = indabc then bc ≡ ar (mod n). Therefore, r1 + r2 ≡ r (mod ϕ(n)) and hence
ind a  bc   ind ab  ind a c(mod  (n)).

iii) We have,
ind a bk =ind a (b  b  ...  k times)
 ind a b  ind a b   upto k times(mod  ( n)) [using (ii)
=k  inda a b(mod  (n)).
iv) Putting k = 0 in (iii), we have
inda1 ≡ 0 (mod (n)).
Theorem 6: If r is the smallest primitive root of n and rh  a (mod n) then h  indra (mod n).
Proof: We have, r h  a  mod n   a  r indr a  mod n  . Now, order of r (mod n) is (n).

Therefore, h = indra (mod n).

Theorem 7: If r is the smallest primitive root of n and if a1, a2 ,..., ak are all primes to n (mod

(n)) then, ind. a1 + ind. a2 +…+ind. ak  ind.a1a2 … ak (mod (n)).

Proof: If r is the smallest primitive root of n, then, we have

r ind.a1  a1  mod n 
r ind.a2  a2  mod n 

r ind.ak  ak  mod n  .

Therefore,
r ind.a1 inda2  ind. ak
 a1a2 ak  mod n  .

Hence, ind.a1  ind.a2   ind.ak  a1a2 ...ak  mod   n   .

The theory of indices is applicable for the modulii having primitive roots. However, the table of
indices may be prepared for each modulus. The theory of indices can be used to solve the
congruences.
Theorem 8: The congruence
xk  a(mod n) k 2
where n is a positive integer having a primitive root and gcd(a, n) = 1, has no solution if
d | ind a and exactly d incongruent solutions if d | ind a where d = gcd(k, (n)).

109
Proof: By properties ii) and iii) of Theorem 5, xk  a(mod n) can be written as a linear
congruence
k ind x  ind a(mod (n))
in the unknown ind x. Hence if d | ind a , there is no solution. But if d | ind a then there are
exactly d incongruent solutions.
Theorem 9: Let n be an integer possessing a primitive root and let gcd(a, n) = 1. Then the
congruence xk  a(mod n) has a solution if and only if
a ( n )/d  1(mod n)
where d = gcd(k, (n)); if it has solution, there are exactly d solutions modulo n.

Proof: Taking indices, the congruence a ( n )/d  1(mod n) is equivalent to

 (n)
 ind a  0(mod  (n))
d
which, in turn, holds if and only if d | ind a. But we have just seen that the latter is a necessary
and sufficient condition for the congruence xk  a(mod n) to be solvable.
Example 5: Construct the index (mod 18).
Solution : we have (18) = (2.32) = (2) (32) = 6 and 5 is the smallest primitive root of 18.
Now,
50 = 1
51 = 5
52  7 (mod 18)
53  17 (mod 18)
54  13 (mod 18)
55  11 (mod 18).
Therefore, the required index table for primitive root 5 is
a 1 5 7 11 13 17
ind5a 0 1 2 5 4 3

Example 6: Solve the linear congruence : 7x  2(mod 9)

Solution : We know that 2 is a primitive root modulo 9.
Now
21=2
110
 22 = 4
23 = 8
24  7 (mod 9)
25  6 (mod 9)
and 26  1 (mod 9).
This gives that index of 2 is 1 and 7 is 4.
The given congruence 7x  2 (mod 9) is equivalent to ind.7 + ind.x  ind.2 (mod (9))
 4+ ind.x  1 (mod 6)
 ind.x  –3 (mod 6)
 3 (mod 6) .
 x  23 (mod 9)
 8 (mod 9).
This gives that the solution of the given congruence are of the form 9t + 8 where t = 0,  1, .... .
Example 7: Solve the congruence: x 3  5  mod 13

Solution: We know that 2 is a primitive root modulo 13.

Now,
21 = 2 (mod 13)
22 = 4 (mod 13)
23 = 8 (mod 13)
24  3 (mod 13)
25  6 (mod 13)
26  12 (mod 13)
27  11 (mod 13)
28  9 (mod 13)
29  5 (mod 13)
This gives that index number of 2 is 1 and 5 is 9.
The given congruence x 3  5  mod 13 is equivalent to

3 ind2x  ind25 (mod (13)).

That is 3 ind2x  9(mod 12).

111
 ind2x  3(mod 4)
= 3, 7, 11.
The integers corresponding to these indices will be 8, 11 and 7. Therefore, the required solutions
are
x  7, 8 and 11 (mod 13).
Example 8: Solve the congruence 17 x 20  19  mod 37 

Solution: The given congruence is equivalent

Ind. 17 + 20 ind. x  ind. 19(mod (37))

 7+20 ind. x  35 (mod 36)    37   36

 20 ind. x  28 (mod 36)

 ind. x = 5, 14, 23, 32 (mod 36)
The integers corresponding to these indices are 32, 30, 5, 7. Therefore, the solution of the given
congruence is given by x  5,7, 30, 32 (mod 37).
Example 9: Construct the index table for 17 with primitive root 5.
Solution: We have, (17) = 16 and 5 is the primitive root.
Now, we have,
50 = 1,
51 = 5,
52  8 (mod 17),
53  6 (mod 17),
54  13 (mod 17),
55  14 (mod 17),
56  2 (mod 17),
57  10 (mod 17),
58  16 (mod 17),
59  12 (mod 17),
510  9 (mod 17),
511  11 (mod 17),
512  4 (mod 17),

112
 513  3 (mod 17),
514  15 (mod 17),
515  7 (mod 17).
Thus, we have the following index 516  1 (mod 17) table.

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

ind.a 0 6 13 12 1 3 15 2 10 7 11 9 4 5 14 8

Example 10: Show that the congruence x18  5 (mod 73) is not solvable.

Solution : Here

 n   73  72
d  n,  n  18,72  18
 n 
Therefore, a d  54  1mod 73.

Hence, by Theorem 9, the given congruence is not solvable.

Example 11: Solve x15  7mod19.

Solution: Here k = 15 and n = 19. Consider

 n   19  18  2  32.

d  n,  n  15,18  3
 n  18
Therefore, a d 73
 76
 1mod19.

Hence, by Theorem 9 the given congruence is solvable.

Obviously 2 and 3 are the only prime divisors of (19). Also

2 6  7mod19
 1mod 19

113
Therefore, 2 is the smallest primitive root of 19. Now we will find an integer h such that

2h  7mod19, 0  h  18.

This gives h = 6. We consider the congruence

ky  h mod  n
15 y  6mod 18.
This gives y  4,10,16mod 18.

Therefore, the solution of the given congruence are given by

x  2 4 , 210 , 216 mod19

 16, 7, 5 mod19.

10.3. Summary
In this chapter we completely answered the question “what kind of integers have primitive
roots?” which was asked in Chapter 9 by showing 2, 4, pk and 2pk are the only integers having
primitive roots. Also we introduced index of a modulo n and used to solve some congruence
equation.

10.4. Keywords
Primitive root, Index of an element.
10.5. Exercises:
1. Verify that 3 is a primitive root mod 52, 53, and 72.
2. Find a primitive root modulo p2 for each odd prime 11, 13, 17, and 19.
3. Find a primitive root modulo pk for each odd prime p and k ≥ 2:
a) p = 3, k = 4 b) p =5, k = 3.
4. Determine whether each integer has a primitive root: 46, 486, 1024 and 2187.
5. If p is an odd prime, then prove that pk and 2pk have the same number of primitive roos.
6. Assume that r is a primitive root of the odd prime p and (r  tp) p1  1(mod p 2 ) . Show
that r + tp is a primitive root of pk for each k ≥ 1.
7. Using a table of indices for a primitive root of 11, solve the following congruences:
a) 7x3 ≡ 3(mod 11) b) 3x4 ≡ 5(mod 11) c) x8 ≡ 10(mod 11).

114
 8. Solve each of the congruences using indices:
a) 7x ≡ 13(mod 18)
b) 2x4 ≡ 5(mod 13)
c) 85x ≡ 5(mod 13)
d) 34x + 1 ≡ 10(mod 19).
9. Using indices, determine the remainder when the first integer is divided by the second:
(a) 231001, 13 (b) 517 719, 13
10. Let α be a primitive root modulo a positive integer m > 2. Then indα(m – 1) = ϕ(m) / 2.
11. Let α be a primitive root modulo a positive integer m > 2 and gcd(a, m) = 1. Then
indα(m – a) = indα(a) + ( ϕ(m) / 2).
12. Let p be an odd prime. Then the congruence x2 ≡ –1(mod p) is solvable if and only if p
is of the form 4k + 1.

10.6. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

115
 UNIT –11
EULER’S CRITERION, LEGENDRE SYMBOL AND ITS PROPERTIES

Structure:
11.0. Objective
11.1. Euler’s Criterion
11.2. Legendre Symbol
11.3. Summary
11.4. Keywords
11.5. Exercises
11.6. References

11.0. Objective
We studied solvability of linear congruences in chapter 3. In this chapter we study quadratic
congruences. This includes quadratic residue, Legendre symbol and its properties and we prove
Gauss Lemma.

11.1. Euler’s Criterion

We are now going to study in detail polynomial congruences of degree two or, as they are called,
quadratic congruences, that is to say, of the form ax2 + bx + c ≡0 (mod p) where we can assume
p to be an odd prime. So, consider the congruence

ax 2  bx  c  0 (mod p), p an odd prime, and a  0(mod p) . (5)

The supposition that p is an odd prime implies that gcd(4a, p) = 1. Thus, the
quadratic congruence in Eq. (1) is equivalent to
4(ax 2  bx  c)  0 (mod p) .

By using the identity 4a(ax 2  bx  c)  (2ax  b)2  (b2  4ac)

we have
(2ax  b)2  (b2  4ac) (mod p).
Putting y = 2ax + b and d = b2 – 4ac, we get
y 2  d (mod p). (6)

116
Thus, the problem of finding a solution to the quadratic congruence in Eq. (1) is equivalent to
that of finding a solution to a linear congruence and a quadratic congruence of the form

x 2  a(mod p). (7)

Whenever x 2  a(mod p) has a solution x = x0, there is also a solution x = p – x0. This second
congruence is not congruent to the first. For, x0 ≡ p – x0(mod p) implies that 2x0 ≡ 0(mod p),
which is impossible. By Lagrange’s Theorem of Chapter 9, x 2  a(mod p) has exactly two
solutions. Therefore, Eq. (3) has either no solutions or exactly two incongruent solutions.
Example 1: Solve the quadratic congruence 3x 2  4 x  7  0 (mod 13) .
Solution: Multiply both sides by 4 3 = 12. Then, we get
36 x 2  48x  84  0 (mod 13)
that is,
(6 x  4)2  (16  84) (mod 13)
(6 x  4)2  10 (mod 13)
Let y = 6x – 4. Then y2 ≡ 10(mod 13). This congruence has exactly two solutions, namely 6 and
7.
Therefore, the solutions of the original congruence are given by those of the linear
congruences 6x – 4 ≡ 6(mod 13) and 6x – 4 ≡ 7(mod 13), namely, x ≡ 6, 4(mod 13).

Definition 1: Let p be an odd prime and gcd(a, p) = 1. If the quadratic congruence

x 2  a(mod p) has a solution, then a is said to be a quadratic residue of p. Otherwise a is called
a quadratic nonresidue of p.
Note 1: If a ≡ b(mod p) and a is a quadratic residue of p, then b is also a quadratic residue of p.
Therefore, we only need to determine the quadratic nature of those positive integers less than p.
Example 2: Let p = 13. Then,
12  122  1 (mod 13), 22  112  4 (mod 13), 32  102  9 (mod 13) , 42  92  3(mod 13),

52  82  12 (mod 13) and 62  72  10(mod 13).

Hence, 1, 3, 4, 9, 10 and 12 are quadratic residues modulo 13 while 2, 5, 6, 7, 8, and 11 are
quadratic non-residues modulo 13. This shows that the integers between 1 and 12 are divided
equally among the quadratic residues and non-residues.

117
Theorem 1: (Euler’s criterion) Let p be an odd prime and gcd(a, p) = 1. Then a is a quadratic
residue of p if and only if a ( p1)/2  1(mod p).
Proof: Let a be a quadratic residue mod p and (a, p) = 1. Then the quadratic congruence x2 ≡
a(mod p) has a solution, say x0.
Thus, x02  a(mod p) where gcd( x0 , p)  1 (8)

By Fermat’s Little Theorem, we have x0p1  1(mod p) (9)

Therefore,
a ( p 1)/2   x02 
( p 1)/2

 x0p 1 (mod p )
 1(mod p ). [from (2)

Conversely, suppose a ( p1)/2  1(mod p). Then, by Corollary 3 of Chapter 9, primitive root mod
p exists. Let r be a primitive root mod p. Then 1, r, r2, …, rp–1 forms a reduced residue system
mod p and a  r k (mod p) for some integer k such that , 1 ≤ k ≤ p – 1.
Now, we have,
1  a ( p 1)/2   r k 
( p 1)/2
(mod p )
k ( p 1)
r 2
(mod p ).

As r is a primitive root mod p, order of r is p – 1. This implies ( p  1) | k ( p21) . This implies that

k must be an even integer, say 2t. Therefore, a  r 2t (mod p). This shows rt is a solution of

x 2  a(mod p).
Corollary 1: Let p be an odd prime and gcd(a, p) = 1. Then a is a quadratic residue or non-
residue of p according to whether
a ( p1)/2  1(mod p) or a ( p1)/2  1(mod p).
Proof: If p is an odd prime and gcd(a, p) = 1. Then,
(a ( p1)/2  1)(a ( p1)/2  1)  a ( p1)  1  0(mod p)
by Fermat’s theorem. Hence, either
a ( p1)/2  1(mod p) or a ( p1)/2  1(mod p)

118
but not both. If both holds, then we would have 1  1(mod p) , or equivalently, p | 2, which is

impossible. By Euler’s criterion, a quadratic non-residue of p does not satisfy a ( p1)/2  1(mod p)

and hence it must satisfy a ( p1)/2  1(mod p) .

Example 3: Let p = 13 and a = 2. Consider
2(131)/2  26  64  12  1(mod 13).
Hence, 2 is a quadratic non-residue mod 13.
Suppose a = 3. Then,
3(131)/2  36  (27)2  12  1(mod 13).
Hence, 3 is a quadratic residue mod 13.

11.2. The Legendre Symbol

For an odd prime p and an integer a with gcd(a, p) = 1, the Legendre symbol (a | p) is
defined to be 1 if a is a quadratic residue modulo p, and −1 otherwise. For completeness, one
defines (a / p) = 0 if p | a. The following theorem summarizes the essential properties of the
Legendre symbol.
From Example 2, we have (1 / 13) = (3 / 13) = (4 / 13) = (9 / 13) = (10 / 13) = (12 / 13) = 1
and (2 / 13) = (5 / 13) = (6 / 13) = (7 / 13) = (8 / 13) = (11 / 13) = –1.

Theorem 2. Let p be an odd prime, and let a, b Z such that gcd(a, b) = 1. Then, we have
(i) (a / p) ≡ a(p−1)/2 (mod p); in particular, (−1 / p) = (−1)(p−1)/2;
(ii) (a / p)(b / p) = (ab / p);
(iii) a ≡ b (mod p) implies (a / p) = (b / p);
(iv) (a2 / p) = 1.

Proof of (i) : If p divides a, then both sides of the congruence are 0. If p does not divide a, then,
by Fermat’s theorem,

a 
( p 1)/2 2
 a p1  1(mod p) ,
and so
a(p−1)/2 ≡ ±1 (mod p).
Applying Corollary 1, we have
a(p−1)/2 ≡ 1 (mod p) if and only if (a | p) = 1
and so
a(p−1)/2 ≡ −1 (mod p) if and only if (a | p) = −1.

119
Proof of (ii): Using part (i), we have
(ab / p)  (ab)( p1)/2  a ( p1)/2b( p1)/2  (a / p)(b / p)(mod p).
Part (iii) is clear from the definition.
Proof of part (iv): Clearly a satisfies the congruence x 2  a 2 (mod p) and hence (a2 / p) = 1.
Corollary 2: If p is an odd prime, then
 1 if p  1(mod 4)
( 1 / p)  
 1 if p  3(mod 4)
Proof: Because (p – 1)/2 is even for a prime p of the form 4k + 1 and odd for p of the form 4k +
3, part (i) of Theorem 2, proves the required result.
Example 4: Consider the congruence x 2  46(mod 17). Applying part (i) and (ii) of Theorem
2, we have,
(–46 / 17) = (–1 / 17)(46 / 17) = (46 / 17). [17 ≡ 1(mod 4)
Because 46 ≡ 12(mod 17), it follows that
(46 / 17) = (12 / 17). [by part (iii)
2
Now, (12 / 17) = (3 2 / 17) = (3 / 17).
But
(3 / 17)  3(171)/2  38  812  ( 4)2  1(mod 17).

Therefore, (–46 / 17) = –1.. Hence the quadratic congruence x 2  46(mod 17) has no solution.
Theorem 3: If p is an odd prime, then
p 1
 (a / p)  0.
a 1

Hence, there are precisely (p – 1)/2 quadratic residues and (p – 1)/2 quadratic non-residues of p.
Proof: Let r be a primitive root of p. Then 1, r, r2, …, rp–1 are just a permutation of the integers
1, 2, …, p – 1. Thus, for any a lying between 1 and p – 1, inclusive, there exists a unique
positive integer k (1 ≤ k ≤ p – 1), such that a  r k (mod p) . By appropriate use of Euler’s
criterion, we have

(a / p)  ( r k / p)   r k    r ( p1)/2   ( 1)k (mod p).

( p 1)/2 k
(10)

120
where, because r is a primitive root of p, r ( p1)/2  1(mod p) . But (a / p) and (–1)k are equal to
either 1 or -1, so that equality holds in Eq. (6). Now add up the Legendre symbols in question to
obtain
p 1 p 1
 (a / p)   ( 1)  0
k

a 1 a 1
which is the desired conclusion.
Corollary 3: The quadratic residues of an odd prime p are congruent mod p to the even powers
of a primitive root r of p; the quadratic non-residues are congruent to the odd powers of r.
Theorem 4: (Gauss Lemma): If p is an odd integer, a is an integer such that (a, p) = 1 and n is
the number of integers in the set

  p 1 
a, 2a,....,  a (11)
  2  

whose remainder upon division by p exceeds p / 2. Then (a / p)   1 .

n

Proof: Since (a, p) =1, each integer of (7) is co-prime to p and no two of them are congruent to
each other (mod p). Let r1, r2,…,rm be the remainder on division by p such that 0 < ri < p/2 and
s1,s2,...sn be the remainders such that p/2 < si < p. Then m + n = (p – 1) / 2, and the integers

r1, r2, … ,rm p – s1, …, p – sn

are all positive and less than p / 2.

We shall show that these integers are distinct. Suppose if possible p – si =rj for som i and
j. Then there exist integers h and k with 1  h, k  ( p  1) / 2 such that si  ha (mod p) and ri  ka

(mod p). This gives,  h  k  a  si  rj  p  0  mod p    h  k   0  mod p  .

But this is not possible because 1 < h + k  p – 1. Hence r1, r2,…,rm, p – s1,…,p – sn are all
distinct. Thus, r1, r2,…,rm, p – s1,…, p – sn are simply the integers 1, 2,…, ( p  1) / 2 . Therefore,
their product is
[( p  1) / 2]!  r1, r2 ...rm  p  s1  ...  p  sn 
 r1.r2 ...rm   s1  ...   sn  mod p 
  1 r1r2 ...rm s1...sn.
n

121
But r1, r2,...,rm, s1, s2,…,sn are congruent (mod p) to a, 2a,…, [( p  1) / 2] a in some order.
Hence,
 p 1  p 1
 !   1 a  2a  a  mod p 
n
 
 2   2 
 p 1 
   p 1
  1 a  !  mod p 
n  2 

 2 
Because [(p – 1) / 2]! is relatively prime to p, we have

 p 1 
 
1   1 a   mod p 
n 2 

 p 1 
 
a   1  mod p  .
 2  n

By Euler’s criterion we have

 p 1 
 
(a / p)  a   1  mod p   (a / p)   1 .
 2  n n

Theorem 5: If p is an odd prime then

 1 if p  1 mod 8  or p  7  mod 8 

(2 / p)  
 1 if p  3  mod 8  or p  5  mod 8 

p 2 1
Hence, (2 / p)   1 8

Proof: By Gauss Lemma, we have

(2 / p)   1
n

where n is the number of integers in the set

  p  1 
2  1, 2  2, 2  3, ,2 
  2 
p
which on division by p have remainder greater than . For 1 ≤ k ≤ (p – 1) / 2, we have
2
 p p
2k < p / 2 if and only if k < p / 4. Then there are   integers in the above set less than .
4 2
p 1  p  p
Therefore, n     is the number of integers which are greater than .
2 4 2

122
Since p is an odd prime it must have any one of the form 8k+1, 8k+3, 8k+5 or 8k+7.
Now,
if p = 8k + 1 then n = 4k –[2k + (1/4)] = 4k – 2k = 2k
if p = 8k + 3 then n = 4k + 1 – [2k + (3/4)] = 4k +1 – 2k = 2k + 1
if p = 8k + 5 then n = 4k + 2 – [(2k +1) + (1/4)] = 4k + 2 – (2k + 1) = 2k + 1
and if p = 8k + 7 then n = 4k +3 – [(2k +1) + (3/4)] = 4k +3 – (2k + 1) = 2k + 2.
Thus, we see that n is even when p is of the form 8k+1 or 8k + 7 and therefore (2 / p)  1
and if p is of the form 8k + 3 or 8k + 5 then n is odd which gives (2 / p)  1.
Further
 8k 1 1
2

  1 8 if p  8k  1

8k  3 1
2


 1 8 if p  8k  3
p 2 -1
1 8 =
8k  5 1
2


 1 8 if p  8k  5
 8k  7 1
2

 1 8 if p  8k  7

 64 k 16 k
2

  1 8 if p  8k  1
 64 k  48k  8
2

  1 if p  8k  3
 8

64 k  80 k  24
2


  1 8 if p  8k  5
 64 k 112 k  48
2

 1 8 if p  8k  7

 1 if p  1mod 8

1 if p  3mod 8
=
 1 if p  5mod8
 1if p  7mod 8

 1 if p  1mod p
=
1 if p  3mod p
p 2 -1
Hence, (2 / p)  1 8 .

123
 p1
Theorem 6: If p and 2p+1 are both odd primes then  1 2  2 is a primitive root of 2p+1.

Proof: We put q = 2p+1. Since p and 2p+1 are both odd primes, we have either p  1(mod 4) or
p  3 (mod 4).
 p1 
If p 1 (mod 4) then  1 2 

 2  2 . Now (q) = q – 1 = 2p, the order of 2 modulo q is any one

of the number 1, 2, p or 2p.

Also we have
(2 / p)  2( q1)/2  2 p  mod q  .

2
But q  3 (mod 8), there for    1.
q
Hence, 2p  –1(mod q). This shows that 2 cannot have order p modulo q. Also 2 cannot have
order 1 and 2 because 22  1(mod q) implies q /3 which is impossible. So the order of 2 modulo q
is 2p. This shows that 2 is a primitive root of q.
( p 1)/2
If p  3mod 4 then 1  2  2 and

2 p  (2 / q)  (1 / q)(2 / q)mod q.

Since q  7 (mod 8) we have ( 1 / q)  1.

Also (2 / q)  1. Therefore, (–2)p  –1 (mod q).

This shows that –2 is a primitive root of q.
Theorem 7: There are infinitely many primes of the form 8k – 1.
Proof : Suppose there are only finite number of primes of the form 8k – 1 given as p1, p2,…, pn.
Let

N   4 p1 p2 ... pn   2.
2

Obviously N is an integer of the form 2(8k – 1). Therefore, it will have an odd prime divisor, say
p. So, N  0(mod p). This implies that x2  2(mod p) has a solution 4p1p2…pn (mod p).
Therefore, (2 / p)  1 .
Hence, p must be of the forms 8k + 1 or (8k – 1) by Theorem 5. Since p and 2, p1, p2,…,
pn are coprime, p cannot be of the form 8k – 1. So it is of the form 8k + 1. This shows that all

124
prime divisors of N are of the form 8k + 1. This implies that N is of the form 8k + 1. This is a
contradiction. Hence, there are infinitely many primers of the form 8k – 1.
Theorem 8: If p is an odd prime and a an odd integer, with gcd(a, p) = 1, then
 p 1 
 
 2 
 ka 
(a / p)   1   p
k 1  .

Proof: We shall employ the same notation as in the proof of Gauss’ lemma. Consider the set of
integers
  p 1 
S = a, 2a,....,  a
  2  
Divide each of these multiples of a by p to obtain
ka = qkp + tk 1 tk p–1
Then ka / p = qk + tk / p, so that [ka / p] = qk. Thus, for 1 k (p – 1) / 2, we may write ka in
the form

 ka 
ka    p  tk (12)
 p

If the remainder tk < p / 2, then it is one of the integers r1, r2, … ,rm; on the other hand, if tk >
p / 2, then it is one of the integers s1, s2, …, sn.
Taking the sum of the (p – 1) / 2 equations in (8), we get the relation

( p 1)/2( p 1)/2  ka  m n
 ka     p   rk   sk (13)
k 1 k 1  p  k 1 k 1

We know that from Gauss’ lemma that the (p – 1) / 2 integers

r1, r2, … ,rm p – s1, …, p – sn

are just a rearrangement of the integers 1, 2, …, (p – 1) / 2. Hence

( p 1)/2 m m m n
 k   rk   ( p  sk )  pn   rk   sk (14)
k 1 k 1 k 1 k 1 k 1

Subtracting (10) from (9) gives

( p 1)/2  ( p 1)/2  ka   n
(a  1)  k       n   2  sk (15)
k 1
 k 1  p   k 1

125
Let us use the fact that p ≡ a ≡ 1(mod 2) and translate this last equation into a congruence
modulo 2:
( p 1)/2  ( p 1)/2  ka  
0   k  1       n  (mod 2)
k 1
 k 1  p  
or
( p 1)/2  ka 
n    (mod 2)
k 1  p 

The rest follows from Gauss’ lemma; for,

 p 1 
 
 2 
 ka 
(a / p)  ( 1)n   1   p
k 1  

as we desired to show.
Example 5: Evaluate (504 / 23).

Solution : We have (504 / 23)  (62 14 / 23)  (62 / 23)(14 / 23)  (14 / 23)   6, 23  1

 1.  14 isa quadratic non-residue of 23.

Example 6: Evaluate (168 / 11).

Solution: We have 168 = 23 3 7

 (168 /11)  (23  3  7 /11)  (2 /11)3 (3 /11)(7 /11)   1  1   1  1.
3

[ 2 and 7 are quadratic non- residues of 11 and 3 is a quadratic residue of 11]

Example 7: Evaluate ( 23 / 59).
Solution: We have

( 23 / 59)  ( 1  23 / 59)  ( 1 / 59)  (23 / 59)

  1  (23 / 59)
 (23 / 59)
 1.  23 isa quadratic residue of 59 

Example 5: Evaluate n of Gauss Lemma for (5 / 19).

p  1 19  1
Solution : Here, a = 5 and p = 19. Therefore,   9. So, S = {5, 10, 15, 20, 25, 30,
2 2
35, 40, 45}. With respect to modulo 19 the members of S will become 5, 10, 15, 1, 6, 11, 16, 2,
p 19
and 7. Four of these numbers are greater than  . Therefore, n = 4.
2 2

126
Example 6: Evaluate n of Gauss Lemma for (11 / 23). .
p  1 23  1
Solution: Here, a = 11 and p = 23, Therefore,   11. So, S = {11, 22, 33, 44, 55,
2 2
66, 77, 88, 99, 110, 121}. With respect to modulo 23 the members of S will become 11, 22, 10,
p 23
21, 9, 20, 8, 19, 7, 18, and 6. Five of these numbers are greater than  . Therefore, n = 5.
2 2

11.3. Summary
In this chapter, we studied quadratic congruences and quadratic residues through Legendre
symbol.

11.4. Keywords
Quadratic congruence, Quadratic residue, Legendre symbol.

11.5. Exercise
1. Solve the quadratic congruences:
a) x2 + 5x + 3 ≡ 0(mod 11)
b) x2 + 3x + 11 ≡ 0(mod 13)
2. Determine which of the following congruences are solvable:
a) x2 ≡ –10(mod 127)
b) x2 ≡ 73(mod 173)
c) x2 ≡ 2(mod 59)
3. Find all quadratic residues mod 19, given that 2 is a primitive root mod 19.
4. Verify that the quadratic residues of 17 are 1, 2, 4, 8, 9, 13, 15, and 16.
5. Show that 3 is a quadratic residue of 23, but a non-residue of 31.
6. Given that a is a quadratic residue of the odd prime p, prove the following:
a) a is not a primitive root of p
b) The integer p – a is a quadratic residue or non-residue of p according as p ≡
1(mod 4) or p ≡ 3(mod 4).
7. If p = 2k + 1 is prime, verify that every quadratic non-residue of p is a primitive root of p.
8. Evaluate the following Legendre symbol:
(a) (3 / 31) (b) (2 / 31) (c) (3 / 73) (d) (–23 / 59)

127
 9. Use Gauss lemma to evaluate each of the Legendre symbol:
(a) (8 / 11) (b) (7 / 13) (c) (11 / 23) (d) (6 / 31)
10. For an odd prime p, prove that there are (p – 1)/2 – ϕ(p – 1) quadratic non-residues of p
that are not primitive roots of p.

11.6. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

128
 UNIT –12
QUADRATIC RECIPROCITY LAW AND QUADRATIC CONGRUENCES

Structure:
12.0. Objective
12.1. Quadratic Reciprocity Law
12.2. Quadratic Congruences with Composite Moduli
12.3. Summary
12.4. Keywords
12.5. Exercises
12.6. References

12.0. Objective
In the last two chapters, we have seen how quadratic congruences leads to the definition of
quadratic residues and then to the study of Legendre symbol and its properties. In this chapter
we prove one of the most fascinating law “quadratic reciprocity law” which deals with the
solvability of quadratic congruences. Also, we study the quadratic congruences with composite
moduli.

12.1. Quadratic reciprocity law

 p 1   q 1 
Theorem 1: If p and q are distinct odd primes, then ( p / q)( q / p)   1 .
2  2 

.

Proof : We consider a rectangular region R (excluding the boundaries) with vertices (0,0),

 p   q  p q
 ,0  ,  0,  and  ,  .
 2   2  2 2

129
 y
 q
 0,  p q
 2 B  2, 2 
C  

O (0,0) D (k,0) A p  x
 ,0 
2 

A lattice point (whose coordinates are integers) (m, n) inside the boundary OABC satisfies

p 1 q 1
1 m  and1  n  .
2 2
We will count these lattice points. Since p and q are odd integers, the number of such points will
be
 p 1  q 1
 .  (16)
 2  2 
q
Now the equation of diagonal OB is given by y  x. We will show that no lattice point lies on
p
the diagonal OB. Suppose if (m, n) lies on OB. Then
q
n m  pn  qm  p | qm
p
 p | m.  gcd  p, q   1

p 1
This is not possible because m  . Therefore no lattice point lies on the diagonal OB. Let R1
2
be the portion of R below OB and R2 the portion of R above OB. We will count the lattice points
inside these two regions. We consider a point D(k, 0) on OA. Let the perpendicular on D meets
 kq 
the diagonal on E. The number of lattice points lying on DE will be   .
 p
 p 1 
 
 2 
 kq 
Therefore, the number of lattice points lying in R1 will be   p .
k 1  

130
  q 1 
 
 2 
 kp 
Similarly, the number of lattice points lying in R2 will be   q  . Thus, the total number of
k 1  
lattice points lying in R will be
 p 1   q 1 
   
 2 
 kq   2 
 kp 
  p    q  (17)
k 1   k 1  
From (1) and (2) we have
 p 1 
 
 p 1  q 1  2 
 kp 
 .
 2  2 
 q (18)
k 1  
By Theorem 7 of Chapter 11, we have
 q 1   p 1 
   
 2   2 
 kq   kp 
( p / q)( q / p)   1 
k 1
 p
    1 
k 1
q
 

 p 1   q 1 
  1 
2  2 

.

Corollary 1: If p and q are distinct odd primes then

1 if p  1 mod 4  or q  1 mod 4 

( p / q)( q / p)  
 1 if p  q  3  mod 4 

Proof: We have
 p 1   q 1 
( p / q)( q / p )  1  .
 2  2 


  p  1  q  1
1 if  .  iseven
  2  2 

1if  p  1 . q  1  isodd
   
  2  2 
1if at least one of p or q  4k  1

1if both p and q  4k  3
1if p 1mod 4 or q 1mod 4

1if p  q  3 mod 4
Example 1: Show that, (113 / 43)  (43 / 113).
Solution : Here 43 and 113 are both odd primes and 113 is of the form 4k+1 and 43 is of the
form 4k+3  (113 / 43)  (43 / 113).

131
Example 2: Show that, (43 / 23)  (23 / 43).
Solution: Here, we have 23 and 43 both are odd primes and both
23  4  5  3
43  4  10  3
are of the form 4k + 3. Therefore, (43 / 23)  (23 / 43).
Example 3: Evaluate (59 / 131).
Solution : Here 59 and 131 both are odd primes and
59 = 4  14 + 3
131 = 4  32 + 3
are of the form 4k + 3. Therefore,
(59 / 131)  (131 / 59)  (13 / 59)
 (59 / 13)  13  1  mod 4 
 (7 / 13)  (13 / 7)  ( 1 / 7)
 ( 1)  1.
Example 4: Evaluate (71 / 73).
Solution: We have

(71 / 73)  (73 / 71)  73  4  18  1

 (2 / 71)
 1.  71isan odd prime and 71  7  mod 8 

12.2. Quadratic Congruences with Composite Moduli

Theorem 2: If p is an odd prime and a is any integer such that (a, p) = 1 then the congruence

x 2  a  mod p n  , n  1 has a solution if and only if (a / p)  1 .

Proof: Suppose the given congruence has a solution x0. Then

x02  a  mod p n 
 p n |  x02  a 
 p |  x02  a 
 x 2  a  mod p  has a solution

132
 Therefore, by Euler’s criterion (a / p)  1. Conversely, suppose (a / p)  1. Then by Euler’s

criterion x 2  a  mod p  . This shows that the given statement is true for n =1. Now we assume

   
that x 2  a mod p m has a solution. We shall show that x 2  a mod p m1 also has a solution.

 
Let x0 be the solution of x 2  a mod p m . Then x02  a  bp m for some integer b. Obviously

(2x0, p) = 1. Therefore the linear congruence 2x0y  –b(mod p) has a solution say y0.
Let x1  x0  y0 p m .
Then
x12  ( x0  y0 p m )2  x02  2 x0 y0 p m  y02 p 2 m
 a  (b  2 x0 y0 ) p m  y02 p m1 p m1
Since p | (b + x0y0), pm+1 | (b + x0y0)pm, it follows that

x12 =( x0  y0 p m )2  a(mod p m1 ).

This shows that x1 is a solution of x2  a(mod pm+1). Hence, by mathematical induction we have
that x2  a (mod pn) has a solution for n  1.

Theorem 3: If a is an odd integer, then

i) x2  a (mod 2) always has a solution
ii) x2  a (mod 4) has a solution iff a  1 (mod 4)
iii) x2  a (mod 2n), n  3 has a solution iff a  1 (mod 8).

Proof:
i) We have a  1 (mod 2) [ a is an odd integer ]
Therefore 1 is the solution of x2  a (mod 2).
ii) Since a is an odd integer we have a  1 or 3 (mod 4) , Also, b2  1 (mod 4), where b is an
odd integer. Now the congruence x2  a (mod 4) has a solution b if a  1(mod 4). Also, if
a  1(mod 4), then 1 and 3 both satisfy x2  1(mod 4).
iii) Suppose a  1(mod 8). Then we have to show that x2  a (mod 2n), n  3 has a solution.

For n = 3 we have x2  1 (mod 8). Obviously 1, 3, 5, and 7 satisfy this congruence. Thus,
the given congruence has a solution for n = 3. Suppose the congruence x2  a(mod 2n) has
a solution x0 for n  3. Then, x02  a  b  2n for someinteger t.

Also, x0y  –b(mod 2) has a unique solution y0.

133
 Let x1= x0 + y02n-1 is a solution of x2  a(mod 2n+1), because
x12  ( x0  y0 2n 1 )2  x02  x0 y0 2n  y02 22 n 2
 a  (b  x0 y0 )2n  y02 2n 32n 1

By the way y0 was chosen, 2 | (b + x0y0); hence x12  ( x0  y0 2n1 )2  a(mod 2n1 ) has a

solution for n  3.
Conversely, suppose x2  a (mod 2n) has a solution x0 for each n  3 then we have

x02  a  mod 2n 
 x02  a  mod 8  .

As a is odd, x0 will also be odd. We have

x0  1,3,5,7  mod 8 or a  x02  1 mod 8

Theorem 4: Let n  2k0 p1k1 prkr be the prime factorization of n > 1 and let gcd(a, n) = 1. Then

x 2  a  mod n  is solvable if and only if

(a) (a / pi) = 1 for i = 1, 2, … ,r;

(b) a  1(mod 4) if 4 | n, but 8 | n ; a  1(mod 8) if 8 | n.

Proof: Since the problem of solving the quadratic congruence x 2  a  mod n  is equivalent to

that of solving the system of congruences


x 2  a mod 2k0 
x2  a  mod p k1
1

x 2  a  mod prkr 

the last two theorems may be combined to solve the quadratic congruence x 2  a  mod n  .

Example 1: Show that the congruence x2  3 (mod 88) has no solution.

Solution: We have x2  3 (mod 88)
 3 (mod 811).
This shows that the given congruence is solvable if the congruences
x2  3 (mod 8) and x2  3 (mod 13) are solvable.
But, x2  3 (mod 8) has no solution, because 3  1 mod 8 .

134
Therefore, the given congruence has no solution.
Example 2: Show that the congruence x2  9 (mod 40) is solvable.
Solution: We have, x2  9(mod 40) which is equivalent to the following simultaneous quadratic
congruences
x2  9 (mod 8)
and x2  9 (mod 5).
Now 9  1 (mod 8) therefore, x2  9(mod 8) has a solution.

Also, (9 / 5)  (32 / 5) . Therefore, x2  9 (mod 5) has a solution. Hence, the given quadratic
congruence has a solution.

Example 3: Show that the congruence x2  105 (mod 199) has no solution
Solution: Here 199 is a prime. We have
(105 / 199)  (3  5  7 / 199)  (3 / 199)(5 / 199)(7 / 199)
 ( 1)(199 / 3)(199 / 5)( 1)(199 / 7)
[ 199  4  49  3, 3  4  0  3, 5  4  1  1 and 7  4  1  3]
 (1 / 3)(4 / 5)(3 / 7)  1 1  ( 1)  (7 / 3)  ( 1)(1 / 3)  1 1  1
Therefore, the given congruence has no solution.
Example 4: Show that the congruence x2  608 (mod 743) is solvable.
Solution: Here 743 is a prime. We have

(608 / 743)  (4 2  2  19 / 743)  (4 2 / 743)(2 / 743)(19 / 743)

 744 
  1 4 

  1 (743 / 19)  19  4  4  3
  1  1  (2 / 19)
186

 20 
  1   1 4    1   1  1.
5

Hence, the given congruence is solvable.

Example 5: Solve the congruence x2  91(mod 27)
Solution: We use method given in Theorem 2. We have
x2  91(mod 27)
 91(mod 33).
Now (91/ 3)  (1/ 3)  1. Therefore, x2  91(mod 33) has a solution.

135
We know that any solution of x2  91(mod 33) is also a solution of x2  91(mod 3).
Now
x2  91(mod 3)
 x2  1(mod 3).
Obviously 1 is a solution of this congruence. Let x0 = 1.
Now,
x02  1  91  90
 91  3  30  .

Therefore, b = –30. Consider the congruence 2y  30(mod 3). Then, y  0(mod 3). Hence
y0 = 0. We have x1 = x0 + y032. Hence x1 = 1 + 0 32 = 1. Therefore x1 = 1 is a solution of
x2  91(mod 9).
Since, x12  1  91  90

 91  9  10  ,

b = –10. Consider the linear congruence 2y  10(mod 9). Then, 2y  1(mod 9). Clearly y1 = 5 is
a solution of this congruence. Therefore, x2 = x1 + y132 = 1 + 5 9 = 46  19(mod 27). Hence, x2
= 19 is a solution of the congruence x2  91(mod 27).

12.3. Summary
In this chapter we explored the theory of quadratic congruences via quadratic residue and
established several criteria for determining the solvability of the congruence x2  a(mod p) where
p is an odd prime p | a.

12.4. Keywords
Quadratic Reciprocity Law, Composite Moduli.
12.5. Exercise:
1. Let p = 11 and q = 7. Using the notation in the proof of the law of quadratic reciprocity
Theorem, we have m + n + M + N = |S × T| = 15. Compute the numbers m, n,M, and N.
Check that (7 / 11) = (−1)m and (11 / 7) = (−1)n.
2. Use quadratic reciprocity to compute (7 / 43). Find an integer x such that x2 ≡ 7 (mod 43).
3. Use quadratic reciprocity to compute (19 / 101). Find an integer x such that x2 ≡ 19 (mod
101).

136
 4. Prove that the congruence (x2 − 2)(x2 − 17)(x2 − 34) ≡ 0 (mod p) has a solution for every
prime number p.
5. Use quadratic reciprocity to find all primes p for which −2 is a quadratic residue.
6. Use quadratic reciprocity to find all primes p for which 3 is a quadratic residue.
7. Find all primes for which −3 is a quadratic residue.
8. Find all primes for which 5 is a quadratic residue.
9. Find all primes for which −5 is a quadratic residue.
10. Let x1 = 3. Costruct integers xk such that xk2 ≡ 2 (mod 7k) and xk ≡ xk −1 (mod 7k −1) for k =
2, 3, 4.
11. Let p be a prime, p ≠ 3, and let a be an integer not divisible by p. Prove that if a is a
cubic residue modulo p, then a is a cubic residue modulo pk for every k ≥ 1.

12.6. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

137
 BLOCK – IV

REPRESENTATION OF INTEGERS,
FIBONACCI NUMBERS & CONTINUED
FRACTIONS

138
 UNIT – 13
SUM OF TWO SQUARES & SUMS OF MORE THAN TWO SQUARES

Structure:
13.0. Objective
13.1. Sum of two squares
13.2. Method of expressing a prime p = 4k+1 as sum of two squares
13.3. Sum of more than two squares
13.4. Summary
13.5. Keywords
13.6. Exercises
13.7. References

13.0. Objective
Mathematicians throughout history have been interested in problems regarding the representation
of integers as sums of squares. Diophantus, Fermat, Euler, and Lagrange are among the
mathematicians who made important contributions to the solution of such problems. There are
two main questions. First one is, which integers can be expressed as sums of two squares?
Second one is, what is the smallest value of n such that every positive integer can be written as
the sum not more than n squares? In this chapter, we shall discuss the problems of representing
numbers as sum of squares of two or more integers.

13.1. Sum of Two Squares

We have, 2 =12 +12 and 5 = 22 +12. Thus, 2 and 5 can be expressed as sum of two squares.
But 3 = 12 +12 + 12, 6 = 22 +12 +12 and 7 = 22 + 12 + 12 + 12 cannot be expressed as sum of
two squares. Thus, all the integers cannot be expressed as sum of two squares.
Theorem 1: If m and n are each sum of two squares, then their product mn is also a sum of two
squares.
Proof: Let m  a12  b12 and n  a22  b22 where a1, b1, a2 and b2 are integers. Then

mn   a12  b12  a22  b22   a12a22  a12b22  b12a22  b12b22

 a12a22  a12b22  b12a22  b12b22  2a1a2b1b2  2a1b2a2b1   a1a2  b1b2    a1b2  a2b1  .
2 2

This shows that the product mn can be expressed as sum of two squares.

139
Corollary 1: If m1, m2,…, mr are integers such that mi  ai2  bi2 ,1  i  r then m1.m2…mr = a2 +

b2 for some integers a and b.

Theorem 2: Any integer of the form 4k +3 cannot be expressed as sum of two squres.
Proof: Any integer n can be written as n = 4k +r where r = 0, 1, 2, and 3. Therefore,
n  0, 1, 2, 3(mod 4) and n2  0, 1(mod 4)
Suppose n = 4k+3 and if possible n = a2 + b2. Then n ≡ 3(mod 4) and hence 3  (a2 + b2) (mod
4). Since a2  0, 1(mod 4) and b2  0, 1(mod 4), a2 + b2 is either 0, 1 or 2 (mod 4). It will never
be 3.
 a2 + b2  3(mod 4) never holds. So, n  a2 + b2.
Theorem 3: If p is prime and (a, p) = 1, then the linear congruence ax  y(mod p) has a solution

(x0, y0), where 0  x0  p and 0  y0  p.

Proof: Let m  1   p  . Then m2  p. The set of integers

 ax  y  : 0  x  m  1, 0  y  m  1
contains m2 elements. Since ax – y can take atmost p values, there exists integers (x1, y1) and (x2,
y2) such that
 ax1  y1    ax2  y2  mod p 
where x1  x2 or y1  y2 . Thus, we can write,

a( x1  x2 )   y1  y2  mod p 

Setting x0  x1  x2 and y0  y1  y2 we see that (x0, y0) satisfies the given congruence and

0  x0  x1  x2  m  1   p   p and 0  y0  y1  y2  m  1   p   p

Thus, (x0, y0) is the required solution.

Theorem 4. (Fermat): An odd prime p is expressible as a sum of two squares iff p  1 (mod 4).
Proof: Suppose, p is expressible as a sum of two square. Since p is an odd prime, we have p 
1(mod 4) or p  3 (mod 4). If p  3 (mod 4) then by Theorem 1, it cannot be expressed as sum of
two squares. Therefore, the only possibility is p  1 (mod 4).
Conversely, suppose p  1 (mod 4). Then the congruence

x 2  1 mod p 

has a solution a, (say). This gives a2  –1 (mod p)  (a, p) = 1.

140
Therefore, the linear congruence ax  y (mod p) has a solution (x0, y0) such that

0  x0  p and 0  y0  p

Now, a 2  1 mod p 

a 2 x02   x02  mod p 

 y02   x02  mod p 
 x02  y02  0  mod p 

This gives that there exists an integer k > 0 such that x02  y02  kp

 p  p
2 2
Now, kp  x02  y02   2 p.
Thus, we have, 0  kp  2 p 0k 2

This gives k = 1. Hence, x02  y02  p.

Thus, p is expressible as sum of two squares.
Corollary 2: Any prime p of the form 4k+1 can be represented as sum of two squares uniquely.
Proof: Suppose if possible
p = a2 + b2 = c2 + d2 where a, b, c and d are positive integers. Then

a 2d 2  b2c2  p  d 2  c2   0  mod p   ad  bc  mod p  or ad  bc  mod p 

Since, a, b, c and d are less than p , we have ad – bc = 0 or ad + bc = p .

Now, p 2   a 2  b2  c 2  d 2    ad  bc    ac  bd 
2 2

 p 2   ac  bd  .
2

This gives ac – bd = 0. Thus we have ad = bc or ac = bd.

If ad = bc then a | bc  a | c as gcd(a, b) = 1.
So c = ka. Putting this value of c in ad = bc we have d = bk.
Now p = c2 + d2 = k2(a2 + b2). This implies k = 1. Thus, a = c and b = d. Similarly, from the
condition ac = bd, we can show that a = d and b = c. Hence, the representation of p as a sum of
two squares is unique.
Theorem 5: (Euler) If an integer n can be expressed as the sum of two squares in two different
ways, then n is composite.
Proof: Let n be an odd integer and
n  a12  b12  a22  b22
(1)
where a1, b1, a2 and b2 are integers and one of a1 and b1 is odd and one of a2 and b2 is odd.
141
Let a1 and a2 be odd and b1 and b2 be even. From (1) we have

a12  a22  b22  b12

  a1  a2  a1  a2    b2  b1  b2  b1  .
(2)

Let, (a1 – a2, b2 – b1) = d. Since a1 – a2 and b2 – b1 both are even integers, we have d is an even
integer.
Let, a1 – a2 = rd
b2 – b1 = sd (3)
for some integers r and s. Obviously gcd(r, s) =1. From (2) and (3) we have
r(a1 + a2) = s(b2 + b1) (4)
From (4) we see that s | (a1 + a2) and r | (b2 + b1)
Therefore, a1 + a2 = st (5)
for some integer t. Then from (4) we have
b2 + b1 = rt (6)
Since (r, s) = 1, we see from (1) and (2) that t = gcd(a1 + a2, b2 + b1).
Since a1 + a2, b2 + b1 both are even, t is even.
Therefore,

4n  2a12  2b12  2a22  2b22   a1  a2    a1  a2    b2  b1    b2  b1 

2 2 2 2

 d 2  t 2 
 r d  s t  s d  r t   r  s  d  t  . Hence, n   r  s        .
2 2 2 2 2 2 2 2 2 2 2 2 2 2

 2   2  

This shows that n is a composite number.

Theorem 6: A positive integer n > 1 can be written as the sum of two squares if and only if
either it has no prime factor congruent to 3(mod 4) or if it has a prime factor congruent to 3 (mod
4) then it occurs to an even power in the prime factorization of n.
Proof: Suppose n has the prime factorization.
n  2r p1r1 p2r2 ... plrl q1s1 q2s2 ...qmsm (7)

where pi ≡ 1 (mod 4) (1  i  l) and qj  3 (mod 4) (1  j  m).

Suppose, n = x2 + y2 (8)
We will show that either each sj = 0 or if some sj  0 then it is an even integer. If all sj = 0 then
we have nothing to prove. If at least one sj  0 then we have to show that s1 is even. Suppose if
possible s1 is odd. Let d = (x, y). Then we have x = x0d, y = y0d, gcd(x0, y0) = 1.

142
 n  x 2  y 2   x02  y02  d 2 
n
Now,  x02  y02 . (9)
d2
Since s1 is odd, q1 divides x02  y02 to an odd power.
Further gcd  x0 , q1   gcd  y0 , q1   1.
Let, y0t  x0  mod q1  (10)
Obviously it has a unique solution t ≡ t1 (mod q1).
n
Therefore, 2  x02  y02  y02t12  y02  mod q1 
d
This gives
y02 1  t12   0  mod q1  .
 1  t12   0  mod q1  
  y q   1
0, 1

 x  1 mod q1 
2

This has a solution t1 .

Then q1 ≡ 3(mod 4) is not possible. So s1 cannot be odd. Hence, s1 is even. Conversely suppose
each sj, 1  j  m is an even integer in the expression (1). Then, we have
2 =1 +1=12 +12  2r = a2 + b2. [From Theorem 1]
If pi  ai2  bi2 then piri  ci2  di2 . Therefore,

  
n  2r p1r1 .... plrl q1s1 ....qmrm   a 2  b2  c12  d12  ...  cl2  d l2  q1sl /2 .... qm sm /2 
2 2

which is again sum of two square and which completes the proof.

13.2. Method of expressing a prime p = 4k + 1 as sum of two squares

We use the continued fraction method to express p = 4k +1 as sum of two squares. The method is
as follows.
1  p  P1  p  P1 where P1   p 
p  P1
2  , Q1   p  P1 
Q1
p  P2
3  , Q2   p  P2 
Q2

p  Pn
 n1  , Qn   p  Pn 
Qn
If Qr  Qr 1 then p  Pr21  Qr21

143
Theorem 7: A positive integer n can be expressed as the difference of two squares iff n is not of
the form 4k +2.
Proof: We know that a2  0 or 1 (mod 4) for all integers a. Therefore a 2  b2  0, 1 or 3 (mod 4).

Hence, if n  2 (mod 4), we cannot have n = a2 – b2 for any integers a and b.

If n is not of the form 4k +2 then n  0, 1 or 3 (mod 4).

 n 1   n 1 
2 2

If n = 1 or 3 (mod 4) then (n + 1) and (n – 1) are even integers such that n      ,

 2   2 
which is a difference of two squares.
2 2
n  n 
If n ≡ 0 (mod 4) then we have n    1    1 which is again a difference of two square.
4  4 
Example 1: Express 113 and 229 as sum of two squares.
Solution: we have
113 = 4∙28+1
229 = 4∙57+1
Both are of the form 4k+1.
Therefore 113 and 229 can be expressed as sum of two squares.
Now, 113 = 82 + 72 and 229 =152 + 22
Example 2: Express 153 as sum of two squares.

Solution : We have, 153  32  17  32  42  12   122  32

Example 3: Express 1225 as the sum of two squares.

 
Solution : We have, 1225  52  49  52  72  42  32  72  282  212

Example 4: Express 1613 as the sum of two squares.

Solution: We have, 1613=4∙403+1 which is of the form 4k+1. Therefore it can be expressed as
sum of two squares. We adopt the process of converting 1613 into a continued fraction till we
get Qr = Qr+1 for some r.
1613  40  40  1613 
1  1613  40   
1
1613  40 1613  40 1613  38
1    6
1613  40 2
13 13
1613  38 1613  38
3  
1613  382
13
13

144
Thus, we have,
Q2  Q3  13. Here P3  38

Now, 1613  P32  Q32  382  132.

Example 5: Express 3185 as sum of two squares.
Solution : we have 3185 = 5∙72∙13
This prime factorization contains no odd power of a prime congruent to modulo 4. Therefore, the
given number can be expressed as sum of two squares. Now
3185  5  7 2  13
  22  12    72  02    32  22 
 142  72    32  22 

 14  3  7  2   14  2  7  3
2 2

 562  7 2.
Example 6: Express 333 as the sum of two squares.
Solution: We have 333=32·37
This prime factorization contains no odd power of a prime congruent 3 modulo 4. Therefore, it
can be expressed as sum of two squares. Now

333  32.37  32   62  12   182  32 .

Example 7: Express 317 as sum of two squares.

Solution : We have, 317 = 4.79+1
which is of the form 4k+1. Therefore, the given prime number can be expressed as sum of two
squares.
Now

1  317  17  317  17  17  317 

317  17 317  17 317  11

2    1
317  17 2
28 28
317  11 317  11 317  17
3    4
317  112
7 7
28
317  17 317  17 317  15
4    8
317  17 2
4 4
7

145
 317  15 317  15 317  8
5    1
317  152
23 23
4
317  8 317  8 317  14
6    2
317  8 2
11 11
23
317  14 317  14
7  
317  14 2
11
11
Thus Q6 = Q7. Here P7 =14 Therefore,
317  P72  Q72  142  112.
Example 8: Express 153 as the difference of two squares.
Solution: We have, 153 1 (mod 4).
Therefore,

 n  1   n  1   153  1   153  1   153  1 

2 2 2 2 2

n           77  76 .
2 2

 2   2   2   2   2 

13.3. Sum of More Than Two Squares

Theorem 8: If n is the form 8q + 7, then n is not expressible as the sum of three squares.
Proof: Suppose n = 8q + 7 and if possible n is the sum of three squares, i.e.,
n = a2 + b2 + c2 (11)
for some integers a, b and c. Then we have
a 2  b2  c2  7  mod8
(12)

Now a 2  1 mod 8 if a is odd

 0 or 4  mod 8 if a iseven.

Similar, behavior is that of b2 and c2. Therefore, a2 +b2+c2 will be congruent (mod 8) to one of
the integers 0, 1, 2, 3, 4, 5, 6 and not to 7. This contradicts (12). Hence, n = 8q +7 is not
expressible as sum of three squares.

Theorem 9: Any integer of the form n  4m 8q  7  for integers m and q  0 is not a sum of

three squares.
Proof: For m = 0 the statement reduces to Theorem 8.

146
Suppose if possible
n  4m 8q  7   a 2  b2  c2
(13)
for m  1 and integers a, b, c.
Therefore, a2 + b2 + c2  0 (mod 4) (14)
Now
a2  1 (mod 4) if a is odd
 0 (mod 4) if a is even
It is obvious that a, b, c all are even integers. Therefore, from (11) we have
2 2 2
a b c
         4 8q  7 
m 1

     
2 2 2

Thus, we see that if 4m 8q  7  is the sum of three squares then 4m1 8q  7  is also a sum of

three squares. Repeating the same procedure we see that 4m2 8q  7  , ,40 8q  7  is the sum

of three squares. But 40 8q  7  is not the sum of three squares. Thus, we have a contradiction.

Hence, n  4m 8q  7  is not expressible as the sum of three squares.

Theorem 10: (Euler) : If the integers m and n are each the sum of four squares then mn is also
the sum of four squares.
Proof: Let m  a12  b12  c12  d12 and n  a22  b22  c22  d 22 .
Now
mn   a12  b12  c12  d12  a22  b22  c22  d 22 

  a1a2  b1b2  c1c2  d1d 2    a1b2  a2b1  c1d 2  c2d1 

2 2

  a1c2  a2c1  b1d 2  b2d1    a1d 2  a2d1  b1c2  b2c1  .

2 2

This shows that mn is the sum of four squares.

Theorem 11: If p is an odd prime, then there exists integers a, b and h such that
a 2  b2  1  hp where0  a  ( p  1) / 2,0  b  ( p  1) / 2 and0  h  p.
Proof: Let

  p  1  
2
  p 1
2

S1  0,12 ,22 ,....,    and S2   1, 1  1 , 1  2 ,
2 2
, 1    .
  2     2  

Then the integers of S1 and S2 are all incongruent (mod p). The total numbers of integers in
S1  S2 is p+1. Therefore, there will be at least two integers among these p+1 integers which are

147
congruence to each other (mod p). So at least one number of S1 say a2 is congruent (mod p) to
p p
some number say –1 – b2 of S2 such that 0  a  and 0  b  .
2 2
Thus, we have a 2  1  b2  mod p   a 2  b2  1  hp
for some positive integers h. Also
1 2 1  p2 p2 
h a  b2  1     1  p.
p p 4 4 
Theorem 12: A prime p can be expressed as the sum of four squares.

Proof: If p = 2 then we have 2 = 12 + 12 + 02 + 02

For the odd prime p let h be the smallest positive integer such that hp is the sum of four squares
i.e., hp = a2+b2+c2+d2. We shall show that h = 1. First we shall show that h is odd. Suppose if
possible h is even. Then a, b, c and d are all even or all odd or two are even and two are odd.
These numbers may be arranged as a  b  mod 2  and c  d  mod 2 

1 1 1 1
These gives that  a  b  ,  a  b  ,  c  d  and  c  d  are all integers.
2 2 2 2

a b a b cd  cd 

2 2 2 2
1 h
Also  hp           is a representation of  2  p as a sum
2  2   2   2   2   
of four squares. This is a contradiction as we have assumed that h is the smallest such integer.
Therefore, h is odd. For showing h = 1 we assume that h  1 then, least value of h is 3. We may
choose integers a1, b1, c1, and d1 such that a1  a  mod h  , b1  b  mod h  , c1  c  mod h  ,

h
d1  d  mod h  and a1 , b1 , c1 , d1  .
2
For obtaining the value of a1 we find the remainder r when a is divided by h. We put a1 = r or
h h
a1 = r – h according as r  or r  respectively.
2 2
Then, a1  b1  c1  d1  a  b  c  d  0  mod h   a12  b12  c12  d12  nh for some
2 2 2 2 2 2 2 2

non- negative integer n.

2
h
Thus, we have, 0  nh  a12  b12  c12  d12  4     h 2 .
2
Now, n cannot be zero otherwise, a1 = b1= c1 = d1 and consequently k | p which is not possible
because 1 < k < p.
Also, nh < h2  n < h. Thus, we have

148
 h2 np   hp  nh    a 2  b2  c2  d 2  .  a12  b12  c12  d12   r 2  s 2  t 2  u 2

where
r  aa1  bb1  cc1  dd1 , s  ab1  ba1  cd1  dc1
t  ac1  a1c  bd1  db1 u  ad1  a1d  bc1  cb1.

Now, r  aa1  bb1  cc1  dd1  a12  b12  c12  d12  0  mod h  .
2 2 2 2
 r  s  t  u r s t u
Similarly, s  t  u  0  mod h  . So, np             where , , , are
h h h h h h h h
all integers. Since 0 < n < h, we have a contradiction. Hence, h = 1.
Theorem 13: (Lagrange): Any positive integer n can be expressed as a sum of four squares.
Proof: If n = 1 then n = 12 +02+02+02 which is a sum of four squares.
For n > 1 we take n = p1 p2…pr as prime factorization. Since each prime can be expressed as the
sum of four squares, their product which is equal to n will also be expressed as sum of four
squares.
Example 9: Express 459 as sum of four squares.
Solution : We have
459 = 33  17
 32  3  17
 32 12  12  12  02   42  12  02  02 

 32  4  1  0  02   1  4  0  0    0  0  4  0    0  0  1  0  
2 2 2
 

 32 52  32  42  12   152  92  122  32.

Example 9: Find the relation a2+b2+1 = hp for p = 19 and hence show that 319=42+42+42+32.
p  1 19  1
Solution: We have  9
2 2
Therefore, S1 = {02, 12, 22,…,92} and S2= { –1 – 02, –1 – 12, –1 – 22,…, –1 –92}
Now we will find the integers of S1 which are congruent (mod 19) to the integers of S1. We have
12  –1 – 62(mod 19) 32  –1 – 32(mod 19) 82  –1 – 72(mod 19)
Therefore, 62 +12 +1 = 219 , 32 +32 +1 = 119 82 +72 +1 = 6 19
These are the required relations.
Since 6  19 = 82 + 72 +12 + 02 we have

 8  0   8  0   7  1   7 1 
2 2 2 2

3 19           4 4 4 3
2 2 2 2

 2   2   2   2 

149
Waring’s problem
Waring, E in 1770 stated that every positive integer can be written as the sum four squares, nine
cubes, nineteen fourth powers and so on. When we say that every number is expressible as the
sum of four squares we mean that four is such a least number. It may also be more than four. For
example, 36 = 32 +42 +52 +62 . Similarly, Waring’s assertion regarding cubes we mean that 9 is
the least number of positive integers whose sum of cubes is the given positive integer. Waring’s
assertion can be stated as follow:
For any given positive integer k there exists a smallest integer N(k) depending only on k
such that every positive integer can be represented as the sum of N(k) kth powers. Thus, Waring
conjectured that N(2) = 4, N(3) = 9 and N(4) = 19.

13.4. Summary
In this chapter we studied integers which can be expressible as sum of squares of two or more

integers and showed any integer of the form 4k + 1 can be expressed as sum of two squares.

13.5. Keywords
Sum of squares, odd, even.

13.6. Exercise:
1. Express each of the integers as sum of two squares:
(a) 41 (b) 97 (c) 541 (d) 7250
2. Determine whether each integer can be written as sum of squares:
(a) 101 (b) 315 (c) 315 (d) 454
3. Show that one more than twice the product of two consecutive integers can be written as
the sum of two square.
4. If n ≡ 3 or 6(mod 9), then show that n cannot be represented as sum of two squares.
5. A number is said to be triangular if it can be written in the form n(n + 1) / 2. If n is the
sum of two triangular numbers, then prove that 4n + 1 is the sum of two squares.
6. Show that no positive integer n ≡ 7(mod 8) can be written as the sum of three squares.
7. Show that no integer N of the form 4e(8n + 7) can be represented as the sum of three
squares.
8. Express each prime as the sum of four squares:
(a) 43 (b) 89 (c) 197 (d) 349

13.7. Reference:
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford

150
 UNIT – 14
THE FIBONACCI SEQUENCE, IDENTITIES INVOLVING FIBONACCI NUMBERS

Structure:
14.0. Objective
14.1. Introduction
14.2. The Fibonacci numbers
14.3. Certain Identities Involving Fibonacci Numbers
14.4. Summary
14.5. Keywords
14.6. Exercises
14.7. References

14.0. Objective
Another important problem that is usually discussed not only in Mathematics but also in
Computer Science, because of its recursive nature is “Rabbit Problem” that leads to Fibonacci
numbers. Fibonacci numbers have so much properties that a lot of literature can be found on this
subject. In this chapter we discuss some of the important properties of Fibonacci numbers.

14.1. Introduction
The Italian mathematician Leonardo de Pisa was born in Pisa around 1175 AD. He is commonly
known as Fibonacci which is a shortened form of Filius Bonaccio (son of Bonaccio). His father,
Bonaccio, was a customs inspector in the city of Bugia on the north coast of Africa (presently
Bougie in Algeria) and as a result, Fibonacci was educated by the Mohammedans of Barbary. He
was taught the Arabic system of numbers and in the early thirteenth century returned to Italy to
publish the book Liber Abaci (Book offhe Abacus) in 1202 (Leonardo di Pisa 1857). This book
introduced the Arabic system of numbers to Europe and is responsible for Fibonacci's reputation
as the most accomplished mathematician of the middle ages. The book also posed a problem
involving the progeny of a single pair of rabbits which is the basis of the Fibonacci sequence (or
Fibonacci series). It was, however, Edouard Lucas, whose contribution to this area of
mathematics will be discussed in detail in the next chapter, who rediscovered the Fibonacci
sequence in the late nineteenth century, and properly attributed it to its original founder.

151
The rabbit problem is as follows:
A pair of adult rabbits produces a pair of baby rabbits once each month. Each pair of
baby rabbits requires one month to grow to be adults and subsequently produces one
pair of baby rabbits each month thereafter. Determine the number of pairs of adult
and baby rabbits after some number of months. It is also assumed that rabbits are
immortal.
This problem may be expressed mathematically in this way: The number of adult rabbit pairs in a
particular month (say month n+2), Fn+2, is given by the number of adult rabbit pairs in the
previous month, An+1, plus the number of baby rabbit pairs from the previous month which grow
to be adults, bn+1;

Fn2  Fn1  bn1 (15)

In a given month (say month n+1), the number of pairs of baby rabbits will be equal to the
number of adult rabbit pairs in the previous month;

bn1  Fn (16)
Combining (1) and (2) gives the recursion relation for the number of adult rabbit pairs as

Fn2  Fn1  Fn (17)

14.2. The Fibonacci Sequence
Growth of Rabbit
Months Adult Pairs Young Pairs Total
1 1 1 2
2 2 1 3
3 3 2 5
4 5 3 8
5 8 5 13
6 13 8 21
7 21 13 34
8 34 21 55
9 55 34 89
10 89 55 144

Hence the recursive relation (3) gives a sequence of numbers 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89,
144, … with F1 = 1, F2 = 1 and Fn2  Fn1  Fn . This sequence is called Fibonacci sequence.
The Fibonacci sequence grows rapidly.

152
Theorem 1: We have
F5n2  10n for n  1.
Proof: Proof is by induction. For n = 1, we have A7 = 13 > 10. Let us assume that the
inequality holds for arbitrary integer n = k, that is F5k 2  10k . Now we show that it also holds
for n = k + 1. Using the recursive formula (3) several times, we can write

F5k 7  8F5k 2  5F5k 1

> 8F5k 2  2( F5k 1  F5k )
= 10F5k 2  10  10k  10k 1

completing the induction step and the argument.

Theorem 2: For the Fibonacci sequence, gcd(Fn+1, Fn) = 1 for every n ≥ 1.
Proof: Suppose gcd(Fn+1, Fn) = d. Then d / Fn+1 and d / Fn and hence d / Fn+1 – Fn i.e, d / Fn-1.
Now d / Fn and d / Fn-1 implies d / Fn-2. This shows d divides all Fibonacci numbers Fn-2, Fn-3, …
and hence d / F1. But F1 = 1. Hence d = 1. This completes the proof.
We next prove a very important Theorem that the greatest common divisor of two
Fibonacci numbers is itself a Fibonacci number. In fact gcd(Fn, Fm) = ud where d = gcd(n, m).
Before proving this Theorem, we prove the following Theorems.
Theorem 3: We have

Fmn  Fm1Fn  Fm Fn1 (18)

Proof: We prove it by induction on n. When n = 1, (4) takes the form

Fm1  Fm1F1  Fm F2  Fm1  Fm
which is obviously true. Let us assume that the formula holds for n = 1, 2, 3, …, k and try to
verify it when n = k + 1. By our assumption, we have
Fmk  Fm1Fk  Fm Fk 1
Fm( k 1)  Fm1Fk 1  Fm Fk .

Addition of these two equations gives us

Fmk  Fm( k 1)  Fm1 ( Fk  Fk 1 )  Fm ( Fk 1  Fk ).

From (3), we have

Fm( k 1)  Fm1Fk 1  Fm Fk 2

Which is precisely (4) with n replaced by k + 1. Hence, by induction (4) holds for all m ≥ 2 and
n ≥ 1.

153
Theorem 4: For m ≥ 1 and n ≥ 1, Fmn is divisible by Fm.
Proof: Proof is by induction on n. The result is obviously true when n = 1. Let us assume that
Fmn is divisible by Fm for n = 1, 2, …, k. From (4), we have Fm( k 1)  Fmk 1Fm  Fmk Fm1

Because Fm divides Fmk by supposition, the right hand side of this expression (and hence, the left
hand side) must be divisible by Fm. Accordingly, Fm / Fm(k+1), which was to be proved.
Lemma 1: If m = qn + r, then gcd(Fm, Fn) = gcd(Fr, Fn).
Proof: From (4), we have gcd( Fm , Fn )  gcd( Fqnr , Fn )  gcd( Fqn1Fr  Fqn Fr 1, Fn ) .

Now from Theorem 4 and the fact that gcd(a+c, b) = gcd(a, b), whenever b / c, gives
gcd( Fqn1Fr  Fqn Fr 1, Fn )  gcd( Fqn 1Fr , Fn ).

We claim that, gcd( Fqn1Fr , Fn )  1 . Suppose d  gcd( Fqn1Fr , Fn ). Then d / Fn and Fn / Fqn

implies d / Fqn and therefore d is a common divisor of the successive Fibonacci number Fqn-1 and
Fqn. Because successive Fibonacci numbers are relatively prime, d = 1.
We know that if gcd(a, c) = 1, then gcd(a, bc) = gcd(a, b). Hence, we have
gcd( Fm , Fn )  gcd( Fqn1Fr , Fn )  gcd( Fr , Fn ).

Let us now prove our main theorem.

Theorem 5: The greatest common divisor of two Fibonacci numbers is again a Fibonacci
number, that is,
gcd(Fn, Fm) = ud where d = gcd(n, m).
Proof: Assume that m ≥ n. Applying the Euclidean Algorithm to m and n, we get the following
system of equations:
m  q1n  r1 0  r1  n
n  q2 r1  r2 0  r2  r1
r1  q3r2  r3 0  r3  r2

rn 2  qn rn 1  rn 0  rn  rn 1
rn 1  qn 1rn  0.
Now, from above Lemma 1, we have
gcd( Fm , Fn )  gcd( Fr1 , Fn )  gcd( Fr1 , Fr2 )   gcd( Frn1 , Frn ).

Since rn / rn-1, by Theorem 4, we have Frn | Frn 1 and hence gcd ( Frn , Frn 1 )  Frn . But rn , being the

last nonzero remainder in the Euclidean Algorithm for m and n, is equal to gcd(m, n). Hence
gcd ( Fn , Fm )  Fgcd( m,n ) . This completes the proof.

154
Corollary 1: In the Fibonacci sequence, Fm / Fn if and only if m / n for n ≥ m ≥ 3.
Proof: One way we have already proved in Theorem 4. So, assume that Fm / Fn. Then
gcd(Fm, Fn) = Fm. But, by Theorem 5, the value of gcd(Fm, Fn) = Fgcd(m, n). Hence, gcd(m, n) = m
and therefore m / n.
Example 1: We show that gcd(F16, F12) = gcd(987, 144). From Euclidean algorithm, we have
gcd(987, 144) = 3 and gcd(16, 12) = 4. Now, F4 = 3. Hence gcd(F16, F12) = Fgcd(16, 12).

14.3. Certain Identities Involving Fibonacci Numbers

We move on and develop several of the basic identities involving Fibonacci numbers; these
should be useful in doing the problem at the end of the section. One of the simplest asserts that
the sum of the first n Fibonacci numbers is equal to Fn+2 – 1. For instance, when the first eight
Fibonacci numbers are added together, we obtain
1 + 1 + 2 + 3 + 5 + 8 + 13 + 21 = 54 = 55 – 1 = F10 – 1
That this is typical of the general situation follows by adding the relations
F1 = F3 – F2
F2 = F4 – F3
F3 = F5 – F4
⋮
Fn-1 = Fn+1 – Fn
Fn = Fn+2 – Fn+1
On doing so, the left-hand side yields the sum of the first n Fibonacci numbers, whereas on the
right-hand side the terms cancel in pairs leaving only un+2 – u2. But u2 = 1. The consequence is
that

F1  F2  F3   Fn  Fn2  1 (19)

Next, we prove another important identity:

Theorem 6: We have
Fn2  Fn1Fn1  (1)n1. (20)
Proof: We have
Fn2  Fn 1Fn 1  Fn ( Fn 1  Fn 2 )  Fn 1Fn 1
 ( Fn  Fn 1 ) Fn 1  Fn Fn 2 .
From (3), this can be written as
Fn2  Fn1Fn1  (1)( Fn21  Fn Fn2 ) .

155
The important point is that except for the initial sign the right-hand side of this equation is the
same as the left-hand side, but with all the subscripts decreased by 1. By repeating the argument
( Fn21  Fn Fn2 ) can be shown to be equal to the expression (1)( Fn22  Fn1Fn3 ) , and hence

Fn2  Fn1Fn1  (1)2 ( Fn22  Fn1Fn3 ) .

Continuing this process, after n – 2 such steps, we arrive at
Fn2  Fn 1Fn 1  ( 1)n 2 ( F22  F3 F1 )
 ( 1)n 2 (12  2  1)  ( 1)n 1.
This completes the proof.
Note 1: For n = 2k, (6) becomes F22k  F2 k 1F2 k 1  1.
In 1843, the French mathematician Jacques-Philippe-Marie Binet discovered a formula for
expressing Fn in terms of the integer n; namely,

1  1  5   1  5  
n n

Fn      .
5  2   2  
 
This formula can be obtained by considering the two roots

1 5 1 5
 and   (21)
2 2

of the equation x2 – x – 1 = 0. Since they are roots of this equation, they must satisfy
 2    1 and  2    1.
Multiply first relation by τn and second by φn. Then, we obtain
 n2   n1   n and  n2   n1   n .
Subtracting the second equation from the first, and dividing by τ – φ , leads to

 n 2   n 2  n 1   n 1  n   n
  (22)
     

If we put H n  ( n2   n2 ) / (   ) , (8) can be written as

H n2  H n1  H n n  1.
From (7), we have
   1    5   1
Hence,
   2 2
H1  1 H2    1.
   

156
All this shows that the sequence H1, H2, H3, … is precisely the Fibonacci sequence, which gives

 n n
Fn  n 1. (23)
 

1 5
Note 2: The number   is usually called Golden Ratio.
2
Note 3: (9) is called Binet’s formula.
Using (9), we can prove certain identities involving Fibonacci numbers.
Theorem 7: We have
Fn22  Fn2  F2n2 .

Proof: As we start, recall that   1 which has the immediate consequence ( )2 k  1 for k ≥ 1,
Then,
2 2
  n 2   n 2    n   n 
F 2
n2 F  2
  
       
n

 2( n 2)  2   2( n 2)  2 n  2   2 n
 
(   )2 (   ) 2
 2( n2)   2( n 2)   2 n   2 n

(   )2
Now the expression in the numerator may be written as
 2( n2)  ( )2 2n  ( )2 2n   2( n2)  ( 2   2 )( 2n2)   2n2) )
On doing so, we get
( 2   2 )( 2 n 2   2 n 2 )
F 2
n2 F  2

(   )2
n

  2 n2   2 n2 
 (   )  
   
 1.F2 n 2  F2 n 2 .
For a second illustration of the usefulness of the Binet formula, let us once again derive the
relation F2 n1F2 n1  1  F22n , (see Note 1). First, we calculate
  2 n 1   2 n 1    2 n 1   2 n 1 
F2 n 1F2 n 1  1     1
 5  5 
1
 ( 4 n   4 n  ( ) 2 n 1 2  ( ) 2 n 1 2  5)
5
1
 ( 4 n   4 n  ( 2   2 )  5).
5

157
Because  2   2  3, this last expression becomes
1 4n 1
(   4 n  2)  ( 4 n   4 n  2( ) 2 n )
5 5
2
  2n   2n 
   F2 n
2

 5 
which is the required identity.

14.4. Summary
In this chapter we have seen that how rabbit problem leads to Fibonacci sequence and studied
some of its properties. Also we have seen that how nicely the Fibonacci numbers are connected

1 5
with golden ratio .
2
14.5. Keywords
Fibonacci, sequence, identity, golden ratio.
14.6. Exercise
1. For n = 1, 2, …, 10, show that 5Fn2  4( 1)n is a perfect square.

2. Prove that if 2 | Fn , then 4 | Fn21  Fn21 . 
3. Show that F12  F22  F32   Fn2  Fn Fn1 .

4. For n ≥ 3, prove that Fn21  Fn2  3Fn21  2 F12  F22  F32   Fn21  .
5. Evaluate gcd(F9, F12), and gcd(F15, F20).
6. Using induction on the positive integer n, establish the following formulae:
a) F1  2F2  3F3   nFn  (n  1) Fn2  Fn4  2
b) F2  2F4  3F6   nF2n  nF2n1  F2n .
7. Show that F2  F4  F6   F2n  F2 n1  1 .

8. Deduce F2 n1  Fn2  Fn21 . 
9. Use problem viii to obtain the following identities:
a) Fn21  Fn22  2F2 n1 for n ≥ 3
b) Fn22  Fn21  2( Fn2  Fn21 ) for n ≥ 2.
10. Prove that Fn Fn1  Fn2  Fn21  (1)n .

14.7. Reference
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. The Golden Ratio and Fibonacci Numbers, Richard A. Dunlap, World Scientific.

158
 UNIT – 15
FINITE CONTINUED FRACTIONS, CONVERGENTS OF A CONTINUED
FRACTION, SIMPLE CONTINUED FRACTIONS

Structure:
15.0. Objective
15.1. Finite continued fractions
15.2. Convergent fractions
15.3. Solution of linear Diophantine equation using continued fraction
15.4. Summary
15.5. Keywords
15.6. Exercises
15.7. References

15.0. Objective
A very important application of the Euclidean algorithm lies in the continued fractions, which
also gives an alternative way of representing real numbers. In this chapter we shall show that
every rational number has finite continued fraction representation and shall see its link with the
solution of linear Diophantine equations.

15.1. Finite Continued Fractions

Let us begin with the numbers a = 214 and b = 35. By applying the Euclidean algorithm
to these numbers we find
214  35  6  4, (24)
35  4  8  3, (25)
4  3  1  1, (26)
3  1  3  0. (27)
We now divide both sides of Equation (1) by 35, obtaining

214 4
 6 (28)
35 35
So we have obtained a first piece of information: the rational number 214 / 35 lies between 6 and
7, as 0 < 4 / 35 < 1. By writing 4 / 35 as the inverse of a number greater than 1, formula (5)
becomes

159
 214 1
6 (29)
35 35
4
35 3 35 1
 8  that is  8 (30)
4 4 4 4
3
4 1
 1 (31)
3 3

and the last expression is called a finite continued fraction.

Definition 1: Let a0, a1,…, an be real numbers, all positive except possibly a0. The expression

is called a finite continued fraction and is denoted by [a0; a1,…,an]. The numbers ak are called
the terms or the partial quotients of the continued fraction. The reason for assuming ak > 0 for k
≥ 1 in the above definition is that this guarantees that no division by zero will occur. A
continued fraction is said to be simple if all of the ai are integers.
Theorem 1: Every finite simple continued fraction is equal to a rational number, and every
rational number can be written as a finite simple continued fraction.
Proof. The first part is trivial. For the second one, let a / b be the rational number, b > 0. Apply
the Euclidean algorithm to find the gcd of a and b:
a = ba0 + r1, 0 < r1 < b,
b = r1a1 + r2, 0 < r2 < r1,
r1 = r2a2 + r3, 0 < r3 < r2,
⋮
ri = ri+1ai+1 + ri+2, 0 < ri+2 < ri+1,
⋮
rn−2 = rn−1an−1 + rn, 0 < rn < rn−1,
rn−1 = rn an + 0.

160
As all the remainders are positive, so are all the quotients ai, with the possible exception of the

first one. Rewrite the equations given by the Euclidean algorithm dividing the first one by b, the

second one by r1, the third one by r2 and so on, till the last one, to be divided by rn. So we obtain

The left-hand sides of these equations are rational numbers, which are rewritten as the sum of an
integer and a fraction with numerator equal to 1. By successive eliminations, we get

until we obtain the expression

So we have represented the rational number a / b as a finite simple continued fraction.

15.2. Convergent Fractions

Let [a0; a2, a3, . . . , an] be a finite simple continued fraction. The continued fraction obtained by
truncating this continued fraction after the k-th partial quotient is called k-th convergent and is
denoted as follows:
= [a0; a2, a3, . . . , ak], for each 1 ≤ k ≤ n.

161
Notice that may be obtained from by substituting for ak. Clearly, for k = n we

get the complete original continued fraction. Every = [a0; a1, . . . , ak] is a rational number
which will be denoted by pk / qk, where gcd(pk, qk) = 1.
Suppose now that we have computed the value of [a0; a1, a2,…,an] and want to compute
the value of [a0; a1, a2,…,an+1] without having to repeat the whole computation from scratch. The
following recursion formula describes how to find (n + 1)th convergent knowing nth convergent.
Theorem 2: If a0, a1, a2, . . . , an be real numbers with a1, a2, . . . positive. Let the sequences p0,
p1, p2, . . . , pn and q0, q1, q2, . . . , qn be defined recursively by

&

Then the kth convergent is given by

Proof: We will prove this by Mathematical Induction. For k = 0, we have

[ ]

For k = 1
[ ]

Therefore the Theorem is valid for k = 0 and k = 1.

Now, assume that the theorem is valid for k with 2 ≤ k ≤ n. This means

[ ]

Now, consider
[ ]

[ ]

[ ]

[ ]

( )
( )
( )
( )

162
Example 1: We have 173 / 55 = [3;6, 1, 7]. Let us compute the sequences pj and qj for j = 0, 1,
2, 3. We have
p0 = 3, q0 = 1
p1 = 3.6+1 = 19 q1 = 6
p2 = 1.19+3 = 22 q2 = 1.6+1 = 7
p3 = 7.22+19 = 173 q3 = 7.7+6 = 55

Theorem 3: If a0, a1, a2, . . . , an be real numbers with a1, a2, . . . positive, with corresponding
convergent Then

(i) ( ) ≥
(ii) ( ) ≥
( )
(iii) ≥
( )
(iv) ≥

Proof (i): Write Then

( ) ( )
≥ , and it follows at once that ( )
But since Hence ( ) as required.
Proof (ii): Using the recursive definition of pn and qn and equality (i), we obtain
( ) ( )
( ) ( ) ( ) .
(iii) follows from (i) upon division by qn-1qn, which is nonzero for n ≥ 1.
(iv) follows from (ii) upon division by qn-2qn.

15.3. Solving linear Diophantine equation using continued fractions

Consider the equation
ax by  c (32)
where a, b and c are integers. Let us assume gcd(a, b) = 1. Otherwise we can divide both sides
of Eq.(9) by d and we have gcd(a / d, b / d) = 1.
We know that a solution of Equation (9) can be obtained by solving the equation
ax by  1 gcd(a, b) = 1
and then multiplying both sides of this equation by c.

163
To find a solution of equation ax by  1 , expand the rational number a / b as a simple continued
fraction; say,
a
 [a0 ; a1 , a2 , an ] .
b
Now the last two convergents of this continued fraction are
pn 1 pn
Cn 1  and Cn  .
qn 1 qn
Since gcd(pn, qn) = 1 = gcd(a, b), it may be concluded that pn = a and qn = b.
By (i) of Theorem 3, we have pn qn1  qn pn1  (1)n1

Replacing pn by a and qn by b, we have aqn1  bpn1  (1)n1

Thus, with x = qn – 1 and y = –pn – 1, we have ax  by  (1)n1

If n is odd, then the equation ax  by  1 has the particular solution x = qn – 1 and y = –pn – 1;
whereas if n is even, then a solution is given by x = –qn – 1 and y = pn – 1.
Example 2: Let us solve the linear Diophantine equation (–63)x + 23y = 7 where gcd(–63, 7) =
63 p2 11
1. The continued fraction expansion of is [–3; 3, 1, 5]. Therefore C2   and
23 q2 4
p3 63
 and so p2 = –11, q2 = 4, p3 = –63 and q3 = 23. Hence (–63)4 + 23(11) = 1.
q3 23
Consequently, x0 = 4 and y0 = 11 is a particular solution of (–63)x + 23y = 1. Therefore, x = 7x0
= 28, y = 7y0 = 77 is a particular solution of (–63)x + 23y = 7.
The general solution is given by x = 28 – 23t and y = 77 – 63t.

Theorem 4: Let a0, a1, a2, . . . be real numbers with a1, a2, . . . positive, with corresponding
convergents Then the convergents C 2i with even indices form a strictly increasing

sequence and the convergents C2j+1 with odd indices form a strictly decreasing sequence, and C2i
< C2j+1, that is
C0 < C2 < … < C2i < … < C2j+i < … < C3 < C1.
( )
Proof: We have, . Hence if n ≥ 2 is even, then and if n ≥ 3

is odd, then . Finally, by Theorem (iii), . Thus if i ≥

j, then C2j < C2i < C2i+1 and C2i < C2i+1 < C2j+1.
In the above example, 3 < (22 / 7) < (173 / 55) < (19 / 6) in accordance with C0 < C2 < C3 < C1.

164
Theorem 5: If qk is the denominator of the kth convergent Ck of the simple continued fraction
[a0; a1, a2,…,an], then qk – 1 ≤ qk for 1 ≤ k ≤ n, with strict inequality when k > 1.
Proof: We prove the theorem by induction. Since q0 = 1 ≤ a1 = q1, the theorem is true for k = 1.
Assume that it is true for k = m where 1 ≤ m < n. Then
≥
So that the inequality is also true for k = m+1.
15.4. Summary
In this chapter we have studied finite continued fractions, their nth convergents and some of its
properties. We showed that every rational number can be expressed as finite continued fraction
and vice versa. We showed how continued fraction can be used to solve diophantus equation.
15.5. Keywords
Finite continued fraction, simple continued fraction, convergents, rational.
15.6. Exercise:
1. Write each as a finite simple continued fraction:
(a) 57 / 23 (b) 89 / 55 (c) 79 / 91 (d) -43 / 17
2. Compute the convergents of each continued fraction:
(a) [1;1, 1, 1, 1, 1, 1] (b) [0;2, 7, 7, 6]
(c) [3; 1, 4, 2, 7] (d) [-2; 5, 4, 7, 1]
3. Represent each continued fraction as a rational number:
(a) [1;2, 3, 4, 5] (b) [-3;5, 4, 3, 2]
4. Using finite continued fraction [1;1, 1, …, 1] prove that Fn2 Fn  Fn21  (1)n1 where n ≥ 1.
5. Solve each Linear Diophantine equation using continued fraction:
(a) 12x + 13y = 14 (b) 28x + 91y = 119
6. Using the continued fraction for the given rational number r, find the continued fraction for 1 / r:
(a) 25 / 18 (b) 464 / 675

15.7. Reference:
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
3. Encyclopedia of Mathematics and its Applications, Volume 11, Continued Fractions,
Analytic Theory and Applications, William B. Jones and W. J. Thron, Addison-Wesley
4. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and Hugh
L. Montgomery, John Wiley & Sons, Inc.

165
 UNIT – 16
INFINITE CONTINUED FRACTION, PERIODIC CONTINUED FRACTION
AND PELL’S EQUATION

Structure:
16.0. Objective
16.1. Infinite continued fractions
16.2. Rational approximation to irrational numbers
16.3. Periodic continued fractions
16.4. Pell’s equation
16.5. Summary
16.6. Keywords
16.7. Exercises
16.8. References

16.0. Objective
We have seen that all rational numbers, can be represented as finite simple continued fractions.
The main reason of interest of continued fractions, however, is in their application to the
representation of irrational numbers. In this chapter, we shall show that every irrational number
can be expressed as an infinite continued fraction. Also, in this chapter we shall investigate
another important equation called Pell’s equation and find complete solution to this problem.

16.1. Infinite continued fraction

To expand an irrational number, we need infinite continued fractions; for example

√ (√ )
√
√

The expression of √2 + 1 as a continued fraction uncovers a remarkable elegance and regularity,

as opposed to its decimal representation, which does not show any regularity.

166
Definition 1: Let ( ) be a sequence of real numbers, all positive except possibly a0. Infinite
continued fraction is denoted by [a0; a1, a2, … ]. The infinite continued fraction is said to
converge if the limit [ ] exists, and in that case the limit is also denoted
by [a0; a1, a2, … ].
We know that, [a0; a1, a2,…,an] = , the above limit can be written as
[ ] .
Let us now existence of the above limit. By Theorem 3, we have C 0 < C 2 < … < C 2i < … < C
2j+i < … < C 3 < C 1. Because the even-numbered convergents C2n form monotonically increasing
sequence and bounded above by C1, they will converge to a limit α that is greater than each C2n.
Similarly, odd numbered convergents C2n+1 are monotonically decreasing and bounded below by
C0 and hence converges to α’ that is less than each C2n+1. Let us prove α = α’. We have
( )
Consider,

and hence
| |

Since the qi increases as i becomes large, Hence α = α’.

Theorem 1: The value of any infinite continued fraction is an irrational number.

Proof: Let us suppose that x denotes the value of the infinite continued fraction [a0; a1, a2, … ];
that is, x is the limit of the sequence of convergents

[ ]
Because x lies strictly between the successive convergents Cn and Cn+1 , we have

| | | | | |

With the view to obtaining a contradiction, assume that x is a rational number, say, x = a / b,
where a and b > 0 are integers. Then

| |
and so,
| |
As qi increase without bounds as i increases, we can chose n so large that b < qn+1 and hence
| |

167
This shows that there is a positive integer between 0 and 1, which is a contradiction.
The converse of the above theorem is also true.
Theorem 2: Every irrational number has a unique representation as an infinite continued
fraction.
Proof: Let x0 be an arbitrary irrational number. Let us find the sequence of integers a0, a1, a2,
… as follows: Let
1
ak  [ xk ] and xk 1  k 0 (1)
xk  ak
It is evident that xk+1 is irrational whenever xk is irrational. Since x0 is irrational all xk are
irrational by induction. Thus,

0  xk  ak  xk  [ xk ]  1 (2)
and hence
1
xk 1  1 (3)
xk  ak
so that the integers ak+1=[xk+1] ≥ 1 for all k ≥ 0. Thus, we have a sequence of integers a0, a1, a2,
…, all positive except perhaps for a0.
Now, (3) can be written as
1
xk  ak  , k  0.
xk 1
Through successive substitutions, we obtain
1
xk  a0 
x1
1
 a0 
1
a1 
x2
1
 a0 
1
a1 
1
a2 
x3

 [a0 ; a1 , a2 , , xn 1 ]
for every positive integer n. Now, we have to prove that the infinite simple continued fraction
[a0, a1, a2, …] indeed converges to x0.
Let n be a fixed positive integer. Then,
xn 1 pn  pn 1
x0  [a0 ; a1 , a2 , , xn1 ] 
xn 1qn  qn 1

168
 pn
where Cn  is the nth convergent of x0  [a0 ; a1, a2 , ] . Hence,
qn
xn 1 pn  pn 1 pn
x0  Cn  
xn 1qn  qn 1 qn
( pn qn 1  pn 1qn )

( xn 1qn  qn 1 )qn
( 1)n 1
 [by (i) of Theorem 3 of Unit 3
( xn 1qn  qn 1 )qn
From (2), we have xn+1 > an+1 and therefore
1 1 1
x0  Cn   
( xn 1qn  qn 1 )qn (an 1qn  qn 1 )qn qn 1qn
1
Because qk increases without bounds as k increases,  0 as n  . Hence
qn 1qn

x0  n lim
  Cn  [a0 ; a1 , a2 , ].

Example 1: Consider the irrational number x0  23 . The successive irrational numbers xk

(and hence ak) can be computed as follows:

x0  23  4  23  4 [  23   4 a0  4

1 1 23  4 23  3
x1     1 a1  1
x0   x0  23  4 7 7
1 7 23  3 23  3
x2     3 a2  3
x1   x1  23  3 2 2
1 2 23  3 23  4
x3     1 a3  1
x2   x2  23  3 7 7
1 7
x4    23  4  8  ( 23  4) a4  8
x3   x3  23  4
Because x5 = x1, also x6 = x2, x7 = x3, x8 = x4; then we get x9 = x5 = x1, and so on, which means
that the block of integers 1, 3, 1, 8 repeats indefinitely. We find that the continued fraction

expansion of 23 is periodic with the form

23  [4;1, 3, 1, 8, 1, 3, 1, 8, ]
 [4;1, 3, 1, 8]

169
Now, we prove that the representation of an irrational number as an infinite continued fraction is
unique in the following theorem.
Theorem 3: If the two infinite simple continued fractions [a0 ; a1, a2 , ] and [b0 ; b1, b2 , ]

represent the same irrational number x, then ak = bk for k = 0, 1, 2, 3, …

1
Proof: Suppose that x = [a0 ; a1, a2 , ] . Then, C0  a0 and C1  a0  we have from Theorem 4
a1
1
of Chapter 15, a0  x  a0  so that a0  [ x ] . Note that
a1
1
[a0 ; a1, a2 , ]  a0 
[a1; a2 , a3 , ]
Suppose that [a0 ; a1, a2 , ] = [b0 ; b1, b2 , ] then clearly, a0 = b0 = [x] and that

1 1
a0   b0 
[a1; a2 , a3 , ] [b1; b2 , b3 , ]
so that
[a1; a2 , a3 , ] = [b1; b2 , b3 , ]

Now assume that ak = bk and that [ak 1; ak 2 , ak 3 , ]  [bk 1; bk 2 , bk 3 , ] . Using the same
argument, we see that ak+1 = bk+1, and
1 1
ak 1   bk 1 
[ak 2 ; ak 3 , ] [bk 2 ; bk 3 , ]
which implies
[ak 2 ; ak 3 , ]  [bk 2 ; bk 3 , ]
Hence by induction, we see that ak = bk for k = 0, 1, 2, …
Theorem 4: If x is an irrational number, then there are infinitely many rational numbers p / q
such that
p 1
x  2 (4)
q q
Proof: Let pk / qk be the kth convergent of the continued fraction of x. Then, by Theorem 2 of
Unit 4, we know that

pk 1 1
x   2 [ qk  qk 1
qk qk qk 1 qk
Hence
pk 1
x  2
qk qk
.
Consequently, the convergents of x, pk / qk , k = 1, 2, … are infinitely many rational numbers
which satisfy (4).

170
16.2. Rational approximation to irrational numbers
The following theorem and corollary shows that the convergents of the simple infinite
continued fraction of an irrational numbers x are the best rational approximation to x.
Theorem 5: Let pn / qn be the nth convergent of the continued fraction representing the irrational
number x. If a and b are integers, with 1 ≤ b < qn+1, then
qn x  pn  bx  a

Proof: Consider the system of equations

pn  pn 1  a
qn  qn 1  b
Then, the solutions of the above system of equations are given by
  ( 1)n 1 (aqn 1  bpn 1 )
  ( 1)n 1 (bpn  aqn )
Note that   0. For, if   0 , then (aqn1  bpn1 ) and, because gcd( pn1, qn1 )  1 , qn 1 | b or

b  qn1 , which is a contradiction to our hypothesis.

If   0 , then a  pn and b  qn and hence bx  a   qn x  pn  qn x  pn , which is

the required result. So, assume   0.

If   0, then the equation qn  b  qn1 implies that qn  0 and therefore   0. If

  0, then b  qn1 which implies b   qn1 and therefore  qn  b  qn1  0; this makes   0.
Hence,  and  must have opposite signs. By Theorem 4 of Chapter 15, since x lies between
pn p
and n 1 , qn x  pn and qn1 x  pn1 will have opposite signs. This implies   qn x  pn 
qn qn 1

and   qn1 x  pn1  must have the same sign and therefore

  qn x  pn     qn1x  pn1    qn x  pn   qn1x  pn1

Now, consider
bx  a  ( qn  qn 1 ) x  ( pn  pn 1 )
   qn x  pn     qn 1 x  pn 1 
  qn x  pn   qn 1 x  pn 1
  qn x  pn
 qn x  pn

which is the desired inequality.

171
Corollary 1: If 1 ≤ b ≤ qn, the rational number a / b satisfies
p a
x n  x
qn b
Proof: Suppose
p a
x n  x
qn b
then
p a
qn x  pn  qn x  n  b x   bx  a
qn b
which is a contradiction to Theorem 5.
Theorem 6: Let x be an arbitrary irrational number. If the rational number a / b where b ≥ 1
and gcd(a, b) = 1, satisfies
a 1
x  2
b 2b
then a / b is one of the convergents pn / qn in the continued fraction representation of x.
Proof: Assume that a / b is not a convergent of x. Since the sequence qn is an increasing
sequence, there exists a unique integer n for which qn ≤ b < qn+1. For this n, the last lemma
gives the first inequality in the chain
a 1
qn x  pn  bx  a  b x  
b 2b
which may be written as

pn 1
x 
qn 2bqn

Since, a / b ≠ pn / qn, bpn – aqn is a nonzero integer, and hence 1 ≤ |bpn – aqn|.
Now, consider

1 bp  aqn p a p a 1 1
 n  n   n x  x   2
bqn bqn qn b qn b 2bqn 2b
Since, qn  b ,
1 1 1 1 1
 2  2  2  2.
2bqn 2b 2b 2b b
Therefore
1 1 1 1
 2    qn  b.
bqn b qn b

But this is a contradiction to the fact that qn ≤ b. This completes the proof.

172
16.3. Periodic Continued Fractions
Definition 2: If an infinite continued fraction contains a block of partial denominators b1, b2, …,
bn that repeats indefinitely, the fraction is called periodic. We write a periodic fraction as
a0 , a1, , am , b1, b2 , bn , b1, b2 , bn , 
More compactly as
a0 , a1, , am , b1, b2 , bn 
 
where the over bar indicates that this block of integers repeats over and over. If b1, b2 , bn is the

smallest block of integers that constantly repeats, we say that b1, b2 , bn is the period of the
expansion and that the length of the period is n.
For example

23  [4;1, 3, 1, 8, 1, 3, 1, 8, ]
 [4;1, 3, 1, 8]
is periodic, whereas
  [3; 7, 15, 1, 292, ]
is not a periodic continued fraction.
If a periodic simple continued fraction is given then the value of the continued fraction can be
found easily.
Example 2: Let x  [3;6,1, 4,1, 4, ]  [3;6,1, 4]  [3;6, y] , where y  [1, 4]  [1; 4, y]
Then,
1 y 5y 1
y  1  1 
4
1 4y 1 4y 1
y
which leads to the quadratic equation 4 y 2  4 y  1  0
1 2
Since y > 0, and since this equation has only one positive root, y  .
2
From x = [3;6, y], we find that
1 25  19 2 14  2
x  3   .
6
1 86 2 4
1 2
2
Example 3: Consider x  [4;1, 3, 1, 8, 1, 3, 1, 8, ]  [4;1, 3, 1, 8]

Using nth convergents pn / qn, let us find the value of periodic continued fraction [4;1, 3, 1, 8] .

173
Let y  [1;3,1,8,1,3,1,8 ]  [1;3,1,8, y] . Then,

n -2 -1 0 1 2 3 4
an 1 3 1 8 y
pn 0 1 1 4 5 44 44y+5
qn 1 0 1 3 4 35 35y+4

44 y  5
Hence, y   7 y2  8 y 1  0
35 y  4
4  23 1 7 23  4 23
Since y is positive, y  , therefore, x  [4; y]  4   4  
7 y 4  23 4  23
Hence x  23.

This shows that the values of the periodic simple continued fractions are the roots of quadratic
equations with integer coefficients. Later we prove it in a theorem.
Definition 3: An irrational number ξ is called a quadratic irrational (or algebraic of degree two)
if it is the root of a quadratic polynomial with integer coefficients, that is if a 2  b  c  0 for
suitable integer coefficients a, b, and c with a ≠ 0.
Proposition 1: A real number ξ is a quadratic irrational if and only if it has the form

  r  s d , where d is a positive integer that is not a perfect square, r and s are rational
numbers and s ≠ 0.
Proof: Any real irrational solution of a quadratic equation ax2 + bx + c = 0 obviously has this
form. Conversely, a real number of this form is irrational and satisfies the quadratic equation
(x – r)2 = s2d, which can be turned into a quadratic equation with integer coefficients upon
multiplication by squares of the denominators of r and s.

Definition 4: Let d be a positive integer that is not a perfect square. We define Q  d  to be

the set of all real numbers ξ of the form   r  s d , with r and s rational. The number
 '  r  s d is called the conjugate of ξ.

Note 1: Q  d  is a field. Hence, if ξ and η are numbers in Q  d  , then their sum ξ + η,

difference ξ – η, product ξ η, and quotient ξ / η also belongs to Q  d  , the quotient of course

provided η ≠ 0.
Note 2: Suppose ξ and η are in Q  d  , then (   )     , (   )     , ( )   

and ( /  )    / .

174
Proposition 2: If the number x has a periodic simple continued fraction expansion, then x is a
quadratic irrational.

Proof: Being an infinite continued fraction, x is irrational. We prove x  Q  d  for a suitable

positive integer d that is not a perfect square.

Let x  [a0 ; a1 , a2 , , am1 , b0 , b1 , , br 1 ] and y  [b0 , b1, , br 1 ]. Then y  [b0 ; b1 , , br 1 , y].

Let (pk, qk) be the convergents of the continued fraction [b0 ; b1, , br 1, y ]. Then
ypr 1  pr 2
y  [b0 ; b1, , br 1, y ]  ,
yqr 1  qr 2
and solving for y we see that y satisfies a quadratic equation with integer co-efficients. Hence, y
is a quadratic irrational.
yPm1  Pm2
Let (Pk, Qk) be the convergents of [a0 ; a1, a2 , , am1 ] . Then, x  [a0 ; a1 , , am1 , y] 
yQm1  Qm2

Hence, by note above, x  Q  d  .

The converse of Proposition 2 is also true, that is every quadratic irrational has a periodic simple
continued fraction expansion. The proof of this needs some preparatory work.

u d
Lemma 1: If x is a quadratic irrational, then x can be written in the form x  , where d is
v
an integer that is not a perfect square, u and v are integer, and v | (d – u2).

Proof: By proposition 1, x  r  s D , where D is an integer that is not a perfect square, r and s

are rational numbers s ≠ 0. We can obviously write r = a / c and s = b / c, where a, b, and c are
integers and b > 0. Then,
ab D a c  b c D u d
2 2
x   ,
c cc v
and the integers u = a|c|, v = c|c| and d = b2c2D satisfy the requirement v | (d – u2).

u0  d
Theorem 7: Suppose x0  , where d is a positive integer that is not a perfect square, u0
v0
and v0 are integers and v0 | (d  u02 ) . Define recursively the sequences  un 0 ,  vn 0 ,  an 0 , and
  

 xn 0

as follows:
un  d d  un21
xn  , an   xn  and un1  an vn  un , vn 1  , for n  0.
vn vn
Then un and vn are integers, vn | (d  un2 ) , and x0  [a0 ; a1, a2 , , an , xn1 ] for all n, and

x0  [a0 ; a1, a2 , ] .

175
Proof: We recall the recursive algorithm in Theorem 2 of Unit 4 for obtaining the continued
fraction expansion of x0  [a0 ; a1, a2 , ] . The terms an are given by

1
a0  [ x0 ], xn1  , and an1  [ xn1 ] for n  0, 1, 2,
xn  an

and we have x0  [a0 ; a1, a2 , , an , xn1 ] for all n.

un  d
Now suppose inductively that xn  , with integers un and vn that satisfy vn | (d  un2 ) .
vn
Then

1 1 d  (an vn  un ) un 1  d
xn 1     ,
xn  an d  (an vn  un ) d  (an vn  un ) 2 vn 1
vn vn


where un1  anvn  un , vn1  d  un21 / vn . 
Clearly, un+1 is an integer and un+1 ≡ –un(mod vn). Hence by the induction assumption,
d  un21  d  un2  0(mod vn ), that is vn divides d  un21 . Therefore, vn+1 is also an integer, and

vn1 | (d  un21 ) , because vnvn1  (d  un21 ). This completes the proof.

Example 4: Let us compute the continued fraction expansion of the number (1  5) / 3 using

u d
the above algorithm. Since 3 | (5  12 ), we first have to put the number in the form of .
v
Multiplying numerator and denominator by -3, we obtain

3  45
x0  , that is u0  3, v0  9, and d  45.
9
Now v0 / d  u02 , so we can start the algorithm. The result of the computations is shown in the
following table:
n 0 1 2 3 4 5 6 7 8 9
un -3 12 -1 5 5 3 6 6 3 5
vn -9 11 4 5 4 9 1 9 4 5
an -1 1 1 2 2 1 12 1 2 2

Since (u9, v9) = (u3, v3), we conclude x9 = x3. Thus

1 5
 [1;1,1,2,2,1,12,1,2].
3

176
Lemma 2: Let x be a quadratic irrational and define xn as in Theorem 7. If the conjugate xk  0

for some index k, then 1  xk  0 for all n > k.

Proof: By induction, it suffices to prove that xn  0 implies 1  xn 1  0. So assume xn  0 .
1
Consider, xn 1  . Then, by Note 2, we have
xn  an
1
xn 1 
xn  an
Since an ≥ 1, the denominator xn  an is strictly less than –1, so it follows that 1  xn 1  0 .

Lemma 3: Let x be a quadratic irrational, and define xn and an as in Theorem 7. If 1  xn  0 ,

then an  [1/ xn 1 ].

Proof: We have, xn 1  1/ ( xn  an ) , and hence ( 1/ xn 1 )  an  xn . Since 0   xn  1 , it

follows that [1/ xn 1 ]  [an  xn ]  an .

Lemma 4: If x is a quadratic irrational, then there exists an index k such that xk  0 .

Proof: Let (pk, qk) denote the kth convergent of x. Since x  [a0 ; a1 , a2 , , an1 , xn ], we have

pn 1 xn  pn 2
x ,
qn 1 xn  qn 2
and solving for xn we obtain
qn 2 x  pn 2 qn 2  x  ( pn 2 / qn 2 ) 
xn    .
pn 1  qn 1 x qn 1  x  ( pn 1  qn 1 ) 
qn 2  x  ( pn 2 / qn 2 ) 
By taking conjugates, we get xn    .
qn1  x  ( pn1  qn1 ) 
We now use the fact that the convergents pn / qn converges to x as n tends to infinity and that x’
≠ x. It follows that the expression within parenthesis converges to (x’ – x) / (x’ – x), that is to 1,
as n tends to infinity. Consequently, the expression within parenthesis is certainly greater than 0
when n is big enough, that is xn has the same sign as qn2 / qn1, which is negative since qn is

positive for all n ≥ 0.

Theorem 8: A real number x has a periodic simple continued fraction expansion if and only if it
is a quadratic irrational.
Proof: We have already proved that a periodic continued fraction is a quadratic irrational
[Proposition 2]. To prove the converse, let x = x0 be a quadratic irrational and write
un  d
xn  as in Theorem 7.
vn

177
By Lemma 4, there is an index k such that xn  0, and by Lemma 2, 1  xn  0 for all n  k.
Since xn > 1 for all n ≥ 1, we conclude that

2 d 2u
1  xn  xn  and 0  xn  xn  n
vn vn
for all n > k. Hence 0  vn  2 d and un > 0 if n > k. Moreover, using the relation

(d  un21 )  vnvn1  0 , we obtain un21  d , that is un1  d for n > k. Thus, if n > k+1, then

0  un  d and 0  vn  2 d . Hence, the ordered pairs (un, vn) can assume only a fixed
number of possible pair values and so there are distinct integers i and j with j > i such that uj = ui
and vj = vi. This implies that xi = xj = xi+(j – i), and hence x has a periodic continued fraction.

Note 1: All the continued fraction expansions of d takes the form d  [a0 ; a1 , a2 , , an ] that

is, the periodic part starts after one term, this initial term being [ d ] .
Note 2: If d is a positive integer that is not a perfect square, then the continued fraction

expansion of d necessarily of the form d  [a0 ; a1 , a2 , a3 , , a3 , a2 , 2a0 ] .

For example, for d = 14 14  [3;1, 2,1,6] and 23  [4;1,3,1,8] ,

Theorem 9: Let (pn ,qn) denote the nth convergent of d , let the integers un and vn be defined

for the number x = d as in Theorem , that is xn = (un+ d )/ vn with vn/(d –un2), and let r be the

period length of the continued fraction expansion of d . Then

(i) pn2  dqn2  (1)n1 vn1 for every n ≥ –1;

(ii) vn = 1 for every n ≥ 0;
(iii) vn = 1 if and only if r/n.

Proof. Write d = [a0, a1, a2, . . .] = [a0, a1, a2, . . . ,an, xn+1].

xn1 pn  pn1 (un1  d ) pn  vn1 pn1

(i) We have d  , which can also be written as
xn 1qn  qn 1 (un1  d )qn  vn 1qn 1
un1 pn  vn1 pn1  dqn  (un1qn1  pn ) d  0.
Since d is irrational, it follows that
un 1 pn  vn 1 pn 1  dqn  0
un 1qn  vn 1qn 1  pn  0
Eliminating un+1 from this system, we obtain pn2  dqn2  vn1 ( pn qn1  qn pn1 )  (1)n1 vn1 , where
we used Theorem 3 of Unit 13 to get the last equality.

178
(ii) The convergents pn/qn are > d if n is odd and < d if n is even. Therefore, pn2  dqn2 has the

same sign as (–1)n-1 , so it follows from (i) that vn 1 is positive for every n ≥ –1.

(iii) Since x = d has period length r, xkr 1  x1 for all positive integers k. It follows that

1 1
xkr  akr    x0  a0  a0  d ,
xkr 1 x1
That is xkr  akr  a0  d . Hence, vkr= 1 (and ukr= akr – a0).
Conversely, assume vn = 1; then xn = un + d , so an = [xn] = un+ [ d ] = un + a0

And xn - an = d - a0 = x0 – a0, that is xn1  1/ ( xn  an )  1/ ( x0  a0 )  x1. It follows from this

that n is a multiple of the period length r.
Proposition 3: Let d  [a0 ; a1, a2 , , ar 1,2a0 ]. Then an a0 for 1 n r – 1.

Proof: With x  x0  d , let xn  (un  d ) / vn be as in Theorem 7 and suppose 1 ≤ n ≤ r – 1.

Then vn ≥ 2 by the above Theorem, and using Lemma 2 we conclude that xn  (un  d ) / vn  0 ,

because x0   d  0 . It follows that un  d  0, that is un  d and hence

xn  2 d / vn  d . Finally, an  [ xn ]  [ d ]  a0 .

16.4. Pell’s Equation

The equation x2 – dy2 = N, with given nonzero integers d and N, is called Pell’s equation. If d is
negative, Pell’s equation can have only a finite number of solutions in integers, since x2 ≤ N and
y2 ≤ –N /d.
If d = a2 is a perfect square, then we have (x + ay) (x – ay) = N, and again there is only a
finite number of integral solutions to Pell’s equation, since there is only a finite number of ways
to factor N.
We will therefore suppose that d is a positive integer that is not a perfect square. We will
show that in that case there is either no solution at all or infinitely many solutions in integers.
When N = ±1, we will give a complete description of the set of solutions.
If (u, v) is an integral solution of Pell’s equation x2 – dy2 = N, then (±u, ±v) is also a
solution for every combination of the signs. Thus, in order to find all integral solutions it suffices
to find all positive solutions, that is all solutions (u, v) with u > 0 and v > 0. If N is a perfect

square, there will of course be two additional trivial solutions (  N ,0), and if –N /d happens to

be an integer that is a perfect square, (0,   N / d ) are two trivial solutions of Pell’s equation.

179
 If (x1, y1) and (x2, y2) are two positive solutions of x2 – dy2 = N, then
x12  x22  d ( y12  y22 ), and hence x1 < x2 if and only if y1 < y2. Thus, if we order the positive
solutions according to increasing x-value or according to increasing y-value we will get the same
result.
If there is a positive solution in integers of Pell’s equation, then there is obviously a
positive solution (x1, y1) with a least positive x-value. This solution has also the least y-value
among all positive solutions. Since it plays a special role we introduce the following definition.
Definition 5: Suppose Pell’s equation x2 – dy2 = N has positive integral solutions. The
fundamental solution, or least positive solution, is the positive solution (x1, y1) such that x1 < u
and y1 < v for every other positive solution (u, v).
The following theorem gives a connection between Pell’s equation and continued fractions.

Theorem 10: Let d be a positive integer that is not a perfect square, and suppose | N | < d.
If (u, v) is a positive solution in integers of x2 – dy2 = N, then there is a convergent (pn, qn) of the

simple continued fraction expansion of d . such that u /v = pn /qn.

Remark. The numbers u and v need not be relatively prime, but if c is their greatest common
divisor, then obviously c2 / N. Hence, if N is square-free, and in particular if N = ±1, then u and v
are necessarily relatively prime. That means that there is an index n such that u = pn and v = qn.
Proof: We will consider a more general situation. Let d and N be any positive real numbers, not

necessarily integers, such that d . is irrational and N < d . , and assume that u and v are positive

integers, such that d . is irrational and N < d . , and assume that u and v are positive integers
satisfying u2 – dv2 = N.
Since

u  u  u  dv
2 2
N
  d  d  2
v v 
2
v v
and the second factor of the left hand side is positive, we first conclude that (u / v)  d  0, and
consequently (u / v)  d  2 d . Hence
u  N d 1
0    d  2  2  2.
v  v ( u / v  d ) 2v d v
By Theorem 6, u / v is a convergent of d .
Let now d and N be as in the statement of the Theorem 10. The case N > 0 is a special
case of what we have just proved.

180
If N < 0, we rewrite the equation y 2  (1/ d ) x 2  ( N / d ). Since 0   N / d  d / d  1 / d ,

we can apply the general case above, and we conclude that v / u is a convergent of 1 / d .

Suppose d has the continued fraction [a0, a1, a2, . . .]. Then 1/ d  [0, d ]
 [0, a0 , a1, a2 , ] . Hence, there is an n such that
u 1
 [0, a0 , a1, a2 , ] 
v [a0 , a1, a2 , ] ,

That is u / v  1/ [a0 , a1, a2 , ] is a convergent of d

We now give a complete description if the solution set of Pell’s equation in the case N = ±1.
Theorem 11: Suppose d is a positive integer that is not a perfect square, let r be the period

length of the simple continued fraction expansion of d , and let  pn , qn n 0 be the corresponding


sequence of convergents.
(i) Suppose r is even. Then
a. x2 – dy2 = –1 has no solutions in integers;
b. all positive integral solutions of x2 – dy2 = 1 are given by x = pkr-1, y = qkr-1 for k =
1, 2, 3, … , with x = pr-1 and y = qr-1 as the fundamental solution.
(ii) Suppose r is even. Then
a. all positive integral solutions of x2 – dy2 = –1 are given by x = pkr-1, y = qkr-1 for k
= 1, 3, 5, … , with x = pr-1 and y = qr-1 as the fundamental solution.
b. all positive integral solutions of x2 – dy2 = 1 are given by x = pkr-1, y = qkr-1 for k =
2, 4, 6, … , with x = p2r-1 and y = q2r-1 as the fundamental solution.
Proof: By Theorem 10, the positive integral solutions of x2 – dy2 = ±1 are to be found among

the convergents (pn, qn). Furthermore, a0  [ d ]  1, so the sequence ( pn )n 0 is strictly

 pn , qn n0

increasing. Therefore, the first solution that appears in the sequence will be the

fundamental solution.
According to Theorem 9, pn2  dqn2  (1)n1 vn1 , where vn ≥ 1 for all n and vn = 1 if and

only if r / n. Thus, pn2  dqn2  2 except when n = kr – 1 for some nonnegative integer k, in

which case
pn2  dqn2  (1)kr .

181
If r is even, then (–1)kr = 1 for all k, and hence (pkr-1, qkr-1) is a solution of x 2  dy 2  1 has no
positive solution, and of course no solution at all in integers. This proves part (i). If the period
length r is odd, then (–1)kr = 1 for k even, and = –1 for k odd, and this proves part (ii).
Example 5: We shall use Theorem 11 to find the fundamental solution of the equation
x 2  19 y 2  1

The continued fraction expansion of 19  [4,2,1,3,1,2,8] . Since the period length is 6, the
fundamental solution is (x, y) = (p5, q5). The convergents are computed in the following table:
n -2 -1 0 1 2 3 4 5
an 4 2 1 3 1 2
pn 0 1 4 9 13 48 61 170
qn 1 0 1 2 3 11 14 39

Thus, the fundamental solution is (x, y) = (170, 39).

Theorem 11 gives a method for computing the successive solution of Pell’s equation but
it is tedious to compute convergents (pn, qn). Having found the fundamental solution, we can
find the remaining positive solutions by a simpler method, which will be described in Theorem
12 below.
Lemma 5: Let (x1, y1) be an arbitrary integral solution of x 2  dy 2  M and (x2, y2) an arbitrary

integral solution of x 2  dy 2  N , and define the integers u and v by

( x1  y1 d )( x2  y2 d )  (u  v d ),

that is u  ( x1x2  y1 y2d ), v  ( x1 y2  x2 y1 ). Then (u, v) is a solution of x 2  dy 2  MN . If (x1,

y1) and (x2, y2) are positive solutions, then (u, v) is also positive.

Proof: By taking conjugates we have ( x1  y1 d )( x2  y2 d )  (u  v d ), and hence

u 2  dv 2  (u  v d )(u  v d )
 ( x1  y1 d )( x2  y2 d )( x1  y1 d )( x2  y2 d )
 ( x12  dy12 )( x22  dy22 )  MN .
The solution (u, v) will obviously be positive if the original ones are positive.
Theorem 12: Let (x1, y1) be the fundamental solution of x 2  dy 2  1. Then all positive integral
solutions are given by (xn, yn), n ≥ 1, where the integers xn and yn are recursively defined by
xn1  ( x1xn  y1 ynd ), yn1  ( x1 yn  y1xn ).

182
Proof: Clearly xn1  yn1 d  ( x1  y1 d )( xn  yn d )  ( x1  y1 d )n1. Hence by Lemma 5

with M = N = 1, if (xn, yn) is a positive solution of Pell’s equation x 2  dy 2  1 , then (xn+1, yn+1)
will also be a positive solution. It therefore follows by induction, the (xn, yn) is a solution for all
n.
It remains to show that every positive integral solution is obtained in this way. Suppose
there is a positive solution (u, v) that is not of the form (xn, yn). Since xn forms an increasing
sequence, there must be some integer m such that xm u < xm+1. It follows that ym v < ym+1,
because we get the same result if positive solutions are ordered according to their x value or y
value. We cannot have equality, because u = xm would imply v = ym. Now (xm, –ym) is of course
also a (non-positive) solution of x 2  dy 2  1 , so by Lemma 5 we will obtain another solution (s,
t) by defining

(u  v d )
s  t d  (u  v d )( xm  ym d )  .
( xm  ym d )
Since ( xm  ym d )  (u  v d )  ( xm1  ym1 d ), we have
( xm1  ym1 d )
1 s  t d   ( x1  y1 d ).
( xm  ym d )
But s  t d  1/ ( s  t d ) and hence 0  s  t d  1. It now follows that
s  12 ( s  t d )  12 ( s  t d )  12  0  0
t d  12 ( s  t d )  12 ( s  t d )  12  12  0,
So (s, t) is a positive solution. Therefore, s > x1 and t > y1, but this contradicts s  t d 

x1  y1 d . This, contradiction shows that every integral solution (u, v) must be of the form (xn,
yn).
Example 2: In Example 1, we showed that the fundamental solution of x2 – 19y2 = 1
is (x1, y1) = (170, 39). Using the recursion formulas
xn+1 = x1xn + 19y1yn, yn+1 = x1yn + y1xn,
we can compute the next positive solutions. They are
(x2, y2) = (57 799, 13 260)
(x3, y3) = (19 651 490, 4 508 361)
(x4, y4) = (6 681 448 801, 1 532 829 480)
Just as in the case of x2 – dy2 = 1, further solutions of the equation x2 – dy2 = –1 can be found its
fundamental solution. We leave the proof of the following result to the reader.

183
Theorem 13: Suppose that x2 – dy2 = –1 has an integral solution, and let (x1, y1) denote the
fundamental solution. For n ≥ 1, define positive integers xn and yn recursively as in Theorem i,e.

(xn + yn d ) = (x1 +y1 d )n. Then all positive integral solutions of x2 – dy2 = –1 are given by (xn,
yn) with n odd, and all positive integral solutions of x2 – dy2 = 1 are given by (xn, yn) with n even.
In particular, (x2, y2) is the fundamental solution of x2 – dy2 = 1.

16.5. Summary
In this chapter we studied infinite continued fractions and showed that every irrational number
can be expressed as an infinite continued fraction and vice versa. We also showed how infinite
continued fractions can be used to completely determine the solutions of Pell’s equation.

16.6. Keywords
Infinite continued fraction, periodic continued fraction, rational and irrational numbers,
approximation, recursion formula.

16.7. Exercise:
1. Write down each irrational number as an infinite simple continued fraction:
(a) 5 (b) 7 (c) 15 (d) e
2. Using the continued fraction of π = [3; 7, 15, 1, 292, …] compute the value of π correct to
eight decimal places.
3. Using the continued fraction of e = [2; 1, 2, 1, 1, 4, 1, 1, 6, 1, 1, 8, …] compute the value
of e correct to six decimal places.
F
4. Prove that lim n 1   , the golden ratio.
n  F
n

5. Find all positive solutions of the following equations for which y < 250:
(a) x2 – 2y2 = 1 (b) x2 – 3y2 = 1 (c) x2 – 5y2 = 1.
6. Show that there are an infinitude of even integers n with the property that both n + 1 and
(n / 2) + 1 are perfect squares.
7. Find two positive solutions of each of the following equations:
(a) x2 – 23y2 = 1 (b) x2 – 26y2 = 1 (c) x2 – 33y2 = 1.

16.8. References
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
3. Encyclopedia of Mathematics and its Applications, Volume 11, Continued Fractions,
Analytic Theory and Applications, William B. Jones and W. J. Thron, Addison-Wesley
4. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and Hugh
L. Montgomery, John Wiley & Sons, Inc.

184