An Introductory Course in Elementary

Number Theory

Wissam Raji
2

Preface

These notes serve as course notes for an undergraduate course in number the-
ory. Most if not all universities worldwide offer introductory courses in number
theory for math majors and in many cases as an elective course.
The notes contain a useful introduction to important topics that need to be ad-
dressed in a course in number theory. Proofs of basic theorems are presented in
an interesting and comprehensive way that can be read and understood even by
non-majors with the exception in the last three chapters where a background in
analysis, measure theory and abstract algebra is required. The exercises are care-
fully chosen to broaden the understanding of the concepts. Moreover, these notes
shed light on analytic number theory, a subject that is rarely seen or approached
by undergraduate students. One of the unique characteristics of these notes is the
careful choice of topics and its importance in the theory of numbers. The freedom
is given in the last two chapters because of the advanced nature of the topics that
are presented.
Thanks to professor Pavel Guerzhoy from University of Hawaii for his contri-
bution in chapter 6 on continued fraction and to Professor Ramez Maalouf from
Notre Dame University, Lebanon for his contribution to chapter 8.
Contents

1 Introduction 7
1.1 Algebraic Operations With Integers . . . . . . . . . . . . . . . . 8
1.2 The Well Ordering Principle and Mathematical Induction . . . . . 11
1.2.1 The Well Ordering Principle . . . . . . . . . . . . . . . 11
1.2.2 The Pigeonhole Principle . . . . . . . . . . . . . . . . . 11
1.2.3 The Principle of Mathematical Induction . . . . . . . . 12
1.3 Divisibility and the Division Algorithm . . . . . . . . . . . . . . 14
1.3.1 Integer Divisibility . . . . . . . . . . . . . . . . . . . . . 15
1.3.2 The Division Algorithm . . . . . . . . . . . . . . . . . . 16
1.4 Representations of Integers in Different Bases . . . . . . . . . . . 18
1.5 The Greatest Common Divisor . . . . . . . . . . . . . . . . . . . 21
1.6 The Euclidean Algorithm . . . . . . . . . . . . . . . . . . . . . . 25
1.7 Lame’s Theorem and Binet’s Formula . . . . . . . . . . . . . . . 29
1.7.1 Lame’s Theorem . . . . . . . . . . . . . . . . . . . . . . 29
1.7.2 Binet’s Formula . . . . . . . . . . . . . . . . . . . . . . . 31

2 Prime Numbers 35
2.1 The Sieve of Eratosthenes . . . . . . . . . . . . . . . . . . . . . . 35
2.2 Alternate definition of prime number . . . . . . . . . . . . . . . . 38
2.3 The infinitude of Primes . . . . . . . . . . . . . . . . . . . . . . 39
2.4 The Fundamental Theorem of Arithmetic . . . . . . . . . . . . . 41

3
4 CONTENTS

2.4.1 The Fundamental Theorem of Arithmetic . . . . . . . . . 41

2.4.2 More on the Infinitude of Primes . . . . . . . . . . . . . . 45
2.5 Least Common Multiple . . . . . . . . . . . . . . . . . . . . . . 46
2.6 Linear Diophantine Equations . . . . . . . . . . . . . . . . . . . 49
2.7 The function [x] , the symbols ”O”, ”o” and ”∼” . . . . . . . . . . 51
2.7.1 The Function [x] . . . . . . . . . . . . . . . . . . . . . . 52
2.7.2 The ”O” and ”o” Symbols . . . . . . . . . . . . . . . . . 52
2.8 Theorems and Conjectures involving prime numbers . . . . . . . 54

3 Classical questions 57
3.1 Geometric numbers . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.2 Irrational numbers . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.3 Gaussian integers . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.3.1 Ring properties of Z[i] . . . . . . . . . . . . . . . . . . . 61
3.3.2 Division . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.3.3 Primality . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.4 Algebraic and transcendental numbers . . . . . . . . . . . . . . . 70
3.4.1 The algebraic numbers form a ring . . . . . . . . . . . . . 70
3.4.2 Liouville’s number . . . . . . . . . . . . . . . . . . . . . 72

4 Congruences 77
4.1 Introduction to congruences . . . . . . . . . . . . . . . . . . . . 77
4.2 Residue Systems and Euler’s φ-Function . . . . . . . . . . . . . . 84
4.2.1 Residue Systems . . . . . . . . . . . . . . . . . . . . . . 84
4.2.2 Euler’s φ-Function . . . . . . . . . . . . . . . . . . . . . 86
4.3 Linear Congruences . . . . . . . . . . . . . . . . . . . . . . . . . 87
4.4 The Chinese Remainder Theorem . . . . . . . . . . . . . . . . . 89
4.4.1 Direct solution . . . . . . . . . . . . . . . . . . . . . . . 89
4.4.2 Incremental solution . . . . . . . . . . . . . . . . . . . . 91
4.5 Field properties of residues, primality . . . . . . . . . . . . . . . 93
CONTENTS 5

4.5.1 When is a system of residues a field? . . . . . . . . . . . 93

4.5.2 Fermat’s Last Theorem as a primality test . . . . . . . . . 96
4.6 Theorems of Fermat, Euler, and Wilson . . . . . . . . . . . . . . 97

5 Multiplicative Number Theoretic Functions 103

5.1 Definitions and Properties . . . . . . . . . . . . . . . . . . . . . . 104
5.2 Multiplicative Number Theoretic Functions . . . . . . . . . . . . 107
5.2.1 The Euler φ-Function . . . . . . . . . . . . . . . . . . . 107
5.2.2 The Sum-of-Divisors Function . . . . . . . . . . . . . . 110
5.2.3 The Number-of-Divisors Function . . . . . . . . . . . . 111
5.3 The Mobius Function and the Mobius Inversion Formula . . . . . 113
5.4 Perfect, Mersenne, and Fermat Numbers . . . . . . . . . . . . . . 116

6 Primitive Roots and Quadratic Residues 123

6.1 The order of Integers and Primitive Roots . . . . . . . . . . . . . 123
6.2 Primitive Roots for Primes . . . . . . . . . . . . . . . . . . . . . 128
6.3 The Existence of Primitive Roots . . . . . . . . . . . . . . . . . . 132
6.4 Introduction to Quadratic Residues and Nonresidues . . . . . . . 139
6.5 Legendre Symbol . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.6 The Law of Quadratic Reciprocity . . . . . . . . . . . . . . . . . 146
6.7 Jacobi Symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

7 Introduction to Continued Fractions 155

7.1 Basic Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
7.2 Main Technical Tool . . . . . . . . . . . . . . . . . . . . . . . . 160
7.3 Very Good Approximation . . . . . . . . . . . . . . . . . . . . . 165
7.4 An Application . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
7.5 A Formula of Gauss, a Theorem of Kuzmin and Lévi and a Prob-
lem of Arnold . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
6 CONTENTS

8 Introduction to Analytic Number Theory 171

8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
8.2 Chebyshev’s Functions . . . . . . . . . . . . . . . . . . . . . . . 175
8.3 Getting Closer to the Proof of the Prime Number Theorem . . . . 177

9 Other Topics in Number Theory 185

9.1 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
9.1.1 Public key cryptography . . . . . . . . . . . . . . . . . . 185
9.1.2 The RSA algorithm . . . . . . . . . . . . . . . . . . . . . 186
9.1.3 Is RSA safe? . . . . . . . . . . . . . . . . . . . . . . . . 190
9.2 Elliptic Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
9.3 The Riemann Zeta Function . . . . . . . . . . . . . . . . . . . . 198
Chapter 1

Introduction

Integers are the building blocks of the theory of numbers. This chapter contains
somewhat very simple and obvious observations starting with properties of inte-
gers and yet the proofs behind those observations are not as simple. In this chapter
we introduce basic operations on integers and some algebraic definitions that will
be necessary to understand basic concepts in this book. We then introduce the
Well ordering principle which states basically that every set of positive integers
has a smallest element. Proof by induction is also presented as an efficient method
for proving several theorems throughout the book. We proceed to define the con-
cept of divisibility and the division algorithm. We then introduce the elementary
but fundamental concept of a greatest common divisor (gcd) of two integers, and
the Euclidean algorithm for finding the gcd of two integers. We end this chap-
ter with Lame’s Lemma on an estimate of the number of steps in the Euclidean
algorithm needed to find the gcd of two integers.

7
8 CHAPTER 1. INTRODUCTION

1.1 Algebraic Operations With Integers

The set Z of all integers, which this book is all about, consists of all positive and
negative integers as well as 0. Thus Z is the set given by

Z = {..., −4, −3, −2, −1, 0, 1, 2, 3, 4, ...}. (1.1)

While the set of all positive integers, denoted by N, is defined by

N = {1, 2, 3, 4, ...}. (1.2)

On Z, there are two basic binary operations, namely addition (denoted by +)

and multiplication (denoted by ·), that satisfy some basic properties from which
every other property for Z emerges.

1. The Commutativity property for addition and multiplication

a+b=b+a
a·b=b·a

2. Associativity property for addition and multiplication

(a + b) + c = a + (b + c)
(a · b) · c = a · (b · c)

3. The distributivity property of multiplication over addition

a · (b + c) = a · b + a · c.
1.1. ALGEBRAIC OPERATIONS WITH INTEGERS 9

In the set Z there are ”identity elements” for the two operations + and ·, and these
are the elements 0 and 1 respectively, that satisfy the basic properties

a+0=0+a=a
a·1=1·a=a

for every a ∈ Z.

The set Z allows additive inverses for its elements, in the sense that for every
a ∈ Z there exists another integer in Z, denoted by −a, such that

a + (−a) = 0. (1.3)

While for multiplication, only the integer 1 has a multiplicative inverse in the
sense that 1 is the only integer a such that there exists another integer, denoted by
a−1 or by 1/a, (namely 1 itself in this case) such that

a · a−1 = 1. (1.4)

From the operations of addition and multiplication one can define two other
operations on Z, namely subtraction (denoted by −) and division (denoted by
/). Subtraction is a binary operation on Z, i.e. defined for any two integers in Z,
while division is not a binary operation and thus is defined only for some specific
couple of integers in Z. Subtraction and division are defined as follows:

1. a − b is defined by a + (−b), i.e. a − b = a + (−b) for every a, b ∈ Z

2. a/b is defined by the integer c if and only if a = b · c.

Some of the sets we study in Number Theory contain all these properties. Let
R be a set, with two operations called addition and multiplication. We say that R
is a ring if

• addition satisfies
10 CHAPTER 1. INTRODUCTION

– closure: for any a, b ∈ R, we also have a + b ∈ R;

– associativity: for any a, b, c ∈ R, we have (a + b) + c = a + (b + c);
– commutativity: for any a, b ∈ R, we have a + b = b + a;
– identity: there exists a “zero element” 0 in R, which for any a ∈ R
satisfies 0 + a = a;
– inverses: for any a ∈ R, we can find b ∈ R such that a + b = 0 (we
usually write −a for this inverse);

while

• multiplication satisfies

– closure: for any a, b ∈ R, we also have a × b ∈ R;

– associativity: for any a, b, c ∈ R, we have (a × b) × c = a × (b × c);
– commutativity: for any a, b ∈ R, we have a × b = b × a;
– identity: there exists a “one element” 1 in R, which for any a ∈ R
satisfies 1 × a = a;
– distributivity over addition: for any a, b, c ∈ R, we have a × (b + c) =
a × b + a × c.

Notice that we do not require multiplicative inverses in a ring: if the nonzero

elements of a ring do have multiplicative inverses, then we call it a field.
Remark 1. To be accurate, we are really talking about a commutative ring; in
general, a ring’s multiplication need not be commutative — think, for example, of
matrices. However, we only consider commutative rings in here.
Exercises
1. Which of the following are rings under ordinary addition and multiplication,
and which are also fields?
n √ o
N, Z, Q, R, C, a + b 2 : a, b ∈ Z
1.2. THE WELL ORDERING PRINCIPLE AND MATHEMATICAL INDUCTION11

1.2 The Well Ordering Principle and Mathematical

Induction
In this section, we present three basic tools that will often be used in proving prop-
erties of the integers. We start with a very important property of integers called
the well ordering principle. We then state what is known as the pigeonhole prin-
ciple, and then we proceed to present an important method called mathematical
induction.

1.2.1 The Well Ordering Principle

The Well Ordering Principle: A least element exist in any non empty set of pos-
itive integers.

This principle can be taken as an axiom on integers and it will be the key to
proving many theorems. As a result, we see that any set of positive integers is
well ordered while the set of all integers is not well ordered.

1.2.2 The Pigeonhole Principle

The Pigeonhole Principle: If s objects are placed in k boxes for s > k, then at
least one box contains more than one object.

Proof. Suppose that none of the boxes contains more than one object. Then there
are at most k objects. This leads to a contradiction with the fact that there are s
objects for s > k.
12 CHAPTER 1. INTRODUCTION

1.2.3 The Principle of Mathematical Induction

We now present a valuable tool for proving results about integers. This tool is the
principle of mathematical induction .

Theorem 1. The First Principle of Mathematical Induction: If a set of positive

integers has the property that, if it contains the integer k, then it also contains
k + 1, and if this set contains 1 then it must be the set of all positive integers.
More generally, a property concerning the positive integers that is true for n = 1,
and that is true for the integer n + 1 whenever it is true for the integer n, must be
true for all positive integers.

We use the well ordering principle to prove the first principle of mathematical
induction

Proof. Let S be the set of positive integers containing the integer 1, and the integer
k + 1 whenever it contains k. Assume also that S is not the set of all positive
integers. As a result, there are some integers that are not contained in S and thus
those integers must have a least element α by the well ordering principle. Notice
that α 6= 1 since 1 ∈ S. But α − 1 ∈ S and thus using the property of S, α ∈ S.
Thus S must contain all positive integers.

We now present some examples in which we use the principle of induction.

Example 1. Use mathematical induction to show that ∀n ∈ N

n
X n(n + 1)
j= . (1.5)
j=1
2

First note that

1
X 1·2
j=1=
j=1
2
1.2. THE WELL ORDERING PRINCIPLE AND MATHEMATICAL INDUCTION13

and thus the the statement is true for n = 1. For the remaining inductive step,
suppose that the formula holds for n, that is nj=1 j = n(n+1)
P
2
. We show that

n+1
X (n + 1)(n + 2)
j= .
j=1
2

to complete the proof by induction. Indeed

n+1 n
X X n(n + 1) (n + 1)(n + 2)
j= j + (n + 1) = + (n + 1) = ,
j=1 j=1
2 2

and the result follows.

Example 2. Use mathematical induction to prove that n! ≤ nn for all positive

integers n.

Note that 1! = 1 ≤ 11 = 1. We now present the inductive step. Suppose that

n! ≤ nn

for some n, we prove that (n + 1)! ≤ (n + 1)n+1 . Note that

(n + 1)! = (n + 1)n! ≤ (n + 1).nn < (n + 1)(n + 1)n = (n + 1)n+1 .

This completes the proof.

Theorem 2. The Second Principle of Mathematical Induction: A set of positive

integers that has the property that for every integer k, if it contains all the integers
1 through k then it contains k + 1 and if it contains 1 then it must be the set of all
positive integers. More generally, a property concerning the positive integers that
is true for n = 1, and that is true for all integers up to n + 1 whenever it is true
for all integers up to n, must be true for all positive integers.
14 CHAPTER 1. INTRODUCTION

The second principle of induction is also known as the principle of strong

induction. Also, the first principle of induction is known as the principle of
weak induction.
To prove the second principle of induction, we use the first principle of induc-
tion.

Proof. Let T be a set of integers containing 1 and such that for every positive
integer k, if it contains 1, 2, ..., k, then it contains k + 1. Let S be the set of all
positive integers k such that all the positive integers less than or equal to k are in
T . Then 1 is in S, and we also see that k + 1 is in S. Thus S must be the set of
all positive integers. Thus T must be the set of all positive integers since S is a
subset of T .

Exercises

1. Prove using mathematical induction that n < 3n for all positive integers n.
Pn n(n+1)(2n+1)
2. Show that j=1 j2 = 6
.
Pn j−1 2
3. Use mathematical induction to prove that j=1 (−1) j = (−1)n−1 n(n+
1)/2.
Pn
4. Use mathematical induction to prove that j=1 j 3 = [n(n+1)/2]2 for every
positive integer n.
Pn
5. Use mathematical induction to prove that j=1 (2j − 1) = n2

6. Use mathematical induction to prove that 2n < n! for n ≥ 4.

7. Use mathematical induction to prove that n2 < n! for n ≥ 4.

1.3 Divisibility and the Division Algorithm

We now discuss the concept of divisibility and its properties.
1.3. DIVISIBILITY AND THE DIVISION ALGORITHM 15

1.3.1 Integer Divisibility

Definition 1. If a and b are integers such that a 6= 0, then we say ”a divides b” if
there exists an integer k such that b = ka.

If a divides b, we also say ”a is a factor of b” or ”b is a multiple of a” and we

write a | b. If a doesn’t divide b, we write a - b. For example 2 | 4 and 7 | 63,
while 5 - 26.

Example 3. a) Note that any even integer has the form 2k for some integer k,
while any odd integer has the form 2k + 1 for some integer k. Thus 2|n if n is
even, while 2 - n if n is odd.
b) ∀a ∈ Z one has that a | 0.
c) If b ∈ Z is such that |b| < a, and b 6= 0, then a - b.

Theorem 3. If a, b and c are integers such that a | b and b | c, then a | c.

Proof. Since a | b and b | c, then there exist integers k1 and k2 such that b = k1 a
and c = k2 b. As a result, we have c = k1 k2 a and hence a | c.

Example 4. Since 6 | 18 and 18 | 36, then 6 | 36.

The following theorem states that if an integer divides two other integers then
it divides any linear combination of these integers.

Theorem 4. If a, b, c, m and n are integers, and if c | a and c | b, then c |

(ma + nb).

Proof. Since c | a and c | b, then by definition there exists k1 and k2 such that
a = k1 c and b = k2 c. Thus

ma + nb = mk1 c + nk2 c = c(mk1 + nk2 ),

and hence c | (ma + nb).

16 CHAPTER 1. INTRODUCTION

Theorem 4 can be generalized to any finite linear combination as follows. If

a | b1 , a | b2 , ..., a | bn

then n
X
a| kj bj (1.6)
j=1

for any set of integers k1 , · · · , kn ∈ Z. It would be a nice exercise to prove the

generalization by induction.

1.3.2 The Division Algorithm

The following theorem states somewhat an elementary but very useful result.

Theorem 5. The Division Algorithm If a and b are integers such that b > 0, then
there exist unique integers q and r such that a = bq + r where 0 ≤ r < b.

Proof. Consider the set A = {a − bk ≥ 0 | k ∈ Z}. Note that A is nonempty

since for k < a/b, a − bk > 0. By the well ordering principle, A has a least
element r = a − bq for some q. Notice that r ≥ 0 by construction. Now if r ≥ b
then (since b > 0)

r > r − b = a − bq − b = a − b(q + 1) =≥ 0.

This leads to a contradiction since r is assumed to be the least positive integer of

the form r = a − bq. As a result we have 0 ≤ r < b.
We will show that q and r are unique. Suppose that a = bq1 + r1 and a =
bq2 + r2 with 0 ≤ r1 < b and 0 ≤ r2 < b. Then we have

b(q1 − q2 ) + (r1 − r2 ) = 0.

As a result we have
b(q1 − q2 ) = r2 − r1 .
1.3. DIVISIBILITY AND THE DIVISION ALGORITHM 17

Thus we get that

b | (r2 − r1 ).

And since − max(r1 , r2 ) ≤ |r2 − r1 | ≤ max(r1 , r2 ), and b > max(r1 , r2 ), then

r2 − r1 must be 0, i.e. r2 = r1 . And since bq1 + r1 = bq2 + r2 , we also get that
q1 = q2 . This proves uniqueness.

Example 5. If a = 71 and b = 6, then 71 = 6 · 11 + 5. Here q = 11 and r = 5.

Exercises

1. Show that 5 | 25, 19 | 38 and 2 | 98.

2. Use the division algorithm to find the quotient and the remainder when 76
is divided by 13.

3. Use the division algorithm to find the quotient and the remainder when -100
is divided by 13.

4. Show that if a, b, c and d are integers with a and c nonzero, such that a | b
and c | d, then ac | bd.

5. Show that if a and b are positive integers and a | b, then a ≤ b.

6. Prove that the sum of two even integers is even, the sum of two odd integers
is even and the sum of an even integer and an odd integer is odd.

7. Show that the product of two even integers is even, the product of two odd
integers is odd and the product of an even integer and an odd integer is even.

8. Show that if m is an integer then 3 divides m3 − m.

9. Show that the square of every odd integer is of the form 8m + 1.

10. Show that the square of any integer is of the form 3m or 3m + 1 but not of
the form 3m + 2.
18 CHAPTER 1. INTRODUCTION

11. Show that if ac | bc, then a | b.

12. Show that if a | b and b | a then a = ±b.

1.4 Representations of Integers in Different Bases

In this section, we show how any positive integer can be written in terms of any
positive base integer expansion in a unique way. Normally we use decimal nota-
tion to represent integers, we will show how to convert an integer from decimal
notation into any other positive base integer notation and vise versa. Using the
decimal notation in daily life is simply better because we have ten fingers which
facilitates all the mathematical operations.
Notation An integer a written in base b expansion is denoted by (a)b .

Theorem 6. Let b be a positive integer with b > 1. Then any positive integer m
can be written uniquely as

m = al bl + al−1 bl−1 + ... + a1 b + a0 ,

where l is a positive integer, 0 ≤ aj < b for j = 0, 1, ..., l and al 6= 0.

Proof. We start by dividing m by b and we get

m = bq0 + a0 , 0 ≤ a0 < b.

If q0 6= 0 then we continue to divide q0 by b and we get

q0 = bq1 + a1 , 0 ≤ a1 < b.
1.4. REPRESENTATIONS OF INTEGERS IN DIFFERENT BASES 19

We continue this process and hence we get

q1 = bq2 + a2 , 0 ≤ a2 < b,
.
.
.
ql−2 = bql−1 + al−1 , 0 ≤ al−1 < b,
ql−1 = b · 0 + al , 0 ≤ al < b.

Note that the sequence q0 , q1 , ... is a decreasing sequence of positive integers with
a last term ql that must be 0.
Now substituting the equation q0 = bq1 + a1 in m = bq0 + a0 , we get

m = b(bq1 + a1 ) + a0 = b2 q1 + a1 b + a0 ,

Successively substituting the equations in m, we get

m = b 3 q 2 + a2 b 2 + a1 b + a0 ,
.
.
.
= bl ql−1 + al−1 bl−1 + ... + a1 b + a0 ,
= al bl + al−1 bl−1 + ... + a1 b + a0 .

What remains to prove is that the representation is unique. Suppose now that

m = al bl + al−1 bl−1 + ... + a1 b + a0 = cl bl + cl−1 bl−1 + ... + c1 b + c0

where if the number of terms is different in one expansion, we add zero coeffi-
cients to make the number of terms agree. Subtracting the two expansions, we
get

(al − cl )bl + (al−1 − cl−1 )bl−1 + ... + (a1 − c1 )b + (a0 − c0 ) = 0.

20 CHAPTER 1. INTRODUCTION

If the two expansions are different, then there exists 0 ≤ j ≤ l such that cj 6= aj .
As a result, we get

bj ((al − cl )bl−j + ... + (aj+1 − cj+1 )b + (aj − cj )) = 0

and since b 6= 0, we get

(al − cl )bl−j + ... + (aj+1 − cj+1 )b + (aj − cj ) = 0.

We now get
aj − cj = (al − cl )bl−j + ... + (aj+1 − cj+1 )b,

and as a result, b | (aj − cj ). Since 0 ≤ aj < b and 0 ≤ cj < b, we get that

aj = cj . This is a contradiction and hence the expansion is unique.

Note that base 2 representation of integers is called binary representation. Bi-

nary representation plays a crucial role in computers. Arithmetic operations can
be carried out on integers with any positive integer base but it will not be addressed
in this book. We now present examples of how to convert from decimal integer
representation to any other base representation and vise versa.

Example 6. To find the expansion of 214 base 3:

we do the following

214 = 3 · 71 + 1
71 = 3 · 23 + 2
23 = 3 · 7 + 2
7 = 3·2+1
2 = 3·0+2

As a result, to obtain a base 3 expansion of 214, we take the remainders of divi-

sions and we get that (214)10 = (21221)3 .
1.5. THE GREATEST COMMON DIVISOR 21

Example 7. To find the base 10 expansion, i.e. the decimal expansion, of (364)7 :

We do the following: 4 · 70 + 6 · 71 + 3 · 72 = 4 + 42 + 147 = 193.

In some cases where base b > 10 expansion is needed, we add some characters
to represent numbers greater than 9. It is known to use the alphabetic letters to
denote integers greater than 9 in base b expansion for b > 10. For example
(46BC29)13 where A = 10, B = 11, C = 12.
To convert from one base to the other, the simplest way is to go through base
10 and then convert to the other base. There are methods that simplify conversion
from one base to the other but it will not be addressed in this book.

Exercises

1. Convert (7482)10 to base 6 notation.

2. Convert (98156)10 to base 8 notation.

3. Convert (101011101)2 to decimal notation.

4. Convert (AB6C7D)16 to decimal notation.

5. Convert (9A0B)16 to binary notation.

1.5 The Greatest Common Divisor

In this section we define the greatest common divisor (gcd) of two integers and
discuss its properties. We also prove that the greatest common divisor of two
integers is a linear combination of these integers.
Two integers a and b, not both 0, can have only finitely many divisors, and thus
can have only finitely many common divisors. In this section, we are interested
in the greatest common divisor of a and b. Note that the divisors of a and that of
| a | are the same.
22 CHAPTER 1. INTRODUCTION

Definition 2. The greatest common divisor of two integers a and b is the greatest
integer that divides both a and b.

We denote the greatest common divisor of two integers a and b by (a, b). We
also define (0, 0) = 0.

Example 8. Note that the greatest common divisor of 24 and 18 is 6. In other

words (24, 18) = 6.

There are couples of integers (e.g. 3 and 4, etc...) whose greatest common
divisor is 1 so we call such integers relatively prime integers.

Definition 3. Two integers a and b are relatively prime if (a, b) = 1.

Example 9. The greatest common divisor of 9 and 16 is 1, thus they are relatively
prime.

Note that every integer has positive and negative divisors. If a is a positive
divisor of m, then −a is also a divisor of m. Therefore by our definition of the
greatest common divisor, we can see that (a, b) = (| a |, | b |).
We now present a theorem about the greatest common divisor of two integers.
The theorem states that if we divide two integers by their greatest common divisor,
then the outcome is a couple of integers that are relatively prime.

Theorem 7. If (a, b) = d then (a/d, b/d) = 1.

Proof. We will show that a/d and b/d have no common positive divisors other
than 1. Assume that k is a positive common divisor such that k | a/d and k | b/d.
As a result, there are two positive integers m and n such that

a/d = km and b/d = kn

Thus we get that

a = kmd and b = knd.
Hence kd is a common divisor of both a and b. Also, kd ≥ d. However, d is the
greatest common divisor of a and b. As a result, we get that k = 1.
1.5. THE GREATEST COMMON DIVISOR 23

The next theorem shows that the greatest common divisor of two integers does
not change when we add a multiple of one of the two integers to the other.

Theorem 8. Let a, b and c be integers. Then (a, b) = (a + cb, b).

Proof. We will show that every divisor of a and b is also a divisor of a + cb and
b and vise versa. Hence they have exactly the same divisors. So we get that the
greatest common divisor of a and b will also be the greatest common divisor of
a + cb and b. Let k be a common divisor of a and b. By Theorem 4, k | (a + cb)
and hence k is a divisor of a+cb. Now assume that l is a common divisor of a+cb
and b. Also by Theorem 4 we have ,

l | ((a + cb) − cb) = a.

As a result, l is a common divisor of a and b and the result follows.

Example 10. Notice that (4, 14) = (4, 14 − 3 · 4) = (4, 2) = 2.

We now present a theorem which proves that the greatest common divisor of
two integers can be written as a linear combination of the two integers.

Theorem 9. The greatest common divisor of two integers a and b, not both 0 is
the least positive integer such that ma + nb = d for some integers m and n.

Proof. Assume without loss of generality that a and b are positive integers. Con-
sider the set of all positive integer linear combinations of a and b. This set is non
empty since a = 1 · a + 0 · b and b = 0 · a + 1 · b are both in this set. Thus this set
has a least element d by the well-ordering principle. Thus d = ma + nb for some
integers m and n. We have to prove that d divides both a and b and that it is the
greatest divisor of a and b.
By the division algorithm, we have

a = dq + r, 0 ≤ r < d.
24 CHAPTER 1. INTRODUCTION

Thus we have

r = a − dq = a − q(ma + nb) = (1 − qm)a − qnb.

We then have that r is a linear combination of a and b. Since 0 ≤ r < d and d

is the least positive integer which is a linear combination of a and b, then r = 0
and a = dq. Hence d | a. Similarly d | b. Now notice that if there is a divisor
c that divides both a and b. Then c divides any linear combination of a and b by
Theorem 4. Hence c | d. This proves that any common divisor of a and b divides
d. Hence c ≤ d, and d is the greatest divisor.

As a result, we conclude that if (a, b) = 1 then there exist integers m and n

such that ma + nb = 1.

Definition 4. Let a1 , a2 , ..., an be integers, not all 0. The greatest common divisor
of these integers is the largest integer that divides all of the integers in the set. The
greatest common divisor of a1 , a2 , ..., an is denoted by (a1 , a2 , ..., an ).

Definition 5. The integers a1 , a2 , ..., an are said to be mutually relatively prime if

(a1 , a2 , ..., an ) = 1.

Example 11. The integers 3, 6, 7 are mutually relatively prime since (3, 6, 7) = 1
although (3, 6) = 3.

Definition 6. The integers a1 , a2 , ..., an are called pairwise prime if for each i 6= j,
we have (ai , aj ) = 1.

Example 12. The integers 3, 14, 25 are pairwise relatively prime. Notice also that
these integers are mutually relatively prime.

Notice that if a1 , a2 , ..., an are pairwise relatively prime then they are mutually
relatively prime.
1.6. THE EUCLIDEAN ALGORITHM 25

Exercises

1. Find the greatest common divisor of 15 and 35.

2. Find the greatest common divisor of 100 and 104.

3. Find the greatest common divisor of -30 and 95.

4. Let m be a positive integer. Find the greatest common divisor of m and

m + 1.

5. Let m be a positive integer, find the greatest common divisor of m and

m + 2.

6. Show that if m and n are integers such that (m, n) = 1, then (m+n,m-n)=1
or 2.

7. Show that if m is a positive integer, then 3m + 2 and 5m + 3 are relatively

prime.

8. Show that if a and b are relatively prime integers, then (a+2b, 2a+b) = 1or
3.

9. Show that if a1 , a2 , ..., an are integers that are not all 0 and c is a positive
integer, then (ca1 , ca2 , ..., can ) = c(a1 , a2 , ...an ).

1.6 The Euclidean Algorithm

In this section we describe a systematic method that determines the greatest com-
mon divisor of two integers. This method is called the Euclidean algorithm.
26 CHAPTER 1. INTRODUCTION

Lemma 1. If a and b are two integers and a = bq + r where also q and r are
integers, then (a, b) = (r, b).

Proof. Note that by theorem 8, we have (bq + r, b) = (b, r).

The above lemma will lead to a more general version of it. We now present the
Euclidean algorithm in its general form. It states that the greatest common divisor
of two integers is the last non zero remainder of the successive division.

Theorem 10. Let a = r0 and b = r1 be two positive integers where a ≥ b. If we

apply the division algorithm successively to obtain that

rj = rj+1 qj+1 + rj+2 where 0 ≤ rj+2 < rj+1

for all j = 0, 1, ..., n − 2 and

rn+1 = 0.
Then (a, b) = rn .

Proof. By applying the division algorithm, we see that

r0 = r1 q1 + r2 0 ≤ r2 < r1 ,
r1 = r2 q2 + r3 0 ≤ r3 < r2 ,
.
.
.
rn−2 = rn−1 qn−1 + rn 0 ≤ rn < rn−1 ,
rn−1 = rn qn .

Notice that, we will have a remainder of 0 eventually since all the remainders
are integers and every remainder in the next step is less than the remainder in the
previous one. By Lemma 1, we see that

(a, b) = (b, r2 ) = (r2 , r3 ) = ... = (rn , 0) = rn .

1.6. THE EUCLIDEAN ALGORITHM 27

Example 13. We will find the greatest common divisor of 4147 and 10672. Note
that

10672 = 4147 · 2 + 2378,

4147 = 2378 · 1 + 1769,
2378 = 1769 · 1 + 609,
1769 = 609 · 2 + 551,
609 = 551 · 1 + 58,
551 = 58 · 9 + 29,
58 = 29 · 2,

Hence (4147, 10672) = 29.

We now use the steps in the Euclidean algorithm to write the greatest common
divisor of two integers as a linear combination of the two integers. The following
example will actually determine the variables m and n described in Theorem 9.
The following algorithm can be described by a general form but for the sake of
simplicity of expressions we will present an example that shows the steps for
obtaining the greatest common divisor of two integers as a linear combination of
the two integers.
28 CHAPTER 1. INTRODUCTION

Example 14. Express 29 as a linear combination of 4147 and 10672.

29 = 551 − 9 · 58,
= 551 − 9(609 − 551 · 1),
= 10.551 − 9.609,
= 10 · (1769 − 609 · 2) − 9 · 609,
= 10 · 1769 − 29 · 609,
= 10 · 1769 − 29(2378 − 1769 · 1),
= 39 · 1769 − 29 · 2378,
= 39(4147 − 2378 · 1) − 29 · 2378,
= 39 · 4147 − 68 · 2378,
= 39 · 4147 − 68(10672 − 4147 · 2),
= 175 · 4147 − 68 · 10672,

As a result, we see that 29 = 175 · 4147 − 68 · 10672.

This property is called Bezout’s Identity:

For any two integers a and b, we can always find integers m and n
such that gcd(a, b) = am + bn.

We can always find this expression by reversing the results of the Euclidean algo-
rithm.
Exercises

1. Use the Euclidean algorithm to find the greatest common divisor of 412 and
32 and express it in terms of the two integers.

2. Use the Euclidean algorithm to find the greatest common divisor of 780 and
150 and express it in terms of the two integers.

3. Find the greatest common divisor of 70, 98, 108.

1.7. LAME’S THEOREM AND BINET’S FORMULA 29

4. Let a and b be two positive even integers. Prove that (a, b) = 2(a/2, b/2).

5. Show that if a and b are positive integers where a is even and b is odd, then
(a, b) = (a/2, b).

1.7 Lame’s Theorem and Binet’s Formula

In this section, we give an estimate to the number of steps needed to find the
greatest common divisor of two integers using the Euclidean algorithm. To do this,
we have to introduce the Fibonacci numbers for the sake of proving a lemma that
gives an estimate on the growth of Fibonacci numbers in the Fibonacci sequence.
The lemma that we prove will be used in the proof of Lame’s theorem. We then
turn to illustrate an unexpected property of the Fibonacci sequence, called Binet’s
Formula.

1.7.1 Lame’s Theorem

Definition 7. The Fibonacci sequence is defined recursively by f1 = 1, f2 = 1,
and
fn = fn−1 + fn−2 for n ≥ 3.

The terms in the sequence are called Fibonacci numbers.

In the following lemma, we give a lower bound on the growth of Fibonacci

numbers. We will show that Fibonacci numbers grow faster than a geometric
√
series with common ratio α = (1 + 5)/2.
√
Lemma 2. For n ≥ 3, we have fn > αn−2 where α = (1 + 5)/2.

Proof. We use the second principle of mathematical induction to prove our result.
It is easy to see that this is true for n = 3 and n = 4. Assume that αk−2 < fk
30 CHAPTER 1. INTRODUCTION

for all integers k where k ≤ n. Now since α is a solution of the polynomial

x2 − x − 1 = 0, we have α2 = α + 1. Hence

αn−1 = α2 .αn−3 = (α + 1).αn−3 = αn−2 + αn−3 .

By the inductive hypothesis, we have

αn−2 < fn , αn−3 < fn−1 .

After adding the two inequalities, we get

αn−1 < fn + fn−1 = fn+1 .

We now present Lame’s theorem.

Theorem 11. using the Euclidean algorithm to find the greatest common divisor
of two positive integers has number of divisions less than or equal five times the
number of decimal digits in the minimum of the two integers.

Proof. Let a and b be two positive integers where a > b. Applying the Euclidean
algorithm to find the greatest common divisor of two integers with a = r0 and
b = r1 , we get

r0 = r1 q1 + r2 0 ≤ r2 < r1 ,
r1 = r2 q2 + r3 0 ≤ r3 < r2 ,
.
.
.
rn−2 = rn−1 qn−1 + rn 0 ≤ rn < rn−1 ,
rn−1 = rn qn .
1.7. LAME’S THEOREM AND BINET’S FORMULA 31

Notice that each of the quotients q1 , q2 , ..., qn−1 are all greater than 1 and qn ≥ 2
and this is because rn < rn−1 . Thus we have

rn ≥ 1 = f2 ,
rn−1 ≥ 2rn ≥ 2f2 = f3 ,
rn−2 ≥ rn−1 + rn ≥ f3 + f2 = f4 ,
rn−3 ≥ rn−2 + rn−1 ≥ f4 + f3 = f5 ,
.
.
.
r2 ≥ r3 + r4 ≥ fn−1 + fn−2 = fn ,
b = r1 ≥ r2 + r3 ≥ fn + fn−1 = fn+1 .

Thus notice that b ≥ fn+1 . By Lemma 2, we have fn+1 > αn−1 for n > 2. As a
result, we have b > αn−1 . Now notice since
1
log10 α > ,
5
we see that
log10 b > (n − 1)/5.

Thus we have
n − 1 < 5 log10 b.

Now let b has k decimal digits. As a result, we have b < 10k and thus log10 b < k.
Hence we conclude that n − 1 < 5k. Since k is an integer, we conclude that
n ≤ 5k.

1.7.2 Binet’s Formula

The Fibonacci sequence is an example of a linear recurrence relation, where
one number of a sequence depends on a linear combination of earlier numbers in
32 CHAPTER 1. INTRODUCTION

the sequence. An elegant technique gives us a concise formula for such relations,
and we illusrate this using the Fibonacci sequence.
In general, fn = fn−1 + fn−2 , and of course fn−1 = fn−1 , giving us the matrix
equation ! ! !
fn 1 1 fn−1
= .
fn−1 1 0 fn−2
Let’s give this 2 × 2 matrix a special name,
!
1 1
F = .
1 0
As usual, matrices carry more information than you might expect at first glance,
and the characteristic polynomial of this one has very interesting roots:
!
1−λ 1
0 = det
1 −λ
= −λ(1 − λ) − 1
= λ2 − λ − 1
⇓
p √
−(−1) ± (−1)2 − 4 · 1 · (−1) 1± 5
λ= = .
2·1 2
√
These results have several wonderful aspects. For instance, (1 + 5)/2

• is well-known as “the Golden Ratio”, and

• appeared in Lemma 2 above, in connection with Lame’s theorem.

There is more! The whole point of any eigenvalue λ of F is that, for any eigen-
vector e,
F e = λe =⇒ F (e2 e1 )T = (λe2 λe1 )T .
The eigenvectors are a basis for the eigenspace, so any solution to F x = λx has
the form x = c1 e1 + c1 e2 , where c1 and c2 are arbitrary constants, while e1 and e2
√ √
are the eigenvectors corresponding to (1 + 5)/2 and (1 − 5)/2, respectively.
1.7. LAME’S THEOREM AND BINET’S FORMULA 33

So, what are these eigenvectors? We know that F e = λe for corresponding λ

and e; setting ei = 1 and solving gives us
! !
1 1
e1 = √ and e2 = √ .
− 1−2 5 − 1+2 5

In addition, we can compute fn simply by applying F to the matrix (f1 f0 )T :

! ! " !# !
fn fn−1 fn−2 n−2 f2
=F =F F = ··· = F . (1.7)
fn−1 fn−2 fn−3 f1

From linear algebra, we know that we can rewrite F as QΛQ−1 , where

! √ !
1+ 5
1 1 2
0
Q= √
1− 5
√
1+ 5
and Λ = √
1− 5
.
− 2 − 2 0 2

(Notice that the columns of Q are the eigenvectors that correspond to the diagonal
elements of Λ, the eigenvalues.) By substitution,

F n = (QΛQ−1 )n = (QΛQ−1 )(QΛQ−1 ) · · · (QΛQ−1 ) = QΛn Q−1 .

| {z }
n times

Combine this with the relationship in (1.7), and we have the relationship
! √ !n−2 √ !
1+ 5 1+√ 5 √1
1 1 2
0 2 √5 5
fn = √
1− 5
√
1+ 5
√
1− 5 1−√ 5 1
f2
− 2 − 2 0 2
− 2 5
− √
5

where fn = (fn fn−1 )T and f2 = (f2 f1 )T = (1 1)T . The first row of the simplified
product yields a “closed” form relationship between fn , f1 , and f2 ,
√ !n−1 √ !n−1
1 1+ 5 1 1− 5
fn = √ −√
5 2 5 2
√ n−2
! √ !n−2
1 1+ 5 1 1− 5
+√ −√ .
5 2 5 2

With a gentle algebraic massage, this equation simplifies to an elegant form.

34 CHAPTER 1. INTRODUCTION

Theorem 12 (Binet’s Formula). The nth Fibonacci number has the form
" √ !n √ !n #
1 1+ 5 1− 5
fn = √ − .
5 2 2

This same technique works with any linear recurrence!

Exercises

1. If fi is the ith Fibonacci number, show that f1 + f2 + . . . + fn = 2fn+2 − 1.

2. What happens when you add the squares of consecutive Fibonacci numbers?
That is, find a pattern to the sequence 12 + 12 , 12 + 22 , 22 + 32 , 32 + 52 , . . . .
Prove the property you find by induction. (One way to solve this requires
proving two claims simultaneously, by induction.)

3. Find an upper bound for the number of steps in the Euclidean algorithm that
is used to find the greatest common divisor of 38472 and 957748838.

4. Find an upper bound for the number of steps in the Euclidean algorithm that
is used to find the greatest common divisor of 15 and 75. Verify your result
by using the Euclidean algorithm to find the greatest common divisor of the
two integers.

5. Using a computational aid, test Binet’s formula for some large values of n.

6. Complete the proof of Binet’s formula by filling in the “bit of algebra”.

Hint: Notice the change in exponents!

7. The Lucas sequence is defined by L1 = 2, L2 = 1, and Ln = Ln−1 + Ln−2 .

(a) Use the formula to find L3 , L4 , L5 and L6 .

(b) Show that Ln = fn−1 + fn+1 and Ln = fn + 2fn−1 .
(c) Use the same technique that we used in Binet’s formula to find a
closed-form expression for Ln .
Chapter 2

Prime Numbers

Prime numbers, the building blocks of integers, have been studied extensively
over the centuries. Being able to present an integer uniquely as product of primes
is the main reason behind the whole theory of numbers and behind the interesting
results in this theory. Many interesting theorems, applications and conjectures
have been formulated based on the properties of prime numbers.
In this chapter, we present methods to determine whether a number is prime
or composite using an ancient Greek method invented by Eratosthenes. We also
show that there are infinitely many prime numbers. We then proceed to show that
every integer can be written uniquely as a product of primes.
We introduce as well the concept of diophantine equations where integer so-
lutions from given equations are determined using the greatest common divisor.
We then mention the Prime Number theorem without giving a proof of course in
addition to other conjectures and major results related to prime numbers.

2.1 The Sieve of Eratosthenes

Definition 8. A prime is an integer greater than 1 that is only divisible by 1 and
itself.

35
36 CHAPTER 2. PRIME NUMBERS

Example 15. The integers 2, 3, 5, 7, 11 are prime integers.

Note that any integer greater than 1 that is not prime is said to be a composite
number.

We now present the sieve of Eratosthenes. The Sieve of Eratosthenes is an

ancient method of finding prime numbers up to a specified integer. This method
was invented by the ancient Greek mathematician Eratosthenes. There are several
other methods used to determine whether a number is prime or composite. We
first present a lemma that will be needed in the proof of several theorems.

Lemma 3. Every integer greater than one has a prime divisor.

Proof. We present the proof of this Lemma by contradiction. Suppose that there
is an integer greater than one that has no prime divisors. Since the set of integers
with elements greater than one with no prime divisors is nonempty, then by the
well ordering principle there is a least positive integer n greater than one that has
no prime divisors. Thus n is composite since n divides n. Hence

n = ab with 1 < a < n and 1 < b < n.

Notice that a < n and as a result since n is minimal, a must have a prime divisor
which will also be a divisor of n.

Theorem 13. If n is a composite integer, then n has a prime factor not exceeding
√
n.

Proof. Since n is composite, then n = ab, where a and b are integers with 1 <
√
a ≤ b < n. Suppose now that a > n, then
√
n<a≤b

and as a result
√ √
ab > n n = n.
2.1. THE SIEVE OF ERATOSTHENES 37
√
Therefore a ≤ n. Also, by Lemma 3, a must have a prime divisor a1 which is
√
also a prime divisor of n and thus this divisor is less than a1 ≤ a ≤ n.

We now present the algorithm of the Sieve of Eratosthenes that is used to de-
termine prime numbers up to a given integer.

The Algorithm of the Sieve of Eratosthenes

1. Write a list of numbers from 2 to the largest number n you want to test.
Note that every composite integer less than n must have a prime factor less
√
than n. Hence you need to strike off the multiples of the primes that are
√
less than n

2. Strike off all multiples of 2 greater than 2 from the list . The first remaining
number in the list is a prime number.

3. Strike off all multiples of this number from the list.

4. Repeat the above steps until no more multiples are found of the prime inte-
√
gers that are less than n

Exercises

1. Use the Sieve of Eratosthenes to find all primes less than 100.

2. Use the Sieve of Eratosthenes to find all primes less than 200.

3. Show that no integer of the form a3 + 1 is a prime except for 2 = 13 + 1.

4. Show that if 2n − 1 is prime, then n is prime.

Hint: Use the identity (akl − 1) = (ak − 1)(ak(l−1) + ak(l−2) + ... + ak + 1).
38 CHAPTER 2. PRIME NUMBERS

2.2 Alternate definition of prime number

The definition of a prime number given above uses a divisibility criterion, some-
times called irreducibility. We can also define a prime number using a division
criterion, sometimes called “Euclid’s criterion.”

Definition 9. Let p be a positive integer, greater than 1. We say that p is prime if,
whenever p divides the product of two integers a and b, it also divides at least one
of a or b.

Definition 9 might not appeal to you: why would someone want to define
primality this way? To see why this definition is useful, consider the following
examples.

Example 16. For instance, 6 divides the product 2 · 3, but 6 divides neither 2 nor
3. Hence, 6 is not prime.
That example might not inspire you so much, so try this one on for size. We
know that 5 is prime. Suppose 5 divides the product of 2 and an integer m; since
5 is prime and it does not divide 2, it must divide m.

Definition 9 also has advantages when we apply the notion of a prime number
to other sets; we will look at that later. For now, though, we have to ask ourselves:
are Definitions 8 and 9 equivalent? After all, they say different things, so there
is a possibility that they classify different numbers as prime. That would cause
problems!
In fact, the two definitions are equivalent. To see this, let p, a, and b be positive
integers.
Assume first that p is irreducible; that is, whenever it factors as ab, either p = a
or p = b. We need to show that this implies Euclid’s criterion. By way of con-
tradiction, suppose there exist integers a and b such that p divides ab, but divides
neither a nor b. Choose positive a and b such that this product is minimized. By
Exercise 5, p ≤ ab. We consider two cases.
2.3. THE INFINITUDE OF PRIMES 39

• If p = ab, then ab is a factorization of p. We assumed p is irreducible, so

p = a or p = b. Either way, p divides one of a or b, a contradiction!

• Apparently p < ab instead. Use the Division Algorithm to compute quo-

tients qa and qb , and remainders ra and rb , such that a = pqa + ra and
b = pqb + rb . Since p ≤ ab and the remainders are less than or equal to
p, we know that ra < a or rb < b. By substitution and a little arithmetic,
ab = pQ + ra rb where Q = pqa qb + qa rb + qb ra . Recall that p divides ab; the
equation above implies that it also divides ra rb . However, ra rb < ab, and by
hypothesis, ab is the smallest positive product divisible by p whose factors
are not divisible by p. Thus, p divides ones of ra or rb . Both are smaller
than p, so Exercise 5 implies that one of ra or rb is 0. This contradicts the
hypothesis that p divides neither a nor b.

In both cases, we encountered a contradiction. The assumption that p divides

neither a nor b is inconsistent with the other facts, so p must divide one of them.
We have shown that the irreducibility criterion implies Euclid’s criterion; it
remains to show the converse. Assume that p satisfies Euclid’s criterion; that is,
whenever it divides a product of two integers, it divides one of the integers. Let
a and b be two integers, and assume p = ab. We can rewrite the equation as
p · 1 = ab, which tells us that p divides ab, with the quotient 1. Euclid’s criterion
kicks in here: since p divides the product ab, it must divide one of the two factors
a or b; without loss of generality, we may suppose p divides a. Exercise 12 tells
us p = a.

2.3 The infinitude of Primes

We now show that there are infinitely many primes. There are several ways to
prove this result. An alternative proof to the one presented here is given as an
exercise. The proof we will provide was presented by Euclid in his book the
40 CHAPTER 2. PRIME NUMBERS

Elements.

Theorem 14. There are infinitely many primes.

Proof. We present the proof by contradiction. Suppose there are finitely many
primes p1 , p2 , ..., pn , where n is a positive integer. Consider the integer Q such
that
Q = p1 p2 ...pn + 1.

By Lemma 3, Q has at least a prime divisor, say q. If we prove that q is not one
of the primes listed then we obtain a contradiction. Suppose now that q = pi for
1 ≤ i ≤ n. Thus q divides p1 p2 ...pn and as a result q divides Q − p1 p2 ...pn .
Therefore q divides 1. But this is impossible since there is no prime that divides 1
and as a result q is not one of the primes listed.

The following theorem discusses the large gaps between primes. It simply
states that there are arbitrary large gaps in the series of primes and that the primes
are spaced irregularly.

Theorem 15. Given any positive integer n, there exists n consecutive composite
integers.

Proof. Consider the sequence of integers

(n + 1)! + 2, (n + 1)! + 3, ..., (n + 1)! + n, (n + 1)! + n + 1

Notice that every integer in the above sequence is composite because k divides
(n + 1)! + k if 2 ≤ k ≤ n + 1 by 4.

Exercises

1. Show that the integer Qn = n! + 1, where n is a positive integer, has a

prime divisor greater than n. Conclude that there are infinitely many primes.
Notice that this exercise is another proof of the infinitude of primes.
2.4. THE FUNDAMENTAL THEOREM OF ARITHMETIC 41

2. Find the smallest five consecutive composite integers.

3. Find one million consecutive composite integers.

4. Show that there are no prime triplets other than 3,5,7.

2.4 The Fundamental Theorem of Arithmetic

The Fundamental Theorem of Arithmetic is one of the most important results in
this chapter. It simply says that every positive integer can be written uniquely as a
product of primes. The unique factorization is needed to establish much of what
comes later. There are systems where unique factorization fails to hold. Many of
these examples come from algebraic number theory. We can actually list an easy
example where unique factorization fails.
Consider the class C of positive even integers. Note that C is closed under
multiplication, which means that the product of any two elements in C is again in
C. Suppose now that the only number we know are the members of C. Then we
have 12 = 2.6 is composite where as 14 is prime since it is not the product of two
numbers in C. Now notice that 60 = 2.30 = 6.10 and thus the factorization is not
unique.
We now give examples of the unique factorization of integers.

Example 17. 99 = 3 · 3 · 11 = 32 · 11, 32 = 2 · 2 · 2 · 2 · 2 = 25

2.4.1 The Fundamental Theorem of Arithmetic

To prove the fundamental theorem of arithmetic, we need to prove some lemmas
about divisibility.

Lemma 4. If a,b,c are positive integers such that (a, b) = 1 and a | bc, then a | c.
42 CHAPTER 2. PRIME NUMBERS

Proof. Since (a, b) = 1, then there exists integers x, y such that ax + by = 1. As

a result, cax + cby = c. Notice that since a | bc, then by Theorem 4, a divides
cax + cby and hence a divides c.

We can generalize the above lemma as such: If (a, ni ) = 1 for every i =

1, 2, · · · , n and a | n1 n2 · · · nk+1 , then a | nk+1 . We next prove a case of this
generalization and use this to prove the fundamental theorem of arithmetic.

Lemma 5. If p divides n1 n2 n3 ...nk , where p is a prime and ni > 0 for all 1 ≤

i ≤ k, then there is an integer j with 1 ≤ j ≤ k such that p | nj .

Proof. We present the proof of this result by induction. For k = 1, the result
is trivial. Assume now that the result is true for k. Consider n1 n2 ...nk+1 that is
divisible by p. Notice that either

(p, n1 n2 ...nk ) = 1 or (p, n1 n2 ...nk ) = p.

Now if (p, n1 n2 ...nk ) = 1 then by Lemma 4, p | nk+1 . Now if p | n1 n2 ...nk , then

by the induction hypothesis, there exists an integer i such that p | ni .

We now state the fundamental theorem of arithmetic and present the proof
using Lemma 5.

Theorem 16. The Fundamental Theorem of Arithmetic Every positive integer

different from 1 can be written uniquely as a product of primes.

Proof. If n is a prime integer, then n itself stands as a product of primes with a

single factor. If n is composite, we use proof by contradiction. Suppose now that
there is some positive integer that cannot be written as the product of primes. Let
n be the smallest such integer. Let n = ab, with 1 < a < n and 1 < b < n.
As a result a and b are products of primes since both integers are less than n. As
a result, n = ab is a product of primes, contradicting that it is not. This shows
that every integer can be written as product of primes. We now prove that the
2.4. THE FUNDAMENTAL THEOREM OF ARITHMETIC 43

representation of a positive integer as a product of primes is unique. Suppose now

that there is an integer n with two different factorizations say

n = p1 p2 ...ps = q1 q2 ...qr

where p1 , p2 , ...ps , q1 , q2 , ...qr are primes,

p1 ≤ p2 ≤ p3 ≤ ... ≤ ps and q1 ≤ q2 ≤ q3 ≤ ... ≤ qr .

Cancel out all common primes from the factorizations above to get

pj1 pj2 ...pju = qi1 qi2 ...qiv

Thus all the primes on the left side are different from the primes on the right side.
Since any pjl (l = 1, · · · , n) divides pj1 pj2 ...pju , then pjl must divide qi1 qi2 ...qiv ,
and hence by Lemma 5, pj1 must divide qjk for some 1 ≤ k ≤ v which is impos-
sible. Hence the representation is unique.

Remark 2. The unique representation of a positive integer n as a product of

primes can be written in several ways. We will present the most common rep-
resentations. For example, n = p1 p2 p3 ...pk where pi for 1 ≤ i ≤ k are not
necessarily distinct. Another example would be

a
n = pa11 pa22 pa33 ...pj j (2.1)

where all the pi are distinct for 1 ≤ i ≤ j. One can also write a formal product
Y
n= pαi i , (2.2)
all primes pi

where all but finitely many of the αi0 s are 0.

Example 18. The prime factorization of 120 is given by 120 = 2·2·2·3·5 = 23 ·3·5.
Notice that 120 is written in the two ways described in 2.
44 CHAPTER 2. PRIME NUMBERS

We know describe in general how prime factorization can be used to determine

the greatest common divisor of two integers. Let

a = pa11 pa22 ...pann and b = pb11 pb22 ...pbnn ,

where we exclude in these expansions any prime p with power 0 in both a and b
(and thus some of the powers above may be 0 in one expansion but not the other).
Of course, if one prime pi appears in a but not in b, then ai 6= 0 while bi = 0, and
vise versa. Then the greatest common divisor is given by

min(a1 ,b2 ) min(a2 ,b2 )

(a, b) = p1 p2 ...pmin(a
n
n ,bn )

where min(n, m) is the minimum of m and n.

The following lemma is a consequence of the Fundamental Theorem of Arith-
metic.

Lemma 6. Let a and b be relatively prime positive integers. Then if d divides ab,
there exists d1 and d2 such that d = d1 d2 where d1 is a divisor of a and d2 is a
divisor of b. Conversely, if d1 and d2 are positive divisors of a and b, respectively,
then d = d1 d2 is a positive divisor of ab.

Proof. Let d1 = (a, d) and d2 = (b, d). Since (a, b) = 1 and writing a and b in
terms of their prime decomposition, it is clear that d = d1 d2 and (d1 , d2 ) = 1.
Note that every prime power in the factorization of d must appear in either d1 or
d2 . Also the prime powers in the factorization of d that are prime powers dividing
a must appear in d1 and that prime powers in the factorization of d that are prime
powers dividing b must appear in d2 .
Now conversely, let d1 and d2 be positive divisors of a and b, respectively.
Then
d = d1 d2

is a divisor of ab.
2.4. THE FUNDAMENTAL THEOREM OF ARITHMETIC 45

2.4.2 More on the Infinitude of Primes

There are also other theorems that discuss the infinitude of primes in a given arith-
metic progression. The most famous theorem about primes in arithmetic progres-
sion is Dirichlet’s theorem

Theorem 17. Dirichlet’s Theorem Given an arithmetic progression of terms an+

b , for n = 1, 2, ... ,the series contains an infinite number of primes if a and b are
relatively prime,

This result had been conjectured by Gauss but was first proved by Dirichlet.
Dirichlet proved this theorem using complex analysis, but the proof is so chal-
lenging. As a result, we will present a special case of this theorem and prove that
there are infinitely many primes in a given arithmetic progression. Before stating
the theorem about the special case of Dirichlet’s theorem, we prove a lemma that
will be used in the proof of the mentioned theorem.

Lemma 7. If a and b are integers both of the form 4n + 1, then their product ab
is of the form 4n + 1

Proof. Let a = 4n1 + 1 and b = 4n2 + 1, then

ab = 16n1 n2 + 4n1 + 4n2 + 1 = 4(4n1 n2 + n1 + n2 ) + 1 = 4n3 + 1,

where n3 = 4n1 n2 + n1 + n2 .

Theorem 18. There are infinitely many primes of the form 4n + 3, where n is a
positive integer.

Proof. Suppose that there are finitely many primes of the form 4n + 3, say p0 =
3, p1 , p2 , ..., pn . Let
N = 4p1 p2 ...pn + 3.

Notice that any odd prime is of the form 4n + 1 or 4n + 3. Then there is at least
one prime in the prime factorization of N of the form 4n + 3, as otherwise, by
46 CHAPTER 2. PRIME NUMBERS

Lemma 7, N will be in the form 4n + 1. We wish to prove that this prime in the
factorization of N is none of p0 = 3, p1 , p2 , ..., pn . Notice that if

3 | N,

then 3 | (N − 3) and hence

3 | 4p1 p2 ...pn

which is impossible since pi 6= 3 for every i. Hence 3 doesn’t divide N . Also, the
other primes p1 , p2 , ..., pn don’t divide N because if pi | N , then

pi | (N − 4p1 p2 ...pn ) = 3.

Hence none of the primes p0 , p1 , p2 , ..., pn divides N. Thus there are infinitely
many primes of the form 4n + 3.

Exercises

1. Find the prime factorization of 32, of 800 and of 289.

2. Find the prime factorization of 221122 and of 9!.

3. Show that all the powers of in the prime factorization of an integer a are
even if and only if a is a perfect square.

4. Show that there are infinitely many primes of the form 6n + 5.

2.5 Least Common Multiple

We can use prime factorization to find the smallest common multiple of two pos-
itive integers.

Definition 10. The least common multiple (l.c.m.) of two positive integers is the
smallest positive integer that is a multiple of both.
2.5. LEAST COMMON MULTIPLE 47

We denote the least common multiple of two positive integers a an b by ha, bi.

Example 19. h2, 8i = 8, h5, 8i = 40

We can figure out ha, bi once we have the prime factorization of a and b. To
do that, let
a = pa11 pa22 ...pamn and b = pb11 pb22 ...pbmn ,

where (as above) we exclude any prime with 0 power in both a and b. Then
max(a1 ,b1 ) max(a2 ,b2 ) max(a ,b )
ha, bi = p1 p2 ...pm n n , where max(a, b) is the maximum of
the two integers a and b. We now prove a theorem that relates the least common
multiple of two positive integers to their greatest common divisor. In some books,
this theorem is adopted as the definition of the least common multiple. To prove
the theorem we present a lemma

Lemma 8. If a and b are two real numbers, then

min(a, b) + max(a, b) = a + b

Proof. Assume without loss of generality that a ≥ b. Then

max(a, b) = a and min(a, b) = b,

and the result follows.

Theorem 19. Let a and b be two positive integers. Then

1. ha, bi ≥ 0;

2. ha, bi = ab/(a, b);

3. If a | m and b | m, then ha, bi | m

Proof. The proof of part 1 follows from the definition.

As for part 2, let
a = pa11 pa22 ...pamn and b = pb11 pb22 ...pbmn .
48 CHAPTER 2. PRIME NUMBERS

Notice that since

min(a1 ,b2 ) min(a2 ,b2 )

(a, b) = p1 p2 ...pmin(a
n
n ,bn )

and
max(a1 ,b1 ) max(a2 ,b2 ) max(an ,bn )
ha, bi = p1 p2 ...pm ,

then

max(a1 ,b1 ) max(a2 ,b2 ) max(an ,bn ) min(a1 ,b2 ) min(a2 ,b2 )
ha, bi(a, b) = p1 p2 ...pm p1 p2 ...pmin(a
n
n ,bn )

max(a1 ,b1 )+min(a1 ,b1 ) max(a2 ,b2 )+min(a2 ,b2 ) max(an ,bn )+min(an ,bn )
= p1 p2 ...pm
= pa11 +b1 pa22 +b2 ...p(a
n
n +bn )

= pa11 pa22 ...pamn pb11 pb22 ...pbmn = ab

Note also that we used Lemma 8 in the above equations. For part 3, it would be a
nice exercise to show that ab/(a, b) | m (Exercise 6). Thus ha, bi | m.

Exercises

1. Find the least common multiple of 14 and 15.

2. Find the least common multiple of 240 and 610.

3. Find the least common multiple and the greatest common divisor of 25 56 72 11
and 23 58 72 13.

4. Show that every common multiple of two positive integers a and b is divis-
ible by the least common multiple of a and b.

5. Show that if a and b are positive integers then the greatest common divisor
of a and b divides their least common multiple. When are the least common
multiple and the greatest common divisor equal to each other.

6. Show that ab/(a, b) | m where m =< a, b >.

2.6. LINEAR DIOPHANTINE EQUATIONS 49

2.6 Linear Diophantine Equations

In this section, we discuss equations in two variables called diophantine equations.
These kinds of equations require integer solutions. The goal of this section is to
present the set of points that determine the solution to this kind of equations. Geo-
metrically speaking, the diophantine equation represent the equation of a straight
line. We need to find the points whose coordinates are integers and through which
the straight line passes.

Definition 11. A linear equation of the form ax + by = c where a, b and c are

integers is known as a linear diophantine equation.

Note that a solution to the linear diophantine equation (x0 , y0 ) requires x0

and y0 to be integers. The following theorem describes the case in which the
diophantine equation has a solution and what are the solutions of such equations.

Theorem 20. The equation ax + by = c has integer solutions if and only if d | c

where d = (a, b). If the equation has one solution x = x0 , y = y0 , then there are
infinitely many solutions and the solutions are given by

x = x0 + (b/d)t y = y0 − (a/d)t

where t is an arbitrary integer.

Proof. Suppose that the equation ax + by = c has integer solution x and y. Thus
since d | a and d | b, then
d | (ax + by) = c.
Now we have to prove that if d | c, then the equation has integral solution. Assume
that d | c. By theorem 9, there exist integers m and n such that

d = am + bn.

And also there exists integer k such that

c = dk
50 CHAPTER 2. PRIME NUMBERS

Now since c = ax + by, we have

c = dk = (ma + nb)k = a(km) + b(nk).

Hence a solution for the equation ax + by = c is

x0 = km and y0 = kn.

What is left to prove is that we have infinitely many solutions. Let

x = x0 + (b/d)t and y = y0 − (a/d)t.

We have to prove now that x and y are solutions for all integers t. Notice that

ax + by = a(x0 + (b/d)t) + b(y0 − (a/d)t) = ax0 + by0 = c.

We now show that every solution for the equation ax + by = c is of the form

x = x0 + (b/d)tand y = y0 − (a/d)t.

Notice that since ax0 + by0 = c, we have

a(x − x0 ) + b(y − y0 ) = 0.

Hence
a(x − x0 ) = b(y − y0 ).
Dividing both sides by d, we get

a/d(x − x0 ) = b/d(y − y0 ).

Notice that (a/d, b/d) = 1 and thus we get by Lemma 4 that a/d | y − y0 . As a
result, there exists an integer t such that y = y0 − (a/d)t. Now substituting y − y0
in the equation
a(x − x0 ) = b(y − y0 ).
We get
x = x0 + (b/d)t.
2.7. THE FUNCTION [X] , THE SYMBOLS ”O”, ”O” AND ”∼” 51

Example 20. The equation 3x+6y = 7 has no integer solution because (3, 6) = 3
does not divide 7.

Example 21. There are infinitely many integer solutions for the equation 4x +
6y = 8 because (4, 6) = 2 | 8. We use the Euclidean algorithm to determine m
and n where 4m + 6n = 2. It turns out that 4(−1) + 6(1) = 2. And also 8 = 2.4.
Thus x0 = 4.(−1) = −4 and y0 = 4.1 = 4 is a particular solution. The solutions
are given by
x = −4 + 3t y = 4 − 2t

for all integers t.

Exercises

1. Either find all solutions or prove that there are no solutions for the diophan-
tine equation 21x + 7y = 147.

2. Either find all solutions or prove that there are no solutions for the diophan-
tine equation 2x + 13y = 31.

3. Either find all solutions or prove that there are no solutions for the diophan-
tine equation 2x + 14y = 17.

4. A grocer orders apples and bananas at a total cost of $8.4. If the apples cost
25 cents each and the bananas 5 cents each, how many of each type of fruit
did he order.

2.7 The function [x] , the symbols ”O”, ”o” and ”∼”
We start this section by introducing an important number theoretic function. We
proceed in defining some convenient symbols that will be used in connection with
the growth and behavior of some functions that will be defined in later chapters.
52 CHAPTER 2. PRIME NUMBERS

2.7.1 The Function [x]

Definition 12. The function [x] represents the largest integer not exceeding x. In
other words, for real x, [x] is the unique integer such that

x − 1 < [x] ≤ x < [x] + 1.

We also define ((x)) to be the fractional part of x. In other words ((x)) =

x − [x].
We now list some properties of [x] that will be used in later or in more advanced
courses in number theory.

1. [x + n] = [x] + n, if n is an integer.

2. [x] + [y] ≤ [x + y].

3. [x] + [−x] is 0 if x is an integer and -1 otherwise.

4. The number of integers m for which x < m ≤ y is [y] − [x].

5. The number of multiples of m which do not exceed x is [x/m].

Using the definition of [x], it will be easy to see that the above properties are
direct consequences of the definition.
We now define some symbols that will be used to estimate the growth of number
theoretic functions. These symbols will be not be really appreciated in the context
of this book but these are often used in many analytic proofs.

2.7.2 The ”O” and ”o” Symbols

Let f (x) be a positive function and let g(x) be any function. Then O(f (x)) (pro-
nounced ”big-oh” of f (x))denotes the collection of functions g(x) that exhibit a
growth that is limited to that of f (x) in some respect. The traditional notation for
stating that g(x) belongs to this collection is:

g(x) = O(f (x)).

2.7. THE FUNCTION [X] , THE SYMBOLS ”O”, ”O” AND ”∼” 53

This means that for sufficiently large x,

| g(x) |
< M, (2.3)
|f (x)|
where M is some positive number.

Example 22. sin(x) = O(x), and also sin(x) = O(1).

Now, the relation g(x) = o(f (x)), pronounced ”small-oh” of f (x), is used to
indicate that f (x) grows much faster than g(x). It formally says that
g(x)
lim = 0. (2.4)
x→∞ f (x)

More generally, g(x) = o(f (x)) at a point b if

g(x)
lim = 0. (2.5)
x→b f (x)

Example 23. sin(x) = o(x) at ∞, and xk = o(ex ) also at ∞ for every constant
k.

The notation that f (x) is asymptotically equal to g(x) is denoted by ∼. For-

mally speaking, we say that f (x) ∼ g(x) if

f (x)
lim = 1. (2.6)
x→∞ g(x)
Example 24. [x] ∼ x.

The purpose of introducing these symbols is to make complicated mathemat-

ical expressions simpler. Some expressions can be represented as the principal
part that you need plus a remainder term. The remainder term can be expressed
using the above notations. So when you need to combine several expressions, the
remainder parts involving these symbols can be easily combined. We will state
now some properties of the above symbols without proof. These properties are
easy to prove using the definitions of the symbols.
54 CHAPTER 2. PRIME NUMBERS

1. O(O(f (x))) = O(f (x)),

2. o(o(f (x))) = o(f (x)).

3. O(f (x)) ± O(f (x)) = O(f (x)),

4. o(f (x) ± o(f (x)) = o(f (x)),

5. O(f (x)) ± O(g(x)) = O(max(f (x), g(x))),

There are some other properties that we did not mention here, properties that are
rarely used in number theoretic proofs.
Exercises

1. Prove the five properties of the [x]

2. Prove the five properties of the O and o notations in Example 24.

2.8 Theorems and Conjectures involving prime num-

bers
We have proved that there are infinitely many primes. We have also proved that
there are arbitrary large gaps between primes. The question that arises naturally
here is the following: Can we estimate how many primes are there less than a given
number? The theorem that answers this question is the prime number theorem. We
denote by π(x) the number of primes less than a given positive number x. Many
mathematicians worked on this theorem and conjectured many estimates before
Chebyshev finally stated that the estimate is x/logx. The prime number theorem
was finally proved in 1896 when Hadamard and Poussin produced independent
proofs. Before stating the prime number theorem, we state and prove a lemma
involving primes that will be used in the coming chapters.
2.8. THEOREMS AND CONJECTURES INVOLVING PRIME NUMBERS 55

Lemma 9. Let p be a prime and let m ∈ Z+ . Then the highest power of p dividing
m! is
∞  
X m
i=1
pi
h i
Proof. Among all the integers from 1 till m, there are exactly mp integers that
h i h i
are divisible by p. These are p, 2p, ..., p p. Similarly we see that there are m
m
pi
integers that are divisible by pi . As a result, the highest power of p dividing m! is
X  m   m  X  m 
i − i+1 =
i≥1
pi p i≥1
pi

Theorem 21. The Prime Number Theorem Let x > 0 then

π(x) ∼ x/logx

So this theorem says that you do not need to find all the primes less than x to
find out their number, it will be enough to evaluate x/logx for large x to find an
estimate for the number of primes. Notice that I mentioned that x has to be large
enough to be able to use this estimate.
Several other theorems were proved concerning prime numbers. many great
mathematicians approached problems that are related to primes. There are still
many open problems of which we will mention some.

Conjecture 1. Twin Prime Conjecture There are infinitely many pairs primes p
and p + 2.

Conjecture 2. Goldbach’s Conjecture Every even positive integer greater than 2

can be written as the sum of two primes.
56 CHAPTER 2. PRIME NUMBERS

Conjecture 3. The n2 + 1 Conjecture There are infinitely many primes of the

form n2 + 1, where n is a positive integer.

Conjecture 4. Polignac Conjecture For every even number 2n are there infinitely
many pairs of consecutive primes which differ by 2n.

Conjecture 5. Opperman Conjecture Is there always a prime between n2 and

(n + 1)2 ?
Chapter 3

Classical questions

This chapter visits some of the classical questions of number theory, which are a
vital part of mathematical culture.

3.1 Geometric numbers

When you were a child, you probably played with pebbles or marbles, and you
probably arranged them on the ground in certain shapes. For instance, you might
have arranged them as triangles, and depending on the number of pebbles you
had, you might have ended up with any of the following figures:

Did you ever pause to count how many pebbles were in each pile?

1, 3, 6, 10, 15, . . .

57
58 CHAPTER 3. CLASSICAL QUESTIONS

These numbers are called triangular, for a reason you’ll probably never guess.1
As you can see, the ith triangular number is built from the one before it in a reli-
able pattern: t1 = 1, and if we know ti , then the (i + 1)th number is ti + (i + 1).
This is another example of a recursive sequence. Sure, you saw them earlier
with the Fibonacci numbers, but this one’s a little easier to deal with: the recursion
only requires knowledge of one previous number. Still, it would be nice to com-
pute the ith triangular number without having to know the one before it, which
would require us to determine the one before it, and so forth and so on, until we
finally descended back down to t1 . Doing that all the time is boring. Wouldn’t life
be nicer if we had a concise little formula for it?
Indeed, it would! Let’s try to find one. One way to look at this is by redrawing
the picture. After all, a triangle is usually half a square:

. . . well, maybe not quite half a square. Our triangle seems to cover the entire
diagonal. Well, a triangle is also half a rectangle. . .

That works out very nicely! The nth rectangle has area n(n + 1), so it makes
sense that the ith triangle has area n(n+1)/2. This is a perfectly reasonable explana-
tion, but if you prefer, we can resort to induction: It is clear that t1 = 1. Assume
that tn = n(n+1)/2; we obtain tn+1 by adding n + 1 to tn . Simplifying the sum, we
1
Hope that gave you a chuckle.
3.2. IRRATIONAL NUMBERS 59

see that

tn+1 = tn + (n + 1) = n(n+1)/2 + 2n+2/2 = (n2 +n)+(2n+2)/2

= n2 +3n+2/2 = (n+2)(n+1)/2 = (n+1)[(n+1)+1]/2.

Exercises

1. The nth pentagonal number is the number of pebbles you get when ar-
ranged in a pentagon with n pebbles on a side; the first few are 1, 6, 16, 31,
. . . . (See the diagrams below.) Conjecture a concise formula, and prove that
it is correct.

Hint: To find a conjecture for the formula, look for triangular numbers.

2. The nth hexagonal number is the number of pebbles you get when arranged
in a hexagon with n pebbles on a side. Find the first few hexagonal numbers,
conjecture a concise formula, and prove that it is correct.

3.2 Irrational numbers

The Pythagoreans of old believed that every measurement could be represented as
the ratio of two integers. So, for instance, a right triangle whose legs have length 1
should have a hypotenuse whose length is the ratio of two integers. Which ones?
Applying the Pythagorean theorem of right triangles, we determine that the
√
length h of the hypotenuse is 2. Let’s assume that we can, in fact, write h as
a ratio of two integers — and let’s also assume that the integers are in reduced
60 CHAPTER 3. CLASSICAL QUESTIONS

form. That is, h = a/b, where gcd(a, b) = 1. It is perfectly sensible restriction

to suppose that a and b are relatively prime, since we can reduce any fraction to
lowest terms.
Naturally, we’d like to find two such integers, so let’s try to identify some
properties of a and b. It seems natural to square both sides of the equation, so that
h2 = a2/b2 . Recall that h is the square root of 2, so h2 = 2, so we can rewrite the
equation again as 2 = a2/b2 . Multiply both sides of the equation by b2 to see that
a2 = 2b2 .
Now, do you remember Euclid’s criterion for a prime number? It said that
if a prime number divides a product, then it must divide one of the factors. The
equation a2 = 2b2 has a prime number, 2, that divides a2 ; Euclid’s criterion tells
us that 2 divides a! We have discovered that a is even!
Let’s see if we can find something similar about b. Since a is even, we can
write a = 2c, where c is another integer. The equation a2 = 2b2 now becomes
(2c)2 = 2b2 , or, 4c2 = 2b2 . Divide both sides by 2 to see that 2c2 = b2 . Euclid’s
criterion tells us again that 2 divides b! We have discovered that b is also even!
Isn’t this great news? We started off looking for a representation of the square
root of two as a ratio of integers. We ended up finding that it has to be the ratio of
two even integers. This is incredible!
. . . uhm, wait. What was it we knew about a and b? We had assumed that they
had no common factor. . . so how can they both be even?
Indeed, we have met a contradiction! We assumed two things: first, that we
could represent the square root of two as the ratio of two integers; second, that
these integers have no common factor. We found instead that the integers had to
have a common factor. There is nothing unreasonable in the second assumption,
as any fraction can reduce to lowest terms. The first assumption must be false: we
√
cannot represent 2 as the ratio of two integers.

Remark 3. Remember how we said the Pythagoreans believed that every mea-
surement could be represented as the ratio of two integers. According to lore, it
3.3. GAUSSIAN INTEGERS 61

was a Pythagorean who discovered this fact. Once he told his companions, they
sent him on a one-way cruise to the bottom of the Mediterranean ocean. The
Pythagoreans have a well-deserved reputation for mathematical excellence, but
even they were only human.

Exercises
√
1. Show that if p is prime, then we cannot write p as the ratio of two integers.

2. Show that if n = pm, where p is prime and does not divide m, then we
√
cannot write n as the ratio of two integers.

3.3 Gaussian integers

A Gaussian integer has the form a + bi, where a and b are integers, and i is the
square root of −1. For instance, 2+3i and −i are Gaussian integers. We write Z[i]
for the set of Gaussian integers; it enjoys certain properties which are interesting
and sometimes surprising.

3.3.1 Ring properties of Z[i]

The first interesting property of the Gaussian integers is that they satisfy the prop-
erties of a ring. We show some of these properties now, and leave the rest for the
exercises.
Addition satisfies the properties of:

• closure, because

(a + bi) + (c + di) = a + (bi + c) + di = a + (c + bi) + di

= (a + c) + (bi + di) = (a + c) + (b + d)i,

and closure of integer addition implies that this number is a Gaussian inte-
ger;
62 CHAPTER 3. CLASSICAL QUESTIONS

• associativity, because

(a + bi) + [(c + di) + (e + f i)] = (a + bi) + [(c + e) + (d + f )i]

= [a + (c + e)] + [b + (d + f )]i
= [(a + c) + e] + [(b + d) + f ]i
= [(a + c) + (b + d)i] + (e + f i)
= [(a + bi) + (c + di)] + (e + f i)

— note how we relied on the associative property of integer addition for

this;

• commutativity, as you will show in the assessment;

• identity, as 0 + 0i satisfies

(a + bi) + (0 + 0i) = (a + 0) + (b + 0)i = a + bi and

(0 + 0i) + (a + bi) = (0 + a) + (0 + b)i = a + bi;

and

• inverses, as you will show in the assessment.

Multiplication satisfies the properties of:

• closure, as you will show in the assessment;

3.3. GAUSSIAN INTEGERS 63

• associativity, because

(a + bi)[(c + di)(e + f i)] = (a + bi)[(ce − df ) + (cf + de)i]

= [a(ce − df ) − b(cf + de)]
+ [a(cf + de) + b(ce − df )]i
= [a(ce) − b(de) − a(df ) − b(cf )]
+ [a(cf ) − b(df ) + a(de) + b(ce)]i
= [(ac)e − (bd)e − (ad)f − (bc)f ]
+ [(ac)f − (bd)f + (ad)e + (bc)e]i
= [(ac − bd)e − (ad + bc)f ]
+ [(ac − bd)f + (ad + bc)e]i
= [(ac − bd) + (ad + bc)i](e + f i)
= [(a + bi)(c + di)](e + f i)

— note how we relied on the associative property of integer multiplication

for this;

• commutativity, as you will show in the assessment;

• identity, as you will show in the assessment; and

• distributivity over addition, as you will show in the assessment.

Exercises

1. Complete the explanation that the Gaussian integers satisfy the properties
of a ring.

3.3.2 Division
We can think of Gaussian integers as vectors on the plane: a + bi corresponds to
the vector (a, b).
64 CHAPTER 3. CLASSICAL QUESTIONS

Example 25. We illustrate the vector corresponding to 2 + 3i:

15

10

5 10

Call the square of the Euclidean length of this vector the norm of the Gaussian
integer, written as, N (a + bi) = a2 + b2 . Typically, one does not multiply two
vectors to each other, but here it makes sense to multiply them in a way that
imitates the product of the corresponding Gaussian integers:

• If we multiply a + bi by a positive integer c, we scale the corresponding

vector to one whose length is c · N (a + bi).

• If we multiply a+bi by a negative integer c, we both scale the corresponding

vector and reverse its orientation.

• If we multiply a + bi by i, we get −b + ai, which rotates the vector 90◦

clockwise and preserves its length.

Putting these together, we obtain the following result.

Lemma 10. The vector corresponding to the product of a + bi and c + di is

obtained by adding:

• a vector obtained by scaling a + bi by |c|, reversing the orientation if c is

negative, and
3.3. GAUSSIAN INTEGERS 65

• a vector obtained by rotating a + bi by 90◦ counterclockwise, scaling the

result by |d|, and reversing the orientation if d is negative.

Example 26. We illustrate the products of 2 + 3i with 5, i, and 5 − 2i below. See

if you can pick out which of the colored vectors corresponds to which number or
product of numbers.

15

10

5 10 15

If we can multiply Gaussian integers, then there’s a good bet that we can divide
them, too — but how should we go about doing it? In particular, we’d like to do
so in a way that gives us the smallest remainder possible — where, by “smallest”
remainder, we refer of course to a Gaussian integer’s norm.
This approach implies that we can divide two Gaussian integers: let a + bi, c +
di ∈ Z[i], and put

S = {N ((a + bi) − (m + ni)(c + di)) : m, n ∈ Z}.

Notice that S ⊆ N. By the well ordering property, it has a smallest element, s,

which corresponds to some m + ni ∈ Z[i]. Choose these particular m and n, and
we have s < N (c + di), for otherwise we lie outside a circle of radius N (c + di)
around a + bi. We elaborate on this below.
66 CHAPTER 3. CLASSICAL QUESTIONS

Let’s start with two Gaussian integers that lie on the same line, but aren’t
multiples of each other: 4 + 2i and 10 + 5i. It should be pretty clear that we can
obtain the smallest possible remainder using either 2 or 3, since

• (10 + 5i) − 2 × (4 + 2i) = 2 + i, which has norm 5, and

• (10 + 5i) − 3 × (4 + 2i) = −2 − i, which also has norm 5.

10

3(4 +2i)
5
10 +5i

2(4 +2i)

5 10 15

You should notice right away that there can be more than one remainder: in this
example, we have ±(2+i). So that’s one difference from ordinary integer division.
On the other hand, the norm seems to be unique, at 5.
So what if the two integers aren’t on the same line? Inasmuch as products of
Gaussian integers consist of adding one scaling to the rotation of another scaling,
it seems best to adopt the following approach for two Gaussian integers α and β:

• Find the integer c such that the distance between cα and β is minimal.

• Find the integer d such that the distance between diα and β is minimal.

• Use γ = c + di for the quotient, and β − γα for the remainder.

Example 27. We illustrate the technique by dividing 10+8i by 2+i. We minimize

N ((10 + 8i) − c(2 + i)) when c = 6, and minimize N ((10 + 8i) − di(2 + i)) when
d = 1. Adding them produces 11 + 8i.
3.3. GAUSSIAN INTEGERS 67

10
10 +8i

6(2 + i)
i(2 + i)
5 10 15

If you look carefully, you will see that there is more than one way to obtain a
remainder that like within the circle: for instance, both γ = 5 + i and γ = 6 + 2i
serve this purpose. However, they do not minimize N ((10 + 8i) − γ(2 + i)), and
we will use this fact to prove the general case.

Theorem 22. If γ is chosen as described above, then N (β − γα) < N (α).

Sketch of proof. Our proof relies highly on geometry, so it may help to draw some
pictures while reading this. In particular, we frequently use the norm of a Gaussian
integer as the radius of a circle around another one.
Suppose, to the contrary, that it is not; then the endpoint of γα lies on or
outside a circle of radius N (α) with the endpoint of β at the center. For simplicity,
we assume that α has positive real and imaginary parts; we can modify the easily
otherwise, as indicated below. Without loss of generality, suppose γα is closer to
the origin than β. Extend γ by adding to it one of γ̌ = γ + α or γ̂ = γ + iα. If
the distance to β remains unchanged in either direction, then these three points lie
on a circle with β at the center. By hypothesis, the circle has radius greater than
N (α), so that γ + (1 + i)α lies within it, contradicting the choice of both c and
d. Otherwise, supposed that both γ̌ and γ̂ lie further from β than γ; in this case, β
must lie within a circle of radius N (α) from γ, contradicting the hypothesis that
it does not. Thus, either γ̌ or γ̂ lies closer to β than γ, which again contradicts the
68 CHAPTER 3. CLASSICAL QUESTIONS

choice of c or d. We conclude that γ

Remark 4. Usually, textbooks present Gaussian division a different way: multiply

a fraction by the conjugate of the denominator, then pick “good” integers that are
close to the resulting complex number. For instance, our example above would
become
10 + 8i 2 − i 28 + 6i 28 6
· = = +i .
2+i 2−i 5 5 5
This suggests that, if we let γ = 6 + i, we get the answer we need — and that
was, in fact, the answer we found geometrically! See if you can visualize how this
approach relates to the method given above.

Exercises

1. Divide 30 + 23i by

(a) 4,
(b) 2i, and
(c) 4 + 2i.

Use both the geometric approach, and the method of simplifying a complex
fraction, then rounding. Notice that you don’t always get the same answer.

3.3.3 Primality
The only integers which have integral multiplicative inverses are ±1. Well, which
Gaussian integers have multiplicative inverses? Suppose a + bi has an inverse
c + di. You will show in the exercises that, in this case, b = −d/c2+d2. Because c
and d are integers, the sum of their squares must be 1 (it is the only way we can
get c2 + d2 to divide d) so c = ±1 and d = 0 or c = 0 and d = ±1. In short, the
only Gaussian integers with multiplicative inverses are ±1 and ±i.
Another question to ask is, what makes a Gaussian integer “prime”? Accord-
ing to the irreducibility criterion, an integer p is prime if p is divisible only by 1
3.3. GAUSSIAN INTEGERS 69

and itself. As an integer, 2 is prime because the only numbers that divide it are 1
and itself.
What about the Gaussian integers? Rather surprisingly, many prime integers
are not prime Gaussian integers! For example, 5 = (1 + 2i)(1 − 2i), 13 =
(2 + 3i)(2 − 3i), 17 = (1 + 4i)(1 − 4i), and so forth.
Does this happen to all prime integers? We pass over 2 for the moment, but
suppose there exist integers a and b such that 7 = (a + bi)(a − bi). That would
mean 7 = a2 + b2 . The fact that a and b are integers means that their squares
have to be positive integers, which means that they have to be smaller than 7.
That limits our options, and it’s easy to verify that no integer squares add up to 7:
1 + 1 = 2, 1 + 4 = 5, 4 + 4 = 8. So, 7 remains prime even as a Gaussian integer.
We see that the question of whether a number is prime depends very much on
the ring!
Exercises

1. Show that 2 is not a Gaussian prime.

2. Show that if an integer p factors as (a + bi)(c + di), then the factors are
conjugate.

3. Show that 3 is a Gaussian prime.

4. Show that 1 + i is a Gaussian prime.

5. Show that if a + bi and c + di are multiplicative inverses, then b = −d/c2 +d2 .

6. Experiment with some small prime integers to formulate a criterion which

identifies the ones that are prime Gaussian integers, and the ones that are
not prime Gaussian integers. Do not try to prove your connjecture. (Yet.)
70 CHAPTER 3. CLASSICAL QUESTIONS

3.4 Algebraic and transcendental numbers

We call a number algebraic when it can be expressed as the root of a polynomial
with integer coefficients. For example,

• 4 is algebraic, because it is a root of the polynomial x − 4; and

√
• 2 is algebraic, because it is a root of the polynomial x2 − 2.

We call a number transcendental if it is not algebraic. It is not immediately

obvious that any numbers are transcendental.
This section considers some properties of algebraic numbers, as well as the
existence of transcendental numbers.

3.4.1 The algebraic numbers form a ring

Let A be the set of algebraic numbers. Is this a ring? To see that it is, let α and β
be algebraic numbers. Since they are roots of polynomials, supposed they are the
roots of the polynomials f and g. There are infinitely many polynomials like this,
so choose f and g to be of minimal degree.
We first show closure of addition and multiplication. Let E be the smallest
ring that contains both Q and α, and let F be the smallest ring that contains E and
β. Notice that E is a vector space of finite dimension over Q, because its elements
all have the form ni=0 ai αi . In fact, E is itself a ring and a field, because the
P

scalars come from E itself, and α has an inverse:

Theorem 23. α has a multiplicative inverse in E.

Proof. Let a0 , a1 , . . ., an be the coefficients of f , with ai the coefficient of xi .

Since α is a root of f , we know that

a0 α0 + a1 α1 + . . . + an αn = 0.
3.4. ALGEBRAIC AND TRANSCENDENTAL NUMBERS 71

Rewrite this equation as

α a1 + a2 α1 + . . . + an αn−1 = −a0 .

Since 0 is not a root of f , we can divide both sides by −a0 , obtaining

 
a1 a2 1 an n−1
α − − α − ... − α = 1.
a0 a0 a0

So, we have found a multiplicative inverse, after all — but is it in E? The quotients
−ai/a0 are all rational numbers, and E is the smallest ring that contains both Q and
α, implying that, indeed,

a1 a2 1 an n−1
− − α − ... − α ∈ E.
a0 a0 a0

A similar argument shows that F is both a vector space of finite dimension

over E, and a field. Notice that this makes F a vector space of finite dimension
over Q, just as E is.
Since F is a field that contains both α and β, it must also contain both α + β
and αβ. But F is finite dimensional over Q, say of dimension n, which means that
we can find rational numbers c0 , c1 , . . . , cn and d0 , d1 , . . . , dn such that

c0 + c1 (α + β)1 + ... + cn (α + β)n = 0

and
d0 + d1 (αβ)1 + ... + dn (αβ)n = 0.

These equations remain true even if we multiply both sides by the greatest com-
mon denominators of the ci and the di , so we may assume that these coefficients
are actually integers! (If the first choice was wrong, just reassign them to the
coefficients obtained by clearing the denominators from the equations above.)
72 CHAPTER 3. CLASSICAL QUESTIONS

So, let

fˆ = c0 + c1 x + · · · + cn xn , and
ĝ = d0 + d1 x + · · · + dn xn .

Per the discussion above, fˆ and ĝ are polynomials with integer coefficients. Since
α + β is a root of fˆ and αβ is a root of ĝ, we see that α + β and αβ are algebraic.
Our choice of α and β was arbitrary in A, so the algebraic numbers are closed
under addition and multiplication.
We have shown that A is closed under addition and multiplication. The re-
maining properties of a ring are immediate, as A is a subset of the set C of complex
numbers, which is itself a ring.

3.4.2 Liouville’s number

It would be nice if all numbers were algebraic, but they are not. In fact, some
fairly important numbers, such as e and π, are not algebraic. Showing that these
numbers are transcendental lies beyond the scope of these notes. Instead, we look
at Liouville’s number,
∞
X 1
λ= .
i=1
10i!
If you’ve taken Calculus, then you’ll agree that this sum converges. The first
“few” digits of its decimal representation are

0.110001000000000000000001 . . . .

As the digits proceed on to the right, the number of 0’s between two 1’s grows
huge, thanks to the factorial. Since the decimal expansion neither terminates nor
repeats, λ must be irrational. What’s more, this particular pattern of non-repetition
is critical to transcendence. The require two steps, neither of which is obvious.
3.4. ALGEBRAIC AND TRANSCENDENTAL NUMBERS 73

The first step is to show Liouville’s inequality, which states that an irrational
algebraic number is not “especially close” to any rational number. What does that
mean? Suppose that α is algebraic and irrational, while a/b is rational. Choose a
minimal polynomial f of degree n that has α as a root; since f is minimal, it does
not factor. We will show that only finitely many rational numbers a/b are closer to
α than 1/bn+1 .
The second step is to show that λ does not satisfy Liouville’s inequality. Were
λ algebraic, only finitely many rational numbers a/b would be closer to α than
1/bn+1 , regardless of the choice of a/b. Remember that λ has all those increasing
lengths of 0’s: that will give us an infinite sequence of rational numbers that are
closer to λ than 1/10n+1 , regardless of the choice of n.

Proof of Liouville’s Inequality. Let α be an arbitrary algebraic number, and f a

polynomial of minimal degree, whose root is α. Suppose a/b is closer to α than
1/bn+1 . Without loss of generality, we may assume that b is positive; after all, if
it isn’t, we can switch the signs of a and b and have the same equation. Then
f (a/b) can be written as a fraction whose denominator is the integer bn and whose
numerator is an integer. Hence, |f (a/b)| ≥ 1/bn .
The Factor Theorem tells us that f factors as g · (x − α), where g is some
polynomial (not necessarily with integer coefficients). Hence |f (a/b)| = |a/b − α| ·
|g(a/b)|. By substitution, 1/bn ≤ |a/b − α| · |g(a/b)|. If a/b is as close to α as we
claim, then a/b is within 1/bn of α, and 1/bn is smaller than 1, so 1/bn is within 1 of
α, so |a/b| ≤ |α| + 1. Substitute this into g, and by using the triangle inequality on
the terms of g we find that

|g(a/b)| ≤ some expression in terms of α, but not in terms of a or b.

Call this expression c. By substitution, we have

1/bn ≤ |a/b − α| · |g(a/b)| ≤ 1/bn+1 · c.

74 CHAPTER 3. CLASSICAL QUESTIONS

Multiply both sides of the opposite ends of the inequality to find that

b ≤ c.

Since b is positive, there are only finitely many b that we can choose to be smaller
than c. For each of these, only finitely many a satisfy 1/bn+1 ≤ |a/b − α|. Hence,
there are only finitely many rational numbers a/b closer to α than 1/bn+1 .

Proof that λ is transcendental. Let n be any positive integer, and let

an 1 1 1
= + 2 + ··· + n.
bn 10 10 10
We can write a/b in lowest terms as 1+10+···+10n−1/10n . Consider that λ − an/bn =
1/10n+1 + 1/10n+2 +...; we have
an 2/10n+1 1
|λ − | < .
bn < bn+1
We have found an infinite sequence of integers a/b that are closer to λ than 1/bn+1 .
As this violates Liouville’s inequality, and λ is irrational, it cannot be algebraic:
λ must be transcendental.

Exercises
√
1. Find a polynomial f whose roots include 2. Try to give f as low a degree
as possible.
√
2. (a) Let E be the smallest ring that contains both Q and 2. What is the
dimension of E as a vector space over Q?
√
4
(b) Let F be the smallest ring that contains both E and 3. What is the
dimension of F as a vector space over E, and as a vector space over
Q?

3. Suppose that the polynomials f and g in the discussion of Section 3.4.1

have degree k and m. What are the dimensions of E and F, as vector spaces
over Q?
3.4. ALGEBRAIC AND TRANSCENDENTAL NUMBERS 75
√
4. Find the value of c that satisfies the proof of Liouville’s Inequality for 2.
76 CHAPTER 3. CLASSICAL QUESTIONS
Chapter 4

Congruences

A congruence is nothing more than a statement about divisibility. The theory of

congruences was introduced by Carl Friedreich Gauss. Gauss contributed to the
basic ideas of congruences and proved several theorems related to this theory. We
start by introducing congruences and their properties. We proceed to prove theo-
rems about the residue system in connection with the Euler φ-function. We then
present solutions to linear congruences which will serve as an introduction to the
Chinese remainder theorem. We present finally important congruence theorems
derived by Wilson, Fermat and Euler.

4.1 Introduction to congruences

As we mentioned in the introduction, the theory of congruences was developed by
Gauss at the beginning of the nineteenth century.

Definition 13. Let m be a positive integer. We say that a is congruent to b modulo

m if m | (a − b) where a and b are integers, i.e. if a = b + km where k ∈ Z.

If a is congruent to b modulo m, we write a ≡ b(mod m).

77
78 CHAPTER 4. CONGRUENCES

Example 28. 19 ≡ 5(mod 7). Similarly 2k + 1 ≡ 1(mod 2) which means every

odd number is congruent to 1 modulo 2.

There are many common properties between equations and congruences. Some
properties are listed in the following theorem.

Theorem 24. Let a, b, c and d denote integers. Let m be a positive integers. Then:

1. If a ≡ b(mod m), then b ≡ a(mod m).

2. If a ≡ b(mod m) and b ≡ c(mod m), then a ≡ c(mod m).

3. If a ≡ b(mod m), then a + c ≡ b + c(mod m).

4. If a ≡ b(mod m), then a − c ≡ b − c(mod m).

5. If a ≡ b(mod m), then ac ≡ bc(mod m).

6. If a ≡ b(mod m), then ac ≡ bc(mod mc), for c > 0.

7. If a ≡ b(mod m) and c ≡ d(mod m) then a + c ≡ (b + d)(mod m).

8. If a ≡ b(mod m) and c ≡ d(mod m) then a − c ≡ (b − d)(mod m).

9. If a ≡ b(mod m) and c ≡ d(mod m) then ac ≡ bd(mod m).

Proof. 1. If a ≡ b(mod m), then m | (a − b). Thus there exists integer k

such that a − b = mk, this implies b − a = m(−k) and thus m | (b − a).
Consequently b ≡ a(mod m).

2. Since a ≡ b(mod m), then m | (a − b). Also, b ≡ c(mod m), then m |

(b − c). As a result, there exit two integers k and l such that a = b + mk and
b = c + ml, which imply that a = c + m(k + l) giving that a = c(mod m).
4.1. INTRODUCTION TO CONGRUENCES 79

3. Since a ≡ b(mod m), then m | (a − b). So if we add and subtract c we get

m | ((a + c) − (b + c))

and as a result
a + c ≡ b + c(mod m).

4. Since a ≡ b(mod m), then m | (a − b) so we can subtract and add c and we

get
m | ((a − c) − (b − c))

and as a result
a − c ≡ b − c(mod m).

5. If a ≡ b(mod m), then m | (a − b). Thus there exists integer k such that
a − b = mk and as a result ac − bc = m(kc). Thus

m | (ac − bc)

and hence
ac ≡ bc(mod m).

6. If a ≡ b(mod m), then m | (a − b). Thus there exists integer k such that
a − b = mk and as a result

ac − bc = mc(k).

Thus
mc | (ac − bc)

and hence
ac ≡ bc(mod mc).
80 CHAPTER 4. CONGRUENCES

7. Since a ≡ b(mod m), then m | (a − b). Also, c ≡ d(mod m), then

m | (c−d). As a result, there exits two integers k and l such that a−b = mk
and c − d = ml. Note that

(a − b) + (c − d) = (a + c) − (b + d) = m(k + l).

As a result,
m | ((a + c) − (b + d)),

hence
a + c ≡ b + d(mod m).

8. If a = b + mk and c = d + ml where k and l are integers, then

(a − b) − (c − d) = (a − c) − (b − d) = m(k − l).

As a result,
m | ((a − c) − (b − d)),

hence
a − c ≡ b − d(mod m).

9. There exit two integers k and l such that a − b = mk and c − d = ml and

thus ca − cb = m(ck) and bc − bd = m(bl). Note that

(ca − cb) + (bc − bd) = ac − bd = m(kc − lb).

As a result,
m | (ac − bd),

hence
ac ≡ bd(mod m).
4.1. INTRODUCTION TO CONGRUENCES 81

Example 29.

1. Since 14 ≡ 8(mod 6), we conclude 8 ≡ 14(mod 6).

2. Since 22 ≡ 10(mod 6), we conclude that 10 ≡ 4(mod 6). Notice that, in

turn, 22 ≡ 4(mod 6).

3. Since 50 ≡ 20(mod 15), we conclude 50 + 5 = 55 ≡ 20 + 5 = 25(mod 15).

4. Since 50 ≡ 20(mod 15), we conclude 50 − 5 = 45 ≡ 20 − 5 = 15(mod 15).

5. Since 19 ≡ 16(mod3), we conclude 2(19) = 38 ≡ 2(16) = 32(mod 3).

6. Since 19 ≡ 16(mod3), we conclude 2(19) = 38 ≡ 2(16) = 32(mod 2(3) =

6).

7. Since 19 ≡ 3(mod 8) and 17 ≡ 9(mod 8), we conclude 19 + 17 = 36 ≡

3 + 9 = 12(mod 8).

8. Since 19 ≡ 3(mod 8) and 17 ≡ 9(mod 8), then 19 − 17 = 2 ≡ 3 − 9 =

−6(mod 8).

9. Since 19 ≡ 3(mod 8) and 17 ≡ 9(mod 8), we conclude 19(17) = 323 ≡

3(9) = 27(mod 8).

We now present a theorem that will show one difference between equations
and congruences: we cannot cancel across congruence in all cases. For instance,
8 × 6 ≡ 8(mod 20) and 16 × 8 ≡ 8(mod 20), so the transitive property implies
that 2 × 3 ≡ 4 × 3(mod 6). However, it is obviously a bad idea to cancel 8 from
both sides of this congruence, as 6 is not congruent to 16 modulo 10.
In general, this means that we cannot solve congruences in quite the same
way as we solve equations: the congruence 2x ≡ 0(mod m) does not force x ≡
0(mod m)! Nevertheless, there are some cases where this is possible, and we can
also find some similar properties that do hold. In other words, dividing both sides
of the congruence by the same integer doesn’t preserve the congruence.
82 CHAPTER 4. CONGRUENCES

Theorem 25.

1. If a, b, c and m are integers such that m > 0, d = (m, c) and ac ≡

bc(mod m), then a ≡ b(mod m/d).

2. If (m, c) = 1 then a = b(mod m) if ac ≡ bc(mod m).

Proof. Part 2 follows immediately from Part 1. For Part 1, if ac ≡ bc(mod m),
then
m | (ac − bc) = c(a − b).

Hence there exists k such that c(a − b) = mk. Dividing both sides by d, we get
(c/d)(a − b) = k(m/d). Since (m/d, c/d) = 1, it follows that m/d | (a − b).
Hence a ≡ b(mod m/d).

Example 30. 38 ≡ 10(mod 7). Since (2, 7) = 1 then 19 ≡ 5(mod 7).

The following theorem combines several congruences of two numbers with

different moduli.

Theorem 26. If

a ≡ b(mod m1 ), a ≡ b(mod m2 ), ..., a ≡ b(mod mt )

where a, b, m1 , m2 , ..., mt are integers and m1 , m2 , ..., mt are positive, then

a ≡ b(mod hm1 , m2 , ...mt i)

Proof. Since a ≡ b(mod mi ) for all 1 ≤ i ≤ t. Thus mi | (a − b). As a result,

hm1 , m2 , ..., mt i | (a − b)

(prove this as an exercise). Thus

a ≡ b(mod hm1 , m2 , ...mt i).

4.1. INTRODUCTION TO CONGRUENCES 83

Exercises

1. Determine whether 3 and 99 are congruent modulo 7 or not.

2. Show that if x is an odd integer, then x2 ≡ 1(mod 8)

3. Show that if a, b, m and n are integers such that m and n are positive, n | m
and a ≡ b(mod m), then a ≡ b(mod n).

4. Show that if ai ≡ bi (mod m) for i = 1, 2, ..., n, where m is a positive integer

and ai , bi are integers for j = 1, 2, ..., n, then ni=1 ai ≡ ni=1 bi (mod m)
P P

5. For which n does the expression 1 + 2 + ... + (n − 1) ≡ 0(mod n) holds.

6. Show that a number is divisible by three if and only if the sum of its digits
is divisible by 3.
Hint: Write 3 base 10, and use Theorem 24.

7. Show that a number is divisible by nine if and only if the sum of its digits is
divisible by 9.

8. Show that a number is divisible by four if and only if its last two digits (tens
and ones place) make a number that is divisible by four.

9. Show that a number is divisible by eight if and only if its last three digits
make a number that is divisible by eight.

10. Show that a number is divisible by eleven if and only if the alternating sum
of its digits is divisible by 11. For instance, the alternating sum of 112 = 121
is 1 − 2 + 1 = 0, and the alternating sum of 46 × 11 = 506 is 5 − 0 + 6 = 11.

11. Using techniques similar to those of the previous exercises, formulate and
prove rules of divisibility for 6 and 7.
84 CHAPTER 4. CONGRUENCES

4.2 Residue Systems and Euler’s φ-Function

4.2.1 Residue Systems

Suppose m is a positive integer. Given two integers a and b, we see that by the
division algorithm that a = bm + r where 0 ≤ r < m. We call r the least non-
negative residue of a modulo m. As a result, we see that any integer is congruent
to one of the integers 0, 1, 2, ..., m − 1 modulo m.

Definition 14. A complete residue system modulo m is a set of integers such that
every integer is congruent modulo m to exactly one integer of the set.

The easiest complete residue system modulo m is the set of integers 0, 1, 2, ..., m−
1. Every integer is congruent to one of these integers modulo m. This is important
enough that mathematicians call it the set of canonical residues modulo m.

Example 31. The set of integers {0, 1, 2, 3, 4} form a complete residue system
modulo 5. Another complete residue system modulo 5 could be 6, 7, 8, 9, 10.

Definition 15. A reduced residue system modulo m is a set of integers ri such that
(ri , m) = 1 for all i and ri 6= rj (mod m) if i 6= j.

Notice that, a reduced residue system modulo m can be obtained by deleting

all the elements of the complete residue system set that are not relatively prime to
m.

Example 32. The set of integers {1, 5} is a reduced residue system modulo 6.

The following lemma will help determine a complete residue system modulo
any positive integer m.

Lemma 11. A set of m incongruent integers modulo m forms a complete residue

system modulo m.
4.2. RESIDUE SYSTEMS AND EULER’S φ-FUNCTION 85

Proof. We will prove this lemma by contradiction. Suppose that the set of m
integers does not form a complete residue system modulo m. Then we can find at
least one integer a that is not congruent to any element in this set. Hence non of
the elements of this set is actually congruent to the remainder when a is divided
by m. Thus dividing by m yields to at most m − 1 remainders. Therefore by the
pigeonhole principle, at least two integers in the set that have the same remainder
modulo m. This is a contradiction since the set of integers is formed of m integers
that are incongruent modulo m.

Theorem 27. If a1 , a2 , ..., am is a complete residue system modulo m, and if k is

a positive integer with (k, m) = 1, then

ka1 + b, ka2 + b, ..., kam + b

is another complete residue system modulo m for any integer b.

Proof. Let us prove first that no two elements of the set {ka1 +b, ka2 +b, ..., kam +
b} are congruent modulo m. Suppose there exists i and j such that

kai + b ≡ kaj + b(mod m).

Thus we get that

kai ≡ kaj (mod m).

Now since (k, m) = 1, we get

ai ≡ aj (mod m)

But for i 6= j, ai is inequivalent to aj modulo m. Thus i = j. Now notice that

there are m inequivalent integers modulo m and thus by Lemma 10, the set form
a complete residue system modulo m.
86 CHAPTER 4. CONGRUENCES

4.2.2 Euler’s φ-Function

We now present a function that counts the number of positive integers less than a
given integer that are relatively prime to that given integer. This function is called
Euler φ-function. We will discuss the properties of Euler φ-function in details in
chapter 5. It will be sufficient for our purposes in this chapter to the notation.

Definition 16. The Euler φ-function of a positive integer n, denoted by φ(n)

counts the number of positive integers less than n that are relatively prime to
n.

Example 33. Since 1 and 3 are the only two integers that are relatively prime to
4 and less than 4, then φ(4) = 2. Also, 1,2,...,6 are the integers that are relatively
prime to 7 that are less than 7, thus φ(7) = 6.

Now we can say that the number of elements in a reduced residue system
modulo n is φ(n).

Theorem 28. If a1 , a2 , ..., aφ(n) is a reduced residue system modulo n and (k, n) =
1, then ka1 , ka2 , ..., kaφ(n) is a reduced residue system modulo n.

Proof. The proof proceeds exactly in the same way as that of Theorem 24.

Exercises

1. Give a reduced residue system modulo 12.

2. Give a complete residue system modulo 13 consisting only of odd integers.

3. Find φ(8) and φ(101).

4. Show that any reduced residue system satisfies the properties of a ring.
4.3. LINEAR CONGRUENCES 87

4.3 Linear Congruences

Because congruences are analogous to equations, it is natural to ask about solu-
tions of linear equations. In this section, we will be discussing linear congruences
of one variable and their solutions. We start by defining linear congruences.

Definition 17. A congruence of the form ax ≡ b(mod m) where x is an unknown

integer is called a linear congruence in one variable.

It is important to know that if x0 is a solution for a linear congruence, then

all integers xi such that xi ≡ x0 (mod m) are solutions of the linear congruence.
Notice also that ax ≡ b(mod m) is equivalent to a linear Diophantine equation
i.e. there exists y such that ax − my = b. We now prove theorems about the
solutions of linear congruences.

Theorem 29. Let a, b and m be integers such that m > 0 and let c = (a, m). If c
does not divide b, then the congruence ax ≡ b(mod m) has no solutions. If c | b,
then
ax ≡ b(mod m)

has exactly c incongruent solutions modulo m.

Proof. As we mentioned earlier, ax ≡ b(mod m) is equivalent to ax − my = b.

By Theorem 19 on Diophantine equations, we know that if c does not divide b,
then the equation, ax − my = b has no solutions. Notice also that if c | b, then
there are infinitely many solutions whose variable x is given by

x = x0 + (m/c)t

Thus the above values of x are solutions of the congruence ax ≡ b(mod m). Now
we have to determine the number of incongruent solutions that we have. Suppose
that two solutions are congruent, i.e.

x0 + (m/c)t1 ≡ x0 + (m/c)t2 (mod m).

88 CHAPTER 4. CONGRUENCES

Thus we get
(m/c)t1 ≡ (m/c)t2 (mod m).

Now notice that (m, m/c) = m/c and thus

t1 ≡ t2 (mod c).

Thus we get a set of incongruent solutions given by x = x0 + (m/c)t, where t is

taken modulo c.

Remark 5. Notice that if c = (a, m) = 1, then there is a unique solution modulo

m for the equation ax ≡ b(mod m).

Example 34. Let us find all the solutions of the congruence 3x ≡ 12(mod 6).
Notice that (3, 6) = 3 and 3 | 12. Thus there are three incongruent solutions
modulo 6. We use the Euclidean algorithm to find the solution of the equation
3x − 6y = 12 as described in chapter 2. As a result, we get x0 = 6. Thus the
three incongruent solutions are given by x1 = 6(mod 6), x1 = 6 + 2 = 2(mod 6)
and x2 = 6 + 4 = 4(mod 6).

As we mentioned earlier in Remark 2, the congruence ax ≡ b(mod m) has a

unique solution if (a, m) = 1. This will allow us to talk about modular inverses.

Definition 18. A solution for the congruence ax ≡ 1(mod m) for (a, m) = 1 is

called the modular inverse of a modulo m. We denote such a solution by ā.

Example 35. The modular inverse of 7 modulo 48 is 7. Notice that a solution for
7x ≡ 1(mod 48) is x ≡ 7(mod 48).

Exercises

1. Find all solutions of 3x ≡ 6(mod 9).

2. Find all solutions of 3x ≡ 2(mod 7).

4.4. THE CHINESE REMAINDER THEOREM 89

3. Find an inverse modulo 13 of 2 and of 11.

4. Show that if ā is the inverse of a modulo m and b̄ is the inverse of b modulo

m, then āb̄ is the inverse of ab modulo m.

4.4 The Chinese Remainder Theorem

In this section, we discuss the solution of a system of congruences having different
moduli. An example of this kind of systems is the following; find a number that
leaves a remainder of 1 when divided by 2, a remainder of 2 when divided by
three and a remainder of 3 when divided by 5. This kind of question can be
translated into the language of congruences. As a result, in this chapter, we present
a systematic way of solving this system of congruences.

4.4.1 Direct solution

Theorem 30. The system of congruences

x ≡ b1 (mod n1 ),
x ≡ b2 (mod n2 ),
..
.
x ≡ bt (mod nt ),

has a unique solution modulo N = n1 n2 ...nt if n1 , n2 , ..., nt are pairwise rela-

tively prime positive integers.

Proof. Let Nk = N/nk . Since (ni , nj ) = 1 for all i 6= j, then (Nk , nk ) = 1.

Hence by Theorem 26 , we can find an inverse yk of Nk modulo nk such that
Nk yk ≡ 1(mod nk ). Consider now
t
X
x= bi Ni yi
i=1
90 CHAPTER 4. CONGRUENCES

Since
Nj ≡ 0(mod nk ) for all j 6= k,

thus we see that

x ≡ bk Nk yk (mod nk ).

Also notice that Nk yk ≡ 1(mod nk ). Hence x is a solution to the system of t

congruences. We have to show now that any two solutions are congruent modulo
N . Suppose now that you have two solutions x0 , x1 to the system of congruences.
Then
x0 ≡ x1 (mod nk )

for all 1 ≤ k ≤ t. Thus by Theorem 23, we see that

x0 ≡ x1 (mod N ).

Thus the solution of the system is unique modulo N .

We now present an example that will show how the Chinese remainder theo-
rem is used to determine the solution of a given system of congruences.

Example 36. Solve the system

x ≡ 1(mod 2)
x ≡ 2(mod 3)
x ≡ 3(mod 5).

We have N = 2.3.5 = 30. Also

N1 = 30/2 = 15, N2 = 30/3 = 10and N3 = 30/5 = 6.

So we have to solve now 15y1 ≡ 1(mod 2). Thus

y1 ≡ 1(mod 2).
4.4. THE CHINESE REMAINDER THEOREM 91

In the same way, we find that

y2 ≡ 1(mod 3)and y3 ≡ 1(mod 5).

As a result, we get

x ≡ 1.15.1 + 2.10.1 + 3.6.1 ≡ 53 ≡ 23(mod 30).

Exercises

1. Find an integer that leaves a remainder of 2 when divided by either 3 or 5,

but that is divisible by 4.

2. Find all integers that leave a remainder of 4 when divided by 11 and leaves
a remainder of 3 when divided by 17.

3. Find all integers that leave a remainder of 1 when divided by 2, a remainder

of 2 when divided by 3 and a remainder of 3 when divided by 5.

4.4.2 Incremental solution

An alternate approach, which works with a more general class of systems of con-
gruence, is to solve incrementally. We have observed already that a linear con-
gruence corresponds to a linear Diophantine equation; thus, it is possible to take
a system of linear congruences, solve one, use its solution to solve a second, use
the resulting solution to solve a third, etc. In these cases, you can often find a
“unique” solution to the system even when the moduli are not pairwise prime.
For instance, suppose that x ≡ (mod 6), x ≡ 2(mod 10), and x ≡ 7(mod 15).
Here, no pair of moduli is relatively prime, but we can still find a unique solution
by rewriting the congruences as linear Diophantine equations.
Start by looking at the first congruence. Its solutions have the form x = 6q +4,
where q is an integer. Substitute this into the second congruence, and we have
6q + 4 ≡ 2(mod 10). This tells us that 6q + 4 = 10r + 2, where r is an integer.
92 CHAPTER 4. CONGRUENCES

Solving this in the usual fashion for linear Diophantine equations, we find that all
solutions of the equation have the form q = −2 + 5a and r = −1 + 3a, where a
is an integer. By substitution, x = 6(−2 + 5a) + 4 = 30a − 8.
Substitute this into the third congruence, and we have 30a − 8 ≡ 15s + 7.
Solving this again in the usual fashion for linear Diophantine equations, we find
that all solutions of the equation have the form a = 1 + b, s = 1 + 2b, where b is
an integer. By substitution, x = 30(1 + b) − 8 = 30b − 8. We can now verify that

x ≡ 4 (mod 6), since 30b − 8 = (30b − 12) + 4 = 6(5b − 2) + 4;

x ≡ 2 (mod 10), since 30b − 8 = (30b − 10) + 2 = 10(3b − 1) + 2; and
x ≡ 7 (mod 15), since 30b − 8 = (30b − 15) + 7 = 15(2b − 1) + 7.

We found a solution to the system!

But in what sense is this solution “unique”? After all, there are infinitely many
solutions for x! Each new solution comes by adding or subtracting a multiple of 30
to a known solution, and 30 = lcm(6, 10, 15). Thus, the solution is unique modulo
the least common multiple! Notice how this generalizes the Chinese Remainder
Theorem: in that case, lcm(n1 , n2 , . . . , nt ) = N precisely because the ni are
pairwise relatively prime.
Exercises

1. Solve the system of linear congruences x ≡ 4(mod 14), x ≡ 7(mod 15),

x ≡ 4(mod 21).

2. Show that there is no solution to the system of linear congruences x ≡

0(mod 6), x ≡ 7(mod 15), x ≡ 2(mod 10).

3. Show that if a solution of a system of linear congruences modulo n1 , n2 ,

. . . , nt exists, then the solution is unique modulo lcm(n1 , n2 , . . . , nt ).
4.5. FIELD PROPERTIES OF RESIDUES, PRIMALITY 93

4.5 Field properties of residues modulo a prime, and

a primality test
Recall that “primality” is a fancy word for “the property of being prime”, and a
“primality test” is a criterion that determines whether an integer is prime. Cur-
rently, we have two theoretical criteria for primality of an integer:

• the irreducibility criterion (Definition 8); and

• Euclid’s criterion (Definition 9).

These are not especially useful for testing whether an integer is prime. To start
with, Euclid’s criterion isn’t even finite, as we’d have to test every product of
integers. At least the irreducibility criterion requires us to check only finitely
√
many factors (2, 3, 4, . . . , p) but even this gets tedious and wasteful as the
numbers grow beyond toy size. This section gives a third criterion for primality,
also finite, that takes a different approach.

4.5.1 When is a system of residues a field?

A set F is a field if addition and multiplication work the same in F as they do for
rational numbers:

• Addition satisfies the properties of:

– closure, associativity, and commutativity;

– there is an identity z such that z + x = x = x + z for every x ∈ F; and

– every x ∈ F has an inverse y ∈ F such that x + y = z = y + x.

• Multiplication satisfies the properties of:

– closure, associativity, and commutativity;

94 CHAPTER 4. CONGRUENCES

– there is an identity ι ∈ F such that ιx = x = xι for every x ∈ F;

– every x ∈ F has an inverse y ∈ F such that xy = ι = yx; and

– distribution over addition.

Guess what? If p is prime, then the set Fp = {0, 1, ..., p − 1} is a field, where
addition and multiplication are performed modulo p. How so?

• Closure: Let x, y ∈ Fp . If we perform addition and multiplication modulo

p, then the sum and product can both be rewritten as elements of Fp by
computing the remainder from division by p.

• Associative: Let x, y, z ∈ Fp . Let w be the element of Fp satisfy w ≡

(x + y) + z (mod p). By definition of congruence, we can find an integer
q such that (x + y) + z = pq + w. Integer addition is associative, so
x + (y + z) = pq + w, also. By definition, w ≡ x + (y + z) (modp). Hence
x + (y + z) ≡ w ≡ (x + y) + z: addition is associative modulo p. A similar
argument shows that multiplication is associative modulo p.

• Identity: Let x ∈ Fp . Notice that 0, 1 ∈ Fp ; they satisfy the properties

x + 0 = x = 0 + x and 1 · x = x = x · 1 as integers, so substitution implies
that they are congruent modulo p.

• Additive inverse: Let x be in Fp . We claim that p − x is an additive inverse

of x. Indeed, (p − x) + x = p = x + (p − x) as integers, and p ≡ 0 (mod p),
so an additive inverse exists. In addition, p − x ∈ Fp , so the inverse exists
in Fp .

• Multiplicative inverse: See Theorem 31.

• Distributive: Let x, y, z ∈ Fp . Notice that x(y + z) = xy + xz as integers,

so substitution implies that they are congruent modulo p.
4.5. FIELD PROPERTIES OF RESIDUES, PRIMALITY 95

All the properties of a field are fairly clear, except multiplicative inverses. We turn
our attention to that now.

Theorem 31 (Fermat’s Little Theorem). If p is prime, then xp−1 ≡ 1 for any

x ∈ Fp . In other words, xp−2 is the multiplicative inverse of x.

Example 37. In F7 , we see that

• 2 · 25 ≡ 2 · 32 ≡ 2 · 4 ≡ 8 ≡ 1 (mod 7);

• 3 · 35 ≡ 3 · 243 ≡ 729 ≡ 1 (mod 7);

• ...

• 6 · 65 ≡ 6 · 7776 ≡ 46656 ≡ 1 (mod 7).

Alas, we cannot test it for all possible prime numbers, because (as we saw
earlier) there are infinitely many primes. To show that this is true for all primes,
we adopt a different approach.

Proof. Let x ∈ Fp , and consider the product

x × 2x × 3x × . . . × ((p − 1)x) = (p − 1)!xp−1 . (4.1)

On the other hand, Theorem 27 tells us that {x, 2x, . . . , (p − 1)x} is a complete
system of residues, so its elements are congruent to {1, 2, . . . , p − 1}. By substi-
tution, then,

x × 2x × 3x × . . . × ((p − 1)x) ≡ 1 × 2 × 3 × . . . × (p − 1) = (p − 1)!. (4.2)

Combining equations (4.1) and (4.2) via the transitive property, we see that

(p − 1)!xp−1 ≡ (p − 1)! (modp).

96 CHAPTER 4. CONGRUENCES

The nonzero elements of Fp are all relatively prime to p. Thus, their product is
also relatively prime to p. By Theorem 25, we can cancel (p − 1)! from both sides
of this last equation to obtain the desired result:

xp−1 ≡ 1 (mod p).

4.5.2 Fermat’s Last Theorem as a primality test

If you think about it, you can see that Fermat’s Little Theorem gives us a primality
test. Recall that if a statement is true, then its contrapositive is also true. Fermat’s
Little Theorem states that if p is prime, then ap−1 ≡ 1 (mod p). The contrapositive
of this statement is that if ap−1 6≡ 1 (mod p), then p is not prime!

Example 38. We use a = 2 and p = 77 to show that 77 is not prime:

276 ≡ 26 × (27 )10 ≡ 26 × 5110 ≡ 26 × 605

≡ 26 × 60 × 582 ≡ 64 × 60 × 53 ≡ 9 (mod 77).

We did not end up with 1, so 77 is not prime.

Notice how we used properties of exponents to simplify the computation con-

siderably.
Unfortunately, the converse of the statement is not true: we can have am−1 ≡
1 (mod m), even when m is not prime and a 6= 1. For example, if m = 341,
then am−1 ≡ 1 for 98 elements in {2, 3, ..., 341}, even though 341 factors as the
product of 11 and 31.
Exercises

1. Use Fermat’s Little Theorem to show that 12 and 1001 are not prime. As a
hint, when computing ap−1 , try to group products so that you minimize the
number of multiplications necessary.
4.6. THEOREMS OF FERMAT, EULER, AND WILSON 97

4.6 Theorems of Fermat, Euler, and Wilson

In this section we present three applications of congruences. The first theorem
is Wilson’s theorem which states that (p − 1)! + 1 is divisible by p, for p prime.
Next, we present Fermat’s theorem, also known as Fermat’s little theorem which
states that ap and a have the same remainders when divided by p where p - a.
Finally we present Euler’s theorem which is a generalization of Fermat’s theorem
and it states that for any positive integer m that is relatively prime to an integer a,
aφ(m) ≡ 1(mod m) where φ is Euler’s φ-function. We start by proving a theorem
about the inverse of integers modulo primes.

Theorem 32. Let p be a prime. A positive integer m is its own inverse modulo p
if and only if p divides m + 1 or p divides m − 1.

Proof. Suppose that m is its own inverse. Thus

m.m ≡ 1(mod p).

Hence p | m2 − 1. As a result,

p | (m − 1)or p | (m + 1).

We get that m ≡ 1(mod p) or m ≡ −1(mod p).

Conversely, suppose that

m ≡ 1(mod p)or m ≡ −1(mod p).

Thus
m2 ≡ 1(mod p).

Theorem 33. Wilson’s Theorem If p is a prime number, then p divides (p−1)!+1.

98 CHAPTER 4. CONGRUENCES

Proof. When p = 2, the congruence holds. Now let p > 2. Using Theorem
26, we see that for each 1 ≤ m ≤ p, there is an inverse 1 ≤ m̄ ≤ p such that
mm̄ ≡ 1(mod p). Thus by Theorem 28, we see that the only two integers that
have their own inverses are 1 and p − 1. Hence after coupling the integers from 2
to p − 2 each with its inverse, we get

2.3.....(p − 2) ≡ 1(mod p).

Thus we get
1.2.3.....(p − 2)(p − 1) ≡ (p − 1)(mod p)
As a result, we have (p − 1)! ≡ −1(mod p).

Note also that the converse of Wilson’s theorem also holds. The converse tells
us whether an integer is prime or not.

Theorem 34. If m is a positive integer with m ≥ 2 such that

(m − 1)! + 1 ≡ 0 (mod m)

then m is prime.

Proof. Suppose that m has a proper divisor c1 and that

(m − 1)! + 1 ≡ 0(mod m).

That is m = c1 c2 where 1 < c1 < m and 1 < c2 < m. Thus c1 is a divisor of

(m − 1)!. Also, since
m | ((m − 1)! + 1),
we get
c1 | ((m − 1)! + 1).
As a result, by Theorem 4, we get that

c1 | ((m − 1)! + 1 − (m − 1)!),

which gives that c1 | 1. This is a contradiction and hence m is prime.

4.6. THEOREMS OF FERMAT, EULER, AND WILSON 99

We now present Fermat’s Theorem or what is also known as Fermat’s Little

Theorem. It states that the remainder of ap−1 when divided by a prime p that
doesn’t divide a is 1. We then state Euler’s theorem which states that the remain-
der of aφ(m) when divided by a positive integer m that is relatively prime to a is
1. We prove Euler’s Theorem only because Fermat’s Theorem is nothing but a
special case of Euler’s Theorem. This is due to the fact that for a prime number p,
φ(p) = p − 1.

Theorem 35. Euler’s Theorem If m is a positive integer and a is an integer such

that (a, m) = 1, then
aφ(m) ≡ 1(mod m)

Example 39. Note that 34 = 81 ≡ 1(mod 5). Also, 2φ(9) = 26 = 64 ≡ 1(mod 9).

We now present the proof of Euler’s theorem.

Proof. Let k1 , k2 , ..., kφ(m) be a reduced residue system modulo m. By Theorem

25, the set
{ak1 , ak2 , ..., akφ(m) }
also forms a reduced residue system modulo m. Thus

ak1 ak2 ...akφ(m) = aφ(m) k1 k2 ...kφ(m) ≡ k1 k2 ...kφ(m) (mod m).

Now since (ki , m) = 1 for all 1 ≤ i ≤ φ(m), we have (k1 k2 ...kφ(m) , m) = 1.

Hence by Theorem 22 we can cancel the product of k’s on both sides and we get

aφ(m) ≡ 1(mod m).

An immediate consequence of Euler’s Theorem is:

Corollary 1. Fermat’s Theorem If p is a prime and a is a positive integer with

p - a, then
ap−1 ≡ 1(mod p).
100 CHAPTER 4. CONGRUENCES

We now present a couple of theorems that are direct consequences of Fermat’s

theorem. The first states Fermat’s theorem in a different way. It says that the
remainder of ap when divided by p is the same as the remainder of a when divided
by p. The other theorem determines the inverse of an integer a modulo p where
p - a.

Theorem 36. If p is a prime number and a is a positive integer, then ap ≡

a(mod p).

Proof. If p - a, by Fermat’s theorem we know that

ap−1 ≡ 1(mod p).

Thus, we get
ap ≡ a(mod p).

Now if p | a, we have
ap ≡ a ≡ 0(mod p).

Theorem 37. If p is a prime number and a is an integer such that p - a, then ap−2
is the inverse of a modulo p.

Proof. If p - a, then Fermat’s theorem says that

ap−1 ≡ 1(mod p).

Hence
ap−2 a ≡ 1(mod p).

As a result, ap−2 is the inverse of a modulo p.

Exercises

1. Show that 10!+1 is divisible by 11.

4.6. THEOREMS OF FERMAT, EULER, AND WILSON 101

2. What is the remainder when 5!25! is divided by 31?

3. What is the remainder when 5100 is divided by 7?

4. Show that if p is an odd prime, then 2(p − 3)! ≡ −1(mod p).

5. Find a reduced residue system modulo 2m , where m is a positive integer.

6. Show that if a1 , a2 , ..., aφ(m) is a reduced residue system modulo m, where

m is a positive integer with m 6= 2, then a1 + a2 + ... + aφ(m) ≡ 0(mod m).

7. Show that if a is an integer such that a is not divisible by 3 or such that a is

divisible by 9, then a7 ≡ a(mod 63).
102 CHAPTER 4. CONGRUENCES
Chapter 5

Multiplicative Number Theoretic

Functions

In this chapter, we study functions, called multiplicative functions, that are defined
on integers. These functions have the property that their value at the product of
two relatively prime integers is equal to the product of the value of the functions at
these integers. We start by proving several theorems about multiplicative functions
that we will use later. We then study special functions and prove that the Euler
φ-function that was seen before is actually multiplicative. We also define the sum
of divisors and the number of divisors functions.

Later define the Mobius function which investigate integers in terms of their
prime decomposition. The summatory function of a given function takes the sum
of the values of f at the divisors of a given integer n. We then determine the
Mobius inversion of this function which writes the values of f in terms of the
values of its summatory function. We end this chapter by presenting integers with
interesting properties and prove some of their properties.

103
104 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

5.1 Definitions and Properties

Definition 19. An arithmetic function is a function whose domain of definition is
the set N of positive integers.

Definition 20. An arithmetic function f is called multiplicative if f (ab) = f (a)f (b)

for all a, b ∈ N such that (a, b) = 1.

Definition 21. An arithmetic function f is called completely multiplicative if

f (ab) = f (a)f (b) (5.1)

for all positive integers a, b.

Example 40. The function f (a) = 1 where k is a completely multiplicative func-

tion since
f (ab) = 1 = f (a)f (b).

Notice also that a completely multiplicative function is a multiplicative function

but not otherwise.

We now prove a theorem about multiplicative functions. We will be interested

in studying the properties of multiplicative functions rather than the completely
multiplicative ones.
Qs
Theorem 38. Given a multiplicative function f . Let n = k=1 pakk be the prime
factorization of n. Then
s
Y
f (n) = f (pakk ).
k=1

Proof. We prove this theorem by induction on the number of primes in the factor-
ization of n. Suppose that n = pa11 . Thus the result follow easily. Suppose now
that for s
Y
n= pakk ,
k=1
5.1. DEFINITIONS AND PROPERTIES 105

we have s
Y
f (n) = f (pakk ).
k=1
So we have to prove that if
s+1
Y
n= pakk ,
k=1
then
s+1
Y
f (n) = f (pakk ).
k=1
Notice that for
s+1
Y
n= pakk ,
k=1
Qs ak as+1
we have ( k=1 pk , ps+1 )= 1. Thus we have
s+1
! s
!
Y Y as+1

f (n) = f pakk = f pakk f ps+1
k=1 k=1

which by the inductive step gives

s+1
! s+1
Y Y
f pakk = f (n) = f (pakk ).
k=1 k=1

From the above theorem, we can see that to evaluate a multiplicative function
at an integer, it will be enough to know the value of the function at the primes that
are in the prime factorization of the number.
We now define summatory functions which represents the sum of the values
of a given function at the divisors of a given number.

Definition 22. Let f be an arithmetic function. Define

X
F (n) = f (d)
d|n

Then F is called the summatory function of f .

106 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

This function determines the sum of the values of the arithmetic function at
the divisors of a given integer.

Example 41. If f (n) is an arithmetic function, then

X
F (18) = f (d) = f (1) + f (2) + f (3) + f (6) + f (9) + f (18).
d|18

Theorem 39. If f is a multiplicative function, then the summatory function of f

P
denoted by F (n) = d|n f (d) is also multiplicative.

Proof. We have to prove that F (mn) = F (m)F (n) whenever (m, n) = 1. We

have
X
F (mn) = f (d).
d|mn

Notice that by Lemma 6, each divisor of mn can be written uniquely as a product

of relatively prime divisors d1 of m and d2 of n, moreover the product of any two
divisors of m and n is a divisor of mn. Thus we get
X
F (mn) = f (d1 d2 )
d1 |m,d2 |n

Notice that since f is multiplicative, we have

X
F (mn) = f (d1 d2 )
d1 |m,d2 |n
X
= f (d1 )f (d2 )
d1 |m,d2 |n
X X
= f (d1 ) f (d2 ) = F (m)F (n)
d1 |m d2 |n

Exercises

1. Determine whether the arithmetic functions f (n) = n! and g(n) = n/2 are
completely multiplicative or not.
5.2. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS 107

2. Define the arithmetic function g(n) by the following. g(n)=1 if n = 1 and 0

for n > 1. Prove that g(n) is multiplicative.

5.2 Multiplicative Number Theoretic Functions

We now present several multiplicative number theoretic functions which will play
a crucial role in many number theoretic results. We start by discussing the Euler
phi-function which was defined in an earlier chapter. We then define the sum-of-
divisors function and the number-of-divisors function along with their properties.

5.2.1 The Euler φ-Function

As defined earlier, the Euler φ-function counts the number of integers smaller
than and relatively prime to a given integer. We first calculate the value of the
phi-function at primes and prime powers.

Theorem 40. If p is prime, then φ(p) = p − 1. Conversely, if p is an integer such

that φ(p) = p − 1, then p is prime.

Proof. The first part is obvious since every positive integer less than p is relatively
prime to p. Conversely, suppose that p is not prime. Then p = 1 or p is a composite
number. If p = 1, then φ(p) 6= p − 1. Now if p is composite, then p has a positive
divisor. Thus φ(p) 6= p − 1. We have a contradiction and thus p is prime.

We now find the value of φ at prime powers.

Theorem 41. Let p be a prime and m a positive integer, then φ(pm ) = pm −pm−1 .

Proof. Note that all integers that are relatively prime to pm and that are less than
pm are those that are not multiple of p. Those integers are p, 2p, 3p, ..., pm−1 p.
There are pm−1 of those integers that are not relatively prime to pm and that are
less than pm . Thus
φ(pm ) = pm − pm−1 .
108 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

Example 42. φ(73 ) = 73 − 72 = 343 − 49 = 294. Also φ(210 ) = 210 − 29 = 512.

We now prove that φ is a multiplicative function.

Theorem 42. Let m and n be two relatively prime positive integers. Then φ(mn) =
φ(m)φ(n).

Proof. Denote φ(m) by s and let k1 , k2 , ..., ks be a reduced residue system modulo
m. Similarly, denote φ(n) by t and let k10 , k20 , ..., kt0 be a reduced residue system
modulo n. Notice that if x belongs to a reduced residue system modulo mn, then

(x, m) = (x, n) = 1.

Thus
x ≡ ki (mod m)and x ≡ kj0 (mod n)
for some i, j. Conversely, if

x ≡ ki (mod m)and x ≡ kj0 (mod n)

some i, j then (x, mn) = 1 and thus x belongs to a reduced residue system modulo
mn. Thus a reduced residue system modulo mn can be obtained by by determin-
ing all x that are congruent to ki and kj0 modulo m and n respectively. By the
Chinese remainder theorem, the system of equations

x ≡ ki (mod m)and x ≡ kj0 (mod n)

has a unique solution. Thus different i and j will yield different answers. Thus
φ(mn) = st.

We now derive a formula for φ(n).

Theorem 43. Let n = pa11 pa22 ...pas s be the prime factorization of n. Then
    
1 1 1
φ(n) = n 1 − 1− ... 1 − .
p1 p2 ps
5.2. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS 109

Proof. By Theorem 37, we can see that for all 1 ≤ i ≤ k

 
ai ai ai −1 ai 1
φ(pi ) = pi − pi = pi 1 − .
pi

Thus by Theorem 38,

φ(n) = φ(pa11 pa22 ...pas s )

= φ(pa11 )φ(pa22 )...φ(pas s )
     
a1 1 a2 1 as 1
= p1 1 − p2 1 − ...ps 1 −
p1 p ps
  2   
a1 a2 ak 1 1 1
= p1 p2 ...pk 1 − 1− ... 1 −
p1 p2 ps
    
1 1 1
= n 1− 1− ... 1 − .
p1 p2 ps

Example 43. Note that

  
3 2 1 1
φ(200) = φ(2 5 ) = 200 1 − 1− = 80.
2 5

Theorem 44. Let n be a positive integer greater than 2. Then φ(n) is even.

Proof. Let n = pa11 pa22 ...pakk . Since φ is multiplicative, then

k
a
Y
φ(n) = φ(pj j ).
j=1

Thus by Theorem 39, we have

a a −1−1
φ(pj j ) = pj j (pj − 1).

a
We see then φ(pj j )is even if pj is an odd prime. Notice also that if pj = 2, then it
a
follows that φ(pj j ) is even. Hence φ(n) is even.
110 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

Theorem 45. Let n be a positive integer. Then

X
φ(d) = n.
d|n

Proof. Split the integers from 1 to n into classes. Put an integer m in the class Cd
if the greatest common divisor of m and n is d. Thus the number of integers in the
Cd class is the number of positive integers not exceeding n/d that are relatively
prime to n/d. Thus we have φ(n/d) integers in Cd . Thus we see that
X
n= φ(n/d).
d|n

As d runs over all divisors of n, so does n/d. Hence

X X
n= φ(n/d) = φ(d).
d|n d|n

5.2.2 The Sum-of-Divisors Function

The sum of divisors function, denoted by σ(n), is the sum of all positive divisors
of n.

Example 44. σ(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28.

P
Note that we can express σ(n) as σ(n) = d|n d.
We now prove that σ(n) is a multiplicative function.

Theorem 46. The sum of divisors function σ(n) is multiplicative.

Proof. We have proved in Theorem 35 that the summatory function is multiplica-

tive once f is multiplicative. Thus let f (n) = n and notice that f (n) is multiplica-
tive. As a result, σ(n) is multiplicative.
5.2. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS 111

Once we found out that σ(n) is multiplicative, it remains to evaluate σ(n) at

powers of primes and hence we can derive a formula for its values at any positive
integer.

Theorem 47. Let p be a prime and let n = pa11 pa22 ...pat t be a positive integer. Then

pa+1 − 1
σ(pa ) = ,
p−1
and as a result,
t a +1
Y pj j − 1
σ(n) =
j=1
pj − 1

Proof. Notice that the divisors of pa are 1, p, p2 , ..., pa . Thus

pa+1 − 1
σ(pa ) = 1 + p + p2 + ... + pa = .
p−1
where the above sum is the sum of the terms of a geometric progression.
Now since σ(n) is multiplicative, we have

σ(n) = σ(pa1 )σ(pa2 )...σ(pat )

pa11 +1 − 1 pa22 +1 − 1 pat t +1 − 1
= . ...
p1 − 1 p2 − 1 pt − 1
t aj +1
Y pj −1
=
j=1
pj − 1

24 −1 53 −1
Example 45. σ(200) = σ(23 52 ) = 2−1 5−1
= 15.31 = 465.

5.2.3 The Number-of-Divisors Function

The number of divisors function, denoted by τ (n), is the sum of all positive divi-
sors of n.

Example 46. τ (8) = 4.

112 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS
P
We can also express τ (n) as τ (n) = d|n 1.
We can also prove that τ (n) is a multiplicative function.

Theorem 48. The number of divisors function τ (n) is multiplicative.

Proof. By Theorem 36, with f (n) = 1, τ (n) is multiplicative.

We also find a formula that evaluates τ (n) for any integer n.

Theorem 49. Let p be a prime and let n = pa11 pa22 ...pat t be a positive integer. Then

τ (pa ) = a + 1,

and as a result,
t
Y
τ (n) = (aj + 1).
j=1

Proof. The divisors of pa as mentioned before are 1, p, p2 , ..., pa . Thus

τ (pa ) = a + 1

Now since τ (n) is multiplicative, we have

τ (n) = τ (pa1 )τ (pa2 )...τ (pat )

= (a1 + 1)(a2 + 1)...(at + 1)
Yt
= (aj + 1).
j=1

Example 47. τ (200) = τ (23 52 ) = (3 + 1)(2 + 1) = 12.

Exercises

1. Find φ(256) and φ(2.3.5.7.11).

2. Show that φ(5186) = φ(5187).

5.3. THE MOBIUS FUNCTION AND THE MOBIUS INVERSION FORMULA113

3. Find all positive integers n such that φ(n) = 6.

4. Show that if n is a positive integer, then φ(2n) = φ(n) if n is odd.

5. Show that if n is a positive integer, then φ(2n) = 2φ(n) if n is even.

6. Show that if n is an odd integer, then φ(4n) = 2φ(n).

7. Find the sum of positive integer divisors and the number of positive integer
divisors of 35

8. Find the sum of positive integer divisors and the number of positive integer
divisors of 25 34 53 73 13.

9. Which positive integers have an odd number of positive divisors.

10. Which positive integers have exactly two positive divisors.

5.3 The Mobius Function and the Mobius Inversion

Formula
We start by defining the Mobius function which investigates integers in terms
of their prime decomposition. We then determine the Mobius inversion formula
which determines the values of the a function f at a given integer in terms of its
summatory function.

 1 if n = 1;


Definition 23. µ(n) = (−1)t if n = p1 p2 ...pt where the pi are distinct primes;


 0 otherwise.

Note that if n is divisible by a power of a prime higher than one then µ(n) = 0.
In connection with the above definition, we have the following
114 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

Definition 24. An integer n is said to be square-free, if no square divides it, i.e.

if there does not exist an integer k such that k 2 | n.

It is immediate (prove as exercise) that the prime-number factorization of a

square-free integer contains only distinct primes.

Example 48. Notice that µ(1) = 1, µ(2) = −1, µ(3) = −1 and µ(4) = 0.

We now prove that µ(n) is a multiplicative function.

Theorem 50. The Mobius function µ(n) is multiplicative.

Proof. Let m and n be two relatively prime integers. We have to prove that

µ(mn) = µ(m)µ(n).

If m = n = 1, then the equality holds. Also, without loss of generality, if m = 1,

then the equality is also obvious. Now suppose that m or n is divisible by a power
of prime higher than 1, then

µ(mn) = 0 = µ(m)µ(n).

What remains to prove that if m and n are square-free integers say m = p1 p2 ...ps
where p1 , p2 , ..., ps are distinct primes and n = q1 q2 ...qt where q1 , q2 , ..., qt . Since
(m, n) = 1, then there are no common primes in the prime decomposition be-
tween m and n. Thus

µ(m) = (−1)s , µ(n) = (−1)t and µ(mn) = (−1)s+t .

In the following theorem, we prove that the summatory function of the Mobius
function takes only the values 0 or 1.
5.3. THE MOBIUS FUNCTION AND THE MOBIUS INVERSION FORMULA115
P
Theorem 51. Let F (n) = d|n µ(d), then F (n) satisfies
(
1 if n = 1;
F (n) =
0 if n > 1.

Proof. For n = 1, we have F (1) = µ(1) = 1. Let us now find µ(pk ) for any
integer k > 0. Notice that

F (pk ) = µ(1) + µ(p) + ... + µ(pk ) = 1 + (−1) + 0 + ... + 0 = 0

Thus by Theorem 36, for any integer n = pa11 pa22 ...pat t > 1 we have,

F (n) = F (pa11 )F (pa22 )...F (pat t ) = 0

We now define the Mobius inversion formula. The Mobius inversion formula
expresses the values of f in terms of its summatory function of f .

Theorem 52. Suppose that f is an arithmetic function and suppose that F is its
summatory function, then for all positive integers n we have
X
f (n) = µ(d)F (n/d).
d|n

Proof. We have
X X X
µ(d)F (n/d) = µ(d) f (e)
d|n d|n e|(n/d)
X X
= µ(d)f (e)
d|n e|(n/d)
X X
= µ(d)f (e)
e|n d|(n/e)
X X
= f (e) µ(d)
e|n d|(n/d)
116 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS
P
Notice that d|(n/e) µ(d) = 0 unless n/e = 1 and thus e = n. Consequently we
get
X X
f (e) µ(d) = f (n).1 = f (n).
e|n d|(n/d)

Example 49. A good example of a Mobius inversion formula would be the in-
version of σ(n) and τ (n). These two functions are the summatory functions of
f (n) = n and f (n) = 1 respectively. Thus we get
X
n= µ(n/d)σ(d)
d|n

and
X
1= µ(n/d)τ (d).
d|n

Exercises

1. Find µ(12), µ(10!) and µ(105).

2. Find the value of µ(n) for each integer n with 100 ≤ n ≤ 110.
P
3. Use the Mobius inversion formula and the identity n = d|n φ(n/d) to
show that φ(pt ) = pt − pt−1 where p is a prime and t is a positive integer.

5.4 Perfect, Mersenne, and Fermat Numbers

Integers with certain properties were studied extensively over the centuries. We
present some examples of such integers and prove theorems related to these inte-
gers and their properties.
We start by defining perfect numbers.

Definition 25. A positive integer n is called a perfect number if σ(n) = 2n.

5.4. PERFECT, MERSENNE, AND FERMAT NUMBERS 117

In other words, a perfect number is a positive integer which is the sum of its
proper divisors.

Example 50. The first perfect number is 6, since σ(6) = 12. You can also view
this as 6 = 1 + 2 + 3. The second perfect number is 28, since σ(28) = 56 or
28 = 1 + 2 + 4 + 7 + 14.

The following theorem tells us which even positive integers are perfect.

Theorem 53. The positive integer n is an even perfect number if and only if

n = 2l−1 (2l − 1),

where l is an integer such that l ≥ 2 and 2l − 1 is prime.

Proof. We show first that if n = 2l−1 (2l − 1) where l is an integer such that
l ≥ 2 and 2l − 1 is prime then n is perfect. Notice that 2l − 1 is odd and thus
(2l−1 , 2l − 1) = 1. Also, notice that σ is a multiplicative function and thus

σ(n) = σ(2l−1 )σ(2l − 1).

Notice that σ(2l−1 ) = 2l − 1 and since 2l − 1 is prime we get σ(2l − 1) = 2l . Thus

σ(n) = 2n.

We now prove the converse. Suppose that n is a perfect number. Let n = 2r s,

where r and s are positive integers and s is odd. Since (2r , s) = 1, we get

σ(n) = σ(2r )σ(s) = (2r+1 − 1)σ(s).

Since n is perfect, we get

(2r+1 − 1)σ(s) = 2r+1 s.

Notice now that (2r+1 − 1, 2r+1 ) = 1 and thus 2r+1 | σ(s). Therefore there exists
an integer q such that σ(s) = 2r+1 q. As a result, we have

(2r+1 − 1)2r+1 q = 2r+1 s

118 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

and thus we get

(2r+1 − 1)q = s

So we get that q | s. We add q to both sides of the above equation and we get

s + q = (2r+1 − 1)q + q = 2r+1 q = σ(s).

We have to show now that q = 1. Notice that if q 6= 1, then s will have three
divisors and thus σ(s) ≥ 1 + s + q. Hence q = 1 and as a result s = 2r+1 − 1.
Also notice that σ(s) = s + 1. This shows that s is prime since the only divisors
of s are 1 and s. As a result,

n = 2r (2r+1 − 1),

where (2r+1 − 1) is prime.

In theorem 50, we see that to determine even perfect numbers, we need to

find primes of the form 2` − 1. It is still unknown whether there are odd perfect
numbers or not.

Theorem 54. If 2` − 1 is prime where ` is a positive integer, then ` must be prime.

Proof. Suppose that ` is composite, that is ` = rs where 1 < r < ` and 1 < s < `.
Thus after factoring, we get that

2` − 1 = (2r − 1)(2r(s−1) + 2r(s−2) + ... + 2r + 1)

Notice that the two factors above are both greater than 1. Thus 2` − 1 is not prime.
This is a contradiction.

The above theorem motivates the definition of interesting numbers called Mersenne
numbers.

Definition 26. Let ` be a positive integer. An integer of the form M` = 2` − 1 is

called the `th Mersenne number; if ` is prime then M` = 2` − 1 is called the `th
Mersenne prime.
5.4. PERFECT, MERSENNE, AND FERMAT NUMBERS 119

Example 51. M3 = 23 − 1 = 7 is the third Mersenne prime.

We prove a theorem that help decide whether Mersenne numbers are prime.

Theorem 55. Divisors of Mp = 2p − 1 for prime p is of the form 2mp + 1, where

m is a positive integer.

Proof. Let p1 be a prime dividing Mp = 2p − 1. By Fermat’s theorem, we know

that p1 | (2p1 −1 − 1). Also, it is easy to see that

(2p − 1, 2p1 −1 − 1) = 2(p,p1 −1) − 1.

Since p1 is a common divisor of 2p − 1 and 2p1 −1 − 1 and thus not relatively prime.
Hence (p, p1 − 1) = p. Hence p | (p1 − 1) and thus there exists a positive integer
k such that p1 − 1 = kp. Since p1 is odd, then k is even and thus k = 2m. Hence

p1 = kp + 1 = 2mp + 1.

Because any divisor of Mp is a product of prime divisors of Mp , each prime divisor

of Mp is of the form 2mp + 1 and the result follows.

Example 52. M23 = 223 − 1 is divisible by 47 = 46k + 1. We know this by trial

and error and thus looking at all primes of the form 46k + 1 that are less than
√
M23 .

We now define Fermat numbers and prove some theorems about the properties
of these numbers.
n
Definition 27. Integers of the form Fn = 22 + 1 are called Fermat numbers.

Fermat conjectured that these integers are primes but it turned out that this is
not true. Notice that F0 = 3, F1 = 5, F2 = 17, F3 = 257 and F4 = 65, 537 while
F5 is composite. It turned out the F5 is divisible by 641. We now present a couple
of theorems about the properties of these numbers.
120 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS

Theorem 56. For all positive integers n, we have

F0 F1 F2 ...Fn−1 = Fn − 2

Proof. We will prove this theorem by induction. For n = 1, the above identity is
true. Suppose now that
F0 F1 F2 ...Fn−1 = Fn − 2

holds. We claim that

F0 F1 F2 ...Fn = Fn+1 − 2.

Notice that
n n n+1
F0 F1 F2 ...Fn = (Fn − 2)Fn = (22 − 1)(22 + 1) = 22 − 1 = Fn+1 − 2.

Using Theorem 53, we prove that Fermat numbers are relatively prime.

Theorem 57. Let s 6= t be nonnegative integers. Then (Fs , Ft ) = 1.

Proof. Assume without loss of generality that s < t. Thus by Theorem 52, we
have
F0 F1 F2 ...Fs ...Ft−1 = Ft − 2

Assume now that there is a common divisor d of Fs and Ft . thus we see that d
divides
Ft − F0 F1 F2 ...Fs ...Ft−1 = 2.

Thus d = 1 or d = 2. But since Ft is odd for all t. We have d = 1. Thus Fs and

Ft are relatively prime.

Exercises

1. Find the six smallest even perfect numbers.

2. Find the eighth perfect number.

5.4. PERFECT, MERSENNE, AND FERMAT NUMBERS 121

3. Find a factor of 21001 − 1.

4. We say n is abundant if σ(n) > 2n. Prove that if n = 2m−1 (2m − 1) where
m is a positive integer such that 2m − 1 is composite, then n is abundant.

5. Show that there are infinitely many even abundant numbers.

6. Show that there are infinitely many odd abundant numbers.

7. Determine whether M11 is prime.

8. Determine whether M29 is prime.

n
9. Find all primes of the form 22 + 5 where n is a nonnegative integer.
122 CHAPTER 5. MULTIPLICATIVE NUMBER THEORETIC FUNCTIONS
Chapter 6

Primitive Roots and Quadratic

Residues

In this chapter, we discuss the multiplicative structure of the integers modulo n.

We introduce the concept of the order of integer modulo n and then we study its
properties. We then define primitive roots modulo n and show how to determine
whether an integer is primitive modulo n or not. We later find all positive integers
having primitive roots and prove related results.
We define the concept of a quadratic residue and establish its basic properties.
We then introduce Legendre symbol and also develop its basic properties. We also
introduce the law of quadratic reciprocity. Afterwards, we generalize the notion of
Legendre symbol to the Jacobi symbol and discuss the law of reciprocity related
to Jacobi symbol.

6.1 The order of Integers and Primitive Roots

In this section, we study the order of an integer modulo n, where n is positive. We
also define primitive roots and related results. Euler’s theorem in Chapter 4 states
that if a positive integer a is relatively prime to n, then aφ(n) ≡ 1(mod n). Thus

123
124 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

by the well ordering principle, there is a least positive integer x that satisfies this
congruence ax ≡ 1(mod n).

Definition 1. Let (a, b) = 1. The smallest positive integer x such that ax ≡

1(mod b) is called the order of a modulo b. We denote the order of a modulo b by
ordb a.

Example 53. ord7 2 = 3 since 23 ≡ 1(mod 7) while 21 ≡ 2(mod 7) and 22 ≡

4(mod 7).

To find all integers x such that ax ≡ 1(mod b), we need the following theorem.

Theorem 58. If (a, b) = 1 with b > 0, then the positive integer x is a solution of
the congruence ax ≡ 1(mod b) if and only if ordb a | x.

Proof. Having ordb a | x, then we have that x = k.ordb a for some positive integer
k. Thus
ax = akordb a = (aordb a )k ≡ 1(mod b).

Now if ax ≡ 1(mod b), we use the division algorithm to write

x = qordb a + r, 0 ≤ r < ordb a.

Thus we see that

ax ≡ aqordb a+r ≡ (aordb a )q ar ≡ ar (mod b).

Now since ax ≡ 1(mod b),we have ar ≡ 1(mod b). Since ordb a, we get r = 0.
Thus x = q.ordb a and hence ordb a | x.

Example 54. Since ord7 2 = 3, then 215 ≡ 1(mod 7) while 10 is not a solution
for 2x ≡ 1(mod 7).

Theorem 59. If (a, b) = 1 with b > 0, then

ai ≡ aj (mod b)
6.1. THE ORDER OF INTEGERS AND PRIMITIVE ROOTS 125

where i and j are nonnegative integers, if and only if

i ≡ j(mod ordb a)

Proof. Suppose that

i ≡ j(mod ordb a) and 0 ≤ j ≤ i.

Then we have i − j = k.ordb a, where k is a positive integer. Hence

ai = aj+k.ordb a = aj (aordb a )k ≡ aj (mod b).

Assume now that ai ≡ aj (mod b) with i ≥ j. Thus we have

ai ≡ aj ai−j ≡ aj (mod b)

Since (a, b) = 1, we have (aj , b) = 1 and thus by Theorem 22, we get

ai−j ≡ 1(mod b).

By theorem 54, we get that ordb a | (i − j) and hence i ≡ j(mod b).

We introduce now primitive roots and discuss their properties. We are inter-
ested in integers whose order modulo another integer is φ(b). In one of the exer-
cises, one is asked to prove that if aand b are relatively prime then ordb a | φ(b).

Definition 2. If (r, m) = 1 with m > 0 and if ordm r = φ(m) then r is called a

primitive root modulo m.

Example 55. Notice that φ(7) = 6 hence 2 is not a primitive root modulo 7. While
ord7 3 = 6 and thus 3 is a primitive root modulo 7.

Theorem 60. If (r, m) = 1 with m > 0 and if r is a primitive root modulo n, then
the integers {r1 , r2 , ...rφ(m) } form a reduced residue set modulo m.
126 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

Proof. To prove that the set {r1 , r2 , ...rφ(m) } form a reduced residue set modulo
m we need to show that every two of them are relatively prime and that no two
of them are congruent modulo m. Since (r, m) = 1, it follows that (rn , m) = 1
for all positive integers n. Hence all the powers of r are relatively prime to m. To
show that no two powers in the above set are equivalent modulo m, assume that

ri ≡ rj (mod m).

By Theorem 55, we see that

i ≡ j(mod ordm φ(m)).

Notice that 1 ≤ i, j ≤ φ(m) and hence i = j.

Theorem 61. If ordm a = t and if u is a positive integer, then

ordm (au ) = t/(t, u).

Proof. Let

v = ordm (au ), w = (t, u), t = t1 wand u = u1 w.

Notice that (t1 , u1 ) = 1.

Because t1 = t/(t, u), we want to show that ordm (au ) = t1 . To do this, we
will show that (au )t1 ≡ 1(mod m) and that if (au )v ≡ 1(mod m), then t1 | v.
First note that

(au )t1 = (au1 w )(t/w) = (at )u1 ≡ 1(mod m).

Hence by Theorem 54, we have v | t1 . Now on the other hand, since

(au )v = auv ≡ 1(mod m),

we know that t | uv. Hence t1 w | u1 wv and hence t1 | u1 v. Because (t1 , u1 ) = 1,

we see that t1 | v. Since v | t1 and t1 | v, we conclude that v = t1 = t/w =
t/(t, u).
6.1. THE ORDER OF INTEGERS AND PRIMITIVE ROOTS 127

Example 56. We see that ord7 34 = 6/(6, 4) since ord7 3 = 6.

Corollary 2. Let r be a primitive root modulo m, where m is a positive integer,
m > 1. Then ru is a primitive root modulo m if and only if (u, φ(m)) = 1.
Proof. By Theorem 57, we see that

ordm ru = ordm r/(u, ordm r) = φ(m)/(u, φ(m)).

Thus ordm ru = φ(m) and ru is a primitive root if and only if (u, φ(m)) = 1.

The above corollary leads to the following theorem

Theorem 62. If the positive integer m has a primitive root, then it has a total of
φ(φ(m)) incongruent primitive roots.
Proof. Let r be a primitive root modulo m. By Theorem 56, we see that {r1 , r2 , ..., rφ(m) }
form a reduced residue system modulo n. By Corollary 1, it is known that ru is
a primitive root modulo m if and only if (u, φ(m)) = 1. Thus we have exactly
φ(φ(m)) such integers u that are relatively prime to φ(m) and hence there are
exactly φ(φ(m)) primitive roots modulo m.

Exercises
1. Determine ord13 10.

2. Determine ord11 3.

3. Show that 5 is a primitive root of 6.

4. Show that if ā is an inverse of a modulo n, then ordn a = ordn ā.

5. Show that if n is a positive integer, and a and b are integers relatively prime
to n such that (ordn a, ordn b) = 1, then ordn (ab) = ordn a.ordn b.

6. Show that if a is an integer relatively prime to the positive integer m and

ordm a = st, then ordm at = s.

7. Show that if a and n are relatively prime with n > 0, then ordn a | φ(n).
128 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

6.2 Primitive Roots for Primes

In this section, we show that every integer has a primitive root. To do this we need
to introduce polynomial congruence.
Let f (x) be a polynomial with integer coefficients. We say that an integer a is
a root of f (x) modulo m if f (a) ≡ 0(mod m).

Example 57. Notice that x ≡ 3(mod 11) is a root for f (x) = 2x2 + x + 1 since
f (3) = 22 ≡ 0(mod 11).

We now introduce Lagrange’s theorem for primes. This is modulo p, the fun-
damental theorem of algebra. This theorem will be an important tool to prove that
every prime has a primitive root.

Theorem 63. Lagrange’s Theorem Let

m(x) = bn xn + bn−1 xn−1 + ... + b1 x + b0

be a polynomial of degree n, n ≥ 1 with integer coefficients and with leading coef-

ficient bn not divisible by a prime p. Then m(x) has at most n distinct incongruent
roots modulo p.

Proof. Using induction, notice that if n = 1, then we have

m(x) = b1 x + b0 and p - b1 .

A root of m(x) is a solution for b1 x+b0 (mod p). Since p - b1 , then this congruence
has exactly one solution by Theorem 26.
Suppose that the theorem is true for polynomials of degree n − 1, and let
m(x) be a polynomial of degree n with integer coefficients and where the leading
coefficient is not divisible by p. Assume now that m(x) has n + 1 incongruent
roots modulo p, say x0 , x1 , ..., xn . Thus

m(xk ) ≡ 0(mod p)
6.2. PRIMITIVE ROOTS FOR PRIMES 129

for 0 ≤ k ≤ n. Thus we have

m(x) − m(x0 ) = bn (xn − xn0 ) + bn−1 (xn−1 − xn−1

0 ) + ... + b1 (x − x0 )
= bn (x − x0 )(xn−1 + xn−2 x0 + ... + xx0n−2 + x0n−1 )
+ bn−1 (x − x0 )(xn−2 + xn−3 x0 + ... + xxn−3
0 + xn−2
0 ) + ... + b1 (x − c0 )
= (x − x0 )f (x)

where f (x) is a polynomial of degree n − 1 with leading coefficient bn . Notice

that since m(xk ) ≡ m(x0 )(mod p), we have

m(xk ) − m(x0 ) = (xk − x0 )f (xk ) ≡ 0(mod p).

Thus f (xk ) ≡ 0(mod p) for all 1 ≤ k ≤ n and thus x1 , x2 , ..., xn are roots of
f (x). This is a contradiction since we a have a polynomial of degree n − 1 that
has n distinct roots.

We now use Lagrange’s Theorem to prove the following result.

Theorem 64. Consider the prime p and let p − 1 = kn for some integer k. Then
xn − 1 has exactly n incongruent roots modulo p.

Proof. Since p − 1 = kn, we have

xp−1 − 1 = (xn − 1)(xn(k−1) + xn(k−2) + ... + xn + 1)

= (xn − 1)f (x)

By Fermat’s little theorem, we know that xp−1 − 1 has p − 1 incongruent roots

modulo p. Also, roots of xp−1 − 1 are roots of f (x) or a root of xn − 1. Notice that
by Lagrange’s Theorem, we have that f (x) has at most p − n − 1 roots modulo
p. Thus xn − 1 has at least n roots modulo p. But again by Lagrange’s Theorem,
since we have that xn − 1 has at most n roots, thus we get that xn − 1 has exactly
n incongruent roots modulo p.
130 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

We now prove a lemma that gives us how many incongruent integers can have
a given order modulo p.

Lemma 12. Let p be a prime and let m be a positive integer such that p − 1 = mk
for some integer k. Then

S(m) = |{m : 0 < m < p, m ∈ Z}| ≤ φ(m).

Proof. For each positive integer m dividing p − 1,

Notice that if S(m) = 0, then S(m) ≤ φ(m). If S(m) > 0, then there is an
integer a of order m modulo p. Since ordp a = m, then a, a2 , ...am are incongruent
modulo p. Also each power of a is a root of xm − 1 modulo p because

(ak )m = (am )k ≡ 1(mod p)

for all positive integers k. By Theorem 60, we know that xm − 1 has exactly m
incongruent roots modulo p, so that every root is congruent to one of these powers
of a. We also know by Theorem 57 that the powers of ak with (k, m) = 1 have
order m. There are exactly φ(m) such integers with 1 ≤ k ≤ m and thus if there
is one element of order m modulo p, there must be exactly φ(m) such positive
integers less than p. Hence S(m) ≤ φ(m).

In the following theorem, we determine how many incongruent integers can

have a given order modulo p. We actually show the existence of primitive roots
for prime numbers.

Theorem 65. Every prime number has a primitive root.

Proof. Let p be a prime and let m be a positive integer such that p − 1 = mk for
some integer k. Let F (m) be the number of positive integers of order m modulo
p that are less than p. The order modulo p of an integer not divisible by p divides
p − 1, it follows that
X
p−1= F (m).
m|p−1
6.2. PRIMITIVE ROOTS FOR PRIMES 131

By Theorem 42, we see that

X
p−1= φ(m).
m|p−1

By Lemma 1, F (m) ≤ φ(m) when m | (p − 1). Together with

X X
F (m) = φ(m)
m|p−1 m|p−1

we see that F (m) = φ(m) for each positive divisor m of p − 1. Thus we conclude
that F (m) = φ(m). As a result, we see that there are p − 1 incongruent integers
of order p − 1 modulo p. Thus p has φ(p − 1) primitive roots.

Exercises

1. Find the incongruent roots modulo 11 of x2 + 2.

2. Find the incongruent roots modulo 11 of x4 + x2 + 1.

3. Find the incongruent roots modulo 13 of x3 + 12.

4. Find the number of primitive roots of 13 and of 47.

5. Find a complete set of incongruent primitive roots of 13.

6. Find a complete set of incongruent primitive roots of 17.

7. Find a complete set of incongruent primitive roots of 19.

8. Let r be a primitive root of p with p ≡ 1(mod 4). Show that −r is also a

primitive root.

9. Show that if p is a prime and p ≡ 1(mod 4), then there is an integer x such
that x2 ≡ −1(mod p).
132 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

6.3 The Existence of Primitive Roots

In this section, we demonstrate which integers have primitive roots. We start by
showing that every power of an odd prime has a primitive root and to do this we
start by showing that every square of an odd prime has a primitive root.

Theorem 66. If p is an odd prime with primitive root r, then one can have either
r or r + p as a primitive root modulo p2 .

Proof. Notice that since r is a primitive root modulo p, then

ordp r = φ(p) = p − 1.

Let m = ordp2 r, then

rm ≡ 1(mod p2 ).

Thus
rm ≡ 1(mod p).

By Theorem 54, we have

p − 1 | m.

By Exercise 7 of section 6.1, we also have that

m | φ(p2 ).

Also, φ(p2 ) = p(p − 1) and thus m either divides p or p − 1. And since p − 1 | m

then we have
m = p − 1 or m = p(p − 1).

If m = p(p − 1) and ordp2 r = φ(p2 ) then r is a primitive root modulo p2 . Other-

wise, we have m = p − 1 and thus

rp−1 ≡ 1(mod p2 ).
6.3. THE EXISTENCE OF PRIMITIVE ROOTS 133

Let s = r + p. Then s is also a primitive root modulo p. Hence, ordp2 s equals

either p−1 or p(p−1). We will show that ordp2 s 6= p−1 so that ordp2 s = p(p−1).
Note that

sp−1 = (r + p)p−1 = rp−1 + (p − 1)rp−2 p + ... + pp−1

= rp−1 + (p − 1)p.rp−2 (mod p2 ).

Hence
p2 | sp−1 − (1 − prp−2 .

Note also that if

p2 | (sp−1 − 1),

then
p2 | prp−2 .

Thus we have
p | rp−2

which is impossible because p - r. Because ordp2 s 6= p − 1, we can conclude that

ordp2 s = p(p − 1) = φ(p2 ).

Thus, s = r + p is a primitive root of p2 .

Example 58. Notice that 7 has 3 as a primitive root. Either ord49 3 = 6 or

ord49 3 = 42. But since 36 6≡ 1(mod 49). Hence ord49 3 = 42. Hence 3 is a
primitive root of 49.

We now show that any power of an odd prime has a primitive root.

Theorem 67. Let p be an odd prime. Then any power of p is a primitive root.
Moreover, if r is a primitive root modulo p2 , then r is a primitive root modulo pm
for all positive integers m.
134 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

Proof. By Theorem 62, we know that any prime p has a primitive root r which is
also a primitive root modulo p2 , thus

p2 - (rp−1 − 1). (6.1)

We will prove by induction that

m−2 (p−1)
pm - (rp − 1) (6.2)

for all integers m ≥ 2. Once we prove the above congruence, we show that r is
also a primitive root modulo pm . Let n = ordpm r. By Theorem 54, we know that
n | φ(pm ). Also, we know that φ(pm ) = pm (p − 1). Hence n | pm (p − 1). On the
other hand, because
pm | (rn − 1),

we also know that

p | (rn − 1).

Since φ(p) = p − 1, we see that by Theorem 54, we have n = l(p − 1). also
n | pm−1 (p − 1), we have that n = ps (p − 1), where 0 ≤ s ≤ m − 1. If
n = ps (p − 1) with s ≤ m − 2, then
m−2 (p−1)
pk | r p − 1,

which is a contradiction. Hence

ordpm r = φ(pm ).

We prove now (8.5) by induction. Assume that our assertion is true for all
m ≥ 2. Then
m−2 (p−1)
pm - (rp − 1).

Because (r, p) = 1, we see that (r, pm−1 ) = 1. We also know from Euler’s
theorem that
m−2 (p−1)
pm−1 | (rp − 1).
6.3. THE EXISTENCE OF PRIMITIVE ROOTS 135

Thus there exists an integer k such that

m−2 (p−1)
rp = 1 + kpm−1 .
m−2 (p−1)
where p - k because rp 6≡ 1(mod pm ). Thus we have now
m−1 (p−1)
rp = (1 + kpm−1 )p
≡ 1 + kpm (mod pm+1 )

Because p - k, we have
m−1 (p−1)
pm+1 - (rp − 1).

Example 59. Since 3 is a primitive root of 7, then 3 is a primitive root for 7k for
all positive integers k.

In the following theorem, we prove that no power of 2, other than 2 or 4, has a

primitive root and that is because when m is an odd integer, ordk2 m 6= φ(2k ) and
k )/2
this is because 2k | (aφ(2 − 1).

Theorem 68. If m is an odd integer, and if k ≥ 3 is an integer, then

k−2
m2 ≡ 1(mod 2k ).

Proof. We prove the result by induction. If m is an odd integer, then m = 2n + 1

for some integer n. Hence,

m2 = 4n2 + 4n + 1 = 4n(n + 1) + 1.

It follows that 8 | (m2 − 1).

Assume now that

k−2
2k | (m2 − 1).
136 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

Then there is an integer q such that

k−2
m2 = 1 + q.2k .

Thus squaring both sides, we get

k−1
m2 = 1 + q.2k+1 + q 2 22k .

Thus
k−1
2k+1 | (m2 − 1).

Note now that 2 and 4 have primitive roots 1 and 3 respectively.

We now list the set of integers that do not have primitive roots.

Theorem 69. If m is not pa or 2pa , then m does not have a primitive root.

Proof. Let m = ps11 ps22 ...psi i . If m has a primitive root r then r and m are relatively
prime and ordm r = φ(m). We also have, we have (r, ps ) = 1 where ps is of the
primes in the factorization of m. By Euler’s theorem, we have
s
ps | (rφ(p ) − 1).

Now let
L = [φ(ps11 ), φ(ps22 ), ..., φ(psi i )].

We know that
rL ≡ 1(mod pskk )

for all 1 ≤ k ≤ m. Thus using the Chinese Remainder Theorem, we get

m | (rL − 1),

which leads to ordm r = φ(m) ≤ L. Now because

φ(m) = φ(ps11 )φ(ps22 )...φ(psnn ) ≤ [φ(ps11 ), φ(ps22 ), ..., φ(psnn )].

6.3. THE EXISTENCE OF PRIMITIVE ROOTS 137

Now the inequality above holds only if

φ(ps11 ), φ(ps22 ), ..., φ(psnn )

are relatively prime. Notice now that by Theorem 41,

φ(ps11 ), φ(ps22 ), ..., φ(psnn )

are not relatively prime unless m = ps or m = 2ps where p is an odd prime and t
is any positive integer.

We now show that all integers of the form m = 2ps have primitive roots.

Theorem 70. Consider a prime p 6= 2 and let s is a positive integer, then 2ps has
a primitive root. In fact, if r is an odd primitive root modulo ps , then it is also a
primitive root modulo 2ps but if r is even, r + ps is a primitive root modulo 2ps .

Proof. If r is a primitive root modulo ps , then

s
ps | (rφ(p ) − 1)

and no positive exponent smaller than φ(ps ) has this property. Note also that

φ(2ps ) = φ(ps ),

so that
s
ps | (rφ(2p ) − 1).

If r is odd, then
s
2 | (rφ(2p ) − 1).

Thus by Theorem 56, we get

s
2ps | (rφ(2p ) − 1).

It is important to note that no smaller power of r is congruent to 1 modulo 2ps .

This power as well would also be congruent to 1 modulo ps contradicting that r is
a primitive root of ps . It follows that r is a primitive root modulo 2ps .
138 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

While, if r is even, then r + ps is odd. Hence

s
2 | ((r + ps )φ(2p ) − 1).

Because ps | (r + ps − r), we see that

s
ps | ((r + ps )φ(2p ) − 1).

s
As a result, we see that 2ps | ((r + ps )φ(2p ) − 1) and since for no smaller power of
r + ps is congruent to 1 modulo 2ps , we see that r + ps is a primitive root modulo
2ps .

As a result, by Theorem 63, Theorem 65 and Theorem 66, we see that

Theorem 71. The positive integer m has a primitive root if and only if n = 2, 4, ps
or 2ps

for prime p 6= 2 and s is a positive integer.

Exercises

1. Which of the following integers 4, 12, 28, 36, 125 have a primitive root.

2. Find a primitive root of 4, 25, 18.

3. Find all primitive roots modulo 22.

4. Show that there are the same number of primitive roots modulo 2ps as there
are modulo ps , where p is an odd prime and s is a positive integer.

5. Find all primitive roots modulo 25.

6. Show that the integer n has a primitive root if and only if the only solutions
of the congruence x2 ≡ 1(modn) are x ≡ ±1(mod n).
6.4. INTRODUCTION TO QUADRATIC RESIDUES AND NONRESIDUES139

6.4 Introduction to Quadratic Residues and Non-

residues
The question that we need to answer in this section is the following. If p is an odd
prime and a is an integer relatively prime to p. Is a a perfect square modulo p.

Definition 3. Let m be a positive integer. An integer a is a quadratic residue of m

if (a, m) = 1 and the congruence x2 ≡ a(mod m) is solvable. If the congruence
x2 ≡ a(mod m) has no solution, then a is a quadratic nonresidue of m.

Example 60. Notice that 12 = 62 ≡ 1(mod 7), 32 = 42 ≡ 2(mod 7) and

22 = 52 ≡ 4(mod 7). Thus 1, 2, 4 are quadratic residues modulo 7 while 3, 5, 6
are quadratic nonresidues modulo 7.

Lemma 13. Let p 6= 2 be a prime number and a is an integer such that p - a.

Then either a is quadratic nonresidue modulo p or

x2 ≡ a(mod p)

has exactly two incongruent solutions modulo p.

Proof. If x2 ≡ a(mod p) has a solution, say x = x0 , then −x0 is a solution as

well. Notice that −x0 6≡ x0 (mod p) because then p | 2x0 and hence p - x0 .
We now show that there are no more than two incongruent solutions. Assume
that x = x0 and x = x00 are both solutions of x2 ≡ a(mod p). Then we have

(x0 )2 − (x00 )2 = (x0 + x00 )(x0 − x00 ) ≡ 0(mod p).

Hence
x0 ≡ x00 (mod p) or x0 ≡ −x00 (mod p).
140 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

The following theorem determines the number of integers that are quadratic
residues modulo an odd prime.

Theorem 72. If p 6= 2 is a prime, then there are exactly (p − 1)/2 quadratic

residues modulo p and (p − 1)/2 quadratic nonresidues modulo p in the set of
integers 1, 2..., p − 1.

Proof. To find all the quadratic residues of p among all the integers 1, 2, ..., p − 1,
we determine the least positive residue modulo p of 12 , 22 , ..., (p − 1)2 . Consider-
ing the p − 1 congruences and because each congruence has either no solution or
two incongruent solutions, there must be exactly (p − 1)/2 quadratic residues of
p among 1, 2, ..., p − 1. Thus the remaining are (p − 1)/2 quadratic nonresidues
of p.

Exercises

1. Find all the quadratic residues of 3.

2. Find all the quadratic residues of 13.

3. find all the quadratic residues of 18.

4. Show that if p is prime and p ≥ 7, then there are always two consecutive
quadratic residues of p. Hint: Show that at least one of 2, 5 or 10 is a
quadratic residue of p.

5. Show that if p is prime and p ≥ 7, then there are always two quadratic
residues of p that differ by 3.

6.5 Legendre Symbol

In this section, we define Legendre symbol which is a notation associated to
quadratic residues and prove related theorems.
6.5. LEGENDRE SYMBOL 141

Definition 4. Letp 6= 2 be a prime and a be an integer such that p - a. The

Legendre symbol ap is defined by

  (
a 1 if a is a quadratic residue of p
=
p −1 if a is a quadratic nonresidue of p.

Example 61. Notice that using the previous example, we see that
     
1 2 4
= = =1
7 7 7
     
3 5 6
= = = −1
7 7 7

In the following theorem, we present a way to determine wether an integer is

a quadratic residue of a prime.

Theorem 73. Euler’s Criterion Let p 6= 2 be a prime and let a be a positive

integer such that p - a. Then
 
a
≡ aφ(p)/2 (mod p).
p
 
a
Proof. Assume that p
= 1. Then the congruence x2 ≡ a(mod p) has a solution
say x = x0 . According to Fermat’s theorem, we see that

aφ(p)/2 = ((x0 )2 )φ(p)/2 ≡ 1(mod p).

 
a
Now if p
= −1, then x2 ≡ a(mod p) is not solvable. Thus by Theorem 26,
we have that for each integer k with (k, p) = 1 there is an integer l such that
kl ≡ a(mod p). Notice that i 6= j since x2 ≡ a(mod p) has no solutions. Thus
we can couple the integers 1, 2, ..., p − 1 into (p − 1)/2 pairs, each has product a.
Multiplying these pairs together, we find out that

(p − 1)! ≡ aφ(p)/2 (mod p).

142 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

Using Wilson’s Theorem, we get

 
a
= −1 ≡ a(p−1)/2 (mod p).
p

3


Example 62. Let p = 13 and a = 3. Then 13
= −1 ≡ 36 (mod 13).

We now prove some properties of Legendre symbol.

Theorem 74. Let p 6= 2 be a prime. Let a and b be integers such that p - a, p - b

and p | (a − b) then    
a b
= .
p p
Proof. Since p | (a − b), then x2 ≡ a(mod p) has a solution if and only if
x2 ≡ b(mod p) has a solution. Hence
   
a b
=
p p

Theorem 75. Let p 6= 2 be a prime. Let a and b be integers such that p - a, p - b

then     
a b ab
=
p p p
By Euler’s criterion, we have
 
a
≡ aφ(p)/2 (mod p)
p
and  
b
≡ bφ(p)/2 (mod p).
p
Thus we get     
a b φ(p)/2 ab
≡ (ab) ≡ (mod p).
p p p
We now show when is −1 a quadratic residue of a prime p .
6.5. LEGENDRE SYMBOL 143

Corollary 3. If p 6= 2 is a, then
  (
−1 1 if p ≡ 1(mod 4)
=
p −1 if p ≡ −1(mod 4).
Proof. By Euler’s criterion, we know that
 
a
= (−1)φ(p)/2 (mod p)
p
If 4 | (p − 1), then p = 4m + 1 for some integer m and thus we get

(−1)φ(p)/2 = (−1)2m = 1.

and if 4 | (p − 3), then p = 4m + 3 for some integer m and we also get

(−1)φ(p)/2 = (−1)2m+1 = −1.

We now determine when 2 is a quadratic residue of a prime p.

Theorem 76. For every odd prime p we have

  (
2 1 if p ≡ ±1(mod 8)
=
p −1 if p ≡ ±3(mod 8).
Proof. Consider the following (p − 1)/2 congruences

p − 1 ≡ 1(−1)1 (mod p)
2 ≡ 2(−1)2 (mod p)
p − 3 ≡ 3(−1)3 (mod p)
4 ≡ 4(−1)4 (mod p)
.
.
.
p−1
r ≡ (−1)(p−1)/2 (mod p),
2
144 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

where r is either p − (p − 1)/2 or (p − 1)/2. Multiplying all these equations we

get,  
p−1
2.4.6...(p − 1) ≡ !(−1)1+2+...+(p−1)/2 (mod p).
2
This gives us
   
p−1 p−1 2
2(p−1)/2
!≡ !(−1)(p −1)/8 (mod p).
2 2
p−1


Now notice that 2
! 6≡ 0(mod p) and thus we get
2 −1)/8
2(p−1)/2 ≡ (−1)(p (mod p).

Note also that by Euler’s criterion, we get

 
φ(p)/2 2
2 ≡ (mod p),
p
and since each member is 1 or -1 the two members are equal.

We now present an important lemma that determines whether an integer is a

quadratic residue of a prime or not.

Lemma 14. Gauss’s Lemma Let p 6= 2 be a prime and a a relatively prime

integer to p. If k counts the number of least positive residues of the integers
a, 2a, ..., ((p − 1)/2)a that are greater than p/2, then
 
a
= (−1)k .
p
Proof. Let m1 , m2 , ..., ms be those integers greater than p/2 in the set of the least
positive residues of the integers a, 2a, ..., ((p − 1)/2)a and let n1 , n2 , ..., nt be
those less than p/2. We now show that

p − m1 , p − m2 , ..., p − mk , p − n1 , p − n2 , ..., p − nt

are precisely the integers

1, 2, ..., (p − 1)/2,
6.5. LEGENDRE SYMBOL 145

in the same order.

So we shall show that no two integers of these are congruent modulo p, be-
cause there are exactly (p − 1)/2 numbers in the set, and all are positive integers
less than or equal to (p − 1)/2. Notice that mi 6≡ mj (mod p) for all i 6= j and
ni 6≡ nj (mod p) for all i 6= j. If any of these congruences fail, then we will have
that r ≡ s(mod p) assuming that ra ≡ sa(mod p). Also any of the integers p−mi
can be congruent to any of the ni ’s. Because if such congruence holds, then we
have ra ≡ p − sa(mod p), so that ra ≡ −sa(mod p). Because p - a, this implies
that r ≡ −s(mod p), which is impossible. We conclude that
k t  
Y Y p−1
(p − mi ) ni ≡ !(mod p),
i=1 i=1
2

which implies
 
s p−1
(−1) m1 m2 ...(p − mk )n1 n2 ...nt ≡ !(mod p),
2

Simplifying, we get

m1 m2 ...(p − mk )n1 n2 ...nt ≡ a.2a...((p − 1)/2) = a(p−1)/2 ((p − 1)/2)!(mod p).

As a result, we have that

a(p−1)/2 ((p − 1)/2)! ≡ ((p − 1)/2)!(mod p)

Note that since (p, ((p − 1)/2)!) = 1, we get

(−1)k a(p−1)/2 ≡ 1(mod p).

Thus we get
a(p−1)/2 ≡ (−1)k (mod p).

Using Euler’s criterion, the result follows.

146 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

5


Example 63. To find 13
using Gauss’s lemma, we calculate
6
X
[5i/13] = [5/13] + [10/13] + [15/13] + [20/13] + [25/13] + [30/13] = 5
i=1

5


Thus we get 13
= (−1)5 = −1.

Exercises

1. Find all quadratic residues of 3

2. Find all quadratic residues of 19.

j


3. Find the value of Legendre symbol 7
for j = 1, 2, 3, 4, 5, 6.
7


4. Evaluate the Legendre symbol 11
by using Euler’s criterion.

5. Let a and b be integers not divisible by p. Show that either one or all three
of the integers a, b and ab are quadratic residues of p.

6. Let p be a prime and a be a quadratic residue of p. Show that if p ≡

1(mod 4), then −a is also a quadratic residue of p, whereas if p ≡ 3(mod 4),
then −a is a quadratic nonresidue of p.

7. 
Show
2
 that if p is an odd prime and a is an integer not divisible by p then
a
p
= 1.

6.6 The Law of Quadratic Reciprocity

Given that p and q are odd primes. Suppose we know whether q is a quadratic
residue of p or not. The question that this section will answer is whether p will be
a quadratic residue of q or not. Before we state the law of quadratic reciprocity,
we will present a Lemma of Eisenstein which will be used in the proof of the law
of reciprocity. The following lemma will relate Legendre symbol to the counting
lattice points in the triangle.
6.6. THE LAW OF QUADRATIC RECIPROCITY 147

Lemma 15. If p 6= 2 is a prime and a is an odd integer such that p - a, then

 
a P(p−1)/2
= (−1) i=1 [ia/p] .
p

Proof. Consider the least positive residues of the integers a, 2a, ..., ((p − 1)/2)a;
let m1 , m2 , ..., ms be integers of this set such that mi > p/2 for all i and let
n1 , n2 , ..., nt be those integers where ni < p/2. Using the division algorithm, we
see that
ia = p[ia/p] + r

where r is one of the mi or ni . By adding the (p − 1)/2 equations, we obtain

(p−1)/2 (p−1)/2 s t
X X X X
ia = p[ia/p] + mi + ni . (6.3)
i=1 i=1 i=1 i=1

As in the proof of Gauss’s Lemma, we see that

p − m1 , p − m2 , ..., p − ms , p − n1 , p − n2 , ..., p − nt

are precisely the integers 1, 2, ..., (p − 1)/2, in the same order. Now we obtain

(p−1)/2 s t s t
X X X X X
i= (p − mi ) + ni = ps − mi + ni . (6.4)
i=1 i=1 i=1 i=1 i=1

We subtract (6.4) from (6.3) to get

(p−1)/2 (p−1)/2 (p−1)/2 s

X X X X
ia − i= p[ia/p] − ps + 2 mi .
i=1 i=1 i=1 i=1

Now since we are taking the following as exponents for −1, it suffice to look at
them modulo 2. Thus
(p−1)/2
X
0≡ [ia/p] − s(mod 2).
i=1
148 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

(p−1)/2
X
[ia/p] ≡ s(mod 2)
i=1
Using Gauss’s lemma, we get
 
a P(p−1)/2
= (−1)s = (−1) i=1 [ia/p] .
p

Theorem 77. The Law of Quadratic Reciprocity Let p and q be distinct odd
primes. Then   
p q p−1 q−1
= (−1) 2 . 2
q p
Proof. We consider now the pairs of integers also known as lattice points (x, y)
with
1 ≤ x ≤ (p − 1)/2and 1 ≤ y ≤ (q − 1)/2.
p−1 q−1
The number of such pairs is 2
. 2 . We divide these pairs into two groups de-
pending on the sizes of qx and py. Note that qx 6= py for all pairs because p and
q are distinct primes.
We now count the pairs of integers (x, y) with

1 ≤ x ≤ (p − 1)/2, 1 ≤ y ≤ (q − 1)/2and qx > py.

Note that these pairs are precisely those where

1 ≤ x ≤ (p − 1)/2and 1 ≤ y ≤ qx/p.

For each fixed value of x with 1 ≤ x ≤ (p − 1)/2, there are [qx/p] integers
satisfying 1 ≤ y ≤ qx/p. Consequently, the total number of pairs with are

1 ≤ x ≤ (p − 1)/2, 1 ≤ y ≤ qx/p, and qx > py

is
(p−1)/2
X
[qi/p].
i=1
6.6. THE LAW OF QUADRATIC RECIPROCITY 149

Consider now the pair of integers (x, y) with

1 ≤ x ≤ (p − 1)/2, 1 ≤ y ≤ (q − 1)/2, and qx < py.

Similarly, we find that the total number of such pairs of integers is

(q−1)/2
X
[pi/q].
i=1

Adding the numbers of pairs in these classes, we see that

(p−1)/2 (q−1)/2
X X p−1 q−1
[qi/p] + [pi/q] = . ,
i=1 i=1
2 2

and hence using Lemma 14, we get that

  
p p p−1 q−1
= (−1) 2 . 2
q q

Exercises
3


1. Evaluate 53
.
31


2. Evaluate 641
.

3. Using the law of quadratic reciprocity, show that if p is an odd prime, then
  (
3 1 if p ≡ ±1(mod 12)
=
p −1 if p ≡ ±5(mod 12).

4. Show that if p is an odd prime, then

  (
−3 1 if p ≡ 1(mod 6)
=
p −1 if p ≡ −1(mod 6).

5. Find a congruence describing all primes for which 5 is a quadratic residue.

150 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

6.7 Jacobi Symbol

In this section, we define the Jacobi symbol which is a generalization of the Leg-
endre symbol. The Legendre symbol was defined in terms of primes, while Jacobi
symbol will be generalized for any odd integers and it will be given in terms of
Legendre symbol.

Definition 28. Let n be an odd positive integer with prime factorization n =

pa11 pa22 ...pamm and let a be an integer relatively prime to n, then
a m  ci
Y a
= .
n i=1
pi

Example 64. Notice that from the prime factorization of 45, we get that
    
2 2 2
= = (−1)(−1) = 1
55 5 11

We now prove some properties for Jacobi symbol that are similar to the prop-
erties of Legendre symbol.

Theorem 78. Let n be an odd positive integer and let a and b be integers such
that(a, n) = 1 and (b, n) = 1. Then

1. if n | (a − b), then  
a b
= .
n n

2.   a b 
ab
= .
n n n

Proof. Proof of 1: Note that if p is in the prime factorization of n, then we have

that p | (a − b). Hence by Theorem 70, we get that
   
a b
= .
p p
6.7. JACOBI SYMBOL 151

As a result, we have
a m  ci m  ci
Y a Y b
= =
n i=1
pi i=1
pi
    
ab a b
Proof of 2: Note that by Theorem 71, we have p
= p p
for any prime p
appearing in the prime factorization of n. As a result, we have
  m  c
ab Y ab i
=
n i=1
pi
c m  c
m 
a iY b i
Y
=
i=1
pi i=1
pi

a b 
= .
n n

−1 2



In the following theorem, we determine n
and n
.

Theorem 79. Let n be an odd positive integer. Then

1.  
−1
= (−1)(n−1)/2 .
n

2.  
2 2
= (−1)(n −1)/8 .
n

 of 1: If p is in the prime factorization of n, then by Corollary 3, we

Proof. Proof
see that −1
p
= (−1)(p−1)/2 . Thus
  m  c
−1 Y −1 i
=
n i=1
pi

Pm
= (−1) i=1 ci (pi −1)/2 .
152 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES

Notice that since pi − 1 is even, we have

pai i = (1 + (pi − 1))ci ≡ 1 + ci (pi − 1)(mod 4)

and hence we get

m
Y m
X
n= pci i ≡1+ ci (pi − 1)(mod 4).
i=1 i=1

As a result, we have
m
X
(n − 1)/2 ≡ ci (pi − 1)/2 (mod 2).
i=1

Proof of 2: If p is a prime, then by Theorem 72 we have

 
2 2
= (−1)(p −1)/8 .
p

Hence  
2 Pm 2
= (−1) i=1 ci (pi −1)/8 .
n
Because 8 | p2i − 1, we see similarly that

(1 + (p2i − 1))ci ≡ 1 + ci (p2i − 1)(mod 64)

and thus
m
X
2
n ≡1+ ci (p2i − 1)(mod 64),
i=1

which implies that

m
X
2
(n − 1)/8 ≡ ci (p2i − 1)/8(mod 8).
i=1

We now show that the reciprocity law holds for Jacobi symbol.
6.7. JACOBI SYMBOL 153

Theorem 80. Let (a, b) = 1 be odd positive integers. Then

  
b a a−1 b−1
= (−1) 2 . 2 .
a b
Proof. Notice that since a = j=1 pi and b = ni=1 qidi we get
Q m ci Q

   Y n Ym    cj di
b a pj qi
=
a b i=1 j=1
qi pj

By the law of quadratic reciprocity, we get

    p −1 
b a Pn Pm
j=1 cj
j q −1
di ( i2 )
= (−1) i=1 2
a b
As in the proof of part 1 of Theorem 75, we see that
m  
X pj − 1 a−1
cj ≡ (mod 2)
j=1
2 2

and n  
X qi − 1 b−1
di ≡ (mod 2).
i=1
2 2
Thus we conclude that
m   n  
X pj − 1 X qi − 1 a−1 b−1
cj di ≡ . (mod 2).
j=1
2 i=1
2 2 2

Exercises
258


1. Evaluate 4520
.
1008


2. Evaluate 2307
.

3. For which positive integers n that are relatively prime to 15 does the Jacobi
symbol 15


n
equal 1?

4. Let n be an odd square free positive integer. Show that there is an integer a
such that (a, n) = 1 and na = −1.


154 CHAPTER 6. PRIMITIVE ROOTS AND QUADRATIC RESIDUES
Chapter 7

Introduction to Continued Fractions

In this chapter, we introduce continued fractions, prove their basic properties and
apply these properties to solve some problems. Being a very natural object, con-
tinued fractions appear in many areas of Mathematics, sometimes in an unex-
pected way. The Dutch mathematician and astronomer, Christian Huygens (1629-
1695), made the first practical application of the theory of ”anthyphaeiretic ratios”
(the old name of continued fractions) in 1687. He wrote a paper explaining how
to use convergents to find the best rational approximations for gear ratios. These
approximations enabled him to pick the gears with the best numbers of teeth. His
work was motivated by his desire to build a mechanical planetarium. Further
continued fractions attracted attention of most prominent mathematicians. Euler,
Jacobi, Cauchy, Gauss and many others worked with the subject. Continued frac-
tions find their applications in some areas of contemporary Mathematics. There
are mathematicians who continue to develop the theory of continued fractions
nowadays, The Australian mathematician A.J. van der Poorten is, probably, the
most prominent among them.

155
156 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

7.1 Basic Notations

In general, a (simple) continued fraction is an expression of the form
1
a0 + ,
a1 + a +1
2 ...
where the letters a0 , a1 , a2 , . . . denote independent variables, and may be inter-
preted as one wants (e.g. real or complex numbers, functions, etc.). This expres-
sion has precise sense if the number of terms is finite, and may have no meaning
for an infinite number of terms. In this section we only discuss the simplest clas-
sical setting.

The letters a1 , a2 , . . . denote positive integers. The letter a0 denotes an integer.

The following standard notation is very convenient.

Notation 1. We write
1
[a0 ; a1 , a2 , . . . , an ] = a0 +
a1 + a + . 1. .
+ a1n
2

if the number of terms is finite, and

1
[a0 ; a1 , a2 , . . .] = a0 +
a1 + a +1
2 ...
for an infinite number of terms.

Still, in the case of infinite number of terms a certain amount of work must be
carried out in order to make the above formula meaningful. At the same time, for
the finite number of terms the formula makes sense.

Example 65.
1 1 1 16 26
[−2; 1, 3, 5] = −2 + 1 = −2 + 5 = −2 + 21 = −2 + =− .
1 + 3+ 1 1 + 16 16
21 21
5
7.1. BASIC NOTATIONS 157

Notation 2. For a finite continued fraction [a0 ; a1 , a2 , . . . , an ] and a positive inte-

ger k ≤ n, the k-th remainder is defined as the continued fraction

rk = [ak ; ak+1 , ak+2 , . . . , an ].

Similarly, for an infinite continued fraction [a0 ; a1 , a2 , . . .] and a positive inte-

ger k, the k-th remainder is defined as the continued fraction

rk = [ak ; ak+1 , ak+2 , . . .].

Thus, at least in the case of a finite continued fraction,

α = [a0 ; a1 , a2 , . . . , an ] = a0 + 1/(a1 + 1/(a2 + . . . + 1/an ))

we have

α = a0 + 1/(a1 + 1/(a2 + . . . + 1/(ak−1 + 1/rk ))) = “[a0 ; a1 , a2 , . . . , ak−1 , rk ]”

(7.1)
for any positive k ≤ n. Quotation signs appear because we consider the expres-
sions of this kind only with integer entries but the quantity rk may be a non-integer.
It is not difficult to expand any rational number α into a continued fraction.
Indeed, let a0 = [α] be the greatest integer not exceeding α. Thus the difference
δ = α − a0 < 1 and, of course, δ ≥ 0. If δ = 0 then we are done. Otherwise
put r1 = 1/δ, find a1 = [r1 ] and non-negative δ = α1 − a1 < 1. Continue the
procedure until you obtain δ = 0.

Example 66. Consider the continued fraction expansion for 42/31. We obtain
a0 = [42/31] = 1, δ = 42/31 − 1 = 11/31. Now r1 = 1/δ = 31/11 and
a1 = [α1 ] = [31/11] = 2. The new δ = 31/11 − 2 = 9/11. Now r2 = 1/δ = 11/9
and a2 = [α2 ] = [11/9] = 1. It follows that δ = 11/9 − 1 = 2/9. Now
r3 = 1/δ = 9/2 and a3 = [α3 ] = [9/2] = 4. It follows that δ = 9/2 − 4 = 1/2.
Now r4 = 1/δ = 2 and a4 = [α4 ] = [2] = 2. It follows that δ = 2 − 2 = 0 and we
are done.
158 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

Thus we have calculated

42/31 = [a0 ; a1 , a2 , a3 , a4 ] = [1; 2, 1, 4, 2].

The above example shows that the algorithm stops after finitely many steps.
This is in fact quite a general phenomenon. In order to practice with the introduced
notations let us prove a simple but important proposition.

Proposition 1. Any rational number can be represented as a finite continued frac-

tion.

Proof. By construction, all remainders are positive rationals. For a positive

integer k put rk = A/B and let ak = [rk ]. Then
A − Bak C
rk − ak = := . (7.2)
B B
with C < B because rk − ak < 1 by construction. If C = 0, then the algorithm
stops at this point and we are done. Assume now that C 6= 0. It follows from (7.1)
that
1
rk = ak + . (7.3)
rk+1
Compare now (7.2) with (7.3) to find that
B
rk+1 = .
C
Since C < B, the rational number rk+1 has a denominator which is smaller than
the the denominator of the previous remainder rk . It follows that after a finite
number of steps we obtain an integer (a rational with 1 in the denominator) rn =
an and the procedure stops at this point.
There appear several natural questions in the connection with Proposition 1.
Is such a continued fraction representation unique? The immediate answer is
”no”. Here are two ”different” continued fraction representations for 1/2:
1
= [0; 2] = [0; 1, 1].
2
7.1. BASIC NOTATIONS 159

However, we require that an > 1, where an is the last element of a finite continued
fraction. Then the answer is ”yes”.
Hint. Make use of the formulas (7.5) below.
From now on we assume that an > 1.
Another natural question is about infinite continued fractions and (as one can
easily guess) real numbers. The proof of the corresponding result is slightly more
involved, and we do not give it here. In this brief introduction we just formulate
the result and refer to the literature ([12, Theorem 14]) for a complete proof. We,
however, provide some remarks concerning this result below. In particular, we
will explain at some point, what the convergence means.

Theorem 81. An infinite continued fraction converges and defines a real number.
There is a one-to-one correspondence between
• all (finite and infinite) continued fractions [a0 ; a1 , a2 , . . .] with an integer a0
and positive integers ak for k > 0 (and the last term an > 1 in the case of finite
continued fractions)
and
• real numbers.

Note that the algorithm we developed above can be applied to any real number
and provides the corresponding continued fraction.
Theorem 81 has certain theoretical significance. L.Kronecker (1823-1891)
said, ”God created the integers; the rest is work of man”. Several ways to represent
real numbers out of integers are well-known. Theorem 81 provides yet another
way to fulfill this task. This way is constructive and at the same time is not tied to
any particular base (say to decimal or binary decomposition).
We will discuss some examples later.
Exercises

1. Compute continued fraction representations of the following rational num-

bers.
160 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

(a) 2/3
(b) 2/51
(c) 2/101
(d) 3/7
(e) 7/3

2. Find a pattern for the continued fraction expansion of every rational number
of the form 1/a.

3. Suppose gcd(2, a) = 1. Show that 2/a has the continued fraction expansion
[0; b, a] where b = [a/2].

4. Find a pattern for the continued fraction expansion of 3/a.

5. Show that if the continued fraction expansion of a/b is [0; a1 , . . . , an ], then

the continued fraction expansion of b/a is [a1 ; a2 , . . . , an ].

6. Prove that under the assumption an > 1 the continued fraction representa-
tion given in Proposition 1 is unique. In other words, the correspondence
between
• finite continued fractions [a0 ; a1 , a2 , . . . an ] with an integer a0 , positive
integers ak for k > 0 and an > 1
and
• rational numbers
is one-to-one.

7.2 Main Technical Tool

Truncate finite (or infinite) continued fraction α = [a0 ; a1 , a2 , . . . , an ] at the k-th
place (with k < n in the finite case). The rational number sk = [a0 ; a1 , a2 , . . . , ak ]
7.2. MAIN TECHNICAL TOOL 161

is called the k-th convergent of α. Define the integers pk and qk by

pk
sk = (7.4)
qk
written in the reduced form with qk > 0.
The following recursive transformation law takes place.

Theorem 82. For k ≥ 2

pk = ak pk−1 + pk−2
(7.5)
qk = ak qk−1 + qk−2 .

Remark. It does not matter here whether we deal with finite or infinite con-
tinued fractions: the convergents are finite anyway. Proof. We use the induction
argument on k. For k = 2 the statement is true.
Now, assume (7.5) for 2 ≤ k < l. Let
pl
α = [a0 ; a1 , a2 , . . . al ] =
ql
be an arbitrary continued fraction of length l + 1. We denote by pr /qr the r-th
convergent α. Consider also the continued fraction

β = [a1 ; a2 , . . . , al ]

and denote by p0r /qr0 its r-th convergent. We have α = a0 + 1/β which translates
as
pl = a0 p0l−1 + ql−1
0
(7.6)
ql = p0l−1 .
Also, by the induction assumption,

p0l−1 = al p0l−2 + p0l−3

0 0 0
(7.7)
ql−1 = al ql−2 + ql−3

Combining (7.6) and (7.7) we obtain the formulas

pl = a0 (al p0l−2 +p0l−3 )+al ql−2

0 0
+ql−3 = al (a0 p0l−2 +ql−2
0
)+(a0 p0l−3 +ql−3
0
) = al pl−1 +pl−2
162 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

and
ql = al p0l−2 + p0l−3 = al ql−1 + ql−2 ,

which complete the induction step. We have thus proved that

pk
sk = ,
qk
where pk and qk are defined by the recursive formulas (7.5). We still have to check
that these are the quantities defined by (7.4), namely that qk > 0 and that qk and
pk are relatively prime. The former assertion follows from (7.5) since ak > 0 for
k > 0. To prove the latter assertion, multiply the equations (7.5) by qk−1 and pk−1
respectively and subtract them. We obtain

pk qk−1 − qk pk−1 = −(pk−1 qk−2 − qk−1 pk−2 ). (7.8)

This concludes the proof of Theorem 7.5. As an immediate consequence of

(7.5) we find that

pk−1 pk (−1)k
− = (7.9)
qk−1 qk qk qk−1
and
pk−2 pk (−1)k ak
− = .
qk−2 qk qk qk−2
Since all the numbers qk and ak are positive, the above formulas imply the follow-
ing.

Proposition 2. The subsequence of convergents pk /qk for even indices k is in-

creasing.
The subsequence of convergents pk /qk for odd indices k is decreasing.
Every convergent with an odd index is bigger than every convergent with an even
index.

Remark. Proposition 2 implies that both subsequences of convergents (those

with odd indices and those with even indices) have limits. This is a step towards
7.2. MAIN TECHNICAL TOOL 163

making sense out of an infinite continued fraction: this should be common limit
of these two subsequences. It is somehow more technically involved (although
still fairly elementary!) to prove that these two limits coincide.

Theorem 83. Let α = [a0 ; a1 , a2 , . . . , an ]. For k < n we have

1 pk 1
≤ α− ≤
qk (qk+1 + qk ) qk qk qk+1

Proof.
Another inequality, which provides the lower bound for the distance between
the number α and k-th convergent is slightly more involved. To prove it we first
consider the following way to add fractions which students sometimes prefer.

Definition 1. The number

a+c
b+d
is called the mediant of the two fractions a/b and c/d. (The quantities a, b, c and
d are integers.)

Lemma 16. If
a c
≤
b d
then
a a+c c
≤ ≤ .
b b+d d
Consider now the sequence of fractions
pk pk + pk+1 pk + 2pk+1 pk + ak pk+1 pk+2
, , ,..., = , (7.10)
qk qk + qk+1 qk + 2qk+1 qk + ak qk+1 qk+2
where the last equality follows from (7.5).
It follows that the sequence (7.10) is increasing if k is even and is decreasing
if k is odd. Thus, in particular, the fraction
pk + pk+1
(7.11)
qk + qk+1
164 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

is between the quantities pk /qk and α. Therefore the distance between pk /qk and
the fraction (7.11) is smaller than the distance between pk /qk and α:

pk pk + pk+1 1
α− ≥ = .
qk qk + qk+1 qk (qk + qk+1 )

The second (right) inequality in Theorem 83 is now proved. This finishes the
proof of Theorem 83.
Exercises

1. Check the assertion of Theorem 82 for k = 2.

2. Check that for k = 2

p2 q1 − q2 p1 = −1.

Hint. Introduce formally p−1 = 1 and q−1 = 0, check that then formulas
7.5 are true also for k = 1.

3. Combine the previous exercises with (7.8) to obtain

qk pk−1 − pk qk−1 = (−1)k

for k ≥ 1. Derive from this that qk and pk are relatively prime.

4. Prove Proposition 2

5. Combine (7.9) with Proposition 2 to prove the inequality

pk 1
α− ≤ .
qk qk qk+1

6. Prove Lemma 16

7. Use (7.5) to show that the sign of the difference between two consecutive
fractions in (7.10) depends only on the parity of k.
7.3. VERY GOOD APPROXIMATION 165

7.3 Very Good Approximation

Continued fractions provide a representation of numbers which is, in a sense,
generic and canonical. It does not depend on an arbitrary choice of a base. Such a
representation should be the best in a sense. In this section we quantify this naive
idea.

Definition 2. A rational number a/b is referred to as a ”good” approximation to

a number α if
c a
6= and 0<d≤b
d b
imply
|dα − c| > |bα − a|.

Remarks. 1. Our ”good approximation” is ”the best approximation of the sec-

ond kind” in a more usual terminology.
2. Although we use this definition only for rational α, it may be used for any real
α as well. Neither the results of this section nor the proofs alter.
3. Naively, this definition means that a/b approximates α better then any other
rational number whose denominator does not exceed b. There is another, more
common, definition of ”the best approximation”. A rational number x/y is re-
ferred to as ”the best approximation of the first kind” if c/d 6= x/y and 0 < d ≤ y
imply |α − c/d| > |α − x/y|. In other words, x/y is closer to α than any ratio-
nal number whose denominator does not exceed y. In our definition we consider
a slightly different measure of approximation, which takes into the account the
denominator, namely b|α − a/b| = |bα − a| instead of taking just the distance
|α − a/b|.

Theorem 84. Any ”good” approximation is a convergent.

Proof. Let a/b be a ”good” approximation to α = [a0 ; a1 , a2 , . . . , an ]. We

have to prove that a/b = pk /qk for some k.
166 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

Thus we have a/b > p1 /q1 or a/b lies between two consecutive convergents
pk−1 /qk−1 and pk+1 /qk+1 for some k. Assume the latter. Then

a pk−1 1
− ≥
b qk−1 bqk−1

and
a pk−1 pk pk−1 1
− < − = .
b qk−1 qk qk−1 qk qk−1
It follows that
b > qk . (7.12)

Also
a pk+1 a 1
α− ≥ − ≥ ,
b qk+1 b bqk+1
which implies
1
|bα − a| ≥ .
qk+1
At the same time Theorem 83 (it right inequality multiplied by qk ) reads

1
|qk α − pk | ≤ .
qk+1

It follows that
|qk α − pk | ≤ |bα − a| ,

and the latter inequality together with (7.12) show that a/b is not a ”good” ap-
proximation of α in this case.
This finishes the proof of Theorem 84.
Exercises

1. Prove that if a/b is a ”good” approximation then a/b ≥ a0 .

2. Show that if a/b > p1 /q1 then a/b is not a ”good” approximation to α.
7.4. AN APPLICATION 167

7.4 An Application
Consider the following problem which may be of certain practical interest. As-
sume that we calculate certain quantity using a computer. Also assume that we
know in advance that the quantity in question is a rational number. The com-
puter returns a decimal which has high accuracy and is pretty close to our desired
answer. How to guess the exact answer?
To be more specific consider an example.

Example 67. Assume that the desired answer is

123456
121169
and the result of computer calculation with a modest error of 10−15 is
123456
α= + 10−15 = 1.0188744645907791693337404781751107956655
121169
5802226642127937013592585562313793131906
6757999158200529838490042832737746453300
7617459911363467553582186862976503891259
315501489654944746593600673439576129207

with some two hundred digits of accuracy which, of course come short to help in
guessing the period and the exact denominator of 121169.

Solution. Since 123456/121169 is a good (just in a naive sense) approximation

to α, it should be among its convergents. This is not an exact statement, but it
offers a hope! We have

α = [1; 52, 1, 53, 2, 4, 1, 2, 1, 68110, 4, 1, 2, 106, 22, 3, 1, 1, 10, 2, 1, 3, 1, 3, 4, 2, 11].

We are not going to check all convergents, because we notice the irregularity:
one element, 68110 is far more than the others. In order to explain this we use the
168 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

left inequality from Theorem 83 together with the formula (7.5). Indeed, we have
an approximation of α which is unexpectedly good: |α − pk /qk | is very small (it
is around 10−15 ) and with a modest qk too. We have

qk (qk+1 + qk ) = qk (ak+1 qk + qk−1 ) = qk2 (ak+1 + qk−1 /qk )

and
pk 1
α− ≥ 2 .
qk qk (ak+1 + qk−1 /qk )
It follows that 1/qk2 (ak+1 + qk−1 /qk ) is small (smaller than 10−15 ) and therefore,
ak+1 should be big. This is exactly what we see. Of course, our guess is correct:

123456
= [1, 52, 1, 53, 2, 4, 1, 2, 1].
121169

In this way we conclude that in general an unexpectedly big element allows

to cut the continued fraction (right before this element) and to guess the exact
rational quantity. There is probably no need (although this is, of course, possible)
to quantify this procedure. I prefer to use it just for guessing the correct quantities
on the spot from the first glance.

7.5 A Formula of Gauss, a Theorem of Kuzmin and

Lévi and a Problem of Arnold
In this connection Gauss asked about a probability ck for a number k to appear as
an element of a continued fraction. Such a probability is defined in a natural way:
as a limit when N → ∞ of the number of occurrences of k among the first N ele-
ments of the continued fraction enpension. Moreover, Gauss provided an answer,
but never published the proof. Two different proofs were found independently by
R.O.Kuzmin (1928) and P. Lévy (1929) (see [12] for a detailed exposition of the
R.O.Kuzmin’s proof).
7.5. A FORMULA OF GAUSS, A THEOREM OF KUZMIN AND LÉVI AND A PROBLEM OF ARNOLD1

Theorem 85. For almost every real α the probability for a number k to appear as
an element in the continued fraction expansion of α is
 
1 1
ck = ln 1 + . (7.13)
ln 2 k(k + 2)
Remarks. 1. The words ”for almost every α” mean that the measure of the set
of exceptions is zero.
2. Even the existence of pk (defined as a limit) is highly non-trivial.
Theorem 85 may (and probably should) be considered as a result from ergodic
theory rather than number theory. This constructs a bridge between these two ar-
eas of Mathematics and explains the recent attention to continued fractions of the
mathematicians who study dynamical systems. In particular, V.I.Arnold formu-
lated the following open problem. Consider the set of pairs of integers (a, b) such
that the corresponding points on the plane are contained in a quarter of a circle of
radii N :
a2 + b 2 ≤ N 2 .

Expand the numbers p/q into continued fractions and compute the frequencies
sk for the appearance of k in these fractions. Do these frequencies have limits
as N → ∞? If so, do these limits have anything to do with the probabilities,
given by (7.13)? These questions demand nothing but experimental computer
investigation, and such an experiment may be undertaken by a student. Of course,
it would be extremely challenging to find a phenomena experimentally in this way
and to prove it after that theoretically.
Of course, one can consider more general kinds of continued fractions. In
particular, one may ease the assumption that the elements are positive integers
and consider, allowing arbitrary reals as the elements (the question of conver-
gence may usually be solved). The following identities were discovered inde-
pendently by three prominent mathematicians. The English mathematician R.J.
Rogers found and proved these identities in 1894, Ramanujan found the iden-
tities (without proof) and formulated them in his letter to Hardy from India in
170 CHAPTER 7. INTRODUCTION TO CONTINUED FRACTIONS

1913. Independently, being separated from England by the war, I. J. Schur found
the identities and published two different proofs in 1917. We refer an interested
reader to [2, 1] for a detailed discussion and just state the amazing identities here.
√ √
s 
5+ 5 5 + 1  2π/5
[0; e−2π , e−4π , e−6π , e−8π , . . .] =  − e
2 2

√ √
s 
5− 5 5 − 1  π/5
[1; e−π , e−2π , e−3π , e−4π , . . .] =  − e
2 2

Exercises

1. Prove that ck really define a probability distribution, namely that

∞
X
ck = 1.
k=1
Chapter 8

Introduction to Analytic Number

Theory

The distribution of prime numbers has been the object of intense study by many
modern mathematicians. Gauss and Legendre conjectured the prime number the-
orem which states that the number of primes less than a positive number x is
asymptotic to x/logx as x approaches infinity. This conjecture was later proved
by Hadamard and Poisson. Their proof and many other proofs lead to the what is
known as Analytic Number theory.
In this chapter we demonstrate elementary theorems on primes and prove el-
ementary properties and results that will lead to the proof of the prime number
theorem.

8.1 Introduction
P∞ 1
It is well known that the harmonic series diverges. We therefore deter-
n=1 n
mine some asymptotic formulas that determines the growth of the n≤x n1 . We
P

start by introducing Euler’s summation formula that will help us determine the
asymptotic formula.

171
172 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY

We might ask the following question. What if the sum is taken over all the
primes. In this section, we show that the sum over the primes diverges as well.
We also show that an interesting product will also diverge. From the following
theorem, we can actually deduce that there are infinitely many primes.

Euler’s Summation Formula If f has a continuous derivative on an interval

[a, b] where a > 0, then
X Z b Z b
f (n) = f (t)dt + ({t})f 0 (t)dt + f (b)({b}) − f (a)({a}).
a<n≤b a a

where {t} denotes the fractional part of t.

For the proof of Euler’s summation formula see [3, Chapter 3].

Proposition 3. If x ≥ 1, we have that:

X1  
1
= log x + γ + O
n≤x
n x

Proof. We use Euler’s summation formula by taking f (t) = 1/t. We then get
Z x Z x  
X1 1 {t} 1
= dt − 2
dt + 1 + O
n≤x
n 1 t 1 t x
Z ∞ Z ∞  
{t} {t} 1
= log x + 1 − 2
dt + 2
dt + O
1 t x t x

Notice now that {t} ≤ t and hence the two improper integrals exist since they are
dominated by integrals that converge. We therefore have
Z ∞
{t} 1
0≤ 2
dt ≤ ,
x t x
we also let ∞
{t}
Z
γ =1− dt
1 t2
8.1. INTRODUCTION 173

and we get the asymptotic formula. Notice that γ is called Euler’s constant. Notice
also that similar steps can be followed to find an asymptotic formulas for other
sums involving powers of n.
We now proceed to show that if we sum over the primes instead, we still get a
divergent series.
1
− p1 ) diverge.
P Q
Theorem 86. Both p p and p (1

Proof. Let x ≥ 2 and put

Y −1
1 X1
P (x) = 1− , S(x) =
p≤x
p p≤x
p

Let 0 < u < 1 and m ∈ Z, we have

1 1 − um+1
> = 1 + u + ... + um .
1−u 1−u
Now taking u = p1 , we get
 m
1 1 1
1 > 1 + + ... +
1− p
p p

As a result, we have that

Y 1 1

P (x) > 1 + + ... + m
p≤x
p p

Choose m > 0 ∈ Z such that 2m−1 ≤ x ≤ 2m . Observe also that

Y 1 1
 X 1
1 + + ... + m = 1 + m1 m2
p≤x
p p p p2 ...
p ≤x 1 i

where 1 ≤ mi ≤ m . As a result, we get every n1 , n ∈ Z+ where each prime factor

of n is less than or equal to x(Exercise). Thus we have
m−1
2X [x/2]
Y 1 1

1 X1
1 + + ... + m > >
p≤x
p p n=1
n n=1 n
174 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY

Taking the limit as x approaches infinity, we conclude that P (x) diverges.

We proceed now to prove that S(x) diverges. Notice that if u > 0, then
1
log(1/u − 1) < u + (u2 + u3 + ...).
2
Thus we have
u2
log(1/u − 1) < u + (1/1 − u), 0 < u < 1.
2
We now let u = 1/p for each p ≤ x, then
 
1 1 1
log − <
1 − 1/p p 2p(p − 1)
Thus
X
log P (x) = log(1/1 − p).
p≤x

Thus we have
∞
1X 1 1X 1
log P (x) − S(x) < <
2 p≤x p(p − 1) 2 n=1 n(n − 1)

This implies that

1
S(x) > log P (x) −
2
And thus S(x) diverges as x approaches infinity.

Theorem 87 (Abel’s Summation Formula). For any arithmetic function f (n), we

let
X
A(x) = f (n)
n≤x

where A(x) = 0 for x < 1. Assume also that g has a continuous derivative on the
interval [y, x], where 0 < y < x. Then we have
X Z x
f (n)g(n) = A(x)g(x) − A(y)g(y) − A(t)g 0 (t)dt.
y<n≤x y
8.2. CHEBYSHEV’S FUNCTIONS 175

The proof of this theorem can be found in [3, Chapter 4].

Exercises

1. Show that one gets every n1 , n ∈ Z+ where each prime factor of n is less
than or equal to x in the proof of Theorem 1.

2. Write down the proof of Abel’s summation formula in details.

8.2 Chebyshev’s Functions

We introduce some number theoretic functions which play important role in the
distribution of primes. We also prove analytic results related to those functions.
We start by defining the Van-Mangolt function

Definition 5. Ω(n) = logp if n = pm and vanishes otherwise.

We define also the following functions, the last two functions are called Cheby-
shev’s functions.
P
1. π(x) = p≤x 1.
P
2. θ(x) = p≤x logp
P
3. ψ(x) = n≤x Ω(n)

Notice that
X ∞
X X ∞
X X
m
ψ(x) = Ω(n) = Ω(p ) = logp.
n≤x m=1, pm ≤x p m=1 p≤x1/m

Example 68. 1. π(10) = 4.

2. θ(10) = log2 + log3 + log5 + log7.

3. ψ(10) = log2 + log2 + log2 + log3 + log3 + log5 + log7

176 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY

Remark 6. It is easy to see that

ψ(x) = θ(x) + θ(x1/2 ) + θ(x1/3 ) + ...θ(x1/m )

where m ≤ log2 x. This remark is left as an exercise.

Notice that the above sum will be a finite sum since for some m, we have that
x1/m < 2 and thus θ(x1/m ) = 0.
We use Abel’s summation formula now to express the two functions π(x) and
θ(x) in terms of integrals.

Theorem 88. For x ≥ 2, we have

Z x
π(t)
θ(x) = π(x) log x − dt
2 t
and Z x
θ(x) θ(t)
π(x) = + dt.
log x 2 t log2 t
Proof. We define the characteristic function χ(n) to be 1 if n is prime and 0 oth-
erwise. As a result, we can see from the definition of π(x) and θ(x) that they can
be represented in terms of the characteristic function χ(n). This representation
will enable use to apply Abel’s summation formula where f (n) = χ(n) for θ(x)
and where f (n) = χ(n) log n for π(x). So we have,
X X
π(x) = χ(n) and θ(x) = χ(n) log n
1≤n/leqx 1≤n≤x

Now let g(x) = log x in Theorem 84 with y = 1 and we get the desired result for
the integral representation of θ(x). Similarly we let g(x) = 1/ log x with y = 3/2
and we obtain the desired result for π(x) since θ(t) = 0 for t < 2.

We now prove a theorem that relates the two Chebyshev’s functions θ(x) and
ψ(x). The following theorem states that if the limit of one of the two functions
θ(x)/x or ψ(x)/x exists then the limit of the other exists as well and the two limits
are equal.
8.3. GETTING CLOSER TO THE PROOF OF THE PRIME NUMBER THEOREM177

Theorem 89. For x > 0, we have

ψ(x) θ(x) (log x)2
0≤ − ≤ √ .
x x 2 x log 2
Proof. From Remark 4, it is easy to see that

0 ≤ ψ(x) − θ(x) = θ(x1/2 ) + θ(x1/3 ) + ...θ(x1/m )

where m ≤ log2 x. Moreover, we have that θ(x) ≤ x log x. The result will follow
after proving the inequality in Exercise 2.

Exercises
1. Show that

ψ(x) = θ(x) + θ(x1/2 ) + θ(x1/3 ) + ...θ(x1/m )

where m ≤ log2 x.
√ √
2. Show that 0 ≤ ψ(x) − θ(x) ≤ (log2 (x)) x log x and thus the result of
Theorem 86 follows.

3. Show that the following two relations are equivalent

 
x x
π(x) = +O
log x log2 x
 
x
θ(x) = x + O
log x

8.3 Getting Closer to the Proof of the Prime Num-

ber Theorem
We know prove a theorem that is related to the defined functions above. Keep in
mind that the prime number theorem is given as follows:
π(x)logx
lim = 1.
x→∞ x
We now state equivalent forms of the prime number theorem.
178 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY

Theorem 90. The following relations are equivalent

π(x) log x
lim =1 (8.1)
x→∞ x
θ(x)
lim =1 (8.2)
x→∞ x

ψ(x)
lim = 1. (8.3)
x→∞ x

Proof. We have proved in Theorem 86 that (8.2) and (8.3) are equivalent, so if we
show that (8.1) and (8.2) are equivalent, the proof will follow. Notice that using
the integral representations of the functions in Theorem 85, we obtain
π(x) log x 1 x π(t)
Z
θ(x)
= − dt
x x x 2 t
and Z x
π(x) log x θ(x) log x θ(t)
= + dt.
x x x 2 t log2 t
Now to prove that (8.1) implies (8.2), we need to prove that

1 x π(t)
Z
lim dt = 0.
x→∞ x 2 t
 
Notice also that (8.1) implies that π(t)
t
= O 1
log t
for t ≥ 2 and thus we have
Z x  Z x 
1 π(t) 1 dt
dt = O
x 2 t x 2 log t
Now once you show that (Exercise 1)
Z x √ √
dt x x− x
≤ + √ ,
2 log t log 2 log x

then (8.1) implies (8.2) will follow. We still need to show that (8.2) implies (8.1)
and thus we have to show that
Z x
log x θ(t)dt
lim = 0.
x→∞ x 2 t log2 t
8.3. GETTING CLOSER TO THE PROOF OF THE PRIME NUMBER THEOREM179

Notice that θ(x) = O(x) and hence

log x x θ(t)dt log x x dt

Z  Z 
2 = O 2 .
x 2 t log t x 2 log t

Now once again we show that (Exercise 2)

Z x √ √
dt x x− x
2 ≤ + √
2 log t log2 2 log2 x

then (8.2) implies (8.1) will follow.

Theorem 91. Define

π(x) π(x)
l1 = lim inf , L1 = lim sup ,
x→∞ x/logx x→∞ x/logx

θ(x) θ(x)
l2 = lim inf , L2 = lim sup ,
x→∞ x x→∞ x
and
ψ(x) ψ(x)
l3 = lim inf , L3 = lim sup ,
x→∞ x x→∞ x
then l1 = l2 = l3 and L1 = L2 = L3 .

Proof. Notice that

ψ(x) = θ(x) + θ(x1/2 ) + θ(x1/3 ) + ...θ(x1/m ) ≥ θ(x)

where m ≤ log2 x

Also,
X  log x  X log x
ψ(x) = log p ≤ log p = log xπ(x).
p≤x
log p p≤x
log p

Thus we have
θ(x) ≤ ψ(x) ≤ π(x) log x
180 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY

As a result, we have
θ(x) ψ(x) π(x)
≤ ≤
x x x/ log x
and we get that L2 ≤ L3 ≤ L1 . We still need to prove that L1 ≤ L2 .
Let α be a real number where 0 < α < 1, we have
X X
θ(x) = log p ≥ log p
p≤x xα ≤p≤x
X
> α log x (log p > α log x)
xα ≤p≤x
= αlogx{π(x) − π(xα )}

However, π(xα ) ≤ xα . Hence

θ(x) > α log x{π(x) − xα }

As a result,
θ(x) απ(x)
> − αxα−1 log x
x x/ log x
Since limx→∞ α log x/x1−α = 0, then

π(x)
L2 ≥ α lim sup
x→∞ x/ log x
As a result, we get that
L2 ≥ αL1

As α → 1, we get L2 ≥ L1 .
Proving that l1 = l2 = l3 is left as an exercise.
We now present an inequality due to Chebyshev about π(x).

Theorem 92. There exist constants a < A such that

x x
a < π(x) < A
log x log x
for sufficiently large x.
8.3. GETTING CLOSER TO THE PROOF OF THE PRIME NUMBER THEOREM181

Proof. Put
π(x) π(x)
l = lim inf , L = lim sup ,
x→∞ x/ log x x→∞ x/ log x
It will be sufficient to prove that L ≤ 4 log 2 and l ≥ log 2. Thus by Theorem 2,
we have to prove that
θ(x)
lim sup ≤ 4 log 2 (8.4)
x→∞ x
and
ψ(x)
lim inf ≥ log 2 (8.5)
x→∞ x
To prove (8.4), notice that

(n + 1)(n + 2)...(n + n)
N = C(2n, n) = < 22n < (2n + 1)N
n!
Suppose now that p is a prime such that n < p < 2n and hence p | N . As a result,
Q
we have N ≥ n<p<2n p. We get

N ≥ θ(2n) − θ(n).

Since N < 22n , we get that θ(2n) − θ(n) < 2n log 2. Put n = 1, 2, 22 , ..., 2m−1
where m is a positive integer. We get that

θ(2m ) < 2m−1 log 2.

Let x > 1 and choose m such that 2m−1 ≤ x ≤ 2m , we get that

θ(x) ≤ θ(2m ) ≤ 2m+1 log 2 ≤ 4x log 2

and we get (8.4) for all x.

We now prove (8.5). Notice that by Lemma 9, we have that the highest power
(2n)!
of a prime p dividing N = (n!)2
is given by

µp    
X 2n n
sp = −2 i .
i=11
pi p
182 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY
h i
log 2n
. Thus we have N = p≤2n psp . If x is a positive integer then
Q
where µp = log p

[2x] − 2[x] < 2,

It means that [2x] − 2[x] is 0 or 1. Thus sp ≤ µp and we get

Y
N≤ pµp .
p≤e2n

Notice as well that

X  log 2n  X
ψ(2n) = log p = µp log p.
p≤2n
log p p≤2n

Hence we get
log N ≤ ψ(2n).

Using the fact that 22n < (2n + 1)N , we can see that

ψ(2n) > 2n log 2 − log(2n + 1).

x x x
Let x > 2 and put n = 2
≥ 1. Thus 2
−1<n< 2
and we get 2n ≤ x. So we
get

ψ(x) ≥ ψ(2n) > 2n log 2 − log(2n + 1)

> (x − 2) log 2 − log(x + 1).

As a result, we get
ψ(x)
lim inf ≥ log 2.
x→∞ x

Exercises

1. Show that l1 = l2 = l3 in Theorem 88.

2. Show that x √ √
x− x
Z
dt x
≤ + √ ,
2 log t log 2 log x
8.3. GETTING CLOSER TO THE PROOF OF THE PRIME NUMBER THEOREM183

3. Show that x √ √
x− x
Z
dt x
≤ + √
2 log2 t log2 2 log2 x
4. Show that
(n + 1)(n + 2)...(n + n)
N = C(2n, n) = < 22n < (2n + 1)N
n!
2n
2√ 22n
5. Show that 2 n
< N = C(2n, n) < √
2n
.
Hint: For one side of the inequality, write

N (2n)! 1.3.5....(2n − 1) 2.4.6.....(2n)

n
= 2n 2
= . ,
2 2 (n!) 2.4.6....(2n) 2.4.6...(2n)

then show that

N2 N2
1 > (2n + 1). > 2n. .
24n 24n
The other side of the inequality will follow with similar arithmetic tech-
niques as the first inequality.
184 CHAPTER 8. INTRODUCTION TO ANALYTIC NUMBER THEORY
Chapter 9

Other Topics in Number Theory

This chapter discusses various topics that are of profound interest in number the-
ory. Section 1 on cryptography is on an application of number theory in the field
of message decoding, while the other sections on elliptic curves and the Riemann
zeta function are deeply connected with number theory. The section on Fermat’s
last theorem is related, through Wile’s proof of Fermat’s conjecture on the non-
existence of integer solutions to xn + y n = z n for n > 2, to the field of elliptic
curves (and thus to section 2).

9.1 Cryptography
In this section we discuss some elementary aspects of cryptography, which con-
cerns the coding and decoding of messages.

9.1.1 Public key cryptography

In cryptography, a (word) message is transformed into a sequence a of integers,
by replacing each letter in the message by a specific and known set of integers
that represent this letter, and thus forming a large integer a by concatenation.

185
186 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

Some transformation is then applied to a using an encryption key, in the hopes

that it will be difficult to reverse the transformation without already knowing the
contents of the message. The message is then broadcast to the recipient, who uses
a decryption key to reverse the transformation.
Difficulties arise in sharing the keys. To solve this, public key cryptography
exploits difficult mathematical problems, where it is easy to perform a computa-
tion, but not so easy to reverse it. The general scheme is this:

• Person A wants to receive secret messages. Person A chooses an encryption

function, f , and two keys: an encryption key, e, and a decryption key, d. The
two keys are used to generate a third item, which we shall call m.

• Person A broadcasts f , e, and m. Anyone can overhear this information.

• Person B decides to send person A a secret message, computes b = f (a, e, m),

and broadcasts b message to Person A. Anyone can overhear this message.

• Person A applies a function g to b using d, and obtains a = g(b, d, m). (It is

possible that g = f .)

The security of this approach is based on the fact that even though f , g, e, and
m are publicly known, and the method of computing m from e and d is well-
established, it is practically impossible to reverse-engineer d from all this infor-
mation. This gives a level of security so high that not even the sender can decrypt
the message: only the recipient!
Let’s look at an example that relates to Number Theory.

9.1.2 The RSA algorithm

The RSA algorithm is based on the fact that it is easy to multiply two prime
numbers, but surprisingly difficult to factor them. (We talk about this a little more
below.)
9.1. CRYPTOGRAPHY 187

In RSA, the message a is transformed (i.e. coded) into another integer b by

using a congruence of the form b = ak (mod m) for some chosen k and m, as de-
scribed below, with k publicly known. b is then sent to the recipient who decodes
it into a again by using a congruence of the form a = bk̄ (mod m), where k̄ is
related to k and is itself only known to the recipient, and then simply transforms
the integers in a back to letters and reveals the message again. In this procedure,
if a third party intercepts the integers b, k, and m the chance of transforming this
into a, even if the integers that represent the letters of the alphabet are exactly
known, is almost impossible to do (i.e. has a fantastically small probability of
being achieved) if k̄ is not known, that practically the transformed message will
not be revealed except to the intended recipient.
The basic results on congruences to allow for the above procedure are in the
following two lemmata, where φ in the statements is Euler’s φ-function.

Lemma 17. Let a and m be two integers, with m positive and (a, m) = 1. If k
and k̄ are positive integers with k k̄ ≡ 1(mod φ(m)), then akk̄ ≡ a(mod m).

Proof. k k̄ = 1(mod φ(m)) thus k k̄ = qφ(m) + 1 (q ≥ 0). Hence akk̄ =

aqφ(m)+1 = aqφ(m) a. But by Euler’s Theorem, if (a, m) = 1 then aφ(m) ≡
1(mod m). This gives that

(aφ(m) )q a ≡ 1 · a(mod m) ≡ a(mod m), (9.1)

and hence that akk̄ ≡ a(mod m), and the result follows.

We also need the following.

Lemma 18. Let m be a positive integer, and let r1 , r2 , · · · , rn be a reduced residue

system modulo m (i.e. with n = φ(m) and (ri , m) = 1 for i = 1, · · · , n). If k is
an integer such that (k, φ(m)) = 1, then r1k , r2k , · · · , rnk forms a reduced residue
system modulo m.
188 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

Before giving the proof, one has to note that the above lemma is in fact an
if-and-only-if statement, i.e. (k, φ(m)) = 1 if and only if r1k , r2k , · · · , rnk forms a
reduced residue system modulo m. However we only need the if part, as in the
lemma.

Proof. Assume first that (k, φ(m)) = 1. We show that r1k , r2k , · · · , rnk is a reduced
residue system modulo m. Assume otherwise, i.e. assume that ∃i, j such that
rik = rjk (mod m), in which case rik and rjk would belong to the same class and thus
r1k , r2k , · · · , rnk would not form a reduced residue system. Then, since (k, φ(m)) =
1, ∃k̄ with k k̄ = 1(mod φ(m)), and so

rikk̄ = ri (mod m) and rjkk̄ = rj (mod m) (9.2)

by the previous lemma. But if rik = rjk (mod m) then (rik )k̄ = (rjk )k̄ (mod m), and
since rikk̄ = ri (mod m) and rjkk̄ = rj (mod m), then ri = rj (mod m) giving that ri
and rj belong to the same class modulo m, contradicting that r1 , r2 , · · · , rn form a
reduced residue system. Thus ri 6= rj implies that rik 6= rjk if (k, φ(m)) = 1.

Now to do cryptography, one proceeds as follows. Let S be a sentence given

in terms of letters and spaces between the words that is intended to be transformed
to a destination with the possibility of being intercepted and revealed by a third
party.

1. Choose a couple p1 and p2 of very large prime numbers, each (for exam-
ple) of the order of a hundred digit integer, and these should be strictly kept
known only to the recipient. Then form the product m = p1 p2 , which is
itself a very large number to the point that the chances of an eavesdropper’s
discovering the prime number factorization p1 p2 of m is incredibly small,
even if they know this integer m. Now one has, by standard results concern-
ing the φ-function, that φ(p1 ) = p1 − 1 and φ(p2 ) = p2 − 1, and that, since
p1 and p2 are relatively prime, φ(m) = φ(p1 )φ(p2 ) = (p1 − 1)(p2 − 1).
Thus φ(m) is a very large number, of the order of m itself, and hence m
9.1. CRYPTOGRAPHY 189

has a reduced residue system that contains a very large number of integers
of the order of m itself. Hence almost every integer smaller than m, with a
probability of the order 1 − 1/10100 (almost 1), is in a reduced residue system
r1 , r2 , · · · , rφ(m) of m. Thus almost every positive integer smaller than m is
relatively prime to m, with probability of the order 1 − 1/10100 .

2. Choose an integer k satisfying gcd(m, k) = 1, and broadcast m and k.

3. The sender transforms S into a (large) integer a by replacing each letter and
each space between words by a certain representative integer (e.g. three
or four digit integers for each letter). a is formed by concatenating the
representative integers that are produced.

4. Now given that almost every positive integer smaller than m is relatively
prime with m, the integer a itself is almost certainly relatively prime with
m, and hence is in a reduced residue system for m. Hence, by Lemma 17
above, if k is a (large) integer such that (k, φ(m)) = 1, then ak belongs to
a reduced residue system for m, and there exists a unique positive b smaller
than m with b = ak (mod m).

5. The sender sends b to the original broadcaster, where the original prime
numbers, and hence φ(m), are known. With this information, which was
never broadcast, the destination can determine a k̄ such that k k̄ = 1(mod φ(m)),
and then finds the unique c such that c = bk̄ (mod m). Now since, almost
certainly, (a, m) = 1, then almost certainly c = a since c = bk̄ (mod m) =
(ak )k̄ (mod m) = akk̄ (mod m) ≡ a(mod m) by Lemma 17. Now the desti-
nation translates a back to letters and spaces to reveal the sentence S.

6. Note that if any third party intercepts b, they almost certainly cannot reveal
the integer a since the chance of them knowing φ(m) = p1 p2 is almost zero,
even if they know m and k. In this case they practically won’t be able to
determine a k̄ with k k̄ = 1(mod φ(m)), to retrieve a and transform it to S.
190 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

Exercises

1. You will want the assistance of a computer for this. Pick two large primes,
and compute the modulus, an encryption key, and a decryption key. Use
these to confirm your understanding of the RSA algorithm: practice by in-
venting a message, encrypting it, then trying to decrypt it again. Be sure you
use a computer that knows how to take large exponents modulo a number
quickly, or you could be waiting a long time. . .

9.1.3 Is RSA safe?

You might wonder if RSA is really safe. After all, the method is well-known, and
is based on the fact that k̄ is the multiplicative inverse of k modulo φ(m). But
this is easy if you know φ(m); the fact that gcd(φ(m), k) = 1 means you can just
apply the Euclidean algorithm to find two integers k̄, ` such that

k k̄ + `φ(m) = 1.

.Even worse, m is the product of two primes p and q, so φ(m) = (p − 1)(q − 1).
Thus, breaking RSA is as simple as factoring m into primes — and you already
know that there are only two primes!

Example 69. To drive home how simple this can be, consider that 6 = 2 × 3,
14 = 2 × 7, and so forth are fairly easy to factor. Then again, they’re pretty small
numbers. . .

This appearance of vulnerability really is superficial: once prime numbers

grow sufficiently large, no one knows how to factor them quickly. For a while,
RSA Laboratories even offered large cash prizes to people who can factor such
values of m. As of this writing, the smallest such number in the RSA Factoring
9.1. CRYPTOGRAPHY 191

Challenge is 220 digits long:

22601385262034057849416540486101975135080389157197
76718321197768109445641817966676608593121306582577
25063156288667697044807000181114971186300211248792
81994874820660701310665866460833279828035603792053
91980139946496955261.

Although they no longer offer the prize, you might want to give it a go if you have
a lot of free time coming up.
However, one can’t just pick any two large primes. We can illustrate this with
10403: an obvious approach to factor it (and usually a very bad one) is to start
√ √
at the floor of 10403 and work one’s way down; since 10403 ≈ 102, the first
number to try is 101. Oops!
There is a large body of scientific work dedicated to finding good primes for
the RSA algorithm, which is a good thing, because commerce on the internet
(such as that One-click purchase at Amazon!) is based on its security. Recently,
scientists working in the strange world of quantum computing have developed al-
gorithms that factor primes very, very quickly — but quantum computers work
only with very, very small numbers. It is not yet clear whether quantum com-
putation will advance to the point where this will become practical for cracking
formerly secure communications.
Exercises

1. Ask a mathematically literate friend to choose two “large” primes, but not
to tell you what they are. Instead, your friend should tell you what their
product is. See if you can determine the two prime numbers. (Here, “large”
means two to three digits long — not RSA grade!)
192 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

9.2 Elliptic Curves

Elliptic curves in the xy-plane are the set of points (x, y) ∈ R × R that are the
zeros of special types of third order polynomials f (x, y), with real coefficients,
in the two variables x and y. These curves turn out to be of fundamental interest
in analytic number theory. More generally, one can define similar curves over
arbitrary algebraic fields as follows. Let f (x, y) be a polynomial of any degree
in two variables x and y, with coefficients in an algebraic field F. We define the
algebraic curve Cf (F) over the field F by

Cf (F) = {(x, y) ∈ F × F : f (x, y) = 0 ∈ F}. (9.3)

Of course one can also similarly define the algebraic curve Cf (Q) over a field Q,
where Q is either a subfield of the field F where the coefficients of f exist, or is
an extension field of F. Thus if f ∈ F[x, y], and if Q is either an extension or a
subfield of F, then one can define Cf (Q) = {(x, y) ∈ Q × Q : f (x, y) = 0}. Our
main interest in this section will be in third order polynomials (cubic curves)

f (x, y) = ax3 + bx2 y + cxy 2 + dy 3 + ex2 + f xy + gy 2 + hx + iy + j, (9.4)

with coefficients in R, with the associated curves Cf (Q) over the field of rational
numbers Q ⊂ R. Thus, basically, we will be interested in points (x, y) ∈ R2
that have rational coordinates x and y, and called rational points, that satisfy
f (x, y) = 0. Of course one can first imagine the curve f (x, y) = 0 in R2 , i.e.
the curve Cf (R) over R, and then choosing the points on this curve that have ra-
tional coordinates. This can simply be expressed by writing that Cf (Q) ⊂ Cf (R).
It has to be mentioned that ”rational curves” Cf (Q) are related to diophantine
equations. This is in the sense that rational solutions to equations f (x, y) = 0
produce integer solutions to equations f 0 (x, y) = 0, where the polynomial f 0 is
very closely related to the polynomial f , if not the same one in many cases. For
example every point in Cf (Q), where f (x, y) = xn + y n , i.e. every rational solu-
9.2. ELLIPTIC CURVES 193

tion to f (x, y) = xn + y n = 0, produces an integer solution to xn + y n = 0. Thus

algebraic curves Cf (Q) can be of genuine interest in this sense.
In a possible procedure to construct the curve Cf (Q) for a polynomial f (x, y) ∈
R[x, y] with real coefficients, one considers the possibility that, given one ratio-
nal point (x, y) ∈ Cf (Q) ⊂ Cf (R), a straight line with a rational slope m might
intersect the curve Cf (R) in a point (x0 , y 0 ) that is also in Cf (Q). This possibility
comes from the simple fact that if (x, y), (x0 , y 0 ) ∈ Cf (Q), then the slope of the
straight line that joins (x, y) and (x0 , y 0 ) is a rational number. This technique, of
determining one point in Cf (Q) from another by using straight lines as mentioned,
works very well in some cases of polynomials, especially those of second degree,
and works reasonably well for third order polynomials.
Two aspects of this technique of using straight lines to determine points in
Cf (Q), and which will be needed for defining elliptic curves, are the following.
The first is illustrated by the following example.
Consider the polynomial f (x, y) = y 2 − x2 + y = (y − x + 1)(y + x).
The curve Cf (R) contains the two straight lines y = x − 1 and y = −x. The
point (2, 1) ∈ Cf (Q), and if one tries to find the intersection of the particular line
y = x − 1 that passes through (2, 1) with Cf (R), one finds that this includes the
whole line y = x − 1 itself, and not just one or two other points (for example).
This result is due to the fact that f is a reducible polynomial, i.e. that can be
factored in the form f = f 0 f 00 with f and f 00 not just real numbers.
In this direction one has the following general theorem concerning the number
of intersection points between a straight line L and an algebraic curve Cf (R):
Theorem 93. If f ∈ R[x, y] is a polynomial of degree d, and the line L, which
is defined by the zeros of g(x, y) = y − mx − b ∈ R[x, y], are such that L ∩
Cf (R) contains more than d points (counting the multiplicities of intersections)
then in fact L = Cg (R) ⊂ Cf (R), and f can be written in the form f (x, y) =
g(x, y)p(x, y), where p(x, y) is some polynomial of degree d − 1.
In connection with the above theorem, and in defining an elliptic curve Cf (R),
194 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

where f is a polynomial of degree three, we shall require that this curve be such
that any straight line that passes through two points (x1 , y1 ), (x2 , y2 ) ∈ Cf (R),
where the two points could be the same point if the curve at one of them is differ-
entiable with the tangent at that point to the curve having same slope as that of the
line, will also pass through a unique third point (x3 , y3 ). By the above theorem,
if a line intersects the curve Cf (R) associated with the third order polynomial f
in more than three points, then the line itself is a subset of Cf (R). This will be
excluded for the kind of third degree polynomials f whose associated algebraic
curves shall be called elliptic curves.
One other thing to be excluded, to have third order curves characterized as
elliptic curves, is the existence of singular points on the curve, where a singular
point is one where the curve does not admit a unique tangent.
It has to be mentioned that in the previous discussion, the points on the curve
Cf (R) may lie at infinity. To deal with this situation we assume that the curve is
in fact a curve in the real projective plane P2 (R). We now can define an elliptic
curve Cf (R) as being such that f (x, y) is an irreducible third order polynomial
with Cf (R) having no singular points in P2 (R).
The main idea behind the above definition for elliptic curves is to have a curve
whereby any two points A and B on the curve can determine a unique third point,
to be denoted by AB, using a straight line joining A and B. The possibilities
are as follows: If the line joining A and B is not tangent to the curve Cf (R) at
any point, then the line intersects the curve in exactly three different points two of
which are A and B while the third is AB. If the line joining A and B is tangent
to the curve at some point p then either this line intersects Cf (R) in exactly two
points, p and some other point p0 , or intersects the curve in only one point p. If the
line intersects Cf (R) in two points p and p0 , then either p = A = B in which case
AB = p0 , or A 6= B in which case (irrespective of whether p = A and p0 = B or
vice-versa) one would have p = AB. While if the line intersects Cf (R) in only
one point p then p = A = B = AB.
9.2. ELLIPTIC CURVES 195

The above discussion establishes a binary operation on elliptic curves that pro-
duces, for any two points A and B a uniquely defined third point AB. This binary
operation in turn produces, as will be described next, another binary operation,
denoted by +, that defines a group structure on Cf (R) that is associated with the
straight-line construction discussed so far.
A group structure on an elliptic curve Cf (R) is defined as follows: Consider
an arbitrary point, denoted by 0, on Cf (R). We define, for any two points A and
B on Cf (R), the point A + B by

A + B = 0(AB), (9.5)

meaning that we first determine the point AB as above, then we determine the
point 0(AB) corresponding to 0 and AB. Irrespective of the choice of the point 0,
one has the following theorem on a group structure determined by + on Cf (R).

Theorem 94. Let Cf (R) be an elliptic curve, and let 0 be any point on Cf (R).
Then the above binary operation + defines an Abelian group structure on Cf (R),
with 0 being the identity element and −A = A(00) for every point A.

The proof is very lengthy and can be found in [18]. We first note that if 0 and
00 are two different points on an elliptic curve with associated binary operations
+ and +0 , then one can easily show that for any two points A and B

A +0 B = A + B − 00 . (9.6)

This shows that the various group structures that can be defined on an elliptic curve
by considering all possible points 0 and associated operations +, are essentially
the same, up to a ”translation”.

Lemma 19. Consider the group structure on an elliptic curve Cf (R), correspond-
ing to an operation + with identity element 0. If the cubic polynomial f has
rational coefficients, then the subset Cf (Q) ⊂ Cf (R) of rational solutions to
f (x, y) = 0 forms a subgroup of Cf (R) if and only if 0 is itself a rational point
(i.e. a rational solution).
196 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

Proof. If Cf (Q) is a subgroup of Cf (R), then it must contain the identity 0, and
thus 0 would be a rational point. Conversely, assume that 0 is a rational point.
First, since f has rational coefficients, then for any two rational points A and B
in Cf (Q) one must have that AB is also rational, and thus (since 0 is assumed
rational) that 0(AB) is rational, making A + B = 0(AB) rational. Thus Cf (Q)
would be closed under +. Moreover, since for every A ∈ Cf (Q) one has that
−A = A(00), then −A is also rational, which makes Cf (Q) closed under inver-
sion. Hence Cf (Q) is a subgroup.

Thus by lemma 18, the set of all rational points on an elliptic curve form
a subgroup of the group determined by the curve and a point 0, if and only if
the identity element 0 is itself a rational point. In other words, one finds that if
the elliptic curve Cf (R) contains one rational point p, then there exists a group
structure on Cf (R), with 0 = p and the corresponding binary operation +, such
that the set Cf (Q) of all rational points on Cf (R) is a group.
One thing to note about rational solutions to general polynomial functions
f (x, y), is that they correspond to integer solution to a corresponding homoge-
neous polynomial h(X, Y, Z) in three variables, and vice-verse, where homoge-
neous practically means that this function is a linear sum of terms each of which
has the same power when adding the powers of the variables involved in this term.
For example XY 2 − 2X 3 + XY Z + Z 3 is homogeneous.
In fact a rational solution x = a/b and y = c/d for f (x, y) = 0, where
a, b, c, d are integers, can first be written as x = ad/bd and y = cb/bd, and thus
one can always have this solution in the form x = X/Z and y = Y /Z, where
X = ad, Y = cb and Z = bd. If x = X/Z and y = Y /Z are replaced in
f (x, y) = 0, one obtains a new version h(X, Y, Z) = 0 of this equation written
in terms of the new variables X, Y, Z. One can immediately see that this new
polynomial function h(X, Y, Z) is homogeneous in X, Y, Z. The homogeneous
function h(X, Y, Z) in X, Y, Z is the form that f (x, y) takes in projective space,
where in this case the transformations x = X/Z and y = Y /Z define the projec-
9.2. ELLIPTIC CURVES 197

tive transformation that take f (x, y) to h(X, Y, Z).

If we now go back to cubic equation f (x, y) = 0, one can transform this
function into its cubic homogeneous form h(X, Y, Z) = 0, where

h(X, Y, Z) = aX 3 + bX 2 Y + cXY 2 + dY 3 + eX 2 Z
+ f XY Z + gY 2 Z + hXZ 2 + iY Z 2 + jZ 3 , (9.7)

by using the projective transformation x = X/Z and y = Y /Z. Then, by impos-

ing some conditions, such as requiring that the point (1, 0, 0) (in projective space)
satisfy this equation, and that the line tangent to the curve at the point (1, 0, 0) be
the Z-axis that intersects the curve in the point (0, 1, 0), and that the X-axis is
the line tangent to the curve at (0, 1, 0), then one can immediately show that the
homogeneous cubic equation above becomes of the form

h(X, Y, Z) = cXY 2 + eX 2 Z + f XY Z + hXZ 2 + iY Z 2 + jZ 3 . (9.8)

Which, by using the projective transformation again, and using new coefficients,
gives that points on the curve Cf (R) are precisely those on the curve Ch (R), where

h(x, y) = axy 2 + bx2 + cxy + dx + ey + f. (9.9)

And with further simple change of variables (consisting of polynomial functions

in x and y with rational coefficients) one obtains that the points on the curve Cf (R)
are precisely those on Cg (R) where

g(x, y) = y 2 − 4x3 + g2 x − g3 , (9.10)

i.e. that Cf (R) = Cg (R). The equation g(x, y) = 0, where g is given in (8.10),
is said to be the Weierstrass normal form of the equation f (x, y) = 0. Thus, in
particular, any elliptic curve defined by a cubic f , is birationally equivalent to an
elliptic curve defined by a polynomial g(x, y) as above. Birational equivalence
between curves is defined here as being a rational transformation, together with
its inverse transformation, that takes the points on one curve to another, and vice-
versa.
198 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

9.3 The Riemann Zeta Function

The Riemann zeta function ζ(z) is an analytic function that is a very important
function in analytic number theory. It is (initially) defined in some domain in the
complex plane by the special type of Dirichlet series given by

∞
X 1
ζ(z) = , (9.11)
n=1
nz

where Re(z) > 1. It can be readily verified that the given series converges locally
uniformly, and thus that ζ(z) is indeed analytic in the domain in the complex
plane C defined by Re(z) > 1, and that this function does not have a zero in this
domain.
We first prove the following result which is called the Euler Product Formula.

Theorem 95. ζ(z), as defined by the series above, can be written in the form

∞
Y 1
ζ(z) =  , (9.12)
1
n=1 1− pzn

where {pn } is the sequence of all prime numbers.

Proof. knowing that if |x| < 1 then

∞
1 X
= xk , (9.13)
1 − x k=0

1
one finds that each term 1− p1z
in ζ(z) is given by
n

∞
1 X 1
= , (9.14)
1 − p1z pkz
k=0 n
n
9.3. THE RIEMANN ZETA FUNCTION 199

since every |1/pzn | < 1 if Re(z) > 1. This gives that for any integer N
N N  
Y 1 Y 1 1
  = 1 + z + 2z + · · ·
n=1 1− 1
n=1
pn pn
pzn
X 1
= k z
(9.15)
pkn11z · · · pnji
X 1
=
nz
where i ranges over 1, · · · , N , and j ranges from 0 to ∞, and thus the integers n
in the third line above range over all integers whose prime number factorization
consist of a product of powers of the primes p1 = 2, · · · , pN . Also note that each
such integer n appears only once in the sum above.
Now since the series in the definition of ζ(z) converges absolutely and the
order of the terms in the sum does not matter for the limit, and since, eventu-
ally, every integer n appears on the right hand side of 8.15 as N −→ ∞, then
= ζ(z). Moreover, limN →∞ N
P 1 
 1  exists, and the re-
Q
limN →∞ nz N n=1 1
1− pz
n
sult follows.

The Riemann zeta function ζ(z) as defined through the special Dirichlet series
above, can be continued analytically to an analytic function through out the com-
plex plane C except to the point z = 1, where the continued function has a pole
of order 1. Thus the continuation of ζ(z) produces a meromorphic function in C
with a simple pole at 1. The following theorem gives this result.

Theorem 96. ζ(z), as defined above, can be continued meromorphically in C,

1
and can be written in the form ζ(z) = z−1
+ f (z), where f (z) is entire.

Given this continuation of ζ(z), and also given the functional equation that is
satisfied by this continued function, and which is
 πz 
ζ(z) = 2z π z−1 sin Γ(1 − z)ζ(1 − z), (9.16)
2
200 CHAPTER 9. OTHER TOPICS IN NUMBER THEORY

(see a proof in [3]), where Γ is the complex gamma function, one can deduce that
the continued ζ(z) has zeros at the points z = −2, −4, −6, · · · on the negative
real axis. This follows as such: The complex gamma function Γ(z) has poles at
the points z = −1, −2, −3, · · · on the negative real line, and thus Γ(1 − z) must
have poles at z = 2, 3, · · · on the positive real axis. And since ζ(z) is analytic at
these points, then it must be that either sin πz


2
or ζ(1 − z) must have zeros at
the points z = 2, 3, · · · to cancel out the poles of Γ(1 − z), and thus make ζ(z)
analytic at these points. And since sin πz


2
has zeros at z = 2, 4, · · · , but not at
z = 3, 5, · · · , then it must be that ζ(1 − z) has zeros at z = 3, 5, · · · . This gives
that ζ(z) has zeros at z = −2, −4, −6 · · · .
It also follows from the above functional equation, and from the above men-
tioned fact that ζ(z) has no zeros in the domain where Re(z) > 1, that these zeros
at z = −2, −4, −6 · · · of ζ(z) are the only zeros that have real parts either less
that 0, or greater than 1. It was conjectured by Riemann, The Riemann Hypothe-
sis, that every other zero of ζ(z) in the remaining strip 0 ≤ Re(z) ≤ 1, all exist on
the vertical line Re(z) = 1/2. This hypothesis was checked for zeros in this strip
with very large modulus, but remains without a general proof. It is thought that
the consequence of the Riemann hypothesis on number theory, provided it turns
out to be true, is immense.
Bibliography

[1] George E. Andrews, Number Theory, Dover, New York, 1994.

[2] George E. Andrews, The Theory of Partitions. Reprint of the 1976 original.,
Cambridge Mathematical Library. Cambridge University Press, Cambridge,
1998

[3] Tom M. Apostol, Introduction to Analytic Number Theory. Springer, New

York, 1976.

[4] A. Baker, Transcendantal Number Theory, Cambridge University Press

(London), 1975.

[5] J.W.S. Cassels, An introduction to the Geometry of Numbers, Springer-

Verlag (Berlin), 1971.

[6] H. Davenport, Multiplicative Number Theory, 2nd edition, Springer-Verlag

(New York), 1980.

201
202 BIBLIOGRAPHY

[7] H. Davenport, The higher Arithmetic: an introduction to the Theory of

Numbers, 7th edition, Cambridge University Press 1999.

[8] H.M. Edwards, Riemann’s Zeta Function, Dover, New York, 2001.

[9] E. Grosswald, Topics from the Theory of Numbers. New York: The Macmil-
lan Co. (1966).

[10] G.H. Hardy and E.M. Wright, An Introduction to the Theory of Numbers,
5th ed. Oxford University Press, Oxford, 1979.

[11] K.F. Ireland and M. Rosen, A Classical Introduction to Modern Number

Theory, Springer-Verlag (New York), 1982.

[12] A. Ya. Khinchin, Continued fractions. With a preface by B. V. Gnedenko.

Translated from the third (1961) Russian edition. Reprint of the 1964
translation. Dover Publications, Inc., Mineola, NY, 1997.

[13] M.I. Knopp, Modular Functions in Analytic Number Theory, Markham,

Chicago 1970.

[14] E. Landau, Elementary Number Theory, Chelsea (New York), 1958.

[15] W.J. Leveque, Elementary Theory of Numbers, Dover, New York, 1990.
BIBLIOGRAPHY 203

[16] W.J. Leveque, Fundamentals of Number Theory, Dover, New York, 1996.

[17] T. Nagell, Introduction to Number Theory, Chelsea (New York), 1981.

[18] I. Niven, H.L. Montgomery and H.S. Zuckerman, An Introduction to the

Theory of Numbers, 5th edition, John Wiley and Sons 1991.

[19] A. J. Van der Poorten, Continued fraction expansions of values of the

exponential function and related fun with continued fractions, Nieuw Arch.
Wisk. (4) 14 (1996), no. 2, 221–230.

[20] H. Rademacher, Lectures on Elementary Number Theory. Krieger, 1977.

[21] Kenneth H. Rosen, Elementary Number Theory and its Applications. Fifth
Edition. Pearson, Addison Wesley, USA, 2005.
204 BIBLIOGRAPHY