1. number theory - department of mathematics and...
Post on 08-Jun-2020
1 Views
Preview:
TRANSCRIPT
1. Number TheoryMath 407: Modern Algebra I
Robert Campbell
UMBC
April 5, 2013
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 1 / 106
Divisibility
Def: a divides b (denoted a|b) if there exists an integer x such thatb = ax . If a divides b we say that a is a divisor of b.
Thm: (Properties of Divisibility)
1 a|b =⇒ a|bc
2 a|b and b|c =⇒ a|c3 a|b and a|c =⇒ ∀x , y(a|(bx + cy))
4 a|b and b|a =⇒ a = ±c
5 a|b, a > 0, b > 0 =⇒ a ≤ b
6 m 6= 0 =⇒ (a|b ⇐⇒ ma|mb)
7 a|b1, . . . , a|bn and ui ⊂ Z =⇒ a|(u1b1 + · · ·+ unbn)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 4 / 106
Division Algorithm
Thm: If a and b are integer with b > 0, then there exist unique integers qand r such that a = qb + r and 0 ≤ r < b.
proof:
Existence: Consider . . . , a− 2b, a− b, a, a + b, a + 2b, . . .Of these, only consider the positive elements.There is a smallest element, some a− qb (define r = a− qb ≥ 0)r < b as otherwise r − b ≥ 0 would be a smaller element of the set
Uniqueness: Assume a = qb + r = q′b + r ′
so b(q − q′) = r ′ − rif q 6= q′ then |q′ − q| ≥ 1, so |r ′ − r | ≥ bbut |r ′ − r | < |b − 0| = b #So q = q′ and r = r ′
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 5 / 106
Greatest Common Divisor
Def: The Greatest Common Divisor of two integers a and b, denotedgcd(a, b) is the largest positive integer g such that g |a and g |b.
Thm: Two integers a and b have a gcd.
proof: The set of common divisors of a and b is non-empty(1 is in the set)The set is bounded above by both |a| and |b|.Apply the well ordering principle for bounded subsets of Z.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 6 / 106
Greatest Common Divisor - Generalized
A more general definition - does not require an order relation and(potentially) applies in any ring.
Def: The Greatest Common Divisor of two elements a and b, denotedgcd(a, b) is an element g such that:
g |a and g |bif c |a and c|b then c |g
Thm: Any ring with a division algorithm has gcds.
Def: An integral domain with a division algorithm is a EuclideanDomain.
Def: An integral domain is a commutative ring without zero divisors.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 7 / 106
Euclidean Algorithm
Algorithm: Starting from r0 = |a|, r1 = |b|, if we define rk as theremainder when rk−2 is divided by rk−1, then the last non-zero value ri isequal to gcd(a, b). (aka Antenaresis, [Euclid, VII.1]).
Lemma: a = qb + r =⇒ gcd(a, b) = gcd(r , b)proof: Let g = gcd(a, b)(g |a) and (g |b) =⇒ a = ng and b = mg for some n and mSo if a = qb + r then r = a− qb, so r = ng − qmg = g(n − qm)So (g |r) and hence (g | gcd(r , b)), i.e. (gcd(a, b)| gcd(r , b))Similarly, we can show that (gcd(r , b)| gcd(a, b))Thus gcd(a, b) = ± gcd(r , b)As both are positive, we have gcd(a, b) = gcd(r , b)
Lemma: gcd(a, 0) = a
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 8 / 106
Euclidean Algorithm
Algor: Starting from r0 = |a|, r1 = |b|, if we define rk as the remainderwhen rk−2 is divided by rk−1, then the last non-zero value ri is equal togcd(a, b). (aka Antenaresis, Euclid’s Elements, Book VII, Proposition 1).
Example: a = 1431, b = 141
r0 = 1431r1 = 1411431/141 = 10 with remainder r2 = 21141/21 = 6 with remainder r3 = 1521/15 = 1 with remainder r4 = 615/6 = 2 with remainder r5 = 36/3 = 2 with remainder r6 = 0So gcd(1431, 141) = 3
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 9 / 106
Euclidean Algorithm: Matrix Formulation
(1431141
)(
1 −100 1
)(1431141
)=
(21
141
)(
1 0−6 1
)(21
141
)=
(2115
)(
1 −10 1
)(2115
)=
(6
15
)(
1 0−2 1
)(6
15
)=
(63
)(
1 −20 1
)(63
)=
(03
)
So gcd(1431, 141) = 3
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 10 / 106
Euclidean Algorithm: C Programs
i n t gcd ( i n t a , i n t b )i n t tmp ;whi le ( b > 0)
tmp = b ;b = a % b ;a = tmp ;
return a ;
Recursive
i n t gcd ( i n t a , i n t b )i f ( a == 0) return b ; ;return gcd ( b % a , a ) ;
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 11 / 106
Euclidean Algorithm: Python Programs
def gcd ( a , b ) :whi le b != 0 :
a , b = b , a % breturn a
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 12 / 106
Bezout’s Identity
Thm: There exist integers x and y such that gcd(a, b) = ax + by
proof: Consider the set ax + by |x , y ∈ ZChoose x0, y0 so that ax0 + by0 is the least positive elementCall this element l = ax0 + by0
We now prove that l |a and l |bAssume the converse - wlog that l does not divide aSo ∃q, r , 0 < r < l such that
r = a− lq
= a− q(ax0 + by0)
= a(1− qx0) + b(−y0)
So r is a positive element of the set which is smaller than l (contradiction)Thus l |aSimilarly, we conclude that l |bSo l | gcd(a, b)But gcd(a, b)|(ax0 + by0) = l , so l = gcd(a, b) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 13 / 106
Extended Euclidean Algorithm
1431 141 (1, 0) (0, 1)21 = 1431 + (−10)141 141 (1,−10) = (1, 0) + (−1)(0, 1) (0, 1)21 15 = 141 + (−6)21 (1,−10) (−6, 61) = (0, 1) + (−6)(1,−10)6 = 21 + (−1)15 15 (7,−71) = (1,−10) + (−1)(−6, 61) (−6, 61)6 3 = 15 + (−2)6 (7,−71) (−20, 203) = (−6, 61) + (−2)(7,−71)0 = 6 + (−2)3 3 (47,−477) = (7,−71) + (−2)(−20, 203) (−20, 203)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 14 / 106
Extended Euclidean Algorithm: Matrix Formulation
(1 −100 1
)(1431 1 0141 0 1
)=
(21 1 −10
141 0 1
)(
1 0−6 1
)(21 1 −10
141 0 1
)=
(21 1 −1015 −6 61
)(
1 −10 1
)(21 1 −1015 −6 61
)=
(6 7 −71
15 −6 61
)(
1 0−2 1
)(6 7 −71
15 −6 61
)=
(6 7 −713 −20 203
)(
1 −20 1
)(6 7 −713 −20 203
)=
(0 47 −4773 −20 203
)So gcd(1431, 141) = 3 = (−20)(1431) + (203)(141)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 15 / 106
Extended Euclidean Algorithm: Python Programs
Iterative
def xgcd ( a , b ) :a1 =1; b1 =0; a2 =0; b2=1whi le ( b != 0 ) :
quot = −(a // b )a = a % ba1 = a1 + quot ∗a2 ; b1 = b1 + quot ∗b2i f ( a == 0 ) :
return [ b , a2 , b2 ]quot = −(b // a )b = b % a ;a2 = a2 + quot ∗a1 ; b2 = b2 + quot ∗b1
return [ a , a1 , b1 ]
Recursive
def xgcd ( a , b , a1 =1,b1=0, a2 =0,b2 =1):i f ( b == 0 ) : return [ a , a1 , b1 ]quot = a // breturn xgcd ( b , a%b , a1 , b1 , a2 + quot ∗a1 , b2 + quot ∗b1 )
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 16 / 106
Linear Diophantine Equations I
Def: A Diophantine equation is a polynomial equation whose coefficientsand solutions are integers.
Examples:
6x + 15y = 9
x2 + 5y = 3
3x3 + 5y2 + y = 3
Def: A linear Diophantine equation is a linear polynomial equation whosecoefficients and solutions are integers.
Examples:
6x + 15y = 9
12x + 21y + 7z = 3
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 17 / 106
Linear Diophantine Equations II
6x + 15y = 5
Note that three divides both 6 and 15.Thus, for any integer values of x and y , three must divide 6x + 15yBut three does not divide 5.
Prop: ax + by = c has no solutions if gcd(a, b) - c
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 18 / 106
Linear Diophantine Equations III
6x + 15y = 9
Has the same solutions as 2x + 5y = 3
Prop: x , y satisfies ax + by = c iff it satisfies gax + gby = gc (whereg 6= 0)
proof: ax + by = c ⇐⇒ ax + by − c = 0⇐⇒ g(ax + by − c) = 0⇐⇒ (ga)x + (gb)y − (gc) = 0 ⇐⇒ (ga)x + (gb)y = (gc)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 19 / 106
Linear Diophantine Equations IV
2x + 5y = 3
Note that gcd(2, 5) = 1, which divides 3Find coefficients a, b such that 2a + 5b = 1:a, b = −2, 1 as 2(−2) + 5(1) = 1Multiply by 3 to get: 2(−6) + 5(3) = 3So x , y = −6, 3 is a solutionWe may freely add multiples of 2(5) + 5(−2) = 0 to the solution.So x , y = −6, 3+ n5,−2 is the set of all solutions.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 20 / 106
Linear Diophantine Equations V
Algorithm: Find all integer solutions for ax + by = c
1 Replace ax + by = c with a′x + b′y = c ′, where g := gcd(a, b, c),a′ = a/g , b′ = b/g and c ′ = c/g
2 Let g := gcd(a′, b′). Does g divide c ′?
No: The equation has no solutions.Yes: The equation has solutions
1 Use the Extended Euclidean Algorithm to compute values x , y suchthat a′x + b′y = g .
2 Compute x0, y0 := x(c ′/g), y(c ′/g). This is a solution of the equation.3 All solutions of the equation have the form x0 + n(b′/g), y0 − n(a′/g),
where n ∈ Z.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 21 / 106
Division, GCD & Other Rings
Question: What other rings have division algorithms and Euclidean (like)algorithms?
ZQ[x ]: Yes
Z[x ]: No
Q[x , y ]: No
Z[√−1] (Gaussian Integers): Yes
Z[√−5]: No
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 22 / 106
Primes: Definitions
God may not play dice with the universe, but something strangeis going on with the prime numbers.
P. Erdos (attributed by Carl Pomerance)
Def: A prime integer is a number whose only factorizations are intoitself and 1.
Def: A composite is a number n which has divisors other than ±nand ±1.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 24 / 106
More Definitions
Def: A unit is a number n which which divides 1.
Def: n and m are associates if n = um, where u is a unit.
Integers: ZPrimes are 2, 3, 5, ... (and -2, -3, -5, ...)
Units are ±1
The numbers 2 and -2 are associates, as are 3 and -3, etc
Gaussian Integers: Z[√−1]
Units are ±1 and ±√−1
The numbers 2,−2, 2i ,−2i are associates
Primes are 3, 7, (1± i), (1± 2i), (2± i), ... (and their associates)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 25 / 106
How Many Primes?
Thm: There are an infinite number of primes. [Euclid, IX.20]
proof: Assume not (proof by contradiction)Thus the set of positive primes is finite: pi |i = 1, . . . ,NAdd one to the product of primes: P = (
∏i≤N pi ) + 1
This number is strictly greater than any of the primesNone of the primes divides it(pj prime =⇒ pj |
∏i≤N pi , so if pj |(
∏i≤N pi ) + 1, then pj |1)
As no prime divides P it must itself be prime... contradicting our construction of PThus there cannot be a finite number of primes.♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 26 / 106
Finding Primes
How do you find primes?
Strategy: Sieve for them.
Given a large block of candidate primes
Efficiently exclude the composites
Strategy: Test for them.
Given a likely candidate integer n, run a test which:
Shows that it is prime (primality test)Shows that it is composite (compositeness aka pseudoprimality test)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 27 / 106
Sieve of Eratosthenes
Eratosthenes of Cyrene (276-194 BC)
Algorithm: Sieve of Eratosthenes
1 Write down the numbers from 2 to N
2 Start at 23 Until you reach N
1 Let p be the first number not crossed out:
p is primeCross out all multiples of p
4 Repeat
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 28 / 106
Primes and Divisibility
Euclid’s Lemma: If p is prime and p divides ab, then either p divides a orp divides b [Euclid VII.30]
proof: Assume p does not divide a and show that p must divide b.If p does not divide a then gcd(p, a) = 1.So ∃x , y such that ax + py = 1 (Bezout’s Identity)Thus b = axb + pybBut p|ab, so p|axb, and obviously p|pyb.Thus p|(axb + pyb) =⇒ p|b.♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 29 / 106
Prime Factorization
Thm: Any integer n > 1 is either prime or factors into a product of primes
proof: (Inductive Proof) True for all 1 < k ≤ 2, i.e. 2, as it is prime.Make the inductive assumption that it is true for all k less than somebound n and prove that it is true for n.
Case n prime: The conclusion is trivially true
Case n not prime:So ∃m > 1 so that m|nLet n = ml , so l < n and m < nSo both m and l are either primes or products of primes. (Ind Hyp)Let m =
∏qj and l =
∏pi
Thus n = ml = (∏
qj)(∏
pi ), a product of primes.♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 30 / 106
Unique Factorization
Thm: (Fundamental Theorem of Arithmetic) Any natural number n > 1factors into a product of primes which is unique up to reordering.
proof: Only need to prove the uniqueness of factorization.2 factors uniquely as 2 = 21
Assume uniqueness of factorization of integers < n.If n is prime we are done, so assume that n is composite.Suppose n has two factorizations: n =
∏pi =
∏qj
Need to prove that pi and qj are equal up to reordering.As p1|n we have p1|
∏qj .
∃k such that p1|qk (and hence p1 = qk) (Euclid’s Lemma)So n/p1 = n/qk .But n/p1 < n so it has a unique factorization. (inductive hypothesis)Thus n/p1 = n/qk has the unique factorization
∏i 6=1 pi
Thus pi : i 6= 1 and qj : j 6= k are equal up to reordering.Thus pi = p1 ∪ pi : i 6= 1 and qj = qk ∪ qj : j 6= k are equalup to reordering. ♠Robert Campbell (UMBC) 1. Number Theory April 5, 2013 31 / 106
Distribution of Primes I
Thm: (Prime Number Theorem) If the number of primes less than x isdenoted π(x), then asymptotically π(x) −→ x
log(x)
5000 10 000 15 000 20 000 25 000 30 000
500
1000
1500
2000
2500
3000
5. ´ 108 1. ´ 109 1.5 ´ 109 2. ´ 109 2.5 ´ 109 3. ´ 109
-3500
-3000
-2500
-2000
-1500
-1000
-500
Conjecture: π(x) ∼ x(log(x)−B)
(Legendre, 1796)
Conjecture: π(x) ∼ li(x) :=∫ x0
dtlog(t)
(Gauss, 1800?)
Proved by Hadamard and de laVallee-Poussin (1896)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 32 / 106
Distribution of Primes II
Lemma: If x is a product of primes of the form pi = 4ki + 1, then x has the formx = 4k + 1
proof: Let a and b (not necessarily prime) have the form 4k + 1So a = 4ka + 1 and b = 4kb + 1ab = (4ka + 1)(4kb + 1) = 16kakb + 4ka + 4kb + 1 = 4(4kakb + ka + kb) + 1So ab has the form ab = 4k + 1 where k = 4kakb + ka + kb ♠
Thm: There are an infinite number of primes of the form 4k + 3
proof: Assume that the set of primes of the form 4k + 3 is finite - p1, p2, ..., pkLet m := 4p1p2...pk − 1, which has form 4q + 3As m is odd, every prime p dividing m is odd, so p = 4k + 1 or p = 4k + 3Not every divisor of m has form p = 4k + 1, as then m would have form m = 4n + 1So at least one divisor of m has the form p = 4k + 3, so p = pi for some iSo p|(4p1...pk −m) = 1, a contradictionSo there are an infinite number of primes of form p = 4k + 3 ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 33 / 106
Distribution of Primes III
Thm: (Dirichlet’s Thm) If gcd(a, b) = 1 then there are an infinite numberof primes of the form p = ax + b
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 34 / 106
Mersenne Primes
Def: A Mersenne number is an integer of the form Mn = 2n − 1. If Mn isprime it is called a Mersenne prime.
M2 = 22 − 1 = 3, M3 = 23 − 1 = 7, M4 = 24 − 1 = 15 = (3)(5),M5 = 25 − 1 = 31, M6 = 26 − 1 = 63 = (32)(7), M7 = 27 − 1 = 127
n composite =⇒ Mn composite.
Lucas-Lehmer test for primality
Current record prime: 2232,582,657 − 1 (Sept 4, 2006)
Conjectures & Open Questions:
Are there an infinite number of Mersenne primes?Are there any odd perfect numbers?If p is prime is Mp square free?
Applications:
Even Perfect NumbersFinite Fields
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 35 / 106
Fermat Primes
Def: A Fermat number is an integer of the form Fn = 22n+ 1. If Fn is
prime it is called a Fermat prime.
F1 = 221+ 1 = 22 + 1 = 5, F2 = 222
+ 1 = 24 + 1 = 17,F3 = 223
+ 1 = 28 + 1 = 257, F4 = 224+ 1 = 216 + 1 = 65537,
F5 = 225+ 1 = 232 + 1 = 4294967297 = (641)(6700417)
Conjectures & Open Questions:
Are all Fn composite for n > 4?Are there an infinite number of Fermat primes?
Applications:
Compass & Straightedge Constructions
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 36 / 106
Primes in the Gaussian Integers
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 37 / 106
Primes in Z[√−5]
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 38 / 106
Congruence
Recall a somewhat clumsy phrasing: “pi is of form 4ki + 1”
Def: (Gauss) a is congruent to b mod N (denoted a ≡ b(mod N)) iffthere is a k such that a− b = kN.
pi ≡ 1(mod 4)
123 ≡ 57(mod 11)
12345 ≡ 8(mod − 13)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 40 / 106
Modular Arithmetic I
Thm: If a1 ≡ a2(mod N) and b1 ≡ b2(mod N) then
1 a1 + b1 = a2 + b2(mod N)
2 a1b1 = a2b2(mod N)
proof: a1 = a2 + kaN and b1 = b2 + kbN
1 a1 + b1 = (a2 + kaN) + (b2 + kbN)= (a2 + b2) + (ka + kb)NSo a1 + b1 ≡ a2 + b2(mod N)
2 a1b1 ≡ (a2 + kaN)(b2 + kbN)= (a2b2) + (a2kb + b2ka)N + (kakb)N2
= (a2b2) + (a2kb + b2ka + kakbN)NSo a1b1 ≡ a2b2(mod N)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 41 / 106
Modular Arithmetic II
Thm: a ≡ b(mod N) and N = nm =⇒ a ≡ b(mod m)
proof: a ≡ b(mod N)⇐⇒ ∃k s.t. a = b + kN⇐⇒ a = b + (kn)m =⇒ a ≡ b(mod m)
Prop: a ≡ b(mod r) and a ≡ b(mod s) =⇒ a ≡ b(mod lcm(r , s))
Prop: ra ≡ rb(mod N) =⇒ a ≡ b(mod Ngcd(r ,N))
Prop: ra ≡ rb(mod rN) =⇒ a ≡ b(mod N)
Prop: ra ≡ rb(mod N) and gcd(r ,N) = 1 =⇒ a ≡ b(mod N)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 42 / 106
Modular Arithmetic III
Solve ax + by = c
Equivalently ax ≡ c(mod b)If gcd(a, b) 6= 1 then gcd |c or there is no solutionFind a−1(mod b)As gcd(a, b) = 1 there are (z ,w) such that za + wb = 1, soz ≡ a−1(mod b)So (a−1a)x ≡ (a−1c)(mod b) and x ≡ a−1c(mod b)
Example: Solve 6x ≡ 24(mod 56)gcd(6, 56) = 2, so for there to be a solution 2 must divide 24So this is equivalent to 3x ≡ 12(mod 28)Bezout: (−9)(3) + (1)(28) = 1So (−9)(3) ≡ 1(mod 28) and 3−1 ≡ −9 ≡ 28− 9 = 19(mod 28)So x ≡ (3−1)12 ≡ (19)(12) ≡ 4(mod 28)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 43 / 106
Diophantine Equations & Modular Arithmetic
Thm: If p(a) = 0 for p(x) ∈ Z[x ] and a ∈ Z, then for any N ∈ Z we havep(a) = 0, where a = [a] ∈ ZN and p(x) = [p(x)] ∈ ZN [x ] (commonlydenoted p(a) = 0(mod N))
Question: Can we reverse this? Given solutions mod various Ni , can weconstruct a solution in Z?
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 44 / 106
Chinese Remainder Theorem
Thm: If x ≡ a1(mod n1) and x ≡ a2(mod n2) and gcd(n1, n2) = 1, thenthere is a unique solution x(mod n1n2)
proof: (Construction) As gcd(n1, n2) = 1 there are r1, r2 such thatr1n1 + r2n2 = 1 (Bezout)So r1n1 ≡ 1(mod n2) and r2n2 ≡ 1(mod n1)Claim that x ≡ a1(r2n2) + a2(r1n1)(mod n1n2) are solutions.
x ≡ a1(r2n2) + a2(r1n1)(mod n1)
≡ a1(r2n2) + 0(mod n1)
≡ a1(1) ≡ a1(mod n1)
Similarly, x ≡ a2(mod n2) as desired.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 45 / 106
Chinese Remainder Theorem II
Example: x ≡ 20(mod 33) and x ≡ 17(mod 24)(Note: x ≡ 2(mod 3) in both equations)x ≡ 9(mod 11)Bezout: (11)(11) + (−5)(24) = 1So x ≡ (17)(11)(11) + (9)(−5)(24) ≡ 185(mod (11)(24))
Corr: Given x ≡ ai (mod ni ), if for every pair (i , j) we haveai ≡ aj(mod gcd(ni , nj)), then there exists a solutionx ≡ a(mod lcm(n1, . . . , nk)).
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 46 / 106
Efficient Exponentiation
Consider the efficiency of several ways of computing 232(mod 41):
First compute 232, then reduce mod 41 to compute 232(mod 41):22 = 4, 23 = 2(22) = 2(4) = 8, 24 = 2(23) = 2(8) = 16,25 = 2(24) = 2(16) = 32, ......, 231 = 2(230) = 2(1073741824) = 2147483648,232 = 2(231) = 2(2147483648) = 4294967296232 = 4294967296 ≡ 37(mod 71)Cost: 31 Multiplies and 1 Division (most very large)
Compute 232 but reduce mod 41 after each multiplication:22 ≡ 4(mod 41), 23 ≡ 2(22) ≡ 8(mod 41), 24 ≡ 2(23) ≡ 16(mod 41),... 232 ≡ 2(231 ≡ 2(39) ≡ 37(mod 41)Cost: 31 Multiplies and 31 Divides (each of numbers less than 71)
Compute by successive squarings, reducing mod 41 after each step:22 ≡ 4(mod 41), 24 ≡ (22)2 ≡ 42 ≡ 16(mod 41),28 ≡ (24)2 ≡ 162 ≡ 10(mod 41), 216 ≡ (28)2 ≡ 102 ≡ 18(mod 41)and 232 ≡ (216)2 ≡ 182 ≡ 37(mod 41)Cost: 5 Squarings and 5 Divides (each of numbers less than 71)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 47 / 106
Efficient Exponentiation II
Example: Compute 343(mod 71)Note: 43 = 1010112 (base-2 representation of the exponent)Thus 343 = 31010112 = (325
)(323)(321
)(320)
Compute 320= 31 = 3, 321
= (31)2 = (3)2 = 9322
= (32)2 = (9)2 ≡ 10(mod 71), 323= (34)2 = (10)2 ≡ 29(mod 71),
324= (38)2 = (29)2 ≡ 60(mod 71), 325
= (316)2 = (60)2 ≡ 50(mod 71)Thus 343 ≡ (3)(9)(29)(50) = 39150 ≡ 29(mod 71)
Algorithm: Compute ae(mod N)compute the binary digits of e, (e0, e1, e2, . . .)Start with prod = 1 and power = aFor each binary digit of e, starting with e0:
1 If ei is 1 then multiply prod by power (i.e.prod←− (power)(prod)(mod N))
2 Square power mod N (i.e. power←− (power)2(mod N))
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 48 / 106
Cryptography: Diffie-Hellman
Start: Alice and Bob have no shared secretFinish: Alice and Bob share a secret
Anyone observing their communications cannot recover this secret.
Assumptions:
Given g , e, p, computing g e(mod p) is easyGiven g e(mod p), g , p, computing e is hard (Discrete Logarithm Problem)
Algorithm: [Diffie & Hellman, 1976] [Williamson, 1974]
1 Choose a prime p and an element g - share publicly2 Alice generates a secret random number rA
Compute RA ≡ g rA(mod p) and send RA (publicly) to Bob3 Bob generates a secret random number rB
Compute RB ≡ g rB (mod p) and send RA (publicly) to Alice4 Compute the shared secret:
Alice computes R rAB ≡ g rB rA(mod p)
Bob computes R rBA ≡ g rArB (mod p)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 49 / 106
Fermat’s Little Theorem
Fermat’s Little Theorem: If p is prime and gcd(a, p) = 1, thenap−1 ≡ 1(mod p)
Examples:
370 ≡ 1(mod 71)
2470 ≡ 1(mod 71)
14270 ≡ 0(mod 71)
374 ≡ 69(mod 75)
574 ≡ 25(mod 75)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 50 / 106
Fermat’s Little Theorem II
Lemma: If p is prime and 0 < k < p, then p divides(pk
).
proof:(pk
)= p!
(k!)(p−k)!
Obviously, p|(p!), but as 0 < k < p, p does not occur in the products k!or (p − k)!As p is prime, it does not divide (k!)(p − k)!Thus p divides p!
(k!)(p−k)! =(pk
)♠
Lemma: If p is prime, then (n + m)p ≡ np + mp(mod p) (Freshman’sDream)
proof: (n + m)p ≡∑
k
(pk
)nkmp−k(mod p) (Binomial Expansion)
≡(p0
)n0mp + 0 + . . .+ 0 +
(pp
)npm0(mod p)
= mp + np ♠Robert Campbell (UMBC) 1. Number Theory April 5, 2013 51 / 106
Fermat’s Little Theorem III
Fermat’s Little Theorem: If p is prime and a is not a multiple of p, thenap−1 ≡ 1(mod p)
proof: (of FLT) (Inductive)Prove that ap ≡ a(mod p) - Obviously true for a = 1Assume true for a and prove for a + 1 < p(a + 1)p ≡ ap + 1p ≡ (a + 1)(mod p)If (a + 1) 6≡ 0 then (a + 1)p−1 ≡ 1(mod p) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 52 / 106
Fermat Pseudoprime Test
Def: A pseudoprime is a number which some test has not shown to be composite.
Fermat Compositeness Test: Given N, test if it is composite
Choose some a, not a multiple of NCompute aN−1(mod N)If aN−1 6≡ 1(mod N) then N is composite
Examples:
Is 1237 prime?21236 ≡ 1(mod 1237)31236 ≡ 1(mod 1237)51236 ≡ 1(mod 1237)Is 1241 prime?21240 ≡ 1004(mod 1241)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 53 / 106
Fermat Pseudoprime Test II
Def: A Fermat pseudoprime base a is a number which the Fermat testbase a has not shown to be composite. (i.e. an−1 ≡ 1(mod n))
More Examples:
Is 1387 prime?21386 ≡ 1(mod 1387)31386 ≡ 875(mod 1387)
Is 1729 prime?21728 ≡ 1(mod 1729)31728 ≡ 1(mod 1729)51728 ≡ 1(mod 1729)71728 ≡ 1(mod 1729)but 1729 = (7)(13)(19)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 54 / 106
Carmichael Numbers
Def: A Carmichael number is a composite number N such that for all acoprime to N, aN−1 ≡ 1(mod N).
Thm: (Korselt, 1899) A positive composite N is a Carmichael number iffit is squarefree and for all prime divisors p, (p − 1)|(N − 1).
Smallest Carmichael Numbers:
561 = (3)(11)(17)1105 = (5)(13)(17)1729 = (7)(13)(19)2465 = (5)(17)(29)
There are an infinite number of Carmichael numbers. [Alford,Granville & Pomerance, 1994]
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 55 / 106
Factoring: Pollard p − 1
Algorithm: [Pollard, 1974] To factor N = pq1 Compute a′ = ap−1(mod N)
Note: a′ ≡ 1(mod p), so a′ = kp, so (Fermat’s Little Theorem)
2 Compute gcd(a′,N) = gcd(kp, pq) = p
def factpm1(n):count = 1g = 1a = 2 # Most start values should workwhile (g == 1):
a = pow(a, count, n)g = gcd(a-1,n)print count, a, gcount = count + 1
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 56 / 106
Pollard p − 1: Examples
Factor 1398983
1 2 12 4 1 22 = 4
3 64 1 43 = 2(2)(3) = 64
4 1388403 1 644 = 2(2)(3)(4) ≡ 1388403(mod 1398983)
5 451387 1 13884035 = 2(2)(3)(4)(5) ≡ 451387(mod 1398983)
6 1060746 1 4513874 = 2(2)(3)(4)(5)(6) ≡ 1060746(mod 1398983)
7 766221 421 10607464 = 2(2)(3)(4)(5)(6)(7) ≡ 766221(mod 1398983)
Note:
421− 1 = (22)(3)(5)(7), a divisor of 7!
Factor 1430489
1 2 12 4 13 64 14 1041837 15 1153074 1...42 1186328 143 312476 431
Note: 431− 1 = (2)(5)(43), a divisor of 43!
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 57 / 106
Factoring: Pollard %
Algorithm: [Pollard, 1975] To factor N = pq1 Find two values congruent mod p: f − s ≡ 0(mod p)
Note that the random map n −→ n2 + 1 forms a cycle mod pRun f along the cycle twice as fast as s and wait for collisionIf f − s ≡ 0(mod p), then f − s = kp
2 Compute gcd(f − s,N) = gcd(kp, pq) = p
def factrho(n):count = 1g = 1fast = slow = 2 # Most start values workwhile (g == 1):
slow = (slow*slow + 1) % nfast = (fast*fast + 1) % nfast = (fast*fast + 1) % ng = gcd(fast-slow,n)print count, n, fast, slow, gcount = count + 1
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 58 / 106
Equivalence Relations
Def: An equivalence relation, ∼ on a set S is a subset E of S × S with theproperties:
Reflexitivity: ∀a ∈ S (a, a) ∈ ESymmetry: (a, b) ∈ E iff (b, a) ∈ ETransitivity: If (a, b) ∈ E and (b, c) ∈ E , then (a, c) ∈ E
Denote (a, b) ∈ E by a ∼ b
Def: Given set S with equivalence relation ∼, the equivalence class of a, denoted[a], is the subset of elements equivalent to a, [a] = b|b ∼ a.
Note: If a ∼ b then [a] = [b], and if a b, then [a] and [b] are disjoint.
Def: The set of equivalence classes of S under ∼ is denoted S/ ∼.
So the sets in S/ ∼ form a disjoint partition of the set S .
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 60 / 106
Modular Arithmetic & Equivalence
Thm: Congruence mod N is an equivalence relation
proof:
1 Reflexitivity: a ≡ a(mod N) as a = a + 0N
2 Symmetry: a ≡ b(mod N)⇐⇒ a = b + kN⇐⇒ b = a + (−k)N⇐⇒ b ≡ a(mod N)
3 Transitivity: a ≡ b(mod N) and b ≡ c(mod N) =⇒ a = b + k1N andb = c + k2N =⇒ a = c + (k1 + k2)N =⇒ a ≡ c(mod N)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 61 / 106
ZN I
Recall that if a1 ≡ a2(mod N) and b1 ≡ b2(mod N), thena1 + b1 ≡ a2 + b2(mod N) and (a1)(b1) ≡ (a2)(b2)(mod N)
Def: The equivalence class of a modulo N is the set. . . , a− 2N, a− N, a, a + N, a + 2N, a + 3N, . . .. Denote this set [a]N .
Note that [a]N = [a + kN]N . Commonly the smallest positive element ofan equivalence class is preferred, eg. [3]11 for [58]11.Define addition and multiplication of equivalence classes by:
[a]N + [b]Ndef= [a + b]N
([a]N)([b]N)def= [(a)(b)]N
Thm: Addition and multiplication are well defined and independent of therepresentative chosen.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 62 / 106
ZN II
Def: ZN is the set of equivalence classes of integers mod N.Def: Z∗N is the set of equivalence classes [a]N , where gcd(a,N) = 1.
Examples:
Z3 = [0]3, [1]3, [2]3Z9 = [0]9, [1]9, [2]9, [3]9, [4]9, [5]9, [6]9, [7]9, [8]9Z∗9 = [1]9, [2]9, [4]9, [5]9, [7]9, [8]9Z11 = [0]11, [1]11, [2]11, [3]11, [4]11, [5]11, [6]11, [7]11, [8]11, [9]11, [10]11Z∗11 = [1]11, [2]11, [3]11, [4]11, [5]11, [6]11, [7]11, [8]11, [9]11, [10]11
Prop: [a]N has an inverse iff gcd(a,N) = 1, and this inverse is also in Z∗N .
ZN is a ring.Zp is a field if p is prime.Z∗N is a group (the group of units mod N).
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 63 / 106
Euler’s φ Function I
Def: Euler’s totient function, denoted φ(N), is the number of integers less than Nwhich are coprime to N.
Thus φ(N) = #Z∗N , the size of the group of units mod N.Examples:
φ(3) = #1, 2 = 2φ(4) = #1, 3 = 2φ(5) = #1, 2, 3, 4 = 4φ(12) = #1, 5, 7, 11 = 4φ(13) = #1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 = 12φ(27) = #1, 2, 4, 5, 7, 8, 10, 11, 13, 14, 16, 17, 19, 20, 22, 23, 25, 26 = 18φ(42) = #1, 5, 11, 13, 17, 19, 23, 25, 29, 31, 37, 41 = 12
Prop: If p is prime, then φ(p) = p − 1.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 64 / 106
Euler’s φ Function II
Thm: p prime =⇒ φ(pe) = pe−1(p − 1)
proof: There are pe residues, of which every pth is a non-unitSo φ(pe) = pe p−1
p = pe−1(p − 1). ♠
Thm: If gcd(n,m) = 1 then φ(nm) = φ(n)φ(m)
proof: Write the residues as an array:
1 2 . . . m − 1 mm + 1 . . . 2m
......
n(m − 1) + 1 . . . nmOf the m columns, φ(m) of them have residues coprime to m, but all other columnsconsist of elements not coprime to m.Each other column is of the form k , k + m, k + 2m, . . . , k + (n − 1)mThis is a set of residues mod nSo φ(n) of the elements in this column is coprime to n.Thus there are φ(m) columns, each containing φ(n) elements coprime to nm. ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 65 / 106
Euler’s φ Function III
Algorithm: To compute φ(N):
1 Factor N = pe11 pe2
2 . . . penn
2 φ(N) = φ(pe11 pe2
2 . . . penn ) = φ(pe1
1 )φ(pe22 ) . . . φ(pen
n ) =(p1 − 1)pe1−1
1 (p2 − 1)pe2−12 . . . (pn − 1)pen−1
n
Examples:
φ(33) = φ(3)φ(11) = (3− 1)(11− 1) = 20
φ(41) = (41− 1) = 40
φ(44) = φ(22)φ(11) = (2− 1)(22−1)(11− 1) = 20
φ(100) = φ(22)φ(52) = (2− 1)2(2−1)(5− 1)5(2−1) = 40
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 66 / 106
Euler’s Theorem
Thm: (Euler, ca 1760) If gcd(a,N) = 1 then aφ(N) ≡ 1(mod N).
proof: If gcd(a,N) = 1 then (xa ≡ ya) =⇒ (x ≡ y)Also, gcd(a,N) = 1 and gcd(x ,N) = 1 implies that gcd(xa,N) = 1So the map [x ] −→ [xa] permutes the elements of Z∗NThus ax : x ∈ Z∗N is just a permutation of the elements of Z∗NSo∏
x x ≡∏
x xa ≡ aφ(N)∏
x xSo aφ(N) ≡ 1(mod N) as desired. ♠
Examples:
φ(21) = (3− 1)(7− 1) = 12 and 212 ≡ 1(mod 21)
also 26 ≡ 1(mod 21)but 312 ≡ 15(mod 21)
φ(99) = φ((32)(11)) = (3− 1)(32−1)(11− 1) = 60 and260 ≡ 1(mod 99)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 67 / 106
Cryptography: RSA
Goal: Anyone can encrypt a message but only Alice can decrypt it.
Assumptions:
Given N = pq, factoring N to recover p and q is hard.
Algorithm: [Rivest, Shamir & Adleman, 1977] [Cocks, 1973]1 Alice:
Generates (secret) primes p and q, and computes (public) N = pqComputes (secret) φ(N) = (p − 1)(q − 1)Chooses (public) e and computes (secret) d ≡ e−1(mod φ(N))Publishes N, e
2 Bob writes a (secret) message M:
Computes the encryption E (M) ≡ Me(mod N)
3 Alice decrypts the message: (E (M))d ≡ (Me)d ≡ Mee−1(mod φ(N))(mod N)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 68 / 106
Euler’s φ Function III
Conjectures:
For any n 6= 2 there is some m such that φ(n) = φ(m) (CarmichaelTotient Conjecture)
For no composite n does φ(n) divide (n − 1). (Such a number wouldbe a Carmichael number.) (Lehmer)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 69 / 106
Multiplicative order of g ∈ Z∗N
Def: If g ∈ Z∗N (i.e. gcd(g ,N) = 1), then the order of g mod N, denoted o(g), is thesmallest integer k > 0 such that gk ≡ 1(mod N).
Examples:
For 2 ∈ Z∗7, 22 = 4, 23 = 8 ≡ 1, so o(2) = 3For 3 ∈ Z∗7, 32 = 9 ≡ 2, 33 = 3(32) = 6, 34 = 3(33) = 18 ≡ 4, 35 = 3(34) = 12 ≡ 5,36 = 3(35) = 15 ≡ 1, so o(3) = 6For 5 ∈ Z∗18, 52 = 25 ≡ 7, 53 = 5(52) ≡ 17 ≡ −1, 54 = 5(53) = −5 ≡ 13,55 = 5(54) = −25 ≡ 11, 56 = 5(55) ≡ 1, so o(5) = 6
Thm: If g ∈ Z∗N , then o(g)|φ(N)
proof: gφ(N) = 1 (Euler’s Theorem)Thus o(g) < φ(N)If o(g) - φ(N) then for some 0 < r < o(g) we have φ(N) = ko(g) + rSo 1 = gφ(N) = gko(g)+r = (go(g))k(g r ) = (1)k(g r ) = g r
So for some 0 < r < o(g) we have g r = 1, which contradicts the minimality of o(g)Thus o(g)|φ(N) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 71 / 106
Carmichael’s Lambda
Def: λ(N) is the smallest positive k such that for all a withgcd(a,N) = 1, we have aλ(N) ≡ 1(mod N)
Thm: λ(N)|φ(N)
Examples:
φ(2) = 1, λ(2) = 1 as o(1) = 1
φ(3) = 2, λ(3) = 2 as o(1) = 1, o(2) = 2
φ(4) = 2, λ(4) = 2 as o(1) = 1, o(3) = 2
φ(5) = 4, λ(5) = 4 as o(1) = 1, o(2) = 4, o(3) = 4, o(4) = 2
φ(15) = 8, λ(15) = 4 as o(1) = 1, o(2) = 4, o(4) = 2, o(7) = 4,o(8) = 4, o(11) = 2, o(13) = 4, o(14) = 2
φ(45) = 24, λ(45) = 12 (o(2) = 12)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 72 / 106
Carmichael’s Theorem
Carmichael’s Theorem: If gcd(a,N) = 1 then aλ(N) ≡ 1(mod N) Ifλ(N) is defined recursively as:
λ(2) = 1, λ(4) = 2 and λ(2e) = 2e−2 for e > 2
λ(pe) = φ(pe) = (p − 1)pe−1 for odd prime p
λ(nm) = lcm(λ(n), λ(m)) if gcd(n,m) = 1
Thm: λ(N)|φ(N)
proof: λ(N) ≤ φ(N) (minimality of λ(N) and Euler’s Thm)If λ(N) - φ(N) then the division algorithm gives a remainder 0 < r < λ(N)such that r = φ(N)− kλ(N)but then ar ≡ aφ(N)/aλ(N) ≡ 1(mod N), contradicting the minimality ofλ(N)Thus λ(N)|φ(N) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 73 / 106
Primitive Elements
Question: When is Z∗N the powers of some element,Z∗N = 1 = g0, g1, g2, . . . , gk?
Def: g is primitive mod N if o(g) = φ(N)
Examples:
λ(5) = φ(5) = 4 and 2, 3 are primitive mod 5λ(7) = φ(7) = 6 and 3, 4 are primitive mod 7λ(13) = φ(13) = 12 and 2, 25 ≡ 6, 27 ≡ 11, 211 ≡ 7 are primitiveλ(15) = 4, but φ(15) = 8, so there are no primitive elements mod 15.λ(17) = φ(17) = 16 and 3, 33 ≡ 10, 35 ≡ 5, 37 ≡ 11, 39 ≡ 14, 311 ≡ 7,313 ≡ 12, 315 ≡ 6 are primitive mod 17
Def: If there is a primitive element g mod N then:
Z∗N is said to be cyclicZ∗N is generated by g , written Z∗N = 〈g〉
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 74 / 106
Primitive Elements Thm: 2e
Thm:
1 λ(2) = 1
2 λ(22) = 2
3 λ(2e) = 2e−2 for e > 2
proof:
1 λ(2) = 1: left to the reader
2 λ(22) = 2: left to the reader
3 λ(2e) = 2e−2 for e > 2:Show for all odd a, a2e−2 ≡ 1(mod 2e) by inductione = 3 (i.e. 2e = 8) by computation (base case)Assume true for e, so a2e−2
= 1 + k2e
Square this to geta2e−1
= (1 + k2e)2 = 1 + k2e+1 + k222e ≡ 1(mod 2e+1)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 75 / 106
Primitive Elements Thm: p
Thm: p prime and d |(p − 1) =⇒ #a|o(a) mod p = d = φ(d)
Corr: Z∗p is cyclic and there are primitive elements mod p.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 76 / 106
Primitive Elements Thm: p (cont)
proof: Let Ωd := a|o(a) mod p = d and ωd := #Ωd
Note:∑
d |(p−1) ωd = p − 1∑d |(p−1) φ(d) = p − 1 [Lemma]
So∑
d |(p−1)(φ(d)− ωd) = 0(If we can show that ωd ≤ φ(d), then ωd = φ(d))Obvious if Ωd = ∅, so assume there is some a ∈ Ωd
Then a1, a2, . . . , ad = 1 are all distinct(ai )d = 1, so all are distinct roots of f (x) = xd − 1xd − 1 has at most d roots in Zp
So these are a complete set of roots.But Ωd = ai | gcd(d , i) = 1So ωd = |Ωd | = #i | gcd(d , i) = 1 = φ(d) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 77 / 106
Primitive Elements Thm: p (cont)
Lemma: n ≥ 1 =⇒∑
d |n φ(d) = n
proof: For d |n let Sd := a|0 ≤ a ≤ n and gcd(a, n) = nd
The sets Sd |(d |n) partition 1, . . . , n, so∑
d |n Sd = na ∈ Sd ⇐⇒ 1 ≤ a ≤ n and gcd(a, n) = n
d
Let a′def= ad
n , which is the integer agcd(a,n)
a ∈ Sd ⇐⇒ a = a′nd , 1 ≤ a ≤ n and gcd(a, n) = n
dSo, |Sd | = #a′|1 ≤ a′ ≤ n, gcd(a′, d) = 1 = φ(d) ♠
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 78 / 106
Finding Primitive Elements
Prop: If g is primitive and o(g) = n, then if gcd(e, n) = 1, then g e is alsoprimitive.Prop: If p is prime, there are φ(φ(p)) primitive elements mod p.
λ(13) = φ(13) = 12 and 2, 25 ≡ 6, 27 ≡ 11, 211 ≡ 7 are primitive
Strategy: To find a primitive element mod p:
1 Factor λ(p) = p − 1 = (qe11 )(qe2
2 )...(qenn )
2 Select some a ∈ Z∗p3 If a(p−1)/qi 6≡ 1(mod p) for i = 1, . . . , n, then a is primitive
4 Return to step 2
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 79 / 106
Lucas-Kraitchik-Lehmer n − 1 Primality Test
Prop: If N is composite, then λ(N) ≤ φ(N) < N − 1
Algorithm: [Lucas, 1879] To prove that p is prime.
Find an element a which is primitive mod p. Show that a is primitive:
Factor p-1 as (q1^e1)(q2^e2)...(qn^en)a <- 2for a=2 to (p-1)
for i from 1 to nif ( a^(phi(p)/qi) = 1)
next aprint ‘‘p is prime as a is primitive mod p’’
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 80 / 106
Primitive Elements Thm: pe
Thm: Z∗pe is cyclic and there are primitive elements mod pe .
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 81 / 106
The Structure of Z∗N
Thm: If gcd(n,m) = 1 then λ(nm) = lcm(λ(n), λ(m))
proof: For a coprime to nm we have aλ(n) ≡ 1(mod n) andaλ(m) ≡ 1(mod m)As λ(n)|lcm and λ(m)|lcm we have alcm ≡ 1(mod n) andalcm ≡ 1(mod m)Thus alcm ≡ 1(mod mn) and λ(nm)|lcmChoose a and b so on(a) = λ(n) and om(b) = λ(m)Then there is some c such that c ≡ a(mod n) and c ≡ b(mod m) (CRT)Thus onm(c) = lcm(on(a), om(b)) = lcm(λ(n), λ(m))So λ(nm) = lcm(λ(n), λ(m)) ♠
Thm: Z∗N is cyclic iff N is one of 2, 4, p (prime), pe , 2p or 2pe
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 82 / 106
Computing λ(N)
Algorithm: To compute λ(N):
1 Factor N = 2epe11 pe2
2 . . . penn
2 λ(N) = λ(2epe11 pe2
2 . . . penn ) = lcm(λ(2e), λ(pe1
1 ), λ(pe22 ), . . . , λ(pen
n )) =lcm(λ(2e), (p1 − 1)pe1−1
1 , (p2 − 1)pe2−12 , . . . , (pn − 1)pen−1
n )
Examples:
λ(33) = lcm(2, 10) = 10 but φ(33) = (3− 1)(11− 1) = 20
λ(41) = (41− 1) = 40 = φ(41)
λ(44) = lcm(2, (11− 1)) = 10
λ(60) = lcm(2, (3− 1), (5− 1)) = 4, but φ(60) = 4
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 83 / 106
Sum of Squares
Question: For what numbers N is there a decomposition into a sum ofsquares, N = x2
1 + x22 + . . .+ x2
n ?
Conj: (Girard, 1632) A prime p has a decomposition into a sum of twosquares, p = x2
1 + x22 iff p = 2 or p ≡ 1(mod 4).
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 85 / 106
Four Squares & Waring’s Problem
Thm: An integer N can be written as a sum of four squaresN = x2
1 + x22 + x2
3 + x24 (proven Fermat, 1650)(proven Lagrange, 1770)
Problem: (Waring, 1770) How many terms are needed to express any positive integeras a sum of nth powers?
Conjecture (Waring): g(2) = 4, g(3) = 9, g(4) = 19g(2) = 4 (Fermat, 1650) (Lagrange, 1770)g(3) = 9 (Wieferich, 1909)g(4) = 19 (Balasubramanian et al, 1986)g(5) = 37 (Chen, 1964)
Problem: (Waring, 1770) For any integer n is there an integer g(n) such that anypositive integer can be expressed as a sum of nth powers?
Yes (Hilbert, 1909)
Problem: How many terms are needed to express all but a finite number of positiveinteger as a sum of nth powers? Call this G (n).
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 86 / 106
Sum of Two Squares
Thm: An odd prime p can be written as a sum of two squares p = x2 + y2
iff p ≡ 1(mod 4)(proven Fermat, 1650)(proven Lagrange, 1770)
proof:
=⇒: If p = x2 + y2, then p ≡ 1(mod 4)Any square is congruent to either 0 or 1 mod 4.Thus x2 + y2 ≡ 0, 1, 2(mod 4)But this is only odd if it is congruent to 1 mod 4
=⇒: If p ≡ 1(mod 4), then p = x2 + y2
Descent: If p|x2 + y2 where gcd(x , y) = 1, then thereare a, b such that p = a2 + b2
Reciprocity: If p ≡ 1(mod 4), then there are x , y such thatp|x2 + y2 and gcd(x , y) = 1
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 87 / 106
Algebraic Number Fields
Def: An (Algebraic) Number Field, Q(α) is the set of polynomials ofdegree less than some degree n, an−1α
n−1 + anαn + . . .+ a1α+ a0, where
there is an irreducible degree n monic minimal polynomial, p(x), such thatp(α) = αn + mn−1α
n−1 + . . .+ m1α + m0 = 0.
Def: A quadratic number field, Q(√
d), is an algebraic number field ofdegree two.
Claim: All quadratic number fields have form Q(√
d)pf: The quadratic formula allows us to rewrite the root of any quadraticpolynomial as (−b +
√b2 − 4ac)/2a
Note that Q(√
d) = Q(a√
d) = Q(b +√
d)Let d be the square-free part of b2 − 4ac
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 88 / 106
Quadratic Number Fields: Arithmetic
Claim: The quadratic number field Q(√
d) is a field
proof:
Add: (a1α + a0) + (b1α + b0) = (a1 + b1)α + (a0 + b0)Mult: (a1
√d + a0)(b1
√d + b0) = (a1b0 + a0b1)
√d + (a0b0 + a1b1d)
Divide: (Rationalizing Denominators) (a1
√d+a0)
(b1
√d+b0)
= (a1
√d+a0)
(b1
√d+b0)
(b1
√d−b0)
(b1
√d−b0)
= ((a0b1 −
a1b0)√
d + (a1b1d − a0b0))/(b21d − b2
0) = (a0b1−a1b0)(b2
1d−b20)
√d + (a1b1d−a0b0)
(b21d−b2
0)
Example: Q(√−5)
Mult: (23
√−5 + 2)(3
√−5 + 1
2) = (13 + 6)
√−5 + (1 + 2(−5)) = 19
3
√−5− 9
Divide: (Rationalizing Denominators)(a1√−5+a0)
(b1√−5+b0)
= (a1√−5+a0)
(b1√−5+b0)
(b1√−5−b0)
(b1√−5−b0)
= ((a0b1 − a1b0)√−5 + (a1b1 − 5−
a0b0))/(b21 − 5− b2
0) = (a0b1−a1b0)(b2
1−5−b20)
√−5 + (a1b1−5−a0b0)
(b21−5−b2
0)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 89 / 106
The Usual Suspects
Q(√−1) (Gaussian) - Simplest complex quadratic number field
Q(√−3) (Eisenstein) - Complex quadratic number field with slightly
more interesting structure
Q(√−5) - Complex quadratic number field without unique
factorization
Q(√
3) - Real quadratic number field
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 90 / 106
Conjugate, Norm & Trace
Def: The conjugate of a + b√
d is a− b√
d . (The conjugate of α isdenoted α)
Def: The norm of α, denoted N(α), isαα = (a + b
√d)(a− b
√d) = a2 − b2d
Def: The trace of α, denoted tr(α), isα + α = (a + b
√d) + (a− b
√d) = 2a
Note:¯α + β = α + β and αβ = αβ
N(αβ) = N(α)N(β)
tr(α + β) = tr(α) + tr(β)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 91 / 106
Algebraic Integers
Def: The algebraic integers in Q(α) is the set of all elements in Q(α) whichare roots of some monic polynomial in Z[x ].
Prop: This is a ring (closed under +, ∗)
Examples:√
2 + 2 has minimal polynomial min√2+2(x) = x2 − 4x + 2 (is an
algebraic integer in Q(√
2))3+√−3
2 has minimal polynomial min 3+√−3
2
(x) = x2 − 3x + 3 (is an
algebraic integer in Q(√−3))
1+√−1
2 has minimal polynomial min 1+√−1
2
(x) = 2x2 − 2x + 1 (is not an
algebraic integer in Q(√−1))
α = n + m√
d has minimal polynomial minα(x) = x2 − tr(α)x + N(α) (isan algebraic integer in Q(
√d) iff both trace and norm are integers)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 92 / 106
Quadratic Integers: Examples
Q(√−1) (Gaussian Integers):
ZQ(√−1) = Z[
√−1] = n + m
√−1|n,m ∈ Z
Q(√−3) (Eisenstein Integers): ZQ(
√−3) = Z[1+
√−3
2 ] =
n + m 1+√−3
2 |n,m ∈ Z = r+s√−3
2 |r , s ∈ Z, r + s evenQ(√−5) : ZQ(
√−5) = Z[
√−5] = n + m
√−5|n,m ∈ Z
Q(√
3) : ZQ(√
3) = Z[√
3] = n + m√
3|n,m ∈ Z
Prop: ZQ(√
d) = Z[ω] = n + mω|n,m ∈ Z, where ω = 1+√
d2 if
d ≡ 1(mod 4) and ω =√
d otherwise
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 93 / 106
Units in Quadratic Integers
Def: A unit is:
1 A divisor of 1
2 An invertible element
3 An element α where N(α) = ±1
Def: a and ua are associates for u a unit.
5 and -5 are associates in Z (as UZ = ±1)2 +√−1 and 1− 2
√−1 are associates in Z[
√−1] (as
UZ[√−1] = ±1,±
√−1)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 94 / 106
Group of Units: The Usual Suspects
Q(√−1) (Gaussian Integers):
UZ[√−1] = ±1,±
√−1 = 〈
√−1〉 ∼= C4
Q(√−3) (Eisenstein Integers):
UZ[ 1+√−3
2]
= ±1,±1±√−3
2 = 〈1+√−3
2 〉 ∼= C6
Q(√−5) : UZ[
√−5] = ±1 = 〈−1〉 ∼= C2
Q(√
3) : UZ[√
3] = ±1... but there’s more
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 95 / 106
Group of Units: Real Quadratic Field
UZ[√
3]:
Def: A unit is an element α where N(α) = ±1
Solve N(x + y√
3) = x2 − 3y2 = ±1 for integer x , yA solution is η = 2 + 3
√3
As norm is multiplicative, any positive (or negative) power of thisfundamental unit is a unit.
Q(√
3) : UZ[√
3] = ±(2 + 3√
3)n = 〈−1, (2 + 3√
3)〉 = C2 ⊕ C∞
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 96 / 106
Pell, Dirichlet & Fundamental Units
Def: Pell’s Equation is any equation of form x2 − dy2
Solve by method of continued fractions
Thm: (Dirichlet’s Unit Thm) If a minimal polynomial of a number fieldQ(α) has r real roots and c pairs of complex roots, then the rank (numberof factors of C∞) of the group of units UQ(α) is r + c − 1.
So the group of units for a complex quadratic field (e.g. Q(√−3)) has
rank zero and the group of units for a real quadratic field (e.g. Q(√
3))has rank one.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 97 / 106
Primes
Def: a ∈ ZQ(√
d) is prime (irreducible) iff the only divisors are units andthe associates of a.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 98 / 106
Splitting
Def: A rational prime p ∈ Zsplits in ZQ(
√d) if p = p1p2 (p1 6= p2 ∈ ZQ(
√d))
Example: 2 = (1 +√−1)(1−
√−1) in Z[
√−1]
is inert in ZQ(√
d) if p is prime
Example: 3 is inert in Z[√−1]
ramifies in ZQ(√
d) if p = q2
Example: 3 = (√
3)2 in Z[√
3]
Thm: If Z[ω] has unique factorization then all primes arise from rationalprimes either splitting, ramifying or remaining inert.
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 99 / 106
Splitting Examples
Z[√−1] (Gaussian Integers):
2 splits −→ (1 +√−1)(1−
√−1)
3 is inert5 splits−→ (2 +
√−1)(2−
√−1) = (1 + 2
√−1)(1− 2
√−1)
(associates)7 is inertp splits iff p ≡ 1(mod 4) (Sum of Two Squares Thm)
Z[1+√−3
2 ] (Eisenstein Integers):
2 is inert3 ramifies −→ −(
√−3)2
5 is inert7 splits −→ (5+
√−3
2 )(5−√−3
2 )
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 100 / 106
Splitting Examples (cont)
Z[√−5] :
2 is inert3 is inert5 ramifies −→ −(
√−5)2
7 is inert29 splits (first prime to do so)−→ (3 + 2
√−5)(3− 2
√−5)
Z[√
3] :
2 splits −→ −(1 +√
3)(1−√
3)3 ramifies −→ (
√3)2
5 is inert7 is inert13 splits −→ (4 +
√3)(4−
√3)
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 101 / 106
Unique Factorization
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 102 / 106
Unique Factorization & The Usual Suspects
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 103 / 106
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 104 / 106
Number Theory: Topics
Elementary Number Theory
Algebraic Number Theory
Analytic Number Theory
Computational Number Theory
Robert Campbell (UMBC) 1. Number Theory April 5, 2013 106 / 106
top related