\( \newcommand{\stn}[1]{X} \newcommand{\sto}[1]{X} \newcommand{\st}[1]{X} \newcommand{\cirn}[1]{\boxed{[#1]}} \newcommand{\cir}[1]{\boxed{[#1]}} \newcommand{\cirl}[1]{\boxed{[#1]}} \newcommand{\Z}{\mathbb{Z}} \newcommand{\N}{\mathbb{N}} \newcommand{\R}{\mathbb{R}} \newcommand{\set}[2]{\left\{{#1}:{#2}\right\}} \newcommand{\abs}{\operatorname{abs}} \)

Elementary Number Theory

Properties of the Integers

For this class, we are going to take the following as axiomatic truth. In other words, this is our basic starting point for facts about the integers.

Identity
For all \( a \in \Z \) both \( a + 0 = a \) and \( a \cdot 1 = a \).
Negatives
For all \( a \in \Z \) there exists \( b \in \Z \) so that \( a + b = 0 \).
Closure
For all \( a, b \in \Z \) both \( a + b \in \Z \) and \( ab \in \Z \).
Commutativity
For all \( a, b \in \Z \) both \( a + b = b + a \) and \( ab = ba \).
Associativity
For all \( a, b, c \in \Z \) both \( a + (b + c) = (a + b) + c \) and \( a(bc) = (ab)c \).
Zero Product
For all \( a, b \in \Z \) if \( ab = 0 \), then either \( a = 0 \) or \( b = 0 \).
Distribution
For all \( a, b, c \in \Z \) we have \( a(b + c) = ab + ac \).

We collectively refer to these as "basic properties of integer arithmetic", though we often refer to them individually by name.

All of these properties hold for rational numbers and real numbers as well!

Only most of them hold for natural numbers. The biggest failure is negatives: there is no natural number \( n \) for which \( n + 1 = 0 \).

Ordering Properties

We also have the following axioms about the usual ordering on the integers.

Successors
For all \( a, b \in \Z \), if \( a \leq b \leq a + 1 \), then either \( b = a \) or \( b = a + 1 \).
Additive Comparison
For all \( a, b, c, d \in \Z \) if \( a < c \) and \( b \leq d \), then \( a + b < c + d \).
Multiplicative Comparison
For all \( a, b, c, d \in \Z \) if \( a < c \) and \( 0 < b \leq d \), then \( ab < cd \).
Inequality Antisymmetry
For all \( a, b \in \Z \) if \( a \leq b \) and \( b \leq a \), then \( a = b \).
Total Ordering
For all \( a, b \in \Z \), exactly one of \( a < b \) or \( a = b \) or \( b < a \) holds.

We collectively refer to these as "order properties of the integers", though we also might refer to them individually as well.

Finally, the following axiom, called the "well ordering principle", is crucial to our work and mathematics-at-large. We will study this axiom in much greater detail as the semester progresses.

Every nonempty subset of natural numbers has a minimum element.

In other words, if \( \emptyset \neq S \subseteq \N \), then \( S \) has a minimum element. That is, if \( \emptyset \neq S \subseteq \N \), then there is an \( m \in S \) such that for all \( s \in S \) we have \( m \leq s \). This property is key to establishing many results, and a whole new proof technique (a.k.a. mathematical induction)!

Divisibility

This section studies the notion of divisibility.

A definition and a warning

Let \( m, n \in \Z \). We say \( m \) divides \( n \) (written \( m \mid n \)) when \( n = mk \) for some \( k \in \Z \).

We have \( 2 \mid 16 \) because \( 16 = 2 \cdot 8 \). On the other hand, we claim \( 2 \nmid 15 \). We know that \( 2 \cdot 7 = 14 < 15 < 16 = 2 \cdot 8 \); if there were an integer \( k \in \Z \) for which \( 2k = 15 \), then we would have \( 7 < k < 8 = 7 + 1 \) by the order properties of integers. But this is impossible by the successors property!

The latter proof is a bit awkward; such a simple fact took two whole sentences to prove! In the coming sections we shall see the Quotient-Remainder Theorem, which provides a much better way of quickly showing \( 2 \nmid 15 \), \( 6 \nmid 15 \), \( 7 \nmid 15 \), etc.).

Some people hear "divisibility" and think "oh, you mean division". Those people are wrong, led to their demise by the similar sounding names… Here's one way to know that these are not the same thing:

  • The definition does not reference division.
  • The symbol is not the division symbol.
  • THIS IS NOT TELLING US HOW TO DO DIVISION.
  • It has nothing explicitly to do with division.

The set \( \Z \) of integers does not have a division operation. This is because it is not possible to divide some nonzero integers to obtain an integer (e.g., \( 1/2 \) is not an integer. You will lose points if you use division of integers to prove something about divisibility.

Properties of Divisibility

We can prove a number of elementary properties of divisibility quite easily. First we prove a simple lemma.

Let \( d, n \in \Z_{>0} \). If \( d \mid n \), then \( d \leq n \).

Exercise.

Let \( a, b, c \in \Z \) be arbitrary.

  1. We have \( a \mid a \), \( 1 \mid a \), and \( a \mid 0 \).
  2. If \( a \mid b \) and \( b \mid a \), then either \( b = a \) or \( b = -a \).
  3. If \( a \mid b \) and \( b \mid c \), then \( a \mid c \).
  4. If \( a \mid b \) and \( a \mid c \), then for all \( s, t \in \Z \) we have \( a \mid (bs + ct) \).

I strongly suggest you try to prove these before reading the proof below. These results are rather simple (using the lemma), and a good test of your proof skills.

Let \( a, b, c \in \Z \) be arbitrary.

Part 1: Note that \( a = a \cdot 1 \), \( a = 1 \cdot a \), and \( 0 = 0 \cdot a \) yield \( a \mid a \), \( 1 \mid a \), and \( a \mid 0 \) respectively.

Part 2: Assume \( a \mid b \) and \( b \mid a \). Thus there exist integers \( u, v \in \Z \) such that \( b = au \) and \( a = bv \) by definition of divisibility. Now either \( a = 0 \) or \( a \neq 0 \). If \( a = 0 \), then \( b = 0 \cdot u = 0 = a \). Otherwise by substitution we have

\begin{equation*} a = bv = (au)v = a(uv), \end{equation*}

which yields \( 1 = uv \) by the cancellation property of integers. Thus \( 1 = uv = \abs(uv) = \abs(u)\abs(v) \) yields \( \abs(u) = 1 \) by basic properties of the absolute value; hence \( u = 1 \) or \( u = -1 \), and so \( b = a \) or \( b = -a \).

Part 3: Assume \( a \mid b \) and \( b \mid c \). There are \( u, v \in \Z \) with \( b = au \) and \( c = bv \). Now \( c = bv = (au)v = a(uv) \) by substitution. Let \( k = uv \) and note \( k \in \Z \) by closure. Hence \( c = ak \) and \( a \mid c \) by definition of divisibility.

Part 4: Assume \( a \mid b \) and \( a \mid c \), and let \( s, t \in \Z \) be arbitrary. Now \( b = au \) and \( c = av \) for some \( u, v \in \Z \) by definition of divisibility. Thus we compute \( bs + ct = (au)s + (av)t = a(us) + a(vt) = a(us + vt) \) via basic arithmetic. Let \( k = us + vt \) and note \( k \in \Z \) by closure properties of \( \Z \). Hence \( bs + ct = ak \) and \( a \mid (bs + ct) \) by definition.

We conclude that the original statement is true.

Quotient-Remainder Theorem

The following theorem is of major importance in number theory (and mathematics as a whole).

Let \( n, d \in \Z \) with \( d \neq 0 \). There exist unique \( q, r \in \Z \) such that

\begin{align*} n = dq + r && \text{and} && 0 \leq r < d. \end{align*}

We say \( q \) is the quotient under division by \( d \), and \( r \) is the remainder under division by \( d \).

We will prove the special case of the above theorem when \( n, d \in \N \); the general case is a homework exercise.

Let \( n, d \in \N \) with \( d \neq 0 \). We must prove both existence and uniqueness.

Existence: We start by considering the set

\begin{equation*} S = \set{m \in \N} {\text{there is a }q \in \Z\text{ with }n = dq + m} \subseteq \N. \end{equation*}

We have \( n \in S \neq \emptyset \) because \( n = d \cdot 0 + n \) and \( n \in \N \). Thus \( S \) has a minimal element \( r = \min(S) \) by the Well Ordering Principle; moreover, there is a \( q \in \Z \) with \( n = dq + r \) by definition of \( S \). Now we must show \( 0 \leq r < d \); we have \( 0 \leq r \) by \( r \in S \subseteq \N \). Assume to the contrary that \( r \geq d \). Subtracting \( d \) from both sides of this inequality yields \( 0 \leq r - d \), so \( r - d \in \N \). Moreover we compute \[ n = dq + r = dq + r + (d - d) = (dq + d) + (r - d) = d(q + 1) + (r - d), \] and \( q + 1 \in \Z \) by closure properties of \( \Z \). Relabelling \( q' = q + 1 \) and \( r' = r - d \), we see \( n = dq' + r' \); this yields \( r' \in S \) under our assumptions. Now \( r' < r \) yields \( r \neq \min(S) \), which is a contradiction; thus our assumption \( r \geq d \) cannot be true! Hence \( r < d \) as desired. Thus we have shown that the existence claim holds.

Uniqueness: Assume there are pairs \( q_1, r_1 \in \Z \) and \( q_2, r_2 \in \Z \) such that

\begin{align*} n = dq_1 + r_1 && \text{and} && 0 \leq r_1 < d && \text{and} && n = dq_2 + r_2 && \text{and} && 0 \leq r_2 < d. \end{align*}

Up to relabeling, we may assume \( r_1 \leq r_2 \). The equality \( dq_1 + r_1 = n = dq_2 + r_2 \); yields \( r_2 - r_1 = dq_1 - dq_2 = d(q_1 - q_2) \). By the closure property of the integers we see \( q_1 - q_2 \in \Z \), which yields \( d \mid (r_2 - r_1) \) by definition of divisibility. On the other hand \( 0 \leq r_2 - r_1 \leq r_2 < d \) by \( r_1 \leq r_2 \); hence \( r_2 - r_1 = 0 \) by Lemma 1. Now we see \( d(q_1 - q_2) = r_2 - r_1 = 0 \), so either \( d = 0 \) or \( q_1 - q_2 = 0 \) by the Zero Product Property of \( \Z \). However, we assumed that \( d \neq 0 \), so we must have \( q_1 - q_2 = 0 \). In particular \( q_1 = q_2 \) and \( r_1 = r_2 \). Hence the uniqueness claim holds.

Modular Arithmetic

Now let's use the Quotient-Remainder Theorem to make a new system of arithmetic!

Let \( m \in \Z_{>0} \) be given. We can define congruence modulo \( m \) in the following way; for \( a, b \in \Z \), we write \( a \equiv b \pmod{m} \) when \( a \) and \( b \) have equal remainders under division by \( m \).

For all \( a, b \in \Z \) we have \( a \equiv b \pmod{m} \) if and only if \( m \mid (a - b) \).

Exercise!

Let \( m \in \Z \) with \( m \neq 0 \) be arbitrary. Show that congruence modulo \( m \) is an equivalence relation.

For all \( a \in \Z \), let \( [a] = \set{b \in \Z}{a \equiv b \pmod{m}} \) denote the equivalence class of \( a \) modulo \( m \). We can define addition modulo \( m \) on the set \( \Z_m = \set{[n]}{n \in \Z} \) by \( [a] + [b] = [a + b] \), and multiplication modulo \( m \) by \( [a] \cdot [b] = [ab] \).

But is this well defined? In particular, we want to think of these operations as functions \( \Z_m \times \Z_m \to \Z_m \); thus we need to see that given \( a, b, c, d \in \Z \) we have \( [a] = [c] \) and \( [b] = [d] \) implies \( [a] + [b] = [c] + [d] \). We will do that now.

Let \( m \in \Z_{>0} \) and \( a, b, c, d \in \Z \). If \( a \equiv c \pmod{m} \) and \( b \equiv d \pmod{m} \), then \( a + b \equiv c + d \pmod{m} \) and \( ab \equiv cd \pmod{m} \).

Let \( m \in \Z_{>0} \) and \( a, b, c, d \in \Z \) be arbitrary, and suppose \( a \equiv c \pmod{m} \) and \( b \equiv d \pmod{m} \). By Proposition 1, we have \( m \mid (a - c) \) and \( m \mid (b - d) \). Thus there are integers \( s, t \in \Z \) such that \( a - c = ms \) and \( b - d = mt \).

To see that the relevant sums are congruent, we compute \[ (a + b) - (c + d) = (a - c) + (b - d) = ms + mt = m(s + t) . \] Note \( s + t \in \Z \) by closure properties of \( \Z \), so \( m \mid ((a + b) - (c + d)) \); hence \( a + b \equiv c + d \pmod{m} \) by Proposition 1.

To see that the relevant products are congruent, we rewrite \( a = ms + c \) and \( b = mt + d \). Now we compute \[ ab = (ms + c)(mt + d) = msmt + msd + cmt + cd = m(mst + sd + ct) + cd . \] Thus subtractiong \( cd \) from both sides we obtain \( ab - cd = m(mst + sd + ct) \); but \( mst + sd + ct \in \Z \) by closure properties of \( \Z \). Hence \( m \mid (ab - cd) \), yielding \( ab \equiv cd \pmod{m} \) by Proposition 1.

The proposition above yields immediately that our modular arithmetic above makes sense! What can we do with this? More to come on that, but for the time being let's try to get a feel for this new arithmetic. We will do so with a Cayley table, a sort of grid listing all of the possible operations.

In the examples below, I've omitted the square brackets that should surround each number—the tables look really messy if you include them. Also, because I value my time, I had my computer generate the tables rather than writing them out by hand.

Here are Cayley tables for arithmetic modulo \( 2 \):

\begin{align*} \begin{array}{c|cc} + & 0 & 1 \\ \hline 0 & 0 & 1 \\ 1 & 1 & 0 \end{array} && \begin{array}{c|cc} \cdot & 0 & 1 \\ \hline 0 & 0 & 0 \\ 1 & 0 & 1 \end{array} \end{align*}

Here are Cayley tables for arithmetic modulo \( 3 \):

\begin{align*} \begin{array}{c|ccc} + & 0 & 1 & 2 \\ \hline 0 & 0 & 1 & 2 \\ 1 & 1 & 2 & 0 \\ 2 & 2 & 0 & 1 \end{array} && \begin{array}{c|ccc} \cdot & 0 & 1 & 2 \\ \hline 0 & 0 & 0 & 0 \\ 1 & 0 & 1 & 2 \\ 2 & 0 & 2 & 1 \end{array} \end{align*}

Just to have one, somewhat larger example, here are Cayley tables for arithmetic modulo \( 9 \):

\begin{align*} \begin{array}{c|ccccccccc} + & 0 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\ \hline 0 & 0 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\ 1 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 & 0 \\ 2 & 2 & 3 & 4 & 5 & 6 & 7 & 8 & 0 & 1 \\ 3 & 3 & 4 & 5 & 6 & 7 & 8 & 0 & 1 & 2 \\ 4 & 4 & 5 & 6 & 7 & 8 & 0 & 1 & 2 & 3 \\ 5 & 5 & 6 & 7 & 8 & 0 & 1 & 2 & 3 & 4 \\ 6 & 6 & 7 & 8 & 0 & 1 & 2 & 3 & 4 & 5 \\ 7 & 7 & 8 & 0 & 1 & 2 & 3 & 4 & 5 & 6 \\ 8 & 8 & 0 & 1 & 2 & 3 & 4 & 5 & 6 & 7 \end{array} && \begin{array}{c|ccccccccc} \cdot & 0 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\ \hline 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 \\ 1 & 0 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\ 2 & 0 & 2 & 4 & 6 & 8 & 1 & 3 & 5 & 7 \\ 3 & 0 & 3 & 6 & 0 & 3 & 6 & 0 & 3 & 6 \\ 4 & 0 & 4 & 8 & 3 & 7 & 2 & 6 & 1 & 5 \\ 5 & 0 & 5 & 1 & 6 & 2 & 7 & 3 & 8 & 4 \\ 6 & 0 & 6 & 3 & 0 & 6 & 3 & 0 & 6 & 3 \\ 7 & 0 & 7 & 5 & 3 & 1 & 8 & 6 & 4 & 2 \\ 8 & 0 & 8 & 7 & 6 & 5 & 4 & 3 & 2 & 1 \end{array} \end{align*}

Build Cayley tables for arithmetic modulo \( 4 \), \( 5 \), \( 6 \), \( 7 \), and \( 8 \) (or don't: this exercise is only likely to teach you patience… though it is a good opportunity to test you understand how to compute in the modular arithmetic system…).

Greatest Common Divisors

Let \( a, b \in \Z \) with either \( a \neq 0 \) or \( b \neq 0 \). The greatest common divisor of \( a \) and \( b \) is \[ \gcd(a, b) = \max\set{d \in \Z}{d \mid a\text{ and }d \mid b}. \]

Let's notice some elementary properties of \( \gcd(a, b) \).

Let \( a, b, c \in \Z \) with either \( a \neq 0 \) or \( b \neq 0 \). We have the following.

  1. We have \( \gcd(a, b) > 0 \).
  2. If \( c \mid a \) and \( c \mid b \), then \( c \mid \gcd(a, b) \).

Exercise.

The following is another important result in number theory.

For all \( a, b \in \Z_{>0} \) there exist \( s, t \in \Z \) such that \( \gcd(a, b) = as + bt \).

Let \( a, b \in \Z_{>0} \) be arbitrary, let \( d= \gcd(a, b) \), and define \[ S = \set{k \in \Z_{>0}} {\text{there are }s, t \in \Z\text{ with }k = as + bt}. \] Notice that \( a = a \cdot 1 \) shows \( S \neq \emptyset \), and thus \( S \) has a minimum element \( D \) by the Well Ordering Principle. There are \( s, t \in \Z \) such that \( D = as + bt \) because \( D \in S \). We must show \( D = d \); we do so by showing \( d \mid D \), \( D \mid d \), and \( d, D>0 \).

1We will first show \( d \mid D \). Now \( d \mid a \) and \( d \mid b \), so \( d \mid (as + bt) \) by Proposition 1. Hence \( d \mid D \) as desired.

We next show \( D \mid d \). By definition of \( S \) we have \( D>0 \), so we may apply the Quotient - Remainder Theorem to obtain \( a = Dq + r \) for some \( q, r \in \Z \) with \( 0 \leq r < D \). Now substituting \( D = as + bt \) in this equation we obtain \( a = (as + bt)q + r = asq + btq + r \); solving for \( r \) we obtain \( r = a(1 - sq) + b(-tq) \). Letting \( x = 1 - sq \) and \( y = - tq \) we see that \( r = ax + by \); but \( x, y \in \Z \) by closure properties of \( \Z \). Thus either \( r = 0 \) or \( r \in S \); noting that \( r\notin S \) because \( r < D = \min(S) \), we see \( r = 0 \). Hence \( a = Dq + 0 = Dq \) yields \( D \mid a \); a very similar argument shows that \( D \mid b \) (Exercise!). Hence by basic properties of the greatest common divisor we have \( D \mid d \).

Notice that \( d>0 \) by properties of the greatest common divisor, and \( D \in S \subseteq\Z_{>0} \) yields \( D>0 \). Finally, by basic properties of divisibility we have \( D = \pm d \), which yields (together with \( d, D > 0 \)) that \( d = D \).

Euclid's Algorithm

Bezout's Identity is a really cool result; unfortunately, it doesn't give us a method to compute the greatest common divisor of two numbers. On the other hand, it does suggest an approach; if we can find the smallest \( d \in \N \) which can be expressed as a linear combination of \( a \) and \( b \), then we have computed \( \gcd(a, b) \). Euclid's (Extended) Algorithm provides one way to do so. Before stating Euclid's Algorithm, we need a few more easy Lemmas.

Let \( a, b \in \Z \).

  1. We have \( \gcd(a, b) = \gcd(b, a) \).
  2. If \( b = aq + r \) with \( q, r \in \Z \), then \( \gcd(a, b) = \gcd(a, r) \).

Exercise!

We can now state Euclid's Algorithm!

Let \( a \) and \( b \) be integers with \( a \neq 0 \).

  1. Let \( n_1 = b \) and \( d_1 = a \).
  2. Write \( n_1 = d_1 q_1 + r_1 \) where \( q_1, r_1 \in \Z \) have \( 0 \leq r_1 < d_1 \).
  3. Having computed \( n_i \), \( d_i \), \( q_i \), and \( r_i \) with \( r_i \neq 0 \):
    1. Let \( n_{i + 1} = d_i \) and \( d_{i + 1} = r_i \).
    2. Write \( n_{i + 1} = d_{i + 1} q_{i + 1} + r_{i + 1} \) for \( q_{i + 1}, r_{i + 1} \in \Z \) with \( 0 \leq r_{i + 1} < d_{i + 1} \).
    3. Return to the beginning of this step and repeat until \( r_{i + 1} = 0 \).
  4. Now that \( r_i = 0 \), we have \( d_i = \gcd(a, b) \).
  5. (Extended) Perform back substitution to write \( \gcd(a, b) = as + bt \) for some appropriate \( s, t \in \Z \).

Why does Euclid's Algorithm have to stop? What prevents it from going ad infinitum?

Prove Euclid's Extended Algorithm computes \( \gcd(a, b) = as + bt \) for some \( s, t \in \Z \) (i.e.\ Bezout's Identity).

Let's see a few examples applying Euclid's Algorithm.

Compute \( \gcd(8901, 210) \) via Euclid's Algorithm.

First we enact the divisions prescribed by steps 1 through 3 of the algorithm:

\begin{align*} 210 &= 8901 \cdot 0 + 210 \\ 8901 &= 210 \cdot 42 + 81 \\ 210 &= 81 \cdot 2 + 48 \\ 81 &= 48 \cdot 1 + 33 \\ 48 &= 33 \cdot 1 + 15 \\ 33 &= 15 \cdot 2 + 3 \\ 15 &= 3 \cdot 5 + 0 \end{align*}

Hence we have computed \( \gcd(8901, 210) = 3 \).

Compute \( \gcd(34, 55) \) as a linear combination of \( 34 \) and \( 55 \) via Euclid's Extended Algorithm.

First we enact steps 1 through 3 of the algorithm below:

\begin{align*} 55 &= 34 \cdot 1 + 21 \\ 34 &= 21 \cdot 1 + 13 \\ 21 &= 13 \cdot 1 + 8 \\ 13 &= 8 \cdot 1 + 5 \\ 8 &= 5 \cdot 1 + 3 \\ 5 &= 3 \cdot 1 + 2 \\ 3 &= 2 \cdot 1 + 1 \\ 2 &= 1 \cdot 2 + 0 \end{align*}

In particular, this shows that \( \gcd(34, 55) = 1 \).

Now make back-substitutions to write \( \gcd(34, 55) \) as a linear combination of \( 34 \) and \( 55 \). First, we solve each of the above equations for the remainder, working from the bottom up.

\begin{align*} 1 &= 3 - 2 \cdot 1 \\ 2 &= 5 - 3 \cdot 1 \\ 3 &= 8 - 5 \cdot 1 \\ 5 &= 13 - 8 \cdot 1 \\ 8 &= 21 - 13 \cdot 1 \\ 13 &= 34 - 21 \cdot 1 \\ 21 &= 55 - 34 \cdot 1 \end{align*}

Now we substitute sequentially and simplify in the above:

\begin{align*} 1 & = 3 - 2 \cdot 1 \\ = 3 - (5 - 3 \cdot 1) \cdot 1 \\ & = 3 \cdot 2 - 5 \cdot 1 \\ = (8 - 5 \cdot 1) \cdot 2 - 5 \cdot 1 \\ & = 8 \cdot 2 - 5 \cdot 3 \\ = 8 \cdot 2 - (13 - 8 \cdot 1) \cdot 3 \\ & = 8 \cdot 5 - 13 \cdot 3 \\ = (21 - 13 \cdot 1) \cdot 5 - 13 \cdot 3 \\ & = 21 \cdot 5 - 13 \cdot 8 \\ = 21 \cdot 5 - (34 - 21 \cdot 1) \cdot 8 \\ & = 21 \cdot 13 - 34 \cdot 8 \\ = 55 \cdot 13 - 34 \cdot 21 \end{align*}

Hence the desired linear combination is \( 1 = 55 \cdot 13 + 34(-21) \).

Let \( F_n \) denote the \( n^{\mathrm{th}} \) Fibonacci number.

  1. Show that \( \gcd(F_n, F_{n + 1}) = 1 \) for all \( n \in \N \).
  2. Show that Euclid's Algorithm to compute \( \gcd(F_n, F_{n + 1}) \) terminates after \( n - 1 \) computations for \( n \geq 2 \).
  3. Can you find a general formula \( 1 = F_{n + 1}s - F_nt \) for \( s, t \in \Z \) for all \( n \geq 3 \)?

Solving Linear Modular Equations

The equation \( ax \equiv b \pmod{m} \) has a solution in \( \Z_m \) if and only if \( \gcd(a, m) \mid b \).

Let \( a, b, m \in \Z \) with \( m \neq 0 \).

Suppose \( ax \equiv b \pmod{m} \) has a solution \( x = c \). Now \( m \mid (ac - b) \) as \( ac \equiv b \pmod{m} \) yields \( ac - b = mk \) for some \( k \in \Z \). Solving for \( b \) we obtain \( b = ac + m(-k) \). Hence \( \gcd(a, m) \mid b \) by basic properties of divisibility.

Suppose \( \gcd(a, m) \mid b \) and let \( d = \gcd(a, m) \). Thus \( b = dk \) for some \( k \in \Z \). Moreover \( d = as + mt \) for some \( s, t \in \Z \) by Bezout's Identity. Now \( b = dk = (as + mt)k = a(sk) + m(tk) \) and closure properties of \( \Z \) yield \( sk, tk \in \Z \). Finally \( b = a(sk) + m(tk) \equiv a(sk) + 0(tk) = a(sk) \pmod{m} \) yields that \( x = sk \) is a solution to \( ax \equiv b \pmod{m} \).

If \( ax \equiv b \pmod{m} \) has a solution and \( m \nmid a \), then it has a unique solution with \( 0 \leq x < m \) (Why?).

The above proposition gives us a criterion for solvability of modular linear equations, but its proof gives us a method. To solve a modular linear equation \( ax \equiv b \pmod{m} \), we can first compute \( \gcd(a, m) \) via Euclid's Algorithm. If \( \gcd(a, m) \nmid b \), then we know \( ax \equiv b \pmod{m} \) has no solution. Otherwise let \( d = \gcd(a, m) \) and write \( b = mk \) for some \( k \in \Z \); apply back substitutions to finish Euclid's Extended Algorithm to write \( d = as + mt \). Finally \( b = dk = a(sk) + m(tk) \equiv a(sk) \pmod{m} \) yields \( x = sk \) as the solution.

If possible, solve \( 77x \equiv 204 \pmod{213} \) for an integer \( 0 \leq x < 13 \).

First we apply Euclid's Algorithm to compute \( \gcd(77, 213) \).

\begin{align*} 213 &= 77 \cdot 2 + 59 \\ 77 &= 59 \cdot 1 + 18 \\ 59 &= 18 \cdot 3 + 5 \\ 18 &= 5 \cdot 3 + 3 \\ 5 &= 3 \cdot 1 + 2 \\ 3 &= 2 \cdot 1 + 1 \\ 2 &= 1 \cdot 2 + 0 \end{align*}

Now we know \( \gcd(77, 213) = 1 \mid 204 \); we apply back substitutions to obtain the following.

\begin{align*} 1 & = 3 + 2(-1) \\ & = 3 + (5-3(1))(-1) = 3(2) + 5(-1) \\ & = (18 + 5(-3))(2) + 5(-1) = 18(2) + 5(-7) \\ & = 18(2) + (59 + 18(-3))(-7) = 18(23) + 59(-7) \\ & = (77 + 59(-1))(23) + 59(-7) = 77(23) + 59(-30) \\ & = 77(23) + (213 + 77(-2))(-30) = 77(83) + 213(-30) \end{align*}

Thus \( 77*83 \equiv 1 \pmod{213} \). Finally we multiply through the original equation to obtain \( x \equiv 83 \cdot 204 \pmod{213} \). Thus to finish the computation we need only compute \( 83 \cdot 213 \) and reduce modulo \( 213 \). \[ x \equiv 83 \cdot 204 = 16932 = 79*213 + 105 \equiv 105 \pmod{213} \] Hence we have computed the desired \( x = 105 \).

If possible, solve \( 15x \equiv 4 \pmod{3} \) for an integer \( 0 \leq x < 3 \).

This is not possible; we will show this in two different ways.

First Solution: We can rewrite the modular equation \( 15x \equiv 4 \pmod{3} \) as \( 3 \cdot 5x \equiv 3 + 1 \pmod{3} \); rewriting again yields \( 0 \equiv 1 \pmod{3} \) which is false! Thus no solution can exist.

Second Solution: Observe \( \gcd(15, 3) = 3 \nmid 4 \); thus the proposition yields \( 15x \equiv 4 \pmod{3} \) has no solution.

Hence \( 15x \not \equiv 4 \pmod{3} \) for all \( x \in \Z \).

There is also a theory for solving quadratic equations in modular arithmetic, but it turns out to be a bit more complicated (in a similar way to how solving quadratic equations is more complicated than solving linear equations over \( \R \)).

Primes and the Fundamental Theorem of Arithmetic

An integer \( p \geq 2 \) is prime when for all \( d \in \N \) we have \( d \mid p \) implies either \( d = 1 \) or \( d = p \). An integer \( n \geq 2 \) which is not prime is composite.

The integer \( 2 \) is prime. The integer \( 1 \) is not divisible by any prime. The integer \( 15 \) is not prime because \( 15 = 3 \cdot 5 \).

If \( p \) is prime, then \( ax \equiv b \pmod{p} \) has a solution as long as \( p \nmid a \).

Every natural number \( n \geq 2 \) is divisible by some prime.

Our proof below will use Strong Mathematical Induction; the formal statement of Strong Induction is \[ (P(0)\land \forall n \in \N[ \forall k \in \N[ k \leq n \implies P(k)] \implies P(n + 1)] ) \implies \forall n \in \N[P(n)]. \] Strong Mathematical Induction, Weak Mathematical Induction, and the Well Ordering Principle all express the same idea in slightly different ways.

We proceed by induction on \( n \).

Base Case: If \( n \) is any prime number, then \( n \mid n \) yields the result for \( n \); in particular, the result holds for \( n = 2 \).

Inductive Step: Assume that for some \( n \geq 2 \) and all \( 2 \leq k \leq n \) we have that \( k \) is divisible by some prime number. We must now show that \( n + 1 \) is also divisible by a prime. Either \( n + 1 \) is prime or not; we proceed by cases. If \( n + 1 \) is prime, then \( (n + 1) \mid (n + 1) \) yields that \( n + 1 \) is divisible by a prime. If \( n + 1 \) is not prime, then by definition, there is a \( d \) such that \( 1

We conclude that the original statement is true by Strong Mathematical Induction.

Give a proof of the proposition above using the Well Ordering Principle.

The proposition above has the following cool consequence.

There are infinitely many prime numbers.

Assume to the contrary that there are finitely many prime numbers \( p_1, p_2, \cdot s, p_n \). Let \( P = p_1p_2 \cdot s p_n \); we know \( p_1 = 2 \), so by elementary arithmetic \( P \geq 2 \), and thus \( P + 1 \geq 2 \). Thus \( P \) is divisible by a prime number \( q \) by the previous proposition. Now \( q = p_k \) for some \( 1 \leq k \leq n \); by definition of divisibility, there is an \( m \in \Z \) with \( P + 1 = qm \). Now write \( Q = p_1p_2 \cdot s p_{k - 1}p_{k + 1} \cdot s p_n \) for the product of all the primes other than \( q = p_k \); thus \( P = qQ \) and so \( qm = P + 1 = qQ + 1 \). Subtract \( qQ \) from both sides to see \( 1 = qm - qQ = q(m - Q) \). This yields \( q \mid 1 \), and thus \( q = 1 \) by properties of divisibility. But this implies \( q = 1 \) is not prime, a contradiction!

We conclude that our initial assumption was false; in particular, there are infinitely many primes.

Let \( p, m, n \in \N \). If \( p \) is prime and \( p \mid mn \), then either \( p \mid m \) or \( p \mid n \).

We prove this proposition using a proof by contradiction.

Let \( p \in \N \) be an arbitrary prime number and \( m, n \in \N \) such that \( p \mid mn \). If \( p \mid m \) we are done. Otherwise \( p \nmid m \), so we can conclude \( \gcd(p, m) = 1 \) because \( p \) is prime. By Bezout's Identity, we can write \( 1 = ps + mt \) for some \( s, t \in \Z \). Now multiply both sides of this equation by \( n \) to obtain \( n = psn + mnt \). As \( p \mid mn \) there is a \( k \in \Z \) such that \( mn = pk \); thus \( n = psn + mnt = psn + pkt = p(sn + kt) \) and \( sn + kt \in \Z \) by basic properties of integers. Hence \( p \mid n \). As the result holds in either case, we conclude that the original statement is true.

Find three numbers \( a, b, c \in \Z \) such that \( a \mid bc \) but \( a \nmid b \) and \( a \nmid c \).

The following is a consequence of Euclid's Lemma and the fact that every natural number is divisible by a prime.

Every natural number can be written as a product of primes, unique up to the order of the primes.

Exercise.

Hint: Use Strong Induction or the Well Ordering Principle, together with the two facts mentioned before the proposition.

Searching for Primes

How do we test whether or not a given number is prime? The following algorithm is an obvious approach.

Let \( n \geq 2 \) be an integer and let \( p = 2 \).

  1. If \( p = n \), stop; conclude \( n \) is prime.
  2. Otherwise:
    1. If \( p \mid n \), stop; conclude \( n \) is composite.
    2. If \( p \nmid n \), replace \( p \) by \( p + 1 \) and return to step 1.

This algorithm is rather inefficient; it has us testing all integers up to \( n \) for a prime \( n \). Let \( n = 8675309 \). There are \( 60*60*24 = 86400 \) seconds in a day; if we were to run these computations nonstop, checking one number by hand every second, we could expect to be done applying this algorithm after \( 8675309/86400 \approx 100 \) days…

A slightly more efficient algorithm is informed by the following proposition.

If \( n \geq 2 \) is composite, then \( n \) has a prime factor \( p \) with \( p \leq \sqrt{n} \).

Let \( n \geq 2 \) be composite. We show \( n = ab \) for some \( a, b \in \N \) implies either \( a \leq \sqrt{n} \) or \( b \leq \sqrt{n} \). Assume to the contrary \( a > \sqrt{n} \) and \( b > \sqrt{n} \); so \( n = ab > \sqrt{n} \cdot \sqrt{n} = n \), which is absurd. Hence either \( a \leq \sqrt{n} \) or \( b \leq \sqrt{n} \).

Using this proposition we can modify our algorithm above into the following:

Let \( n \geq 2 \) be an integer and let \( p = 2 \).

  1. If \( p > \sqrt{n} \), stop; conclude \( n \) is prime.
  2. Otherwise:
    1. If \( p \mid n \), stop; conclude \( n \) is composite.
    2. If \( p \nmid n \), replace \( p \) by \( p+1 \) and return to step 1.

This algorithm has us checking far fewer divisibility conditions; that's good!

We have \( \sqrt{8675309} \approx 2945 \), so we only need to check about \( 3000 \) divisibility conditions with this algorithm.

We still check more than we need–we only need to check prime \( p \). Let's modify the algorithm! This time, we also increase the power of the algorithm by asking for the full set of primes smaller than a given \( n \).

Let \( n \geq 2 \).

  1. Create a list of integers \( 1 \leq k \leq n \) and cross off \( 1 \).
  2. Let \( p \) be the smallest number in the list which is neither circled nor crossed off.
    1. If \( p > \sqrt{n} \), go to step 3.
    2. Otherwise, circle \( p \) and cross off all multiples of \( p \) greater than \( p \) on the list.
    3. Return to the beginning of step 2.
  3. Circle all numbers on the list which have not yet been crossed off.
  4. Output the list of circled numbers.

We will compute the set of prime numbers which are at most \( n = 30 \) via the Sieve of Eratosthenes; note \( 5 < \sqrt{30} < 6 \). First we write out the list of integers less than or equal to \( 30 \) and strike out the number \( 1 \).

\begin{array}{cccccccccc} \stn{1} & 2 & 3 & 4 & 5 & 6 & 7 & 8 & 9 & 10 \\ 11 & 12 & 13 & 14 & 15 & 16 & 17 & 18 & 19 & 20 \\ 21 & 22 & 23 & 24 & 25 & 26 & 27 & 28 & 29 & 30 \end{array}

Next find the first uncrossed number \( p = 2 \) and circle it; as \( 2 < \sqrt{30} \), also cross out all multiples of \( 2 \).

\begin{array}{cccccccccc} \st{1} & \cirn{2} & 3 & \stn{4} & 5 & \stn{6} & 7 & \stn{8} & 9 & \stn{10} \\ 11 & \stn{12} & 13 & \stn{14} & 15 & \stn{16} & 17 & \stn{18} & 19 & \stn{20} \\ 21 & \stn{22} & 23 & \stn{24} & 25 & \stn{26} & 27 & \stn{28} & 29 & \stn{30} \end{array}

Now find the first uncrossed number \( p = 3 \) and circle it; as \( 3 < \sqrt{30} \), also cross out all multiples of \( 3 \).

\begin{array}{cccccccccc} \st{1} & \cir{2} & \cirn{3} & \st{4} & 5 & \sto{6} & 7 & \st{8} & \stn{9} & \st{10} \\ 11 & \sto{12} & 13 & \st{14} & \stn{15} & \st{16} & 17 & \sto{18} & 19 & \st{20} \\ \stn{21} & \st{22} & 23 & \sto{24} & 25 & \st{26} & \stn{27} & \st{28} & 29 & \sto{30} \end{array}

Now find the first uncrossed number \( p = 5 \); as \( 5 < \sqrt{30} \) circle it and cross out all multiples of \( 5 \).

\begin{array}{cccccccccc} \st{1} & \cir{2} & \cir{3} & \st{4} & \cirn{5} & \st{6} & 7 & \st{8} & \st{9} & \sto{10} \\ 11 & \st{12} & 13 & \st{14} & \sto{15} & \st{16} & 17 & \st{18} & 19 & \sto{20} \\ \st{21} & \st{22} & 23 & \st{24} & \stn{25} & \st{26} & \st{27} & \st{28} & 29 & \sto{30} \end{array}

Now find the first uncrossed number \( p = 7 \); as \( 7 > \sqrt{30} \), we can proceed to circle all uncrossed numbers:

\begin{array}{cccccccccc} \st{1} & \cir{2} & \cir{3} & \st{4} & \cir{5} & \st{6} & \cirl{7} & \st{8} & \st{9} & \st{10} \\ \cirl{11} & \st{12} & \cirl{13} & \st{14} & \st{15} & \st{16} & \cirl{17} & \st{18} & \cirl{19} & \st{20} \\ \st{21} & \st{22} & \cirl{23} & \st{24} & \st{25} & \st{26} & \st{27} & \st{28} & \cirl{29} & \st{30} \end{array}

Finally, we output the set of circled numbers \( P = \{2, 3, 5, 7, 11, 13, 17, 19, 23, 29\} \).

This algorithm is a lot quicker than the previous one for large \( n \), but requires us to store more information.

Prove that the output set from the Sieve of Eratosthenes is the set of all prime numbers at most \( n \).

This algorithm is quite good, but we could improve it a little bit more if we tried. Most improvements are very small in the big picture (more on this "big picture" later in the course).

Write a program in your favorite programming language to implement the Sieve of Eratosthenes.