1. Number Theory - Department of Mathematics and...

1. Number TheoryMath 407: Modern Algebra I

Robert Campbell

UMBC

April 5, 2013

Robert Campbell (UMBC) 1. Number Theory April 5, 2013 1 / 106

Division Algorithm

Thm: If a and b are integer with b > 0, then there exist unique integers qand r such that a = qb + r and 0 ≤ r < b.

proof:

Existence: Consider . . . , a− 2b, a− b, a, a + b, a + 2b, . . .Of these, only consider the positive elements.There is a smallest element, some a− qb (define r = a− qb ≥ 0)r < b as otherwise r − b ≥ 0 would be a smaller element of the set

Uniqueness: Assume a = qb + r = q′b + r ′

so b(q − q′) = r ′ − rif q 6= q′ then |q′ − q| ≥ 1, so |r ′ − r | ≥ bbut |r ′ − r | < |b − 0| = b #So q = q′ and r = r ′


Greatest Common Divisor

Def: The Greatest Common Divisor of two integers a and b, denotedgcd(a, b) is the largest positive integer g such that g |a and g |b.

Thm: Two integers a and b have a gcd.

proof: The set of common divisors of a and b is non-empty(1 is in the set)The set is bounded above by both |a| and |b|.Apply the well ordering principle for bounded subsets of Z.


Greatest Common Divisor - Generalized

A more general definition - does not require an order relation and(potentially) applies in any ring.

Def: The Greatest Common Divisor of two elements a and b, denotedgcd(a, b) is an element g such that:

g |a and g |bif c |a and c|b then c |g

Thm: Any ring with a division algorithm has gcds.

Def: An integral domain with a division algorithm is a EuclideanDomain.

Def: An integral domain is a commutative ring without zero divisors.


Euclidean Algorithm

Algorithm: Starting from r0 = |a|, r1 = |b|, if we define rk as theremainder when rk−2 is divided by rk−1, then the last non-zero value ri isequal to gcd(a, b). (aka Antenaresis, [Euclid, VII.1]).

Lemma: a = qb + r =⇒ gcd(a, b) = gcd(r , b)proof: Let g = gcd(a, b)(g |a) and (g |b) =⇒ a = ng and b = mg for some n and mSo if a = qb + r then r = a− qb, so r = ng − qmg = g(n − qm)So (g |r) and hence (g | gcd(r , b)), i.e. (gcd(a, b)| gcd(r , b))Similarly, we can show that (gcd(r , b)| gcd(a, b))Thus gcd(a, b) = ± gcd(r , b)As both are positive, we have gcd(a, b) = gcd(r , b)

Lemma: gcd(a, 0) = a


Euclidean Algorithm

Algor: Starting from r0 = |a|, r1 = |b|, if we define rk as the remainderwhen rk−2 is divided by rk−1, then the last non-zero value ri is equal togcd(a, b). (aka Antenaresis, Euclid’s Elements, Book VII, Proposition 1).

Example: a = 1431, b = 141

r0 = 1431r1 = 1411431/141 = 10 with remainder r2 = 21141/21 = 6 with remainder r3 = 1521/15 = 1 with remainder r4 = 615/6 = 2 with remainder r5 = 36/3 = 2 with remainder r6 = 0So gcd(1431, 141) = 3


Euclidean Algorithm: Matrix Formulation

(1431141

)(

1 −100 1

)(1431141

)=

(21

141

)(

1 0−6 1

)(21

141

)=

(2115

)(

1 −10 1

)(2115

)=

(6

15

)(

1 0−2 1

)(6

15

)=

(63

)(

1 −20 1

)(63

)=

(03

)

So gcd(1431, 141) = 3


Euclidean Algorithm: C Programs

i n t gcd ( i n t a , i n t b )i n t tmp ;whi le ( b > 0)

tmp = b ;b = a % b ;a = tmp ;

return a ;

Recursive

i n t gcd ( i n t a , i n t b )i f ( a == 0) return b ; ;return gcd ( b % a , a ) ;


Euclidean Algorithm: Python Programs

def gcd ( a , b ) :whi le b != 0 :

a , b = b , a % breturn a


Bezout’s Identity

Thm: There exist integers x and y such that gcd(a, b) = ax + by

proof: Consider the set ax + by |x , y ∈ ZChoose x0, y0 so that ax0 + by0 is the least positive elementCall this element l = ax0 + by0

We now prove that l |a and l |bAssume the converse - wlog that l does not divide aSo ∃q, r , 0 < r < l such that

r = a− lq

= a− q(ax0 + by0)

= a(1− qx0) + b(−y0)

So r is a positive element of the set which is smaller than l (contradiction)Thus l |aSimilarly, we conclude that l |bSo l | gcd(a, b)But gcd(a, b)|(ax0 + by0) = l , so l = gcd(a, b) ♠


Extended Euclidean Algorithm

1431 141 (1, 0) (0, 1)21 = 1431 + (−10)141 141 (1,−10) = (1, 0) + (−1)(0, 1) (0, 1)21 15 = 141 + (−6)21 (1,−10) (−6, 61) = (0, 1) + (−6)(1,−10)6 = 21 + (−1)15 15 (7,−71) = (1,−10) + (−1)(−6, 61) (−6, 61)6 3 = 15 + (−2)6 (7,−71) (−20, 203) = (−6, 61) + (−2)(7,−71)0 = 6 + (−2)3 3 (47,−477) = (7,−71) + (−2)(−20, 203) (−20, 203)


Extended Euclidean Algorithm: Matrix Formulation

(1 −100 1

)(1431 1 0141 0 1

)=

(21 1 −10

141 0 1

)(

1 0−6 1

)(21 1 −10

141 0 1

)=

(21 1 −1015 −6 61

)(

1 −10 1

)(21 1 −1015 −6 61

)=

(6 7 −71

15 −6 61

)(

1 0−2 1

)(6 7 −71

15 −6 61

)=

(6 7 −713 −20 203

)(

1 −20 1

)(6 7 −713 −20 203

)=

(0 47 −4773 −20 203

)So gcd(1431, 141) = 3 = (−20)(1431) + (203)(141)


Extended Euclidean Algorithm: Python Programs

Iterative

def xgcd ( a , b ) :a1 =1; b1 =0; a2 =0; b2=1whi le ( b != 0 ) :

quot = −(a // b )a = a % ba1 = a1 + quot ∗a2 ; b1 = b1 + quot ∗b2i f ( a == 0 ) :

return [ b , a2 , b2 ]quot = −(b // a )b = b % a ;a2 = a2 + quot ∗a1 ; b2 = b2 + quot ∗b1

return [ a , a1 , b1 ]

Recursive

def xgcd ( a , b , a1 =1,b1=0, a2 =0,b2 =1):i f ( b == 0 ) : return [ a , a1 , b1 ]quot = a // breturn xgcd ( b , a%b , a1 , b1 , a2 + quot ∗a1 , b2 + quot ∗b1 )


Linear Diophantine Equations I

Def: A Diophantine equation is a polynomial equation whose coefficientsand solutions are integers.

Examples:

6x + 15y = 9

x2 + 5y = 3

3x3 + 5y2 + y = 3

Def: A linear Diophantine equation is a linear polynomial equation whosecoefficients and solutions are integers.

Examples:

6x + 15y = 9

12x + 21y + 7z = 3


Linear Diophantine Equations II

6x + 15y = 5

Note that three divides both 6 and 15.Thus, for any integer values of x and y , three must divide 6x + 15yBut three does not divide 5.

Prop: ax + by = c has no solutions if gcd(a, b) - c


Linear Diophantine Equations III

6x + 15y = 9

Has the same solutions as 2x + 5y = 3

Prop: x , y satisfies ax + by = c iff it satisfies gax + gby = gc (whereg 6= 0)

proof: ax + by = c ⇐⇒ ax + by − c = 0⇐⇒ g(ax + by − c) = 0⇐⇒ (ga)x + (gb)y − (gc) = 0 ⇐⇒ (ga)x + (gb)y = (gc)


Linear Diophantine Equations IV

2x + 5y = 3

Note that gcd(2, 5) = 1, which divides 3Find coefficients a, b such that 2a + 5b = 1:a, b = −2, 1 as 2(−2) + 5(1) = 1Multiply by 3 to get: 2(−6) + 5(3) = 3So x , y = −6, 3 is a solutionWe may freely add multiples of 2(5) + 5(−2) = 0 to the solution.So x , y = −6, 3+ n5,−2 is the set of all solutions.


Linear Diophantine Equations V

Algorithm: Find all integer solutions for ax + by = c

1 Replace ax + by = c with a′x + b′y = c ′, where g := gcd(a, b, c),a′ = a/g , b′ = b/g and c ′ = c/g

2 Let g := gcd(a′, b′). Does g divide c ′?

No: The equation has no solutions.Yes: The equation has solutions

1 Use the Extended Euclidean Algorithm to compute values x , y suchthat a′x + b′y = g .

2 Compute x0, y0 := x(c ′/g), y(c ′/g). This is a solution of the equation.3 All solutions of the equation have the form x0 + n(b′/g), y0 − n(a′/g),

where n ∈ Z.


Division, GCD & Other Rings

Question: What other rings have division algorithms and Euclidean (like)algorithms?

ZQ[x ]: Yes

Z[x ]: No

Q[x , y ]: No

Z[√−1] (Gaussian Integers): Yes

Z[√−5]: No


Primes: Definitions

God may not play dice with the universe, but something strangeis going on with the prime numbers.

P. Erdos (attributed by Carl Pomerance)

Def: A prime integer is a number whose only factorizations are intoitself and 1.

Def: A composite is a number n which has divisors other than ±nand ±1.


More Definitions

Def: A unit is a number n which which divides 1.

Def: n and m are associates if n = um, where u is a unit.

Integers: ZPrimes are 2, 3, 5, ... (and -2, -3, -5, ...)

Units are ±1

The numbers 2 and -2 are associates, as are 3 and -3, etc

Gaussian Integers: Z[√−1]

Units are ±1 and ±√−1

The numbers 2,−2, 2i ,−2i are associates

Primes are 3, 7, (1± i), (1± 2i), (2± i), ... (and their associates)


How Many Primes?

Thm: There are an infinite number of primes. [Euclid, IX.20]

proof: Assume not (proof by contradiction)Thus the set of positive primes is finite: pi |i = 1, . . . ,NAdd one to the product of primes: P = (

∏i≤N pi ) + 1

This number is strictly greater than any of the primesNone of the primes divides it(pj prime =⇒ pj |

∏i≤N pi , so if pj |(

∏i≤N pi ) + 1, then pj |1)

As no prime divides P it must itself be prime... contradicting our construction of PThus there cannot be a finite number of primes.♠


Finding Primes

How do you find primes?

Strategy: Sieve for them.

Given a large block of candidate primes

Efficiently exclude the composites

Strategy: Test for them.

Given a likely candidate integer n, run a test which:

Shows that it is prime (primality test)Shows that it is composite (compositeness aka pseudoprimality test)


Sieve of Eratosthenes

Eratosthenes of Cyrene (276-194 BC)

Algorithm: Sieve of Eratosthenes

1 Write down the numbers from 2 to N

2 Start at 23 Until you reach N

1 Let p be the first number not crossed out:

p is primeCross out all multiples of p

4 Repeat


Primes and Divisibility

Euclid’s Lemma: If p is prime and p divides ab, then either p divides a orp divides b [Euclid VII.30]

proof: Assume p does not divide a and show that p must divide b.If p does not divide a then gcd(p, a) = 1.So ∃x , y such that ax + py = 1 (Bezout’s Identity)Thus b = axb + pybBut p|ab, so p|axb, and obviously p|pyb.Thus p|(axb + pyb) =⇒ p|b.♠


Prime Factorization

Thm: Any integer n > 1 is either prime or factors into a product of primes

proof: (Inductive Proof) True for all 1 < k ≤ 2, i.e. 2, as it is prime.Make the inductive assumption that it is true for all k less than somebound n and prove that it is true for n.

Case n prime: The conclusion is trivially true

Case n not prime:So ∃m > 1 so that m|nLet n = ml , so l < n and m < nSo both m and l are either primes or products of primes. (Ind Hyp)Let m =

∏qj and l =

∏pi

Thus n = ml = (∏

qj)(∏

pi ), a product of primes.♠


Unique Factorization

Thm: (Fundamental Theorem of Arithmetic) Any natural number n > 1factors into a product of primes which is unique up to reordering.

proof: Only need to prove the uniqueness of factorization.2 factors uniquely as 2 = 21

Assume uniqueness of factorization of integers < n.If n is prime we are done, so assume that n is composite.Suppose n has two factorizations: n =

∏pi =

∏qj

Need to prove that pi and qj are equal up to reordering.As p1|n we have p1|

∏qj .

∃k such that p1|qk (and hence p1 = qk) (Euclid’s Lemma)So n/p1 = n/qk .But n/p1 < n so it has a unique factorization. (inductive hypothesis)Thus n/p1 = n/qk has the unique factorization

∏i 6=1 pi

Thus pi : i 6= 1 and qj : j 6= k are equal up to reordering.Thus pi = p1 ∪ pi : i 6= 1 and qj = qk ∪ qj : j 6= k are equalup to reordering. ♠Robert Campbell (UMBC) 1. Number Theory April 5, 2013 31 / 106

Distribution of Primes I

Thm: (Prime Number Theorem) If the number of primes less than x isdenoted π(x), then asymptotically π(x) −→ x

log(x)

5000 10 000 15 000 20 000 25 000 30 000

500

1000

1500

2000

2500

3000

5. ´ 108 1. ´ 109 1.5 ´ 109 2. ´ 109 2.5 ´ 109 3. ´ 109

-3500

-3000

-2500

-2000

-1500

-1000

-500

Conjecture: π(x) ∼ x(log(x)−B)

(Legendre, 1796)

Conjecture: π(x) ∼ li(x) :=∫ x0

dtlog(t)

(Gauss, 1800?)

Proved by Hadamard and de laVallee-Poussin (1896)


Distribution of Primes II

Lemma: If x is a product of primes of the form pi = 4ki + 1, then x has the formx = 4k + 1

proof: Let a and b (not necessarily prime) have the form 4k + 1So a = 4ka + 1 and b = 4kb + 1ab = (4ka + 1)(4kb + 1) = 16kakb + 4ka + 4kb + 1 = 4(4kakb + ka + kb) + 1So ab has the form ab = 4k + 1 where k = 4kakb + ka + kb ♠

Thm: There are an infinite number of primes of the form 4k + 3

proof: Assume that the set of primes of the form 4k + 3 is finite - p1, p2, ..., pkLet m := 4p1p2...pk − 1, which has form 4q + 3As m is odd, every prime p dividing m is odd, so p = 4k + 1 or p = 4k + 3Not every divisor of m has form p = 4k + 1, as then m would have form m = 4n + 1So at least one divisor of m has the form p = 4k + 3, so p = pi for some iSo p|(4p1...pk −m) = 1, a contradictionSo there are an infinite number of primes of form p = 4k + 3 ♠


Distribution of Primes III

Thm: (Dirichlet’s Thm) If gcd(a, b) = 1 then there are an infinite numberof primes of the form p = ax + b


Mersenne Primes

Def: A Mersenne number is an integer of the form Mn = 2n − 1. If Mn isprime it is called a Mersenne prime.

M2 = 22 − 1 = 3, M3 = 23 − 1 = 7, M4 = 24 − 1 = 15 = (3)(5),M5 = 25 − 1 = 31, M6 = 26 − 1 = 63 = (32)(7), M7 = 27 − 1 = 127

n composite =⇒ Mn composite.

Lucas-Lehmer test for primality

Current record prime: 2232,582,657 − 1 (Sept 4, 2006)

Conjectures & Open Questions:

Are there an infinite number of Mersenne primes?Are there any odd perfect numbers?If p is prime is Mp square free?

Applications:

Even Perfect NumbersFinite Fields


Fermat Primes

Def: A Fermat number is an integer of the form Fn = 22n+ 1. If Fn is

prime it is called a Fermat prime.

F1 = 221+ 1 = 22 + 1 = 5, F2 = 222

+ 1 = 24 + 1 = 17,F3 = 223

+ 1 = 28 + 1 = 257, F4 = 224+ 1 = 216 + 1 = 65537,

F5 = 225+ 1 = 232 + 1 = 4294967297 = (641)(6700417)

Conjectures & Open Questions:

Are all Fn composite for n > 4?Are there an infinite number of Fermat primes?

Applications:

Compass & Straightedge Constructions


Primes in the Gaussian Integers


Primes in Z[√−5]


Congruence

Recall a somewhat clumsy phrasing: “pi is of form 4ki + 1”

Def: (Gauss) a is congruent to b mod N (denoted a ≡ b(mod N)) iffthere is a k such that a− b = kN.

pi ≡ 1(mod 4)

123 ≡ 57(mod 11)

12345 ≡ 8(mod − 13)


Modular Arithmetic I

Thm: If a1 ≡ a2(mod N) and b1 ≡ b2(mod N) then

1 a1 + b1 = a2 + b2(mod N)

2 a1b1 = a2b2(mod N)

proof: a1 = a2 + kaN and b1 = b2 + kbN

1 a1 + b1 = (a2 + kaN) + (b2 + kbN)= (a2 + b2) + (ka + kb)NSo a1 + b1 ≡ a2 + b2(mod N)

2 a1b1 ≡ (a2 + kaN)(b2 + kbN)= (a2b2) + (a2kb + b2ka)N + (kakb)N2

= (a2b2) + (a2kb + b2ka + kakbN)NSo a1b1 ≡ a2b2(mod N)


Modular Arithmetic II

Thm: a ≡ b(mod N) and N = nm =⇒ a ≡ b(mod m)

proof: a ≡ b(mod N)⇐⇒ ∃k s.t. a = b + kN⇐⇒ a = b + (kn)m =⇒ a ≡ b(mod m)

Prop: a ≡ b(mod r) and a ≡ b(mod s) =⇒ a ≡ b(mod lcm(r , s))

Prop: ra ≡ rb(mod N) =⇒ a ≡ b(mod Ngcd(r ,N))

Prop: ra ≡ rb(mod rN) =⇒ a ≡ b(mod N)

Prop: ra ≡ rb(mod N) and gcd(r ,N) = 1 =⇒ a ≡ b(mod N)


Modular Arithmetic III

Solve ax + by = c

Equivalently ax ≡ c(mod b)If gcd(a, b) 6= 1 then gcd |c or there is no solutionFind a−1(mod b)As gcd(a, b) = 1 there are (z ,w) such that za + wb = 1, soz ≡ a−1(mod b)So (a−1a)x ≡ (a−1c)(mod b) and x ≡ a−1c(mod b)

Example: Solve 6x ≡ 24(mod 56)gcd(6, 56) = 2, so for there to be a solution 2 must divide 24So this is equivalent to 3x ≡ 12(mod 28)Bezout: (−9)(3) + (1)(28) = 1So (−9)(3) ≡ 1(mod 28) and 3−1 ≡ −9 ≡ 28− 9 = 19(mod 28)So x ≡ (3−1)12 ≡ (19)(12) ≡ 4(mod 28)


Diophantine Equations & Modular Arithmetic

Thm: If p(a) = 0 for p(x) ∈ Z[x ] and a ∈ Z, then for any N ∈ Z we havep(a) = 0, where a = [a] ∈ ZN and p(x) = [p(x)] ∈ ZN [x ] (commonlydenoted p(a) = 0(mod N))

Question: Can we reverse this? Given solutions mod various Ni , can weconstruct a solution in Z?


Chinese Remainder Theorem

Thm: If x ≡ a1(mod n1) and x ≡ a2(mod n2) and gcd(n1, n2) = 1, thenthere is a unique solution x(mod n1n2)

proof: (Construction) As gcd(n1, n2) = 1 there are r1, r2 such thatr1n1 + r2n2 = 1 (Bezout)So r1n1 ≡ 1(mod n2) and r2n2 ≡ 1(mod n1)Claim that x ≡ a1(r2n2) + a2(r1n1)(mod n1n2) are solutions.

x ≡ a1(r2n2) + a2(r1n1)(mod n1)

≡ a1(r2n2) + 0(mod n1)

≡ a1(1) ≡ a1(mod n1)

Similarly, x ≡ a2(mod n2) as desired.


Chinese Remainder Theorem II

Example: x ≡ 20(mod 33) and x ≡ 17(mod 24)(Note: x ≡ 2(mod 3) in both equations)x ≡ 9(mod 11)Bezout: (11)(11) + (−5)(24) = 1So x ≡ (17)(11)(11) + (9)(−5)(24) ≡ 185(mod (11)(24))

Corr: Given x ≡ ai (mod ni ), if for every pair (i , j) we haveai ≡ aj(mod gcd(ni , nj)), then there exists a solutionx ≡ a(mod lcm(n1, . . . , nk)).


Efficient Exponentiation

Consider the efficiency of several ways of computing 232(mod 41):

First compute 232, then reduce mod 41 to compute 232(mod 41):22 = 4, 23 = 2(22) = 2(4) = 8, 24 = 2(23) = 2(8) = 16,25 = 2(24) = 2(16) = 32, ......, 231 = 2(230) = 2(1073741824) = 2147483648,232 = 2(231) = 2(2147483648) = 4294967296232 = 4294967296 ≡ 37(mod 71)Cost: 31 Multiplies and 1 Division (most very large)

Compute 232 but reduce mod 41 after each multiplication:22 ≡ 4(mod 41), 23 ≡ 2(22) ≡ 8(mod 41), 24 ≡ 2(23) ≡ 16(mod 41),... 232 ≡ 2(231 ≡ 2(39) ≡ 37(mod 41)Cost: 31 Multiplies and 31 Divides (each of numbers less than 71)

Compute by successive squarings, reducing mod 41 after each step:22 ≡ 4(mod 41), 24 ≡ (22)2 ≡ 42 ≡ 16(mod 41),28 ≡ (24)2 ≡ 162 ≡ 10(mod 41), 216 ≡ (28)2 ≡ 102 ≡ 18(mod 41)and 232 ≡ (216)2 ≡ 182 ≡ 37(mod 41)Cost: 5 Squarings and 5 Divides (each of numbers less than 71)


Efficient Exponentiation II

Example: Compute 343(mod 71)Note: 43 = 1010112 (base-2 representation of the exponent)Thus 343 = 31010112 = (325

)(323)(321

)(320)

Compute 320= 31 = 3, 321

= (31)2 = (3)2 = 9322

= (32)2 = (9)2 ≡ 10(mod 71), 323= (34)2 = (10)2 ≡ 29(mod 71),

324= (38)2 = (29)2 ≡ 60(mod 71), 325

= (316)2 = (60)2 ≡ 50(mod 71)Thus 343 ≡ (3)(9)(29)(50) = 39150 ≡ 29(mod 71)

Algorithm: Compute ae(mod N)compute the binary digits of e, (e0, e1, e2, . . .)Start with prod = 1 and power = aFor each binary digit of e, starting with e0:

1 If ei is 1 then multiply prod by power (i.e.prod←− (power)(prod)(mod N))

2 Square power mod N (i.e. power←− (power)2(mod N))


Cryptography: Diffie-Hellman

Start: Alice and Bob have no shared secretFinish: Alice and Bob share a secret

Anyone observing their communications cannot recover this secret.

Assumptions:

Given g , e, p, computing g e(mod p) is easyGiven g e(mod p), g , p, computing e is hard (Discrete Logarithm Problem)

Algorithm: [Diffie & Hellman, 1976] [Williamson, 1974]

1 Choose a prime p and an element g - share publicly2 Alice generates a secret random number rA

Compute RA ≡ g rA(mod p) and send RA (publicly) to Bob3 Bob generates a secret random number rB

Compute RB ≡ g rB (mod p) and send RA (publicly) to Alice4 Compute the shared secret:

Alice computes R rAB ≡ g rB rA(mod p)

Bob computes R rBA ≡ g rArB (mod p)


Fermat’s Little Theorem

Fermat’s Little Theorem: If p is prime and gcd(a, p) = 1, thenap−1 ≡ 1(mod p)

Examples:

370 ≡ 1(mod 71)

2470 ≡ 1(mod 71)

14270 ≡ 0(mod 71)

374 ≡ 69(mod 75)

574 ≡ 25(mod 75)


Fermat’s Little Theorem II

Lemma: If p is prime and 0 < k < p, then p divides(pk

).

proof:(pk

)= p!

(k!)(p−k)!

Obviously, p|(p!), but as 0 < k < p, p does not occur in the products k!or (p − k)!As p is prime, it does not divide (k!)(p − k)!Thus p divides p!

(k!)(p−k)! =(pk

)♠

Lemma: If p is prime, then (n + m)p ≡ np + mp(mod p) (Freshman’sDream)

proof: (n + m)p ≡∑

k

(pk

)nkmp−k(mod p) (Binomial Expansion)

≡(p0

)n0mp + 0 + . . .+ 0 +

(pp

)npm0(mod p)

= mp + np ♠Robert Campbell (UMBC) 1. Number Theory April 5, 2013 51 / 106

Fermat’s Little Theorem III

Fermat’s Little Theorem: If p is prime and a is not a multiple of p, thenap−1 ≡ 1(mod p)

proof: (of FLT) (Inductive)Prove that ap ≡ a(mod p) - Obviously true for a = 1Assume true for a and prove for a + 1 < p(a + 1)p ≡ ap + 1p ≡ (a + 1)(mod p)If (a + 1) 6≡ 0 then (a + 1)p−1 ≡ 1(mod p) ♠


Fermat Pseudoprime Test

Def: A pseudoprime is a number which some test has not shown to be composite.

Fermat Compositeness Test: Given N, test if it is composite

Choose some a, not a multiple of NCompute aN−1(mod N)If aN−1 6≡ 1(mod N) then N is composite

Examples:

Is 1237 prime?21236 ≡ 1(mod 1237)31236 ≡ 1(mod 1237)51236 ≡ 1(mod 1237)Is 1241 prime?21240 ≡ 1004(mod 1241)


Fermat Pseudoprime Test II

Def: A Fermat pseudoprime base a is a number which the Fermat testbase a has not shown to be composite. (i.e. an−1 ≡ 1(mod n))

More Examples:

Is 1387 prime?21386 ≡ 1(mod 1387)31386 ≡ 875(mod 1387)

Is 1729 prime?21728 ≡ 1(mod 1729)31728 ≡ 1(mod 1729)51728 ≡ 1(mod 1729)71728 ≡ 1(mod 1729)but 1729 = (7)(13)(19)


Carmichael Numbers

Def: A Carmichael number is a composite number N such that for all acoprime to N, aN−1 ≡ 1(mod N).

Thm: (Korselt, 1899) A positive composite N is a Carmichael number iffit is squarefree and for all prime divisors p, (p − 1)|(N − 1).

Smallest Carmichael Numbers:

561 = (3)(11)(17)1105 = (5)(13)(17)1729 = (7)(13)(19)2465 = (5)(17)(29)

There are an infinite number of Carmichael numbers. [Alford,Granville & Pomerance, 1994]


Factoring: Pollard p − 1

Algorithm: [Pollard, 1974] To factor N = pq1 Compute a′ = ap−1(mod N)

Note: a′ ≡ 1(mod p), so a′ = kp, so (Fermat’s Little Theorem)

2 Compute gcd(a′,N) = gcd(kp, pq) = p

def factpm1(n):count = 1g = 1a = 2 # Most start values should workwhile (g == 1):

a = pow(a, count, n)g = gcd(a-1,n)print count, a, gcount = count + 1


Pollard p − 1: Examples

Factor 1398983

1 2 12 4 1 22 = 4

3 64 1 43 = 2(2)(3) = 64

4 1388403 1 644 = 2(2)(3)(4) ≡ 1388403(mod 1398983)

5 451387 1 13884035 = 2(2)(3)(4)(5) ≡ 451387(mod 1398983)

6 1060746 1 4513874 = 2(2)(3)(4)(5)(6) ≡ 1060746(mod 1398983)

7 766221 421 10607464 = 2(2)(3)(4)(5)(6)(7) ≡ 766221(mod 1398983)

Note:

421− 1 = (22)(3)(5)(7), a divisor of 7!

Factor 1430489

1 2 12 4 13 64 14 1041837 15 1153074 1...42 1186328 143 312476 431

Note: 431− 1 = (2)(5)(43), a divisor of 43!


Factoring: Pollard %

Algorithm: [Pollard, 1975] To factor N = pq1 Find two values congruent mod p: f − s ≡ 0(mod p)

Note that the random map n −→ n2 + 1 forms a cycle mod pRun f along the cycle twice as fast as s and wait for collisionIf f − s ≡ 0(mod p), then f − s = kp

2 Compute gcd(f − s,N) = gcd(kp, pq) = p

def factrho(n):count = 1g = 1fast = slow = 2 # Most start values workwhile (g == 1):

slow = (slow*slow + 1) % nfast = (fast*fast + 1) % nfast = (fast*fast + 1) % ng = gcd(fast-slow,n)print count, n, fast, slow, gcount = count + 1


Equivalence Relations

Def: An equivalence relation, ∼ on a set S is a subset E of S × S with theproperties:

Reflexitivity: ∀a ∈ S (a, a) ∈ ESymmetry: (a, b) ∈ E iff (b, a) ∈ ETransitivity: If (a, b) ∈ E and (b, c) ∈ E , then (a, c) ∈ E

Denote (a, b) ∈ E by a ∼ b

Def: Given set S with equivalence relation ∼, the equivalence class of a, denoted[a], is the subset of elements equivalent to a, [a] = b|b ∼ a.

Note: If a ∼ b then [a] = [b], and if a b, then [a] and [b] are disjoint.

Def: The set of equivalence classes of S under ∼ is denoted S/ ∼.

So the sets in S/ ∼ form a disjoint partition of the set S .


Modular Arithmetic & Equivalence

Thm: Congruence mod N is an equivalence relation

proof:

1 Reflexitivity: a ≡ a(mod N) as a = a + 0N

2 Symmetry: a ≡ b(mod N)⇐⇒ a = b + kN⇐⇒ b = a + (−k)N⇐⇒ b ≡ a(mod N)

3 Transitivity: a ≡ b(mod N) and b ≡ c(mod N) =⇒ a = b + k1N andb = c + k2N =⇒ a = c + (k1 + k2)N =⇒ a ≡ c(mod N)


ZN I

Recall that if a1 ≡ a2(mod N) and b1 ≡ b2(mod N), thena1 + b1 ≡ a2 + b2(mod N) and (a1)(b1) ≡ (a2)(b2)(mod N)

Def: The equivalence class of a modulo N is the set. . . , a− 2N, a− N, a, a + N, a + 2N, a + 3N, . . .. Denote this set [a]N .

Note that [a]N = [a + kN]N . Commonly the smallest positive element ofan equivalence class is preferred, eg. [3]11 for [58]11.Define addition and multiplication of equivalence classes by:

[a]N + [b]Ndef= [a + b]N

([a]N)([b]N)def= [(a)(b)]N

Thm: Addition and multiplication are well defined and independent of therepresentative chosen.


ZN II

Def: ZN is the set of equivalence classes of integers mod N.Def: Z∗N is the set of equivalence classes [a]N , where gcd(a,N) = 1.

Examples:

Z3 = [0]3, [1]3, [2]3Z9 = [0]9, [1]9, [2]9, [3]9, [4]9, [5]9, [6]9, [7]9, [8]9Z∗9 = [1]9, [2]9, [4]9, [5]9, [7]9, [8]9Z11 = [0]11, [1]11, [2]11, [3]11, [4]11, [5]11, [6]11, [7]11, [8]11, [9]11, [10]11Z∗11 = [1]11, [2]11, [3]11, [4]11, [5]11, [6]11, [7]11, [8]11, [9]11, [10]11

Prop: [a]N has an inverse iff gcd(a,N) = 1, and this inverse is also in Z∗N .

ZN is a ring.Zp is a field if p is prime.Z∗N is a group (the group of units mod N).


Euler’s φ Function I

Def: Euler’s totient function, denoted φ(N), is the number of integers less than Nwhich are coprime to N.

Thus φ(N) = #Z∗N , the size of the group of units mod N.Examples:

φ(3) = #1, 2 = 2φ(4) = #1, 3 = 2φ(5) = #1, 2, 3, 4 = 4φ(12) = #1, 5, 7, 11 = 4φ(13) = #1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 = 12φ(27) = #1, 2, 4, 5, 7, 8, 10, 11, 13, 14, 16, 17, 19, 20, 22, 23, 25, 26 = 18φ(42) = #1, 5, 11, 13, 17, 19, 23, 25, 29, 31, 37, 41 = 12

Prop: If p is prime, then φ(p) = p − 1.


Euler’s φ Function II

Thm: p prime =⇒ φ(pe) = pe−1(p − 1)

proof: There are pe residues, of which every pth is a non-unitSo φ(pe) = pe p−1

p = pe−1(p − 1). ♠

Thm: If gcd(n,m) = 1 then φ(nm) = φ(n)φ(m)

proof: Write the residues as an array:

1 2 . . . m − 1 mm + 1 . . . 2m

......

n(m − 1) + 1 . . . nmOf the m columns, φ(m) of them have residues coprime to m, but all other columnsconsist of elements not coprime to m.Each other column is of the form k , k + m, k + 2m, . . . , k + (n − 1)mThis is a set of residues mod nSo φ(n) of the elements in this column is coprime to n.Thus there are φ(m) columns, each containing φ(n) elements coprime to nm. ♠


Euler’s φ Function III

Algorithm: To compute φ(N):

1 Factor N = pe11 pe2

2 . . . penn

2 φ(N) = φ(pe11 pe2

2 . . . penn ) = φ(pe1

1 )φ(pe22 ) . . . φ(pen

n ) =(p1 − 1)pe1−1

1 (p2 − 1)pe2−12 . . . (pn − 1)pen−1

n

Examples:

φ(33) = φ(3)φ(11) = (3− 1)(11− 1) = 20

φ(41) = (41− 1) = 40

φ(44) = φ(22)φ(11) = (2− 1)(22−1)(11− 1) = 20

φ(100) = φ(22)φ(52) = (2− 1)2(2−1)(5− 1)5(2−1) = 40


Euler’s Theorem

Thm: (Euler, ca 1760) If gcd(a,N) = 1 then aφ(N) ≡ 1(mod N).

proof: If gcd(a,N) = 1 then (xa ≡ ya) =⇒ (x ≡ y)Also, gcd(a,N) = 1 and gcd(x ,N) = 1 implies that gcd(xa,N) = 1So the map [x ] −→ [xa] permutes the elements of Z∗NThus ax : x ∈ Z∗N is just a permutation of the elements of Z∗NSo∏

x x ≡∏

x xa ≡ aφ(N)∏

x xSo aφ(N) ≡ 1(mod N) as desired. ♠

Examples:

φ(21) = (3− 1)(7− 1) = 12 and 212 ≡ 1(mod 21)

also 26 ≡ 1(mod 21)but 312 ≡ 15(mod 21)

φ(99) = φ((32)(11)) = (3− 1)(32−1)(11− 1) = 60 and260 ≡ 1(mod 99)


Cryptography: RSA

Goal: Anyone can encrypt a message but only Alice can decrypt it.

Assumptions:

Given N = pq, factoring N to recover p and q is hard.

Algorithm: [Rivest, Shamir & Adleman, 1977] [Cocks, 1973]1 Alice:

Generates (secret) primes p and q, and computes (public) N = pqComputes (secret) φ(N) = (p − 1)(q − 1)Chooses (public) e and computes (secret) d ≡ e−1(mod φ(N))Publishes N, e

2 Bob writes a (secret) message M:

Computes the encryption E (M) ≡ Me(mod N)

3 Alice decrypts the message: (E (M))d ≡ (Me)d ≡ Mee−1(mod φ(N))(mod N)


Euler’s φ Function III

Conjectures:

For any n 6= 2 there is some m such that φ(n) = φ(m) (CarmichaelTotient Conjecture)

For no composite n does φ(n) divide (n − 1). (Such a number wouldbe a Carmichael number.) (Lehmer)


Multiplicative order of g ∈ Z∗N

Def: If g ∈ Z∗N (i.e. gcd(g ,N) = 1), then the order of g mod N, denoted o(g), is thesmallest integer k > 0 such that gk ≡ 1(mod N).

Examples:

For 2 ∈ Z∗7, 22 = 4, 23 = 8 ≡ 1, so o(2) = 3For 3 ∈ Z∗7, 32 = 9 ≡ 2, 33 = 3(32) = 6, 34 = 3(33) = 18 ≡ 4, 35 = 3(34) = 12 ≡ 5,36 = 3(35) = 15 ≡ 1, so o(3) = 6For 5 ∈ Z∗18, 52 = 25 ≡ 7, 53 = 5(52) ≡ 17 ≡ −1, 54 = 5(53) = −5 ≡ 13,55 = 5(54) = −25 ≡ 11, 56 = 5(55) ≡ 1, so o(5) = 6

Thm: If g ∈ Z∗N , then o(g)|φ(N)

proof: gφ(N) = 1 (Euler’s Theorem)Thus o(g) < φ(N)If o(g) - φ(N) then for some 0 < r < o(g) we have φ(N) = ko(g) + rSo 1 = gφ(N) = gko(g)+r = (go(g))k(g r ) = (1)k(g r ) = g r

So for some 0 < r < o(g) we have g r = 1, which contradicts the minimality of o(g)Thus o(g)|φ(N) ♠


Carmichael’s Lambda

Def: λ(N) is the smallest positive k such that for all a withgcd(a,N) = 1, we have aλ(N) ≡ 1(mod N)

Thm: λ(N)|φ(N)

Examples:

φ(2) = 1, λ(2) = 1 as o(1) = 1

φ(3) = 2, λ(3) = 2 as o(1) = 1, o(2) = 2

φ(4) = 2, λ(4) = 2 as o(1) = 1, o(3) = 2

φ(5) = 4, λ(5) = 4 as o(1) = 1, o(2) = 4, o(3) = 4, o(4) = 2

φ(15) = 8, λ(15) = 4 as o(1) = 1, o(2) = 4, o(4) = 2, o(7) = 4,o(8) = 4, o(11) = 2, o(13) = 4, o(14) = 2

φ(45) = 24, λ(45) = 12 (o(2) = 12)


Carmichael’s Theorem

Carmichael’s Theorem: If gcd(a,N) = 1 then aλ(N) ≡ 1(mod N) Ifλ(N) is defined recursively as:

λ(2) = 1, λ(4) = 2 and λ(2e) = 2e−2 for e > 2

λ(pe) = φ(pe) = (p − 1)pe−1 for odd prime p

λ(nm) = lcm(λ(n), λ(m)) if gcd(n,m) = 1

Thm: λ(N)|φ(N)

proof: λ(N) ≤ φ(N) (minimality of λ(N) and Euler’s Thm)If λ(N) - φ(N) then the division algorithm gives a remainder 0 < r < λ(N)such that r = φ(N)− kλ(N)but then ar ≡ aφ(N)/aλ(N) ≡ 1(mod N), contradicting the minimality ofλ(N)Thus λ(N)|φ(N) ♠


Primitive Elements

Question: When is Z∗N the powers of some element,Z∗N = 1 = g0, g1, g2, . . . , gk?

Def: g is primitive mod N if o(g) = φ(N)

Examples:

λ(5) = φ(5) = 4 and 2, 3 are primitive mod 5λ(7) = φ(7) = 6 and 3, 4 are primitive mod 7λ(13) = φ(13) = 12 and 2, 25 ≡ 6, 27 ≡ 11, 211 ≡ 7 are primitiveλ(15) = 4, but φ(15) = 8, so there are no primitive elements mod 15.λ(17) = φ(17) = 16 and 3, 33 ≡ 10, 35 ≡ 5, 37 ≡ 11, 39 ≡ 14, 311 ≡ 7,313 ≡ 12, 315 ≡ 6 are primitive mod 17

Def: If there is a primitive element g mod N then:

Z∗N is said to be cyclicZ∗N is generated by g , written Z∗N = 〈g〉


Primitive Elements Thm: 2e

Thm:

1 λ(2) = 1

2 λ(22) = 2

3 λ(2e) = 2e−2 for e > 2

proof:

1 λ(2) = 1: left to the reader

2 λ(22) = 2: left to the reader

3 λ(2e) = 2e−2 for e > 2:Show for all odd a, a2e−2 ≡ 1(mod 2e) by inductione = 3 (i.e. 2e = 8) by computation (base case)Assume true for e, so a2e−2

= 1 + k2e

Square this to geta2e−1

= (1 + k2e)2 = 1 + k2e+1 + k222e ≡ 1(mod 2e+1)


Primitive Elements Thm: p

Thm: p prime and d |(p − 1) =⇒ #a|o(a) mod p = d = φ(d)

Corr: Z∗p is cyclic and there are primitive elements mod p.


Primitive Elements Thm: p (cont)

proof: Let Ωd := a|o(a) mod p = d and ωd := #Ωd

Note:∑

d |(p−1) ωd = p − 1∑d |(p−1) φ(d) = p − 1 [Lemma]

So∑

d |(p−1)(φ(d)− ωd) = 0(If we can show that ωd ≤ φ(d), then ωd = φ(d))Obvious if Ωd = ∅, so assume there is some a ∈ Ωd

Then a1, a2, . . . , ad = 1 are all distinct(ai )d = 1, so all are distinct roots of f (x) = xd − 1xd − 1 has at most d roots in Zp

So these are a complete set of roots.But Ωd = ai | gcd(d , i) = 1So ωd = |Ωd | = #i | gcd(d , i) = 1 = φ(d) ♠


Finding Primitive Elements

Prop: If g is primitive and o(g) = n, then if gcd(e, n) = 1, then g e is alsoprimitive.Prop: If p is prime, there are φ(φ(p)) primitive elements mod p.

λ(13) = φ(13) = 12 and 2, 25 ≡ 6, 27 ≡ 11, 211 ≡ 7 are primitive

Strategy: To find a primitive element mod p:

1 Factor λ(p) = p − 1 = (qe11 )(qe2

2 )...(qenn )

2 Select some a ∈ Z∗p3 If a(p−1)/qi 6≡ 1(mod p) for i = 1, . . . , n, then a is primitive

4 Return to step 2


Lucas-Kraitchik-Lehmer n − 1 Primality Test

Prop: If N is composite, then λ(N) ≤ φ(N) < N − 1

Algorithm: [Lucas, 1879] To prove that p is prime.

Find an element a which is primitive mod p. Show that a is primitive:

Factor p-1 as (q1ê1)(q2ê2)...(qnên)a <- 2for a=2 to (p-1)

for i from 1 to nif ( a^(phi(p)/qi) = 1)

next aprint ‘‘p is prime as a is primitive mod p’’


Primitive Elements Thm: pe

Thm: Z∗pe is cyclic and there are primitive elements mod pe .


The Structure of Z∗N

Thm: If gcd(n,m) = 1 then λ(nm) = lcm(λ(n), λ(m))

proof: For a coprime to nm we have aλ(n) ≡ 1(mod n) andaλ(m) ≡ 1(mod m)As λ(n)|lcm and λ(m)|lcm we have alcm ≡ 1(mod n) andalcm ≡ 1(mod m)Thus alcm ≡ 1(mod mn) and λ(nm)|lcmChoose a and b so on(a) = λ(n) and om(b) = λ(m)Then there is some c such that c ≡ a(mod n) and c ≡ b(mod m) (CRT)Thus onm(c) = lcm(on(a), om(b)) = lcm(λ(n), λ(m))So λ(nm) = lcm(λ(n), λ(m)) ♠

Thm: Z∗N is cyclic iff N is one of 2, 4, p (prime), pe , 2p or 2pe


Computing λ(N)

Algorithm: To compute λ(N):

1 Factor N = 2epe11 pe2

2 . . . penn

2 λ(N) = λ(2epe11 pe2

2 . . . penn ) = lcm(λ(2e), λ(pe1

1 ), λ(pe22 ), . . . , λ(pen

n )) =lcm(λ(2e), (p1 − 1)pe1−1

1 , (p2 − 1)pe2−12 , . . . , (pn − 1)pen−1

n )

Examples:

λ(33) = lcm(2, 10) = 10 but φ(33) = (3− 1)(11− 1) = 20

λ(41) = (41− 1) = 40 = φ(41)

λ(44) = lcm(2, (11− 1)) = 10

λ(60) = lcm(2, (3− 1), (5− 1)) = 4, but φ(60) = 4


Sum of Squares

Question: For what numbers N is there a decomposition into a sum ofsquares, N = x2

1 + x22 + . . .+ x2

n ?

Conj: (Girard, 1632) A prime p has a decomposition into a sum of twosquares, p = x2

1 + x22 iff p = 2 or p ≡ 1(mod 4).


Four Squares & Waring’s Problem

Thm: An integer N can be written as a sum of four squaresN = x2

1 + x22 + x2

3 + x24 (proven Fermat, 1650)(proven Lagrange, 1770)

Problem: (Waring, 1770) How many terms are needed to express any positive integeras a sum of nth powers?

Conjecture (Waring): g(2) = 4, g(3) = 9, g(4) = 19g(2) = 4 (Fermat, 1650) (Lagrange, 1770)g(3) = 9 (Wieferich, 1909)g(4) = 19 (Balasubramanian et al, 1986)g(5) = 37 (Chen, 1964)

Problem: (Waring, 1770) For any integer n is there an integer g(n) such that anypositive integer can be expressed as a sum of nth powers?

Yes (Hilbert, 1909)

Problem: How many terms are needed to express all but a finite number of positiveinteger as a sum of nth powers? Call this G (n).


Sum of Two Squares

Thm: An odd prime p can be written as a sum of two squares p = x2 + y2

iff p ≡ 1(mod 4)(proven Fermat, 1650)(proven Lagrange, 1770)

proof:

=⇒: If p = x2 + y2, then p ≡ 1(mod 4)Any square is congruent to either 0 or 1 mod 4.Thus x2 + y2 ≡ 0, 1, 2(mod 4)But this is only odd if it is congruent to 1 mod 4

=⇒: If p ≡ 1(mod 4), then p = x2 + y2

Descent: If p|x2 + y2 where gcd(x , y) = 1, then thereare a, b such that p = a2 + b2

Reciprocity: If p ≡ 1(mod 4), then there are x , y such thatp|x2 + y2 and gcd(x , y) = 1


Algebraic Number Fields

Def: An (Algebraic) Number Field, Q(α) is the set of polynomials ofdegree less than some degree n, an−1α

n−1 + anαn + . . .+ a1α+ a0, where

there is an irreducible degree n monic minimal polynomial, p(x), such thatp(α) = αn + mn−1α

n−1 + . . .+ m1α + m0 = 0.

Def: A quadratic number field, Q(√

d), is an algebraic number field ofdegree two.

Claim: All quadratic number fields have form Q(√

d)pf: The quadratic formula allows us to rewrite the root of any quadraticpolynomial as (−b +

√b2 − 4ac)/2a

Note that Q(√

d) = Q(a√

d) = Q(b +√

d)Let d be the square-free part of b2 − 4ac


Quadratic Number Fields: Arithmetic

Claim: The quadratic number field Q(√

d) is a field

proof:

Add: (a1α + a0) + (b1α + b0) = (a1 + b1)α + (a0 + b0)Mult: (a1

√d + a0)(b1

√d + b0) = (a1b0 + a0b1)

√d + (a0b0 + a1b1d)

Divide: (Rationalizing Denominators) (a1

√d+a0)

(b1

√d+b0)

= (a1

√d+a0)

(b1

√d+b0)

(b1

√d−b0)

(b1

√d−b0)

= ((a0b1 −

a1b0)√

d + (a1b1d − a0b0))/(b21d − b2

0) = (a0b1−a1b0)(b2

1d−b20)

√d + (a1b1d−a0b0)

(b21d−b2

0)

Example: Q(√−5)

Mult: (23

√−5 + 2)(3

√−5 + 1

2) = (13 + 6)

√−5 + (1 + 2(−5)) = 19

3

√−5− 9

Divide: (Rationalizing Denominators)(a1√−5+a0)

(b1√−5+b0)

= (a1√−5+a0)

(b1√−5+b0)

(b1√−5−b0)

(b1√−5−b0)

= ((a0b1 − a1b0)√−5 + (a1b1 − 5−

a0b0))/(b21 − 5− b2

0) = (a0b1−a1b0)(b2

1−5−b20)

√−5 + (a1b1−5−a0b0)

(b21−5−b2

0)


The Usual Suspects

Q(√−1) (Gaussian) - Simplest complex quadratic number field

Q(√−3) (Eisenstein) - Complex quadratic number field with slightly

more interesting structure

Q(√−5) - Complex quadratic number field without unique

factorization

Q(√

3) - Real quadratic number field


Conjugate, Norm & Trace

Def: The conjugate of a + b√

d is a− b√

d . (The conjugate of α isdenoted α)

Def: The norm of α, denoted N(α), isαα = (a + b

√d)(a− b

√d) = a2 − b2d

Def: The trace of α, denoted tr(α), isα + α = (a + b

√d) + (a− b

√d) = 2a

Note:¯α + β = α + β and αβ = αβ

N(αβ) = N(α)N(β)

tr(α + β) = tr(α) + tr(β)


Algebraic Integers

Def: The algebraic integers in Q(α) is the set of all elements in Q(α) whichare roots of some monic polynomial in Z[x ].

Prop: This is a ring (closed under +, ∗)

Examples:√

2 + 2 has minimal polynomial min√2+2(x) = x2 − 4x + 2 (is an

algebraic integer in Q(√

2))3+√−3

2 has minimal polynomial min 3+√−3

2

(x) = x2 − 3x + 3 (is an

algebraic integer in Q(√−3))

1+√−1

2 has minimal polynomial min 1+√−1

2

(x) = 2x2 − 2x + 1 (is not an

algebraic integer in Q(√−1))

α = n + m√

d has minimal polynomial minα(x) = x2 − tr(α)x + N(α) (isan algebraic integer in Q(

√d) iff both trace and norm are integers)


Quadratic Integers: Examples

Q(√−1) (Gaussian Integers):

ZQ(√−1) = Z[

√−1] = n + m

√−1|n,m ∈ Z

Q(√−3) (Eisenstein Integers): ZQ(

√−3) = Z[1+

√−3

2 ] =

n + m 1+√−3

2 |n,m ∈ Z = r+s√−3

2 |r , s ∈ Z, r + s evenQ(√−5) : ZQ(

√−5) = Z[

√−5] = n + m

√−5|n,m ∈ Z

Q(√

3) : ZQ(√

3) = Z[√

3] = n + m√

3|n,m ∈ Z

Prop: ZQ(√

d) = Z[ω] = n + mω|n,m ∈ Z, where ω = 1+√

d2 if

d ≡ 1(mod 4) and ω =√

d otherwise


Units in Quadratic Integers

Def: A unit is:

1 A divisor of 1

2 An invertible element

3 An element α where N(α) = ±1

Def: a and ua are associates for u a unit.

5 and -5 are associates in Z (as UZ = ±1)2 +√−1 and 1− 2

√−1 are associates in Z[

√−1] (as

UZ[√−1] = ±1,±

√−1)


Group of Units: The Usual Suspects

Q(√−1) (Gaussian Integers):

UZ[√−1] = ±1,±

√−1 = 〈

√−1〉 ∼= C4

Q(√−3) (Eisenstein Integers):

UZ[ 1+√−3

2]

= ±1,±1±√−3

2 = 〈1+√−3

2 〉 ∼= C6

Q(√−5) : UZ[

√−5] = ±1 = 〈−1〉 ∼= C2

Q(√

3) : UZ[√

3] = ±1... but there’s more


Group of Units: Real Quadratic Field

UZ[√

3]:

Def: A unit is an element α where N(α) = ±1

Solve N(x + y√

3) = x2 − 3y2 = ±1 for integer x , yA solution is η = 2 + 3

√3

As norm is multiplicative, any positive (or negative) power of thisfundamental unit is a unit.

Q(√

3) : UZ[√

3] = ±(2 + 3√

3)n = 〈−1, (2 + 3√

3)〉 = C2 ⊕ C∞


Pell, Dirichlet & Fundamental Units

Def: Pell’s Equation is any equation of form x2 − dy2

Solve by method of continued fractions

Thm: (Dirichlet’s Unit Thm) If a minimal polynomial of a number fieldQ(α) has r real roots and c pairs of complex roots, then the rank (numberof factors of C∞) of the group of units UQ(α) is r + c − 1.

So the group of units for a complex quadratic field (e.g. Q(√−3)) has

rank zero and the group of units for a real quadratic field (e.g. Q(√

3))has rank one.


Primes

Def: a ∈ ZQ(√

d) is prime (irreducible) iff the only divisors are units andthe associates of a.


Splitting

Def: A rational prime p ∈ Zsplits in ZQ(

√d) if p = p1p2 (p1 6= p2 ∈ ZQ(

√d))

Example: 2 = (1 +√−1)(1−

√−1) in Z[

√−1]

is inert in ZQ(√

d) if p is prime

Example: 3 is inert in Z[√−1]

ramifies in ZQ(√

d) if p = q2

Example: 3 = (√

3)2 in Z[√

3]

Thm: If Z[ω] has unique factorization then all primes arise from rationalprimes either splitting, ramifying or remaining inert.


Splitting Examples

Z[√−1] (Gaussian Integers):

2 splits −→ (1 +√−1)(1−

√−1)

3 is inert5 splits−→ (2 +

√−1)(2−

√−1) = (1 + 2

√−1)(1− 2

√−1)

(associates)7 is inertp splits iff p ≡ 1(mod 4) (Sum of Two Squares Thm)

Z[1+√−3

2 ] (Eisenstein Integers):

2 is inert3 ramifies −→ −(

√−3)2

5 is inert7 splits −→ (5+

√−3

2 )(5−√−3

2 )


Splitting Examples (cont)

Z[√−5] :

2 is inert3 is inert5 ramifies −→ −(

√−5)2

7 is inert29 splits (first prime to do so)−→ (3 + 2

√−5)(3− 2

√−5)

Z[√

3] :

2 splits −→ −(1 +√

3)(1−√

3)3 ramifies −→ (

√3)2

5 is inert7 is inert13 splits −→ (4 +

√3)(4−

√3)


Unique Factorization


Unique Factorization & The Usual Suspects


Number Theory: Topics

Elementary Number Theory

Algebraic Number Theory

Analytic Number Theory

Computational Number Theory


1. Number Theory - Department of Mathematics and...

Documents

Transcript of 1. Number Theory - Department of Mathematics and...