Elementary Number Theory and Its Applications, 1986

Elementary Number Theory andlts Applications KennethH. Rosen AT&T Informotion SystemsLaboratories (formerly part of Bell Laborotories)

A YY

ADDISON-WESLEY PUBLISHING COMPANY Read ing, Massachusetts Menlo Park, California London Amsterdam Don Mills, Ontario Sydney

Cover: The iteration of the transformation

T(n) :

if n is even \ n/2 if n is odd l Qn + l)/2

is depicted. The Collatz conjecture assertsthat with any starting point, the iteration of ?"eventuallyreachesthe integer o n e . ( S e eP r o b l e m 3 3 o f S e c t i o n l . 2 o f t h e t e x t . )

Library of Congress Cataloging in Publication Data Rosen, Kenneth H. Elementary number theory and its applications. Bibliography: p. Includes index. l. Numbers, Theory of.

QA24l.R67 1984 rsBN 0-201-06561-4

I. Title.

512',.72

8 3 - l1 8 0 4

Reprinted with corrections, June | 986 Copyright O 1984 by Bell Telephone Laboratories and Kenneth H. Rosen. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,photocopying, recording, or otherwise, without prior written permission of the publisher. printed in the United States of America. Published simultaneously in Canada. DEFGHIJ_MA_8987

Preface

Number theory has long been a favorite subject for students and teachersof mathematics. It is a classical subject and has a reputation for being the "purest" part of mathematics, yet recent developments in cryptology and computer science are based on elementary number theory. This book is the first text to integrate these important applications of elementary number theory with the traditional topics covered in an introductory number theory course. This book is suitable as a text in an undergraduatenumber theory course at any level. There are no formal prerequisitesneeded for most of the material covered, so that even a bright high-school student could use this book. Also, this book is designed to be a useful supplementarybook for computer science courses,and as a number theory primer for computer scientistsinterested in learning about the new developmentsin cryptography. Some of the important topics that will interest both mathematics and computer sciencestudents are recursion,algorithms and their computationai complexity, computer arithmetic with large integers, binary and hexadecimal representations of integers, primality testing, pseudoprimality,pseudo-randomnumbers, hashing functions, and cryptology, including the recently-invented area of public-key cryptography. Throughout the book various algorithms and their computational complexitiesare discussed.A wide variety of primality tests are developedin the text. Use of the Book The core material for a course in number theory is presentedin Chapters 1, 2, and 5, and in Sections 3.1-3.3 and 6.1. Section 3.4 contains some linear algebra; this section is necessary background for Section 7.2; these two sections can be omitted if desired. Sections 4.1, 4.2, and 4.3 present traditional applications of number theory and Section 4.4 presents an application to computer science; the instructor can decide which of these sectionsto cover. Sections 6.2 and 6.3 discussarithmetic functions. Mersenne primes, and perfect numbers; some of this material is used in Chapter 8. Chapter 7 covers the applications of number theory to cryptology. Sections 7.1, 7.3, and 7.4, which contain discussionsof classical and public-key

vt

Preface

cryptography,should be included in all courses.Chapter 8 deals with primitive roots; Sections 8.1-8.4 should be covered if possible. Most instructors will want to include Section 8.7 which deals with pseudo-randomnumbers. Sections 9.1 and 9.2 are about quadratic residues and reciprocity, a fundamental topic which should be covered if possible;Sections 9.3 and 9.4 deal with Jacobi symbols and Euler pseudoprimesand should interest most readers. Section 10.1, which covers rational numbers and decimal fractions. and Sections I 1.1 and I 1.2 which discussPythagoreantriples and Fermat's last theorem are coveredin most number theory courses. Sections 10.2-10.4 and I 1.3 involve continued fractions; these sectionsare optional. The Contents The reader can determine which chapters to study based on the following descriptionof their contents. Chapter I introduces two importants tools in establishing results about the integers, the well-ordering property and the principle of mathematical induction. Recursive definitions and the binomial theorem are also developed. The concept of divisibility of integers is introduced. Representations of integers to different bases are described, as are algorithms for arithmetic operations with integers and their computational complexity (using big-O notation). Finally, prime numbers, their distribution, and conjectures about primes are discussed. Chapter 2 introduces the greatest common divisor of a set of integers. The Euclidean algorithm, used to find greatest common divisors, and its computational complexity, are discussed, as are algorithms to express the greatest common divisor as a linear combination of the integers involved. The Fibonacci numbers are introduced. Prime-factorizations, the fundamental theorem of arithmetic, and factorization techniques are covered. Finally, linear diophantine equationsare discussed. Chapter 3 introduces congruences and develops their fundamental properties. Linear congruencesin one unknown are discussed,as are systems of linear congruences in one or more unknown. The Chinese remainder theorem is developed,and its application to computer arithmetic with large integers is described. Chapter 4 developsapplicationsof.congruences. In particular, divisibility tests, the perpetual calendar which provides the day of the week of any date, round-robin tournaments,and computer hashing functions for data storage are discussed.

Preface

vtl

Chapter 5 developsFermat's little theorem and Euler's theorem which give some important congruencesinvolving powers of integers. Also, Wilson's theorem which gives a congruencefor factorials is discussed. Primality and probabilistic primality tests based on these results are developed. Pseudoprimes, strong pseudoprimes, and Carmichael numbers which masquaradeas primes are introduced. Chapter 6 is concernedwith multiplicative functions and their properties. Special emphasisis devotedto the Euler phi-function, the sum of the divisors function, and the number of divisors function and explicit formulae are developed for these functions. Mersenne primes and perfect numbers are discussed. Chapter 7 gives a thorough discussionof applicationsof number theory to cryptology, starting with classical cryptology. Character ciphers based on modular arithmetic are described,as is cryptanalysisof these ciphers. Block ciphers based on modular arithmetic are also discussed. Exponentiation ciphers and their applications are described, including an application to electronic poker. The concept of a public-key cipher system is introduced and the RSA cipher is describedin detail. Knapsackciphers are discussed,as are applicationsof cryptographyto computer science. Chapter 8 includes discussionsof the order of an integer and of primitive roots. Indices, which are similar to logarithms, are introduced. Primality testing basedon primitive roots is described. The minimal universalexponent is studied. Pseudo-random numbers and means for generating them are discussed.An applicationto the splicingof telephonecablesis also given. Chapter 9 covers quadratic residues and the famous law of quadratic reciprocity. The Legendreand Jacobi symbolsare introduced and algorithms for evaluating them are developed. Euler pseudoprimesand a probabilistic primality test are covered. An algorithm for electronically flipping coins is developed. Chapter l0 coversrational and irrational numbers,decimal representations of real numbers,and finite simple continuedfractionsof rational and irrational numbers. Special attention is paid to the continued fractions of the square roots of po"itive integers. Chapter 1l treats some nonlinear diophantine equations. Pythagorean triples are described. Fermat's last theorem is discussed. Finallv. Pell's equation is covered.

vill

P reface

Problem Sets After each sectionof the text there is a problem set containing exercisesof various levelsof difficulty. Each set containsproblemsof a numerical nature; these should be done to develop computational skills. The more theoretical and challenging problems should be done by studentsafter they have mastered the computationalskills. There are many more problemsin the text than can be realistically done in a course. Answers are provided at the end of the book for selectedexercises,mostly those having numerical answers. Computer Projects After each section of the text there is a selectionof computer projects that involve concepts or algorithms discussedin that section. Students can write their programs in any computer language they choose, using a home or personal computer, or a minicomputer or mainframe. I encouragestudents to use a structured programming languagesuch as C, PASCAL, or PL/ 1, to do these projects. The projects can serve as good ways to motivate a student to learn a new computer language, and can give those students with strong computer science backgrounds interesting projects to tie together computer scienceand mathematics. Unsolved Problems In the text and in the problem setsunsolvedquestionsin number theory are mentioned. Most of these problems have eluded solution for centuries. The reader is welcome to work on these questions,but should be forewarned that attempts to settle such problems are often time-consuming and futile. Often people think they have solved such problems,only to discover some subtle flaw in their reasoning. Bibliography At the end of the text there is an extensivebibliography,split into a section for books and one for articles. Further, each section of the bibliography is subdivided by subject area. In the book section there are lists of number theory texts and references, books which attempt to tie together computer scienceand number theory, books on some of the aspectsof computer science dealt with in the text, such as computer arithmetic and computer algorithms, books on cryptography, and general references.In the articles section of the bibliography, there are lists of pertinent expository and research papers in number theory and in cryptography. These articles should be of interest to the reader who would like to read the original sources of the material and who wants more details about some of the topics coveredin the book.

Preface

tx

Appendix A set of five tables is included in the appendix to help studentswith their computations and experimentation. Students may want to compile tables different than those found in the text and in the appendix; compiling such tables would provide additional computer projects. List of Symbols A list of the svmbols used in the text and where they are defined is included. Acknowledgments I would like to thank Bell Laboratoriesand AT&T Information Systems Laboratories for their support for this project, and for the opportunity to use the UNIX system for text preparation. I would like to thank George Piranian for helping me develop a lasting interest in mathematics and number theory. Also I would like to thank Harold Stark for his encouragementand help, starting with his role as my thesisadvisor. The studentsin my number theory courses at the University of Maine have helped with this project, especially Jason Goodfriend, John Blanchard, and John Chester. I am grateful to the various mathematicians who have read and reviewed the book, including Ron Evans, Bob Gold, Jeff Lagarias and Tom Shemanske. I thank Andrew Odlyzko for his suggestions,Adrian Kester for his assistancein using the UNIX system for computations, Jim Ackermann for his valuable comments, and Marlene Rosen for her editing help. I am particularly grateful to the staff of the Bell Laboratories/American Bell/AT&T Information Services Word ProcessingCenter for their excellent work and patience with this project. Special thanks go to Marge Paradis for her help in coordinating the project, and to Diane Stevens, Margaret Reynolds, Dot Swartz, and Bridgette Smith. Also, I wish to express my thanks to Caroline Kennedy and Robin Parson who typed preliminary versions of this book at the University of Maine. Finally, I would like to thank the staff of Addison-Wesley for their help. I offer special thanks to my editor, Wayne Yuhasz, for his encouragement,aid, and enthusiasm.

Lincroft, New Jersey December.1983

Kenneth H. Rosen

Contents

Chapterl. l.l 1.2 1.3 t.4 1.5

The Integers The well-ordering Divisibility Representations of int;;;;;....-'.....-'-.'......... Computer operationswith integers............ Prime numbers...

Chapter2.

Greatest Common Divisors and Prime Factorization

2.1 2.2 2.3 2, 4 2.5

Greatest common divisors The Euclideanalgorithm ........... The fundamentaltheorem of arithmetic ............ Factorization of integers and the Fermat numbers Linear diophantineequations...............

Chapter3. 3.1 3.2 3.3 3.4 Chapter4. 4.1 4.2 4.3 4. 4

4 l8 24 33 45

53 58 69 79 87

Congruences Introduction to congruences Linearcongruences.............. The Chinese remainder theorem Systemsof linear congruences..............

9l 102 107 I 16

Applications of Congruences D i v i s i b i l i t yt e s t s . . . . . . . . . T h e p e r p e t u a cl a l e n d a r . . . . . . . . . . . . . R o u n d - r o b i nt o u r n a m e n t s . . . . . . . . . . Computer file storageand hashingfunctions...............

.. ..

129 134 139 l4l

xl

Contents

Chapter 5. 5.1 5.2 5.3 Chapter6. 6.1 6.2 6.3 Chapter 7. 7 .l 7 .2 7.3 7.4 7.5 7.6 Chapter 8. 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 Chapter 9. 9.I 9.2 9.3 9.4

Some Special Congruences Wilson's theorem and Fermat's little theorem Pseudoprimes.............. Euler's theorem

..

147 152 16l

MultiplicativeFunctions E u l e r ' sp h i - f u n c t i o n. . . . . . . . . . . . . . . T h e s u m a n d n u m b e ro f d i v i s o r s . . . . . . . . . . . . . . Perfect numbersand Mersenneprimes

166 174 180

Cryptology Character ciphers Block ciphers Exponentiation ciphers............... Public-keycryptography............. Knapsack ciphers Some applicationsto computer science

..

188 198 205 212 219 227

Primitive Roots The order of an integer and primitive roots Primitive roots for primes Existenceof primitive roots Index arithmetic Primality testing using primitive roots......... Universal exponents. Pseudo-random numbers............ The splicingof telephonecables

.. ..

232 238 243 252 263 268 275 280

Quadratic Residuesand Reciprocity Quadratic residues Quadratic reciprocity The Jacobi symbol Euler pseudoprimes.............

..

288 304 314 325

xtl

Contents

Chapter 10. 10.1 10.2 10.3 10.4 Chapter I l.

l.l t.2 1.3

Decimal Fractions and Continued Fractions Decimal fractions... Finite continuedfractions Infinite continued fractions Periodic continued fractions

336 350 361 315

Some Nonlinear Diophantine Equations Pythagoreantriples.... F e r m a t ' sl a s t t h e o r e m. . . . . . . . . . . . . Pell'sequations

391 397 401

Appendix.. Answers to selected problems Bibliography............. List of symbols.... Index

410 426 438 445 447

lntroduction

Number theory, in a general sense, is the study of numbers and their p r o p e r t i e s .I n t h i s b o o k ,w e p r i m a r i l y d e a l w i t h t h e i n t e g e r s , 0 ,+ 1 , + 2 , . . . . We will not axiomatically define the integers, or rigorously develop integer arithmetic.l Instead, we discussthe interestingpropertiesof and relationships between integers. In addition, we study the applicationsof number theory, particularly thosedirected towardscomputer science. As far back as 5000 years ago, ancient civilizations had developedways of expressingand doing arithmetic with integers. Throughout history, different methods have been used to denote integers. For instance, the ancient Babyloniansused 60 as the base for their number system and the Mayans used 20. Our method of expressing integers, the decimal system,was first developed in India approximately six centuries ago. With the advent of modern computers, the binary system came into widespreaduse. Number theory has been used in many ways to devise algorithms for efficient computer arithmetic and for computer operationswith large integers. The ancient Greeks in the school of Pythagoras, 2500 years ago, made the distinction betweenprimes and composites. A prime is a positive integer with no positive factors other than one and the integer itself. In his writings, Euclid, an ancient Greek mathematician, included a proof that there are infinitely many primes. Mathematicians have long sought formulae that generate primes. For instance, Pierre de Fermat, the great French number theorist of the seventeenthcentury, thought that all integers of the form 22' + 1 are prime; that this is false was shown, a century after Fermat made this claim, by the renowned Swiss mathematician Leonard Euler, who demonstratedthat 641 is a factor of 22' + | . The problem of distinguishing primes from compositeshas been extensively studied. The ancient Greek scholarEratosthenesdeviseda method, now called l.

S u c h a n a x i o m a t i c d e v e l o p m e n to f t h e i n t e g e r sa n d t h e i r a r i t h m e t i c c a n b e f o u n d i n L a n d a u

t6ll.

Introduction

the sieve of Eratosthenes, that finds all primes less than a specified limit. It is inefficient to use this sieve to determine whether a particular integer is prime. The problem of efficiently determining whether an integer is prirne has long challengedmathematicians. Ancient Chinese mathematiciansthought that the primes were precisely those positive integers n such that n divides 2' - 2. Fermat showed that if n is prime, then n does divide 2n - 2. However, by the early nineteenth century, it was known that there are compositeintegersn such that n divides 2n - 2, such as n : 341 . These compositeintegers are called pseudoprimes Becausemost compositeintegers are not pseudoprimes,it is possibleto develop primality tests based on the original Chinese idea, together with extra observations. It is now possibleto efficiently find primes; in fact, primes with as many as 200 decimal digits can be found in minutes of computer time. The fundamental theorem of arithmetic, known to the ancient Greeks, says that every positive integer can be written uniquely as the product of primes. This factorization can be found by trial division of the integer by primes less than its square-root; unfortunately, this method is very timeconsuming. Fermat, Euler, and many other mathematicians have produced imaginative factorization techniques. However, using the most efficient technique yet devised, billions of years of computer time may be required to factor an integer with 200 decimal digits. The German mathematician Carl Friedrich Gauss, consideredto be one of the greatest mathematicians of all time, developed the language of congruences in the early nineteenth century. When doing certain computations,integers may be replaced by their remainders when divided by a specific integer, using the language of congruences. Many questions can be phrased using the notion of a congruencethat can only be awkwardly stated without this terminology. Congruenceshave diverse applications to computer science,including applications to computer file storage, arithmetic with large integers,and the generationof pseudo-randomnumbers. One of the most important applications of number theory to computer science is in the area of cryptography. Congruencescan be used to develop various types of ciphers. Recently, a new type of cipher system, called a public-key cipher system, has been devised. when a public-key cipher is used, each individual has a public enciphering key and a private deciphering key. Messagesare encipheredusing the public key of the receiver. Moreover, only the receiver can decipher the message,since an overwhelming amount of computer time is required to decipher when just the enciphering key is known. The most widely used public-key cipher system relies on the disparity in computer time required to find large primes and to factor large integers. In

lntrocluction

particular, to produce an enciphering key requires that two large primes be found and then multiplied; this can be done in minutes on a computer. When these large primes are known, the decipheringkey can be quickly found. To find the deciphering key from the enciphering key requires that a large integer, namely the product of the large primes, be factored. This may take billions of years. In the following chapters,we discussthese and other topics of elementary number theory and its applications.

1 The Integers

1.1 The Well-OrderingProperty In this section,we discussseveral important tools that are useful for proving theorems. We begin by stating an important axiom, the well-ordering property. The Well-Ordering Property. Every nonempty set of positive integers has a least element. The principle of mathematical induction is a valuable tool for proving results about the integers. We now state this principle, and show how to prove it using the well-ordering property. Afterwards, we give an example to demonstrate the use of the principle of mathematical induction. In our study of number theory, we will use both the well-ordering property and the principle of mathematical induction many times. The Principle of Mathematical Induction. A set of positive integers that contains the integer I and the integer n I I whenever it contains n must be the set of all positive integers. Proof. Let S be a set of positive integers containing the integer I and the integer n * | whenever it contains n. Assume that S is not the set of all positive integers. Therefore, there are some positive integers not contained in .S. By the well-ordering property, since the set of positive integers not contained in S is nonempty, there is a least positive integer n which is not in . S . N o t e t h a t n 1 1 , s i n c el i s i n S . N o w s i n c en ) l , t h e i n t e g e r n - 1 i s

l.l

The Well-Ordering ProPertY

a positive integer smaller than n, and hence must be in S. But since S contains n - l, it must also contain (n-t) + | : n, which is a contradiction, since n is supposedlythe smallest positive integer not in S. This shows that S must be the set of all positive integers. tr To prove theorems using the principle of mathematical induction, we must show two things. We must show that the statement we are trying to prove is true for l, the smallest positive integer. In addition, we must show that it is true for the positive integer n * I if it is true for the positive integer n. By the principle of mathematical induction, one concludes that the set S of all positive integers for which the statement is true must be the set of all positive integers. To illustrate this procedure, we will use the principle of mathematical induction to establish a formula for the sum of the terms of a geometric progression. Definition. Given real numbers 4 and r. the real numbers a , a r , e r 2 ,o t 3 r . . . are said to form a geometric progression. Also, a is called the initial term and r is called the common ratio. Exa m ple. T he num b e rs 5 , -1 5 ,4 5 , -1 3 5 ,... fo rm a geometri c progressi on with initial term 5 and common ratio -3. In our discussion of sums, we will find summation notation useful. The following notation representsthe sum of the real numberse1, o2,...,on. lan

2oo:er*az*

k-l

We note that the letter k, the index of summation, is a "dummy variable" and can be replaced by any letter, so that

5,

ak:

k-l

Example. We see that

nn

2 oi

j-t

i-l

The Integers

) 2j:I+2+3+4+5:15,

j-r

) 2t2:2+2+2+2+2:10,

j-r

and ) 2 2i : 2 * 22+ 23+ 24+ 2s : 62 .

j-1

We also note that in summation notation, the index of summation may range betweenany two integers,as long as the lower limit does not exceedthe upper limit. If m and h are integers such that z ( n, then b

oo:am*a^a1*

*an.

k-m

For instance.we have 5

> k 2 : 3 3+ 4 2+ 5 2 : 5 0 ,

k;t

> 3k:30 + 3t + 32: 13,

fr:0 and I k--2

We now turn our attention to sums of terms of geometricprogressions.The su m of t he t er m s e ) e r, o r2 ,...,a rn i s n

2ori:e*ar*ar2+

*arn,

j-0

where the summation beginswith 7 : g. We have the following theorem. Theorem l.l.

If a and r ^re real numbersand r *

l. then

1.1 The Well-OrderingProperty

n),,narn*l-Q

(1.1)

r* a arn r ' ' : T: T

: a * ar i*a rar2 -t + E ori j:o

.

Proof. To prove that the formula for the sum of terms of a geometric progressionis valid, we must first show that it holds for n : l. Then, we must show that if the formula is valid for the positive integer n, it must also be true for the positive integer n * l. To s t ar t t hings o ff, l e t n : l . T h e n , th e l e ft si de of (t.t) i s a * ar, w hi l e o n t he r ight s ideof (1 .1 ) w e h a v e arL-a _ a?z-t) r-l r-l

_ ab*l)(r-1) T:

a(r*l) : a * ar

So the formula is valid when n : l. N ow we as s um eth a t (1 .1 ) h o l d s for the positive integer n. assumethat

0.2)

That is, we

'tar'-arn*l-Q

alar+arz+

I

We must show that the formula also holds for the positive integer n * l. What we must show is that

(t.:)

a*ar+ar2+

* arn * arn*l :

or@+t)+t_o

ar'+2-e

r-l

r-l

To show that (1.3) is valid, we add orn*r to both sidesof (1.2), to obtain (t.+)

(a*ar*ar2+...+arn)

*

arn+t:o + arr+t, r-l

a r ' + r-

The left side of (t.+) is identical to that of (1.3). To show that the right sides are equal, we note that arn*l-a r-

1 T A ^r - n r r _

I

arn+l-e

r-l

, or'*l (r- I )

T-

orn*l-a*ar'+Z

r-1 arn*l

: r-l

Since we have shownthat 0.2) i m p l i e s (t.:), w e can concl udethat (t.t)

The Integers

holds for all positive integers n. tr Example. Let n be a positive integer. To find the sum

*2',

bro:r*2+22+

k:0

we use Theorem l.l with e : I and r : 2, to obtain

l+2+22+

.

J- 1n

1n*l _ I :

rn*l_r

2-l

Hence, the sum of consecutivenonnegative powers of 2 is one less than the next largest power of 2. A slight variant of the principle of mathematical induction is also sometimes useful in proofs. The Second Principle of Mathematical Induction. A set of positive integers which contains the integer 1, and which has the property that if it contains all th e pos it iv eint eg e rs1 ,2 ,..., k , th e n i t a l s o c ontai nsthe i nteger k + l , must be the set of all positive integers. Proof. Let T be a set of integers containing I and containing k + I if it co nt ains 1, 2, . . . , k . L e t S b e th e s e t o f a l l p osi ti vei ntegersn such that al l the positive integers less than or equal to n are in Z. Then I is in S, and by the hypotheses,we see that if k is in S, then k + | is in S. Hence, by the principle of mathematical induction, S must be the set of all positive integers, so clearly T is also the set of all positive integers. tr The principle of mathematical induction provides a method for defining the values of functions at positive integers. Definition. We say the function f is defined recursively if the value of f at I from f h) . is specifiedand if a rule is providedfor determiningf h*l) If a function is defined recursively, one can use the principle of mathematical induction to show it is defined uniquely at each positive integer. (See problem 12 at the end of this section.) We now give an example of a function defined recursively. We define the factorial function f fu) : nt . First, we specify that

1.1 The Well-Ordering ProPertY

f(r): I , and then we givethe rule for finding f h*1) from f fu), namely

f h+r) : (n+r)'ffu). These two statementsuniquely define r!. To find the value of f G) : 6! from the recursive definition of f h) : nl, use the secondproperty successively,as follows

(2) :6's'4'3'2f0). f 6) :6.f (5) : 6.5.f(4) : 6.s.4'f(3) : 6's'4'3'f We now use the first statement of the definition to replacef 0) by its stated value l. to concludethat 6 l : 6 ' 5 ' 4 ' 3 ' 2 ' :l 7 2 0 . In general, by successivelyusing the recursive definition, we see that n! is the product of the first n positive integers,i.e. n! : l'2'3

n

For convenience,and future use, we specify that 0! : l. We take this opportunity to define a notation for products, analogous to summation notation. The product of the real numbers a1, a2,...,a, is denoted by

ft o, : ere2

j -r

an

The letter 7 above is a "dummy variable", and can be replaced arbitrarily. Example. To illustrate the notation for products we have ) fI j:l'2'3'4'5:120. j-r 5

I I 2 : 2 . 2 . 2 . 2 . 22: 5: 3 2 .

j-r 5 fI Zi : j-r

2.22.23.24.2s:

2r5

l0

The Integers

We note that with this notation, n ! :

fI . j -r ,r

Factorials are used to define binomial cofficients. Definition. Let m and k be nonnegativeintegers with k 4 m. The

r) binomial cofficien,lT I isoenneo uy (^ / r)

mt kt(m_k)t

l*| lk J t r t : -

l^)

In computing we see that there is a good deal of cancellation,because lO ,J,

l^) : - lk )

m; kt@_k)l

t . 2 . 3. . . @ - k ) @ - k + t ) . . . t u - t ) m k! t.2.3 fu-k) (m-k+r) ( m - r )m kt

fzl

Example.To evaluatethe binomialcoefficien, we notethat L, ,J, r\ 1 7| : 7 t : 1 . 2 . 3 . 4 . s . 6 . 7s . 6 . 7

f3J

3t4t r23.r234:E:i)'

We now prove some simple propertiesof binomial coefficients. Proposition 1.2. Let n and k be nonnegativeintegerswith k ( n . Then (i) [;]:[;]:,

r) r ) ( i i ) l l l : -l ' . 1 fkj l,-t,)' Proof. To see that (i) is true, note that

11

1.1 The Well-OrderingProperty

[;]:#

:n'':l nt

and

t;]

_n,._ n !0!

\:t

To verify (ii), we seethat

frl

n;

| . kJ

kth-k)t

l,l:

:-:l

nt

lr

t u - k ) r ( n -h - k ) ) t

,l

l-

ln-* )'

tr

An important property of binomial coefficientsis the following identity. Theorem 1.2. Let n and k be positive integers with n > k. Then

|',]*, I n I _ |,,*'l r loj [o-,J:I

)

Proof. We perform the addition

[;]. lr:, by using the c om m o nd e n o mi n a to rftl (n -k + t)!.

t. + Uc lr\,

Thi s gi ves

n th - k t l ) n tk ktfn-k+l\ ktJtt-t(+il nl((n-k +r) +k) k th - k + t ) t ntfu*l) klfu-k+r)t (n+l)! kth-k +r)t

[l l nn + rI f k )

u

t2

The Integers

Using Theorem 1.2, we can easily construct Pascal's triangle, which displavsthe binomial coefficients. In this triangle, the binomial coefficient |,,]

rs t he |.r,l

( k + t)ttr n u m b e r i n th e (n + l )th

row . The fi rst ni ne row s of

Pascal'st r ianglea re d i s p l a y e di n F i g u re l .l . I ll

r2l l33l r4641 15101051 1615201561 172135352171 18285670562881 'Plr"urt Figure1.1.

triangle.

We see that the exteriornumbersin the triangleare all l. To find an interiornumber,we simplyadd the two numbersin the positionsabove,and to either side,of the positionbeing filled. From Theorem1.2, this yieldsthe correctinteger. of powersof sums. Exactly occur in the expansions Binomial coefficients how they occuris describedby the binomial theorem. The BinomialTheorem. Let x and y be variablesand n a positiveinteger. Then

: y'+ (x*y)n l:).. [;]".. [T]".-',. + l,:r)*r.-,+ [,:,]'y n - +l:),' -2

or using summation notation,

2

l3

1.1 The Well-Ordering ProPertY

G + y ) n: 2

^

j-0

(n]

l\ J; ll * " - t y t

We prove the binomial theorem by mathematical induction. In the proof we make use of summation notation. Proof. We use mathematical induction. When n : l, according to the binomial theorem. the formula becomes

(x*y)r-frlfrl + loj"'.yoI,,J"or' lrlfrl

But because lnl: t"J

lil:t,this

s t a t e st h a t ( x + y ) r : x

*y,

w h i c hi s

\^/

obviously true. We now assume the theorem is valid for the positive integer n, that is, we assumethat

^ fn) G+ y ) n: 2 l , l r ' - i r i . \r ) j-0 We must now verify that the correspondingformula holds with n replaced by n * l, assumingthe result holds for n. Hence, we have (x+y)n+r - (xty)"(x+y)

'l I : l, |,,.l l a l\ri l)" - t ' l l ( x + r ) |.i:o

, lnl j-0

\r )

J

, fr) j:0

\J ./

We see that by removing terms from the sums and consequently shifting indices.that

t4

The Integers

21,).'-'."' 2l;).'-'.',' :'Al,).'-'''.' 3l:).'-'''*' : In+l +

and

* yn+t

:21'!'1"-'*' yj + yn*t

Hence, we find that 't

( x *Y )' + r -

I

n

xn+r

+>

lxn-i+tri I yn+t I

j-r

By Theorem 1.2, we have

t;l+ [,1']:

[';']

,

so we conclude that

- ,,*, + bl':'fx,-i*,ri k+y),,'+r I r )

* yn+r

i-t

-

n * t [ n + rI S

I

l*n+t-iri

t 1 ^l . j )

This establishesthe theorem. u We now illustrate one use of the binomial theorem. If we let x : y : l. we see from the binomial theorem that

^ lrl

2 n: ( t + t ) , : )

j-0

, rl

lnl : l\ r r )l t , - r l i j -)o LJ,l

This formula showsthat if we add all elementsof the fu+l)th row of Pascal's triangle, we get 2n. For instance,for the fifth row, we find that

15

1.1 The Well-OrderingProPertY

:, +4+6+4+,:,6:24 . . . . [;] [l] [l] [l] [l]

Problems

l.l l.

Find the values of the following sums l0

l0

a) >2 j-r

c) 2j' j-r

l0

t0

u) 2i

o) 22i. j-r

j-l

2.

Find the values of the following products 55

c) r. j'

i l j -rl r 2 ) b) trj

0) il2i

j-t

j-l

3 . Find n ! for n equal to each of the first ten positive integers. 4.

fro)frolfrolfrol frol Find lo,|'|.,.l'I r.l'I tJ'^na lroJ'

5 . Find the binomial coefficients

fnl , fnl

f,ol

|'qI fgI

froI

and o andverirvthat l',l' loJ' I ,J'

lrj*loj: loJ 6 . Show that a nonempty set of negative integers has a largest element. 7 . Use mathematical induction to prove the following formulae.

a) >,i:t+2+3+

+ ,:n(nlD. L

j-l

U) 2i': j-l

12+22+32+

+

.t , a

n (n+l) (2n+l) 6

t6

The Integers

|

c ) i . r ' : t ' + 2 3+ 3 3+ i-tt2l

* n3: | 't'ftl

12

I

8.

Finda formula rcrjft Zi. -l

9.

Use the principle of mathematical induction to show that the value at each positive integer of a function defined recursivelyis uniquely determined.

r0.

what function f (n) is defined recursively by f 0) : 2 and for n)l?

ll.

I f g i s d e f i n e d r e c u r s i v e l yb y g ( l ) : 2 what is S(02

t2.

The second principle of mathematical induction can be used to define functions recursively. We specify the value of the function at I and give a rule for finding from the values of f at the first n positive integers. Show that the f h+l) values of a function so defined are uniquely determined.

t3.

We define a function recursively for all positive integers n bV (l) : l, "f and for n 2 2, f h+t):f Show that f (n) : h) + 2f (n-t). f (2):5, 2^ + el)n, using the secondprinciple of mathematical induction.

14. a)

g(n) :2sb-D

and

Let n be a positive integer. By expanding (l+(-l))'with theorem. show that

f (n+D : 2f (n) for

n 7 2,

the binomial

,

fr) : o. ) (-r)o lrJ b) usepart(a),andthefactthat > f;l :2' , to find \'' J t-o

f,l* f,l* l,l * loj IrJ loj and

[,lf,l|,,l ['J*l,J* I'J* c)

Findthesuml -2+22-23

+

15. Show by mathematical induction that (2n)t < 22'(nl)z.

+2too. if

n

is a

positive integer, then

t7

1.1 The Well-Ordering ProPertY

16. The binomial coefficients

x is a variable, and n is a positive integer, [;],*nr." : x and

can be defined recursivelyby the equations

[l ]

| .I ,_n [,1 In+tJ:R l;l |.".l

x!

,

a)Showthatifxisapositiveinteger,then[oJ:ffi,wherekisan integerwithl(k(x.

.

b)

["]

S h o w t h a tl - l + l,?J

[*l 1.,,

| : lt?+rj

f'+rl l--*, ln,'t

l,whenevernisapositiveinteger.

of inclusion - exclusion. Suppose P2,.,., P, be t different properties Pr, that S is a set with n elements and let that an element of S may have. Show that the number of elements of S possessingnone of the / properties is

t 7 . In this problem, we develop the principle

+ n@)l n -ln(rr) + n(p) + + n(P,-r,P,)l + l n ( P t , P z+ ) n ( P t , P r+) - { n ( P r , P z , P t )* n ( P r P z , P q ) + + + (-l)'n (P1,P2,...,P,),

* n(P,-2,P,4,P,)|

where n(Pi,,Pi,,..., P,,) is the number of elements of S possessingall of the properties Pi,,P;,,...,P;,.The first expressionin brackets contains a term for each property, the secondexpressionin brackets contains terms for all combinations of two properties, the third expressioncontains terms for all combinations of three properties,and so forth. (Hint: For each element of S determine the number of times it is counted in the above expression. If an element has k of the

properties, showit is counted t-

lrl + lpllrJ

Itl

+ (-l)ft

ltl ,i-.t. lrJ

This

equals zeroby problem la(a).) 1 8 . The tower of Hanoi was a popular puzzle of the late nineteenth century. The puzzle includes three pegs and eight rings of different sizes placed in order of size, with the largest on the bottom, on one of the pegs. The goal of the puzzle is to move all the rings, one at a time without ever placing a larger ring on top of a smaller ring, from the first pbg to the second,using the third peg as an auxiliary peg.

l8

The Integers

a)

Use mathematicalinduction to show that the minimum number of movesto transfer n rings, with the rules we have described,from one peg to another is 2n - 1.

b)

An ancient legend tells of the monks in a tower with 64 gold rings and 3 diamond pegs. They started moving the rings, one move per second, when the world was created. When they finish transferring the rings to the second peg, the world ends. How long will the world last?

19. Without multiplying all the terms, show that il 6! 7!: l0! b) l0!:7! 5! 3!

c) 16!: l4t 5t 2l d ) 9 t - 7 13 ! 3 ! 2 ! .

20. Let an : (af a2l. ar-1!) - l, and on+t: af. a2t o1,a2,...,etr-1 or€ positiveintegers. Show that an*1!: al. a2t 2 1 . F i n d a l l p o s i t i v ei n t e g e r sx , y , a n d z s u c h t h a t x t * y l : l.l

an_tl, onl.

where

z!.

Computer Projects Write programs to do the following:

l.

Find the sum of the terms of a geometric series.

2.

Evaluate n !

3.

Evaluate binomial coefficients.

4.

Print out Pascal'striangle.

5.

List the movesirr the Tower of Hanoi puzzle (see problem l8).

6.

Expand (x*y)",

where n is a positive integer, using the binomial theorem.

1.2 Divisibility When an integer is divided by a secondnonzerointeger, the quotient may or m ay not be an i n te g e r. F o r i n s ta n c e ,2 4 /8 : 3 i s an i nteger,w hi l e l 7/5:3.4 is not. This observationleads to the following definition. Definition. If a and b are integers, we say that a divides b if there is an integer c such that b : ac. lf a divides b, we also say that a is a divisor or factor of b.

t9

1.2 Divisibility

I f a d i v i d e sb w e w r i t e a l b , w h i l e i f a d o e s n o t d i v i d e b , w e w r i t e a t r U . Example. The following examples illustrate the concept of divisibility of

i n t e g e r s1:3| 1 8 2-,5 | 9 0 ,t 7 l 2 8 g , e t r q q , l t r s o-,l | : 1 , a n d1 71 0 .

Example. The divisorsof 6 are +1, *2, +3, and +6. The divisorsof 17 are +5, +10, The divisors of 100 are +1, *2,+4, tl and tI7. +20, +25, +50, and + 100. In subsequentsections,we will need some simple properties of divisibility. We now state and prove these properties. 1.3. If a,b,and c areintegerswitha Proposition l b a n db l r , t h e n a l c . Proof. Since a I b and b I c, there are integers e and f with ae : b and bf : ,. Hence, bf : be)f : aGf) : c, and we concludethat a I c. a Exa mple. S inc e 1l | 6 6 a n d 6 6 | tl a , P ro p o s i ti on1.3 tel l s us that 11 | 198. P r o p o s i t i o n1 . 4 . l f a , b , m , c | (ma+nb).

a n d n a r e i n t e g e r sa, n d i f c l a a n d c l D , t h e n

Proof. Since c I a and c | 6, there are integers e and / such that a : ce and b : c f . Henc e, m a * n b : m c e * n c f : c (me + nf). C onsequentl y, w e see th a t c | f ua+ nb) . E Exa mple. S inc e 3l2 l

a n d : I l l , Pro p o s i ti o n1 .4 tel l s us that

3 | 6 - z l - 3 . 3 3:) l o 5 - 9 9 : 6 . The following theorem states an important fact about division. The Divisionl$f$* If a and b are integers such that b > 0, then there are unique integers q and r such that a : bq * r with 0 ( r < b. In the equation given in the division algorithm, we call q the quotient and r the remainder. We note that a is divisible by b if and only if the remainder in the division algorithm is zero. Before we prove the division algorithm, consider the following examples.

20

The Integers

Example. If a-.133 and b:21, then Q:6 and r:7, since 133:21'6+7. L i k e w i s ei,f a : - 5 0 a n d b : 8 , t h e n q - - 7 and r:6, s i n c e- 5 0 : 8 ( - 7 ) + 6. For the proof of the division algorithm and for subsequent numerical computations,we need to define a new function. Definition. Let x be a real number. The greatest integer in x, denoted by [x ], is the largest integer lessthan or equal to x. Example.

We

have the following values for

: 2,131: 3, andI-t.sl : -2. x'. 12.21

the greatest integer in

The proposition below follows directly from the definition of the greatest integer function. Proposition 1.5. If x is a real number, then x-l

< [x] ( x.

We can now prove the division algorithm. Note that in the proof we give explicit formulae for the quotient and remainder in terms of the greatest integer function. Proof. Let q:la/bl a n d r : a - b l a / b l . C l e a r l ya : b q * r . T o s h o w r that the remainder satisfies the appropriate inequality, note that from Proposition1.5, it follows that G/b)-l

< ta/bl 4a/b.

We multiply this inequality by b, to obtain a - b < btalbl 4 a. Multiplying by -1, and reversingthe inequality,we find that

-a(-b[a/bl
0 ( r - a - bla/bl < n. To show that the quotient q and the remainder r are unique, assume that w e h a v e t w o e q u a t i o n sa : b q r * r r a n d a : b q z * r r , w i t h 0 ( r r ( b a n d 0 ( rz < b. By subtracting the secondof these from the first, we find that

2l

1.2 Divisibility

0:bQt-qr)+(r;r2) Hence. we seethat

rz - rr: b(qt-qr). Th i s tells us t hat D d i v i d e s rz - rr. Si n c e 0 ( rr I b and 0 ( rz ( b, w e This shows that b can divide rz- 11 only if have -b < rz- rr 1b. r z - 1 1 : 0 , o r , i n o t h e r w o r d s ,i f 1 1 : 1 2 . S i n c e b q t + r t : b Q z * 1 2 a n d rt: 1 2 we als o s ee th a t Qr: Qz . T h i s s h o w s th at the quoti ent q and the remainder r are unique. tr
1.2 Problems l.

S h o wt h a t3 l g g , s I t + S , 7 l 3 4 3 ,a n d8 8 8| 0 .

2. Decidewhich of the followingintegersare divisibleby 22

il0 b) 444 c) 1716

d) r92s44 e) -325r6 f) -195518.

22

3.

The Integers

Find the quotient and remainder in the division algorithm with divisor 17 and dividend

a) loo b) 28e

c) -44 d) -100.

4.

What can you conclude if a and b are nonzero integers such that a I b and bla?

5.

Show that if a, b, c, and d are integers with a and c nonzero such that a I b and c I d, then ac I bd.

6 . A r e t h e r e i n t e g e ras, b , a n d c s u c h t h a t a l b c , b u t a 7 . Show that if a, b,and c l0

I b anda I c).

a r e i n t e g e r s t, h e n a I t i f a n d o n l y i f a c I b c .

8 . Show that if a and b are positive integers and a I D, then a ( D. 9 . Give another proof of the division algorithm by using the well-ordering property. (Hint: When dividing a by b, take as the remainder the least positive integer in the set of integersa-qb.)

1 0 . Show that if a and b are odd positive integers, then there are integers s and , s u c ht h a t a : b s * / , w h e r eI i s o d d a n d l r l < n . When the integer a is divided by the interger b algorithm gives a quotient of q and a remainder of r. -a is divided by b, the division algorithm gives a remainder of b - r, while if 6 | a, the quotient is -q

where b > 0, the division Show that if 6 ,f a, when quotient of -(q*l) and a and the remainder is zero.

1 2 . Show that if a, b, and c are integers with b ) 0 and c ) 0, such that when a is divided by b the quotient is q and the remainder is r, and when q is divided by c the quotient is / and the remainder is s, then when a is divided by bc, the quotient is I and the remainder is bs * r.

1 3 . il

b)

Extend the division algorithm by allowing negative divisors. In particular, show that whenever a and b # 0 are integers, there are integers q and r such that a : bq * r, where 0 ( r < lAl . Find the remainderwhen 17 is divided by -7.

1 4 . Show that if a and D are positive integers, then there are integers q,r and e :

! . 1 s u c ht h a t a :

bq * er where-b/2 <er4

b/2.

1 5 . S h o w t h a t i f a a n d b a r e r e a l n u m b e r s ,t h e n l a + b l 2 l a ]

+ [r].

1 6 . Show that if a and b are positive real numbers, then labl 2 Laltbl . What is the corresponding inequality when both a and b are negative? When one is negative and the other positive?

23

1.2 Divisibilitv

17. What is the value of [a ] + l-a I when a is a real number? 18. Show that if a is a real number then a)

-I-a

b)

la + %l is the integer nearest to a (when there are two integers equidistant from a, it is the larger of the two).

I is the least integer greater than or equal to a.

19. Show that if n is an integer and x is a real number, then [x*n] 20. Show that if m and n \

(r

: [xl + n .

0 are integers, then

r

I 1I1 |

| * + r 1 . J L J'

I n_ i : l l I I I llyl*tif

if m :

kn - I for someintegerk.

m:kn-lforsomeintegerk.

ILnl

21. Show that the integer n is even if and only if n - 2ln /21 : 0. 22.

Show that if a is a real number, then [a ] + Ia + %l : l2al .

23.

a)

Show that the number of positive integers less than or equal to x that are divisible by the positive integer d is given by [x/dl.

b)

Find the number of positive integers not exceeding 1000 that are divisible by 5 , b y 2 5 , b y 1 2 5 ,a n d b y 6 2 5 .

c)

How many integers between 100 and 1000 are divisible by 7? by 49'l

24. To mail a letter in the U.S.A. it costs 20 cents for the first ounce and l8 cents for each additional ounce or fraction thereof. Find a formula involving the greatest integer function for the cost of mailing a letter. Could it possibly cost S 1.08 or ,$I .28 to mail a letter? 25. Show that if a is an integer, then 3 divides a3-a 26. Show that the sum of two even or of two odd integers is even, while the sum of an odd and an even integer is odd. 27.

Show that the product of two odd integers is odd, while the product of two integers is even if either of the integers is even.

28. Show that the product of two integers of the form 4ft * I is again of this form, while the product of two integers of the form 4k * 3 is of the form 4ft * L 29. Show that the square of every odd integer is of the form 8k + l.

24

The Integers

30. Show that the fourth power of every odd integer is of the form l6k + l. 31. Show that the product of two integers of the form 6k * 5 is of the form 6k * L 32.

Show that the product of any three consecutiveintegers is divisible by 6.

33.

Let n be a positive integer. We define f

T(n) :

ln/2

if n is even

1Qn*D/z

if n is odd.

We then form the sequence obtained by iterating T: n , T ( n ) , T ( T Q ) ) , f ( f ( f ( n ) ) ) , . . . . F o r i n s t a n c e ,s t a r t i n g w i t h n : 7 w e h a v e 7 , 1 1 , 1 7 , 2 6 , 1 3 , 2 0 , 1 0 , 5 , 8 , 4 , 2 , 1 , 2 , 1 , 2. , 1A ... well-known conjecture,sometimes called the Collatz coniecture, assertsthat the sequenceobtained by iterating Z always reachesthe integerI no matter which positive integer n begins the sequence. a)

Find the sequenceobtainedby iterating Z starting with n :29.

b)

Show that the sequenceobtained by iterating Z starting with n: (2k-l)/3, where k is an even positive integer, k > l, always reachesthe integer l.

1.2 Computer Projects Write programs to do the following: l

Decide whether an integer is divisible by a given integer.

2.

Find the quotient and remainder in the division algorithm.

3.

Find the quotient, remainder, and sign in the modified division algorithm given in problem 14.

4.

I n v e s t i g a t et h e s e q u e n c en , T ( n ) , T ( T h ) ) , 33.

f (rQ

( n ) ) ) , . . . d e f i n e di n p r o b l e m

1.3 Representations of Integers The conventionalmanner of expressingnumbersis by decimal notation. We write out numbers using digits to representmultiples of powers of ten. For instance,when we write the integer 34765,we mea;r 3 . 1 0 4+ 4 . 1 0 3+ 7 . 1 0 2+ 6 . 1 0 1+ 5 . 1 0 0 . There is no particular reasonfor the use of ten as the base of notation,other than the fact that we have ten fingers. Other civilizations have used different

25

of Integers 1.3 Representations

bases,including the Babylonians,who used base sixty , and the Mayans, who Electronic computers use two as a base for internal used base twenty representationof integers,and either eight or sixteen for display purposes. We now show that every positive integer greater than one may be used as a base. Theorem 1.3. Let b be a positive integer with b > l. integer n can be written uniquely in the form n : a k b k * a p - 1 b k - rt

Then every positive

* a1b I oo,

w h e r e a; is an int eg e rw i th 0 ( o ; < b -l coefficientak I O.

fo r,/ :0,

1,..., k and the i ni ti al

Proof . We obtain an expressionof the desired type by successivelyapplying the division algorithm in the following way. We first divide n by b to obtain n:beo*oo,

0(ao
Then we divide qoby b to find that 0(ar(6-t.

eo:bq1ta6 We continue this processto obtain Qt: bq2t a2, qr= bq3l a3,

0 ( a2 ( b-1, 0 ( ar ( b-1,

Q k - z: b q * - r * a k - r , 0 ( a 1 - 1 ( b - 1 , Qk-t: b.0 * ap, 0 ( a1 ( b-t. The last step of the processoccurs when a quotient of 0 is obtained. This is guaranteedto occur, becausethe sequenceof quotients satisfies n ) qo)

qr)

qz> "'>

0,

and any decreasing sequence of nonnegative integers must eventually terminate with a term equaling 0.

26

The Integers

From the first equation above we find that n:

beo* ao.

We next replace {6 using the secondequation, to obtain n : b(bqfta1) + as : bzqrI a1b I as, Successively substituting for qr, Q2,..., Qk_r,we have n:

b 3 q z + a 2 b 2* a 1 b * o r ,

: =i: ri::,-'**"::,t{,-'..**olr'u**ol' : a t b k + a 1 r - 1 b k -*r

t aft * ao.

w her e 0 ( a; < b -l fo r 7 : 0 ,1 ,...,ka n d a * I 0, si nceek : 4r-r i s the l ast nonzero quotient. Consequently,we have found an expansion of the desired type. To see that the expansion is unique, assume that we have two such expansionsequal to n, i.e. n : e k b k + a 1 r - y b k - *t : c * b k * c 1 r-1 b k -r*

t a1b * ao * cft * ro,

where 0 ( ar (b and 0 ( c1(b (and if necessarywe add initial terms with zero coefficients to have the number of terms agree). Subtracting one expansionfrom the other, we have (ar,-c)bk +(o,,-r-c1,-)bk-t *

*(a;cr)b

+ (as-ca):0.

If the two expansionsare different, there is a smallest integer j, O ( < k, "l such that ai # ci. Hence, .f

br

+ l(a*-c*)b(-r

* (ai+rci+r)b * G1-c1)] : o,

so that

Gr,-c)bk-i +

+ (a1+rci+)b

r (ai-c1) : O.

27

1.3 Representationsof Integers

Solving for ai-c; we obtain aj- c j:

(c rr-a r)b k -j +

* (c 7+ r-ai + )b

: bl(c1,-a1)bk-j-t +

* (c7+r-or*,) ].

Hence, we see that

bl

G 1 -c 1 ).

But since 0 ( a; < b and 0 ( c; < b, we know that -b < ai-c1 I b. implies that ej : cj. This contradicts the Consequently, b I h1-c) assumptionthat the two expansionsare different. We concludethat our base 6 expansionof n is unique. ! For b - 2 . we see from Theorem 1.3 that the following corollary holds. Corollary 1.1. Every positive integer may be represented as the sum of distinct powersof two. Proof. Let n be a positive integer. From Theorem 1.3 with b : 2, we know t h a t n : a t r T k * a 1 r - 1 2 k - t* + a Q * a s w h e r e e a c h a ii s e i t h e r 0 o r 1 . Hence, every positive integer is the sum of distinct powersof 2. tr In the expansionsdescribedin Theorem 1.3, b is called the base or radix of the expansion. We call base l0 notation, our conventionalway of writing integers, decimal notation. Base 2 expansionsare called binary expansions, base 8 expansionsare called octal expansions,and base 16 expansionsare called hexadecimal, or hex for short, expansions. The coefficients ai are called the digits of the expansion. Binary digits are called bits (binary digils) in computer terminology. To distinguish representationsof integers with different bases, we use a special notation. We write (apapa...aps) 6 to represent the expansion a*bklapabk-rl taft*ao. Example. To illustrate base b notation, note that Q3Ot : 2.72+ a n d ( 1 0 0 1 0 0 1 1 :) 2 1 . 2 7+ 1 . 2 4+ 1 . 2 r+ 1 .

3.7 + 6

Note that the proof of Theorem 1.3 gives us a method of finding the base b expansion of a given positive integer. We simply perform the division algorithm successively,replacing the dividend each time with the quotient, and

28

The Integers

stop when we come to a quotient which is zero. We then read up the list of remaindersto find the base b expansion. Example. To find the base 2 expansionof 1864, we use the division algorithm successively:

1 8 6 4: 2 . 9 3 2 + 0 , 932:2'466 +0, 466:2'233 +0 233-2'116+1, 1 1 6: 2 ' 5 8 + 0 , 58:2'29 +0, 29:2'14 +1, 14:2'7 +0, 7 : 2'3 + 1, 3 : 2'l + l, | : 2'O + 1. To obtain the base 2 expansionof 1984, we simply take the remaindersof t h e s ed i v i s i o n s .T h i s s h o w st h a t ( 1 8 6 4 ) r o : ( 1 1 1 0 1 0 0 1 0 0 0 ) 2 . Computers represent numbers internally by using a series of "switches" which may be either "on" or "off". (This may be done mechanically using magnetic tape, electrical switches, or by other means.) Hence, we have two possiblestates for each switch. We can use "on" to represent the digit I and "off" to representthe digit 0. This is why computers use binary expansionsto representintegers internally. Computers use base 8 or base 16 for display purposes. In base 16, or hexadecimal, notation there are l6 digits, usually denoted by 0 ,1, 2, 3, 4, 5, 6,, 8, 7 9 ,A,8 ,,C ,D ,,Ea n d F . T h e l e tters A ,B ,C ,D ,E , and F are and l5 (written used to representthe digits that correspondto 10,11,12,13,14 in decimal notation). We give the following example to show how to convert from hexadecimalnotation to decimal notation. Example. To convert (A35B0F) 16we write ( e l s n o r ) r e : 1 0 . 1 6 s + 3 ' 1 6 4+ 5 ' 1 6 3+ l l ' r c z + 0 ' 1 6 + 1 5 : ( t o7o5 679)rc.

29

1.3 Representationsof Integers

A simple conversionis possible between binary and hexadecimal notation. We can write each hex digit as a block of four binary digits according to the correspondencegiven in T a b l e l . l . Hex Digit

Binary Digits

Hex Digit

Binary Digits

0 I 2 3 4 5 6 7

0000 0001 0010 0 0 1l 0100 0101 0110 0l l1

8 9 A B C D E F

r000 1001 1010 1011 l 100 I l0l 1110 llll

Table1.1. Conversion from hex digits to blocksof binarydigits. Example. An example of conversionfrom hex to binary is (zFBrrc: (tOt t 1110110011)2 .E a c h h e x d i g i t i s c o n v e rt edto a bl ock of four bi nary digits (the initial zeros in the initial block (OOIO)2correspondingto the digit (2) rc are omitted). To convert from binary to hex, consider(t t t tOl I I101001)2. We break this into blocks of four starting from the right. The blocks are, from right to left, 1 0 0 1, 1110, 1101,an d 0 0 1 1 (w e a d d th e i n i ti a l z eros). Transl ati ngeach bl ock to hex, we obtain GOng)ru. We note that a conversionbetween two different basesis as easy as binary hex conversion,wheneverone of the basesis a power of the other.

1.3 Problems l.

Convert (1999)1sfrom decimal to base 7 notation. Convert (6tOS)t from base 7 to decimal notation.

2.

Convert (tOtOOtOOO),from binary to decimal notation and (tgg+),0 from decimal to binary notation.

30

The Integers

3 . c o n v e r t ( 1 0 0 0 1 II l 0 l 0 l ) 2 a n d ( l I 1 0 1 0 0 1 1 1 0 ) 2f r o m b i n a r y t o h e x a d e c i m a l . 4 . convert (ABCDEF)rc, @nrecnD)to,

and (9A08)rc from hexadecimal to

binary.

5 . Explain why we really are using base 1000 notation when we break large decimal integers into blocks of three digits, separatedby commas.

6 . a)

Show that if D is a negative integer less than -1, then every integer n can be uniquer';:.])::'::;' .

*

a 1 b*

oo,

where a1, I 0 and O
We

write

b)

Find the decimal representationof (tOtOOt)-2 and OZOTD-r.

c)

Find the base-2 representations of the decimal numbers-7,-17, and 61.

7 . Show that any weight not exceeding 2k-l

may be measured using weights of 1,2,22,...,2ft-1, when all the weights are placed in one pan.

8 . Show that every integer can be uniquely representedin the form ep3k*ep-.3k-t*

*efiles

where €i : -1,0, or I for ,/:0,1 ,2, ..., k. balanced ternary expansion.

This expansion is called a

9.

Use problem 8 to show that any weight not exceeding $k -t) /Z may be m e a s u r e du s i n g w e i g h t so f 1 , 3 , 3 ' , . . . , 3 f t - 1 , w h e n t h e w e i g h t sm a y b e p l a c e di n either pan.

r0.

Explain how to convert from base 3 to base 9 notation, and from base 9 to base 3 notation.

ll.

Explain how to convert from base r to base rn notation, and from base rn notation to base r notation, when r ) I and n are positive integers. ( a * a * - 1 . . . a p s ) 6 , t h e n t h e q u o t i e n t a n d r e m a i n d e rw h e n n i s divided by bi are q : (apa1,-1...a)6and, : (aj-r...apo)t, respectively.

1 2 . Show that if r:

1 3 . If the base b expansion of n is n : (apa1,-1...aps)6,what is the base b expansionof b^ n"l 14. A Cantor expansion of a positive integer n is a sum fl:ommt * a^a(m-l)! +

* a 2 2 l* a 1 l !

1.3 Representationsof Integers

3t

where each ai is an integer with 0 ( a; < i . a)

Find Cantor expansionsof 14, 56, and 384.

b)

Show that every positive integer has a unique Cantor expansion.

15. The Chinese game of nim is played as follows. There are a number of piles of matches, each containing an arbitrary number of matches at the start of the game. A move consistsof a player removing one or more matches from one of the piles. The players take turns, with the player removing the last match winning the game. A winning position is an arrangement of matches in piles so that if a player can move to this position, then, no matter what the second player does, the first player can continue to play in a way that will win the gom€; An example is the position where there are two piles each containing one match; this is a winning position, becausethe second player must remove a match leaving the first player the opportunity to win by removing the last match. a)

Show that the position where there are two piles, each with two matches, is a winning position.

b)

For each arrangement of matches into piles, write the number of matches in each pile in binary notation, and then line up the digits of these numbers into columns (adding initial zeroes if necessaryto some of the numbers). Show that a position is a winning one if and only if the number of ones in each column is even (Example: Three piles of 3, 4, and 7 give 0ll llt 100 where each column has exactly two ones).

16. Let a be an integer with a four-digit decimal expansion,with not all digits the same. Let a' be the integer with a decimal expansion obtained by writing the digits of a in descending order, and let a" be the integer with a decimal expansion obtained by writing the digits of a in ascending order. Define T ( a ) : a ' - a " . F o r i n s t a n c ef,( 2 3 1 8 ) 1378 : 7358. 8731 a)

Show that the only integer with a four-digit decimal expansion with not all d i g i t s t h e s a m es u c h t h a t T ( a ) : a i s a : 6 1 7 4 .

b)

Show that if a is a positive integer with a four-digit decimal expansionwith not all digits the same, then the sequence a, T (d, f (f G)) , T'QQ(a))),..., obtained by iterating T, eventually reaches the integer 6174. Becauseof this property, 6174 is called Kaprekar's constant.

32

The Integers

17. Let b be a positive integer and let a be an integer with a four-digit base b expansion,with not all digits the same. Define TtG) : a'- a", where a'is the integer with base D expansion obtained by writing the base 6 digits of a in descending order, and let d " is the integer with base 6 expansion obtained by writing the base b digits of a in ascendingorder. il

Let b : 5. Find the unique integer a6 with a four-digit base 5 expansion such that TsGl : ao. Show that this integer aq is a Kaprekar constant for t h e b a s e 5 , i . e . , a , T ( a ) , r ( f b ) ) , f ( f Q ( a ) ) ) , . . . e v e n t u a l l yr e a c h e s 40, whenever a is an integer which a four-digit base 5 expansionwith not all digits the same.

b)

Show that no Kaprekar constant exists for the base 6.

1.3 Computer Projects Write programs to do the following: l.

Find the binary expansion of an integer from the decimal expansion of this integer and vice versa.

2.

Convert from base 61 notation to base b2 notation, where D1 and b2are arbitrary positive integers greater than one.

3.

Convert from binary notation to hexadecimal notation and vice versa.

4.

Find the base (-2) notation of an integer from its decimal notation (see problem 6).

5.

Find the balanced ternary expansion of an integer from its decimal expansion (see problem 8).

6.

Find the Cantor expansionof an integer from its decimal expansion (see problem 14).

7.

Play a winning strategy in the game of nim (see problem l5).

8.

F i n d t h e s e q u e n c ea , T ( a ) , T ( T f u ) ) , r ( r O Q ) ) ) , . . . definedin problem 16, where a is a positive integer, to discoverhow many iterations are neededto reach 6174.

9.

Let b be a positive integer. Find the Kaprekar constant to the base b, when it exists (see problem 17).

of Integers 1.3 Representations

33

1.4 Computer Operationswith Integers We have mentioned that computers internally representnumbers using bits, or binary digits. Computers have a built-in limit on the size of integers that can be used in machine arithmetic. This upper limit is called the word size, which we denote by w. The word size is usually a power of 2, such as 235, although sometimesthe word size is a power of 10. To do arithmetic with integers larger than the word size, it is necessaryto devote more than one word to each integer. To store an integer n ) l4/, we expressn in base w notation, and for each digit of this_expansionwe use one computer word. For instance, if the word size is 23s, using ten computer words we can store integers as large u, 23s0-1, since integers less than 2350 have no more than ten digits in their base 235expansions. Also note that to find the base 235expansionof an integer, we need only group together blocks of 35 bits. The first step in discussing computer arithmetic with large integers is to describehow the basic arithmetic operationsare methodically performed. We will describe the classical methods for performing the basic arithmetic operations with integers in base r notation where r ) | is an integer. These methodsare examplesof algorithms. An algorithm is a specified set of rules for obtaining a desired Definition. result from a set of input. We will describe algorithms for performing addition, subtraction, and and two n-digit integers a : (an4on-z...egi, multiplication of b : (bn- 1br - z . . . br b o )r,w h e re i n i ti a l d i g i ts o f z e ro are added i f necessaryto make both expansionsthe same length. The algorithms described are used both for binary arithmetic with integers less than the word size of a computer, and for multiple precision arithmetic with integers larger than the word size w, using lr as the base. We first discuss the algorithm for addition. When we add a and b, we obtain the sum

a I b : 5 a i r t+ ' i u , r t : 5 G i + b 1 ) r i . j-o j-0 j:o To find the base r expansion of the a * b, first note that by the division algorithm, there are integers Cs and ss such that

34

The Integers

ao* bs: Csr * r0,0 ( so 1 r. Because as and bo are positive integers not exceeding r, we know that 0 ( ao * bo( 2 r - 2 , s o th a t c o :0 o r l ;h ere c6 i s the cany to the next place. Next, we find that there are integersc1 and s1 such that ar * br t Co: C{ t rr,0 ( s1 ( r. Since0 ( art br * Co ( 2r - 1, we know that Cr:0or i n d u c t i v e l y , w e f i n d i n t e g e r s Ca; n d s ; f o r 1 ( i ( n - I b y

l.

proceeding

Crr trr, 0 ( s; ( r,

ai * b; * Ci-r:

wit h C; : 0 or 1 . F i n a l l y , w e l e t s r: C n ; , si nce the sum of tw o i ntegers with n digits has n * I digits when there is a carry in the n th place. We co nc ludet hat t he b a s er e x p a n s i o nfo r th e s u m i s a * b: (srsn_,...J1.ss)7 . When performing base r addition by hand, we can use the same familiar technique as is used in decimal addition. E x a m p l e . T o a d d ( 1 1 0 1 ) 2a n d ( l 0 l l ) 2 w e w r i t e II 1l0l +1001 10110 where we have indicated carries by I's in italics written above the appropriate column. We found the binary digits of the sum by noting that I * I : l'2+ 0,0+0+ 1:0'2 * 1, I +0f 0: O'2+ l,and 1+ l:1.2 *0. We now turn our attention to subtraction. We consider

a - b :';

airi -'i j-o

j-0

u,rt: 5 Gi - b)ri , j-0

where we assumethat a ) b. Note that by the division algorithm, there are integers ^Bsand ds such that os- bo: 86r * dg, 0 ( do ( r, and since as and bs are positive integers less than r, we have

35

1.4 Computer Operationswith Integers

-(r-l)
Bo: B{ * dr. 0 <

d1 1 r.

From this equation, we see that the borrow B r : 0 as l o n g a s a 1 - b t + B o - br * B o (r-l.We > 0 , a n d B t : - l o t h e r w i s e ,s i n c e - r ( a r proceedinductively to find integers B; and d;, such that ai - btf

Bi-r : Bir t di. 0 ( di 1 r

w i t h B ; : 0 o r - 1 , f o r I < t < n - 2. We seethat Bn4: 0, sincea ) b. We can concludethat a - b :

(dnadn-2...d1ds),.

When performing base r subtraction by hand, we use the same familiar technique as is used in decimal subtraction. Example. To subtract ( t o t t o ) 2f r o m ( t t o t l ) 2 , w e h a v e

-t llotl -10110 101 where the -l in italics above a column indicates a borrow. We found the binary digits of the difference by noting that 1 - 0 : 0'2 * l, 0'2+0, and 1-l: 0-l:-1'2+1, l-0-l: 1-l:0'2*0,

0'2+ 0. Before discussing multiplication, we describe shifting. To multiply (on-r...aps)7 by r^ , we need only shift the expansion left m places, appending the expansionwith m zero digits. Example. To multiply (tOtt01)2 by 2s, we shift the digits to the left five placesand appendthe expansionwith five zeros,obtaining (10110100000)2.

36

The Integers

To deal with multiplication, we first discussthe multiplication of an n-place i n t eger by a on e -d i g i t i n te g e r. T o m u l ti p l y (an_1...ori ;, by (i l ,, w e fi rst note that oob:Qor*po,0(ps(r, a nd 0 ( qo ( r - l , s i n c e0 ( a o b ( aft+Qo:Qf and 0 ( qt ( r-1 .

(r-1 )2 . N ext, w e have

*pr,0(pt1t,

In g e n e ra l ,w e h a v e Qir I pi, 0 ( p; -< r

a;b * 7i-r:

and 0 ( gr ( r - 1. Furthermore, we (o r - 1. . . ar , o), ( b ) , : (p n p n -r...pg .o ),.

have pn:

Qn_r. This

yields

To perform a multiplication of two n-place integers we write ( n-t

)

n-t

)

i -o

ab:al>biril:)Gb)ri. l i -r

For each -/, we first multiply a by the digit b;, then shift to the left 7 places, and finally add all of the n integers we have obtained to find the product. When multiplying two integers with base r expansions,we use the familiar method of multiplying decimal integers by hand. Ex am ple. T o m u l ti p l y (l l 0 l )2 a n d (t t tO )2 w e w ri te ll0l x1110

0000 I l0l 1l0l l10l l0ll01l

0

Note that we first multiplied (1101)2 by each digit of (t t 10)t, shifting each time by the appropriate number of places, and then we added the appropriate integers to find our product.

31

1.4 Computer Operations with Integers

We now discuss integer division. We wish to find the quotient q in the division algorithm

+ R, 0 < R < b.

a:bq

If the base r expansionof q is q : ( n-r

a-b l>

(Qn-rQn-2...Q 1 4 o,) , then we have

eiril +R,0

[r-o

To determine the first digit Qrq of q, notice that

: uf'i qjri)+ R. a - bqn-1vn-t U-o ) The right-hand side of this equation is not only positive,but also it is less than brn-t, since 2 qiri g rn-l-l.

Therefore,we know that

j-0

a - bqn-(n-l

0 (

< brn-t.

This tells us that

O: Tt, -tn.'l

4v n n { . t " ' ,

Qn-r: la/brn-rl'

(L

t-"rf

We can obtain Qn-r by successivelysubtracting br"-l from a until a negative result is obtained, and then qn-1is one less than the number of subtractions. To find the other digits of q,, we define the sequenceof partial remainders Ri by Ro: a and Ri:Ri-r

- bqn-trn-i

f o r i : 1 , 2 , . . . ,n . B y mathematical induction, we show that

(r.s)

Ri:

(n -i -t I qirtlb+R. | > lj-0 )

For i : 0, this is clearly correct, since R0 : a : qb + R. Now assumethat

38

The Integers

Rft:

Then Rt+r :

:

:|

Rft - bqn-*-rrn-k-l 'l (n-k-t .

I U l. .r-o

qirilb+R-bqn-*-rvn-k-l )

fn-(k+r)-r

>

.l

qi"lb+R'

Ij-0)

e s t a b l i s h i n( 1g . 5 ) . F r o m ( t . S ) , w e s e e t h a t 0 ( R i < r n - i b , f o r i : 1 , 2 , . . . ,f l , s i n c e

n-i -l i-0

O ( Ri < rn-tb, we see that the digit qn-i is given by lRi-r/brn-il and can be obtained by successivelysubtracting brn-t from Ri-1 until a negative result is obtained,and then qn-; is one lessthan the number of subtractions. This is how we find the digits of q. E x a m p l e .T o d i v i d e( t t t O l ) 2 b y ( t t t ) 2 , w e l e t q : ( q r q r q i r . W e s u b t r a c t Z2( t t l) z : ( t t t O O), o n c e fro m (t t tO t)z to obtai n (l )2, and once more to o b t a i na n e g a t i v er e s u l t s, o t h a t Q 2 : l . N o w R l : ( t t t O l ) t - ( t t t 0 0 ) t : (1)2. We find that ql:0, s i n c eR 1 - 2 ( 1 l l ) 2 i s l e s st h a n z e r o ,a n d l i k e w i s e q u o ti e n t Henc e t h e o f th e d i v i s i o ni s (1 00)2and the remai nderi s (l )2 Qz : 0. We will be interested in discussinghow long it takes a computer to perform calculations. We will measure the amount of time needed in terms of bit operations. By a bit operation we mean the addition, subtraction, or multiplication of two binary digits, the division of a two-bit integer by one-bit, or the shifting of a binary integer one place. When we describethe number of bit operations needed to perform an algorithm, we are describing the computational complexity of this algorithm. In describing the number of bit operations needed to perforrn calculations we will use big-O notation.

39

1.4 ComputerOperationswith Integers

Definition. If f and g are functions taking positive values, defined for all x in a set S, then we say f is OQ) if there is a positive constant K such that f G) < K g( x ) f or a l l x i n th e s e t S . Proposition 1.6. If / is OQ) and c is a positiveconstant,then cf is Ok). Proof . If / is Ok), then there is a constantK such that f G) < Kg(x) for Therefore, y' is all x under consideration. Hence cf G) < GK)gG).

oQ). n P r o p o s i t i o1n. 7 .l f f t i s O ( g r ) a n d f 2 i s O k z ) , t h e n" f t + - f z i s O Q f t g 2 ) andfJzisoQe). Proof . If / is OQr) and f2 is Okz), then there are constantsK1 and K2 su ch t hat - f , ( *) < ,< 1 g 1 (x ) a n d " f z (x ) 1 K2g2(x) for al l x under consideration. Hence f 1G) +f2G)

( Krsr(x) + x2g2k)

( Kkr(x) + sz?))

where K is the maximum of K1 and K2. Hencef r + -f zis Ok,

+ gz).

Also -f tk)f

so th at " f f z is 0( 96 ).

z(.x) ( Krsr G) K2s2G) : (KrK2)kt?)g2(x)),

tr

C o rollar y 1. 2. I f / 1 a n d f 2 a re O G), th e n -f r + -f zi s Ok). Proof . Proposition 1.7 tells us that But if "f t + f z is O QS). ( ( (z x )g , s o th at -f r + .f zi s Ok). a + K Q s ) , t h e nf t + f t "fz " fz Using the big-O notation we can see that to add or subtract two r-bit integers takes Ofu) bit operations,while to multiply two n-bit integers in the conventionalway takes OGz) bit operations(see problems 16 and 17 at the end of this section). Surprisingly, there are faster algorithms for multiplying large integers. To develop one such algorithm, we first consider the multiplication of two 2n-bit integers, say a : (a2n4a2n_2...eflo)z and 2 .e w r i t e a : 2 n A t f 4 6 a n d b : 2 n B r t B s , w h e r e b : ( b 2 , 6 b , 2 n - 2 . . . b f t iW -l

40

The Integers

A t : ( a 2 r - 1 a 2 n * 2 . . . a 1 7 1 1 eA1o7: ) 2 (, a n - 1 a n - 2 . . . a p g ) 2B, t : ( b 2 n - f t 2 r - z . . . b n + t br)2, and B0 : (br-t bn-z...brbiz. We will use the identity (t.e)

a b : ( 2 2 , + 2 , ) A r B r r 2 n( A r A i ( a o - n r )

+ (2,+l)AoB0.

To find the product of a and 6 using (t.0), requires that we perform three mu lt iplic at ions o f n -b i t i n te g e rs (n a me l y A r B r (A , - A d(B oB r), and AsBs), as well as a number of additions and shifts. If we let M(n) denote the number of bit operations needed to multiply two n -bit integers, we find from (t.0) t t r at

(r.z)

M (2n) < ru h) + Cn.

where C is a constant, since each of the three multiplications of n -bit integers takes M (n) bit operations,while the number of additions and shifts neededto compute a'b via (t.0) does not depend on n, and each of these operations takes O (n) bit operations. From (t.Z), using mathematical induction, we can show that

a(zk) ( c(3k -2k),

(1.8)

where c is the maximum of the quantities M Q) and C (the constant in (t.Z)). To carry out the induction argument, we first note that with k: l, we have MQ) ( c(3t -2t) : c, sincec is the maximum of M(2) and C. As the induction hypothesis,we assumethat MQk)

( c (3 ft - 2 k).

Then, us ing ( 1. 7), w e h a v e M (z k + t) ( ( ( (

3 u (z k ) 3c (lt c a k + t_ c ( 3 f t + l-

+ czk 2k) + c2k c . 3 . 2 k* c 2 k zk+t).

This establishesthat (1.8) is valid for all positive integers ft. Using inequality (t.8), we can prove the following theorem. Theorem 1.4. Multiplication of two n-bit integers can be performed using O(nto9'3) bit operations. (Note: log23 is approximately 1.585, which is

1.4 ComputerOperationswith Integers

4l

considerably less than the exponent 2 that occurs in the estimate of the number of bit operations needed for the conventional multiplication algorithm.) Proof . From (t.8) we have M h) : M (ztos'n)( lzlttloerl+t; < , (3ttot'nl+t_rltoe'nl+t; ( 3 c .rl l o g Irn( 3 c .3 l o sr,:3rnto93 (since 3lo8'n: ,'ot"). Hence, Mh)

:

glnroe'3l. tr

We now state, without proof, two pertinent theorems. Proofs may be found in Knuth [50] or Kronsjii tSgl. Theorem 1.5. Given a positive number e ) 0, there is an algorithm for multiplication of two n-bit integersusing O(nr+') bit operations. Note that Theorem 1.4 is a specialcaseof Theorem 1.5 with e : log23- l, which is approximately0.585. Theorem 1.6. There is an algorithm to multiply two n-bit integers using O(n log2n log2log2n)bit operations. Since log2n and log2log2nare much smaller than n' for large numbers n, Theorem 1.6 is an improvement over Theorem 1.5. Although we know that M h) : O (n log2n log2log2n), for simplicity we will use the obvious fact that M fu) : O (n2) in our subsequentdiscussions. The conventionalalgorithm described above performs a division of a 2n-bit integer by an n-bit integer with O(n2) bit operations. However, the number of bit operations needed for integer division can be related to the number of bit operations needed for integer multiplication. We state the following theorem, which is basedon an algorithm which is discussedin Knuth 1561. Theorem 1.7. There is an algorithm to find the quotient q:Ia/bl, when the 2n-bit integer a is divided by the integer b having no more than n bits, using O(M Q)) bit operations, where M fu) is the number of bit operationsneededto multiply two n-bit integers.

42

The Integers

1.4 Problems l.

Add (l0llll0ll)2 and(ttootll0ll)2.

2 . S u b t r a c t( t o t t l 0 l 0 l ) 2 f r o m ( 1 1 0 1 1 0 1 1 0 0 ) 2 . 3.

Multiply (t t rOr), and (l10001)2.

4.

F i n d t h e q u o t i e n ta n d r e m a i n d e rw h e n ( t t o t o o n l ) 2 i s d i v i d e db y ( 1 1 0 1 ) 2 .

5.

A d d ( A B A B ) 1 6a n d ( B A B A ) r c .

6.

Subtract (CAFE)16 from (rnno)ru.

7.

Multiply

8.

Find the quotient and remainder when Gneono),u

9.

Explain how to add, subtract, and multiply the integers 18235187and 22135674 on a computer with word size 1000.

(FACE) 16and (BAD)rc. is divided by (enn.n)ru.

10. Write algorithms for the basic operations with integers in base (-2) (see problem 6 of Section 1.3).

notation

11. Give an algorithm for adding and an algorithm for subtracting Cantor expansions (see problem l4 of Section 1.3). 12. Show that if f 1 and f 2 are O(St) and O(g2), respectively,and c1 and c2 are constants,then c;f1 * ,zf z is O(g1 * g). 13. Show that if f is O(g), then fr

it OQk) for all positiveintegersk.

14. Show that a function f is O(log2n) if and only if f is O(log,n) wheneverr ) (Hint: Recall that logon/log6n: logo6.)

l.

15. Show that the base b expansionof a positive integer n has llog6nl+t digits. 16. Analyzing the algorithms for subtraction and addition, show that with n-bit integers these operationsrequire O h) bit operations. 17. Show that to multiply an n-bit and an m-bit integer in the conventional manner requires OQm) bit operations. 18. Estimate the number of bit operationsneededto find l+2+ il

by performing all the additions.

b)

by using the identity l+2* shifting.

I n:

nh+l)/2,

* n

and multiplying and

43

1.4 Computer Operations with Integers

19. Give an estimate for the number of bit operationsneededto find

b)

a) n'.

["1 |.o,|

20. Give an estimate of the number of bit operations needed to find the binary expansionof an integer from its decimal expansion'

21.

22.

il

Show there is an identity analogousto (1.6) for decimal expansions.

b)

Using part (a), multiply 73 and 87 performing only three multiplications of one-digit integers,plus shifts and additions.

c)

Using part (a), reduce the multiplication of 4216 and 2733 to three multiplications of two-digit integers, plus shifts and additions, and then using part (a) again, reduce each of the multiplications of two-digit integers into three multiplications of one-digit integers, plus shifts and additions. Complete the multiplication using only nine multiplications of one-digit integers, and shifts and additions.

il

lf A and B are nxn

matrices, with entries aii and bii for I ( i ( n,

I ( f ( n, then AB

is the nxn matrix with entries cii :

Show that n3 multiplications of integers are used to find AB its definition. b)

2

ai*b*j.

dir:;;ly from

Show it is possible to multiply two 2x2 matrices using only seven multiplications of integers by using the identity

o,rf lb,, D'tl

lo,, l a z r o,,)

l"r r b r r*

II lx

lr,, t,,)

anbzt

( a r r l a 1 2 - a 2 1 - a 2 2 )b 2 2

* (as-a2)(bzz-bn) -

a 2 2 ( br - b z r - b e * b 2 2 )

w h e r ex : c)

* a22)(bn-b,+ , )l x I (a21 |

x * ( a n - a z t ) ( b r r - b r+r ) I ( a 2 1* a 2 ) ( b r z - b ' , - )

a r r b r ,- ( a t t - c t 2 r - a 2 ) ( b n -

bp*

|

b2).

Using an inductive argument, and splitting 2nx2n matrices into four nxn matrices, show that it is possibleto multiply two 2k x2k matrices using only 7ft multiplications, and less than 7ft+r additions.

44

The Integers

d)

23.

Conclude from part (c) that two nxn matrices can be multiplied using O(nt"c7) bit operations when all entries of the matrices have less than c bits, where c is a constant.

A dozen equals 12 and a gross equals 122. Using base 12, or duodecimal. arithmetic answer the following questions. il

If 3 gross, 7 dozen, and 4 eggs are removed from a total of l l gross and 3 dozen eggs, how many eggs are left?

b)

If 5 truckloads of 2 gross, 3 dozen, and 7 eggs each are delivered to the supermarket, how many eggs were delivered?

c)

If I I gross, I 0 dozen and 6 eggs are divided in 3 groups of equal size, how many eggs are in each group?

24.

A well-known rule used to find the square of an integer with decimal expansion (an-1...apJro with final digit ao:5 is to find the decimal expansionof the product (anan-1...a)rcl(anan-r...ar)ro* ll and append this with the digits (25)ro. For instance, we see that the decimal expansion of (tOS)2 begins with 16'17 :272, so that (165)2 :27225. Show that the rule just describedis valid.

25.

In this problem, we generalizethe rule given in problem 24 to find the squaresof integers with final base 28 digit 8, where I is a positive integer. Show that the base 28 expansion of the integer (ana,-1...afl0)z,astarts with the digits of the base 28 expansionof the integer (anana...aflo)zn l(anan-1...ap0)zn* ll and ends with the digits Bl2 and 0 when B is even, and the digits G-l)12 and.B when I is odd.

1.4 Computer Projects Write programs to do the following: l.

Perform addition with arbitrarily large integers.

2.

Perform subtraction with arbitrarily large integers.

3.

Multiply two arbitrarily large integers using the conventionalalgorithm.

4.

Multiply two arbitrarily laige integers using the identity (1.6).

5.

Divide arbitrarily large integers, finding the quotient and remainder.

6.

Multiply two n xn matrices using the algorithm discussedin problem 22.

45

1.5 Prime Numbers

1.5 Prime Numbers The positive integer I has just one positive divisor. Every other positive integer has at least two positive divisors, becauseit is divisible by I and by itself. Integers with exactly two positive divisors are of great importance in number theory; they are called primes. Definition. A prime is a positive integer greater than I that is divisible by no positive integers other than I and itself. Example. The integers2,3,5,13,101and 163 are primes. Definition. A positive integer which is not prime, and which is not equal to l, is called composite. Example. The integers 4:2'2,8:4'2, l 0 0 l : 7' ll' 13 ar e co m p o s i te .

3 3 : 3 ' 1 1 ,1 l l : 3 ' 3 7 , a n d

The primes are the building blocks of the integers. Later, we will show that every positive integer can be written uniquely as the product of primes. Here, we briefly discuss the distribution of primes and mention some conjecturesabout primes. We start by showing that there are infinitely many primes. The following lemma is needed. Lemma 1.1. Every positive integer greater than one has a prime divisor. Proof . We prove the lemma by contradiction; we assume that there is a positive integer having no prime divisors. Then, since the set of positive integers with no prime divisors is non-empty, the well-ordering property tells us that there is a least positive integer n with no prime divisors. Since n has no prime divisors and n divides n, we see that n is not prime. Hence, we can write n:ab with I 1 a 1 n and | < b 1 n. Becausea 1 n. a must have a prime divisor. By Proposition 1.3, any divisor of a is also a divisor of n, so that n must have a prime divisor, contradicting the fact that n has no prime divisors. We can conclude that every positive integer has at least one prime divisor. tr We now show that the number of primes is infinite. Theorem 1.8. There are infinitely many primes.

46

The Integers

Proof . Consider the integer Qn: nt t l,

n 2 l.

Lemma 1.1. tells us that Q, has at least one prime divisor, which we denote by gr. Thus, q, must be larger than n; for if 4, ( n, it would follow that Qn I n!, and then, by Propositionl.!, Q, | (er-rr) : l, which is impossible. Since we have found u priJ.''lur*r, tt* there must be infinitely many primes. tr

r, for every positive integer n,

Later on we will be interested in finding, and using, extremely large primes. We will be concerned throughout this book with the problem of determining whether a given integer is prime. We first deal with this question by showing that by trial divisions of n by primes not exceeding the square root of n, we can find out whether n is prime. Thedrem 1.9. If n is a composite integer, then n has a prime factor not exceeding..1n. Proof . Since n is composite, we can write n : ab, where a and b are ( D < n. we must have a 4 r/i, since otherwise integers with | 1a : n. Now, by Lemma I.l, a must have a b 7 a > ,/; and ab > '/i.,/i prime divisor, which by Proposition 1.3 is also a divisor of a and which is clearly less than or equal to ,/i . D We can use Theorem 1.9 to find all the primes less than or equal to a given positive integer n. This procedure is called the steve of Eratosthenes. We illustrate its use in Figure 1.2 by finding all primes less than 100. We first note that every composite integer less than 100 must have a prime factor less than J00-: 10. Since the only primes lessthan l0 are 2,3,4, and 7, we only need to check each integer less than 100 for divisibility by these primes. We first cross out, below by a horizontal slash -, all multiples of 2. Next we cross out with a slash / those integers remaining that are multiples of 3. Then all multiples of 5 that remain are crossedout, below by a backslash\. Finally, all multiples of 7 that are left are crossedout, below with a vertical slash l. ntt remaining integers (other than l) must be prime.

41

1.5 Prime Numbers

5

t23+ ++ ll

13

l+-

X

2{-*23+g-. 3l+2Ii+ 4r+43

1+

>{+*s3*r4*tr# 61 7t+73.+ y{ 83 t.> I

tlt

+>

yr

2<

\ ,{

+

2{

47

+F

+

+G
.yr 67

-5S-

-7G -8fi 9t

T "Yr 9j

1?

\ \

't{=

+7+,/-1€+#17+h19+ +/*2e-3o+S37 3?

r \ \

I

+h

-?& +h -9t-

59 t{

7e 89 .y

{'F

{o-6F 1+

-8€++ +OF

Figure1.2. Findingthe PrimesLessThan 100Usingthe Sieveof Eratosthenes. Although the sieveof Eratosthenesproducesall primes lessthan or equal to a fixed integer, to determine whether a particular integer n is prime in this manner, it is necessaryto check n for divisibility by all primes not exceeding G. This is quite inefficient;later on we will have better methodsfor deciding whetheror not an integeris prime. We know that there are infinitely many primes, but can we estimate how many primes there are less than a positivereal number x't One of the most famous theorems of number theory, and of all mathematics, is the prime number theorem which answersthis question. To state this theorem, we introducesomenotation. Definition. The function r(x), where x is a positivereal number, denotesthe number of primes not exceedingx. Example. From our exampleillustrating the sieveof Eratosthenes, we seethat o ( t O ) : 4 a n d z r ( t O O:)2 5 . We now state the prime number theorem. The Prime Number Theorem. The ratio of zr'(x) to x/log x approachesone as x grows without bound. (Here log x denotesthe natural logarithm of x. In th e languageof lim i ts ,w e h a v e l i m z r(x )/+ : .

IOBX

l ).

48

The Integers

The prime number theorem was conjectured by Gauss in 1793, but it was not proved until 1896, when a French mathematician J. Hadamard and a Belgian mathematician C. J. de la Vall6e-Poussin produced independent proofs. We will not prove the prime number theorem here; the varioui proofs known are either quite complicated or rely on advanced mathematics. In Table I .l we give some numerical evidence to indicate the validitv of the theorem.

rG)

x

x /log x

oG)/*

103 104 105 106 107 108 l0e l0l0 l 0 rI

168 1 4 4 .8 t229 1085.7 9592 8 6 8 5 .9 78498 72382.4 664579 620420.7 5761455 5428681.0 50847534 48254942.4 455052512 43429448r.9 4 r 1 8 0 5 4 8 1 3 3948131663.7 l 0 l 2 3760791201836191206825.3 t 0 l 3 3460655 3 5 8 9t34072678387.r 8

log x

ti G)

r(x) /ti G)

1.160 1 7 8 0.9438202 -r 1.132 1246 0.9863563 l.104 9630 0.9960540 1.085 78628 0.9983466 1.071 664918 0.9998944 1.061 5762209 0.9998691 1.054 5084923s 0.9999665 1 .048 4 5 5 0 5 5 64 1 0.9999932 1 .043 4 1 1 8 1 6 5 4 0 1 0.999973r r.039 3760795028r 0.9999990 1 . 0 3 6 34606564s8 10 0.9999997

Tablel.l. Approximations to rG).

x'A"x

The prime number theorem tells us that x /log x is a good approximation to rG) when x is large. It has been shown that an even better approximation is given by

ld'i, )':*4{ {-/d X/V614 -=1 I' L

ti G)

:T O, ", log I

T d, -^^-, (whe-," J, represents the areaunderthe curvey : lfiog t, and above "* t :2 to / : x). In Table l.l, one seesevidencethat /i(x) is the r-axis from an excellent approximation of zr(x).

I'^ frtaft.1', v r ylr

nd 3

r l'^- -L- =O\ J

-

x4G

ltlx

1.5 PrimeNumbers

49

We can now estimate the number of bit operations neededto show that an ',,6-. The integer n is prime by trial divisionsof n by ail primes not exceeding there are approximately prime number theorem tells us that ',/n fioeJ; : 2-/i /log n primes not exceeding-6. To divide n by an integer m takes O(log2n.log2m) Uit operations. Therefore, the number of bit operations needed to show that n is prime by this method is at least log2n) - r,/i (where we have ignored thelog2m term since it Q,/i/togilG is at least l, even though it sometimesis as large as (log2n)/D . This method of showing that an integer n is prime is very inefficient, for not only is it necessaryto know all the primes not larger than ..li, but it is also necessaryto do at least a constant multiple of ,/i bit operations. Later on we will have more efficient methods of showing that an integer is prime. We remark here that it is not necessaryto find all primes not exceedingx in order to compute zr(x). One way that zr(x) can be evaluated without finding all the primes less then x is to use a counting argument based on the sieve of Eratosthenes (see problem l3). (Recently, very efficient ways of finding r(x) using O (x3/s+c)bit operationshave been devisedby Lagarias and Odlyzko t6ql.) We have shown that there are infinitely many primes and we have discussed the abundance of primes below a given bound x, but we have yet to discuss how regularly primes are distributed throughout the positive integers. We first give a result that shows that there are arbitrarily long runs of integers containingno primes. Proposition 1.8. For any positive integer n, there are at least n consecutive compositepositive integers. Proof. Consider the n consecutivepositive integers h + l ) ! + 2 , ( n + 1 ) ! + 3 , . . . , h+ l ) ! + n t l . *l,weknowthatTl(n + l ) ! . B y P r o p o s i t i o1n. 4 , i t When 2< j(n follows that 7 | (, + t)! +;. Hence, these n consecutiveintegers are all composite. tr Example. The seven consecutiveintegers beginning with 8! + 2 : 40322 are all composite. (However, these are much larger than the smallest seven consecutivecomposites,90, 91, 92, 93, 94, 95, and 96.)

50

The Integers

Proposition1.8 showsthat the gap betweenconsecutiveprimes is arbitrarily long. On the other hand, primes may often be close iogether. The only consecutiveprimes are 2 and 3, because2 is the only even prime. Howevei, many pairs of primes differ by two; these pairs of pri-., are called twin pr im es . E x a m p l e sa re th e p ri m e s 5 a n d 7,l l and 13, l 0l and 103, and 4967 and 4969. A famous unsettled conjecture assertsthat there are infinitelv many twin primes. There are a multitude of conjecturesconcerningthe number of primes of various forms. For instance,it is unknown whether there are infinitlly many primes of the form n2 + | where n is a positiveinteger. Questionssuch as this may be easy to state, but are sometimesextremely difficult to resolve. We conclude this section by discussing perhaps the most notorious conjecture about primes. Goldbach's Conjecture. Every even positive integer greater than two can be written as the sum of two primes. This conjecture was stated by Christian Goldbach in a letter to Euler in 1742. It has been verified for all even integersless than a million. One sees by experimentation,as the following exampleillustrates,that usually there are many sums of two primes equal to a particular integer, but a proof that there always is at least one such sum has not yet been found. Example. The integers 10,24, and 100 can be written as the sum of two primes in the following ways:

l0:3+7:5t5, 24:5+lg:7+17:llf13, 100:3+97:ll*gg:17+93 :29*71:41+59:47+53.

1.5 Problems l.

Determinewhichof the followingintegersare primes a) b)

l0l 103

c) d)

l07 lll

e)

I 13

f)

tzt.

51

1.5 PrimeNumbers

2 . Use the sieveof Eratosthenesto find all primes lessthan 200' 3 . Find atl primes that are the difference of the fourth powers of two integers. 4 . Show that no integer of the form n3 * I is a prime, other than 2: 5 . Show that if a and n are positive integers such that an -l and n is prime. (Hint: Use the identity ake-l + a k+ l ) . a k Q - D+

:

13 + l.

is prime, then a : 2 (aka-t\ + Qk-D

6 . In this problem, another proof of the infinitude of primes is given. Assume there integer Form the primes p r,Pz,...,Pn finitely many only ... pn * l. Show that Q h a s a p r i m e f a c t o r n o t i n t h e a b o v el i s t . Q: prpz Conclude that there are infinitely many primes.

are

7.

Let Qn : ptpz " ' pn t l where Pt,Pz, ..., Pn are the n smallest primes. Determine the smallest prime factor of Q^ for n:1,2,3,4,5, and 6. Do you think Q, is prime infinitely often? (tnis is an unresolvedquestion.)

8 . L e t p t , p 2 , . . . , p n b e t h e f i r s t n p r i m e sa n d l e t m b e a n i n t e g e rw i t h I 1 m

1n. Let Q be the product of a set of z primes in the list and let R be the product of is not divisible by any primes in the the remaining primes. Show that Q + R list, and hence must have a prime factor not in the list. Conclude that there are infinitely many primes.

9.

Show that if the smallest prime factor p of the positive integer n exceedsd6 then n/p must be prime or 1.

1 0 . il

Find the smallest five consecutivecomposite integers. b) Find one million consecutivecompositeintegers.

I l.

Show that there are no "prime triplets", i.e. primes p, p + 2, and p + 4, other than 3,5, and 7.

12. Show that every integer greater than 11 is the sum of two compositeintegers. ( problem 17 of Section 1.1) to show that 13. Use the principle of inclusion-exclusion

-n o(n):(o(.6-)-r) tl*

. l-l l p ,I

+l-ll l p ,l )

l*l .l*l . +lrnl wherept,pz,...,p,are the primeslessthan or equal to ^6 (with r:zr<Jill. (Hint: Let propertyPi,,...,i,be the propertythat an integeris divisibleby all of

52

The Integers

Pi,,...,pi,,and use problem 23 of Section 1.2.) 14. Use problem l3 to find zr(250). 15' il show that the polynomial x2 x * 4l is prime for all integers x with 0 ( I < 40. Show, however,that it is composite for x : 4i. b) Show that if f (x) : onxn + an-,x;-t + * a1x r as where the coefficientsare integers, then there is an integer y such that f(y) is composite. (Hint: Assume that is prim., unJsho* p divides (x+kfl f(x) :p for ail f integers ft ' conclude from the faci that a polynomial of degree z takes on each value at most n times, that there is an integer y suctr that f(y) is composite.) 16' The lucky numbers are generated by the following sieving process. Start with the positive integers. Begin the process by crossing out every second integer in the list' starting your count with the integer t. other than I the smallestinteger left is 3, so we continue by crossing out every third integer left, starting the count with the integer l. The next integer left is 7, so we cross out every seventh integer left. Continue this process,where at each stage we cross out every kth integer left where & is the smallest integer left other than one. The integers that remain are the lucky numbers. a)

Find all lucky numbers less than 100.

b)

show that there are infinitery many rucky numbers.

17. Show that if p is prime and I ( t

( p, then the binomial coefficient

divisibleby p.

,, [;]

1.5 Computer Projects Write programs to do the following: l'

Decide whether an integer is prime using trial division of the integer by all primes not exceedingits square root.

2.

Use the sieve of Eratosthenesto find all primes less than 10000.

3'

Find zr(n), the number of primes lessthan or equal to rz, using problem 13.

4.

verify Goldbach's conjecture for all even integers less than 10000.

5.

Find all twin primes less than 10000.

6.

Find the first 100 primes of the form n 2 + l.

7.

Find the lucky numbers less than 10000 (see problem 16).

GreatestCommonDivisors and Prime Factorization

2.1 GreatestCommonDivisors If a and b are integers, that are not both zero, then the set of common divisorsof a and 6 is a finite set of integers,alwayscontainingthe integers*l and -1. We are interestedin the largest integer among the common divisors of the two integers. Definition. The greotest common divisor of two integers a and b, that are not both zero, is the largest integer which divides both a and b. The greatestcommondivisor of a and b is written as (a, b). Example. The commondivisorsof 24 and 84 are t l, J.2, +3, 1.4, t6, and + 12. Hence Q+, g+) : 72. Similarly, looking at setsof commondivisors,we f i n dt h a t ( 1 5 , 8 1 ): 3 , ( 1 0 0 , 5 ) : 5 , ( I 7 , 2 5 ) : l , ( 0 , 4 4 ): 4 4 , ( - 6 , - 1 5 ) : 3 , and (-17, 289) : 17. We are particularly interested in pairs of integers sharing no common divisorsgreaterthan l. Such pairs of integersare called relatively prime. Definition. The integers a and b are called relatively prime if a and b have greatestcommondivisor (a, b) : l. Example. Since Q5,42) : 1,25 and 42 are relativelyprime. 53

54

GreatestCommonDivisorsand prime Factorization

Note that since the divisors of -c are the same as the divisors of a, it follows that (a, b) : (lal, la ll (where lc I denotesthe absolute value of a which equalsa if a )0 and equals -a if a <0). Hence, we can restrict our attentionto greatestcommondivisorsof pairs of positiveintegers. We now provesomepropertiesof greatestcommondivisors. Proposition 2.1. Let a, b, and c be integerswith G, b) : d. Then (;) (ii)

b /d , b l d ) : I (atcb, b) : (a, b).

Proof. (D Let a and b be integers with (a,b) : d. we will show that a /d and b/d have no common positivedivisorsother than 1. Assume that e is a positiveinteger such that e I Q/d) and e I Qtal. Then, there are integersk and I with ald : ke and b/d :Qe, such that a : dek and b : de[. Hence. de is a common divisor of a and b. Since d is the greatestcommon divisor of o and b,e must be l . Consequently,G /d , b /d) : l. (ii) Let a, b, and c be integers. We will show that the commondivisorsof a and b are exactly the same as the common divisors of a t cb and b. This will show that (a *cb , b) : G, b). Let e be a common divisor of a and b . By Proposition1.4, we see that e I b*cb), so that e is a common divisor of a * cb and 6. It,f is a commondivisor of a * cb and b, then by Proposition 1.4,we seethat/ dividesb+cb) - cb : a, so thatf is a commondivisorof a and b. Hence G*cb, b) : (a, b'). a We will show that the greatestcommon divisor of the integersa and b, that are not both zero,can be written as a sum of multiplesof a and b. To phrase this more succinctly,we use the following definition. Definition. If a and b are integers,then a linear combination of a and b is a sum of the form ma * nD, where both rn and,n are integers. We can now state and prove the following theorem about greatest common divisors. Theorem 2.1. The greatest common divisor of the integers a and b, that are not both zero, is the least positive integer that is a linear combination of a and b. Proof. Let d be the least positive integer which is a linear combination of a and b. (There is a least such positive integer, using the well-ordering property, since at least one of two linear combinations l'a t 0'b and

55

2,1 GreatestCommonDivisors

GDa + 0'b, wherea 10, is positive.)We write

rz.rlR==r*

?

d:ma*nb,

w h e r em a n d n a r e p b f t @ i n t e g e r s .W e w i l l s h o w t h a t d l a a n d d l b . By the divisionalgorithm,we have a:dq*r,

0(r
From'n"'o:'1'::^r: :' ;: ;';::,b)

: e-qm)a - qnb

This shows that the integer r is a linear combination of a and D. Since 0 ( r 1d, and d is the least positive linear combination of a and b, we concludethat r : 0, and henced I o. In a similar manner,we can show that

d I b. We now demonstratethat d is the greatest commondivisor of a and b. To show this, all we need to show is that any common divisor c of a and D must d i v i d e d . S i n c ed : m a * n b , i f c l a a n d c l b , P r o p o s i t i o nl . 4 t e l l s u s t h a t

c I d. tr

We have shown that the greatestcommon divisor of the integersa and b, that are not both zero. is a linear combinationof a and b. How to find a particular linear combinationof a and D equal to G, D) will be discussedin the next section. We can also definethe greatestcommondivisor of more than two integers. Definition. Let e1, e2,...,en be integers, that are not all zero. The greatest common divisor of these integers is the largest integer which is a divisor of all of the integers in the set. The greatest common divisor of a t, a 2 , . . .c, , is denot e db y (a 1 ,a 2 ,,..., a n ). Example. We easilyseethat 02, 18, 30) :6

and (10, 15, 25) : 5.

To find the greatestcommon divisor of a set of more than two integers,we can use the following lemma. L,emma2.1. If

a1, a2,...,an are integers, that are not all zero, then

(a1, a2,..., an-1, an) :

(a1, a2r..., (on-r, a)).

Proof. Any common divisor of the n integers ar, e2,...,en_t, en is, in particular, a divisor of ar-1 and an, and therefore, a divisor of (an_1,an).

56

GreatestCommonDivisorsand PrimeFactorization

Also, any commondivisor of the n-2 integers4 t, a2,...,on_2,and (an_1,an), must be a commondivisor of all n integers,for if it divides (on-r, an), it must divide both cr-1 and an Since the set of n integersand the set of the first n-2 integers together with the greatest common divisor of the last two integers have exactly the same divisors, their greatest common divisors are equal. tr Example. To find the greatest common divisor of the three integers 105,140,and 3 5 0 , w e u s e L e mma 2 .1 to see that (105, 140.350) : ( 1 0 5 ,( 1 4 0 , 3 5 0 ):) ( l 0 5 , 7 0 ) : 3 5 . Definition. We say that the integers a1.e2,...,e1 are mutually relatively prime if (a1, e2,...,an) : l. These integers 4re called pairwise relatively prime if for each pair of integers4; and a; from the set, (ai, a1): l, that is, if each pair of integersfrom the set is relatively prime. It is easy to see that if integersare pairwise relatively prime, they must be mutually relatively prime. However, the converseis false as the following exampleshows. Example. Considerthe integers15, 21, and 35. Since

( 1 5 , 2 r , 3 5 ) (: t s ,( 2 t , 3 5 ) ) :( r 5 , 7 ) : r , we see that the three integersare mutually relatively prime. However, they are not pairwise relatively prime, b e c a u s(et S . z l ) : 3 , ( 1 5 , 3 5 ): 5 , a n d (21,35):7.

2.1 Problems

l.

Find the greatestcommon divisor of each of the following pairs of integers

il 15,35 b) 0,lll c) -12.t8

d) 99, 100 e ) 1l , l 2 l f) 100,102

Show that if a and b are integerswith (a, b) : l, then (a*b, a-b) : I or 2. Show that if a and b are integers, that are not both zero, and c is a nonzero i n t e g e r t, h e n ( c a, c b ) : l c l b , b \ . 4 . What is (a2+b2,a*b), where a and b are relatively prime integers,that are not both zero?

57

2.1 GreatestCommonDivisors

5 . Periodicalcicadasare insectswith very long larval periodsand brief adult lives. For each speciesof periodical cicada with larval period of 17 years, there is a similar specieswith a larval period of 13 years. If both the l7-year and l3-year speciesemerged in a particular location in 1900, when will they next both emerge in that location?

6 . a) Show that if a and b are both even integers, that are not both zero, then

(a, b) : 2fu/2,b/2).

b) Show that if a is an even integer and b is an odd integer, then

G , b \ : G 1 2 b, ) . 7 . S h o w t h a t i f a , b , a n d c a r e i n t e g e r ss u c ht h a t G , b ) :

I and c I G*b), then

k,a):(c,D)-L

8 . il

Show that if a,b, (a, bc) : L

and c

a r e i n t e g e r sw i t h b , b ) :

(a, c) : l, then

b) Use mathematicalinductionto showthat if at, a2,...,anare integers,and b is : (on, b) - l, then another integer such that (ar b) : (az, b) : ( a p 2 ' ' o n ,b ) : l .

9 . S h o wt h a t i f a , b , a n d c a r e i n t e g e r sw i t h c I a b , t h e n c | ( a , c ) ( b , c ) . 1 0 . a) Show that if a and b are positiveintegerswith (a , b) : l, then (an, bn) : I for all positiveintegersn. b) Use part (a) to prove that if a and b are integerssuch that a' I bn where n is a positiveinteger,then c I b. ll.

Show that if a, b and c are mutually relatively prime nonzero integers, then G, bd : (a,b)(a,c),

T2, Find a set of three integersthat are mutually relatively prime, but not relatively prime pairwise. Do not use examplesfrom the text.

1 3 . Find four integersthat are mutually relatively prime, such that any two of these integersare not relativelyprime.

1 4 . Find the greatestcommondivisor of each of the following setsof integers a) 8, lo, 12 b) 5,25,75 c ) 99,9999, 0

d) 6,15,21 e) -7,28, -35 f) 0,0, l00l .

1 5 . Find three mutually relatively prime integers from among the integers 6 6 , 1 0 5 ,4 2 , 7 0 , a n d 1 6 5 .

1 6 . Show that ar, a2,...,an are integers that are not all zero and c is a positive integer,then (cat, caz,...,can)- c(a6 a2...,an).

58

t7.

Greatest Common Divisors and Prime Factorization

Show that the greatestcommon divisor of the integersat, o2,...,an, that are not all zero,is the least positiveinteger that is a linear combinationof a t, at,..., an.

r 8 . Show

that if k is an integer, then the six 6k+2, 6k +3, 6k+5, are pairwiserelativelyprime.

r 9 . Show that if

integers 6k-l, 6k +l ,

k is a positiveinteger,then 3k *2 and 5k +3 are relatively prime.

20.

Show that every positive integer greater than six is the sum of two relativelv prime integersgreater than I .

2t.

a) Show that if a (a'-b^)l(a-b).a-b)

and b are relatively prime positive integers, then : I or n.

b) Showthat if o and b arepositiveintegers, then ((an-b'\/G-b), a-b) : ( n ( a ,b ) r - t , a - b ) . 2.1 ComputerProjects l.

Write a programto find the greatest commondivisorof two integers.

2.2The Euclidean Algorithm We are going to develop a systematicmethod, or algorithm, to find the greatestcommon divisor of two positive integers. This method is called the Euclidean algorithm. Before we discuss the algorithm in general, we demonstrateits use with an example. We find the greatestcommon divisor of 30 and 72. F i rs t, w e u s eth e d i v i s i o na l g o ri t hmto w ri teT2:30' 2 + 12, and ( 3 0 ,7 2 - 2 . 3 0 ) : ( 1 0 , t 2 ) . w e u s e P r o p o s i t i o 2n . 1 t o n o t e t h a t $ 0 , 7 D : Another way to see that (J,0,7D: (30, 12) is to notice that any common divisor of 30 and 72 must also divide 12 because12 : 72 - 30'2. and conversely,any common divisor of 12 and 30 must also divide 72, since 72: 30' 2+ 12 . N o te w e h a v e re p l a c e d7 2 b y the smal l ernumber 12 i n our (30, l2). Next, we use the divisionalgorithm computationssince 02,30): again to write 30 : 2'12 + 6. Using the samereasoningas before,we seethat ( 30, 12) : ( 12 ,6 ). we now see that Be c a u s e 1 2 : 6 ' 2 * 0, 02, O : (6, 0) : 6. Consequently,we can conclude that (72,30) : 6, without finding all the commondivisorsof 30 and 72. We now set up the generalformat of the Euclideanalgorithm for computing the greatestcommondivisor of two positiveinteger. The EuclideanAlgorithm. Let rs : a and r r : b be nonnegativeintegerswith b I 0. If the division algorithm is successively applied to obtain r i : r i + t Q i * ,I r i + 2 w i t h 0 1 r i + 2 1 r i + t f o r 7 : 0 , 1 , 2 , . . . , n - 2 a n d r , : 0 ,

ot=bt *f^

O
59

2 .2 Th e E uc lideanA l g o ri th m

then (a , b) -- r,-1, the last nonzeroremainder. From this theorem,we see that the greatestcommon divisor of c and b is the last nonzero remainder in the sequenceof equations generated by using the division algorithm, where at each step, the dividend and successively divisor are replacedby smaller numbers,namely the divisor and remainder. To prove that the Euclidean algorithm producesgreatestcommon divisors, the following lemma will be helpful. Lemma 2.2. If c and d are integers and c : dq * r where c and d ate i n te g er st,hen ( c , d) : (d , r). Proof. If an integer e dividesboth c and d, then sincer : c-dq, Proposition from I f e l d a n d e l r , t h e n s i n c ec : d q l r , 1 . 4 s h o w st h a t e l r . Proposition1.4, we seethat e I c. Since the common divisorsof c and d are the sameas the commondivisorsof d and r, we seethat k, d) : (d, r). tr We now prove that the Euclideanalgorithm works. Proof. Let r0: e and rr : b be positive integers with a 7 b. successively applying the divisionalgorithm, we find that

0< 0<

fg

:

rtQt*rZ

f y

:

r2Q2* rt

tn-3

:

fn-2Qn-Z * fn-t

f n-2 : I n-l :

fn-lQn-t

* fn

0 0

By

r2 r3

( rr-r (r,

lnQn

We can assumethat we eventuallyobtain a remainder of zero since the se q u enc eof r em aind e rsa : ro l r1 > . 1 2 > . ) 0 cannot contain more than c terms. Bv Lemma 2.2. we see that ( a , b ) : ( r s , r 1 ) : ( r l , r z ) : (rn-r, fn-t) : (rr-r, rr) : (rr,0) : rn. H ence (rr., r) ( a , b ) : r-. the last nonzeroremainder. tr We illustrate the useof the Euclideanalgorithm with the following example. Example. To find (252, 198), we use the division algorithm successivelyto obtain

60

Greatest Common Divisors and Prime Factorization

2 5 2 : l . 1 g g+ 5 4 198:3'54 +36 54:1'36 +18 36 : 2.18. H e n c eQ S Z . 1 9 8 ) : 1 8 . Later in this section, we give estimates for the maximum number of divisions used by the Euclidean algorithm to find the greatest common divisor of two positive integers. However, we first show that given any positive integer n, there are integersa and b such that exactly n divisionsare required to find G, b) using the Euclidean algorithm. First, we define a special sequenceof integers. Definition. The Fibonacci numbers ur, u2, u3,... are defined recursively by t h e e q u a t i o nas t : u 2 : I a n d u n : u n - t * u n - 2 f o rn 2 3 . Us ing t he de fi n i ti o n , w e s e e th a t u 3 : tt2 * yt: I t | : 2, u3l u2 : 2 * I : 3, and so forth. The Fibonacci sequencebegins with the integers 1 , 1 , 2 , 3 , 5 , 8 1 3 , 2 1 , 3 4 , 5 5 ,8 9 , I 4 4 , . . . . E a c h s u c c e e d i nt g erm is obtained by adding the two previousterms. This sequenceis named after the thirteenth century ltalian mathematicianLeonardodi Pisa, also known as Fibonacci,who used this sequenceto model the population growth of rabbits (see problem 16 at the end of this section). In our subsequentanalysis of the Euclidean algorithm, we wil! need the following lower bound for the nth Fibonacci number. Theorem 2.2. Let n be a positive integer and let cu: ( l+-.8) /2. unlan-2forn73.

Then

Proof. We use the second principle of mathematical induction to prove the desired inequality. We have a 1 2: u3, so that the theorem is true for n :3. Now assumethat for all integersk with k 4 n, the inequality ok-2 1 ut holds. S i n c ea : ( l + r f r / 2 Hence, otn-l :

- I : 0 , w e h a v ea 2 : a * l .

i s a s o l u t i o no f x 2 - x

o2.on-3:

(a*l).ar-3

:

s1n-2 *

an-3

2 .2 T he E uc lidean Al g o ri th m

61

By the induction hypothesis,we have the inequalities an-2 < un, otn-31 un-t , Therefore, we conclude that or'-l lun*un-l-un*l

This finishesthe proof of the theorem. tr We now apply the Euclidean algorithm to the successiveFibonacci numbers 34 and 55 to find (34. 55). We have 55:34'l+21 34:21'l+13 2l: l3'l + 8 13:8'1 + 5 8 : 5'1 * 3 * 2 5:3'l * I 3:2'l 2: l'2. We observe that when the Euclidean algorithm is used to find the greatest common divisor of the ninth and tenth Fibonacci numbers, 34 and 55, a total of eight divisions are required. Furthermore, (34, 55) : 1. The following theorem tells us how many divisions are needed to find the greatest common divisor of successiveFibonacci numbers. Theorem 2.3. Let unrr and unt2 be successive terms of the Fibonacci sequence. Then the Euclidean algorithm takes exactly n divisions to show that (u n * r , ur a2): l. Proof. Applying the Euclidean algorithm, and using the defining relation for the Fibonacci numbers ui : uj-r I ui-z in each step, we seethat lln*2: Un*t'l t Un, Un*l: Un'l + Un-1,

Lt4: u3'1* u2' It3 : tt2'2. Hence, the Euclidean algorithm ( u n q 2 , t l n q r ): u z - l . E

takes exactly

n

divisions, to show that

62

Greatest Common Divisorsand Prime Factorization

We can now prove a theorem first proved by Gabriel Lame', a French mathematician of the nineteenth century, which gives an estimate for the number of divisions needed to find the greatest common divisor using the Euclidean algorithm. Lam6's Theorem. The number of divisions neededto find the greatest common divisor of two positive integers using the Euclidean algorithm does not exceed five times the number of digits in the smaller of the two integers. Proof. When we apply the Euclidean algorithm to find the greatest common divisor of a : re and b :r 1 with a ) b, we obtain the following sequenceof equations: :

fg f1

rtQt*rZ, :rZ4Z*rt,

fn-2

:

fn-tQn-t

fn-l

:

tnQn,

0(rz1rr, 0(131rz,

*

rr,

0 (

rn 1

rn-t,

We have used n divisions. We note that each of the quotientsQt, Q2,...,Qn-l is greater than or equal to l, and Qn 7 2, sincern 1rn-1. Therefore, rr2l:ur, rn-t 2 2rn 2 2u2: u3, rn-z 2 rn-t * rn 2 ut * u2: u4, rn-l 2 rn-z * rn-t 2 uq * u3: tt5,

rz)13*14

b:'r2rz

7 unq * un-z: u* * rt 7 u n * u n-t : un+ l

Thus, for there to be n divisions used in the Euclidean algorithm, we must have b 7 un+r. By Theorem 2.2, we know that unay ) qn-r for n ) 2 where a: (l+.,8)/2. Hence, b ) an-r. Now, since loglsa > 1/5, we seethat l o g rq b > h -l )l o g l s a

> (C I-l ) /5.

Consequently, n-l(S'logleb.

63

2 .2 T he E uc lidean Al g o ri th m

Let b have k decimal {igits, so that b < 10ftand loglsb < k. Hence, we see that n - I < 5k and since /c is an integer, we can conclude that n < 5k. This establishesLam6's theorem. tr The following result is a consequence of Lam6's theorem. Corollary 2.1. The number of bit operations needed to find the greatest

integers of twopositive a and, yy divisor common

ir;;i.:f$;:ri?',

Proof. We know from Lam6's theorem that O Qogra) divisions, each taking O(log2a)2) bit operations,are neededto find fu, b). Hence, by Proposition 1.7, (a, b) may be found using a total of O((log2a)3) bit operations. D The Euclideanalgorithm can be used to expressthe greatestcommon divisor of two integers as a linear combination of these integers. We illustrate this by expressing(252, 198) : l8 as a linear combinationof 252and 198. Referring to the stepsof the Euclideanalgorithm used to find (252, 198), from the next to the last step, we seethat 18:54-l'36. From the secondto the last step, it follows that

36:198-3'54, which implies that

1 8: 5 4 - t . ( 1 9 8 - 3 . 5 4: ) 4 . 5 4 - 1 . 1 9 8 . Likewise, from the first stepwe have 54:252 - l'198. so that

l 8 - 4 ( 2 5 2 - 1 . 1 9 8- ) 1 . 1 9 8: 4 . 2 5 2 - 5 . 1 9 8 . This last equationexhibits l8 : (252, 198) as a linear combinationof 252 and l 98. In general,to see how d : (a, b) may be expressedas a linear combination of a and 6, refer to the series of equations that is generated by use of the Euclideanalgorithm. From the penultimateequation,we have rn: (a, b) : Th i s e x pr es s es b, b) ' a s

r n - 2 - r n - r Q n - .r

a l i n e a r c o mb i n a ti o no f rr-2e,fi drr-1. The secondto

GreatestCommonDivisorsand PrimeFactorization

64

the last equation can be used to expressr2-1 &S rn-3 -rn-zen-z . Using this last equation to eliminate rn-1 in the previousexpressionfor (4,6), we find that ln:

ln-3-

fn-24n-2,

so that b, b) : rn-2- (rn4-rn-zQn-z)en-r -- (l + q rn Q n -z )rn - zQn-rrn-3, which expressesb, b) as a linear combinationof rn-2 zfid r,4. We continue working backwards through the steps of the Euclidean algorithm to express G, b) as a linear combinationof each precedingpair of remaindersuntil we havefound (a, b) as a linear combinationof to: a and 11- b. Specifically, if we have found at a particular stagethat G,b):sriltrit, then, since ti:

ti_2- ri_tQi_r,

we have b,b) : s (ri-z*ri-g1-r) * tr1-r : Q-sqt-)ri-r * sri-2. This showshow to move up through the equationsthat are generatedby the Euclidean algorithm so that, at each step, the greatestcommon divisor of a and b may be expressedas a linear combination of a and b. This method for expressingG, b) as a linear combinationof a and b is somewhatinconvenientfor calculation, becauseit is necessaryto work out the steps of the Euclidean algorithm, save all these steps, and then proceed backwardsthrough the steps to write G,b) as a linear combinationof each successivepair of remainders. There is another method for finding b,b) which requires working through the steps of the Euclidean algorithm only once. The following theoremgivesthis method. Theorem 2.4. Let a and b be positive integers. Then fu,b):sna+tnb, defined for n:0,1,2,..., where,sn andtn are the nth terms of the sequences recursivelyby

65

2.2 The Euclidean Algorithm

SO: l, /0:0, sl :0, /l : l,

and si : Si*z- ?i-tsi-t, tj : tj-z - Q1-zt1-t for 7 :2,3, ..., fl, where the q;'s are the quotientsin the divisionsof the Euclideanalgorithm when it is usedto find G,b). Proof. We will prove that ri : sia + tjb

Q.D

for 7 : 0, I ,...,fl. Since G,b) : r, once we have established(2.2), we will know that G,b):sna+tnb. We prove (2.2) using the secondprinciple of mathematicalinduction. For :0 , we hav e a : r0 : l ' a * 0 ' b : s s a* ts b . H ence, Q.D i s val i d for l j : 0 . L i k e w i s eb, : r r : 0 ' a + l ' b : s l c + t f t , s o t h a t Q . D i s v a l i d f o r j : l. Now, assumethat ri:Sia+tjb for 7 : 1,2,..., k-1. Then, from the kth step of the Euclideanalgorithm,we have tk : rk-2 - r*_lQt-l . Using the inductionhypothesis,we find that r1 : (s1-2a*tp-2b) - (s1raa*t1r-1b) Q*-r : (s 1 -2 -s * -tq * -)a * Q p 2 -t* -rq* -)b :Ska+tkb. This finishesthe proof. tr The following example illustrates the use of this algorithm for expressing (a,b) as a linear combinationof a and b. Example. Let a :252 and D : 198. Then

GreatestCommonDivisorsand prime Factorization

66

so: l, sl :0, J2:S0-sql:l0'l:1, J 3 : S t - S Z Q z : 0- l ' 3 : - 3 , s 4 : s 2- s t Q t : I - ( - l ) ' t : 4 ,

lo:0, Ir : 1, tZ:tO-ttQt:01 . 1: - 1 , t 3 : t t - 1 Z Q Z :1 - ( - l ) 3 : 4 , t q : t z - t t Q z : - l - 4 . 1: - 5 .

S i n c e1 4 : 1 8 : ( 2 5 2 , 1 9 8 )a n d 1 4 : s 4 o+ t 4 b , w e h a v e 1 8 - ( 2 5 2 ,1 9 8 ): 4 . 2 5 2- 5 . 1 9 8. It should be noted that the greatestcommon divisor of two integersmay be expressedin an infinite number of different ways as a linear combination of theseintegers. To seethis, let d : (a,b) and let d : so I tb be one way to write d as a linear combination of a and b, guaranteed to exist by the previousdiscussion.Then d : (s - k(b/d))a + Q - kb/d))b for all integersk. Example. With a :252 and b : 198, lB: (-S - l4k)198 whcneverk is an integer.

(252, 198) :

(+ - t Ik)252 +

2.2 Problems l.

Use the Euclidean algorithm to find the following greatest common divisors

il (45,75)

c) (ooo, r+r+)

b) 002,22D

d) (2078S,44350).

2.

For each pair of integers in problem l, expressthe greatest common divisor of the integers as a linear combination of these integers.

3.

For each of the following sets of integers, expresstheir greatest common divisor as a linear combination of these integers il

6, 10,l5

b)

7 0 , 9 8 ,1 0 5

c)

2 8 0 ,3 3 0 , 4 0 5 , 4 9 0 .

4. The greatest common divisor of two integers can be found using only subtractions, parity checks, and shifts of binary expansions,without using any divisions. The algorithm proceedsrecursively using the following reduction

67

2.2 The Euclidean Algorithm

I,

G.b):

if a:b

)2 k l L ,b/2 ) if a and 6 are even

l{o/z,t) -D,b)

if a is even and b is odd if a and b are odd.

[(a a)

Find (2106,8318) usingthis algorithm.

b)

Show that this algorithm always produces the greatest common divisor of a pair of positiveintegers.

5. In problem 14 of Section 1.2, a modified division algorithm is given which says that if a and 6 > 0 are integers,then there exist unique integersq,r, and e such that a : bq * er, where e - tl,r ) 0, and -blz < er { bl2. We can set up an algorithm, analogous to the Euclidean algorithm, based on this modified division algorithm, called the least-remainder algorithm. It works as follows. Let rs: a and rr: b, where a ) b 7 0. Using the modified division algorithm repeatedly,obtain the greatest common divisor of a and b as the last nonzeroremainder rn in the sequenceof divisions ro :

rn-Z : fn-l :

rtQr * e2r2,

-rtlz

1 e2r2 4 ,tlz

ln-tQn-t I enrn, 7n4n'

-rn-tl2

I

enrn 4, rn-tl2

a)

Use the least-remainderalgorithm to find (384, 226).

b)

Show that the least-remainder algorithm always produces the greatest common divisorof two integers.

c)

Show that the least-remainderalgorithm is always faster, or as fast, as the Euclidean algorithm.

d)

Find a sequenceof integers v6, V1,v2,... such that the least-remainder algorithm takes exactly n divisionsto find (vn*,, vn+z).

e)

Show that the number of divisions needed to find the greatest common divisor of two positive integers using the least-remainderalgorithm is less than 8/3 times the number of digits in the smaller of the two numbers,plus

413. 6 . Let m and n be positive integers and let a be an integer greater than one. Show that (a^-1, an-l) - a(^' n)- l.

7 . In this problem, we discuss the game of Euclid. Two players begin with a pair of positive integers and take turns making movesof the following type. A player can move from the pair of positiveintegers{x,y} with x 2 y, to any of the pairs where / is a positive integer and x-ty 2 0. A winning move [x-ty,yl,

68

GreatestCommonDivisorsand PrimeFactorization

consistsof moving to a pair with one element equal to 0. a)

Show that every sequence of moves starting with the pair {a, bl must eventuallyend with the pair {0, (a, b)}.

b)

show that in a game beginning with the pair {a, b},1he first player may play a winning strategy if a - 6 or if a 7 b0+ Jil/z; otherwisethe second player mgr play a winning strategy. (Hint: First show that if y < x ( y(t+VS)/Z then thge is a unique move from l*,Ol that goes to a pair lt, r| with y > ze+Jil/z.)

In problems8 to 16, un refers to the nth Fibonaccinumber. 8. Show that if n is a positiveinteger,then rz1l u2 I

I ttr:

9. Show that if n is a positiveinteger, then unapn-r - u] :

GD'.

10. Show that if n is a pqsitive integer, then un: o : (t+.,6) /2 andp : Q-'./-il/2. ll.

un+z- l.

(c'n-0\/'..fs, where

Show that if m and n arepositiveintegerssuch that m I n, then u^ | un.

12. Show that if m and n are positiveintegers,then (u^, un) : u(m,il. 13. Show that un is even if and only if 3 | n.

(t 'l

t4. Letu: li i,. a)

Show that Un :

Irn*, Itn I lu,

b)

u^_r)

.

Prove the result of problem 9 by consideringthe determinant of Un.

15. We define the generalized Fibonacci numbers recursively by the equations gr- a, E2: b, and gn - gn-t* gr-zfor n 2 3. Showthat gn: oun-2* bun-1 for n )- 3. 16. The Fibonacci numbers originated in the solution of the following problem. Supposethat on January I a pair of baby rabbits was left on an island. These rabbits take two months to mature, and on March I they produce another pair of rabbits. They continually produce a new pair of rabbits the first of every succeeding month. Each newborn pair takes two months to mature, and producesa new pair on the first day of the third month of its life, and on the first day of every succeedingmonth. Show that the number of pairs of rabbits alive after n months is precisely the Fibonacci number un, assuming that no rabbits ever die. 17. Show that every positive integer can be written as the sum of distinct Fibonacci numbers.

2.3 The Fundamental Theorem of Arithmetic

69

2.2 Computer Projects Write programs to do the following: l.

Find the greatestcommondivisor of two integersusing the Euclideanalgorithm.

2.

Find the greatest common divisor of two integers using the modified Euclidean algorithm given in problem 5.

3.

Find the greatest common divisor of two integers using no divisions (see problem

0. 4.

Find the greatest common divisor of a set of more than two integers.

5.

Express the greatest common divisor of two integers as a linear combination of theseintegers.

6.

Express the greatest common divisor of a set of more than two integers as a linear combination of these integers.

7.

List the beginning terms of the Fibonacci sequence.

8.

Play the game of Euclid describedin problem 7.

2.3 The FundamentalTheoremof Arithmetic The fundamental theorem of arithmetic is an important result that shows that the primes are the building blocks of the integers. Here is what the theoremsays. The Fundamental Theorem of Arithmetic. Every positive integer can be written uniquely as a product of primes,with the prime factors in the product written in order of nondecreasing size. Example. The factorizationsof somepositive integersare given by 2 4 0: 2 . 2 . 2 . 2 . 3:. 5 2 4 . 3 . 5 , 2 8: 9 1 7 . 1 7: 1 i 2 . 1 0 0 1: 7 . 1 1 . 1 3 . Note that it is convenient to combine all the factors of a particular prime into a power of this prime, such as in the previous example. There, for the factorization of 240, all the fdctors of 2 were combined to form 24. Factorizationsof integers in which the factors of primes are combined to form powersare called prime-power factorizations. To prove the fundamental theorem of arithmetic, we need the following lemma concerningdivisibility. Lemma 2.3. lf a, b, and c are positive integers such that (a, b) : I and

70

GreatestCommonDivisorsand PrimeFactorization

a I bc , t hen a I c , Proof. Since G,b): 1, there are integersx and y such that ax * by : y. Multiplying both sides of this equation by c, we have acx * bcy: c. By Proposition1.4, a divides acx * 6cy, since this is a linear combinationof a and bc, both of which are divisibleby a. Hencea I c. a The following corollary of this lemma is useful. Corollary 2.2. If p dividasap2 an wherep is a prime and c r, a2,...,on are positive integers, then there is an integer i with I < t ( n such that p dividesa;. Proof. We prove this result by induction. The case where n : I is trivial. Assume that the result is true for n. Consider a product of n * t, integers, ar az aral that is divisibleby the prime p. Sincep I ar az on*t: (a1a2 an)ana1,we know from Lemma 2.3 that p I ar az en or p I ar+r. Now, it p I ar az a' from the induction hypothesisthere is an integer i with 1 < t ( n such Ihat p I ai. Consequentlyp I a; for some i w i t h l < t < n * 1 . T h i s e s t a b l i s h e s t h e r e s ut rl t . We begin the proof of the fundamental theorem of arithmetic. First, we show that every positive integer can be written as the product of primes in at least one way. We use proof by contradiction. Let us assume that some positive integer cannot be written as the product of primes. Let n be the smallest such integer (such an integer must exist from the well-ordering property). lf n is prime, it is obviously the product of a set of primes, namely t h e o n e p r i m e n .S o n m u s t b e c o m p o s i t Le e. t n : a b , w i t h | 1 a ( n a n d | 1 b I n. But since a and b are smaller than n they must be the product of primes. Then, since n : ab, we conclude that n is also a product of primes. This contradictionshowsthat every positiveinteger can be written as the product of primes. We now finish the proof of the fundmental theorem of arithmetic by showing that the factorization is unique. Supposethat there is a positive interger that has more than one prime factorization. Then, from the well-ordering property, we know there is a least integer n that has at least two different factorizationsinto primes: fl:PtPz

Ps:QtQz

Qt,

w h e r ep t , p 2 , . . . , p s , Q t , . . . , 4atr e a l l p r i m e s ,w i t h p r ( p z ( (q'. {r(42(

( p, and

71

2.3 The Fundamental Theorem of Arithmetic

We will s how t ha t p t: Qr,p 2 : Q 2 ,...,a n d c o nti nueto show that each of p's and q's are equal, and that the number of prime factors in the successive the two factorizations must agree, that is s : /. To show that pr: Qr, assumethat pr * qy Then, either pr ) 4r or pr 1 Qr By interchanging we can assumethat pr ( qr. Hence,pr 1q; for the variables,if necessary, i : 1, 2, . . . , ts inc e41 i s th e s m a l l e sot f th e q ' s . H e nce,pr tr qi for al l i . B ut, from Corollary 2.2, we see that pr I qflz et : tt. This is a pr : Qr contradiction. Hence, we can conclude that and p s : QzQ t n /p r: pz pt n l p l i s i nteger smal l er than S i n c e an Qt. n, and since n is the smallest positive integer with more than one prime factorization,nfpl con be written as a product of primes in exactly one way. Hence, each pi is equal to the correspondingq;, and s : /. This proves the uniquenessof the prime factorization of positive integers. tr The prime factorization of an integer is often useful. As an example, let us find all the divisorsof an integer from its prime factorization. Example. The positivedivisorsof 120 : 233'5 are thosepositiveintegerswith prime power factorizationscontaining only the primes 2,3, and 5, to powers lessthan or equal to 3, 1, and l, respectively.Thesedivisorsare

I 2 22: 4 23:8

3 2 ' 3: 6 22.3: 12 z3-3: 24

5 2 ' 5: 1 0 22.5: 20 23.5: 40

3'5:15 2 ' 3 ' 5: 3 0 223.5: 6o : l2o . 23.3.s

Another way in which we can use prime factorizations is to find greatest common divisors. For instance,supposewe wish to find the greatest common divisor of 720 : 2432'5and 2100 : 223'52'7. To be a commondivisor of both 720 and 2100, a positiveinteger can contain only the primes 2, 3, and 5 in its prime-power factorization, and the power to which one of these primes appears cannot be larger than either of the powersof that prime in the factorizations of 720 and 2100. Consequently,to be a common divisor of 720 and 2100, a positive integer can contain only the primes 2,3, and 5 to powers no larger than2, l, and l, respectively.Therefore,the greatestcommon divisor of 720 a n d 2100is 22. 3. 5: 6 0 . To describe, in general, how prime factorizations can be used to find greatestcommondivsors,let min(a, D) denotethe smaller or minimum, of the two numbers d and 6. Now let the prime factorizationsof a and b be

o : pi,pi2 .. . p:., b : p'r,plz.. . p:,, where each exponent is a nonnegativeinteger and where all primes occurring

72

GreatestCommonDivisorsand PrimeFactorization

in the prime factorizationsof c and of b are included in both products, perhapswith zero exponents. We note that fu,b):

pl'"k"0,)plinb,'b,

p:'n(oro,) ,

sincefor eachprimepi, a and b shareexactlymin(a;,6;) factorsof p;. Prime factorizationscan also be used to find the smallestinteger that is a multiple of two positive integers. The problem of finding this integer arises when fractions are added. Definition. The least common multiple of two positive integersa and D is the smallestpositiveinteger that is divisibleby a and b. The leastcommonmultiple of a and b is denotedby Io, bl. Example. We have the following least common multiples: ll5,2l l: lZ q, X l : 72, l Z , Z 0 l : 2 A ,a n d [7 , l l l : 7 7.

105,

Once the prime factorizations of a and b are known, it is easy to find p l r. a n d ,b : p i ,pur2 .. . pun,w herept,pz,...,pn I a, bl. I f a : p i ,p i , are the primes occurring in the prime-powerfactorizationsof a and b, then for an integer to be divisible by both c and D, it is necessarythat in the factorization of the integer, eachp; occurs with a power at least as large as ai and bi. Hence, [a,b], the smallestpositiveinteger divisible by both a and b is la,bl:

pl

*Grb,) Omaxb,'b,)

pf

*Gru')

where max(x, /) denotesthe larger, or maximum, of x andy. Finding the prime factorization of large integers is time-consuming. Therefore, we would prefer a method for finding the least common multiple of two integers without using the prime factorizations of these integers. We will show that we can find the least common multiple of two positiveintegersonce we know the greatest common divisor of these integers. The latter can be found via the Euclideanalgorithm. First, we prove the following lemma. Iemma 2,4. If x

and y are real numbers, then max(x,y) + min(x,y)

:x+y. then min(x,y):y and max(x,!):x, so that P r o o f .I f x ) y , and m a x ( x , y ) +m i n ( x , y ) : x * y . If x
73

2.3 The Fundamental Theorem of Arithmetic

To find Ia, b l, once b, b) is known, we use the following theorem. ab/G,b),, Theorem 2.5. lf a and b ate positive integers,then la,bl: where Ia, b I and G, b) are the least common multiple and greatestcommon divisor of c and b, respectively. pl' and Proof. Let a and b have prime-power factorizations a : p\'pi' t : pl'p!2 " ' p:', where the expnents are nonnegativeintegers and all primes occurring in either factorization occur in both, perhaps with zero exponents.Now let M1: max(c;, b;) and ffii -min(a1,b1). Then, we have

' pf' l a , b l b , i l : p Y ' p Y ' p { ' p T ' p T' ' 2 : O{,+^,r{'*^' bY'*^' : pl'+b'Oo'+b'

: p\'p;'

p:'*o'

pi'p"'

po^'

: ab. si n ceM i + f f ij:

m ax (a y ,b j ) + m i n (a r' ,b ):

a 1 * b 1 by Lemma2.4. tr

of the fundamentaltheoremof arithmetic will be The following consequence neededlater. Lemma 2.5. Let m and n be relatively prime positive integers. Then, if d is a positivedivisor of mn, there is a unique pair of positivedivisorsd 1 of m and d2of n such that d : diz. Conversely,if dl and d2 are positivedivisor of z then d : dfl2is a positivedivisors of mn. andn, respectively, Proof. Let the prime-power factorizations of m and n be m : pT'pT' p : ' and n: q i ' q i 2 " ' q i ' . Si n c e (m,n ) - l , the set of pri mes p tPz,. . . , P s and t he s e t o f p ri me s Q t,4 2 ,...,4 th a ve no common el ements. Therefore,the prime-powerfactorizationof mn is

mn: pT'pT'

p!'qi'qi'

q:' .

Hence,if d is a positivedivisor of mn, then

d:pi'piz "' pi'q{'qI' w h e r e0 ( e i Now let

(mi

for i:1,2,...,s and 0(f

q{' (n;

for 7:1,2,...,t.

GreatestCommonDivisorsand prime Factorization

74

dt : p't'ptz'

and

dr: q{'qI'

q{' .

Clearly d : dfi2and(dr,d) : l. Thisis thedecomposition of d wedesire. Conversely,let dy and d2be positivedivisorsof m and n, respectively.Then

dr: p'r'ptr' p:' wher e0 ( ei ( m i fo r i : 1 ,2 ,...,s , a n d dr: where0 < /j

q{'q['

( n; for j : 1,2,...,t.

q{'

The integer

d : dfi2: p'r'pi, . -. pi,q{,q[,

q{'

is clearly a divisor of

mn: p?'pT'

p!'qi'qi,

ql,,

sincethe power of such prime occurring in the prime-powerfactorizationof d is less than or equal to the power of that prime in the prime-power factorization of mn. tr A famous result of number theory deals with primes in arithmetic progressions. Dirichlet's Theorem on Primes in Arithmetic Progressions. Let a and b be relatively prime positive integers. Then the arithmetic progression an * b, f l : 1,2 ,3 ,..., c o n ta i n si n fi n i te l ym a n y pri mes. G. Lejeune Dirichlet, a German mathematician, proved this theorem in 1837. Since proofs of Dirichlet's Theorem are complicated and rely on advanced techniques, we do not present a proof here. However, it is not difficult to prove special cases of Dirichlet's theorem, as the following propositionillustrates. Proposition 2.2. There are infinitely many primes of the form 4n * 3, where n rs a positiveinteger.

75

2.3 The Fundamental Theorem of Arithmetic

Beforewe provethis result, we first prove a useful lemma. Lemma 2.6. lf a and b are integers both of the form 4n * l, then the product ab is also of this form. Proof. Since a and b are both of the form 4n * l, there exist integers r and s such that a : 4r * 1 and D : 4s * 1. Hence, ab:

( + r + t ) ( 4 s + 1 ): 1 6 r s* 4 r * 4 s * l : 4 ( 4 r s + r * s )

* l,

which is again of the form 4n * 1. tr We now provethe desiredresult. Proof. Let us assume that there are only a finite number of primes of the f o r m 4 n f 3 , s a yP o : 3 , P t , P 2 ,. . . ,P r . L e t Q:4prpz

P,*3.

Then, there is at least one prime in the factorizationof Q of the form 4n * 3. Otherwise,all of these primes would be of the form 4n * 1, and by Lemma 2.6, this would imply that O would also be of this form, which is a contradiction. However, none of the primes po, Pr,...,,Pndivides 0. The p,, prime 3 does not divide Q, for if 3 I Q, then I I (0-ll : 4pt pz which is a contradiction. Likewise, none of the primes p; can divide Q, p) :3 which is absurd. Hence, becausepj I Q impliespi | (Q-4pr pz primes * 3. tr form 4n infinitely many of the there are

2.3 Problems L

of Find the primefactorizations a) 36

e) 222

b) 3e c) 100

D 2s6 d sr5

j) sooo k) 9s5s

D 5o4o

d) 289

h) 989

D 9999.

2. Show that all the powers in the prime-power factorization of an integer n are even if and only if n is a perfect square. 3.

Which positive integers have exactly three positive divisors? Which have exactly four positivedivisors?

4.

Show that every positive integer can be written as the product of a square and a square-freeinteger. A square-free integer is an integer that is not divisible by

76

Greatest Common Divisors and Prime Factorization

any perfect squares. 5. An integer n is called powerful if whenevera prime p divides n, p2 divrdesn. Show that every powerful number can be written as the product of a perfect squareand a perfect cube. 6. Show that if a and b are positiveintegersand a3 | b2, then a I b. 7.

Let p be a prime and n a positiveinteger. If p' I n, but po*' It n, we say that po exactly divides n, and we write po ll n. a)

Show that if po ll m andpb ll n, then po*b ll mn.

b)

S h o wt h a t i f p o l l m , t h e np k o l l m k .

c)

Show that if po ll m andpb ll n, then ominb'b) il m+ n.

8. a) Let n be a positiveinteger. Show that the power of the prime p occurring in the prime power factorization of n ! is ln/pl + Inlpzl + ln/p3l + b) Use part (a) to find the prime-power factorization of 20!. 9.

How many zerosare there at the end of 1000! in decimal notation? How many in baseeight notation?

10. Find all positive integersn such that n! ends with exactly 74 zeros in decimal notation. ll.

Show that if n is a positiveintegerit is impossiblefor n! to end with exactly 153, 154, or 155 zeroswhen it is written in decimal notation.

12. This problem presentsan example of a system where unique factorization into primes fails. Let H be the set of all positiveintegersof the form 4ft*1, where k is a positiveinteger. a)

Show that the product of two elementsof 11 is also in fI.

b)

An element h*l in 11 is called a"Hilbert prime" if the only way it can be written as the product of two integersin ^FIis h: h'l : l'ft, Find the 20 smallestHilbert primes.

c)

Show every element of H can be factored into Hilbert primes.

d)

Show that factorization of elements of FI into Hilbert primes is not necessarilyunique by finding two different factorizationsof 693 into Hilbert primes.

13. Which positiveintegersn are divisibleby all integersnot exceeding,,/;t 14. Find the least common multiple of each of the following pairs of integers

77

2.3 The Fundamental Theorem of Arithmetic

a) b) c)

8,12 14,15 28, 35

d) e) f)

lll,3o3 2 5 6 ,5 0 4 0 3 4 3 ,9 9 9 .

15. Find the greatestcommondivisorand leastcommonmultipleof the following pairsof integers a) 22335s11,27355372 b)

2 . 3 . 5 . 7 I. '11 3 , 1 7 . t 9 . 2 3 . 2 9

c)

2 3 5t7t ' 3 , 2 . 3 . 5 . 1 t. .1t 3

d)

4 7 t t 7 g t n l 0 lr m r , 4 rl r 8 3 r r r l 0 l1 0 0 0 .

1 6 . Show that every common multiple of the positiveintegersa and b is divisibleby the leastcommon multiple of a and b.

t 7 . Which pairs of integers a and D have greatest common divisor 18 and least commonmultiple 540? 1 8 . Show that if a and b are positive integers, then (a , il

fu, b) : la, bl?

| la, bl. When does

1 9 . Show that if a and b are positive integers, then there are divisors c of a and d o f b w i t hG , d ) :

I a n dc d : l a , b l .

20. Show that if a, b, and c are integers,then [a, Ull c if and only if a I c and b I c. 21. a) Show that if a and b are positiveintegersthen (a,b) :

(a*b,la,bD.

b) Find the two positive integers with sum 798 and least common multiple l 0780.

2 2 . Show that if a,b, and c are positiveintegers,then (la, bl, t) : lG, c), (b, c)l and lfu, b) , cJ : ([4, cl, lb , cl) .

23. a) Show that if a,b, and c are positiveintegers,then m a x ( a , b , c ): a * b * c - m i n ( a , b ) - m i n ( a , c ) - m i n ( D , c ) * min(a,b,c). b) Use part (a) to show that a,brcla 'br'c.) . . G , b ) G , c ) ( b, c ) where 24. Generalizeproblem 23 to find a formula for (ay,a2,...,on)'1d1,a2,...,an1 positive are a 1.a2,...,a integers. n [a,b,clla,b,cl :

25. The least common multiple of the integers a1,a2,...,an, that are not all zero, is it is the smallestpositiveinteger that is divisible by all the integerso1,ct2,...,a,;

78

GreatestCommonDivisorsand PrimeFactorization

denotedby Ia 5a2,...,an1. il

F i n d[ 6 , 1 0 , 1 5 a ]n d[ 7 , 1 1 , 1 3 j .

b)

: l[,a1,a2,...,an-1l,anl. Show that laya2,...,an-1,anl

26. Let n be a positive integer. How many pairs of positive integerssatisfy Ia,bl: n?

27. Prove that there are infinitely many primes of the form 6ft * 5, where k is a positive integer.

28. Show that if a

and b are integers, then the arithmetic progression a, a*b, a*Zb,... containsan arbitrary number of consecutivecompositeterms.

29. Find the prime factorizationsof a) l06- l b) lo8-l c ) 2r 5- l

d) e) f)

224-l 230-l 236-t.

30. A discount store sells a camera at a price less than its usual retail price of ,S99. If they sell 88137 worth of this camera and the discounteddollar price is an integer, how many camerasdid they sell? 31. il

show that if p isa prime and,a is a positiveintegerwithp I a2, then p I a.

b) Show that if p is a prime, c is an integer, and n is a positive integer such t h a t p l a n , t h e np l a .

32. Show that if a and b are positive integers, then a2 | b2 implies that a I b. 3 3 . Show that if a,b, and c are positive integers with (a ,b) : I and ab : cn, then there are positive integers d and,e such that a : dn and b : en.

34. Show that

if aya2,...,an are pairwise relatively prime l a 1 , c t 2 , . . . ,: a a np l 2''' sn.

integers, then

2.3 Computer Projects Write programs to do the following: 1. Find all positivedivisors of a positive integer from its prime factorization. 2.

Find the greatest common divisor of two positive integers from their prime factorizations.

3.

Find the least common multiple of two positive integers from their prime factorizations.

4.

Find the number of zeros at the end of the decimal expansionof n ! where n is a positiveinteger.

2.4 Factorization of Integers and the Fermat Numbers

79

5. Find the prime factorizationof n! where n is a positiveinteger.

2.4 Factorization of Integersand the Fermat Numbers From the fundamental theorem of arithmetic, we know that every positive integer can be written uniquely as the product of primes. In this section,we discussthe problem of determiningthis factorization. The most direct way to find the factorization of the positive integer n is as follows. Recall from Theorem 1.9 that n either is prime, or else has a prime factor not exceeding 6 . Consequently,when we divide n by the primes 2,3,5,...not exceeding ,/i,*" either find a prime factorpr of n or elsewe concludethat r is prime. If we have located a prime factor p r of n, we next look for a prime factor of nt: nlp1, beginningour searchwith the prime p1, since n I has no prime factor lessthan p1, nnd any factor of n1 is also a factor of n. We continue,if necessary,determining whether any of the primes not exceeding rlr r divide n1. We continue in this manner, proceedingrecursively,to find the prime factorizationof n. Example. Let n : 42833. We note that n is not divisible by 2,3 and 5, but that 7 | n. We have 4 2 8 3 3- 7 . 6 1 1 9 . Trial divisions show that 6119 is not divisible by any of the primes 7,11,13,17,I9,and 23. However,we seethat 6l19:29'2ll. we know that 211 is prime. We conclude that the prime Since 29 > ,m, factorizationof 42833is 42833 - 7 ' 29 ' 2ll. Unfortunately,this method for finding the prime factorizationof an integer is quite inefficient. To factor an integer N, it may be necessaryto perform as divisions, altogether requiring on the order of JF bit many as r(JF) operations,since from the prime number theorem zr(JF) is approximately ,N /tog..N : 2,N AogN, and from Theorem 1.7, thesedivisionstake at least log N bit operations each. More efficient algorithms for factorization have been developed, requiring fewer bit operations than the direct method of factorization previously described. In general, these algorithms are complicatedand rely on ideasthat we have not yet discussed.For information about thesealgorithms we refer the reader to Guy [66] and Knuth [561. We note that the quickest method yet devised can factor an integer N in

80

GreatestCommonDivisorsand PrimeFactorization

approximately

e*p(@) bit operations,where exp standsfor the exponentialfunction. In Table 2.1, we give the time required to factor integersof various sizes using the most efficient algorithm known, where the time for each bit operation has been estimated as one microsecond(one microsecondis 10-6 seconds). Number of decimal digits

Number of bit operations

Time

50

l.4x10r0

3.9hours

75

9 . 0 xl 0 r 2

104days

100

2 . 3 xl 0 r 5

74 years

200

1.2x1023

3.8xl0e years

300

l.5xl02e

years 4.9x1015

500

l.3xl03e

years 4.2x102s

Table2.1. Time RequiredFor Factorization of LargeIntegers. Later on we will show that it is far easier to decide whether an integer is prime, than it is to factor the integer. This difference is the basis of a cyptographicsystemdiscussedin Chapter 7. We now describea factorizationtechniquewhich is interesting,although it is not always efficient. This technique is known as Fermat factorization and is basedon the following lemma. Lemma 2.7. lf n is an odd positive integer, then there is a one-to-one correspondencebetween factorizations of n into two positive integers and differencesof two squaresthat equal n. Proof. Let n be an odd positive integer and let n : ab be a factorization of n into two positive integers. Then n can be written as the differenceof two squares,since n:aD:

,

l o + u l ' - ll-ol - u l ' l:l | 2 ,l t 2 )'

81

2.4 Factorizationof Integersand the FermatNumbers

where G+b)12 and b-b)/2

are both integerssincea and b are both odd.

Conversely,if n is the differenceof two squares,say n: tr can factor n by noting that n : (s-l)(s+t).

s2 - /2, then we

To carry out the method of Fermat factorization,we look for solutionsof the equation,, : *2 - yz by searchingfor perfect squaresof the form xz - n. Hence, to find factorizationsof n, we search for a square among the sequence of integers t2-n, Q+Dz-n, (t+2)2-n,... where I is the smallest integer greater than ,/i . This procedureis guaranteed to terminate,sincethe trivial factorizationn : n'l leadsto the equation

n: fn+rl' I r l-

lr-rl'

|. , ,l

Example. We factor 6077 using the method of Fermat factorization. Since < 78, we look for a perfect square in the sequence 77 < ffi1 7 8 27 9 28 0 2812-

6 0 7 7: 7 6 0 7 7: 1 6 4 6 0 7 7:3 2 3 6077:484:222.

Since 6077:812 - 222. we conclude that 59.103.

6077: $l-2D(8t+zz)

:

Unfortunately, Fermat factorization can be very inefficient. To factor n using this technique, it may be necessary to check as many as Q + D 12 - ,/n integers to determine whether they are perfect squares. Fermat factorization works best when it is used to factor integers having two factorsof similar size. The integers Fn :22' + I are called the Fermat numbers. Fermat conjectured that these integers are all primes. Indeed, the first few are p r i m e s , n a m e l y F o : 3 , F 1 : 5 , F 2 : 1 7 ,F 3 : 2 5 7 , a n d F + : 6 5 5 3 7 . 1 is compositeas we will now demonstrate. Unfortunately,F5 :22'* Proposition 2,3. The Fermat number F5:

22'+ 1 is divisibleby 641.

Proof. We will prove that 641 | fr without actually performing the division. Note that

82

GreatestCommonDivisorsand PrimeFactorization

6 4 1: 5 . 2 7 + l : 2 a Hence.

+ 54.

22'+' -?;^i?ii:,:;o,2ii,Ii:, =Z'ile fil 'r'*'

Therefore,we seethat 64t I F's. tr The followingresult is a valuableaid in the factorizationof Fermat numbers. Proposition 2.4. Every prime divisor of the Fermat number F, :22' + | is of the form2n+2k+ I. The proof of Proposition2.4 is left until later. It is presentedas a problem in Chapter 9. Here, we indicate how Proposition2.4 is useful in determining the factorizationof Fermat numbers. Example. From Proposition 2.4, we know that every prime divisor of F 3: 22' + | :2 5 7 m u s t b e o f th e fo rm 2sk * l : 32.k + l . S i nce there are no primes of this form less than or equal to ,/81, we can concludethat Ft : 257 is prime. Example. In attempting to factor F 6 : 22'+ l, we use Proposition2.4 to see that all its prime factors are of the form 28k + l:256.k * l. Hence, we need only perform trial divisionsof Foby those primes of the form 256'k + | that do not exceed -,,/Fu. After considerablectmputation, one finds that a pr im e div is o ri s o b ta i n e dw i th k : l 0 ? l ,i .e . Z74l i ' l : (256.10?l+ l ) I F6. A great deal of effort has been devoted to the factorization of Fermat numbers. As yet, no new Fermat primes have been found, and many people believe that no additional Fermat primes exist. An interesting, but impractical, primality test for Fermat numbers is given in Chapter 9. It is possibleto prove that there are infinitely many primes using Fermat numbers. We begin by showing that any two distinct Fermat numbers are relativelyprime. The following lemma will be used. Lemma 2.8. Let F1, :22' * I denote the kth Fermat number, where k is a nonnegativeinteger. Then for all positiveintegersn , we have FoFf z

Fn-t: Fn - 2.

Proof. We will prove the lemma using mathematical induction. For n : 1, the identity reads

2.4 Factorization of Integers and the Fermat Numbers

83

Fo : Fr - 2 ' This is obviouslytrue since F0 : 3 and Fr : 5. Now let us assumethat the identity holds for the positiveinteger n, so that FoFf z' ' ' Fn-r: F, - 2. With this assumptionwe can easilyshow that the identity holds for the integer n * I, since Fn-rFr: (FsFf2 "' Fr-)Fn FoFfz - ( F n - z ) F n : ( 2 2 '- D ( 2 2 ' + t ) -2. tr - ( 2 2 ' 1 2- l - 2 2 ' * ' - 2 : F r a 1 This leadsto the following theorem. Theorem 2.6. Let m and n be distinct nonnegative integers. Then the Fermat numbersF^ and F, are relatively prime. Proof. Let us assumethat m 1 n. From Lemma 2.8, we know that Fffz'''

F^' "

F r - r: F n - 2 .

Assumethat d is a commondivisor of F* and Fo. Then, Proposition1.4 tells u s th a t d I G, -

F s F .o 2

Fm

F , -1) :2.

Hence, either d:l or d:2. However,since F, and Fn are odd, d cannot be 2. Consequently, d:l and (F^,F) : I. tr Using Fermat numbers we can give another proof that there are infinitely many primes. First, we note that from Lemma 1.1, every Fermat number Fn has a prime divisor pr. Since (F*,F): l, we know that p^ # p, whenever m # n. Hence,we can concludethat there are infinitely many primes. The Fermat primes are also important in geometry. The proof of the following famoustheoremmay be found in Ore [28]. Theorem 2.7. A regular polygon of n sidescan be constructedusing a ruler " ' pt w here p;, a n d c om pas sif and o n l y i f n i s o f th e fo rm n :2 opl i:1,2,...,t are distinct Fermat primes and a is a nonnegativeinteger.

84

GreatestCommonDivisorsand PrimeFactorization

2.4 Problems l.

Find the prime factorizationof the following positiveintegers il

2.

egzgzt

b) 1468789

c) SSOO8OZ9.

Using Fermat's factorization method, factor the following positive integers a)

7709

d)

I l02l

b)

73

e)

3200399

c)

10897

f)

24681023.

3. a) Show that the last two decimal digits of a perfect squaremust be one of the followingpairs: 00, el, e4,25, o6, e9, where e standsfor any even digit and o stands for any odd digit. (Hint: Show that n2, (50+n)2, and (50-n)2 all have the same final decimal digits, and then consider those integers n with

0(n<2s.) b) Explain how the result of part (a) can be used to speed up Fermat's factorization method.

4. Show that if the smallestprime factor of n is p, then xz-n will not be a perfect squarefor x )

h+pz) lLp .

5 . In this problem, we developthe method of Draim factorization. To search for a

factor of the positiveinteger n - nr, we start by using the division algorithm, to obtain i l 1: 3 q y * r y ,

0(11

(3.

Settingntr - nr, we let t/12:

t/lt -

Zqt,

fl2:

ttt2*

11.

We use the divisionalgorithm again, to obtain f l 2 : 5 q 2 * 1 2 , 0 ( 1 2( 5 , and we let 3:

rtl2 -

2qZ,

fl1 :

t 1 4 3*

t2.

We proceedrecursively,using the division algorithm, to write nx : (2k+l)qy * ry, 0 ( 11 < 2k+1, and we define

85

2.4 Factorization of Integers and the Fermat Numbers

fllk :

m*-t-2Qt-t,

ttk :

ttl* *

rt-t.

We stop when we obtain a remaindet/1 : 0. q2*' ' ' + q,-)

a)

Show that n1 : knr *qo-r). 2'(qftq2*

b)

S h o wt h a t i f ( z * + t ) I , , t h e n ( 2 k + l ) I n r a n dn : ( 2 k * l ) m 1 , 1 1 .

c)

Factor 5899 using the methodof Draim factorization.

Qk+l)

(qft

and rltk:

n1-

6 . In this problem, we devel
Let u: (a-c,b-d). S h o w t h a t u i s e v e na n d t h a t i f r : ( a - c ) l u s : ( d - i l f u , t h e n ( r , s ) : l , r ( a * c ) : s ( d + b ) , a n ds I a + c .

b)

L e t s v : a * c . S h o wt h a t r v : d + b , e :

c)

Concludethat n may be factoredas n:1fu12)2 + (v/2)zl(r2 + s2).

d)

U s e E u l e r ' sm e t h o dt o f a c t o r 2 2 1 : 1 0 2 + l l 2 : 5 2 + 1 4 2 , 2 5 0 1: 5 0 2 + 1 2 : 492+ 102and 1000009: 10002+ 32 :9722 + 2352.

and

(a+cd+b), andv is even.

7 . Show that any number of the form 2an+2* I can be easily factored by the use of (2x2+2x+l)(Zx2-Zx+t\. the identity 4xa + 1 : Factor 218+1 using this identity.

8 . Show that if a is a positiveinteger and a^ *l is a prime, then m:2n for some positive integer (ak9-t)-akQ-D +

n.

(Hint: Recall the identity -ae+l) wherem:kQ and { is odd).

a^*l:

(aft + l)

9 . Show that the last digit in the decimal expansionof F, - 2r + | is 7 if n 7 2. (Hint: Using mathematicalinduction, show that the last decimal digit of 22' is 6.) 10. Use the fact that every prime divisor of Fa:2t + I :65537 is of the form 26k + | - 64k * I to verify that F4 is prime. (You should need only one trial division.) I l.

Use the fact that every prime divisor of Fz: 22'+ | is of the form 21k + | : l28k * 1 to demonstrate that the prime factorization of F5 is F. : 641'6700417.

r2.

Find all primesof the form 2T * 5, where n is a nonnegativeinteger.

1 3 . Estimate the number of decimal digits in the Fermat number Fn.

GreatestCommonDivisorsand PrimeFactorization

86

2.4 Computer Projects Write programs to do the following: l.

Find the prime factorization of a positive integer.

2.

Perform Fermat factorization.

3. Perform Draim factorization (see problem 5). 4.

Check a Fermat number for prime factors, using Proposition 2.4.

2.5 LinearDiophantineEquations Consider the following problem. A man wishes to purchase $510 of travelers checks. The checks are available only in denominationsof $20 and $50. How many of each denominationshould he buy? If we let x denotethe number of $20 checks and y the number of $50 checks that he should buy, then the equation 20x * 50y : 510 must be satisfied. To solvethis problem, we need to find all solutions of this equation, where both x and y are nonnegativeintegers. A related problem arises when a woman wishes to mail a package. The postal clerk determinesthe cost of postageto be 83 cents but only 6-cent and 15-centstampsare available. Can some combinationof thesestampsbe used to mail the package? To answer this, we first let x denote the number of 6cent stampsand y the number of l5-cent stamps to be used. Then we must have 6x + I5y : 83, where both x and y are nonnegativeintegers. When we require that solutionsof a particular equationcome from the set of integers,we have a diophantine equation. Diophantineequationsget their name from the ancient Greek mathematician Diophantus, who wrote extensivelyon such equations. The type of diophantine equation ax * by : c, where a, b, and c are integersis called a linear diophanttne equations in two variables. We now develop the theory for solving such equations. The following theorem tells us when such an equation has solutions,and when there are solutions,explicitly describesthem. Theorem 2.8. Let a and D be positiveintegerswith d : (a,b). The equation ax*by:c h a s n o i n t e g r a ls o l u t i o n si f d l c . lf dlc, then thereare infinitely many integral solutions. Moveover, if x : x0, | - lo is a particular solutionof the equation,then all solutionsare given by x : xo+ (b/d)n, ! : yo- fuld)n,

87

Equations 2.5 LinearDiophantine

where n is an integer. Proof. Assumethat x and y are integerssuch that ax I by : g. Then, since dlo andd lb,byPropositio1 n . 4 ,d l t a s w e l l . H e n c e , ' rdf t r c , t h e r e a r e no integral solutionsof the equation. Now assumethat d | ,. From Theorem2.1, there are integerss and t with

(2.3)

d:as+bt.

Sinced l r, there is an integere with de : c. Multiplying both sidesof (2.3) bv e. we have c:de:(as+bt)e:a(se)

+ bQe).

Hence, one solution of the equation is given by @Io,.wlere X * S€ rtacl =7€. -x0-'Ftf11*}f

I --te

and To show that there are infinitely many solutions,let x:nfo+ $liln y:Y0 G / d) n, wh e re n i s a n i n te g e r. W e s e e that thi s pai r (x,y) i s a solution, since V rfi"v g rof14 ax t by : oxs* a(bld)n * byo- bGld)il: oxst bys: c. We now show that every solutionof the equationax * by : c must be of the form described in the theorern. Suppose that x and y are integers with ax I bY : c. Since a x s* b y o : , , by subtractionwe find that G x * b y ) - ( a x s + b y s ): 0 , which impliesthat

a& - x/ + bU -.yd :0. Hence, a(x - xo): bjo-

y).

Dividingboth sidesof this last equalityby d, we seethat G l d ) (x - x s ) : (b l d ) U t - y). 2.1, we know that bld,bld): By Proposition

l.

Using Lemma 2.3, it

88

GreatestCommonDivisorsand prime Factorization

follows that Q/d) | 9o- y). Hence, G/d)n:lo-l; t h i s m e a n st h a t y - l o of y int o th e e q u a ti o n a (x - x d aG - x d : b b /d )n , w h i c h i mp l i e sth a t x

there is an integer n with G / i l n . N o w p u t t i n gt h i s v a l u e : bOo- y), w e fi nd that : x0 + (bl d)n. D

We now demonstratehow Theorem 2.8 is used to find the solutions of particular linear diophantineequationsin two variables. Consider the problems of finding all the integral solutions of the two diophantine equationsdescribedat the beginning of this section. We first considerthe equation6x + I5y : 83. The greatestcommon divisor of 6 and 15 is (6,15) : 3. Since I / gl, we know that there are no integral solutions. Hence,no combinationof 6- and l5-cent stampsgivesthe correct postage. Next, consider the equation 20x t 50y :519. The greatest common divisor of 20 and 50 is (20,50): 10, and since l0 | 510, there are infinitely many integral solutions. Using the Euclidean algorithm, wo find that 20eD * 50 : 10. Multiplying both sides by 51, we obtain 20(-102) + 50(51) : 510. Hence, a particular solution is given by x 0: - 102 an d ./o :5 1 . T h e o re m2 .8 te l l s u s that al l i ntegralsol uti onsare of the form x : -102 * 5n and y : 5l - 2n. Since we want both x and y to be nonnegative,we must have - I02 + 5n ) 0 and 5l - 2n ) 0; thus, n ) 20 2/5 and n 4 25 l/2. Since n is an integer, it follows that n : 2 1 , 2 2 , 2 3 , 2 4 , o r 2 5 . H e n c e ,w e h a v et h e f o l l o w i n g5 s o l u t i o n sG: y ) : ( 3 , 9 ) ,( 8 , 7 ) ,( 1 3 , 5 ) ,( 1 9 , 3 ) ,a n d ( 2 3 , t ) .

2.5 Problems l.

For eachof the followinglineardiophantine equations, eitherfind all solutions, or showthat thereare no integralsolutions a) 2x I 5y:11 b) l7x * l 3 y : 1 g g c ) Z I x * l 4 y :1 4 7 d) 60x * l 8 y :9 7 e) t4o2x + t969y : r.

2. A studentreturningfrom Europechangeshis Frenchfrancs and Swissfrancs into U.S. money. If he receives $ll.9l and has receivedI7a for eachFrench franc and 480 for eachSwissfranc, how much of eachtype of currencydid he exchange?

89

2.5 Linear Diophantine Equations

3. A grocer orders apples and orangesat a total cost of $8.39. If apples cost him 25c each and oranges cost him 18c each and he ordered rnore apples than l€ I oranges,how many of each type of fruit did he order? 4.

A shopper spends a total of .85.49 for oranges, which cost l8o each, and grapefruits, which cost 33c each. What is the minimum number of pieces of fruit the shoppercould have bought?

5. A postal clerk has only l4-cent and 2l-cent stamps to sell. What combinations of these may be used to mail a packagerequiring postageof exactly

a) 6.

.t3.50

b)

c)

$4.00

$ 7 .7 7 2

At a clambake, the total cost of a lobster dinner is $ I I and of a chicken dinner is ,$8. What can you conclude if the total bill is a)

$777

b)

$96

c)

$692

I anxn: b has 7. Show that the linear diophantineequationafi1* a2x2* and has infinitely many solutionsif no solutionsif d / D, where d : (a1,a2,...,a11),

d I b. equations 8. Find all integersolutionsof the followinglineardiophantine a) 2x*3yl4z:5 b) 7x*2ly*352:8 d

l0lx * 10 2 y+ 1 0 3 2:1 .

9. Which combinations of pennies, dimes,and quartershavea total value99c? 10. How manywayscanchangebe madefor onedollarusing a) dimesand quarters b) nickels.dimes,and quarters nickels,dimes,and quarters? c) pennies, I l.

Find all integersolutionsof the followingsystems of lineardiophantineequations a) x* y* z:100 x*8y*502:156 b) x+ y + z:100 x * 6y * 2lz :121 c) x* y* z + w-100 xt2y13z*4w-300 x*4y*9z1'16w-1000.

12. A piggy bank contains24 coins,all nickels,dimes,and quarters. If the total valueof the f,oinsis two dollars,what combinations of coinsare possible?

90

GreatestCommonDivisorsand PrimeFactorization

13. Nadir Airways offers three types of tickets on their Boston to New York flights. First-classtickets are $70, second-class tickets are $55, and stand-by tickets are $39. If 69 passengersp^y a total of $3274 for their tickets on a particular flight, how many of each type of tickets were sold? 14. Is it possibleto have 50 coins,all pennies,dimes,and quartersworth,$3? 15. Let a and b be relatively prime positive integers and let n be a positive integer. We call a solution x )) of the linear diophantine equation ax * by : n nonnegativewhen both x and y are nonnegative. il

Show that whenevern 2 G-l)(6-l) this equation.

b)

Show that if n:

c)

Show that there are exactly (a-1)$-D/2 the equation has a nonnegativesolution.

d)

The post office in a small Maine town is left with stamps of only two values. They discover that there are exactly 33 postage amounts that cannot be made up using thesestamps,including 46c. What are the values of the remainingstamps?

there is a nonnegativesolution of

ab - a - 6, then there are no nonnegativesolutions. positive integers n such that

2.5 Computer Projects Write programs to do the following: 1. Find the solutionsof a linear diophantine equation in two variables. 2.

Find the positivesolutionsof a linear diophantine equation in two variables.

3.

Find the solutionsof a linear diophantine equation in an arbitrary number of variables.

4.

Find all positive integers n for which the linear diophantine equation ax * by : n has no positive solutions (see problem I 5).

Congruences

3.1 Introduction to Congruences The special language of congruencesthat we introduce in this chapter is extremely useful in number theory. This language of congruences was developedat the beginning of the nineteenthcentury by Gauss. Definition. lf a and b are integers, we say that a is congruent to b modulo mif m l(a-b). I f a i s c o n g r u e n t t o Dm o d u l om , w e w r i t e a = b ( m o d z ) . l f m I G - b ) , we write a # b (mod m), and say that a and b are incongruent modulo m. Example. We have 22 = 4 (mod 9), since 9 | QZ-D 3 = -6 (mod 9) and 200 = 2 (mod 9).

: 18.

Likewise

Congruencesoften arise in everyday life. For instance, clocks work either modulo 12 or 24 for hours, and modulo 60 for minutes and seconds.calendars work modulo 7 for days of the week and modulo 12 for months. Utility meters often operate modulo 1000, and odometers usually work modulo 100000. In working with congruences, it is often useful to translate them into equalities. To do this, the following proposition is needed. Proposition 3.1. If a and b are integers,then a = b (mod m) if and only if there is an integer k such that a : b * km.

92

Congruences

Proof. If a:- b (mod m), then m I b-b). This means that there is an integer k with km : a - b, so that A : b * km. Conversely,if there is an integer /< with a : b * km, then km : a - b. Hence m I G-b), and consequently,a = b (mod rn ). tr Example. We have 19 : The following congruences.

-2 (mod 7) and 19 : -2 + 3'7.

proposition establishes some important

properties of

Proposition 3.2. Let m be a positive integer. Congruencesmodulo rn satisfy the following properties: (i)

Reflexive property. If a is an integer, then a = a (mod m).

(ii)

Symmetric property. If a and b are integers such that a = b (m o d m),th e n b = a (mo d rn ).

(iii)

Transitive property. If e, b, and c are integers with a = b (m o d m ) a n d b :- c (m o d m),then a 4 c (mod m ).

Proof. ( i)

W e s e e th a t a = a (mo d m ), s i n c em I G-a)

:0.

(iil

If a: b ( m o d m ) , t h e n m I Q - b ) . H e n c e ,t h e r ei s a n i n t e g e rf t w i t h k m : a - b . T h i s s h o w st h a t ( - k ) m : b - a. so that (b -d . (mod m | C o n s e q u e n tl yD, = a m).

(iii)

If a = b (mod rz) and b =c (mod la), then m I G-b) and m | (b -d . H e n c e , th e re a re i n te gersk and 0 w i th km: a - b and T h e re fo re , e - c : (a-D ) + (b-c) : Qm : b - c . k m * Qm : (k + D m. and C o n s e quentl y, m I G-d a ? c (m o d z ). tr

From Proposition 3.2, we see that the set of integers is divided into m different sets called congruenceclasses modulo m, each containing integers which are mutually congruent modulo m. Example. The four congruenceclassesmodulo 4 are given by

93

3.1 Introductionto Congruences

Let a be an integer. Given the positive integer m, m ) l, by the division algorithm, we have a : bm * r where 0 ( r ( ru - 1. From the equation a: bm f r, we see that a 3 r (mod z). Hence, every integer is congruent modulo m to one of the integers of the set 0, 1,...,m - l, namely the remainderwhen it is dividedby m. Since no two of the integers0, 1,...,m - | are congruent modulo m, we have m integers such that every integer is congruent to exactly one of these ln integers. Definition. A complete system of residues modulo m is a set of integers such that every integer is congruent modulo m to exactly one integer of the set.

Example. The division algorithm shows that the set of integers modulorn. This is called the 0, 1,2,...,m- | is a completesystemof residues residues nonnegative modulo m. set of least Example. Let m be an odd positive integer. Then the set of integers -3 ,, r . . . tm TrT

_ m-l 2

m-l

is a complete system of residues called the set of absolute least residues modula m. We will often do arithmetic with congruences. Congruenceshave many of the same properties that equalities do. First, we show that an addition, subtraction, or multiplication to both sides of a congruence preserves the congruence.

Theorem 3.1. If a, b, c, and m are integers with m ) 0 such that a = b (mod m ). then (il a*c=b+c(modm), (iD e - c -- S - c (modz). (iiD ac

bc (mo d m ).

Proof. Sincea = b (mod m), we know that m I G-b). From the identity G + d - ( b + d - a - b , w e s e em l l f u + d - $ + c ) 1 , s o t h a t ( i ) f o l l o w s . Likewise,(ii) followsfrom the fact that fu-c) - (b-c): a - b. To show that (iiD holds,note that ac - bc : cG-D. Sincem I Q-b), it follows that m I cb-b), and hence,ac = bc (modm). tr Example.

Since l9

3 (mod 8),

it

follows from

Theorem 3.1 that

94

C ongruences

26: 19+7 = 3 +7 : l0 (mod8), 15: 19 -4: and 38 : l9'2 = 3'2: 6 (mod8).

3-

4:

-l

(mod8),

What happens when both sides of a congruenceare divided by an integer? Consider the following example. E x a m p l e .W e h a v e 1 4 : 7 . 2 : 4 . 2 : 8

( m o d6 ) . B u t 7 * 4 ( m o d6 ) .

This example shows that it is not necessarily true that we preserve a congruencewhen we divide both sides by an integer. However, the following theorem gives a valid congruencewhen both sides of a congruenceare divided by the same integer. Theorem 3.2. If a, b, c and m are integers such that m > 0, d : (c,m), and ac = bc (mod z), then a :- b (mod m/d). Pro of . lf ac = bc (mo d m),w e k n o w th a t m I Gc-bc): c(a-b). H ence, there is an integer k with cb-b): km. By dividing both sides by d, we have G /il G-b) : k fu /d). Since (m /d ,c/d) : 1, from Proposition2.1 it follows that m/d I Q-b). a Hence, a :- b (mod m/il. Example. Since 50 = 20 (mod 15) and 5 0 /10 : 20/ 10 ( mo d l 5 /i l , o r 5 = 2 (m o d 3 ).

(10,5) : 5,

we

see

that

The following corollary, which is a special case of Theorem 3.2, is used often. C o rollar y 3. 1. I f a ,b ,c , a n d m a re i n te g e rssuch that m 7 0, (c,m) : 1, and ac = bc (mod la), then a = b (mod llz). Example. Since 42 = 7 (mod 5) and (5,7) = 1, we can conclude that 4 2 /7 : 7/ 7 ( m od 5 ), o r th a t 6 : I (m o d 5 ). The following theorem, which is more general than Theorem 3.1, is also useful. Theorem 3.3. If e, b, c, d, and m are integers such that a = b (mod nc), and c = d (mod rn ), then (i) ( ii) ( iii)

m ) 0,

a * c = b + d (modm), a - c fi - d (mo d m), ac ? b d (mo d m).

Proof. Since a = b (mod m) and c = d (mod m), weknow that m I G-U)

95

3.1 Introductionto Congruences

andmlk-d). Qm: c - d.

H e n c e ,t h e r e a r e i n t e g e r sk a n d . 0 w i t h k m : a - b

and

km * Qm: T o p r o v e( i ) , n o t et h a t ( c + c ) - ( b + d ) : f u - b ) + k - d ) : ( U + a ) | . * c = b * Q T h e r e f o r e , (k+Dm. Hence, m ll,(a+c) ( m o d m). d - Qm : To pr ov e ( ii) , not e th a t (a -c ) - O -d ) : b -b ) - k-d) : km ( m o d m)' d $ c s ot h a t a H e n c e ,m l t G - c ) - $ - i l 1 , &-Dm. (iii), bc* bc - bd : ac - bd :ac that note prove To Hence, m I Qc - bil. ckm t bQm: mkk+bD. cG-b) + OG-d): Therefore,ac = bd (mod m). tr Exa mp le. S inc e 13 = 8 (mo d 5 ) a n d 7 = 2 (mo d 5), usi ng Theorem 3.3 w e -8-7=I :8+2:-0 (mod5), 6:13-7 see that 2O-13+7 ( m o d 5 ) , a n d 9 l : l 3 ' 7 : 8 ' 2 : 1 6 ( m o d5 ) . Theorem 3.4. If r612,,...,r^is a completesystemof residuesmodulo m, and if a is a fositive integer with (a ,fti) : 1, then ar1 t b, ar2 * b,..., ar^ * b is a completesystemof residuesmodulo z. Proof. First, we show that no two of the integers a r 1 * b , a r 2 * b , . . . ,a r ^ * b are congruent mod ulo m. To see this, note that if ari*b=arr

*b

(modz),

then, from (ii) of Theorem 3.1, we know that ari = ar1, (mod m) ' Because(a,m) : 1, Corollary 3.1 showsthat rj :

rp (mod m) .

Since ,i # rp (mod m) if i # k, we concludethat i : k. Since the set of integers in question consists of m incongruent integers modulo m, theseintegers must be a complete system of residuesmodulo ru. tr

96

Congruences

The following theorem shows that a congruenceis preservedwhen both sides are raised to the same positive integral power. Theorem 3.5. rf a, b, k, and m are integers such that k 7 0, m ) 0, and a = b (mod m), then ak = bk (mod m) . Proof. Becausea = b (mod m), we have ml?

- b). Since

ak - bk : (a-b) (ak-t+ak-zb+ . . . *abk-216k-11, we see that G - DlGk - bk). Therefore, from Proposition1.2 it follows that mlGk - Uk). Hence, ek : bk (mod m). tr Example. Since 7 = 2 (mod 5), Theorem 3.5 tells us that = 23 = 8 ( m od 5 ).

343 : 73

The following result shows how to combine congruencesof two numbers to different moduli. ( m o d f f i z ) , . . . a, = b ( m o d m 1 , ) T h e o r e m3 . 6 . l f a : b ( m o d m y ) , a = b where a,b,ml, frt2,...,t/t1, a;fointegerswith mt,frl2 ,...,t/r1positive,then a = b (mod lmpm2,...,mpl), where Lm1,m2,...,rup1 is the leastcommon multiple of mr,rrr2,...,t/tk. ( m o d z l ) , a : - b ( m o df f i z ) , . . .a, = b ( m o dm t ) , w e P r o o f . S i n c ea = b ( o know that m, | b ) , . . . ,m * I G - D . D,mzl G From problem20 of Section2.3, we seethat [ , m 1 , m 2 , . . . , m *Q] l - b ) . Consequently, a = b ( m o d L m 1 , m 2 , . . . , m * l )E. An immediate and useful consequenceof this theorem is the following result. ( m o df f i z ) , . . . ,a = b (modz1) C o r o l l a r y3 . 2 . l f a : D (modz1), a=b where a and b are integers and ftt1,r/t2,...,,r,rt1, are relatively prinie positive integers,then a = b (modn4rtltz." m).

3 .1 In t r oduc t ion t o C o n g ru e n c e s

zfa pairwise relatively prime, problem 34 of Section Proof. Since ffi1,ftt2,...,t?11, 2.3 tells us that l m 1 , m 2 , . . . , m k: l f t l i l l 2 ' ' '

mk

Hence,from Theorem 3.6 we know that a :- b (m o d w tfl tz ' ' ' m).

a

In our subsequentstudies, we will be working with congruencesinvolving large powers of integers. For example,we will want to find the least positive residue o1 26+amodulo 645. If we attempt to find this least positive residueby first computing 2644,wewould have an integer with 194 decimal digits, a most undesirable thought. Instead, to find 26aamodulo 645 we first express the exponent644 in binary notation:

G4qro: (lolooooloo)2. ,...,2tt' by Next, we compute the least positive residues of 2,22,24,28 gives the congruences us This 645. reducing modulo and squaring successively

2 22 2+ 28 216 232 264 2128 22s6

2srz

2 4 16 256 391 16 256 391 l6 256

(mod 645), (mod645), (mod649, (mod 645), (mod 645), (mod 645), (mod645), (mod 645), (mod649, (mod 64il.

We can now compute 2644modulo 645 by multiplying the least positive residuesof the appropriatepowersof 2. This gives : 2512212824 = 256.391.16 26aa- 2512+128+4 :1601536=I(mod645). We have just illustrated a general procedure for modular exponentiation, that is, for computing 6N modulo m where b, ffi, and N are positive integers. We first expressthe exponentN in binary notation, as l{ : (arar-t...apo)2. We then find the least positive residues of b ,b2,b4,...,b2'modulo rn, by squaring and reducing modulo rn. Finally, we multiply the least successively positive residuesmodulo m of bv for those j with ai : l, reducing modulo rn after each multiplication.

98

Congruences

In our subsequentdiscussions,we will need an estimate for the number of bit operations needed for modular exponentiation. This is provided by the following proposition. Proposition 3.3. Let b,m, and ,A/ be positive integerswithD < m. Then the least positive residue of bN modulo m can be computed using O (0og2m)2log2N)bit operations. Proof. To find the least positive residue of bN (mod rn), we can use the algorithm just described. First, we find the least positive residues of b,b2,b4,...,62'modulom, where 2k < N < 2k*t, by successively squaring and reducing modulo ru. This requiresa total of O(0og2m)2log2N) bit operations, becausewe perform [log2lf I squarings modulo m, each requiring o(Iogzm)2) bit operations. Next, we multiply together the least positive residues of the integers bl correspondingto the binary digits of N which are equal to one, and we reduce modulo m after each multiplication. This also requires O(Qog2m)2log2,n/) bit operations, because there are at most log2N multiplications, each requiring O((log2m)2) Uit operations. Therefore, a total of O((log2m)2log2lf) bit operationsare needed. tr

3.f l.

Problems For which positive integers m are the following statementstrue il

27 :5

b)

1000 -- 1 (mod rn )

c)

l33l :

( m o dz )

0 (mod ln)?

2.

Show that if a is an even integer, then a2 = 0 (mod 4), and if a is an odd integer, then a2 = I (mod 4).

3.

Show that if a is an odd integer,then az = I (mod 8).

4.

Find the least nonnegativeresidue modulo l3 of

a) 22 b) 100 c ) i00l

d) -l

e) -loo f) -1000.

5 . Show that if a, b, m, and n are integers such that m ) 0, n ) 0, n I m, and a = b (mod rn ), then a = b (mod n).

6. Show that if a,b,c,

a n d m a r e i n t e g e r ss u c h t h a t c ) 0 , m l O , a = b (mod rn ), then ac J bc (mod mc).

and

99

3.1 Introductionto Congruences

7. Showthatif a,b,andc (a,c): (bd . 8.

a r e i n t e g e r s w i t h c) 0 s u c h t h a t a = b ( m o d c ) , t h e n

Show that if ai =bi (mod z) for j : 1,2,...,n,where m is a positiveinteger and Q i , b i , i : 1 , 2 , . . . , n ' a r e i n t e g e r s t, h e n nn

il

)a1

=)b1

j-t

(modz)

j-l

nn

b)

f l a'i : -

j-l

f l br; ( m o d r n) .

t-t

In problems 9-11 construct tables for arithmetic modulo 6 using the least nonnegativeresiduesmodulo 6 to representthe congruenceclasses. 9.

Construct a table for addition modulo 6.

10. Construct a table for subtraction modulo 6. I l.

Construct a table for multiplication modulo 6.

12. What time does a clock read a)

29 hours after it reads I I o'clock

b)

100 hours after it reads 2 o'clock

c)

50 hours before it reads 6 o'clock?

13. Which decimal digits occur as the final digit of a fourth power of an integer? 14. What can you conclude if a2 = 62 (mod p), where a and b are integers and p is prime? 15. Show that if ak = bt (mod nr) and ak+t : bk+l (mod nr), wherea,b,k, and then such that (a,m):1, and m)0 m a r e i n t e g e r sw i t h k > 0 I is dropped, is the conclusionthat a = b (mod rn ). If the condition (a,m): a = b (mod z) still valid? 16. Show that if n is a positive integer, then +(n-l)

il

t+2+3+

b)

13+23+33+

+

=0(modn).

(n-l)3=o(modn).

17. For which positive integers n is it true that 1 2+ 2 2 + 3 2 +

* ( n - l ) 2 = o ( m o dn ) ?

18. Give a complete system of residuesmodulo l3 consistingentirely of odd integers. 19. Show that if n = 3 (mod 4), then n cannot be the sum of the squares of two integers. 20.

il

Show that if p is prime, then the only solutions of the congruence x 2 = x ( m o d p ) a r e t h o s ei n t e g e r sx w i t h x = 0 o r I ( m o d p ) .

100

Congruences

b) 21.

Show that if p is prime and ft is a positive integer, then the only solutionsof x2 =x (mod pk) arethoseintegersx such that x E 0 or I (modpe).

Find the least positive residuesmodulo 47 of a)

232

b)

c)

247

22w

2 2 . Let

t/t1,t/t2,...,n\r be pairwise relatively prime positive integers. M : mifiz' ' ' mp and Mj : M/mi for; - 1,2,...,k. Show that M(tr*

M2a2*

Let

* Mpap

runs through a complete system of residues modulo M when a1,a2,...,a1,run through complete systemsof residuesmodulo rn1,nt2,...,r/t1, respectively.

2 3 . Explain how to find the sum z * v from the least positive residue of u * v modulo m, where u and. v are positive integers less than z . (Hint: Assume that u ( v and consider separately the cases where the least positive residue of u I v is less than a, and where it is greater than v.)

24. on a computer with word size w, multiplicertion modulo n, where n I w f2, can

be performed as outlined. Let T:IJn + %1, and t : T2 - n. For each computation, show that all the required computer arithmetic can be done without exceedingthe word size. (This method was describedby Head t67]). a)

Show that lr | < r.

b)

Show that if x and y are nonnegativeintegers less than n, then x:aT*b,

y:cT*d

where a,b,c, and d are integers such that 0 ( a ( 0 ( c < T, and 0 < d < T. c)

Letz = ad * bc (mod n), with 0 ( z ( z. Show that

d)

Let ac:eT*f where e 0
e)

Letv:z*

(z*et)T

and f

Z, 0 < , < T,

areintegerswith0(e
+ ft * bd (mod n).

er (modn),with0(v

(n.

Showthatwecanwrite

v : gT * h, where g and h are integers with 0 ( g ( xy :

hT + V+S)t

f,0

< h < T, and such that

+ bd (mod n).

3.1 Introductionto Congruences

f)

101

Show that the right-hand side of the congruence of part (e) can be computed without exceeding the word size by first finding j with j = (f +s)l

(mod n)

and 0 < j < n, and then finding /c with k=j+Dd(modn) and0
27.

Find the least positive residue of a)

3ro modulo I I

b)

2r2 modulo 13

c)

516modulo 17

d)

322modulo 23.

e)

Can you propose a theorem from the above congruences?

Find the least positive residuesof a)

5! modulo 7

b)

10! modulo 11

c)

12! modulo 13

d)

16! modulo 17.

e)

Can you propose a theorem from the above congruences?

28. Prove Theorem 3.5 using mathematical induction. 29.

Show that the least nonnegative residue modulo m of the product of two positive integers less than m can be computed using O(logzm) bit operations.

30.

a)

Five men and a monkey are shipwrecked on an island. The men have collected a pile of coconuts which they plan to divide equally among themselves the next morning. Not trusting the other men, one of the group wakes up during the night and divides the coconuts into five equal parts with one left over, which he gives to the monkey. He then hides his portion of the pile. During the night, each of the other four men does exactly the same thing by dividing the pile they find into five equal parts leaving one coconut for the monkey and hiding his portion. In the morning, the men

102

Congruences

gather and split the remaining pile of coconuts into five parts and one is left over for the monkey. What is the minimum number of coconuts the men could have collected for their original pile? b)

Answer the same question as in part (a) if instead of five men and one monkey, there are n men and k monkeys, and at each stage the monkeys receive one coconut each.

3.1 Computer Projects Write computer programs to do the following: l.

Find the least nonnegativeresidue of an integer with respectto a fixed modulus.

2.

Perform modular addition and subtraction when the modulus is less than half of the word size of the computer.

3.

Perform modular multiplication when the modulus is less than half of the word size of the computer using problem 24.

4.

Perform modular exponentiationusing the algorithm describedin the text.

3.2 Linear Congruences A congruenceof the form ax = b (mod m)' where x is an unknown integer, is called a linear congruencein one variable. In this section we will see that the study of such congruencesis similar to the study of linear diophantine equationsin two variables. We first note that if x : xo is a solution of the congruence ax 7 b (modm), and if x1 : r0 (mod m), then ax13 axs- b (modz), so that x 1 is also a solution. Hence, if one member of a congruence class modulo m is a solution, then all members of this class are solutions. Therefore, we'may ask how many of the m congruenceclassesmodulo m give solutions; this is exactly the same as asking how many incongruent solutions there are modulo m. The following theorem tells us when a linear congruence in one variable has solutions, and if it does, tells exactly how many incongruent solutionsthere are modulo m. Theorem 3.7. Let a, b, and m be integers with ru ) 0 and (a,m) : d. lf d I b, then has no solutions. If d I b, then ax j D (mod rn ) ax 7 b (mod rn ) has exactly d incongruent solutionsmodulo z .

103

3.2 LinearGongruences

Proof. From Proposition 3.1, the linear congruence ax 7 b (mod m) is equivalent to the linear diophantine equation in two variables ax - m! : b. The integer x is a solution of ax 7 b (mod m) if and only if there is an integer y with ax - my : b. From Theorem 2.8, we know that if d tr b, there are no solutions, while if d I b, ax - my : b has infinitely many solutions,given by x : ro * (m/d)t,l : lo+

b/d)t,

where x : xo and y : !0 is a particular solution of the equation. The values of x given above, x:xo*'(mld)t, are the solutionsof the linear congruence;there are infinitely many of these. To determine how many incongruent solutions there are, we find the condition that describeswhen two of the solutions xl : x0 + (m/d)tt and x2: xo * (mld)tz are congruent modulo m. If these two solutions are cbngruent, then r o * fu /d )tr

z x o * fu /d )t2 ( mod m).

Subtracting xo from both sidesof this congruence,we find that fu/d)tr

j

@/d)t2 (modm).

Now (m,m/d) : m/d since@/d)

| z, so that by

t r z 1 2( m o d d ) .

tt

,ry*"seethat "ore#

A=h

This shows that a complete set of incongruent solutions is obtained by taking xo+ (m/d)t, where / ranges through a complete system of residues x: where One such set is given by x : xo + @/d)t modulo d. / : 0,1,2,...,d l. n We now illustrate the use of Theorem Example. To find allsolutions of 9x = 12 (mod l5), we first note that since (9,tS) :3 and I l{hnere are exactly three incongruent solutions. We can find these solutions by first finding a particular solution and then adding the appropriatemultiples of l5/3 : 5. To find a particular solution, we consider the linear diophantine equation 9x - l5y : 12. The Euclidean algorithm showsthat A C,q,

r "v

104

Congruences

/' \ n 0.t5)- ,))

1 5: 9 ' l + 6 9 :6'1 + 3 6:3'2,

s o t h a # s 9 : ' e . l : 9 - ( t S - q . D : 9 - 2 - 1 5 . H e n c e9 . 8 - 1 5 . 4 : 1 2 , a n d : 8 and lo : 4. a particular solutionof 9x - l5y : 12 is given by "o From the proof of Theorem 3.7, we see that a complete set of 3 incongruent solutionsis given by t : x0 = 8 (mod l5), x : x0 + 5 = 13 (mod l5), and x : x o + 5 ' 2 : 1 8 = 3 ( m o dl 5 ) . We now consider congruencesof the special form ax ? I (mod la). From Theorem 3.7, there is a solution to this congruenceif and only if (a,m): l, and then all solutions are congruent modulo rn. Given an integer a with (a,m) : l, a solution of ax 7 I (mod lz) is called an inverse of a m odulo m . / \

73 )ly =\

lF ai= F7 r3 ?- 2.5.I

i =7- L{a,-'}'f.?{ ti'L

Example. Since the solutionsof 7x = I (mod 31) satisfy x = 9 (mod 3l),9, and all integers congruent to 9 modulo 31, are inverses of 7 modulo 31. Analogously, since 9'7 = I (mod 3l) , 7 is an inverseof 9 modulo 31. When we have an inverse of a modulo z, we can use it to solve any congruenceof the form ax 2 b (mod m). To see this, let a be an inverse of a modulo m , so that aa: I (mod rn ). Then, if ax = D (mod m), we can multiply both sides of this congruence by a to find that a Gx) : ab (mod rn ), so that x [[ (mod ln ) . Exa m ple. T o f ind th e s o l u ti o n so f 7 x :2 2 (m o d 31), w e mul ti pl y both si des of this congruence by 9,, an inverse of 7 modulo 31, to obtain 9 -7 x = 9- 22 ( m od 3 1 ). H e n c e ,x = 1 9 8 : 1 2 (mod 31). (a ,m) : l, then We note here that if j (mod ax b m) has a unique solution modulo rn.

the

linear

congruence

Example. To find all solutions of 7x = 4 (mod l2), we note that since l, there is a unique solution modulo 12. To find this, we need only 0,t2): obtain a solution of the linear diophantine equation 7x - l2y :4. The Euclidean algorithm gives

12:7' l + 5 7:5'l+2 5:2'2*l 2 : 1 . 2. Hence

[ : 5 - 2 . 2 : 5 - 0 - 5 . 1 ) . 2: 5 . 3- 2 . 7 : ( 1 2 - 7 . 1 :) 3 - 2 . 7-

105

3 .2 Linear Congr u e n c e s

12.3 - 5.7. Therefore,a particular solution to the linear diophantineequation is xs : -20 and ys : 12. Hence, all solutionsof the linear congruencesare given by x = -20 = 4 (mod 12). Later otr, we will want to know which integers are their own inverses modulo p where p is prime. The following propositiontells us which integers have this property. Proposition 3.4. Let p be prime. The positive integer a is its own inverse mo d ulop if and on l y i f a = | (m o d p ) o r e : -l (mod p). or a : Proof. lf a :l(modp) is its own inversemodulo p.

-l(modp),

then a2 = l(modp), so that a

I (modp). C o n v e r s e l yi ,f a i s i t s o w n i n v e r s em o d u l op , t h e n a 2 : a ' o : ( a l ) ( a + l ) , p or either Since a2 l: Hence, p I Gz-t). I G-l) p I G + t ) . T h e r e f o r ee, i t h e ra = I ( m o dp ) o r q : - - 1 ( m o d p ) . E

3.2 Problems l.

Find all solutionsof eachof the following linear congruences. a) b) c)

2.

3x = 2 (mod 7) 6x = 3 (mod 9) l7x = 14 (mod2l)

d) e) f)

l5x = 9 (mod 25) l28x = 833 (mod 1001) 987x = 610 (mod 1597).

The L e t a , b , a n d m b e p o s i t i v e i n t e g e r s w i t h7a0 , m ) 0 , a n d ( a , m ) : L following method can be used to solve the linear congruenceax 2 b (mod m). a)

Show that if the integer x is a solution of ax = b (mod m), then x is also a solution of the linear congruence ag

-

-b[m/al

(modzr).

where c1 is the least positive residue of m modulo a. Note that this congruence is of the same type as the original congruence,with a positive integer smaller than a as the coefficientof x. b)

When the procedure of part (a) is iterated, one obtains a sequence of with of equal to linear congruences x coefficients oo: cr ) a1) a2) S h o w t h a t t h e r e i s a p o s i t i v ei n t e g e r n w i t h d, : l, so that at the nth stage, one obtains a linear congruence x=B(modn).

106

Congruences

c)

Use the method described in part (b) to solve the linear congruence 6x = 7 (mod 23).

3.

An astronomer knows that a satellite orbits the earth in a period that is an exact multiple of I hour that is less than I day. If the astronomer notes that the satellite completes 11 orbits in an interval starting when a 24-hour clock reads 0 hours and ending when the clock reads l7 hours, how long is the orbital period of the satellite?

4.

F o r w h i c h i n t e g e r s cw i t h 0 ( c < 3 0 d o e s t h e c o n g r u e n c e l 2 x= c ( m o d 3 0 ) have solutions? When there are solutions, how many incongruent solutions are there?

5.

Find an inversemodulo 17 of a)

4c)7

b)

s

d) re.

6.

Show that if d'is an inverse of a modulo m and D is an inverse of D modulo m. then a- i ir un inverse of ab modulo z.

7.

Show that the linear congruence in two variables ax * by = c (mod z), where a,b,c,and, m are integersm , ) 0 , w i t h d : G , b , m ) , h a s e x a c t l yd m incongruent solutions ,f d I c, and no solutionsotherwise.

8.

Find all solutionsof the following linear congruencesin two variables a) b)

2x * 3 y : I ( m o d 7 ) 2x + 4 v = 6 ( m o d 8 )

c) d)

6x * 3y =0 (mod9) lOx * 5v = 9 (mod l5).

9.

Let p be an odd prime and k a positive integer. Show that the congruence x2 = I (mod pt) has exactly incongruent solutions, namely two xE-fl(modpt).

10.

Show that the congruence x2 = I (mod 2ft) has exactly four incongruent solutions,namely x E tl or +(t+Zk-t) (mod 2ft), when k > 2. Show that when k : I there is one solution and when k :2 there are two incongruent solutions.

I l.

Show that if a and m ^re relatively prime positive integers with a ( rn, then an inverse of a modulo m can be found using O (log m) bit operations.

12.

Show that if p is an odd prime and a is a positive integer not divisible by p, then the congruence x2 = a (mod p) has either no solution or exactly two incongruent solutions.

3.2 Computer Projects Write programs to do the following:

107

3.3 Th e Chines e Rem a i n d e r T h e o re m

l.

Solve linear congruenceusing the method given in the text.

2.

Solve linear congruencesusing the method given in problem 2.

3 . Find inversesmodulo m of integers relatively prime to ln where m is a positive integer.

4 . Solve linear congruencesusing inverses. 5 . Solve linear congruencesin two variables.

3.3 The ChineseRemainderTheorem In this sectionand in the one following, we discusssystemsof simultaneous congruences. We will study two types of such systems. In the first type, there are two or more linear congruencesin one variable, with different moduli (moduli is the plural of modulus). The secondtype consistsof more than one simultaneouscongruencein more than one variable, where all congruences have the same modulus. First, we considersystemsof congruencesthat involveonly one variable, but different moduli. Such systemsarose in ancient Chinese puzzlessuch as the following: Find a number that leavesa remainder of I when divided by 3, a remainder of 2 when divided by 5, and a remainder of 3 when divided by 7. This puzzle leadsto the following systemof congruences: I (m o d 3 ). x

2 (mod5), x

3 (mod 7)

We now give a method for finding all solutions of systems of simultaneous congruencessuch as this. The theory behind the solution of systemsof this type is provided by the following theorem, which derives its name from the ancient Chineseheritageof the problem. The Chinese Remainder Theorem. Let rlt1,r/t2,...,trtrbe pairwise relatively prime positiveintegers. Then the systemof congruence x x

a 1 ( m o dz 1 ) , a2(mod,m2),

ar(modm,), has a unique solution modulo M - tltfitz

108

Congruences

Proof. First, we construct a simultaneous solution to the system of congruences. To do this, let Mk : M/mt : fttlll2. . . tytk_rntk+l . mr. we know that (Mr, mt) : I from problem 8 of Section2.1, since (mi, mp) : I wheneveri I k. Hence, from Theorem 3.'7, we can find an inverse ./r of M1 modulo mp, so that Mt lr, = I (mod mt). We now form the sum x :

atM01*

a2M21,t2*

* arMry,

The integer x is a simultaneous solution of the r congruences. To demonstrate this, we must show that x ? ar, (mod m1) for k : 1,2,...,r. since mt I Mi wheneverj * k, we have Mj :0 (mod nzp). Therefore, in the sum for x, all terms except the kth term are congruent to 0 (mod m). Hence, x ? etM*lr: = I (mod m). ak (mod m*), sinceM*t We now show that any two solutions are congruent modulo M. Let xs and x 1 both be simultaneoussolutions to the system of r congruences. Then, for each k, x0 E xr E ar (mod m*), so that mr | (xo-x). Using Theorem 3.7, we see that M l(xe-x1). Therefore,x0 E x1 (mod M). This shows that the simultaneoussolution of the system of r congruencesis unique modulo M. tr We illustrate the use of the Chinese remainder theorem by solving the system that arises from the ancient Chinese puzzle. Example. To solve the system x = I (mod3) x=2(mod5) x = 3 (mod 7), w e h a v e M - 3 . 5 . 7: 1 0 5 , M r : 1 0 5 / 3 : 3 5 , M z : I A 5 / 5: 2 1 , a n d Mt: 105/ 7 : 1 5 . T o d e te rm i n e !r, w e sol ve 35yr= I (mod 3), or equiv alent ly , 2y r = I (m o d 3 ). T h i s y i e l d sj zr E 2 (mod 3). W e fi nd yzby solving 2lyz: I (mod 5); this immediately gives lz = I (mod 5). Finally, wef ind y t by s o l v i n g r5 y t= 1 (m o d 7 ). T h i sgi ves/r E I (mod 7). H ence,

x E l ' 3 5 ' 2+ 2 . 2 1 . + 1 3.15.1 -157= 52 (mod105). There is also an iterative method for solving simultaneous systems of congruences. We illustrate this method with an example. Supposewe wish to solve the system

3 .3 T he Chines e R e ma i n d e r T h e o re m

x=l(mod s) x = 2 ( m o d6) x = 3 ( m o d7 ) . We use Proposition 3.1 to rewrite the first congruenceas an equality, namely x : 5t * l, where / is an integer. Inserting this expressionfor x into the second congruence, we find that 5r+l:2(mod6). Using Proposition which can easily be solved to show that / : 5 (mod 6) : 6u * 5 where u is an integer. Hence, 3.1 again, we write t : :5(6rz+5) * I 30u 126. When we insert this expressionfor x into the x third congruence,we obtain 30u t 26 = 3 (mod 7). When this congruenceis solved, we find that u : 6 (mod 7). Consequently, Proposition3.1 tells us thatu -7v * 6, where v is an integer. Hence, x : 3 0 (7 v + 6 ) + 2 6 :2 1 0 v

+ 206.

Translating this equality into a congruence,we find that x :

2O6 (mod 210),

and this is the simultaneoussolution. Note that the method we have just illustrated shows that a system of simultaneous questions can be solved by successively solving linear congruences. This can be done even when the moduli of the congruencesare not relatively prime as long as congruencesare consistent. (See problems 7-10 at the end of this section.) The Chinese remainder theorem provides a way to perform computer arithmetic with large integers. To store very large integers and do arithmetic with them requires special techniques. The Chinese remainder theorem tells a positive integer us that given pairwise relatively prime moduli r/t1,r/12,...,ffi,, ' ' : rltiltz' mr is uniquely determined by its least positive n with n < M : j 1,2,...,r. Supposethat the word size of a computer residuesmoduli mi for wish we 100, but that to do arithmetic with integers as large as 106. is only prime integers less than 100 with a product pairwise we relatively find First, r/t2:98, m3:97, and i n s t a n c e w , e c an take mt:99, 1 0 6 ; f o r exceeding 4-tuples consistingof their integers less than 106 into 95. We convert mq: (To positive fti4. integers as n43, convert residues modulo ffi2, a;fid mt, least

110

Congruences

large as 106 into their list of least positive residues,we need to work with large integers using multiprecision techniques. However, this is done only once for each integer in the input and once for the output.) Then, for instance,to add integers, we simply add their respective least positive residues modulo tntt, t/t2, rn3, ?,fid ftr4, rrrzking use of the fact that if x = xi (mod m) and : xi * y; (mod m). We then use the Chinese ! = li (mod m), then x * y remainder theorem to convert the set of four least positive residuesfor the sum back to an integer. The following example illustrates this technique. Example. We wish to add x : 123684 and y : 413456 on a computer of word size 100. We have

x = 33 (mod99), x?8(mod98), x:9(mod97), x = 89 (mod95).

y y y y

= = : =

32 (mod99), 92 (mod98), 42 (mod97), 1 6 ( m o d9 5 ) ,

so that x+Y=65(mod99) x+y:2(mod98) x + Y = 51 (mod 97) x+y:10(mod95). We now use the Chinese remainder theorem to find x * y modulo 9 9 ' 9 8 ' 9 7 ' 9 5 .W e h a v e M : 9 9 ' 9 8 . 9 7 . 9 5 : 8 9 4 0 3 9 3 0 M , r: M/99:903070, Mz: Ml98:912288, Mt: Ml97:921690, and Mq: Ml95:941094. We need to find the inverse of Mi (mod /i) for i : 1,2,3,4. To do this, we solve the following congruences(using the Euclidean algorithm): 9O307Oy t = 9ly r 912285y2: 3yz: 921690y3 : 93y3 = 941094ya = 24yq =

1 I I I

(mod 99), (mod98), (mod 97), (mod 95).

(mod 99), yz = 38 (mod 98), /r -- 24 (mod 97), and We find that yr:37 ( m o d 95). Hence, !+= 4 x * y = 65'903070'37+ 2'912285'33+51'921690'24+ l0'941094'4 : 3397886480 = 53 7 1 4 0(m o d 3 9 4 0 3 9 3 0 ). Since 0 ( x * y < 89403930,we concludethat x + y :

537140.

111

3 .3 Th e Chines e Rem a i n d e r T h e o re m

On most computersthe word size is a large power of 2, with 235a common value. Hence, to use modular arithmetic and the Chineseremainder theorem to do computer arithmetic, we need integers less than 235 that are pairwise relatively prime which multiply together to give a large integer. To find such integers,we use numbers of the form 2m - l, where m is a positive integer. Computer arithmetic with these numbersturns out to be relatively simple (see Knuth t57l). To produce a set of pairwise relatively prime numbers of this form, we first prove somelemmata. Lemma 3.1. If a and b are positive integers,then the least positive residueof Za - I modulo 2b - I is 2' - 1, where r is the least positive residue of a mo d u l o b. Proof. From the division algorithm, c : bq * r where r is the least pos'itive (2o-l) : 12b++r-1) : We have b. modulo a residue of ( 2 , l ) , w h i c h s h o w s that the (Zb_DebQ-t)+r a + 2b+,+2,)+ l; this is the least positive I is 2' I is divided by 2b remainderwhen 2a 1. D 1 modulo 26 residue of 2o We u s e Lem m a 3. 1 t o Pro v ethe following result. Lemma 3.2. lf a and b are positive integers, then the greatest common divisor of 2o - 1 and 2' - 1 is 2 k , b )- 1 . Proof. When we perform the Euclidean algorithm with a : ro and b obtain f g

:

rtQt *

f 1

:

r2Q2-t r3

:

rZ

ln-2Qn-2*

where the last remainder,

we

0(12(11

0(r:(-rz

0<

is the greatestcommon divisor of a and b.

Using Lenrma 3.1. and the steps of the Euclidean algorithm with a : rs and b : , r, when we perform the Euclidean algorithm on the pair 2 a - I : Ro and2b - I : R 1 , w € o b ta i n

112

Congruences

Rs :RrQr*Rz R1 :RzQz*R:

Rn-r : Rn-z:

Rn-zQn-z* --,'-r Rn-l Rn-tQn-t.

R2 :2"-| R3 :2"-\

^ : 2r'-t-1 Rn-t

Here the last non-zeroremainder,Rn-l : )r'-r - I : 2G'b)- l, is the greatest common divisor of Ro and R1. tr From Lemma 3.2, we have the following proposition. Proposition 3.5. The positive integers 2a - 1 and 2b - I are relatively prime if and only if a and b are relatively prime. We can now use Proposition 3.5 to produce a set of pairwise relatively prime integers, each of which is less than 235,with product greater than a specified integer. Supposethat we wish to do arithmetic with integers as large as 2186. We p:gk lfir:2t5 - I, tltz:zto - l, t/t3:233 - l, t7t4- ztt - l, tns: 22e- l, and r/t6:22s - l. Since the exponentsof 2 in the expressions for the mi are relatively prime, by Proposition 3.5 the M i's are pairwise relatively prime. Also, we have M : H!fl2nt3n4qrflsftio2 2t86. we can now use modular arithmetic and the Chinese remainder theorem to perform arithmetic with integersas large as 2186. Although it is somewhat awkward to do computer operations with large integers using modular arithmetic and the Chinese remainder theorem, there are some definite advantages to this approach. First, on many high-speed computers, operations can be performed simultaneously. So, reducing an operation involving two large integers to a set of operations involving smaller integers, namely the least positive residuesof the large integers with respectto the various moduli, leads to simultaneous computations which may be performed more rapidly than one operation with large integers. Second, even without taking into account the advantages of simultaneous computations, multiplication of large integers may be done faster using these ideas than with many other multiprecision methods. The interested reader should consult K nut h t 561.

113

3 .3 The Chines e Re ma i n d e r T h e o re m

3.3 Problems l.

Find all the solutionsof each of the following systemsof congruences. a)

x:4(modll) x = 3(mod 17)

b)

x = l(mod2) x = 2(mod 3) x = 3(mod 5)

c)

x x x x

= = E =

d)

x x x x x

:2(mod ll) = 3(mod 12) = 4(mod 13) E 5(mod 17) = 6(mod l9).

0(mod 2) O ( m o d3 ) l(mod 5) 6(mod 7)

2 . A troop of 17 monkeys store their bananas in eleven piles of equal size with a twelfth pile of six left over. When they divide the bananas into 17 equal groups none remain. What is the smallest number of bananasthey can have?

3 . As an odometer check, a special counter measuresthe miles a car travels modulo 7. Explain how this counter can be used to determine whether the car has been driven 49335, 149335, or 249335 miles when the odometer reads 49335 and works modulo 100000. 4.

Find a multiple of I I that leavesa remainder of I when divided by each of the integers2,3,5,and 7.

5.

Show that there are arbitrarily long strings of integers each divisible by a perfect square. (Hint: Use the Chinese remainder theorem to show that there is a simultaneous solution to the system of congruences x 5 0 (mod 4), -2 (mod 25),..., x - -ls*l (mod p|), where p1, is the x = -l (mod 9), x: kth prime.)

6" Show that if a,b, and c are integerswith (a,b) :1, s u c ht h a t G n * b . c ) : l .

then there is an integer n

In problems 7-10 we will consider systemsof congruenceswhere the moduli of the congruencesare not necessarilyrelatively prime.

7 . Show that the system of congruences x 4 a1 (mod rn 1) x :- a2 (mod m2) Show that when there is a has a solution if and only if (m6m2) | Gra). solution, it is unique modulo (lmvmzl). (Hint: Write the first congruenceas x : a, * km, where ft is an integer, and then insert this expressionfor x into the secondcongruence.)

8 . Using problem 7, solvethe following simultaneoussystem of congruences

114

Congruences

\-

at

x: y -

9.

4 (mod 6) 13 (mod15)

b)

x =7 (modl0) x=4(mod15).

Show that the systemof congruences x t a1 (modz1) x z az (mod m2)

v, 3 4, (mod ln") has a solution if and only if (m;,m1) | G, - a) for all pairs of integers (i,7) with I (i
d) .r = 2 (mod 6) (mod8) x=4 (mod14) x=2 x = 14 (mod 15)

b) x = 2 (mod 14) x = 16 (mod 2l) x : l0 (mod 30) (mod9) c) x = 2 (mod15) x=8 x = l0 (mod 25) ll.

(mod9) e) x = 7 x = 2 (mod l0) (mod12) x=3 (modl5). x=6

What is the smallest number of eggs in a basket if one egg is left over when the eggs are removed 2,3,4,5, or 6 at a time, but no eggs are left over when they are removed7 ata time?

t 2 . Using the Chinese remainder theorem, explain how to add and how to multiply 784 and 813 on a computer of word size 100. 13. A positive integer x * | with n base b digits is called an automorph to the base b if the last n base b digits of xz are the same as those of x. a)

Find the base l0 automorphs with four or fewer digits.

b)

How many base b automorphs are there with n or fewer base b digits, if b has prime-power factorization 6 : pl' pl' ' ' ' pl,' Z

14. According to the theory of biorhythms, there are three cycles in your life that start the day you are born. These are the physical, emotional, and intellectual cycles, of lengths 23,28, and 33 days, respectively. Each cycle follows a sine

115

3.3 The ChineseRemainderTheorem

curve with period equal to the length of that cycle, starting with amplitude zero, climbing to amplitude I one quarter of the way through the cycle, dropping back to amplitude zero one half of the way through the cycle, dropping further to amplitude minus one three quarters of the way through the cycle, and climbing back to amplitude zero at the end of the cycle. Answer the following questionsabout biorhythms, measuringtime in quarter days (so that the units will be integers). a)

For which days of your life will you be at a triple peak, where all of your three cyclesare at maximum amplitudes?

b)

For which days of your life will you be at a triple nadir, where all three of your cycles have lowest amPlitude?

c)

When in your life will all three cyclesbe a neutral position (amplitude 0) ?

15. A set of congruencesto distinct moduli greater than one that has the property that every integer satisfiesat least one of the congruencesis called a covering set of congruences. a)

x = 0 (mod 3), congruences x = 0 (mod 2), set of the Show (mod (mod = (mod is 12) a covering set of ll 6), and x 4), x = I x = | congruences.

b)

), x=0(mod3), Show that the set of congruences x = 0 (mod 2) ( m o d 6 ) , rl (modl0), x=l ( m o d 7 ) , ( m o d = x = = I x 0 5 ) , x 0 x (mod30),x-4 ( m o d l 4 ) , x = 2 ( m o d l 5 ) , x = 2 ( m o d2 l ) , x 7 ( m o d ( m o d 104(mod 105)is a (mod 35), x = 5 70), and x 42), x = 59 covering set of congruences.

it

factorization prime-power (mod m) has exactly p:' . Show that the congruencex2 = 1 ^ : zo'p'r'pi' 2 ' + ' s o l u t i o n sw h e r e e : } i f a 6 : 0 o r l , € : I i f a 6 : 2 , a n d e : 2 i f a s } 2 . (Hint: Use problems 9 and l0 of Section 2.3.) Let

m

be

a

positive

integer

with

The three children in a family have feet that are 5 inches,7 inches,and 9 inches long. When they measure the length of the dining room of their house using their feet, they each find that there are 3 inches left over. How long is the dining room? 3.3 Computer Projects Write programs to do the following: the Chinese remainder

l.

Solve systemsof linear congruencesof the type found theorem.

2.

Solve systemsof linear congruencesof the type given in problems7-10.

3.

Add large integers exceedingthe word size of the computer using the Chinese remainder theorem.

116

Congruences

4.

Multiply large integers exceeding the word size of the computer using the Chinese remainder theorem.

5.

Find automorphsto the base D, where b is a positive integer greater than one (seeproblem 13).

6.

Plot biorhythm charts and find triple peaks and triple nadirs (see problem l4).

3.4 Systemsof Linear Congruences We will considersystemsof more than one congruenceinvolving the same number of unknowns as congruences,where all congruenceshave the same modulus. We begin our study with an example. Suppose we wish to find all integers x and y congruences 3x * 4y :5 (mod13) 2x t 5y = 7 (mod 13)

such that both of the

are satisfied. To attempt to find the unknownsx and |, we multiply the first congruenceby 5 and the secondby 4, to obtain

I 5x * 20y = 25 (mod 13) 8x * 20y :- 28 (mod 13). We subtractthe first congruence from the second,to find that 7x = -3 (mod l3). Since 2 is an inverse of 7 (mod 13), we multiply both sides of the above congruencesby 2. This gives 2'7 x :

-2'3 (mod 13),

which tells us that x = 7 (modl3). Likewise, we can multiply the first congruenceby 2 and the secondby 3, to seethat

117

3 .4 Sy s t em s of Line a r C o n g ru e n c e s

6x * 8y = l0 (mod 13) -2l (modl3). 6x * l5y we obtain from the second, Whenwe subtractthe first congruence 7y = 11 (mod13). To solve for y, we multiply both sidesof this congruenceby 2, an inverseof 7 modulo 13 . We get ( m o dl 3 ) , Z"ly :2'll so that v = 9 (mod l3). What we have shown is that any solution (xy)

must satisfy

x = 7 (mod l3), y = 9 (mod l3). When we insert these congruencesfor x and y into the original system,we see that thesepairs actually are solutions,since

3x * 4y : 3'7 + 4'9 : 57 =5 (mod l 3 ) 2 x * 5 v = 2 ' 7 + 5 ' 9 : 5 9 : 7 ( m o dI 3 ) . Hence, the solutions of this system of congruencesare all pairs G,y) with x = 7 ( m od 13) and v = 9 (m o d l 3 ). We now give a general result concerningcertain systernsof two congruences in two unknowns. Theorem3.8. Let a,b,c,d,€,f , a n d m b e i n t e g e r sw i t h m ) 0 , s u c ht h a t (L ,m) : l, wher eA : a d -b c . T h e n , th e s y s te mo f congruences ax*by:e(modm) cx*dy:f(modm) has a unique solution modulo m given by = @e-bfl (mod ln) "y = 4 L Gf -ce) (mod m), where A ir un inverseof A modulo m. Proof. We multiply the first congruenceof the system by d and the secondby b . to o bt ain

118

C ongruences

adx * bdy = de (mod m) bcx * bdy = bf (mod m) . Then, we subtract the secondcongruencefrom the first, to find that G d -b c ) x = d e -b f o r , s i n c eA :

(mod m),

ad-bc, Ax = de-bf

(mod rn ).

Next, we multiply both sidesof this congruenceby A, an inverseof A modulo m, to concludethat x = A @e-bfl

(mod la).

In a similar way, we multiply the first congruenceby c and the secondby a, to obtain acx * bcy = ce (mod m) acx * ady = af (mod m). We subtract the first congruencefrom the second,to find that Gd-bc)y

:

of -ce (mod z)

or Ly :

af -ce (mod na).

Finally, we multiply both sidesof the abovecongruenceby r to seethat y = I bf -cd

(mod z).

We have shown that if (x,y) is a solution of the system of congruences, then x = A @ e -b f) (m o d z ) , y = L bf -ce) (mod z). We can easily check that anX such pair G,y) is a solution. When x=A @e-bfl (mod m) andy: ibf -tri (mod m), we have

3 .4 S y s t em s of Lin e a r C o n g ru e n c e s

119

gE @r-bn + bA Gf -ce) -abf -bce) L bde-abf L, fud-bc) e e (modm),

ax*by

and

cx * dy : 4 tat-bn + dE Gf -ce) :- L Gde-brf + adf-cde) = a bd-bdf = A'L,f :

/

( m o dm ) .

This establishesthe theorem. tr By similar methods, we may solve systemsof r congruencesinvolving n unknowns. However, we will develop the theory of solving such systems,as well as larger systems, by methods taken from linear algebra. Readers unfamiliar with linear algebra may wish to skip the remainder of this section. Systems of r linear congruencesinvolving n unknowns will arise in our subsequentcryptographicstudies. To study these systemswhen r is large, it is helpful to use the language of matrices. We will use some of the basic notions of matrix arithmetic which are discussedin most linear algebra texts, su ch as A nt on t 0O l . We need to define congruencesof matrices before we proceed. Definition. Let A and B be nxk matrices with integer entries, with (i,/)th entries aii and br7 , respectively. We say that A is congruent to B modulo m i f a i i - b i j ( m o dm ) f o r a l l p a i r s ( i , 7 ) w i t h I < t ( n a n d t ( , r < k . W e write A B (mod m) if I is congruentto B modulo m. The matrix congruence A = B (mod m) provides a succinct way of expressing the nk congruences o,j = bi1 (mod m) for I ( i ( rz and I ( 7 < /c. Example. We easily seethat

f" 13l 2) L8

The following proposition

(q 3l

( m ordr ) ' l: rJ be needed.

120

Gongruences

Proposition 3.6. lf A and B are nxk matriceswith A : B (mod m), C is a n k x p m at r ix a n d D i s a p x n ma tri x , al l w i th i nteger entri es, then AC = ^BC (mod m) and DA = DB (mod m). Proof. Let the entries of A and B be a;i and b,7, respectively,for I ( i ( n a n d l e t t h e e n t r i e so f C b e c i i n f o r l < i and l(7
i

and

k.

Hence, from

Theorem

3.3

we

b o,,r,j z

see that

':l

n

--BC (mod la). 2 bnc,i (mod ne). Consequently,AC t:l

The proof that DA :

DB (mod m) is similar and is omitted. tr

Now let us consider the system of congruences QttXtl anxz* A Z t X t * a Z ZX Z t

--- (mod *er, xn b1 m) *?r, x, 2 b2 (modm)

QnrXt *

lann xn :

anZXZ *

bn (mod rn ).

Using matrix notation, we see that this system of /, congruencesis equivalent to the matrix conqruenceAX = B (mod lz ). Qtt an

Qln

X1

by

azt azz

Q2n

X2

bz

where A :

,X:

Anl

An2

,andB:

Onn

xn

3x*.4y :{ 2xt5y

(mo d 13) (mo d l 3)

Example. The system

ca n be wr it t en as

bn

121

3.4 Systemsof LinearCongruences

4l| f'l b | |

[ 12 sJ lyj

fsl ( m o d l 3 ) .

-

Ll

L7J

We now develop a method for solving congruences of- the form AX = B (mod m). This method is based on finding a matrix I such that 7Z - 1 (mod m), where 1 is the identity matrix. Definition. lf A and ,q are nxn matrices of integers and if

f'o

ol

l l

ol t ( m o zd ) , w h e rIe: l o . . . t ya t r iox f i s t h ei d e n t i m ll t,l 100

tra -,qI:/

order n, then 7 is said to be an inverse of A modulo m . If A is an inverse of A and B : 7 (moO rn ), then ^B is also an inverse of A. This follows from Proposition3.6, sinceBA = AA = I (mod m). sf A,then Br= 82(modm). To C o n v e r s e l yi f, 8 1 a n d 8 2 a r e b o t h i n v e r s e o seethis, using Proposition3.6 and the congruenceB1A = BzA = I (modm), ( m o dm ) , w e c o n c l u d e B 2 A B r ( m o d l c l ) . S i n c eA B t : 1 w e h a v eB A B I : that Bt Z Bz (mod ln). Example. Since

(m.d = :;l [t:): [t,[] [; ?] 5, and

1,r4l Ir 3.l: f" xl : |,rol (mod5), |.12) l.24) w e s e et h a t t h e 1natrix - ^ + r i v[ '

ol

15il,l

l0rJ

[r l]

,is . an ^ inverse of o)modulo5. l, r,J l,

The followingpropositiongivesan easymethodfor finding inversesfor 2x2 matrices. be a matrix of integers, such that Proposition3.7. Let A t:') A : det A : ad-bc ts relativelyprime to the positiveintegerm . Then, the

122

C ongruences

mat r ix

r : o=fl -o-ul . o)'

wher ea is t he in v e rs eo f A m o d u l o m,i s a n i n verseof I

modul o m.

Proof. To verify that tbg matrix 7 ir an inverse of A modulo ra, we need only verify that AA = AA =I (mod z). To see this, note that

f" u ) - l a - oll: n -l f a d - b c o l | ,l4l - b c + a.dl )

AA:

Va)-l-c

oJ--l

0

-faol faao I frol = ^|-ooj=l z) o ooj=lo',l: 1 (mod and

-f a -n) (" ol

A A = -L -I f - .

| |

a)lrd)

-t:

- fad-bc o I I

aA l 0I

-bc+ad)

: A [aol: faaol = l,rol : I (mod m)' fooJ I o lo,l [o',l where f ir un inverseof A (mod m), which existsbecause(a,.d :

Example.Let A : have

ir +l

Since2 is an inversedetA:7 lr r,J.

l. tr

modulo13, we

_+l: = |'rosl(moar). tr_2 1.s |,ro_sl l-23)

l-46)

l.e6J

To provide a formula for an inverse of an nxn matrix where n is a positive integer, we need a result from linear algebra. This result may be found in Anton [60; page 791. It involvesthe notion of the adjoint of a matrix, which is defined as follows. Definition. The adjoint of an nxn malrix A is the n\n matrix with (i,;)th entry Cyi, where Cii is (-l)t+i times the determinant of the matrix obtained by deleting the ith row and 7th column from A. Thg adjoint of I is denoted

123

3 .4 S y s t em s of Lin e a r C o n g ru e n c e s

by adj(l). matrix with is an nxn A Theorem 3.9. If A GdjA) : (det A) I , where adj A is the adjoint of A.

det A*

0,

then

Using this theorem,the following propositionfollows readily. Proposition 3.8. If A is an n\n matrix with integer entries and rn is a p o si tiv eint eger s uc h th a t (d e t ' q ,U ) :1 , th e n th e matri x A : A (adj A ) i s an inverseof I modulo m, where A is an inverseof A : det A modulo m. Proof. If (det A,m) : Theorem 3.9. we have

l, then we know that det A * 0.

Hence, from

AadjA:(detnl:A1. Since (det Z,nl) : l, there is an inverseA of A : det I A (A adj A) = A ' {.zLdj nE

-

afl

modulo z.

Hence,

= I (mod m),

and

- [ (uojA ' A) - aar : 1 (modrn).

e tuolilA This showsthat 7 :^

Example. Let A :

' (adj l)

is an inverseof I

fzsol 2 | . . T h e n d e tA : 120

modulo ru. tr

- 5 . S i n c e( d e t A , 7 ) : 1 ,

and an

u 23J

inverseof det A : -5 is 4 (mod 7), we find that

I:4(.:,djA):4

-2-3 sl -s o tol: 4

We can use an inverseof I

r-r0J

l-a-tz2ol fezel o o l o l-ro ltosl(modi), t

0 4-40)

1242)

modulo m to solvethe system AX :

B (m o d m),

where (det A,m) : l. By Proposition3.6, when we multiply both sidesof this congruenceby an inverseA of A, we obtain

124

Congruences

A Ux): LB (modm) (,q,4x - 4B (modm) X :

A B (modn).

Hence, we find the solutionX by forming A B (mod m ). Note that this method providesanother proof of Theorem 3.8. To seethis,

ret AX: B, whereA :

x :

l:'),

and B -

t;]

A : det A : ad - bc is relativelyprime to ln, then

[;]

If

- nrl a -t)| |f,l| - ^ ,-, _fa, f"l - 1 ' - 1 ' " -B- l--A-f ),1(m odm). . i_, l . .l : X = A lyj

")lf)-ulo,

..r

This demonstratesthat (x,y) is a solutionif and only if x = A,(de-bfl

(mod z),

y = I bf -ce) (mod lz).

Next, we give an example of the solution of a system of three congruences in three unknownsusing matrices. Example. We consider the system of three congruences 2 x 1 * 5 x 2t 6 x t : 2x1 * xt j xr * 2x2* 3x::

3 ( m o d7 ) 4 (mod 7) I ( m o d7 ) .

This is equivalentto the matrix congruence

,l lzosol I [",] f

- lalr.noo rl. '^'^"12z I l"'l = r,l lr

l",j I'J

we have previouslyshownthat the matrix ll 3 :

|.242

lzsel z) Hence' wehave tmoo : lJ l?

is an inverse of

125

3.4 Systems of Linear Congruences

[*,1 fozellrl [r'l lrosll.l : ltl: l",l l-l:l^.^lll:l-.1: l',J

lz+zjL'J lro)

lol I'l(mod7) lrj

Before leaving this subject,we should mention that many methodsused for solving systems of linear equations may be adapted to solve systems of congruences. For instance, Gaussian elimination may be adapted to solve systemsof congruenceswhere division is always replacedby multiplication by inversesmodulo ru. Also, there is a method for solvingsystemsof congruences analagousto Cramer's rule. We leave the developmentof these methods as problemsfor thosereadersfamiliar with linear algebra.

3.4 Problems l.

Find the solutionsof the followingsystemsof linearcongruences. a)

x*2y 2x* y

I (mod 5) I (mod 5)

b)

x*3y 3xt4y

I (mod 5) 2 (mod 5)

d4x +y 2x + 3 v Z.

3.

(mod 5) (mod 5).

Find the solutionsof the following systemsof linear congruences. (mod 7) (mod 7)

a)

2x*3y x*5y

b)

(mod7) 4x* y=5 x*2y=4(mod7).

What are the possibilitiesfor the number of incongruent solutions of the system of linear congruences ax*by:c(modp) dx * ey : f (mod fl, where p is a prime and a,b,c d,e, and f are positiveintegers?

4.

Find the matrix C such that

126

C ongruences

fz'l f+ol( m o d 5 )

Q-

lor,l llJ

and all entries of C are nonnegativeintegers less than 5.

5 . Use mathematical induction to prove that if A and B are nxn matrices with integer entries such that A = B(mod m ), then Ak : positiveintegersk.

Bk(modm)

for all

6 . A matrix A * I is called involutory modulo m if 42 = 1 (mod z).

1 4n l

a)

Show that

b)

Show that if A detA:tl(modrn).

| | 22)

is involutory modulo 26. is

a

2x2

involutory

matrix

modulo

m,

then

7 . Find an inverse modulo 5 of each of the.following matrices

il

f or l

lr ol

i',i

b) |.,oJ z) c ) l z, J lt 8 . Find an inverse modulo 7 of each of the following matrices

a)

frrol 0t lt

I

[0 1 lJ

fr z:l

b) lr2sl u 46J r) lr r r 0l ^) v'

ll l0ll | | ll0rll'

l 0r r r , J

9.

Use the results of problem 8 to find all solutionsof each of the following systems a)

x+y : I (mod 7) x*zz2(mod7) Y*z=3(mod7)

3.4 Systemsof LinearCongruences

b)

x*2y*32 : I (mod 7) x*3y*52=l(mod7) x*4yl6z=l(mod7)

c)

x*y *z x*y *w xtz iw Y*z *w

127

(mod 7) (mod 7) (mod 7) (mod 7).

= : : =

1 0 . How many incongruent solutions does each of the following systems of congruenceshave

2x*4y*32:

I (mod 5) I (mod 5)

b) 2x*3y* z x*2y*32 2x* z

3 (mod 5) I (mod 5) I (mod 5)

a)

x*

y*

z

i

c) 3x* y*32 = I (mod5) :2(mod5) x*2yt4z (mod5) 4x *3y *22:3 il2x*y*z x *2y * z x * y *22

(mod 5) (mod 5) (mod 5).

Develop an analogueof Cramer's rule for solving systemsof n linear congruences in n unknowns.

t2.

Develop an analogue of Gaussian elimination to solve systems of n linear congruencesin z unknowns (where m and n may be different).

1 3 . A magic square is a square array of integers with the property that the sum of the integers in a row or in a column is always the same. In this problem, we present a method for producing magic squares. a)

Show that the n2 integers 0,1,...,n2-l are put into the n2 positionsof an n x/, square, without putting two integers in the same position, if the integer k is placed in the i th row and 7th column, where i=a*ck*e{klnl j=b+dk+flk/nl

I < t ( n, 1 ( / ( n, k f - de, n) : l . b)

and

(modn), (modn),

a,b,c d,e, and f

Show that a magic square ( c , n ) : ( d , n ) : ( e, n ) : ( 7 , n ) : l .

produced

are

integers part

(a)

with

128

Congruences

c)

The positive and negative diagonals of an nxn square consist of the integers positions (t1), in where i + j = k (mod n) and , herek isa giveninteger. Asquareis t - j = f t ( m o d n ) , r e s p e c t i v e l yw called diabolic if the sum of the integers in a positive or negative diagonal is always the same. Show that a diabolic square is produced using the procedure given in part (a) if Gtd,n) : (c-d,n) : G*f ,n) : G-f ,n) : l.

3.4 Computer Projects Write programs to do the following: l.

Find the solutions of a system of two linear congruencesin two unknowns using Theorem 3.8.

2.

Find inversesof 2x2 matrices using Proposition 3.7.

3.

Find inversesof nxn

4.

Solve systemsof n linear congruencesin n unknowns using inversesof matrices.

5.

Solve systems of n linear congruences in n unknowns using an analogue of Cramer's rule (seeproblem ll).

6.

Solve system of n linear congruences in m unknowns using an analogue of Gaussianelimination (seeproblem l2).

7.

Produce magic squaresby the method given in problem 13.

matncesusing Theorem 3.9.

Applicationsof Gongruences

4.1 Divisibility Tests Using congruences,we can develop divisibility tests for integers based on their expansionswith respectto different bases' We begin with tests which use decimal notation. In the following discussion * 4 1 1 0* o o , letn: (oooo-r...apo)rc. Thenfl:QklOft + arr-J0t-l+ with 0 ( o.r ( 9 for,t:0,1, 2,...,k. First, we develop tests for divisibility. by powers.. of 2. Since l0 = 0 (mod 2), Theorem 3.5 tells us that 10/ :0 (mod 2r) for all positive integers7. Hence, n = (a) 1s (mod 2), n = ( a r a o ) r o( m o d 2 2 ) , n 3 (a z a ra o )ro(mo d 2 3 ),

n:

( a i - f i i - 2 . . . a z a r a ot)o ( m o d 2 / )

These congruencestell us that to determine whether an integer n is divisible by 2, we only need to examine its last digit for divisibility by 2. Similarly, to determine whether n is divisible by 4, we only need to check the integer made up of the last two digits of n for divisibility by 4. In general, to test n for divisibility by 2i, we only need to check the integer made up of the last 7 digits of n for divisibility by 2i .

r29

130

A ppl i cati ons of C ongruences

E x a m p l e .L e t n : 3 2 6 8 8 0 4 8 . w e s e e t h a t 2 l n s i n c e z l g , a l , since 4 | 4 9 , 8 l , s i n c es | + a , 1 6 | n s i n c e t 6 | g 0 4 g ,b u t 3 2 / r s i n c e ' l zi g s o + g . To develop tests for divisibility by powers of 5, first note that since l 0 = 0 ( m od 5), w e h a v e l Y :0 (mo d 5 /). H ence, di vi si bi l i ty tests for powers of 5 are analogousto those for powers of 2. We only need to check the integer made up of the last 7 digits of n to determinewhether n is divisiblebv 5i. E x a m p l e . L e t n : 1 5 5 3 5 3 7 5 .S i n c e s I s , 5 | n , s i n c e z s lls,25 1 2 5 | 3 7 5 , 1 2 5 | n , b u t s i n c e 6 2 5| s l l s , 6 2 5 I n .

| n, since

Next, we develop tests for divisibility by 3 and by 9. Note that both the congruences l0 : I (mod 3) and l0 = I (mod 9) hold. Hence, 10e : I (mod 3) and (mod 9). This givesus the useful congruences ( a p a 1 r - 1 . . . a p s: ) e k l 0 & + a * _ t l 0 k - l + * alO * a6 : ek * ap4 *' . . + ar *as (mod 3 ) a n d ( m o d9 ) . Hence, we only need to check whether the sum of the digits of n is divisible by 3, or by 9, to seewhether n is divisibleby 3, or by 9. Example. Let

n : 412783s. Then, the sum of

the digits of

n

4 + | + 2 + 7 + 8 + 3 + 5 : 3 0 . S i n c Ie l r o b u t 9 l t } , 3 l n b u t gl n . A l0 :

rather simple test can be found for divisibility -l (mod I l), we have

( a 1 r a 1 r - 1 . . . a p s ) t 0a:k l O k + a 1 r - 1 1 0 k *- r : ak(-l)ft * a*-r(-t)t-t

+

by

IL

is

Since

* alO * as -at * as (modI l).

This shows that (apap-1....aps) rc is divisible by I l, if and only if o s - at * o2+ (-I)k a p , th e i n te g e r formed by al ternatel y addi ng and subtracting the digits, is divisible by I l. Example. We see that 723160823is divisible by 11, since alternately adding a n d s u b t r a c t i n gi t s d i g i t s y i e l d s i - z + g - 0 + 6 - l + 3 - z * 7 : 2 2 which is divisible ll. On the other hand, 33678924is not divisible bv 11. s i n c e4 - 2 + 9 - 8 + 7 - 6 + 3 - 3 : 4 i s n o t d i v i s i b l eb y l l . Next, we develop a test to simultaneouslytest for divisibility by the primes 7 , l l , a n d 1 3 . N o t e t h a t 7 ' l l ' 1 3 : l 0 0 l a n d 1 0 3 : 1 0 0 0: - l ( m o d l 0 0 l ) . Hence.

131

4 .1 D iv is ibilit y T es ts

* alO * c6 ( a 1 , a 1 r - r . . . a d r oa :k l O k + a * - J O f t - l + : ( a o * l 0 a r * 1 0 0 a ) + 1 0 0 0 ( a r* 1 } a a * 1 0 0 4 5 )* (tOOO)'(ou + l 0 a 7 t 1 0 0 a 6 )r = (100a2* 10cr+ a0)- (l00ar * l}aa* a) * (t00ar * l0a7+ a) (mod 1001). * (a s a 7a6)rc= ( a2 a ,a s ),. - (o 5 a a a 3 ),s This congruencetells us that an integer is congruent modulo l00l to the integer formed by successivelyadding and subtracting the three-digit integers with decimal expansionsformed from successiveblocks of three decimal digits of the original number, where digits are grouped starting with the rightmost since 7,11, and l3 are divisorsof 1001,to determine digit. As a consequence, whetheran integeris divisibleby 7,11, or 13,we only needto checkwhetherthis a l te rn at ings um and d i ffe re n c eo f b l o c k so f th re e d i gi ts i s di vi si bl eby 7,11, or 13. Example. Let n - 59358208. Since the alternating sum and difference of the -91, is integers formed from blocks of three digits, 208 358 + 59 : divisible by 7 and 13, but not by 11, we seethat r is divisibleby 7 and 13, but notbyIL -----*?.ll of theTvisibility tests we have developedthus far are based on decimal representations. We now develop divisibility tests using base b representations,where b is a positive integer. Divisibility Test 1. If d I b and 7 and k are positive integers with i < k, th e n ( a1. . . aps ) 6 is d i v i s i b l e b y d i i f a n d o n l y i f (a1-r...apo)ui s di vi si bl eby 4i. Proof. Since b = 0 (mod d), Theorem 3.5 tells us t h a t b j : 0 Hence, ( a p a 1 r - 1 . . . a p s ) 6a: r r b k* " ' + a l b l + a i - f t i - l =aj-ftj-r+"'+a1b*as : (a i -t...a P s )6 (m o d d /).

( m o dd / ) .

+ "'+aft*as

i f a n d o n l y i f d I G1-t...aps)6. Co n se quent lyd, I Q 1 ,a 1 r-1 ...a p s )6 Di vi sibilit yT es t 2. lf d | (b -t), th e n n : (a p ...a ps)6 i s di vi si bl eby d i f and o n l y i f a p t ' ' ' + a r t a s i s d i v i s i b l eb y d . we have b = I (mod d), so that by Theorem 3.5 we Proof. Since d | $-l), ( m o d d ) fo r a l l p o s i ti v ei n te g e rsb. H ence, (ap...afl o)r: I kn o w t hat bj

132

Oppl i cati ons of C ongruences .

a l r b kI t aft I aoz at * * a 1 t a 6 ( m o d d ) . T h i s s h o w st h a t dlnifandonlyifdl(a*+ * a1t as). tr Divisibility Test.3. lf d | (b + l), then n : (ap...aps)6 is divisible by d if -a r * a 6 i s d i v i s i bl eby d. a nd only if ( - I ) k a p * -l (mod d). H ence, bi = (-l )/ Pr oof . S inc e d I ft + 1 ), w e h a v e g : (mod d) , and c o n s e q u e n tl yn, : (a 1 , ...a p s ) b : (-t)k a1, + - o1 -a1 * ao ( m od d) . H e n c e , d I n i f a n d o n l y i f d | ((-l )o oo + * as). n

Example.Let n: (7F28A6)16(in hex notation).Then, sincezl te, from DivisibilityTest l, we know that 2 | n, sincezl e. Likewise,since4 | 16,we s e e t h a t a l n , s i n c e4 t r 6 . B y D i v i s i b i l i t T y e s t Z , s i n c e3 l ( f 6 - l ) , 5 l ( t 6 - 1 ) , a n d 1 5l ( 1 6 - t ) , a n d 7 + F + 2 + 8 +A *6:(30),u, we knowthat 3 | n, sinceI | (:O)16, while 5 tr, and I 5 I n, since5 / (30)roand ts / (30)ro. Furthermore,by Divisibility Test 3, since 17 | (16 + l) and ( , q ) r u( m o dl 7 ) , w e c o n c l u dt h n =6- A +8 -2* F -7: e a tl 7 t r r , since17 I (D rc. Example.Let n : (1001001 I ll)2. Then, using Divisibility Test 3, we see t h a t 3 l r , s i n c en = | - 1 + 1 - I + 0 - 0 + 1 0+0-l:0(mod3) a n d3 l ( z + t ) .

4.1 Problems l.

Determinethe highestpowerof 2 dividingeachof the followingpositiveintegers a) b)

2.

c) d)

89375744 4t578912246.

Determine the highest power of 5 dividing each of the following positive integers a)

b) 3.

201984 1423408

112250 4860625

c) d)

235555790 48126953125.

Which of the following integers are divisible by 3? Of those that are, which are divisible by 9? a)

b)

18381 65412351

c) d)

987654321 78918239735

133

4 .1 D iv is ibilit y T ests

4.

Which of the following integers are divisible by I I a) b)

5.

6.

7.

10763732 108632001s

c) d)

674310976375 89243t00645372

A repunit is an integer with decimal expansioncontainingall l's. a)

Determine which repunits are divisible by 3; and which are divisible by 9.

b)

Determine which repunits are divisible by I l.

c)

Determine which repunits are divisible by 1001. Which are divisible by 7? by 13?

d)

Determine which repunits with fewer than l0 digits are prime.

A base b repunit is an integer with base b expansioncontaining all 1's. il

Determine which base D repunits are divisible by factors of 6 - l.

b)

Determine which base b repunits are divisible by factors of b * l.

A base b palindromic integer is an integer whose base 6 representation reads the same forward and backward. il

Show that every decimal palindromic integer with an even number of digits is divisibleby I l.

b)

Show that every base 7 palindromic integer with an even number of digits is divisibleby 8.

8.

Develop a test for divisibility by 37, based on the fact that 103 = I (mod 37). Use this to check 443692 and I 1092785for divisibility by 37.

9.

Devise a divisibility test for integers representedin base b notation for divisibility by n where n in a divisor of b2 + l. (Hint: Split the digits of the base b representationof the integer into blocks of two, starting on the right).

10. Use the test you developedin problem 9 to decide whether

ll.

il

( t o t t 1 0 1 l o ) 2 i s d i v i s i b l eb y 5 .

b)

(12100122)3rs divisibleby 2, and whether it is divisibleby 5.

c)

(36470124$8 is divisible by 5, and whether it is divisible by 13.

d)

(SS:ZO+t320219)rois divisibleby 101.

An old receipt has faded. It reads 88 chickens at a total of $x4.2y where x and y ^re unreadable digits. How much did each chicken cost?

12. Use a congruence modulo 9 to find the missing digit, indicated by a question mark: 89878'58965: 5299?56270. 13. We can check a multiplication c : ab by determining whether the congruence c 2 ab (mod rn ) is valid. where m is anv modulus. If we find that

134

A ppl i cati ons of C ongruences

c # ab (mod z), then we know an error has been made. When we take m :9 and use the fact that an integer in decimal notation is congruent modulo 9 to the sum of its digits, this check is called casting out nines. Check each of the following multiplications by casting out nines il

875961-2753: 2410520633

b)

t4789.23567 : 348532367

c)

24789'43717:

d)

Are your checks foolproof?

1092700713.

14. What combinations of digits of a decimal expansionof an integer are congruent to this integer modulo 99? Use your answer to devise a check for multiplication based on casting out ninety nines. Then use the test to check the multiplicationsin problem 13. 4.1 Computer Projects Write programs to do the following: 1.

Determine the highest powers of 2 and of 5 that divide an integer.

2.

Test an integer for divisibility by 3,7,9, ll, and 13. (Use congruencesmodulo l00l for divisibility by 7 and 13.)

3.

Determine the highest power of each factor of b that divides an integer from the base b expansionof the integer.

4.

Test an integer from its base b expansion,for divisibility by factors of b - I and of b + L

4.2 The PerpetualCalendar In this section,we derive a formula that gives us the day of the week of any day of any year. Since the days of the week form a cycle of length seven,we use a congruencemodulo 7. We denote each day of the week by a number in t h e s e t 0 , I , 2 , , 3 , 4 , 5 , 6 , s e t t i n gS u n d a y : 0 , M o n d a y : l , T u e s d a y: 2 , Wednesda! : 3, Thursday : 4, Fridey :5, and Saturday : $. Julius Caesarchangedthe Egyptian calendar,which was basedon a year of exactly 365 days, to a new calendar with a year of averagelength 365 V4days, with leap years every fourth year, to better reflect the true length of the year. However, more recent calculations have shown that the true length of the year is approximately 365.2422days. As the centuries passed,the discrepanciesof 0.0078 days per year added up, so that by the year 1582 approximately l0 extra days had been added unnecessarilyas leap years. To remedy this, in

4 .2 T he P er pet ua l C a l e n d a r

13s

1582 Pope Gregory set up a new calendar. First, l0 days were added to the d a te, s o t hat O c t ob e r 5 , 1 5 8 2 ,b e c a meOc to b e r 1 5, 1582 (and the 6th through the l4th of October were skipped). It was decided that leap years would be preciselythe years divisible by 4, except those exactly divisible by 100, i.e., the years that mark centuries,would be leap years only when divisible by 400. As an example,the years 1700, 1800, 1900, and 2100 are not leap years but 1600 and 2000 are. With this arrangement, the average length of a calendar year is 365.2425days, rather close to the true year of 365.2422 days. An error of 0.0003 days per year remains, which is 3 days per 10000 years. In the future, this discrepancy will have to be accounted for, and various possibilitieshave been suggestedto correct for this error. In dealing with calendar dates for various parts of the world, we must also take into account the fact that the Gregorian calendar was not adopted everywherein 1582. In Britain, the Gregorian calendar was adopted only in 1752,and by then, it was necessaryto add I I days. Japan changedover 1873, the Soviet Union and nearby countries in 1917. while Greece held out until 1923. We now set up our procedure for finding the duy of the week in the Gregorian calendar for a given date. We first nrust make some adjustments, becausethe extra day in a leap year colmesat the end of February. We take care of this by renumbering the months, starting each year in March, and consideringthe months of January and February part of the precedingyear. For instance,February 1984, is consideredthe 12th month of 1983, and May 1984, is consideredthe 3rd month of 1984. With this convention,for the day of interest, let k : day of the month, z : month, and N : year, with N : 100C + IZ, where C : century and Y : particular year of the century. F o r e x a m p l e J, u n e 1 2 , 1 9 5 4 ,h a s k : 1 2 , f r 7 : 4 , N : 1 9 5 4 , C : 1 9 , and Y :54. We use March 1, of each year as our basis. Letdy representthe day of the week of March 1, in year I{. We start with the year 1600 and compute the day of the week March l, falls on in any given year. Note that between March I of year l/ - I and March I of year ly', if year N is not a leap year, 365 days have passed,and since 365 : I (mod 7), we seethat du : dN_, * I (mod 7), while if year l/ is a leap year, since there is an extra day between the consecutivefirsts of March, we see that dy = dx_r + 2 (mod 7). Hence, to find dys from drooo,we must find out how many leap years have occurred between the year 1600 and the year N (not including 1600, but including N). To compute this, we first note that there are [(nrr - 160c)/41 years divisible by 4 between 1600 and N, there are [Or-t600)/1001 years divisible by 100 between 1600 and N, and there are ICnr - 1600)/4001years divisible by 400 between 1600 and N. Hence, the number of leap years

136

Applicationsof Congruences

between1600 and N is

+ tcnr- 1600)/4001 t0,r - rc00D/41-tor - 1600)/1001 : lN /41- 400- lX /t001+ t6 + Ir{/4001- 4 : lN /41- lw /tool + It//4ool - 388. (We have used Proposition1.5 to simplify this expression). Now putting this in terms of C and Y , we see that the number of leap years between 1600 and l/ is

lzsc+ v/Dl - tc + v/r0o)l+ 1,rc/0+ v/400)l- ras : 2 5 C + I Y / 4 1- C + t C/ 4 1 - 3 8 8 = 3 C + l C / 4 1+ l Y / 4 1 - 3 ( m o d7 ) .

Here we haveagainusedProposition1.5,the inequalityY/100 ( 1, and the equation |,rc /4 + V /4001 : lc /+l (which follows from problem 20 of Section1.2,sinceY/400 < llq. We can now compute d1y from drcooby shifting drcooby one day for every year that has passed,plus an extra day for each leap year between 1600 and N. This gives the following formula: dx=drcoo+100c+Y-1600+

3 C + I C / 4 1+ l Y l 4 l -

3 ( m o d7 ) .

Simplifying, we have

- 2c + y + tc/41 + ly/41 (mod7). dx : drcoo Now that we have a formula relating the day of the week for March l, of any year, with the day of the week of March 1, 1600, we can use the fact that March |, 1982, is a Monday to find the day of the week of March I , 1600. F o r 1 9 8 2 ,s i n c e . l y ' : 1 9 8 2 , w eh a v eC : 1 9 , a n d Y : 8 2 , a n d s i n c ed p t z : l , it follows that | = drcoo- 38 + 82 + [19/41 + ts2/41 :- drcoo- 2 (mod 7). H enc e, dr c oo: 3, s o th a t M a rc h 1 , 1 6 0 0 ,w a s a W ednesday. W hen w e i nsert the value of d16ss,the formula for d1,,becomes du :

3 - 2 C + Y + l C /4 1 + IY l 4l (mod 7).

We now use this formula to compute the day of the week of the first day of each month of year l{. To do this, we have to use the number of days of the week that the first of the month of a particular month is shifted from the first of the month of the preceding month. The months with 30 days shift the first of the following month up 2 days, because30 : 2 (mod 7), and thosewith 31

137

4 .2 Th e P er pet ual C a l e n d a r

: days shift the first of the following month up 3 days, because31 Therefore, we must add the following amounts:

from March l, to APril l: from April l, to May I : from May l, to June l: from June l, to July I : from July 1, to August 1: from August 1, to Septemberl: from September 1, to October I : from October l, to November l: from November 1, to December 1: from December l, to January l: from January 1, to February 1:

3 (mod 7) '

3 daYs 2 daYs 3 daYs 2 daYs 3 daYs 3 daYs 2 daYs 3 days 2 days 3 daYs 3 daYs.

We need a formula that gives us the same increments. Notice that we have 1l incrementstotaling 29 days, so that each increment averages2.6 days. By inspection, we find that the function lZ.6m - 0.21- 2 has exactly the same increments as rn goes from I to I l, and is zero when m : l. Hence, the day of the week of the first day of month m of year N is given by by the least positiveresidueof dy + [2.6m - 0.21 - 2 modulo 7. To find W, the day of the week of day k of month m of year.ly', we simply add k-l to the formula we have devised for the day of the week of the first day of the same month. We obtain the formula:

- o.2l- 2C + Y + IYl4l + lcl4l (mod7). w - k + 12.6m We can use this formula to find the day of the week of any date of any year in the Gregorian calendar. Example. To find the duy of the week of January 1, 1900, we have c : 1 8 , I r : 9 9 , m : l l , a n d k : | ( s i n c e w e c o n s i d e rJ a n u a r y a s t h e have Hence, we preceding year). the of eleventh month I + 28 - 36 + 99 + 4 + 24 :- I (mod 7), so that the first day of the w twentieth century was a Monday.

4.2 Problems l.

Find the day of the week of the day you were born, and of your birthday this Year.

138

2.

Applicationsof Congruences

Find the day of the week of the following important dates in U. S. history (use the Julian calendar before 1752, and the Gregorian calendar from I 7 52 to the present) October 12, 1492 May 6, 1692 June 15, 1752 July 4, 1776 March 30, 1867 March 17, 1888 d February 15, 1898 h) July 2, 1925 i) July 16, 1945 j) July 20, 1969 k) August 9,1974 l) March 28, 1979 il b) c) d e) f)

(Columbus sights land in the Caribbean) (peter Minuit buys Manhattan from the natives) (Benjamin Franklin inventsthe lightening rod) (U. S. Declaration of Independence) (U. S. buys Alaska from Russia) (Great blizzard,in the Eastern u. s.) (U. S. BattleshipMaine blown up in Havana Harbor) (Scopesconvicted of teaching evolution) (First atomic bomb exploded) (First man on the moon) (Nixon resigns) (Three Mile Island nuclear mishap).

3'

To correct the small discrepancy between the number of days in a year of the Gregorian calendar and an actual year, it has been suggestedthat the years exactly divisible by 4000 should not be leap years. Adjust the formula for the day of the week of a given date to take this correction into account.

4.

Which of your birthdays, until your one hundredth, fall on the same dav of the week as the day you were born?

5.

Show that days with the same calendar date in two different years of the same century, 28, 56, or 84 years apart, fall on the identical day of the week.

6.

A new calendar called the International Fixed Calendar has been proposed. In this calendar, there are 13 months, including all our present months, plus a new month, called So/, which is placed between June and July. Each month has 28 days, except for the June of leap years which has an extra day (leap years are determined the same way as in the Gregorian calendar). There is an extra day, Year End Day, which is not in any month, which we may consider as December 29. Devise a perpetual calendar for the International Fixed Calendar to give day of the week for any calendar date.

4.2 Computer Projects Write programs to do the following: l.

To give the day of the week of any date.

2.

To print out a calendar of any year.

3.

To print out a calendar for the International Fixed Calendar (See problem 6).

4.3 Round-RobinTournaments

139

4.3 Round-RobinTournaments Congruences can be used to schedule round-robin tournaments. In this section, we show how to schedulea tournament for I/ different teams, so that each team plays every other team exactly once. The method we describe was developedby Freund t65]. First note that if N is odd. not all teams can be scheduled in each round, since when teams are paired, the total number of teams playing is even. So, if N is odd, we add a dummy team, and if a team is paired with the dummy team during a particular round, it draws a bye in that round and does not play. Hence, we can assume that we always have an even number of teams, with the addition of a dummy team if necessary. No w label t he N t e a ms w i th th e i n te g e rs1 ,2 ,3 ,...,If-1, N . W e construct a schedule,pairing teams in the following way. We have team i, with i * N, play team j, with j I N and j # i, in the kth round if This schedulesgames for all teams in round k, i + j: k (mod /V-l). There except for team N and the one team i for which 2i : k (mod li-l). is one such team because Theorem 3.7 tells us that the congruence 2x :- k (mod /V-l) has exactly one solution with I ( x < .A/-1, since (2, N-l) : 1. We match this team i with team ^A{in the kth round. We must now show that each team plays every other team exactly once. We consider the first tr/-l teams. Note that team i, where I < t <,Af-l, plays team l/ in round k where 2i : k (mod lf-l), and this happensexactly once. In the other rounds, team i does not play the same team twice, for if team i played team 7 in both rounds k and k', then i + j = k (mod l/-l), and i + j = k' (mod N-l) which is an obvious contradiction because k # k'(mod N-l). Hence, since each of the first lf-l teams plays .Af-l games, and does not play any team more than once, it plays every team games, and since every other team exactly once. Also, team I{ plays N-l plays team N exactly once, team N plays every other team exactly once. Example. To schedule a round-robin tournament with 5 teams, labeled I,2 ,3 ,4 , and 5, we i n c l u d e a d u m m y te a m l a b e l ed6. In round one, team I p l a y st e a m T w h e r e| + j = l ( m o d 5 ) . T h i s i s t h e t e a m j : 5 sothat teamI plays team 5. Team 2 is scheduled in round one with team 4, since the s o l u t i o no f 2 + j = l ( m o d 5 ) i s 7 : 4 . S i n c ei : 3 i s t h e s o l u t i o no f t h e congruence2i = 1 (mod 5), team 3 is paired with the dummy team 6, and hence,draws a bye in the first round. If we continue this procedureand finish schedulingthe other rounds,we end up with the pairings shown in Figure 4.1, where the opponent of team i in round k is given in the kth row and i th column.

140

Applicationsof Congruences

Team

I

2

3

4

5

I

5

4

bye

2

I

2

bye

5

4

3

2

3

2

I

5

bye

3

4

3

bye

I

5

4

5

4

3

2

I

bye

Round

Figure 4.1. Round-Robin Schedule for Five Teams.

4.3 Problems 1. Set up a round-robin tournament schedulefor a) b)

7 teams 8 teams

c) d)

9 reams 10 teams.

2.

In round-robin tournament scheduling, we wish to assign a home team and an away team for each game so that each of n teams, where n is odd, plays an equal number of home games and away games. Show that if when i + j is odd, we assign the smaller of i and 7 as the home team, while if i + 7 is even, we assign the larger of f and 7 as the home team, then each team plays an equal number of home and away games.

3.

In a round-robin tournament scheduling, use problem 2 to determine the home team for each game when there are a)

5 teams

b)

7 teams

4.3 Computer Projects Write programs to do the following: l.

Schedule round-robin tournaments.

c)

9 teams.

4.4 Computer File Storage and Hashing Functions

2.

t4l

Using problem 2, scheduleround-robin tournaments for an odd number of teams, specifying the home team for each game.

4.4 ComputerFile Storage And Hashing Functions A university wishes to store a file for each of its students in its computer. The identifying number or key for each file is the social security number of the student enrolled. The social security number is a nine-digit integer, so it is extremely unfeasible to reserve a memory location for each possible social security number. Instead, a systematic way to arrange the files in memory, using a reasonableamount of memory locations, should be used so that each file can be easily accessed. Systematic methods of arranging files have been developedbased on hashtng functions . A hashing function assignsto the key of each file a particular memory location. Various types of hashing functions have been suggested, but the type most commonly used involves modular arithmetic. We discuss this type of hashing function here. For a general discussionof hashingfunctionsseeKnuth [52] or Kronsjii t581. Let k be the key of the file to be stored; in our example, k is the social security number of a student. Let m be a positive integer. We define the hashingfunction h (k) by h(k) =k

(mod,m),

where 0 < ft(k) < m,so that h(k) is the least positiveresidueof k modulo m. We wish to pick n intelligently, so that the files are distributed in a reasonableway throughout the z different memory locations0, 1,2,..., m-|. The first thing to keep in mind is that z should not be a power of the base b which is used to representthe keys. For instance,when using social security numbers as keys, ra should not be a power of 10, such as 103, becausethe value of the hashing function would simply be the last several digits of the k"y; this may not distribute the keys uniformly throughout the memory locations. For instance, the last three digits of early issued social security numbers may often be between 000 and 099, but seldom between 900 and ggg. Likewise, it is unwise to use a number dividing 6t * a where k and a are small integers for the modulus rn. In such a case, h (k) would depend too strongly on the particular digits of the key, and different keys with similar, but rearranged, digits may be sent to the same memory location, For instance, if m : l l l , t h e n , s i n c el l l | ( t O 3- l ) : 9 9 9 , w e h a v e 1 0 3= 1 ( m o d 1 1 1 ) , s o that the social security numbers 064212 848 and 064 848 212 are sent to the same memory location, since

142

Applicationsof Congruences

h@64 2r2 S4$ = 064 2r2 848= 064 + 2r2+ 848 = ll24 :

14 (mod111),

and

= 0 6 48 4 82 r 2 : 0 6 4 + 8 4 8+ 2 r 2 = r r 2 4 : 1 4( m o dl l l ) . h(0648482rD To avoid such difficulties, z should be a prime approximating the number of available memory locations devoted to file storage. For instance, if there are 5000 memory locations available for storage of 2000 student files we could pick m to be equal to the prime 49G9. We have avoided mentioning the problem that arises when the hashing function assignsthe same memory location to two different files. When this occurs, we say the there is a collision. We need a method to resolvecollisions, so that files are assignedto different memory locations. There are two kinds of collision resolution policies. In the first kind, when a collision occurs. extra memory locations are linked together to the first memory location. When one wishes to accessa file where this collision resolution policy has been used, it is necessaryto first evaluate the hashing function for the particular key involved. Then the list linked to this memory location is searched. The secondkind of collision resolution policy is to look for an open memory location when an occupied location is assignedto a file. Various suggestions, such as the following technique have been made for accomplishingthis. Starting with our original hashing function ho(k): h(k), we define a sequenceof memory locationsft1(ft),h2(k),... . We first attempt to place the file with key ft at location hs(k). If this location is occupied, we move to l o c at ionht ( k ) . If th i s i s o c c u p i e d w , e m o v e to l ocati onh2& ), etc. We can choose the sequence of functions hj(k) simplestway is to let

in various ways. The

h j ( k ) = h ( k ) * 7 ( m o d m ) , 0 ( f t ;( k ) < m . This placesthe file with key ft as near as possiblepast location h &). Note that with this choice of h1(k), all memory locationsare checked,so if there is an open location, it will be found. Unfortunately, this simple choice of h1(k) leads to difficulties; files tend to cluster. We see that if kt * k2 and hi(k): h1(k) for nonnegative i n t e g e r si a n d 7 , t h e n h ; q , ( k ) : hi+1,(k2) for k : 1,2,3,...,so that exactly the same sequenceof locationsare traced out once there is a collision. This lowers the efficiencyof the search for files in the table. We would like to avoid this problem of clustering, so we choose the function h1(k) in a different way.

143

4.4 ComputerFile Storageand HashingFunctions

To avoid clustering, we use a technique called double hashtng. We choose, as before, h(k) =k

(modm),

with 0 < ft (/c) < m, where m is prime, as the hashing function. We take a secondhashing function

g(k): where 0 < g(k) < m - l, probing sequence

k + I ( m o dm - 2 ) , so that G(k), m) : l.

hj(k) -

We

take

as a

h ( k ) + i s ( k ) ( m o dz ) ,

w h e re 0 ( f t ; ( k ) < m. Si n c e Q (k ), tn ) : l , a s 7 runs through the i ntegers 0 , 1 ,2, . . . , m - 1, al l me mo ry l o c a ti o n sa re tra c ed out. The i deal si tuati on would be for m-2 to also be prime, so that the valuesg(ft) are distributed in a reasonableway. Hence, we would like m-2 and m to be twin primes. Example. In our example using social security numbers, both m : 4969, and m-2 : 4967 are prime. Our probing sequenceis h j (k ) -

h (k ) + i s (k ) (mo d 4e6e),

where0< hj (k)<4969, (mod 4967).

h(k)=k

( m o d 4 9 6 9 ) ,a n d s ( k ) = k + l

Supposewe wish to assign memory locations to files for students with social securitv numbers:

k t : 3 4 44 0 16 5 9 k z : 3 2 5 5 1 07 7 8 kt:2t2 228844 kq: 329938 t57 k s : 0 4 7 9 0 0l 5 l

k6 : k7 : ks : ks : krc:

3 J 25 0 0 1 9 1 0 3 43 6 79 8 0 546332 t90 509 496993 1 3 24 8 99 7 3 .

Sincekt = 269,kz = 1526,and k3 : 2854(mod 496r, we assignthe first three files to locations 269, 1526, and 2854, respectively. Since kq = 1526(mod 4969),but location1526is taken,we computeh1 (k) = h(k) + : I + kq = since S(k) : 1526+ 216: 1742(mod 4969, S(k) 216 (mod496D. Sincelocation1742is free,we assignthe fourth file to this location. The fifth, six, seventh,and eighthfilesgo into the availablelocations 3960,4075,2376, and 578, respectively,becauseks = 3960,ko = 4075, k.t = 2376,and frs - 578 (mod 4969). We find that ks = 578 (mod 496il:

144

Applicationsof Congruences

b e c a u s el o c a t i o n5 7 8 i s o c c u p i e dw , e c o m p u t eh 1 ( k q ) + s & ) : 5 7 g + 2002 : 2580 (mod 4969), where S(k) : I * ks = 2002 (mod 4g6D. Hence, we assign the ninth file to the free location 2580. Finally, we find that kro E 1 5 26 ( m od 4967 ),b u t l o c a ti o n1 5 2 6 i s ta k e n . w e computehr (krd = h(Lrc) + g ( k , o ) : 1 5 2 6+ 2 1 6 : 1 7 4 2 ( m o d 4 9 6 r , b e c a u s e 216 S : ( / c r o :)' k r c : (mod 4967), but location 1742 is taken. Hence, we continue by finding h2(krc)_ h(krc) + 2g(kd: l 9 5 g ( m o d 4 9 6 q i )a n d i n t h i s a v a i l a b l e location,we place the tenth file. Table 4.1 lists the assignmentsfor the files of students by their social security numbers. [n the table, the file locationsare shown in boldface.

Social Security Number

344 40r 659 325 510778 2r2 228 844 329 938 ts7 0 4 79 0 0 l 5 l 3 7 25 0 0l 9 l 0 3 4 3 6 79 8 0 546 332 r90 509 496 993 t32 489973

h1(k)

269 r526 2854 1526 3960 4075 2376 s78 578 r526

h2(k)

1742

2580 t 74 2

1958

Table 4.1. Hashing Function for Student Files.

We wish to find conditions where double hashing leads to clustering. Hence, we find conditionswhen (4.1)

hi(k) : h1(k2)

a nd (4. 2)

hi+t(k1): hi+r(k),

so that the two consecutiveterms of two probe sequencesagree. If both (+.t) and @.D occur, then h(k)

+ ig(k1) = h(k)

+ j g ( k 2 ) ( m o dz )

145

4.4 C om put er F ile Sto ra g e a n d H a s h i n g F u n c ti o ns

and = h&)

h(k)+(t+l)g(kr)

+ (j + r)g(k)

( m o dz ) .

Subtracting the first of thesetwo congruencesfrom the second,we obtain

g ( k ) : g (k 2 ) (m o d rn), so that kr = kz (modm-2)' Since S(k)

: g(k),

we can substitutethis into the first congruenceto obtain h(k)

:

h ( k z ) ( m o d r n) ,

which showsthat k r = k 2 ( m o dm ) . Consequently,since (m-2, m) : 1, Theorem 3.6 tells us that k t = k 2 ( m o dm ( m - D ) . Therefore, the only way that two probing sequencescan agree for two consecutiveterms is if the two keys involved,k1 and k2,lre congruentmodulo Hence, clustering is extremely rare. Indeed, rf m(m-z) > k for m(m-Z). all keys k, clusteringwill never occur.

4.4 Problems l.

A parking lot has l0l parking places. A total of 500 parking stickers are sold and only 50-75 vehicles are expected to be parked at a time. Set up a hashing function and collision resolution policy for assigning parking places based on licenseplates displaying six-digit numbers.

2.

Assign memory locations for students in your class, using as keys the day of the month of birthdays of students with hashing function hG) = K (mod l9),

3.

a)

with probing sequenceh1(K) -

b)

with probing sequence hjK) g(r): I +K(mod l7).

h(K) + 7 (mod l9). = h(K) + i's(r<),0

( .l (

16, where

Let the hashing function be ft(rK) = K(mod rn ), with 0 < ft(f) < m, andlet the probing sequencefor collision resolution be lr; (f ) = h K) + jq (mod m) , 0 ( f t ; ( f ) < m , f o r j : 1 , 2 , . . . , m - 1 . S h o w t h a t a l l m e m o r y l o c a t i o n sa r e

146

A ppl i cati ons of C ongruences

probed

4.

a)

if ln is prime and I ( q ( m -1.

b)

if m :2'

A

and q is odd.

probing sequence for resolving collisions where the hashing function is

h&) = K(modz), + jQh (f)

5.

0 < l, (K) < m,

is

+ 1) (mod m), O < lij(K) < m.

given by

nifn = hG)

il

Show that if z is prime, then all memory sequencesare probed.

b)

Determine conditions for clustering to occur, i.e., when hj(K) hi*,(K) : hi+,(K) for r : I,2,...

: h1(K)

and

Using the hashing function and probing sequenceof the example in the text, find open memory locations for the files of students with social security numbers: : 25 0 5 5 7 6 4 5 2 ,k n : krr: 137612044,k1 1 5 7 1 7 0 9 9 6k, r o : 1 3 1 2 2 0 4 1 8 . ( e a a these to the ten files already stored.)

4.4 Computer Projects Write programs to assign memory locations to student files, using the hashing function h(k) = ft(modl02l), 0 < l,(k) < l}2l, where the keys the social "r. security numbers of students. l.

Linking files together when collisionsoccur.

2.

Using hj(D

= h ( k ) * 7 ( m o d l 0 2 l ) , - / : 0 , 1 , 2 , . . . a s t h e p r o b i n gs e q u e n c e .

3 . U s i n gh j ( k ) = h ( k \ + j ' S & ) , j : 0 , as the probing sequence.

1 , 2 , . . . w h e r eg ( k ) :

| + k (modl0l9)

Some Special Congruences

5.1 Wilson's Theoremand Fermat's Little Theorem In this section,we discusstwo important congruencesthat are often useful in number theory. We first discussa congruencefor factorialscalled Wilson's theorem. Wilson's Theorem. If p is prime, then (p-t)t

= -t

(mod p).

The first proof of Wilson's Theorem was given by the French mathematician Joseph Lagrange in 1770. The mathematician after whom the theorem is named, John Wilson, conjectured, but did not prove it. Before proving Wilson's theorem,we use an exampleto illustrate the idea behind the proof. Example. Let p:7. We have (7-l)! :6! : l'2'3'4'5'6. We will rearrange the factors in the product, grouping together pairs of inversesmodulo 7. We (mod 7). (mod 7) Hence, 2'4 I and 3'5 = I note that l : ( m o d 7 ) . T h u s , w e h a v e v e r i f i e da s p e c i a l 1.O.4.(g.S).6= 1.6= 6! caseof Wilson's theorem. We now use the technique illustrated in the example to prove Wilson's theorem. Pro o f. W hen p: 2, w e h a v e Q-l )t = t : -l (mod 2). H ence,the theorem is true for p:2. Now, let p be a prime greater than 2. Using Theorem 3.7, t h e r e i s a n i n v e r s et , I < a 4 p - 1 , f o r e a c h i n t e g e ra w i t h I ( a { p - I , wi th aa: 1 ( m odp) . F ro m Pro p o s i ti o n3 .4 , th e onl y posi ti vei ntegersl ess than p that are their own inversesare I and p-1. Therefore,we can group l4'I

148

S ome S peci al C ongruences

the integersfrom 2 to p-2 into Q4)/2 pairs of integers,with the product of each pair congruentto I modulop. Hence, we have 2.3

Q-).Q-D

= r ( m o dp ) .

We concludethe proof by multiplying both sidesof the abovecongruenceby I and p-l to obtain

b-1)! :1.2.3' .Q-3)b-Db-l)

= t . ( p - r ) = - r ( m o d p ) .t r

An interestingobservationis that the converseof Wilson's theorem is also true, as the following theorem shows. Theor em 5. 1. I f n i s a p o s i ti v ei n te g e rs u c h th at h-l )t n is prime.

= -l

(mod n), then

Proof. Assume that n is a compositeinteger and that (n-l)! = -l (mod n). since n is composite,we have n:ob, where | 1 a I n and | < b 1 n. Sinc e a 1n, we k n o w th a t a I h -l )!, b e c a usea i s one of the n-l numbers m ult iplied t ogeth e r to fo rm (n -l )!. S i n c e h -l )t = -l (mod n), i t fol l ow s th at n I t ( r - l) ! + l l . T h i s m e a n s ,b y th e u se of P roposi ti on1.3, that a al so d i v ides h- l) t + t. F ro m P ro p o s i ti o n 1.4, si nce a | (n-D l and al[h-l)! + l l , w e c o n c l u d et h a t a l t ( : n - l ) ! + I ] - ( n - l ) ! : l . T h i s i s an obviouscontradiction,sincea ) l. tr We illustrate the use of this result with an example. Example. Since (6-l)! : 5! : 120 = 0 (mod 6) , Theorem 5.1 verifies the obviousfact that 6 is not prime. As we can see, the converseof Wilson's theorem gives us a primality test. To decide whether an integer n is prime, we determine whether h - l) ! : - 1 ( mo d n ). U n fo rtu n a te l y , th i s i s an impractical test because n - 1 multiplications modulo n are needed to find (rr'-l)|, requiring O h (log2n)z) bit operations. When working with congruencesinvolving exponents,the following theorem is of great importance.

'(-o,r),=L

Fermat's Little Theorem. If p is prime and a is a positive integer with p I a, then aP-t = I (mod p). C , ( P S 6 ' " , " 1, ) Proof. Con'sider'the p - | i n te g e rsa ,2 a , ..., ( p-l )a. N one of these i ntegers are divisible by p, for if p I i a , th e n b y L e m m a 2.3, p I j , si ncep tr a. Thi s

149

5 .1 W ils on' s T heor e m a n d F e rma t' s L i ttl e T h e orem

Furthermore, no two of the integers is impossible because I ( 7 ( p-1. ( pDa mo d u l o p . To S ee thi s, assume that c o n g ru e n t a re a, 2a, ..., ja = ka (mod fl. Then, from Corollary 3.1, since (a,p) : l, we have j = k (modp). This is impossible,since 7 and k are positive integers less thanp - I . i ntegers al l a re a set of p-l Si n ce t he int ege rs a , 2 a , ..., (p -l )a incongruent to zero, and no two congruent modulo p, we know that the least taken in some order, must be the positive residues of c, 2e,..., (p-l)a, , e product of the i ntegers A s a c o n s e q u e n c eth i n te g er s 1, 2, . . . ,p- 1 . a ,2 a ,.. . , ( p- l) a is c o n g ru e n t mo d u l o p to th e product of the fi rst p-l positiveintegers. Hence, a'2a

Q-I)a

:

( p - r ) ( m o dp ) .

l'2

Therefore, aP-t(p-l)! : S i n c e( p - l ) ! ,

p) :

(p-l)! (modp) .

l , u s i n g C o ro l l a ry3 .1 , w e c a ncelQ-l )!

to obtai n

a P-t = I (mo d p ). tr We illustrate the ideasof the proof with an example. Exa m ple. Let p: 7 a n d a :3 . T h e n , l ' 3 = 3 (mod 7), 2' 3 = 6 (mod 7), 3 .3 = 2 ( m od 7) , 4' 3 = 5 (m o d 7 ), 5 ' 3 = I (mod 7), and 6' 3 = 4 (mod 7). Consequently,

( t . l ) .Q . r . ( r . r ) . ( + . 1 ) . ( 5 . 3 ) . (=6 .33.)6 . 2 . s . 1( m . 4o d7 ) , s o t h a t 3 6 . 1 . 2 . 3 . 4 . 5=. 6 3 . 6 . 2 ' 5 ' l ' 4( m o d 7 ) . H e n c e ,3 6 ' 6 != 6! (mod 7), and therefore.36 = I (mod 7). On occasion, we would like to have a congruence like Fermat's little theorem that holds for all integersa, given the prime p. This is suppliedby the following result. Theorem 5.2. If p eP: a (modp).

is

prime

and

a

is

a

positive integer,

then

I (modp). Pro o f. lf p I a, by F e rm a t' sl i ttl e th e o re mw e k now that ap-t: Multiplying both sidesof this congruenceby a, we find that ap = a (mod p). (modp). Thisfinishesthe l f p l a , t h e n p l a p a s w e l l , s o t h a ta P = a = O proof, sinceaP = a (mod p) it p I a and if pla. tr

150

Some SpecialCongruences

Fermat's little theorem is useful in finding the least positive residuesof powers. Example. We can find the least positive residue of 3201modulo I I with the h e lp of F er m at ' s l i ttl e th e o re m . W e k n o w th at 310: I (mod l l ). H ence. 3 2 o r: ( 3 r o ) 2 03. = 3 ( m o d l l ) . A useful application of Fermat's little theorem is provided by the following result.

Theorem 5.3. If p is prime and a is an integer with p I a, then aP-2 is an inverseof c modulop. Proof.

If

p tr a,

then

Fermat's little theorem tells us H e n c e ,a P-2 is an inverseof a modulo p.

that

Example. From Theorem 5.3, we know t h a t 2 e : 5 1 2 = 6 ( m o d l l ) inverseof 2 modulo I 1.

is an

a 'aP - 2 : s P - t = I (m o d p ).

Theorem 5.3 gives us another way to solve linear congruenceswith respect to pr im e m oduli. Corollary 5.1. lf a and b are positive integers and p is prime with p I a, then the solutionsof the linear congruenceax = 6 (mod p) are the integers x s uc h t hat x = a P-2 b (mo d p ). Proof. Suppose that ax = b (mod p). Since p I a, we know from Theorem 5 .2 t hat aP - 2 is a n i n v e rs e o f c (mo d i l . Mul ti pl yi ng both si des of the original congruenceby sP-z, we have aP-2ax = aP-2b(mod p).

Hence, x 7 aP-2b (mod p). tr

5.1 Problems l.

U s i n g W i l s o n ' s theorem, find the least positive r e s i d u e o f 8 ' 9 ' 1 0I. l . 1 2 .I 3 modulo 7.

2.

Using Fermat's little theorem, find the least positive residue oP 2toooooo modulo t1.

151

5 .1 W ils on' s T heore m a n d F e rma t' s L i ttl e T h e o rem

?,

S h o w t h a t 3 1 s:

I (mod I l2).

4 . Using Fermat's little theorem,find the last digit of the base7 expansionof 3r00. 5 . Using Fermat's little theorem,find the solutionsof the linear congruences a) 6.

7x = 12 (mod 17)

4x=ll(modl9).

b)

S h o w t h a t i f n i s a c o m p o s i t ei n t e g e r w i t h n * 4 , t h e n h - \ ) t = O ( m o d n ) .

7 . S h o w t h a t i f p i s a n o d d p r i m e ,t h e n 2 Q - 3 ) ! :

-l

(modp).

8.

Show that if n is odd and 3 /n, then n2 = | (mod 24).

9.

Show that 42 | h' - n) for all positive integers n.

1 0 . S h o w t h a t i f p a n d q a r e d i s t i n c tp r i m e s ,t h e n p e - t * q P - r : I l.

I (modpq).

Show that p is prime and a and b are integerssuch that ap = bP (mod p), then aP = bP (modp2).

12. Show that if p 1-11b+t)/z(mod p).

is

an

prime,

odd

13. Showthatifp isprimeandp =3

then

1232

( m o d 4 ) , t h e n{ ( p - t \ l Z l l =

(p-42(p-2)2

*

=

I (modp).

14. a) Let p be prime and supposethat r is a positive integer less then p such that : - l ( m o dp ) . ( - l ) ' r ! _ - l ( m o dp ) . S h o wt h a t Q - r * l ) ! b ) U s i n g p a r t ( a ) , s h o wt h a t 6 l ! = 6 3 ! = - l

(mod 71).

15. Using Wilson's theorem,show that if p is a prime and p = I (mod 4), then the - -l (mod p) has two incongruent solutions given by congruence x2 x E t l(p-)/zll (modp). 16. Show that if p = ( - l ) e ( m o dp ) .

is a

prime and O1k<-p,

1 7 . S h o w t h a t i f p i s p r i m e a n d a i s a n i n t e g e r t, h e n p l l a p

then Q-k)!(k-l)! + Q-l)!

al.

18. For which positiveintegersn is na * 4n prime? 19. Show that the pair of positiveintegersn and n * 2 are twin primes if and only if 4 l ( n - l ) l + t l + n = 0 ( m o d n ( n * 2 ) ) , w h e r en I l . 2 0 . S h o w t h a t t h e p o s i t i v e i n t e g e r s an n d n * k , w h e r e n ) k a n d k i s a n e v e n (k!)'z[(n-t)t + t] positive integer, are both prime if and only if + n ( k ! - l ) ( k - l ) ! = 0 ( m o dn ( n + k ) ) .

lzo)

2 1 . S h o w t h a t i f p i s p r i m e ,t h e n l l | = 2 ( m o d p ) . lp ) 22. a) In problem 17 of Section 1.5, we showed that the binomial coefficient ['), where I < k ( p - l, is divisibleby p when p is prime. Use this fact and the binomial theorem to show that if a and b are integers, then

152

S ome S peci al C ongruences

( a + b ) p = a p * 6 z ( m o dp ) . b) Use part (a) to prove Fermat's little theorem by mathematical induction. (Hint: In the induction step, use part (a) to obtain a congruencefor fu + l)p.) 23. Using problem 16 of Section 3.3, prove Gauss' generaltzation of Wilson's theorem, namely that the product of all the positive integers less than m that are relatively prime to rn is congruent to I (mod z), unless ffi : 4,p,, or 2p, where p is an odd prime and I is a positive integer, in which case, it is congruent to -l (mod rn ). 24.

25.

A deck of cards is shuffied by cutting the deck into two piles of 26 cards. Then, the new deck is formed by alternating cards from the two piles, starting with the bottom pile. a)

Show that if a card begins in the cth position in the deck, it will be in the Dth positionin the new deck where b = 2c (mod 53) and I < 6 <52.

b)

Determine the number of shuffies of the type described above that are needed to return the deck of cards to its original order.

Let p be prime and let a be a positive integer not divisibleby p. We define the Fermat quotient qob) by qp(a): (ap-t-l)/p. Show that if a and, b are positive integers not divisible by the prime p, then q G b ) : e r ( a ) + q o $ ) ( m o dp ) .

26. Let p be prime and let a1,a2,...,ap and b ,,b2,...,b,be completesystemsof residues modulo p Show that a1bya2b2,...,aobois not a complete system of residues modulo p. 5.1 Computer Projects Write programs to do the following: l.

Find all Wilson primes less than 10000. A Wilson prime is a prime p for which ( p - l ) ! : - l ( m o dp 2 ) .

2.

Find the primesp lessthan 10000 for which Zp-t = I (mod p2).

3.

Solve linear congruenceswith prime moduli via Fermat's little theorem.

5.2 Pseudoprimes Fermat's little theorem tells us that if n is prime and b is any integer, then bn = b (mod n). Consequently, if we can find an integer b such that b' + b (mod n ), then we know that n is composite. Example. We can show 63 is not prime by observingthat

5 .2 P s eudopr im es

153

-__ = g 23 + 2 (mod 63). 263:2eo.2t : (26)ro.23:64to23 Using Fermat's little theorem,we can show that an integer is composite. It would be even more useful if it also provided a way to show that an integer is prime. The ancient Chinesebelievedthat if 2'= 2 (mod n ), then n must be prime. Unfortunately, the converseof Fermat's little theorem is not true, as the following example shows. Exa m ple. Let n - 3 4 1 : 1 1 .3 1 . By F e rma t' s l i t tl e theorem,w e see that 210 = I ( m od l1) , s o th a t 2 3 a o : (2 t0 ;3 + t (mo d l 1). A l so 23a0: (25)68= (3 2 )6 s= t ( m od 3l ). H e n c e ,b y T h e o re m 3 .1 , we have 2340: I (mod 341). By multiplying both sides of this congruence by 2, we have 2341 2 (mod 341), even though 341 is not prime. Examples such as this lead to the following definition. Definition. Let b be a positive integer. If n is a composite positive integer and b' = b (mod n), then n is called a pseudoprime to the base b. Not e t hat if ( b, n ): 1 , th e n th e c o n g ru e n c eb n = b (mod n) i s equi val ent I (mo d n ). T o s e eth is, note that by C orol l ary 3.1 to the c ongr uenc eb n -t: we can divide both sides of the first congruenceby b, since (b,n) : l, to obtain the secondcongruence. By Theorem 3.1, we can multiply both sidesof the second congruencs by b to obtain the first. We will often use this equivalentcondition. Exa m ple. T he inte g e rs 3 4 1 : I l ' 3 1 , 5 6 1 : 3 ' l 1' 17 and 645 : 3' 5' 43 are pseudoprimesto the base 2, since it is easily verified that 2340: I (mod 341), -256o I (mod 561). and 26aa= I (mod 645). If there are relatively few pseudoprimesto the base b, then checking to see whether the congruence b' = D (mod n) holds is an effective test; only a small fraction of composite numbers pass this test. In fact, the pseudoprimes to the base b have been shown to be much rarer than prime numbers. In particular, there are 455052512 primes, but only 14884 pseudoprimesto the base 2, less than 1010. Although pseudoprimesto any given base are rare, there are, nevertheless,infinitely many pseudoprimesto any given base. We will prove this for the base 2. The following lemma is useful in the proof. Lemma 5.1. lf d and n are positive integers such that d divides rz, then 2d - 1 divides 2n - l. Proof. Since d I n, there is a positive integer / with dt : n. By setting + l), we find i n t h e i d e n t i t vx t - I - ( x - 1 ) ( x t - l + x t - z + x:2d

154

S ome S peci al C ongruences

that 2n-t:(2d-l) 12dQ-r+ ) 2do-Da Od - t) | Q' - D. tr

+2d +l).

Consequently,

We can now prove that there are infinitely many pseudoprimesto the base 2. Theorem 5.4. There are infinitely many pseudoprimesto the base 2. Proof. We will show that if r is an odd pseudoprimeto the base 2, then m : 2' - I is also an odd pseudoprimeto the base 2. Since we have at least o n e odd ps eudo p ri meto th e b a s e 2 , n a m e l y fl s:341, w e w i l l be abl e to construct infinitely many odd pseudoprimesto the base 2 by taking ns: 341 a n d n 1 r a :12 n ' I f o r k : 0 , 1 , 2 , 3 , . . . . T h e s eo d d i n t e g e r sa r e a l l d i f f e r e n t , s i n c en o I n t 1 n z 1 . ' . 1 n * ( n 1 1 1( To continue the proof, let n be an and 2n-t = I (mod n). Since n 11d1n and l
odd pseudoprime,so that n is composite is composite, w€ have n : dt with will show that m:2n-r is also is composite,and then by showing that

To see that m is composite, w€ use Lemma 5.1 to note that Qd - t) | (Z' - l): m. To show that 2^-t: I (modre), we first note t h a t s i n c e2 n : 2 ( m o d n ) , t h e r e i s a n i n t e g e rk w i t h 2 n - 2 : k n . H e n c e , 2 ^ - t : 22' - 2: 2k n . By Lemma 5.1, we know that m : ( 2 n - l ) | ( 2 k n- l ) : 2 ^ - l - l . H e n c e , 2 m - t - I : 0 ( m o d z ) , s o that 2^-t = I (mod re). We conclude that z is also a pseudoprimeto the base 2. rl If we want to know whether an integer n is prime, and we find that 2n-t : I (mod n), we know that n is either prime or n is a pseudoprimeto the base 2. One follow-up approachis to test n with other bases. That is, we check to see whether bn-r : I (mod n) for various positiveintegers6. If we fi n d any v alues o f b w i th (b ,n ): I a n d b n -r # | (mod n), then w e know that n is composite. Example. We have seenthat 341 is a pseudoprimeto the base 2. Since 7 3 : 3 4 3 = 2 ( m o d3 4 1 ) and

zto: 1024:

I (mod341) .

155

5.2 Pseudoprimes

we have 7 3 a 0:

0 3 ) t t 3 l = 2 t 1 3 7: ( 2 1 0 ) 1 t . 2 3 . 7 8.7 = 56 # I (mod 341).

He n c e,we s eet hat 3 4 1 i s c o m p o s i tes, i n c eT z to1 l

(mod 341).

Unfortunately, there are compositeintegers r? that cannot be shown to be composite using the above approach, becausethere are integers which are pseudoprimesto every base, that is, there are compositeintegersn such that b'-t = I (modn), for all b with (b,n): l. This leadsto the following definition. Definition. A composite integer which satisfies bn-t : I (mod n) for all positiveintegersb with (b,il : I is called a Carmichael number. E x a m p l e . T h e i n t e g e r 5 6 1 : 3 ' 1 1 ' 1 7 i s a C a r m i c h a e ln u m b e r . T o s e e t h i s , n o t e t h a t i f ( b , 5 6 1 ) : l , t h e n ( b , 3 ) : ( b , l l ) : ( b , 1 7 ) : l . H e n c e ,f r o m Fermat's little theorem, we have b2 = I (mod 3), 610: I (mod I l), and -6 1 6 I ( m o d 1 7 ) . C o n s e q u e n t l yb,5 6 0 : ( b 2 ) 2 8 0 : I ( m o d 3 ) , b s 6 0 : ( b 1 0 ) 5 6 = I ( m o d l l ) , a n d 6 5 6 0 : ( b l 6 ) 3 5= I ( m o d l 7 ) . T h e r e f o r e ,b y T h e o r e m 3 . 1 , b 5 6 0= I ( m o d 5 6 1 ) f o r a l l b w i t h ( b , n ) : L It has been conjecturedthat there are infinitely many Carmichael numbers, but so far this has not been demonstrated. We can prove the following thecrem,which providesconditionswhich produceCarmichael numbers. q 1 , w h e re th e q i ' s are di sti nct pri mes that Th e o r em 5. 5. I f n: Qt Qz (,4 j, l) for all then n is a Carmichael number. satisfy Qi 1) | Pro o f . Let b be a p o s i ti v e i n te g e r w i th (b ,n ) : l . Then (b,q1): I for j :1,2,...,k, a n d h e n c e ,b y F e r m a t ' sl i t t l e t h e o r e m ,b Q t - r I ( m o d Q ) f o r j : 1 , 2 , . . . , k . S i n c e Q i - l ) | ( n - l ) f o r e a c h i n t e g e rj : 1 , 2 , . . . , k , th e re ar e int eger s/.; w i th r;(q , - l ) : n - L H ence, for each /, w e know th a t b ' - t : 6\ Q ' - r ) tt' -t t-o O q rl . T h e re fo re ,b y C orol l ary 3.2, w e see that bn-t : I (mod n), and we concludethat n is a Carmichael number. D Exa mple. T heor em 5 .5 s h o w sth a t 6 6 0 1 :7 ' 2 3 ' 4 1 i s a Carmichael number, a re a l l p ri m e , 6 : Q - t ) | o o o o2, 2 : b e ca us e J , 23, a n d 4 I

and4o: (+t - t) | oooo. Ql - t) | oooo,

The converseof Theorem 5.5 is also true, that is, all C armi chaelnumbers are of the form Qflz Q* where the Qj's are distinct primes and Qi -l ) | t r - l) f or a l l j . We p ro v eth i s fa c t i n Chapter 8 .

156

S ome S peci al C ongruences

Once the congruencebn-r : I (mod n ) has been verified, another possible approach is to consider the least positive residue oS 6h-D/2 modulo r. We n o t e t hat if x : 6 (,-t)/2 , th e n x 2 : b n -t: I (mod r). rf n i s pri me, by Proposition 3.4, we know that either x = I or x = -l (mod n). Consequently,once we have found that b"-t: I (mod n), we can check to see wheth", 6tu-t)/2 = + I (mod n). If this congruencedoes not hold. then we know that n is composite. Example. Let b:5 and let n:561, the smallesC t a r m i c h a e ln u m b e r . w e fi nd t hat 5( 561- t )/2 :5 2 8 = 0 6 7 (mo d 5 6 1 ). H e nce,56l i s composi te. We continuedevelopingprimality testswith the following definitions. Definition. Let n be a positive integer with n-l : 2't, where s is a nonnegative integer and / is an odd positive integer. We say that n passes Miller's test for the base b if either bt = I (mod n) or b/' : -l (mod n) forsomeTwith0
157

5.2 Pseudoprimes

led to the following definition. Definition. lf n is compositeand passesMiller's test for the base 6, then we say n is a strong pseudoprime to the base b. : ' ( 2 1 r ) 1 8 6 : ( Z O + A ) 1 8: 6 1 Example. Let n :2047 :23'89. Then 220a6 : (mod 204D, so that 2047 is a pseudoprime to the base 2. Since 22046/2 l)e3 : : : (mod (zo+g)e3 (2t passes for test Miller's 2047), 2047 I 2to23 the base 2. Hence, 2047 is a strong pseudoprimeto the base 2. Although strong pseudoprimesare exceedinglyrare, there are still infinitely many of them. We demonstrate this for the base 2 with the following theorem. Theorem 5.7. There are infinitely many strong pseudoprimesto the base 2. Proof. We shall show that if n is a pseudoprime to the base 2, then is a s t r on g p s e u d o p ri meto th e b a s e2 . N :2 ' - l Let n be an odd integer which is a pseudoprimeto the base 2. Hence, n is composite, and Zn-r : I (mod n). From this congruence, we see that 2'-r -l : nk for some integer k; furthermore,k must be odd. We have ,A f- I : 2 n -2 : 2 (2 n -r-l ) : Ztnk; this is the factorizationof /V-l

into an odd integer and a power of 2.

We now note that 2?v-r)/2:2nk b e c a u s 2e n : ( z n - t ) passesMiller's test.

+ t:I{*

: (Zn)k = I (mod /V) I = I ( m o d , n { ) .T h i s d e m o n s t r a t e s t h a t N

In the proof of Theorem 5.4, we showed that if n is composite, then N : 2'-l also is composite. Hence, N passes Miller's Test and is composite, so that N is a strong pseudoprime to the base 2. Since every pseudoprimen to the base 2 yields a strong pseudoprime2n-1 to the base 2 and since there are infinitely many pseudoprimesto the base 2, we conclude that there are infinitely many strong pseudoprimesto the base 2. tr The following observationsare useful in combination with Miller's test for checking the primality of relatively small integers. The smallest odd strong pseudoprimeto the base 2 is 2047, so that if n 1 2047, r is odd, and n passes Miller's test to the base 2, then n is prime. Likewise, 1373653is the smallest

158

S ome S peci al C ongruences

odd strong pseudoprimeto both the bases2 and 3, giving us a primality test for integers less than 1373653. The smallest odd strong pseudoprimeto the bases2,3, and 5 is 25326001,and the smallestodd strong pseudoprimeto all t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 1 5 0 3 1 7 5 1 .A l s o , l e s st h a n 2 5 . 1 0 e t, h e o n l y o d d i n t e g e rw h i c h i s a p s e u d o p r i m teo a l l t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 5 1 0 3 1 7 5 1 . This leads us to a primality test for integersless than 25.10e. An odd integer n is pr im e if n < 2 5 ' 1 0 e ,n p a s s e sMi l l e r' s te st for the bases2,3,5, and 7, a n dn I 3 2 1 5 0 3 1 7 5 1 . There is no analogy of a Carmichael number for strong pseudoprimes.This is a consequenceof the following theorem. Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's te s t f or at m os t Q -l )/4 b a s e sb w i th I < b ( n - l . We prove Theorem 5.8 in Chapter 8. Note that Theorem 5.8 tells us that if t? passesMiller's tests for more than (n-l)/4 basesless than n, then n must be prime. However, this is a rather lengthy way, worse than performing trial divisions,to show that a positiveinteger n is prime. Miller's test does give an interestingand quick way of showingan integer n is "probablyprime". To see this, take at random an integer b with I < D ( n - I (we will see how to make this "random"choice in Chapter 8). From Theorem 5.8, we seethat if n is composite the probability that r? passesMiller's test for the base b is less than I/4. If we pick k different basesless than n and perform Miller's tests for each of thesebaseswe are led to the following result. Rabin's Probabilistic Primality Test. Let n be a positive integer. Pick k different positive integers less than n and perform Miller's test on n for each of these bases. If n is composite the probability that n passesall k tests is l e s st h a n 0 / 4 k . Let n be a compositepositiveinteger. Using Rabin's probabilisticprimality test, if we pick 100 different integers at random between I and n and,perform Miller's test for each of these 100 bases,then the probability than n passesall the tests is less than 10-60,an extremely small number. In fact, it may be more likely that a computer error was made than that a compositeinteger passesall the 100 tests. Using Rabin's primality test does not definitely prove that an integer n that passesall 100 tests is prime, but does give extremely strong,indeedalmost overwhelming,evidencethat the integer is prime. There is a famous conjecture in analytic number theory called the generalized Riemann hypothesis. A consequenceof this hypothesis is the following conjecture.

1s9

5.2 Pseudoprimes

Conjecture 5.1. For every compositepositiveinteger n, there is a base b with b < 70 (log2n)2,such that n fails Miller's test for the base b. If this conjecture is true, as many number theorists believe,the following result providesa rapid primality test. Proposition 5.1. If the generalizedRiemann hypothesisis valid, then there is an algorithm to determine whether a positive integer n is prime using O ((log2n)5)Uit operations. Proof. Let b be a positive integer less than n. To perform Miller's test for the base b on n takes O (logzn)3) bit operations,becausethis test requires that we perform no more than log2n modular exponentiations,each using O(logzb)2) Ult operations. Assume that the generalizedRiemann hypothesis is true. lf n is composite,then by Conjective 5.1, there is a base 6 with | < b < 70 (log2n)2such that n fails Miller's test for b. To discoverthis b requires less than O(log2n)3)'O((togzn)z) : O((log2n)5) Uit operations,by Proposition 1.7. Hence, after performing O((log2n)s) bit operations,we can determinewhether n is compositeor prime. I The important point about Rabin's probabilistic primality test and Proposition 5.1 is that both results indicate that it is possibleto check an i n te g er n f or pr im a l i ty u s i n g o n l y O((l o g 2 n )ft) bi t operati ons,w here k i s a positive integer. This contrasts strongly with the problem of factoring. We have seen that the best algorithm known for factoring an integer requires a number of bit operationsexponentialin the squareroot of the logarithm of the number of bits in the integer being factored, while primality testing seemsto require only a number of bit operationsless than a polynomial in the number bits of the integer tested. We capitalize on this difference by presentinga recently inventedcipher systemin Chapter 7.

5.2 Problems

l . Show that 9l is a pseudoprimeto the base 3. 2 . Show that 45 is a pseudoprimeto the bases17 and 19. 3 . Show that the even integer n : 161038:2'73' l 103 satisfiesthe congruence 2n = 2 (mod n). base 2.

The integer 161038 is the smallest even pseudoprimeto the

4 . Show that every odd composite integer is a pseudoprimeto both the base I and t h e b a s e- 1 .

5 . Show that if n is an odd compositeinteger and n is a pseudoprimeto the base a, then n is a pseudoprimeto the base n - a.

160

Some SpecialCongruences

6 , S h o w t h a t i f n : ( a z p - - l ) / G 2 - l ) , w h e r e a i s a n i n t e g e ra, ) l , a n d p i s a n odd prime not dividing a(a2 - l), then n is a pseudoprimeto the base a. Conclude that there are infinitely many pseudoprimesto any base a. (Hint: To establish that ao-t = I (mod n), show that 2p | (, - 1), and demonstrate that a 2 P: 2 ( m o d n ) . ) 7.

Show that every composite Fermat number F^ : 22' + I is a pseudoprimeto the base 2.

8.

Show that if p is prime and the Mersenne number Mo : 2P - I is composite, then Mo is a pseudoprime to the base 2.

9 . Show that if z is a pseudoprime to the bases a and b, then n is also a pseudoprimeto the base aD.

1 0 . Show that if n is a pseudoprimeto the base a, then n is a pseudoprimeto the base a-, where d' is an inverseof a modulo n. l l . a) Show that if n is a pseudoprimeto the base c, but not a pseudoprimeto the base 6, then n is not a pseudoprimeto the base aD. b) Show that if there is an integer b with (b,n) : I such that n is not a pseudoprimeto the base D, then n is a pseudoprimeto lessthan or equal 6 Ah) different basesa with I ( a ( n. (Hint: Show that the sets c t, o2,..., a, and ba1,ba2,..., ba, have no common elements,where ot, o2, ..., ar are the basesless than n to which n is a pseudoprime.) 12. Show that 25 is a strong pseudoprimeto the base 7. 13. Show that 1387 is a pseudoprime,but not a strong pseudoprimeto the base 2. 14. Show that 1373653 is a strong pseudoprimeto both bases2 and,3. 15. Show that25326001 is a strong pseudoprimeto bases2,3, and 5. 1 6 . Showthat the followingintegersare Carmichaelnumbers

il

2 8 2 1: 7 ' 1 3 ' 3 1

b)

1 0 5 8 5: 5 . 2 9 ' 7 3

c)

29341: l 3 ' 3 7 ' 6 1

d ) 3 1 4 8 2 1: 1 3 . 6 r . 3 9 7 e) 27845: 5'17'29.113 f)

1 7 2 0 8:17 - 1 3 . 3 1 . 6 1

g)

: 43.3361.3907. 564651361

1 7 . Find a Carmichaelnumberof the form7.23.qwhereg is an odd prime. 1 8 . a) S howt ha t e v e ryi n te g e o r f th e fo rm (6 m +l )(l 2m+ l )(tg,n + t), w herem i sa pos it iv eint e g e rs u c h th a t 6 m* l ,l 2 ml l , and l 8m* l are al l pri mes,i s a Carmichaelnumber.

161

5.2 Pseudoprimes

109,55164051 l , 2 9 4409: 37' 73' b) Conclude from part (a) th a t 1 7 2 9- 7 ' 1 3 ' 9 : : 2 t 1 . 4 2 1 . 6 3 1I 1 . 8 9 0 1 5 2 1 2 7 1 ' 5 4 1 ' 8 1al .n d 7 2 9 4 7 5 2 -9 3 0 7 ' 6 1 3 ' 9 1a9r e Carmichael numbers. with n = 3 (mod 4), then Miller's test takes

19. Show that if n is a positive O ((logzn)2) bit operations. 5.2 Computer Projects Write programs to do the following: I.

Given a positive integer n, determine whether n satisfies the congruence bn-t = I (mod n) where b is a positive integer less than n; if it does, then n is either a prime or a pseudoprimeto the base D.

2.

Given a positive integer integer n, determine whether n passesMiller's test to the base b; if it does then n is either prime or a strong pseudoprimeto the base b.

3.

Perform a primality test for integers less than 25'l0e based on Miller's tests for the bases2,3,5, and 7. (Use the remarks that follow Theorem 5.7.)

4.

Perform Rabin's probabilistic primality test.

5.

Find Carmichael numbers.

5.3 Euler's Theorem Fermat's little theorem tells us how to work with certain congruences involving exponentswhen the modulus is a prime. How do we work with the correspondingcongruencesmodulo a compositeinteger? For this purpose,we first define a specialcounting function. Definition. Let n be a positive integer. The Euler phi-function Qh) is defined to be the number of positive integers not exceeding n which are relatively prime to n. In T abt e 5. 1 we dis p l a yth e v a l u e so f @ (n ) fo r I ( r ( 12. The val uesof d(,n) for I ( n < 100 are given in Table 2 of the Appendix. n

2

3

4

5

6

7

8

9

l0

il

I2

6h)

I

2

2

4

2

6

4

6

4

l0

4

n <

12.

Table 5.1. The Valuesof Euler's Phi-functionfor I (

162

S ome S peci al C ongruences

In Chapt er 6, w e s tu d y th e E u l e r p h i -fu n c t i onfurther. In thi s secti on,w e use the phi-function to give an analogue of Fermat's little theorem for compositemoduli. To do this, we need to lay somegroundwork. Definition. A reduced residue system modulo n is a set of Ofu) integers such that each elementof the set is relatively prime to n, and no two different elementsof the set are congruentmodulo n. E x a m p l e . T h e s e t 1 , 3 , 5 , 7 i s a r e d u c e dr e s i d u es y s t e mm o d u l o 8 . T h e s e t - 3 , - 1 , l , 3 i s a l s os u c ha s e t . we will need the following theorem about reducedresiduesystems. Theor em 5. 9. lf r1 ,r2 ,...,t6 G) i s a re d u c e dresi duesystemmodul o n, and i f a i s a pos it iv eint e g e rw i th (a ,fl ) : l , th e n th e set et1, et2, ..., ot6h) i s al so a reducedresiduesystemmodulo r. Proof. To show that each integer ari is relatively prime to n, we assumethat (a r1, n) ) l. T he n , th e re i s a p ri m e d i v i s o r p of (ari ,n). H ence, ei ther p I a or p I 11. T h u s , w e e i th e r h a v e p I a a nd p I n,' o, p I ri and p I n. However, we cannot have both p I r; and p I n, since r; is a member of a reduced residue modulo n, and both p I a and p I n cannot hold since (a,n): l. Hence, we can conclude that ar1 and n are relatively prime for j : l , 2 , . . ' ,Q h ) . To demonstratethat no two ari's are congruent modulo n, we assumethat arj = ar1, (mod n), where j and k are distinct positive integers with 1 < j ( d ( n ) a n d I < k ( d ( n ) . S i n c e( a , n ) : l , b y C o r o l l a r y 3 . l w e s e e that r; : rk (mod n). This is a contradiction, since r7 and r,1 coffie from the original set of reducedresiduesmodulo r?,so that ri # rr (mod n). tr We illustrate the use of Theorem 5.9 by the following example. Exam ple. T he se t 1 ,3 ,5 ,7 i s a re d u c e d re si duesystem modul o 8. S i nce ( 3 , 8 ): l , f r o m T h e o r e m5 . 9 , t h e s e t 3 ' l : 3 , 3 ' 3 : 9 , 3 . 5 : 1 5 , 3 ' 7 : 2 1 i s also a reducedresiduesystemmodulo 8. We now state E,uler'stheorem. Euler's Theorem. If m is a positive integer and a is an integer with (a ,m ) : l, t hen so tu ) = I (mo d rn ). Before we prove Euler's theorem, we illustrate the idea behind the proof w i th an ex am ple.

163

5 .3 Euler ' s T heor em

Example. We know that both t h e s e t s l , 3 , 5 , 7 a n d 3 ' 1 , 3 ' 3 , 3 ' 5 , 3 ' 7 a r e reduced residuesystemsmodulo 8. Hence, they have the same least positive residuesmodulo 8. Therefore,

( 3 .l ) . ( 3 . 3 )(.3 . s )(.3 . 7 ):

l ' 3 ' 5 ' 7( m o d8 ) ,

3 4 ' l ' 3 ' 5 ' 7= l'3'5'7 (mod8). 8) : l , w e c o n c l u d eth a t 3 + _ 3 d (a ):

I (m o d g ) .

We now use the ideas illustrated by this exampleto prove Euler's theorem. Proof. Let rr,rZ, ..., ro(^) denote the reduced residuesystem made up of the positiveintegersnot exceedingm that are relatively prime to m. By Theorem 5 . 9 , s i n c e ( a , m ) : l , t h e s e t Q t 1 ,a t y , . . . , a r 6 ( m ) i s a l s o a r e d u c e dr e s i d u e syste m m odulo lz . H e n c e , th e l e a s t p o s i ti v e re si duesof ar1, Qr2,...,or6(m) mu st be t he int ege rs 1 1 ,1 2 ,..., r6 (m ) i n s o me o rder. C onsequentl y,i f w e multiply togetherall terms in each of thesereducedresiduesystems,we obtain ar pr 2

aryfu't -- r| rz

16(^) (mod la) .

Thus, a 6 ( ^ )r { z

' r 6 ( m )j

r o(m) (mod z ) .

r(z

r a( ^ ), m ) : l , fro m C o ro l l a ry 3.1, w e can concl ude that Si n ce ( r g2 ( m o d m). D o o ( m )= I We can use Euler's Theorem to find inversesmodulo m. relatively prime, we know that s ' t6 (m)-t :

4 4 (m)

lf a and m are

1 (mo d rn).

H e n c e,o6( m ) - tis an i n v e rs eo f a m o d u l om. Example. We know that 20@-t - 26-t : 25 : of 2 modulo 9.

32:5

(mod 9) is an inverse

We can solve linear congruences using this observation. To solve a x j D ( m od z ) , w h e re (a ,m) : I , w e mu l ti pl y both si des of thi s

164

S ome S peci al C ongruences

co ngr uenc eby aa h )-l to o b ta i n o o (m)-to * - : q Q ( m ) - t b( m o d m ) . Therefore, the Solutions y : of(m)-tb (modm).

are

those

integers

Example. The solutions o f 3 x = 7 (mod l 0) x = 3d( 10) - 1. 7 3 3 .J:9 (mo d l 0 ) , s i n c ed ( I 0 ) : 4 .

such

are

given

that

by

5.3 Problems l.

Find a reducedresiduesystemmodulo a)6

b)e c)

lo

d) e) f)

t4 16 17.

2. Find a reduced residue system modulo 2^ , where m is a positive integer. 3 . Show if c t, c2, ..., c6(m) is a reduced residue system modulo m , then c1* c2*

0 ( m o dl n ) .

* ,oh):

4 . Show that if m is a positive integer and a is an integer relatively prime to m, then I I a * a2 *

I ofh)-t = 0 (mod m).

5 . Use Euler's theorem to find the least positive residueo1 3100000 modulo 35. 6 . Show that if a is an integer, then a7 = a (mod 63). 7 . Show

an

8 . Show that cd(b) I 6ab) :

I (mod ab), if a and b are relatively prime positive

that if a is at2=l(mod3276CD.

integer

relatively prime

to

integers. 9 . Solve the following linear congruencesusing Euler's theorem il

5x = 3 (mod 14)

b)

4x = 7 (mod 15)

c)

3x = 5 (mod 16).

1 0 . Show that the solutions to the simultaneoussystem of congruences

32760, then

165

5 .3 E uler ' s T heor e m

x i *

ar (mod rn r) o, (mod mz)

=

x ? a, (mod m), where the mi are pairwise relatively prime, are given by x j

a,ul'^)

w h e r eM : m 1 m 2 I l.

+ a,M!t^') (mod u)'

+ a2M!@) a m , a n dM j :

M/mi forT:

1,2,...,r.

Using Euler's theorem,find a)

the last digit in the decimal expansiono1 7t000

b)

the last digit in the hexadecimalexpansionoP 51100$000.

1 2 . F i n d @ ( n ) f o r t h e i n t e g e r sn w i t h 1 3 ( n < 2 0 . 13. a) Show every positive integer relatively prime to l0 divides infinitely many repunits (see problem 5 of Section 4.1). (Hint: Note that the n -digit repunit lil ... ll : (to'-t)/q.) b) Show every positiveinteger relatively prime to b divides infinitely many base b repunits (seeproblem 6 of Section4.1). 14. Show that if m isa positiveinteger,m ) positiveintegersa.

1, then o^ = am-6(m)(mod rn ) for all

5.3 Computer Projects Write programsto do the following: l.

Solve linear congruencesusing Euler's theorem.

2.

Find the solutionsof a system of linear congruencesusing Euler's theorem and the Chineseremaindertheorem (seeproblem l0).

MultiplicativeFunctions

6.1 The Euler Phi-function In this chapter we study the Euler phi-function and other functions with similar properties. First, we presentsomedefinitions. Definition. An arithmetic function is a function that is defined for all positive integers. Throughoutthis chapter,we are interestedin arithmetic functionsthat have a specialproperty. Definition. An arithmetic function f is called multiplicative if f fun) : f (m)f fu) wheneverm and n are relatively prime positiveintegers. Example. The function f h) : I for all n is multiplicative because and f(n):1, so that fhn):f(m)fh). f(mn):1, f(m):1, Similarly, function g(n) : n the is multiplicative, since g(mn) :mn : g(m)efu). Notice that ffun) :1(m)fh) and g( m n) : g( m ) S h ) fo r a l l p a i rs o f i n te g ersm and n, w hether or not (m,n) : l. Multiplicative functions with this property are called completely mult ip licative functions. If / is a multiplicativefunction, then we can find a simple formula for f fu) given the prime-powerfactorizationof n. T heor em6. 1. I f / 166

i s a m u l ti p l i c a ti v efu n c ti onand i f n:

pi ' pi ,

...

pi ' i t

167

6.1 The EulerPhi'function

the

prime-power factorization of

f tu): f Qi)f Qi) " Proof. Since f

the

positive

integer

n,

then

"fQi).

is multiplicativeand Qi',pi' ' ' ' p!) : l, we see that

f Qi)-Q f i ' p \"' ' p : ' ) .

f t u ): f b i ' p i '" ' p : ) : f Q i ' ' Q ? " ' p i ) ) :

S i n c eb i ' , p \ ' " ' p ! ' ) : 1 , w e k n o wt h a ft b i ' p \ ' " ' p ! ' ) : f b i ' ) p:). continuing -f Qi'... pl'), ro thatf(n): -f Qi') f Qi) f Qi' in thisway,we findthatf h) : f Qi) f bi) .f (p\') f Q?) a We now return to the Euler phi'function. First, we considerits values at primesandthenat primepowers. Theorem 6.2. If p is prime. then 0b) : p - l. positiveintegerwith d(p) - p - l, thenp is prime.

Conversely, if p is a

Proof. If p is prime then every positiveinteger lessthan p is relatively prime to p. Sincethere arep - I suchintegers,we haveQQ) : p - l. , e n p h a s a d i v i s ord w i th | < d 1p,and, Co n v er s ely , ifp is c o mp o s i teth of course,p and d are not relatively prime. Since we know that at least one of the p - | integers| ,2, ...,p - l, namely d, is not relativelyprime to p, - l , t h e n p m u s t b e p r i m e t. r H e n c e , i 0f Q ) : p d0) ( p-2. We now find the value of the phi-functionat prime powers. Theorem 6.3. Let p

be a

prime and a

6e\:po-po-t. = f o-'fp_D ' zZ\

a positive integer.

Then

Proof. The positive integers'less-thanpo that are not relatively prime to p are thoseintegersnot exceedingpo that are divisibleby p. There are exactlypo-l such integers,so there are po - po-r integersless than po that are relatively p ri me t o po. Henc e ,6 b " ) : p o - P o -r. n Example. Using Theorem6.3, we find that d(53) : 53 - 52 : 100, O ( z t } ): 2 t 0 - 2 e: 5 1 2 , a n dd ( t t 2 ) : 1 1 2- 1 1 : 1 1 0 . To find a formula for @(n), given the prime factorization of n, we must show that d is multiplicative. We illustrate the idea behind the proof with the following example. E x a m p l e .L e t m : 4 a n d n : 9 , s o t h a t m n : 3 6 . W e l i s t t h e i n t e g e r sf r o m I to 36 in a rectangularchart, as shownin Figure 6.1.

168

MultiplicativeFunctions

OOe@@2,@@33 l0

t4

18

22

34

,O@,5@@27@@ t2

l6

20

24

28

32

36

Figure6.1. Neither the second nor fourth row contains integers relatively prime to 36, since each element in these rows is not relatively prime to 4, and hence not relatively prime to 36, We enclosethe other two rows; each element of these rows is relatively prime to 4. Within each of theserows, there arc 6 integers relatively prime to 9. We circle these; they are the 12 integers in the list relativelyprime to 36. HenceOGO : 2.6 - OU)O(il. We now state and prove the theorem that showsthat @is multiplicative. Theorem 6.4. Let m and n be relatively prime positive integers. Then

Q f u n ): Q ( m ) t h ) .

Proof. We display the positive integers not exceeding mn in the following way.

I

m*l

2m*l

2

m*2

2m*2

h-l)m*2

3

m*3

2m*3

h-I)m*3

2m

... 6-l)m*l

3m

Now suppose r l s a posltlve lnteger not exceeding m. Suppose (m,r):d)1. Then no number in the rth row is relatively prime to mn, since anv element of this row is of the form km * r, where k is an integer

6.1 The EulerPhFfunction

169

with I < t < n - l, and d | &m*r),

and d I r.

sinced | *

Consequently,to find those integers in the display that are relatively prime to mn, we need to look at the rth row only if (m,r) : l. If fuI) :1 and I ( r ( m, we must determinehow many integersin this row are relatively prime to mn. The elements in this row are r , m * r , 2m * r,..., h-l)m * r. Since (r,m) : l, each of these integers is relatively prime to m. By Theorem 3.4, the n integersin the rth row form a completesystemof residuesmodulo r. Hence, exactly Qh) of these integers are relatively prime to n. Since these d(n) integersare also relatively prime to m, they are relativelyprime to mn. Since there are S(m) rows, each containing d(n) integersrelatively prime to mn, we can concludethal Q(mn) : O(m)efu). tr CombiningTheorems6.3 and 6.4, we derive the following formula for 0Q). Theorem 6.5. Let n : por'pi' . . . pir' be the prime-power factorization of the positive integer n. Then

l)

6h):n0-lttr-

Pr

Pz

.

tr-.!l

Pt

Proof. Since @is multiplicative, Theorem 6.1 tells us that if the prime-power factorization of n is n : pl,pl, pf,,, th"n

0h) : o?i)obi,)

oht').

In addition, from Theorem 6.3 we know that

Obi')- pf'- p?-t: p;,(l- +) Pi forT : 1,2,...,k.Hence,

Qh): pi'T - L)ri,(l - I) Pr

Pz

pi:oftt: n ( L- I l ( l Pr

- !) Pz

This is the desiredformula for d(n). D

pi,'o- t ) P*

Lt

(r-!) P*

(l-I). Pr,

170

Multiplicative Functions

we illustrate the use of rheorem 6.5 with the following example. Example. Using Theorem6.5, we note that

: o(22s2): : loo(ld(roo) il(l +) 4o. and

: t2oe0020: o(2432s) ilrr |l tr

l.

=)-192. )

We now introduce a type of summation notation which is usefulin working with multiplicativefunctions. Let f be an arithmetic function. Then

2,f (d)

dln

representsthe sum of the valuesof f at all the positivedivisorsof n. Example. If / is an arithmetic function, then

> f U) : f (r)+ f Q)+ f 0) + f U) + f (O+ f 0D .

dlt2

For instance. > d 2 : 1 2+ 2 2 + 3 2 + 4 2 + 6 2 + 1 2 2 dlt2 :l* 4+g+16+36+ 144:ZlO. The following result, which states that n is the sum of the values of the phi-functionat all the positivedivisorsof n, will also be useful in the sequel. Theorem 6.6. Let n be a positive integer. Then

2A@l:n'

dln

Proof. We split the set of integersfrom I to n into classes. Put the integer m into the classCa if the greatestcommondivisor of m and n is d. We seethat m is in C4, i. e . (m ,n ) : d ,i f a n d o n l y i f fu /d ,n/d) : l . H ence,the number of integersin Ca is the number of positiveintegersnot exceedingn/d that are relatively prime to the integer n/d. From this observation,we see that there

171

6.1 The Euler Phi'function

are gh/d) integersin C1. Since we divided the integers I to n into disjoint classesand each integer is in exactly one class,n is the sum of the numbersof elementsin the different classes.Consequently,we seethat

n : > Qhld) dln

As d runs through the positiveintegersthat divide n, nfd also runs through thesedivisors,so that

n:>0fu1d)-DfU) dln

dl,

This provesthe theorem.tr Example.We illustratethe proofof Theorem6.6 whenn : 18. The integers C4 whered I 18 suchthat the classC7 from I to 18 can be split into classes : d . We have (m,18) containsthoseintegersm with c 1 : { 1 ,5 , 7 , l l , 1 3 ,1 7 } C 6 : { 6 ,1 2 } c 2 : { 2 , 4 ,8 , 1 0 ,1 4 ,1 6 } C g : { g } C r r : { t g }. C 3 : { 3 ,1 5 } We see that the classCa contains0081d) integers,as the six classes c o n t a i nd ( 1 8 ): 6 , O ( 9 ): 6 , 0 ( 6 ) : 2 , O ( 3 ): 2 , 0 ( 2 ) : l , a n d d ( 1 ) : I We notethat 18: d(18) + O(g)+ ,O(0)+ ,0(3)+ respectively. integers,

QQ)+d(1):2atal. dll8

6.1 Problems l.

Find the value of the Euler phi-function for each of the following integers

a) 100 b) 2s6

d) 2.3.5.7'rr.13 e) lo!

c) l00l

f)

20t .

2. Find all positiveintegersn such that d(n) has the value

ill b)2 c)3

d)6 e) 14 f) 24.

172

3.

Multiplicative Functions

For which positiveintegersn is 6fu) a) odd b) divisible by 4 c) equal to n/2 ?

4.

Show that if n is a positive integer, then

QQn):

fa@ lrrh)

if n is odd if n is even.

5'

Show that if z is a .positive integer having k distinct odd prime divisors, then d(n) is divisibleby 2k.

6.

For which positive integers n is Qh) a power of 2?

7. Show that if n and k are positiveintegers,then Q(mk) : mk-16(m) . 8.

For which positive integers lz doesQfu) divide m ?

9. Show that if a and b are positive integers,then

Qbb) : (a,b)6G)O$)lOKa,il) . 10. Show that if m and,n are positiveintegerswith nr I n, then Qfu) | oh). 11. Prove Theorem6.5, using the principle of inclusion-exclusion(seeproblem lZ of Section 1 l). 12. show that a positive integer n is compositeif and only if oh)

( n - .,,6-.

13. Let n be a positive integer. Define the sequenceof positive integers fl1,n2,13,... recursivelyby nr: Qh) and n1.,1: 6(n*') for ft : r,2,3,... . show that there is a positive integer r such that n, - 1. 14. Two arithmetic functions/ and I may be multiplied using the Dirichlet product which is defined bv

V*s)(n): 2f @)shlil . a) Showthat f*g : g*.f . b) Showthat (/*g) *h : f* Q*h) . c) Showthat if r is the multiplicativefunctiondefinedby

,{n): then rf

- f*t : f

|,r

if n:

lo

i fn ) l ,

l

for all arithmetic functions/.

173

6.1 The Euler Phi-function

d)

The arithmetic function g is said to be the inverse of the arithmetic functton : ,. Show that the arithmetic function / has an inverse if .f it f*S : g*-f and only if f 0) I 0. Show that if / has an inverse it is unique. (Hint: When f 0) # 0, find the inverse.f-t of/ by calculating/(n) recursively, using the fact that '(n) - > f U)f-tfuld).) dln

1 5 . Show that if f and g arc multiplicative functions, then the Dirichlet product /*g is also multiplicative.

t6.

Show that the Miibius function defined by

t It l(-t)' p.\n):1 I

lO t

if n - I if z is square-freewith primefactorization n:prpz...ps if n has squarefactor larger than I

is multiplicative. 1 7 . Showthat if n is a positiveintegergreaterthanone,then ) p@) :0. dln

be an arithmetic function. Show that if F is the arithmetic function defined by

1 8 . Let f

F ( n ): > f @ ), ' dln

then

f h):2p@)Fhld). dln

This result is called the Miibius inversion formula.

1 9 . Use the Mobius inversion formula to show that if f is an arithmetic function and F is the arithmetic function defined by

F ( n ): > f @ ), dln

then if F is multiplicative,so is /. 20. Usingthe Mobius inversionformulaand the fact that n - > 0h /il , provethat a) Q(p') : p' -

p'-',wherep is a primeandt is . *rr;:,

integer.

174

MultiplicativeFunctions

b)

d(n ) is multiplicative.

21. Show that the function f (n):ne number k. 22. a)

b)

is completely multiplicative for every real

we define Liouville's function r(n) by I(r) : l and for n ) | \(n) : (-l)4'|+4r+"'+a', if the prime-power factorization of n n: pi'pi' .'. p:'. Show that tr(n) is completelymultiplicative. Show that if n is a positive integer then )

by is

tr(n) equals 0 if z is not a

perfect square,and equals I if n is a perfect square. 23. a)

b)

Show that it f multiplicative.

and g are multiplicative functions then fg

is also

Show that if f and g arc completely multiplicative functions then /g is also completely multiplicative.

24. Show that tf f is completely multiplicative, then f (il : f @r)",.f(pr)o, ' (p^)"' when the prime-power factorization of n is n : pi'pi' . . . p:".. f 25. A function f that satisfiesthe equationf (mn) :7(m) + "f (n ) for all relatively prime positive integers m and n is called additive, and if the above equation holds for all positive integers m and n, f is called completely additive. a)

Show that the function -f (n) : log n is completely additive.

b)

Show that if <^r(n)is the function that denotesthe number of distinct prime factors of n, then <^ris additive, but not completely additive.

c)

Show that if / multiplicative.

is an additive function and if g(n):zfb),

then g is

6.1 Computer Projects Write programsto do the following: l.

Find valuesof the Euler phi-function.

2.

Find the integerr in problem 13.

6.2 The Sum and Number of Divisors We will also study two other arithmetic functions in some detail. One of theseis the sum of the divisorsfunction. Definition. The sum of the divisors function, denoted by o, is defined by settingo(n ) equal to the sum of all the positivedivisorsof n.

175

6 .2 Th e S um and Nu mb e r o f D i v i s o rs

The val ues of o(n) for In Table6. 1 we giv e o h ) fo r 1 ( n < 1 2 Appendix' ( given Table 2 of the in 100 are n < I I

n

oQ) I

2 3 4 5 6 a

J

4 7 6

7

9

8

r0

t2

ll

t2 8 l 5 l 3 1 8 t2 2 8

Table6.1. The Sumof the Divisorsfor I ( n (

12 .

The other function which we will study is the number of divisors. Definition. The number of divisorsfunction, denotedby r, is definedby setting r(n) equal to the number of positivedivisorsof n. In Table6.2 we give ,h) for I ( n ( tZ. The values of ,Q) 1 ( n < 100 are givenin Table 2 of the Appendix. n

I

2

3 4

rh)

I

2

2

5 6

3 2 4

7

8 9

2 4

3

10 ll 4

Table6.2. The Number of Divisorsfor I ( n (

2

for

t2 6

12 '

Note that we can expresso(n) and z(n) in termsof summationnotation. It is simple to seethat

oh):Dd dln

and

,(n):>1. dln

To provethat o and r are multiplicative,we use the following theorem. Theorem 6.7. If / F (n)

is a multiplicative function, then the arithmetic function

dln

Beforewe prove the theorem,we illustrate the idea behind its proof with the following example. Let "f be a multiplicative function, and let

Ffu) dln

176

MultiplicativeFunctions

r(60) : r(4)F(15). Each of the divisors of 60 may be written as the pr oduc tof a d i v i s o ro f 4 a n d a d i v i s o ro f 15 i n the fol l ow i ngw ay: l :1.1, 2 : 2 ' 1 , 3 : 1 . 3 , 4 : 4 . 1 , 5 - 1 . 5 ,6 : 2 . 3 , I 0 : 2 . 5 , 1 2 - 4 . 3 , 1 5 : 1 . 1 5 . 20 :4'5, 30 : 2'15, 60 : 4-15 (in each product, the first factor is the divisor of 4 , and the secondis the divisor of I 5). Hence,

F ( 6 0:) f ( r ) + / o + f $ ) + f ( q ) + f $ ) + f 6 ) + / ( 1 0 )+ f 0 2 ) + f (rs)+/(zo) + f Q0 +/(60) : . f ( r ' 1 )+ f Q . D+ f 0 . 3 )+ f u . D + f 0 . 5 )+ o . 3 ) f + f Q . i l + f ( 4 . , + f ( r . l s ) + f ( 4 . i l + f Q . l 5 )+ f Q . r s ) :f (t)f(l) + f Q)f(r) + f (l)7(:)+ f @)f(r)+ (fDj6) f +f Q)f(r)+ f Ql|(s) + f (Df(g)+ f ol7(rs)+ f @f 6) + f Q)f (rs)+ f Q)f 0s) : ( / ( t ) + f Q ) + 7 Q ) ) ( / ( r l+ f G ) + f $ ) + / ( l s ) ) : F(4)F(rS).

we nowproveTheorem6.7 usingthe ideaillustratedby the example. Proof. To showthat F is a multiplicativefunction,we must show that if m andn are relativelyprimepositiveintegers, thenF (md : F (m)r 0). So let us assumethat (m,n) : l. We have F (mn) :

u) ' 02,^n"f

By Lemma2.5,since(m,n): l , eachdivisorof mn canbe writtenuniquely as the productof relatively primedivisors dlof m andd2of n, andeachpair of divisorsd1 of m and d2 of n corresponds to a divisord - dfi2 of mn. Hence,we canwrite F(mn) :

> f Utd2)

drl^ drln

Since/ is multiplicativeand since(dbd):

l, we seethat

177

6.2 The Sum and Numberof Divisors

F (m n ) :

2 f Q)f @z)

drln drln

2fQ)ZfVz) drl,

drl^

Ffu)Ffu).tr Now that we know o and r are multiplicative, we can derive formulae for their values based on prime factorizations. First, we find formulae for o(r) and rh) when n is the power of a prime. Lemma 6.1. Let p be prime and a a positive integer. Then o ( p o ): ( t + p + p 2 +

Po*'-l p-l

*po) :

and r(po):a*1. po has Proof. The divisors of po are l, p, p' ,...,po-t, po. Consequently, : note we that * l. Also, that a so r(po) div is o rs , a*l e xa ctl y *

o(po):1*p+pz+

pa-t * po :

where we have used #,

Theorem1.1. tr

Example. When we apply L e mma 6 .1 w i th p :5 s4- I o(53):1*5+52+53:

a nd a:

3, w e fi nd that

fi:156andz(53)-l*3:4.

The above lemma and the fact that o and r ate multiplicative lead to the following formulae. Theorem 6.8. Let n:pi'pi2...

the

positive integer

n

have prime

factorization

p:'. Then

l'*'-l o(n):ry p Pz-l Pt-r

pl'*'-l p!'*'-l : i j -r P,-l

P i -l

178

MultiplicativeFunctions

r(n) : (c1+l)(az+D Proof.

Since both o and r

pi) :

o(pi'p3' ' ' ' p:') : ,Qi)

(c,*t) : rI,

G1+D.

are multiplicative, we see that o(n) :

o(pi) and r(n) :

obi)obi)

,ei,pi,

,(p1') ,Qi')

,Qi'). Inserting the values for oe!,) found in Lemma 6.1, we obtain the desiredformulae. D

we illustrate how to use Theorem6.8 with the following example. Example. Using Theorem 6.8, we find that

: r!-,, o(200): o(2352) 2-t

g : 15.31 : 465 5-l

and r(2 o o ) :

" (2 3 5 2 ):

(3 + t ) Q+ D : 12.

Also 32-l . 52-l :31. o ( l z 0 : o ( 2 a . 3 2 . s: ) T - , 1 . 13.6:241g 2-l 3-l 5-l and

r ( 2 4 . 3 2 . i l(:4 + l ) ( z + t ) ( t + t:) 3 o.

6.2 Problems l.

Find the sumof the positiveintegerdivisorsof a) 35

b) te6 c) looo d) 2r0o 2.

2'3'5'7'll 2s345372t1 lo! 201.

Find the number of positive integer divisors of il 36 b) 99 c) r44

3.

e) f) g) h)

d) 2.3.s.7.11.13.17.19 e) 2i2.s3.74.115.134.17s.19s f) 20t.

Which positive integers have an odd number of positive divisors?

and

179

6.2 The Sum and Numberof Divisors

4.

For which positive integers n is the sum of divisors of n odd?

5. Find all positiveintegersn with a(n) equal to

d) 48 e) 52 f) 84

a) 12 b) l8 c) 24 6.

Find the smallestpositiveinteger n with r(n) equal to d)6 dt4 f) 100.

a)l b)2 c) 3

7. Show that if k > | is an integer,then the equationrh) solutions. 8.

g.

: ft has infinitely many

Which positive integers have exactly a)

two positive divisors

b)

three positive divisors

c)

four positive divisors?

What is the product of the positive divisors of a positive integer n ?

10. Let o1,h) denote the sum of the kth powers of the divisors of n, so that o1,h) : 2 dk. Note that o1h) : sfu). dln

a)

Find or(4), or(6) and o{12).

b)

Give a formula for o1(p), wherep is prime'

c)

Give a formula for o1(po), wherep is prime, and a is a positiveinteger.

d)

Show that the function op is multiplicative'

e)

Using parts (c) and (d), find a formula for o;(n), where n has prime-power factorizationn : pi'pi' . . . p:;.

11. Find all positiveintegersn such that d(n) + oQ):2n. 12. Show that no two positive integers have the same product of divisors. 13. Show that the number of pairs of positiveintegerswith least common multiple equal to the positive integer n is r(nz). 14. Let n be a positive integer. Define the sequence of integers fl1,tr2,rt3,...b! n 1 : r ( n ) a n d n 1 . , 1: r ( n * ) f o r f t : 1 , 2 , 3 , . . . . S h o w t h a t t h e r e i s a p o s i t i v e integer r such that 2 : f,r : flr1t : rlr+2: 15. Show that a positiveinteger n is compositeif and only if o(n) > n + ,/i.

180

MultiplicativeFunctions

16. Show that if n is a positiveinteger then r(n)z : )r(d)3 dln

6.2 Computer Projects Write programs to do the following: l.

Find the number of divisorsof a positive integer.

2.

Find the sum of the divisors of a positive integer.

3.

Find the integer r defined in problem 14.

6.3 Perfect Numbersand MersennePrimes Becauseof certain mystical beliefs, the ancient Greeks were interested in those integers that are equal to the sum of all their proper positive divisors. Theseintegersare called perfect numbers. Definition. If n is a positive integer and o(n) : 2n, then n is called a perfect number. E x a m p l e . S i n c eo ( 6 ) : l + 2 + 3 + 6 : 1 2 , w e s e et h a t 6 i s p e r f e c t . w e a l s on o t et h a t o ( 2 8 ) : 1 + 2 + 4 + 7 +14*28:56. sothat28 is another perfect number. The ancient Greeks knew how to find all even perfect numbers. The following theorem tells us which even positive integersare perfect. Theorem 6.9. The positiveinteger n is an even perfect number if and only if n :2m-r(2^-l) where m is a positiveinteger such that 2^-l

is prime.

Proof. First, we show that if n:2m-r(2^-l) where 2^-l is prime, then n is perfect. We note that sincezn-l is odd, we have (2m-r,2m-l) : 1. Since o is a multiplicative function, we seethat o (n ) - o (2 ^ -t)o (2 ^-l )

.

L e m m a 6 . 1 t e l l su s t h a t o ( 2 ^ - r ) : 2 ^ - l and o(2^-l):2^, assumingthat 2m-l is prime. Consequently,

s i n c ew e a r e

181

6.3 PerfectNumbersand MersennePrimes

o(n) : Q^-l)2^

:2n

,

demonstratingthat n is a perfect number. To show that the converseis truen let n be an even perfect number. Write : 1, we n :2'l wheres and t arepositiveintegersand f is odd. Since (2t,t) seefrom Lemma 6.1 that

(6.1)

o(n) : o(2':) : o(2')o(t) : (2'+t-t)o(l)

Since n is perfect, we have o (n ) : 2 n : 2 s + r1

G'D

Combining (6.1) and (6.2) showsthat (2 ' + r-1 )o(i

(6 .3 )

: 2 s + t1

Si n ce( 2s + r , 2s + t - l) : l , fro m L e mma 2 .3 w e s e eth a t 2' + 1 l o(r). Therefore, there is an integerq such that o(t) - 2'+rQ. Inserting this expressionfor o(t) into (6.3) tells us that (2 s + r_ l )2 s * rq- 2 ' * rt , and, therefore, (2'+t-l)q

(6.4)

: 1.

Hence,q I t and q # t. When we replace / by the expressionon the left-hand side of (6.4), we find that (6.5)

t +q:

( 2 s + t - t ) q+ q : 2 ' + r q : o Q ) .

We will show that q : 1. Note that if q * l, then there are at least three distinct positive divisors of t , namely 1, q, and t . This implies that oQ) 2 t + q -| 1, which contradicts(6.5). Hence,4: I and, from (6.4), we concludethat / :2s+l-1. Also, from (6.5), we seethat oQ): t + l, so that t must be prime, since its only positive divisors are I and t. Therefore, n :2 t ( 2r + l- 1) , where2 s + l -1 i s p ri me . tr From Theorem 6.9 we see that to find even perfect numbers, we must find primes of the form 2t-1. In our searchfor primes of this form, we first show that the exponentru must be Prime. Theorem 6.10. If la is a positiveinteger and2^-l

is prime, then m must be

182

MultiplicativeFunctions

pnme. Proof. Assume that m is not prime, so that m : ab where | 1 a 1 m and, | < b 1m. Then 2m-l

: 2ab-, - (Zo-l) 12a(b-D a2a(b-Dq...q1o+l) .

Since both factors on the right side of the equationare greater than I, we see that 2m-l is compositeif m is not prime. Therefore,if 2^-l is prime, then nr must also be prime. tr From Theorem6.10 we seethat to searchfor primes of the form 2^-1, we need to consideronly integersm that are prime. Integers of the form 2m-l have been studied in great depth; these integers are named after a French monk of the seventeenth century, Mersenne,who studiedtheseintegers. Definition. If m is a positiveinteger, then M^:2^-I is called the mth Mersennenumber, and, if p is prime and Mp:2p-l is also prime, then M, is called a Mersenneprime. Example. The Mersennenumber M7:27-I is prime, whereasthe Mersenne :2 0 4 7 : 2 3 .8 9i s c o m posi te. num berM n: 2rr-I It is possibleto prove various theoremsthat help decide whether Mersenne numbers are prime. One such theorem will now be given. Related results are found in the problemsof Chapter 9. Theorem 6.11. rf p is an odd prime, then any divisor of the Mersenne number Mp :2p-l is of the form 2kp + I where k is a positiveinteger. - 2p - I. From Fermat's little Proof. Let q be a prime -dividing Mp theorem,we know thatql(ze-t-t). Also, from Lemma 1.2 we know that ll\ (6.6) (T -t, 2c-t-t) : 2$t-D - f. Since q is a common divisor of zp-l and zc-t-L we know that > l . H e n c e , (p ,q -l ): Q p- t , 24- t - l) p , si ncethe onl y other possi bi l i ty, namely (p,q-l) : I, would imply from (6.6) that (Zp-t,2Q-t-l) : l. Hence p | (q-t), and, therefore, there is a positive integer m with q - | : mp. Since q is odd we see that m must be even, so that m : Zk. w h e r e k i s a p o s i t i v e i n t e g e rH . e n c eq , :mp * I - 2kp+1 . tr We can use Theorem6.1I to help decide whether Mersenne numbers are prime. We illustrate this with the following examples.

183

6.3 PerfectNumbersand MersennePrimes

8191 is prime, we only needlook Example. To decidewhetherMB:2r3-l: : 90.504.... Furthermore, from for a prime factor not exceeding lml Theorem6.11, any such prime divisor must be of the form 26k + L The only candidatesfor primesdividinB Mnless than or equal to1fTp are 53 and79. Trial divisioneasilyrules out thesecases,so that M s is prime. i s pri me,w e onl y need Exa m ple. T o dec idew h e th e rM z t:2 2 3 -r:8 3 8 8 6 0 7 prime less than or equal to by a is divisible whether M to determine zt prime this form is 47. of + first l. The form 46k the of 2896.309... ffi: A trial divisionshowsthat 8388607:47'178481, so that M4is composite. Becausethere are specialprimality tests for Mersennenumbers,it has been possibleto determine whether extremely large Mersennenumbers are prime. Following is one such primality test. This test has been used to find the largest known Mersenne primes, which are the largest known primes. The proof of this test may be found in Lenstra [7t] and Sierpifiski[351. The Lucas-LehmerTest. Let p be a prime and let Mo : 2! -l denote the pth Mersennenumber. Define a sequenceof integersrecursivelyby setting tr:4, andfork>2, r * ? rtq -2

(m o d M),

0 ( rr I Mo .

Then, M, is prime if and only if rp-1 - 0 (mod M)

.

We use an exampleto illustrate an applicationof the Lucas-Lehmertest. 4, Exa mple. c ons idert h e Me rs e n n en u m b e rM5 :2 5 - I - 3l ' Then r,: 2 ( m o d 3 1 ) , ( m o d 3 l ) , r + 2 a n d rt4 8 A2 rzz42-2:14 ( m o d3 1 ) . S i n c e r t t 0 ( m o d 3 1 ) , w e c o n c l u d et h a t M 5 : 3 1 i s 8 2- 2 : 0 prime. The Lucas-Lehmer test can be performed quite rapidly as the following corollary states. Corollary 6.1. Let p be prime and let Mp : 2p - | denotethe pth Mersenne number. It is possibleto determine whether Mo is prime using OQ3) bit operations. Proof. To determine whether Mp is prime using the Lucas-Lehmer test O(p2) requiresp - | squaringsmodulo iV* each requiring O((log M)2): bit operations. Hence, the Lucas-Lehmer test requires O Q3) bit operations.tr

184

Multiplicative Functions

Much activity has been directed toward the discoveryof Mersenneprimes, especiallysince each new Mersenne prime discoveredhas become the largest prime known, and for each ngw Mersenne prime, there is a new perfect number. At the presenttime, a total of 29 Mersenneprimes are known and these include all Mersenne primes Me with p ( 62981 and with 75000 < p < 100000. The known Mersenneprimes are listed in Table 6.3.

p

Number of decimal digits in M o

2 3 5 2 7 2 l3 6 + I1 2 t9 1'2 3 l 9a 'zz 68 9l ig 107 zf) q + t27 )q 52r 8 t ) 607 I (, 72 r279 ? 2^ lh 2203 -7s 2281 3 b 32r7 4253 4423 9689 Lbb 5z 994r I 1213 r9937 2r701 23209 44497 86243 r32049 I

I

L

9l Table 6.

I I 2 3 4 6 6 10 19 27 33 39 157 183 386 664 687 969 1281 t332 29r7 2993 3376 6002 6533 6987 I 3395 25962 3975I 5050

Date of Discovery

anclenttrmes ancienttimes ancienttimes ancienttimes Mid 15thcentury 1603 1603 1772 18 8 3 l91l l9l4 t876 t952 t952 1952 1956 1952 t957 1961 1961 I 963 I 963 1963 t97| I 978 r979 1979 1983 I983

f9t re Known Mersenne Primes.

6.3 PerfectNumbersand MersennePrimes

185

Computers were used to find the 17 largest Mersenne primes known. The discovery by high school students of the 25th and 26th Mersenne prime received much publicity, including coverageon the nightly news of a major television network. An interesting account of the search for the 27th Mersenne prime and related historical and computational information may be found in [77]. A report of the discoveryof the 28th Mersenne prime is given in [64]. It has been conjectured but has not been proved, that there are infinitely many Mersenneprimes. We have reduced the study of even perfect numbers to the study of Mersenne primes. We may ask whether there are odd perfect numbers. The answer is still unknown. It is possibleto demonstratethat if they exist, odd perfect numbers must have certain properties (see problems 1l-14, for example). Furthermore, it is known that there are no odd perfect numbers less than 10200,and it has been shown that any odd perfect number must have at least eight different prime factors. A discussionof odd perfect numbers may be found in Guy [17], and information concerningrecent results about odd perfect numbersis given by Hagis [681.

6.3 Problems l.

Find the six smallesteven perfect numbers.

2 . Show that if n is a positive integer greater than l, then the Mersenne number Mn cannot be the power of a positive integer.

3 . If n is a positive integer, then we say that n is deficient if ofu) 1 2n , and we say that n is abundant if oh) or abundant.

4.

) 2n. Every integer is either deficient, perfect,

a)

Find the six smallestabundant positive integers.

b)

Find the smallestodd abundant positive integer.

c)

Show that every prime power is deficient.

d)

Show that any divisor of a deficient or perfect number is deficient.

e)

Show that any multiple of an abundant or perfect number is abundant.

f)

Show that if n -2m-t(2^-l) , where ra is a positive integer such that 2 -l is composite, then n is abundant.

if Two positive integers m and n are called an amicable pair o(m\ : o(n) : m * n. Show that each of the following pairs of integers are amicable pairs

186

MultiplicativeFunctions

a) 220,294 b) 1 1 8 4l ,2 1 0 c) 7975A,98730. 5. a) Showthat if n is a positiveintegerwith n ) 2, suchthat3.2n-t-1,3.2n-1, and32'22n-r-1 are all prime,then2n(3'2'-t-DQ.2'-l) and2n(32.22n't-l) form an amicablepair. b)

Find three amicablepairs using part (a).

6 . An integer n is called k-perfect if o(il: 2-perfect.

kn. Note that a perfect number is

a)

Show that 120 : 23.3.5is 3-perfect.

b)

Show that 30240 : 2s32.5., is 4-perfect.

c)

- 27.34.5.7.n2.17.19 Show that 14182439040 is 5-perfect.

d)

Find all 3-perfectnumbersof the form n -2k.3.p, prime.

e)

Show that if n is 3-perfectand 3 I n, then 3n is 4-perfect.

7 . A positiveinteger n is called superperfectif oGh))

where p is an odd

: Zn.

a)

Show that 16 is superperfect.

b)

Show that if n : 2e where 2q+t-l is prime, then n is superperfect.

c)

Show that every even superperfect number is of the form n : 2q where zq+t-l is prime.

d)

Show that if n : p2 wherep is an odd prime,'then n is not superperfect.

8 . Use Theorem6.ll to determine whether the following Mersenne numbers are pnme a) M7

b) Mn 9'

c) Mn d) Mzs.

Use the Lucas-Lehmer test to determine whether the following Mersenne numbersare prime a) M3 b) M7.

10. a)

b)

c) Mn d Mn.

Show that if n is a positive integer and 2n i L is prime, then either (Hint: Use Fermat's little theorem to Qn+l) | M^ or Qn+D | (a,+D. showthat Mn(Mn+z) = O (mod 2z+l).) Use part (a) to show that Ms and My are composite.

187

6.3 Perfect Numbers and Mersenne Primes

11.

t2.

a)

Show that if n is an odd perfect number, then n : po m2 wherep is an odd I (mod4). p r i m e a n d p7 a z

b)

Use part (a) to show that if n=l(mod4).

n

is an odd perfect number, then

Show that if n - po m2 is an odd perfect number where p is prime, then n=p(mod8). that if n is an odd perfect number, then 3, 5, and 7 are not all divisors of

13. :**

1 4 . Show that if n is an odd perfect number then n has a)

at least three different prime divisors.

b)

at least four different prime divisors.

1 5 . Find all positive integers n such that the product of all divisors of n other than n is exactly n 2. (These integers are multiplicative analoguesof perfect numbers.) recursively by 1 6 . Let n be a positive integer. Define the sequenca fl1,tt2,rt3,..., n 1 : o ( n ) - n a n df l k + r : o Q )

- np fot k - 1,2,3,... tt3 :

a)

Show that if n is perfect,then n : nt : fi2:

b)

Show that if n and m are an amicablepair, then n1 : ftt, ttz- tt, tt3: t/t, is periodicwith period 2. n4: n,... and so on, f.e.,the sequencefl1,tt2,t13,...

c)

of integersgeneratedif n :12496:24'll'71. Find the sequence

It has been conjecturedthat for all is pefiodic. n 1,n2,n3,...

n, the sequence of integers

6.3 ComputerProjects Write programsto do the following: l.

Classifypositiveintegersaccordingto whether they are deficient, perfect, or abundant(seeproblem3).

2. Use Theorem6.ll to look for factorsof Mersennenumbers. 3. Determine whether Mersenne numbers are prime using the Lucas-Lehmer test. 4. Given a positive integer n, determine if the sequencedefined in problem 16 peric.ic. 5. Find amicablepairs.

Cryptology

7.1 CharacterCiphers From ancient times to the present, secret messages have been sent. Classically, the need for secret communication has occurred in diplomacy and in military affairs. Now, with electronic communication coming into widespread use, secrecy has become an important issue. Just recently, with the advent of electronic banking, secrecy has become necessary even for financial transactions. Hence, there is a great deal of interest in the techniquesof making messagesunintelligible to everyoneexcept the intended receiver. Before discussing specific secrecy systems, we present some terminology. The discipline devoted to secrecy systems is called cryptology. Cryptography is the part of cryptology that deals with the design and implementation of secrecy systems, while cryptanalysis is aimed at breaking these systems. A messagethat is to be altered into a secret form is called plaintext. A cipher is a method for altering a plaintext message into ciphertext by changing the letters of the plaintext using a transformation. The key determines the particular transformation from a set of possibletransformations that is to be used. The processof changing plaintext into ciphertext is called encryption or enciphering, while the reverse process of changing the ciphertext back to the plaintext by the intended receiver, possessingknowledge of the method for doing this, is called decryption or deciphering. This, of course, is different from the process someone other than the intended receiver uses to make the messageintelligible through cryptanalysis.

188

189

7.1 Character Ciphers

In this chapter, we present secrecy systems based on modular arithmetic. The first of these had its origin with Julius Caesar. The newest secrecy system we will discusswas invented in the late 1970's. In all thesesystemswe start by translating letters into numbers. We take as our standard alphabet the letters of English and translate them into the integers from 0 to 25, as sh o w nin T able 7. 1.

letter

A B C D E F G H I J K L M N

numerical 0 I equivalent

o

P

a

R S T

I I

V

w

X Y Z

2 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

Table7.1. The NumericalEquivalents of Letters. Of course, if we were sending messagesin Russian, Greek, Hebrew or any other languagewe would use the appropriate alphabet range of integers. Also, we may want to include punctuation marks, a symbol to indicate blanks, and perhaps the digits for representingnumbers as part of the message. However, for the sake of simplicity, we restrict ourselvesto the letters of the English alphabet. First, we discuss secrecy systems based on transforming each letter of the plaintext message into a different letter to produce the ciphertext. Such ciphers are called character or monographic ciphers, since each letter is changed individually to another letter by a substitution. Altogether, there are 26! possibleways to produce a monographic transformation. We will discuss a set that is basedon modular arithmetic. A cipher, that was used by Julius Caesar, is based on the substitution in which each letter is replaced by the letter three further down the alphabet, with the last three letters shifted to the first three letters of the alphabet. To describe this cipher using modular arithmetic, let P be the numerical equivalent of a letter in the plaintext and C the numerical equivalent of the correspondingciphertext letter. Then

C:P+3(mod26), 0
190

Cryptology

plaintext

A B 0 I

c 2

D E F G H 3 4 5 6

I J K L M N o P R S T U V w X Y Z 8 9 l 0 l l t 2 l 3 l 4 l 5 l 6 t 7 l 8 t 9 20 21 22 23 24 25

a

3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 1 8 l 9 20 2 l 22 23 24 25 0 I 2 ciphertextD E F G H I J K L M N o P R S T U V w X Y z A B c

a

Table 7.2. The Correspondence of Letters for the CaesarCipher. To encipher a messageusing this transformation, we first change it to its numerical equivalent, grouping letters in blocks of five. Then we transform each number. The grouping of letters into blocks helps to prevent successful cryptanalysis based on recognizing particular words. We illustrate this procedure by enciphering the message THIS MESSAGE IS TOP SECRET. Broken into groups of five letters, the messageis THISM ESSAG EISTO PSECR ET. Converting the letters into their numerical equivalents,we obtain 19 7 15 l8

81812 4 3 17

4 4

l8 19.

Using the Caesar transformation Q

22 l0 18 2t

11 2t 15 721 7 620722

-

4

1806

8181914

P*3 (mod 26), this becomes 2t

3

9

7

11 21 22

17

Translating back to letters, we have WKLVP

HVVDJ

HLVWR

SVHGU

HW.

This is the messagewe send. The receiver deciphers it in the following manner. First, the letters are converted to numbers. Then, the relationship P = C-3 (mod 26), 0 < P ( 25, is used to change the ciphertext back to the numerical version of the plaintext, and finally the messageis convertedto letters. We illustrate the deciphering procedure with encipheredby the Ceasar cipher:

the following message

191

7.1 CharacterCiPhers

VKP.ZZ HGHFL

WKLVL

SKHU.

First, we change these letters into their numerical equivalents,to obtain 22|0ll2ll121l0|725257675||1810720. : Next, we perform the transformation P plaintext, and we obtain 1978188

187142222

C-3 (mod 20 to change this to

43428

157417.

We translate this back to letters and recoverthe plaintext message THISI

SHOWW

EDECI PHER.

By combining the appropriate letters into words, we find that the message reads THIS IS HOW WE DECIPHER. The Caesar cipher is one of a family of similar ciphers described by u shft transformation

C:P+k

(mod26),0
where k is the key representingthe size of the shift of letters in the alphabet. There are 26 different transformations of this type, including the case of k = 0 (mod 26), where letters are not altered, since in this case P (mod 26). C More generally, we will considertransformationsof the type (z.t)

C-aP*b

(mod26), 0
These are called a and b are integers with (a,26) : l. with ffine transformations. Shift transformations are affine transformations complete a through a:1. We require that G,26): 1, so that as P runs system of residuesmodulo 26, C also does. There are O(2O : 12 choices for a, and 26 choices for b, giving a total of 12'26:312 transformations of this type (one of these is C = P (mod 26) obtained when a:l and D-0). If the rliationship between plaintext and ciphertext is described by (7.1), then the inverse relationship is given bY

where

192

Cryptology

P = arc-b) (mod26), 0 < P < 25. where a is an inverseof a (modZO. As an example of such a cipher, let a:7 and b:r}, so that c = 7P + l0 ( mo d 2 6 ). H e n c e , p = l 5 (c -1 0) = l 5c+ 6 (mod 26). si nce 15 is an inverse of 7 modulo 26. The correspondencebetween letters is given in Table 7.3.

A B C D E F G H I

J

K L M N

o

P

a

R S T U V

w

X Y Z

plaintext

0

r0

2 3 4 5 6

I

8 9 l 0 l l t 2 l 3 1 4 1 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

t 7 24 5 t2 l 9 0 7 T4 2 l 2 9 l 6 23 4 l l l 8 25 6 l 3 20

8 l 5 22 3

ciphertext

K R Y F M T A H

o

V

c

J

a

X E L

S

z

G N

v

B

I

P

w

D

Tabfe7.3. TheCorrespondence of Lettersfor theCipherwith C = 7p+10 (mod 26). To illustratehow we obtainedthis correspondence, note that the plaintext letter L with numericalequivalent1l corresponds to the ciphertextletter J, since7'll + l0:87 = 9 (mod 26) and9 is the numericalequivalent of J. To illustrate how to encipher,note that PLEASE SEND MONEY is transformedto LJMKG MGXFQ EXMW. Also notethat the ciphertext FEXEN XMBMK JNHMG MYZMN corresponds to the plaintext DONOT REVEA LTHES ECRET. or combiningthe appropriateletters

193

7.1 GharacterCiPhers

DO NOT REVEAL THE SECRET. of We now discusssome of the techniquesdirected at the cryptanalysis to break a ciphers based on affine transformations. In attempting is compared monographiccipher, the frequencyof letters in the ciphertext gives information This text. i; ordinary letters with the frequency of countsof frequency various In letters. between concerningthe .orr"rpondence listed in Table 7.4 fot the occurrenceof Englishtext, one findi the percentages languages tne Ze lettersof the alphabet. Countsof letter frequenciesin other and [52]. may be foundin [48]

letter

A B

frequency 7 I (in Vo)

c

D E F G H I

J

K L M N

3 4 l3 3 2 3 8
a

o

P

'l

3
R S T U V

w I

X Y

z

z


<1

Table 7.4. The Frequencies of Occurrence of the Letters of the Alphabet.

are From this information, we see that the most frequentlyoccurring letters determine to information E,T,N,O, and A, in that order. We can use this which cipher basedon an affine transformationhas been used to enciphera message. First, supposethat we know in advance that a shift cipher has been letter- of the messagehas been employed io encipher a message;each - P+k (mod 26),0 < C < 25. To C correspondence ; by transformed ciPhertext yze the cryptanal YFXMP NTAS P

CESPZ CTYRX

C J TDF PDDLR

DPQFW PD ,

QZCPY

of eachletter in the ciphertext. This we first count the numberof occurrences ?.5. is displayedin Table

194

Cryptology

letter

A B C D E F G H I J K L M N

number of I 0 4 5 I 3 0 0 0 occurrences

0

o

P

0

I

aR

S T

2 2

a J

U V w X Y Z 0 0 I

I

3 2

Table7.5. The Numberof Occurrences of Lettersin a Ciphertext. We notice that the most frequently occurring letter in the ciphertext p is with the letters c,D,F,T, and y occurring with relatively high frequency. our initial guess would be that P represents E, since E is the -ort frequently o cc ur r ing let t er i n E n g l i s h te x t. If th i s i s s o , then 15:4fk (mod i 6), s; that ft = I I (mod 26) Consequently,we would have C = p+11 (mod 26) and P : c-l1 (mod 26). This correspondence is given in Table 7.6.

A

B C D E F G H

0

I

I

J

K L M N

o

P

a

R S T U V

w

X Y Z

ciphertext

2 3 4

)

6

7 8 9 l 0 l l l 2 l 3 t 4 l 5 l 6 1 1 l 8 t 9 20 21 22 23 24 25

l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 0

I

2 3 4

5 6

I

8

9

l 0 il

J

K L M N

t2 l 3 t 4

plaintext P

a

R S T U V

w

Z Y

z

A

B C D E F G H

Table 7.6. correspondenceof Letters for the Sample ciphertext. Using this correspondence, we attempt to decipher the message. we obtain

NUMBE RTHEO RYI SU SEFUL CIPHE RINGM ESSAG ES.

FOREN

This can easily be read as NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES. Consequently,we made the correct guess. If we had tried this transformation, and instead of the plaintext, it had produced garbled text, we would have tried another likely transformation based on the frequency count of letters in the ciphertext.

o

195

7.1 CharaeterCiPhers

the form Now, supposewe know that an affine transformationof For enciphering' for C : a p+i (mod 26), 0 < C < 25, has been used message we wish to cryptanalyzethe enciphered instance,suppose USLEL ELYUS QL LQL RYZDG FALGU SLJFE

JUTCC LRYXD YXS RV HRGUS PT G V T OLPU.

YRTPS JURTU L BRYZ L J LLM JULYU

URKLT ULVCU CYREK LYPD J SLDAL

YGGFV URJRK LVEXB LJTJU TJRWU

The first thing to do is to count the occurrencesof each letter; this count is in Table7.7 displayed

letter

A B

c

D E F G H I J K L M N

number of 2 2 4 4 5 3 6 occurrences

0 l 0 3 22 I

o

P

a

R S T U

0 I 4 2 t2 5 8 l6

vw J

I

X Y

z

3 l0 2

Table 7.7. The Number of Occurrencesof Letters in a Ciphertext. With this information, we guessthat the letter L, which is the most frequently occurring letter in the ciphertext, corresponds to E, while the letter U, which occurs with the second highest frequency, correspondsto T. This implies, if -aP*b (mod 26), the pair of the transformation is of the form C congruences -11 (mod 26) 4a*b l9a+b : 20 (mod 26). By Theorem 3.8, we see that the solution of this system is a E 11 (mod 26) and b : 19 (mod 26). If this is the correct enciphering transformation, then using the fact that 19 is an inverse of I I modulo 26, the deciphering transformation is p - - _19 ( C- 19 ) : t9 C -3 6 1 = 1 9 C + 3 (mod 26), 0 < P < 25. This gives the correspondencefound in Table 7.8.

196

Cryptology

A B C D E F G H I

J

K L M N

o

P

a

R S T U V

w

X Y

z

ciphertext

0 I

2 3 4 5 6 ,7 8 9 l 0 l l

3 22 l 5 8 I 20 l 3 6 25 l 9 l l

t2 l 3 t 4 l 5 l 6 t 7

4 23 t6 9

r8 l9

2 2 l r4

20 21 22 23 24 25

0 t 9 t2 5 24 t 1 t 0

plaintext D

w

P

I B

U

N G

z

S

L

a

E X

J

C V

o

H

A T M P Y R K

Table 7.8. The correspondence of Letters for the Sample ciphertext.

With this correspondence, we try to read the ciphertext. The ciphertext becomes THEBE BERTH VE EVE ORKIN UDENT HESUB

STAPP EORYI RYHOM GONTH CANMA JECT.

ROACH STOAT EWORK ESEEX STERT

TOL EA TEMPT P R O BL ERCIS HEIDE

RNNUM TOSOL EMBYW ESAST ASOFT

We leave it to the reader to combine the appropriate letters into words to see that the messageis intelligible.

7.1 Problems 1 . using the caesar cipher, encipher the messageATTACK AT DAWN. 2 . Decipher the ciphertext message LFDpH LVDZL FRerx HUHG been enciphered using the Caesar cipher.

3 . Encipher the message SURRENDER transformationC = llp+18

(mod 26).

4 . Decipher the message RToLK

TOIK, transformation C = 3p+24 (mod 26).

IMMEDIATELY

that has

using the affine

which was enciphered using the affine

5 . If the most common letter in a long ciphertext, enciphered by a shift transformation C = P+k k1

(mod 26) is Q, then what is the most likely value of

197

7.1 CharacterCiPhers

6 . If the two most common letters in a long ciphertext, enciphered by an affine transformation C = aP*b (mod 26) are W and B, respectively, then what are the most likely values for a and b?

7 . Given two ciphers, plaintext may be enciphered by using one of the ciphers, and by then using the other cipher. This procedure produces a product cipher ' : 5P +13 a) Find the product cipher obtained by using the transformation C (mod = 26). l7P+3 (mod 26) followed by the transformation c b)

: aP+b Find the product cipher obtained by using the transformation C (mod 26), where (mod 26) followed by the transformation C = cP*d Q,26):(c,26)*1.

Vignbre cipher operates in the following way. A sequence of letters Qr!r,...,0r, with numerical equivalents k1,k2,...,kn, servesas the key. Plaintext messages are split into blocks of length n. To encipher a plaintext block of letters with numerical equivalents PbPz,..., P, to obtain a ciphertext block of letters with numerical equivalentscr,cz,...,cn, we use a sequenceof shift ciphers

8. A

with ci 7 pi * k; (mod 26), 0 ( ci (

25,

for i : 1,2,...,n. In this problem, we use the word SECRET a Vigndre cipher. a)

as the key for

Using this Vigndre cipher, encipher the message

DO NOT OPEN THIS ENVELOPE. b)

Decipher the following message which was enciphered using this Vigndre cipher: WBRCSL AZGJMG

c)

KMFV.

Describe how cryptanalysis of ciphertext, which was enciphered using a Vigndre cipher, can be carried out.

7.1 Computer Projects Write programs to do the following: l.

Encipher messagesusing the Caesar cipher.

2.

Encipher messagesusing the transformation C : P+k (mod 26), where k is a given integer.

3.

Encipher messagesusing the transformation C = aP+6 (mod 26), where a and b are integers with (a ,26) : I.

198

Cryptotogy

Decipher messagesthat have been encipheredusing the caesar cipher. Decipher messagesthat have been enciphered using the transformation C = P+k (mod 26), where ft is a given integer. Decipher messagesthat have been enciphered using the transformation c = aP+6 (mod 26), where a and b are integers with (a,26) : r. Cryptanalyze, using frequency counts, ciphertext that was enciphered using a transformation of the form c = p+k (mod26) where k is an unknown integer. cryptanalyze, using frequency counts, ciphertext that was enciphered using a transformation of the form c = ap*D (mod26) where a and b are unknown integers with (a,26) - l. Encipher messagesusing vigndre ciphers (see problem g). Decipher messagesthat have been encipheredusing vigndre ciphers.

7.2 Block Ciphers We have seen that monographic ciphers basedon substitution are vulnerable to cryptanalysis based on the frequency of occurrence of letters in the ciphertext. To avoid this weakness, cipher systems were developed that substitute for each block of plaintext letters of a specified length, a block of ciphertext letters of the same length. Ciphers of this sort are called block or polygraphic ciphers. In this section, we will discuss some polygraphic ciphers basedon modular arithmetic; these werOdevelopedby Hill [87] around 1930. First, we consider digraphic ciphers; in these ciphers each block of two letters of plaintext is replaced by a block of two letters of ciphertext. We illustrate this processwith an example. The first step is to split the message into blocks of two letters (adding a dummy letter, say X, at the end of the message,if necessary,so that the final block has two letters). For instance,the message

THE GOLD IS BURIED IN ORONO is split up as

199

7.2 Block Giphers

(as Next, these letters are translated into their numerical equivalents previouslydone) to obtain 19 7 13 14

14 11 13 14.

4 6 17 14

38

l8r

20t7

84

38

Each block of two plaintext numbers P,Pz is converted into a block of two ciphertextnumbers C 1C2: C r = 5 Pr + l T P z (mo d 2 6 ) C z = 4 P t + l S P z ( m o d2 6 ) . For instance,the first block l9 7 is convertedto.6 25, because Cr = 5'19+ l7'7 : 6 (mod26) C z = 4 ' 1 9 + 1 5 ' 7 : 2 5 ( m o d2 6 ) . After performing this operation on the entire message,the following ciphertext is obtained: 625 t82 23 13 21 2 3 9 2523 4 r42r 217 2 1l l8 l7 2. When these blocks are translated into letters, we have the ciphertext message GZ SC XN

VC DJ ZX

EO VC RC LS RC.

The deciphering procedure for this cipher system is obtained by using Theorem 3.8. To find the plaintext block Pfz correspondingto the ciphertext block CrCz, we use the relationship P r = l T C t t 5 C z (m o d 26) P z = l 8 C r * 2 3 C z (m o d 26). The digraphic cipher system we have presented here is conveniently describedusing matrices. For this cipher system,we have 'r / / )r )

l c , l l s 1 7 l l Pl, I l=t tl l(mod26). lc,) L4 tsj lP,j In 5'l

From Proposition 3.7, we see that the matrix |

6 r7'| | | modulo 26. l+ lsJ

| is an inverse of

lts n)

Hence, Proposition 3.6 tells us that deciphering can be

done using the relationship

200

Cryptology

= [;;]

(mod 26).

[:

;]

[:;]

ln general, a Hill cipher system may be obtained by splitting plaintext into blocks of n letters, translating the letters into their numerical equivalents,and forming ciphertext using the relationship

Q

-

AP (mod20. C1

P1

C2

P2

where A is an nxn matrix with (det A,26) : I, C :

and P:

cn

Pn

and where C1C2...C, is the ciphertext block that correspondsto the plaintext block P1P2...Pn Finally, the ciphertext numbers are translated back to letters. For deciphering, we use the matrix A, an inverse of A modulo 26, which may be obtained using Proposition 3.8. Since AA : / (mod 26), we have

Zc = Z<,qn = (2,4p -p

(mod26).

Hence, to obtain plaintext from ciphertext, we use the relationship P :

ZC

(JrrlOd2f.).

We illustratethis procedureusin g n : 3

and the encipheringmatrix l9

A:

["2

ls

2 3 25

lro 7

I

Since det A = 5 (mod 26), we have (det A,26) : l. To encipher a plaintext block of length three, we use the relationship

201

7.2 Block CiPhers

[c' ) Ittt

["'l

26). lcrl = e lP'l (mod

[',1 [",J

To encipher the message STOP PAYMENT, we first split the message into blocks of tht"" letters, adding a final dummy letter X to fill out the last block. We have plaintext blocks

STO PPA YME NTX. We translatetheselettersinto their numericalequivalents 181914 15150

24124

131923.

We obtain the first block of ciphertextin the followingway:

z 'nl ["] [ '] [" [.'l tllll.ll.l

n rtl |tnl-ltnl (mod26).

1.,l:ls Itlllll^l

[.,j

[ro 7 t J |.toj U3,;

Encipheringthe entire plaintext messagein the same manner,we obtain the ciphertextmessage 81913

13415

0222

20110.

into letters,we haveour ciphertextmessage Translatingthis message TTN NEP ACW ULA. The deciphering process for this polygraphic cipher system takes a ciphertext block and obtains a plaintext block using the transformation

f"'l [.'l tt_tl

= 7 lrrl (mod 26) lprl rrll

L",J lt'j

where

202

Cryptology

6 -5

Z:

is an inverse of I

-l

ll -10

modulo 26, which may be obtained using proposition 3.g.

Becausepolygraphic ciphers operate with blocks, rather than with individual letters, they are not vulnerable to cryptanalysis based on letter frequency. However, polygraphic ciphers operating with blocks of sizen are vulnerable to cryptanalysis based on frequencies of blocks of size n. For instance, with a digraphic cipher system, there are 262: 676 digraphs, blocks of length two. Studies have been done to compile the relative fiequencies of digraphs in typical English text. By comparing the frequenciis of digraphs in the ciphertext with the average frequencies of digraphs, it is ofGn possible to successfullyattack digraphic ciphers. For example, according to some counts, the most common digraph in English is TH, followed closely by HE. If a Hill digraphic cipher system has been employed and the most common digraph is KX, followed by YZ, we may guess that the ciphertext digraphs KX and vZ correspond to TH and HE, respectively. This would mean that the blocks 19 7 andT 4 are sent to 1023 and21 25, respectively. If A is the enciphering matrix, this implies that

?l_

: t ,lrn a Iz 4)

is an inverse "t [?

l0

2l

23 25

l)

(mod 26).

(mod 26) , wefindthat

r7') : lzt (mod 26)' ltt 2) whichrgives possiblekey. After attemptingto decipherthe ciphertextusing

A-

12e to transform the ciphertext, we would know if our guesswas [s 23

correct.

In general, if we know n correspondencesbetween plaintext blocks of size n and ciphertext blocks of size n, for instance if we know that the ciphertext blocks C1iC2i...Cni,j : 1,2,...,n, correspond to the plaintext blocks P r y P 2 i . . . P n ji , : 1 , 2 , . . . , nrespectively, , then we have

7.2 Bl oc k Cipher s

fo r 7 - 1, 2 , . . . ,f l.

,[:]il

(mod26),

These n congruencescan be succinctly expressedusing the matrix congruence AP=C

(mod26),

where P and C arc nxn matrices with ryth entries Pl; and Cii, respectively. l, then we can find the enciphering matrix A via If (det p,26): A = CF

(mod 26),

where P is an inverseof P modulo 26. Cryptanalysis using frequenciesof polygraphs is only worthwhile for small valuesof n, where n is the size of the polygraphs. When n:10, for example, there are 26t0, which is approximately l.4x10la, polygraphs of this length. Any analysis of the relative frequencies of these polygraphs is extremely infeasible.

7.2 Problems l.

Using the digraphic cipher that sends the plaintext block Pf2to block CrCz with

the ciphertext

Cr = 3Pt + I0P2 (mod 26) Cz = 9Pt + 7P2 (mod 26), encipher the messageBEWARE OF THE MESSENGER. 2.

Decipher the ciphertext message UW DM NK QB EK, which was enciphered into the using the digraphic cipher which sends the plaintext block Pfz ciphertext block CrCz with Cr = 23Pt + 3Pz (mod 26) Cz = IOP | + 25P2 (mod 26).

3.

A cryptanalyst has determined that the two most common digraphs in a ciphertext messageare RH and NI and guessesthat these ciphertext digraphs correspond to the two most common diagraphs in English text, TH and HE. If

204

Cryptotogy

the plaintext was encipheredusing a Hill digraphic cipher describedby Cr = aP1* bP2 (mod 26) Cz = cP1 * dP2 (mod 26). what are a,b,c, and,d2

4. How many pairs of letters remain unchanged when encryption performed is using the following digraphic ciphers il

Cr E 4pt + 5p2 (mod 26) Cz = 3Pt + P2 (mod 26)

b)

Cr = lpt + I7p2 (mod26) Cz = Pt + 6Pz (mod 26)

c)

Cr = 3Pt + 5Pz (mod26) Cz = 6Pt + 3P2 (mod26)?

5. Show that if the^enciphering matrix A in the Hill cipher systemis involutory modulo 26, i.e, 42 = 1 (mod 26), then A alsoservesas a decipheringmatrix for this cipher system. 6.

A cryptanalysthas determinedthat the three most commontrigraphs (blocksof length three) in a ciphertextare, LME, wRI and zyC and gu"rr", that these ciphertext trigraphs correspondto the three most commontrigraphs in English text, THE, AND, and THA. If the plaintext was encipheredusing a Hill trigraphic cipher describedby C = AP (mod 26), what are the entries of the 3x3 encipheringmatrixA?

7 . Find the product cip^her.obtained by using the digraphic Hill cipher with encipherinsmatrix followedby using the digraphicHill cipher with .[f lij encipherins."tri* [r5, \) 8 . Show that the productcipher obtainedfrom two digraphicHill ciphersis again a digraphicHill cipher. 9 . Show that the product cipher obtainedby encipheringfirst using a Hill cipher with blocksof size m and then using a Hill cipher with blocksof sizen is again a Hill cipherusingblocksof sizelm,nl. 1 0 . Find the 6x6 encipheringmatrix corresponding to the productcipher obtainedby first usingthe Hill cipherwith encipheringmatrix rotto*"d by usingthe t} | J,

Hillcipher withenciphering.",r,* fl A ?l [0 I

lJ

1 1 . A transposition cipher is a cipher where blocks of a specified size are enciphered by permuting their characters in a specified manner. For instance, plaintext blocks of length five, P1P2P3PaP5, may be sent to ciphertext blocks c1c2c3cac5: P4PIPIPP3. Show that every such transposition cipher is a

205

7.3 ExPonentiationCiphers

Hill cipher with an enciphering matrix that contains only 0's and I's as entries with the property that each row and each column contains exactly one 1. 7.2 Computer Proiects Write programs to do the following: l.

Encipher messagesusing a Hill cipher.

2.

Decipher messagesthat were encipheredusing a Hill cipher.

3.

Cryptanalyze messagesthat were enciphered using a digraphic Hill cipher, by analyzing the frequency of digraphs in the ciphertext.

7.3 ExponentiationCiphers In this section, we discuss a cipher, based on modular exponentiation,that was invented in 1978 by Pohlig and Hellman [9t1. We will see that ciphers produced by this system are resistant to cryptanalysis. Let p be an odd prime and let e, the enciphering key, be a positive integer with (e,p-l) : l. To encipher a message,we first translate the letters of the message into numerical equivalents (retaining initial zeros in the two-digit numerical equivalentsof letters). We use the same relationship we have used before. as shown in Table 7.9. letter

A B

numerical 00 equivalent

0r

c

D E F G H

I

J

K L M N

o

P

a

R S T U V

w

X Y

z

02 03 04 05 06 0'l 08 09 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

Table 7.9. Two-digit Numerical Equivalentsof Letters. Next, we group the resulting numbers into blocks of 2m decimal digits, where 2m is the largest positive even integer such that all blocks of numerical equivalents corresponding to m letters (viewed as a single integer with 2m d e c i m a l d i g i t sa) r e l e s s t h a n p , e . g .i f 2 5 2 5 < p < 2 5 2 5 2 5 , t h e n m : 2 . For each plaintext block P, which is an integer with 2m decimal digits, we form a ciphertext block C using the relationship C=Pe

(modp),0(C
The ciphertext messageconsistsof these ciphertext blocks which are integers

206

Cryptology

less than p. example.

we illustrate the encipheringtechniquewith the following

Example' Let the prime to be used as the modulus in the enciphering procedurebe p : 2633and let the encipheringkey to be usedas the .*ponrni in the modularexponentiation be e :29, so thai (r,p-l) - (2g,2$;): l. To encipherthe plaintextmessage, THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER, we first convertthe lettersof the message into their numericalequivalents, and then form blocksof length four from thesedigits, to obtain 1907 0818 0818 0013 0012 l5l I 0414 0500 2315 l4l3 0413 1908 0814 1302 081s 07a4

0423 1304 0019 nn .

Note that we haveaddedthe two digits 23, corresponding to the letter X, at the end of the message to fill out the final blockof fbur digits. We next translateeach plaintext block P into a ciphertextblock C using the relationship C=pzs

(mod263r,0< C <2633.

For instance,to obtain the first ciphertextblock from the first plaintextblock we compute C :

= 2199 (mod 263i. 19072e

To efficientlycarry out the modular exponentiation, we use the algorithm givenin Section3.1. When we encipherthe blocksin this way, we find that the ciphertextmessage is 2199 2425 to72 2064

t745 t729 l54l l35l

1745 1619 1701 t704

r206 0935 I 553 1841

2437 0960 0735 r459

To decipher a ciphertext block c, we need to know a deciphering key, namely an integer d such that de = | (mod p-l), so that d is an inverse of e (mod p-l), which exists since (e,p-l): l. If we raise the ciphertext block C to the dth power modulo p,wa recover our plaintext block p, since

207

7.3 ExponentiationGiphers

Cd = ( p" ) d : p e d =

p k Q-t)+ t = (p p -t)k p = P (mod p),

(mod p-l)' + l, for some integer k, since de = I where de : ki-l) (Note that we have used Fermat's little theorem to see that pn-t - I (modp).) the prime Example. To decipher the ciphertext blocks generated using : of e inverse an we need 29, : e key enciphering 2633 and the moduius p that shows 3.2, Sectionin : done j-t as computation, 2632. An easy modulo to in order C block ciphertext the : decipher To 2269 is such an inverse. d relationship the we use P, block plaintext find the corresponding P : 9226e (mod 263i. For instance,to decipher the ciphertext block 2199, we have P = 2lgg226e: 1907 (mod 263r. Again, the modular exponentiationis carried out using the algorithm given in Section3.2. (mod p), we For each plaintext block P that we encipher by computing P' Before demonstrates. 3.3 Proposition use only O(tog2il3) bit operations, as done can be This p-1. modulo e we decipher we need to find an inverse d of needs (see this and, 3.2), Section problem of ll using O(log il bit operations to be done only once. Then, to recover the plaintext block P from a ciphertext block C, we simply need to compute the leait positive residueof Cd modulop; we can do this using OKlog2p)3) bit operations. Consequently, the processos of enciphering and deciphering using modular exponentiation can be done rapidly. On the other hand, cryptanalysis of messagesenciphered using modular exponentiation generally cannot be done rapidly. To see this, suppose we know the prime p used as the modulus, and moreover, suppose we know the plaintext block P correspondingto a ciphertext block C, so that

0.2)

C = P'

( m o dp ) .

For successfulcryptanalysis, we need to find the enciphering key e. When the relationship Q.D holds, we say that e is the logarithm of C to the base p modulo p. There are various algorithms for finding logarithms to a given base modulo a prime. The fastest such algorithm requires approximately .*p(.,,6Ep log-mgp) bit operations(see [81]). To find logarithms modulo a prime with n decimal digits using the fastest known algorithm requires approximately the same number of bit operations as factoring integers with

208

Cryptology

the same number of decimal digits, when the fastest known factoring algorithm is used. Consulting Table 2.1, we see that finding logarithms modulo a prime p requires an extremely long time. For instance, when p has 100 decimal digits, finding logarithmr rnodulo p requires approximately 74yearc, whereas when p has 200 decimal digiis, approxim"i"ry 3.gxl0! years are required. we should mention that for primes p where p-l has only smalr prime factors, it is possible to use special techniques to find logarithms modulo p using o (logzp) bit operations. Clearly, this sort of prime should not be used as a modulus in this cipher system. Taking a prime p : 2q * l, where q is also prime, obviates this difficulty. Modular exponentiation is useful for establishing common keys to be used by two or more individuals. These common keys may, for instance, be used as keys in a cipher system for sessionsof data communication, and should be constructed so that unauthorized individuals cannot discover them in a feasible amount of computer time. Let p be a large prime and let a be an integer relatively prime to p. Each individual in the network picks a key k that is an integei relatively prime to p-l ' When two individuals with keys &1 and k2 wisi to exchange a key, the first individual sends the second the inieger-71, where ./r E at'(modp),

0 < yr ( p,

and the second individual finds the common key K by computing

K:

yf'=a&'&'(-odp),

o

similarly, the secondindividualsendsthe first the integery2 where l z = a k ' ( m o dp ) ,

o 1 yz 1 p,

and the first individualfinds the commonkey K by computing K : yl' =o&'&'(*od p),

o < K < p.

We note that other individualsin the networkcannotfind this commonkey K in a feasibleamountof computertime, sincethey must computelogarithmi modulop to find K. In a similar manner,a commonkey can be sharedby any group of z individuals. If theseindividualshave keys k t,k2, ..., kn, ihey can sharethe commonkey

209

7.3 ExponentiationCiPhers

K - ak'k""4 (mod P)' common key We leave an explicit description of a method used to produce this K as a problem for the reader. by An amusing application of exponentiation ciphers has been described exponentiation using Shamir, Rivest, una eat.man [961. They show that by via ciphers, a fair game of poker may be played by two players communicating jointly they computers. Suppose Alex and Betty wish to play poker. First, chooie a large pii-" p. Next, they individually choosesecret keys e1aJrd €2' to be used as exponents in modular exponentiation. Let Er, and Er, represent the corresponding enciphering transformations, so that 8",(M) = M" Er,(M) = M"

(mod p) (mod p),

where M is a plaintext message. Let dl and d2be the inversesof el and e2 modulo p respectively, and let Dr, and D", be the corresponding deciphering transformations, so that D",(C) = cd.' (mod p) D ,:,(c ) = c d ' (m o d p ), where C is a ciphertext message. Note that enciphering transformations commute, that is : E r,(Er,(M)), E r,(E " ,(M)) slnce

(M")', :_ (M',)', (modp). To play electronic poker, the deck of cards is representedby the 52 messages

M r : .TWO OF CLUBS' ,r:."THREE oF CLUBS"

M sz: "ACE OF SPADES." When Alex and Betty wish to play poker electronically, they use the following sequenceof steps. We supposeBetty is the dealer.

210

Cryptotogy

Betty uses her enciphering transformation to encipher the 52 messages for the cards. She obtains Er,(M 1), Er,(Mr),...,er, (arl.-Betty shuffies the d".,k, by randomly riordering the enciphered messages. Then she sends the 52 shuffied encipheredmessagesto Alex. ll.

lll.

Alex selects,at random, five of the enciphered messagesthat Betty has sent him. He returns these five messagesto Betty and she deciphers them to find her hand, using her deciphering transformation Drr, since D,,(E",(M)) : M for all messagesM. Alex cannot determine which cards Betty has, since he cannot decipher the enciphered messages Er,(M), j : 1,2,...,52. Alex selects five other enciphered messages at random. messagesbe C1, Cz, Cl, Ca, and C5, where

Let these

Cj : Err(Mi,), i : r,2,3,4,5. Alex enciphers these five previously enciphered messages using his enciphering transformation. He obtains the fivi messages Cjr : E r,(C) : E r,(Er,(1,t,,)) i : 1,2,3,4,5. Alex sends these five messagesthat have been enciphered twice (first by Betty and afterwards by Alex) to Betty. lv.

Betty uses her deciphering transformation D", to find

D",(C;*): D",(E ",(n",(*t,))) : Drr(Er,(Er,(M,,))) -

Eer(Mi,),

since Er,(Er,(M)) :8",(Er,(M)) and Dr.(Er,(M)) - M for messagesM. Betty sendsthe fives messageE",(Mi) back to Alex. v.

Alex useshis deciphering transformation Dr,

all

to obtain his hand, since

D",(E",(M;,)) : M;,. When a game is played where it is necessaryto deal additional cards, such as draw poker, the same steps are followed to deal additional cards from the remaining deck. Note that using the procedure we have described, neither player knows the cards in the hand of the other player, and all hands are equally likely for each player. To guarantee that no cheating has occurred, at the end of the game both players reveal their keys, so that each player can verify that the other player was

7.3 ExponentiationCiPhers

211

actually dealt the cards claimed. may A description of a possible weaknessin this scheme, and how it 9.1. Section of problem 38 in found be be overcome,may

7.3 Problems l.

: 3, encipher the message Using the prime p - l0l and enciphering key e GOOD MORNING using modular exponentiation' is the plaintext message that corresponds to the ciphertext l2t3Og02053g 120g 1234 1103 1374 produced using modular exponentiation : 13 2 with modulus p : 2591 and enciphering key e

2 . What

3.

4.

when Show that the enciphering and deciphering procedures are identical - 3l and modulus with exponentiation P modular enciphering is done using enciphering key e : ll With modulus p - 29 and unknown enciphering key e, modular exponentiation produces the ciphertext 04 19 19 ll 04 24 09 15 15. Cryptanalyze the ubou" cipher, if it is also known that the ciphertext block 24 corresponds to the plaintexi letter U (with numerical equivalent 20). (Hint: First find the iogarithm of 24 to the base 20 modulo 29 using some guesswork.)

5 . Using the method described in the text for exchanging common keys, what is the key that can be used by individuals with keys kt:27 "o..on when the modulus is p : l0l and the base is a : 51'

and kr:31

6.

What is the group key K that can be shared by four individuals with keys * 1 0 0 9 a n d base k1 : ll, k2:12, k3:17, kc:19 using the modulusP a:31.

7.

Describe a procedure to allow n individuals to share the comrnon key described in the text.

7.3 Computer Proiects Write programs to do the following: l.

Encipher messagesusing modular exponentiation.

2.

Decipher messagesthat have been enciphered using modular exponentiation.

3.

Cryptanalyze ciphertext that has been enciphered using modular exponentiation when a correspondencebetween a plaintext block P and a ciphertext block C is known.

4.

Produce common keys for individuals in a network.

212

5.

Gryptology

Play electronic poker using encryption via modular exponentiation.

7.4 Public-KeyCryptography If one of the cipher systems previously described in this chapter is used to establish secure communications within a network, then each pair of communicants must employ an enciphering key that is kept secret from the other individuals in the network, sincl once the enciphering key in one of those cipher systems is known, the deciphering key can be fiund using a small amount of computer time. Consequently,to maintain secrecy the enciphering keys must themselvesbe transmitted ovei a channel of securecommunications. To avoid assigninga key to each pair of individuals that must be kept secret from the rest of the network, a new type of cipher system, called a public-key cipher system, has been recentiy introduced. In ttris type of cipher system, enciphering keys can be made-public, since an unrealistically large amount of computer time is required to find a deciphering transformation from an enciphering transformation. To use a public-key cipher system to establish secret communications in a network of n individuals, each individual produces a key of the type specified by the cipher system, retaining certain private information that went into the construction of the enciphering transformation E (D, obtained from the key ft according to a specifiedrule. Then a directory of the n keys k1, k2,...,k, is published. wtrn individual i wishes to send a message to individual ], the letters of the message are translated into their numerical equivalents and combined into blocks of specified size. Then, for each plaintlxt block p a corresponding ciphertext block c - E1,, (p) is computed using the enciphering transformation Ekt. To decipher the message, individual 7 applies the deciphering transformation D1r,to each ciphertext block C to find p, i.e. Dk,(C) - Pkt(Eo,(r)) : f. Since the deciphering transformation Do, cannot be found in a realistic amount of time by anyone other than individual -/, no unauthorized individuals can decipher the message,even though they know the key k;. Furthermore, cryptanalysis of the ciphertext message, even with knowiedge of ki, is extremely infeasible due to the large amount of computer time needed. tgl?

The Rfl cipher system, recently invented by Rivest, Shamir, and Adleman lgl], is a puitic-key cipher system based on modular exponentiation where the keys are pairs (e,n), consisting of an exponent e and a modulus n that is the product of two large primes, i.e. n: pq, where p and.q are large

7.4

,n+t -,,"lulus, P '^ 1 q',te f\rirte { ; p ubi,c e^qvh7 L L 21s Public-KeYCrYPtograPhY Secm{:

C

do cryrily

P'1

l. To encipher a message,we first translate the primes, so that G,Q(il): equivalents and then form blocks of the largest numerical ietters into their possible size (with an even number of digits). To encipher a plaintext block P, we form a ciphertext block C bY E@) :C

zP'

(modn), 0 1 C 1 n.

The deciphering procedure requires knowledge of an inverse d of e modulo Qh), which existssince G,Qh)) : l. To decipherthe ciphertext block C, we e"l- | - ri 4{") find +t D ( O = C d : (P ' )d : P e d : P k dh) _ (p o ft);k p = p (m o d n ), where ed: kth) * I for some integer k, since ed = I (mod Ob)), and by -Euler's theorem, we have pa(fi) 1 (mod n), when (P, n) : | (the probability that P and n are not relatively prime is extremely small; see problem 2 at the end of this section ) . The pair (d, n) is a deciphering key. To illustrate how the RSA cipher system works, we present an example where the enciphering modulus is the product of the two primes 43 and 59 (which are smaller than the large primes that would actually be used). We have n : 43 ' 59 : 2537 as the modulus and e - 13 as the exponent for the RSA cipher. Note that we have (e, Qh)) : (13, 42' 58) : l. To encipher the message PUBLIC KEY CRYPTOGRAPHY. wq first translate the letters into their numerical equivalents,and then group these numbers together into blocks of four. We obtain 1520 2402 1700

0 1I l 1724 1507

0802 l5l9 2423,

1 004 1406

where we have added the dummy letter X : 23 at the end-of the passageto fill out the final block. We encipher each plaintext block into a ciphertext block, using the relationship C = Prt

(mod 2537)

For instance, when we encipher the first plaintext block 1520, we obtain the ciphertext block

214

Cryptology

C = (1 5 2 0 )1 3= 9 5

(m od 253D .

Enciphering all the plaintext blocks, we obtain the ciphertext message 0095 081I I 185

1648 2333 1457

l4l0 2132 1084.

t299 0370

In order to decipher messagesthat were enciphered using the RSA cipher, we must find an inverse of e : 13 modulo : o(43. 5i) : oeslil 42' 58 : 2436- A short computation using the Euclidean algorithm, as done in section 3.2, shows that d :937 is an inverse of 13 modulo 2436. Consequently,to decipher the cipher text block C, we use the relationship - g e 3 7 (m o d P 2 5 3 D ,0 < p < 2532, which is valid because ge37 :

(pr3)e37-

(p2az6)sp= p

(mod 2537):

note that we have used Euler's theorem to see that pQQs37)- p2436- t (mod 2537), when (P, 2537) : | (which is true for all of the plaintext blocks in our example). To understand how the RSA cipher system fulfills the requirements of a public-key cipher system, first note that each individual can find two large primes p and q, with 100 decimal digits, in just a few minutes of computer time. These primes can be found by picking odd integers with 100 digits at random; by the prime number theorem, the probability that such an integer is prime is approximately 2tog 10100. Hence, we expect to find a prime after examining an average of l/OAog 10100),or approximately ll5, such integers. To test these randomly chosen odd integers for primality, we use Rabin's probabilistic primality test discussedin Section 5.2. For each of these 100digit odd integers we perform Miller's test for 100 basesless than the integer; the probability that a compositeinteger passesall these tests is less than 10-60. The procedure we have just outlined requires only a few minutes of computer time to find a 1OO-digitprime, and each individual need do it only twice. Once the primes p and q have been found, an enciphering exponent e should be chosen with (e,e(pq)) : l. One suggestion for choosing e is to take any prime greater than both p and q. No matter how e is found, it should be true that 2' > fl : pQ, so that it is impossible to recover the

7.4 Pu blic - K eYCr Y P to g ra Ph Y

215

eth root of the integer C plaintext block P, P # O or 1, just by taking the withC=P,(modn),01C1n.Aslongas2,}||,everymessageother followed by u reduction than p : 0 and l, is enciphered by exponentiation modulo n. enciphering messages We note that the modular exponentiation needed for a few seconds of using the RSA cipher system can be done using only base in the modular computer time when th; modulus, exponent, and the Euclidean exponentiationhave as many as 200 decimal digits' Also, using exponent e algorithm, we can rapidly find an inverse d of the enciphering and q are known' so that when the primes p rnldulo 6(r) : (P-l)(q-l) is known' 0h) :6(Pq) (e, n) does not easily lead to To see why knowledge of the enciphering key inverse of e modulo 6h), an (d] d, find to that note n), the deciphering key ( p l ) ( q -l)' Note that finding r e q u i r e st h a t w e f i r s t f i n d Q h ) : O Q q ) :

. To se7-y!5 no.!1 that Q0) is not easier than factoring the JIlSgg-t? :!Q+d'-4n'

- :'/mq i i n : n - o 0 ) + l a n dp q :

so

V z l | + q ) + (p-q)| , and consequentl y and q i f,u , p : t / 2lQ + Q + Q -i l \ : p q a n d 6h) : b-l )Q-l ) are n w h e n fo u n d p a n d q c an eas ily U " digits, decimal 100 around q have both p and known. Note that when n - pq has around 200 decimal digits. From Table 2.1, we seethat using the fastest factorization algorithm known, 3.8xlOe years of computer time are required to factor an inleger of this size. Also, if the integer d is known, but - I is a multiple of o(n) is not, then n may also be factored easily, since ed an integer n using any eh) and there are special algorithms for factoring proven that it is impossible (see been has not It Mill.r t72D. multiple of 6h) system without cipher RSA the using enciphered messages to decipher As yet,all discovered' been has method no such far so but factoring n, factoring to equivalent general are in work that suggested methods decipherlng be an to Seems integers large factoring remarked, we have n, and as time. computer of amounts tremendous problem, requiring intractable A few extra precautionsshould be taken in choosingthe primes p and q to be used in the RSA cipher system to prevent the use of special rapid - | and q - I should have techniquesto factor n : pq. For example, both p large pri-. factors, (p - l, q - l) should be small, and p and q should have decimal expansionsdiffering in length by a few digits' For the RSA cipher system, once the modulus n has been factored, it is easy to find the deciphering transformation from the enciphering transformation. It may be possible to somehow find the deciphering transformation from the enciphering transformation without factoring n, although this seemsunlikely. Rabin [92] has discovereda variant of the RSA

216 Cryptotogy

cipher system for which factorization of the modulus n has almost the same computational complexity as obtaining the deciphering transformation from the enciphering transformation. To describe Rabin,s cipher system, ret n : pq, where p and q are odd primes, and let b be an integer with 0 < 6 1 n. To encipher the plaintexi messagep, we form e :

p@+b)

(modn).

We will not discussthe deciphering procedure for Rabin ciphers here, because it relies on some concepts we havi not yet developed (see problem 36 in Section 9'l). However, we remark that there are foui possible ualue, of p for each ciphertext c such that e - p(p+b) (mod n), an ambiguity which complicates the deciphering process. when p and q are known, the deciphering procedure for a Rabin cipher can be carriei out rapidly since O(log n ) bit operationsare needed. Rabin has shown that if there is an algorithm for deciphering in this cipher system, without knowledge of the primes p and q, that ."qui.", f hf ait operations, then there is an algorithm for the factorization of n requiiing only 2$ (n) * log n ) bit operations. Hence the process of deciphering messages encipheredwith a Rabin cipher without knowledgeof p and-q is a problern of computational complexity similar to that of factori zation. Public-key cipher systemscan also be used to send signed messages. When signaturesare used, the recipient of a messageis sure that the message came from the sender, and can convince an impartial judge that only the sender could be the source of the message. This authentication is needed for electronic mail, electronic banking, and electronic stock market transactions. To see how the RSA cipher system can be used to send signed messages, supposethat individual i wishes to send a signed messageto individ ual j. itr. first thing that individual i does to a plaintext block p is to compute S - Do,(P) = pd' (mod n;), where (di, n) is the deciphering key for individual f which only individual , i knows. Then, if ni t n1, where (ei, n) is the enciphering key ior individual 7, individual i enciphersS by forming ,:Ekt(S)=S',

(modn;),

0
1nj.

wh..l ni I n; individual i sprits ,s into blocks of size less than nj and enciphers each block using the enciphering transformation 81r,. For deciphering, individual 7 first transformation Dp, to recover S, since

uses the

private

deciphering

217

7.4 Public-Key CrYPtograPhY

D1,,(C) - PktGp, (S)) : s. To find the plaintext message P , supposedly sent by individual i, individual 7 next uses the pubtic enciphering transformation Eq, since 81,(s) - fi,kt(Dr,(P)) : P. Here, we have used the identity Ep,(Dp,(P)) : P, which follows from the fact th a t = (P d ' )" - Pd ' e ': P (mod n;)' E p, (D p ,(P)) since diei :- I

(mod Oh)).

The combination of the plaintext block P and the signed version S convinces individual 7 that the message actually came from individual i. Also, individual i cannot deny sending the message, since no one other than individual f could have produced the signed message S from the original messageP. The RSA cipher system relies on the difference in the computer time needed to find primes and the computer time needed to factor. In Chapter 9, we will use this same difference to develop a technique to "flip coins" electronically.

7.4 Problems l.

Find the primesp andq if n : PQ - 4386607and d(n) : 4382136.

2. Supposea cryptanalystdiscoversa messageP that is not relativelyprime to the encipheringmodulusn : pq usedin a RSA cipher. a) Showthat the cryptanalystcan factorn.

fP," ) . p or 1 b) Show that it is extremelyunlikely that sucha messagecan be discoveredby demonstratingthat the probability that a messageP is not relativelyprime 1-!, to n i, !+ a n d i f p a n d q a r e b o t h l a r g e rt h a n l 0 r m , t h i s pqpq probabilityis leis thin 10-s. 3 . What is the ciphertext that is produced when the RSA cipher with key (e,n) : G,266il is usedto encipherthe messageBEST WISHES? 4 . If the ciphertext message produced by the RSA cipher with key (e,n) : (s,zggt) is 0504 1874034705152088235607360468, what is the

218

Cryptology

plaintext message? 5.

Harold and Audrey respectively. a)

have as their

RSA

keys (3,23.4D

and

(7,31.59),

Using the method in the text, what is the signed ciphertext sent by Harold to Audrey, when the plaintext messageis cHEERs tranorot

b)

Using the method in the text, what is the signed ciphertext sent by Audrey to Harold when the plaintext messageis SINCERELY AUDREY? In problems 6 and '7, we present two methods for sending signed messagesusing the RSA cipher system, avoiding possible changes in block sizes. 6.

7 . il

Let H be a fixed integer. Let each individual have two pairs of enciphering keys: k - (e,n) and k* - (e,n*) with n < H
Show that is is not necessaryto change block sizes when the transformation Eor. is applied after Dp, has been applied.

b)

Explain how individual 7 can recover the plaintext message P, and why no one other than individual l' could have sent the message.

c)

Let individual f have enciphering keys (3,11.71) and Q2}.4D so that 781 : 1l'71 < 1000 < ll89 - 29'41, and let individual j have enciphering k e y s ( 7 , 1 9 . 4 7 )a n d ,( 7 , 3 1 . 3 D ,s o t h a t g 9 3 : l g . 4 j < 1 0 0 0 < I I 4 7 : 3 1 . 3 7 . What ciphertext message does individual f send to individual 7 using the method given in this problem when the signed plaintext messageis HELLO ADAM? What ciphertext message does individual j send to individual f when the signed plaintext messageis GOODBYE ALICE?

Show that if individuals f and y have enciphering keys k; - (ei,n) and ki : (ei,n), respectively, where both n; and ni are products of two distinct primes, then individual i can send a signed message P to individual 7 without needing to change the size of blocks by sending Er,(Dr,(P)) if n, < n, Dp,(Ep,@)) if ni ) ni .

b)

How can individual T recover p?

c)

How can individual j/ guarantee that a messagecame from individual i ?

d)

Let ki - (11,47.61) and ki - (13,43.59). Using the method described in part (a), what does individual f send to individual 7 if the message is REGARDS FRED, and what does individual 7 send to individual i if the message is REGARDS ZELDA?

2r9

1.5 Knapsack CiPhers

8.

Encipher

the

message

SELL

NOW

using

the

Rabin

ciPher

C = P(r+s) (mod2573).

?.4 Computer Projects Write programs to do the following: 1.

Encipher messageswith an RSA cipher'

2.

Decipher messagesthat were enciphered using an RSA cipher.

4.

in the text' Send signed messagesusing an RSA cipher and the method described problem 6' Send signed messagesusing an RSA cipher and the method in

5.

problem 7' Send signal messagesusing an RSA cipher and the method in

6.

Encipher messagesusing a Rabin cipher'

3.

7.5 KnapsackCiphers In this section, we discuss cipher systems based on the knapsack problem. Given a set of positive integers Qr,a2,..., an and a Sum S of a subset of these integers, the knapsack problem asks which of these integers add together to give S. Another way to phrase the knapsack problem is to ask for the values of xyx2,..., xn, each either 0 or 1, such that (7.3)

S:arxr*a2x2*

larxn'

We use an example to illustrate the knapsack problem. : (2,'7,8,11,12). By inspection, w€ see that Example. Let (a1,o2,o3,aa,a5) there are two subsets of these five integers that add together to give 21, Equivalently, there are exactly two namely 2l -- 2+8+l | : 2*7*12. 8x3 * llxa * l2x5:21, with Ii :0 7 x 2 * s o l u t i o n st o t h e e q u a t i o n2 x 1 * : x 1,2,3,4,5,namely r : x3: x4: l, x2: 15 : 0, and or I for i Xl: XZ: X5: l, X3: I+ : 0. To verify that equation (7.3) holds, where each.x, is either 0 or 1, requires that we perform at most n additions. On the other hand, to search by trial and error for solutions of (2.3), may require that we check all 2n possibilities for (x1, x2,..., rn). The best method known for finding a solution of the knapsack problem requires O(2n/2) bit operations, which makes a computer solution of a general knapsack problem extremely infeasible even when n : 100.

220

Gryptology

certain values of the integers e1, a2,...,en make the solution of the knapsack problem much easier than the- solutlon in the general case. For instance, if ai : )i-1, to find the solution of S - Ar xr * a2x2-l ": I an xr, where ri:0 or I for i: 1,2,...,ft, simply requires that we find the binary expansionof S. We can also produce easy knapsackproblemsby choosingthe integersd1, oz,...,cn so that the sum of the first 7-l of these integers is alwayrl.r, than the Tiir int"ger, i.e. so that j-r

2o,{oi,

j : 2 , 3 ,. . . , n .

i-l

If a sequenceof integers d1, e2,...,an satisfiesthis inequality,we call the sequencesuper -increasing. Example.

The

sequence 2, 3,7, 14, 27

is

super-increasing because

3 > 2,7 > 3+2,14 > 7+3+2,and27 > l4+i+3+2.

To see that knapsack problems involving super-increasingsequencesare easy to solve,we first consideran example. Example. Let us find the integersfrom the set 2,3,7,14,27 that have 37 as their sum. First, we note that since 2+ 3 + 7 + 14 < 27, a sum of integers from this set can only be greater than 27 if the sum contains the integer 27. H e n c e ,i f 2 x 1 * 3 x 2 * 7 x 3 * l 4 x a * 2 7 x 5- 3 7 w i t h e a c h . x ; : 0 o r l , w e must have 15 : I and 2x1* 3x2* 7x3| l4xa: 19. Since 14 > 10, x4 m us t be 0 and w e h a v e 2 x 1 * 3 x 2 * 7 x 3 : 10. S i nce 2 + 3 ( 7, w e must h a v e x , : 1 and th e re fo re 2 x 1 l 3 x 2 :3 . O bvi ousl y,w e hava x2: I and rr - 0. The solutionis 37 - 3 + 7 + 27. In general, to solve knapsack problems for a super-increasingseeuolco 41, a 2, . . . ,an, i. e. t o fi n d th e v a l u e s o f x t, x 2 , ..., xn w i th ,S : atxl * a2x2* * enxnand x;:0 o r I f o r i : 1 , 2 , . . . , n w h e n . S i s g i v e n ,w e u s e t h e following algorithm. First, we find x, by noting that [r ir

r,:toif

S Z an

S(an.

Then, we find xn-r, xn-2,...,x1, in succession,using the equations

221

7.5 KnapsackCiphers

if

n

s-

t-i+l xj-

.s-

n

;-;+l

for7 : n-l,n-2,...,1. To seethat this,algorirhmworks, first note that if xn :0 then)orrr(

when S 7 an,

g condition ! 2 o , l e n < S , c o n t r a d i c t i n the

i-l

i-l

,

Similarly, if xy : 0 when S -

7 oj, then ) a;x; (

;-j+l

n

j-'

i-l

o1*i : S j-r

2 *, + t-l

aj* i-j+1

r-i+l

Using this algorithm, knapsack problems based on super-increasing sequencescan be solved extremely quickly. We now discuss a cipher system based on this observation. This cipher system was invented by Merkle and Hellman [90], and was considered a good choice for a public-key cipher system until recently. we will comment more about this later. The ciphers that we describe here are based on transformed super-increasing sequences.To be specific,let or, a2,...,an be super-increasingand let m be a positive integer with lz ) 2ao. Let w be an integer relatively prime to m with inverse w modulo m. We form the sequence b1, b2,...,b, where bj : wai (mod m) and 0 < bi 1 m. we cannot use a special technique to solve a knapsack problem of the type ^g :

b b,", where ,S is a positive i-l

integer, since the sequence when fr is known. we can find

(7.4)

is not super-increasing. However,

wT : i fr|,r, : h o,r, (modlz) j-l i-l

since fibi =ai

(mod m). From (7.0 we see that

So: Zo,r, t-l

where Ss is the least positiveresidueof frS modulo z. the equation

We can easilv solve

222

Cryptology

So : D o,r,, i-l

since er, e2,...,an is super-increasing.This solvesthe knapsack problem

s : !, b,r,, i-l

since bi = wa; (mod m) and 0 ( D; I an example.

m. We illustrate this procedure with

Example. The super-increasingsequence (oya2,a3,a4,a5):(3,5,9,20,44) can be transformed into the sequence(b3 b2, by bq, b5): (23,6g,69,5,11)by taking bi = 67a1 (mod 89), for 7 : 1,2,3,4,5. To solve the knapsack problem 2 3 x 1 + 6 8 x z * 6 9 x 3 * S x a* l l x 5 : 8 4 , w e c a n m u l t i p l y b o t h s i d e so f t h i s equation by 4 , an inverse of 67 modulo 89 , and reduce modulo 89, to obtain the congruence 3x1 * 5x2 * 9x3 * 20xa * 44x5 = 336 = 69 (mod g9). since 89>3+5+9+20+44, w e c a n c o n c l u d et h a t 3 x 1 * 5 x 2 * 9x3 * 20xa * 44x5: 69. The solution of this easy knapsack problem is xs : x4: x2: I and x3 : rr : 0. Hence, the original knapsack problem has as its solution 68 * 5 + 1l : 84. The cipher system based on the knapsack problem works as follows. Each individual chooses a super-increasing sequence of positive integers of a specified length, say N, e.g. ar, a2,..., aN, as well as a modulus m with m ) 2ay and a multiplier w with (m,w) :1. The transformed sequence b 1, b2, . . . by , , whe re b i = w a i (m o d m ), 0 < bi 1 m, for j - 1,2,...,N , i s made public. When someonewishes to send a messageP to this individual, the messageis first translated into a string of 0's and I's using the binary equivalentsof letters, as shown in Table 7.10. This string of zeros and ones is next split into segmentsof length N (for simplicity we supposethat the length of the string is divisible by N; if not, we can simply fill out the last block with all l's). For each block, a sum is computed using the sequencebvbz,...,bxi fo r ins t anc e, t he b l o c k x 1 x 2 ...x 1 1g i v e s S: D rxr * b2x2* * byxy. Finally, the sums generatedby each block form the ciphertext message. We note that to decipher ciphertext generated by the knapsack cipher, without knowledge of m and w, requires that a group of hard knapsack problems of the form

(7.s)

S : brxr f b2x2*

* byxy

be solved. on the other hand, when m and w are known, the knapsack problem (z.s) can be transformed into an easy knapsack problem, since

223

7.5 KnapsackCiphers

letter

binary equivalent

letter

00000 00001 00010 0001I 00100 00101 001r0 00111 01000 0100r 01010 01011 0l100

A B C D E F G H I J K L M

N

o P

a R S T U V

w X Y Z

binary equivalent 01101 0lll0 0llll 10000 10001 10010 l00l I 10100 l0l0l 10110 l0l l1 l 1000 11001

Table 7.10. The Binary Equivalents of Letters.

wIS: frbp1 * frb2x2I z

where frbj: (7.6)

atxl * a2x2*

' * wbyx7,1 (mod m ), * ayxy

a; (mod 22), where w- is an inverseof w modulo m, so that So - afi1 * a2x2l

* a1vx1v,

where Ss is the least positive residue of wlS modulo rn. We have equality in (7.6), since both sides of the equation are positive integers less than m which are congruent modulo ltt. We illustrate the enciphering and deciphering proceduresof the knapsack cipher with an example. We start with the super-increasing sequence : (2,1I '14'29'58'lI9'24I'480'959'1917)' We (a1,a2,a3,Q4,Q5tA6,A7,Qg,Qg,,Ato) : l00l take m: 383? as the encipheringmodulus,so that m ) 2a1s,?fld w (m,w):1, super-increasing the to transform as the multiplier, so that sequenceinto the sequence(2002,3337,2503,2170,503,172,3347,855,709,417). To encipher the message

REPLY IMMEDIATELY,

Cryptology

we first translate the letters of the message into their five digit binary equivalents,as shown in Table 7.10,,and thenlroup these digits into blocks of ten, to obtain 1000100100 0llltOl0ll 1100001000 0110001100 0010000011 0100000000 1001100100 0101I11000. For each block of ten binary digits, we form a sum by adding together the appropriate terms of the sequence(2002, 3337, 2503, 2170, sd:, t 72, 3347, 855,709, 417) in the slots correspondingto positionsof the block containing a digit equal to l. This gives us 3360

12986 8686

10042 3629 3337 5530

s72s.

For instance,we compute the first sum, 3360, by adding 2002,503, and g55. To decipher, we find the least positive residue modulo 3837 of 23 times each sum' since 23 is an inverse of 1001 modulo 3837, and then we solve the corresponding easy knapsack problem with respect to the original superincreasing sequence (2,11,14,29,59,119,241,4g0,959,lglT). For example, to decipher the first block, we find that 3360.23:540(mod 3837), and then note that 540 : 480 + 58 + 2. This tells us that the first block of plaintext binary digit s is 10001 0 0 1 0 0 . Recently, Shamir [g+] tras shown that knapsack ciphers are not satisfactory for public-key cryptography. The reason is that there is an efficient algorithm for solving knapsack problems involving sequences b1, b2,...,b, with bi: wai (modm), where w and m are relatively prime poritiue integers and ar, o2,...,an is a super-increasingsequence. The algorithm found by Shamir can solve these knapsack problems using only O @ hD bit operations, where P is a polynomial, instead of requiring exponential time, ir required for general knapsack problems, involving sequencesof a general "r nature. There are several possibilities for altering this cipher system to avoid the weakness found by Shamir. One such possibility is to choose a sequence of pairs of relatively prime integers (w1,m1),,(w2,m2),..., (w,mr), and then form the series of sequences

22s

7.5 Knapsack GiPhers

b9) 7 w 1 a i ( m o d z r ) (mod m z) ;;,, :rrijt'

bj') =w,b j'-rt (mod z"), for j : l, 2, ..., n. We then use the final sequenceb[') , b$'),..., bl') as the encipheringsequence.As of mid-1983,no efficientalgorithmhad beenfound for solving knapsack problems involving sequencesobtained by iterating modular multiplications with different moduli (although there are several promisingmethodsfor the productionof suchalgorithms).

7.5 Problems l.

is super-increasing Decidewhethereachof the followingsequences a) b)

(3,5,9,19,40) c) ( 2, 6, 10, 15 ,3 6 ) d

(3 ,7 ,1 7 ,3 0 ,5 9 ) (l l,2l,4l,8l,l5l).

sequence,then c; 2 A-r for 2 . Show that if 41, a2,...,dn is a super-increasing j - 1 , 2 ,. " , f , ' 3 . Show that the sequencea1, a2,...,a21is super-increasingif ai+r ) 2ai for j - 1, 2,. . . ,f l- l' . of the integers2,3,4,7, 11, 13, 16 that have18 as their sum. 4 . Find all subsets 5 . Find the sequence obtained from the super-increasing sequence (1,3,5,10,20,41,80) when modular multiplication is applied with multiplier : w 17 and modulvsm : 162. 6 . Encipher the messageBUY NOW using the knapsackcipher based on the by sequence(17,19,37,81,160), sequenceobtained from the super-increasing and modulus performing modular multiplication with multiplier w :29 m :331. 7 . Decipherthe ciphertext402 105 150 325 that was encipheredby the knapsack This sequenceis obtained cipher basedon the sequence(306,374,233,L9,259). by using-modularmultiplicationwith multiplier w : 17 and modulusm : 464, sequence(I8,22,4I,83,179). to transformthe super-increasing the modularmultiplications 8 . Find the sequenceobtainedby applyingsuccessively on the with multipliersand moduli (7,92), (11,95),and (6,101),respectively, (3,4,8,I7,33,67) . sequence super-increasing

226

Cryptology

9 . What process can be employed to decipher messagesthat have been enciphered using knapsack ciphers that involve sequences arising from iterating modular multiplications with different moduli?

1 0 . A multiplicative knapsack problem is a problem of the following type: Given positive integers aya2,...,an and a positive integer P, find the subset, or subsets, of these integers with product P, or equivalently, find all solutions of

P - ai'ai'." oi' where xj - 0 or I for j :

1,2,...,n.

il

Find all products of subsetsof the integers 2,3,5,6,and l0 equal to 60.

b)

Find all products of subsetsof the integers 8,13,17,21,95,121equal to 15960.

c)

Show that if the integets a1,a2,...,anare mutually relatively prime, then the multiplicative knapsack problem P:ai'ai'"'oI', rj-0 or I for j : I,2,...,n, is easily solved from the prime factorizations of the integers P,ayo2,...,an, and show that if there is a solution, then it is unique.

d)

Show that by taking logarithms to the base b modulo m,where (b,m): and 0 < b < m, the multiplicative knapsack problem

I

P-ai'ai'"'ol' is converted into an additive knapsack problem S - a1x1 * a2x2 *

* anxn

where S, @1,e20...;dn ate the logarithms of modulo m, respectively. e)

to the base 6

Explain how parts (c) and (d) can be used to produce ciphers where messagesare easily deciphered when the mutually relatively prime integers a1, a2t...; an are known, but cannot be deciphered quickly when the integers d\, dzr...,an Are knOwn.

7.5 ComputerProjects Write programsto do the following: 1. Solveknapsackproblemsby trial and error. 2 . Solve knapsack problems involving super-increasing sequences. 3 . Encipher messagesusing knapsack ciphers. Decipher messagesthat were enciphered using knapsack ciphers. Encipher and decipher messages using knapsack ciphers involving sequences arising from iterating modular multiplications with different moduli.

7.6 Some Applicationsto ComputerScience

6.

227

mutually relatively Solve multiplicative knapsack problems involving sequencesof prime integers (see Problem 10).

7.6 Some Applications to Computer Science In this section we describe two applications of cryptography to computer science. The Chinese remainder theorem is used in both applications. The first application involves the enciphering of a database. A database is a collection of computer files or records. Here we will show how to encipher an entire databasi so that individual files may be deciphered without jeopardizing the security of other files in the database' Supposethat a databaseB contains the n files Fv Fz,,-.-,Fn' Since each file is a string of 0's and I's, we can consider each file to be a binary integer. We first choose n distinct primes rltr, t7r2,...1r/tn with m1 ) F1 for j :1 ,2 , . . . , f r . A s t h e c i p h e rte x tw e u s e a n i n te g erC that i s congruentto F;_ th e e x i s te n c eo f s u c h an i nteger i s guaranteed mo d u l o m i f or j : 1, 2 ,...,n ; - fttr trtz mn and remainder theorem. We let M by the ihin.t" w h e r e y; is an : 1 , 2 , . . . , n . l e t , i Furthermore, fui: M/ry forT !i.'-lf with C integer the we take inverse of Ml modulo rz;. For the ciphertext,

C:br,r,(modM),

0
j-r The integers e r, €2, ..., €n serve as the write subkeys of the cipher. To retrieve the 7th file F; from the ciphertext C, we simply note that Fi=C(modm),0(F;1mi. We call the moduli my r/121...r mn the read subkeys of the cipher. Note that knowledgeof mi permits accessonly to file7; for accessto the other files, it is necessaryto know the moduli other than mi. We illustrate the enciphering and deciphering proceduresfor databaseswith the following examPle. Example. Suppose our database contains four files Fr, Fz, F3,lfid Fa, re p res ent edby ih" b i n u .y i n te g e rs(0 1 I l )2 , (1 0 0 1 )r, (t t00)2, i ID d (t t t t)2, or Fz:9, Ft: 12 and Fq: 15' We pick four in decimal notationFr:7, p r i m e s , f i l r : 1 1 ,m 2 : 1 3 , t r l 3 : 1 7 , a n d t r l 4 : 1 9 , g r e a t e r t h a n t h e corresponding integers representing the files. To encipher this database, we

228

Cryptology

use the chinese remaindertheorem to find the ciphertext c which is the p o s i t i vien t e g ew r ith C=7(modlt), C=9(moit3), C= 12(modl7), a n d c = 1 5 ( m o dl 9 ) , l e s st h a nM : l l . l 3 . l 7 . l 9 : 4 6 1 g 9 . T o c o m p u t ec we first find M r - . 1 3 . 1 7 . 1: 9 4 1 9 9 , M z : 1 l . l 7 . l g : 3 5 5 3 , M t : l 1 ' 1 3 ' 1 9 : 2 7 1 7 ,a n d M t - l l . l 3 . 1 7 : 2 4 3 1 . W . e a s i l yf i n d t h a t l 0 , . p r : l l a n d / + : l g a r e i n v e r s eosf M i m o d u l o lr-7,y2: mj for j:1,2,3,4. H e n c e t, h e w r i t e s u b k e y sa r t ae 1 : 4 1 9 9 . i : 2 9 3 9 3e, 2 : 3 5 5 3 ' 1 0 : 3 5 5 3 0 e, 3- 2 7 l 7 . l l : 2 g g g 7 a , n de, o : 2 4 3 l . l g : 4 3 7 5 g .T o constructthe ciphertext,we note that Q :

e1F1l

e 2 F 2 * e 3 F 3* e q F c

= 2 9 3 9 3 .7+ 3 5 5 3 0 .9+ 2 9 887.12+ 43758.15 = 1540535 = 1 6 2 9 8 (m o d 4 6 1 8 9 ), so that c:16298. The read subkeys are the integers mi, j - 1,2,3,4. To recover the file F7 from C, we simply find the least positive residue of C modulo rn7. For instance,we find F1 by noting that Fr=16298=7(modtl). We now discuss another application of cryptography, namely a method for sharing secrets. Suppose that in a communications network,- there is some vital, but extremely sensitiveinformation. If this information is distributed to several individuals, it becomesmuch more vulnerable to exposure; on the other hand, if this information is lost, there are serious consequences.An example of such information is the master key K used for accessto the password file in a computer system. In order to protect this master key K from both loss and exposure, we construct shadows kv kz, ..., k, which are given to r different individuals. We will show that the key K can be produced easily from any s of these shadows, where s is a positive integer less than r, whereas the knowledge of less than s of these shadows does not permit the key K to be found. Because at least s different individuals are needed to find K, the key is not vulnerable to exposure. In addition, the key K is not vulnerable to loss, since any .t individuals from the r individuals with shadows can produce K. Schemeswith the propertieswe have just describedare called (s,r) threshold schemes. To develop a system that can be used to generate shadows with these properties, we use the chinese remainder theorem. we choose a prime p greater than the key K and a sequence of pairwise relatively prime integeis rTtb ftiz, ..., ffir that are not divisible by p, such that

229

7.6 Some Applications to Computer Science

1lttr,

mt1mz1

and

0.7)

tTlt lllz

ffi,

)

frlFs*z

Pffirffir-t

of the Note that the inequality (7.7) states that the product of the s smallest the of, largest s-l p the and product of integers n; is g."utr.- than the is A/p then n' tttttTtz M if intelgersm'1. nt-om Q.l), we see ttrat mi. intege$ of the s-l of greater than the product of any set Now let I be a nonnegativeinteger less than M /p that is chosenat random. Let Ko: K * tP' Ko( sothat0( (M/p)p: M).

M-l

(since0(

Ko:K*tp<

p+tp:(l+l)p(

To producethe shadowskr kz, ..., kr, we let k1 be the integer with ki = Ks (mod rn;), 0 (

k; I

mi,

for 7 : 1,2,...,r. To see that the master key K can be found by any s individuals possessingshadows,from the total of r individuals with shadows, supposethat the s shadows ki,,ki,,..., ki, are available. Using the Chinese remainder theorem, we can easily find the least positive residue of Ks modulo ftri,. Since we know that 0 ( Ko < M 4 Mi, Hj,ffij, Mi where Mi: - tp. we can determine Ks, and then find K : Ko On the other hand, suppose that we know only the s 1 shadows kr,, k,r, ..., k,,-r. By the Chinese remainder theorem' we can determine the : ffii,ffii, Hi,-,' With least positive residue a of Ks modulo M; where Mi is the least a is that Ks these shadows, the only information we have about ( we only < Consequently, M Ko 0 positive residue of Kq modulo Mi and know that Ko:a*xM;, From 0.1), we can conclude that M /Mi ) p, so where 0 ( x < M/Mt that as .r ranges through the positive integers less than M lM, o x takes every : 1,2, ...,s , va l u e i n a f ull s et of r e s i d u e smo d u l op . Si n c e (m 1 ,P ): I for i : l, and consequently,a * xMi runs through a full set we know that (Mi,p) of residues modulo p as x does. Hence, we see that the knowledge of s-l shadows is insufficient to determine Ko, as Ks could be in any of the p

230

Cryptology

congruenceclassesmodulo p. we use an example to illustrate this threshold scheme. Example. Let K :4 be the master key. we will use a s c h e m e o f t h e k i n d j u s t d e s c r i b e dw i t i r p - 7 , r 1 1 : ll, trt3:17, so thatM : Dtirt2:132 ) pmt: ll9. We pickt from among the positive integers less than M /p : 132/7. This Ko: K i tp :4

(2,3) threshold ftr2:12, and :iqrandomly gives us

* 1 4 . 7: 1 0 2 .

The three shadows kvkz, and ft3 are the least positive residues of Ks modulo l7lt, f/12,and m3, i.e.

kr = 102= 3 ( m o dl l ) kz = 102 = 6 (mod 12) kt = 102 = 0 (modl7), so that the three shadowsare kl : 3, kz:6,

and kr : 0.

We can recover the master key K from any two of the three shadows. Suppose we know that kr: 3 and kr : 0. Using the Chinese remainder theorem, we can determine Ks modulo n7t/tt: ll.lj - lg7, i.e. since Ko = 3 (mod ll) and Ko = 0 (mod 17) we have ko = 102 (mod 1g7). S inc e 0 ( K o < M :1 3 2 < 1 8 7 , w e k n o w t hat K 6 :102, and consequentl y the master key is K : Ks - tp : lO2 - 14.7 : 4. We will develop another threshold scheme in problem 12 of Section g.2. The interested reader should also consult Denning [47] for related topics in cryptography.

7.6 Problems l.

2.

Supposethat the databaseI contains four files, F1 :4, Fz- 6, Ft: 10, and F + : 1 3 . L e t m l : 5 , n t z : 7 , f t i 3 - l l , a n d m a - 1 6 b e t h e r e a d s u b k e v so f t h e cipher used to encipher the database. il

What are the write subkeysof the cipher?

b)

what is the ciphertext c corresponding to the database?

When the database I with three files Fr Fz, and ^F3is enciphered using the method described in the text, with read subkeys ft:1 : 14, fir2: 15, and nt3:19, the correspondingciphertext is c:619. If file F3 is changed from Fr - ll to F3 : 12, what is the updated value of the ciphertext c?

7.6 So m e A pplic at ion s to C o m p u te r Sc i e n c e

3.

4.

231

a (2'3) threshold Decompose the master key K : 3 into three shadows using : 8' t/tz: 9' m3 : ll 5' mr schemeof the type describedin the text with p and with t -- 13. three pairs of shadows Show how to recover the master key K from each of the found in Problem 3.

7.6 Computer Projects Write programs to do the following:

2.

files from Using the system describedin the text, encipher databasesand recover databases' of version the ciphertext (see problem 2)' Update files in the ciphertext version of databases

3.

Find the shadowsin a threshold schemeof the type describedin the text.

4.

Recover the master key from a set of shadows'

l.

Primitive Roots

8.1 The Order of an Integer and primitive Roots From Euler's theorem, if m is a positive integer and if a is an integer relatively prime to m, then s6(m) = | (mod m). Therefore, at least one positive integer x satisfiesthe congrueneea* = 1 (mod rz). Consequently,by the well-ordering property, there is a least positive integer x satiifying this congruence. Definition. Let a and m be relatively prime positive integers. Then, the least positive integer x such that e* = I (mod z) is called the order of a modulo m. We denote the order of a modulo m by ord_a. Example. To find the order of 2 modulo 7, we compute the least positive residuesmodulo 7 of powers of 2. We find that

2t = 2 (mod7), 22

4 (mod 7), 23

I (mod 7).

Therefore, ord,72: 3 . Similarly, to find the order of 3 modulo 7 we compute 3t 3e

3 (mod 7), 32 : 2 (mod 7), 33 = 6 (mod 7) 4 (mod 7) , 3s = 5 (mod 7) , 36 = I (mod 7).

We see that ord73 : 6.

233

8.1 The Order of an Integer and PrimitiveRoots

a* = I (mod m), we need In order to find all solutionsof the congruence the followingtheorem. > 0, then the Theorem 8.1. lf a and n ate relatively prime integerswith n (mod if and only = n) I a' positiveintegerx is a solutionof the congruence if ord,a I x. Proof. If ordra I x, then x : k'ordnc wherek is a positiveinteger' Hence, (modn).

a* -ok'ord'a:(ao'd'o)k =l

write Conversely,if a* = I (mod n ), wo first use the division algorithm to 0 ( r ( ordra. x : q'ordna * r, From this equation, we see that a,

:

oa'ord.a*r -

(aord,o)e gr -

a,

(mod n).

(mod n). From the inequality Since a' = I (mod n), we know that a' = I : ordna is the 0 ( r ( ord, Q, we conclude that r:0, since, by definition, y (mod n). Because f :0, we have least positive integer such that.av = I x : a'ordna. Therefore,ordna I x. D This theorem leads to the following corollary' Corollary 8.1. lf a and n are relatively prime integers with n ) 0, then

ordna I Ofu). Proof. Since (a,n) : 1, Euler's theorem tells us that qb('\:

l (modn).

Using Theorem 8.1, we concludethat ordra I O(n)' n We can use Corollary 8.1 as a shortcut when we compute orders. The following example illustrates the procedure. : 16. Example. To find the order of 5 modulo 17, we first note that 0(ll7) sinceihe onty positivedivisorsof 16 are 1,2,4,8, and 16, from corollary 8.1 these are the only possiblevalues of ord175. Since 5r = 5 (mod l7),52 = 8 (mod l7),54:13 (modl7), 58 = 16 ( mo d 1 7 ), 5 1 6= I (mo d l 7 ), we conclude that ord175- 16.

234

Primitive Roots

The following theorem will be useful in our subsequentdiscussions. Theorem 8.2. rf a and n are relatively prime integers with n ) 0, then ai = aj , (mod n) where r and 7 are nonnegative integers, if and only if

i = j (mod ordna).

Proof. Supposethat i = j (mod ordna), and 0 < j < t. Then, we have i : j * k'ordra, wherek is a positiveinteger. Hence, ai : ojrk'ord'a : aj(ao'd.o)o = a/ (mod n ).

sinceoord'a=l(modn). Conv er s elyas , s u meth a t a i = a r (mo d n ) w i th i > j . S i nce (a,n): know that (ai,n) : 1. Hence, using Corollary 3.1, the congruence

l, we

ai = ai ai-i = ai (mod n) implies, by cancellationof a/, that ai-j:

I (modn).

From Theorem 8.1, it follows that ordra divides i - j, or equivalently, j (mod ord,a). tr = i Given an integer n, we are interested in integers a with order modulo n equal to Qfu). This is the largest possibleorder modulo r. Definition. If r and n are relatively prime integers with n ) 0 and if ordrr :6h), then r is called a primitive root modulo n. Example. We have previously shown that ord73 : 6 : 00). Consequently,3 is a primitive root modulo 7. Likewise, since ord75 : 6, as can easily be verified, 5 is also a primitive root modulo 7. Not all integers have primitive roots. For instance, there are no primitive roots modulo 8. To see this, note that only integers less than 8 and relatively p r i m e t o 8 a r e 1 , 3 , 5 , a n d 7 , a n d o r d 3 l : l , w h i l eo r d s 3 : o r d s 5 : o r d s 7 : 2 . Since d(8) : 4, there are no primitive roots modulo 8. In our subsequent discussions,we will find all integers possessingprimitive roots. To indicate one way in which primitive roots are useful, wo following theorem.

the

Theorem 8.3. lf r and n are relatively prime positive integers with n ) 0 and if r is a primitive root modulo n, then the integers

235

8 .1 Th e O r der of an I n te g e r a n d P ri mi ti v e R o o ts

tl , f2' "'' '6b)

form a reduced residue set modulo n. root r form Proof. To demonstratethat the first @(r) powers of the primitive they are all a reduced residue set modulo n, we only need to show that n. modulo congruent are no two that relatively prime to n, and (rk,n):1 i t f o l l o w sf r o m p r o b l e m8 o f S e c t i o n2 ' 1 t h a t Since G,n):1, prime to n ' relatively all for any positive integer k. Hence, these powers are that To show that no two of these powers are congruent modulo n, assume ri = r/ (mod n ) . (mod Qfu))' However' for From Theorem 8.2, we see that i = i (mod = i d(n)) implies / I < t ( O(n) and 1 < j < 0h), the congruence n. This modulo congruent are powers that i : j . Hence, no i*o of these D r. modulo showsthat we do have a reduced residue system Note that 2 is a primitive root modulo 9, since Example. first 22 = 4,2t = g, and 26 = I (mod 9). From Theorem 8.3, we see that the are These 9. modulo system residue :6 powers of 2 form a reduced OO) (mod = (mod 9), 7 24 (mod = 9), 8 23 (mod = 9), 4 22 9), Zt = 2 (mod = (mod 9). 1 9), and 26 2s = 5 a primitive root, it usually has many primitive When an integer possesses roots. To demonstratethis, we first prove the following theorem' Theorem 8.4. If ord-a : / and if r,l is a positive integer, then o rd - (a " ) : t l Q ,D . v:(t,u), Proof. Let J:ord-(a"), (r yu1) : l. that know Proposition2.1, we

t:tvv,

and u:tltv'

From

Note that (a")t':

( a r ' , ) Q l v ): ( a t ) u ' :

I ( m o d r n) ,

since ord.^a : t. Hence, Theorem 8.1 tells us that s I tr' On the other hand, since (a \t

: e u s = I (mo d rn ),

we know that I I zs. Hence, tp

I u1vs, slld consequently,tt | ,tt.

Since

236

Primitive Roots

Q6u):

l , u s i n gL e m m a 2 . 3 , w e s e et h a t / , | ". N o w , s i n c es I t r a n d t , I r , w e c o n c l u d et h a t , s : I t: proves the result. tr

t/v : t/(t,u). This

We have the following corollary of Theorem g.4. Corollary 8.2. I et r be a primitive root modulo z where m is an integer, m 2 r. Then r' is a primitive root modulo m if and,only if (u,o(d ) : l: Proof. From Theorem 8.4, we know that ord,^r' : ord^rf (u,ord*r)

: Q ( m ) / f u , 0 @. D

consequently, ord- ru : efu), onlyif (u,Q(m)) : t. D

and ru is a primitive root modulo m, if and

This leads immediately to the following theorem. Theorem 8.5' If the positive integer m has a primitive root, then it has a total of Q@fu)) incongruent primitive roots. Proof. Let r be a primitive root modulo rn. Then Theorem 8.3 tells us that the integers r, 12,...,vbh) form a reduced residue system modulo ,,. From Corollary 8.2, we know that r" is a primitive root modulo rn if and only if (u , a( *) ) : l. s i n c e th e re u t" r* " " i l y o @ @)) such i ntegersa, there are exactly 0@@)) primitive roots modulo ru. tr Example. Let m: 11. A little computationtells us that 2is a primitive root m odulo 11. s inc e l l h a s a p ri mi ti v e ro o t, w e know that 11 has a@ ol )) :4 incongruent primitive roots. It is easiry seen that 2, 6,7, and g are four incongruent primitive roots modulo I l.

8.1 Problems 1. Determine the a) order of 2 modulo 5 b) order of 3 modulo l0

c) order of l0 modulo 13 d) order of 7 modulo 19.

237

8.1 The Order of an Integer and Primitive Roots

2.

Find a primitive root modulo

il4 b)5 c) l0

d) 13 e) 14 f) 1 8 .

3.

Show that the integer 12 has no primitive roots'

4.

How many incongruent primitive roots does 13 have? Find a set of this many incongruent primitive roots modulo 13.

5.

Show that if dis an inverseof c modulo n, then ordna:

6.

Show that if n is a positive integer and a and 6 are integers relatively prime to n : ordna'ordnb' such that (ordna, ordnD) : l, then ord'(ab)

7.

when Find a formula for ordn Gil if a and b are integers relatively prime to n ordna and ordrb are not necessarily relatively prime'

ordnd.

g.

Decide whether it is true that if n is a positive integer and d is a divisor of Qh), then there is an integer a with ordna : d.

g.

Show that if a is an integer relatively prime to the positive integer m and ord^a : s/, then ord^at : s .

10. Show that if m is a positive integer and a is an integer relatively prime to z such that ord^a - tlt - 1, then rr is prime. I 1. Show that r is a primitive root modulo the odd prime p if and only if ,e_D/e *

I (modp)

for all prime divisors q of P-1.

12.

Show that if r is a primitive root modulo the positive integer m, then i is also a primitive root modulo m, if i is an inverse of r modulo m '

1 3 . Show that ordp 2 ( 2'*1, where Fn : 2T * I is the nth Fermat number. 1 4 . Let p be a prime divisor of the Fermat number Fn:2v a)

Show that ordo2 :Zn*r.

b)

From part (a), conclude that 2n+r | (p-1), z"+rk + l.

* l'

so that p must be of the form

15.

: n and Let m: an - 1, where a andn are positiveintegers. Show that ordra conclude that n I O@).

16.

a)

Show that if p and q are distinct odd primes, then pq is a pseudoprime to and ordo2 | Q-D. the base 2 if and only if ordo2 | 0-t)

b)

Use part (a) to decide which of the following integers are pseudoprimes to the base 2: 13'67, 19'73,23'89,29'97.

238

PrimitiveRoots

1 7 . Show that if p and q are distinct odd primes, then pq is a pseudoprime to the base 2 if and only if MoMo:

(2p-r)ei-D

ir" prrriJoprime to the base 2.

1 8 . There is a method for deciphering messagesthat were enciphered by an RSA

cipher, without knowledge of the deciphering key. This method is based on iteration. Suppose that the public key ie,il ir"o ro. enciphering is known, but the deciphering key (d,il is not. To decipher a ciphertext block C, we form a s e q u e n cCet , C z , C 3 , . . . s e t t i n g C r = C " ( m o d n ) , 0 < C 1 1 n a n d C ; + 1E C7Y(mod n), 0 < Ci+t 1 n for j - 1,2,3,.... a)

Show that C1 = Cd (mod n), 0 1 C1 1 n.

b)

Show that there is an index such that C1: C and Cj_t : p, where p is 7 the original plaintext message. Show that this indei 7' is a divisor of ord,61n,1e

c)

Let n:47'59 and e :17. to the ciphertext 1504.

Using iteration, find the plaintext corresponding

(Note: This iterative method for attacking RSA ciphers is seldom successfulin a reasonable amount of time. Moreover, the primes p and q may be chosen so that this attack is almost always futile. See pioblem l3 of Section g.2.) 8.1 Computer Projects Write projects to do the following: l.

Find the order of c modulo rn, when a and m are relatively lntegers.

2 . Find primitive roots when they exist. 3 . Attempt to decipher RSA ciphers by iteration (see problem g). r

8.2 PrimitiveRootsfor primes In this section and in the one following, our objective is to determine which integers have primitive roots. In this ,..tion, we show that every prime has a primitive root. To do this, we first need to study porynomial congru"nces. Let c is a c is a also a

f (x) be a polynomial with integer coefficients. We say that an integer root of f (x) modulo m it f(c) = 0 (mod z). It i, *ryio rr. that if root of f (x) modulo m, then every integer congruent to c modulo m is root.

Example. The polynomial f (i : x2 * x * t has exactly two incongruent roots modulo T,namely x = 2 (mod 7) andx = 4 (mod 7).

239

8.2 PrimitiveRoots for Primes

Example. The polynomial gG) : x7 * 2 has no roots modulo 5. Example. Fermat's little theorem tells us that if p is prime, then the polynomial hQ) - rP-t - t has exactly p-l incongruent roots modulo p, n a m e l yx = I , 2 , 3 , . . . ,P - l ( m o dP ) . We will need the following important theorem concerning roots of polynomials modulo p where p is a prime. + afi * cs be a Lagrange'sTheorem. Let f (x) : arxn + an4xn-r * coefficient an leading with potyno.nial of degree n with integer coefficients and p. modulo roots noi Oiuirible by p. Then f k) has at most n incongruent rt : l' Proof. To prove the theorem, we use mathematical induction' When s olution p r s a m o d u l o o f atx I aowithp f c1. A root /G) * e h a u ef ( ; : -as since (mod 3'7, Theorem p). By 2 of the linear congruence a 1x is there that so one solution, (a1,p): l, this linear congruencehas exactly : l ' n for true is theorem exactly one root modulo p of f G). Clearly, the - l' and Now supposethat the theorem is true for polynomials of degree n by let fk) U" a polynomial of degree n with leading coefficient not divisible p' modulo roots incongruent f I n has polynomial G) ihe that p. Assume f :0 ,1,,...,,fl . W e have s? r!cs , c r , , . . , c sn,o t hat f k ) = 0 (mo d p ) fo r k

rG)- rGo) ]] i .,a_ii',[.,,", =i:l:'_-,iirr;.,:,;'y,"_;,;;q "+

ar)y(x-cs) (xn-z * x'-3cg* * a1(x-cs) + : ( x -c s )g (x ),

+ xcfi-3 + c6-2')

- | with leading coefficient a,. we where g(x) is a polynomial of degree n g(x) modulop. Letk be an integer, are all roots of now show that c r,cz,....,cn : : (mod (c) we have p), 0 1 < k ( r. Sincef G) f : (ct -co)skt) = 0 (mod P) ' f Gr,) f (rr) : 0 (mod p), since gk) know that Corollary 2.2, we From This shows p' c1,- co# 0 (modp). Hence, c1 is a root of g(x) modulo - | and has a leading that the polynomial g(x), which is of degree n coefficient not divisible by P, has n incongruent roots modulo p' This contradicts the induction hypothesis. Hence, f G) must have no more than n incongruent roots modulo p. The induction argument is complete' tr We use Lagrange's theorem to prove the following result.

240

PrimitiveRoots

Theorem 8.6. Let p be prime and let d be a divisor of p-1. polynomial xd - I has exactly d incongruent roots modulo p. Proof. Let p-l

Then the

: de. Then

xP-r- | : (xd-1;1"d(e-t) a rdG-D I : (xd-l)g(x) .

* x, * l)

From Fermat's little theorem, we see that xP-r - I hasp-l incongruent roots modulo p. Furthermore, from Corollary 2.2, we know that any root of xP-t - I modulo p is either a root of x7 - I modulo p or u rooi of g(x) modulo p. Lagr ange' st h e o re m te l l s u s th a t g (x ) h as at most dG-l ): p - d - | roots modulo p. Since every root of xP-r - I modulo p that is not a root of - I modulo p, we know that the g(x) modulo .p must be a root of xd poly nom ial x d - | h a s a t l e a s t Q -D d i ncongruent roots Q-d-r): modulo p. On the other hand, Lagrange's theorem tells us that it has at most d incongruent roots modulo p. Consequently, xd - I has precisely d incongruent roots modulo p. tr Theorem 8.6 can be used to prove the following result which tells us how many incongruent integers have a given order modulo p. Theorem 8.7. Let p be a prime ancl let d be a positive divisor of p-1. Then the number of incongruent integers of order d modulo p is equat to o@). Proof. For each positive integer d dividing p-1, let F@) denote the number of positive integers of order d modulo p that are less than p. Since the order modulop of an integer not divisiblebyp dividesp-1, it follows that p-l : d lp-l

From Theorem6.6,we knowthat p-l : dlp-r

We will showthat F(d) < O@) when d I e-D. with the equality

dlp-r

dlp-r

This inequality,together

241

8.2 Primitive Roots for Primes

implies that F (d) : O@) for each positive divisor d of p-1.

If F(d) :0, it is clear that F(d) < O@). Otherwise, L e t d l b-l). of orderd modulop. Sinceotdra : d, the integers a integer is an there a, a2t .", Qd

are incongruent modulo p. Furthermore, each of these powers of a is a root - (ad)k = | (modp) for all positive of *d -1 modulo p, since bk)d - I has exactly d integers k. From Theorem 8.6, we know that xd incongruent roots modulo P, So every root modulo p is congruent to one of these powers of a. However, from Theorem 8.4, we know that the powers of l' There are exactly a with order d are those of the form a& with (kd): if there is one consequently, and d, O@) such integers k with I < k < exactly be p, must there 0U) such positive element of order d modulo 'd(d). integerslessthan d. Hence, FU) < Therefore, we can conclude that F (d) : OU), which tells us that there are precisely O@) incongruent integers of order d modulo p ' D The following corollary is derived immediately from Theorem 8'7' Corollary 8.3. Every prime has a primitive root' Proof. Let p be a prime. By Theorem 8.7, we know that there ate |Q-l) modulo p. Since each of these is, by incongruent integers of order p-l primitive roots. p has 6Q-l) definition, a primitive root, The smallest positive primitive root of each prime less than 1000 is given in Table 3 of the APPendix.

8.2 Problems 1. Find the numberof primitive rootsof the followingprimes: a)

b) c) 2.

3.

7 l3 t7

d) e) f)

19 29 47.

-r Let r be a primitive root of the prime p with p = | (mod 4)' Show that also a primitive root.

is

: I (mod 4), there is an integer x such that Show that if p is a prime and p -l (Hint: (modp). Use Theorem 8.7 to show that there is an integer x x2 = of order 4 modulo P.)

242

PrimitiveRoots

4 . a) b)

5 . il

6.

Find the number of incongruent roots modulo 6 of the polynomialx2 - x. Explain why the answer to part (a) does not contradict Lagrange's theorem. Use Lagrange's theorem to show that if p is a prime and is a /(x) polynomial of degree n with integer coefficients and more than n roots modulo p, then p divides every coefficientof /(x).

b)

Let p be prime. Using part (a), show that every coefficient of the p o l y n o m i afl ( x ) : ( x - l ) ( x - D . . . ( * - p + l ) - x p - t + I i s d i v i s i b t e b yp .

c)

Using part (b), give a proof of Wilson's theorem. (Hint: constant term of f (x).)

Find the least positive residue of the product of a set of d(p_t) primitive roots modulo a prime p.

Consider the incongruent

7 . A systematic method for constructing a primitive root modulo a prime p is outlined in this problem. Let the prime factorization of ee) : q\'q'; q',, whereQr, ez, ..., qt areprime.

: p-l

be

p-l a)

Use Theorem 8.7 to show that there are integers d1, a2,...,a, such that o r d r a t : q ' i , o r d r a 2 : q | , . . . , o r d o a ,: q : , .

b)

Use problem 6 of section 8.1 to show that a : aflz-.. a, is a primitive root modulo p.

c)

Follow the procedure outlined in parts (a) and (b) to find a primitive root modulo 29.

8 . Let the positive integer n have prime-power factorization n:

pl,pi,...p?. Show that the number of,incongruent bases modulo n for *tti.tt n is a pseudoprimeto that base is I (n -1, pi-D .

9 . Use problem 8 to show that every odd composite integer that is not a power of 3 is a pseudoprimeto at least two basesother than i l.

1 0 . Show that if p is prime and p :2q

! l, where q is prime and a is a positive integer with I 1 a I p-1, then p -a2 is a primitive root modulo p.

I l.

il

Suppose that /(x) is a polynomial with integer coefficientsof degree n-1. Let x1,x2,...,xn be n incongruent integers modulo p. Show that for all integers x, the congruence

.f k) i-t

i-_t,

t^rold^s' is an inverse of xj-xi (mod n ). This technique -.*h"1". F for finding f (x) modulo p is called Lagrange interpolation.

243

8 .3 Th e E x is t enc e o f P ri mi ti v e R o o ts

b)

Find the least positive residue of /(5) modulo 1l if /(x) is a polynomial of -S,f Q) = 2,andf G) = 4 (mod l1). d e g r e e3 w i t h f 0 )

12. In this problem, we develop a threshold scheme for protection of master keys in a computer system, different than the scheme discussed in Section 7.6. Let f (x) be a randomly chosen polynomial of degree r-1, with the condition that K, the master key, is the constant term of the polynomial. Let p be a prime, such that p > K and p ) s. The s shadows krkz, ..., k, are computed by finding the least positiveresidueof f G) modulo p for i :1,2,..., s where xt,xz,...,.xr are randomly chosenintegers incongruent modulo p, i.e., ki = f(x;)

(modp), o (

k; ( p,

for; a)

Use Lagrange interpolation, described in problem I l, to show that the master key K can be determined from any r shadows.

b)

Show that the master key K shadows.

c)

4x3+xz+ Let fG): t:4, and s:7. p:47, Let K:33, 3lx + 33. Find the seven shadows correspondingto the values of /(x) at 1 , 2 , 3 , 4 , 5 , 6a,n d 7 .

d)

Show how to find the and / (4) .

cannot be determined from less than r

key from the four shadows f 0), f Q), f Q),

13. Show that an RSA cipher with enciphering modulus n: pq is resistant to attack l, I and q:2q'* b y i t e r a t i o n ( s e e p r o b l e m 1 8 o f S e c t i o n8 . 1 ) i f p : 2 p ' + where p' and q' are primes. 8.2 Computer Projects Write programs to do the following: 1.

Find a primitive root of a prime using problem 7.

2.

Implement the threshold schemegiven in problem 12.

8.3 The Existenceof Primitive Roots In the previous section,we showed that every prime has a primitive root. In this section, we will find all positive integers having primitive roots. First, we will show that every power of an odd prime possessesa primitive root. We begin by consideringsquaresof primes. Theorem 8.8. If p is an odd prime with primitive root r, then either r or

244

PrimitiveRoots

r * p is a primitive root modulo p2. Proof. Since r is a primitive root modulo p, we know that

ordrr:0Q):p-1. Let n : ordozr,so that

r'=

I (modp2).

since a congruencemodulo p'obviously holds modulo p, wa have rn = I (modp). From Theorem 8.1, it follows that p-l:

ordrrl n.

On the other hand, Corollary g.l tells us that

nlOQ2):p(p-t). Since n I p(p-t) and p-l I n,, either n : p-l o r n : p ( p - l ) . If n : p (p-l), then r is a primitive root modulop2, since ordrrr : Q(pz). Otherwise, we haven : p-1, so that

(s.1)

rP-t=1(modp2).

Let s : r+p. Then, sinces E r (mod p), s is also a primitive root modulo p. Hence, ordo"r equals either p-l or p (p-l). we will show that ordo,r * p-1. The binomial theorem tells us that . r p- r : ( r t p) o -r

: 7 p -t + Q _ D ro -rp z

* 1p;I)rr_rp, +

v 4 -t + (p -D p .rP-2 (mod p2).

Hence, using (S.t), we seethat sP-r = I + (p-l)p.70-2:

l - prp-z (modp2).

From this last congruence,we can conclude that sp-t# l (modp2). To see this, note that if 5P-l : l^(mod p2), then prp-z = 0 (modp2). This last congruence implies that rp-2 = 0 (mod p), which is impossible, since

245

8 .3 Th e E x is t enc e o f Pri m i ti v e R o o ts

: p tr , (remember r is a primitive root of p). Hence, ordrus : a p' ' r*p is a primitive root of Consequently,s O $\.

p (p -l)

:

Example. The prime p :7 has r : 3 as a primitive root. From the proof of :49' si nce Th e o rem8. 8, we s eet h a t r : 3 i s a l s o a p ri mi ti v e ro ot modul op2 rP-t - 36 + I (mod 49) ' We note that it is extremelyrare for the congruence rP-t = I (modp2) to hold when r is a primitive root modulo the prime p. Consequently,it is very seldom that a primitive root r modulo the prime p is not also a primitive root modulo p'. The smallestprime p for which there is a primitive root that is not also a primitive root modulo p2 is p : 497. For the primitive root l0 mo d u l o 487, we hav e 10486: 1 (mod 4872). Hence, l0 is not a primitive root modulo 4872,but by Theorem 8.8, we know that 497: 10 + 487 is a primitive root modulo 4872. We now turn our attention to arbitrary powersof primes. Theorem 8.9. Let p be an odd prim e, then pk has a primitive root for all positive integers ft . Moreover, if r is a primitive root modulo p2, then r is a primitive root modulo po, for all positiveintegersk. Proof. From Theorem 8.8, we know that p has a primitive root r that is also a primitive root modulo P2, so that

(8.2)

rp-t # 1 (modp2).

Using mathematicalinduction,we will prove that for this primitive root r,

(8.3)

yn'-'$-t) 1 I (m o d p ft)

for all positive integersk. Once we have establishedthis congruence,we can show that r is also a primitive root modulo pk by the following reasoning. Let n : ord6r. From Theorem 6.8, we know that n I OQ\: h a n d , s inc e

O*-r(p-l).

On the other

246

PrimitiveRoots

7n -

I (modpk),

we also know that rn = I (modp). Fr om T heor em 8 .1 , w e s e e th a t p -l : 6 e ) r, and | n. B ecausee-D l n I o*-rQ-I), we know that n:'p'(p-l), w h ' e r el i s a n i n t e g e rs u c h t h a t 0 ( r ( k-t. If n: p'(p-l) with/ < k-2, then 7p'-2(p-t): (7p'@-t)1r'-rn:

l (mod pk),

whic h would c o n tra d i c t (8 .3 ). H e n c e , ordotr : pk-t b-D Consequently,r is also a prirnitive root modulo pk.

: oeo).

All that remains is to prove (8.3) using mathematical induction. The case of k:2 follows from (8.2). Let us assumethe assertionis true for the positive integerk>2.Then 7 n t-t(t_ t)# l (mo dpk). since G,p) : l, we know that (r,pk-t) : 1. consequently, from Euler's theorem,we know that vPL-2(o-D :

Therefore,there

,Q(Pk-tt

an integer d such that y o ' -' Q -t): I * d p k-t,

wherep trd, sinceby hypothesisyP'-'(P-t)* t (moApk). W e take the pth powerof both sidesof the aboveequation,to obtain, via the binomial theorem, yP'-'(P-l)

-

0 + dp*-t1o | + p@pt-r, * (|)o'Urk-t)2 +

* (dpk-t1n

| * dpk (modpo*'). Sincep I d, we can conclude that ,.P^-'(P-r) # I (mod po*t). completesthe proof by induction. tr Example. From a previous example, we know that r : 3 is a primitive root

247

8.3 The Existenceof PrimitiveRoots

: 3 is also a primitive modulo 7 and 72. Hence, Theorem 8.9 tells us that r root modulo 7k for all positive integers k. It is now time to discusswhether there are primitive roots modulo powers of Z. We first note that both 2 and 22: 4 have primitive roots, narnely 1 and 3, respectively. For higher powers of 2, the situation is different, as the following theorem shows;there are no primitive roots modulo these powers of 2. Theorem 8.10. If a is an odd integer, and if k is an integer, k ) : e 2 ' -' : a O QL )/2

3, then

1 (mo d 2 k).

We prove this result using mathematical induction. If a is an odd integer, then a : 2b t 1, where b is an integer. Hence,

proof.

a 2 : ( 2 b + 1 ) 2:

4 b 2+ 4 b * I : 4 b $ + 1 ) + 1 .

Since either b or b * 1 is even, we see that 8 | 4b (b + l), so that a2 :- I (mod 8). This is the congruenceof interestwhen k :3. Now to complete the induction argument, let us assumethat a2'-' = I (mod 2k) . Then there is an integer d such that e2'-': l+d'zk. Squaring both sides of the above equality, we obtain e 2 ' -' : | + d 2 k + r q 4 2 2 zk. This yields e2'-'= 1 (modzk+r), which completes the induction argument. n Theorem 8.10 tells us that no power of 2, other than 2 and 4, has a primitive root, since when a is an odd integer, ord2ta # OQk) , since a6Q')lz : 1 (mod 2k) . Even though there are no primitive roots modulo 2k for k > 3, there always is an element of largest possible order, namely OQ\ I 2, as the following theorem shows.

248

PrimitiveRoots

Theorem 8.11. Let k 7 3be an integer. Then o r d 2 . 5: O ( Z k ) D : 2 k - 2 . Proof. Theorem 8.10 tells us that 52'-' = I (mod 2k). for k 2 3. From Theorem 8.1, we see that ordr.S I Z*-2. Therefore, if we show that ordr.5 | 2l"-t , we can conclude that ord2.5- 2k-2. To show that ordr,S tr 2k-3, we will prove by mathematical induction that fork)3, 52,-'= | + 2k_t *

I (mod 2k).

For k : 3. we have

5:l+4(mod8). Now assumethat

52'-': l+zk-I (mod2ft). This meansthat thereis a positiveintegerd suchthat S 2 ' - ' _ ( 1+ 2 k - r ) + d Z k . Squaringboth sides,we find that 52'-': (l + 2k-t)2 + 20 + zk-t)dZk + (dzk)z so that 52,-,= 0 + 2k-r)2 : | + 2k + 22k-2 :

I + 2t (mod Zk+\ .

This completesthe induction argument and showsthat ordr'5 : O(2k)/2' tr We have now demonstratedthat all powers of odd primes possessprimitive roots, while the only powers of 2 having primitive roots are 2 and 4. Next, we determine which integers not powers of primes, i.e. those integers divisible by two or more primes, have primitive roots. We will demonstrate that the only positive integers not powers of primes possessingprimitive roots are twice

249

8.3 The Existenceof PrimitiveRoots

powers of odd primes. We first narrow down the set of positive integers we need consider with the following result. Theorem 8.12. If r is a positive integer that is not a prime power or twice a prime power, then n does not have a primitive root. Proof. Let n be a positive integer with prime-power factorization

,-p\,p'i...p';. Let us assume that the integer n has a primitive root r. This means that (r,n ) : I and or dn r :6 h ). Si n c e (r,n ) : l , w e know that (r,p' ) : l , wheneverpt is one of the prime powers occurring in the factorization of r. By Euler's theorem, we know that ro@') :

I (mod P) .

Now let U be the least common multiple of Q(p'r), OQ'il,..-,0(p';), i-e.

u : [oQ\'),aQ'il,...,0b'il1. SinceObh I U, we know that ru = t (modP,l') we seethat for i : l, 2 ,...,m . From this last congruence, ordrr:6Q)
Qh) : oi\'p?''' p';): 6(p't')o7'il

ob';l'

This formulafor d(n ) and the inequality$fu) < U imply that

ob'il\. oQ\')o,'il''' oa'il ( td(p'r'),oQ';)'..., Since the product of a set of integers is less than or equal to their least common multiple only if the integers are pairwise relatively prime (and then the less than or equal to relation is really just an equality), the integers Q(p'r'),0$';),..., OQ';) must be pairwise relatively prime'

250

Primitive Roots

We notethat e(pt) : rt-r(p-l), so that ee,) is evenif p is odd,or if p : 2 and t > Z. Hence,the numberse(p'r'),Oe'il,..., Oe,;\ are not p air wis er elat iv e l yp ri m e u n l e s sm: I a n d n i s a pri mspow er o, * :2 and the factorization of n is n : 2p', where p is an odd prime and / is a positive integer. tr

We have now limited considerationto integers of the form n : 2p,, where p is an odd prime and r is a positive integer. We now show that all such integers have primitive roots. Theorem 8.13. rf p is an odd prime and r is a positive integer, then 2pt possesses a primitive root. In fact, if r is a primitive root modulopt, then if r is odd it is also a primitive root modulo 2pt, while if r is even, r * pt is a primitive root modulo 2pt. Proof. If r is a primitive root modulo pt , then rob') = I (modp,), and no positive exponent smaller than 6(pt) has this property. From Theorem -6.4, we note that O(zp') : 0Q) 66t7 : e(p,), so that ,6(2n') 1 (mod p') . If r is odd, then ,o(zp')= I (mod 2). Thus, by corollary 3.2, we see that rQQp';: I (mod 2p,). since no smaller power of r is congruent to I modulo 2pt , we conclude that r is a primitive root modulo 2pt . On the other hand, if r is even, then r * p ' (r + P'10{zP')

Hence,

I (mod 2)

Since r * p' = r (mod p'), we see that G * pt )QQP')

I (mod p' )

Therefore, (r + ot1oQfl: I (mod 2p'), and as no smaller power of r *pr is congruent to 1 modulo 2pt , we conclude that r * p' is a primitive root modulo 2p'. rt Example. Earlier

this section we showed that 3

a primitive root modulo

8.3 The Existenceof PrimitiveRoots

251

7t for all positive integers /. Hence, since 3 is odd, Theorem 8.13 tells us that 3 is also a primitive root modulo 2'7t for all positive integers /. For instance, 3 is a primitive root modulo 14. positive Similarly, we know that 2 is a primitive root modulo 5' for all * 5t is a integers/. Hence, since 2 + 5t is odd, Theorem 8.13 tells us that 2 primitive root modulo 2.5t for all positive integers f. For instance,2T is a primitive root modulo 50. Combining Corollary 8.3 and Theorems8.9, 8.12,8.13, we can now describe which positive integers have a primitive root. Theorem 8.14. The positive integer n possessesa primitive root if and only if fr :2,4, p', or 2pt, where p is an odd prime and / is a positive integer.

8.3 Problems l.

Which of the integers 4,10,16,22and 28 have a primitive root?

2.

Find a primitive root modulo a) b)

3.

c) d)

r72 D2.

Find a primitive root, for all positive integers k, modulo a) b)

4.

lf B2

3k lle

c) d)

l3k nk.

Find a primitive root modulo a)6c)26 18 b)

e)

338.

5.

Find all the primitive roots modulo 22.

6.

Show that there are the same number of primitive roots modulo 2pt as there are of p' , where p is an odd prime and r is a positive integer.

7.

Show that if rn has a primitive root, then the only solutions of the congruence x2 = I (mod m) are x E t I (mod z).

252

PrimitiveRoots

8.

Let n be a positive integer possessinga primitive root. Using this primitive root, prove that the product of all positive integers less than n and relatively prime to n is congruent to -l modulo n. (When n is prime, this result is Wilson's Theorem.)

9.

Show that although there are no primitive roots modulo 2& where k is an integer, k > 3, every odd integer is congruent to exactly one of the integers (-1)"50, where a:0 or I and B is an integer satisfying0 < B ( 2ft-2-1.

8.3 Computer Projects Write computer programs to do the following: l.

Find primitive roots modulo powers of odd primes.

2.

Find primitive roots modulo twice powers of odd primes.

8.4 Index Arithmetic In this section we demonstrate how primitive roots may be used to do modular arithmetic. Let r be a primitive root modulo the positive integer m (so that m is of the form describedin Theorem 8.14). From Theorem 8.3, we know that the integers r, 12, 13

form a reduced system of residuesmodulo nr. From this fact, we see that if a is an integer relatively prime to m, then there is a unique integer x with 1(x46@)suchthat r'

a (modm).

This leads to the following definition. Definition. Let m be a positive integer with primitive root r. If a is a positive i n t eger wit h ( a, m): l , th e n th e u n i q u e i n t eger x w i th I (x(d(z) and r* = a (mod m) is called the index of a to the base r modulo m. With this definition, we have a - ,ind'a (mod m ). If x is' the index of a to the base r modulo m, rhen we write x : indra, where we do not indicate the modulus m in the notation, since it is assumed"to be fixed. From the definition, we know that if a and b are integers relatively prime lo m and a = b (mod m), then ind,a : indrb. Example. Let m : 7. We have seen that 3 is a primitive root modulo 7 and

253

8 .4 l n dex A r it hm eti c

(mod7), 3 r = 3 ( m o d 7 ) , 3 2 = 2 ( m o d 7 ) , 3 3= 6 ( m o d 7 ) , 3 4 = 4 that (mo d = ( m od 7 ). I 5) . and 3 6 35= 5 Hence, modulo 7 we have i n d 3 l : 6 , i n d t2 : 2 , i n d l 3 : 1, i n d 3 4: 4 , i n d r5 : 5 , i n d r6 : 3. With a different primitive root modulo 7, we obtain a different set of indices. For instance,calculationsshow that with respectto the primitive root 5, i n d 5 l : 6 , i n d s 2: 4 , i n d s 3: 5, ind54 : 2, ind.55: l, inds6 : 3. We now develop some properties of indices. These properties are somewhat similar to those of logarithms, but instead of equalities, we have congruences mo d ulo6@) . Theorem 8.15. Let m be a positive integer with primitive root r, and let a and b be integersrelativelyprime to m. Then ( i) (ii) (iii)

ind, l = 0 (mo d Q fu )). ind,Gb) = ind,a * ind,b (mod O@)) -la. ind,a (mod 6h)) if k is a positive integer. ind,ak

Proof of G). From Euler's theorem, we know that ,6(m): I (mod z). Since r is a primitive root modulo m, no smaller positive power of r is congruentto 1 modulo rn. Hence, ind,l : 6(m) = O (mod Qfu)) . Proof of (ii). indices,

To prove this congruence, note that from the definition of ,ind'Qil :

ab (mod ,,, )

and ,ind,a*ind,b-

,ind,o

,ind,b = Ab (mOd ,, ).

Hence, ,ind,Gb) =

7ind,a

* ind,D

(mod

rn ).

Using Theorem 8.2, we concludethat in d ,(a b ) :

i n d ,a * i n d ,b (m o d 6@ )).

254

PrimitiveRoots

Proof of Gii). To prove the congruence of interest, first note that, by definition, we have -: ,ind',ar ak (mod m ) and ,k'ind'a

(rind'o)P :

=

(mod rn).

ak

Hence, ,ind,aL =

rk'

ind'o

(mod

rn ).

Using Theorem 8.2, this leads us immediately to the congruence we want, namely ind,ak

-

ft. ind,a (mod 6fuD,

a

Example. From the previous examples,we see that modulo 7, ind52: 4 and i n d 5 3 : 5 . S i n c eA Q ) : 6 , p a r t ( i i ) o f T h e o r e m8 . 1 5 t e l l su s t h a t i n d 5 6- i n d s 2 . 3 : i n d s 2t i n d 5 3: 4

t 5:9

= 3 ( m o d6 ) .

Note that this agreeswith the value previously found for ind56. From part (iii) of Theorem 8.15, we seethat ind53a= 4'inds3 = 4.5 : 20 = 2 (mod 6). Note that direct computation gives the same result, since i n d 5 3 a- i n d s Sl - i n d s4 : 2. Indices are helpful in the solution of certain types of congruences. Consider the following examples. Example. We will use indices to solve the congruence 6xr2 : I 1 (mod 17). We find that 3 is a primitive root of 17 (since 38 = -l (mod l7)). The indicesof integersto the base 3 modulo l7 are given in Table 8.1. a ind3a

I

2

3

16 14 I

4

6

7

8

9

r2 5 l 5

5

ll

l0

2

10 1l 3 7

t2

13 l4

t5

16

l3

4

6

8

9

Table8.1. Indicesto the Base3 Modulo 17. Taking the index of each side of the congruenceto the base 3 modulo 17, we obtain a congruencemodulo d(t7) : 16, namely

255

8.4 Index Arithmetic

in d 3 (6 x r2 )= i n d 3 l| :' l

(m o d 16).

Using (ii) and (iii) of Theorem 8.15, we obtain :, (mod 16). ind3( 6x r 2)- i n d 3 6* i n d 3 (x 1 2 ) 1 5 + 1 2 ' i nd3x Hence, 15+12'ind3x=7(mod16) or 12'ind3x=8(mod16). Using Corollary 3.1, upon division by 4 we find that ind3x : 2 (mod 4). Hence, ind3x :

2 , 6 , 1 0 ,o r 1 4 ( m o d 1 6 ) .

consequently, from the definition of indices,we find that x 2 3 2 , 3 6 ,3 t o o r 3 l a ( m o d 1 7 ) , (note

this that 32:- 9,36 : 15,310

17)' modulo holds congruence ( m o d t hat c o n c l u d e w e l 7 ) , 2 8, and 314:

Since

x 3 9 , 1 5 , 8 , o r 2 ( m o d1 7 ) . Since each step in the computations is reversible, there are four incongruent solutions of the original congruencemodulo l7' (mod 17). Example. We wish to find all solutionsof the congruence7'= 6 of this sides both When we take indices to the base 3 modulo 17 of congruence,we find that i n d 3 (7 ' ) :

i n d 3 6: 1 5 (m o d 16).

From part (iii) of Theorem 8.15, we obtain i n d 3 ( 7 ' ) : x ' i n d 3 7: l l x Hence.

(mod 16).

256

PrimitiveRoots

llx

:

15 (mod16).

Since 3 is an inverseof I I modulo 16, we multiply both sides of the linear congruence aboveby 3, to find that x = 3 . 1 5: 4 5 :

1 3 ( mod 16).

All stepsin this computationare reversible.Therefore, the solutionsof 7* = 6 (mod 1 7 ) are given by x = t3 (mod 16). Next, we discusscongruencesof the form xk = a (mod m), where m is a positive integer with a primitive root and (a,m) : l. First, we present a definition. Definition' lf m and k are positive integers and a is an integer relatively prime to ffi, then .we say that a is a kth power residue if * if the congruencexk = a (mod,m) has a solution. When z is an integer possessinga primitive root, the following theorem gives a useful criterion for an integer a relatively prime to m to be a kth power residue of m. Theorem 8.16. Let m be a positive integer with a primitive root. If k is a positive integer a1d o is an integer relatively prime to m, then the congruence xk = a (mod m) has a solutioriif and only-ii oQh)ld=l(modln) where d : (k,6(m)). Furthermore, if there are solutions of xk : a (mod m)' then there are exactly d incongruentsolutionsmodulo rn. Proof. Let r be a primitive root modulo the positive integer 17. We note that the congruence xk

(mod z)

holds if and only ( 8 .1 ) Now let d:

k ' i n d ,x ( k ,e (m))

i n d ,a (m o d 6@ )).

a n d y : i n d ,x , s o that x

(mod z ).

From

257

8 .4 In d ex A r it hm et ic

Theorem 3.?, we note that it d tr indra, then the linear congruence (8 .2 ) k y : i n d " o (m o d Q fu )) (8 has no solutions, and hence, there are no integers x satisfying l). If d lind'a, then there are exactly d integersy incongruentmodulo d(z) such that (8.2) holds, and hence,exactly d integersx incongruentmodulo z such rhat (8.1) holds. Since d I ind,a if and only if @@)/ilind,a

= o (mod Q(m)),

and this congruenceholds if and only if ooh)/d:1(modrz). the theorem is true. tr We note that Theorem 8.16 tells us that if p is a prime, k is a positive integer, and a is an integer relatively prime to p, then a is a kth power residue of p if and only if oQ-D/d: 1 (modp), where d : (k,p-l).

We illustrate this observationwith an example.

Example. To determine whether 5 is a sixth power residue of 17, i.e. whether the congruence x 6 = 5 (mo d 1 7 ) has a solution, we determine that 5 t6 /(6 ,1:6 ) 5 8 = -l

(m o d l 7).

Hence, 5 is not a sixth power residueof 17. A table of indices with respectto the least primitive root modulo each prime lessthan 100 is given in Table 4 of the Appendix. We now present the proof of Theorem 5.8. We state this theorem again for convenience. Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's te st for at m os t f u- l) / 4 b a s e sb w i th I < , 1 n -1 . We need the following lemma in the proof of Theorem 5.8.

258

PrimitiveRoots

Lemma 8.1. Let p be an odd prime and let e and q be positive integers. Then the number of incongruent solutions of the congruence x e - t = I ( m o dp r ) i s ( q , p r - r e - D . Proof' Let r be a primitive root of p' . By taking indiceswith respectto r, we see that x4: I (modp,) if and only if qy = 0 (mod 6e,D where y : ind'x . using Theorem3.j, we see that there are exactli e,6er)) incongruentsolutionsof gy :0 (mod|e"D. consequently,there are Q,6Q")) : (q,p'-tb-l)) incongruent solutions of xe = 1 {-oAp'). tr We now proceedwith a proof of Theorem5.g. Proof. Let n-l : 2't, wheres is a positiveinteger and,t is an odd positive integer. For n to be a strongpseudoprime to the baseD, either bt :

b2tt :

I (mod n )

-1 (mod n)

( s - l.

f o r s o m e i n t e g e r T w i t h 0( 7

bn-t=

Ineithercase,wehave

I (modn).

Let the prime-powerfactorizationof n be n : pi,pi, . . . p',,. From Lemma 8.1, we know that there are (n-r, p'/Qi-l)) : h-l,pi-l) incongruent solutionsof xn-r: I (modp7) , j :1,2,...,r. Consequently, the Chinese remaindertheoremtells us that thereare exactlv h-\,p1-l) fI solutionsof x'-l

= I (mod n ).

incongruent

j-r

To prove the theorem, we first consider the case where the prime-power flactorizationof n contains a prime power p[. with exponente* 2 2. Since

bo-D /pt : t/p't-t - t/p't < z/g (the largest possiblevalue occurswhen pj :3

and ei :2),

we seethat

259

8.4 Index Arithmetic

r

tu-r,pj-r)< fI Q;t) fI j -r ;:l

l+,r)

li-l

ll**

"+" Since

?"*f

0n-l) for n > 9 , we seethat r

u (n-l ,p,-l) (

(r -r)14.

j:r

Consequently,there are at most Q-Dla is a strong pseudoprimeto the base b. T h e o t h e r c a s et o c o n s i d e ri s w h e n n : distinct odd primes. Let

integersb, I < 6 ( n , for which n w h e r eP t , P z , . - . , Par r e

PPz"'P.

p t - | : 2 t' tr, i : 1 ,2 ,.. .,r, where s; is a positive integer and /; is an odd positive integer. We reorder the ( s, ' We note that primespr,p2,...,p,,(if necessary)so thatsr ( sz ( h-l,pi-l)

: 2*ink') (t,t,).

: (t,t;). From The number of incongruentsolutionsof x' = I (mod pi) is T solutions of incongruent 2il; are there problem 15 at the end of this section, * y''= - l ( m odp; ) w h e n O ( f ( s i -I, a n d n o sol uti onsotherw i se. H ence, i ncongruent u si n g t he Chines e r e ma i n d e r th e o re m , th e re a r e TrTz" ' 7, incongruent solutions of solutions of xt : I (mod n), and 2i' TrTz"'7, x/, = - 1 ( m od n) w h e n 0 ( 7 ( s 1 -1 . T h e re fo re,there area total of

[ ,,-' I

I

Z"'-t I

TrTz"' T, lt* > 2t'l- TrTz"' T,lt + .;; l,r-oJtL)

I

integers b with 1< D ( n-1, for which n is a strong pseudoprimeto the Uasetr. (We have used Theorem l.l to evaluatethe sum in the last formula.) Now note that

260

PrimitiveRoots

6h) : (pr-l) (pz-l)

(pr-l)

:

tiz

tr1t'*s'*

"' *s,

We will showthat

rrrz'" r,[,*ro] 2 ' ,-t

|

)

*,,r,ro,

which provesthe desired result. Because TrTz. . . 7, ( r1r, achieveour goal by showing that

(8.3)

*r,< r/4. [,*l'-t lrr',*',*'' z',-t | )

Since sr ( sz (

( s, , we seethat

tr, we can

' as, * Uf ( f^,* ''.'-t ,r',*',* f, f,r,,, 2 ' t | )' l . 2 ,- l J''

I

--

2"r-l 2"r(2, -l)

2",

:l++-l 2,-l

2"t

| 2'-l - -< l

I-

2rtr(2, -l)

2',-2 2"'(2'-l)

2r-r

From this inequality,we concludethat (s.r) is valid when r ( When r:2, w e h a v en : p p 2 w i t h p r | : 2 t r t 1 rr ( sz. If s1 ( s2, then (S.f) is againvalid, since

I

(

3.

and pz-l:2trtz,

with

''"

rt',-, I -L. I r ^ ) . . ?)/2',*',: +]/lz",z',-',) [t ['

:[+.#),,"-"

*+

W h e n s r : J 2 , w e h a v e( n - l , p r l ) : 2 ' T r and(n-l,pz-l):2tTz. Let us assume that pr ) pz. Note that T1 * t1, for if Tr: tr, then

261

8.4 Index Arithmetic

( p t - l ) I ( n - l ) , s ot h a t n : p r p z Z p z = 1 ( m o dp r - l ) , which impliesthat P2 ) Pr, a c o n tra d i c ti o n . S i n c e T1# t' 1 , we know that T r ( t r / 3 . S i m i l a r l v , l f t 1 pz then T2 # tr, so that 7"2( t2l3 . Hence, 7 ^2s, , I 2 '":t , w eh a v e T r T z4 t 1 2 / 3 , a n ds i n c el r * l/r"'* |

-,2 r, , l

: 6h)16, | < r t222"16

TtTzlr+ f lr)

proves

which

the

;

3)

t

theorem

for

this

final

case'

since

oh) /6 ( (n -r) /6 < (/,-r) /4. tr By analyzing the inequalities in the proof of Theorem 5.8, we can see that the probability that n is a strong pseudoprimeto the randomly chosenbase D, 1 < b ( n-1, is close to ll4 only for integers n with prime factorizations of t h e f o r m n : p r p 2 w i t hP r : | + 2 q 1a n d P z : I t 4 q 2 , w h e r e{ 1 a n d Q 2 a r e o d d p r i m e s , o r n : q f l z Q t w i t h P r : | + 2 q r ,P 2 : | * 2 q 2 , a n d pz: I t 2q3, wher e Q r,e z ,a n dq 3 a re d i s ti n c to d d pri mes (seeprobl em 16).

8.4 Problems l.

Write out a table of indices modulo 23 with respectto the primitive root 5.

2.

Find all the solutions of the congruences a) 3xs = I (mod 23)

3.

b) 3xta = 2 (mod 23).

Find all the solutionsof the congruences il

3' :- 2 (mod 23)

b) 13" = 5 (mod 23)'

4.

For which positive integers a is the congruence axa =

2 (mod 13) solvable?

5.

For which positive integers 6 is the congruence 8x7 :

b (mod 29) solvable?

6.

Find the solutionsof 2x = x (mod 13), using indices to the base 2 modulo 13.

7.

Find all the solutionsof x' :

8.

Show that if p is an odd prime and r is a primitive root of p, then ind,(p-|)

(p-r) /2.

x (mod 23). :

262

9.

Primitive Roots

Let p be an odd prime. Show that the congruence x4 = solution if and only if p is of the form gfr + l.

_l(modp)

has a

1 0 . Prove that there are infinitely many primes of the form 8ft*1.

(Hint: Assume that p6p2,...,pn are the only primes of this form. Let . . p)a+l . (ppz. e Show that Q must lave an odd prime factor different than j1p2,...,pn, and by problem 9, necessarilyof the form 8k+l .)

ll.

From problem 9 of Section 8.3, we know that if a is a positive integer, then there are unique integers a and B with a : 0 or I and 0 < B ( Z*-i-t such that a = (-l)" 5p (mod 2ft). Define the index system of a modulo 2k to be equal to the pair (a,B). a)

Find the index systemsof 7 and 9 modulo 16.

b)

Develop rules for the index systems modulo 2& of products and powers analogousto the rules for indices.

c)

Use the index system modulo 32 to find all solutions of j xs = I I (mod 32) and 3' = 17 (mod 32).

12. Let n : 2"p\'pj ' ' ' ph be the prime-power factorization of n. Let a be an integer relatively prime to n. Let r1,r2,...,r^ be primitive roots of pti,p'i,..., p';, respectively, and let 71 : ind", a (mod p'1), 72 : ind", a (mod ptl), (mod p'il. rc /o ( 2, let rs be a primitive root of 2t,,and let ...,1m:ind,.a : (mod ind,. a 2t). If ls 2 3,let (a,p) be the index systemof c modulo 2k, 7e (-l)'5P (mod 2t). Define the index system of a modulo n to be = so that a ( 1 o , 1 r , 7 2 , . . . , y ) i f t o ( 2 a n d ( a , 8 , 7 t , ^ 1 2 , . . . , 1i ^f )t o Z 3. a)

Show that if n is a positive integer, then every integer has a unique index system modulo n.

b)

Find the index systemsof 17 and 4l (mod lZ0) (in your computations, use 2 as a primitive root of the prime factor 5 of 120).

c)

Develop rules for the index systems modulo n of products and powers analogousto those for indices.

d)

Use an index system I lx7 : 43 (mod 60).

modulo

60

to

find

the

solutions

of

Let p be a prime, p ) 3. Show that if p =2 (mod 3) then every integer not divisible by 3 is a third-power, or cubic , residue of p, while if p : I (mod 3), an integer a isa cubic residueof p if and only i1 o@-t)/3: I (modp). Let e be a positive integer with e 7 2. il

Show that if ft is a positive integer, then every odd integer a is a kth power residue of 2" .

b)

Show that if /c is even, then an integer a isa /
263

8.5 PrimalityTests Using PrimitiveRoots

c)

kth Show that if /< is a positive integer, then the number of incongruent power residues of 2" is 2"-r

'

b.2) h,2"-2) (Hint: Use problem I 1.)

1 5 . Let N - 2ju be a positive integer with 7 a nonnegative integer and a an odd where s and t are positive integers with I positive integer and let p-l:2"/, - -l (modp) if (t,u) solutions of xN incongruent 2j aie there that Show odd. 0 ( ,l ( s-1, and no solutionsotherwise'

1 6 . a)

b)

b Show that the probability that n is a strong pseudoprime for a base (n-l)/4 a has n when only near randomly chosen with I < 6 < n-l is : and * Zqr | where ptPz n form Pr: prime factorization of the pz: | * 4qz with q1 and q, prime or n: PPtPt where Pt: | * Zqr, pz: | * 2qz,pt : | * 2q3with q r,Tz,Qtdistinct odd primes. Find the probability that n : 49939'99877 is a strong pseudoprime to the - l' base b randomly chosen with 1 < b < n

8.4 Computer Projects Write programs to do the following: l. Z.

Construct a table of indices modulo a particular primitive root of an integer. (mod nr) where Using indices, solve congruences of the form axb = c has a primitive where z ) and 0, ) 0, m with c are integers a,b,c,andm root.

3.

Find kth power residues of a positive integer m having a primitive root, where k is a positive integer.

4.

Find index systemsmodulo powers of 2 (see problem l1)'

5.

Find index systemsmodulo arbitrary positive integers (see problem l2).

8.5 Primality TestsUsing PrimitiveRoots From the conceptsof orders of integers and primitive roots, we can produce useful primality tests. The following theorem presentssuch a test. Theorem 8.f 7. If n is a positive integer and if an integer x exists such that xn-t = I (mod n) and

264

PrimitiveRoots

*G-t)/a#l(modn) for all prime divisors q of n - 1, then n is prime. Proof. Since xn-r: I (mod n), Theorem g.l tells us that ord,x | (n -l). we will show that ordrx : n - r. Suppose that ord,,x # n - l. Since ordrx | (n -t), there is an integer k with n - | : k.ordrx and since ordrx lnl , w e k n o w t h a t k > l . L e t q b e a p r i m e d i v i s o r o fk . T h e n *h-r)h

: *klqord,r: (xord.xS&/d= I (mod n).

However, this contradicts the hypothesesof the theorem, so we must have ordnx : n - l. Now, since ordnx ( O(n) and 6h) ( n _ l, it follows that Qh) : n - l. Recalling Theorem 6.2,we know that n must be prime. tr Note that Theorem 8.17 is equivalent to the fact that if there is an integer with order modulo n equal to n-\ , then n must be prime. We illustrate the use of Theorem 8.17 with an example. Ex am ple. Let n :1 0 0 9 . T h e n l l r0 0 8 : I (mod 1009). The pri me di vi sors o f 1008 ar e 2 ,3 , a n d 7 . w e s e e th a t rl t008/2:11504- -i (mod 1009), 1 1 1 0 0 8 /: 3 1 1 3 3 = 6 3 : 4 ( m o d 1 0 0 9 ) , a n d 1 1 l 0 0 t f: 1 1 1 4 _ 4 934 (mod l00g). Hence, by Theorem 8.17 we know that 1009 is prime. The following corollary of Theorem 8.17 gives a slightly more efficient primality test. Corollary 8.4. If n is an odd positive integer and if x is a positive integer such that *h-D/2

--l

(modru)

and ,h_r)/c*l(modn) for all odd prime divisors q of n - l, then n is prime. Proof. Since *b-r)/2:

- I (mod n), we see that

x r-r : 1 * b -D /2 1 2= (-l )2 = | (mod n). Since the hypothesesof Theorem 8.17 are met, we know that n is prime. D E x am ple. Let n :2 0 0 3 .

T h e o d d p ri m e d i vi sorsof n-l

:2002

are 7,l l ,

8.5 Primality Tests Using Primitive Roots

265

u:874 1 -1 (m o d 2 0 03), 52002/t S inc e 5 2 0 0 2 /25: 1 0 0 = an d 13. = .5T : 5154 52oo2/13 and (mo d 2 003) , lz ooz ,tr- 5 1 8 3 8 8 6 (m o d 2 0 0 3 ), : 633 (mod 2003), we seefrom Corollary 8.4 that 2003 is prime. To determine whether an integer n is prime using either Theorem 8.17 or - l' As we Corollary 8.4, it is necessaryto know the prime factorizationof n is a timeinteger have remarked before, finding the prime factorization of an consuming process. Only when we have some a priori information about the factorization of n - | are the primality tests given by these results practical. Indeed, with such information these tests can be useful. Such a situation occurs with the Fermat numbers; in Chapter 9 we give a primality test for these numbers based on the ideas of this section. It is of interest to ask how quickly a computer can verify primality or compositeness.We answer these questionsas follows. Theorem 8.18. If n is composite, this can be proved with O(logzilz) operations.

bit

Proof. If n is composite, there are integers a and b with | 1 a 1 fi, | < b 1 n, and n - ab. Hence, given the two integers a and b, we multiply a and,b and verify that n : ab. This takes O (logzn)2) bit operations and proves that n is comPosite. tr We can use Theorem 8.17 to estimatethe number of bit operationsneeded to prove primality when the appropriate information is known. Theorem 8.19. If n is prime, this can be proven using O((logzn)a) bit operations. Proof. We use the secondprinciple of mathematical induction. The induction hypothesis is an estimate for f h), where f h) is the total number of multiplications and modular exponentiationsneeded to verify that the integer n is prime. We demonstratethat

f b) ( 3 (lognltosD 2. First, we note that / (2) : q < n , t he inequalit y

l.

We assume that for all primes Q, with

f ( q ) ( 3 ( l o eq l t o s D- 2 holds.

266

PrimitiveRoots

To prove that n is prime, we use Corollary 8.4. Once we have the numbers 2o, qr,..., Qt, and x that supposedlysatisfy (i)

n-l:2oqfl2..

Qt,

(ii)

q; is prime for i : L, 2,..., t, (iii) *G-t)/2--l (modn), and (iv)

r(/.-t)/L = I (mod n), for i : l, 2,... t,

we need to do I multiplications to check (i), t * 1 modular exponentlatrons to check (iii) and (iv), and -f (q) multiplications and modular exponentiationsto check (ii), that q; is prime for i : I ,2,..., t. Hence.

fh):t*(r+t)+ifQ,) ( 2l + I + )

,

t-'

((l togq;fiogD - 2)

:t*(fnogDtoeQflz...Q) : Gflog2)log2qflz...q) - 2 ( (3/og z)log(Z'qfl2. . . q) - 2 : 3(log ntog D - 2 . Now each multiplication requires O ((logzil2) bit operationsand each modular exponentiation requiresO(logzd3) bit operations.Since the total number of multiplications and modular exponentiationsneeded is f h) : o (log2n), the total number of bit operations needed is oKlogzn)(log2n)3): o((logzn)a). n Theorem8.19 was discoveredby Pratt. He interpreted the result as showingthat everyprime has a "succinctcertificationof primality." It should be noted that Theorem8.19 cannot be used to find this short proof of primality, for the factorizationof n - | and the primitive root x of n are required. More informationon this subjectmay be foundin Lenstra[Zt]. Recently, an extremely efficient primality test has been developedby Adleman, Pomerance,and Rumely. We will not describethe test here becauseit relies on conceptsnot developedin this book. We note, that to

8.5 Primality Tests Using Primitive Roots

267

less than determine whether an integer is prime using this test requires log,logrlog,n to instance, (log2n;c bit operations, where c is a constant. For to just and 40 seconds determine whether a too-digit integer is prime requires just Even l0 minutes' determinewhether a 200-digit integer is prime requires amount of reasonable in a primality for checked be may a 1000-digit integer time, one week. Fo, more information about this test see [63] and [74].

8.5 Problems :2' Show that l 0 l i s p r i m e u s i n gT h e o r e m8 . 1 7 w i t h x : 3' 2 . Show that 257 rs prime using Corollary 8.4 with x l.

a J .

Show that if an integer x exists such that x2r:1

(mod F")

and

4.

*'r-l*

I (mod F,),

then the Fermat number Fn :2Y

* I is prime.

- | Let n be a positive integer. Show that if the prime-power factorization of n p i ' a n d f o r 7 : 1 , 2 , . . . , / , t h e r e e x i s t sa n i n t e g e rx y s u c h is n - l: pi'pi'..' that *|n-'t', *

1(modn)

and I (modn),

xi-t= then n is prime. 5.

Let n be a positive integer such that

n - l : m i r nj -ir' w h e r e m i s a p o s i t i v e i n t e g e r , o t , a 2 , . . . , a r A r e p o S i t i v e i n t e g e r S , a n d q t , Q 2 , . . . ,Q r are relatively prime integers greater than one. Furthermore, let br, b2,"', b, be positive integers such that there exist integers xt, xz,"', x, with

x,!-r and

--

I (mod n )

268

Primitive Roots

6'!'-t)/e'-l,n)

:

I

for;: 1 , 2 , . . . , r , w h e r e e v e r y p r i m e f a c t o r o f q ; i s g r e a t e r than or equal to b; f o r ; : 1 , 2 , . . . ,r , a n d

< ( r +jf- 1i u ? 1 , . Show that n is prime. 8.5 ComputerProjects write programsto showthat a positiveintegern is prime using l. T heor em8 .1 7 . 2. Corollary8.4. 3. Problem4. 4. Problem5.

8.6 Universal Exponents Let n be a positive integer with prime-power factori zation

, : p\,p,i

p,; .

If a is an integerrelatively primeto n, thenEuler'stheorem tellsusthat a A Q ' )= I ( m o d p t ) whenever pt is one of the prime powers occurring in the factorizatron of n As in the proof of Theorem 8.12, let

u : l6Qi'),07,il,...,ob,;)l, the leastcommonmultipleof the integers OQ! ), i : 1,2,...,m. Since

ohhlu f or i : 1, 2, . . . , n , u s i n g T h e o re m8 .1 w e s e ethat a u = t(m o d p ,1' ) for i : 1,2, ..., m. Hence,from Corollary 3.2, it follows that

269

8.6 UniversalExPonents

aU = I (modn). This leads to the following definition. Definition. A universal exponent of the positive integern is a Positiveinteger U such that a u = I (mo d n ), for all integers a relatively prime to n.

Example. Since the Prime Powerfactorization of 600 is 23'3'52, it follows t h a t u : l O Q 3 ) ,O ( : ) , d ( 5 2 ) l : 12,2,201 : 20 is a universal exponent of 600. From Euler's theorem, we know that d(n) is a universal exponent. As we is also a have already demonstrated,the integer (J - IAQ\),,0|'il,...,ybh)l p';. We are interested in finding the universal exponent of n: p'ip'; n. of smallest positive universal exponent Definition. The least universal exponent of the positive integer n is called the minimal universal exponent of n, and is denoted by I(n)' We now find a formula for the minimal universal exponent l,(n), based on the prime-power factorization of n. First, note that if n has a primitive root, then tr(n) - 6fu). of odd primes possessprimitive roots, we know that

Since powers

I(p') : 6(p'), whenever p is an odd prime and / is a positive integer. Similarly, we have tr(2): b(2): I and tr(4): O(4):2, sinceboth 2 and 4 have primitive roots. On the other hand, if t 2 3, then we know from Theorem 8.10 that a2'-' : 1(mod 2t) and ord, a :

2'-2, so that we can conclude that X(2t) : zt-z 1f t > 3.

We have found tr(r) when n is a power of a prime. Next, we turn our attention to arbitrary positive integers n ' Theorem 8.20. Let n be a positive integer with prime-power factorization

270

P ri mi ti ve R oots

, : 2'"p\'p'i

I

rm.

Then \(n ), the minimal universarexponentof n, is given by

tr(n) : h(2'.), eb'r,),..., Oe';)l, Moreover, there exists an integer a such that ord,na: ), (r), possibleorder of an integer modulo n. Proof. Let a be an integer with (a , n) :

the largest

l. For convenience,let

M - tr(zt), o(p'i),o7'il,..., Qbill . S inc e M is d i v i s i b l e b y a l l o f th e i ntegers X (2/g , e(p' r,) : x(pl ,), 6Q';l : ^(p';),..., QQil : xb'il, and since oxb') : t (moo p,) for all prime-powersin the factorization of n, we see that aM = l (modp,), wheneverp' is a prime-power occurring in the factorizationof n. Consequently,from Corollary 3.2, we can concludethat a M = I ( m o dn ) . The last congruenceestablishesthe fact that M is a universal exponent. We must now show that M is the least universal exponent. To do this, we find an integer a such that no positivepower smaller than the Mth powerof a is congruent to I modulo n. With this in mind, let r; be a primitive root of Pi

We considerthe systemof simultaneouscongruences x=3(mod2") x j11 (modpl') x : 12 (moa p';)

r- (mod p';). By the Chineseremainder theorem, there is a simultaneoussolution a of this system which is unique modulo n : 2'"p'ip'i p';: we will show that

271

8.6 UniversalExPonents

ordn a - M. that

such To prove this claim, assume that .l{ is a positive integer aN = I (modn).

Then, if pt is a prime-powerdivisor of n, we have aN = 1(modp'), so that ordo,c | .lf. we have But, since a satisfieseach of lhe m * I congruencesof the system, o rd o ,a: X(p t), we have for each prime power in the factorization. Hence, from Theorem 8'1,

\b,) | r{ for all prime powers p' in the factorization of n. Therefore, from Corollary

3.2.weknowthatM:

x(pti),...,xb';)l | /{' [tr(2"),\(p1'),

Since aM = I (modn) and MIN conclude that

w h e n e v e ra N = 1 ( m o d n ) , w e c a n

ordna : M. This shows that M - \(n) with ord, a : )r(n). tr

and simultaneously produces a positive integer a

Example. Since the prime-power factorization of 180 is 2232'5, from Theorem 8.20 it follows that x ( 18 0 ) : Io (2 2 ), o (3 2 ), d (5 ) | : 1 . 2,6, 4l : 12. To find an integer a with ordlsga : 12, first we find primitive roots modulo 32 5, and 5. For instance, we take 2 and 3 as primitive roots modulo 32 and solution a find we theorem, remainder Chinese the using Then, respectively. of the system of congruences

1=iiililil

272

Primitive Roots

obtaining a = 83 (mod 180). From the proof of Theorem g.20, we see that ord1ss83- 12. Ex am ple. Let n :2 6 3 2 5 .7 .1 3 .1 7 .1 9 -3 7 .7 3T.h en. w e have

\(n ) : [x(26), a(32),.d(5), oOD, d(I9), o(37),o(7rl : [,24,2.3, 22, 24, 2.32, 2232,23321 :24.32 : 144.

Hence, whenever a is a positive integer relatively prime to 2 6' 32' 5' 17' 17' rg ' 3 7 .7w3e k n o w th a t a t4 4: r ( moo 26.32.5.17.rg.37.37.7r. We now return to the Carmichael numbers that we discussed in Section 5.2. Recall that a Carmichael number is a composite integer that satisfies bn-r : I (mod n) for all positive integers D with (b, n) : r-. we proved that if rt : Q.r4z 4k, where Qv Q2,...,e* are distinct primes satisfying @i - 1) | tn-l) for i : r,2,...,,k, ih.n i it u carmichaer number. Here, we prove the converseof this result. Theorem 8.21. rf n ) 2 is a carmichael number, then n : Qtez yh.r-. ^the - q;'s are distinct primes such that (qi - r)'l'(n-rl j : 1 , 2 , . . .k, .

Qk, i;;

Proof. If n is a Carmichael number, then br-t :

I (mod n )

for all positiveintegers6 with (b,n): l. Theorem 8.20 tells us that there is an integer a with ordna : X(n), where I(n) is the minimal universal exponent,and sincean-r = I (mod re), Theorem g.l tells us that

r(n)l(n_l). Now n must be odd, for if n was even, then n-l would be odd, but even (sincen ) 2), contradictingthe fact that ),(n) (r-l). |

tr(n ) is

We now show that n must be the product of distinct primes. Suppose has r a prime-powerfactor pt with t>2. Then rQ') :0(p')

: pt-t (p-l) | x(n) : n-t.

This implies that p | (n-l), which is impossiblesincep n.Consequently, n I must be the product of distinct odd primes, say

273

8.6 UniversalExPonents

tt :

QtQz

We conclude the proof by noting that \(qi) : O(q) : (qi-D

Qtc'

I r(n) :

n-l'

E

Carmichael We can easily prove more about the prime factorizations of numbers. different odd Theorem 8.22. A Carmichael number must have at least three prime factors. just one prime Let n be a carmichael number. Then n cannot have So assume primes. factor, since it is composite, and is the product of distinct p>q' Then that n : pq, where p and q are odd primes with (p-Dq + Q-1) = q-l + 0 (modp-l)' pq-l: n-l:

proof.

Hence, n cannot be a Carmichael number which shows that (p-l) I (n -l) E factors. prime just different two if it has

8.6 Problems l.

n Find tr(n). the minimal universal exponent of n, for the following values of

il b) c) d)

100 r44 222 884

e) 2n3t'52'7 f ) 2 s 3 2 ' 5 2 ' 7 3l'2l ' 1 3 '1 7 ' 1 9

e) 1o! h) 20!.

2. Find all positiveintegersn suchthat tr(n) is equalto

02

d)4 e)5

c)3

CI6.

a)l

3. Find the largestintegern with tr(z) : 12. 4. Find an integerwith the largestpossibleorder modulo a) 12 b) ls c) 20

d) 36 e) 40 f) 63.

274

Primitive Roots

5 . Show that if m is a positive integer, then tr(rr) divides 6fu) . 6. show that if m and n are rerativery prime positive |r(mn) : [tr(re), tr(n)].

integers, then

7. Let n be the largest positive integer satisfying the equation ),(n ) : a, where c is a fixed positive integer. Show that if la is another solution of tr(z) : a,then m dividesn.

8 . Show that if n is a positive integer, then there are exactly d(I(n)) integers with maximal order modulo z.

incongruent

9 . Show that if a and m are relatively prime positive integers, then the solutions of the congruence ax = b(mod m) x = at'(m)-tb (mod m ).

are

the

integers

x

such

that

1 0 . show that if c is a positive integer greater than one, then the integers l' ,2' ,-.-, (m-l)' form_a complete system of residuesmodulo m if and,only if z is square-freeand (c,tr(m )) : l.

ll.

a)

Show that if c and m are positive integers then the congruence x" = r (mod m) has exactly

(l + (c-t , Obi)) fI j-l incongruent

solutions,

m : pi'pi, . .. p:.. b)

where

Show that x' = x(mod z) (c-1, 6(m)) :2.

m

has

prime-power

has exactly 3, solutions if

factorization

and only if

12. Use problem l1 to show that there are always at least 9 plaintext messages that are not changed when encipheredusing an RSA cipher.

1 3 . Show that there are no carmichael numbers of the form 3pq where p and q are primes.

t 4 . Find all carmichael numbers of the form 5pq where p and q are primes. 1 5 . Show that there are only a finite number of carmichael numbers of the form fl : pqr, where p is a fixed prime, and q and r are also primes.

1 6 . Show that the deciphering exponent d for an RSA cipher with enciphering key (e,n) can be taken to be an inverseof e modulo ),(n) .

8.6 Computer Projects Write programs to do the following: l.

Find the minimal universal exponent of a positive integer.

8.7 Pseudo'RandomNumbers

2. ;j"O

""

275

exponent of integer with order modulo n equal to the minimal universal find all positive integers n with minimal universal

3.

Given a positive integer M, exponent equal to M.

4.

Solve linear congruencesusing the method of problem 9'

8.7 Pseudo-RandomNumbers of Numbers chosen randomly are often useful in computer simulation generating for method some simulations, perform complicated phenomena. To means for random numbers is needed. There are various mechanical use' computer for ineffficient are these but generating random numbers, One preferable' is arithmetic computer Instead, a systematic method using by Von such method, called the middte ' square method, introduced we start numbers, random four-digit generate To Neumann, works as follows. to number this square We 6139. say number, with an arbitrary four-digit second the as 6873 digits four middle the tuk. *. obtain 37687321',and of random random number. We iterate this procedure to obtain a sequence a new obtain to four-digits middle the removing and numbers, always squaring number (ttre four-digit of a square one. preceding the random number from considered has eight or fewer digits. Those with fewer than eight digits are of 0') digits initial adding eigtrt-digit numbers by not Sequences produced by the middle-square method are' in reality, entire the known, is number randomly chosen. When the initial four-digit appears ,"qu.n.. is determined. However, the sequenceof numbers produced simulations. computer for useful to be random, and the numbers produced are The integers in sequencesthat have been chosen in some methodical manner, but appear to be random, are called pseudo-random numbers. It turns out that the nriddle-square method has some unfortunate weaknesses. The most undesirable feature of this method is that, for many choices of the initial integer, the method produces the same small set of numbers over and over. For instance,starting with the four-digit integer 4100 and using the middle-square method, we obtain the sequence 8 1 0 0, 6100, 2100,41 0 0 , 8 1 0 0 , 6 1 0 0 , 2 1 0 0 ,... w h i ch onl y gi ves four di fferent numbers before rePeating. The most commonly used method for generating pseudo-randomnumbers is called the linear congruential method which works as follows. A set of integerst/t, e, c, and xs is chosenso that m ) 0, 2 < a 4' m, 0 < c 4 m' The sequence of pseudo-random numbers is defined and 0 ( xo ( z.

276

Primitive Roots

recursivelyby xn+r 3 axn * c (mod m),

0 ( xr+r 1 r/t,

fo r f t : 0, 1, 2, 3 ,... . We c a l l m th e mo dul us, a the mul ti pl i er, c the increment, and xs the seed of the pseudo-random number generator. The following examplesillustrate the lineai congruential method. Example. With m:12, a-3, c:4, and r0:5, we obtain xt E 3'5 + 4=7 (mod12),so that xr: j. Similarly, we find that x2: 1, s i n c ex z = 3 . 7 + 4 : I ( m o d I 2 ) , x 3 : 7 , s i n c e x : E 3 . 1+ 4 = 7 ( m o d l 2 ) , and so on' Hence, the generator producesjust three different integers before repeating. The sequence of pseudo-iandom numbers obtained is 5,7,I,7,1,7,1,.... With frt : 9, e : '1, c : 4, and x0 : 3, we obtain the sequence 3, 7, 8, 6, l, 2, 0, 4, 5,3,... . This sequence contains g different numbers before repeating. The following theorem tells us how to find the terms of a sequence of pseudo-randomnumbers generated by the linear congruential method directly from the multiplier, the increment, and the seed. Theorem 8.24. The terms of the sequence generated by congruential method previously describedare given by X1,

akxo+ c(ak-l) /(a-l)

the

linear

( m o dl a ) , 0 ( x r 1 m .

Proof. We prove this result using mathematical induction. For k : l, the formula is obviously true, since rr E axs* c (mod m),0 ( xr 1m. Assume that the formula is valid for the ftth term. so that x* z akxo + c(ak-l)/b_l)

xk+t

*c

(modt?t), 0 ( xr I

(modz),

0(xr+r

m.

1t/t,

we have xr+r s a(akxs+ c(ak-l)/fu-l)) = a k + t x o* c ( a G k - l ) / G - t ) = a k + l x o* c ( a k + r - D / G - D

+ c + t ( m o dz ) ,

which is the correct formula for the (k+t)ttr term. This demonstrates that the formula is correct for all positive integers k. tr

277

Numbers 8.7 Pseudo-Random

The period length of a linear-congruential pseudo-random number generator is the maximum length of the sequenceobtained without repetition. We note that the longest possible period length for a linear congruential generator is the modulus m. The following theorem tells us when this maximum length is obtained. Theorem 8.25. The linear congruential generator produces a sequence of period length m if and only if (c, m) : l, a = 1 (mod p) for all primes p dividing m, and a = | (mod 4) if a | ^. Because the proof of Theorem 8.25 is complicated and quite lengthy we omit it. For the proof, the reader is referred to Knuth t561. The case of the linear congruential generator with c : 0 is of special interest becauseof its simplicity. In this case, the method is called the pure multiplicative congruential method. We specify the modulus la, multiplier a, and seed xs. The sequenceof pseudo-randomnumbers is defined recursively by xnal -

axo (mod m), 0 1 xn+t 1 m.

In general, we can expressthe pseudo-randomnumbers generatedin terms of the multiplier and seed: --xn a'xo (mod m), 0 1 xn+t 1 m. If { is the period length of the sequenceobtained using this pure multiplicative generator,then f is the smallest positive integer such that x s :- a [x s (m o d l a ). If (xo, m) : l, using Corollary 3.1, we have oI=1

(modz).

From this congruence,we know that the largest possibleperiod length is tr(lrr), where X(rz) is the minimal universal exponentmodulo z. For many applications, the pure multiplicative generator is used with the modulus m equal to the Mersenne prime M3r:23r - l. When the modulus m is a prime, the maximum period length is rn -1, and this is obtained when a is a primitive root of rn. To find a primitive root of M 31 that can be used with good results, we frrst demonstratethat 7 is a primitive root of M t. Proposition 8.1. The integer 7 is a primitive root of M31:23r-1.

278

PrimitiveRoots

Proof. To show that 7 is a primitive root of M31- )31 showthat

it is sufficientto

( m o dM t )

,wt'-Dh 1y

for all prime divisors q of Mt-r. with this information, we can conclude that ord2r,,7 : My-|. To find the factorizationof M31_1, we note that My-l

: 2 3 1- 2 :

2(230-l) : 2(215-t)(Zl5+t)

: z(zs-t)(2to+2s+t) (zs+t) (210-zs+t) : 2.32-7 1. 1 3l . I 5 1 . 313. If we show that ,(Mrr_t)/q

q-

I (mod M y)

f o r q : 2 , 3 , 7 , I l , 3 1 , l 5 l , a n d 3 3 1 ,then we know that 7 is a primitive root of M31 - 214748364j. Since 7{Mil-t)/2 7(Mrrt)13 7(M\-Dn t)/rr 7(Mr 7(Mrfr)/3r 7(M,t-r) /rsl 7(Mrft)/33r

2147483646 + rsr347773s + 12053628s + 1969212174 +

s t 2+

s35044134 + 1 7 6 1 8 8 s 0+8 3

I (mod M y) 1(mod M t) 1(mod M t) I (mod M y) I (mod M y) 1(mod M z) I (mod M y)

we see that 7 is a primitive root of M31. E In practice' we do not want to use the primitive root 7 as the generator, since the first few integers generated are imall. Instead, we find a larger primitive root using Corollary 8.2. We take a power of 7 where the exponent i s r elat iv elypr im e _to M 3 ;r. F o r i n s ta n c e ,s ince (s, Mrr-1): l , corol l ary 8 . 2 t e l l s u s t h a t 7 5 : 1 6 8 0 7 i s a l s o a p r i m i t i v er o o t . s i n c e ( l 3 , M r r l) : l, another possibility is to use 7t3 : 2s22462g2 (mod Mt) as the multiplier. We havely touched briefly on the important subject of pseudo-random numbers' For a thorough discussion of the generation and statistical propertiesof pseudo-randomnumbers see Knuth tse t.

8.7 Problems l

Find the sequence of two-digit pseudo-random numbers generated using the middle-squaremethod, taking 69 as the seed.

279

8 .7 Ps eudo- Random N u mb e rs

by 2. Find the first ten terms of the sequenceof pseudo-random numbers generated : 6 and xn+r z the linear congruential method with x0 What is the period length of this generator?

5x, * 2 (mod 19)'

generated by 3 . Find the period length of the sequenceof pseudo-random numbers :2 the linear congruential method with x6

and xn+t 7 4xn * 7 (mod 25)'

of 4 . Show that if either a : 0 or a - I is used for the multiplier in the generation

pseudo-random numbers by the linear congruential method, the resulting numbers' ."qu.n"" would not be a good choice for a sequenceof pseudo-random length .m, where 5 . Using Theorem 8.25, find those integers a which give period -:axn I c (mod m), (r, i) : l, for the linear congruential generator xnal where

a) b) 6.

c) d)

m:1000 nr - 30030

m : 106-l m :225-1.

be Show that every linear congruential pseudo-random number generator can increment with generator congruential linear a of terms in simply expressed c : 1 and seed 0, by showing that the terms generated by the linear congruential = generator xn+r7 axn * c (mod lrt), with seed xe, can be expressedas xn ? : ( m o d y o : 0 ' a n d ( a 1 ) m ) , * c ( m o d x o l n + t b m), where 6 y, + xo aln* I (modln).

7 . Find the period length of the pure multiplicative pseudo-random number generator xn Z cxn-r (mod 231-l) when the multiplier c is equal to

a)z b)3

c)

4

e)

13.

d)s

8 . Show that the maximal possibleperiod length for a pure multiplicative generator -3 QXn (mod 2"), e 2 3, is 2'-2. Show that this is obtained of the form xnal -: (mod 8). t3 when a way to generate pseudo-random numbers is to use the Let m be a positive integer. Two initial integers x6 and x1 generator. Fibonacci less than m are specified and the rest of the sequenceis generated recursively by 0 ( xn+r 1 m' the congruolce.r2al :- xn * xn-1 (mod rn),

9 . Another

Find the first eight pseudo-random numbers generated by the Fibonacci g e n e r a t o rw i t h m o d u l u sn : 3 l a n d i n i t i a l v a l u e sx 0 : I a n d x t : 2 4 .

1 0 . Find a good choice for the multiplier a in the pure multiplicative pseudo-random number generator xn+rZ axn (mod l0l). that is not too small.) ll.

(Hint: Find a primitive root of 101

Find a good choice for the multiplier c in the pure multiplicative pseudo-random number generator xn i axn-r (mod 22s-1). (Hint: Find a primitive root of

280

PrimitiveRoots

225-l and then take an appropriate power of this root.) 12. Find the multiplier a and increment c of the linear congruential pseudo-random number generator xn+rt axn * c (mod 1003), 0 ( xn+r < 1003, if xs: l, x 2 : 4 O 2 , a n dx 3 : 3 6 1 . 13. Find the multiplier a of the pure multiplicative pseudo-random number generator xnal- QXn (mod 1'000), 0 ( xn11 < 1000, if 313 and 145 are consecutive terms generated. 8.7 Computer Projects Write programs to generate pseudo-randomnumbers using the following generators: l.

The middle-sequencegenerator.

2.

The linear congruential generator.

3.

The pure multiplicative generator.

4.

The Fibonacci generator (see problem 9).

8.8 An Application to the Splicing of TelephoneCables An interesting application of the preceding material involves the splicing of telephonecables. We base our discussionon the exposition of Ore [28], who relates the contents of an original article by Lawther [70], reporting on work done for the SouthwesternBell TelephoneCompany. To develop the application, we first make the following definition. Definition. Let m be a positive integer and let a be an integer relatively prime to m. The + I - exponent of a modulo ru is the smallest positive integer x such that et

+ I (mod rn ).

We are interested in determining the largest possible + 1 - exponent of an integer modulo m; we denote this by },s(rn). The following two theorems relate the value of the maximal + I - exponent trs(z) to }.(m ), the minimal universal exponentmodulo rz. First, we consider positive integers that possessprimitive roots. Theorem 8.26. lf m isa positiveinteger,m ) 2, with aprimitive root, then the maximal *l - exponenttrs(rn) equals0@) / 2: )r@) / 2.

8.8 An Applicationto the Splicingof TelephoneCables

281

Proof. We first note that if m has a primitive root, then \(z) : 6(m). From problem 5 of Section 6.1, we know that g(m) is even, so that 0@) I Z is an integer, if m ) 2. Euler's Theorem tells us that I (mo d l z), o o tu ) :1 o a tu ) l z l z for all integersa with (a,m) : 1. From problem 7 of Section8.3, we know that when m has a primitive root, the only solutions of x2 = I (mod m) are (modru). Hence, x=-tl sfh) l2:

t

|

( m o dz ) .

This implies that

\s(r,)(d(z)lz. Now let r be a primitive root of modulo m with f I - exponent e. Then re = t

|

(m o d l a ),

so that r2'=

1 (modz).

Since ord^r : 6(m), Theorem 8.1 tells us that 6fu) | 2e, or equivalently, that (6(m) /D I e. Hence, the maximum +l - exponentL6(z) is at least Consequently, Q@) / Z. However, we know that l(rn ) 4 6fu) /2.

l , s ( r z r ) :6 f u ) / 2 : \ f u )

/2. tr

We now will find the maximal + I - exponent of integers without primitive roots. Theorem 8.27. lf m is a positive integer withciut a primitive root, then the maximal +1 - exponent \6(rn) equals I(m), the minimal universal exponent of m. Proof. We first show that if a is an integer of order )t(m) modulo z with + I - exponente such that ottu)/2# _t (mod z), then e : X(z). Consequently,once we have found such an integer a, we will have shown that ),q(tn) : tr(lz). Assume that a is an integer of order xfu) such that

modulo m with + I - exponent e

282

PrimitiveRoots

o)'tu)/2 # -r

(mod ru).

Since o" = + I (mod rn ), it follows that az, = I (mod z). From T h e o r e m8 . 1 , w e k n o w t h a t > r f u ) l 2 e . s i n c e x @ ) a n d e ( \(z), l2e either e:t(m)/2 or e:x(m). To see that er\,(m)/2, note that a e : - + 1 ( m od ln ), b u t o ),@ )/2* I (m o d rn), si nce ord^o:\(m), and o>'(-)/z # -t (mod z) , by hypothesis. Therefore, we can conclude that if o rd. a : ) r ( m ) , a h a s + l - e x p o n e n t e , and a, = _l (mod z), then e : h,(m). We now find an integer a with the desired properties. Let the prime-power factorization of m be m - 2'op'r' p'; . . . p'r'. we consider several cases. We first consider those rn with at least two different odd prime factors. Among the prime-powers p!' diriding ffi,, let pl be one with the smallest power of 2 dividi"g Obh. Let ri be a primitive root of p',, for i: 1,2,...,s. Let a be an integer satisfying the simultaneouscongruences (mod 2')

Q:5

alri

o-ri )

(mod pj') for all i with i # j

(moap!).

Such an integer a is guaranteed to exist by the Note that

remainder theorem.

ord.a: [I(2tg, Ob','),..., Oe!) / 2 , . . . , 6 Q b 1 , ,. and, by our choice or^ pl, we know that this least common multiple equals ) (mod \,(m). e:rjp!), we know that otb/) /' = (modp!). ',!(P'j' l

I

Because Oeh / z I x@) / z,weknowthat It(d /2 - t (modp!),

so that otr(*)/' * -t

(mod rn ).

Consequently,the + I - exponentof a is I(z). The next case we consider deals with integers of the form rn - 2toott where p is an odd prime,tr2l a n d t o ) 2 , s i n c em h a sn o p r i m i t i v er o o t s . When to: 2 or 3, we have

8.8 An Application to the splicing of Telephone Gables

283

x ( , n :)1 2 ,e Q \ ' ):l d Q i ' ) . Let. a be a solution of the simultaneouscongruences (mod4) a=l a t

r

(mod p'i),

: lr(m) ' Because where r is a primitive root of p'1'. We seethat ord- a 1 (mo d 4 ), o x @ )/2 we know that o x (n )/2 + _ l (m o d ru ). (z)' Consequently,the +1 - exponentof a is f When ts 2

,,let a be a solutionof the simultaneouscongruences a=3 -: r a

(mod2t') (mod p'il;

We see the Chinese remainder theorem tells us that such an integer exists.

: ordthat " ^::,:;,:':',i :i:':';:,*ll;:'l

',::';, ""n"'

Thus, /2 + _t ox('.'.)

(mod rc),

of a is tr(rn). so that the 1l - exponent F i n a l l y ,w h e n m : 2 ' o ord-5 : X(na),but

8.tl we know that with ts2 3, from Theorem

/4 - 1 (mod8). /2 = 152)0(m) 5r(nr) Therefore,we seethat ) / , + _ 1 ( m o dr u ) ; 5r(m we concludethat the +1 - exponentof 5 is l(lz)' This finishes the argument since we have dealt with all caseswhere m not have a primitive root. tr

284

PrimitiveRoots

We now develop a system for splicing telephone cables. Telephone cables are made up of concentric layers of insulated copper wire, as illustrated in Figure 8.1, and are produced in sectionsof specifiedlength.

Figure8.1. A cross-section of one layer of a telephonecable.

Telephone lines are constructed by splicing together sectionsof cable. When two wires are adjacent in the same layer in multiple sections of the cable, there are often problems with interference and crosstalk. Consequently,two wires adjacent in the same layer in one section should not be adjacent in the same layer in any nearby sections. For practical purpose,the splicing system should be simple. We use the following rules to describethe system. Wires in concentric layers are spliced to wires in the corresponding layers of the next section, following identical splicing direction at each connection. In a layer with m wires, we connect the wire in position j in one section, where I < i ( rn to the wire in position S(j) in the next section,where S(i) is the least positive residue of I + (j-l)s modulo m. Here, s is called the spread of the splicing system. We see that when a wire in one section is spliced to a wire in the next section, the adjacent wire in the first section is spliced to the wire in the next section in the position obtained by counting forward s modulo m from the position of the last wire spliced in this section. To have a one-toone correspondencebetween wires of adjacent sections, we require that the spread s be relatively prime to the number of wires z. This shows that if wires in positions j and k are sent to the same wire in the next section, then .S(j) : S (k) and

8.8 An Applicationto the Splicingof TelephoneCables

I + (j-l)s

:

I + (k-l)s

285

( m o dz ) ,

so that js = ks (mod m ). Since (m, s) : l, from Corollary 3.1 we seethat j = k (mod z ), which is imPossible. Example. Let us connect 9 wires with a spread of 2. correspondence

I *l 4-7 7 -4

2-3 5*9 8*6

We have the

3*5 6-2 9-8.

This is illustratedin figure8.2.

Figure8.2. Splicingof 9 wireswith spreadof 2. The following proposition tells us the correspondenceof wires in the first section of cable to the wires in the n th section. Proposition 8.2. Let S'(7) denote the position of the wire in the nth section spliced to the 7th wire of the first section. Then .S'(j) = I + (7-l)s'-r

(modz).

Proof. For n : 2, by the rules for the splicing system, we have s 2 (j ) :

I + (r-l )s

(mo d rn ),

so the proposition is true for n : 2. Now assumethat S'(j) Then,

:

I + (7-1)sn-r (modla).

the next section, we have the wire in position S'(7)

spliced to the

286

PrimitiveRoots

wire in position gn+r(r) = I + (,Sr(,r)-t),

=li f1;i)',*dm) This shows that the proposition is true. D In a splicing system, we want to have wires adjacent in one section separated as long as possible in the following sections. After n splices, Proposition8.2 tells us that the adjacentwires in the 7th and j+l th positions are connected to wires in positions Sr(j) = I + (7_l)s, (mod rn ) and ,s'(j+l): I t jsn (mod m), respectively.These wiies are adjacent in the n th section if, and only if, .S' (i ) - S ' i n (i + t) :

r

|

(mod m).

or equivalently, (t + (j-l)s')

- (l+7sn) = + I

(modln),

which holds if and onlv if sn:

tl

(modm).

We can now apply the material at the beginning of this section. To keep adjacent wires in the first section separatedas long as possible, we should pick for the spreads an integer with maiimar + l - .^ponrnt \o(n). Example. with 100 wires, we should choose a spread s so that the f I exponentof s is ro(too) : ^,(100) : 20. The appropriate computationsshothat s : 3 is such a spread.

8.8 Problems l.

Find the maximal t I - exponent of a) b) c)

2.

t7 22 24

d) 36 e) 99 f) 100.

Find an integer with maximal * I - exponent modulo

il 13

il2s

8.8 An Application to the Splicing of Telephone Cables

e) 3 6 f) 6 0 .

b) 14 c) t5 3.

Devise a splicing scheme for telephonecables containing a)

4.

50 wires

b)

76 wires

c)

125 wires.

Show that using any splicing system of telephone cables with ln wires arranged in a concentric layer, adjacent wires in one section can be kept separated in at most [ @-l) / 2] successivesectionsof cable. Show that when lz is prime this upper limit is achievedusing the system developedin this section.

8.8 Computer Projects Write programs to do the following: 1. Findmaximal tl 2.

287

-exPonents.

Develop a scheme for splicing telephonecables as describedin this section.

Quadratic Residues

9.1 Quadratic Residues Let p be an odd prime and a an integer relatively prime to p. In this chapter, we devote our attention to the question: Is a a perfect square modulo p? We begin with a definition. Definition. If m is a positive integer, we say that the integer a is a quadratic residue of m if (a,/k) : I and the ctngruence ,, = a (mod m) has a solution. If the congruence x2 = a (moa d has no solution, we say that a is a quadratic nonresidue of m. Example. To determine which integers are quadratic residues of I l, we co m put e t he s q u a re s o f th e i n te g e rs r ,2, 3,...,r0. w e fi nd that ' ^

1 2 : 1 0 2 : t ( m o dt t ) , 2 2= 9 2 : i t , n o O - i i i , 3 2 : g 29 ( m o dl l ) , 42: '12:5 (modll), and 52: 62= t frnoJrrl. Hence, the quadratic

re s iduesof I I a re I, 3 , 4 , 5 , a n d 9 ; th e i ntegers 2, 6,7, g, and 10 are quadratic nonresiduesof I l.

Note that the quadratic residuesof the positive integer m arejust the ftth power residuesof m with /<:2, as defined in Section 8.4. We will show that if p is an odd prime, then there are exactly as many quadratic residues as quadratic nonresiduesof p among the integlrs r,2,...,p r. To demonstrate this fact, we use the following lemma. Lemma 9.1. Let p be an odd prime and a an integer not divisible by p. Then, the congruence

288

289

9.1 QuadraticResidues

x2= a (modp) has either no solutionsor exactly two incongruent solutionsmodulo p. Proof. lf x2 : c (mod p) demonstrate that x : -r0 (-xo )': *& = c ( m o d p ), -x s ( m od p) , fo r xo # ( m od p) . T h i s i s 2 xo :0

has a solution, say x : xo, then we can easily is a second incongruent solution. Since w e s e e th a t -x s i s a sol uti on. W e note that we have then x o E -xs (mod p), if (since p xo i m Po s s i b l esince p is odd and tr

x & = a ( m o d p )a n dp t r a ) . To show that there are no more than two incongruent solutions,assumethat x : xo and x : xt are both solutions of x2 = a (mod p). Then, we have x & = x ? = a ( m a d p ) , s o t h a t x & - x ? : (xo*x r) (xo-x r) = 0 (mod p). so that x | :- -xe (mod P) or or pl(xo-xr), Hence, pl(xs+x1) xr E xe (mod p). Therefore,if there is a solution of x2 = a (mod p), there are exactly two incongruent solutions. tr This leads us to the following theorem. Theorem 9.1. If p is an odd prime, then there are exactly Q-l)12 quadratic residues of p and Q-l) /2 quadratic nonresiduesof p among the integers 1 , 2 , ' . ' , p- l ' Proof. To find all the quadratic residuesof p among the integers 1,2,...,p-l we compute the least positive residuesmodulo p of the squaresof the integers 1,2,...,p - l. Since there are p - | squares to consider and since each congruencex2: c (mod p) has either zero or two solutions,there must be exactly Q-D/2 quadraticresiduesof p among the integers 1,2,...,p-1. The are positive integers less than p-l remaining p-l - (p-l)/zQ-l)lZ quadratic nonresiduesof p. tr The special notation associatedwith quadratic residues is described in the following definition. Definition. Let p b e a n odd prime and a an integer not divisible by p. Legendre symbol

frl

The

is defined by

L'J f,l _ { IrJ l. -l

I if a is a quadratic residue of p if a is a quadratic nonresidueof p.

I o I Example. The previousexampleshowsthat the Legendresymt' o r s

Itt ,J'

290

Q:

QuadraticResidues

l,

2,...,10,have the following values:

lrl :lrl :fol[",l-[,,l:[,J:

: [+][#]:'

lal :fgl :f'l-f'l-f'ol , [,' ,l- [u ,J:[" ,l: l" ,J:l" ,l:-r we now present a criterion for deciding whether an integer is a quadratic residueof a prime. This criterion is useful in demonstratingpropertiesof the Legendresymbol. Euler's criterion' Let p be an odd prime and let a be a positive integer not d iv is ibleby p. T h e n r

I

ob-D/27^odp).

lgl=

lp ) Proof. First, assume that

rl l* | lp )

: t Then,thecongruence x2 : a (modp)

has a solution,say x : ro. Using Fermat'slittle theorem,we seethat ob-r)/2 Hence, if

G l 1 < n - r t t ' :* B - t = t ( m o d p ) .

know that

-

o b -t)/2(modp).

Now consider the case where

: - t Then, the congruence l* I x.2= a (modp) hasno solutions.o-i?{.orem 3.7,for eachintegeri such that I t < p-1, thereis a uniqueinteger with I S 7 < j ( p_1, suchthat ii - c(mod p). Furthermore,sin-cethe ioniruence L *i otiroo pl has no solutions, we know that i * j. Thus,*.."i groupthe integersr,Z,...,p-l i.nto(r -l) /2 pairs eachwith productc. Multipiying thesepairs together,we find that (p-l)t

= ah-t)/21-odp).

W ils on' st he o re mte l l s u s th a t (p -l )t -l

= _l (modp), w e seethat

= o b -t)/2 (mo dp).

291

9 .1 Q uadr at ic Res i d u e s

In this case,we also have |,"]

-

l . pJ

Exa m ple. Lel p : 23 re l l s u s t hat

rs'l

a n d c :5 .

: -1 .

o$-t)/2(modp).

Since5ll :

-l

D

(mod 23), E ul er' scri teri on

H e n c e ,5 i s a q u a d ra ti cnonresi dueof 23.

l; l We now prove some propertiesof the Legendre symbol. Theorem 9.2. ilet p be an odd prime and a and b integers not divisible by p . Then

: ( i ) i r a = D ( m o pd ) , t h e n t;] [;]

(ii) ["] fbI-f4) lp)lp)

Lp )

(iii) f4l :, Ip )

Pro o f of 0.

lf a = D (m o d p ), th e n x 2 = a

(m odp)

l tut.,u

sol uti on i f and

Hence,l* I : l+ | onlyif x2 = b (modp) hasa solution. lp ) lp ) Proof of (iil. By Euler's criterion, we know that

(mod (mod p), \ ' ^ ! v sp), r l ' Iql = 6b-D/z f al = o(o-r)/z l.pJ--

V)-"

and

[ a ) = G D e - t ) / 2( m o dp ) . Ip ) Hence.

- o$-t)/z6b-r)/z : ltl (modp). : (ab1e-t)/z lp ) Since the only possiblevaluesof a Legendresymbol are * I, we concludethat

292

QuadraticResidues

[;]itl:l+) Proofof Gii).sincef:l : *r , frompart(ii) it follows that lp ) r-lr ) lor)

l,): tflt?):,tr

Part (ii) of Theorem 9.2 has the following interesting consequence.The product of two quadratic residues,or of two quadratic nonresidues,of a prime is a quadratic residue of that prime, whereas the product of a quadratic residue and a quadratic nonresidueis a quadratic nonresidue. using Euler's criterion, we can classify those primes having _ l as a quadratic residue. Theorem 9.3. If p is an odd prime, then

r)( l-rl f p J l - ,

:

J r i f p :- - l l ( m o d 4 ) (mod4). t-r if p I

Proof. By Euler'scriterion,we know that [ -'' ] I | = (-1)(r-t)/21-odp).

[r ) If p :

I (mod 4), then p :4k

* I for some integer ft. Thus, (1){o-Dtz: (_l)2k : l,

r) s ot h a t l + f : r . r f p = 3 ( m o d 4 )t,h e np : 4 k * 3 lp ) Thus. 1-9{o-D/t:

( - ,^ l

sothat |

| =-t.

Lp )

f o rs o m e i n t e g ef r .

(-l)zk+t - -1.

tr

The following elegant result of Gauss provides another criterion to determine whether an integer a relatively prime to the prime p is a quadratic residueof p.

293

9 ,1 Qu adr at ic Res id u e s

(a ,p) : l. Ii s Gauss' Lemma. LeI p be an odd prime and a an integer with integers the is the number of least positive residues modulo p of Q , 2 A , 3e,...,((p-D/Da that are greater than p/2, then the Legendresymbol

Irl l-l=

= (-l)'.

lp )

Let u1, u2,...,1tsrepresent the least positive residues of the integers a , 2 a , 3 o, . . . , ( ( p- D / D a th a t a re g re a te rth a n p /2 , and l et v 1, v2,...,v;be the least positive residues of these integers that are less than p 12. Since (,r ( b-l)/2, allof theseleastpositiveresidues Qa,p): I forall 7 with t arein theset 1,2,...,P l. proof.

W e w i l l s h o w t h a t p - u t , P - u 2 , . . . , P - u r , v 1 , v 2 , . ' . , vc1o m p r i s et h e s e t o f integers 1,2,...,(p-D/2, in some order. To demonstratethis, it sufficesto show that no two of these integers are congruent modulo p, since there are exactly Q-l)/2 numbers in the set, and all are positiveintegersnot exceeding

(p-D/2.

It is clear that no two of the ai's are congruent modulo p and that no two of the v;'s are congruentmodulo p;if a congruenceof either of thesetwo sorts held, wb would have ma z na (mod p) where m and n are both positive Since p tr a, this implies that integers not exceeding Q-D12. (mod p) which is impossible. 7n - n for if In addition, one of the integers P - 4 cannot be congruent to a, vit l) such a congruence held, we would have ma 3 p --na (modp), so that

-n (modp) . This ma t -na (modil. Sincep tr a, this impliesthat m both m andn arein the set l, 2,...,(p-l)/2. because is impossible Now that we know that p - U l , P - 1 1 2 , . . . ' P- U r , V l , i n te g e r sl, 2, . . . , ( p- l) 1 2 , i n some order. we conclude that (P-')(P-uz)

' '

(p-u)v

1v2

vt :-

V 2 , ,. . . , V t

afe

the

t+l

(mod p ),

which implies that

( e . )l BUt,

(-t)'ultz'

urv1v2

vt

s i n C e l l 1 , l l 2 , . . . r l l s ,v l , V Z , . . . r v t a r e we also know that

a,2a,...,((p-t)/Da,

[n:i, (mod p ). z f

the

)

least positive residues of

294

@.2)

QuadraticResidues

utuz'

L t , v t v 2 - . . vzt a . 2 a . . . 1 + 1 " lz ) p-r(

)

: oT l+lr (moo p). l.)

Henc e,f r om ( 9.1 ) a n d (9 .2 ), w e s e eth a t p-t(

I

(-r)'a' lf lL Because(p,((p-D/DD:

r

l

lr= ll+lr(moap). t )

j

l, this congruence impliesthat

(-t),a+:l By multiplying both sidesby (-l)',

(modp).

we obtain

p-l

a 2

:

(-t)'(modp).

p-tr) Since Euler's criterion tells u s t h a t a 2 :

r)

l i l ( m o dp ) , i t f o l l o w s t h a r lp )

l * | = ( - l ) ' ( m o pd ) , tp ) establishing Gauss

tr

Exampte.Let o:5

andp:

ll.

To find by Gauss. lemma,we t+l compute the leastpositive residues of r.5,2.5: llslo s,and5.5. Theseare 5, 10, 4,9, and 3, respectively. Since.,exactlytwo of these are greater than

ll/2,Gauss'lemm t eal l su sr h a t

l+ | l rr J

: (-l)2: l.

Using Gauss' lemma, we can characterize all primes that have 2 as a quadratic residue. Theorem 9.4. If p is an odd prime, then r)

lZl:(-1)g,-rvs. [p J

29s

9 .1 Qu adr at ic Res id u e s

Hence, 2 is a quadratic residue of all primes p : + 3 (mo d 8 ) . quadratic nonresidueof all primes p

+ I (mod 8) and a

Proaf. From Gauss'lemma,we know that if s is the numberof leastpositive residuesof the integers r)

3.2, ...,l+1.' 1.2, 2.2, \-

)

rl

areless thataregreaterthanpl2,then l+ | : (-l)'. Sinceall theseintegers lp ) than p, we only need to count those greater than p /2 to find how many have least positive residue greater than p /2. i s l e ss than pl 2w hen i 4 pl a. Th e int eger 2j, wh e re I ( 7 ( b -l )/z , less than p /2. Consequently,there in the set Hence, there are Ip /41 integers n-l are s L

that

: (-D+-tP/al To prove the theorem, we must show that

2). ' 4 - = {p'-1)/8(mod + 2 - el To establish this, we need to consider the congruence class of p modulo 8, since, as we will see, both sides of the above congruencedepend only on the congruenceclass of p modulo 8. W e f i r s t c o n s i d e rb ' - l ) / 5 . is an integer,so that

I f p = + l ( m o d 8 ) , t h e np : 8 k

(p'-l)/8 - ((sk+t)2-t)/8: G+k2+r6k)/8:8k2+ 2k:0 If p :

+ l w h e r ef t

( m o d2 ) .

+ 3 (mod 8), then P : 8k + 3 where k is an integer,so that

(p'-l)/8

: ((st + iz-D/s: : I (mod 2).

Nowconsider + integer k and

l'

- b /ql. rf p

(64k2+ 48k + 8)/8 :8k2 + 6k + l

I ( m o d8 ) , t h e np : 8 k

+ | for some

296

QuadraticResidues

d - - t p / + l : 4 k - l z t c + t / 4 1: 2 k = ( m o d 0 2); 2 if p :3

( m od 8 ), th e n p : g k * 3 fo r s o mei ntegerk, and

+

- b / q l : 4 k + I - t 2 * + 3 / 4 :1 2 k + l = ( m o d I 2);

l f p = 5 (mod 8), then p : Bk f 5 for some integer k, and n-l

T

-tp/ql : 4k + 2 - [ztc+ S/4]: 2k +l = I (mod2);

i f p = 7 (mod 8), then p : Bk * 7 for some integer k, and n-l

T

- lp/ql:4k + 3 - Izn + 7/41:2k + 2 = 0 (mod2).

Comparing the congruence classesmodulo Z of * for the four possiblecongruenceclassesof the odd that we alwavs nar"

*

-

b/ql

- Ip /41 and (pz-D /A g, p modulo we see irime

= {pr-1)/8 (mod 2).

Hence,(Z) : 1-1y(r,-r)/8 . p From the computations of the congruence classof (pz_l) /g 2), w e see ,(mod that if p:+l(mod8), l3l:l while

-, l?): if

lp )

p = r 3 (mod8). tr Example. From Theorem9.4,we seethat

while

: [+]-[*):[+] :, [+] : f+l:f+l:fal :fzl : [+]

( "L. l

[3J [sJ It'.l

Ir,l-

I

l:_.1

[2eJ

We now present an example to show how to evaluateLegendre symbols.

Exampte.To evaluatef+1,

Iu )'

we usepart (i) of Theorem 9.2 to obtain

297

9 .1 Quadr at ic Res id u e s

lvt

:

|." To

lg

L'

rt2

= | 3 | : t . s i n c e3 1 7= 9 ( m o d1 l ) .

lilJ

Iesl

evaluate

lii l,

since 8e: -2 (mod13)'

we

have

e.3 t3 = I (mod4), Theorem t1l [U l. Because t 3 1 3 . L , lI J I

|

: t. Since 13 = -3 (mod 8), we see from Theorem 9.4

,n

., fql :_1.

Consequently, [ ,, t

In the next section, we state and prove a theorem of fundamental importance for the evaluation of Legendre symbols. This theorem is called the law of quadratic reciProcitY. The difference in the length of time needed to find primes and to factor is the basis of the RSA cipher discussedin Chapter 7. This differenceis also the basis of a method to "flip coins" electronically that was invented by Blum [821. Results about quadratic residuesare used to developthis method. Suppose Ihat n : pq, where p and q are distinct odd primes and suppose t h a t t h e c o n g r u e n c ex 2 = a ( m o d n ) , O 1 a 1 t t , h a s a s o l u t i o nx : x 0 . We show that there are exactly four incongruent solutions modulo n. To see 1p, and let xoEx2(modq), 0(xt this, let xoExl(modp), (mod p) has exactly two ( = x2 a congruence < q. Then the x2 0 ' and (mo d p ) z x = P -x1 (modp). x x ' n a m e l y i n co n gr uent s olut ion s , Similarly the congruence x2 : c (mod g) has exactly two incongruent solutions,namely x 2 xz (mod q) and x = Q - x2 (mod g). From the Chinese remainder theorem, there are exactly four incongruent solutions of the congruencex2 = a (mod n) ; these four incongruent solutions are the unique solutions modulo pq of the four sets of simultaneous congruences x x (ii)

x x

(mod p) (mod q) x 1 (m o d p ) Q x z (mo d q )

(iii)

x = p - x 1 ( m o dp ) x z x z (mod q)

(iv)

x x

- x1 (mod p) - x2 (modq).

We denote solutions of (i) and (ii) by x and y, respectively.Solutionsof (iii) and (iv) are easily seento be n-y and n-x, respectively.

298

QuadraticResidues

We also note that when p = q = 3 (mod 4), the solutions of x2: a ( m odp ) a n d o f x 2 : a (mo d q ) ur" , - ;' o< i * r\to (modp) and x = t oQ+1)/4(mod g), respectively. ny eut.r,, criterion, we know that

oQ-D/2- l:l: lp)

I (mod p r ) a n d o e - D / z -l + l : l lq)

l at ^ \ r(rm r vo u Yd/ q )( r e c atl h

we are assuming that x2 : a (mod pq) hur' solution, so that a is a quadratic residueof both p and q) . " Hence. 1 o V + r ) / t 7:2 e Q + D / 2- o b - D / z . a = a

( m o dp )

1 o Q + t ) / t 1:2 e Q + o / z: o e - D l z . a = a

(modq).

a nd

Using the chinese remainder theorem, together with the explicit solutions just constructed' we can easily find the four incongruent solutions of x2 = a (mod n) . The following example illustrates this procedure. Example' Supposewe know a priori that the congruence x2 = 860 (mod I l02t) h as a s olut ion's i n c e 1 1 0 2 1:1 0 3 ' 1 0 7 , to fi nd the four i ncongruentsol uti ons we solve the congruences x2 :860

= 36 (mod103)

and x2:g60:4(modl07). The solutionsof these congruencesare ; :

+ 3 6 ( r o : + D / q - + 3 6 2 6 = + 6 (mod 103)

and r = + 4Qo7+D/a = t

427: * 2 (mod 107),

respectively. Using the chinese remainder theorem, we obtain x 4 *. 2r2, * 109 (mod ll02l) as the solutions of the four systems of congruences described by the four possible choices of signs in the system of congruences x = + 6 ( m od 1 0 3 ),x = + 2 (mo d 1 0 7 ). we can now describe a method for electronicaily flipping coins. suppose that Bob and Alice are communicating electronically. etice !i.t, two distinct

299

9.1 QuadraticResidues

large primes p and q, with p = q = 3 (mod 4). Alice sendsBob the integer n : pq. Bob picks, at random, a positive integer x less than n and sends to Al i ce the int eger a w i th x 2 : a (m o d n ),0 ( a I n. A l i ce fi nds the four so l u ti onsof x 2 = a ( mo d n ), n a me l yx , !, fr-x , a nd n-y. A l i ce pi cksone of : 2* # t these four solutions and sends it to Bob. Note that since x + y ( m o d q , s i m i larly ( m o d p ) a n d = q ) , h a v e w e y + 0 G + y , n ) : x a n d 0 : rapi dl y y he can or n-y, e i th e r re c e i v e s p. i f B o b Th u s , n) G+h -y) , factor n by using the Euclidean algorithm to find one of the two prime factors of n. On the other hand, if Bob receiveseither x or n-x, he has no way to factor n in a reasonablelength of time. Consequently,Bob wins the coin flip if he can factor n, whereas Alice wins if Bob cannot factor n. From previous comments, we know that there is an equal chance for Bob to receive a solution of x2 = a (mod n) that helps him rapidly factor n, or a solution of x2 = a (mod r) that does not help him factor n. Hence, the coin flip is fair.

9.1 Problems l.

Find all the quadratic residuesof a)

3

b)s

c)13

d) te.

r.t

: 1,2,3,4,5,and 6. symbols 2 . Findt he v alueof t h e L e g e n d re l + I,fo r7 3.

Evaluate the Legendre symbol il

using Euler's criterion.

b)

u s i n gG a u s s ' l e m m a .

4.

Let a and b be integers not divisible by the prime p. Show that there is either one or three quadratic residuesamong the integers a, b , and ab .

5.

Show that if p is an odd prime, then -1

6.

( ll l-r

ifp itp

I or 3 (mod 8) -l or -3 (mod 8).

Show that if the prime-power factorization of n is

pl"*t ' " pi"*tpili' n : p?"*t and q is a prime not dividing n, then

)r

Pn

300

QuadraticResidues

lorl

t7l 7 . S h o w t h a t i f p i s p r i m e a n dp - 3 ( m o d 4 ) , t h e n te_0/Zll

= (_t), (modp), where I is the number of positive integers less than p /2 that are quadratic residuesof p.

8 . show that if b is a positive integer not divisibre by the prime p, then

. l p ) i+l. i*l l p ) l+1. [pJ

:o +If"'-pol p ) "

9 . Let p be prime and a a quadratic residue of p. Show that if p = | (mod 4), then -a

is also a quadratic residue of p, whili it p = 3 (mod i), th"n _a is a quadratic nonresidueof p.

1 0 . Consider the quadratic congruence ax2 * bx * c = 0 (modp), where p is prime il b)

and a,b, and c are integers with p a. I Let' p :2. Determine which quadratic congruences(mod 2) havesolutions. Let p be an odd prime and let d : b2 - 4ac. show that the congruence axz + bx * r 0 (mod p) is equivarent to the congruence = y2 = d (modp), where y :2ax t b. Concludethat if d =0 (modp), then there is exactly one solution x modulo p, if d is a quadratic residue of p, then there are two incongruent solutions, while if d is a quadratic nonresidueof p, then there are no solutions.

Find all solutionsof the quadratic congruences a) b)

x2+ x*l=0(mod7) x2+5x+l:0(mod7)

c)

x2+3x+l=0(mod7).

12. Show that if p is prime and p 2 7, then a)

there are always two consecutivequadratic residues p (Hint: First show of that at least one of 2,5,and r0 is a quadratic residu. oip.)

b)

there are always two quadratic residuesof p that differ by 2.

c)

there are always two quadratic residuesof p that differ by 3. 1 3 . Show that if a is a quadratic residue of the p, then the solutions of x2 = a (mod p) are il

x E - F a n + l ( m o dp ) , i f p : 4 n

b)

x E * 2 2 n + r o n +(rm o d p ) , i f p : g n

* 3. * 5.

301

9.1 Ouadratic Residues

|4.Showthatifpisaprimeandp:8n*l,andrisaprimitiverootmodulop, then the solutionsof x2 = I 2 (mod p) are given by x E t

(r1n t

r ' ) ( m o dp ) ,

where the * sign in the first congruencecorrespondsto the + sign inside the parenthesesin the secondcongruence. 15. Find all solutionsof the congruencex2 = I (mod l5). 16.

Let p be an odd prime, e a positive integer, and a an integer relatively prime to p. a)

Show that the congruencex2: a (modp"), has either no solutions or exactly two incongruent solutionsmodulo p".

b)

Show that there is a solution to the congruence x2 = a (mod p'*') if and only if there is a solution to the congruencex2 = a(mod p"). Conclude that the congruencex2 = c(modp") has no solutionsif a is a quadratic nonresidueof p, and exactly two incongruent solutions modulo p if a is a quadratic residueof p.

c)

Let n be an odd integer. Find the number of incongruent solutions modulo n of the congruencex2 = a(mod n), where n has prime-powerfactorization

| !-l

lgl

' a - - - symbols n : p'ipti ' . ' p';, in terms of the Legendre J l[p, j""', lo.

)'

t 7 . Find the number of incongruent solutionsof il b) c) d)

x2 x2 x2 x2

:

3l (mod 75) 16 (mod 105) 46 (mod 231) = l156 (mod 32537stt6).

: :

1 8 . Show that the congruencex2 = a(mod 2"), where e is an integer, e 2 3, has either no solutionsor exactly four incongruent solutions. (Hint: Use the fact that ( * x ) 2 : ( 2 e - t* x ) 2 ( m o d 2 " ) . ) Show that there are infinitely many primes of the form 4k * l. (Hint: Assume * l, and t h a t p t , p 2 , . . . , p na r e t h e o n l y s u c h p r i m e s . F o r m N : 4 ( p p z " ' P ) 2 show, using Theorem 9.3, that N has a prime factor of the form 4k * I that is not one of p1,p2,...,pn.)

20. Show that there are infinitely many primes of the form a)

8k-l

b)

8&+r

c)

8fr+5.

(Hint: For each part, assumethat there are only finitely many primes Pr,P2,...,Pn - 2, for part (b), of the particular form. For part (a) look at @ppz"'P)2 ( p p z " ' p , ) z ( c ) , + 4. In each * 2, and for part l o o ka t l o o ka t ( p r p r " ' p ) 2

302

Quadratic Residues

part' show that there is a prime factor of this integer of the required form not among the primes pr,p2,...,pn use Theorems 9.3 and 9.4.) 21. Show that if p is an odd prime,.then the congruencex2 = a (modpn) has a solution for all positive integers n if and only if a" is a quadratic residue of p. 22' show that if p is an odd prime with primitive root r , and a is a positive integer not divisibleby p, then a is a quadratic residue of p if and onty irino"a is even. 23' Show that every primitive root of an odd primep is a quadratic nonresidueof p. 24. Let p be an odd prime. Show that there are (p-D/z _ 6e_D quadratic nonresiduesof p that are not primitive roots of p. 25'

26'

27'

Let p and' q :2p * I both be odd primes. Show that the p-l primitive roots of q are the quadratic residuesof g, other than the nonresidue2p of q . show that i! p and' q - 4p I are both primes and if a is a quadratic .* nonresidueof q with ordoa * 4,thena is a primitive root of q. Show that a prime p is a Fermat prime if and only if every - '-'J quadratic J -1-*uras1 nonresidue of p is also a primitive root of p. .

28. Show that a prime divisor p of the Fermat number Fn : 22.* I must be of the form (Hint, show that 2n+2k+ r. irioz - 2n+1. Then show that 2$-tttz = I (mod p) using Theorem 9.4. conclude that 2n+tle-D/2) 29. a) Show that if p isa primeof the form4ft * 3 and q :Zp * I is prime, then q dividesthe Mersenne number Mo : 2p-L (Hint: Consider thl Legendre s y m b o ll : 1 . )

lq) Frompart (a), showthat nl Mr,47l M23,and 5031 Mrr. 3 0 . S how t hat if n i s a p o s i ti v ei n te g e ra n d 2n* r i s pri me,and i f n s0 or 3( m od4) , t h e n 2 n * | d i v i d e sth e M e rs enne numberMo:2n_1, w hi te i f j l n o r 2 ( m o d 4 ) , t h e n * I d i v i d eM s n * 2 : 2 n t L ( H i n t :C o n s i d e r t h e r2n Legendresymbol useTheorem9.4.) l+ | l z n + r ) "na Showthat if p is an odd prime,then b)

-2 'p >

(.'.

p

t-"- [

(Hint:Firstshow thar f+l I P p). 32'

-'

l

l / ( i + l ) l : _ , .' : J

)

*n".r7-is - " aninverse of 7 modulo [+l t P )

Let p be an odd prime. Among pairs of consecutive positive integers less than p, let (RR), (RN), (NR), ano (Nu) denote the number of pairs of two quadratic

303

9 .1 Q uadr at ic Res id u e s

residues, of a quadratic residue followed by a quadratic nonresidue, of a quadratic nonresidue followed by a quadratic residue, and of two quadratic nonresidues,respectively. Show that

il

b)

(RR) + (RN)

:

(NR) + (NN)

:

(RD + (NR)

:

(RN) + (NN)

:

lU-'-t-17{n-r\/21 -'*t-11{r-D/21 lb

l'r

lr-u

Using problem 30, show that 't

,il^ ( t(t+l) - + (NN)- (RN)- (NR): -r. l | : (no P t:' I ) c)

From parts (a) and (b), find (RD, (RN), (NR), and (NN).

3 3 . Use Theorem 8.15 to prove Theorem 9.1. 3 4 . Let p and q be odd primes. Show that a)

2 is a primitive root of q, if q : 4p * 1.

b)

2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 / < * I a n d Q : 2 p

c)

- 2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 k - I a n d Q : 2 p

d)

-4 is a primitive root of q, if q : 2p * | '

* l. * l.

35. Find the solutionsof x2 = 482 (mod 2773) (note that 2773:41'59). 36. In this problem, we develop a method for deciphering messagesencipheredusing a Rabin cipher. Recall that the relationship between a ciphertext block C and is Rabin cipher in a P block corresponding plaintext the C = P Q+O) (mod n), where n: pq, p and q are distinct odd primes, and b is a positive integer less than n. (modn), and 2 is

a)

Show that C *a 3 (f+6)2(modn), wherea =(lD2 an inverseof 2 modulo n.

b)

Using the algorithm in the text for solving congruences of the type x2 = a (mod n), together with part (a), show how to find a plaintext block P from the correspondingciphertext block C. Explain why there are four possible plaintext messages. (This ambiguity is a disadvantage of Rabin ciphers.)

c)

Using problem 35, decipher the ciphertext message 1819 0459 0803 that w a s e n c i p h e r e du s i n g t h e R a b i n c i p h e r w i t h D - 3 a n d n : 4 7 ' 5 9 : 2 7 7 3 .

304

QuadraticResidues

37'

Let p be an odd prime and let c be the ciphertext obtained by modular exponentiation, with exponent e and modulus p, from the plaintext p, Le., c = p' (modp),0 < c ( n, where(e,p-l) :1. show tnalc is a quadratic residue of p if and only if p is a quadratic residue p of .

38'

a)

b)

39'

Show that the second player in a game of electronic poker (see Section 7.3) can obtain an advantage by noting which cards have numerical equivalents that are quadratic residuesmodulo p . (Hint: Use proble m 37.) Show that the advantage of the second player noted in part (a) can be eliminated if the numerical equivalents of cards thai are quadratic nonresiduesare all multiplied by a fixed quadratic nonresidue.

Show that if.the probing sequencefor resolving collisions in a hashing scheme is h1(K) = h(K) + ai * biz (modn), wherJ n<x> i r u 6 u r t i n g *f u n c t i o n ,z i s a positive integer, and a and 6 are integers with (b ,m) : l, thJn only half the possible file locations are probed. This is called the quadratic search.

9.1 Computer Projects Write programs to do the following: l.

Evaluate Legendre symbols using Euler's criterion.

2.

Evaluate Legendre symbols using Gauss' lemma.

3'

Flip coins electronically using the proceduredescribed in this section. Decipher messagesthat were encipheredusing a Rabin cipher (see problem 35).

4'

9.2 The Law of QuadraticReciprocity Ol elegrant., theorem of Gauss relates the two Legendre symbols f | 9 I "'o | * I, wherep and,q are both odd This theorem, called lq) lp)

the law of quadratic reciprocity, tells us whether the congruence x2 : p (mod q) has solutions, once we know whether there are solutions of the congruencex2 = p(mod q), where the roles of p and q are switched. We now state this famous theorem. The Law of Quadratic Reciprocity. Let p and q be odd prirnes. Then

^, ,l lzlle_l_ eD-, . f

)f

tq ) lp )

p-t.q-l

305

9.2 The Law of Quadratic Reciprocity

and its use. We Before we prove this result, we will discussits consequences =-l(mod 4) and odd is even when p first note that the quantity Q-D/2

we see that when p = i(mod 4). Consequently, + p =t (mod4) or q = | (mod4), while + +

is even if

+ is

odd if

p = q = 3 (mod 4). Hence, we have

(orboth) Jr rf p:l(mod4)orq=t(mod4) l-t irP:q=3(mod4)' .| t l, weseethat values l+'l uno [+ Sincetheonlypossible l p ) "r. " lq) folInl |.;l F)--

{r

I l"l

)

t t p = t ( m o d 4 ) o r q = t ( m o d 4 ) ( o rb o t h )

[n-l:.lt'.o'., lq,|

l-["I uo =q=3(mod4). I tp J

both primes, then [+l : [*'l Thismeansthat if p andq areodd l q , ) . , l P J ,""t.ss : -[;] 4,andinthat.ur., to 3 modulo q arecongruent p and [t] Example. Let p:

13 and q:17.

Since =rq = | (mod4), the law of ,P

: Frompart(i) of rheorem tellsusthat quadratic reciprocity | # 'I I\ i+ 'l.' lq \ e . 2 , w e k n o w t. l I t t ' l

i:11 ,;il1l; 1"""" r ;:il ;:.'il.":'_.

followsthat l",J: /\\ t h a tl * l : t

|.,, j:

I I/ J

4) , from the law of Example. Let P : 7 and Q : 19- Sincerp = q = 3r(mod )

that :- I 12 l. From Dart (i) of L7 ) lil using the iaw of quadratic Again' I: ) l+l

quadratic reciprocity, we know

9.2,weseethat t+ Theorem l./

306

Quadratic Residues

: [+] +J

reciprocity,since5 = l(mod 4) and 7 = j(mod 4), we have part ., (i) of Theorem f-T 2.2 and Theorem 9.4, we know that r' rrv','lvutrl [5J [5J

l+l - l?l : -' Hence [+l : ,

we can use the law of quadratic reciprocity and Theorems 9.2 and 9.4 to evaluate Legendre symbols. Unfortunately, "pii.. factorizations must be computed to evaluate Legendre symbols in this wav.

Example.We will calculate l:rt

I

73: 233"";;,;,"_ ,"Jm,::""::1,:'j:;:"'"""

, wefactor

[+l :[+l :l-,' lfg-l

IrooeJtroorJ- [t*n,Ji,*r,J To evaluate the two l-sgsndre symbors on the right side of this equarity, we use the law of quadratic reciprocity. Since tOoq i I (mod 4), ;. see that

Izt ] frooeIIr' l:[1ql = Irooej:tr ,|'lrootj l3r ) Using Theorem 9.2, paft (i), we have

Irooql lzol

lx ,l:t",l

:[+] [+]

By parts (ii) and (iii) of Theorem9.2.

lpl :lzri :l

123) [zr )- t The law of quadratic reciprocity, part tell us that

[' l-

(rtl

IzrJ- ITj

:

and Theorem 9.4

:t+] : -1

9 .2 T he Law of Q u a d ra ti c R e c i p ro c i ty

307

Likewise, using the law of quadratic reciprocity, Theorem 9.2, and Theorem 9.4, we find that

-: fll :: lul |.r' ,| |.tt .| lzl:

[+]: [+][+]-[+]: [+]: [+]

:-[+):-'

l3 J

consequently, [*] (-

: \

Therefore, I : t-r)(-l) : t l# [,009 )

We now present one of the many possibleapproachesfor proving the law of quadratic reciprocity. Gauss, who first proved this result, found eight different what was facetiously iroofs, and an article published a few years ago offered ialled the l52nd proof of the law of quadratic reciprocity. Before presenting the proof, we give a somewhat technical lemma, which we use in the proof of this important law. Lemma then

rfp

an odd prime and a is an odd integer not divisible by p,

r) lgl: lp)

1-11rb'il,

where (P-r) /2

Tb,p)

j -r

integers the least positive residues of Consider the Proof. p greater than /2 and let It, be those a , 2 a , . . . , ( ( p - l )l D a ; l e t u1, 112,..., tells us that v t, v2,...,v, be those less than p /2. The division algorithm ja : pljo lpl + remainder, where the remainder is one of the uj's or vj's. By adding the Q-l)/Z equationsof this sort, we obtain

308

QuadraticResidues

@-D lz

(e.3)

.Z ia: r-'

b-D /2

r

,

a p f , i a / p* ilju: l i + i v 1j : l. J-t

As we showedin the proof of Gauss'lemma,the integersp _ ur,...,p _ us, vt,...,vt are precis.ely the integers1,2,...,b-l)/2, ii someo.j... Hence, summingall theseintegers,we obtain

(e.4)

b-r)/2

s

1

\ Q-u)+ ) vi:ps- i q+ !,r1. j:r j_r j:l

i: j :Z r

t*l

Subtracting (9.4) from (9.3), we find that g_r)/z (p_D/2 (p_D/2 j:t

j-t

r

j_t

or equivalently, sinceT(a,p) :t')''

j _l

Ija/pl,

i'l .

(a-l)

(p-t) /2 j: I

j:r

Reducing this last equation modulo 2, since a and,p are odd, yields

o = T(a,p) - s (modD. Hence, T(a,p) =s

(mod2).

To finish the proof, we note that from Gauss, lemma |,)

tLl: tp ) Consequently,

(-t)"

(-t)'.

: (-1)r6,e), it follows that

r)

lgl:1-1;r(a,r). g lp ) Although Lemma 9.2 is usedprimarily as a tool in the proof of the law of quadraticreciprocity,it can alsobe usedto evaruate Legend^re symbols. Example.To find

the sum |'+ I , usingLemma9.2, weevaluate l'^

J

The Law of OuadraticReciprocity

5 j-1

309

1 7j / r r l : I 7l u l + t r 4 / r t l + I 2 r l t l l + [ 2 8 / l l ] + t 3 s / l 1 l :0+ I + I +2+3:7.

(tl H e n cle+,l : ( - l ) 7 : - 1 . L"

J

r

)

to find I + t, wenotethat Likewise, l./ ) 3

: lrrl7l + t22l7l+ l33l7l: 1 * 3 * 4 - 8, ) tr rilll

j:l

r)

s ot h a rt + | : ( - l ) 8 : l .

L/ )

Beforewe presenta proof of the law of quadraticreciprocitY,we use an exampleto illustratethe methodof proof. Let p : 7 and Q : ll. We consider pairs of integers k ,y) with llll 7-l :3 : 5 . T h e r ea r e 1 5 s u c hp a i r s ' W e l(x<;:3andl(Y '- andI ( v < 2 :7y note that no-n.of thesepairs satisfyllx : 7y, sincethe equalityllx i.pfi"r that 1t l1y, so tirat eitherit I Z, whichis absurd,or 11 ly, whichis impossiblebecauset ( y ( 5. We dividethese15 pairs into two groups,dependingon the relativesizesof llx and7y. The pairs of integersG,y) with I ( x < 3, I ( y { 5, and llx > 7y urc pr..isely thosepairs satisfyingI ( x ( 3 and 1 ( y ( 11xl7. For a fixed integerx with 1 ( x ( 3, there are lttx/ll allowablevaluesof y. Hence, the total number of pairs satisfying I ( x < 3, 1 ( / ( 5, and llx ) 1y is 3

+ I33l7l: I * 3 + 4 : 8; 2 tt tlTl : ttt/tl + 122/71

j:1

(3,4)' th e s eeight pair s ar e (l ,l ), (2 ,D , (2 ,2 ), (2 ,3 ), (3 ,1), (3,2), (3,3) and The pairs of integers G,y) with I ( x < 3, I ( y ( 5, and llx 1 7y For a *r. pr..isely those pairs satisfying I ( y ( 5 and 1 ( x 4 7y /tt. allowable values of x. fixed integer y with I ( y ( 5, there are lly/ttl Hence, the total number of pairs satisfying I ( x < 3, I ( y ( 5, and llx ( 7y is

310

Quadratic Residues

5 j-r

ltj /ttl : Ij lrrl + [ t L l t r ] + [ 2 r / r t l+ I 2 8 l n] + [ 3 s l l1 ] :0*l

+ 1+ 2*3:7.

Thesesevenpairs are (l,2) , ( 1 , 3 ) ,( 1 , 4 ) ,( 1 , 5 ) ,( 2 , 4 ) ,( 2 , 5 ) ,a n d ( 3 , 5 ) Consequently,we seethat 1l-1

35

7-l

1 5: ) t r r j l l l + > l t j l t l l : 8 * 7 . j-r j-r

T;:5'3: Hence,

rr-l .7-l (_t)

2

2:(_l);*'

i,rrrr,r,* i, rtinl i-l

35

2lni/tl )Iti/rrl (- I )i-' (- I )r-' 3

Since Lemma

(t

'l

l#l

r,'J

g.2

t e l l s rrs .^

5t/

: ( -.1. )I it-ttr,rw"et s e e t h a t

+ L^+ | rr I that

Z,'rj/tl

: (-1;r-t

17 |

lI t ll fl r r" l | : ( - t ) [11J|.7 )

and

t-'rr-r 2

2

This establishesthe special case of the law of quadratic reciprocity when p:7andq:ll. We now prove the law of quadratic reciprocity, using the idea illustrated in the example. We consider pairs of integers (x,y) with I ( x ( Q -l) /2 and o -l such pairs. We divide t-hesepairs I ( y ( ( q - D/ 2. T h e re u r" 2 -l ; T into two groups, dependingon the relative sizesof qx and py.

Proof.

First, we note that qx I py for all of these pairs. For if qx : py, then q l p y , w h i c h i m p l i e st h a t q l p o r q l y . H o w e v e r ,s i n c e q a n d p a r e w e know d i s t inc t pr im es ,w e k n o w th a t q l p ,a n d s i n ce I ( y ( (q-i 12, that q I y. w i th I ( x ( Q-I)/z, To enum er at e th e p a i rs o f i n te g e rs (x y) -l) (q ( ( y 1 /2, and qx > py, we note that these pairs are precisely those (p-l)/2and ( ( x For each fixed value of the I (y where I 4qx/n. ( with are 1 x 4 b-1012, there Iqx/pl integers satisfying integer x, ( number of pairs of integers G,y) y qx total the Consequently, I 4 /n.

311

9.2 The Law of Quadratic Reciprocity

Q-t)t2

withl (x

( Q-D/2,andqx>

( Q-D/2,t (v

Pvis

Iqilpl'

?,

-l) 12, We now considerthe pairs of integersG,il with 1 ( x ( b 1 ( y ( (q-D 12,and qx < py . These pairs are preciselythe pairs of i n t e g l r sG , i l w i t h 1 ( y ( ( q - D / Z a n d 1 ( x 4 p y l q . H e n c e , f o r e a c h -1) 12, there are exactly fixed value of the integer y, where I ( y ( (q ( shows that the total This py x I 4 lq. lpy lql integers x satisfying (q-t)/z, ( (i,y) ( x I with b-D/2,1 (y ( nurnu..of pairselil/r.g"rt andqx < py is

j- r

Adding the numbers of pairs in these classes,and recalling that the total ' = rt ' + ,w e s e eth a t n u mb er of s uc h pair s ,,

')'' j-|

,r,,d:+'+ hilpt*'ni'' i-r

,

or using the notation of Lemma 9.2, p-l .q-l 22

T(q,p) + TQ,q) Hence,

1-11r{n'c): (-t) ,-t1rQ'il+r@,q): (- 11r(e'n) Lemma 9.2 tellsus that 1-1yr(a,r): f

lf

["'l

lp J

\

lzll4l:(-t) l . qJ l . pJ

p-l .q-r 22

."0 1-gr{o.o): [" .|

H ence

lq)

P-t.q-l

2 2

This concludesthe proof of the law of quadratic reciprocity. n The law of quadratic reciprocity has many applications. One use is to prove the validity of the following primality test for Fermat numbers. Pepin's Test. The Fermat number F^ : 22' + I is prime if and only if 3 G ' -r)1 2 : -l

(m o d F - ).

proof. We will first show that F* is prime if the congruencein the statement of the theorem holds. Assume that

312

QuadraticResidues

3G^-r)/2: -l

(mod F*).

Then, by squaring both sides,we obtain 3F.-1 = I (mod F*). From this congruence,we seethat if p is a prime dividing F*,then 3F.-l = I (modp), and hence, ordo3 | {f ^-I)

: 22'.

Consequently,ordr3 must be a power of 2. However,

ordo3tr2''-': (F^-D/2, since 3G^-t)/2 - -l (mod F*) . Hence, the only possibility is that o 1do3: 22^ : F ^ - l . Si n c e o rd o 3 : F m-t ( p - I and p F*, we see I that p : F^, and consequently,F^ must be prime. C o n v e r s e l y , i fF r : 2 2 ' * reciprocity tells us that

(e.5)

I is prime for m )

l , t h e n the law of quadratic

:[+] t*l:[+J

since F^ = | (mod 4) and F^ = 2 (m o d 3 ). Now, using Euler's criterion, we know that

(e.6)

t*l

3 G' -t)/' (-o d

F-).

From the two equationsinvolving I I I (9.5)and (s.e),we conclude that

[". j'

_ _1 (mod 3(J'._r)/2 F). This finishesthe proof. E x a m p l e .L e t m : 2 .

tr Then F2: 2 2 ' + l : 1 7 a n d aFr-t)lz _ 3 8 :

-1 (mod l7).

9.2 The Law of QuadraticReciprocity

313

By Pepin'stest, we seethat F2 : l7 is prime' : 4 2 9 4 9 6 7 2 9 7W - e n o t et h a t Let m :5. Then Fs:22' + l:232 t I -l (mod 4294967297). 3G,-D/2: 12": 32t4148364810324303 * Hence, by Pepin'stest, we seethat F5 is composite'

9.2 Problems l.

Evaluate the following Legendre symbols

[-u]

d)

a,

[ 6 4 r. J

[*]

u,[+l c,t*l 2.

f:ul

e)

l e e rJ

Iros]

l*'l

prime, then Using the law of quadratic reciprocity, show that if p is an odd

: [;] 3.

{lii

p = tl (mod 12) p = t 5 ( m o d 12 ) .

Show that if p is an odd Prime, then

[-r I :

[7J

{l

ifp=t(mod6) if p = -l (mod 6).

4 . Find a congruencedescribing all primes for which 5 is a quadratic residue' 5 . Find a congruencedescribing all primes for which 7 is a quadratic residue. (Hint: Let n be 6 . Show that there are infinitely many primes of the form 5Ic * 4'

of a positive integer and form Q : 5(tnr'\2+ 4' Show that Q has a prime divisor reciprocity quadratic of law the use do this, To n. greater than + 4 5k the form - t I to show that if a primep dividesQ, then | ? | t)l

314

Quadrati c R esi dues

7 . Use Pepin'stest to show that the following Ferntat numbersare primes a)

Fr : 5

b)

F3 - z5i

c)

F4: 65537.

8.

From Pepin'stest, concludethat 3 is a primitive root of every Fermat prime.

9.

In this problem, we give another proof of the law of quadratic reciprocity. Let p and q be distinct odd primcs. Let R be the interior of the rectanglewith vertices

o:

( o , o )A, : b / 2 , 0 , B : Q / 2 , 0 ,a n dC : b / 2 , q / D .

a)

Show that the number of lattice points (points with integer coordinates)in R i, P-l .q-l 22

b)

Show that there are no lattice points on the diagonalconnectingO and C.

c)

Show that the number of lattice points in the triangle with verticesO, A, C Q-D/2

is i-l

d)

Show that the number of lattice points in the triangle with verticesO, B, Q_r)/2 and C is j-l

e)

Concludefrom parts (a), (b), (c), and ( d ) t h a t Q-t)/2

Q-D/2

j-t

j-l

Derive the law of quadratic reciprocityusing this equationand Lemma 9.2 Computer Projects Write programsto do the following: l.

Evaluate Legendresymbols,using the law of quadratic reciprocity.

2.

Determine whether Fermat numbersare prime using Pepin'stest.

9.3 The Jacobi symbol I n t his s ec t ion ,w e d e fi n eth e J a c o b is y m b o l . Thi s symboli s a general i zati on of the Legendresymbol studied in the previoustwo sections. Jacobi symbols a r e us ef ul in t he e v a l u a ti o no f L e g e n d res y m bol sand i n the defi ni ti onof a type of ps eudop ri me . Definition. n : p' ipt i

Let n be a positive integer with prime factorization ' p; a n d l e t a b e a p o s i ti v ei n te ger rel ati vel ypri me to n. Then,

315

9 .3 The J ac obi s Y mb o l

the Jacobi symbol

:

[.]

l, ,|

t

; I

bY t' denned

I

p\'p'; " ' p';

l:[*]'t;l lh)'

Legendre S on the right-hand side of the equality are where the symbol symbols. Example. From the definition of the Jacobi symbol, we see that

: lz)'let:(-r)2(-r):-r' ['l: lzl :lil l45,11."ij

l;l

#l:[+*l:[+l[+l[+]:[+l[+l l*l -r

and

:

: '-D2 t2(-'l): [+]'[+l'[+]

When r is prime,the Jacobisymbolis the sameas the Legendresymbol' the valueof the Jacobisymbol ' However,whenn is composite, lq I Oott nor

lr)

tell us whether the congruencex2 = a (mod n) has solutions..,*. that if the congruencex2 = a (mod n) has solutions,then l*

ln)

|

- t

do know To see

(modn) has th i s, not e t hat if p i s a p ri me d i v i s o r o f n and i f x2 = a solutions, then the congruencex2 = a (mod p) also has solutions. Thus,

r I Ii | : t lp).. tl

that I

g

m ( ^ )t f -l : l. To seethat it is possible : Consequently, ' | + I II | * I ln) i-1lPi)

: | : 1 when there are no solutions to xz

a (mod n), let a : 2 and

ln )

: (-r)(-1): r. However, : are there that[+l n: t5.Nore t?l t+.| ) ^l. ,l t J t r no solutionsto x2 i 2 (mod i S), rin* x2 = 2 (mod 5) have no solutions.

the congruencesx2 = 2 (mod 3) and

We now show that the Jacobi symbol enjoys some propertiessimilar to those of the Legendresymbol.

316

QuadraticResidues

Theorem 9.5. Let n be an odd positive integer and let a and b be integers relativelyprime to n. Then

(i)

(ii)

(iii)

if a:

D (modn),then

ll: l*)

lol: l["] fql n ) ln )

I n )

r )- t | | : t _ 1 1 h - D / z' f tr ) /)

(iv)

. I Ll :1-1) (n':-r)/a ln )

Proof- In the proof of all four parts of this theorem we use the prime factorizationn : p\,p'i . . p';. Proof of (i). we knowthat if p is a rrime.,dividinqn,then a =b (modp). Hence,from Theoremg.z G\ we have : we see l* | l+ | consequentry, IDJ lp) that

: f*l"l+J" [-tL'lo)"lol" I ol'': fal :lr'l i*l f,,J lo,Jlp,) lo^,| lo,t lp^):l;j Proof of (i). From r v " ' Theorem r r r v v r w t t9.2 7t ' L (ii), w s know \ I r ' f ' we K l l u w that fq) lo, ,l

Hence.

: | , I i a I ltl

F)'

[+):l*)"[#]" l*)': [;]"l*)" " {t)" [*] l*)'l*)'' : [;]

[*]

317

9 .3 The J ac obi s Y m b o l

t+l

p

if

Theorem 9.3 tells us that

Proof of Gril.

is

prime' then

- (-11 Q-r)/2.ConsequentlY,

f-r I l-l:

l'-rl"l-r ll_

ln,|

LP,)lPrJ

:

(- ,1tJn;t\/2+

'l" l"'rll

. [-' ]" tP^)

t'(p'-t)/Z + '"

+ t^(p^-r)/2

From the prime factorization of n, we have n-

(r + Qr-l))"(l + bz-l))"'''

(t * (p^-l))''

is even. it follows that

Si n ce Q i- l)

(t + (pi-l))"

= | + tib,-t)

(mod4)

and (l + r,(pi-l))(r + r, Qi-D):

I + tiQl-t)

+ tibi-l)

( m o d4 ) .

Therefore, n = 1+ tlpr-t)

+ t2(p2-i + '''+

t^(p^-l)

( m o d4 ) '

Th i s i m pliest hat

+ Q-D/2 = tJprD12 * tz(pz-D12

+ t^(p*-D12 (mod2) .

for for (n-1) lZ wittttheexpression this congruence Combining

r'

'no*t

l+J

/)n-l

-'

rlr-

that |

| :

(-l)

2

l,r )

r) ( i i l t h e n p r i m e , p i s .If Proofof l+l

: ( - 1 ; ( r ' l - r ) /'8H e n c e '

lp)

Izl : Il" [z] L,J lp'J lp,)

+t^Qi-r\tt t+'lt : (_l),,bi_t,tts+t,gt-r)/8+ lp^)

As in the proof of (iii), we note that

n 2: ( r + ( p ? - r ) 0" + @ ? - l ) ) "" ' ( t + b T - l ) ) " .

318

QuadraticResidues

Sincepl-I = 0 (mod8), weseethat 0 + Q?-l))', = | + tie?-l) (mod64) and

( l + r , b ? - l ) ) ( l+

4 e l - t ) ) = | * t ; e ? _ D+ t , A ? t ) ( m o d 64).

Hence,

n2:t+tJp?-D+tze?-D+

+ t ^ ( p T - l ) ( m o d6 4 ) .

This implies that

( n 2 - t ) / 8 : t J p ? - D / B+ t z e ? - D / s + . . . + t * ( p 3 , _ l ) / (8m o ds ) . combiningthis congruence for (n2- l)/g with the expression for [el teils ln ) f u s t h a t l L"l' l : 1 - 1 ; ( n ' - t ) / 8 . D

ln )

We now demonstratethat the reciprocity law holds for the Jacobi symbol as well as the Legendre symbol. Theorem 9.6. Let n and m be relatively prime odd positive integers. Then m-t n-l f lf I

l r l -| l L l : lm )l n )

( _t ) ,

Proof. Let the prime factorizations of rn and n : ql' q! , . . . qo r,.w e s e eth a t

, .

n be m : pl,pl, . " p!' and

w)'"'

lr):,4 tt)':,q,s and

l*): t

( n l4/

IIl;l j-t I'J

Thus,

I

)

s r :rtrt j-t

i-t

It)"''

319

9.3 The Jacobi symbol

,sti*lt l+l[*]:,g

q'l

h)

10tu'

l

From the law of quadratic reciProcity, we know th at

[ o , - ,f n,-, 1 I

t*ltr)

lr

:(-rllrj

t-)

l

Hence,

|^) [ , I [7Jl;): We note that

r

( '

f| ff(-l)

(-l)'-'l-' \

r \ "):

/

j-l

t-l

:z",1+] ',[+] ,.a''t+] ",1+l t,p,

As we demonstratedin the proof of Theorem 9.5 (iii),

(mod2)

=*

Doif+] j-t(o)z and

5u,[+]=

n-l 2

(m od 2).

Thus,

(e.8)

r s i-t

^fr,-tl

^[Qr-tl =.-l J

i-r

+(mod2).

\

Therefore,from (g.Z) and (9.8), we can concludethat f

)f

)

l Lnl l a l : ( _ r ) I

m-l

2

n-l

2 tr

)lm )

We now develop an efficient algorithm for evaluating Jacobi symbols. Let a : and b be relatively prime positive integers with a < b. Let Ro Q and R r : D Using the division algorithm and factoring out the highest power of two dividing the remainder, we obtain

32A

Quadratic Residues

Ro:

Rflr+2t'R2,,

where s1 is a nonnegativeinteger and R2 is an odd positive integer less than R I ' When we successivelyuse the division algorithm, and factor out the highest power of two dividing remainders,we obtain Rr: *r:

Rr-r : R n -z :

Rzez+2"'R3 Rflt+2"Ra

Rn_2Qn_2 * 2t.-rRn_1 R n -tQ r-, + 2 t .-t. I ,

where s; is a nonnegativeinteger and R; is an odd positive integer less than : 2,3,...,n-l Note that the number of division, ,"qu-ir"d to reach &-r for i the final equation does not exceed the number of divisions requiied to find the greatestcommon divisor of a and b using the Euclidean algorithm. we illustrate this sequenceof equationswith the following example. E x a m p l e .L e t a : 4 0 1

andb:

lll.

Then

4 0 1: 1 1 1 . 3 + 2 2 . n lll17.6+20.9 17:9.1+23.1. Using the sequence of equations we have described, together with the properties of the Jacobi symbol, we prove the following theorem, which gives an algorithm for evaluating Jacobi symbols. Theorem 9.7. Let a and b be positive integers with a > b . Then ni-r R,-r f ^'l + " ' + s ' - r& - !a!**f, +...+R"_,-tR._r_r t 8 r z 2 2 2 l+l:(-l)'' lb ) where the integersR; and s;,,t :1,2,...,n-l

: i+l:[+]

'

, are as previouslydescribed.

Proof. From the first equation and (i), (ii) and (iv) of Theorem 9.5. we have

fglla,|-

: (-1)

321

9 .3 The J ac obi s y m b o l

we have using Theorem9.6,the reciprocitylaw for Jacobisymbols,

+ :'-')+ t#l t*l

so that f ^ I

R,-l

l+l:(-r)T LDJ

R,-l

ni-t-

[ n, I

IR,J

Similarly, using the subsequentdivisions,we find that

ry*n#i+l :,-,rT '/ lgl ^, 1R;+rJ ,| [ * n e n w e c o m b i n ea l l th e e q u al i ti es,w e obtai n the desi red

fo rT :2, 3, . . . , n- t \

for l+ I tr expression ' [b ,l The followingexampleillustratesthe useof Theorem9.7. Example. To evaluate

we use the sequenceof divisionsin the

[++], previousexampleand Theorem9.7. This tells us that

[+orl:,-,lt F*o'"lt*'

n't'.ttr!:r +*!+

+:r.

l.111 J

The following corollary describes the computational complexity of the algorithm for evaluating Jacobi symbols given in Theorem 9.7. relatively prime positive integers with a > b ' ,,be O(loezb)3) bit Then the Jacobi symbol l+ | can be evaluated using " lb) operations.

Corollary 9.1. Let a and D

rt Proof. To find lf

of O1ogzb) a sequence I uting Theorem9.7,we perform

t . DJ

divisions. To see this, note that the number of divisions does not exceed the number of divisions needed to find G,b) using the Euclidean algorithm. Thus, by Lam6's theorem we know that O (log2b) divisions are needed. Each

322

QuadraticResidues

divisioncan be doneusing o ((lo^gzD2) operations. Each pair of integers si can be found using o(logzb).bit bit operationson"" ih" appropriate fl.u.nd divisionhasbeencarriedout. consequently,o((log2D)3)bit operationsare required to find the integers R;,s7,i :1,2,"',n-t a andb. Finaily,to evaluate the exponent of -l lr.T in the expression for l+l in Theorem9.7, we usethe last threebits in the lD ) binary expansion:of Ri,i : r,2,...,,n-r and the last bit in the binary expansions of sy,,r: r,,2,...,n-r. Therefore,we use 0(lo926) additional bit operations to find I+l Sinceo((log2D)3)+ ooog2b): o(tog2,D2) the , lD ) corollarvholds. tr

9.3 Problems I.

Evaluatethe followingJacobisymbols

a, t+]

b, [*]

b, [*]

, lx)

c,[*] 'tml

2 . For which positive integers n that are relatively

to 15 does the Jacobi

symbor equar r? t*l 3 . For which positive integers n that are relatively

to 30 does the Jacobi

symbor equar r? |.+l 4 . Let a and b be relatively prime integers such that b is odd and positive and a :

(-l)'2'q

where q is odd. Show that b-l

:

(-l)--'r

+

br-l

l-''

["1 lb )

5.

Let n be an odd square-free., positive integer. Show that there is an integer a

: -t such that(a,n): I and l;,J

323

9 .3 Th e J ac obi s Y m b o l

6.

Let n be an odd square-freepositive integer' r\ w h e r et h e s u m i s t a k e n o v e r a l l k i n a r e d u c e ds e t a ) S h o wt h a t ) l + l : 0 ,

ln )

of residuesmodulon. (Hint: Use problem5') b)

,n. numberof integersin a reduc?O"ti'ofresidues From part (a), show 11"\ O : -t. - r - - to the number*itn l* I modulon suchttut I | : I" -is- equal

l'J

lrj

7 . Let a and b:ro be relatively prime odd positive integers such that A :

lOQt *

e1r1

tO:

rlQ2 I

e2r2

enfn

fn-tQn-t*

fn-l:

with where q; is a nonnegative even integol, €; : t l, r; iS a positive integer by : obtained are l. These equations ri 1 ri t, for t : 1,2,...,frj , and rn Section l0 of problem in given algorithm successivelyusing the modified division t.2.

f^'l a)

Show that the Jacobi symbol |*

f"l

Irl b)

I i, given by

l . DJ

:(-l)[

l++*++:. 2

t

2

2

*t-f'+l 2

2

)

Showthat the Jacobisymbol [+.| t, givenbv lD ) t'^l

l+ | : (-r)r' lb;

w h e r e T i s t h e n u m b e r o f i n t e g e r si , I < , (mod 4). 8.

( n, with ri-r 7 ciri = 3

Show that if a and b are odd integers and (a,b): reciprocity law holds for the Jacobi symbol: I

(

" lt

a-t b-t

b l -:l - ( - r ) ; - ; a-'b-'

' ) \ll;l-J '--'J lr;l-l l,_ [(-l)2

2

l, then the following

ira
324

QuadraticResidues

In problems9-15 we dealwith the Kronecker symbol which is definedas follows. Let u positiveintegerthat is not a perfect,quu." such that a E0 or I (mod4). We 1 P" oenne

i'

l") ttt:

ifa=l(mod8) -lifa=5(mod8).

\l

L e g e n d r es y m b o ' [;):the

:,q[f]"

i r ( o " t ) : I a n d:nIIpi

[;] 9.

if p is an odd prime such that p/a [;]

is the prime factorizationof n.

./- I

Evaluate the following Kronecker symbols a,

b, [*]

c, [*]

[*]

For problems 10-15 let a be a positive integer that is not a perfect square such that a= 0 or I (mod 4).

l0' Showthat symbol.

("1: ( z l " it zla, wherethe svmbolon the right is a Jacobi

[;]

tftl

Show that if n1and,n2t,re positiveintegersand if (app2)

:

[*):

Show that if n is a positive integer relatively prime to a and if a is odd, then rl r )

I L I :: f ;J

I n I w h i l ei f a i s e v e na, n da :2 ' t w heret i s odd,then [ l] J '

['l

(_r)2 2 r-l.z-l

l;J 1 3 . Show that if

tt1 and

,? uti

flt 7 nz (mod I a l ) , t h e n

lsl:

f't ,J Show that if alo,

f

)

tTrll

positive.,integers relatively prime to a and

lLl. lnz)

then there exists a positive integer n with

,l

-tn)

325

9 .4 Euler P s eudopr i me s

15. Show that if a 10. then

al

IFJ

: Jrr ii ff aa >< 00. [-

9.3 Computer Projects Write programs to do the following: l.

EvaluateJacobi symbolsusing the method of Theorem 9.7.

2.

Evaluate Jacobi symbols using problems 4 and 7.

3.

Evaluate Kronecker symbols (defined in the problem set).

9.4 Euler Pseudoprimes Let p be an odd prime number and let b be an integer not divisible by p. By Euler's criterion, we know that ('t

6b-t)lz

_ l4l(modp). lp )

Hence, if we wish to test the positive integer n for primality, we can take an integer b, with (b , il : l, and determinewhether

r,'l 6 h - D / 2: l g I ( m o dn ) , ln ) where the symbolon the right-handside of the congruence is the Jacobi fails,thenr is composite. symbol. If we find that this congruence Example. Let n :341

and b :2.

We calculatethat 2r7o= 1 (mod 341).

(t

Since341: -3 (mod8), usingTheorem9.5 (iv), w e s e et h a t | - .

I

I : -1.

l . 3 4 r. l

g ntly, 2t7o Conseque

(mod 341). This demonstratesthat 341 is not

[+ prime. Thus, we can define a type of pseudoprimebased on Euler's criterion. Definition. An odd, composite,positive integer n that satisfiesthe congruence

326

QuadraticResidues

__ ql ,_"d n), 6h_D/2 f l" ) where 6 is a positive integer is called an Euler pseudoprime to the baseb. An Euler pseudoprime to the base b is a composite integer that masqueradesas a prime by satisfying the congruencegiven in the definition. E x a m p l e .L e t n : 1 1 0 5

andb:2.

w e c a l c u l a t e t h a t 2 s . s 2 -I ( m o dl l 0 5 ) .

Since '1105= I (mod8), we see that : t. Hence, l+] l l l o s ) r I -2552 I +1105| (-oa l 105). BecauseI r05 is composite, it is an Euler l,l pseudoprime to the base2. The following proposition shows that everv Euler pseudoprime to the baseD is a pseudoprimeto this base. Proposition 9.1. If n is an Euler pseudoprime to the base b, then n is a pseudoprimeto the baseD.

Proof. If n is an Euler pseudoprime to the base6, then

- al (mod 6G-t)/2 n). f ln )

Hence, by squaring both sidesof this congruence,we find that (

1 6 b - D / 2 1 2l -q l lr) (. ) S i n c el g l :

l, )

t l , w e s e et h a t

\2

(modz).

= I (mod n ). This means that n

pseudoprime to the baseD. tr Not every pseudoprimeis an Euler pseudoprime. For example, the integer 341 is not an Euler pseudoprime to the base 2, as we have shown. but is a pseudoprimeto this base. we know that every Euler pseudoprime is a pseudoprime. Next, we show that the converse is true, namely that every strong pseudoprime is an Euler pseudoprime.

327

9.4 EulerPseudoPrimes

b, then n is an Euler Theorem 9.8. lf n is a strong pseudoprimeto the base pseudoprimeto this base . if n - | : 2't ' Proof. Let n be a strong pseudoprime to the base b. Then -1 (mod : = n) where I (mod n) or b2" where / is odd, eithe-r bt of n ' 0 ( r ( s - 1. Let n: fI p i ' b e th e p ri m e -p o w e rf actori zati on f:l

prime divisor of First, consider the case where b' = I (mod n)' Let p be a i s odd, w e see n . Si nc e b, = l( m od p ), w e k n o w th a t o rd o 6 l r. B ecauser an odd divisor that ordob is also odd. Hence, ordrb I b-l)12,since ordob is -1. Therefore, of the even integer 6Q) - p 6 Q - r ) / 2= I ( m o d P ) '

by Euler'scriterion, we have Consequently,

fal : t |-;j

r\ To computethe Jacobisymbol I + I' we notethat ln ) p dividingn. Hence,

lil:'

for all primes

-ft Illo':r. : lnl Inr l+] =tI P ' J lfrrl

: (b')2' = I (mod n). Therefore, Since bt =1 (mod n), we know that b'-r we have

|r b,-t:[a[=t(modn).

ln )

We conclude that n is an Euler pseudoprimeto the base b. Next. consider the casewhere 6rt :

-l

(modn)

for some r with 0 ( r ( s - 1. If p is a prime divisor of n, then b2't= -l (modp). Squaring both sidesof this congruence'we obtain

328

Quadrati c R esi dues

b2"', = l (modp). This implies that ordob | 2'+rv, but that ordob z,t. Hence, I o rd rb : 2 ' * rc, where c is an odd integer. Since ordobl(p-l) 2' + t l( p- l) .

and 2,+tlordrb, it follows that

Therefore, we h a v e p :2 r+ rd

* l , w h e red i s an i nteger. S i nce - -l (mod 6(ord,b)/2 p),

we have r\ I A | = 6Q-D/z :

lp )

-

66rd,b/z)((p-D/ord,b)

(- r!Q-l)/otd,u : (-11Q-r)/2*', (mod p).

Becausec is odd, we knowthat (-t)'

: -1. Hence,

r)

(e.e)

: (-l)d, l+ | : (-1)rr-r)rz'*' lp)

r e c a l l i n g t h a t d : ( p -I) /2'+t. Since each prime p; divid ing n is of the form pr : 2'rrdi + l, it follows that m

n : fI pj'. t-l

: :

m

fI (2'+td, + l)o, ,;, fI (l + 2'+raid;) t-l m

= I + 2'+t > aidi (mod 22r+2). Therefore.

t2'-t : h-D/2

m

) r s Z/ a ; d i ( m o d 2 ' + t ) . i-l

329

9.4 EulerPseudoprimes

This congruenceimPlies that 12s-t-r = i

aidi (mod 2)

i-l

and (9.10)

66-r\/2 : (6rt7z:-'- :

(-t)'.*

2 o'd' (mod n). (-1)t-t

:

On the other hand, from (9.9), we have

m ^) : fI el)"'"' : ((-r)d,)., : : fr lnl ft [+.|. I n J , . : r| . p , J i _ r

.fo,o, (-1)i-t

t-l

Therefore, combining the previousequation w i th (9 .10),w e seethat

- [ql 6(n-t)/z ln)

(m o d n ).

Consequently,n is an Euler pseudoprimeto the base D' tr Although every strong pseutloprimeto the base D is an Euler pseudoprime to this base, note that not every Euler pseudoprimeto the base b is a strong pseudoprime to the base b, as the following example shows. Example. We have previously shown that the integer 1105 is an Euler pseudoprimeto the base 2. However, 1105 is not a strong pseudoprimeto the base 2 since :2552: 2(llos-l)/2

I (mod 1105),

while 2 0 t 0 s - r ) / 2: 222 7 6 :

7gl + t

1 (mod ll05).

Although an Euler pseudoprime to the base b is not always a strong pseudoprime to this base, when certain extra conditions are met, an Euler pseudoprimeto the base D is, in fact, a strong pseudoprimeto this base. The following two theoremsgive results of this kind. Theorem 9.9. If n : 3 (mod 4) and n is an Euler pseudoprime to the base b, then n is a strong pseudoprimeto the baseb.

330

Quadratic Residues

Proof. From the congruence n = 3 (mod 4), we know that n-l : 22.t where t : (n-l)/z is odd' Since n is an Euler pseudoprime to the base b, it follows that

- ql (mod bt : 6..'-t)/2 n). f ln ) r\ tbl : Drnce l- | +1, we know that either bt = l (mod n) or ln ) -l (modn). Hence,oneof the congruences b' = in the definitionof a strong pseudoprimeto the base b must hold. consequently, n is a strong pseudoprime to the baseb. tr Theorem9.10. If n is an Euler pseudoprime to the base6 and lal

: -r.

l\ n l '/

then n is a strong pseudoprimeto the base b.

Proaf. We write n-l : 2't , where / is odd and s is a positive integer. Since n is an Euler pseudoprimeto the base b, we have

br-,t: 6,.'-r)/2 fa l (modn). ln) r) B u t s i n c el 4 I : - t , w e s e et h a t

ln)

b ' r-' = -l

(m o d r).

This is one of the congruencesin the definition of a strong pseudoprime to the base b. Since n is composite,it is a strong pseudoprimeto ihe base ,. tr Using the concept of Euler pseudoprimality, we will develop a probabilistic primality test. This test was first suggestedby Solovay and Stiassen [7g]. Before presentingthe test, we give some helpful lemmata. Lemma 9.3. If n is an odd positive integer that is not a perfect sguare,then there is at least one integer b with | < b I

ft,(b ,n) :

r , a n dl 4 | : - , , ln )

where

is the Jacobi symbol.

331

9 .4 E uler P s eudop ri me s

Proof. If n is prime, the existence of such an integer b is guaranteed by Theorem 9.1. If n is composite,since n is not a perfect square,we can write n : rs wher e ( r , s ) : I a n d r: p ' , w i th p a n odd pri me and e an odd positive integer. Now let / be a quadratic nonresidue of the prime p; such a / exists by Theorem 9.1. We use the Chinese remainder theorem to find an integer b with 1 < b 1 n, (b ,n) : 1, and such that b satisfiesthe two congruences b = t (mod r) b = | (mods). Then,

fal : (ul

|,bl"-(_r),-_r,

f;J l7): tp)

that : -' r ro,,ows and : , Since : [*] [*] [*] ii] t1],', Lemma 9.4. Let n be an odd compositeinteger. Then there is at least one integerD with | < b I n, (b,n) : 1, and r\ 6 6 - D / z1 l 4 | ( m o dn ) . ln) Proof. Assume that for primeto n, that

positiveintegers not exceeding n and relatively r) 6h-t)/2 :

( e . 1l )

d). l4 | (mon ln)

Squaring both sides of this congruence tells us that r t2

b,-t :

lAl

l 3 I = ( + l ) z : I ( m o dn ) , ln )

if (b,n) : I Hence, n must be a Carmichael number. Therefore, from a rr e d i s t i n c t T h e o r e m8 . 2 1 , w e k n o w t h a t n : Q t 4 z " ' e , , whereQt,Qz,...,Q odd primes. We will now show that

332

QuadraticResidues

6 h - t ) / 2= 1 ( m o d n ) for all integers b with I ( b ( n and (b,n) :1. integer such that 6 h -r)/2 :

-l

Suppose that b is an

(mod n).

we use the chinese remainder theorem to find an integer a | 1 a { fl, (a,n): l. and

with

a=b(modq1) a : - | ( m o d Q z Q s .. . q , ) . Then, we observethat

o.r2)

o G - 1 ) / 2-

6b-D/z:

_ l ( m o dq 1 ) ,

while

(e.13)

= I (mod ezQt...Q,). o(n-r)/Z

From congruences O . l D a n d ( 9 . 1 3 ) ,w e s e et h a t o h _ t ) / 2* contradictingcongruence(q.tt).

+ 1(modn),

Hence, we must have

6 (,-t)/2= I (m o d n), for all D with I < , ( n and (b,n) - r. Consequentry, from the definition of an Euler pseudoprime,we know that

6".-t)/2:|,aj : I (modn)

l, )

for all D with I < b ( n and (b,n) : r. However, Lemma 9.3 tells us that this is impossible. Hence, the original assumption is false. There must be at l e as tone int eger6 w i th | < b 1 fl , (b ,,D : l , and 6G-D/z1

|r l4 | (modn). tr

ln ) We can now state and prove the theorem that probabilistic primality test.

the basis of the

333

9.4 Euler Pseudoprimes

Theorem 9.11. Let n be an odd composite integer. Then, the number of positive integers less then n, relatively prime to n , that are basesto which n is an Euler pseudoprime,is less than 6fu) /2. Proof. From Lemma 9.4, we know that there is an integer b with I < b 1 n, (b,n): l, and

ql (mod n). 6b-r)/2 l f lnJ

(s.rq

Now, let e1,e2,...,e^denote the positive integers less than n satisfying 1 ( a ; ( n, ( ai, n) : l , a n d

r) n), afn-rtrzlLl (mod

(e.ls)

In )

for; : 1,2,...,m. Let rr{2,...,rm be the least positive residuesof the integers bayba2,...,ba^ I for modulo n. We note that the integers rj are distinct and (ri,n): j : 1,Z,...,frt.Furthermore,

, ( n - , ) t 2 1 ( m ond) . [+]

(e.16) For, if it were true that

,e-,)/2-

[+]

(mod n),

then we would have

$a)(n-,)/2 l+l r-"0,r This would imply that,

: t+l 6h-t)/2o(n-t)/2

I r 1J

and since (9.14) holds.we would have

[+]

(mod n ),

334

QuadraticResidues

_ fqI 6."-t\/2

l, )'

c ont r adic t ing( 9 .1 4 ). S inc e aj, j :1 ,2 ,...,m , s a ti s fi e s th e congruence (9.15) w hi l e r j, j : 1, 2, . . . , n, d o e sn o t, a s (g .to ) s h o w s ,w e know thesetw o setsof i ntegers share no common elements. Hence, looking at the two sets together, we have a total of 2m distinct positive integers less than n and, relativ-elyprime to n. Since there are Qh) integers less than n that are relatively prime to /r, we -filis can conclude that 2m < qfu), so that m < proves the eh)/2. theorem. tr From Theorem 9.1l, we see that if n is an odd composite integer, when an integer b is selectedat random from the integers 1,2,,....,n-1, th; probability that n is an Euler pseudoprimeto the base 6 is less than I/2. This leads to the following probabilistic primality test. The Solovay-StrassenProbabilistic Primality Test. Let n be a positive integer. Select, at random, ft integers bpb2,...,boLorr the integers i,2,...,r-r. For each of theseintegersbj,j : 1,2,...,k,determinewhether 6Q-t)/2

t+]

(modn)

If any of these congruencesfails, then n is composite. If n is prime then all these congruences hold. If n is composite, the probability that all k congruenceshold is less than l/2k. Therefore, if n passesthis test n is ,,almost certainly prime." Since every strong pseudoprime to the base b is an Euler pseudoprime to this base, more composite integers pass the Solovay-Strassenprobabilistic primality test than the Rabin probabilistic primality test, altirough both require O(kQag2n)3) bit operations.

9.4 Problems l.

Show that the integer 561 is an Euler pseudoprimeto the base 2.

2.

Show that the integer 15841 is an Euler pseudoprime to the base 2, a strong pseudoprimeto the base 2 and a Carmichael number.

3.

Show that if n is an Euler pseudoprimeto the basesa and 6. then n is an Euler pseudoprimeto the base a6.

335

9.4 EulerPseudoprimes

4.

Show that if n is an Euler pseudoprimeto the base b, then n is also an Euler pseudoprimeto the basen-b.

5 . Show that if n= 5 (mod 8) and n is an Euler pseudoprimeto the base 2, then r is a strong pseudoprimeto the base 2. 6.

Show that if n = 5 (mod 12) and n is an Euler pseudoprimeto the base 3, then n is a strong pseudoprimeto the base 3.

7.

Find a congruencecondition that guaranteesthat an Euler pseudoprimeto the base 5 satisfying this congruencecondition is a strong pseudoprimeto the base 5.

8.

Let

the

composite positive integer

, : pl,pi, . . . ph,

where pi : | *

kr ( kz ( < k-, and where n: pseudoprimeto exactly

n

have

prime-power factorization

where for zfqi i:1,2,...,ffi, | * 2kq. Show that n is an Euler

6" II ((n-l)/2, p1-t) j-l

different basesb with l < b ( n , w h e r e

(

12

D r : 1 1/Z It t

if kr:

1,

if kj < k and a; is odd for some j otherwise.

9.4 ComputerProjects Write programsto do the following: Determine if an integer passesthe test for Euler pseudoprimesto the base b. Perform the Solovay-Strassenprobabilistic primality test.

10 Decimal Fractions and GontinuedFractions

10.1 DecimalFractions In this chapter, we will discuss rational and irrational numbers and their representationsas decimal fractions and continued fractions. we begin with definitions. Definition. The real number a is called rational are integers with b * 0. If a is not rational. then

a - a /b, where a and b say that u is irrational.

If a is a rational number then we may write a as the quotient of two integers in infinitely many ways, for if ot : a b, where o f uni b are integers with b ;t' 0, then a : ka f kD whenever fr is a nonzero integer. It is easy to see that a positive rational number may be written uniquely as the quotient of two relatively prime positive integers; when this is done we say that the rational number is in lowest terms. Example. We note that the rational number ll/Zl also see that

is in lowest terms. We

-tt/-21 - tt/2r : 22/42: 33/63: The following theorem tells us that the sum, difference, product, and quotient (when the divisor is not zero) of two rational number is again rational.

337

1O.1 DecimalFractions

Then a + 0, a - 0' a9' Theorem 10.1. Let a and B be rational numbers. and a/0 (when P+0 are rational' : alb and B : cld' where Proof. Since a and p are rational, it follows that a * O' Then' each of the e, b, c, and d are integers with b * 0 and d numbers a * B : a /b + c l d : (a d * b c)/bd' a - 0: a/b - c/d : (ad-bc)lbd' a0-b/b)'k/d)-acfbd, a/0 : b /b) lG ld) : ad lbc @*0 ' denominatcr different is rational, since it is the quotient of two integers with from zeto. D We start by The next two results show that certain numbers are irrational' considering ,/T Proposition 10.1. The number '/T is irrational' prime integers Proof. Suppose that .,,6 : a lb, where c and b are relatively with b I 0. Then, we have 2:

a2lb2,

so that 2b2 : a2. Since 2lor,problem 3l of Section2.3 tells us that2la. b2:2c2.

Let q :2c,

so that

6. H ow ever, He n c e, 21b, , and b y p ro b l e m 3 l o f Se c ti o n2 .3 ,2 al so di vi des a nd b' This a b o t h d i v i d e c a n n o t we^know that 2 since G,b)':1, B contradiction shows that .6 is irrational' it We can also use the following more general result to show that .6 irrational. * cnlxn-t * Theorem 10.2. Let o( be a root of the polynomial x' with cs * 0. integers * cp * cs where the coefficientsca, ct,...,cn-r,are Then a is either an integer or an irrational number' and b Proof. Supposethat a is rational. Then we can write ot: alb whete a

338

DecimafFractionsand ContinuedFractions

are relatively prime integers with b o. x' + c r - 1x n- l * * c p * ,0 , w e h a v e b/b),

rc,_tG/6y,-t *

Since ot is

+cJa/D

a

root

of

*ca:0.

Multiplying by bn, we find that an + cn_pn-tb +

* c p b o - r + c s b n: 0 .

Since

' '!n',*n', ^:,,;;'i-. ,,n*'u* * , u'^o!,', u"rli-" o;ui, orp x,'-::'il Since p I b and b I an , we know that p

Hence, by problem 3l of I a, Sec t ion 2. 3, w: s e e th a t p l a . H o w i v e r, si nce (a, b) : l , thi s i s a contradiction which shows that b : t 1. Consequently, if a is rational then d : * o, so that a must be an integer. tr we illustrate the use of Theorem 10.2 with the following example. Example' Let a be a positive integer that is not the mth power of an integer, so that "\/i it not an integer. ThJn x/i i, irrationat by Theorem 10.1, since

"
ur'^.,8,-18,-r:g'fr:";;

The numbers zr and e are both irrational. We will not prove that either of thesenumbersare irrational here; the reader can find proofs in Itg]. We now consider base 6 expansionsof real numbers, where b is a positive i n teger ,b > l. L e t a b e a re a l n u mb e r, a n d ret a:Ial be the i ntegerpart of a, so that r:o--[a] i s t h e f r a c t i o n a lp a r t o f a a n d o t : a * 7 w i t h 0 < 7 < I' From Theorem 1.3, the integer a has a unique baseb expansion. We now show that the fractional part ^yalso has a unique base 6 expansion. Theorem 10.3. Let 7 be a real number with 0 ( y ( l, and let b be a positive integer, b > | . Then can be uniquely written T as r:

; ci/bi j-r

where the coefficientsc; are integers with 0 ( c; < 6-l for j : 1,2,..w ., ith the restriction that for every positive integer l/ there is an integer n with n2Nandc, lb-1.

339

1 O,1 D ec im al F r ac t i o n s

series' We will use the In the proof of Theorem 10.3, we deal with infinite geometric series' following formula for the sum of the terms of an infinite < t. Then Theorem 10.4. Lets and r be real nurnberswith lr[

V o r i: a / 0 - ' ) .

j-0

(Most calculusbookscontain a proof') For a proof of Theorem 10.4,see [62]. We can now ProveTheorem 10'3' Proof. We first let c1: IbTl , l et so th a t 0 ( c r ( b_ 1 , s i n c e0 < b 7 < b . In a d di ti on, ^ fr : b l - c r : b ^ Y- l b l l ' sothat0(?r(land ^Y:

c1 , 7l ' 1 b b

^yg for k : 2,3,..., bY We recursivelYdefine c1 and ck :

[bfr-r]

and

nlk-t:+.+' so that 0(cr follows that

(b-t,

C"t

C1

7:T* Si n ce 0 ( ln (

and 0(rt

s i n c e0 ( b z t - r 1 b ,

Ur*

l, w e s e eth a t a 4 l r/b n

)tgntO' Therefore. we can conclude that

*

< I'

Cn

n,

+^Y,

b,

< l /b n . consequentl y,

:0.

Then'

340

DecimalFractionsand ContinuedFractions

lim

7:

n<6 6

:

') r, "J

.{,t j:l

To show that this expansionis unique, assume that c1/bi:;

r:; j -l

dj/bi, j:l

whereo r, < b-l and 0 ( d, < b-1, and, for everypositive integer.v, 5 thereare integersn and m with i, * D-l and d* r b-1. Assumethat k is the smallestindex-for which cr, * d1r, and assume that c1,7 dr, (the case cr 4 dp is handledby switchingthe roresof the two expansions). Then o: ;

k1-d1) lbi : (c*-d) /bk *

_k+l j ,i',

ki-d)

/bj ,

so that (10.1)

G1,-d1)/bk :

;

j-k+t

e1-c1) /bi

Since c; ) d*, we have (10.2)

b*-d) /bo > , /uo.

while (10.3) j:k+t

j-k+l

:(b-l)

l lLK+l

, "u | _ t/b

: l / b k, where we have used Theorem 10.4 to evaluatethe sum on the right-hand side of the inequality. Note that equality holds in (10.3) if and only if d j - c . i: b- l f o r a l ! i w i th 7 ) t 1 t, a nd thi s occurs i f and onl y i f d j : . b- l- and c i:0 fo r i 2 k + t. H o w e v e r,such an i nstancei s excl uded by the hypothesesof the theorem. Hence, the inequality in (tO.:) is strict, and therefore, (to.z) and (10.3) contradict (to.t). ttris shows that the baseb \ expansionof a is unique. tr

341

1 O.1 Dec im al F r ac ti o n s

The unique expansion of a real number in the form ). c1/bi is called the J-t

base b expansionof this number and is denotedby kp2ca..)6. To find the base b expansion(.cp2ca..)6 of a real number 7, wo can use the recursive formula for the digits given in the proof of Theorem 10.3, namely ^ fk : b y * -t - l bl t -J ,

ck : lbt*-J , where ^Yo: ^Y,for k : 1,2,3,...

Example. Let ( . c p2 c a ..)6 b e th e b a s e8 e x p a n s ionof l /6. Then tc 1: [ 8 ' ; l : o _

1,,

l_

c2:[8';'l:2, J

_ )_ ca:[8']l-5, J

_ tca:[8'Tl:2, J

cs:[8'?t:t,

^yt:8 -l : I + T, ^y2:s -2: 2 t' + ^y3:B -5 - I T' + 2 74:8 + -2 - T' I ^ys-s +-s: T,

and so on. We see that the expansionrepeatsand hence, t/6 : (1 2 5 2 5 2 5 ..)8. We will now discussbase b expansionsof rational numbers. We will show that a number is rational if and only if its base D expansion is periodic or terminates. Definition. A base D expansion (.cp2ct..)r is said to terminate if there is a : 0. positiveinteger n such that c, - cn*l - cn+z: Example. The decimal expansionof l/8, (.125000...)ro: (.125)ro,terminates. Also, the base 6 expansionof 419, (.24000...)o- (24)6, terminates. To describethose real numbers with terminating base b expansion,we prove the following theorem.

342

DecimalFractionsand ContinuedFractions

Theorem 10.5. The real number a, 0 < q I 1, has a terminating base D expansion if and only if a is rationaland a : r/s, where 0 ( r ( s

and every

prime factor of s also divides D.

Proof. First, supposethat a has a terminating base 6 expansion, (c 1c2...c)6 .

d:

Then Q:

b' so that a is rational, and can be written with a denominator divisible only by primes dividing b. Conversely,supposethat 0 ( a (

l, and

a:

rfs .

where each prime dividing s also divides 6. Hence, there is power a of D, say bN, that is divisible by s (for instance, take N to be the largest exponent in the prime-power factorization of s). Then bNot:b*r/t:er, where sa : bN ,, and a is a positive integer since slbr. (a*a^-1...aps)6 be the baseb expansionof or. ln"n a^b^*o^-tb^-r + . . . * atb*ag

Now

let

ar/bN :

a:

6u :

d*b--N

:

(.00...a m o m - t . . . a , a s )y .

+ am_tbm-l-fl

+

*a1b|-tr+ aob-N

Hence, a has a terminating base6 expansion. D Note that every terminating base b expansion can be written as a nonterminatingbase6 expansionwith a tail-end consistingentirely of the digit b-1, since (.cp2... c^)r- (cp2... pir cm-lb-lbi...lu (.ttl l l ...)ro . T h i s i s w h y w e requi re i n Theorem i n stanc e,( 12) t o: 10.3 that for every integer N there is an integer n, such that n ) N and

343

1 O.1 Dec im al F r ac ti o n s

cn# b-l; A base

without this restrictionbaseb expansionswould not be unique. instance b expansionthat does not terminate may be periodic, for I 1 3 : ( . 3 3 3 . . .1)s' | / 6 : ( . 16 6 6 . ' . t) o '

and | /7 : (.t+ztst 142857142857..) rc' if there are Definition. A base b expansion (.cp2ca..)6 is called periodic : ' N n for cn 7 positive integers N and k such that cn11 Wedenoteby(cp2...cv1-,']]-"*1-')6theperiodicbaseb (.cp 2...c7,1"') a' For instance'we have t -( t t...cN+t-rc.nv rclr...cry+

expanslon

r/3 : (.J)_.,0 , 7 1 6: ( . 1 6r)o, and

ll7 : (.taxsz)ro. begin Note that the periodic parts of the decimal expansionsof 1/3 and l/7 the proceeds immediately, while in the decimal expansion of l/6 the digit I b base periodic periodic pirt of the expansion. We call the part of a part periodic L*punsion preceding the periodic part the pre-period, and the thi period, where we take the period to have minimal possiblelength' (.ootorzr)r. Example. The base 3 expansionof 2/45 is (0 0 1) 3and t he per io di s (O t2 l )3 .

The pre-period is

The next theorem tells us that the rational numbers are those real numbers gives with periodic or terminating base b expansions. Moreover, the theorem of rational expansions b base periods of and the lengths of the pre-period numbers. Theorem 10.6. Let b be a positive integer. Then a periodic base b expansion representsa rational number. Conversely,the base b expansionof a rational ( 1, a: rfs, number either terminates or is periodic. Furthero if 0 < a : T(J where every where r and J are relatively prime positive integers, and s prime factor af T divides 6 and (U ,b) : 1, then the period length of the base of a is ordy b, and the pre-period length is .l/, where N is the b ""punrion smaliestpositiveinteger such that TlbN.

344

DecimalFractionsand ContinuedFractions

Proof. First, suppose that the baseD expansion of a is periodic,so that

a: (.crrr...r*ffi)o c1

ct I-J-

b62 C1

C'; I-J-

b62 where we have used Theorem 10.4 to see that €l

6tc

s^_ t"^ ojo

I

,r - . _

bk-l

bk

Since a is the sum of rational numbers, Theorem l0.l rational.

tells us that a is

Conversely,supposethat 0 ( a ( l, a : r /s, where r and s are relatively prime positive integers, s : T(J , where every prime factor of T divides b, Ql,b): 1, and I/ is the smallestinteger such-that Tlb* Since Tlb*, we have aT:

(10.4)

bN, where c is a positiveinteger. Hence bNa:bN

LTUU

or

Furthermore,we can write (r0.5)

ar

c

i:n*i,

where A and C are integers with

0 < I < 6N, and (c,u):

0 < c < u.

l. (the inequalityfor A followssince0 ( bNa: +

< bN.

U which results from the inequality 0 ( a ( I when both sides are multiplied by bN) . The fact that (C,tl): I follows easily from the condition (r,s) : l. Fr om T heor em 1 .3 ,A h a s a b a s eb e x p a n s i o nA : (anan_t...epo)u.

lf U : l, then the base b expansion of a terminates as shown above. Otherwise, Iet v : ord,ub. Then,

34s

1O.1 DecimalFractions

b'#:

(10.6)

Q u+ t )c U

+t,

where/ is an integer, since b' = | (mod U). However, we also have (t

(-

+ c' * al. b')

-C+j 62

b'+:b'l]+ U

(10.7)

LA

b'

that o' where(cp2ca...)6is the baseb expansion t,so c k : l b l t -J , where To :

C

T, f o r k

(10.8)

: 1 , 2 , 3 , . . . . F r o m ( 1 0 . 7 )w e s e et h a t

(-( b' *: U\

^ y k- b ' y t -r - l bl * -J

l r , b u - t+ c 2 b ' - z+

* r"] t ru.

( T, ( l, Equatingthe fractionalparts of (10.6) and (tO.S),notingthat 0 we find that C 4 t : -

Iv

u'

ConsequentlY,we seethat

^Yv: ": t' so that from the recursivedefinition of c1,c2,...we can concludeIhzt cpau: c1, nuta periodic baseb expansion for k : 1,2,3,.,.. Hence $ c - (n-rcr-Q6. U Combining (tO.+) and (10.5), and inserting the base b expansionsof A and

9. *. huu, U'

(ro.s)

bNa :

( a n a n - 1 . . . a t a o. c p 2 . . . c v 6) .

Dividing both sidesof (10.9) by bN, we obtain a : ( . 0 0... a n a n - r . . . o p o f f i )

u,

(where we have shifted the decimal point in the base b expansion of brya N

346

D e c i ma l F ra c ti ons and C onti nued Fracti ons

spaces to the left to obtain the base b expansion of a). In this base D expansionof a, the pre-period (.00...a,an-t...ipo)a is of length N, beginning with.A/ - h*1) zeros,and the period f.ngit, ir r. We have shown that there is a base b expansionof a with a pre-period of length r/ and a period of length v. To finish the proof, we must ,t o* that we cannot regroup the base b expansion of a, so that either the pre-period has length less than ry', or the period has length less than v. To do this, suppose that

q: (.crrr...trffi)u :

C1

b

Ct

*;*

*#*(*)la.

k f t M - t + c2 b M - 2 q

+cM)(bk-t) + Gyar6k-t+ bM (bk -t)

, cM+k -;m

f cTaap)

S i n c eq . : r f s , w i t h ( r , s ) : l , w e s e et h a t s l b M $ k _ D . C o n s e q u e n t l y , TlbM uTd ul(tk-o. H e n c e , M > N , a n d v l k ( f r o m T h e o r e mg . l , s i n c e bk = I (mod tD and v : ord,ub). Therefore,'the pre-period length cannot be less than ,^/ and the period length cannot be less than v. D We can use Theorem 10.6 to determine the lengths of the pre-period and p e r iod of dec im a l e x p a n s i o n s . L e t a : r/s , 0 < a ( l , and , :2" , 5r,, , where (1,10) : l. Then, from Theorem 10.6 the pre-period has length max (s1,s2)and the period has length ord,l0. Example. Let ot:5/28. since 2g - 22.7,,Theorem10.6 tells us that the prehas length 2 and the period has length ord710 : 6. Since rylt:d: (fiasll4z), 5/28 we seethat theselengthsare correct. Note that the pre-period and period lengths of a rational numb er r f s, in lowestterms, dependsonly on the denominators, and not on the numerator /. we observe that from Theorem r 0.6, a base b expansion that is not terminating and is not periodic representsan irrational number. Example. The number with decimal expansion o r: . 1 0 1 0 0 1 0 0 0 1 0 0 0 0 . . . , consisting of a one followed by a zero, a one followed by two zeros, a one followed by three zeroes, and so on, is irrational because this decimal expansiondoes not terminate, and is not periodic.

347

1O.1 DecimalFractions

so that its decimal The number d in the above example is concocted occurring numbers expansion is clearly not periodic. To show that naturally becausewe do 10.6, Theorem such as e and 7( are irrational, we cannot use No matter numbers' these of not have explicit formulae for the decimal digits cannot still we compute, we how many decimal digits of their expansions could period the because conclude that they are irrational from ihis evidence, be longer than the number of digits we have computed'

10.1 Problems l.

Show that dE is irrational a)

by an argument similar to that given in Propositionl0'l'

b)

using Theorem 10.2.

2.

Show that :/i

3.

Show that a)

+ ..6 is irrational.

log23 is irrational.

which logob is irrational, where p is a prime and b is a positive integer is not a Power of P rational or 4 . show that the sum of two irrational numbers can be either irrational. either rational or 5. Show that the product of two irrational numbers can be irrational. b)

6.

Find the decimal expansionsof the following numbers

d) 8lrs

a) 2/5 b) slt2 c) r2113 7.

e) lllll f) 1/1001.

Find the base 8 expansionsof the following numbers

d) r16 e) rlrz f) r122.

a) rl3 b) rl4 c) rls 8.

Find the fraction, in lowest terms, representedby the following expansions

a) .rz

b) .i

c) n.

348

D e c i ma l F ra c t i ons and C onti nued Fracti ons

9'

Find the fraction, in lowest terms, representedby the following expansions

a) (.rzi, b) (.oar6 l0' Il'

For which positive integers D does the base 6 expansion of l r/zro terminate? Find the pre'period and period lengths of the decimal expansions of the following rational numbers

il 7/t2 b) tt/30 c) t/7s 12'

c) (.iT),, d) (M),6.

d) rc/23 e) B/s6 f) t/6t.

Find the pre'period and period lengths of the base 12 expansions of the following rational numbers

a) t/+ b) r/B c) 7/ro

d) s/24 e) 17h32 f) 7860.

13' Let b be a positiveinteger.Showthat the period lengthof the base6 expansion of l/m is m - I if andonlyif z is piimeand, i, primitiveroot of m. " 14. For which primesp doesthe decimalexpansion of l/p haveperiodlengthof a)l b)2 c)3

d)4 e)5 f) 6?

15. Find the baseb expansions of

a) r/(b-r)

b) r/6+D .

16. Showthat the baseD expansion of t/G-1)z;, 1.9ffirJp1;u. 17. Showthat the real numberwith base6 expansion

(otzt.,.o-tlol rr2..)t, constructed by successivelylisting the base b expansions of the integers, is irrational. 18. Show that

+.#.#.#.#

349

1 O.1 Dec im al F r ac t i o n s

r9.

one. is irrational, whenever D is a positive integer larger than integers greater than one' Let byb2,fur... !s an infinite sequence of positive as represented be can Show that every real number

,o*?.#+#;+, ( ct ( bp for k : I'2'3'"" where cs,c1,cz,c!,...are integers such that 0

20.

a)

Show that every real number has an expansion CrCtrt+

to+l!

*

zl* 3!

: are integers and 0 ( ct ( k for k where cs,c1,c2,c!,-.-

l'2'3'""

of the type show that every rational number has a terminating expansion (a). describedin Part llp is ('t,tr'-oJ" Supposethat p is a prime and the base b expansionof is p - l. show that llp of expansion b base so that the period length of the ( p, then. if z is a positive integer with I ( ln

b)

Zl.

( 2...c1sacP) 6' m /p : (.cya1...coac where k : indtm modulo P. has an even period length'

2 2. Show that if p is prime and l/p - ('ffi)6 k :2t,

f o r . , ;:r 1 , 2 , " ' , t

thenci * ci+t: b-l

whete h and' k 2 3 . The Farey series Fn of order n is the set of fractions hlk (h,k): are integers,0 ( ft < k ( n, and include 0 and I in the forms i

1, in ascendingorder' Here, we

and I respectively' For instance, the Farey I

seriesof order 4 is

3l

0l112

T ' T , T ' T ' 7 , 7 ,T a)

Find the Farey series of order 7.

b)

Show that if a/b bd - ac :1.

c)

Show that if a/b, c/d, and e/f then

and c/d

c

are successiveterms of a Farey series' then

a*e

are successiveterms of a Farey series,

7- E7'

3so

DecimalFractions and ContinuedFractions

d)

Show that if a/b ordern, then b*d

and, c/d ) n.

are successiveterms of the Farey series of

24. Let n be a positiveinteger,n ) l. Show that I not an integer. l0.l

ComputerProjects

Write computerprogramsto do the following: I' 2'

Find the base 6 expansionof a rational number, where b is a positive integer. Find the numerator and denominator of a rational number in lowesr rerms from its base b expansion.

3'

Find the pre-period and period lengths of the base D expansion of a rational number, where b is a positive integer.

4'

List the terms of the Farey series of order n where n is a positive integer (see problem 23).

10.2 Finite Continued Fractions Using the Euclidean algorithm we can express rational numbers as continued fractions. For instance, the Euclidean algorithm produces the following sequenceof equations:

62:2.23 + 2 3 : l . 1 6+ 1 6: 2 - 7 + 7:3-2 +

lG 7 2 l.

When we divideboth sidesof eachequationby the divisorof that equation,we obtain 62:r*16:,)r 23 23

I nlr6 I ?3-:t+L:t* 16 16 16/7 16 : I I Z : r + + 7 7 7/2 L

+ !. +:3 2 2' By combiningtheseequations, we find that

351

1 O.2 F init e Cont inu e d F ra c ti o n s

62 :2+ 23 :2+

1 23116 t

r '- L :

I

I

rc17 I

:2*

1+h I

:2*

1+

2++3*;

in the abovestring of equationsis a continuedfraction The final expression of 62123. expansion We now definecontinuedfunctions' of the form . A finite continuedfraction is an expression Definition I aot

atl ctz *

+-

1 a n - rt L

an an positive' The real ale real numbers with Q1,Q2,Q3',"'' where Qg,a1,a2,...,an continued fraction' the quotients of numbers ej,a2,...,Q'nare called lhe partial as,c r,..., an are all numbers real the if The continued fraction is called simple integers. we use the Because it is cumbersome to fully write out continued fractions, the above in fraction to represent the continued notation Lso;a1,e2,...,Ctn| definition. a We will now show that every finite simple continued fraction represents can number rational every that will demonstrate we rational number. Later be expressedas a finite simple continued fraction'

352

DecimalFractions and ContinuedFractions

Theorem l0'7 ' Every finite simple continued fraction represents a rational number. Proof' we will prove the theorem using mathematical induction. For n : 1 we have [ao;arl:oo+

I *aoar*l al og

which is rational. Now assume.that for the positive integer k the simple continuedfraction [ag;at,e2,...,eklis rational whlnevst as,or,...,okare integers with a r,...,ak positive. Let as,at,...,ek+tbe integers with er,...,ek+t positive. Note that [ a g . a 1 , . . . , a k +: t la g + Ia;a2,..., a1r.a1ra1l

By the induction hypothesis,[a ria2,...,ek,ek+r] is rational; hence, there are integers r and s, with s*0, such that this continued fraction equals r/s. Then l a o ; a 1 , . . . ,a k , o k + t l : a g +

I r/s

agr*S

which is again a rational number. tr We now show, using the Euclidean algorithm, that every rational number can be written as a finite simple continued fraction. Theorem 10.8. Every rational number can be expressed by u finite simple continued fraction. Proof. Letx:a/b w h e r ea a n d b a r e i n t e g e r s w i t h b > 0 . L e t r s - a and r't : b. Then the Euclidean algorithm prodr.", the following sequenceof equations:

353

1O.2 Finite ContinuedFractions

rO : r| :

r1Q1* 12 r2Q2* 13

Q 1r2 ( tt, 0(131rr,

12:

r3Qtl 14

0(ra113,

: ln-3

:

fn'ZQn-Z*

:

tnQn

fn-1Qn-1*fn

fn-Z: fn-l

0(rn-11tn-z, 0(rnlrn-t

fr-t

Writing these In the above equations 4z,Qt,.",Qn are positive integers. equations in fractional form we have L: b

lo

tt

:

tt:

.

6

13

I

q2+;:Q2.Trt

r2 rZ:

ta,

nr*;:et*

r3

ln-3

:

rn-2 ln-2: rn-l' fn-l

I

Qr*;:qt+

/1

tn-l

:

Qn-2

tn-2 L Qn-l t

,n

I

rrt^

I -L -t rn-2/rn-t : - nq- -n.-+l 4- , n - r , / r ,

;

: ,QN

rn

first equation' Substitutingthe value of r1/r2from the secondequation into the we obtain

(l 0.10)

al T:4tt

, 4z r

t ,rlry

into (10.10) Similarly, substituting the value of r2fr3 from the third equation we obtain

3 54

DecimalFractionsand ContinuedFractions

c

Qr*

b

Qz*

Q t *+rilrt Continuing in this manner, we find that

T:

I

q ' t+ Qz* Qt*

*

Qn-t

,l Qn

Hence

q n l . T h i s s h o w s t h a t e v e r yrational number can be t:rnriQz,..., written as a finite simple continuedfraction. ! We note that continued fractions for rational numbers are not unique. From the identity an :

Gn-l)

+

we seethat [ a g ; a1 , e 2 , . .e. ,n _ t , o n l: I a g ; a 1 , c t 2 ,e. .n. ,_ t , e n whenevera, )

L

Example. We have 1

#I I

: [ o ;I , l , l , 3 1: [ o ; l, l , l , 2 ,I ] .

In fact, it can be shown that every rational number can be written as a finite simple continued fraction in exactly two ways, one with an odd number of terms, the other with an even number (see problem 8 at the end of this se c t ion) . Next, we will discussthe numbers obtained from a finite continued fraction by cutting off the expressionat variousstages. Definition. The continued fractions [as;a1,o2,..., a1l, where ft is a nonnegative integer less than n, is called the kth convergenr of the continued fraction

355

1O.2 Finite ContinuedFractions

by Ct ' [ao;a1,e2,...,Qnl The kth convergentis denoted the convergentsof In our subsequentwork, we will need some properties of starting with a properties, these a continued fraction. We now develop formula for the convergents. an be real numbers,with a 1;a/;...,a, positive' Theorem 10.9. Lel ag,a1,e2,..., recursivelyby Let the sequencesP0,Pt,..., Pn and qs,qt,"', Qn be defined Qo: I Po: aO : q1: ar a s o l * l Pt and P * : o k P k - t t P*-z

Qk:

q*-z

apQt-t t

t k : I' ao;at,.' .,okl i s gi ven by fo r /c : 2, 3, . . . ,n . Then the k th c o n v e rg e n C Cp -- P*lqr' : 0 proof. we will prove this theorem using mathematical induction. For k we have Co: lael : asll : Polqo. For k : l, we seethat Cr : l a o ;a 1 l : a s + ! :

a1

aoat*l a1

:Pt Qt

Hence. the theorem is valid for k : 0 a n d k : l where Now assume that the theorem is true for the positive integer k Thismeansthat 1n 2
C k : [ ' a o ; a r , .Q . . k, l :

Pk:a*Px-r*Pt-z a trQ-t t * qtr-z' Q*

real Becauseof the way in which the p;'s and 4y's are defined, we see that the quotients numbers p*-r,p*-z,Qk-1, and Q*-z depend only on the partial by e0,er,...,ak-r . Conr"quently, we can replace the real number ap a* * lla*+t in (t0'l I), to obtain

3s6

D e c i ma l F ra c ti ons and C onti nued Fracti ons

C t + r : [ a g ; a t , . . . , o k , o k +: r l

I a o : a 1 , . .(. t, k _ t , o k+ ! l

ap

+l ["^

ok+t

P*-r t p*-z

.

l"r

*)nr-,*q*-z

a*n(arp*-r * p*-z) * p1,-1 apal(alrQrr-t *

*

Qt_)

qt_t

_ o * + Pt * P * -r a * + fi * * q* -r _ P*+t Q*+t

This finishesthe proof by induction. D we illustrate how to use Theorem 10.9 with the following example. E x am ple. we h a v e 1 7 3 /5 5 : [3 ;6 ,r,7 1. w e computethe sequences p1 andq, f o rj : 0 , 1 , 2 , 3 , b y

Po: 3 19 Pt:3'6+l: Pz: l'19+3:22 P t : 7 ' 2 2 + 1 9: 1 7 3

Qo: I Ql:6 Qz: l'6*l

:

7

4 3- 7 ' 7 + 6 : 5 5 .

Hence, the convergentsof the abovecontinuedfraction are Co : po/qo: 3/l : 3 Ct:Pt/qt:19/6 C z : p z /q z : 2 2 /7 Ct: pJqt: 173/55. We now state and prove another important property of the convergents of a continued fraction. Theorem 10.10. Let k be a positiveinteger, k 2 | Let the /cth convergent of the continuedfraction las;ar,...,onlbe c1 : p*/qt, where pt< and,q1, ai as

357

'1O.2Finite ContinuedFractions

definedin Theorem 10.9. Then PrrT*-r' P*-t4t'

: (-l)k-l'

For k : I we Proof. We use mathematical induction to prove the theorem' have (asal+l)'l - asat: l' PtQo-PoT1: Assume the theorem is true for an integer k where I < ft I : (-l)t-l' PtQ*-r P*-rQt

tt , so that

Then, we have Pt+rQt

-

P * Q t+ t

(a rr+ rp t* p r-)q r, - P* (arrttQ* * Qr-) - (-l)k-t: (-1)k' Pt-tQt Ptq*-t:

so that the theorem is true for k + l.

This finishesthe proof by induction. tr

we illustrate this theorem with the example we used to illustrate Theorem 10.9. Example. For the continuedfraction [3;6,1,71we have : -l PoQt PrQo: 3'6 19'l : : PrQz- PzQl 19'7 22'6 I : -1' PzQt PtQz: 22'55 173'7 As a consequenceof Theorem 10.10, we see that the convergentspt lqx for thi s. k:1 ,2, . . . ar e in low e s tte rm s . C o ro l l a ry 1 0 .1d e monstrates Corollary 10.1. Let C*: p*lqr, be the kth convergent of the simple where the integersPt and qp are as definedin continuedfraction las;ar,...,8211, Theorem 10.9. Then the integersPr, and qy are relatively prime. Proof. Let d : (p*,q*). From Theorem 10.10,we know that P*Q*-r Q*P*-r: (-l)k-l' Hence, from ProPosition1-2 we have

d I el)k-r. Therefore,d : l. B

3s8

D e c i m a l F ra cti ons and C onti nued Fracti ons

we als o hav e th e fo i l o w i n gu s e fu rc o ro i l a ry of Theorem r0.10. corollary 10.2- L?t ck : pr/qp be the c ont inuedf r ac t i o nl a o :a 1 ,e 2 ,..., e11l Then

kth convergent of t h e s i m p l e

{- ) * - r

C1,- Cr-r :

QtrQ*_r

for all inregers k with I < ft

n

Cp-

Also, alrG)k

^ -x-2:

QtQt-z

for all int eger sk w i th 2 < k ( n . Pr oof . F r om T h e o re m 1 0 .1 0w e k n o w th a t p l r Q* _tQ* pr_r: (_l )k-l W e obt ain t he f i rs t i d e n ti tv . Ck - Cft-r :

nr ''n Qr

pr_r

(_t)k-l

Qt-r

QtQ*_r

b y div iding bot h s i d e sb y q rQ* _ r . To obtain the secondidentity, note that r .t - r- L k - z : L

Pt'-z:- P*Qr-z-P*-zQ*

-Pt' Q*

Q*-z

Q*Q *-z

sinc e P k : at p*- r * p * -z a n d q 2 : o k e k -r * q * -2, w e seethat the numerator of the fraction on the right is P *Q *- z - p rr-z Q*: (a * p * _ t * p * _ z )q k _2- p* _z(arQr,_r* Qr_z) - a t(P tr-tQ tt-z- p * -z Q * -) : a rr(-l )k - 2 , where Pr - t Q t , - z-

we

have used P t - z Q* -r : (- D k -z .

Theorem

Therefore,we find that Cp -

Ck-z:

a1,GDk Q*4 tr-z

is the second identity of the corollary. tr

10.r0

that

359

1 O.2 Finit e Cont inue d F ra c ti o n s

theorem w hi ch i s useful Usi n g c or ollar y 10 .2 w e c a n p ro v e th e fo l l o w i ng fractions' when developinginfinite continued o f t he fi ni te si mpl econti nued Th e o rem l0. ll. Let c1 b e th e k th c o n v e rg e n t ., l . T h e n fra cti o n lag: at , Q 2, . . Qn Cr)Cl)Cs) Co ( Cz 1 Cq 1

' '

:0 ' l ' 2 " " a n d e ver y odd- num be rc dc o n v e rg e n tC ri * r ' i : e ve n num ber edc onve rg e n tC z i ,-l 0 ,1 .2 ," '

i s greater than every

: /'3' " ' ' rt' Pro o f. S inc eCor olla ry 1 0 .2 te l l s u s th a t, fo r k

C1r-C*-z:#' we know that Cp 1 C*-z wh e n k is odd, and C* )

C*-z

wh e n k is ev en. Hen c e Ct 7 Ct ) Cs and Co (

Cz 1 Cq 1

To show that every odd-numbered convergent is greater than every even' numberedconvergent,note that from Corollary 10.2 we have (-l)2--r'o' C z ^ - C z r n - l' -Qz^Qz^'t

so th at Cz ^- t 7 Cz ^ . T o c o m p a reC 2 1 ,a n d C ri -r , w e seethat Czj-r)

Crj*z*-l > Crj*ro )

Cz*'

-numbered so that every odd-numberedconvergentis greater than every even convergent. tr

360

D e c i ma l F ra c ti ons and C onti nued Fracti ons

Example. Consider the finite simple continued fraction 12:3,1,1,2,41. Then the convergentsare CoC1 CzC: : C+: Cs :

2/l-2 7/3:2.3333... 9/4:2.25 16/7:2.2857... 4l/lS:2.2777... ftA /7 9 : 2 . 2784....

We seethat Co : 2 1 Cz: 2.25I Ca : 2.2777... ( Cs :2.2784... ( Cr :2.2957... ( Cr :2.3333...

10.2 Problems l'

2'

Find the rational number, expressedin lowest terms, representedby each of the following simple continued fractions

a) b) c)

IZ;ll [t;z,z] [0;5,0]

e) f) e)

[ r ;r ] [ l ;l , l ] [ I ; t , l, l ]

d)

5 , 1] [3;7,1

h)

[ l; I ,l ,l,l ].

Find the simple continued fraction expansion not terminating with the partial quotient one, of each of the following rational numbers

il

6/s

d)

b) c)

22t7 t9/29

e) f)

slsss

-4311001 873/4867.

Find the convergentsof each of the continued fractions found in problem 2 . Let up denote the kth Fibonaccci number. Find the simple continued fraction, terminating with the partial quotient of one, of u1,-,1fup,where ft is a positive lnteger. 5. Show that if the simple continued fraction expressionof the rational number a , a . ) 1 , i s [ a 6 ; a t , . . . , a kthen l, the simple continued fraction expressionof l/a is l};a o,ar,...,a k'l. 6.

S h o w t h a t i f a e * 0, then

1O.3 InfiniteContinuedFractions

P*/p*-r

361

: I o o i a * - t ., - . , a 1 , a s l

and q* / q tr-r: I'au:ar-r,"',a2,a11, convergentsof the where Ck-r: p*-t/qrr-r and C* : pt lq*,k ) l,are successive : (Hint: a*P*-1 * pp-2 to relation the Use P* continued fraction la6;a1,...,an1 * I / ( p x t / p * ) . a r s h o wt h a t p t / p * - r : of the 7 . Show that q1,) u1, for k:1,2,... where c*: p*lqr is the kth convergent and all denotesthe kth Fibonacci number' simple continued fraction las;a1,...,an1

8 . Show that every rational number has exactly two finite simple continued fraction expansions. be the simple continued fraction expansion of rls where 9 . Let lao;ar,a2,...,a211 Show that this continued fraction is symmetric, i'e. I and r)l : o s : a 2 1 t a t a n - t d 2 : a n - 2 , . .i.f, a n d o n l y i f s l ( r 2 + t ) i f n i s o d d a n d s l ( r 2 - t ) i f n is even. (Hint: Use problem 6 and Theorem 10.10). (r,s):

10.

Explain how finite continued fractions for rational numbers, with both plus and minus signs allowed, can be generated from the division algorithm given in problem 14 of section1.2'

ll.

be real numbers with a r,o2,...positiveand let x be a positive Let as,ar,a2,...,ak real number. Show that Ias;a1,.'.,ar,l1 lao;a6--.,a1,*xl if k is odd and I a s ; a 1 , . . . , a t>1 [ a o ; a 1 , . ' . , o 1 r * xi f] t i s e v e n .

10.2 Computer Projects Write programs to do the following: l.

Find the simple continued fraction expansionof a rational number

2.

Find the convergentsof a finite simple continued fraction.

10.3 InfiniteContinuedFractions . Supposethat we have an infinite sequenceof positive integersQo,Qt,ay,... How can we define the infinite continued fraction Las,at,a2,...l? To make sense of infinite continued fractions, we need a result from mathematical analysis. We state the result below, and refer the reader to a mathematical analysisbook, such as Rudin lezl, for a proof. Theorem ll.l2. Let xs,x r,x2,... be a Sequenceof real numbers Such that xo ( x r ( x z ( . . . a n d x 7 , < u fo r k : 0 ,1 ,2 ,... for somereal number u, or x o 2 x r 2 x z 7 . . . a n d x t 2 L f o r k : 0 , 1 , 2 , . . . f o r s o m er e a l n u m b e rl .

362

D e c i ma l F ra cti ons and C onti nued Fracti ons

Then the terms of the sequencexu,xr,x2,... tend to a limit x, i.e. there exists a real number x such that

14to:"' Theorem 10'12 tells us that the terms of an infinite sequencetend to a limit in two specialsituations,when the terms of the sequence are increasingand all less than an upper bound, and when the terms of the sequenceare decreasing and all are greater than a lower bound. We can now define infinite continued fractions as limits of finite continued fractions, as the following theorem shows. Theorem 10.13. Let as,e1,ct2,...be an infinite sequenceof integers with ar,Qz,... positive, and let ck : lag;a1,a2,...,e1a1Then the convergents cp tend to a limit ot.i.e

J4to:"' Before proving Theorem l0.l 3 we note that the limit a described in the statement of the theorem is called the value of the infinite simple continued fraction [as;at,o2,...1. To prove Theorem 10.13, we will show that the infinite sequenceof evennumbered convergents is increasing and has an upper bound and that the infinite sequenceof odd-numbered convergentsis decreasingand has a lower bound. We then show that the limits of these two sequences,guaranteedto exist by Theorem 10.12,are in fact equal. W e now will p ro v eT h e o re m 1 0 .1 3 . Proof. Let m be an even positive integer. From Theorem 10.1l, we seethat

cr ) ct) cs ) ca1cz1cq1

)

C^-t

1C^,

and C2i 7 Czn+t whenever 2j 4 m and 2k + | <. m . By considering all possiblevaluesof m, we seethat

Cr ) Ct>. Cs) co(czlc+(

) C z n - t ) C zn+ , 1 Czn-z 1 C2n I

and czi ) Cz**t for all positive integers j and k. we see that the hypothesesof Theorem rc.12 are satisfied for each of the two sequences C 1, C3, C2, . . and . C s ,C z ,C 4 ,.... H e n c e , th e sequenceC 1,C 3,C 5,...tends to a

363

1O.3 lnfinite Continued Fractions

a2 ' i'e' limit d1 and the sequenceCs,C2,C4,"' tends to a limit : dr )i*c"*r and : o(2'

)*c"

Using Our goal is to show that these two limits a1 and oQ are equal' Corollary 10.2 we have (-l)(z'+tl-t : lzn*t - Pzn * zt n C z n +-r C n Qzn+t

Qzn

Qzn+lQz,

Qzn+lQzn

Since e* 2 k for all positive integers /c (see problem 7 of Section 10.2), we know that I ( z n + l )Qn) ezn+rQzn and hence Czn*t - Cz,

Qzn+tQzn

tends to zero, i.e. nlim

(C z ra 1- C 2 n ) : 0 .

s 1,C 3 ,C s ,...a n d C g ,C 2 ,C 4 ,...have the S amel i mi t, si nce H e n c e,t he s equenc eC

j*

(cr,*t - cz) :

,lg

Czn*t-

,lg

cz, : o.

Therefore ayr: aq, z11dwe conclude that all the convergentstend to the limit d : (rr : dz. This finishesthe proof of the theorem' D Previously, we showed that rational numbers have finite simple continued fractions. Next, we will show that the value of any infinite simple continued fraction is irrational. Th e o r em 10. 14. Le t o s ,,o 1 ,e 2 ,...b e i n te g e rs w i th a1,Q2,...posi ti ve. Then Ia o ;ar , , a2, . . . 1is ir r ati o n a l . Proof. Let a : las;at,ctz,...land let

364

DecimalFractionsand ContinuedFractions

Cr : pr/qp : [ a o ; at , . . . , a k l denote the /cth c o n v e r g e n t o af . W h e n n is positive a integer,Theorem 10.I I shows that C2, ( a ( C z r + t , s o t h a t 0 ( a - Czn I

Czn*t - Czo .

However, from Corollary 10.2, we know th a t I

Czn*t - C2n :

' 4zn+tQzn

this meansthat Pzn

0(a-Czn:a-

4zn

a Qzn+ tQzn

and therefore, we have 0 1 a q 2 , - p z n 1 l / qzr+ t . Assume that a is rational, so that ot : e /b where a and b are integerswith b + A. Then oaoQr" b

-pzn<

I Qzr+t

,

and by multiplying this inequality by b we seethat 01aq2n-bpzn Qz n + t

Note that aq2, - bpzn is an integer for all positive integersn. However, since Qz r + r ) 2n*I , th e re i s a n i n te g e r n s u ch that Qzn+ t> b, so that b/Qzr+t < I . This is a contradiction,sincethe integer aQzn- bprn cannot be between0 and I . We concludethat a is irrational. n We have demonstrated that every infinite simple continued fraction representsan irrational number. We will now show that every irrational number can be uniquely expressedby an infinite simple continuedfraction, by first constructing such a continued fraction, and then by showing that it is unique.

365

1O.3 Infinite Continued Fractions

and define the sequence Theorem f0.15. Let a: cvObe an irrational number Q0 ,Qt, Q 2, ' . . r eCuf s iv e l bYY Qk : lapl,

c r k + :l I / b t - a )

continued fo r k : 0, l, 2, . . . . Th e n a i s the value of the infinite, simple fra cti o n Lag;ar , az , - ..1 .

is an integer Proof. From the recursivedefinition given above, we see that ap that induction mathematical using show easily we can for every k. Further, : a is irrational' Next, if d0 that note first We k. every for a7, is irrational is also we assume that a1, is irrational, then we can easily see that a,p1' relation irrational, sincethe dk+r:l/(at-a*)

impliesthat (10.12)

otk:A**Ls

I qk+l

and if d;611were rational, then by Theorem10.1,a7. would also be rational' Now, since a7, is irrational andap is an integer,we know that 47, I at, and aplatlap*|,

so that 0(a1-ap<1.

Hence, a(k+t: 1l@* - ap) )

l,

and consequently, ak+r: [ar+rl )

1

fsr k : 0, I , 2, ... . This meansthat all the integers Note that by repeatedlyusing (tO.t2) we seethat

366

DecimalFractionsand ContinuedFractions

I

Q:

d0:

: [as;al ao* I ul l.

ao*

: Ia 6 ;a 1 ,a 2 l

at-fL a2

:

:

Qo*

I a g ; al , o z , . . . , c t k , a t r + l l .

at i az -f

I

*a1r*

otk+l

what we m ust n o w s h o w i s th a t th e v a l u e of l as;at,o2,...,ek,c,k+tends 1] to a as ft tends to infinity, i.e., as k grows without bound. From Theorem 10.9,we seethat a :

a*+tP* * pt+t

f a g ; a r , . . . , o k , a k + l l:

at+rT* * q*-r

where Cj : pi/qi is the 7th convergentof las;afl2,...1. Hence a-Cp

:

a * + rP r * p * -t

pt

dtc+tQ* *

q*-t

Q*

-(Prqrr-t

-

Prr-tQ*)

(ar+gr, * q*-)q* (-t)t (a r+ g * * q * r)qt

'

where we have used Theorem 10.10 to simplify the numerator on the righthand side of the secondequality. Since a * + rQ * * q t-r ) a t+ fl t * q* -r : we seethat

Qk+|,

367

1O.3 Infinite Continued Fractions

l o - c * L' *

QtrQx+t

note that l l q* qn* t tends Si n ce Q r , 2 k ( f r om p ro b l e m7 o f Se c ti o n 1 0 .2 ),w e k tends to infinity' or to zero as k tends to infinity. Hence, Cp tends to a as fraction phrased differently, the value of the infinite simple continued l a s ; a 1 , a 2 , . . . 1ai.s t r representsan To show that the infinite simple continued fraction that theorem. irrational number is unique, we prove the following Theorem 10.16. If the two infinite simple continued fractions las;at,a2,...1 bx for and lbo;br,bz,...l representsthe same irrational number, then ar: k :0,1,2,... Suppose that a: lag;at,a2,...1. Then, Proof. C t : a o * l / a t , T h e o r e m1 0 . 1 1t e l l su s t h a t ao 1a so that ao:

since

Ifa1,

1ag*

lc-l. Further, we note that [ a g ; a 1 , a 2 , .:" 1a o

since a : l a s ;ar,a2 ,...1:

1 ,a2 , ...,apl o l g l [a o i a I :lim(ao+, / <- :

do*

lim Ia1,o2,...,apl

/< --

:

aol

,)

l q 1 i a 2 , Q3 , . . . , a pI

--.

I

l O 1 i O2 , O3 , .. . I

Supposethat : l b o i br , b2 , . . . 1 . l a s ; a1 , a2 , . . . 1 Our remarks show that aO: bO: lol

Co : 4o

and

368

DecimalFractionsand ContinuedFractions

and that

a o *+ : b o

' Ib ,.bz,...l

"

Io 1;a2,...1

so that I a ; a 2 , . . . !: [ b t i b z , . . ..l N o w a s s u m et h a t a 1 r : b k , a n d t h a t l a p t l ; a 1 r a 2 , .:.[.b1n * r ; b t + 2 , . . . 1 . U s i n gt h e same argument, we see that apal : bpa1,o.1d,

I : bk-t+ ' a*+rl +' Lapa2io1ra3,...l lb**t;b*+t,..1 which implies that ['a p,z;a1ra3,... ] : lb 1ra2;b I . 1ra3,... Hence, by mathematicalinduction we see that a2 : b1, for k :0,1,2,... . D To find the simple continued fraction expansion of a real number, we use the algorithm given in Theorem 10.15. We illustrate this procedurewith the following example.

Example. Let a : G.

We find that t :G5:T

ao:lrfil:2,

"E+Z

ant,

I

Qt:r*r:2,

s.)__

: J6+2

(J6,*2 )-z '2' e z : [ J o + z l: q Since d3 :

w e S e et h a t a 3 :

q{

-

E

........:-:

ot, a4:

I

Qo+D-4

{e+z _ 2

e 2 , . . . , a n d s OOn

d1

Hence

^f6 : 12;2,4,2,4,2,4,...1. The simple continued fraction of -,.6' is periodic. We will discuss simple continued fractions in the next section. The convergents of the infinite simple continued fraction of an irrational number are good approximations to a. In fact, if p*/qt, is the 7th convergenr of this continued fraction, then, from the proof of Theorem 10.15, we know that

369

1O.3 InfiniteContinuedFractions

l"-polqol < llq*qx+t so that

lo - polqxl< tlq? , si n ceQt I

Q *+ r .

of the simple The next theorem and corollary show that the convergents to a, in the sense continued fraction of a are the best rational approximations with a denominator that prrlql is closer to a than any other rational number l e ssth an q1.

:1,2,"', be Theorem 10.17. Let a be an irrationalnumberand let n1le1,i r and s are If a' of the convergentsof the infinite simplecontinuedfraction integers with s ) 0 such that

lso-rl < lqo"-pol thens 7 qr*t. ( s I Assume that lso-r | < lqr,o-pnl, but that 1 considerthe simultaneousequations

proof.

q*+r.

We

Ptx*Pt+rl:r Qtx*Q*+t!:5. then By multiplying the first equation by Q* and the second by px, and subtracting the secondfrom the first' we find that (Pt +rqr-PxQt +)Y - tQk - sP* ' : (-l)fr, so that Pt Qt+l From Theorem 10.10,we know thar ppag* y : (-l)k (rq1,-sP). ppal and Similarly, multiplying the first equation by Qlray and the second by that then subtracting the first from the second,we find x : (-l)k(sppa;rQ*+). If x:0thensPt+t:r4k+t'Since and y#Q. Wenotethat x#O (px*t,qrr*) : l, Lemma 2.3 tells us that q*+tls, which implies that :0 , then r : pkx and s : Qkx' Qt+t ) s , c ont r ar y to o u r a s s u mp ti o n .If y so that

370

D e c i ma l F ra c ti ons and C onti nued Fracti ons

lso-rl : l" llqp-pr,l ) lqro-p*l, sinceIrl > l, contraryto our assumption. we will now showthat x and y haveopposite signs. First, supposethat y < 0 . S i n c eQ k x : s - Q t < + t l , w e k n o w t h a t x ) 0 , b e c a u s e { 1)x 0 and When / ) 0, since Qtc+r!2 q1ra1 Q* ) 0. ) s, we see Qkx: s - Q*+r! ( 0,sothatx ( 0.

that

F r om T heor em l 0 .l l , w e k n o w th a t e i th e r P t/qt ( a ( p* + r/qx+ t or that Pt+t/q*+r ( a ( Pr/q1r. In either case. we easily see that Qtea- pt, and Qr+p - p*+r have oppositesigns.

From the simultaneous equations we startedwith, we seethat lso-r | : lQorIql,lp)a - (po*+p**t)l : lx(qp-pr) + yQ1,ap-p;-;it combining the conclusionsof the previoustwo paragraphs, we see that x(qpa-pr) and!(Q*+p-p,t*r) havethe samesign,so that

lso-rl : l{ llqoo-pol + lyllq**p-pr,+rl 2 lxllqoo-pnl ) lqto-pr,l, sincel*l>t.

This contradicts our assumption.

We haveshownthat our assumptionis false,and consequently, the proof is complete.tr Corollary 10.3. Let q b e a n i r r a t i o n a ln u m b e r a n d l e t p i / q i , j : 1 , 2 , . . . be the convergentsof the infinite simple continued fraction-of *. lf r/s is a rational number, where r and .r are integerswith s ) 0, such that

lo-r/tl < l"-p*/qol , th e n s ) q*. Proof. Suppose that s ( qt and that

lo-r/sl < l"-pr,lqr,l.

1 O.3 Inf init e Cont in u e d F ra c ti o n s

371

that By multiplying thesetwo inequalities,we find

sla-r lsl < qol"-Polqol so that lsa-tl < lqod-Pxl , violating the conclusionof Theorem l0'17' tr is 7( of fraction continued simple The Example. i n p a t t e r n d i s c e r n i b l e n o i s o : l i ; j , 1 5 , 1 , 2 9 2 , 1 , 1 , 1 , 2 , 1 , j , . . . 1 .N o t e t h a t t h e r e fraction continued this of the sequenceof partial quotients. The convergents 22/7' 3331106' are the best rational approximationsto r. The first five are 3, that 2217 i s 10.3 C orol l ary 3 3 5 1 113,and 1039 9 3 /3 3 1 0 2 .We c o n c l u d efro m 106, that than less the best rational approximation of t with denominator less than denominator with zr 31.5lll3 is the besi rational approximation of 3 3 1 0 2 .a n d s o o n . Fi n ally , we conclude this section with a result that shows that any be a sufficiently close rational approximation to an irrational number must number. of this expansion fraction continued simple infinite the convergentof Theorem 10.18. lf a is an irrational number and if r ls is a rational number in lowestterms, where r and s are integerswith s ) 0, such that lo-r/sl < t/2s2, then r/s is a convergentof the simple continued fraction expansionof a. proof. Assume that r/s is not a convergent of the simple continued fraction expansion of a. Then, there are successiveconvergentspxlqx and ppallqp*t su ch t hat Q n 4 s I Qrr+ t F ro m T h e o re m 1 0 .1 7,w e seethat

lqoo-pol< It ".-rl: slq-r/sl < t/zs' Dividing by qr we obtain l o -p o l q o l < 1l 2 s q * . Since we know that \tpo-rqol > t (we know that sP*-rQr is a nonzero integer sincer ls #pplqr), it follows that

372

DecimalFractionsand Continued Fractions

-x

|

sQ*

lspt-rq*l

-

': lor tl sl ,

sQ*

lqo ll

I

qrl

.l*l 2tq*

F:l

2s2

(where we have used the triangle inequality to obtain the second inequality above). Hence, we seeth a t t/2sqp I

t/2s2

Consequently, Zsqp ) 2s2, which implies that q1, ) s, contradicting the assumption. tr

10.3 Problems L

2'

Find the simple continued fractions of the following real numbers

a)

,rf2

b)

^f3

c) d)

-,/i r+.6

.

Find the first five partial quotients of the simple continued fractions of the following real numbers

a) b)

1/, 2r

c) d)

(e-l)/(e+l) (e 2 -t)/(e 2 + D .

Find the best rational approximation to zr with a denominator less than 10000. The infinite simple continued fraction expansionof the number e is

e : l 2 ; 1 , 2 , 1 , 1l , 1 4 , 61, ,1 , g , . . . 1 . a)

the first eight convergents of the continuedfractionof e

1 O.3 I nf init e Cont in u e d F ra c ti o n s

b)

373

less than Find the best rational approximation to e having a denominator 100.

expansion 5 . Let d be an irrational number with simple continued fraction -ot is Show that the simple continued fraction of o : loo;ot,a2,...f at: 1' a n d I [ a s l ; a 2 l l d v " ' l i f a 1 2 [-as-l;1,a,-l,as,a3,...lif simple 6 . Show that if p*lqx and,p1,a/q1a1 2f€ consecutive convergents of the continued fraction of an irrational number a, then

l o - p r/q rl < tl z q o '

( l /2 q l a. l o - p o * r/q o * ,1 ( Hint : F ir s t s h o wth a t l o - p r* r/q * * ,1+ l o - pol qol- l po* r/q& +- r pr,/qtl : l/q*q**t using CorollarY 10.2.) 7.

Let a be an irrational number , a ) I . Show that the kth convergent of the simple continued fraction of l/a is the reciprocal of the (k-t)th convergent of the simple continued fraction of a .

8 . Let a be an igational number, and let pllei denote the jth convergent of the simple continued fraction expansion of a. Show that at least one of any three consecutiveconvergentssatisfiesthe inequality

la- pileil < t/G/-sqil. Conclude that there are infinitely many rational numbers plq, where p and q are integers with q # O, such that

l''- plql
9 . Show that if a - (l +lf9/2,

lo-plql
or..6.) 10. If a and B are two real numbers, we say that p is equivalent to a if there are integersa,b,c, andd ,such that ad - bc : il and 0 : # a)

Show that a real number a is equivalent to itself.

b)

Show that if a and p are real numbers with p equivalent to a , then a is Hence, we can say that two numbers a and B are equivalent to B equivalent.

3 74

II'

Decimal Fractions and Continued Fractions

c)

Show that if a,S, and l, are real numbers such that a and B are equivalent and B and l, are equivalent, then a and l, are equivalent.

d)

Show that any two rational numbers are equivalent.

e)

Show that two irrational numbers a and p are equivalent if and only if the tails of their simple continued fractions agree, i.e. : a I a g ; a 1 , a 2 , . . . , a i , c 1 , c 2 , c 3a, n . .d. 1 g : [ b o : b 1 , b 2 , . . . , b 1 r , c 1 , c 2 , c a , . . . 1 . where ai,t:0,1,2,...j, b1,i:0,1,2,...,k and c;, j : 1,2,3,...are intejers, all positive except perhaps as and bs .

Let a be an irrational number, and let the simple continued fraction expansion of a be a : Ias;aba2,.-.1. Let p*/q* denote, as usual, the &th convergent of this continued fraction. We define the pseudoconvergnts of this continued fraction to be P*t/q*., :

(tP*-r + pr-)/QQ*t

* Q*-z),

where k is a positive integer, k > 2, and t is an integer with 0 < r I

at, .

a)

Show that each pseudoconvergentis in lowest terms

b)

Show that the sequenceof rational numbers pt pk,o,-,/Qk,a,_,, p*/e* ,z/q*,2,..., is increasing if k is even, and decreasingif ft is odd

c)

Show that if r and r are integers with s ) 0 such that

lo-rlsl

( l" -p*.,/q*.,|

w h e r e k i s a p o s i t i v ei n t e g e r a n d 0 < r rfs : p*_t/q*_r. d)

1ak, then slqt ,, or

Find the pseudoconvergents of the simple continued fraction of zr for k -2.

10.3 Computer Projects Write programs to do the following: l.

2.

Find the simple continued fraction of a real number. the best rational approximationsto an irrational number.

10.4 Periodic Continued Fractions We call the infinite simple continued fraction [as;at,az,...lperiodic if there are positive integers N and k such that an : ara1, for all positive integers n with n > N. We use the notation

375

1O.4 PeriodicContinuedFractions

lag;at,o2,...,oN-r,m to expressthe periodicinfinitesimplecontinuedfraction I a o : a l , a 2 , . . . , QN - l , a N r QN + 1 ," ' , a N + k - 1 ' 4 1 y ' 4 1 y1 1 '" ' l '

For instance, tt;Z,lAl I I ;2,3,4,3,4,3,4,...1.

denotes the infinite simple continued fraction

In Section 10.1, we showed that the base b expansion of a number is periodic if and only if the number is rational. To characterizethose irrational numbers with periodic infinite simple continued fractions, we need the following definition. Definition. The real number a is said to be a quadratic irrational if a is irrational and if a is a root of a quadratic polynomial with integer coefficients, i .e . Aa2+Ba*C:0, where A,B, and C are integers. Example. Let a :2 * ,/7. Then a is irrational, for if a were rational, then .,,6 w o u l d b e ra ti o n a l ,contradi cti ngTheorem 10.2. b y Th eor em 10. 1,a -2 Next, note that a2 - 4a t | : (7+4,fi

- 4Q+,/t

* I : o.

Hence a is a quadratic irrational. We will show that the infinite simple continued fraction of an irrational number is periodic if and only if this number is a quadratic irrational. Before we do this, we first developsome useful results about quadratic irrationals. Lemma 10.f . The real number a is a quadratic irrational if and only if there are integers a,b, and c with , > 0 and c 10, such t"hatb is not a perfect square and

: : (a+Jt) lc. Proof. If a is a quadratic irrational, then a is irrational, and there are From the quadrati c i n te g er s A , B , and C s u c h th a t A a z + Ba t C :0. formula. we know that

376

DecimafFractionsand ContinuedFractions

-B*GQAC (I:-

2A Since a is a real number, we have 82 - 4AC ) 0, and since a is irrational, 82 - 4AC is a perfect square and A r^0. By either -r^: -not taking e: -B,b: 82 - 4AC, c :24 o, o: b, b : g2 _ 4;t, _ZU, wO have our desired representationof a. Conversely,if

'r" wherea,b, andc areinte*.r-,;;

,ti"i:O,

and6 nota perrect square,

then by Theorems 10.1 and 10.2, we can easily see that a is irrational. Further, we note that co2-2aca+(a2-b2):0. so that c is a quadratic irrational. tr The following lemma will be used when we show that periodic simple continued fractions representquadratic irrationals. Lemma 10.2. If a is a quadratic irrational and if r,s ,t, and u are integers, then (ra*s)/(to*u) is either rational or a quadratic irrational. Proof. From Lemma 10.1, there are integersa,b, and,c with b > 0. c # 0. and b not a perfect square such that

a:

(a+Jb)/c.

fur*cl)+rJb (at rcu) +t Jt I Gr + cil + r JF lI ht + cil -t.'.6 | IGt *cu) +t .,/blt(at +cu)-t ./n I lGr *cs\ (at*cu) -rtblt[r (attcD -t Gr *cl)l../T (at *cu)2-t2b

377

1 O.4 P er iodic Cont i n u e d F ra c ti o n s

i s a q u a drati ci rrati onal ' unl essthe H e n ce ,f r om Lem m a l 0 .l (ra * s )/Qa + d rational' tr G is zero, which would imply that this number is ;;;d;i";, "t fractions of quadratic In our subsequentdiscussionsof simple continued irrational' quadratic irrationals we *iil use the notion of the conjugateof a -- (a+JD lc be a quadratic irrational' Then the coniugate Definition. Let a : (a -J b )l c ' o f a , denot edby o' , i s d e fi n e db y a ' the polynomial Lemma 10.3. If the quadratic irrational d. is a root of the conjugate a', is Axz + Bx * C : 0, then the other root of this polynomial of a. Proof. From the quadratic formula, we see that Axz+Bx*C:0are

the two

roots of

_B*[EW ZA of If a is one of these roots, then a' is the other root, because the sign is reversedto obtain a' from a. tr tr4AC The following lemma tells us how to find the conjugates of arithmetic expressionsinvolvingquadratic irrationals' L e mma 10. 4. I f a' : (a ftb ffd )/c 1 irrationals,then (i)

(a1+a2)' -- al t

(ii)

(a;c.2)'

a n d ,,2 : (a2* bzJd)f cz are quadrati c

a'2

: o| - d'2 : d'td2

(iii)

(ap)'

(iv)

(c"rlc.)':

a't/o.z.

parts are easier. The proof of (iv) will be given here; the proofs of the other reader' the problems for as section this of These appear at the end Proof

of

(iv).

Note that

378

D e c i m a l F ra cti ons and C onti nued Fracti ons

G ftbr.'./Z) /r,

t

".'

v l l q )

Gr+bz,/cl)/cz _ cr(a ,+b r/7) G 2-.bz,/T) lb2)''/7

: ,, While , - t--, " "

.^lrsl---7

G;brE)/cz (or-brrE) /cz cz(arbtQ)Gr+br,/V)

_

c {a 2- b 2,/7 ) (a z+ b 2,/7 ) k z a p z -c z b ftz d ) - (czazbrczaft)fi

Hence (at/a)' : or'r/a'2. D The fundamental result about periodic simple continued fractions is Lagrange's Theorem. (Note that this theorem is different than Lagrange,s theorem on polynomial congruncesdiscussedin Chapter 8. In this chapter we do not refer to that result.) Lagrange'sTheorem. The infinite simple continued fraction of an irrational number is periodic if and only if this number is a quadratic irrational. We first prove that a periodic continued fraction represents a quadratic irrational. The converse,that the simple continued fraition of a quadratic irrational is periodic, will be proved after a special algorithm for obtaining the continued fraction of a quadratic irrational is developed. Proof. Let the simple continued fraction of a be periodic, so that a : la g;at,,e2,..,,a N -r,ffi| Now let 0 : la1s;aN+r,...,41r+ft l Then

379

1 O.4 P er iodic G on ti n u e d F ra c ti o n s

g : lal;aN*I,...,4N **,01, and from Theorem 10.9,it follows that (10.13)

^ t) -

1 P * tP* -t oq*tq*-r'

Since the where p*lq* and p1r-r/Q1r-1ata convergentsof Ia11;av"1'"''oru+kl' (tO't3) we from and simple continued f.u.tlon of p is infinite, B is irrational, have

qr,02t Qr,-r-P)0 - P*-r : a' so that p is a quadratic irrational. Now note that a : l a g ;a1 ,Q 2 ,...,Q N -r, 01, so that from Theorem 10'9 we have

'a;;:fr; ' 0pr,r-ftPN-z

Since B where pN-t/qN-1 and pr,t-zlqN-2uteconvergentsof [ao;a t.a2'"''o7'1-11' quadratic a is also a that us tells 10.2 Lemma is a q*Oruii. irrational, irrational (we know that at is irrational because it has an infinite simple continuedfraction exPansion). D To develop an algorithm for finding the simple continued fraction of a quadratic irrational, we need the following lemma' Lemma 10.5. If a is a quadratic irrational, then d. can be written as

: @+,/V)/Q, w h e r eP , Q , a n d d a r e i n t e g e f s , Q* O , d QIQ-P2) .

> O , d i s n o t a p e r f e c ts q u a r ea, n d

Proof. Since a is a quadratic irrational, Lemma 10.1 tells us that

, : (a+Jb)lc, where a,b, and c are integers, b > 0 , and c # 0 . We multiply both the numerator and denominator of this expressionfor q by Itl to obtain

380

DecimalFractionsand Continued Fractions

a.-

(wherewe haveusedthe fact that lrl: -,tr\. Now let p : alcl, clcl, e: a n dd : b c 2 . T h e np , e , a n dd a r e i n t e g e r s , l 0 s i n c e, 7 0 , d e >O (since6 > 0), d is not iperfect sinceb is not a perfectsquare,and f i n a l l ye l @ - p \ s i n c ed - p 2 : 6 r z 'lQuare oirz :;rbjoif:;T'(ilorl. n We now presentan algorithmfor findingthe sample continuedfractionsof quadraticirrationals. Theorem 10.19. Let a be a quadratic irrational, so that by Lemma 10.5there are integers Ps,Qs, and d such that

@o+,/7)/Qo , whereQ0*0,d > 0, d is not a perfectsquare, and eel @-p&). define

Recursively

dk:(ro+,/7)/Qr, C tk: [a 1 ], Pk+r:atQt-Pk, Q**r : (d-roL*t)/Q*, for k : 0,1,2,... Thena : fag;at,a2,...1. Proof. using mathematical induction, we will show that pk and e* are i n t e g e r sw i t h Q 1 ,* 0 a n d e * l @ - r p , for k:0,r,2,.... F i r s t ,n o t e t h a t t h i s assertion is true for k : 0 from the hypothesesof the theorem. Now assume that P1 and Qp are integerswith e* * 0 and e*l@_p?i. Then Pk+r:

a*Qt - Pp

is also an integer. Further,

Q*+r: @-rf *r11qo : [d-(o*Q,,-pr)2]/e* : @-rfi/Qo + (2a1,P1,-a?er). Since Qrl@-pil, by the induction hyporhesis,we see that Qpal is an integer, and since d is not a perfect square, we see that d I Pi, so that t o . Since Q*+t : @-rf*;/Qo

Q* : U-rf*1/Qo*t

381

1O.4 PeriodicContinuedFractions

we can concludethat Q1,ql@-pt*t)

. This finishesthe inductive argument.

To demonstratethat the integerses,a1,a2,...are the partial quotientsof the simple continuedfraction of a', we use Theorem 10.15. If we can show that o ( k + t:

llbr-ap),

t he n w e k n o w th a t a : fa s ;a 1 ,a 2,...1.N ote that

fork:

ap-ak:

Pk + ,/7

-ap

Af

: l^/7 - G*Qr,- P)llQ* : G/7 - pt +) lQ*

: G/V- P**')(JV+ P*+)/er,G/T+ P**r) : @-rl*)/Q*QI + Pr*r) : Q*Qr,n/Qr,G/7+ Pt*,) : Q**r/('/i + Pr,*) : lla*+r , where we have used the definingrelation for Qp* to replaced-Ppzar with that a : las;a1,e2,...f . D QtQ**r. Hence,we canconclude We illustratethe use of the algorithmgiven in Theorem10.19with the followingexample. Example. Let a : Q+J1)/2 . Using Lemma 10.5,we write

: G+.,/N)/4 wh e r e we s et P o : 6 , Q.o : 4 , a n d d : 2 8 . H e n ceoo: 2'4-6:2, (28-22)/4:6,

a1

Qr

: :

P2

:

l'6-2:4,

ot2

Og-+2)/o:2,

A2

Pr

Qz :

O1

[a] : 2, and

Q + ..E)/e, : r, IQ+,/z$/61 G+,,/Tg/2,

t

382

Decimal Fractions and Continued Fractions

P3 Qt :

4'2-!:4, Qg-+2)/2:6

d3 : o3 :

e+.,m)/6, tG+6>Jil:r,

P4 Qq

: -

l'6-4:2, (28-22)/6:4,

d4 a4

: :

e+rFZ$/q, t7+.'-z$/il:

Ps Qs

-

l'4-2:2, Q8-22)/4:6,

a5 a5

: :

e+r/-Z$/6, t ( z + , , / N ) / 6 :1 l ,

andso,with repetition, sincepr:

t,

p5 and

er: es. Hence,we seethat : G + . n ) / 2 I 2 ; 1 , 4 , 1 , 1 , r , 41,,r. ,.I . : I2;1,4,1,11.

We now finish the proof of Lagrange'sTheoremby showingthat the simple continuedfractionexpansion of a quadraticirrationalis periodic. Proof (continued). Let a be a quadraticirrational,so that by Lemma 10.5 we can write a as o : (po + .,8) /eo . Furthermore, by Theorem10.19we haveo: dk ap Pwr Q*r

: : : :

lao;ar,ez,...l where

(r1, + ,,/7)/Q* , [apl, atQ*-Pk*t, Q -rf *1 /Qo*r,

fork: Since a

: Ias;a' "")'lrl,o; ]:ffi _ll;l Ijl "_

that * q*-).

Taking conjugates of both sides of this equation, and using Lemma 10.4, see that

(ro.r+)

o' : (pr,-p'* * p*-) /(qt,-p'n * q * - ) .

When we solve (tO.t4) for ol1,, ws find that

383

1O.4 Periodic Continued Fractions

,

dk:

( - P*-zI -ex-,l" tr- | qk^ t ,

p*t t

,*t l to a as k tends to Note that the convergents p*-z/Q1r-2 and p*-rlqrr-t tend infinity, so that

| , - P*-z la. Q*-z I

t fr' -

P*-t

I

Q*-t

Since tends to 1. Hence, there is an integer N such that a ' * 1 0 f o r k > N . o ' t > - 0 for k > l, we have Pp

otk-Otk :

+ Jd Q*

Po-Jd Q*

Zfi r0. Qr

sothatQ*> 0fork>N. SinceQ*Qrr*,- d - P?*r, we seethat for k 2 ly', 0t ( Q*Q**r-- d P?*t < d . Alsofork>N,wehave Pl*, (d:

Pl*t-Q*Qx*r,

sothat - ,/7 I P*+r < -,/7. - -,[d < P*+r <-r/7, that hold for From the inequalities 0 ( 0r ( d and k > N , we see that there are only a finite number of possiblevalues for the pair of integers Px,Qx for k > N . Since there are infinitely many integers k with k > N,therearetwointegersi andT suchthatPi:Pi andQi:Qi : with i < j . Hence, from the defining relation for cu;., we see that o(i di

Hence conseque "t'*:;:;,";:"',i: ,-,,i:"',oi,*,'lo,ol,.;:,,':,.:,: i:i-,,, :

I a g ; al , o 2 , . . . , a i - 1 , Q i i,+o 1 , . . . ,ia- t l .

This shows that a has a periodic simple continued fraction.

D

384

DecimalFractionsand ContinuedFractions

Next, we investigate those periodic simple continued fractions that are purely periodic, i.e. those without a pre_period. Definition. The continued fraction [as;at,ez,...f is called purely periodic if t h e r ei s a n i n t e g e rn s u c h t h a t a 1 r : e n t k , f o r k : 0 , 1 , 2 , . . . , s ot h a t

lag;at,az,...l:Iffi. Example' The continued fraction tl;jl: [2;2,41: JA is not.

(t+.1:) /2 is purely periodic while

The next definition and theorem describe those quadratic irrationals with purely periodic simple continued fractions. Definition. A quadratic irrational at if called reduced if -l ( a' ( 0, w h e rea ' i s th e c o n j u g a teo f a .

a )

I

and

Theorem 10.20. The simple continuedfraction of the quadratic irrational a is purely periodic iI-and only if a is reduced. Further, if a is reduced and a: l,as;at,e2,...,enl then the continuedfraction of - l/oi i, to;o,,_ffi Proof. First, assume that a is a reduced quadratic irrational. Recall from Theorem 10.15 that the partial fractions of the simple continuedfraction of a are given by ek :

fork:

where ato: d

lapl, otk+t :

l/@tr-o*),

We see that l/qt+t:ek-ak,

and taking conjugates,using Lemma 10.4, we see that

(ro. rs)

l/a'*+t:

c , ' k- a 1 r .

we can prove, by mathematical induction, that - I ( a1 ( 0 for k:0,1,2,.... F i r s t , n o t e t h a t s i n c e c . 0 : a i s r e d u c e d ,- l l a o < 0 . N o w a ssum et hat - r 1 a ' 1 ,< 0 . T h e n , s i n c ea * 2 1 for k :0,1,2,-... (note that a o 2 I s i n c ea > 1 ) , w e s e ef r o m ( t O . t 5 ) t h a t l / o t t+ r < - 1 , so that -l

1 a'k+t < 0 . Hence, -l

< a) 10

for /c :

38s

1 O.4 P er iodic Conti n u e d F ra c ti o n s

Next. note that from ( t o . t 5 ) w e h a v e d'k:a**lla'*+t and since -l

1 a'* < 0 , it follows that -l 1a**lfa'1ra1

t

<0.

Consequently, -l

-

l / a ' * + t 1 ax 1 -lf

a'rr+r,,

so that ek:

[ - 1 / o r * r ].

Since a is a quadratic irrational, the proof of Lagrange's Theorem shows that there u.. nonn.gative integers i and i' i,< 7, such that ai 7-oi, and hence i l a n O oji--l t : I - t / a , | j t ,, w e s e e t h a t Since ai-t:l-t/ai with - 1 / u ' ; : - l / a j . oi-l

:

ej-'..

Furthermore, since oti-t:

ai-t I

llai

and , dj-:

:

oj-t + llai

we a l s o s e e t h a t a i - 1 : o di-z

: o(j-z)ai-3:

i-rContinuingthisargument'w€seethat aj-30..', and finally, that ag : aj-i ' Since d0 :

a :

Iag;a1,...,oi-i-t,ai-il

:

la o;a 1,...,ei -i -1,041

:loo.gr,Gl, we see that the simple continued fraction of a is purely periodic. To prove the converse,assumethat a is a quadratic irrational with a purely periodiccontinuedfractiono:|ffio|.Sincea:|ag;a1,Q2,,...,a2,ot|, Theorem 10.9 tells that ( 10 . 16 )

aP* * P*-t

a:ffi,

and kth convergentsof the where pr,_tlq*_r and p1rlq1, 3;fe the (k-l)th (tO.t6), we seethat From . of a expansion fraction continued (1 0 .17) Pt-r : 0. e r,a 2* (q * -rP )o Now, let p be the quadratic irrational such t h a t g : l a t i a t c - l , . . . , a t , a o ,l i . e . with the period of the simple continued fraction for a reversed. Then that 0 : lo*iek - r , . . . , at,a o ,Al ,s o th a t b y T h e o re m 10.9, it follows

386

DecimalFractionsand ContinuedFractions

(ro.rs)

D

opi + pi-,

P--._-

Fqr * q*-r

where pi-t/qL and pr,/q* are the (ft-l)th and kth convergents of the continued fraction expansionof . Note, however, B from probremi of section 1 0. 2.t hat Pt /p1r-1: lanian-1,...,et,eol: pi/qi a nd Qt/q2-1 : farion-r,...,a2,e l! : pL

/qi_t.

Since pi-t /qi-, pi/qi are convergents,we know that they are in lowest ?d terms' Also, P*/pp-, and qp/q1-1 ilre in lowest terms, since Theorem 10.10 tells us that ppqp-r - p*-rQk : (-t)e-t . Hence, pi - p*, Qt : pk-r and Pk -t - 4 t< ,Q t< -t: ek-t. Inserting thesevaluesinto (l0.lg). we see that

p,:

0p* * qr 1p*-r * qrt

Therefore, we know that Pr$2*(q*t-pr)|-Q*:o

This impliesthat

(ro.rq)

er,Gt/ilz * (q*-r- pt) Gtlp) - pk_t:

From(to.tz)and (1 0 .1 9 ),w e s e eth a t th e tw o r ootsof the quadratic equation 4 * x 2 * (q * -r - p )x

- p* -t : 0

are a and -1/0, so that by the quadratic equation, we have a : -t/8. Since 0 : l a n i a n - t , . . . , a t , a o lw, e s e e t h a t p > I , s o t h a t - l < s 7 ' : - l / p < 0 . Hence, a is a reduced quadratic irrational. Furthermore, note that since fi :

-l/ot,. it follows that

387

10.4 PeriodicContinuedFractions

tr

-l/o':ffiol'

fraction of '/D , We now find the form of the periodic simple continued Although \6 is not where D is a positive integer that is not a perfect square' -l -,/D and 0, the quadratic is not between reduced, since its conjug-ate

.6-ii

r.*,o*r"i6-t;

l,/Dl - '[5 ' doeslie r.duced,sinceits conjugate,

that the between-1 and 0. Therefore,from Theorem 10.20, we know initialpartial the continuedfractionor [.lill +.,/D is purely periodic. Since is quotient of the simple continued fraction of tJD | + "/D w h e r ea o : I . . / D l ' w e c a nw r i t e if faf + ,/Dl:21,/Dl:2a0,

I,/DI+-,/D:tml-

: I 2 ao ; at , Q2 , . . . ,na, 2 Qg , al , . . . , Q rl'

Subtracting ao : ,/6

from both sidesof this equality, we find that ./ D : l a g ;a3 a 2 ,...,2 a g 1 0,...1 ,a2 ,...2a ,,a

:log;orro'zmol. To obtain even more information about the partial quotients of the continued fraction of ,/D, we note that from Theorem 10.20, the simple be obtained from that continued fraction expansionof -l /$'IDl "/D) can period, that so ..lD the reversing by + for t.,6l ,

r/G/D-t.D1):tffi. But also note that

-t-6-l:lo;orprGol,

6

so that by taking reciprocals,we find that

| / G/D - t.D-l) - tor;orGrl

-

for the simple continued Therefore,when we equatethese two expressions we obtain t.D]) , fractionof llG/D Al:

QnrQ2:

Cln-ys...;On: Ol,

so that the periodic part of the continued fraction for ..lD is symmetricfrom the first to the penultimate term. In conclusion, we see that the simple continued fraction of 16

..ld:loo;ffi.

has the form

388

Decimal Fractions and Continued Fractions

We illustrate this with some examples. Example. Note that

8-

[ 4 ; l, 3 , 1, 8 ]

.16l

ts,ffii.rol

,,/Te :

,Fqe -

1 6 ;,l 2 , 1, 1 , 2 , 6 , 2, l, ,12 , 1, l 2 l [ 8 ; 1 , 2l ,,I , 5 , 4 , 1 5 , 1 , 2 ,I16 ,l

-,/ri:

tq;ml,

and

where each continued fraction has a pre-period of rength l and a period ending with twice the first partial quotient which is symmetric from the first to the next to the last term. The simple continued fraction expansionsof ,E fo, positive integers d such that d is not a perfect square and d < 100 can be found in Table 5 of the Appendix.

10.4 Problems l.

Find the simplecontinuedfractionsof a)

Jt

b) c)

d)

,/41

Jr r Jzt

e) r)

6 ,/-gq.

2 . Find the simple continued fractions of

il

o+,fi /z

b) Qq+,81)lt c) (tt-.E)t. 3 . Find the quadratic irrational with simple continued fraction expansion

il [z;t,5] b) tz;rSI c) t2JJI. 4.

il

Letd

,,/N

beapositive

isla:Tdl.

Show that the simple continued fraction of

389

1 O.4 P er iodic Cont i n u e d F ra c ti o n s

fractionsoi tffit't'fZgg' and b) Uggrrt (a) to find the simplecontinued J22r0. 5.

Let d be a integer,d 2 2' a)

Show that the simple continued fraction of ,/F

b)

show that the simple continued fraction of JFd

c)

Ugparts

is [d-l ;@l' is [d- t;zla-zl.

(a) and (b) to find the simple continued fractions of rfg9' tffg'

,lnz. and..G60' 6.

a)

of Shory lhat if d ,l un int"g.t, d > 3 , then the simple continued fraction

,tm b)

of Show that if d is a positive integer, then the simple continued fraction

'/fu. c) 7.

i s[ d - 1 ' l H , l 2 d - 2 1 .

rsld;c$71. -l,ft-gt , anO

Find the simple continued fraction expansionsof ,/6,.6f

Let d be an odd positive integer' a)

that

Show

the

simple

continued

fraction

of

JF+

continued

fraction

of

J d2-q

is

ld;ffil,ird>l' b)

that

Show

thr __qgple

la-lM,zd-zi,\f

d>3.

, where d is a positive integer, : a is a nonnegativeinteger. *here a2+l has period length one if and only if d

8 . Show that the simple continued fraction of Ji

, where d is a positive integer, : where a and b are integers, + b a2 if d only if and has period length two . b l \ a > a n d l , b

9 . Show that the simple continued fraction of Jd

6,1: (ar+brJrl)lct

10. prove that if

and a2-- (a2*urJd)/c,

^re quadratic

irrationals, then a)

(a1*42)'

:

c , ' t*

o''2

b)

(a1-a2)'

:

d'r -

d2

c)

(c''c.z)'

:

ot't'or2.

1 1 . Which of the following quadratic irrationals have purely periodic continued fractions

a) b)

l+.6 2 + ,/-B

c) 4+',m

c) d) e)

(tt - ,/-toltg e + ,f?l)/z (tz + -'.ft-g)l:t

12. Supposethat a : G+JF)/c, where 4,b, and c are integers,b ) 0, and b is noi u perfecl square. Show that is a reduced quatratic irrational if and only if <JU andJb-a 1c 1'Jb *a 12Jb ola

390

DecimalFractionsand ContinuedFractions

13. Show that if ir-u reduced quadratic jrrational, then _ l/a, is also a reduced 1 quadratic irrational. 14'

Let k be a positive integer. Show that there are infinitely mgy positive integers D, such that the simple continued fraction expansion of ,/6 h., , period of length k. (Hint: Let at:2, e2:5, and for k > 3 let a1,:2ak_t I a*_z Show that if p : (tar + l)2 * 2a1,-1* r, where / is a nonnegativeinteger, then rD has a period of length k + l.)

15' Let k be a iF:r. Let Dk - (3k+t)2 + 3 lgsitiu: continued fraction of JOp has a period of length 6ft.

Show that the simple

10.4 Computer Projects Write computer programs to do the following: 1'

Find the quadratic irrational that is the value of a periodic simple continued fraction.

2'

Find the periodic simple continued fraction expansionof a quadratic irrational.

11 some NonlinearDiophantine Equations

11.1 PythagoreanTriPles The Pythagoreantheorem tells us that the sum of the squaresof the lengths of the legs of a right triangle equals the square of the length of the hypothenrur.. Conversely, any triangle for which the sum of the squares of the lengths of the two shortest sides equals the square of the third side is a right triangle. Consequently,to find all right triangles with integral side lengths, we need to find all triples of positive integ ers x ,y ,z satisfying the diophantine equation

(rr.t) positive Triples of Pythagorean triPles.

x2+!2:22

integers

satisfying

this

equation

are

called

Example. The triples 3,4,5; 6,8,10; and 5,12,,13are Pythagorean triples b e ca us e32 + 42 : 5 ' .6 2 + 8 2 : 1 0 2 ,a n d 5 2 + 1 22: 132. Unlike most nonlinear diophantine equations, it is possible to explicitly Before developing the result describe all the integral solutions of (ll.l). definition. we a need triples, Pythagorean all describing : l. Definition. A Pythagoreantriple x,!,2 is calledprimitive if (x,y,z) Example. The Pythagoreantriptes 3,4,5 and 5,I2,I3 are primitive' whereas 391

392

S o m e N onl i near D i ophanti ne E quati ons

the Pythagoreantriple 6,g,10 is not. Let x,!,2 be a pythagorean triple with (x,y,z) : d . Then, there are " i -r' r,,r1,21): int eger s x r , t,z r w i th x : d x i ,y : d yt,, J i r, l. Furthermore, because ""A x2+y2:22, we have G/d)2+(y/il2:(z/d)2, s o t hat

x?+y?:r?. Hence, xt,!t,21 is a primitive pythagoreantriple, and the original triple x,!,2 is simply an integral multiple of this primitive pytgagoreantriple. Also, note that any integral multiple of a primitive (or for that matter any) Pythagoreantriple is again a pythagorean triple. If x1 ])t,zt is a primitive Pythagoreantriple, then we have

x?+ y?: r?,, and hence. @x)2+(dyr)r:(dz)2, so that dx 1,dy1,dz1 is a Pythagoreantriple. Consequently, all Pythagorean triples can be found by forming integral multiples of primitive Pythagorean triples. To find all primitive pythago*un triples, we need some lemmata. The first lemma tells us that any two integers of a primitive Pythagoreantriple are relatively prime. Lemma 11.1. If x,!,z is G,y) : (x ,z) : (y,z) : l.

a

primitive

Pythagorean

triple,

then

Proof. suppose x ,! ,z is a primitive pythagorean triple and (x ,y) > l. Then, ther e is a pr im e p s u c h th a ,tp ^ l (x y ), s o th at p I x andp y. S i ncep x I I a n d p l . - y ,* . k n o w t h a t p | ( r ' + y ' ) : 2 2 . B e c a u s p e l;r,'*..un conclude that p I z (using problem 32 of Section 3.2). This is a contradiction since (x ,y ,z) : l. Therefore, (x g) : l. In a similar manner we can easilv show that ( x , z ) : ( y ,z ) : l . D

393

1 1 .1 P y t hagor ean T ri Pl e s

integers of a primitive Next, we establish a lemma about the parity of the PythagoreantriPle. then x is even and y Lemma 11.2. If x,y,z is a primitive Pythagoreantriple, is odd or x is odd and Y is even' 1l '1, we know Proof. Let x ,!,z be a Primitive Pythagoreantriple. By Lemma x and y cannot that (x ,y\ : 1, so that x and y cannot both be even. Also (from 2 problem of Section 2'1) both be odd. If x and Y were both odd, then we would have ) x - = v z = I (mo d 4 ), so that 22:x2*y2

= 2(mod4).

x is even This is impossible (again from problem 2 of Section2.1). Therefore, and y is odd, or vice versa. E The final lemma that we need is a consequenceof the fundamental theorem of arithmetic. It tells us that two relatively prime integers that multiply together to give a square must both be squares' (r,s) : I and Lemma 11.3. If r,s, and t are positive integers such that : m2 and s : n2. ; : t2, then there are integersz and n such that r Proof. If r :1 ,upptr. that r ) lbe

or s : l, then the lemma is obviously true, so we may I and s ) 1. Let the prime-power factorizationsof r,,s, and

,:p1,pi2... p:", p:" s : p:,i\ p:,it and

t : ql' ql'

quo'.

Since (r,s ) : l, the primes occurring in the factorizations of r and s are distinct. Since rs : t2, we have

pi'pi'

pi"pi,+ipi,n pl,': q?"q'ru'

qiur'

From the fundamental theorem of arithmetic, the prime-powers occurring on

394

S o m e N onl i near D i ophanti ne E quati ons

the two sides of the above equation are the same. Hence, eachpi must be equal to Qi for some j with matching exponents, so that a; : 2bi. consequently,every exponenta; is even,and therefore ai/2 is an integer. we seethat r - m2 and , : 12, where m and n arethe integers a./2 a-/z m : pt' P2'

a/2

Pu"

a nd

n : pi,r('pi,C'

a/2

Pr"

!

We can now prove the desired result that describes all Pythagoreantriples.

primitive

Theorem ll.l. The positive integers x,l,z form a primitive pythagorean triple, with y even,if and only if there are relatively prime positiveintegers 172 and n, |/t ) n, with m odd and n even or m even and,n odd, such that x : m2-n2

'r7-'#ir' Prot{. Let x ,y ,z be a primitive Pythagoreantriple. Lemma I 1.2 tells us that x is odd and y is even, or vice versa. Since we have assumed that y is even, x and z are both odd. Hence, z*x and z-x are both even,so that there are p os it iv eint eger sr a n d s w i th r : (z + i /2 a n d s : (z-i l /2. S i n c ex 2 + y 2 : 2 2 , w e h a v ey 2 :

Ir)'

z2-x2:

(z*x)G-x).

Hence.

lz+x] f ,-"1

lr): I , .lt ' J:" w e n o t et h a t ( r , s ) : 1 . T o s e et h i s , l e t ( r , s ) : d . S i n c ed l , a n d d l s , dlG+s)z and,dl(r-s):x. T h i s m e a n st h a t d l ( * , r ) : 1 , sothat d :1. Using Lemma I 1.3, we see that there are integers la and n such that r : m 2 and,s : n 2 . W ri ti n g x ,y ,a n d z i n te r msof m andn w e have x:r-.s:m2-n2.

y:rM:rffi:2mn.

395

1 1 . 1 PY t hagor ean Tri P l e s

z:r*s:m2+n2. and n must also - xalso that (m ,n) : 1, since any common divisor of m we see (x,y,z) : l ' that : know w e * ' + r' , a n d Oi "i O" : m 2- n2' ,y :2 m n , a n d z then x y ' were' if they We also note that rn and n cannot both be odd, for : (x,y l ' Since ,z) and z would all be even, contradicting the condition n is odd, and is even (m,n) : I and m and n cannot both be odd, we seem has the triple or vice versa. This shows that every primitive Pythagorean appropriate form. To seethat everYtriPle x : m2-n2 y:2mn :2m2*n2, : 1, are positive integers, m ) n, (m,n) where m and n that note first m * n (mod 2), forms a primitive Pythagoreantriple, x 2 + y 2 : ( m 2 - n 2 ) 2+ ( 2 m n ) 2 : (ma -2 m2 n 2 + n 4 )* 4m2n2 : ^ 4 * 2 m 2 n 2t n a : (m2+n2)2 : 22.

and

To see that these values of x,y, and z are mutually relatively .prime, assume t h a t ( x , y , z ) : d ) ! . T h e n , t h e r e i s a p r i m e p - s u c h t h a t p l ^ ( x , y , z ) ^ .W e note that p * 2, since x is odd (becausex: m2-n2 where mz and n2 have o fp o rit " par it y ) . A l s o , n o te th a t b e c a u s ep I,x and p l t, p I G+ i :2m2 H e n c e p I m a n d p I n , c o n t r a d i c t i n gt h e f a c t t h a t a n ' dp l i t - ; : 2 n 2 . (* ,i ) : 1. T her efo re , (r,y ,z ) : l , a n d x o y ,z i s a pri mi ti ve P ythagorean triple. This concludesthe proof. D The following example illustrates the use of Theorem I I .l to produce PythagoreantriPles. so that (m,n): and n:2, Example. Let m:5 us that I .1 tells 1 m ) n. Hence, Theorem x:m2-n2:52-22:21 Y:2mn:2'5'2:20 z:m2+n2:52+22:29 is a primitive Pythagoreantriple.

I , f f i * n ( m o d2 ) , a n d

396

S o m e N o nl i near D i ophanti ne E quati ons

We list the primitive pythagorean triples generated using Theorem I l.l with rn : < 6 in T abl e I l .l .

m

n

2 3 4 4 5 5 6 6

I 2 I 3 2 4 I 5

x :

m2-n2

y:2mn

3 5 15 7 2l 9 35 1l

t : m2+n2

4 t2 8 24 20 40

5 l3 l7 25 29 4l 37 6t

r2 60

Table 11.1. Some Primitive pythagoreanTriples.

I l.l l.

Problems Find all il

primitive Pythagoreantriples x,l,z

b)

Pythagoreantriples x,!,2 with z < 40.

2 . Show that if x,!,2 divisibleby 3.

with z

< 40.

is a primitive pythagorean triple, then either x or y is

3 . Show that if x ,!,z is a Pythagorean triple, then exactly one of x,y and,z is , divisibleby 5.

4 . Show that if x,l,z is a Pythagorean triple, then at least one of x,y, and z is divisible by 4.

5 . Show that every positive integer greater than three is part of at least one Pythagoreantriple.

6 . L e t x l - 3 ,l t : recursivelv bv

4,zt:

5, and let

for n :2,3,4, ..., be defined

397

11.2 Fermat'sLast Theorem

xntl- 3xn*Zzn*l !n+r-3xn*2zo*2 zn+t-4xn*3zn*2' Show that xnln,zn is a Pythagoreantriple' + l, thenx,l,Z isoneof

7.

S h o w t h a t i f x , ! , 2 i s a P y t h a g o r e a tnr i p l e w i t h y : x the Pythagorean triples given in problem 6'

g.

: Find all solutions in positive integers of the diophantine equation x2 I 2y2 t2'

g.

Find all solutions in positive integers of the diophantine equation x2 * 3y2:

10. Find all solutions in w2+xzry':t'. I l.

positive integers of

the

t2-

diophantine equation

Find all Pythagorean triples containing the integer 12.

1 2 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y*l 1 3 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y * 2'

1 4 . Show that the number of Pythagorean triples x,-y,z (with x2 + y2 : z2) with a fixed integer x is (rk2)-l)/2if

x is odd, and (r!2l4-1)/2

if x is even.

1 5 . Find all solutions in positive integers of the diophantine equation *' * py' : 22, wherep isaprime. 11.1 Computer Projects Write programs to do the following: with xy,and

z lessthan a given bound.

l.

Find all Pythagoreantriples xJ,z

2.

Find all Pythagorean triples containing a given integer'

ll.2

Fermat's Last Theorem

In the previous section, we showed that the diophantine equation x2 + y2 : z2 has infinitely many solutionsin nonzerointegersx, !, z . What happens when we replace the exponent two in this equation with an integer grrut.. than two? Next to the discussionof the equation xz + y2 : z2 in his copy of the works of Diophantus, Fermat wrote in the margin: "However, it is impossibleto write a cube as the sum of two cubes, a fourth power as the sum of two fourth powers and in general any power the sum of two similar powers. For this I have discovereda truly wonderful proof, but the margin is too small to contain it."

398

So me N onl i near D i ophanti ne E quati ons

Since Fermat made this statement many people have searchedfor a proof of this assertion without success. Even trrouitr no ,or...t proof has yet been discovered,the foilowing conjecture is knowi as Fermat,s rasttheorem. Fermat's Last Theorem.

The diophantine equation x'+ln:zn

has no solutionsin nonzerointegersx, r, z when n is an integer with n D 3. Currently' we know that Fermat's last theorem is true for all positive integers n wit h 3 ( n < 1 2 5 0 0 0 . In th i s s e c ti o n ,w e wi l l show that the speci alcaseof Fermat's last theorem with n: 4 is true. That is, we will ,ho* that the diophantineequation xa+!4:24 has no solutionsin nonzerointegersx, !, z. Note that if we could also show that the diophantineequations xP + YP:7P has no solutionsin nonzero integersx,!,2 wheneverp is an odd prime, then we would know that Fermat's last theorem is true (seeproblem 2 at the end of this section). The proof we will give of the special case of n - 4 uses the method of infnite descent devised by Fermat. This method is an offshoot of the well-ordering property, and shows that a diophantine equation has no solutions by showing that for every solution there is a "smaller', solution. contradicting the well-ordering property. Using the method of infinite descent we will show that the diophantine equationxa + !4 : 22. has no solutionsin nonzerointegersx, !, and z. This is strongerthan showingthat Fermat's last theorem is true for n: 4, because a n y s o l u t i o no f x a + y 4 : t a : ( 2 2 ) 2g i v e sa s o l u t i o no f x a * v a : 2 2 . Theorem 11.2. The diophantine equation

**',ro,r: t' hasnosolutions in nonzer" ,",.*1, Proof. Assume that the above equation has a solution in nonzero integers x,l,z. Since we may replaceany number of the variableswith their negatives

399

1 1 .2 F er m at ' s Las t T h e o re m

we may assumethat x,Y,z are without changing the validity of the equation' positiveintegers' : 1' To see this, let (x,Y) : d. Then We may also supposethat (x,y) (x v Yt) : 1 ' w h e re x 1 and y 1 itro Positiveintegers' x : dx 1 and y = dY ,, w i th since xa + Y4 : '2 ' vte have (dx)4+(dYr)4:22, so that

d a ( x f + Y f ): ' 2 ' 2'2' we know t h a t d ' I t . Hence do | ,', and, by problem 32 of Section Thus' integer' positive Therefore, z : d'r r, where z 1is a da(xf + yf): (d2tr)': dor?, so that

xf+yl:t?. Th i s giv esa s olut io no f x a + y a : with (xr,yr) : 1.

: l r' z : zr ' 2 i n p o s i ti v ei n tegersx : xt' !

z2'where t h a t x : x , , l : 1 0 , z : z . ' i s a . s o l u t i o no f x a + y 4 : So, suppose : that there (xe,-/o) will show 1 ' We xo, lo, andzsare positiveintegerswith : 1' (xr' yl ) : : w i th zt x r,! l t, z: i s a not hers olut ioni n p o s i ti v ei n te g e rsx su ch t hat 21 1 z s . S i n c ex d + y t : z l , w e h a v e

G i l z + ( y & ) 2 :z E , we have so that x&, y&, ,o is a Pythagoreantriple. Furthermore, p I xs y&' then p and I l-fi, r&> - i, ro. if p is a prime suchthat p I x3 is a zs (xq,lrq): *3,yE, Hence, l. the fact that contradicting ;;';'l'ro, afe there that know we 11.1, prim-itiveiythagoreantriple, and by Theorem(mod (z 2) and rl ' ,n), m # positiveintegersz andn with x& : m2-n2 !& : Zmn zo: m2+n2, yfr the even where we have interchangedx62 andyfr, if necessary'to make integerof this Pair.

400

So me N onl i near D i ophanti ne E quati ons

From the equationfor xfr, we seethat x&+n2:m2. Since (m,n) : l, it foilows that x,s,n,m is a primitive pythagorean tripre. Again using Theorem I I .1, we seethat there are fositive integersr and s with (r,s) : l, r # s (mod 2). and ro : ,2-s2 n:2rs m - r2+s2. Si nc e m is odd a n d (m,n ) : l , w e k n o w that (m,2d : l . W e note that b e c aus ey & : ( 2 d m, L e mma l l .3 te l l s u s th at there are posi ti vei ntegersz1 andw with m:t? a n d 2 n : w 2 . S i n c ew i s e v e n ,w : 2 v w h e r ev i s a positiveinteger,so that v2: n/2:

rs.

si nc e ( r , s ) : I , L e m m a 1 1 .3 te l l s u s th a t th ere are posi ti vei ntegersx1 erd y1 s uc h t hat r : x l a n d s : y ? . N o te th a t si nce (r,s) : l , i t easi ryfol ow s th at ( x l, - y r ) : l. H e n c e .

x{+yf:

-2

zl

where x t,! t,z 1 ?re positive integers with (r r,y1) : l. zt I 26, because

Moreover, we have

zr(zf:m2<m2+n2-ro. To complete the proof, assumethat xa * y4 : z2 has at least one integral solution' By the well-orderingproperty, we know that among the solutionsin positiveintegers,there is a solution with the smallestvalue is of the variable z However, we have shown that from this solution we can find another solution with a smaller value of the variable z, leading to a contradiction. This completesthe proof by the method of infinite descent. n Readers interested in the history of Fermat's last theorem and how investigationsrelating to this conjecture led to the genesisof the theory of algebraicnumbers are encouragedto consult the books of Edwards Il4l and Ribenboim Irt]. A great deal of researchrelating to Fermat's last theoremis underway. Recently, the German mathematicianFaltings establisheda result that showsthat for a fixed positiveinteger n, n > 3, the diophantineequation xn + yn : z' has at most a finite number of solutions where x g, and,z are integersand (x,-y) : l.

401

1 1.3 Pell's Equation

Problems

ll.2

n is an integer n ) 2' then show that if x,! ,z is a Pythagorean triple and x"*yn#zn. of Theorem I l '2' and the 2.. Show that Fermat's last theorem is a consequence integers when p is an nonzero : in solutions no zP has assertion that xP * yp odd prime. l.

prime and Using Fermat's little theorem, show that if p is

3.

a)

if xp-l * yn-t : zP-r, then p | *yt .

b)

if xP + lP : zP, then p | (x+Y-z).

Show that the diophantine equation xo-yo: integers using the method of infinite descent'

4.

z2 has no solutions in nonzero

5.Usingproblem4,showthattheareaofarighttriangle never a Perfect square.

with integer sides is

in nonzero Show that the diophantine equation xa + 4ya z2 has no solutions integers. - 8y4 : z2 has no solutions in nonzero i. Show that the diophantine equation x' integers. : many solutions' 8 . Show that the diophantine equation xa + 3ya z4 has infinitely square' 9 . Show that in a Pythagorean triple there is at most one perfect many integer 1 0 . Show that the diophantine equation xz + y2: z3 has infinitely k the integers solutions by showing that for each positive integer : a solution. k2 * I form x : 3k2-1, | - k(k2-3), z 6.

tt.2 l.

Computer Proiects such Write a computer program to search for solutions of diophantine equations asxn

*Yn:zn.

11.3 Pell's Equation In this section,we study diophantine equationsof the form

( 11 . 2 )

x2-dy',:r,

(0, there are no where d and n are fixed integers. When d <0 and n most a finite solutionsof (11.2). When d < 0 and n ) 0, there can be at

402

Some Nonlinear Diophantine Equations

numberof solutions, sincethe equationx2 - dyr: n impliesthat l"l < fi lrl < JM. Also, note that when d is a perfect,quur., say d : D2, il* x2 - dy': x2 - Dry : G+Dfl(x-Dy) - n Hence,any solutionof Qt.D, when d is a perfect square,corresponds to a simultaneous solutionof the equations

::'d=;, where a and b are integers such that n : ab. In this case, there are only a finite number of solutions, since there is at most one solution in integers of these two equationsfor each factorization n : ab For the rest of this section,we are interestedin the diophantine equation x2 - dy':n, where d and n are integers and d is a positiveinteger which is not a perfect square. As the following theorem shows, the simpL continued fraction of -,/v is very useful for the study of this equation. Theorem 11.3. Let d and n be integers such that d > 0, d is not a perfect square, and lrl < r/7. .lf x2 - dyI: n, then xfy is a convergentof the simple continued fraction of ^/7. Proof. First considerthe casewhere n ) A. Since x2 _ dyr:

( tr . : )

From (tt.:), we seethat x - y.,/7 ) 0, so that x > yrT.

* _,/7>0, v and since 0 1 n < ,8,

n,wesee that

G +y./7) G -y,/V) : n

we see that

G -,/7v)

ta

YW

v :

x 2 -d Y2

y G + y,/7)

consequently,

403

1 1 .3 P ell' s E quat io n

\- f r

YQYJA)

fi

t \ q I 1

Zy'rld :l ) L!

Since 0 <

x_

v

1

.,17 < +, 2v' -r

rr2

Theorem10.18 tells us that x ly must be a

convergentof the slmple contlnueo1 fractionof JL - dy' : n by -d, to obtain When n ( 0. we divide both sidesof x2

v2- ,fr*': -3 we see that y /x is a By a similar argument to that given when n ) 0 o of ll.r/7' Therefore' convergent of the simple continuid fraction expansion must be a from problem 7 of Slction 10'3, we know tB *l!,:1l,j.,/x) : u ' ) l/(l/{cl converyentof the simple continuedfraction of './d x2 - dy': n, we ^1"1 have shown that solutions of the diophantine equation . .n, are gifn by the convergents of the simple continued *h;; The next theorem will help us use these fraction expansion of fi. convefgentsto find solutionsof this diophantine equation' ^ perfect square' Theorem 11.4. Let d be a positive integer that is not --!*Q! - 'o'' and P*+r ',/hlQr, : (io [47.1, oo: + dk il; pt *' J l Q * , t* L :0 ,1 ,2 ,... w h ere ao: Jd ' Furthermore'Iet O;';- r : ( ; " expansionof denote tie kth convergentof the simple continued fraction ;J;r Jd. Then

pt-dqt:(-1)&-rgp*1. Before we prove Theorem 1 1.4, we prove a useful lemma. w h e r er , s , t , a n d u ^ t e r a t i o n a l L e m m a 1 1 . 4 .L e t r * s r / V : t + r t / l not a perfect square. Then r : t is numbers and d is a positive integer that ands:u. proof. Since r * s,/7 : t * u,/7, *"see that if s # u then

r-t ,/7 u-s

444

So me N onti near D i ophanti ne E quati ons

B y T heor em 10 .1 , (r-t)/(u -s ) i s ra ti o n a l , and by Theorem r0.2 Jv irrational. Hence,s : u, and consequently : r t. A We can now prove Theorem I 1.4. Proof. Since ^E :

i,

o,0: Ias;ar, e2,...,ek,otk+tL, Theorem 10.9 tells us that - vtjs

ott+tp* I p*_t , r t " r r q k+ q r r '

Since dk+t : (pt *, + ,/7)/er+r

JV:

(P**t

we have

+ ,8)p* * e*+pr,_t

(P**, + ,/V)qr * et +rQ*_t

Therefore, we see that dqt t (Pt+flt, I Qt +rQtr-r)fi : (pr,+tpr,* e*+rpt,-r) + p*fi. From Lemma 11.4, we find that dqr, : P*+tPt, * and Q*+et -r Pt+ f l* f Q t + r Q n -t: p k W h e n w e mu l ti p l y t t. first of these two equations by qt and the second by pt, subtract the first from the second, and then simplify, we obtain pt - dqi : (ptqt -t - pr-tQ*)eo*,:

(- l)o-teo*r,

where we have used rheorem 10.10to completethe proof. tr The special case of the diophantine equation x2 _ dy, : , with n : I is called Pell's equation. we will use Theorems ll.3 and rr.4 to find all solutionsof Pell's equationand the related equationx2 dy, : -t. Theorem 1l'5' Let d be a positive integer that is not a perfect square. Let px/qt denote the kth convergent of the simple continued fraction of .8, k : 1,2,3,"' and let n be the period length of this continued fraction. Then, even, the positive solutions of the diophantine y.!"n ,r, equation : x- - ay" : I are : Q i r - t , j : 1 , 2 , 3 , . . .a, n d t , ! t h e d i o phantine equation x2 - dy'r *: - ll i n has no solutions. when n is odd, the positive s o l u t i o n so f x 2 - d ! ' : 1 a r e x : p 2 j n - r , ! : Q z i n _ r j, : 1 , 2 , 3 , . . . a n d t h e s o l u t i o n so f x z - d y ' : - l a r ex : p e i _ D n _ r , l : Q e i _ r ) n _ rj, - 1 , 2 , 3 , . . . . Pyoof. Theorem 1r.3 tells us that if xo,ro is a positive solution of x2 - dy': tl, then x0: p*2!o: Q * w h e r e p * / q 1 , i s a c o n v e r g e n ot f t h e simple continued fraction of ,/7 . On the other hand, from Theorem I 1.4 we know that

405

1 1 .3 P ell' s E quat io n

pt-dq?:(-l)ft-r21*1, whereQx*tisasdefinedinthestatementofTheoremll.4. is n, we know that Becausethe period cf the continued expansion oL"/j

('int" J'l : ' Hence' : Qjn: Qo:I for7 1,2,3,"', "tf pk-, - d q?^-t: (- l)i'Qni : (- I )/n' a solution of This equation shows that when n is even Pin-t, Qin-t is f o r 7 : 1 , 2 , 3 , . . . , a n d w h e n n i s o d d , P z i n - t , 4 2 1 n - it s - a s o l u t i o n x2-dyz:l -l for o f x 2 - d y ' : I an d Pz (j -D r-r,Q z (i -D n -, i s a s ol uti on of x2 dy' : j : 1,2,3,... :1 and x2 - dy2: -1 To show that the diophantine equations x 2 d y ' I have no solutions other than those already found, we will show that Qpal: -l : 1 . 2 . 3 . . . # for 7 implies that n lk and that Q1 We f ir s t not e t ha t i f Q t* t:

l , th e n * 'ftr' c,k+l: P1ra1

the continuedfraction expansiOnof a1a1 is purely Since ok+l : la1ra,.a1r1z,...l, -1 1 a*+r: Pk+r- ''17 < O' periodic. Hence, Theoiem !0.20 tells us that , nd nl k' Th i s im pliest hat P k + t:l r/7 1 , s o th a t d k : c " o a T o s e e t h a t Q l-'Sin"" #-lfor7:l,2,3,""notethatQi:-limpliesthat ct; has a purely periodic simple continued fraction dj : -pi -G. expansion,we know that -l

< ei:-Pi+^ftt

<0

and dj:-Pj--./7>t. -r/7 and, from the From the first of these inequalities, we see that Pi > -fi. -l for p1 are inequalities two these Since second, we see that Pi < -1contradictory,we seethat Qt # -1, where Since we have found all solutionsof x2-dy2: I and x2-dy2: x and y arc positive integers,we have completed the proof. n We illustrate the use of Theorem 11.5 with the following examples' Example. Since the simple continued fraction of .,8

is tl;f ,f 'f ,f ,el the

406

So me N onl i near D i ophanti ne E quati ons

pos it iv es olut io n so f th e d i o p h a n ti n e e q u a ti o n

x2 I are pni _t,et.' j _t, . .l 3yr: i : l'2'3"" *T]: p1_o1/e.roi-r is the (roi-l)th ctnvergent or ,r," simple

continued fraction expansion of .,m. The least po-ritiu" sorution is pe: 649, { e : 1 8 0 . T h e p o s i ti v e s o l u ti o n s of the di ophanti ne equati on x 2- 13y 2 : - I a re Prc i -o ,Qto i -o i : 1 ,2 ,3 ,. ..; the l east posi ti ve sol uti on i s P q : 1 8 , q a: 5 . Example. Since the continued fraction of -,.fr is t3;Wl, the positive solut ionsof x 2 - t4 y 2 _ : I a re p a i -1 ,e 4 j -r,j : r,.2,3,... w here p+ i -tbqi -r i s the 7th convergentof the simple continued fraction expansionof Vl4. The l eas t pos it iv e s o h l ti o n i s p t: 1 5 , Qt: 4. The di ophanti ne equati on xz - l4y2 : -1 has no rotuiionr, since the period length of the simple continued fraction expansionaf ,/la is even. We conclude this section with the following theorem that shows how to find all the positive solutionsof pell's equation x2-- dyt : I from the least positive solution, without finding subsequentconvergentsof the continued fraction expansionof ,/7. Theorem 11.6. L9t xg1 be the least positive solution of the diophantine equation x2 - dyL : l, where d is a positive integer that is not a perfect square. Then all positive solutionsxk,lk are given by

xtr*yrfi:(xt*yrr/v)o fork: I 1.4).

(Note that xp andy1,are determinedby the use of Lemma

Proof. We need to show that x1r,y1,is a solution for k : every solution is of this form.

and that

To show that x1,/r -.!! a solution, tst note that by taking conjugates, it follows that x1, - ytrfi: (x r- lr,,/T)k, because from Lemma 10.4, the conjugate of a power is the power of the conjugate. Now, note that

xt - dyt : (xp+ yr,fi)G,, - yr,fi)

: ( xr t y 1 6 ) o ( " , - y r E ) k

: (x?- ayilo

:

1.

Hence xk,lt is a solution for fr : To show that every positive solution is equal to x*,lt< for some positive integer ft, assume that X,y is a positive solution different from x*,lk for k : 1, 2, 3, . . . . T h e n th e re i s a n i n te g e rr s u c h t hat

407

1 1 .3 P ell' s E quat io n

(xl + yJ7)" < x + Y./7 ( (xt * v]/a)n*t' (x t * y rfi)-"' When we multiply this inequality by

we obtain

I < ( xr - r r f i ) n ( x + Y J d ) ( x t + Y I I A ' thatx t - !t,[i : (x1* yt,[d)-t. x? - dy? :1 implies since Now let

s * /./7 :(r, - yrfi)'(x + YJI), and note that s2-dtz:(s

- t J a ) ( s+ t , / D

+ yf/7)'8 - Y,l7)Gt - y r f i ) n ( X + Y J A ) (*?- dy?)'8' - dYz)

:

(xt

-- l

t.

:

We see that s,/ is a solution of x2 dy':

l, and furthermore,we know that

1, ,fr'.'"*;;';r",lV.--Mor.oner, sincewe knowthat s + t-,/7> i .; weseethat0 < (s + tJa)-r < 1. Hence 1r : +t(s t r,/7>+(s - r.'.ff)l> o /-

and

, : 1[(s 2Jd

+ t-./7)- (s - t',17)]> o.

t' 2 y1, by the Th i s m eanst hat s,/ i s a p o s i ti v es o l u ti o n ,s o th a t s 2 x1,and the contradicts this But choice of x1,y1 as the smallest-positivesolution' some for xpy1, be must X,I' Therefore inequality s * f ../7 < xr * ytfi. choice of /c. tr To illustrate the use of Theorem I1.6, we have the following example' positive solution of Example. From a previous example we know that the least l3y': I is xt:649, -Pr: 180' Hence' all t h e d i o p h a n t i n ee q u a t i o nx 2 positive solutions are given by xt, yp where

x* * yr,./n : (649+ tgo\[Lte . For instance,we have

408

Some NonlinearDiophantineEquations

x z * y 2,8

: 842361+ 233640.,/l t

H e n c e x 2 : 8 4 2 3 6 1 , y 2 : 233640 is the least positive solution of x 2 - l 3 y 2 : l , o t h e rt h a n X 1 - 6 4 9 ,y ' : 1 8 0 .

ll.3 l'

2'

3'

Problems Find all the solutionsof each of the foilowing diophantine equations a)

x2+ 3y2:4

b)

x 2 + 5 y 2: 7

c)

2 x 2+ 7 y 2 : 3 0 .

Find all the solutionsof each of the following diophantine equations a)

x'-y':B

b)

x2 - 4y2: 40

c)

4xz - 9/2 : loo.

For which of the following values of n x2 - 3ly' : n havea solution

a)l b) - 1 c)2 4.

does the diophantine equation

d ) -3 d4 f) -s ?

Find the least positive solution of the diophantine equations a) b)

x2 - 29y2: -1 x2 - 29yz: 1.

5.

Find the three smallest positive solutions of x2-37y2:1.

6.

For each of the following values of d determine whether the diophantine equationx2 - drz : -l has solutions

il2 b)3 c)6 d) 7.

13

e) f)

tj 3l

e) h)

4r s0.

the diophantine equation

The least positive solution of the diophantine equation xz - 6lyz : 1 is xt:1766319049, lt2261i398A. Find the least positive solution other than x t,l t.

409

1 1 .3 P ell' s E quat i o n

8.

S!g* that if pr/qt is a converggntof the simple continued fraction expansionof

9.

Show that if d is a positive integer divisible by a prime of the form 4ft * 3, then the diophantineequationx2 - dy': -l has no solutions.

Jd thenlp?- dq?l < | + zJd.

Let d and n be positive integers.

I l.

il

Show that if r,s is a solution of the diophantine equation x2 - dyz : I and X,Y is a solution of the diophantine equation x2 - dy' : , then Xr + dYs, Xs t Yr is alsoa solutionof x2 - dy': r.

b)

Show that the diophantine equation x2 - dyz: infinitelv many solutions.

n either has no solutions,or

Find those right triangles having legs with lengths that are consecutiveintegers. (Hint: use Theorem 11.1 to write the lengths of the legs as x -.r2 - 12 and y :2st, where s and t are positiveintegerssuch that (s,t) : l, s ) / and s and t have opposite parity. Then x-y:il implies that (s - r)2- 2t2: +1.)

12. Show that each of the following diophantine equationshas no solutions a)

xa-2ya:1

b)

x4-2y2--1.

11.3 Computer Projects Write programs to do the following: 1.

Find those integers n with lrl < Ji x2 - dyz: rz has no solutions.

2.

Find the least positive solutions of the diophantine equations x2 - dy': x 2 - d y 2- - 1 .

3.

Find the solutionsof Pell's equation from the least positive solution (see Theorem I 1.6).

such that the diophantine equation

I and

Appendix

412 Appendix Tabfe 1. FactorTable. The leastprimefac1o1,of .::h.odd positiveintegerlessthan 10000and not divisibleby five is givenin the table. ThJinitial digits of tile integeiare listedto the sideand the lastdigit is at the top of the column. primes are indicatedwith a dash..

1379 0 I 2 3 4 ) 6 7 8 9 t0

1379 3

3-

33-

3-

3 7 3-

337 3-

3 7^ 33

n 3- 3 7 t2 ll 33 13 7-14 3 ll 3 15 33 l6 7--13 t7 33l8 3 11 3 l9 20 3 7 3 ll 2l 373 22 1 3 23 3324 313 3 25 - l l 7 26 3327 33 28 717 29 33 13 30 7 33 - ll 3l 32 3t7 3 7 33 33 34 l l 7 - 35 33-

4A 4l 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 6l 62 63 64 65 66 67 68 69 70 7l 72 73 74 75

-131180 3 7 38l 373 82 19_ 83 3384 lt 33 85 7 86 3 ll 3 87 13 33 88 -r7 7_ 89 3390 7 3lI 3 9r 1 72 3 92 313 3 7 93 33 94 19 7-13 95 3396 33 97 7ll-19 98 3399 33 100 13l0l 3 7 3t7 t02 373 103 _ ll rc4 33105 3 2 3 3 106 l l - - 7 107 3 - 3 r 3 r0 8 3 1 7 3 109 -19 7ll0 323 3lll 7 33 lt2 t7 - 1l ll3 33 7 rt4 33 ll5

1379 3 ll 3 319 3

1379 t20 t2l

r22 3 7 329373 23-3 - 3 lr 13 33 7 3 19 329 t7 33 - ll 7 313 37 33 -23 - 13 3 8 37 3t 33 7 -tl 3323 33 7t71933313 3 t73 7 337 3 1t 329 313 23 33 7 33lt 33 19- 73 ll 3 t7 7 331 3 1 31 9

123 t24 125 r26 t27 128 t29 130 131

r32 r33 134 135 136 r37 r38 139 140 t4l

r42 r43

317 3 7 --23 3333 17fi29_ 3 7 313373 3 11 9 3333 7 3 13 3 33 rr 31 7 13 317 319 7 323 3 -29-37 33 7 319 3 13 7tt323 317 313 3 7--33ll 33 3 13 7 313 37 3

144 145 t46 147 148 r49 33150 1 9 3 1 1 3 r5l -1737 7 rs2 3 - 3 1 1 153 329 3 r54 2 3 - 7 t55 3 - 3 -

413

Appendix Table 1. (Continued).

r379 19 33 7-t333t7 33 7-3333 723-ll 331 317 t3 33 ll 3 7 323 41 373 19313 329 3r7 3 - - ll 7 3337 33 r77341 329 7 33 133ll 3 7 313 3 723t7 r82 3 - 3 3 1 r83 3 ll 3 184 7 1 9 - 4 3 185 3 1 7 3 l r 186 33 t87 188 3 7 3189 3 1 3 7 3 r90 - l t - 2 3 l9l 33r9 36 37 38 39 160 r6l t62 r63 t64 r65 r66 r67 r6 8 r69 170 17l 172 173 174 175 176 177 178 179 180 l8l

76 77 78 79

2m 201 202 203 204 205 206 207 208 209 210 2tl 2t2 2r3 2t4 2t5

2r6 217 2t8 2r9 220 22r 222 223 224 225 226 227 228 229 230 231

7t33r9 33 ll 3713-17 3 7 33 343 7 -3r9 313 323 3 7-tl29 33t9 33t 3 3 7 3u373 2 9 t3 3 ll 3 33 --19 7 33t7 3 ll 3 l34t 7 337 3rl 7 313 3 3r--47 33 7 317 3 23 7-33r3 337 3 731-3343 33 29--ll 3 7 337 3

1379

1379

1379

3 7 3 lt 3 7 -29 118 3 ll9 3 ll 7 329 3 240 241 - 1 9 - 4 1 242 33 7 243 l l 3 3 244 7 -31 245 3 ll 3 246 2 3 3 3 247 7 --37 248 313 319 249 4 7 3 l l 3 250 4 t - 2 3 1 3 251 3 7 3 ll 252 37 3 253 - t 7 4 3 254 33?5S 33 256 t 3 l t 1 7 7 257 331 32s8 2 9 3 1 3 3 259 723 260 3r9 326r 7 33 262 - 4 3 3 7 r 1 263 33 7 264 1 9 3 3 265 l l 7 - 266 33t7 267 33 268 7--269 33270 3 7 3 3 27r ll ll6

rt7

3-

3 7 31 1t 9 3 7 33 37 3753 329 37 3rt 3 19--17 33 7 33 747t9 313 343 33 7rl-13 334t 33 2 3 3 7- 2 9 3 7 3l7 37 3 29s t 3 - - l l 296 33297 313 3 298 t t t 9 2 9 7 299 341 3300 331 3 301 - 2 3 7 302 33 13 7 3303 3 304 - t 7 1 1305 343 3 7 306 33 307 3 7 7 1 7 308 33309 1 1 3 1 9 3 3r0 729133ll 3 l1 3 156 t57 158 159 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294

-

414

Appendix Table 1. (Continued).

l3

192 r93 r94 195 r96 r97 198 r99 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347

7 9

t7 341 3 --13 7 329 3319 3 3713 7tl 337 33 1 1-

3-

3-

13 33 - l1 7 353 34r 7 317 3 313 3 7 329 3 r 7 7 1 9l l 337 333

7-3r3-

3347 3 13-_-17 3 7 337 3 - - ll 3l 3r7 3343 3 l94r7 3313 ll 323 3 47- 719 3 ll 3 7 33 323 3 7

1379 232 233 234 235 236 237 238 239

:oo 361 362 363 364 365 366 367 368 369 370

37r 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387

n23t3t7 3333 -137 3r7 323 33 73313 33 23-7 3319 33 ll - 7 4l 313 37 319 3 -13 329 3 7 33 7tt_ 347 361 33 7-37319 323 ll 313 3 -53 3 7 319373 t7--29 3331 37 3ll 3 --43 7 3311 23 33 717 3353 7 33

1379 272 3 7 3273 37 3 274 - 1 34 t 275 33 3l 276 l l 3 3 277 1 7 4 7 - 7 278 3 11 3 279 33 _19 400 40r 33402 33 403 2 9 3 7t t 7 404 313 3405 33 406 3 t t 7 7 1 3 40'7 3 3408 7 361 3 409 l74r0 3ll 3 7 4tr 323 3 412 t 3 7 - 413 33414 4 1 3 1 l 3 4t5 7--416 323 311 4t7 4 3 3 3 4 1 8 37 47 53 59 419 3 7 313 420 37 3 421 - l t 422 341 3423 319 3 424 - - 3 1 7 42s 33426 3t7 3 427 7tl

1379 3t2 353 3 3r3 ; 13-43 3r4 3 7 347 3 1 5 23 3 7 3 316 2 9 317 3 19 3 ll 318 33

3le- * 3 r z 37

440 44r 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 4s9 460 461 462 463 464 465 466 467

3 7 3lr 3 7 3 1943 3ll 323 33 -6t7 334r 17 3 11 3 767 33 ll 7 33 1333 7 23 313 3 19 7*329 347 33 71723t9 3 - 3 13 33 43-t7lI 3 7 331 373 tt4t-3333 59-13 7 33-

415 Appendix Table 1. (Continued).

468 3 1 3 4 3 3 33-1113428 348 5 9 3 1 l 3 3 8 8 469 - 1 3 7 3 7 3 3 7 429 7 3r7 3 389 713349 317 3470 3 430 1 11 35 9 3 l 390 4 7 3 't 353 3 3 31 3 ll 350 471 3 ' , l 319 431 7 -3 39r 3351 293 4',72 29 3432 3 3 392 7 1 3 352 3',l 3 473 7 6 1 433 3 33r 393 333s3 3 4 7 3 1 1 474 343 3434 7 --rl 3 394 3354 7 6 7 475 3 3 3 5 9 3 3 7 435 1 9 39s 355 5 31 1 3 1 9 3 1 1 476 7 l r 1 7 436 3 3 5 6 3 7 3 4 3 396 t 7 3 3 3 1 7 1 3 477 3 2 9 3 437 2 3 4 1 3 7 3 397 t r 2 9 357 --4 3 8 1 3 3 4 1 3 478 7 3 7 31 73 7 398 358 3- _ 3 2 3 5 3 479_ 439 13373 3 5 9 399 -Tt1 3359 3 3 1 7 600 7t qt*r :-Tl 560 3- 5zo 480 :tn7tl13 601 3 3 4 1 3 1 5 6 1 3 1 7 313 6 1 521 481 t7 3r9 3602 7-1713 3 562 3 7 3 1 1 522 2 3 3 482 3 3 7 3603 3 1 3 3 4 3 563 3 7 3 523 483 --23 7 604 3 3 564 3 7 329 484 47 29 37 13 524 373 3605 565 3 2 3 3 4 3 525 5 9 3 7 3 485 3 3 1 1 606 3 7 3 3 3 1 3 526 - 1 9 2 3 r r 566 486 1 3 5 9 607 5 3 3 7 3 s67 3- 37 527 487 - 1 l 3 7 3608 3 1 7 3 568 1 3- 1 1s28 319 3488 37 3 - 7 s69 3 4 1 609 3489 6 7 3 5 9 3 s29 1 1 6 7 r 7 3141 6 1 0 3 313 570 33530 490 1 3 - 7 329 3 2 9 6 1 1 7 571 531 47 313 3 317 3491 3 11 3 -r 612 3 t 7 3 5 9 572 7 7 3 t 7 3 1 3 3 532 '7 492 1'1 - 1 l 533 3 1 9 573 1 1 3 - ' t - 3 6 1 3 3493 3 l1 3 614 3 5',74 7 33 7 534 3494 3 4 7 3 6 1 5 1 3 3 1 1 5 3 1 1 2 3 3 ) t ) 3 535 3495 731 6 r 6r6 3 3 7 3 7 576 7 3 3 3 1 s36 496 1 1 7 337 3617 3 1 3 537 4 1 3 1 9 3 5',77 2 9 2 3 s 3 3497 '7 3 323 6 1 8 7 1 7 3 3 578 7 3 538 498 1 7 3 1 1 4 1 6 1 9 3 1 1 3 579 3 3s39 7-19499 3 7 3620 JI | 3 580 540 1 1 3 33s00 3 3 621 1 1 3 581 3 7--3 2 9 3 54r ' 71 3 5 01 622 J 5 582 311 361 l l 4 7 542 502 323 3r7 623 719133 583 3543 3 7 3503 I

4 ^ -

^ a

416 Appendix Table 1. (Continued).

504 7 r 3 7 3 544 13_ 584 3- 3624 7 9 3 3 505 - 3 1 1 3 _ 545 3 7 3 5 3 585 3 _ 3 625 713-tr 506 3 6 1 3 3 7 546 4 3 3 7 3 586 - l l 626 33507 I r 3 3 547 - 1 3 587 3 7 3627 3 3 508 - 1 3 7 548 33 ll 588 373 628 l l 6 l - 1 9 509 3 lt 3 _ 549 1 7 3 2 3 3 589 4 3 7 1- 1 7 629 3 7 3510 33 550 7 590 33 1 9 630 373 5ll 19- 7551 337 3591 2 3 3 6 1 3 6 3 1 - 5 9 - t l 512 3 4 7 3 2 3 552 33 592 3 t - - 7 632 335 1 3 7 3 l l 3 553 - l l 7 2 9 593 317 3_ 633 1 3 33 514 5 3 3 7 - 1 9 s54 3 2 3 3 3 1 594 1 3 3 1 9 3 634 t 7 - t t 7 515 33 7 555 7 33 595 1 1- 7 s 9 635 33516 1 3 3 3 556 6 7 - 1 9 596 3 6 7 3 4 7 636 33 517 731_ s57 33 7 597 7 3 4 3 3 637 2 3 - 7 518 37r 3s58 3 3 7 3 598 - 3 1 - 5 3 638 313 3_ 519 29 33 559 729tl 599 3 1 3 3 7 639 7 33 640 3 7 1 94 3 t 3 680 33 1 l 720 1 9 3 3 760 l l - 7 64r 3 1 l 3 7 6 8 1 7 3 t 7 3 721 7761 323 319 642 33 682 t 9 722 3 31 3 762 329 3 643 s 9 7 4 1 4 7 683 33 7 723 7 33 763 1 3 1 7 7 644 317 3684 3 4 r 3 724 1 3 - - l l 764 33645 3 l l 3 685 1 3 7 - 1 9 725 33 7 765 7 3 t 3 3 646 7 2 3 2 9 - _ 686 33726 5 3 3 1 3 3 766 4 7 7 9 1 1 647 3 3 ll 687 3 1 3 3 727 il 7 1929 767 33 7 648 3 1 3 3 688 7 -7t83 728 33 3 7 768 33 649 - 4 3 7 3 6 7 689 361 3129 2 3 3 3 769 7 4 3 _ 650 3 7 3 2 3 690 5 7 3 3 730 767-770 33 13 651 1 7 3 7 3 69r - 3 1 - l t 73r 3 7 t 3 1 3 771 l l 3 3 652 - l l 6 l _ 692 3 7 3 1 3 732 3 t 7 3 772 7--59 6s3 3 4 7 3 1 3 693 2 9 3 7 3 733 - - l t 4 l 773 311 371 654 3 1 3 3 694 l l 5 3 734 3 7 3774 361 3 655 - - 7 9 7 695 317 3735 3 7 3 775 2 3 656 33696 33 736 1 7 3 7 5 3 776 3 7 317 657 33 697 - 1 9 - 7 737 3 7 3 3 4 7 777 t 9 3 7 3 2 9 658 7 1 1 698 33 2 9 738 1 l 3 8 3 3 778 3 1 4 3 1 3 659 319 3699 33 739 1 9 - 1 3 7 779 3 - 3 1l

417 Ap p e ndix Table 1. (Continued)'

1379

1379 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815

- 4 7 7 4 3 '740 3 1 1 3 3 1 3 3741 333 742 4 1 1 3 1 1 7 7 3343 3743 703 7 9 1 3 3 1 7 3ll 3 3 7 744 3704 3 745 - 2 9 705 1 l 3 3r7 3 7 746 7 3 7 2 3 706 3 747 3 1 3 3 11 3 707 7-708 7 3 3 1 9 3 748 359 37 4 1 4 7 3 r 749 709 3 750 1 3 3 7r0 3 - 3 13 3 11 3 751 7 rl -73 7tl 33752 7t2 3 3 7 3 1 1 753 t 7 3 713 7t4 3 7 3 7 3 754 - 1 9 755 3 7 3 715 - 2 3 1 7 37 3 3 1 3 3 6 7 756 7t6 3 757 6 7 - - 1 l 717 7 r 3 337 1 8 4 3 r r - 7 758 371 3 3 2 3 759 37t9 840 3 1 3 7 3 880 1 3 - - 2 3 881 3 7 3 841 t 3 4 7 1 9 37 3 882 5842 3 l l 3 883 - l l 843 7 884 3 3 7 3 844 2 3 - 885 5 3 3 1 7 3 3 l l 3 7 9 845 7 3 - 3 886 846 319 313 847 4 3 3 7 7 6 r 887 3 r 7 3 1 3 888 8 3 3 - 3 848 7 3 2 9 3 889 t 7 - 7 l l 849 329 3s9 8 5 0 - 1 1 4 7 6 7 890 7 337 3 7 8 9 1 3 851 33 - 3 892 1 1- 7 9 852 3 7 3893 8s3 1 9 7 - 323 3 3 - 3 8 3 894 854 7 r7-29 71317 3 3 1 3 4 r 8 5 5 r 7 3 4 3 3 895

3 7 3111713337 3 7 3 19 329 71761 33359 3 7-lr341 3337 3 193 7 3ll 3 7 3 53--23 3 ll 317 43 329 3 --67 7 313 33 1l 3 713 353 33 31371237 329 31l 3 13 3 83- 73 ll 3 7 341 3 -59 3 7 33 ll 3 7 -23 3 1l 3 47 379 3

700 701 '702

a a

1379

1379 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 920 92r 922 923 924 925 926 927 928 929 930 931 932 933 934 935

29 331 3 7313- 7 3341 3t7 3 - 11 7 47 329 33 7 33 7 313 353 3 7 -rl 341 3* 3 89 37 --r7

3r3 3* 373 3 19-3113 3 7 379 23373 6l-1119 3361 3r3 3 -23 - l1 3 7 337 3 i l 1 9- 4 7 3s9 313 3 73 3--37 7 3r7 371 34r 3 -67 7 319 33 7 313347 3 7

418

Appendix Table 1. (Continued).

1379 816 33 817 -1113818 3 7 319 819 373 820 5 9 1 3 2 9 _ 821 343 3_ 822 319 3 823 7 824 3373 825 3 7 3 2 3 3 826 l 1 7827 33r7 828 7 33 _43 829 830 319 3 7 831 33 832 5 3 7 t t 833 3 13 3 31 834 t 9 3 1 7 3 835 7-6r13 836 33837 i l 3 3 838 1 78 3 839 3 7 3 3 7 960 3 13 3 961 7-59962 33963 323 3 964 3 l - l l 965 3 7 313 966 37 3 967 t 9 t 7 968 323 3 969 l 1 3 3

1379 856 7-1311 857 3323 858 331 3 859 l l 1 3 860 3 7 386r 7 9 3 7 3 862 3 7 - 863 389 353 864 33 865 4 t t 7 t t 7 866 33867 1 3 3 3 868 - 1 9 7 869 33870 7 33 871 3 1 - 2 3 872 311 3 7 873 33 874 7-13 875 3319 876 3 ll 3 877 73167878 33 1l 879 5 9 3 1 9 3 970 8 9 3 11 8 7 971 3 ll 3 972 37t 3 973 t974 33975 7 3rt 3 976 4 3 t 3 977 329 3 7 978 33 979 19741 a n 4

1379 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 9 tl 912 913 9r4 915 916 917 9r8 919 980 981 982 983 984 985 986 987 988 989

1379

3-

3936 l l 3 1 7 3 3 4 7 3 937 7 _83 7 1 3 1 1 8 9 938 3ll 341 317 3939 33 33 940 7 -2397 7l 29 94r 333 7 3942 3 ll 3 l r 3 7 3 943 83944 3 7 3 ll 3 ll 3 945 t 3 3 7 3 13 3-17 3 946 4 7 4 3 2 9 7 947 333 3 1 3 6 1 948 1 9 3 5 3 3 3 l l 3 949 - l l - 7 19- 7950 3 13 337 3 3 1 3 1 l 951 3 31 3 7 33 952 - 8 9 7 t 3 2 3 - - 1 3 953 333 4 t 3 7 954 7 33 33 955 - 4 1 1 9 l 1 7 8 9 s 3 956 373 3 7 33 6 7 957 t 7 3 6 1 3 33 958 1 1 7 - 4 3 72917959 353 329 33 1 7 990 33 33 991 r r 2 3 4 7 7 7tt3r992 3333993 319 3 1 3 3 4 3 3 994 - 6 1 7 -59 99s 337 323 3 7 3 7 r 996 7 33 373 997 1 3 - u t 7 4t - - ll 998 367 3 7 3 1 3 3 1 9 999 9 7 3 1 3 3

Reprinted with permission from u. Dudley, Elementary Number Theory, Second Edition, copyrighto 1969 and l97g by w. H. Freeman and company. All rights reserved.

419

Appendix Table 2. Values of Some Arithmetic Functions'

I 2 3 4 5 6 'l I 9 l0 ll t2 l3 l4 l5 l6 t'l l8 l9 2A 2l 22 23 24 25 26 2'I 28 29 30 3l 32 33 34 35 36 5I

38 39 40 4l 42 43 44 45 46 4"1 48 49

I I 2 2 4 2 6 4 6 4 l0 4 t2 6 I 8 l6 6 l8 8 t2 l0 22 8 20 t2 l8 t2 28 I 30 l6 20 l6 24 t2 36 l8 24 l6 40 t2 42 20 24 22 46 l6 42

I 2 2

I 3 4

J

2 4 2 4 3 4 2 6 2 4 4 5 2 6 2 6 4 4 2 8 3 4 4 6 2 8 2 6 4 4 4 9 2 4 4 8 2 8 2 6 6 4 2 l0 3

6 t2 I l5 l3 l8 t2 28 t4 24 24 3l l8 39 20 42 32 36 24 60 3l 42 40 56 30 72 32 63 48 54 48 9l 38 60 56 90 42 96 44 84 78 72 48 124 57

420 A ppendi x Table 2. (Continued).

50 5l 52 53 54 55 56 57 58 59 60

6r 62 63 64 65 66 67 68 69 7A 7l 72 73 74 75 76 11

78 79 80 8l 82 83 84 85 86 87 88 89 90 9l 92 93 94 95 96 9',| 98 99 100

20 32 24 52 l8 40 24 36 28 58 l6 60 30 36 32 48 20 66 32 44 24 70 24 72 36 40 36 60 24 78 32 54 40 82 24 64 42 56 40 88 24 72 44 60 46 72 32 96 42 60 40

6 4 6 2 8 4 8 4 4 2 t2 2 4 6 7 4 8 2 6 4 8 2 t2 2 4 6 6 4 8 2 t0 5 4 2 t2 4 4 4 8 2 t2 4 6 4 4 4 t2 2 6 6 9

93 72 98 54 120 72 120 80 90 60 168 62 96 104 127 84 144 68 r26 96 t44 72 r95 74

n4 t24 140 96 168 80 186 t2r

r26 84 224 108 t32 120 180 90 234

n2 r68 128 t44 t20 252 98 t7l r56 217

421 Appendix Table 3. PrimitiveRootsModulo Primes prime p, p < 1000is givenin the table' The leastprimitive root r modulop for each

2 3 5 7 1l l3 t7 l9 23 29 31 3',1 4l 43 47 53 59 6l 67 7I 73 79 83 89 97 l0l 103 107 109 113 127 131 r37 139 t49 l5l 157 163

r67 r73 179 l8l

1 2 2 3 2 2 3 2 5 2 3 2 6 3 5 2 2 2 2 7 5 3 2 3 5 2 5 2 6 3 3 2 3 2 2 6 5 2 5 2 2 2

l9l 193 r97 199 2tl 223 227 229 233 239 241 251 257 263 269 271 277

28r 283 293 307 311 313 317 331 33',1 347 349

3s3 359 367 373 379 383 389 397 401 409 419 421 43r 433

l9 5 2 t 2 3 2 6 3 7 7 6 3 5 2 6 5 3 3 2 5 T7 l0 2 3 10 2 2 3 7 6 2 2 5 2 5 3 21 2 2 7 5

439 443 449 457 46r 463 467 479 487 49r 499 s03 s09 521 523 541 547 5)/

563 569 57r 577 587 593 599 601 607 613 617 6r9 63r 641 643 647 653 659 601 6 73 677 683 691 701

r5 2 3 l3 2 J

2 13 n J

2 1

) 2 3 2 2 2 2 2 3 3 5 2 3 7 7 3 2 3 2 3 3 ll 5 2 2

z 5 2 5 3 2

709 719 727 733 739 743 75r 751 76r 769 773 787 797 809 811 82r 823 827 829 839 853 857 859 863 877 881 883 887 907 9ll 919 929 937 94r 947 953 967 97r 977 983 991 997

2 ll 5 6 3 5 3 2 6 ll 2 2 2 3 3 2 J

2 2 ll 2 3 I

5 2 3 2 5 2 l7 7 3 5 2 2 3 5 6 3 5 6 7

422

Appendix Table 4. Indices Numbers

p

I r( I to

I l: lt2 l: l! l8 )1

22

29 28 3 r 30 3 i 36 4l 43 47 53 59 6l 67 7l 73 79 83 89 97

40 42 46 52 58 60 66 70 72 78 82 88 96

'il;il^ilrrl 'ilil,Y,l trlfr|JIl,li Numbers

p

t 7 1 8 l 1 9 20 2 l 22 23 24 25 26 27 28 29 30 3 l 32 33 l9 23 29 3l 37 4l 43 47 53 59 6l 67 7l 73 79 83 89 97

l0 7 2l 7 7 33 38 t6 l0 40 47 64 49 2l 2l 56 6 89

el

r z lr s

5 l l I e 24 z6i 4 8 1 7 1 3 5 25 1 6I e 34 z s l r c 37 1 2 l 4 s 37 3 s l ' 3 7 49 43138 8 t 3 l i 2 6 24 1 3 ll 0 17 5 8 11 6 40 2 0 1 6 2 17 6 1 3 2 70 6 3 1 4 7 29 r 8 1 3 5 t4 7 8 1 8 1 69

I

l3 t7 29 22 t4 36 6 3l t0 55 62 27 39 54 80 82 5

lt 26 t7 3l 29 t5 25 7 26 l6 60 37 63 72 25 t2 24

20 27 l5 36 t6 5 39 l5 57 28 l5 46 26 60 57 77

8 l3 29 l3 40 28 20 53 9 42 44 30 l3 I 75 49 76

l6 l0 l0 4 8 2 42 t2 44 30 56 2 46 54 52 2

l9 5 t2 l7 l7 29 25 46 4l 20 45 67 38 78 39 59

Indices tl

r s lr + l rlrol I 6l34l2l s rr j 3 Il s Il 4 r

l5 t4 23 ll t 4 l 2 2 l 3 s 39 sl116146 l3 3 4 1 2 0 1 2 857 29 s t l 2 s l 4 4 55 aI rr I oa 60 18l4el35 l5 3l6llll 67 s2lt0l12 l8 3 l 2 s l s e 87 l8l 3l13 9

nlsrlrs

9 28 34 3 33 49 59 47 ll ll 56 38 3l 46

5 20 l0 l8 9 3l 44 27 f 23 5 t7 5 2l 5 32 30 57 40 6 l 20 69 5 t4 80 85 74 60

Reprintedwith permissionfrom J. V. Uspenskyand M. A. Heaslet,Elementary Number Theory, McGraw-Hill Book Company.Copyright O 1939.

423

Appendix Table 4. (Continued).

Numbers p

3'l I 4l r9 43 23 47 34 s3 l l 59 4 l 6 l 48 67 65 7 l 55 7 8 29 79 25 83 5 7 89 22 97 27

l9 2l l8 33 9 24 ll 38 29 34 37 35 63 32

t8 2 l4 30 36 44 l4 l4 64 28 l0 64 34 t6

32 35 4 42 l 7 30 3 8 55 39 39 27 22 l l 2A 22 64 70 t 9 36 20 48 ll 5l 9l l9

20 22 9 50 9

6 33 3l 4l 3'l 46 58 65 65 35 67 24 95

I n dices

I

6 l2l I t s l 2 4 1 3 | 4314 l ')) | 8 l 29 4s132 1 4 l l l 33I 27148 2s 5 4 1 5 6 431r i I 34 l 8 s 3 1 6 3 e l 6 r l 27 46 2 5 1 3 3 481431 l 0

25 t l + t 5 r I 7 r I l 3 74 7 5 1 5 8 4 e l76164 30 4 0 1 8 1 7 t l 26 1 7 2 e l28172 30 2 l l l 0 8 5 1 3 9 4 l 5 8 1 45

23 40 16 58 29 2l 54 30 6l 73 l5

23 20 50 9 3l 59 23 54 84

2l 54 l0 43 50 38 l7 76 65 l4

23 36 38 46 2 66 28 l6 74 62

63

64

65

44

Numbers p

53 59 6l 67 7l '73 79 83 89 97

50 5 l

52

43 27 r3 32 45 5 3 3l 5t 62 5 l 0 27 50 22 5 5 46 7 68 36 63

76 47 42 2l 5l 3 42 79 55 93

53

54

))

56

)t

5 8 5 9 60

2l 52 26 t9 57 65 ll 4l 37

30 32 49 42 68 33 37 36 55

29 36 45 4 43 t5 13 75 47

6l

62

IncLices 3l 37 8 59 56 52 59 5 3 5 l 78 l 9 66 l 0 \) 8 7

22 33 57 23 53 '7'7

35 t9 52 l4 26

3 l 30 36 56 J 66 5 23 3l 7l 34 l 9 43 l 5 67 43

48 69 I 1 7 58 l l e 45 1 6 0 66 l 3 e 69 1 4 7 64 t 8 0

3 5 6 34 5 3 36 67 45 48 60 5 5 24 1 8 70 6 22 5 83 8 75 t 2 26

Numbers

p

67 7l 78 79 83 89 97

66

67

68

33 63 69 73 t5 13 94

47 50 48 45 56 57

6l

69

4l 52 29 2'7 5 8 50 38 58 6l 5l JI

't0

'tl

7 2 7 3 74 7 5

35 42 4l 36 79 66

44 5l 33 62 lt

36 t4 65 50 50

't6

II

7 8 79 80

8l

Inclices 44 69 20 28

23 4'l z l 44 27 5 3 29 72

40 49 67 53

I

43 39 32 68 1 4 3 3 l 42 77 40 1 4 2 46 4 2 l J J t 3 0 4 l 88

Numbers

p 82

83

84

85

86

87

88

83 4 l 89 3 7 97 23

6l t7

26 76 '73 90

45 38

60 83

44 92

89

90

91

92

93

94

95

96

82

48

I n d lces

s 4 l ' 7 e 1 5 61 4 9

20122

Appendix Table 4. (Continued).

Indices

p 2

I

3

5

4

2l rl | | 21 41 3l rl

6

7

8

e{t0llt

| I

I rl ' l! 2. 2l 3l 3'' 41 43 4'l 53 59 6l 67 7l 73 79 83 89 97

l3

t4

l5

t6

ll

3l 21 6l 41 5l I 2l 4l8l slrol I 2l 4l 8l 3l aln

lI l

l2

Numbers

7l3l6l 'l I ul el slrol zl I 3l elrolnl slrs trlrolr+l al tl 4 t2 2l al r l 21 4l sl rol rgl 7) t4l elrs;rzlrslrrl 5 l 2 l t o l + l z o l r l 1 7 l1 6 ll l I t l z z l r s l zrrl o l r z l s l lsl I 21 4l altol :l 6l rz z+ rs I rs t vl I n z a 1 ! ! I I I 3 l e l 2 7 1 r o l z e l r c lt 7 2 0 2 e z s n a l z + l r o lz t I z s I I : o I z sI 2 1 4 l a l r o l t z l z t l t 7 | 3 4I I I n sI : o I z : I s I o l r e l r r l z s l z t l : B l z eIl t ol 3 t l 2 s I I z+el zlr + lztl glrsl l28l 3 l s l z t l l s l z e l + r l 3 7 l rrez l 3r 2 o r o + l r z s l z sI r r I r +l z z l u l n |l 28s|; 4 0Il r zII r : |I r e| + l Il zr ct ll +z zt ll nz t Il 2 l 4 l 8 l t 6 l : z l r r l z 2 l 4 4 lr s r z : + r s | I m I t I Al zal z l + l s l r o l r z l s i t0 z0 40I 2t | +z | | | | ! I soI +r I zt I +eI z l 4 l a l r e l : z l : l 6 l t 2 1z + l+ t I t s I zs q I r sI : o I r t I z z l 2 l 4 l s l r o l t z l e q lr 5 s l + r l u l r s l o l r s l : o l s l r o i T l 4 e l s q l s r l s r l z l 1 4I 1 2 1+ 2 1+ s : r + l z t l s l z s l s z l + r l s t l s l r i l 2 l1l o l s o|l: r | e l + s l so+lIszo: Il ras II 3 l e l z t l z l e l r s l , 1 1+ l r z l x l z t I s l z + l z zlsslrol z l 4 l s l r o l t z l o a l 15| t I t+ | zaI seII zqI ssI t: I ee| +qI 3 l e l 2 7l s r l o s l r z l i t l 6 4 l t + l + z l y l z z I e oI z oI o oI z l sl2sl28l43l2tl s l o l o l l o l s : I z r I u l z g l+ s| + e l: e I Indices

p t7

l8

1 9 l0 23 l 5 29 2 l 3 l 22 37 l 8 4 1 26 43 26 47 3 8 53 J 59 3 3 6 l 44 67 20 7 l 62 7 3 20 79 48 83 l 5 89 6 9? 83

I 6 l3 4 36 33 35 2 6

I

27 40 8 27 65 30 t8 2t

t 9 20 2 l 22 23 24 25 26 27 28 29 30 3r 32 33 I 26 l2 35 34 l9 l0 t2 t4 54 t3 56 62 37 60 54 38

t2 23 5 33 40 l4 3 24 28 47 26 37 l8 32 37 73 93

l4 t7 l5 29 35 42 l5 48 56 33

I

)

s2 46 t7 t7 74 4l 77

I

t4 21 5 40 28 43 53 5 37 38 t2 5l 65 34 94

l0 II

) 30 34 46 33 47 l0 7 53 60 74 47 I3 82

20 2 l0 t6 t6 42 l3 35 20 l4 t6 8 64 ll 39 22

I Numbers l l 22 6 l8 I 20 3 | 6 l t 2 l 2 4 l l t4 2 Irzltrlzz 9 ) l5 | 2l 6l18 II 22 1 6 3 3 1 2 4 1 2 36 6 26 52 s l l 4 e l 4 s 3 7 l l 22 4 4 l 2 e l s 8 57 40 l 9 3 8 l 1 5 l 3 0 60 l 28 56 4 s l 2 3 l 4 6 25 l 4l 3 2 t l 5 1 3 5 1 32 40 54 24 34 23 6 e l 4 e l 6 8 l 46 22 44 s | 'o I zoI 40 28 84 t + 1 + + l + t l40 t 3 65 z + l t s l u l 79

I r sI r I lr:l tlzr

srl:el:+l

22 l 3 37 33 I 3 39 2 1 42 )5 5l 59 5 7 50 3 3 ll 6 47 1 6 59 t 9 80 't7 3l 4 35 1

t4 t'l 39 35

3r 43 53 66 42 57 7l t2 78

425 Ap p e n dix Table 4. (Continued).

Indices

p 42

3 5 1 3 6 37 3 8 39 40 4 l

34 17 28 4 l 20 43 3 l 47 34 53 9 5 9 27 6 l 45 6',1 65 7l l0 73 35 79 l 3 83 59 89 36 97 2

19 I 3 8 23 zl t 29 4 l 8 36 54 49 29 5 8 63 59 70 & 29 72 39 3 8 3 5 70 l 9 57 l 0 50

4 4 i | 4 5 i . 4 64',1 48 49

4t

I 8 17 6 38 l9 49 35 t2 48 26 3l 68 86

15 20 20 l9 39 55 5l 22 68 35 57 82 56

I

8 30 23 38 37 3 l3 2l 78 62 26 42

I 24 9 46 l7 l3 6 20 32 76 4l 78 l6

Numbers

29 45 39 34 26 t2 69 l4 70 82 56 80

I 37 25 9 52 24 57 70 52 8l 79 12

M 50 l8 43 48 44 58 77 79 59 60

rl

32llel I 4 7 l 4 r l 2 e 5 l 0 20 3 6 1 1 3 1 2 652 45 3 t 2 5 l 5 0 l 3 e t'l 34 2 e l 5 8 l 4 e 3 l 1 6 2l 5 i 2 4 l | 2 6 1 4 067 1 4 3I 1 7 7 1 1 6 3 1 2 342 1 6 41 2 8 ? 3 l 6 r l 2 s t) :l611 4 3 ? 5 1 6 7 1 5 1l 9 1 3 8| t 1 6 8 8 1 8 6 1 8 062 l 8 1 2 4 e l 4 5 l 3 1 58 t 9 6 1 9 2 1

lndices

p

5 3 40 59 3 6r l4 67 47 'll 48 1 3 61 19 50 8 3 69 89 72 97 72

27 6 28 27 52 43 7l 55 38 69

I t2 56 54 9 69 55 27 25 54

48 4l t5 l5 46 zl I 54 25 7 5 47 76 89

24 5l 4l 63 53

l5 42 60 25 )) 31

30 23 53 33 56 t4 l 7 34 <) 6',7 23 5 7 9 l 67

37 2l 30 34 ll 63 50

I 46 39 18 6l 42 68 69 44

I

N mbers 3l 1l 55 l3 47 53 29 26

I 22 30 65 62 23 87 33

M 68 33 28 46 83 68

I

17 36 37 45 36 7 1 1 3 5 l6 4 9 1 5 1 6l

21l|42 50166 rel22 5t15

rlrs

34 39 39 56

72 48 t4

Indices

p

o o el tl o al o sl i o l u r l n l t t l r a l r s l t t l t t l z t l r e 1 8 0| 8 t

67 7l 73 19 83 89 97

I 60 49 10 6l 55 70

.,'riiiiii

65 26 30 39 76 59

I

I 29 6 l 5 7 66 3 8 44

{umbt

I l l 3 3 20 60 22 66 40 6 l2 3 7 8 7 3 63 43 5 l 5 45 46 49 50 6 l 3 1 5 75 84 32 4 20

I 4l 24 58 63

t

r

44 5 3 48 l 3 2(' l s 2 l 2 r 42 85 7',| ) i ' 1 7 01 3 2 24 23 I ti l 9 0 1 6 2 l 9

Indices p

82 83 I 89 2r 97 95

83184

85186187188 89190 9t192193

63I ll 3 3 l l o l 3 0 87147 4l I ll I 55

I 8l

1 7 1 8 5 37

88

52

94

95

96

N umbrlrs 66 l r s

Table 5. Simple Continued Fractions for Square Roots of positive lntegers

J7

d

| , I r,,ll

l: lrr:1-l

is ltz,ql lolt2:2+t lt lrz;r,TJ'+t l sl 0 ) r 2 ; y e t

I

| [3:6]

Itt I l:;:,ot I tz I t:;Nl InItl,r.r,T,l,ol | 'o I f3:LAGt

i t5 I [3;t,6]

ln|t+:st

Jt s J l + ; + , a l

I ,n I r+;1i;l)"rl

I 20 I I a :2 ,8 1

I zt I t4;iJJJJst |,z I t+rr,xJ.r"sl

I 2 3| [ + : t . l , r , s ] I z q I t 4 ;,l 8 1 I zeI ts;rol

ror I ,, I rs:s,

j 2 8 j t s ; 3 , 2 ,r :o, l

I 2 eI t s : t t J ; J o t I :o I Is:z,rol I ,' I ts;r,r-:_:;rr,rol I 32 | t5:l,l,l,lol | : l I t s ; r ,rf, r o 1 l:+ I ts;r,+rlot l:s lts:_ol I i7 | t6:l2l i:a j to;o,ut l:r 116'aJI ] q ol t o ; : J 2 l

io'lto:fut

I 42 ) [ 6: 2 ,t2 1

l aoa, l l u , @ , , r l

l|.6:l.l,l,2,l.l.t.l2l

4slt6;r,t]Jm1

+e1ro,ffirli

4 7 [ [ o ; t , rs,t, z l 48lle;r,rzl soltz;l+l 5r I tt:t.tql szltt:+ttfV.u, 426

J7

d

i 53 I

t-

t7;3,1,1,3.141 54 I t z ; z r e ; J . r + t I 5 5 tt,T,zl,tqi I 5 6 II t't;zr+l l 57 I t7;l,t,4,l.l.l4l I 58 I I 7 : l , l , l , l . l . l . t 4 l | 59 I 60 |I t[tl;:nl, dz ,. tt ,qt t+ 1 I 6 l tz;r,q3JJtr,raJJat I 6 2 II t 7 ; 1 , |6, ,l 4 l I 63 I t z ; 1 r + t | 65 I [ a ; t o ] I 66 I t s ; s T ' t I 6 1 l E -; 5 2 1 . 1 , 7 , 1 . t . 2 , 5 , t 6 1 I 6 8 | [s:+. ro] i 6 9 t-8-: 3 , 3,,41. .13 . 3 . 1 6 1 I 70 ts;zT;, rJ,lot -I 7 l l8;22,-l ,1.t ,z,z,tol | 72 [8;2,16J | 73 [ 8 ; 1 . 1 , 5 , 5 , 1 . 1 . 1 6 1 I t g ;l , r J , l , G t / ) | [ 8 -;l , r , l , l 6 ] I 76 I E 1; , 2l , 1 , 5 , 4 ,t 5, t., Z t, , t I 77 11 [ 8 : 1 , 3 , 2 , 3 , l , l 6 J O ] l 7 8 I t s :r , q , Tt.6 l

I

t -

t -

I

I 11I

I 7 e l ta;ffi.I 80 [ 8 ; l , l 6 l | 8 2 II [ 9 ;I 8 ] I 8 3I I q ; e J8 t I 34 1 [ 9 ; 6 , l 8 l I

I

-t -5l

| t q ; {I , l , a , I 8 t

L 16 tq:1.1..-r'r.sJJJmr l ; J 7 ll [ 9 ; 3 , 1 8 1 l ; 1 8 itq;2JJ,l2,l8t i ; r e l [\ry,zJal

| .' o i [ 9 ; 2 , 1 8 ]

l;

ll I [ 9 ;l , l , 5 ,I . 5 .l . I . l 8 l l . t't- l I l 9 : l , l , 2 . 4 . 2 ..11. 18 1 -l; 3l _ I 9 : 1, 1, 4 . 6 . 4. 1t. 1S l

4l I g' t lq6l l; I ;8 i lnq i - l

rg;mr

[9;1,2,1,18] lq;t,:,r,rsl tg:t,s],rrr;l,l.ill [q;t,a,t,te] lg;iJTl

Answers to Selected Problems

Sectionl.l 1. 2. 3. 4. 5.

a ) 20 b) s 5 c ) : as d ) 2 0 4 6 a ) 3 2 b ) 1 2 0c ) 1 4 4 0 0d ) 3 2 7 6 8 t. 2. 6, 24, 120, 72 05, 0 4 0 ,4 0 3 2 0 3, 6 2 8 8 03, 6 2 8 8 00 l , 1 2 0 2, 5 2 , 1 2 0I , 8 4 .1 2 6 2. 1 0

g.

2n

\ n + D/ 2

10.2n

rr. 65536 2 1. x : y : l . z : 2 Section 1.2 : l . 9 9 : 3 ' 3 3 , 1 4 5: 5 ' 7 9 ,3 4 3 : 7 ' 4 9 , 0 2. a).c), d), e) 3. a) 5,15 b) 17,0 c)-3,7 d)-6,2 *.b 4. a: 13. b) 3 1 1 . 0 i f a i s a n i n t e g e r ,- l o t h e r w i s e . 2 3 . b ) 2 0 0 . 4 0 , 8 , I c ) 1 2 8 ,l 8 2 4 . 2 0 + l 8 [ x - l ] , S t . 0 8n o , $ 1 . 2 8Y e s

888'0

Section 1.3 l. 2. 3. 4.

( 5 5 5 4 ) r ,( 2 f i 2 ) r c ( 3 2 8 ) r o (. l I I I l o o o o o o ) 2 ( t r s ) , u , ( 7 4 E )6 ( t O t O t 0 lI I l 0 0 l l 0 l I l l 0 l I I l ) 2 , ( t t O t I 1 l 0 l I I I l 0 l 0 l l 0 0 l I l 0 l l 0 l ) 2 ,

( r o o tl o l o o o o o l ol )l 2 6 . b ) - 3 9 , 2 6c ) ( t o o l ) - 2 (, l l 0 0 l l ) - 2 ,( 1 0 0 1 l 0 l ) - z t l ' 3 ! + l ' 2 ! , 3 8 4 : 3 ' 5 !+ l ' 4 ! 1 4 .i l t + : 2 ' 3 1 + l ' 2 1 . , 5 6 : 2 ' 4 + Section1.4 l. 2. 3. 4. 5. 6. 't . 8.

( r o o t 0l o l l o ) 2 (rttilolll)z ( r o tt 0 0 0 l l 0 l ) 2 ( l l l o ) 2 .( l o o o l ) 2 (too65)ro ( 3 3 8 F )r e (8705736) r6 ( l I C) r c ,( 2895)r o

428

A nsw ers to S el ected probl ems

2 3 ' a ) 7 g r o s s , 7 d o , z e n , a n d g e gb g )s i l g r o s s , 5 d o z e n , a n d lreggs c) 3 gross,I I dozen,and 6 eggs Section 1.5 a) prime b) prime c) prime d) compositee) prime f) I composite 7. 3,7,31,211,2311,59 r 0 . i l 2 4 , 2 5 , 2 6 , 2 7 , 2 9b ) 1 0 0 0 0 0 + . l 2 , 1 0 0 0 0 0 1 !3+, . . . , 1 0 0 0 0 0 11!0+0 0 0 0 1 t4.53 16. a) 1, 3, 7, 9 ,1 3 ,1 5 ,2 1 ,2 5 ,3 1 ,3 3 ,3 7 ,4 3 ,49,51,63,67,69,73,75,7g,g7.93.99 Section 2.1 l. il5 b) lll c)o d) I e)rr il2 4. I if a is odd and b is evenor vice versa,2 otherwise 5. 2t2l 14.il2 b)sc)ssd)3 e)t f)1001 15. 66, 70, 105 ; ,7 0 ,1 6 5 66 o ;r 4 2 ,7 0 ,1 6 5 1 9 . ( 3 k + 2 ,5 k + 3 ) : I s i n c es 3 k + D _ 3 ( 5 k + 3 ) : I Section 2,2 l.a)rsb)6dZd)s 2 . a ) r s : 2 . 4 5 + ( - l ) 7 5 b ) 6 - 6 . 2 2 2+ ( _ 1 3 ) 1 0 2 c ) z : 6 5 ' 1 4 1 4 + ( - r 3 8 ) 6 6 6d ) 5 : 8 0 0 . 4 4 3 5 0+ ( - 1 1 0 1 ) 2 0 1 8 5 3 . a ) I : l ' 6 + l . l 0 + ( - t ) t 5 b ) 7 : 0 . 7 0 + ( _ l ) 9 g+ 1 . 1 0 5 c ) 5 : - 5 . 2 8 0 + 4 . 3 3 0+ ( - t ) + o s + 1 . 4 9 0 4. ilZ s. il2 Section 2.3 l . i l 2 2 . 3 2b ) 3 . 1 3 c ) 2 2 . 5 2d ) 1 7 2 d , 2 . l . l l f ) 2 8 g ) s . r o l i l 2 3 . 4 3i ) 2 4 . 3 2 . 5 . 7 | 2 6 5 3 k ) 3 . 5 . 7 I23. l ) 9 . 1l . l 0 l t , 1 t,,l i 8 . b ) 2 r 8 3' 8 . 5 7 4 . 11 . 1 3t 7. . t g 9. 249,331 1 0 . 3 0 0 ,3 0 1 ,3 0 2 ,3 0 3 ,3 0 4 | 2 . b ) 5 , 9 |, 3 , 17 , 2l , Z g , 3 , 3 7 ,14, 4 9 , 5 3 , 517,,669 ,37, 77 , g g ,3g. g 7 .lOl d ) 6 9 3 : 2 1 . 3 3: 9 . 7 7

1 4 . il 24 b) 210 c) r+o d) I l2l I e) soo+oil 3426s7 1 5 . i l 2 2 3 35 37 2 . 2 1 3 s s 5 7 7 b ) 1 , 2 . 3 . 5 . 7 . 1 1 . 1 3 . 1 7 . 1 9 . 2 3 . 2 9 d 2 . s . 1 1 , 2 3 . 3 . 5 7 1. 71.1 3 . 1 3d ) 1 0 1 1 0 0 0 , 44l f7i r r 7 g | rg 3 i l r l 0 l r 0 0 l

1 7 . 1 8 , 5 4 0 3; 6 , 2 7 0 : 5 4 ,1 8 0 ;9 0 . 1 0 8 2 1 . 308,490 25. a ) 3 0 , l 0 0 l 29. a f u c ) 2 . : r , r 5 r f ) 3 3 . 5 . I73. .1 9 . 3 7 . 7130. 9 3 0. 1 0 3

d ) 3 2 . 5 ..71 3 . t 7 . 2 4 te ) 5 2 1. 3 . 4 1 . 6 t . 1 3 2 1

429

Answers to Selected Problems

Section 2.4 l . i l z z ' q l ' e u b ) 7 ' 3 7 ' 5 3 ' 1 0 7c ) t 9 2 ' 3 r ' 4 9 6 9 toot'1999 f) 4957'4967 2 . u ) r : . s q r b ) 7 3 c ) t z ' 6 + t d ) 1 0 3 ' 1 0 7e ) lz' 5 l3' 2nlogrc2 7 . 5 ' 5. d17,347 6. d)13'17,41.61,293'341313'3?'109 Section 2.5 l. a)x:33

*5n.1:-ll-2n

l 3 n'il 'y -4OO-11n d)nosorution ,x'ZI cb1 y =-zi^\n

b) x:*300*

-;13:::il;4,-"44r, i l x : 8 8 9 + 1 9 6 9n , Y : - 6 3 3 - 1 4 0 2 n 2. 39 Frenchfrancs,I I Swissfrancs 0f 3. 17 apples,23 oranges 8-'l. "Pt 4. l8 =(25,0),(22,2),(19,4),(16,6),(13,8)' 5. a) (14-centstamps,2l-centstamps) ( 1 , ( 1 0 , 1 o ) ,( ? , 1 2 ) , ( 4 ,1 4 ) , 1 6 ) b) no solution =(54,1)' (51'3)' (48' 5)'(45'7)' c ) ( 1 4 - c e nst t a m p s , 2 l - c e ns t a m p s ) ( ( 3 3 , 1 5 ) , 3 0 , l 7 ) , ( 2 7' 1 9 ) '( 2 4 ' , 2 r \ ' , ( 2 1 ' , 2 3 ) ' , ( 4 2 , g ) , ( 3 9 ,1 1 ) ,( 3 6 , l 3 ) , 3 1 ) ,( 6 , 3 3 ) ,( 3 , 3 5 ) ,( 0 ' ,3 7 ) 2 9 ) , ( 9 , ( 18 , 2 5 ) ,( 1 5 , 2 : 7 ) , ( 1 2 , 10.a)3 t)ze d242 - l-n b) no solution I l . a ) x : 9 8 - 6 n , ! : | * 7 n ,z : 150-3n, w -- fr c ) x : 5 0 * n , l : - 1 0 0 + 3n, z ( 1 4 ,8 , 2 ) , ( 1 1 , 1 2 , 1 ) ' (1 : t2. (nickels,dimes,quarters) ( 2 0 ,0 . 4 ) , 7 , 4 , 3 ) , ( 8 .1 6 , 0 ) 4 l s t a n d b y 1 4 . n o 1 5 . 7 c e n t sa n d 1 2 c e n t s 1 3 . 9 first-class,l9 second-class, Section 3.1 l. a) l,2JlP$ 1,3,9,27,3J,111,33 . .3' i,t9 9 9 "ff2, 4 . i l g b) b c ) o d ) 1 2 d + f) I 9. 0 I 2 J

4 5

0 | 2 3 4 5 10. 0 l0r 2345 I 2 3450 lr z 4501 3 lt 32 4 5012 4 0r23 5 ls 0 t234 J

t -

l o,

0 | 2 054 105 2r0 321 432 543

3 4 5ll. x 0r23 0 0 0 0 0 321 I 0 I 2 J 432 2 0 L + 0 543 J 0 J 0 J 054 .+ 0 4 2 0 105 5 0 5 4 210 J

5 0 5 A J

2 I

12. a) 4 o'clock b) 6 o'clock c) 4 o'clock I 3 . 0 . I, 5 , 6 14.a 7 + b (modp) 17. n 7 + I (mod 6) l 3,15,17,19,21,23,25 1 8 . 1 , 3 , 5 , 7 , 9l , 1 2t.a\qzlr)zc)t8 (modp) whenp is prime andpla 26. a) t b) I cl f O) I e) ap-t = 1 l t ( p l ) ! : - l ( m o d p ) w h e np i s p r i m e l e) d) c) 27. a) -1 b) 30. a) 15621

430

A nsw ers to S el ected probl ems

Section 3.2 L a) x:3 (mod 7) b) x:2,5,g (mod 9) c) x=7 (mod 2l) e) x=812 (modl00l) f) x:1596 (mod t5g7) 2. c) x=5 (mod 23) 3. I t hours 4 . 6 - 0 , 6 , 1 2 , 1 8 , 2 4( m o d 3 0 ) , 6 s o l u t i o n s

d) no solurion

s.a)r:D7c)sd)t6 8 . a ) ( x , y )= ( 0 , 5 ) , \ t , D . , e . O , ( 3 , 3 ) , ( 4 , 0 ) , ( 5 ,(4m) o , (d6 , 1 ) 7) b ) ( x , y )= ( t , l ) , ( 1 , 3 ) , ( t , 5 ) , t r , z l , t : , o l , G , z i , i i ' , q j , i r , ul,(5,1),(5,3),(5,5),(5,7), (7,0), (7,2).(7,4),(l.0 (modg) c ) ( x , y )= ( 0 , 0 )( ,0 , 3 )( ,0 , 6 )( I, , I ) ,( I ( I , 5()2, , g )( ,3 , 0 )( ,3 , 3 )( ,3 , 6 ) , ( 4 , 1 ) , ( 4 , 4 ) , ( 4 , D , $(,5D, 5, ) , ( 5,,4g)l ,, r,e7,),o( l2, ,r2o, )(, 2 :J,-ii,il , (7,1),(7,4),(7,7),(g,2), ( 8 , 5 ) , ( g , g )( m o d 9)

d) no solution Section 3.3 l ' a ) x = 3 7 ( m o dl g 7 ) b ) x : 2 3 ( m o d3 0 ) c ) x : 6 ( m o d2 r 0 ) d ) x = 1 5 0 9 9 9( m o d 5 5 4 2 6 8 ) *201 4. 2l0l 8. a) x = 28 (mod 30) b) no solution 10. a) x :23 (mod30) b) x = 100 (mod 210) c) no solurion d) x : 44 (mod g40) e) no solution il. 30t | 3. 0000,0001,0625,9376 1 7 . 2 6 f e e t6 i n c h e s Section 3.4 l . a ) ( x , y ) = ( 2 , 2 ) ( m o d 5 ) b ) n o s o l u ti o n c ) (x,y) = (0,2),(1,3),(2,4),(:,0) or (4,1) (mod5) 2 . a ) ( x , y ) = ( 0 , 4 ) ,( l , l ) , (2 ,5 ),(3 ,2 ),(4 ,6 ),(5 ,3),(6,0) (mod7) b) no sol uti on 3. 0, l, p, orp2

(

l0

4. a) tt -)

{

1. a)

8. a)

l 0 orll b ) ls rl c ) fr 4 l l\ o 2/ l lt -, rJ U / {q I

4 3J

[z o 6l

ls 5 5 4

ll 4 oj

l5

l) 545 l 4 t o l b )l z ' o l c ) 4 5 5 4 4)

lr

lr

[4 555 9. a) x :0,y E 7,2 -2 (mod7) b) x : = 5 , - y = 5 , , = 5 , w = 5 ( m o d7 ) c) r 0 . i l 0"b ) 5 c ) 2 s d ) l

l , - y E 0 , 2 = 0 ( m o d7 )

431

An swer s t o S elec t e d P ro b l e ms

Section 4.1 a) 28 b) 24 c) 2ro d) 2t a) 53 b) 54 c) 5r c) 5e 9 d) not bv 3 a) by 3, not by 9 b) by 3, and 9 c) by 3' and no d) no c) b) a) no Yes 3, and by 9 b) those with an a) thosewith their number of digits divisibleby of digits divisibleby 6 numbcr with their even number of digits c) those (same ior 7 and for 13) d) I 1 * a5 aaa3l at apo (mod 3l)' 8 . o z r o 2 n - t . . . a p s - a z n o 2 n -at z n - z*

l. 2. 3. 4. 5.

3 7t r4 $ 6 e 2 . 3 7l1019 2 7 8 s 10. ll. 12. I 3.

d) yes a) no b) not by 3, by 5 c) not by 5' not by 13 73e '!-6 check d) no' for example a) incorrect b) incorrect c) passescastingout nines check passes part (c) is incorrect,but

Section 4.2 2.

a) Friday e) Saturday i) Monday

c) Monday g) Tuesday k) Friday

b) Friday f) Saturday j) Sunday

d) Thursday h) Thursday l) Wednesday

Section 4.3 l. a)

')

Tcanr

3

()

,4 t

1

Round b)'c

3

')

I

1

6

2

b-vc

1

6

5

3

)

I

1

6

b)'c

4

3

b\,c

1

o

2

I

1

brc

5

,|

't -l - l -l

')l -l

-- ----- 1 I

4

5

,1

6

5

.4

bvc

)

I

1

o

1

o

5

4

3

2

)

blc

J

4 : 3 , 4 ' R o u n d5 : : o u n d l : 4 , 5 . R o u n d2 : 2 , 3 , R o u n d3 : 1 , 5 ,R o u n d 3 . a ) H o m et e a m s R t.2 Section 4.4 5 . 5 5 8 , 1 0 0 2 ,2 t - t 4 ,4

432

A nsw ers to S el ected probl ems

Section 5.1 l. _l l" 2. I 4.4 5. a) x : 9 (mod 17) b) ,r : 18. I 24. 52

17 (mod 19)

Section 5.2 t7. 7.23.67 Section 5.3 l . a ) 1 , 5 b ) 1 . 2 , 4 , 5 , 7 , cg ) 1 , 3 , 7 , 9 d ) 1 , 3 , 5 , 9 , , . 1 3e ) t , : . s , 2 , 9 . , , t 3 . 1 5 11\ 1m-l

)

r

a r . J \ . . , \ L

I

5. ll 9. a) x :9 (mod 14) b) x : 13 (mod 15) c) -r = 7 (mod t6) ll. a) r b) I 1 2 . d ( 1 3 ): 1 2 , 0 0 4 : 6 . a ( 1 6 ) : 8 , d ( I 7 ) : 1 6 , , r ( r 8 :) 6 , o ( t g ) : Section 6.1

il

t 8 , d ( 2 0 ): 8

f

l. il +o b) t28 d t2o il 5760 2' a) 1,2 b) 3, 4, 6 d no sorurion d) 7, 9 , 1 4 ,a n d r g e ) n o s o r u t i o n f ) 3 5 , 3 9 , 4 5 , 5 2 , 5 6 , 7 0 ,J 2 , 7 g , g 4 , g 0 3 ' i l l ' z b ) t h o s ei n t e g e r sn s u c h t h a t 8 n : a l n . a n dn h a s a t l e a s to n c o d d p r i n r c | factor; n has at reasttwo odd prime factors;or n has a prime factor p = t (mod 4) c)zk,k:1,2,._. Section 6.2 1. a) 48 b) 399 d 2sqo d) 2r0r_l e) 6912 2.il9 b)6 c)rs il2s6 3. perfect squares 4' thosepositiveintegersthat have only even powers of odd primes in their primepower factorization 5 . a ) 6 , r r b ) r 0 ,r 7 c ) | 4 , | 5 , 2 1 , 2 3 d ) 3 3 , 3 5 ,74 e ) n o s o r u t i o n f ) 4 4 ,6 5 6.a)t 02 dq d)t2 dtgz f)45360 8' a) primes b) squaresof primes c) products to two distinct primes or cubesof primes 9.

nr(n) /2

1 0 .a ) 7 3 , 2 5 2 . 2 0 4 4 b ) r + p k c ) ( p k u + r t _ D / g k _ Do

ii
j:l

Section 6.3 1 . 6 , 2 9 , 4 9 6 ,g I 2 g , 3 3 5 5 0 3 3 6g, 5 g g g 6 9 0 5 6

An sw er s t o S elec t e d Pro b l e m s

b) 945 3. il t2,18,20,24,30,36 7 . a ) , c ) P r im e 8. a),b),d) Prime Section7.1 l . D W W D FN D W G D Z Q 2. I CAME I SAW I coNQUERED 3. IEXXK FZKXCUUKZC STKJW 4 . P H O N EH O M E 5. t2 6. 9.t7 'r d (mod 26) 7 . i l C : 7 P + 1 6 ( m o d2 6 ) b ) C : a c P * bc EXPLOSIVESINSIDE 8 . A ) V S P F X HH I P K L BK I P M I EG T G b ) Section 7.2

RL OQ NZ OF XM CQ KE QI VD AZ THIS 2. IGNORE 2 4 ] Il 12425) l.

a

J.

4. a) t b) l3 d 2 6 6.

Iz t: I I I I 23101 1 2 5 37 )

matrix Itj 163] i. digraphicHill cipherwith enciphering 000 310 12 310 l o 0o 22 tt 37 l0 l.00 00s

[52

ro

1 3rI

ol ol 0l

r lI

'l

rl

Section 7.3 l. Z. 4. 5. 6.

t 4 t 7 t 7 2 7 l l 1 7 6 5 7 6 0 77 6 t 4 D O N O T R E A DT H I S G O O DG U E S S 92 150

Section 7.4 l . 1 4 5 33, 0 1 9 3 . 1 2 1 51 2 2 4t 4 7 l 0 0 2 30 l 1 6 4 . E A T CHO CO L A T EC AK E

433

434

A nsw ers to S el ected probl ems

5 ' a) 037103540 8 5 80 8 5 80 0 8 71 3 5 9 0 3 5 40 0 0 000871543I 7g7 053sb) g 001 0977 0274 0872

ffi8 #l

3l1i'u*

082r0073084s 07400000 0008 0r480803 04r5

6' d 004200560481048107630000 00510000 029402620995049505:|' ag72 00000734 015206470972 7 ' d ) 1 3 8 31 8 1 2 0 3 5 2 0 0 01 03 8 30 1 3 0 1 0 8 0r 3 5 r r 3 8 3r 8 1 2 0 1 3 0 0 g 7 2 r 2 0 8 0956 00000972l5l5 0 9 3 7 1 2 9 71 2 0 82 2 7 3 l 5 l 5 0 0 00 8. 0872I 152 15 3 70 1 6 9 Section 7.5 l. a) yes b) no c) yes d) no 4 . l 8 : 2 * 1 6 : 2 * 3 * 1 3: 3 * 4 * l I : 7*l I 5 . ( t z , s t , g 5 , g1,6 , 4 g , 6 4 ) 6. 6242382306332274 g. (44,37,7 4,72,50,24) 1 0 .a ) 0 o: 2 . 3 . 1 0 : 2 . 5 . 6 : 6 . 1 0 b ) 1 5 9 6 0 :g . 2 1 . 9 5 Section 7,6 l. a) 36962 , 6 4 0 , 5 6 0 0 , 3 g 5b ) 5 3 g 9 2. 829 Section8.1 l. il4 04 c)6 2 . a ) 3 b ) 2 ,3 c ) 3 , 7 d ) 2 , 6 , 7 ,l l 4.4 1 6. il 23. 89 18. d 2209

e ) 3 ,5 f ) 5 , I I

Section 8.2 L a)2 04 c)8 d)6 e)t2 f)22 4. il q b) the modulusis not prime 6. 1 i l . b) 6 1 2 . c ) 2 2 , 3 7 g, , 6 , g , 3 g .2 6 Section 8.3 l. 2. 3. 4. 5.

4 , 1 0 ,2 2 ilz 02 c): il2 il2 02 dz d)3 a)5 b)5 c)rs d)15 7 . 1 3 . 1 7 t. 9

Section 8.4 l . i n d 5 l: 2 2 , i n d 5 2 : 2 . i n d 5 3: 1 6 , i n d 5 4 : 4 , i n d 5 J : I , i n d 5 6:

1 8 ,i n d 5 7:

19.

435

Answers to Selected Problems

ind58:6,ind59:l0.ind5l0:3'indsll:9'ind:12:20'ind5l3:14'indi14:71' ind5l5:l7,ind5l6:8.ind5l7:7'ind5l8:12'indslg:15'indr2O:5' i n d 5 2 l: 1 3 ,i n d 5 2 2 : l l (mod23) 2. a) -r=9 (mod23) b) x=9'14 s olution : ( m o d n o b ) 2 2 ) 1 8 7 , x 3. .) - 1 . a : 2 . 5 ,t l r 6 ( r n o d l 3 ) (mod29) 5 . b : 8 . 9 . 2 0 o. r 2 l 5 9 . 9 0 . 9 9 .I 15 . 13 4 , 1 4 4 . 41 5 .I 4 9 , o r | - 5 2( r . I l o dI - 5 6 ) 3 10,16,57, 6. ,r ( r n o d2 3 ) , o r x E 1 , 1 2 . 4 5 . 4 1 . 7 t t ' 9 1 ' 9 3 ' 1 0 0 ' 1 3 7 ' 1 3 9 ' 1 4 4 ' T . x = I ( m o d 2 2 ) .a - 0 3 6 7 ' 3 6 9 ' 36t ,t , 1 | 3 . 451, 4 . ] 0 ' ' 32 3 2 . ? . 5 2 . 2 5 45,,2277 7. 3 2l , 3 2 3 , 1 8 3 l' 8 5 . 1 8 8 , 2 1 0 , 2 2 9 l, 2 4 5 9 , 4 6 1o. r 4 9 6 ( m o d 5 0 6 ) ( m o d l 2 ) , ' t - 4 2 ( n r o d8 ) lt. a) (t,Z), (0,2) c) -x = 29 = 1 7 ( m o d6 0 ) 12 b) (0,0, 1, l), (0,0' 1,4) d) 'x l6.b)([email protected]):'74999249..,

Section 8.6 g o f) 3 8 8 0 8 0 g ) 8o+ o h) I 254I l 328000 r . a ) 2 0 b ) 1 2 c ) : 0 d ) 4 8 e) t d ) 5 , l 0 ' 1 5 .1 6 , 2 0 ,3 0 ' 4 0 ' 4 8 ' 6 0 ' 2 . a ) t , z b ) 3 , 4 , 6 ' 8 . 1 2 .2 4 c ) n o s o l u t i o n 1 2 ' 8 4 '1 2 6 ' q, 8 0. 120,240 e) no s o l u ti o n f ) z . 1 4 ,1 8 .2 1 . 2 8 , 3 6 . 4 2 . 5 6 , 6 3 . I 6 8. 252.504 3.65520 4. a)tt b)2 c)l d)ll e)tg f)38 I 4 . 5 .I 3 ' l ' l ' 2 9 .5 ' l T ' 2 9 5, ' , 2 9 ' 1 3 Section 8.7

62'"

5 , 2 5 .6 2 . 8 4 .- s '2 5 . l . 6 9 , 7 6 , 1 7 , 9 2 , 4 6I, I ' 1 2 .1 4 .1 9 .3 6 , 2 9 , 8 4 , p e r i o dl e n g t hi s 9 . . . . 7 . 6 . 1 3 , 1 0 , 1 4 , 1 5 , l , 7 ' 1 8 .1 6 .6 , l 3 3. l0 tttz: 6) l o z 3 z + " 7 .a ) l t b ) 7 1 5 8 2 7 8 8 2c ) 3 l d ) 1 9 5 2 2 5 7 8 c 9 . 1 , 7 4 , 2 5 ,I 8 , I 2 , 3 0 ' l l . l 0 Section 8.8

l . a ) s b ) 5 d 2 d ) 6 e) 30 i) 20 2. a)2 b)3 d2 il2 e)5 t)7 3. a) usesPreads : 3 b) u s es p r e a sd : 2 l

c ) u s cs P r c a sd : 2

Section 9.1 l, l6.l7 I . a ) t b ) I , 4 c ) I , 3 , 4 , 9 , 1 02, 1 d ) 1 , 4 , - s , 6 , 7 , 9 . 1 2. l,l,-1,1,-1,-l (mod 7) c) no solution I l. a) -r = 2,4 (mod 7) b) -r = | ( m o d l5) 15. .r = 1,4,11,14 36. c) DETOUR

436

Answersto Setectedproblems

Section 9.2 l.a)-l b)-l c)_l d)_l 4.p=+l(mod5) +1,*3,+g(mod2g) 5.p=

e)r

f)l

Section 9.3 l.a)r b)-lc)r d)l e)_l f)l 2. n : 1 , 7 , 1 1 , 1 7 , 4 3 , 4 9 , 5 3 , o r 5 9( m o d 6 0 ) 3. n = 1,7,13,17,19,2937,71 9 ,1g, 3 1 ,0 1 , 1 0 3 , 1 0 7 , 1 0 9 ,o1r1 I3l,9 ( m o d 1 2 0 ) 9. a) -l b) -l c) -r Section l0.l

6. a) .lb) .ar6c) .92nr6 d) .5 e) xOq f) .000999 i. a) (:s)g b) (.2)sc) (.r+o:), ai'f.'i6, e ) (.052)6f) (.02721350564)R

8 u)3 b)+ dL 25 90 33 s.u)Sb)+.)Ad)

el6

343 70 20 I 365 10. b :2s'3s'5"7"',wheres1,.92,s3, and sa are nonnegative integers, not a1 zero ll. a) 2,1 b) l,t c) z,t d) 0,22 e) 3.e rl o.o1 12. a) l, o b) 2 ,0 c ) 1 ,4 d ) 2 ,1 e ) l ,l f) 2 .4 t4. a) 3 b) l1 d tt d) l0l d +t.zT D 7.13 0 l I 1 I 2 t_2 3 1 4 3 2 5 3 4 5 6l 23. a)

T'i' 6'T';'t't't';,r,7,T';,;';,;';,;,;

Section10.2 l . i l t 5 / 7 0 t 0 / 7 d o l z l d ) 3 s s / l l 3 d z f ) 3/2 d s/3 h) 8/5 2 . a ) [ t ; s ] U )B ; z l c ) [ 0 ; 1 , 1 , 1 , 9 d] ) [ 0 ; 1 9 9 , 1 , e 4 )] [ - | ; 1 , 2 2 , 3 , 1 , 1 . 2 , 2 1 f ) [ o ; 5l , l , z , l , 4 , l , 2 l l Section10.3 I . a ) [ l ; 2 , 2 , 2 , . . .b1) [ t ; 1 , 2 , 1 , 2, 2, 1, . . . )c ) [ 2 ; 4 , 4 , 4 , . .d) ) t [ ;1,1,1,...J 2 . 4 _ l , L ! , s , t b ) 6 J , l , l , J c ) 0 , 2 , 6 , 1 0 , 1 4d ) 0 , 1 ,3,5,7 ? 312689 99532 /^\238il1997106193

l- l'3'4 ^7'32'39'7t: 4t 69

o,

+

9 l l 1 3 -1 3 5 ' 1 5 7t 7 g ' 2 0 12 2 3 z 4 s 2 6 7 z } s 3 l l l l . d ) 2g1 '7g 'g5 ,lt,f t5'22'29'36,Jt,E-'T,d,7l Section 10.4

l.

a) to;FrZt IU,t,t,+1b) t3;:,61c) ta;l":,r.sl 3. a) (z: +.,/Til/rc b) (-l +,/+sl/z c) (s + .,Fazlto 4. b) [ lo;20] I4t:il) , 117:frl, 2 . ") a) [l;2]

Answers to Selected Problems

437

tt o:z2o|lte;Tt4I?q,2,+t1 5. c) [q;j,J8], I l6;l,t5,1,321 6. d to:ffil, 17:7,t41, I l. b), c), e) Section I l.l ; ',12',13;9' b) 3'4'5;6'8'105 l . a ) 3 , 4 , 5 : 5 , 1 2 , 1 31;5 , 8 , 1 7 : ' 7 , 2 4 , 2 5 : 2 1 , 2 O , 2 9 : 3 5 , 1 2 , 3 7 l ;8 ' 2 4 ' 3 0 ; 3 0 ' 1 6 ' 3 4 ; 1 0 ' 2 4 ' 2 6 : 2 1 ' 2 0 ' 2 9 12,15;15,8,17:12,16,20:7,24,25;15,20,25; ; I 5,36,39;24,32,40 21,28,35,35,12,37 I (m2+Zn2) 1 ' - 2\ w h e r em a n d n a r e p o s i t i v e i n t e g e r s . : n l n , z- - : : 8. x ;(m"-Zn"),Y t i^l where m and n a(e positiveintegers, : ^r,, : L(2^2-nz),! ,: +Q.m2+n2)

*>it,li, 9. , -

andn is even

I

l-{^z-3n2),y

*rrTln,andm

| , ) , r ?\ r- - ^^ --- ^-,{ -o ^^"iti'r, integers, positive m and n, - ^are : mn,, where f,(^2+3n2) = n(mod 2)

Section 11.3 + l'y: b)nosolutionc)x: a)x:!2,y:0;x:+l,y:!l + 5 ' l : 0 ; x : * 1 3 ' y:+3 b)nosolution c)xt3,y:*l a)x: : : 9 8 0 1 , : : 1 8 2 0 x 13 b) 70,y Y a) x : 829920;x : 42703566796801, X : l 52Q,y : 273 ; x : 4620799,y : 766987012160 Y 6. a), d), e), g), h) Yes b)' c)' f) no '1. ! : 19892016576262330040 x : 6239'765965'120528801,

l. 2. 3. 5'

+2

Bibliography

BOOKS Number Theory l'

w. W. Adams and L. J. Goldstein, Intoduction to Number Theory, Prentice-Hall,EnglewoodCliffs, New Jersey,1g76.

2.

G. E. Andrews, Number Theory, w. B. Saunders,philadelphia, lg7l.

3.

T. A. Apostol, Introduction to Analytic Number Theory, SpringerVerlag, New York, 1976.

4.

R' G. Archibald, An Introduction to the Theory of Numbers, Merrill, Columbus,Ohio, 1970.

5.

I. A. Barnett, Elements of Number Schmidt, Boston, 1969.

6.

A. H. Beiler, Recreations in the Theory of Numbers, 2nd ed., Dover, New York, 1966.

7.

E. D. Bolker, Elementary Number Theory, Benjamin, New york, 1970.

8.

Z. I. Borevich and I. R. Shafarevich, Number Theory, Academic press, New York, 1966.

9.

D. M. Burton, Elementary Number Theory, Allyn and Bacon, Boston, t976.

Theory, prindle, weber,

and

10. R. D. Carmichael, The Theory of Numbers and Diophantine Analysis, Dov er , New Y o rk , 1 9 5 9 (re p ri n t o f th e o ri gi nal 1914and l 9l 5 edi ti ons). I l.

H. Davenport, The Higher Arithmetic, 5th ed., Cambridge University Press,Cambridge, 1982.

12. L. E, Dickson, History of the Theory of Numbers, three volumes, chelsea, New York, 1952 (reprint of the l9l9 original). 13. L. E. Dickson, Introduction to the Theory of Numbers, New York 1957 (reprint of the original 1929 edition). 438

Dover,

Bi b l i ogr aP hY

439

N ew Y ork' 1 4 . H. M . E dwar d s , F e rm a t' s L a s t T h e o re m,Spri nger-verl ag, 1911.

15. A.A.Gioia,TheTheoryofIYttmbers,Markham'Chicagol970. Birkhausero 1 6 . E. Grosswald,,Topicsfrom the Theory of Numbers, 2nd ed., B o s t o n ,1 9 8 2 .

t'7. R. K. Guy, l.)nsolvedProblems in l,{umber Theory, springer-verlag, N e w Y o r k , 1 9 8 1. Theory of 1 8 . G . H. Har dy a n d E. M . W ri g h t, A n In troducti on to the 1919' Oxford, 5th ed., Oxford University Press, 1,,{umbers, New York 1 9 . L. Hua, Introduction to Number Theory, Springer-verlag, l 982. Classical Introduction to Modern N I Y um berT heo ry ,Sp ri n g e r-Ve rl a g , e w Y o r k, 1982'

20. K. Ireland and M. L Rosen, A

2 1 . E . Landau,E l e m e n ta ryN u m b e r T h e o ry ,C hel sea,N ew Y ork, 1958' 2 2 . W. J. LeVeque, Fundamentals of Number Theory, Addispn-Wesley, 1977. Reading,Massachusetts,

2 3 . w. J. LeVeque, Reviewsin Number TheOry, six volumes, American M at hem at ic a lS o c i e ty ,W a s h i n g to n ,D .C ., 1974'

2 4 . C. T. Long, Elementary Introduction to Number Theory, 2nd ed., Heat h, Lex in g to n ,M a s s a c h u s e tts1,9 7 2 . (no date)' 25. G. B. Matthews, Theory of Numbers, Chelsea,New York 26. I. Niven and H. S. Zuckerman, An Introduction to the Theory of Num ber s , 4t h e d ., W i l e y , N e w Y o rk , 1 9 8 0 . 2l.

O. Ore, An Invitation to Number Theory, Random House, New York' t967.

28. O. Ore, Number Theory and its History, McGraw-Hill, New York, I 948. 29. A. J. Pettofrezzo and D. R. Byrkit, Elements of Number Prentice-Hall,EnglewoodCliffs, New Jersey,1970'

Theory,

30.

H. Rademacher, Lectures on Elementary [t{umber Theory, Blaisdell, New York 1964,reprint Krieger, 1977.

31.

P. Ribenboim,1-JLectures on Fermat's Last Theorem,Springer-Verlag, New Y or k , 1 9 1 9 .

440

B i bl i ography

32. J. Roberts, Elementary Number Theory, MIT Massachusetts, 1977.

press, cambridge,

33. D. shanks,solved and unsolvedproblemsin Number Theory,2nd ed., Chelsea, New york. 197g. 3 4 . J. E. Shockley, Introduction to Number Theory, Holt, Rinehart, and Winston, 1967.

3 5 . w. Sierpifski, Elementary Theory of Numbers, polski Akademic Nauk, Warsaw, 1964.

3 6 . w. Sierpifiski, A selection of problems in the Theory of Numbers, PergammonPress,New york, 1964.

3 7 . w. Sierpirlski, 250 problems in Elementory Number Theory, polish ScientificPublishers,Warsaw, 1g70.

3 8 . H. M. Stark, An Introduction to Number Theory, Markham, chicago, 1970;reprint MIT press,cambridge, Massachuseits,r9ig.

3 9 . B. M. Stewart,

The New York, 1964.

Theory

of

Numbers,

40. J. v. Uspensky and

2nd, ed., Macmiilan,

M. A. Heaslet, Elementary McGraw-Hill, New York. lg3g.

Number

Theory,

4l'

C' Vanden Eyden, Number Theory, International Textbook, Scranton, Pennsylvania,1970.

42.

I. M. vinogradov. Elements of Number Theory, Dover, New york, t 954.

Number Theory with Computer Science

4 3 . A. M. Kirch, Elementary Number Theory: A computer Approach, Intext, New York, 1974.

44. D. G. Malm, A computer Laboratory Manual for Number Theory, COMPress, Wentworth, New Hampshire, 1979.

4 5 . D. D. spencer, computers in Number Theory, computer science press, Rockville, Maryland, 1982.

Bi b l i o gr aP hY

441

CryptographY Hayden, Rochelle Park, 46. B. Bosworth, codes, ciphers, and computers, New JerseY,1982. Addison.Wesley, 47. D. E. R. Denning, Cryptography and Data Security, 1982' Reading, Massachusetts, Aegean Park Press, 48. w. F. Friedman, Elements of Cryptanalysis, Laguna Hills, California, 1978' 49.A.Gersho,ed.,AdvancesinCryptography'Dept'ofElectricaland 1982. computer Engineering,Univ. calif. Santa Barbara, 50.

51.

Macmillan' D. Kahn, The Codebreakers,the Story of Secret Writing' New York' 1967. 1981' A. G. Konheim, Cryptography: A Primer, Wiley' New York'

Park Press, 5 2 . S. Kullback, s/atis tical Methods in cryptanalysis, Aegean Laguna Hills, California, 1976. Dimension 5 3 . C. H. Meyer and S. M. Matyas' Cryptography: A New

tn

Computer Data Security, Wiley, New York, 1982'

Association of 5 4 . A. sinkov, Elementary cryptanalysis, Mathematical America, Washington,D.C., 1966'

Computer Science and Design' K. Hwan g, Computer Arithmetic: Principles, Architecture WileY, New York, 1979. 'of computer Programming: semi-Numertcal 56. D. E. Knuth, Art 2, 2nd €d., Addison wesley, Reading volume Algorithms Massachusetts,l98l .

55.

and searching, 57. D. E. Knuth, Art of computer Programming: sorting 1973. volume 3, Addison-wesley,Reading,Massachusetts, wiley, New 58. L. Kronsjo, Algorithms: Their complexity and Efficiency, York, 1979. its Applications 59. N. S. Szab5 and R. J. Tanaka, ResidueArithmetic and 1967' to Computer Technology,McGraw-Hill'

442

Bibliography

General

60. H. Anton, Elementary Linear Algebra, 3rd ed., Wiley, New York, 1981. 6 1 . E. Landau, Foundations of Analysfs, 2nd ed., Chelsea,New York, 1960. 6 2 . W. Rudin, Principles of Mathematical Analysis, 2nd ed., McGraw-Hill, New York 1964.

ARTICLES NumbenTheory 63. Ll M. Adleman, C. Pomerancq and R. S. Rumely, "On distinguishing prlime numbers from composite numbers," Annals of Mathematics, v o l u m e 1 1 7 ( 1 9 8 3 ) ,1 7 3 - 2 A 6 . 64. J. Ewing, t 286243-lis prime," The Mathematical Intelligencer, Volume 5 (1983),60. 65. J.lE. Freund, "Round Robin Mathematicso" American Mathematical tullonthly,Volume 63 (1 956), ll2-114. 66. R. K. Guy, "How to factor a number" Proceedings of the Ftfth Manitoba Coderence on Numerical Mathematics, Utilitas, Winnepeg, Manitoba, 1975, 49-89.

I ot.

l

A . K . Hea d , " Mu l ti p l i c a ti o n mo d u l o n , " B IT, V ol ume 20 (tgS O), 115I16.

6 8 . P. Hagis, Jr., "Sketch of a proof that an odd perfect number relatively prime to 3 has at least eleven prime factors," Mathematics of Computations, Volume 46 0983), 399-404.

69. J. C. Lagarias and A. M. Odlyzko, "New algorithms for computing n(ff)," Bell LaboratoriesTechnical Memorandum TM-82-1 I 218-57.

7 0 . H. P. Lawther, Jr., "An application of number theory to the splicing of telephonecables,"American Mathematical Monthly,Yolume 42 (tggS), 8 l - 9 1.

7 1 . H.1 W. Lenstra, Jr., "Primality testing," Studieweek Getaltheorie en Co[nputers, 1-5 September 1980, Stichting Mathematisch Centrum, Arfrsterdam. Holland.

443 Bi b l i ogr aP hY

and testsfor primality Proceedings 72. G. L. Miller, "Riemann'shypothesis on the Theory of "' computing, of thq seventhAnnual Ac:M symposium 234-239. 1,73. in primality testing"' The -' C. pomerance, "Recent developments (l g g l ), 97-105. In te l l i g e n c e r,v o l u m e 3 ur r ir *" r ic al i' \lq. C. pomerance, "The search for primes," Scientific American' Volume 241(tgSD, 136'147. ,,probabilisticalgorithms for lesting primality," Journal of .15. M. o. Rabin, 1 2 8 -138' Num ber T he o ry ,V o l u me 1 2 0 9 8 0 )' of the ./6. R. Rumely, ,,Recent advances in primality testing," Notices 30 (1983), 4,75-47,7, American Mathematical Sociely, Volume 2'7th Mersenne prime"' Journal of 77. D. Slowinski, "searching for the (1 9 18/9),258-261' Rec r eat ionaM l a th e m a ti c s ,Vo l u m e I I Monte Carlo test for PrimalitY," 7 8 . R. Solovay and V. Strassen' "A fast 84-85 and erratum, 6 09ll)' Volume SIAM Journal for Computing, v o l u m e7 ( 1 9 7 8 ) ,1 1 8 . in the develoPment of 7 9 . H. C. Williams, "The influence of computers with APPlications, number theory," Computers and Mathematics

V o l u m e8 ( 1 9 8 2 ) , 7 5 - 9 3 ' g0. H. c. williams, "Primalitytestingon a computer",Ars combinatorica' v o l u m e5 ( 1 9 7 8, )1 2 7 - 1 8 5 '

CryptograPhY 81.

for the discrete logarithm L. M. Adleman, "A subexponentialalgorithm Proceedings of the 2ath problem with applications to cryptogiaphy," Science' 1979' 55' Computer of Annual Sy*:,porium on the Fonia'tioit 60.

impossible g2. M. Blum, "coin-flipping by telephone- a protocol for solving 133-137' problems,"IEEE Proceedings'Spring Compcon" in cryptography"' IEEE 83. w. Diffie and M. Hellman, "New directions (l976),644-655' 22 Transactionson Idormation Theory, Volume public key g4. D. R. Floyd, "Annotated bibliographicalin conventionaland (1983) 12'24' ' cryptograpnr,. Cryptologia, Volume 7

444

B i bl i ography

8 5 . J. Gordon, "Use of intractable problems rn cryptography," Information Privacy, Volume 2 (19g0), l7g-fg4.

8 6 . M.

E. Hellman, "The mathematics of public-key cryptography," Scientffic American, Volume 241 (1979) t 4 6 - t 5 7 .

8 7 . L. S. Hill, "Concerning certain linear transformation apparatus of cryptography," l 3 5 -15 4 .

American Mathematical Monthl y, V ol ume 3g (1931).

8 8 . A. Lempel, "cryptology in transition," computing surveys, volume ll Q 979) , 28 5 -3 0 3 .

8 9 . R. J. Lipton, "How to cheat at mental poker,,, and ,,An improved power encryption method," unpublished reports, Department of computer Science,University of California, Berklir'y, 1979.

90. R. c. Merkle and M. E. Hellman, "Hiding information and signaturesin trapdoor knapsacks," IEEE V olum e 24 (1 9 7 9 ), 5 2 5 -5 3 0 .

Transactiins

in

Idormatioi

Theory,

9 1 . s. Pohlig and M. Hellman, "An improved argorithm for computing logarithms over GF(p) and its .ryptog.upt i. significance,,' IEEE Transactionson Information Theory, volume 24 (rgj"$, roC_iio.

9 2 . M. o.

Rabin,. "Digitalized signatures and public-key functions as intractable as factorization," MIT Laboratory for computer science Technical Report LCS/TR-212, cambridge, Massachusetts, rg7g.

9 3 . R. L. Rivest, A. Shamir, and L. M. Adleman, "A method for obtaining

digital signaturesa1d public-key cryptosystems,"communications of the ACM, Volume 2t (1979), tZO-126. 9 4 . A. shamir, uA polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem," proceedings of the 2ird Annual symposium of the Foundations of computeiscie,nce, r45-r52. 9 5 . A. Shamir, "How to share a secret," communications of the ACM, V olum e 22 0 9 7 9 ), 6 1 2 -6 t3 .

9 6 . A. Shamir, R. L. Rivest, and L. M. Adleman, "Mentar poker,,, The

Mathematical Gardner, ed. D. A. Klarner, wadsworth International, Belmont, California, 198l, 37-43.

List of SYmbols

t2 nt

Summation, 5 Factorial, 8

II l*) It

Product, 9

olb olt lxl

Divides, 19 Doesnot divide, 19 Greatestinteger, 20 Baseb exPansion,27

t.kJ

( a 1 r a 1 r - 1 . . . a f l 0t )

ov) ,r(.x) G,b) (a 1,,a2,..-,an) un

la,bl min(xy) ma x( x , y )

p'lln ta 1 ,a2, . . . , anl F, a = b(mod z) a # b(mod nr)

a A:B(modra)

7 I adj Ca) h (k) 6h)

Binomial coeficient, l0

Computerword size, 33 Big-O notation, 38 Number of Primes, 47 Greatestcommondivisor, 5 3 Greatestcommondivisor (of n integers), 5 5 Fibonaccinumber, 60 Least commonmultiPle, 7 2 Minimum, 72 Maximum, 72 Exactlydivide, 76 Leastcommonmultiple (of n integers),7 7 Fermatnumber, 81 Congruent,9l Not congruent,91 Inverse, 104 Congruent(matrices), I l9 Inverse(of matrix), l2l Identity lnatrix, l2l Adjoint, 122 Hashingfunction, 141 Euler'sphi-function, l6l

List of Symbols

Summationoverdivisors, 170

dln

f*s

Dirichletproduct, 172 Miibius function. 173

ph) o(n)

Sum of divisorsfunction, I74

r(n)

Number of divisorsfunction, 17s Mersennenumber.l g2 Encipheringtransformation,ZI2 Decipheringtransformation,212

ME*(P)

D*(c) ord.a

Orderof a modulom. Z3Z Index of a to the baser, 252

ind,a I(n )

Minimal universalexponent,269 Maximal +l - exponent,2g0

X6(n) |t Is-l

Legendresymbol, 289

lLl

Jacobisymbol, 314

lp ) r)

ln J (c p2ca..) 6 ( . c1 . . . c r - 1 r

b

Fn Iag;a1,a2,...,,e111 Ck : Pr/qr [ a g ; at , a z , . . . l

Iag;ar,...,o * - ,,ffifr|' Q,

BaseD expansion,341 Periodicbase6 expansion,343 Fareyseriesof ordern, 349 Finitesimplecontinuedfraction, 351 Convergent of a continuedfraction, 354 Infinite simplecontinuedfraction, 362 Periodiccontinuedfraction, 3i4 Conjugate, 377

lndex

Absolute least residues, 93 Abundant integer, 185 Additive function, 174 Affine transformation, l9l Algorithm, 33,58 division, 19 Euclidean, 58 for addition, 33 for division, 3'7,41 for matrix multiPlication, 43 for modular exPonentiation, 97 for modular multiPlication, 100 for multiplication, 35,39 for subtraction, 34 least-remainder, 67 Amicable pair, 185 Approximation, best rational, 37 | by rationals, 369 Arithmetic function, 166,418 Arithmetic, fundamental theorem of, 2,69 Arithmetic progression, primes in, 74 AutomorPh, 114 B a b y l o n i a n s ,1 , 2 5 Balanced ternary exPansion, 30 Base, 27 BaseD expansion, 27,341 Best rational aPProximation, 371 Big-O notation, 38,39 Binary notation, 27 Binomial coeffficient, l0 Binomial theorem, 12 Biorhythms, I l4 Bit operation, 38 Bits, 27 Block cipher, 198 Borrow, 35 Caesar.Julius, 189

Caesarcipher, 189 Calendar, 134 Gregorian, 135 International Fixed, 138 Cantor expansion, 30 Card shuffiing, 152 Carmichael number, 155'272 Carry, 34 Casting out nines, 134 Character ciPher, 189 Chinese,ancient, 2,107, Chinese remainder theorem, 107 Cicada, periodic, 5'l Cipher, 188 block, 198 Caesar, 189 character, 189 digraphic, 198 exponentiation, 205 Hill, 198 iterated knapsack, 224 knapsack, 221 monographic, 189 polygraphic, 198 product, 19'l public-key, 2,212 Rabin, 215 RSA, 212 substitution, 189 transposition, 204 Vigndre, 197 Ciphertext, 188 Clustering, 142 Coconut problem, 101 Coefficients,binomial, 10 Coin flipping, 298 Collatz conjecture, 24 Collision. 142 Common key, 208 Common ratio, 5 Complete system of residues, 93 Completelyadditive function, 174

448 Index

Completelymultiplicative function, 166 Composite, 1,45 Computationalcomplexity, 3g of addition, 39 of Euclidean algorithm, 62 of division,4 of matrix multiplication, 43 of multiplication, 39 of subtraction, 39 Computer arithmetic, 33,109 Computer files, 141,227 Computer word size, 33,109 Congruence, 2,gl linear, 102 of matrices, I l9 Congruenceclass. 92 Conjecture, Ccllatz, 24 Goldbach, 50 Conjugate, 377 Continued fraction, 350 finite, 351 infinite, 362 periodic, 374 425 purely periodic, 3g3 simple,351 Convergent, 354 Coversionof bases, Zg Coveringset of congruences,I l5 C r y p t a n a l y s i s ,1 8 8 Cryptography, 188 Cryptology, 188 Cubic residue, 262 Database, 227 Day of the week, 134 Decimal notation, 27 Deciphering, 186 Decipheringkey, 213 Decryption, 188 Deficient integer, 185 Descent,proof by, 398 Diabolic matrix, 127 Digraphic cipher, 198 Diophantineequations, 86,391 linear, 86

Diophantus, 86 Dirichlet, G. Lejeune, 74 Dirichlet product, 172 Dirichlet's theorem on primes in arithmetic progression, 74 Divide, l8 Divisibility, l8 Divisibilitytests, lZ9 Division algorithm, l9 Divisor, l8 Double hashing, 143 Draim factorization, g4 Duodecimal notation, 44 Electronic poker, 209,304 Enciphering, 188 Encryption, 188 Equation, diophantine, 86 Pell's, 404 Eratosthenes, I Eratosthenes,sieveof, 2,46 Euclid, I Euclideanalgorithm, 5g Euler. L.. I

Eu l e rphi -functi on,l 6l ,l 67 Euler pseudoprime,325 Euler'scriterion. 290 Euler's factorizationmethod, g5 Euler's theorem, 161 Exactly divide. i6 Expansion, base b, 27 Cantor, 30 continuedfraction, 350 periodic base b, 343 periodiccontinuedfunction, 374 terminating, 341 t l-exponent, 280 Exponentiationcipher, 205 Factor, l8 Factor table, 4ll Factorial function, 8 Factorization, 69,79 Draim, 84 Euler, 85

lndex

Fermat. 80 prime, 68 prime-power, 69 speedof, 80,215 Faltings,G., 400 Farey series, 349 Fermat, P. de, 1,397 Fermat factorization, 80 F e r m a t n u m b e r , 8 1 , 3 0 2 , 31 Fermat prime, 8l Fermat quotient, 152 Fermat's last theorem, 398 Fermat's little theorem, 148 Fibonacci, 60 Fibonacci numbers, 60 generalized, 68 Fibonacci pseudo-randomnumber generator, 219 Frequencies, of letters, 193 of digraphs, 202 of polygraphs, 203 Function. additive, 174 arithmetic, 166 completely additive, l7 4 completely multiPlicative, 166 Euler phi, 161 factorial, 8 greatest integer, 20 hashing, 141 Liouville's, 174 Mobius, l'73 multiplicative, 166 number of divisors. 175 sum of divisors. 174 Fundamental Theorem of Arithmetic, 69 Game of Euclid, 67 Gauss,C. G., 2,47 Gauss' generalization of Wilson's theorem, 152 Gauss'lemma, 293 Generalized Riemann hypothesis, 158 Generalized Fibonacci numbers, 68 Geometric progression, 5

Goldbach,C., 50 Goldbach's conjecture, 50 Greatest common divisor, 53 Greatest integer function, 20 Greeks, ancient, 2 Hadamard, J., 48 Hanoi, tower of, l'l Hashing, 141 double, 143 quadratic, 304 Hashing function, 141 Hexadecimal notation, 27 Hilbert prime, 76 Hill cipher, 198 Identity matrix modulo z, l2l principle of, 17,51 Inclusion-exclusion, Incongruent, 9l Index of an integer, 252,421 Index of summation, 5 Index system, 262 Induction, mathematical, 4 Infinite simple continued fraction, 362 Infinitude of primes, 45,82 Integer, abdundant,185 deficient, 185 palindromic, 133 powerful, 16 square-free,75 Inverse of an arithmetic function, t73 Inverse modulo lrr, 104 Inverse of a matrix modulo nr, l2I Involutory matrix, 126,244 Irrational number, 336,36'l Jacobi symbol, 314 Kaprekar constant, 3l Key, l4l common, 208 deciphering, 213 enciphering, 212 mastero 228 public, 212 shared, 208

450

Knapsack cipher, 221 Knapsack problem, 219 k-perfect number, 186 Kronecker symbol, 324 k th power residue, 256 Lagrange,J., 147 Lagrange interpolation, 242 Lagrange's theorem (on continued functions), 378 Lagrange's theorem (on polynomial congruences), 219 Lam6, G., 62 Lam6's theorem, 62 Law of quadratic reciprocity, 297,314 Least common multiple, 72 Least nonnegativeresidue, 93 Least-remainderalgorithm, 67 Legendre symbol, 289 Lemma, Gauss'. 293 Linear combination, 54 greatest common divisor as a, 54,63 Linear congruence, 102 Linear congruential method, 275 Liouville's function, 114 Logarithms modulo p, 207 Lowest terms, 336 Lucas-Lehmertest, 183 Lucky numbers, 52 Magic square, 127 Master key, 228 Mathematical induction. 4 Matrix, involutory, 126 Matrix multiplication, 43 Maximal t1-exponent, 280 Mayans, 1,25 Mersenne,M., 182 Mersenne number. 182 Mersenne prime, 182 Method of infinite descent, 398 Middle-squaremethod, 275 Miller's test, 156 Minimal universal exponent, 269 Mobius function, 173 Mobius inversion formula, 173 Modular exponentiation, 97

Index

algorithm for, 97 Monographic cipher, 189 Monkeys, l0l Multiple precision, 33 Multiplication, 35,39 matrix, 43 Multiplicative function, 166 Multiplicative knapsackproblem, 226 Mutually relatively prime, 56 Nim. 3l Notation, big-O, 38 binary, 27 decimal, 27 duodecimal, 44 hexadecimal, 27 octal, 27 product, 9 summation,5,l70 Number, Carmichael, 155,2'12 Fermat, 8l Fibonacci, 60 generalizedFibonacci, 68 irrational. 336 k-perfect, 186 lucky, 52 Mersenne, 182 perfect, 180 rational, 336 superperfect, 186 Number of divisors function. 175 Octal notation, 27 Operation, bit, 38 Order of an integer, 232 Pairwise relatively prime, 56 Palindromic integer, 133 Partial remainder, 37 Partial quotient, 351 Pascal'striangle, 12 Pell's equation, 404 Pepin'stest, 3l I Perfect number, 180 Period,

451

lndex

of a base b exPansion, 343 of a continued fraction, 374 Periodic base b exPansion, 343 Periodic cicada, 5'l Periodiccontinuedfraction, 374 Plaintext, 188 Poker. 209,304 PolygraphicciPher, 198 Powerful integer, 76 Prepperiod, 343 Primality test, 153,263 probabilistic, 158,334 Primes, 1,45 Fermat, 8l Hilbert, 76 in arithmetic Progressions,74 infinitude of, 45 Mersenne, 182 Wilson, 152 Prime number theorem, 47 Prime-power factorization, 69 Primitive root, 234,243 42O Primitive PythagoreantriPle, 391 Principleof inclusion-exclusion,l7 Principleof mathematicalinduction, second, 8 Probabilisticprimality test, 158'334 Probing sequence, 143 Problem, knapsack, 219 multiplicativeknaPsack, 226 Product, Dirichlet, 172 Product ciPher, 192 Property, reflexive, 92 symmetric, 92 transitive, 92 well-ordering, 4 Pseudoconvergent,374 Pseudoprime,2,153 Euler, 325 strong, 157 Pseudo-randomnumbers, 275 Pseudo-randomnumber generator' Fibonacci, 279 linear congruential, 275 middle'square, 275

pure multiPlicative, 277 P u b l i c - k e yc i P h e r , 2 , 2 1 2 Purely periodiccontinuedfraction' 383 Pythagoras, 1 PythagoreantriPle, 391 Pythagoreantheorem, 391 Quadratic hashing, 304 Quadratic irrational, 375 Quadratic nonresidue,288 Quadratic reciProcitYlaw, 297,304 Quadratic residue, 288 Quotient, l9 Fermat, l52 partial, 351 Rabbits, 68 R a b i n ' sc i p h e r s y s t e m , 2 1 5 , 3 0 3 Rabin's probabilisticPrimalitY t e s t , I 5 8 , 2 1 4 ,3 4 Rational number, 336 Read subkeY, 227 Recursivedefinition, 8 Reducedresiduesystem, 162 Reducedquadratic irrational, 384 ReflexiveproPertY, 92 Regular polygon, constructabilitY, 83 Relativelyprime, 53 mutually, 56 pairwise, 56 Remainder, l9 Repunit, 133,165 Residue, cubic, 262 k th power, 256 least nonnegative, 93 quadratic, 288 Residues, absoluteleast, 93 complete sYstemof, 93 reduced, 162 Root of a polynomialmodulo rn, 238 Round-robintournament, 139 RSA cipher system, 212,274 Second princiPle of

4s2

mathematical induction. 8 Seed, 276 Shadows, 228 Shift transformation. l9l Shifting, 35 Sieve of Eratosthenes, 2,46 Signature, 216 Signed message, 216,218 Solovay-Strassenprobabilistic primality test, 334 Splicing of telephonecables, 284 Spread of a splicing scheme, 284 Square-free integer, 7 5 Strong pseudoprime, 157 Subkey, read, 227 write, 227 Substitution cipher, 189 Succinct certificate of primality, 266 Sum of divisors function, 174 Summation notation, 5 Super-increasingsequence, 22O Superperfect number, 186 Symbol, Jacobi. 314 Kronecker, 324 Legendre, 289 Symmetric property, 92 System of residues, complete, 93 reduced, 162 System of congruences,107,1l6 Telephonecables, 284 Terminating expansion, 341 Test, divisibility, 129 Lucas-Lehmer, 183 Miller's, 156 Pepin's, 3l I primality, 153,263 probalisticprimality, 158,334 Theorem, binomial, 12 Chineseremainder. 107 Dirichlet's, 74 Eulerns, l6l

lndex

Fermat's last, 398 Fermat's little. 148 Lagrange's (on continued fractions), 378 Lagrange's (on polynomial congruences), 239 Lam6's, 62 Wilson's, 147 Threshold scheme, 228,243 Tower of Hanoi. 17 Transitive property, 92 Transpositioncipher, 204 Triangle, Pascal's, l2 Pythogrean, 391 Twin primes, 50 Universal exponent, 269 Vall6e-Poussin, C. de la, 48 Vignrire ciphers, 197 Weights, problem of, 30 Well-ordering property, 4 Wilson, J., 147 Wilson prime, 152 Wilson's theorem, 147 Gauss' generalization of, 152 Word size, 33,104 Write subkey, 22'l