CHAPTER 3

Congruences

3.1 CONGRUENCE
Carl E‘iedrich Gauss (1777—1855), the German mathematician, physicist, and as—
tronomer, was known as the Prince of Mathematicians to his contemporaries and is ‘
one of the greatest mathematicians of all times. His famous work on higher arith-
metic and number theory, called Disquz'sz'tiones Arithmeticae, was completed when
he was twenty—one and published in 1801. In this, among many other things, Gauss
introduced the notion of congruence, thereby offering a convenient way of dealing
with many questions of divisibility.

Definition. Let m be a fixed positive integer. If a, b, E Z, we say that “a is

congruent to b modulo m” and write
aE b (mod m)
Whenever ml(a —— b). If mf (a — b), we write a E b (mod m).

For example, 7 E 3 (mod 4), —6 E 14 (mod 10), 121 E 273 (mod 2), but
5 E 4 (mod 3) and 21 E 10 (mod 2). In Proposition 3.14, we show that two integers
are congruent modulo m if and only if they have the same remainders after division
by m.
The condition for a to be congruent to b modulo m is equivalent to the con—
dition that
a = b+km forsomekEZ.

Congruences occur in everyday life. The short hand of a clock indicates the
hour modulo 12, while the long hand indicates the minute modulo 60. For example,
20 hours after midnight, the clock indicates 8 o’clock because 20 E 8 (mod 12). In
determining which day of the week a particular date falls, we apply congruence
modulo 7. Two integers are congruent modulo 2 if and only if they have the same
parity; that is, if and only if they are both odd or both even.
The idea of congruence is not radically different from divisibility, but its use-
fulness lies in its notation, and the fact that congruence, with respect to a fixed
modulus, has many of the properties of ordinary equality. '

Proposition 3.11. Let a, b, and c be integers. Then

(1') a E a (mod m).
(ii) Ifa E b (mod m), then b E a (mod m).
(iii) Ifa E b (mod m) and b E 0 (mod m), then a E 0 (mod m).

57
58 Chapter 3 Congruences

Proof. (1') Since a — a = 0 and m|O, it follows that a E a (mod m).

(ii) If a E 6 (mod m), then ml(a -— b) and hence, by Proposition 2.11(ii),
ml(—1)(a — b); that is, ml(b — a) and b E a (mod m).
(iii) If a E b and b E 0 (mod m), then m|(a -— b) and m{(b — 0). Hence, by
Proposition 2.11(ii), ml(a — b) + (b— c); that is, m|(a — c) and a E c (mod m). D

Proposition 3.12. Ifa E a’ (mod m) and b E 13/ (mod m), then

(i) a + b E a’ + (7’ (mod m)
(ii) a —— b E a’ — 23’ (mod m)
(iii) a - b E a’ - b’ (mod m).

Proof. Since a E a’ and b E 19’ (mod m) we can write a = a’+km and b = b’+€m
where 16,8 E Z. It follows that

Ia+b = a’+b’+(k+.€)m
(1—!) = a’—b’+(k‘—€)m
ab = a'b/ + (kb’ + Ka’ + Mm)m.
The results now follow, since k: + E, k — 6, kb’ + Ea’ + Mm E Z. [1

Although we can add, subtract, and multiply congruences with respect to the
same modulus, we cannot with impunity divide out an integer from either side of
a congruence. For example, 6 E 36 (mod 10) but 1 E 6 (mod 10). HoWever, the
following proposition indicates under what conditions cancellation can occur.

Proposition 3.13. If ac E be (mod m) and gcd(c, m) = 1, then it follows

that a E b (mod m).
Proof. If ac E be (mod m), then m|c(a — b). If gcd(c, m) = 1, it follows from
Proposition 2.28 that m|(a — b) and so a E 1) (mod m). [:I

For example, 35 E 15 (mod 4) and, since gcd(5,4) = 1, it follows that

7 E 3 (mod m). .
As would be expected from the fact that a E b (mod m) is equivalent to
a = b + km, there is a close relationship between congruences modulo m and
remainders under division by m.

Proposition 3.14. a E b (mod m) if and only ifa and b have the same
remainders When divided by m.
Proof. Divide a and b by m according to the Division Algorithm to obtain

a = km’+r, where Ogr<m

b = Em—l—s, where O£s<m.
 Section 3.2 Tests for Divisibility 59

Hence a—bz (k—€)m+(r—s), where —m <r—s<m.

If a and b have the same remainders when divided by m, then a—b = (k —€)m
and a E b (mod m).
Conversely, if a E 6 (mod m), then mKa — b) and hence m|(r — 5). However, -
~—m<r—s<mandsor—s=0. D

We see from the above. proposition that any integer must be congruent to
precisely one of O, l, 2, . . . , m -— 1 modulo m.

Example 3.15. What is the remainder when 237 is divided by 7?

Solution. It would be very tedious to calculate 237 and then divide by 7. To
perform this arithmetic on a calculator, we would need to be able to display all 12
digits. However, we can use the above proposition to find what 237 is congruent to
modulo 7.
We know that '23 = 8, and so 23 - = 1 (mod 7). By repeated application of
Proposition 3.12011), it follows that (23)” E 112 E 1 (mod 7). Hence

2372236.2E(23)12-221.2E2 (mod 7)
and 237 has remainder 2 when divided by 7. D

Note that the successive powers of 2 take on a particular form modulo 7.

This phenomenon of the remainders cycling will be explained by Fermat’s Little
Theorem 3.42.

222, 2224., 2351, 2422, 2554, 2621, 2722, etc. (mod7).

Example 3.16. What is the remainder when 410 - 77 is divided by 5 7

SOIution. 42 E 16 E 1 (mod 5) and 72 E 49 E —1 (mod 5). Hence

410 - 77 a (42)5 - (72)3 - 7 E 15 - (—1)3 - 7 a —7 a 3 (mod 5)

and 410 - 77 has remainder 3 when divided by 5. I E]

3.2 TESTS FOR DIVISIBILITY

Congruences can be used to prove some of the familiar tests for divisibility by
certain integers. It is well known that any integer is divisible by 2 if and only if its
last digit is even. An integer is divisible by 4 if and only if the number determined
by its last two digits is divisible by 4.
This test for divisibility by 4 works because 100 E 0 (mod 4) and so, for
example, 56976 E 569 - 100 + 76 E 76 (mod 4). Therefore, the remainder when
56976 is divided by 4 is the same as that of 76 when divided by 4.
 60 Chapter 3 Congruences

Theorem 3.21.: A number is divisible by 9 if and only if the sum of its digits
is divisible by 9.
For example, consider the numbers 5895 and (“125942. The sums of their digits
are 5+8+9+5 = 27 and 1+2+5+9+4+2 = 23, respectively; since 27 is
divisible by 9 but 23 is not, it follows that 5895 is divisible by 9 but 125942 is not.
Proof. Let cc be a number with decimal digits CLTCLT._1 . . .a1a0 so that

a: = (1.107 + (1.410“ + - - . + c1110 + do.

Now 10 E 1 (mod 9), and hence 10]“ E 1'“ E 1 (mod 9) for all k 2 0. Therefore,

as E ar+ar_1 +---+a1+a0 (mod 9).

Hence a: E 0 (mod 9) if and only if the sum of its digits is congruent to zero modulo
9. . El
Note that this not only provides a test for divisibility by 9, it also provides a ‘
method for finding the remainder of any number when divided by 9. For example,

125942El+2+5+9+4+2§2322+3§5 (mod9)
and hence 125942 has remainder 5 when divided by 9.
A similar proof also yields the following result for divisibility by 3.

Theorem 3.22. A number is divisible by 3 if and only if the sum of its digits
is divisible by 3. E] ‘

The result on the divisibility by 9 provides the basis for an ancient method
of checking arithmetical calculations called casting out nines. Suppose we wish to
check the calculation

43296 X 1742 —— 514376 = 74907256.

The check proceeds as follows. For each number involved, add the digits together
and throw away any multiples of nine. Then perform the original calculation on
these remaining numbers. The calculation checks if this new answer agrees with
the original answer, after adding digits and casting out any multiples of nine. If
the answers do not agree after casting out nines, an error has occurred in the
calculation.
In the above example, we add the digits of 43296 to obtain 4 + 3 + 2 + 9 + 6
and, after casting out nines, we obtain the number 6. If we do this procedure to
the other numbers on the left side of the equation, we get the reduced equation

6x5—s
' Perform this simplified calculation to obtain 22 or, after casting out nines again, 4.
The sum of the digits of the original answer, after casting out nines, is also 4; hence
 Section 3.3 Equivalence Relations 61

this provides a check on the calculation. It does not guarantee that the calculation
is correct; it only provides a partial check.
Let us take another example.

Original calculation: (442)3 + 5176 = 86355064

After casting out nines: 13 + l 1 (mod 9)
This reduced congruence is incorrect, so a mistake must have been made in the
original calculation.
We see from Theorem 3.21 why this method works. The check just performs
the original calculation modulo 9. Therefore, the method works for any calculation
involving addition, subtraction, and multiplication. (We can treat exponentiation
as repeated multiplication, but we must not reduce the exponent modulo 9.)

Proposition 3.23. A number is divisible by 11 if and only if the alternating

sum of its digits is divisible by 11.

Proof. Let a: = aTIO’” —+— (1,410“1 + - - - + a110 + a0. Now 10 E —1 (mod 11) so
that

m E (—1)Tar +(—1)T'1ar_1+---— a3 + a2 — a1 + a0 (mod 11). '

Hence any number is congruent modulo 11 to the alternating sum of its digits, and
the result follows. ' I]

For example, 2307151 is divisible by 11 because 2 — 3+ 0 —— 7+ 1 -— 5 + 1 2 ~11,

which is divisible by 11.

3.3 EQUIVALENCE RELATIONS

Congruence modulo a fixed integer is an example of an important notion in math-
ematics, namely the concept of an equivalence relation.
Algebra can be considered as the study of operations and relations in sets.
Examples of operations are addition, subtraction, multiplication, and exponenti-
ation; these all combine two elements to form a third. Examples of relations are
greater than, divisible by, and equals; these all compare two elements. Roughly, R
is a relation on a set S if, for every ordered pair of elements a and b in S, either
a is related to b, in which case we write aRb, or a is not related to b and we write
a R b.
Here are some examples of relations.

Greater Than: For a, b E R, take aRb to mean a > b.

Divisibility: For a, b E Z, take aRb to mean a|b.

Equality: Let S be any set, and take aRb to be a z b.

62 Chapter 3 Congruences

Congruence modulo m: For a, b E Z, take aRb to be a E 13 (mod m).

and, for two
Congruence of Triangles: Let S be the set of triangles in the plane
triangles T1 and T2, take TlRTg to mean T1 is congruent to T2.
and b are two.
Brother: Let S be the set of all people in the country and, if a
people, take aRb to mean a is the brother of 17.
take aRb
Same Surname: Let S again be the set of all people in the country, and
to mean that a has the same surname as b.
two days
Same Day: Let S be the set of all days in a particular year and, for any
I
' a and (9, take aRb to mean that a and 1: occur on the same day of the week.

Definition. A relation R on a Set S is called an equivalence relation if

(i) aRa for all a E S (reflexive property)

(ii) if aRb then bRa (symmetric property)

(iii) if aRb and bRc then aRc. ‘ (transitive property)

the
Of the above examples of relations, equals, both types of congruences, and
are not.
same surname and same day are equivalence relations, while the others
.
Proposition 3.11 shows that congruence modulo m is an equivalence relation

Definition. If R is an equivalence relation on a set S, and a E S, write

[a] = {m e s l mRa}.
are
This is called the equivalence class of a and consists of all elements in S that
equivalent to a. The element a is called a representative of the equivalence class
- [al-
In the equals relation, the equivalence class of an element consists of a alone.
Smith
In the relation has the same surname, the equivalence class containing John
consists of all the people with the surname Smith.
In the equivalence relation of congruence modulo m an equivalence class is
called a congruence class, or sometimes a residue class.
In the case of the congruence relation modulo 2

[0] = {3: l a: E 0 (mod 2)} = { . . , -—4, —2,0,2,4, . . }

[1] = {mm—£1 (mod2)} = {...,—3,—1,1,3,5,...}
[2] = {xixEZ (mod2)} = {...,—4,-2,0,2,4,...} = [O].

In fact, there are only two distinct congruence classes, namely the even integers
and the odd integers. We have [2r] ,= [0] and [2r + 1] = [1], so any even number is
a representative of [0], and any odd number is a representative of [1]. Furthermore,
notice that every integer lies in precisely one congruence class.
 Section 3.3 Equivalence Relations 63

Proposition 3.31. Let R be an equivalence relation on the set S. If a,b E S,

then
(1') a E [a].
(ii) [a] = [b] if and only if aRb.
(iii) [a] H [b] = (2) if and only ifa Rb.
Proof. (1') The reflexive property states that aRa, for all a E S, so it follows
that a E [a].
(ii) Suppose [a] = [b] Then, by part (i), a E [b] and aRb. Conversely, suppose
aRb. Let at E [a] so that wRa. By the transitive property :e and hence a: E [b].
Therefore, [a] g [b] and, since bRa, it follows similarly that [b] g [a]. Hence [a] = [(3].
(iii) Suppose [a] H [b] = 0. Then a ¢ [b] and so a Rb. Conversely, suppose a Rb and
let a: E [a] H [b]. That is, mRa and mRb. By the symmetric and transitive properties,
aRx and aRb. This is a contradiction, so 0: cannot exist and [a] H [b] = (D. D

Therefore, in any equivalence relation, two equivalence classes are either iden—
tical or disjoint, and the set of equivalence classes under an equivalence relation R
yields a disjoint decomposition of the set S. A decomposition of a set S into such
a disjoint union of subsets is called a partition of S.
It follows from Proposition 3.14 that the congruence relation modulo m has
precisely m distinct congruence classes, namely [0], [l], [2], . . . , [m — 2], [m —- 1], one
corresponding to each remainder under division by m.
The partition of the integers into the m congruence classes modulo m can be ‘9
visualized as follows. Consider all the integers distance one apart on the number ‘ 1‘:
line, and consider a circle whose circumference has length m. If the number line “
were to be wrapped around this circle, all the integers in one congruence class would
fall on the same part of the circle.
-5 -4 —3 -2 -1 0 1 2 3 4 5
l I l I I

The set of all equivalence classes of a set S under an equivalence relation is

called the quotient set of S by R. and is often denoted S/R. Therefore,
S/R : {[a]|a€S}.
 64 Chapter 3 Congruences

3.4 MODULAR ARITHMETIC

Definition. The congruence class modulo m of the integer a is the set' of

integers
[a] = {3362]a "(modm)}.
The set of congruence classes of integers, under the congruence relation modulo m,
is called the set of integers modulo m and is denoted by Zm.

Notice that the modulus m is implicit in the notation [a]. Normally, this
will not cause confusion, since we usually deal with only one modulus at a time.
However, if we wish to cope with congruences of different moduli at the same time,
we could use the notation [a]m
The set Zm is the quotient set of Z defined by the congruence relation modulo
m, and
Zm = {l0l9l1l1H'7lm _ ll}

For example, Z4 = {[0], [1], [2], [3]}, where the four congruence classes are

[0] = {. .,—8,—4,0,4, 8,12,...} = {4klkeZ}-~_

[1] = [...,—7,—3,1,5,9,13,...} = {4k+1|kEZ}“'
[2] = { .,—6,—2,2,6,10,14,...} -_- {4k+2|k€Z}
[3] = { —5,—1,3,7,11,15,...} = {4k+3|k€Z}.
It will be useful if we were able to perform the operations of addition, sub-
traction, multiplication, and, perhaps, division in Zm. The obvious way of defining
addition and multiplication of two congruence classes modulo m would be as follows.

[al+[bl = [a+bl
[a] - [bl = [05}
For example, in Z7, let A = [4] and B = [5] so that we would have A + B =
[4]+[5] = [4+5] = [9] = [2], since 9 a 2 (mod 7), andA-B = [4] - [5] = [20] = [6],"
since 20 E 6 (mod 7). However, these definitions are not as innocuous as they
might appear. For example, the congruence class A in Z7 could equally well be
written as [11], and B could be written as [19]. Our definitions would then imply
that
A+B = [11] + [19] l 0]
[\300
II

A-B = [11]-[19] = 1 0-9]

O

Our definitions would lead to trouble, unless [30]: [ ] and [209]: [20] in Z7. In
this particular example, it is true that 30:
— 9 (mod 7 and 209—= 20 (mod 7), but
v

how do we know that this will always be the case?

This type of problem arises whenever we define an operation on equivalence
classes in terms of representatives. In mathematical language, we say that there
is the problem of determining whether the operation is well defined on equivalence
classes.
 Section 3.4 Modular Arithmetic 65

In the case of Zm, a particular congruence class [a] can always be written
as [a’] if and only if a’ E a (mod m). Similarly, [b] can be written as [b’] if and
only if b’ E b (mod m). Addition and multiplication in Zm Will be well defined
if [at +13] = [a’ + b’] and [ab] = [a’b’]. However, Proposition 3.12 guarantees that
a+b E a’—|—b’ (mod m) and ab E a’b’ (mod m), and so the corresponding congruence
classes are equal. Hence addition and multiplication are well defined in Zm. This
is called modular arithmetic.

Example 3.41. Write the addition and multiplication tables for Z4 and Z5.

Solution.
Addition in Z; Multiplication in Z4
+ [0] ill [2i [3] - [0] [ll [2] i3]
[0] [0] [ll [2] [3] l0] [0] [Ol l0] [0]
[ll [ll [2] [3i [0] [ll [0] [ll [2] [3]
[2] [2] Bl [0] [1] l2] [0] [2] [0] [2]
[3] l3] [0] [ll [2] [3] [0] [3i [2l [ll

Addition in Z5 Multiplication in Z5
+ [0] [ll [2] [3] [4] - [Oi ill Di [3] l4]
[Oi [0] [ll [Zl l3] [4] i0] [0] [0] [0] [0i [0]
[ll [ll [2] l3] [4] i0] [1] [0] [ll [2i [3] [4]
i2] [2] [3] [4l [0] [ll [2l [0l [2] [4] [ll [3]
[3] [3i [4] [W U] M [3] [0] [3] ill [4] [2]
[4] l4] [0] [ll [2] [3] [4l [0] [4] M [2] [1] [I

By looking at the above tables, it is seen that addition of [0] leaves an element
unchanged, While multiplication by [0] always gives [0]. This can be proved true for
any modulus, because for all [a] 6 Zm

[0 + a] [d]
i n
a?
;+
EB

[0 - a] = [0].
Hence [0] in Zm acts just like the zero element of Z. Furthermore, [1] acts like the
unit element because

[1] - [a] = [a] for all [a] E Zm.

If a E Z, —a is the element of Z for which a + (— a) .In a similar way we

can define negatives in Zm by -—[a] = [— a,] because [CL] +[——-0a2] [a — a]: [O]. For
example, in Z5, ‘l1l=l4l7 *l2l = l3la *l l ll W = [1],aM “M = [Ol-
 66 Chapter 3 Congruences

Subtraction can be defined by

and, by Proposition 3.12, this is well defined.

If we compare division in Zm with division in Z, interesting differences begin
to appear. An element a”1 is called the inverse of an element a if a - a‘1 = 1. The
question of division by an element a is equivalent to the existence of its inverse (1*.
In Z, the only elements we can always divide by are 1 and —1, as these are the only
two elements with inverses. ‘
However ,

[2]-[3] = [1] in Z5
so that [2] has an inverse, and [2]‘1 = [3]. Division by [2] in Z5 is equivalent
to multiplication by [3]. In fact, in 25, every nonzero element has an inverse;
[l]‘1 = [1], [2]’1 = [3], [3]“1 = [2], and [4]‘1 = [4]. We would never expect zero
to have an inverse because zero times anything is always zero.
By looking at the multiplication table of Z4, we see that [1]‘1 = [1] and
[3]“1 2: [3], but [2] does not have an inverse. Hence division by [2]-is not always
possible in Z4.
We shall show in Corollary 3.44 that if p is prime, every nonzero element
of 2,, has an inverse. A set in which we can [perform the operations of addition,
subtraction, multiplication, and division by nonzero elements, and in which these
operations satisfy certain standard properties, is called a field. In fact, the set of
integers modulo p, 210, will form a finite field if and only if p is prime.
We shall now use the concept of congruence to prove the following important
]
V v,
w.
M
i theorem that was discovered by Fermat in 1640 and can, incidentally, be used to
‘1 show the existence of inverses in Zp. The French mathematician Pierre de Fermat
(1601—1665) actually made his living as a lawyer and member of the provincial par—
liament of Toulouse. However, he devoted most of his spare time to mathematics.
Fermat could be considered a founder of modern Number Theory. He stated many
results in Number Theory, including the one below. He did not usually provide
proofs of his results, because he communicated them in letters to other mathe-
maticians, rather than publishing them in a book or journal. However, nearly
all of his results have since been proven. Fermat is best known for his so—called
“Last Theorem.” This result was written in the margin of his copy of the work of
Diophantus, next to the solution of the Diophantine equation z2 + y2 = z2. Fermat
claimed that w" + y" = z” has no nonzero integer solutions if n > 2.’ He stated
that he had a truly marvelous proof that was too long to write in the margin. Over
350 years later, Fermat’s Last Theorem was finally proved by Andrew Wiles in
1994, using very advanced mathematics. Most mathematicians are sceptical that
Fermat really did have a valid proof. To avoid confusion with his Last Theorem,
the following result is usually called Fermat’s Little Theorem.
 Section 3.4 Modular Arithmetic 67

Fermat’s Little Theorem 3.42. p is a prime number that does not

divide the integer a, then .
(LP—l E 1 (mod p).

Proof. If p f a we shall first show that no two of the numbers 0a,1a,2a,.. .,

(p — 1)a are congruent modulo p. Suppose that

raEsa (modp), whereOSsSrgp—l.

By the definition of congruence, this implies pl(r — s)a and, by Theorem 2.53,
pl(r — 5). Hence 7‘ = 3.
Therefore, the congruence classes [0a], [1a], [2a], . . . , [(p —— 1)a] are all distinct.
But as Zp only contains p congruence classes, it follows that

Z? = {l0l7 [alv l2a’la ' ' ‘ 7 [(13 " 1)all'

Hence the nonzero classes [a], [2a], . . . , [(p — 1)a] must be a rearrangement of the
classes [1], [2], . . . , [p -— 1]. In particular, multiplying them together,

a-2a-3a---(p——1)a 1-2-3---(p—1)‘(m0dp).
(JD—DWI”1 (10-1)I (mod 29)-
However, p f (p — 1)! because the prime p does not divide any of the factors of
(p — 1)! Hence, by Proposition 3.13, we can cancel (p - 1)! and obtain

ap‘l E 1 (mod p). [1

Corollary 3.43. For any integer a and prime p

(11" E a (mod p).

Proof. If p t a this follows from Fermat’s Little Theorem. If pla, both sides are
congruent to 0 modulo p. E]

Corollary 3.44. If [a] is any nonzero element of Zp, where p is prime, then
there exists an element [19] E Zp such that [a] - [b] = [1]; that is, every nonzero
element of Z, has an inverse.
Proof. If [a] 7A [0] in 2,, then 101L (1 and, by Fermat’s Little Theorem,

[allap‘2l = lap—ll = [1]-

Hence

W = lap—2i. ' u
 68 Chapter 3 Congruences

For example, in Z5, [2]‘1 = [23] = [8] = [3]. If p is large, however, Fermat’s
Theorem gives a rather cumbersome way of finding inverses, and it will be easier
to find the inverses by inspection or to use the methods of the next section. In
Z31, Fermat’s Theorem gives the inverse of [2] as [229]. However, we can see by _
inspection that
[Zl'llb‘l = [32] = [1] in Z31
and so [2]“1 = [16] and, incidentally, 229 E 16 (mod 31).

3.5 LINEAR CONGRUENCES

A relation of the form
am E 0 (mod m)
is called a linear congruence in the variable :3. A solution to such a congruence is
an integer x0 for which (13:0 E c (mod m). Our problem is to determine whether
such a linear congruence has a solution and, if so, how to find all the solutions.
We first notice that if 3:0 is any solution and :01 E :30 (mod 'm), then 331 is also
a solution; this follows immediately from Proposition 3.12 because anal E axo E c
(mod m). Therefore, if 300 is a solution, so is every element of the congruence class
:60 modulo m. Since there are only m distinct congruence classes, the problem
reduces to the finite one of determining which of these congruence classes are solu-
I'lllllkll " tions. Hence any linear congruence aw E 0 (mod m) can be Viewed as an equation
willumly‘ ‘

1.11“ .‘lllll?
1 ,1;
lllmlllll; lll 1‘ lll‘
[arm] = [c] m 2m
twill}: and the problem of finding an integer a: that satisfies the congruence is equivalent
to the problem of finding an equivalence class [:3] E Zm that satisfies the equation.
One crude method of solving any congruence modulo m (whether linear or
not) is to take one element from each congruence class, say 0,1,2, . . . ,m —— 1, and
test whether they satisfy the congruence. This method is very effective if m is
small, but soon becomes tedious for large m.

Example 3.51. Solve the congruence

41: E 2 (mod 6).

Solution. We check whether the congruence is satisfied if a: EU, 1, 2 , 3, 4, or

5 (mod 6).
Modulo 6
a: E 0 1 2 3 4 5
49: E 0 4 2 0 4 2

Therefore, 42: E 2 (mod 6) if m. E 2 or 5 (mod 6). An equivalent way of

writing this solution is a: = 6k + 2 or 6k + 5, where k E Z. El
 Section 3.5 Linear Congruences 69

Example 3.52. Solve the equation

[21m = [1] in Z4.

Solution. This equation is equivalent to the congruence 253 E 1 (mod 4).

Modulo 4
x E O 1 2 3
2:0 E O 2 O 2

We see that 29: is never congruent to 1 modulo 4 and hence the equation has
no solution in Z4.
The nonexistence of a solution to [2] [:3] = [1] in Z4 expresses the fact that [2]
has no inverse in Z4. D

How do we solve a linear congruence if the modulus is large? The following

results show that a one—variable linear congruence is equivalent to a Diegophantine
equation in two variables. ‘

Proposition 3.53. The linear congruence aw E c (mod m) has a solution

a: = 300, if and only if the linear Diophantine equation ax + my = c has a solution
a: = 3:0, y = yo for some integer yo.

Proof. By the definition of congruence, the relation as: E 0 (mod m) holds if and
only if m|(c— ax) or, equivalently, if and only if my = c— act: for some y E Z. Hence
axo E 0 (mod m) if and only if there exists yo 6 Z such that amo + myo = c. . E]

Linear Congruence Theorem 3.54. The one-variable linear congruence

am E c (mod m)

has a solution if and only if gcd(a, m)}c.

If m0 6 Z is one solution, then the complete solution is

so E 130 (mod :31) , where d = gcd(a,m)

or, equivalently,

at E :20, CEO-+12%, x0+2—T§, ..., mo+(d—1)% (modm).

Hence there are d = gcd(a, m) noncongruent solutions modulo m.

Proof. By Proposition 3.53 the congruence is equivalent to am + my = c and, by

Theorem 2.31,,this has a solution if and only if gcd(a, m)|c.
 ' 70 Chapter 3 Congruences

If :50 is one particular integer solution, then there exists an integer yo such
that are + myo = c and, by Theorem 2.31, the complete solution to a9: + my = c
is

m=$o+km, y=y0—k§ for all k EZ, where d=gcd(a,m).

Therefore, the complete solution to an: E 0 (mod m) is so = $0 + 16% for every

integer k. This is equivalent to a: E 3:0 (mod %) .
We shall now show that the solution set
m
S={xEZ| =x0<mod d)}

to this congruence is the same as the set

T: {3:62 ’mo+k% (modm) for/€62}.

— :30 + km; hence :10 E T. If :1: E T,

If cc 6 S, then there exists an integer k with a:-
— x0 + k? + Zm—
then there exist integers k and K with :1:— d ; hence
—— $0 + (lg + ELDE—
_ a: E S. Therefore, we have 5': T.
7, 1230 + 271-, . . . ,wo + (d — 1)% are in
We now show that the numbers 1:0 +m
distinct congruence classes modulo m. We have :60 + k1% E 5130 + 132% (mod m) if
and only if m | (k1 — k2)%, which happens if and only if d l k1 — kg, or, equivalently,
v
k1 E k2 (mod (1). Hence the solution set consists precisely of the d congruence
llll‘nl classes modulo m containing 330 + 13%, for l: = O,1,2,... ,d — 1. l:l

If we cannot find one particular solution to (1x E 0 (mod m) by easier means,

we can always use the Euclidean Algorithm to solve aw + my = c.
Note that if gcd(a, m) = 1, then the congruence an: E 0 (mod m) always
has a solution, whatever the value of c. Furthermore, there is exactly one solution
modulo m.
In particular, if the modulus is a prime p, then gcd(a, p) = 1 whenever p f (1.
Hence, if p is prime, all congruences of the form am E 0 (mod p) have solutions,
as long as a E 0 (mod p). Multiplying each side of the congruence by (119—2 and
applying Fermat’s Theorem 3.42, we obtain the theoretical solution

a: E ap“2c (mod p).

Example 3.55. Solve the congruence

6336 E 20 (mod 7).

Solution. Since gcd(63, 7) = 7, which does not divide 20, the congruence has no
solutions. E]
 Section 3.5 Linear Congruences 71

Example 3.56. Find the inverse of [18] in Z31, and write it in the form
[r] E 231, where O _<_ 7“ < 31.
Solution. We have to find the equivalence class [3:] for which [18] [x] = [1] in Z31
or, equivalently, solve the congruence

18x E 1 (mod 31).

—— 1, this congruence does have a solution and there is only one

Since gcd(18, 31)-
congruence class of solutions modulo 31.
The congruence is equivalent to the Diophantine equation

1856 + 31y = 1.

Apply the Euclidean Algorithm to 18 and 31.

18% +313; = 7"

1 o 18
0 1 31
1 0 18
—1 1 13
2 —1 5
-5 3 3
7 -—4 2
—12 7 1
From the last row, (—12)18 + 7(31) 2 1, and so (—12) - 18 .=_ 1 (mod 31). Hence
x E ——12 E 19 (mod 31) is a solution to 18:1: E 1 (mod 31).
The inverse of [18] in Z31 is therefore [19].
Check. 18-19=342=11-31+1so18-1951(mod31). " [1

Example 3.57. Solve 20a: 5 8 (mod 44).

S01ut1'on. We have gcd(20, 44) = 4, which does divide 8. Therefore, there are
exactly 4 noncongruent classes of solutions modulo 44. The congruence is equivalent
to the Diophantine equation 20:10 + 44y = 8 or 5m + 11y = 2.
Now11=2-5+1, so 11—2-5=1, and2-11—4-5=2. Hencewesee
by inspection that as = —4, y = 2 is one solution to the Diophantine equation. By
Theorem 3.54, the complete solution to the congruence can either be written as
'x E ——4 (mod 543)
that is, :c E 7 (mod 11)
or written as
40, 40+11, 40+22, 40+33 (mod 44)
a
|I

that is, :10 40, 7, 18, 29 (mod 44).

Check. 20-7=140=3-44+8so20~728(mod44). D
‘ 72 Chapter 3 Congruences

Although we have a method for completely solving a linear congruence, there

is no effective method for solving any polynomial congruence such as

our” + an-1ac”‘1 + ~ - - + alas + a0 E 0 (mod m).

However, as with linear congruences, if x0 is one solution, so is any integer

congruent to 7:0 modulo m. This follows from Proposition 3.12, because if 320 E 3:1
(mod m), then 33% E 33%, :53 E :13? and in general 9:0 E mg (mod m); hence
— _. —1 (mod m).
anmg+an_1x3 1+---+a1a:0+a0 _—_- anx?+an_1m’f +---+a1m1+ag

Therefore, the solutions to any polynomial congruence occur in congruence classes

and, if themodulus is small, we can solve the congruence by exhaustively trying
each congruence class.

Example 3.58. Solve :02 E 1 (mod 8).

Solution.
Modulo 8
as E 0 1 2 3 4 5 6 7
(132 E O l 4 1 O 1 4 1

Hence the solution is cc E 1,3, 5 or 7 (mod 8). El

Example 3.59. For which integer m is x7 + m3 + 2:32 + 4 divisible by 7?

Solution. We have to solve the congruence

m7+w3+2x2+4 E 0 (mod 7).

Since the modulus is prime, it follows from Corollary 3.43 to Fermat’s The—
orem that 9:7 E :3 (mod 7) for all an E Z. Therefore, the congruence is equivalent
to
m3+2m2+m+420 (mod7).

Modulo7
x5 0 1 2 3 4 5 6
1:22 0 1 4 2 2 4 1
3:35 0 1 1 6 1 6 6
w3+2m2+m+42 4 1 1 3 6 2 4

We see from the above table that the congruence has no solution and therefore
the original integer polynomial is never divisible by 7. [:J
 Section 3.6 The Chinese Remainder Theorem 73

3.6 THE CHlNESE REMAINDER THEOREM

Around 350 A.D. the Chinese astronomer and mathematician Sun-Tsu posed the
problem of finding the two smallest positive integers that have remainders 2, 3,
and 2 when divided by 3, 5, and 7 respectively. This is a problem involving three
simultaneous congruences. Such questions often arose in ancient calendars that de—
pended on astronomical cycles of different lengths. The solutions to such problems
are still useful in the computer age for solving complicated Diophantine equations.
We shall first show how to solve two simultaneous congruences whose moduli
are relatively prime and then show how this solution can be extended to any number
of simultaneous congruences with relatively prime moduli.

Example 3.61. Solve the simultaneous congruences

a: E 2 (mod 9)
a: E 3 (mod 7).

Solution. The first congruence is equivalent to :1: = 2 + 9y, where y E Z. Substi-

tuting this into the second congruence, we have '

2+9y 3 (mod 7) or 23) E1 (mod 7).

HI

By inspection, we see that this has solution y E 4 (mod 7) or y = 4 + 7z for all

z E Z.
The solution to both congruences is therefore

:3 = 2+9(4+7z) = 38+63z forallZ

or, equivalently,
=_ a: E 38 (mod 63).

Check. If a: = 38 + 632, then a: E 2 (mod 9) and :13 E 3 (mod 7). B

Chinese Remainder Theorem 3.62. If gcd(m1,m2) = 1, then, for any

choice of the integers a1 and a2, the simultaneous congruences

a: E (11 (mod m1)

:1: E a2 (mod m2)

)re - have a solution. Moreover, if a: = :50 is one integer solution, then the complete
solution is
Ct E 1:0 (mod mlmg).
 74 Chapter 3 Congruences

Proof. The proof follows the previous Example 3.61, replacing the numbers by
arbitrary integer constants. It is seen that the only condition on these constants to
guarantee a solution is that the moduli are relatively prime.
The integer :2: satisfies the first congruence if and only if
a: = a1 + mly for some y E Z.

This number ac also satisfies the second congruence if and only if

(11 + mly .=_ a2 (mod m2)

that is, if and only if mly E (12 —— a1 (mod m2).

Since gcd(m1,m2) = 1, it follows from the Linear Congruence Theorem 3.54 that
this congruence always has a solution, say y = b, and that the complete solution
for y will then be
y = b+mzz forzEZ.

Therefore, so = a1 + mlb is one solution to the simultaneous congruences, and any

integer :1: satisfies the simultaneous congruences if and only if

a: = a1 +m1(b+m22)
= (01 + mib) + mlmgz for z E Z.

"I ‘4' This is exactly one congruence class modulo mlmg. Hence, if a: = 330 is one solution,
l then a: E 12:0 (mod mlmg) is the complete solution. B
:5

Example 3.63.
‘.i
1
C; “
.l l
ml .
‘l

A small gear With 17 teeth is meshed into a large gear With 60 teeth. The
large gear starts rotating at one revolution per minute. How long Will it be before
the small gear is back to its original position and the large gear is one quarter of a
revolution past its initiallposition?

Solution. The gears are moving at the rate of one tooth per second. After :1:
seconds the smaller gear will be back to its initial position if as E 0 (mod 17), and
the larger gear will be one quarter of a revolution past its initial position whenever
m E 15 (mod 60).
 Section 3.6 The Chinese Remainder Theorem 75

We can solve these two simultaneous congruences. The second congruence

implies that CE = 15 + 60y, where y E Z. Substituting this value of :1: into the first
congruence, we have
15 + 60y E 0 (mod 17).
That is, 9y E 2 (mod 17) or y E 18y E 4 (mod 17). Therefore,

3; = 4+17z 'forZEZ

and
a: = 15+60(4+17z) = 15+60-4+60-17z.

The first positive solution occurs when z = O and the elapsed time is 4 minutes and
15 seconds. [1

Proposition 3.64. If gcd(m1,m2) = 1, then

a (mod m1)

III
8

a (mod mlmg) ' <=> { Z: =

HI

0. (mod mg).

Proof. Suppose that cc E a (mod mlmg). This is equivalent to m1m2[(m — a).

Hence m1]($ —— a) and m2|(93 — a), which is equivalent to the two simultaneous
congruences a: E a (mod m1) and :L' E a (mod m2).
Conversely, given the two simultaneous congruences, it is clear that cc 2 a
is one integer solution. If follows from the Chinese Remainder Theorem 3.62 that
a: E a (mod mlmg). ‘ B

One of the implications in the above result is not true if gcd(m1, m2) 74$ 1; for
example, 12 E 0 (mod 4) and 12 E 0 (mod 6), but 12 E 0 (mod 24).

Example 3.65. Find the two smallest positive integers that have remainders
1, 2, and 6, when divided by 3, 5, and 7 respectively.

Solution. The integers must satisfy the following three congruences.

1 (mod 3)
“I

2 (mod 5)
III

6 (mod 7)
HI

Let us solve the first two of these congruences. The first implies that :1: =
1 + 3y, where y E Z and, substituting this in the second, we have 1 -I— 3y E 2 (mod
5). Hence 3y E 1 (mod 5), which has solution y E 2 (mod 5), or y = 2 + 52 for
z E Z. Therefore, the solution to the first two congruences is

at = 1+3(2+5z) = 7-1—1575 forzEZ

 76 Chapter 3 Congruences

us
have now reduced the three simultaneo
or, equivalently, :r E 7 (mod 15), and we e these two as
us congruences. We can now solv
congruences to two simultaneo
before. third
and when this is substituted into the
We have at = 7+ 152, where z E Z,
congruence m E 6 (mod 7) we obtain

7+152 E 6 (mod 7).

equivalently, z_== 6 + 7t, where t E Z.

This reduces to z E 6 (mod 7), or,
gruences is therefore
The solution to the original three con

a: = 7+15(6+7t) = 97+1051: fortEZ

or, equivalently,
cc E 97 (mod 105).
97 and 202.
two sma lles t pos itive integer s satisfying the congruences are
The
6 (mod 7). i D
Check. 97 E 1 (mod 3), 97 -=- 2 (mod 5) and 97 -=-
neous
previous example to solve n simulta
We can extend the method of the 7m to one
g two congruences modulo m,- and
congruences by repeatedly reducin
ult without further proof.
,‘. modulo mimj. We state the res

er Theorem 3.66.
Generalized Chinese Remaind = 1 if 73 # j. Then
itive integers such that gcd(m,-,mj)
Let m1,m2, . . . ,mn be pos
simultaneous congruences
for any integers a1, a2, . . . ,an the
t
l . m E a1 (mod m1)
at E (12 (mod mg)

a; E an (mod mn)

complete
if x = 9:0 is one solution, then the
always have a solution. Moreover,
.mn).
solution is a: E :00 (mod mlmg . .

tains at least two prime factors, then

If the modulus of a congruence con congruence into
be used to break up the
the Chinese Remainder Theorem can gruence does not even
ller relatively prime moduli. The con
congruences with sma
example shows.
have to be linear, as the following
 Section 3.6 The Chinese Remainder Theorem 77

Example 3.67. Solve the congruence x3 E 53 (mod 120).

Solution. Instead of solving this by trying all 120 congruence classes in turn, we
can split the congruence up into congruences with relatively prime moduli. After
solving the individual congruences we can fit them together again using the Chinese
Remainder Theorem.
The number 120 factors into primes as 23 -3 - 5 and hence can be written as the
product of the numbers 3, 5 and 8, which are relatively prime in pairs. Extending
Proposition 3.64 to three relatively prime moduli, we see that the original cubic
congruence m3 E 53 (mod 120) is equivalent to the three simultaneous congruences

x3 E 53 E 2 (mod 3)
0:3 E 53 E 3 (mod 5)
3:3 E 53 E 5 (mod 8).

We first solve these three individual congruences. By Corollary 3.43 to Fermat’s

Theorem, 3:3 E a: (mod 3), so a: E 2 (mod 3) is the solution to the first one.
‘<

Modulo 5 Modulo 8
a: E 0 1 2 3 4 cc E 0 l 2 3 4 5 6 7'
x3 E 0 1 3 2 4 9:3 E 0 O 3 O 5 O 7

From the above tables, we see that the only solutions to the second and third
congruences are a: E 2 (mod 5) and :2: E 5 (mod 8).
Use the Chinese Remainder Theorem to solve the simultaneous congruences

2 (mod 3)
2 (mod 5)
5 (mod 8).

By Proposition 3.64 the solution to the first two is a: E 2 (mod 15),. or a: = 2 + 15y,
where y E Z. Substituting this into the third congruence we have

2+15y E 5 (mod 8)
“y 3 (mod 8).

HenceyE5 (mod 8) ory=5+82 forzEZ.

The solution to the three simultaneous congruences, and hence to the original
problem, is

ct = 2+15(5+8z) = 77+120z forzEZ

or, equivalently, a: E 77 (mod 120).

Check. 772 a 5929 a 49 (mod 120) and 773 E 77 - 49 E 3773 E 53 (mod 120). D
 78 Chapter 3 Congruences

The Chinese Remainder Theorem can be used to speed up the solution to

a complicated system of Diophantine equations on a computer. The first task is
to obtain an estimate of the size of the integer solution required. This allows the
moduli that will be used to be chosen judiciously. The system of equations are then
solved as congruences with the chosen moduli, and the answer is obtained from the
Chinese Remainder Theorem.
For example, if a system of Diophantine equations was known to have positive
solutions less than 2000, the system could first be solved modulo 11, then solved
modulo 13 and finally modulo 17. By using the Chinese Remainder Theorem the
answer can be found modulo 11 - 13 - 17, that is, modulo 2431. Since the required
solution lies between 0 and 2000, it is known exactly. Such a method will often
save valuable computing time, especially if the moduli chosen are prime.

3.7 EU LER-FERMAT THEOREM

Leonhard Euler (1707—1783) was one the the world’s greatest and most productive
mathematicians who ever lived. He grew up in Switzerland but worked mainly in
St. Petersburg in Russia and also in Berlin. He made fundamental contributions
to most of mathematics, as well as astronomy. He introduced or standardized
much of today’s mathematical notation, including the function notation f ( ), the
summation symbol 2, trigonometric notation, the number 6 for the base of natural
logarithms, and the symbol 2' for the complex square root of —1. His collected works
cover over 70 volumes, much of which was written when he was totally blind.
Euler gave the first published proof of Fermat’s Little Theorem 3.42 in 1736.
Fermat’s Little Theorem is only true when the modulus is prime. One reason it does
not work for composite moduli is that, for a nonprime modulus, there are always
some nonzero congruence classes without an inverse. In 1760, Euler showed how to
generalize Fermat’s Little Theorem for composite moduli by looking at only those
congruence classes that do have an inverse. It follows from the Linear Congruence
Theorem 3.54 that the congruence or E 1 (mod m) has a solution if and only if
' gcd(a, m) = 1. Hence the congruence class containing a has an inverse if and only
if a is relatively prime to the modulus.

Definition. If m is a positive integer, denote by ¢(m) the number of positive

integers less than or equal to m that are relatively prime to m. This is called the
Euler phi function, as it uses the Greek letter, qb, called phi. It is sometimes
referred to by the archaic term Euler totient function. "

For example, 45(1) = 1, ¢(2) = 1, (M3) = 2 and gb(4) = 2. The only numbers
between 1 and 12 relatively prime to 12 are 1, 5, 7, and 11, so 45(12) 2 4. p is
prime, then all the numbers from 1 to p- 1 are relatively prime to p, so (15(1)) = p— 1.
 Section 3.7 Euler-Fermat Theorem 79

Euler-Fermat Theorem 3.71. Ifm is apositive integer and gcd(a,m) = 1,

then
aflm) E 1 (mod m).

Proof. The proof mimics that of Fermat’s Little Theorem 3.42, except that the
modulus in not prime now.
Let (31,132, . . . , b¢(m) be the positive integers less than or equal to m that are
relatively prime to m. If gcd(a,m) z 1 we shall first show that no two of the
numbers abl, a132, . . . ab¢(m) are congruent modulo m. Suppose that

abr E abs (mod m).

Since gcd(a, m) = 1, it follows from PropOsition 3.13 that we can cancel a to obtain
b, E b, (mod m). Therefore, the congruence classes [abl], [abg], . . . , [ab¢(m)] are all
distinct modulo m.
By Theorem 2.53, ab,- and m have a common prime factor if and only if a
and m have a common prime factor, or b,- and m have a common prime factor.
Since gcd(a_,m) = 1 and gcd(b,-,m) = 1, all of the numbers abl, ab2,i‘=.,,ab¢(m)
are relatively prime to m. Hence the congruence classes [dbl], [c1132], . . . ,‘[ab¢(m)]
must be just a rearrangement of the classes [b1], [b2], . . . , [b¢(m)]. In particular,
multiplying them together, - ‘

ab1 -ab2 - - - ab,(m, E b1 - b2 - - - b¢<m> (mod m).

aw“) b1b2 ' ' 'b¢(m) E 13l ' ' ' b¢(m) (mod m).

Also the product b1b2---b¢(m) is relatively prime to m, so by Proposition 3.13

again, we can cancel b1b2 - - - b¢(m) to obtain

aflm) E 1 (mod m). B

When m is the prime p, then (Mp) = p -— 1, and we recover Fermat’s Little

Theorem 3.42. .
We now show how to calculate the Euler phi function for any modulus.

Euler Phi Function Formulas 3.72

(i) 45(1)?) 2 inf-1(1) — 1) 2 pr (1 — %>, ifp is prime and 7* > 0.

(ii) ¢(mn) = ¢(m)¢(n), ifgcd(m,n) = 1.

(iii) ¢(m) = m (1— 1-01?) (1 —— 10%) (1 —— 31;), Where p1, p2,...,pk are the
distinct primes that divide m.

Proof (i) The numbers from 1 to pf that are relatively prime to p’" are the
numbers not divisible by p. Every pth number is divisible by p and there are gar—1
of these, so (15(307") = pr “‘ Pral z PPR]? “ 1) 2 PT (1 T in)
80 Chapter 3 Congruences

(ii) Let Um = {as E Z l l S x S m and gcd(a:,m) = 1} be the set of positive

integers less than-or equal to m, that are relatively prime to m. By definition, this
set has (Mm) elements. We shall use the Chinese Remainder Theorem to show that
if gcd(m, n) = 1, the set Umn has the same number of elements as the product set
Um >< U7, ={(a, b) E Z x Z] a E Um, b 6 Un}. Since Umn has ¢(mn) elements and
Um X Un has ¢(m)¢(n ) elements, this will prove part (ii).
By Theorem 2. 53, a: and mm have a common prime factor if and only if a: and
m have a common prime factor, or a: and n have a common prime factor. Hence a;
is relatively prime to mn if and only if x is relatively prime tom, and a: is relatively
prime to n. Let gcd(m,n) = 1 and let each element a: E Um” correspond to the
element (a, b) E Um x U“, where a E a: (mod m) and b E m (mod n). The Chinese
Remainder Theorem 3.62 shows that for each pair (a,b) E Um >< Um of integers
with a E Um and b E U”, there is exactly one congruence class [as] modulo mm with
x E a (mod m) and m E 6 (mod n). All the elements of the congruence class [1']
are relatively prime to mn, so there is exactly one integer a: E Umn such that :1: E a
(mod m) and a: E 1) (mod n). This correspondence shows that Umn and Um >< Un
have the same number of elements. In the terminology of Section 6. 5, this defines
a one-t—o—one correspondence between Umn and Um x U”. '

(iii) Let m = 1931119? - ~ ~19?“ be the factorization of m into powers of distinct primes
191,192, - - - ,Pk. By parts (i) and (ii),

Mm) = ¢(p?1)¢(p32)~-¢(pi’°)
= p1<1-—>ps<><1—.1.>
= mo-ao—a-o—a a
For example,

¢(594) = ¢(2-33-11)
= 2-33-n<1—%><1—a<1—s)
= 32.2-10
= 180.

The following corollary is the reason why the product '(p— 1) (q - 1) will appear
in the RSA cryptographic scheme 7.42.

Corollary 3.73. If p and q are distinct primes, and gcd(a, pg) 2 1, then

a(P_1)(q“1) E 1 (mod pq).

Proof. As ¢(pq) = (p — 1)(q —- 1), this follows from the previous two results. D
 Section 3.7 Euler—Fermat Theorem 81

Example 3.74. Find the last two digits of (i) 123456 and (ii) 87654321.

Solution. (1') We have to calculate the remainders modulo 100. Now we know
(M100) = 65(2252) = 100 (1 —- %) (1 — %) = 40. Hence, if gcd(a, 100) = 1, the Euler-
Fermat Theorem 3.71 tells us (140 E 1 (mod 100). Therefore, 6140’“ E (mod 100),
for any positive integer 16. Hence we should look at the exponent of 123456, namely
456, modulo 40. Write the exponent as 456 = 11-40+16. Now 123 E 23 (mod 100)
and

1234156 23456 (mod 100)

2311401“16 (mod 100)
(2340)“2316 (mod 100)
E 2316 (mod 100)

since 2340 E 1 (mod 100) using the Euler-Fermat Theorem. By repeated squaring,
’—
‘x.

232 E 529 E 29 (mod 100).

234 a (232)2 s 292 z 841 E 41 (mod 100).
238 E (234)?“ a 412 E 1681 E 81 (mod 100).
2316 a (238)2 E 812 a 6561 E 61 (mod 100).
Hence 123456 E 61 (mod 100), and the last two digits are 61.

(11') In the case of 87654321, 8765 has a factor 5, so 8765 is not relatively prime
to 100. However we can use the Chinese Remainder Theorem after splitting the
modulus 100 into the relatively prime moduli 4 and 25. Calculate 87654321 modulo
4 and modulo 25.
Since 8765 E 1 (mod 4), we have 87654321 E 1 (mod 4).
Now 8765 E 15 (mod 25), and 87652 E 152 E 225 E 0 (mod 25). Hence
8765’“ E 0 (mod 25) for any k 2 2. In particular, 87654321 E 0 (mod 25).
By the Chinese Remainder Theorem 3.62 the congruence

a: E 67654321 (mod 100)

is equivalent to the simultaneous congruences :1: E 1 (mod 4) and m E 0 (mod 25).

This latter congruence has solution a: E O, 25, 507 75 (mod 100), and only 25 is
congruent to 1 modulo 4. Hence as E 25 (mod 100), and the last two digits of
87654321 are 25. D
 82 Chapter 3 Congruences

Exercise Set 3
lo 4?
1. Which of the following integers are congruent modu

——12, —11, —9, —6, —4, —1, O, 1, 2, 3, 5, 7, 10

lo 6?
2. Which of the following integers are congruent modu
-147, —-91, -22, —-14, -—2, 2, 4, 5, 21, 185

3. What is the remainder when 824 is divided by 3?

4. Let N = 3729. What is the last digit in the decimal representation of N?
ons of N?
What are the last digits in the base 9 and base 8 representati
5. What is the remainder when 1045 is divided by 7?
6. Is 617 + 176 divisible by 3 or 7?
be a perfect
7. Show that an integer of the form 5n + 3, Where n 6 ll”, can never
square.
exists a
8—11. For each of the following congruences, determine whether there
the smallest such h.
positive integer k so that the congruence is satisfied. If so, find
8. 2k 2 1 (mod 11) 9. 3k 2 1 (mod 17)
10. 2k 2 1 (mod 14) 11. 4'9 E 1 (mod 19)
in the stated base is
12-16. Find tests for determining whether an integer given
divisible by the following numbers.
12. Dividing by 8 in base 10 13. Dividing by 12 in base 10
14. Dividing by 7 in base 10 15. Dividing by 7 in base 8
16. Dividing by 13 in base 12
le by 2, 3, 4, 5, 6, 8,
17—20; Determine whether the following numbers are divisib
9, 10 or 11.
17. 514000 18. 111111
19. 179652 20. 7654321

21. Check the following calculation by casting out nines.

12453 X 7057 — 8.4014651 = 3869170
symmetric,
22—26. Determine whether the following relations on Z are reflexive,
quotient set.
or transitive. If any are equivalence relations, determine their
22. aRb if and only if a — b 7E 1
23. aRb if and only if a _<_ b
24. aRb if and only if a - b is a multiple of 3
25. aRb if and only if [a — bl < 3
26. aRb if and only if alb
 Exercise Set 3 83

27—30. Construct addition and multiplication tables for each of the following sets
of integers modulo m and find, if possible, multiplicative inuerses of each of the
elements in the set.

27. Z2 28. Z3
29. Z7 30. Zg

31. If at = gcd(a,m) and d]c, then ShOW that the congruence am E c (mod m) is
equivalent to
a c m

32—41. Solve each of the following congruences.

32. 3:2: E 5 (mod 13) 33. 4.7: E 6 (mod 14)

34. 59: E 7 (mod 15) 35. 29:1: E 43 (mod 128)
36. 17132: E 871 (mod 2000) 37. 14262: E 597 (mod 2000)
38. x2 E 6:): (mod 8) 39. 2:2 + 21: E 3 (mod 8) .
40. 4x3 + 23: + 1 z 0 (mod 5) 4.1. m9 + x7 + x6 + 1 a 0 (modl'2)

42. Find the inverse of [4] in Z11.

43. Find the inverse of [2] in Z41.
44. Find the inverse of [23] in Z41.

45-47. Solve the following equations in the given set of integers modulo m.

"l" [8] = [1] in Z9

[18] in Z19

47- ([wl - [2])(lwl — [3]) = [0] in Z6

48. For What integer values of a does a: 2 E a(mod 7) have a solution?

49-54. Solve the following simultaneous congruences.

49. cc E 4 (mod 5) 50. a: E 46 (mod 51)

m E 3 (mod 4) a: E 27 (mod 52)
51. w E 1 (mod 2) 52. 2113 E 11 (mod 13)
x E 2 (mod 3) 3110 E 7 (mod 9)
:1: E 3 (mod 7) 7:1: E 5 (mod 8)
53. 253 E 4 (mod 7) 54. 16127 E 49 (mod 200)
18a: — 43 (mod 23) 74:10 E 1 (mod 53)

55. Determine the two smallest positive integer solutions of the two simultaneous
congruences :3 E 5 (mod 7) and m E 24 (mod 25).
'2

84 Chapter 3 Congruences

Problem Set 3
56. If p is a prime, prove that x2 E y2 (mod p) if and only if m E iy (mod p).
57. If p is an odd prime, show that m2 E a (mod p) has a solution for exactly half
the values of a between 1 and p — 1 inclusive. Furthermore, if 1 g a. S p — 1
and x2 E a(mod p) has a solution, show that it has exactly two congruence
classes of solutions modulo p.
58. Does .153 E a (mod p) always have a solution for every value of a, whenever p
is prime?
59. Choose any integer larger than 10, subtract the sum of its digits from it, cross
out one nonzero digit from the result, and let the sum of the remaining digits
be 8. From a knowledge of 5 alone, is it possible to find the digit that was
crossed out?
60. Prove that 21I(3’I’L7 + 777.3 + lln) for all integers n.
61. Prove that n91 E n7 (mod 91) for all integers 77.. Is n91 E P (mod 91) for all
integers n? .
62. For which positive values of k is n" E n(mod 6) for all integers n?
63. For which positive values of k is nk E n(mod 4) for all integers n?
64. For which positive values of k is n)“ E n(mod 7) for all integers n?
65. Prove, without using a calculator or computer, that 641 divides the Fermat
number F(5) = 22 + 1.
66. Show that the product of two numbers of the form 4n + 1 is still of that form.
Hence show that there are infinitely many primes of the form 4n + 3.
67. Define a relation on the set of real numbers by

(11% if and only if a — b = 27m for some I: e z.

(a) Prove that this is an equivalence relation.
(b) Which of the following are related?
51r and —- 107T, —7r and 71', 3 and 9, €77 and — §7r, %7r and §7r

(c) Two real numbers are equivalent if and only if they represent the same
angle in radians. The equivalence classes therefore consist of the different
angles. Denote the equivalence class containing a by [a].
Show that addition of angles is well defined by
[a] + [b] = [a + b].

(d) Show, by a counterexample, that multiplication of angles is not well

defined by
[a] , [b] = [ab].
 Problem Set 3 85

68. (a) Find a relation R, on a set S, that is symmetric and transitive, but not
reflexive.
(b) If there is an example to part (a), the following “proof,” that every
symmetric and transitive relation is reflexive, must be fallacious. Find
the error. “Let R be a symmetric and transitive relation on the set S.
For any a,b E S, aRb implies that bRa, because R is symmetric. But
aRb and bRa imply that aRa, because R is transitive. Since aRa, R
must also be reflexive.”
69. If m = pq is a composite number, where 1 < p S q < m, show that Zm is not
a field by showing that division by nonzero elements is not always possible in
Zm.
70. Solve the following system of simultaneous equations in Z12.

[Sllrrl + l3llyl = [9]

E
E
E
E
[2]

l
+

71. Solve the following system of simultaneous equations in Z11.

E
E
E

l5]
+

I
E

[7llivl + l5llyl = [4]

72-. One common error in copying numbers is the transposition of adjacent digits.
For example, 9578 might be copied as 9758. Will the method of casting out
nines discover such an error? Discuss other methods of checking for errors.

73—76. Each new book published is given an International Standard Book

Number (ISBN), which consists of 10 digits arranged in four groups, such as
0-123-45678-9. The first group of digits is a code for the language of the book; 0
stands for English, 2 for French, and so on. The second group is a code for the
publisher and the third group is the publisher’s number for the book. The final digit
is a check digit. This digit provides a check 6n the other digits to ensure that they
are copied correctly. This check digit is chosen so that for any ISBN a1a2a3 . . . agalo

lal + 2a2 + Sag + - ' - + 9ag + 10am E 0 (mod 11)

or, equivalently,

a1 + 2a2 + 3a3 + - - - + 9a9 E am (mod 11).

The check digit can be any one of the digits 0, 1, 2,. . . ,9 or X, where X stands for
the number 10.

73. Is O—467—51402-X a valid ISBN?

74. Is 1-56—004151—5 a valid ISBN?
75. What is the check digit for 14—200—0076—?
76. What is the check digit for 0~4101~1286—?
86 Chapter 3 Congruences

77. If ¢(m) is the Euler gb—function, show that ¢(m) = ¢(2m) if and only if m is
odd.
78. Prove that 45(m) = m — 1 if and only if m is prime.
79. (Wilson’s Theorem) If p is prime, prove that

(p — 1)! E —1 (mod p).

80. If p and q are integers, not divisible by 3 or 5, prove that p4 E Q4 (mod 15).
81. Solve the simultaneous congruences

9w 21 (mod 6)

HI
4:0 9 (mod 13).

Ill
82. Solve the simultaneous congruences

3a: 7 (mod 11)

III III
8x 3 (mod 9). ”w"..-

83. Two watches, one of which gains 2 minutes per day and the other of which
loses 3 minutes per day, read the correct time. When will both watches next
give the same time? When will they next both give the correct time?
84. Solve m3 E 17 (mod 99).
85. Solve :32 E (mod 99).
86. If gcd(m, n) = d, when do the simultaneous congruences

.‘L' a (mod m)
III I”

ac b (mod n)

have a solution?
87. Let M = mlmg . . .mn, where gcd(m,~, mj) = 1 Whenever 2' 74 j, and let
M,- = M/mi. Let y E b, (mod m,) be a solution to MW E 1 (mod mi). Prove
that the simultaneous congruences

a: E a1 (mod m1)
:3 E (12 (mod m2)

:3 E an (mod mn)

have the solution

:10 E alblMl + a2b2M2 + a3b3M3 + - - - + anbnMn (mod M).

 Problem Set 3 87

88. Solve the simultaneous equations

100:0 — 9y 2 4264

H
113: + 1093,] 909

(a) modulo 9
(b) modulo 11
(c) in integers, using (a) and (b), given the fact that a: and y have unique
solutions and both are positive integers less than 100.

89. A basket contains a number of eggs and, When-the eggs are removed 2, 3, 4, 5,
and 6 at a time, there are 1, 2, 3, 4, and 5, respectively, left over. When the
eggs are removed 7 at a time, there are none left over. Assuming none of the
eggs broke during the preceding operations, determine the minimum number
of eggs there were in the basket.
90. Use Problem 87 to solve each of these three simultaneous congruences.
’s.
(a) a: E 2(mod 7), a: E 5(mod 11), a: E 11(mod 17)
(b) :17 E 0(mod 7), at E 8(mod ll), ‘9: E 10(m0d 17)
(c) a: E 5(mod 7), m E 6(mod 11), a: E 14(mod 17)

’91—92. Use Problem 87 to find the solution to these simultaneous congruences.

91. a: E a1 (mod 9), at E a2 (mod 11)
92. at E (23, (mod 3), a: E a2 (mod 8), a: E a3 (mod 25)

93. Find positive integers a, b, m1, m2 such that

a E b (mod m1)
at E b (mod mg)
a ,.'—f b (mod m1m2).

94. Find all the integer solutions to the Diophantine equation 51162 + m + 6 2 73g.
95. (a) Prove that if p and q are relatively prime and a: is an integer such that

:9 (mod 9!)
III

q (mod :0).
III

then x E p + q (mod pq).

(b) Show by means of a counterexample that the condition that p and q are
relatively prime is necessary.
96. Solve the congruence

$3 — 29:22 + 353; + 38 E 0 (mod 195).

88 Chapter 3 Congruences

(mod p)
97. If p is prime and k: is the smallest positive integer such that ak E
then prove that k divides p — 1.
98. Find the remainder When 1740 is divided by 27.
99. Find the remainder When 5183 is divided by 99.
100. Find the remainder when 22405 is divided by 23.

101—104. Find the last two digits of these numbers.

101. 747130 102. 287449

103- 9595 104. 25543333