KARNATAKA STATE OPEN UNIVERSITY

Mukthagangothri, Mysuru – 570006

M.Sc. MATHEMATICS (CBCS)

(THIRD SEMESTER)
M.Sc. MATHEMATICS (CBCS)
THIRD SEMESTER

Course: MMDSE 3.4

NUMBER THEORY

Course-MMDSE 3.4

Number Theory
Programme Name: M.Sc. Mathematics (CBCS) Year/Semester: III Semester COURSE WRITER
Course Code: MMDSE 3.4 Course Name: Number Theory
Credit: 3 Unit Number : 1-16 Dr. Madhusudhan H S Block 3.4A to Block 3.4 D
Associate Professor (Block I - IV)
COURSE DESIGN COMMITTEE
Department of Mathematics (Unit 01 to Unit 16)
Dr. Sharanappa. V. Halse Chairman Govt. First Grade College
Vice Chancellor Pandavapura, Mandya
Karnataka State Open University
Mukthagangothri, Mysuru-570006
Prof. N. Lakshmi Member
COURSE EDITOR
Dean (Academic)
Karnataka State Open University
Mukthagangothri, Mysuru-570006 Dr. Pavithra M Block 3.4A to Block 3.4 D
Dr. Pavithra. M Course coordinator Assistant Professor (Block I - IV)
Assistant Professor DOS in Mathematics (Unit 01 to Unit 16)
DoS in Mathematics, KSOU, Mukthagangothri, Mysuru-06 KSOU, Mysuru.

EDITORIAL COMMITTEE
The Registrar
1. Dr. K. Shivashankara Chairman
Karnataka State Open University
BOS Chairman(PG), DoS in Mathematics, KSOU
Associate Professor, Yuvaraja College, Mukthagangothri, Mysuru-570006
University of Mysore, Mysuru-06
Developed by the Department of Studies in Mathematics under the guidance of Dean
2. Mr. S. V. Niranjana Member & Convener
(Academic), KSOU, Mysuru.
Coordinator, (DoS in Mathematics)
Karnataka State Open University, 2023.
Assistant Professor, DoS in Physics,
KSOU, Mysuru-06 All rights reserved. No part of this work may be reproduced in any form or any other means, without
permission in writing from the Karnataka State Open University.
3. Dr. Pavithra. M Member Further information on the Karnataka State Open University Programmes may be obtained from the
Assistant Professor University’s Office at Mukthagangothri, Mysuru – 570 006.
DoS in Mathematics, KSOU, Mysuru-06

4. Dr. Chandru Hegde Member

Assistant Professor,
DoS in Mathematics,
Mangalagangotri, Mangaluru.
 TABLE OF CONTENTS
Page No.

BLOCK 3.4 A (BLOCK I)

Unit-1 The Fundamental Theory of Arithmetic, Euclid’s Theorem 1-13

Unit-2 Prime Number Theorem And Goldbach Conjecture 14-20

Unit-3 Fermat’s Factorization and Fermat’s Little Theorem 21-38

Unit-4 Euler’s Theorem And Wilson’s Theorem 39-49

BLOCK 3.4 B (BLOCK II)

Unit-5 Multiplicative Function τ And σ, M𝑜̈ bius Function And M𝑜̈ bius Inversion 51-61
Formula
Unit-6 The Greatest Integer Function, Euler’s Phi Function And Its Properties 62-69 BLOCK – I
Unit-7 Application to Cryptography 70-83

Dirichlet Product of Arithmetical Functions And Averages of Arithmetical

Unit-8 84-94
Functions
BLOCK 3.4 C (BLOCK III)
PRIMES AND THEIR DISTRIBUTION,
Unit-9 Order of An Integer Modulo N, Primitive Roots For Primes 96-103
FERMAT’S THEOREM
Unit-10 Composite Numbers Having Primitive Roots 104-115

Unit-11 Euler’s Criterion, Legendre Symbol And Its Properties 116-128

Unit-12 Quadratic Reciprocity Law And Quadratic Congruences 129-137

BLOCK 3.4 D (BLOCK IV)

Unit-13 Sum Of Two Squares & Sums Of More Than Two Squares 139-150

Unit-14 The Fibonacci Sequence, Identities Involving Fibonacci Numbers 151-158

Finite Continued Fractions, Convergents of A Continued Fraction, simple 159-165

Unit-15
continued Fractions

Unit-16 Infinite Continued Fraction, Periodic Continued Fraction And Pell’s Equation 166-184

0
 UNIT – 1 n  n  1 2n  1
Example 1: We prove P(n) : 12  22  n2  (1)by mathematical
6
THE FUNDAMENTAL THEOREM OF ARITHMETIC, EUCLID’S THEOREM induction.
1 2  3
Structure: Proof: Suppose n = 1. Then LHS = 12=1 and RHS =  1.
6
1.0. Objective Therefore LHS = RHS. So P(1) is true.
1.1. Introduction k  k  1 2k  1
Suppose P(n) is true for n = k i.e, 12  22  k 2  (2)
1.2. The Division Algorithm 6

1.3. The Greatest Common Divisor Now we prove P(n) is true for n = k + 1.

1.4. The Least Common Multiple Add (k + 1)2 to both sides of (2). Then

1.5. The Linear Diophantine Equations k (k  1)(2k  1)

12  22   k 2  (k  1) 2   (k  1) 2
6
1.6. Summary
(k  1)(2k 2  7k  6) (k  1)(k  2)(2k  3)
1.7. Keywords  
6 6
1.8. Exercises
which is exactly the right hand side of (1) for n = k + 1. Hence P(n) is true for all positive
1.9. References
integers n.
4. Second Principal of finite induction :
1.0. Objective:
Let S be a set of positive integer satisfying the following properties:
This chapter discusses some of the basic properties of the integers, including the notions of
(1) S
divisibility and primality, unique factorization into primes, greatest common divisors, and least
(2) if k is a positive integer such that 1, 2, 3, …, .
common multiples.
Then S is the set of all positive integers.
1.1. Introduction:
Example 2: Consider the Lucas sequence: 1, 3, 4, 7, 11, 18, 29, 47, 76, …
In this section we describe some preliminary tools we need before embarking into the core of
Sequence is defined by the following relation:
Number Theory.
a1 = 1
1. Well Ordering Principle: Every non-empty set S of non-negative integers contains a
a2 = 3
least element i.e, there exists an integer m such that m ≤ n .
an = an–1 + an–2 for all n ≥ 3.
2. Archimedean Property: If a and b are any two positive integers, then a positive
Our proposition is an < (7 / 4)n holds for every positive integer n.
integer n such that na ≥ b.
For n = 1 and 2, we have a1 = 1 < (7 / 4)n = 7 / 4 and a2 = 3 < (7/ 4)2 = 49 / 16 and hence the
3. First Principal of Mathematical Induction.
inequality holds in these two cases. For the induction step, choose an integer k ≥ 3 and assume
Let S be a set of positive integer satisfying the following properties:
that the inequality is valid for n = 1, 2, …, k – 1. Then, ak–1 < (7 / 4)k–1 and ak–2 < (7 / 4)k–2 .
(1) 1 S
By the way in which the Lucas sequence is formed, it follows that
(2) Whenever .
7 / 4  7 / 4
k –1 k –2
Then S is the set of all positive integers. ak  ak –1  ak –2 
=  7 / 4    7 / 4   1  7 / 4  11/ 4    7 / 4   7 / 4  7 / 4 
k –2 k –2 k –2 2 k
  .

1 2
Because the inequality is true for n = k whenever it is true for the integers 1, 2, …, k – 1, we Corollary 1: If a and b are integers with b ≠ 0, then unique integers q and r such that
conclude by the second induction principal that an < (7 / 4)n for all n ≥ 1. a = bq + r, 0 ≤ r < |b|.
5. The Binomial Theorem Proof: We consider the case when b is negative. Clearly |b| > 0. Hence by Theorem (1)
Let n be a positive integer and r another positive integer such that 0 ≤ r ≤ n. Then, unique integers q and r such that a = q'|b| + r, 0 ≤ r < |b|. Take q = -q' then a = bq + r, 0 ≤ r < |b|.

binomial coefficient ( ) is defined as Definition 1: An integer n is called even if n = 2k and it is called odd if n = 2k + 1 for some
integer k.
( ) ( )( )
( ) Example 3: We prove square of any integer is of the form 4k or 4k + 1.
( ) ( )
( ) ( ) Proof: Any integer n is of the form 2m or 2m+1 by division algorithm. Hence square of n is
either 4m2 or 4m(m+1) + 1 which implies n is either of the form 4k or 4k+1.
n
Binomial coefficients are denoted by Cr . We state some of the results connected with Binomial Example 4: We prove that square of any integer is of the form 3k or 3k+1.
coefficients. Proof: Let a be any integer. When a is divided by 3 it leaves the remainder 0, 1, or 2. a is of
2 2 2
the form 3q, 3q+1 or 3q+2. So, let a = 3q. Then a = 9q = 3·3q = 3k.
a) Pascal’s Rule: This rule says that ( ) ( ) ( )
When a = 3q+1, then a2 = 9q2 + 6q+1= 3(3q2 +2)+1= 3k+1.
b) Newton’s Identity: ( ) ( ) ( )( ) When a = 3q+2, then a2 = 9q2 + 12q+4= 3·(3q2 +4q+1)+1= 3k+1.

c) Binomial Theorem: If n is a positive integer, then ( ) ∑ ( ) Hence a2 is of the form 3k or 3k+1.

Example 5: We show that n(n+1)(2n+1) / 6 is an integer for n ≥ 1.
1.2. The Division Algorithm Proof: When n is divided by 6 it leaves the remainder 0, 1, 2, 3, 4, or 5 by division algorithm.
Theorem 1: Let a be any integer and b a positive integer. Then there exists unique integers q Any integer n can be written in the form 6k, 6k+1, 6k+2, 6k+3, 6k+4 or 6k+5. So, when n = 6k,
and r such that a = bq + r with 0 ≤ r < b. Here q is called quotient and r is called remainder. n(n+1)(2n+1) is divisible by 6. When n = 6k+1, then
Proof: We consider the infinite sequence of multiples of b given below: n(n+1)(2n+1) = (6k+1)(6k+2)(12k+3) = 6(6k+1)(3k+1)(4k+1)
…, –b, 0, b, …, bq, b (q+1), … which when divided by 6 gives an integer. Similarly we can prove the result in other cases.
Then obviously either a must be equal to one of the multiples of b say bq or it must lie between Definition 2 (Divisibility): An integer b is said to be divisible by an integer a ≠ 0 if there exists
two consecutive multiples say bq and b (q+1). Thus, we have an integer c such that b = ac and we write it as a | b (a divides b). If b is not divisible by a then
bq a < b(q+1) for some q ⇒ 0 a – bq < b. we write it as a | b (a does not divides b).
Let a – bq = r. Then we have a = bq + (a – bq) = bq + r, 0 r < b.
Theorem 2: For integers a, b, c the following hold:
This completes the existence part of the theorem. For uniqueness we assume the possibility of
(a) a | 0, 1 | a, a | a
two different representations of a as given below:
(b) a | 1 if and only if a = ± 1
a = bq + r, 0 r<b and a = bq1 + r1, 0 r1 < b for some integers q, q1, r, and r1.
(c) if a | b and c | d then ac | bd
These two equations imply that
(d) if a | b and b | c then a | c
bq + r = bq1 + r1 Or b(q – q1) = r1 – r.
(e) a | b and b | a if and only if a = ±b
This shows that b divides r1 – r. But this is not possible because both r and r1 are positive
(f) if a | b and b ≠ 0 then |a| ≤ |b|
integers less than b. Hence, q and r must be unique.
(g) if a | b and a | c then a | bx+cy for arbitrary integers x and y.

3 4
Proof: Proofs of (a) and (b) are very easy. ( ) ( ) ( )
Let us prove (c). a | b ⇒ b = k1a and c | d ⇒ d = k2c, k1, k2 . If r were positive, then this representation would imply contradicting the fact that d
Multiplying these two, we obtain bd = (k1 k2)ac ⇒ ac | bd. is the least integer in S. Therefore ⇒ ⇒ | Similarly we can prove that d | b.
Proof of (d) : a | b ⇒ b = k1a and b | c ⇒ c = k2b, k1, k2 . Substituting for b in c = k2b, we Hence d is a common divisor of a and b.
obtain c = k2 (k1a) i.e, c = (k1 k2)a ⇒ a | c. Now if c is a positive integer such that c | a and c | b then c | ax + by Hence
Proof of (e) : a | b ⇒ b = k1a and b | a ⇒ a = k2b, k1, k2 . Hence a = (k1 k2)a ⇒ k1 k2 = ±1. | ( ) | | | | ⇒ Hence gcd(a, b) = d.
Corollary 2: If a and b are given integers, not both zero then the set
Proof of (f) : Since a | b ⇒ b = ka, ⇒ | | | | { | }
| || | | |≥ | | | || | ≥ | |. is precisely the set of all multiples of d = gcd(a, b).
Proof of (g) : Since a | b ⇒ b = k1a and a | c ⇒ c = k2a, k1, k2 . Proof: Since | | | Thus every element of T is a multiple of d.
Conversely since d is expressed as , any multiple nd of d is of the form
( ) |( ) ( ) ( ).
Similarly we can show that a | bx-cy. Hence nd is an element of T.
Property (g) of Theorem 2 can be extended by induction to sums of more than two terms. That is Definition 4: Two integers a and b, not both of which are zero are said to be relatively prime if
if a | bk for k = 1, 2, 3, | gcd(a, b) = 1.
Theorem 4: Let a and b be integers, not both zero. Then a and b are relatively prime if and
1.3. Greatest Common Divisor only if there exists integers x and y such that ax + by = 1.
Definition 3 (Greatest Common Divisor) : Let a and b be any two integers, with at least one of Proof: Suppose gcd(a, b) = 1. Then by Theorem 3 there exists integers x and y such that 1=
them is not zero. Then greatest common divisor of a and b denoted by gcd(a, b) is the positive ax + by.
integer d satisfying the following: Conversely suppose ax + by = 1 and let gcd(a, b) = d. Then | | ⇒ |
(a) d | a and d | b
| . Since d is positive d = 1. This completes the proof.
(b) if c | a and c | b then c ≤ d.
Corollary 3: If ( ) ( ) .
Example 6: gcd(12, 30) = 6, for divisors of 12 are 1, 2, 3, 4, 6, 12 and that of 30 are 1, 2, 3, 5, 6,
Proof: Since gcd(a, b) = d, there exists integers x and y such that Dividing both
10, 15, and 30. common divisors are 1, 2, 3, and 6. Among these 6 is the largest. Hence
gcd(12, 30) = 6. ( ) ( ) Since d | a and d | b,
Theorem 3: If a and b are any two integers, not both of them are zero, then there exits integers x ( ) .
and y such that gcd(a, b) = ax + by.
Corollary 4: If a | c and b | c and (a, b) = 1, then ab | c.
Proof: Let { | }. Since | | where we
Proof: Since gcd(a, b) = 1 there exists integers x and y such that ⇒
choose x = 1 or -1 according as a is positive or negative, S is non-empty. Clearly S is a set of
(3)
positive integers. by Well-ordering principle, S has a least element, say d. By very definition
Since | | ⇒ . By appropriate substitution
of S, there exists integers x0, y0 such that d = ax0 + by0.
in (1.1.3), we have ( ) ( )
Now, we prove that d is the gcd of a and b. By division algorithm we can find integers q
i.e., ( ) ( ) i.e., ( ) ⇒ | .
and r such that

5 6
Theorem 5 (Euclid’s Lemma): If | ( ) | . By Theorem 6 we have,
Proof: | ( ) there exist ( ) ( ) ( ) ( ) , the last two non-zero remainders.
integers . Theorem 1.2.3 asserts that gcd(a, b) can be expressed in the form ax + by, but proof of
Since , we have ( ) ⇒ | . the theorem gives no hint as to how to find x and y. For this we use Euclidean Algorithm.
Corollary 5: ( ) ( ) ( ) . Starting with equation
Proof: ( ) . Similarly (a, c) = 1, implies We write .
there exists integers . Multiplying these two, we obtain Now solve preceding equation in the algorithm for and substitute to obtain
( )( ) ( )
i.e, ( ) ( ) . ( ) ( ) .
This implies (a, bc) = 1. This represents as linear combination of and . . Continuing backward through
The Euclidean Algorithm: There are several methods for finding gcd of two positive integers. system of equations, we successively eliminate the remainders until a stage
Among these Euclidean algorithm is the efficient algorithm. In fact, it is one of the fastest is reached where ( ) is expressed as a linear combination of a and b.
algorithm to find gcd of two positive integers and most simple one. Example 7: Let us find gcd of 256 and 1166.
First let us prove the following theorem. Proof: Since
Theorem 6: Let a and b be any two positive integers and r is the remainder when a is divided
by b. Then gcd(a, b) = gcd(b, r).
Proof : Let gcd(a, b) = d. Divide a by b. Then there exists unique integer q and r such that a =
bq + r, 0 ≤ r < b. Since | | | ⇒ | d is a common divisor of b and r. and

Suppose c is a common divisor of b and r, then | ⇒ | . Hence c is a common .

divisor of a and b. Since d is the gcd of a and b, by definition c ≤ d. Hence gcd(b, r) = d. To represent 2 as a linear combination of 256 and 1166, consider

Now, we explain Euclid’s Algorithm. Let a and b be any two positive integers with a >
b. [If a = b then gcd(a, b) = a]. Then applying division algorithm repeatedly we have the ( )
following sequence of equations:
, ( )
, ( ) ( )
, ( )
( )( )
Continuing like this, we get the following sequence of remainders: ( ).
≥ . .
Since remainders are non-negative and getting smaller and smaller, this sequence should Theorem 7: If k > 0 then gcd(ka, kb) = k·gcd(a, b).
eventually terminate with . Thus, the last two equations in the above procedure are Proof: Multiply each of the equations in Euclidean Algorithm by k.
and . Corollary 6: For any integer k ≠ 0, gcd(ka, kb) = |k| gcd(a, b).

7 8
1.4. Least Common Multiple This implies | ( ). Since gcd(r, s) = 1, by Euclid’s lemma, we have |( )

Definition 5: Let a and b be any two integers. Then least common multiple of a and b denoted ⇒ where t is an integer.

by lcm(a, b) is the positive integer c satisfying the following : ( )

(a) a | m and b | m
Since ( ) ( ) we have ( ) ( ) ( )
(b) if a | c and b | c then m ≤ c.
or ( ) .
Example 8: Consider a = 12 and b = 30. Then common multiples of a and b are 60, 120, 180,
240, ···. Among these 60 is the least. Therefore lcm(12, 30) = 60. Now, we show that satisfies the equation ax + by = c.

Theorem 7: For positive integers a and b Consider

lcm(a, b) × gcd(a, b) = a·b. [ ( ) ] [ ( ) ]

Proof: Let d = gcd(a,b). Then we can find integers r and s such that .
( ) [ ]
Then m = as = rs. Hence m is a common multiple of a and b. Let c be any positive integer that is a
common multiple of a and b i.e, there exists integers u and v such that c = au = bv. Since d =
gcd(a, b) there exists integers x and y such that d = ax + by. Hence Thus, there are an infinite number of solutions.
( ) Example 9: Consider the linear Diophantine equation 172x + 20y = 1000. By using Euclid’s
algorithm, gcd(172, 20) = 4. Since 4 | 1000, a solution of this equation exists. Since 4 can be
⇒ | ⇒ ( ) .
expressed as linear combination of 172 and 20, by using Euclid’s algorithm we find
( ) ( )
4 = 2·172 + (–17)·20.
1.5. Linear Diophantine Equation
Multiplying both sides by 250, we obtain
Definition 6: An equation of the form ax + by = c, where a, b, c are integers and a, b
1000 = (500)172 + (–4250)20.
are not both zero is called linear Diophantine equation in two unknown.
is a solution of 172x + 20y = 20.
A solution of this equation is a pair of integers that satisfy the above equation.
general solution is given by
Theorem 8: The linear Diophantine equation ax + by = c has a solution if and only if d | c where
d = gcd(a, b). If ( ) is any particular solution, then all other solutions are given by
where t is an integer.
( ) ( )
Definition 7: An integer p > 1 is called a prime number if the only divisors of p are ±1 and ±p.
where t is any arbitrary integer.
If p is not a prime then it is called composite.
Proof: First, let us prove the second part. Suppose ( ) is a particular solution of the
For example 2, 3, 5, 7, 11, · · · are primes whereas 4, 6, 8, 9, 10, · · · are composite numbers.
equation and ( ) is any other solution. Then
Note that 2 is the only even prime.
⇒ ( ) ( )
Since d | a and d | b, there exists integers r and s with gcd(r, s) = 1 such that a = dr and b Note: 1 is neither prime nor composite.

= ds. Substituting, we have Theorem 9: If p is a prime and p | ab then p | a or p | b.

( ) ( ) Proof: If p | a then there is nothing to prove. So, assume . Then gcd(a, p) = 1. Hence, by
( ) ( ). Euclid’s lemma, p | b.

9 10
Corollary 7: If p is prime and | | for some k, where 1 ≤ k ≤ n. If this process is continued and if r < s, then we would eventually arrive at
Proof: The proof is by induction on n. When n = 1, the stated conclusion obviously holds; 1 = qr+1 qr+2 qs
whereas when n = 2 the result true by Theorem 9. Suppose n > 2 and assume whenever p divides
which is absurd, because each qj > 1. Hence r = s and p1 = q1, p2 = q2, … pr = qr making the two
a product of less than n factors, it divides at least one of the factors that if
fractorizations of n identical. The proof is now complete.
| | for some k, 1 ≤ k ≤ n – 1.
Corollary 9: Any positive integer n > 1 can be written uniquely in a canonical form
Now suppose |( ) . Then, by Theorem 9, either | or
| . If | then the proof is complete. Otherwise, by induction hypothesis | for some k,
1 ≤ k ≤ n – 1. In any case, p divides one of the integers a1, a2, …, an.
where, each ki is a positive integer and each pi is a prime, with p1 < p2 < < pr.
Corollary 8: If are all primes and | then for some k, 1 ≤ k ≤ n.
For example, 360 = 23 32∙5.
Proof: By Corollary 7, we know that p / qk for some k, with 1 ≤ k ≤ n. Being a prime, qk is not
We now prove a famous result due to Pythogoras.
divisible by any positive integer other than 1 or qk itself. Because p > 1, we are forced to
conclude that p = qk. Theorem 11: The number √2 is irrational.

Theorem 10: (Fundamental Theorem of Arithmetic): Every integer n > 1 can be expressed as Proof: If √2 = a / b where a and b are integers with gcd(a, b) = 1. Then there exists integers r
a product of primes in a unique way apart from the order of the prime factors. and s satisfying ar + bs = 1. As a result,

Proof: We prove it by induction. Clearly the theorem is true for n = 2 (as 2 is prime). Suppose √2 = √2 1 = √2(ar + bs) = (√2a)r + (√2b)s = 2br + as.
that every integer less than n can be written as a product of primes. Now, we show that n can be This shows that √2 is an integer, an obvious contradiction since 1 < √2 < 2.
expressed as product of primes. 1.6. Summary: In this Chapter, we have studied one of the fundamental results in Number
If n is prime, then there is nothing to prove. If not, there exists integers a and b such that theory “The division algorithm”. Also we studied several divisibility properties, gcd, lcm of
n = ab and 1 < a, b < n. By our induction hypothesis, a and b can be expressed as product of two integers. As an application of Euclid’s algorithm which is used to find gcd of two
primes and hence n can also be expressed as product of primes and that completes the first part. integers, we solved linear diaphantine equation. At the end of the chapter we proved a very
important theorem, “The fundamental theorem of Arithmetic”.
Uniqueness: Suppose n can be expressed as a product of primes in two different ways:
1.7. Keywords: Integer, prime number, composite number, divisibility, factorization, greatest
n = p1 p2 p3 pr = q1 q2 q3 qs, with r < s (4)
common divisor, least common multiple, relatively prime numbers.
where pi and qi are primes in the increasing order i.e., p1 p2 p3 pr and q1 q2 q3 1.8. Exercises:
qs. 1. Find the gcd and lcm of (a) 143, 227 (b) 1976, 1776 (c) 306, 657 and
Since p1 | n implies p1 | q1 q2 q3 qs, by Corollary 8, p1 = qk for some k with 1 ≤ k ≤ s. express the gcd as linear combination ax + by in each case.
But then p1 ≥ q1. Similar reasoning gives q1 ≥ p1, and hence p1 = q1. We may cancel this 2. Prove that gcd(n – 1, n + 1) = 1 or 2 for each n ≥ 2 and (2n – 1, 2n + 1) = 1 for each

common factor in (4) and obtain n≥7

3. Prove that (n – 1)2 | nk – 1 if and only if n – 1 | k.
p2 p3 pr = q2 q3 qs.
4. Show that any integer of the form 6k + 5 is also of the form 3j + 2 but not conversely.
Now repeat the process to get p2 = q2 and, in turn,
5. Use the division algorithm to establish the following:
p3 p4 p5 pr = q3 q4 q5 qs. a. Square of any integer is either of the form 3k or 3k + 1
11 12
 b. The cube of any integer has one of the forms 9k, 9k + 1 or 9k + 8. UNIT – 2
6. Prove that 3a2 – 1 is never a perfect square.
7. Prove that no integer in the following sequence is a perfect square:
PRIME NUMBER THEOREM AND GOLDBACH CONJECTURE
11, 111, 1111, 11111, …
Structure:
8. Find the number of positive integers 3076 and (a) divisible by 19 (b) not divisible by
2.0. Objective
17.
2.2. Trial Division
9. Prove that the sum of two integers of the form 4k + 1 is even.
2.3. Sieve of Eratosthenes
10. Prove by mathematical induction
2.4. Goldbach Conjecture
(a) 2n3 + 3n2 + n is divisible by 6
2.5. Prime Number Theorem
(b) 5 | 33n + 1 + 2n + 1.
30 2.6. Summary
11. Find the largest non-trivial factor of 2 – 1.
2.7. Keywords
12. Given an odd integer a, establish that a2 + (a + 2)2 + (a + 4)2 + 1 is divisible by 12.
2.8. Exercises
13. Which of the following Diophantine equation can be solved:
2.9. References
(a) 6x + 51y = 22 (b) 33x + 14y = 115
(c) 12x + 13y = 14 (d) 1076x + 2076y = 1155
2.0. Objective
14. Find the solutions of
This chapter concerns itself with the question: how many primes are there? In this chapter we
(a) 5x + 14y = 620 (b) 31x – 7y = 2
prove that there are infinitely many primes; however, we are interested in a more quantitative
(c) 2x + 3y = 4 (d) 28x + 91y = 119
answer to this question; that is, we want to know how “dense” the prime numbers are and also
15. If a and b are relatively prime positive integers, prove that the Diophantine equation
how they are distributed among integers.
ax – by = c has infinitely many solutions in positive integers.
16. Find two fractions whose denominators are 7 and 13 and their sum is 33 / 91. 2.1. Trial Division

Since an even integer is always divisible by 2, a prime number is always odd except 2. So, given
1.9. References large odd integer, how can we determine whether n is prime or composite. The obvious
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication approach is dividing n by all primes less than n. If n is not divisible by any of them, then n must
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier be prime. Otherwise n is composite. This method is called Trial division. This method not
3. Basic Number Theory, S. B. Malik, Vikas Publications only determines whether n is prime or not, it also gives a non-trivial divisor of n, if n is
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley composite. But the following theorem show that there always exists a prime divisor p of n which
is less than or equal to √ if n is composite. This implies, to find whether n is prime or
composite, it is enough to divide n by all primes less than or equal to √ .

Theorem 1: Let n > 1 be a composite integer, then there exists a prime p such that p | n and p ≤
√ .

13 14
Proof: If n is composite then n = a·b for some integers a and b with 2 ≤ a,b < n and a ≤ b. Now, the next question is ‘Is there a simple formula for the nth prime pn, like 2n that
Since n = a·b ≥ a2, a ≤ √ . Now, by FTA, either a is a prime or has a prime divisor p. p|a⇒ produces all even integers. Answer is no. Also given a large odd integer, it is difficult to find
p | n and p ≤ √ . whether the number is prime or composite. But, more difficult is finding the factors, if the
number is composite. More over their distribution with in the positive integers is most
For example, take n = 271. Then 16 < √ 7 < 17 and 2, 3, 5, 7, 11 and 13 all do not
mystifying and irregular. Sometimes they are very close together like 3 & 5, 11 & 13, 17 & 19
divide 271. Hence 271 is a prime number.
or 1000000000061 & 1000000000063 and at the same time there exists arbitrarily large gaps
Even though the method looks very simple, it is not useful in practice. For example, if a between consecutive primes that is given any positive integer n, there exists n consecutive
positive integer is less than a million is given, we can find all factors fairly quickly. If an integer integers, all of which are composite. To prove this, consider the integers, (n+1)!+2, (n+1)!+3,
of the order of say 50 digits is given, then using best computers that exists today, finding a factor ···, (n+1)!+(n+1) where n! = n·(n – 1) ··· 3·2·1. Clearly each integer is composite: (n+1)!+2 is
would be impractical. divisible by 2, (n+1)!+3 is divisible by 3 and so on.
2.3. The Sieve of Eratosthenes 2.4. Goldbach Conjecture
Suppose we want to list all primes p ≤ n, where n is an integer > 1. We know that if n is Another famous unsolved problem is “Goldbach conjecture”. It states that every even
composite then it is divisible by a prime p < √ . First, list all integers from 1 to n. Underline 2 integer is the sum of two numbers that are either primes or 1.
and strike out all multiples of 2. The first of the remaining integers is 3. Underline 3 and strike
For example: 2 = 1+1, 4 = 2+2 = 1+3, 6 = 3+3 = 1+5,
out all multiples of 3. The smallest integer after 3 that is left out is 5. Continuing this procedure,
8 = 3+5 = 1+7, 10 = 3+7 = 5+5 etc.
suppose we have struck off all multiples of a prime p, the next integer left in the list is prime next
to p, say q. We continue repeating the process till q > √ and then quit. The remaining unstruck In the year 1742, Goldbach wrote a letter to Leonard Euler about his conjecture. In reply

integers are primes. For example, we list all primes ≤ 50. Euler wrote to Goldbach another conjecture which states

1 2 3 4 5 6 7 8 9 10 “Any even integers (≥ 6) of the form 4n+2 is a sum of two numbers each being either a
11 12 13 14 15 16 17 18 19 20 prime of the form 4n+1 or 1.
21 22 23 24 25 26 27 28 29 30
All attempts to obtain a proof of Goldbach conjecture have been completely unsuccessful
31 32 33 34 35 36 37 38 39 40
so far. The first real progress on the conjecture is nearly 200 years was made by Hardy & Little
41 42 43 44 45 46 47 48 49 50
wood in 1922. On the basis of a certain unproved hypothesis, the so called generalized Riemann
Now the question arises. Are there infinitely many primes? Answer is yes and it was
hypothesis, they showed that every significantly large odd number is the sum of three odd
proved by Euclid in his book ‘Elements’.
primes. In 1937, Russian mathematician Vinogradov showed that if A(x) is the number of even
Theorem 2: There is an infinite number of primes. integers n ≤ x that are not sum of two primes, then

Proof: The proof is by contradiction. Suppose, there are only finitely many primes say ( )
. Let . If P is prime then there is nothing to prove. If P is
composite the P has a non-trivial divisor, say . This shows that almost all even integers satisfy the conjecture.

Since, | | ⇒ | ⇒ , which is a contradiction. Now, by division algorithm any integer can be written in the form 4n, 4n+1, 4n+2 or 4n+3.
Hence there are infinitely many primes. Therefore all odd integers are of the form either 4n+1 or 4n+3.

15 16
 Since all primes are odd, the primes must be of the form either 4n+1 or 4n+3. Let us So p | f (b+tp). But every value of f is a prime, so f (b+tp) must be a prime and hence
write down some of the primes of the form 4n+1 and 4n+3. f (b+tp) = p. Thus, f (b) = p = f(b+tp). This implies f takes on the same value infinitely many

4n+3 : 3 7 11 19 23 31 43 47 59 67 71 79 83 times, since t is an arbitrary integer.

4n+1 : 5 13 17 29 37 41 53 61 73 89 97. But f (n) is a polynomial of degree k, so it cannot assume the same value more than k
times, yielding a contradiction.
Let us denote ( ) as the function which counts the number of primes of the form p = an+b
Thus, no polynomial with integral coefficients exists that will generate only primes. All
not exceeding x. Then
this shows that prime numbers are distributed irregularly among integers.
( ) ( )
But the average distribution of primes is very regular, its density shows a steady but slow
⇒ ( ) ( )
decrease. The number of primes between 2 to 1000, 1001 to 2000, 2001 to 3000, 3001 to 4000
In 1914, J.E. Littlewood showed that the inequality fails infinitely often. For x = 26,861,
and 4001 to 5000 are 168, 135, 127, 120, and 119 and those in the last five blocks of 1000 below
( ) ( ) 10,000,000 are 62, 58, 67, 64 and 53.

The next prime at which the reversal occurs is x = 616,841. Let ( ) denote the number of primes less than or equal to x. Then ( )

Number theorists often dream of finding formulas that generate primes for consecutive values of ( ) etc., Using the summation notation, ( ) can be defined as
2
the integral variable n. Euler found one such formula in 1772; E(n) = n – n + 41 yields a prime ( ) ∑ Where p denotes a prime.
for every positive integer n ≤ 40. But when n = 41, E(41) = 412 is not a prime.
2.4. The Prime Number Theorem
Theorem 3: There is no polynomial f(n) with integral coefficients that will produce primes for
  x
all integers n. lim  1 (That is, as x gets larger and larger, ( ) approaches x / ln x.)
x  x / lnx
Proof: We prove it by contradiction. Suppose there is a polynomial
Gauss noticed the similarity between the values of ( ) and x/ln x, as x gets larger and
( ) conjectured the theorem in 1793, but did not provide a proof. In 1850, the Russian

Where ak ≠ 0. Let b be some integer. Since f(n) is always a prime, f(b) must be a prime p; that mathematician Pafnuty Lvovich Chebychev made significant progress toward a proof; he proved

is, that there are positive constants a and b, such that

( ) (1) ( ) where x ≥ 2.
Let t be an arbitrary integer. Then In 1896, the French mathematician Jacques Hadamard and the Belgian mathematician
( ) ( ) ( ) ( ) Charles-Jean-Nicholas de la Vallee-Poussin, working independently, proved the theorem using

( ) ( ) advanced mathematics. This proof was a milestone in the development of number theory. But in
1950, the Hungarian mathematician Paul Erdos and Norwegian mathematician Alte Selberg
Where g(t) is a polynomial in t. Thus,
proved the theorem using elementary calculus.
( ) ( ) ( )
According to the prime number theorem, when x is sufficiently large, ( ) can be
( )] approximated by x / ln x. But a better approximation is the function li(x), defined by Gauss,
where
17 18
 5. Show that if n > 2, there exists a prime p such that p < n < 2p.
( ) ∫
6. Prove that if p and p2 + 8 are primes, p3 + 4 is also prime.
 p
( ) ( ) 7. If p is a prime and 1 k < p, then prove that p |  .
Let us construct a table comparing with that of . k
ln li
8. Let p and q be successive odd primes and p + q = 2r, then prove that r is composite.
( ) ( ) 9. If n is composite then prove that 2n – 1 is composite.
x π(x)
ln l 10. Prove that the Goldbach conjecture that every even integer greater than 2 is the sum of
103 168 1.160 0.9438202
two primes is equivalent to the statement that every integer greater than 5 is the sum of
104 1229 1.132 0.9863563
three primes.
105 9592 1.104 0.9960540
11. Let pn denote the nth prime number. For n ≥ 3, prove that pn23  pn pn1 pn2 .
106 78498 1.085 0.9983466
107 664579 1.071 0.9998944
2.8. References:
108 5761455 1.061 0.9998691
1. An Introduction to Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
109 50847534 1.054 0.9999665
2. Elementary Number Theory, David M. Burton, McGraw Hill Publication
1010 455052512 1.048 0.9999932
( ) ( ) 3. The New Book of Prime Number Record, Paulo Ribenboim, Springer Verlag
From the table it is clear that approaches 1 more rapidly than . 4. Elementary Number Theory with Applications, Thomas Koshy, Elsevier.
li ln
5. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley.
2. 5. Summary

In this chapter we have studied the properties of primes which are considered as building blocks
of integers. We have seen in this chapter how haphazardly primes are distributed among integers
and also there exists no simple formula to find nth prime. At the end of the chapter we stated one
of the most important theorem “Prime number theorem”.

2.6. Keywords
Trial division, sieve, conjecture, polynomial.
2.7. Exercises:
1. Prove that if p is a prime such that p + 2 is also a prime then
(a) p(p + 2) + 1 is a perfect square
(b) 12 | p + (p + 2) whenever p > 3.
2. Determine whether the integer 1013 is prime by testing all primes p 1013 as possible
divisors.

3. Prove that p is irrational for any prime p.

4. Show that any composite three digit number must have a prime factor less than or equal
to 31.

19 20
 UNIT – 3 It is to be noted that any two integers are congruent modulo 1, whereas two integers are
congruent modulo 2 when they are both even or both odd. In as much as congruence modulo 1 is
FERMAT’S FACTORIZATION AND FERMAT’S LITTLE THEOREM not particularly interesting, the usual practice is to assume that n > 1.
Given an integer a, let q and r be its quotient and remainder upon division by n, so that
Structure:
a = qn + r 0  r < n.
3.0. Objective Then, by definition of congruence, a  r (mod n). Because there are n choices for r, we see that
3.1. Congruences
every integer is congruent modulo n to exactly one of the values 0,1,2,...,n – 1; in particular, a 
3.2. Linear Congruences
0 (mod n) if and only if n | a. The set of n integers 0, 1, 2 ,…,n – 1 is called the set of least
3.3. System of Linear Congruences
nonnegative residues modulo n.
3.4. Fermat’s Little Theorem
In general, a collection of n integers a1, a2,…, an is said to form a complete set of residues (or a
3.5. Fermat’s Factorization Technique
complete system of residues) modulo n if every integer is congruent modulo n to one and only
3.6. Summary
one of the ak. To put it another way, a1, a2 , …, an are congruent modulo n to 0, 1, 2 ,..., n – 1,
3.7. Keywords
taken in some order. For instance,
3.8. Exercises
–12, –4, 11, 13, 22, 82, and 91
3.9. References
constitute a complete set of residues modulo 7; here, we have
–12  2 –4  3 11  4 13  6 22  1 82  5 91  0
3.0. Objective
all modulo 7. An observation of some importance is that any n integers form a complete set of
This chapter introduces the basic properties of congruences modulo n, along with the related
residues modulo n if and only if no two of the integers are congruent modulo n. We shall need
notion of congruence classes modulo n. Other items discussed include the Chinese remainder
this fact later.
theorem to solve a system of linear congruences, Fermat’s little theorem and Fermat’s
Our first theorem provides a useful characterization of congruence modulo n in terms of
factorization technique.
remainders upon division by n.
Theorem 1: For arbitary integers a and b, a  b (mod n) if and only if a and b leave the same
3.1. Congruences
nonnegative remainder when divided by n.
Definition 1: Let n be a fixed positive integer. Two integers a and b are said to be congruent
Proof. First take a  b (mod n), so that a = b + kn for some integer k. Upon division by n, b
modulo n, symbolized by a  b ( mod n) if n divides the difference a – b; that is provided that a –
leaves a certain remainder r; that is, b = qn + r, where 0  r < n. Therefore.
b = kn for some integer k.
( ) ( )
To fix the idea, consider n = 7. It is routine to check that
which indicates that a has the same remainder as b.
3  24 (mod 7) –31  11 (mod 7) –15  – 64(mod 7)
On the other hand, suppose we can write a = q1n + r and b = q2n + r, with the same remainder r
Because 3 – 24 = (–3) 7, (-31) –11 = (– 6) 7 , and –15 – (– 64) = 7 7.
( 0  r < n). Then
When n |  a  b  , we say that a is incongruent to b modulo n, and in this case we write a  b
a  b   q1n  r    q2n  r    q1  q2  n
(mod n).
whence n | a – b. Therefore by the definition of congruences, we have a  b (mod n).
For a simple example: 25  12 (mod 7), because 7 fails to divide 25 – 12 = 13.

21 22
Example 1: Because the integers –56 and –11 can be expressed in the form (– 56) = (–7)9+7 (mod n) together imply that aak  bbk (mod n) or equivalently ak+1  bk+1 (mod n). This is the
– 11 = (– 2)9+7 with the same remainder 7, Theorem 1 tells us that –56  –11 (mod 9). Going form the statement should take for k+1 and so the induction step is complete.
in the other direction, the congruence – 31  11(mod 7) implies that – 31 and 11 have the same Before going further, we should illustrate that congruences can be a great help in carrying out
remainder when divided by 7; this is clear from the relations –31 = (–5)7+4 and 11=1.7+4 certain types of computations.
Theorem 2: Let n >1 be fixed and a, b, c, d be arbitrary integers. Then the following properties Example 2: Let us show that 41 divides 220 – 1. We begin by noting that 25  –9 (mod 41).
hold: Whence (25)4  (–9)4 (mod 41) by Theorem 2 (f); in other words, 220  81 81(mod 41). But 81 
a) a  a (mod n). –1 (mod 41), and so 81 81  1(mod 41). Using parts (b) and (e) of Theorem 2, we finally arrive
b) If a  b (mod n), then b  a (mod n). at
c) If a  b(mod n) and b  c(mod n), then a  c(mod n). 220  1  (81  81)  1  1  1  0  mod 41 .
d) If a  b(mod n) and c  d(mod n), then a + c  b + d(mod n) and ac  bd(mod n). Thus, 41 | 220 – 1, as desired.
e) If a  b(mod n), then a +c  b +c(mod n) and ac  bc(mod n). Example 3: For another example, let us find the remainder obtained upon dividing the sum
f) If a  b(mod n), then ak  bk(mod n) for any positive integer k. 1! +2! +3! +4!+......+99!+ 100!
Proof. For any integer a, we have a – a = 0 n, so that a  a(mod n). Now if a  b(mod n) , then by 12. Without the aid of congruences, this would be an awesome calculation. Observe that
a – b = kn for some integer k. Hence, b – a = -(kn) = (-k)n and because – k is an integer, this 4!  24  0 (mod 12).
yields property (b). Thus, for k  4
Property (c) is slightly less obvious: Suppose that a  b(mod n) and also b  c(mod n). k!  4! 5 6 … k  0 5 6 … k  0 (mod 12).
Then there exists integers h and k satisfying a – b = hn and b – c = kn. It follows that In this way, we find that
a – c = (a – b) + (b – c) = hn +kn = (h + k)n. 1! +2! +3!+4!+....+100!  1!+2!+3!+0+....+0  9 (mod 12).
This implies n | a – c and hence a  c(mod n) in congruence notation. Accordingly, the sum in question leaves a remainder of 9 when divided by 12.
In the same vein, if a  b (mod n) and c  d(mod n), then we are assured that a – b = k1n In Theorem 2 we saw that if a  b (mod n), then ca  cb (mod n) for any integer c. The
and c – d = k2n for some choice of k1 and k2. Adding these equations, we obtain converse, however, fails to hold. As an example, perhaps as simple as any, note that 2 4  2 1
 a  c   b  d    a  b    c  d   k1n  k2n   k1  k2  n (mod 6), whereas 4  1 (mod 6). In brief: one cannot unrestrictedly cancel a common factor in
or, as a congruence statement, a+c  b+d (mod n). As regards the second assertion of property the arithmetic of congruences.
(d), note that With suitable precautions, cancellation can be allowed; one step in this direction.
ac   b  k1n  d  k2n   bd   dk2  dk1  k1k2n  n Theorem 3: If ca  cb(mod n), then a  b(mod n /d), where d = gcd(c, n)

Because bk2 +dk1+k1k2n is an integer, this says that ac – bd is dividable by n, whence ac  bd Proof: Given ca  cb(mod n). Hence there exists some integer k, such that

(mod n). c(a – b) = ca – cb = kn. (1)

The proof of property (e) is covered by (d) and the fact that c  c (mod n). Finally, we Since, gcd(c, n) = d, there exists relatively prime integers r and s satisfying

obtain property (f) by making an induction argument. The statement certainly holds for k = 1, c = dr, n = ds.
When these values are substituted in the equation (1) and the common factor d cancelled, the net
and we will assume it is true for some fixed k. From (d), we know that a  b(mod n) and a ≡ b k k

result is r(a – b) = ks.

23 24
Hence s|r(a – b) and gcd (r, s) = 1. Euclid’s lemna yields s|a – b, which may be written as a  b Now gcd(n /d, n) = n /d, and therefore by Theorem 3 the factor n /d could be canceled to arrive
(mod s); in other words, a  b (mod n /d). at the congruence t1  t2(mod d) which is to say that d |t2 – t1. But this is impossible in view of the
Theorem 3 gets its maximum force when the requirement that gcd(c, n) = 1 is added, for then the inequality 0 < t2 – t1 < d.
cancellation may be accomplished without a change in modulus. It remains to argue that any other solution x0+(n /d)t is congruent modulo n to one of the d
Corollary 1: If ca  cb (mod n) and gcd(c, n) = 1, then a  b(mod n). integers listed above. The Division Algorithm permits us to write t as t = qd+r, where 0r
Corollary 2. If ca  cb (mod p) and p | c and p a prime imply that gcd(c, p) = 1. d – 1. Hence
n n
Example 4: Consider the congruence 33  15(mod 9) or, if one prefers, 3 11  3 5(mod 9). t  x0   qd  r 
x0 
d d
Because gcd(3, 9) = 3, Theorem 3 leads to the conclusion that 11  5 (mod 3). A further n
 x0  nq  r
illustration is given by the congruence – 35  45 (mod 8), which is the same as 5 (–7)  5 9 (mod d
n
8). The integers 5 and 8 being relatively prime, we may cancel the factor 5 to obtain a correct  x0  r  mod n 
d
congruence –7  9(mod 8). with x0+(n /d)r being one of our d selected solutions. This ends the proof.
3.2. Linear Congruences The argument that we gave in Theorem 4 brings out a point worth starting explicitly; If x0
Congruence of the form ax  b(mod n) where a, b, n are integers and x is unknown is called is any solution of ax  b(mod n), then the d = gcd(a, n) incongruent solutions are given by
linear congruence. The solution of this linear congruence is an integer x0 such that n n n
x0 , x0  , x0  2   , , x0   d  1  
a x0  b(mod n). d d  d 

Theorem 4: The linear congruence ax  b(mod n) has a solution if and only if d |b, where d = Corollary 3: If gcd(a, n) = 1, then the linear congruence ax  d(mod n) has a unique solution

gcd (a, n). If d | b, then it has d mutually incongruent solutions modulo n. modulo n.

Proof. We already have observed that the given congruence is equivalent to the linear Given relatively prime integers a and n, the congruence ax  1(mod n) has a unique

Diophantine equation ax – ny = b. From Theorem 8 of Chapter 1, it is known that the latter solution. This solution is sometimes called the (multiplicative) inverse of a modulo n.

equation can be solved if and only if d | b; moreover, if it is solvable and x0, y0 is one specific We now pause to look at two concrete examples.

solution, then any other solution has the form Example 5: First consider the linear congruence 18x  30 (mod 42). Because gcd(18, 42) = 6

n n and 6 divides 30, Theorem 4 guarantees the existence of exactly six solutions, which are
x  x0  t, y  y0  t , for some choice of t.
d d incongruent modulo 42. By inspection, one solution is found to be x = 4. Our analysis tells us
Among the various integers satisfying the first of these formulas, consider those that occur when that the six solutions are as follows:
t takes on the successive values t = 0, 1, 2,…,d – 1: x  4 + (42/6)t  4+7t(mod 42), t = 0, 1,…,5

x0 , x0 
n 2n
, x0  , ...... x0 
 d  1 n or, plainly enumerated,
d d d x  4, 11, 18, 25, 32, 39(mod 42).
We claim that these integers are incongruent modulo n, and all other such integers x are Example 6: Let us solve the linear congruence 9x  21(mod 30). At the outset, because gcd(9,
n n
congruent to some one of them. If it happened that x0  t1  x0  t2  mod n  , where 0  t1 < 30) = 3 and 3 | 21, we know that there must be three incongruent solutions.
d d
One way to find these solutions is to divide the given congruence throughout by 3,
n n
t2  d –1, then we would have t1  t2  mod n  . thereby replacing it by the equivalent congruence 3x  7(mod 10). The relative primeness of 3
d d

25 26
and 10 implies that the latter congruence admits a unique solution modulo 10. Although it is not where dk = gcd (ak, mk). When these conditions are satisfied, the factor dk can be canceled in the
the most efficient method, we could test the integers 0, 1, 2,…,9 in turn until the solution is kth congruence to produce a new system having the same set of solutions as the original one:
obtained. A better way is this: Multiply both sides of the congruence 3x  7(mod 10) by 7 to get a1x  b1  mod n1  , a2 x  b2  mod n2  , , ar x  br  mod nr 
21x  49 (mod 10) which reduces to x  9(mod 10). (This simplification is no accident, for the
where nk = mk /dk and gcd(ni, nj) = 1 for i  j; in addition, gcd  aj , ni   1 .
multiples 0 3, 1 3, 2 3,…,9 3 form a complete set of residues modulo 10; hence, one of them is
The solutions of the individual congruences assume the form
necessarily congruent to 1 modulo 10). But the original congruence was given modulo 30, so that
x  c1 (mod n1), x  c2 (mod n2),…, x  cr (mod nr).
its incongruent solutions are sought among the integers 0, 1, 2,…,29. Taking t = 0, 1, 2 in the
Thus, the problem is reduced to one of finding a simultaneous solution of a system of
formula.
congruences of this simpler type.
x = 9+10t
The kind of problem that can be solved by simultaneous congruences has a long history,
we obtain 9, 19, 29 whence
appearing in the Chinese literature as early as the 1st century A.D sun-Tsu asked; Find a number
x  9 (mod 30) x  19 (mod 30) x  29 (mod 30)
that leaves the remainders 2,3,2 when divided by 3,5,7 respectively. (such mathematical puzzles
are the required three solutions of 9x  21 (mod 30).
are by non means confined to a single cultural sphere; indeed, the same problem occurs in the
A different approach to the problem is to use the method that is suggested in the proof of
28ntroduction Arithmeticae of the greek mathematician Nicomachus, circa 100 AD) In honor of
theorem 4. Because the congruence 9x  21 (mod 30) is equivalent to the linear Diophantine
their early contributions, the rule for obtaining a solution usually goes by the name of the
equation
Chinese Remainder Theorem.
9x – 30y = 21
Theorem 5: (Chinese Remainder Theorem) Let n1, n2,…....nr be positive integers such that
we begin by expressing 3 = gcd(9, 30) as a linear combination of 9 and 30. It is found, either by
gcd(ni, nj ) = 1 for i  j. Then the system of linear congruences.
inspection or by using the Euclidean Algorithm, that 3 = 9(–3) +30 1, so that,
x  a1(mod n1)
21 = 7 3 = 9 (–21) – 30 (–7)
x  a2(mod n2)
Thus, x = –21, y = –7 satisfy the Diophantine equation and, in consequence, all solutions of the
congruence in question are to be found from the formula
x  ar (mod nr)
x = –21 + (30/3)t = –21 +10t.
has a simultaneous solution, which is unique modulo the integer n1n2,…,nr.
The integers x = –21 + 10t, where t = 0, 1, 2, are incongruent modulo 30 (but all are congruent
Proof: We start by forming the product n=n1n2…nr. For each k = 1, 2,…, r, let
modulo 10); thus, we end up with the incongruent solutions.
n
x  –21(mod 30) x  –11(mod 30) x  –1(mod 30) Nk   n1...nk 1nk 1....nr
nk
or, if one prefers positive numbers, x  9, 19, 29 (mod 30).
In words, Nk is the product of all the integers ni with the factor nk omitted. By hypothesis, the ni
3.3. System of linear Congruences
are relatively prime in pairs, so that gcd(Nk, nk) = 1. According to the theory of a single linear
Having considered a single linear congruence, it is natural to turn to the problem of solving a
congruence, it is therefore possible to solve the congruence Nkx  1(mod nk); call the unique
system of simultaneous linear congruences:
solution xk. Our aim is to prove that the integer
a1x  b1(mod m1), a2x  b2(mod m2),…, arx  br (mod mr).
x  a1N1 x1  a2 N 2 x2  ....  ar N r xr
We shall assume that the moduli mk are relatively prime in pairs. Evidently, the system will
admit no solution unless each individual congruence is solvable; that is, unless dk|bk for each k, is a simultaneous solution of the given system.

27 28
First, observe that Ni ≡ 0(mod nk) for i  k, because nk | Ni in this case. The result is Multiplication of both sides of this congruence by 3 gives us
x  a1N1 x1  ......  ar N r xr  ak N k xk (mod nk) k  9k  3 (mod 4)

But the integer xk was choosen to satisfy the congruence, NK x  1(mod nk), which forces so that k = 3 +4j, where j is an integer. Then x = 3(3+4j) = 9+12j
For x to satisfy the last congruence, we must have
x  ak .1  ak  mod nk 
17(9+12j)  9 (mod 23)
This shows that a solution to the given system of congruences exists.
or 204j  –144 (mod 23), which reduces to 3j  6(mod 23); in consequence, j  2 (mod 23). This
As for the uniqueness assertion, suppose that ‘x’ is any other integer that satisfies these
yields j = 2 + 23t, with t an integer, whence
congruences. Then,
x = 9 +12 (2 + 23t) = 33 + 276t
x  ak  x  mod nk  k  1,2,....r
All in all, x  33 (mod 276) provides a solution to the system of congruences and, in turn, a
and so nk | x  x for each value of k. Because gcd(ni, nj) = 1, Corollay 4 of Chapter 1 supplies solution to 17x  9 (mod 276).
us with the crucial point that n1n2 ….. nr| x  x; hence x  x  mod n  . With this, the Chinese Let us now consider linear congruences in two variables; that is congruences of the form
Remainder Theorem is proved. ax+by  c(mod n).
Example 7: Let us solve the system of three congruences In analogy with Theorem 4 such a congruence has a solution if and only if gcd(a, b, n) divides c.
x  2 (mod 3) The condition for solvability holds if either gcd(a, n) = 1 or gcd(b, n) = 1, say gcd(a, n) = 1.

x  3 (mod 5) When the congruence is expressed as

x  2 (mod 7) ax  c – by(mod n)

In the notation of Theorem 5, we have n = 3. 5. 7 = 105 and the Corollary 3 guarantees a unique solution x for each of the n incongruent values of y. Take as

n n n a simple illustration 7x + 4y  5(mod 12), that would be treated as 7x  5 – 4y(mod 12).

Ni   35 N2   21 N3   15
3 5 7 Substitution of y  5 (mod 12) gives 7x  –15 (mod 12); but this is equivalent to –5x  –15 (mod
Now the linear congruences 12) so that x  3 (mod 12), y = 5(mod 12) is one of the 12 incongruent solutions of 7x + 4y 
35x  1 (mod 3) 21x  1 (mod 5) 15x  1 (mod 7) 5(mod 12). Another solution having the same value of x is x  3 (mod 12), y  8 (mod 12).
are satisfied by x1 = 2, x2 =1, x3 = 1, respectively. Thus, a solution of the system is given by The focus of our concern here is how to solve a system of two linear congruences in two
x = 2 35 2+3 21 1+2 15 1 = 233 (mod 105), variables with the same modulus. The proof of the coming theorem adopts the familiar procedure
we get the unique solution x = 233  23 (mod 105). of eliminating one of the unknowns.
Example 8: For a second illustration, let us solve the linear congruence 17x  9 (mod 276) Theorem 6: The system of linear congruences
Because 276 = 3 4 23, this is equivalent to finding a solution for the system of congruences ax  by  r  mod n 
17x  9 (mod 3) or x  0 (mod 3) cx  dy  s  mod n 
17x  9 (mod 4) or x  1 (mod 4) has a unique solution modulo n whenever gcd(ad – bc, n) = 1.
17x  9 (mod 23) or 17x  9 (mod 23) Proof. Let us multiply the first congruence of the system by d, the second congruence by b, and
Note that if x  0 (mod 3), then x = 3k for any integer k. We substitute into the second subtract the lower result from the upper. These calculations yield
congruence of the system and obtain 3k  1 (mod 4).  ad  bc  x  dr  bs  mod n  (2)

29 30
The assumption gcd (ad – bc, n) = 1 ensures that the congruence None of these numbers is congruent modulo p to any other, nor is any congruent to zero. Indeed,
(ad – bc) z  1(mod n) if it happened that
possesses a unique solution; denote the solution by t. When congruence (2) is multiplied by t, we ra  sa (mod p) 1  r < s  p – 1,
obtain. then a could be canceled to give r  s (mod p). Hence a, 2a, …, (p – 1)a mod p are the integers
x  t (dr – bs) (mod n) 1, 2, 3, …, (p – 1) arranged in some different order. Therefore,
A value for y is found by a similar elimination process. That is, multiply the first congruence of ap-1(p – 1)!  (p – 1)!(mod p)
the system by c, the second one by a, and subtract to end up with Once (p – 1)! is canceled from both sides of the preceding congruence (this is possible because
(ad – bc) y  as – cr (mod n). p |  p  1! ) our line of reasoning culminates in the statement that ap-1  1(mod p), which is
Multiplication of this congruence by t leads to
Fermat’s theorem.
y  t (as – cr) (mod n).
This result can be stated in a slightly more general way in which the requirement that p | a is
A solution of the system is now established.
dropped.
We close this section with an example illustrating Theorem 6
Corollary 4: If p is a prime, then ap  a (mod p) for any integer a.
Example 9: Consider the system
Proof. When p | a, the statement obviously holds; for, in this setting, ap  0  a(mod p). If p | a ,
7x + 3y  10(mod 16)
then according to Fermat’s theorem, we have ap-1  1(mod p). When this congruence is
2x + 5y  9(mod 16)
multiplied by a, the conclusion ap  a(mod p) follows.
Because gcd(7 5 – 2 3, 16) = gcd(29, 16) = 1, a solution exists. It is obtained by the method
Theorem 8: Let p1, p2, … , pk be any distinct primes, a any positive integer, and l = [p1 – 1,
developed in the proof of Theorem 6. Multiplying the first congruence by 5, the second one by
p2 – 1, …, pk – 1]. Then al + 1 ≡ a(mod p1p2…pk).
3, and subtracting, we arrive at
Proof: By Fermat’s theorem, a pi 1  1(mod pi ), where 1 i k. Since pi – 1 | l, this implies
29x  5.10 – 3.9  23(mod 16)
or, what is the same thing, 13x  7 (mod 16). Multiplication of this congruence by 5 (noting that (a pi 1 )l /( pi 1)  1(mod pi ); that is, al ≡ 1(mod pi). Thus al + 1 ≡ a(mod pi). Consequently, al + 1 ≡

5 13  1(mod 16)) produces x  35  3(mod 16). When the variable x is eliminated from the a(mod [p1, p2, …, pk]); that is al + 1 ≡ a(mod p1p2…pk).
system of congruences in a like manner, it is found that Fermat’s theorem has many applications and is central to much of what is done in
29y  7 9 – 2 10  43(mod 16) number theory. In the least, it can be a labor – saving device in certain calculations. If asked to

But, then 13y  11 (mod 16), which upon multiplication by 5, results in y  55  7(mod 16). The verify that 538  4 (mod 11), for instance, we take the congruence 510  1 (mod 11) as our starting

unique solution of our system turns out to be point. Knowing this,

538  51038  510  52   1  34  81  4  mod 11

3 4
x  3 (mod 16) y  7 (mod 16)
3.4. Fermat’s Little Theorem
as desired. Another use of Fermat’s theorem is as a tool in testing the primality of a given integer
Theorem 7: Let p be a prime and suppose that p | a. Then
n. If it could be shown that the congruence a n  a  mod n  fails to hold for some choice of a,
a p-1
 1 (mod p).
then n is necessarily composite. As an example of this approach, let us look at n = 117. The
Proof. We begin by considering the first p-1 positive multiples of a ; that is, the integers
computation is kept under control by selecting a small integer for a, say, a = 2. Because 2117
a, 2a, 3a, …(p – 1)a.
may be written as 2117  27.165   27  25 and 27  128  11 mod117  .
16

31 32
We have 2117  1116  25  121 25  48  25  221  mod 117  .
8 Conversely, when n has the factorization n = ab, with a ≥ b ≥ 1, then we may write
2 2
ab ab
But 221   27  , which leads to 221  113  121.11  4.11  44  mod117  .
3
n    .
 2   2 
Combining these congruences, we finally obtain 2117  44  2  mod 117  Moreover, because n is taken to be an odd integer, a and b are themselves odd; hence (a + b) / 2
so that 117 must be composite; actually, 117 = 13 9. and (a – b) / 2 will be non-negative integers.
It might be worthwhile to give an example illustrating the failure of the converse of Fermat’s For example, consider n = 8051. Now, 8051 can be written as 8051 = 902 – 72. Hence, 8051 =

theorem to hold, in other words, to show that if a n1  1 mod n  for some integer a such that 83 × 97.
Observe that (3) can be written as x 2  n  y 2
gcd(a, n) = 1, then n need not be prime. As a prelude we require a technical lemma.
Lemma 1: If p and q are distinct primes, with Set k = [n] + 1, where [ ] denotes the greatest integer function. Then, look successively at the
numbers k2 – n, (k+1)2 – n, (k+2)2 – n, (k+3)2 – n, … until a value of m is found such that m2 – n
a p  a  mod q  and a q  a  mod p  , then a pq  a  mod pq  .
is a square. The process cannot go on indefinitely, because we eventually arrive at
Proof. The last corollary tells us that  a q   a q  mod p  , whereas aq  a(mod p) holds by
p
2 2
 n 1  n 1
  n   .
hypothesis. Combining these congruences, we obtain a pq  a  mod p  or, in different terms,  2   2 
The representation of n corresponding to the trivial factorization n = n 1. In this case, we have
p | a pq  a. In an entirely similar manner, p | a pq  a. Corollary 4 of Chapter 1 now yields
trivial divisors 1 and n and hence n is prime.
pq | a pq  a, which can be recast as a pq  a  mod pq  .
Fermat used the procedure just described to factor
Our contention is that 2340  1 mod 341 , where 341  11  31. 2027651281 = 44021 46061

In working toward this end, notice that 2  1024  31.33  1

10 in only 11 steps, as compared with making 4580 divisions by the odd primes up to 44021.
Example 10: Let n = 10541. Then [ n ]  1  103. Therefore, we have to consider the values
Thus, 211  2  210  2 1  2  mod 31 and 231  2  210   2 13  2  mod 11
3

k2 – 10541 for k ≥ 103. Taking k = 103, 104, … we have

Exploiting the lemma, 21131  2  mod 11.31 or 2341  2  mod 341 .
1032 – 10541 = 68
After cancelling a factor of 2, we pass to 2340  1 mod 341 , so that the converse to Fermat’s 1032 – 10541 = 275
theorem is false. 1032 – 10541 = 484 = 222.
3.5. Fermat’s Factorization Technique Last relation gives
In Chapter 2, we have seen that in order to find the factors of an odd composite integer, trial 10541 = 1032 – 222 = (105 + 22) (105 – 22) = 127 × 83.
division could be used. But trial division becomes impractical if the number has more than Example 11: Let n = 23449. [ n ]  1  154. Therefore, we have to consider the values k2 –
twelve digits. 23449 for k ≥ 154. Taking k = 154, 155, … we have
Fermat’s factorization scheme has at its heart the observation that the search for factors of 1542 – 23449 = 267
an odd integer n is equivalent to obtaining integral solutions x and y of the equation 1552 – 23449 = 576 = 242.
nx y2 2
(3) The last relation gives

If n is the difference of two squares, then n can be factored as n  x  y  ( x  y )( x  y ).

2 2 23449 = 1552 – 242 = (155 + 24) (155 – 24) = 179 × 131.

33 34
 In the 1920s Maurice Kraitchik came up with an interesting enhancement of Fermat’s A short search reveals that
difference-of-squares technique, and it is this enhancement that is at the basis of most modern 1122 – 12499 = 45
factoring algorithms. Instead of trying to find integers a and b with a2 – b2 equal to n, Kraichik 1172 – 12499 = 1190
2 2 2 2
reasoned that it might suffice to find a and b with a – b equal to a multiple of n, that is a ≡ b 1212 – 12499 = 2142
(mod n). Such a congruence can have uninteresting solutions, those where a ≡ ±b(mod n), and Or, written as congruences,
interesting solutions, where a  b(mod n) . In fact, if n is odd and divisible by at least two 1122 ≡ 32 · 5 (mod 12499)
different primes, then at least half of the solutions to a2 ≡ b2 (mod n), with ab coprime to n, are of 1172 ≡ 2 · 5 · 7 · 17 (mod 12499)
the interesting variety. And for an interesting solution a, b, the greatest common factor of 1212 ≡ 2 · 32 · 7 · 17 (mod 12499)
gcd(a – b, n) must be a non-trivial factor of n. Indeed, n divides a2 – b2 = (a – b)(a + b) but Multiplying these together results in the congruence
neither factor. So n must be somehow split between a – b and a + b. (112 · 117 · 121)2 ≡ (2 · 32 · 5 · 7 · 17)2 (mod 12499)

Example 12: Let us use Kraitchik’s method to factor n = 2041. [ n ]  1  462. Consider the that is,
15855842 ≡ 107102 (mod 12499)
sequence of numbers Q( x)  x 2  n for n = 46, 47, …, we get
But we are unlucky with this square combination. Because
75, 168, 263, 360, 459, 560, ….
1585584 ≡ 10710 (mod 12499)
So far no squares have appeared. Let us find several numbers x with the product of the
only a trivial divisor of 12499 will be found. To be specific,
corresponding numbers Q(x) equal to a square. For if Q(x1) Q(x2) Q(xk) = b2 and x1 x2 xk =
gcd(1585584 + 10710, 12499) = 1
b, then
gcd(1585584 – 10710, 12499) = 12499
a 2  x12  x12 x12  ( x12  n ) ( x12  n )
After further calculation, we notice that
 Q( x1 ) Q( xk )  b2 (mod n );
1132 ≡ 2 · 5 · 33 (mod 12499)
2 2
That is, we have found a solution to a ≡ b (mod n). But how to find the set x1, x2, …, xk? 1272 ≡ 2 · 3 · 5 · 112 (mod 12499)
Consider the numbers Q(x) which factor very easily: which gives rise to the congruence
75 = 3 × 52 168 = 23 × 3 × 7 360 = 23 × 32 × 5 560 = 24 × 5 × 7 (113 · 127)2 ≡ (2 · 32 · 5 · 11)2 (mod 12499)
10 4 4 2
Then, clearly the product of these four numbers is 2 × 3 × 5 × 7 , a square. Thus, we have This reduces modulo 12499 to
a  46  47  49  51  311(mod 2041) 18522 ≡ 9902 (mod 12499)
and and fortunately 1852  990(mod12499) . Calculating
b  25  32  52  7  1416(mod 2041) . gcd(1855 – 990, 12499) = gcd(862 , 12499) = 431
Notice that 311  1416(mod 2041) . Then gcd(1416 – 311, 2041) = 13 and so 2041 = 13 × 157. produces the factorization 12499 = 29 · 431.
Example 13: Let n = 12499 be the integer to be factored. The first square just larger than n is
3.6. Summary
1122 = 12544. So we begin by considering the sequence of numbers x2 – n for x = 112, 113, ….
In this chapter we studied the properties of congruences and learned to solve a system of linear
As before, our interest is in obtaining a set of values x1,x2,…..xk for which the product (xi –
congruences using Chinese remainder theorem. Also, we proved one of the most celebrated
n)…(xk – n) is a square, say y2. Then (x1…xk)2 ≡ y2(mod n), which might lead to a nontrivial
theorem “Fermat’s little theorem”. At the end of the chapter we learned to factorize a given
factor of n.
integer using Fermat’s factorization technique.

35 36
3.7. Keywords 14. Use Fermat’s theorem to verify that 17 divides 11104 + 1.
Congruence, modulo, residue, remainder, linear congruence, incongruent solution, pairwise 15. If 7 | a , then prove that either a3 + 1 or a3 – 1 is divisible by 7.
relatively prime. 16. Prove that 18351910 + 19862061 ≡ 0(mod 7).

3.8. Exercises 17. Employ Fermat’s theorem to prove that if p is an odd prime, then

1. Prove that if a ≡ b(mod m) and n | m, then a ≡ b(mod n). Also prove that gcd(a, m) = a. 1p – 1 + 2p – 1 + 3p – 1 + … + (p – 1)p – 1 ≡ –1(mod p)

gcd(b, m). b. 1p + 2p + 3p + … + (p – 1)p ≡ 0(mod p).

2. Find the remainder when 214 is divided by 17 and 3100 is divided by 5. 18. Use Fermat’s method to factor each of the following numbers: (a) 2279 (b) 10541

3. Compute the multiplicative inverse of 160 modulo 841. 19. For any integer a

4. What is the remainder when a. a7 ≡ a(mod 42)

15 + 25 + 35 + … + 995 + 1005 b. a19 ≡ a(mod 57)

is divided by 4? c. a31 ≡ a(mod 77).

5. Prove that the integer 53103 + 10353 is divisible by 39. 20. Use Kraichik’s mdthod to factor 20437.

6. Give an example to show that ak ≡ bk(mod n) and k ≡ j(mod n) need not imply that aj ≡
bj(mod n). 3.9. References

7. Find the last two digits in the decimal value of 17761976. 1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2
8. Prove that n + n ≡ 0(mod 2). 2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier

9. Solve the following linear congruences: 3. Basic Number Theory, S. B. Malik, Vikas Publications

a. 25x ≡ 10(mod 29) 4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

b. 5x ≡ 2(mod 26)
c. 140x ≡ 133(mod 301)
d. 9x ≡ 12(mod 15)
e. 30x ≡ 52(mod 49).
10. Solve each of the following sets of simultaneous congruences:
a. x ≡ 1(mod 3), x ≡ 2(mod 5), x ≡ 3(mod 7)
b. x ≡ 5(mod 11), x ≡ 14(mod 29), x ≡ 15(mod 31)
c. 2x ≡ 1(mod 5), 3x ≡ 9(mod 6), 4x ≡ 1(mod 7), 5x ≡ 9(mod 11).
11. Solve the linear congruence 17x ≡ 3(mod 2 3 5 7).
12. Prove that the congruences x ≡ a(mod n) and x ≡ b(mod m) admits a simultaneous
solution if gcd(n, m) | a – b.
13. Find the solutions of the system of congruences:
3x + 4y ≡ 5(mod 13)
2x + 5y ≡ 7(mod 13).

37 38
 UNIT – 4 congruences are multiplied together and the factors rearranged, we get 2 3 … (p – 2)  1 (mod
p) or rather (p – 2)!  1(mod p).
EULER’S THEOREM AND WILSON’S THEOREM
Now multiply by p – 1 to obtain the congruence ( p  1)!  p  1  1(mod p) as was to be
proved.
Structure:
Example 1: A concrete example should help to clarify the proof of Wilson’s theorem.
4.0. Objective
Specifically, let us take p = 13. It is possible to divide the integers 2, 3,…,11 into (p – 3) /2 = 5
4.1. Wilson’s Theorem
pairs, each product of which is congruent to 1 modulo 13. To write these congruences out
4.2. Euler’s Totient Function
explicitly:
4.3. Euler’s Theorem
2 7  1(mod 13)
4.4. Summary
3 9 1 (mod 13)
4.5. Keywords
4 10 1 (mod 13)
4.6. Exercises
5 8  1 (mod 13)
4.7. References
6 11 1 (mod 13)

4.0. Objective: Multiplying these congruences gives the result

The objective of this chapter is to prove two important theorems, one is Wilson’s theorem and 11! = (2 7) (3 9) (4 10) (5 8) (6 11)  1(mod 13),

another is Euler’s theorem. In order to prove Euler’s theorem which has many applications, we and so,

introduce Euler’s Totient function and study some of its properties. 12!  12  –1(mod 13)
Thus, (p – 1)!  –1(mod p), with p = 13.
4.1. Wilson’s Theorem The converse of Wilson’s theorem is also true. If (n – 1)!  –1(mod n), then n must be
Theorem 1: If p is a prime, then (p – 1)!  –1 (mod p). prime. For, if n is not a prime, then n has a divisor d with 1 < d < n. Furthermore, because d  n
Proof: Dismissing the cases p = 2 and p = 3 as being evident, let us take p > 3. Suppose that a – 1, d occurs as one of the factors in (n – 1)!, whence d | (n – 1)!. Now we are assuming that n |
is any one of the p – 1 positive integers 1, 2, 3,…, p – 1 and consider the linear congruence (n – 1)!+1, and so d | (n – 1)!+1, too. The conclusion is that d | 1, which is nonsense.
ax  1(mod p). Taken together, Wilson’s theorem and its converse provide a necessary and sufficient
Then gcd(a, p) = 1. By Theorem 4 of Chapter 3, this congruence admits a unique solution condition for determining primality; namely, an integer n > 1 is prime if and only if (n – 1)! 
modulo p; hence, there is a unique integer a′, with 1  a′  p – 1, satisfying aa′  1 (mod p). –1(mod n). Unfortunately, this test is of more theoretical than particle interest because as n
Because p is prime, a = a′ if and only if a =1 or a = p – 1. Indeed, the congruence a2 1 (mod p) increases, (n – 1)! rapidly becomes unmanageable in size.
is equivalent to (a – 1) (a+1)  0 (mod p). Therefore, either a – 1  0 (mod p), in which case a = We now give an application of Wilson’s theorem to the study of quadratic congruences. [It is

1, or a +1  0(mod p), in which case a = p – 1. understood that quadratic congruence means a congruence of the form ax 2  bx  c  0  mod n  ,
If we omit the numbers 1 and p – 1, the effect is to group the remaining integers 2, 3,…,p – 2 with a  0  mod n ].
into pairs a, a′, where a  a′, such that their product aa′  1(mod p). When these (p – 3) / 2
Theorem 2: The quadratic congruence x 2  1  0  mod p  where p is an odd prime, has a

solution if and only if p  1 (mod 4).

39 40
Proof. Let a be any solution of x 2  1  0  mod p  , so that a 2  1 mod p  . Because p | a the 4.2. Euler’s Totient Function
Let us now prove another famous theorem “Euler’s Generalized Theorem”. To prove this
outcome of applying Fermat’s theorem is
theorem we need some preparations.
1  a p1   a 2 
 p 1/2  p 1/2
  1  mod p 
Definition 1: For n  1, let (n) denote the number of positive integers not exceeding n that are
The possibility that p = 4k +3 for some k does not arise. If it did, we would have relatively prime to n.
 1
p 1 /2
  1
2 k 1
 1 As an illustration of the definition, we find that (30) = 8; for, among the positive

Hence, 1  –1(mod p). The net result of this is that p | 2, which is false. Therefore, p must be of integers that do not exceed 30, there are eight that are relatively prime to 30; specifically, 1, 7,

the form 4k+1. 11, 13, 17, 19, 23, and 29.

Now, for the opposite direction, in the product Similarly, for the first few positive integers, the reader may check that

p 1 p 1 (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6, …

 p  1!  1  2... . ...  p  2  p  1
2 2 Notice that (1) =1, because gcd(1, 1) = 1. In the event n > 1, gcd(n, n) = n  1, so that (n) can
we have the congruences be characterized as the number of integers less than n and relatively prime to it. The function  is
p  1  1(mod p ) usually called the Euler’s phi - function (sometimes, the indicator or totient) after its originator.
p  2  2  mod p  The functional notation (n), however, is credited to Gauss.
If n is a prime number, then every integer less than n is relatively prime to it; whence,
p 1 p 1
  mod p  . (n) = n – 1. On the other hand, if n > 1 is composite, then n has a divisor d such that 1 < d < n. It
2 2
Rearranging the factors produces follows that there are at least two integers among 1,2,3, …, n that are not relatively prime to n,

p 1  p 1 namely, d and n itself. As a result, (n)  n – 2. This proves that for n > 1, (n) = n – 1 if and
 p  1!  1   1 .2.  2  ... .    mod p 
2  2  only if n is prime.
2
 p 1 /2  p 1 The first item on the agenda is to derive a formula that will allow us to calculate the value
  1  1.2...   mod p  .
 2  of (n) directly from the prime-power factorization of n. A large step in this direction stems from
Because there are (p – 1)/2 minus sings involved, it is at this point that wilson’s theorem can be Theorem 3.
brought to bear. For, (p – 1)!  –1(mod p), whence Theorem 3. If p is a prime and k > 0, then
2
 p  1    1
1   1
 p 1/2
 2 !  mod p  .
  p k   p k  p k 1  p k 1 
   p 

If we assume that p is of the form 4k +1, then (-1)(p-1)/2 =1, leaving us with the congruence Proof. Clearly gcd(n, pk) = 1 if and only if p | n . There are pk-1 integers between 1 and pk

 p  1  
2
divisible by p, namely, p, 2p, 3p ,…, (pk-1)p. Thus, the set {1,2,…,pk} contains exactly pk –pk–1
1   ! (mod p).
 2   integers that are relatively prime to pk, and so by the definition of the phi-function, (pk) = pk –
pk-1.
The conclusion is that the integer  p  1 / 2 ! satisfies the quadratic congruence x2+1 = 0 (mod p).
For an example, we have   9     32   32  3  6 the six integers less than and

relatively prime to 9 being 1, 2, 4, 5, 7, and 8. To give a second illustration, there are 8 integers

41 42
that are less than 16 and relatively prime to it; they are 1, 3, 5, 7, 9, 11, 13, and 15. Theorem 3 Before embarking on the details, it is worth commenting on the tactics to be adopted; Because
yields the same count;  16     2 4
2 4
 2  16  8  8 . We now know how to evaluate the
3 gcd(qm + r, m) = gcd(r, m), the numbers in the rth column are relatively prime to m if and only if
r itself is relatively prime to m. Therefore, only (m) columns contains integers relatively prime
phi-function for prime powers, and our aim is to obtain a formula for (n) based on the
to m, and every entry in the column will be relatively prime to m. The problem is one of showing
factorization of n as a product of primes. The missing link in the chain is obvious; show that  is
that in each of these there are exactly (n) integers that are relatively prime to n: for then
a multiplicative function. We pave the way with an easy lemma.
altogether there would be (m)(n) numbers in the table that are relatively prime to both m and n.
Now the entries in the rth column (where it is assumed gcd(r, m) = 1) are
Lemma 1: Given integers a, b, c, gcd(a, bc) =1 if and only if gcd (a, b) =1 and gcd (a, c) =
r, m+r, 2m+r, …, (n – 1)m+r.
Proof: First suppose that gcd(a, bc) =1, and put d = gcd(a, b). Then d | a and d | b whence d | a
There are n integers in this sequence and no two are congruent modulo n. If
and d | bc. This implies that gcd(a, bc)  d, which forces d = 1. Similar reasoning gives rise to the
km+r  jm +r (mod n) with 0  k < j < n,
statement gcd(a, c)=1.
it would follow that
For the other direction, take gcd(a, b) =1 = gcd(a, c) and assume that gcd(a, bc) = d1 > 1.
Then d1 must have a prime divisor p. Because d1 | bc, if follows that p | bc; in conseqence, p | b or km  jm (mod n).
Because gcd(m, n) = 1, we could cancel m from both sides of this congruence to arrive at the
p | c. If p | b, then (by virtue of the fact that p | a) we have gcd(a, b)  p, a contradiction. In the
contradiction that k  j (mod n).
same way, the condition p | c leads to the equally false conclusion that gcd(a, c)  p. Thus, d1 = 1
Thus, the numbers in the rth column are congruent modulo n to 0, 1, 2,…,n – 1 in some order.
and the lemma is proven.
Note: Any function whose domain of definition is the set of positive integers is said to be a But if s  t(mod n), then gcd(s, n) = 1 if and only if gcd(t, n) = 1. The implication is that the rth

number-theoretic (or arithmetic) function. column contains as many integers that are relatively prime to n as does the set (0, 1, 2,…,n-1),

Definition 2: A number-theoretic function f is said to be multiplicative if namely, (n) integers. Therefore, the total number of entries in the array that are relatively prime

f(mn) = f(m)f(n) to both m and n is (m) (n). This completes the proof of the theorem.
whenever gcd(m, n) = 1. With these preliminaries in hand, we now can prove Theorem 5.

Theorem 4: The function  is a multiplicative function. Theorem 5: If the integer n > 1 has the prime factorization n  p1k1 p2k2 prkr , then
Proof: It is required to show that (mn) = (m) (n), whenever m and n have no common factor.     1 
  n    p1k  p1k 1  p2k  p2k 1  ....  prk  prk
1 1 2 2 r r 1
  n 1  p1 1  p1  1  
Because (1) = 1, the result obviously holds if either m or n equals 1. Thus, we may assume that  1  2   pr 
m > 1 and n > 1. Arrange the integers from 1 to mn in m columns of n integers each, as follows: Proof: We intend to use induction on r, the number of distinct prime factors of n. By Theorem 3,
1 2 r m result is true for r =1. Suppose that it holds for r = i. Because
m 1 m2 mr 2m
2m  1 2m  2 2m  r 3m

gcd p1k1 p2k2 
piki , piki 11  1

the definition of multiplicative function gives

(n  1)m  1 ( n  1)m  2 ( n  1) m  r nm   p
k1
1   
p1ki piki 11   p1k1   
piki  piki 11   p1k1  piki  p ki 1
i 1  piki 11 1 
We know that (mn) is equal to the number of entries in this array that are relatively prime to
Invoking the induction assumption, the first factor on the right-hand side becomes
mn: by virtue of the lemna, this is the same as the number of integers that are relatively prime to
  p1k p2k
1 2

piki   p1k1  p1k11  p2k2  p2k21  p
ki
i  piki 1 
both m and n.

43 44
and this serves to complete the induction step, and the proof. Proof: Observe that no two of the integers aa1, aa2,…,aa(n) are congruent modulo n. For if aai 
Example 2: Let us calculate the value (360),for instance. The prime power decomposition of aaj(mod n), with 1  i < j  (n), then the cancellation law yields ai  aj (mod n), and thus ai = aj,
360 is 23. 32.5, and Theorem 5 tells us that a contradiction. Furthermore, because gcd(ai, n) = 1 for all i and gcd(a, n) = 1, the Lemma 1
 1  1  1 guarantees that each of the aai is relatively prime to n.
  360   360 1   1   1  
2 3 5  Fixing on a particular aai, there exist a unique integer b, where 0  b < n, for which aai 
1 2 4
 360. . .  96 b(mod n). Because gcd(b, n) = gcd (aai, n) =1, b must be one of the integers a1, a2,…,a(n). All
2 3 5
this proves that the numbers aa1, aa2,…, aa(n) and the numbers a1, a2,…,a(n) are identical
Apart from (1) and (2), the values of (n) in our examples are always even. This is no
(modulo n) in a certain order.
accident, as the next theorem shows.
Theorem 7: (Euler) If n  1 and gcd (a, n) = 1, then a(n)  1 (mod n).
Theorem 6: For n > 2, (n) is an even integer.
Proof: There is no harm in taking n > 1. Let a1, a2,…,a(n) be the positive integers less than n that
Proof: First, assume that n is a power of 2, let us say that n = 24, with k  2. By Theorem 5
are relatively prime to n. Because gcd (a, n) =1, it follows from the lemma that aa1, aa2,…,aa(n)
 1
  n     2k   2k 1    2k 1 are congruent, not necessarily in order of appearance, to a1, a2,…,a(n) Then,
2 
an even integer. If n does not happen to be a power of 2, then it is divisible by an odd prime p; aa1  a1  mod n 

we therefore may write n as n = pkm, where k 1 and gcd (pk, m) = 1. Exploiting the aa2  a2  mod n 

multiplicative nature of the phi-function, we obtain

aa  n   a ( n )  mod n 
  n     p k    m   p k 1  p  1   m  , which again is even because 2 | p-1.
where a1 , a2 .....a  n  are the integers a1, a2,…,a(n) in some order. On taking the product of these

4.3. Euler’s Theorem (n) congruences, we get

As remarked earlier, the first published proof of Fermat’s theorem (namely that of  aa1  aa2  aa     aa ...a   mod n  a a ...a    mod n 
 n 1 2  n 1 2  n

a p1  1 mod p  if p | a ) was given by Euler in 1736. Somewhat later, in 1760, he succeeded in
and so
generalizing Fermat’s theorem from the case of a prime p to an arbitrary positive integer n. This
n
 
a  n  a1a2 ...a  n   a1a2 ...a  n   mod n  .
landmark result states: If gcd(a, n) = 1, then a  1 (mod n).
Because gcd (ai, n) = 1 for each i, the Lemma 1, implies that gcd(a1a2 ...a(n), n) = 1. Therefore,
For example, for n = 30 and a = 11, we have
we may cancel both sides of the foregoing congruence by the common factor a1a2 ....a(n),
11 30  118  112   121  14  1 mod 30 
4 4

 1 mod n .
n
leaving us with a
As a prelude to lunching our proof of Euler’s generalization of Fermat’s theorem, we require a
For example, let n = 9. Then the positive integers less than and relatively prime to 9 are
preliminary lemma.
1, 2, 4, 5, 7, and 8. These play the role of the integers a1, a2, …, a(n) in the proof of Theorem 7.
Lemma 2: Let n > 1 and gcd (a,n) =1. If a1, a2,…,a(n) are the positive integers less than n and
If a = –4, then the integers aai are –4, –8, –16, –20, –28, –32 where, modulo 9,
relatively prime to n, then aa1, aa2,…,aa(n) are congruent modulo n to a1, a2,…,a(n) in some
–4  5 –8  1 –16  2 –20  7 –28  8 –32  4
order.
When the above congruences are all multiplied together, we obtain.
(–4) (–8) (–16) (–20) (–28)(–32)  5 1 2 7 8 4 (mod 9),

45 46
which becomes holds. Noting that (n) is divisible by   piki  , we may raise both sides of Eq(1) to the power
6
(1 2 4 5 7 8) (–4)  (1 2 4 5 7 8 4) (mod 9).
 (n) /   pik i
 and arrive at
Being relatively prime to 9, the six integers 1, 2, 4, 5, 7, and 8 may be canceled successively to
give 
a  n   1 mod piki  i  1,2, ,r
6
(–4)  1 (mod 9). Inasmuch as the moduli are relatively prime, this leads us to the relation
The validity of this last congruence is confirmed by the calculation: 
a  n   1 mod piki p2k2 .... prkr 
6 6 2 2
(–4)  4  (64) 1  1 (mod 9).
 1 mod n  .
n
or a
Note that Theorem 7 does indeed generalize the one credited to Fermat, which we proved earlier.
For if p is a prime, then (p) = p – 1; hence, when gcd(a, p) = 1, we get Corollary 3: Let a be any integer and n  p1k1 p2k2 ... prkr . Let l  [ ( piki ),  ( p2k2 ), ,  ( prkr )] . Then

al + 1 ≡ a(mod n).
a p1  a    1 mod p 
p

and so we have the following corollary. 4.4. Summary

Corollary 1: (Fermat) If p is a prime and p | a then a p1  1 mod p  In this chapter we proved two important theorems: Wilson’s theorem and Euler’s generalization
Example 3: Euler’s theorem is helpful in reducing large powers modulo n. To cite a typical of Fermat’s theorem. Also we studied some of the properties of Euler’s Phi function.
example, let us find the last two digits in the decimal representation of 3 256
. This is equivalent to 4.5. Keywords
obtaining the smallest nonegative integer to which 3 256
is congruent modulo 100. Because Phi function, quadratic congruence, number theoretic function, multiplicative function.
gcd(3, 100) = 1 and 4.6. Exercises

 1  1 1. Find the remainder when 15! Is divided by 17.

 100     22  52   100 1  1    40
2 5    2. Show that 18! ≡ –1(mod 437).

Euler’s theorem yields 3 40

 1(mod 100). By the Division Algorithm, 256= 6 40+16: whence 3. If p is prime number, then prove that (p – 1)! ≡ (p – 1)(mod 1 + 2 + 3 + + (p – 1)).

3 256
 3 6 40+16 40 6 16
 (3 ) 3 16
 3 (mod 100) and our problem reduces to one of evaluating 3 , 16 4. If p is a prime, prove that for any integer a,

modulo 100. The method, of successive squaring yields the congruences. p | ap + (p – 1)! a and p | ap (p – 1)! + a.
5. Using Wilson’s theorem, prove that for any odd prime p,
32  9  mod 100 34  81 mod100  38  61 mod100  316  21 mod100  .
12 32 52 (p – 2)2 ≡ (–1)(p + 1)/2(mod p).
Hence, 2 and 1 are the last two digits in the decimal representation of 3256.
6. Prove that the odd prime divisors of the integer n2 + 1 are of the form 4k + 1.
Corollary 2: Let gcd (a, n) = 1 and n have the prime–power factorization n  p1k1 p2k2 ... prkr . Then
7. Find ϕ(360), ϕ(1001), ϕ(5040).

a  n   1 mod piki  i  1,2, ,r 8. Prove in each of the following cases:

Proof: In view of what already has been proved, each of the congruences a. If n is an odd integer, then ϕ(2n) = ϕ(n)
b. If n is an even integer, then ϕ(2n) = 2ϕ(n)

   1 mod p k c. ϕ(3n) = 3ϕ(n) if and only if 3 | n.

 pi
 
ki

a i
i
i  1, 2, ,r (1)
9. Prove that if the integer n has r distinct prime factors, then 2r | ϕ(n).
10. Prove that the equation ϕ(n) = ϕ(n + 2) is satisfied by n = 2(2p – 1) whenever p and
2p – 1 are both odd primes.

47 48
 11. Prove or disprove each:
a. ϕ(gcd(a, b)) = gcd(ϕ(a), ϕ(b))
b. ϕ([a, b]) = [ϕ(a), ϕ(b)].
12. Use Euler’s theorem to establish the following: For any integer a
a. a37 ≡ a(mod 1729)
b. a13 ≡ a(mod 2730)
c. a33 ≡ a(mod 4080).
13. Using Euler’s theorem, prove that for n ≥ 0
51 | 1032n + 9 – 7.
14. Using Euler’s theorem find the remainder when 71020 is divided by 15.
15. If m and n are relatively prime positive integers, prove that mϕ(n) + nϕ(m) ≡ 1 (mod mn).

4.7. References
BLOCK – II
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications
NUMBER THEORETIC FUNCTIONS
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
&
THEIR APPLICATIONS

49

50
 UNIT – 5 With this understanding,  and  may be expressed in the form
  n   1 &   n    d .
MULTIPLICATIVE FUNCTIONS  AND  , MÖBIUS FUNCTION AND d |n d |n

MÖBIUS INVERSION FORMULA The notation  d |n 1, in particular, says that we are to add together as many 1’s as there are

Structure: positive divisors of n. To illustrate; the integer 10 has the four positive divisors 1, 2, 5, 10.
Whence
5.0. Objective
 10   1  1  1  1  1  4 and  10    d  1  2  5  10  18.
5.1. (n) and (n) functions d |10 d |10

5.2. Multiplicative function Theorem 1: If n  p p ... p is the prime factorization of n > 1, then the postive divisors of
k1 k2 kr
1 2 r
5.3. The MÖbius inversion formula
n are precisely those integers d of the form d  p1a1 p2a2 ... prar , where 0  ai  ki i  1,2, ,r
5.4. Summary
5.5. Keywords Proof. Note that the divisor d = 1 is obtained when a1 = a2= … = ar = 0, and n itself occurs

5.6. Exercises when a1 = k1, a2 = k2 = … = ar = kr. Suppose that d divides n nontrivially; say, n = dd′,

5.7. References where d > 1, d′ > 1. Express both d and d′ as products of (not necessarily distinct) primes:
d = q1q2 … qs d′ =t1t2 … tu

5.0. Objective with qi, tj prime. Then

The objective of this chapter is to study a special class of functions on the set of integers p1k1 p2k2 prkr  q1 qst1 tu
called multiplicative functions. These functions play an important role in the study of are two prime factroization of the positive integer n. By the uniqueness of the prime
divisibility properties of integers and the distribution of primes. factorization, each prime qi must be one of the pj. Collecting the equal primes into a single
integral power, we get.
5.1. (n) and (n) functions
d  q1q2 qr  p1a1 p2a2 ... prar
Definition 1: Given a positive integer n, let (n) denote the number of positive divisors of n
where the possibility that ai = 0 is allowed.
and (n) denote the sum of these divisors.
Conversely, every number d  p1a1 p2a2 ... prar  0  ai  ki  turns out to be a divisor of n. For we
For an examples of these notions, consider n = 12. Because 12 has positive divisors 1, 2, 3, 4,
can write
6, and 12, we find that
(12) = 6 and (12) = 1+2+3+4+6+12 = 28. For the first few integers, n  p1k1 p2k2 ... prkr

(1) = 1 (2) = 2 (3) = 2  (4) = 3 (5) = 2 (6) = 4,… and  p1a1 p2a2 ... prar  p1k1 a1 p2k2 a2 ... prkr ar 
 dd 
(1) = 1, (2) = 3, (3) = 4, (4) = 7, (5) = 6, (6) = 12,…
with d   p1k1 a1 p2k2 a2 .... prkr ar and ki  ai  0 for each i. Then d   0 and d | n
It is not difficult to see that (n) = 2 if and only if n is a prime number; also, (n) =
We put this theorem to work at once.
n+1 if and only if n is a prime.
Before studying the functions  and  in more detail, we wish to introduce notation
Theorem 2: If n  p1k1 p2k2 .... prkr is the prime factroization of n > 1, then
that will clarify a number of situations later. It is customary to interpret the symbol  f  d 
d /n
(a)   n    k1  1 k2  1 ....  kr  1 ,
to mean, “sum the values f(d) as d runs over all the positive divisors of the positive integer n”.
p1k1 1  1 p2k2 1  1 prkr 1  1
(b)   n  
For instance, we have  f  d   f 1  f  2   f  4  f 5  f 10  f  20
d |20
p1  1 p2  1
....
pr  1

51 52
Proof. According to Theorem 1, the positive divisors of n are precisely those integers One of the more interesting properties of the divisor function  is that the product of the
d  p p ... p positive divisors of an integer n >1 is equal to n  n /2 .
a1 a2 ar
1 2 r

where 0  ai  ki. There are k1 + 1 choices for the exponent a1; k2 + 1 choices for a2, … ; and It is not difficult to get at this fact: Let d denote an arbitrary positive divisor of n, so

kr + 1 choices for ar. Hence, there are  k1  1 k2  1 ...  kr  1 possible divisors of n. that n = dd′ for some d′. As d ranges over all (n) positive divisors of n, (n) such equations
occur. Multiplying these together, we get,
To evaluate (n), consider the product
 d   d .
 n

1  p  p  ....  p1k1 1  p2  p22  ...  p2k2  .... 1  pr  pr2  ...  prkr  .
2
n
1 1 d |n d |n

Applying the formula for the sum of a finite geometric series to the i factor on the right- th
But as d runs through the divisors of n, so does d′; hence,  d   d .
d |n d |n
hand side, we get,
2
 
piki 1  1 The situation is now this: n  n     d  Or equivalently n ( n )/2   d .
1  pi  pi2  ...  piki  .  d |n 
pi  1 d |n

The reader might (or, at any rate, should) have one lingering doubt concerning this equation.
It follows that
For it is by no means obvious that the left-hand side is always an integer. If (n) is even, there
p1k1 1 p2k2 1  1 prkr 1
 n  . is certainly no problem. When (n) is odd, n turns out to be a perfect square say, n = m2; thus
p1  1 p2  1 pr  1
Corresponding to the ∑ notation for sums, the notation for products may be defined using , n  n /2  m  n  , settling all suspicions.
the Greek capital letter pi. The restriction delimiting the numbers over which the product is to For a numerical example, the product of the five divisors of 16 (namely, 1, 2, 4, 8, and 16) is

be made is usually put under the  sign. Examples are  d  16 

d |16
16 / 2
 165/2  45  1024.

 f  d   f 1 f  2  f  3 f  4  f 5
1 d 5
Multiplicative functions arise naturally in the study of the prime factorization of an integer.

d |9
f  d   f 1 f  3 f  9  Before presenting the definition, we observe that
(2∙10) = (20) = 6  2∙4 =  (2)∙(10)
 f  p   f  2  f  3 f 5.
d |30
p prime
At the same time,  (2∙10) =  (20) = 42  3∙8 =  (2)∙(10)
These calculations bring out the nasty fact that, in general, it need not be true that
With this convention, the conclusion to Theorem 2 takes the compact form: If
(mn) = (m)(n) and (mn) = (m)(n).
n  p1k1 p2k2 ..... prkr is the prime factorization of n > 1, then
But, equality always holds provided m and n are relatively prime integers. This circumstance
piki 1  1
  n     ki  1 and   n    . is what prompts Definition 2. We are once again giving this definition.
1i  r 1i  r pi  1
Example 1: The number 180 = 22∙ 32 ∙5 has 5.2. Multiplicative function
(180) = (2+1) (2+1) (1+1) = 18 Definition 2: A number theoretic function f is said to be multiplicative if f (mn) = f (m) f (n),

positive divisors. These are integers of the form 2  3  5 a1 a2 a3 whenever gcd(m, n) = 1.

where a1 = 0, 1, 2; a2 = 0, 1, 2; and a3 = 0, 1 specifically, we obtain For simple illustrations of multiplicative functions, we need only consider the functions given

1, 2, 3, 4, 5, 6, 9, 10, 12, 15, 18, 20, 30, 45, 60, 90, and 180. by f(n) = 1 and g(n) = n for all n  1. It follows by induction that if f is multiplicative and n1,

The sum of these integers is n2,…, nr are positive integers that are pairwise relatively prime, then
f(n1n2…nr) = f(n1) f(n2) … f(nr).
23  1 33  1 52  1 7 26 24
 180     7  13  6  546.
2 1 3 1 5 1 1 2 4

53 54
Multiplicative functions have one big advantage for us: they are completely determined once Hence, any positive divisor d of mn will be uniquely representable in the form
their values at prime powers are known. Indeed, if n > 1 is a given positive integer, then we d  p1a1 ... prar q1b1 ....qsbs 0  ai  ki , 0  bi  ji
can write
This allows us to write d as d = d1d2, where d1  p1a1 ... prar divides m and d 2  p1b1 ... psbs
n  p p ... p
k1
1
k2
2
kr
r
divides n. Because no pi is equal to any qj, we surely must have gcd(d1, d2) = 1.
in canonical form; because the piki are relatively prime in pairs, the multiplicative property
Theorem 4: If f is a multiplicative function and F is defined by
   
ensures that f  n   f p1k1 f p2k2 .... f prkr .   F n    f d 
d |n
If f is a multiplicative function that does not vanish identically, then there exists an integer n
then F is also multiplicative.
such that f(n)  0. But f (n) = f (n∙1) = f (n) f (1).
Proof: Let m and n be relatively prime positive integers. Then
Being nonzero, f(n) may be canceled from both sides of this equation to give f (1) = 1. The
F  mn    f  d    f  d1d 2 
point to which we wish to call attention is that f (1) = 1 for any multiplication function not d |mn d1 |m, d 2 |n

identically zero. because every divisor d of mn can be uniquely written as a product of a divisor d1 of m and a
We now establish that  and  have the multiplicative property. divisor d2 of n, where gcd (d1, d2) = 1. By the definition of a multiplicative function, we have
Theorem 3: The functions  and  are both mutiplicative functions. f  d1d 2   f  d1  f  d 2  .
Proof: Let m and n be relatively prime integers. Because the result is trivially true if either m
It follows that
or n is equal to 1, we may assume that m > 1 and n > 1. If m  p1k1 p2k2 ... prkr and n  qiji q2 j ...qsjs
j

  
F  mn    f (d1 ) f (d 2 )  F  mn     f  d1     f  d 2    F  m  F  n  .
are the prime factorizations of m and n, then because gcd(m, n) =1 no pi can occur among the d1|m ,d 2 |m  d1|m   d2 |n 
qj . It follows that the prime factorization of the product mn is given by
It might be helpful to take time out and run through the proof of Theorem 6.4 in a concrete
mn  p1k1 .... prkr q1ji ....qsjs . case. Letting m = 8 and n = 3, we have
Appealing to Theorem 2, we obtain F 8  3 =  f d 
d |24
  mn    k1  1 ...  kr  1  j1  1 ...  jr  1
 f 1  f 2  f 3  f 4  f 6  f 8  f 12  f 24
   m   n 
 f 1  1  f 2  1  f 1  3  f 4  1  f 2  3  f 8  1  f 4  3  f 8  3
In a similar fashion, Theorem 2 gives  f 1 f 1  f 2 f 1  f 1 f 3  f 4 f 1  f 2 f 3  f 8 f 1  f 4 f 3  f 8 f 3
 p k1 1  1 prkr 1  1   q1j1 1  1 qsjs 1  1    f 1  f 2  f 4  f 8   f 1  f 3
  mn    1 .... ...
 p1  1 pr  1   q1  1 qs  1    f d    f d 
   m   n  . d |8 d |3

 F 8 F 3.
Thus,  and  are multiplicative functions. Theorem 4 provides a deceptively short way of drawing the conclusion that  and  are
Lemma 1: If gcd(m, n) = 1, then the set of positive divisors of mn consists of all products multiplicative.
d1d2, where d1|m, d2|n and gcd(d1, d2) = 1; furthermore, these products are all distinct. Corollary 1: The functions  and  are multiplicative functions.
Proof: It is harmless to assume that m > 1 and n >1; let
Proof: We have mentioned that the constant function f(n) = 1 is multiplicative, as is the
m  p1k1 p2k2 .... prkr and n  p1j1 q2j2 ...qsjs identity function f(n) = n. Because  and  may be represented in the form
be their respective prime factorizations. In as much as the primes p1,…, pr, q1, …, qs are all   n   1 and   n    d
distinct, the prime factorization of mn is d |n d |n

mn  p ...... p q ....q .
k1 kr j1 js The stated result follows immediately from Theorem 4.
1 r 1 s

55 56
5.3. The MÖbius inversion formula Because  is known to be a multiplicative function, an appeal to Theorem 4 is legitimate; this
We introduce another naturally defined function on the positive integers, the mobius  result guarantees that F also is multiplicative. Thus, if the canonical factorization of n is
function. n  p1k1 p2k2 .... prkr , then F(n) is the product of the values assigned to F for the prime powers in
Definition 3: For a positive integer n, define  by the rules this representation:
1 if n  1 F  n   F  p1k1  F  p2k2  F  prkr   0

  n   0 if p 2 | n for some prime p
 We record this result as Theorem 6.6
 1 if n  p1 p2 .... pr , where pi are distinct primes
r

Theorem 6: For each positive integer n 1,

Put somewhat differently Definition 3 states that (n) = 0 if n is not a square free integer,
1 if n  1
whereas   n    1 if n is square free with r prime factors. For example: (30) = (2∙3∙5) =
   d   0
 if n  1
r
d |n

(–1) = –1. The first few values of  are

3 where d runs through the positive divisors of n.

 1  1   2   1  3  1  4   0  5  1  6   1 For an illustration of this last theorem, consider n =10. The positive divisor of 10 are 1, 2, 5,
and 10 and the desired sum is
If p is a prime number, it is clear that (p) = –1; in addition, (pk) = 0 for k  2.
As the reader may have guessed already, the mobius  function is multiplicative. This is the
   d   1    2    5   10  1   1   1  1  0
d |10

content of Theorem 5. The full significance of the mobius -function should become apparent with the next
Theorem 5: The function  is a multiplicative function. theorem.
Proof: We want to show that (mn) = (m)(n), whenever m and n are relatively prime. If Theorem 7: (MÖbius inversion formula) Let F and f be two number–theoretic functions
either p | m or p | n, p a prime, then p | mn; hence, (mn) = 0 = (m)(n), and the formula
2 2 2
related by the formula
holds trivially. We therefore may assume that both m and n are square free integers, say, m = F  n    f  d .
d |n
p1p2 ... pr, n = q1q2 ... qs, with all the primes pi and qj being distinct. Then
Then,
  mn     p1 pr q1...qs    1
rs

n n
  1  1    m    n 
r s
f  n      d  F        F  d .
d |n  d  d |n d 
which completes the proof. Proof: The two sums mentioned in the conclusion of the theorem are seen to be the same
Let us see what happens if (d) is evaluated for all the positive divisors d of an integer n and upon replacing the dummy index d by d′ = n / d; as d ranges over all positive divisors of n, so
the results are added. In the case where n = 1, the answer is easy here, does d′.
   d    1  1.
d |1
Carrying out the required computation we get

n    
Suppose that n > 1 and put    d  F  d       d   f  c         d  f  c   (1)
 c | n/d    c | n/d  
F  n      d .
d |n d |n d |n

d |n It is easily verified that d | n and c | (n / d) if and only if c | n and d | (n / c). Because of this,
k
To prepare the ground, we first calculate F(n) for the power of a prime say, n = p . The the last expression in Eq. (1) becomes.
positive divisors of pk are just the k +1 integers 1, p, p2,…, pk, so that      
F  p k      d    1    p     p 2      pk 
     d  f  c       f  c    d      f  c     d   (2)
d |n  c | n/d   c |n  d | n/c   c|n  d | n/c  
d | pk

  1    p   1   1  0.

57 58
In compliance with Theorem 6, the sum   (d ) must vanish except when n / c = 1 (that is f  mn      d  F 
 mn 

d |( n / c )
d |mn d 
when n = c), in which case it is equal to 1; the upshot is that the right hand side of Eq (2)
 mn 
   d1|m   d1d 2  F  
simplifies to   f  c     d     f  c  .1  f  n  d 2 |n  d1d 2 

c/n 
 c n
d | n/c  
m  n 
giving us the stated result.  d1|m   d1    d 2  F   F  
d 2 |n  d1   d 2 
Let us use n = 10 again to illustrate how the double sum in eq (2) is turned around. In this
m  n 
instance, we find that     d1  F     d 2  F  
d1|m d
 1  d2 |n  d2 
 
    d  f c    1  f 1  f 2  f 5  f 10   2  f 1  f 5   5  f 1  f 2  f m f n 
d /10 c | 10/ d  
  10 f 1 which is the assertion of the theorem. Needles to say, the multiplicative character of  and of

 f 1  1   2   5   10  f 2  1   5  f 5  1   2 F is crucial to the previous calculation.

 f 10  1 5.4. Summary

  In this chapter we have studied four important multiplicative functions which have played a
    f c  d   significant role in the development of number theory: ϕ, τ, σ, μ.
c |10 d | 10/ c 
To see how the mobius inversion formula works in a particular case, we remind the reader
5.5. Keywords
that the functions  and  may both be described as “sum functions”.
Multiplicative function, Mobius inversion formula, divisor function.
  n   1 and   n    d
d |n d |n 5.6. Exercises
Theorem 7 tells us that these formulas may be inverted to give 1. Evaluate τ(n) for n = 987, 3655. Also find σ(n).
1  (n)
n n
1       d  and n        d  2. Prove that d  n
for each integer n ≥ 1.
d |n d  d |n d  d |n

which are valid for all n  1. 3. Let n be a square free integer having r prime factors. Prove that τ(n) = 2r.

Theorem 4 ensures that if f is a multiplicative function, then so is F  n    f  d  . Turning 4. Find all positive integers n such that τ(n) = 10 and σ(n) = 10.
d |n
5. For any integer n ≥ 1, establish the inequality τ(n) ≤ 2 n .
the situation around, one might ask whether the multiplicative nature of F forces that of f.
6. Prove the following:
Surprisingly enough, this is exactly what happens.
a. τ(n) is an odd integer if and only if n is a perfect square
b. σ(n) is an odd integer if and only if n is a perfect square of twice a perfect
Theorem 8: If F is a multiplicative function and f  n    F  d , then f is also square.
d |n

multiplicative. 7. If n > 1 is a composite number, then σ(n) > n + n.

Proof: Let m and n be relatively prime positive integers. We recall that any divisor d of mn 8. Verify that σ(n) = σ(n + 1) for n = 14, 206 and 957.
can be uniquely written as d = d1d2, where d1 | m, d2 | n, and gcd(d1, d2) = 1. Thus, using the 9. Verify
inversion formula, a. ϕ(σ(666)) = 2 ϕ(666).
b. σ(668) = 2 σ(ϕ(668)).
10. If p is a prime, then prove that ϕ(p) + σ(p) = 2p.

59 60
 11. Compute μ(n) for each n, where n = 101, 496, 2047 and 11319. UNIT – 6
12. For each positive integer n, show that
μ(n) μ(n + 1) μ(n + 2) μ(n +3) = 0. THE GREATEST INTEGER FUNCTION, EULER’S PHI FUNCTION AND
n ITS PROPERTIES
13. For any integer n ≥ 3, show that   (k !)  1 .
k 1
Structure:
14. If an integer n > 1 has a prime factorization n  p1k1 p2k2 prkr , then prove that
6.0. Objective
a.   (d ) (d )  (1)
d |n
r
6.1. The greatest integer function
6.2 Some properties of the Euler’s phi-function
b.   (d ) (d )  (1) p p
d |n
r
1 2 pr . 6.3 Summary
6.4 Keywords
 (n)  (d )
15. Prove that  . 6.5 Exercises
n d |n d
6.6 References
6.0. Objective
5.7. References: The objective of this chapter is to study greatest integer or “bracket” function [ ] which is
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication especially suitable for treating divisibility problems.
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier 6.1. The greatest integer function
3. Basic Number Theory, S. B. Malik, Vikas Publications Definition 1: For an arbitrary real number x, we denote by [x] the largest integer less than or
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley equal to x; that is [x] is the unique integer satisfying x – 1 < [x]  x.
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer By way of illustration, [ ] assumes the particular values

3 / 2  2  2 1
  1 / 3  0    3    4
The important observation to be made here is that the equality [x] = x holds if and only if x is
an integer. Definition 1 also makes plain that any real number x can be written as x = [x] + 
for a suitable choice of , with 0   < 1.
We now plan to investigate the question of how many times a particular prime p appears in
n!. For instance, if p = 3 and n = 9, then
9! = 1∙2∙3∙4∙5∙6∙7∙8∙9 = 27∙34 ∙5∙7
so that the exact power of 3 that divides 9! is 4. It is desirable to have a formula that will give
this count, without the necessity of always writing n! in canonical form. This is accomplished
by Theorem 1.
Theorem 1: If n is a positive integer and p a prime, then the exponent of the highest power
of p that divides n! is

n 
 p k k
k  , where the series is finite, because [n / p ] = 0 for p > n.
k 1  

61 62
Proof: Among the first n positive integers, those divisible by p are p, 2p, …, tp, where t is the Theorem 2: If n and r are positive integers with 1 r < n, then the binomial coefficient,
largest integer such that tp  n; in other words, t is the largest integer less than or equal to n / n n!
 r   r! n  r !
p (which is to say t = [n / p]). Thus, there are exactly [n / p] multiples of p occurring in the    
product that defines n!, namely, is also an integer.
n Proof. The argument rests on the observation that if a and b are arbitrary real numbers, then
p, 2 p, ...,   p (1)
 p a  b  a   b. In particular, for each prime factor p of r!(n – r)!.
The exponent of p in the prime factorization of n! is obtained by adding to the number of
 n   r   n  r  
integers in Eq (1) the number of integers among 1,2, …, n divisible by p2, and then the  pk    pk    pk  k  1, 2,...
     
3
number divisible by p , and so on. Reasoning as in the first paragraph the integers between 1
Adding these inequalities, we obtain
and n that are divisible by p2 are
n   r   n  r  
n  p k 
  k    k  (2)
p 2 ,2 p 2 ,...,  2  p 2 k 1   k 1  p  k 1  p 
p 
The left-hand side of Eq. (2) gives the exponent of the highest power of the prime p that
which are [n / p2] in number. Of these, [n / p3] are again divisible by p:
divides n!, where as the right hand side equals the highest power of this prime contained in
n
p ,2 p ,...,  3  p 3
3 3
r!(n – r)!. Hence, p appears in the numerator of
n!
at least as many times as it occurs
p  r !  n  r !
After a finite number of repetitions of this process, we are led to conclude that the total in the denominator. Because this holds true for every prime divisor of the denominator, r!(n
number of times p divides n! is – r)! must divide n!, making r!(n – r)! an integer.

n 
 p k 
Corollary 1: For a positive integer r, the product of any r consecutive positive integers is
k 1   divisible by r!.
This result can be cast as the following equation, which usually appears under the name of Proof: The product of r consecutive positive integers, the largest of which is n, is
the Legendre formula: n  n  1 ,...,  n  r  1 . We have


 n / pk 
 
 
n !   p k 1 n  n  1 ,...,  n  r  1  
n!
 r ! n  r ! 
r!
pn
 
Example 1: We would like to find the number of zeros with which the decimal
Because n! / r!(n – r)! is an integer by Theorem 2, it follows that r! must divide the product
representation of 50! terminates. In determining the number of times 10 enters into the
n(n – 1) … (n – r + 1), as asserted.
product 50!, it is enough to find the exponents of 2 and 5 in the prime factorization of 50!,
Having introduced the greatest integer function, let us see what it has to do with the study of
and then to select the smaller figure. By direct calculation we see that
number- theoretic functions. Their relationship is brought out by Theorem 3.
50 / 2  50 / 22   50 / 23   50 / 24   50 / 25  Theorem 3: Let f and F be number theoretic functions such that
 25  12  6  3  1  47 F n    f d 
47 48 d |n
Theorem 1 tells us that 2 divides 50!, but 2 does not. Similarly,
Then, for any positive integer N,
50 / 5  50 / 52   10  2  12 N N
N 
and so the highest power of 5 dividing 50! is 12. This means that 50! ends with 12 zeros.  F  n    f  k   k 
n 1 k 1

63 64
Proof: We begin by noting that as it should. In the present case, we also have
N N 6

 F  n    f  d 
n 1 n 1 d |n
(3)   n   33
n 1

The strategy is to collect terms with equal values of f(d) in this double sum. For a fixed And a simple calculation leads to
positive integer k  N , the term f(k) appears in  f (d ) if and only if k is a divisor of n.
d |n
6
6
 n  n   16  2 3  32  4 3 / 2  5 6 / 5  6 1
n 1

(Because each integer has itself as a divisor, the right hand side of eq(3) includes f(k), at least  1.6  2.3  3.2  4.1  5.1  6.1  33
once). Now, to calculate the number of sums  f (d ) in which f(k) occurs as a term, it is
d |n
6.2. Some properties of the phi-function
sufficient to find the number of integers among 1, 2,…,N, which are divisible by k. There are The next theorem points out a curious feature of the phi-function; namely, that the sum of the
exactly [N / k] of them:
values of (d), as d ranges over the positive divisors of n, is equal to n itself. This was first
N  noticed by Gauss.
k , 2k , 3k ,...,   k .
k
Theorem 4: (Gauss) For each positive integer n 1 .
Thus, for each k such that 1  k  N , f  k  is a term of the sum  f (d ) for [N / k] different
d |n n    d  ,
d |n
positive integers less than or equal to N. Knowing this, we may rewrite the double sum in eq
the sum being extended over all positive divisors of n.
(3) as
Proof: The integers between 1 and n can be separated into classes as follows: If d is a
N
N 
N


n 1 d |n
f d    f k   
k 1 k
positive divisor of n, we put the integer m in the class Sd provided that gcd(m, n) = d. Stated
in symbols:
and our task is complete.
Sd  {m | gcd  m, n   d ;1  m  n}
As an immediate application of Theorem 3, we deduce Corollary 2.
Now gcd(m, n) = d if and only if gcd(m /d , n /d) =1. Thus, the number of integers in the class
N N
N 
Corollary 2: If N is a positive integer, then 
n 1
 n    
n 1  n 
Sd is equal to the number of positive integers not exceeding n /d that are relatively prime to
n /d; in other words, equal to (n /d). Because each of the n integer in the set {1, 2,…,n} lies
Proof. Noting that (n) = 1 , we may write  for F and take f to be the constant function
d |n in exactly one class Sd, we obtain the formula.
f(n) =1 for all n. n
n    
In the same way, the relation   n    d yields Corollary 2. d /n  d 
d |n
But as d runs through all positive divisors of n, so does n /d; hence,
N
N  N
Corollary 3: If N is a positive integer, then   n    n   n
n 1 n 1  n    d     d 
d /n d /n
These last two corollaries, can perhaps, be clarified with an example,
which proves the theorem.
Example 2: Consider the case N = 6. The definition of  tells us that
Example 3: A simple numerical example of what we have just said is provided by n = 10.
6

  n   14 Here, the classes Sd are

S1  1,3,7,9 S2  2,4,6,8
n 1
S5  {5} S10  {10}
6
6
From Corollary 2,     6  3   2  3 / 2  6 / 5  1  6  3  2  1  1  1 = 14, These contain (10) = 4, (5) = 4, (2) = 1, and (1) = 1 integers, respectively, Therefore,
n 1  n 

65 66
  d    10   5    2    1  4  4  1  1  10
d /10
Starting with Theorem 6, it is an easy matter to determine the value of the phi-function for
any positive integer n. Suppose, that the prime power decomposition of n is n = p1k1 p2k2 ... prkr ,
We should mention in passing that there is another interesting identity that involves the phi-
and consider the product
function.
Theorem 5: For n > 1, the sum of the positive integers less than n and relatively prime to n is    pi    pik  
i

P  n   1    
 pi piki 
1 pi |n
 
n  n  .
2 Multiplying this out, we obtain a sum of terms of the form
Proof: Let a1, a2 ,…, a(n) be the positive integers less than n and relatively prime to n. Now
 1   p1a    p2a  ....  pra
1 2 r
 0  ai  ki
because gcd(a, n) =1 if and only if gcd(n – a, n) = 1, the numbers n – a1, n – a2 ,…, n – a(n) p1a1 p2a2 prar
are equal in some order to a1, a2 ,…, a(n). Thus, or, because  is known to be multiplicative,
a1+a2+ … + a(n) = (n – a1) + (n – a2) + … + (n – a(n)) = (n)n – (a1+a2+ … +a(n)).
  p1a p2a ... pra
1 2 r
   d 
Hence 2(a1+a2 + … + a(n)) = (n)n leading to the stated conclusion. a1
p p ... p a2 ar
d
1 2 r

Example 4: Consider the case when n = 30. The (30)=8 integers that are less than 30 and  (d )
where the summation is over the set of divisors d  p1a1 p2a2 ... prar of n. Hence P   .
relatively prime to it are 1, 7, 11, 13, 17, 19, 23, and 29. d |n d
In this setting, we find that the desired sum is It follows from Theorem 6 that
1
1+7+11+13+17+19+23+29=120=  30  8  d     pi    pik  
i

2   n   n  n   1    .
pi |n  
ki
d pi p
Also note the pairings
d |n
 i 

1 + 29 = 30 7 + 23 = 30 11 + 19 = 30 13 + 17 = 30  
But  piai  0 , whenever ai  2. As a result, the last-written equation reduces to
This is a good point at which to give an application of the Mobius inversion formula.
   pi    1
Theorem 6: For any positive integer n   n   n   1    n  1  
pi |n  pi  pi |n  pi 
 d 
  n   n which agrees with the formula established earlier by different reasoning. What is significant
d |n d
about this argument is that no assumption is made concerning the multiplicative character of
Proof: The proof is deceptively simple. If we apply the inversion formula to the phi-function, only of .
F  n   n    d 
d |n
6.3. Summary
the result is In this chapter we have studied greatest integer function which is also called bracket function
n n and some properties of Euler’s Phi function.
  n      d F       d  .
d |n  d  d |n d
Let us again illustrate the situation where n = 10. As easily can be seen 6.4. Keywords

 d     2    5  10   Greatest integer function, phi function.

10  10   1    
d |n d  2 5 10 
6.5. Exercises
  1  1  12   1 1 1 2
 10 1      10 1      10.  4   10  1. Find the highest power of 7 dividing 1000! and highest power of 5 dividing 500!
 2 5 10   2 5 10  5
2. For any integer n ≥ 0, show that [n / 2] – [–n / 2] = n.
3. For n ≥ 1 and p is a prime, prove that (2n)! / (n!)2 is an even integer.

67 68
 4. Let x and y be real numbers. Then prove that UNIT – 7
a. [x + n] = [x] + n, for any integer n
b. [x] + [–x] = 0 or –1 according as x is an integer or not APPLICATIONS TO CRIPTOGRAPHY
c. [x + y] ≤ [x] + [y]. Structure:
5. Find an integer n ≥ 1 such that the highest power of 5 contained in n! is 100.
7.0. Objective
 2 (d ) n
6. For a positive integer n, prove that 
d |n  ( d )

 (n)
. 7.1. Introduction
7.2. Cryptography
n
7. Verify the formula  (d )[n / d ]  n(n  1) / 2 for any positive integer n.
d 1
7.3. Affine, Vigenere and Hill ciphers
7.4. RSA Public-key cryptosystem
8. If n is a square free integer, prove that  ( d
d |n
k 1
) (d )  n k for all integers k ≥ 2.
7.5. Summary
7.6. Keywords
9. For n > 2, establish the inequality  (n2 )   ((n  1)2 )  2n2 .
7.7. Exercises
10. Prove that  (d ) (n / d )  n (n) and  (d ) (n / d )   (n) .
d |n d |n 7.8. References

7.0. Objective
6.6. References The objective of this chapter is to study a very important application of number theory to
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication cryptography. We will study some simple cryptosystems and also cryptanalyze them. Also
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier we see that how RSA cryptosystem leads to the study of another important mathematical
3. Basic Number Theory, S. B. Malik, Vikas Publications problem “Factorization”.
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
7.1. Introduction
The proliferation of computers and communication systems in the 1960s brought with it a
demand from the private sector for means to protect information in digital form and to
provide security services. In this age of universal electronic connectivity, of viruses and
hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which
security does not matter. Two trends have come together to make the topic of vital interest.
First, the explosive growth in computer systems and their interconnections via networks has
increased the dependence of both organizations and individuals on the information stored and
communicated using these systems. This, in turn, has led to a heightened awareness of the
need to protect data and resources from disclosure, to guarantee the authenticity of data and
messages, and to protect systems from network-based attacks. Second, the disciplines of
cryptography and network security have matured, leading to the development of practical,
readily available applications to enforce network security.

69 70
 7.2. Cryptography

Definition 1: Cryptography is the study of methods of sending messages in disguised form

so that only the intended recipients can remove the disguise and read the message. The
message we want to send is called the plaintext and the disguised message is called the
ciphertext. The plaintext and ciphertext are written in some alphabet (usually, but not always,
they are written in the same alphabet) consisting of a certain number N of letters. The term
“letter” (or “character”) can refer not only to the familiar A-Z, but also to numerals, blank,
punctuation marks, or any other symbols that we allow ourselves to use when writing the
messages. The process of converting a plaintext to a ciphertext is called enciphering or
Security attacks : The following figure shows 4 types of typical security attacks. encryption, and the reverse process is called deciphering or decryption.
The plaintext and ciphertext are broken up into message units. A message unit might
be a single letter, a pair of letters (digraph), a triple of letters (trigraph), or a block of 50
letters. An enciphering transformation is a function that takes any plaintext messages unit
and gives us a ciphertext message unit. In other words, it is a map f from the set P of all
possible plaintext message units to the set C of all possible ciphertext message units.We shall
always assume that f is a 1-to-1 correspondence. That is, given a ciphertext message unit,
there is one and only one plaintext message unit for which it is the encryption. The
-1
deciphering transformation is the map f which goes back and recovers the plaintext from
the ciphertext. We can represent the situation schematically by the diagram

→ →
Any such set-up is called a cryptosystem.
The first step in inventing a cryptosystem is to “label” all possible plaintext message
• Interruption: An asset of the system is destroyed or becomes unavailable or units and all possible ciphertext message units by means of mathematical objects from which
unusable. This is an attack on availability. Examples include destruction of a piece functions can be easily constructed. These objects are often simply the integers in some
of hardware, such as hard disk, the cutting of a communication line etc., range. For example,if our plaintext and ciphertext message units are single letters from the
• Interception: An unauthorized party gains access to an asset. This is an attack on 26- letter alphabet A-Z, then we can label the letters using the integers 0, 1, 2,…, 25, which
confidentiality. Examples include wiretapping to capture data in a network, and the we call their “numerical equivalents”. Thus, in place of A we write 0, in place of S we write
illicit copying of files or programs 18, in place of X we write 23, and so on. As another example, if our message units are
• Modification: An unauthorized party not only gains access to but tampers with an digraphs in the 27- letter alphabet consisting of A-Z and a blank, we might first let the blank
asset. This is an attack on integrity. Examples include changing values in a data file, have numerical equivalent 26 (one beyond Z), and then label the digraph whose two letters
altering a program so that it performs differently etc., correspond to x, y { }.
• Fabrication: An unauthorized party inserts counterfeit objects in the system. This is Thus, we view the individual letters as digits to the base 27 and we view the digraph as a
an attack on authenticity. Examples include the insertion of spurious message in a 2-digit integer to that base. For example, the digraph “NO” corresponds to the integer 27. 13
network or the addition of records to a file. + 14 = 365. Analogously, if we were using trigraphs as our message units, we could label

71 72
them by integers 729x+27y+z { } In general, we can label blocks of k letters Symmetric and Asymmetric Cryptosystems
in an N-letter alphabet by integers between 0 and N – 1 by regarding each such block as a k-
k
We briefly explain the difference between symmetric and asymmetric cryptosystems.
digit integer to the base N. If Veena wants to send an encrypted message to Varun, then she uses an encryption key e and
Examples. Let us start with the case when we take a message unit (of plaintext or of Varun uses the corresponding decryption key to recover the plaintext. If in a cryptosystem
ciphertext) to be a single letter in an N-letter alphabet labeled by the integers 0, 1, 2,…, N – 1. the encryption key e is always equal to the decryption key d, or if d can be easily computed
Then, by definition, an enciphering transformation is a rearrangement of those N integers. from e, then the cryptosystem is called symmetric. If Veena and Varun use a symmetric
To facilitate rapid enciphering and deciphering, it is convenient to have a relatively cryptosystem, they must exchange the secret key e before they start their communication.
simple rule for performing such a rearrangement. One way is to think of the set of integers Secure key exchange is a major problem. The key e must be kept secret since anybody who
{ } as Z/NZ, and make use of the operations of addition and multiplication knows e can determine the corresponding decryption key d. The Caesar cipher is an example
modulo N. of a symmetric cryptosystem. The keys for encryption and decryption are equal in this
Suppose we are using the 26–letters alphabet A – Z with numerical equivalents 0 – system.
25. Let the letter P { }, stand for a plaintext message unit. Define a function f In asymmetric cryptosystems, the keys d and e are distinct, and the computation of d
from the set { } to itself by the rule from e is infeasible. In such systems, the encryption key can be made public. If Varun wants
to receive encrypted messages, he publishes an encryption key e and keeps the corresponding
f(P) = {
≥ decryption key d secret. Anybody can use e to encrypt messages for Varun. Therefore, e is
In other words, f simply adds 3 modulo 26: f (P) The definition using called the public key. But only Varun can decrypt the messages, so d is called the private key.
modular arithmetic is easier to write down and work with. Thus, with this system, to encipher Asymmetric cryptosystems are also called public-key cryptosystems.
the word “YES” we first convert to numbers: 24 4 18, then add 3 modulo 26: 1 7 21, then
translate back to letters: “BHV.” To decipher a message, one subtracts 3 modulo 26. For Definition 3: An encryption scheme is said to be breakable if a third party, without prior
example, the ciphertext “ZKB” yields the plaintext, “WHY.” This cryptosystem was knowledge of the key pair (e, d), can systematically recover plaintext from corresponding
apparently used in ancient Rome by Julius Caesar, who supposedly invented it himself. ciphertext within some appropriate time frame.
The above example can be generalized as follows. Suppose we are using an N-letter
alphabet with numerical equivalent 0, 1,··· , N – 1. Let b be a fixed integer. By a shift Cryptanalysis: Cryptanalysis deals with the attacks on cryptosystems. In this section, we
transformation we mean the enciphering function f defined by the rule C = f (P) P + b mod classify those attacks.
N. Julius Caesar’s cryptosystem defined by the rule C = f (P) P + b mod N. Julius
Caesar’s cryptosystem was the case N = 26, b = 3. To decipher a ciphertext message unit C To make attacks on cryptosystems more difficult, one can keep the cryptosystem
{ } we simply compute P = f -1(C) Here b is the encryption secret. However, it is not clear how much security is really gained in this way because an
key and is usually deonated by e and N – b is the decryption key and is denoted by d. attacker has many ways of finding out which cryptosystem is used. He can try to tell from
intercepted ciphertexts which system is used. He can also try to get information from people
Definition 2: A cryptosystem is called a block cipher if its plaintext space and its ciphertext who have information about the encryption scheme in use. Modern cryptanalysis therefore
space are the set all possible message units of a fixed length n. The block length n is a assumes that an attacker knows which cryptosystern is used. Only the (private) keys and the
positive integer. A simple example of a block cipher is the Caesar cipher. It has block length plaintexts are assumed to be secret. The attacker tries to recover plaintexts from ciphertexts
1. In general, block ciphers with block length 1 are called substitution ciphers. or even tries to find out which keys are used. There are the following types of attacks:
 Ciphertext-only attack. The attacker knows ciphertexts and tries to recover the
corresponding plaintexts or the key.

73 74
  Known-plaintext attack: The attacker knows a plaintext and the corresponding can determine the ordinal number of each letter in the plaintext. After obtaining the ordinal
ciphertext or several such pairs. He tries to find the key used or to decrypt other number of each plaintext letter, the plaintext message reads as
ciphertexts. LET US NEVER NEGOTIATE OUT OF FEAR BUT LET US NEVER FEAR TO
 Chosen-plaintext attac:. The attacker is able to encrypt plaintexts but does not know NEGOTIATE
the key. He tries to find the key used or to decrypt other ciphertexts.
 Adaptive chosen-plaintext attack: The attacker is able to encrypt plaintexts. He is 7.3. Affine, Vigenere and Hill Ciphers
able to choose new plaintexts as a function of the ciphertexts obtained but does not Affine Ciphers: Shift ciphers belong to a large family of affine ciphers defined by the
know the key. He tries to find the key used or to decrypt other ciphertexts. formula

 Chosen-ciphertext attack: The attacker can decrypt but does not know the key. He
tries to find the key. where a is a positive integer ≤ 25 and (a, 26) = 1. Since (a, 26) = 1, inverse of a exists and so
.
There are many ways to mount these attacks. A simple ciphertext-only attack consists Since (a, 26) = 1, there are = 12 choices for a, so there are 12·26 = 312 affine ciphers.
of decrypting the ciphertext with all possible keys. This attack is called exhaustive search. One of them is the identity transformation corresponding to a = 1 and k = 0.
The correct plaintext is among the few sensible texts that the attacker obtains. Given the When a = 5 and k = 11, . If P = 8, then ∙
speed of modern computers, this attack is successful for many cryptosystems. It works, for , so under the affine cipher , the letter I is transformed into
example, for the DES (Data Encryption Standard) system, which until recently was the U.S. Z and letter Q into N. Table shows the plaintext letters and the corresponding ciphertext
encryption standard. A known-plaintext attack may use the statistical properties of the letters created by this affine cipher, which shifts A to L and in which each successive letter is
plaintext language. For example, if we apply the Caesar cipher, then for a fixed key any paired with every fifth letter.
plaintext symbol is replaced by the same ciphertext symbol. The most frequent plaintext Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
letter
symbol is encrypted to the most frequent ciphertext symbol. Since we know the most
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
frequent symbol of the plaintext language, we have a good guess how to decrypt the most
Ciphertext 11 16 21 00 05 10 15 20 25 04 09 14 19 24 03 08 13 18 23 02 07 12 17 22 01 06
frequent ciphertext symbol. Analogously, the frequency of other individual symbols, of pairs, letter
triplets, etc., in the plaintext may be reflected in the ciphertext and can be used to decrypt the L Q V A F K P U Z E J O T Y D I N S X C H M R W B G

ciphertext or to recover the key.

Let us cryptanalyse the the Caesar cipher. The most frequently occurring letter in the Hence, under the above affine transformation, the plaintext message THE MOON IS MADE

ciphertext correspond to those in the plaintext. For example, E is the most frequently OF CREAM CHEESE will be transformed into THEMO ONISM ADEOF CREAM CHEES

occurring letter in an arbitrary text, occurring about 12.5% of the time; the next three letters E (grouping into 5 letters).

are T, A, and O, occurring about 9%, 8%, and 8% of the time, respectively. To decipher the message, we use the congruence

Consider the ciphertext message: .

SLABZ ULCLY ULNVA PHALV BAVMM LHYIB Let us cryptanalyze the ciphertext BYTUH NCGKN DUBIH UVNYX HUTYP QNGYV

ASLAB ZULCL YMLHY AVULN VAPHA L IVROH GSU that was generated by an affine cipher.

The most frequently occurring letter in the ciphertext is L, so our best guess is that it must First make the frequency analysis of the letters in the ciphertext. According to it U

correspond to the plaintext letter E. Since their ordinal numbers are 11 and 4, this implies occurs 5 times, H, N, and Y occurs 4 times each. It is reasonable to assume that the letter U

; that is, k = 7. Then . Using this congruence, we corresponds to the letter E in the plaintext message, that is, . If we
assume H corresponds to T, then . Solving this linear system, we get

75 76
 , so . But (13, 26) ≠ 1, so Hill Cipher: The above cryptosystems are very weak in the sense they can be easily
this is not a valid cipher. Thus, our guess that H corresponds to T was not a valid one. cryptanalyzed. Let us try block ciphers of length 2 and they are called digraphs. In such a
So let us assume that N corresponds to T. This yields the linear system system, we group the letters of the plaintext into blocks of length 2, adding a dummy letter X
and . Solving this system, at the end, if necessary, to make all blocks of the same length, and then replace each letter
. Since (3, 26) = 1, this yields a valid cipher with its ordinal number. Each plaintext block P1P2 is then replaced by a numeric ciphertext
. block C1C2, where C1 and C2 are different linear combinations of P1 and P2 modulo 26:
Ciphertext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
letter (1)
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
where (ad – bc, 26) = 1. This condition is necessary to uniquely solve the linear system of P1
Plaintext 06 15 24 07 16 25 08 17 00 09 18 01 10 19 02 11 20 03 12 21 04 13 22 05 14 23
letter and P2. Then we translate each number into a ciphertext letter, the resulting text is the
G P Y H Q Z I R A J S B K T C L U D M V E N W F O X ciphertext.
The following example illustrates this algorithm.
Using this table, we can translate the given ciphertext message as POVER TYIST HEPAR Using the 2 x 2 linear system
ENTOF REVOL UTION ANDCR IME, that is, POVERTY IS THE PARENT OF
REVOLUTION AND CRIME. . (2)
encipher the message SLOW AND STEADY WINS THE RACE.
Vigenere Ciphers: The Vigenere cryptosystem employs a keyword w1w2 … wn of length n
and n shift ciphers to each block length n, where ki is the ordinal SOLUTION
number of the letter wi and 1 ≤ i ≤ n. Step 1 Assemble the plaintext into blocks of length two:
SL OW AN DS TE AD YW IN ST HE RA CE
For example, using the keyword CIPHER and a Vigenere cipher, let us encrypt the message Step 2 Replace each letter by its cardinal number:
CRYPTOGRAPHY IS FUN. Since the ordinal numbers of the letters C, I, P, H, E, and R are 18 11 14 22 00 13 03 18 19 04 00 03
02, 08, 15, 07, 04 and 17, respectively, they serve as the shift factors for each shift cipher for 24 22 08 13 18 19 07 04 17 00 02 04
every block. So the six shift ciphers are , where k = 2, 8, 15, 7, 4 and Step 3 Using the linear system (2), convert each block into a ciphertext numeric block:
17. When P1 = 18 and P2 = 11, we have
Since the keyword is a six-letter word, first we group the letters of the plaintext into
blocks of length six: CRYPTO GRAPHY ISFUN.
Now apply the ith cipher to the letter wi in each block, where 1 ≤ i ≤ n. For instance,
consider the first CRYPTO. Since the ordinal number are 02, 17, 24, 15, 19 and 14, So the first block 18 11 is converted into 25 18. Transforming the other blocks in a similar
respectively, add to them the key values 2, 8, 15, 7, 4 and 17 in that order modulo 26. The fashion yields the numeric string.
resulting numbers are 4, 25, 13, 22, 23 and 4, and the corresponding letters are E, Z, N, W, X,
and F, respectively, so the first ciphertext block is EZNWXF. Thus the resulting ciphertext is 25 18 18 22 13 00 15 21 17 25 13 02
EZNWXF IZPWLP KAUBR. 16 00 01 24 25 06 09 15 07 25 10 00
Step 4 Translate the numbers into letters.
The resulting ciphertext is ZS SW NA PV RZ NC QA BY ZG JP HZ KA.

77 78
Matrices are useful in the study of Hill cryptosystems. For example, that the linear system Let M be the message to be sent where M is a positive integer less than and relatively
can be written as prime to n. If we keep M less than both p and q,then we will be safe. In practice, if is enough
to keep M less than n for the probability than a random M is divisible by p or q is so small as
[ ] [ ][ ] .
to be negligible. A plaintext message is easily converted to a number by using, say,
Since | | the matrix [ ] is invertible modulo 26, with Blank = 99, A = 10, B = 11, , Z = 35,
So that HELLO becomes 1714212124. If necessary, the message can be broken into blocks of
inverse [ ] modulo 26. So the deciphering procedure can be effected using the
smaller messages:
congruence
17142 12124.
[ ] [ ][ ] (3) The encoder computes and sends the number E = M e MOD n.

as the following example demonstrates. which we know from Algorithm 3.3 can be done very quickly. To decode, we simply

Using congruence (3), let us decipher the ciphertext compute

ZS SW NA PV RZ NC QA BY ZG JP HZ KA Ed MOD n.

Translating the ciphertext letters into numbers, we get By Theorem 3.4 and our equation (4.1) we have that

25 18 18 22 13 00 15 21 17 25 13 02 Ed (Me)d Me x d M(multiple of ϕ(n)) + 1 (mod n)

16 00 01 24 25 06 09 15 07 25 10 00 1xM M (mod n).

The plaintext numbers corresponding to the block 25 18 are given by Since M and Ed MOD n both lie between 0 and n, they must be equal.
If e has been chosen relatively prime to , then we know that there exists d,
[ ] [ ][ ] [ ]
uniquely such that
So P1 = 18 and P2 = 11. The other blocks can be converted similarly. e×d 1 (mod .
As we shall prove later in this chapter, if we know the factorization of n, namely n = p x q
It is obvious from the preceding two examples that the size of a block can be any size where p and q are distinct primes, then we can easily compute by
n ≥ 2, and that the enciphering and deciphering tasks can be accomplished by choosing an = (p – 1) x (q – 1).
nxn enciphering matrix A modulo 26 such that (|A|, 26) = 1, where |A| denotes the There is no simpler way of computing . In fact, knowing ϕ (n) equivalent to knowing the
determinant of A. Let P1, P2, …, Pn be the ordinal numbers of an arbitrary plaintext block factorization becase we can find p + q:
and C1, C2, …, Cn the corresponding ciphertext numbers. Let

and the p – q is
[ ] [ ].
√ √

√ ,
The congruence providing the enciphering transformation.
and finally:
7.4. RSA Public Key Crypto-System [ ] [ ]
Let p and q be distinct large primes and let n be their product. Assume that we also have two
The problem of finding d, the decryption key, has been reduced to find the factorization of n.
integers, d (for decryption) and e (for encryption) such that
For this example, the keys were generated as follows:
d×e .
1. Select two prime numbers, p = 17 and q = 11.
The integers n and e are made public, while p,q and d are kept secret.
2. Calculate n = pq = 17 × 11 = 187.

79 80
3. Calculate = (p – 1)(q – 1) = 16 × 10 = 160. THE FACTORING PROBLEM We can identify three approaches to attacking RSA
4. Select e such that e is relatively prime to = 160 and less than ; we choose e = 7. mathematically.
5. Determine d such that de 1 (mod 160) and d < 160. 1. Factor n into its two prime factors. This enables calculation of = (p - 1) × (q - 1),
-1
The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1; d can be calculated which in turn enables determination of d e (mod .
using the extended Euclid’s algorithm. The resulting keys are public key PU = {7, 187} and 2. Determine directly, without first determining p and q. Again, this enables
private key PR = {23, 187}. The example shows the use of these keys for a plaintext input of determination of d e-1 (mod ).
M= 88. 3. Determine d directly, without first determining .
For encryption, we need to calculate C = 887 mod 187. Exploiting the properties of
7.5. Summary
modular arithmetic, we can do this as follows: In this chapter we studied several cryptosystems and how to cryptanalyse them. We note
887 mod 187 = [(884 mod 187) × (882 mod 187) × (881 mod 187)] mod 187 here that in this generation of networking how important is to protect data from intruders.
881 mod 187 = 88 7.6. Keywords
882 mod 187 = 7744 mod 187 = 77 Computer, communication, cryptosystem, cryptanalysis, factorization, plaintext, ciphertext,
884 mod 187 = 59,969,536 mod 187 = 132 symmetric and asymmetric keys, enciphering and deciphering keys, encryption and
decryption, RSA cryptosystem.
887 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11
For decryption, we calculate M = 1123 mod 187: 7.7. Exercise
23 1 2 4 8 8
11 mod 187 = [(11 mod 187) × (11 mod 187) × (11 mod 187) × (11 mod 187) × (11 1. Using the Ceaser cipher, encipher the following:
mod 187)] mod 187 a. ALL IS WELL THAT ENDS WELL
111 mod 187 = 11 b. ALL THAT GLITTERS IS NOT GOLD
112 mod 187 = 121 2. Decipher each ciphertext created by the Ceaser cipher:
114 mod 187 = 14,641 mod 187 = 55 a. QHFHV VLWBL VWKHP RWKHU RILQY HQWLR Q
118 mod 187 = 214,358,881 mod 187 = 33 b. PDWKH PDWLF VLVWK HTXHH QRIWK HVFLH QFHV
23
11 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187 = 88 3. Encipher each using affine cipher C ≡ 3P + 7(mod 26): A THING OF BEAUTY IS
The Security of RSA JOY FOR EVER.
Four possible approaches to attacking the RSA algorithm are 4. The enciphered message were generated by affine cipher C ≡ 5P + 3(mod 26).
• Brute force: This involves trying all possible private keys. Decipher each:
• Mathematical attacks: There are several approaches, all equivalent in effort to a. UMXIZ NBPUV APMXK X
factoring the product of two primes. b. XEXKT IVSTP IZPRQ XPPRP QVIVS TPIZP RQXPP.
• Timing attacks: These depend on the running time of the decryption algorithm. 5. Cryptanalyze the ciphertext created by an affine cipher C ≡ aP + k(mod 26):
• Chosen ciphertext attacks: This type of attack exploits properties of the RSA a. IRCCH EKKEV CLLFK EIOKL
algorithm. b. XKKLF ILIGM EKOIV EKKE
The defense against the brute-force approach is, to use a large key space. Thus, larger the  1 25 25 
number of digits in d, the better. However, because the calculations involved, both in key 6. Using enciphering matrix  25 1 24  encipher the plain text: TIME AND TIDE
 
2 9 5
generation and in encryption/decryption, are complex, the larger the size of the key, the  
slower the system will run. WAIT FOR NO MAN.

81 82
  7 18 19  UNIT – 8
7. Using deciphering matrix  15 1 19  decipher the cipher text: ZTH QLJ MOA
 
 17 17 0  DIRICHLET PRODUCT OF ARITHMETICAL FUNCTIONS
 
NLG GPN EXA OCA QTY. AND AVERAGES OF ARITHMETICAL FUNCTIONS
8. Using RSA enciphering key (e, n) = (11, 2867), encrypt each message SEAFOOD and
Structure:
OPEN DOOR.
8.0. Objective
9. Each ciphertext below was generated by the RSA enciphering key (e, n) = (11, 2867).
8.1. Dirichlet product
Decipher each:
8.2. Averages of Arithmetical Functions
a. 1420 0614 1301 1694
8.3. The big O (oh) notatin
b. 1959 1384 1174 2050
8.4. Euler’s Summation Formula
10. Let n = pq, where p and q are primes with p > q. Show that p + q = n – ϕ(n) + 1.
8.5. Some Elementary Asymptotic Formulas
8.6. The Average Order of d(n), 𝝈(n), and ϕ(n)
7.9. References
8.7. Summary
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
8.8. Keywords
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
8.9. Exercises
3. A Course in Number Theory and Cryptography, Neal Koblitz, Springer
8.10. References
4. Elementary Methods in Number Theory, Melvyn B. Nathanson, Springer
5. Handbook of Applied Cryptography, A. Menezes, P. van Ooschot and S. Vanstone, 8.0. Objective
CRC Press, Inc. The objective of this chapter is to study Dirichlet product of arithmetical functions and also
asymptotic behavior of arithmetical functions.

8.1. Dirichlet product

Definition 1: If f and g are two arithmetical functions we define their Dirichlet product to be the
arithmetical function h defined by the equation

n
( f * g )(n)  h(n)   f (d ) g  
d /n d 
Theorem 1: Dirichlet multiplication is commutative and associative

Proof: Note that f * g can also be written as ( f * g )(n)  

abn
f (a ) g  b 

where a and b vary over all positive integers whose product is n. This definition of Dirichlet
product clearly shows product is commutative.

To prove the associative property we let A = g * k and consider f * A = f * (g * k). We have

( f * A)(n )  
ad  n
f (a ) A  d   
ad  n
f (a )   g ( b) k ( c )
bc  d

 
abc n
f ( a ) g ( b)k ( c )

83 84
In the same way, if we let B = f * g and consider B * k we are led to the same formula for 1
If the values f (d ) are known for all divisors d < n, there is a uniquely determined values for
(B * k)(n). Hence f * A = B * k which means that Dirichlet multiplication is associative. f 1 (n), namely
1 n
We now introduce an identity element for this multiplication. f 1 (n )   f   f 1  d ,
f (1) d |n  d 
d n
Definition 2: The arithmetical function I given by
Since f(1) ≠ 0. This establishes the existence and uniqueness of f –1 by induction.
 1   1 if n  1 Note: We have (f * g) (1) = f(1)g(1). Hence, if f(1) ≠ 0 and g(1) ≠ 0 then (f * g)(1) ≠ 0. This
I (n)     
 n  0 if n  1
fact, along with Theorem 1, 2, and 3, tells us that the set of all arithmetical functions f with
is called the identity function. f(1) ≠ 0 forms an abelian group with respect to the operation *, the identity element being the
function I. The following can be easily verified:
Theorem 2: For all f we have I * f  f * I  f
( f * g )1  f 1 * g 1 if f (1)  0 and g (1)  0.
Proof: We have
Definition 3: We define the unit function u to be the arithmetical function such that u(n) = 1
n d 
I (n )   f (d ) I     f (d )    f ( n) for all n.
  d |n
d n
   d   I (n ) .
d |n
From Theorem 6.6 we see that In the notation of Dirichlet multiplication
d |n
since [d /n] = 0 if d < n
this becomes μ * u = I. Thus u and μ are Dirichlet inverses of each other.
Dirichlet inverses :
Recall that f is said to be multiplicative if f(mn) = f(m)f(n) whenever gcd(m, n) = 1.
Theorem 3: If f is an arithmetical function with f(1) there is a unique arithmetical function
Theorem 4: If f and g are multiplicative, so is their Dirichlet product f * g.
f -1, called the Dirichlet inverse of f, such that
f * f 1  f 1 * f  I Proof: Let h = f * g and let m and n be relatively prime integers. Then
-1
Moreover, f is given by the recursion formulas  mn 
h(mn )   f  c  g  
c|mn  c .
1 1 n
f 1 (1)  , f 1 (n)    f   f 1 (d ) for n  1
f (1) f (1) d |n  d  Now every divisor c of mn can be expressed in the form c = ab where a | m and b | n.
d n
Moreover, gcd(a, b) = 1, (m / a, n / b) = 1, and there is a one-to-one correspondence between
 
Proof: Given f, we shall show that the equation f * f 1 (n)  I (n) has a unique solution for
the set of products ab and the divisor c of mn. Hence
the function values f -1(n). For n = 1 we have to solve the equation
 mn  m n
h(mn )   f  ab  g     f  a ) f (b  g   g  
 f * f  (1)  I (1)
1 a|m
b|n
 ab  a|m
b|n
 a  b
which reduces to
m n
f (1)  f 1 (1)  1   f (a ) g   f (b) g    h(m)h(n ).
1 a|m  a  b|n b
Since f(1) ≠ 0 there is one and only one solution, namely f (1)  1/ f (1). Assume now that the
1 This completes the proof.
function values f (k ) have been uniquely determined for all k < n. Then we have to solve the
 
equation f * f 1 (n)  I (n) , or Theorem 5: If both g and f * g are multiplicative, then f is also multiplicative.
n Proof: We prove it by contradiction. Assume f is not multiplicative. Let h = f * g. Since f is
 f   f 1  d   0
d 
d |n
not multiplicative there exists positive integers m and n with gcd(m, n) = 1 such that
This can be written as
f(mn) ≠ f(m)f(n).
n
f (1)  f 1 (n)   f   f 1  d   0 We choose such a pair m and n for which the product mn is as small as possible.
d |n d 
d n

85 86
1. If mn = 1 then f(1) ≠ f(1)f(1) so f(1) ≠ 1. Since h(1) = f(1)g(1) = f(1) ≠ 1, this shows that h To study the average of an arbitrary function f we need a knowledge of its partial sums
n
is not multiplicative.
 f (k ) .
k 1
Sometimes it is convenient to replace the upper index n by an arbitrary positive real
2. If mn > 1, then we have f(ab) = f(a)f(b) for all positive integers a and b with gcd(a, b) = 1
and ab < mn. Now, we argue as in the proof of Theorem 4, except that in the sum defining
number x and to consider instead sums of the form  f (k ).
kx

h(mn) we separate the term corresponding to a = m, b = n.

Here it is understood that the index k varies from 1 to [x], the greatest integer ≤ x. If 0 < x < 1
We then have
the sum is empty and we assign it the value 0. Our goal is to determine the behavior of this
 mn  m n
h(mn )   f  ab  g  ab   f (mn) g (1)  
a|m a|m
f (a ) f (b) g  g    f (mn )
 a  b
sum as a function of x, especially for large x.
b|n b|n
ab mn ab mn For the divisor function we will prove a result obtained by Dirichlet in 1849, which is

m n stronger than (1), namely

  f (a ) g   f (b) g    f (m) f (n )  f (mn )
a|m  a  b|n b  d (k )  x log x  (2C  1) x  O( x) (2)
 h(m)h( n )  f (m) f (n )  f (mn ). k n
For all x ≥ 1. Here C is Euler’s constant, defined by the equation
Since f(mn) ≠ f(m)f(n) this shows that h(mn) ≠ h(m)h(n) so h is not multiplicative.
 1 1 1 
C  lim  1     log n  (3)
-1
Theorem 6: If g is multiplicative, so is g , its Dirichlet inverse.
n
 2 3 n 
The symbol O( x ) represents an unspecified function of x which grows no faster than some
Proof: This follows at once from Theorem 5 since both g and g * g-1 = I are multiplicative.
constant times x . This is an example of the “big oh” notation which is defined as follows.
8.2. Averages of Arithmetical Functions
We have discussed various identities satisfied by arithmetical functions such as μ(n), ϕ(n)
8.3. The big O (oh) notatin
etc., . We now inquire about the behavior of these and other arithmetical functions f(n) for
Definition 4: If g(x) > 0 for x ≥ a, we write f(x) = O(g(x)) (read: “f(x) is big oh of g(x)”) to
large values of n.
mean that the quotient f(x) / g(x) is bounded for x ≥ a; that is , there exists a constant M > 0
For example, consider d(n), the number of divisors of n. This function takes on the
such that
value of 2 infinitely often (when n is prime) and it also takes on arbitrarily large values when
f ( x)  Mg ( x) for all x  a.
n has a large number of divisors. Thus the values of d(n) fluctuate considerably as n
An equation of the form f(x) = g(x) + O(g(x)) means that f(x) – g(x) = O(g(x)). We note that
increases.
Many arithmetical functions fluctuate in this manner and it is often difficult to f(t) = O(g(t)) for t ≥ a implies a
x
f (t )dt  O  g(t)dt  for x  a.
x

determine their behavior for large n. Sometimes it is more fruitful to study the arithmetic
f ( x)
mean Definition 5: If lim  1 we say that f (x) is asymptotic to g(x) as x →∞, and we write
x  g ( x)
1 n f (x) ~ g(x) as x →∞.
f (n)   f (k )
n k 1 In equation (2) the term xlogx is called the asymptotic value of the sum; the order two terms
Averages smooth out fluctuations so it is reasonable to expect that the values f (n ) might represent the error made by approximating the sum by its asymptotic value. If we denote this
behave more regularly than f(n). This is indeed the case for the divisor function d(n). We error by E(x), then (2) states that

will prove later that the average d (n ) grows like log n for large n; more precisely, E ( x)  (2C  1) x  O( x ). (4)
d (n) This could also be written E(x) = O(x), an equation which is correct but which does not convey
lim 1 (1)
n  log n
the more precise information in (4). Equation (4) tells us that the asymptotic value of E(x) is
This is described by saying that the average order of d(n) is log n.
(2C – 1)x.

87 88
8.4. Euler’s Summation Formula Theorem 8: If x ≥ 1 we have:

Sometimes the asymptotic value of a partial sum can be obtained by comparing it with an 1 1
integral. A summation formula of Euler gives an exact expression for the error made in such an
(a)  n  log x  C  O  x .
n x

1 x1s
approximation. In this formula [t] denotes the greatest integer ≤ t. (b) n    ( s)  O  x  s  if s  0, s  1.
n x
s
1 s
Theorem 7: If f has a continuous derivative f on the interval [y, x], where 0 < y < x, then
1
(c) n s
 O  x1s  if s  1.

x x
f (n)   f (t )dt   (t  [t ]) f (t )dt  f ( x )([ x ]  x )  f ( y )([ y ]  y ) (5)
n x

x 1
 n    1  O  x  
y y
y n  x
(d) if   0.
Proof: Let m = [y], k = [x]. For integers n and n – 1 in [y, x] we have n x
Proof: For part (a) we take f (t) = 1/t in Euler’s summation formula to obtain
n n
 [t ] f (t )dt   (n  1) f (t )dt  (n  1){ f (n)  f (n  1)} 1 dt x t  [t ] x  [ x]
n  
x

t 1 t 2
n 1 n 1
 dt  1 
={nf ( n)  ( n  1) f ( n  1)}  f ( n). n x
1 x
x t  [t ] 1
Summing from n = m + 1 to n = k we find  log x   dt  1  O  
1 t2  x
k  t  [t ]  t  [t ] 1
 {nf (n)  (n  1) f (n  1)}    log x  1   dt   dt  O   .
k
 m
[t ] f (t )dt 
n  m 1 y n x
f ( n) 1 t2 x t2 x

=kf ( k )  mf ( m)   f ( n),
Since t – [t] ≤ 1, the improper integral 
 t  [t ]
dt exists since 
 1
dt converges. Also,
y n  x 1 t2 1 t2
hence  t  [t ]  1 1
0 2
dt   2 dt 

k
f (n )    [t ] f (t )dt  kf (k )  mf (m)
1 t 1 t x
y n  x
m
so the last equation becomes
x
=   [t ] f (t )dt  kf ( x )  mf ( y ). (6) 1  t  [t ] 1
y  n  log x  1  
n x
1 t2
dt  O   .
x
Integration by parts gives us This proves (a) with
t  [t ]
x x
 y
f (t )dt  xf ( x )  yf ( y )   tf (t )dt ,
y C  1 

dt .
1 t2
and when this is combined with (6) we obtain (5). Letting x → ∞ in (a) we find that
 1   t  [t ]
8.5. Some Elementary Asymptotic Formulas lim    log x   1   dt ,
x 
 n x n  1 t2
The next theorem gives a number of asymptotic formulas which are easy consequences of so C is also equal to Euler’s constant.
Euler’s summation formula. In part (a) the constant C is Euler’s constant defined in (3). In part
To prove part (b) we use the same type of argument with f(x) = x–s, where s > 0, s ≠ 1. Euler’s
(b), ζ(s) denotes the Riemann zeta function which is defined by the equation summation formula gives us

1 x t  [t ] x  [ x]
 ( s)   if s  1, 1 dt
n
x

n s
s
  s  s 1 dt  1 
n 1
n x
1 ts 1 t x
and by the equation x1 s 1  t  [t ] 1
   1  s dt  O  s  .
1 s s 1 1 t s 1 x 
 1 x1 s 
 ( s)  lim    if 0  s  1.
x 
 n s 1  s  1 x1 s
Therefore n
n x
s

1 s
 C ( s)  O( x  s ), (7)

89 90
 1  t  [t ] Now we use Theorem 2 (d) with α = 0 to obtain
s  1 1 t s 1
Where C ( s)  1  s dt.
x
If s > 1, the left member of (7) approaches ζ(s) as x → ∞ and the terms s1–s and x–s both approach
 1  d  O(1).
q x / d
0. Hence C(s) = ζ(s) if x > 1. If 0 < x < 1, x–s → 0 and (7) shows that
Using this along with Theorem 2 (a) we find
 1 x1 s 
lim   s    C ( s). x  1
x 
 n x n 1  s   d (n)    d  O(1)   x  d  O( x)
n x d x d x

Therefore C(s) is also equal to ζ(s) if 0 < s < 1. This proves (b).  x log x  C  O ( x 1 )  O ( x )  x log x  O ( x ).
To prove (c) we use (b) with s > 1 to obtain
This is a weak version of (8) which implies
1 1 x1s  1
n   ( s)     O  s   O( x1s ),
s  d (n) x log x x  
s s
n x n x n 1 x 
since x–s ≤ s1–s. n x

Finally, to prove (d) we use Euler’s summation formula once more with f(t) = tα to obtain and gives log n as the average order of d(n).
 
 n  
n x
1
t     t  1 (t  [t ])dt  1  ( x  [ x ])
1
To prove the more precise formula (8) we return to the sum (9) which counts the number of
lattice points in a hyperbolic region and take advantage of the symmetry of the region about
=
x 1

1
 1  1
x

 O   t  1dt  O ( x )
1  the line q = d. The total number of lattice points in the region is equal to twice the number
below the line q = d plus the number on the bisecting line segment. Therefore,
x 1
=  O( x ). x 
 1  d (n)  2   d  d  O(1)   O(
n x
x)
d x
8.6. The Average Order of d(n) 1
 2x   2  d  O( x )
d
Theorem 9: For all x ≥ 1, we have d x d x

 d (n)  x log x  (2C  1) x  O( x ), (8)

 x
2



 2 x log x  C  O ( x 1/2 )  2   O ( x )   O ( x )
n x
 x log x  (2C  1) x  O ( x ).
where C is Euler’s constant.
This completes the proof of Dirichlet’s formula.
Proof: Since d (n)  1 we have  d (n) 1.
d |n n x n  x d |n The Average Order of the Divisor Function 𝝈(n)
This is a double sum extended over n and d. Since d | n, we can write n = qd and extend the sum
Theorem 10: For all x ≥ 1 we have
over all pairs of positive integers q, d with qd ≤ x. Thus

 d (n)   1.
n x q ,d
(9)  (n)  2  (2) x
1 2
 O( x log x ). (11)
n x
qd  x

(A lattice point is a point with integer co-ordinates). The lattice points with qd = n lie on a 2
Note: It can be shown that  (2)  . Therefore (11) shows that the average order of σ(n)
hyperbola, so the sum in (9) counts the number of lattice points which lie on the hyperbolas 6

corresponding to n = 1, 2, …, [x]. For each fixed d ≤ x we can count first those lattice points  2n
is .
12
on the horizontal line segment 1≤ q ≤ x / d, and then sum over all d ≤ x. Thus (9) becomes
Proof: The method is similar to that used to derive the weak version of Theorem 3. We have
 d (n) 
n x
 1.
d  x q x / d
(10)

91 92
 (n)   q   q    q
n x n  x q|n q ,d d  x q x /d
8.7. Summary
qd  x
In this chapter we introduced Dirichlet product and studied some properties of Dirichlet
 1  x   x   x
2 2
1  1 product. Also we studied asymptotic behavior of some arithmetical functions.
      O     2  O  x 

d x  2  d   d   2 d x d  d x 
d
8.8. Keywords
x 2  1  1  1
    (2)  O  2    O ( x log x )   (2) x  O ( x log x ), 9. Dirichlet product, asymptotes, average order.
2

2 x  x  2
8.9. Exercises
where we have used parts (a) and (b) of Theorem 2.
1. Prove the following statement or exhibit a counter example. If f is multiplicative then
The Average Order of ϕ(n) F (n)   f (d ) is multiplicative.
d |n
The asymptotic formula for the partial sums of Euler’s totient involves the sum of the series

 (n) 2. Assume f is multiplicative. Prove that

n 1 n
2
.
a. f 1 (n)   (n) f (n) for every square free n


 2
This series converges absolutely since it is dominated by n 1
n . It can be proved that b. f 1 ( p 2 )  f ( p)2  f ( p 2 ) for every prime p.
3. Use Euler’s summation formula to deduce the following for x ≥ 2:

 (n) 1 6
 n 2
  .
 (2)  2
(12)
log n 1 2  log x 
If we assume this result, then we have
n 1
a. 
n x n
 log x  A  O 
2  x 
 , where A is a constant

 (n) 
 (n )  (n ) 1  1 
   b.  n log n
 log(log x )  B  O   , where B is a constant
n x n2 n 1 n2 n x n2 2n x  x log x 
6  1 6 4. If x ≥ 2, prove that
 2  O   2   2  O ( x 1 )
  n x n   d (n) 1
 n
 log2 x  2C log x  O 1 , where C is Euler’s constant.
2
by part (c) of Theorem 2. We now use this to obtain the average order of ϕ(n). n x

5. If x ≥ 2 and α > 0, α ≠ 1, prove that

Theorem 11: For x > 1 we have
d (n) x1 log x
  ( )2  O  x1  .
3
 ( n )  
n x
2
x 2  O( x log x ), 
n x n


1
3n
so the average order of ϕ(n) is . 8.10. References
2
n 1. Introduction to Analytic Number Theory, Tom M. Apostol, Springer
Proof: We have  (n)    (d ) .
d |n d 2. An Introduction to Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
Therefore 3. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and
n

n x
 (n )    (d ) 
n  x d |n d
  (d )q    (d )  q
q ,d d x q x /d
Hugh L. Montgomery, John Wiley & Sons, Inc.
qd  x


1  x 
2
 x 
 x2  (d )  1
   (d )     O      2  O  x  
d x 2  d 
  d 
 2 d x d  d x d 
x2 6  1  3 2
  2  O     O ( x log x )  2 x  O ( x log x ).
2    
x 

This completes the proof.

93 94
 UNIT – 9
ORDER OF AN INTEGER MODULO N, PRIMITIVE ROOTS FOR PRIMES

Structure:
9.0. Objective
9.1. Order of an integer modulo n
9.2. Primitive Root
9.3. Primitive roots for primes
9.4. Summary
9.5. Keywords
9.6. Exercises
BLOCK – III 9.7. References

9.0. Objective
PRIMITIVE ROOTS Gauss defined primitive roots in his book Disquisitions Arithmeticae (1801), where he credited
Euler coining the term. Primitive roots are often used in Cryptography. In this chapter we study

& two important concepts: the order of an element a and the primitive root modulo m. Also, we
will then identify those positive integers that possess primitive roots and study some interesting
applications.
QUADRATIC RECIPROCITY LAW
9.1. Order of an integer modulo n
Definition: Let a and m be positive integers such that gcd(a, m) = 1. A positive integer h is
called order (or exponent) of a modulo m if it is the least integer such that
.
Euler’s theorem guarantees such an exponent always exists, for by Euler’s Theorem
given integers a, m > 1 with gcd(a, m) = 1, . But need not be the least
one. By well-ordering principal there always exists such a least positive integer.
Example 1: The order of 5 modulo 13 is 4.
Consider

95 96
Example 2: The order of 7 mod 13 is 12. From (1) and (2) and since t and are positive t = . This completes the proof.
Consider
Corollary 1: If order of a modulo m is h, then order of ak, where k is a positive integer, is h if
and only if (h, k) = 1.
Example 3: If order of a modulo p, p a prime, is 3 then we show that the order of a + 1 modulo
. p is 6.
Theorem 1: Let an integer a has order h modulo m that is . Then the following Proof: Given that is that is .
holds: Since .
(i) If , for some integer k then h | k.
(ii) If , then b has order h modulo m. .
(iii) if and only if . Example 4: We show that every odd prime divisor of is of the form 4k + 1.
Proof of (i) : By the definition of order of a , we have k ≥ h. Also by division algorithm Also we show that every odd prime divisor of is of the form 8k + 1.
integers q and r such that Given where p is an odd prime. Hence This implies
Consider . . This implies for some integer k.
[ Similarly, we can prove the other result.
Hence . This is a contradiction if Hence
r = 0. 9.2. Primitive Root

Proof of (ii) : Let Then for any positive integer t, . This Definition 2: Let m be a positive integer and ‘a’ be any integer such that gcd(a, m) = 1. Then ‘a’

implies is called primitive root modulo m if .

Proof of (iii): Consider where i and j are positive integers. Suppose i > j. Example 5: Let m = 7 and a = 2. Then ord a = 3. But . Hence 2

Then . By (i) we have is not a primitive root modulo 7.

Example 6: Let a = 3 and m = 7. Then ord a = 6. Hence Hence 3 is a
Note: By (iii) we have are mutually incongruent modulo m.
primitive root modulo 7.
Theorem 2: If a has order h modulo m, then has order , where d = gcd(h, k).
Theorem 3: If a is a primitive root modulo m, then
Proof: Since Then
(i) { } is a reduced residue system modulo m.
.
(ii) is also a primitive root modulo m if k and are relatively prime.
This implies . Since such that
(iii) there are ( ) primitive roots modulo m.
. This implies
Proof of (i): Since a is relatively prime to m, (ak, m) = 1 k, 1 ≤ k ≤ . Also 1, a, a2, …,
( ) (1)
are mutually incongruent mod m. For, consider with
Consider . Hence . Suppose . Then Hence which is impossible

( ) (2) because .

97 98
 Let a1, a2, …, is a reduced residue system modulo m. Let r be an integer coprime Clearly if then and hence β is also a solution of
to m. Then (r, m) = 1 and . For example, consider . It has two
for some unique j, . (3) incongruent solutions, namely 4 and 10.

Hence, for each k, , there exist a unique t such that Thus Theorem 4: [Lagrange's theorem] Given a prime p, let f(x) = a0 + a1x + … + anxn; ai Z be a

for some unique h, . Hence polynomial of degree n such that (mod p): Then the polynomial congruence f(x) 0

. (4) (mod p) has at most n solutions.

2 Proof: We prove this theorem by induction. Since (mod p), the equation a1x + a0 0
Hence from (3) and (4) 1, a, a , …, is a RRS mod m.
(mod p) has a unique solution. Thus, the theorem is true for n = 1. Suppose that the theorem is
Proof of (ii) and (iii) : If a is a primitive root modulo m, then { } is a reduced
true for polynomials of degree n – 1. Assume, also, that the equation
residue modulo m. Hence if b is any other primitive root modulo m, then there exists a unique k,
a0 + a1x + … + an xn 0 (mod p); (mod p)
such that such that
has n + 1 incongruent solutions mod p; say x0, x1, … , xn: We have
By Carollary 1, is primitive root if (k, ) = 1. Thus there are ( ) such k exists.
∑
Hence there are ( ) primitive roots modulo m.
where degree of g(x) is n – 1 and the leading coefficient of g(x) is cn which is (mod p). We
Example 7: If 5 is a primitive root modulo 54, then we find the remaining incongruent primitive
observe that for every 1 ≤ k ≤ n, f(xk) f(x0) (mod p).
roots.
Thus, f(xk) – f(x0) = (xk – x0) g(xk) 0 (mod p).
Solution: By above result, 54 has ( ) primitive roots mod 54. Hence 54 has
Since xk and x0 are incongruent (mod p), we get g(xk) 0 (mod p)
( ) 6 primitive roots. Since 5 is a primitive root, the remaining roots are of for every 1 ≤ k ≤ n. Thus, g(x) 0 (mod p) has n incongruent solutions (mod p), which
the form 5k with (k, 18) = 1. Hence, the positive integers < 18 and relatively prime to 18 are 1, contradicts our induction hypothesis that it can have at most n – 1 solutions. Therefore,
5, 7, 13 and 17. Therefore, primitive roots are 51, 55, 57, 511 and 513 mod 54 i.e, 5, 47, 41, 29, 23, a0 + a1x + … + an xn 0 (mod p); (mod p)
and 11 respectively. Thus, the remaining primitive roots are 11, 23, 29, 41 and 47. has at most n solutions. By induction, we have proved the result for all n ≥ 1.
Corollary 2: If p is a prime number and d | p – 1, the congruence
9.3. Primitive Roots for Primes:
By (iii) of Theorem 3, if m has a primitive root modulo m then it has ( ) primitive
has exactly d incongruent solutions mod p.
roots. But this does not assures us that whether a positive integer m has a primitive root or not.
Proof: Since d | p – 1 implies p – 1 = dk for some k. Then
For example, 8 has no primitive root. Therefore the question arises: what kind of positive
integers m have primitive roots? To answer this question let us consider some polynomial
where the polynomial f(x) is of degree p – 1 – d. Hence, the congruenc has
congruence.
atmost p – 1 – d incongruent solutions mod p. Since the congruence has
Definition 3: Let f(x) be a polynomial with integral co-efficient. An integer α is a solution of
exactly p – 1 incongruent solutions (1, 2, 3, … , p – 1) (by Fermat’s Theorem),
.
has at least (p – 1) – (p – 1 – d) = d incongruent solutions mod p. But again by
Fermat’s Theorem, has exactly d incongruent solutions mod p.

99 100
Theorem 5: If p is a prime number and d | p – 1, then there are exactly incongruent 9.4. Summary
integers having order d mod p. In this chapter, we gave two important definitions of order of an element modulo n and primitive
Proof: Let d | p – 1 and denote the number of integers k, with that have root and studied some properties of them. Also, we answered the question which we asked in
order d mod p. Because each integer between 1 and p – 1 has order d for some d | p – 1, the beginning, not completely, what kinds of integers have primitive roots? We answered this
question partly by showing that all prime numbers have primitive roots. In the next chapter we
∑
completely answer this question.
At the same time putting these together
9.5. Keywords
∑ ∑ (5)
Order of an element, primitive root, polynomial, incongruent solution.
Next, we need to show that for every d. To this end, we consider two
cases: 9.5. Exercises
Case 1: Let . Then clearly, . 1. Compute the order of 2 with respect to the prime moduli 3, 5, 7, 11, 13, 17, and 19.
Case 2: Suppose . Then there exist an integer a of order d mod p. Then the d integers 2. Compute the order of 10 with respect to the modulus 7.
a, a2, … , ad are incongruent mod p and each of them satisfies the polynomial congruence 3. Find a primitive root modulo 23.
(6) 4. Find a primitive root modulo 41.
for . 5. Prove that 2 is a primitive root modulo 101.
But by Corollary 2, there can be no other solutions of equation (6). Hence any integer 6. What is the order of 3 modulo 101? Is 3 a primitive root modulo 101?
having order d mod p must be congruent to one of a, a2, … , ad. But, we know that ak has order 7. Prove that 2 is a primitive root modulo 53.
d if and only if gcd(k, d) = 1. Hence only integers a, a2, … , ad have order d. Hence 8. Let g be a primitive root modulo the odd prime p. Prove that −g is a primitive root
. modulo p if and only if p ≡ 1 (mod 4).
Thus, in both cases . But, the equality (5) to hold, for all 9. Suppose the exponent of an integer a modulo m is m – 1. Prove that m is a prime.
d | p – 1. 10. If a has order hk mod n, then prove that ah has order k modulo n.
Example 8: Let p = 19. Then 1, 2, 3, 6, 9 and 18 are the divisors of p – 1 = 18. Let us form the 11. If a has order n – 1 mod n, then n is a prime.
table with . 12. Show that the odd prime divisors of the integer n2 + n + 1 that are different from 3 are of
the form 6k + 1.
d 1 2 3 6 9 18
13. Prove that there are infinitely many primes of the form 4k + 1 and 8k + 1.
Incongruent integers having 4, 5, 6, 9, 2, 3, 10, 13,
1 18 7, 11 8, 12 14. Let p and q be odd primes such that q | ap – 1. Then prove that either q | p – 1 or q =
order d 16, 17 14, 15
2kp + 1 for some integer k.
1 1 2 2 6 6
15. Verify that each of the congruences x2 ≡ 1(mod 15) and x2 ≡ -1(mod 65) has four
1 1 2 2 6 6 incongruent solutions and hence Lagrange’s theorem need not hold if the modulus is a
composite number.

Corollary 3: If p is prime, then there are exactly incongruent primitive roots of p. 16. Determine all the primitive roots of the primes 11, 19 and 23.

101 102
 17. Let r be a primitive root of the odd prime p. Prove the following: UNIT –10
a. If p ≡ 1(mod 4), then –r is also a primitive root of p
b. If p ≡ 3(mod 4), then –r has order (p – 1) / 2 mod p.
COMPOSITE NUMBERS HAVING PRIMITIVE ROOTS

Structure:
9.6. References:
10.0. Objective
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication 10.1. Composite Numbers Having Primitive Roots
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier 10.2. Theory of Indices
3. Basic Number Theory, S. B. Malik, Vikas Publications 10.3. Summary
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley 10.4. Keywords
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer 10.5. Exercises

10.0. Objective
In the last chapter, we saw that all the prime numbers have primitive roots. In this chapter, our
aim is to find all composite numbers which have primitive roots.

10.1. Composite Numbers Having Primitive Roots

Theorem 1: Show that the integers 2 and 4 possess one primitive root each which are 1 and 3
respectively.
Proof: We have   2   2  1  1 and 11  1 mod 2  . This shows that 1 is the primitive root of 2.

 
Similarly,   4    22  22  21  4  2  2 and 12  1 mod 4  and 32  1 mod 4  . This shows

that 3 is the primitive root of 4. Thus, 2 and 4 possess one primitive root each which are 1 and 3
respectively.
Theorem 2: Integer of the form 2n has no primitive root for n  3.

 
Proof: Let a be an odd integer. We will show that a 2 n2  1 mod 2n for n  3.

For n = 3 we have
a 2  1 mod 8

Since a is odd, it is congruent to 1, 3, 5 or 7 (mod 8). Thus, a 2  1 mod 8 . Suppose the

statement holds for n = m  3 i.e.,

 1 mod 2m 
m2
a2
m2
This implies a 2  1    2m .

103 104
Consider, Lemma 1: If p is an odd prime, then there exists a primitive root r of p such that
   1   2m   1  2 2m   2 22 m
 m 1  2 2
r p1  1 mod p 2  .
m 1 m2 2
a2  a2  a2

 m 1 Proof: Since p is an odd prime it has a primitive root. Let r be a primitive root of p. If
Therefore, a 2  1   2m1   2 22 m
 1   2m1   2 2m1  2m1 r p1  1 mod p 2  then the proof is complete. If r p1  1 mod p 2  we replace r by r1 given by r1

 1  mod 2m1  or a 2  1  mod 2m1  .

 m 1  m 1  2
Therefore, a 2 = r+ p which is also a primitive root of p. Now, by binomial theorem

r1 p 1   r  p 
p 1
This shows that the result is true for n = m+1. Hence, by mathematical induction the result is
true for all values of n.  r p 1   p  1 pr p 2  mod p 2 

 1  pr p 2  mod p 2   r p 1  1  mod p 2  
Also, the integers relatively prime to 2m are the odd integers and  2m  2m1. Therefore    
Since is a primitive root of we have (r, = 1. Therefore,
 1 mod 2m  and hence there is no primitive root of 2n.
r p, p)
a (2
m
)/2

p | r p 1
. Hence, r1 p 1
 1 mod p  , which proves the lemma.
2

Theorem 3: If m, n > 2 and gcd(m, n) = 1 then there exists no primitive root (mod mn).
Proof: Suppose, if possible a is a primitive root to mn. Then (a, mn) = 1 and a has order (mn) Corollary 1: If p is an odd prime then p2 has a primitive root. In other words for a primitive
root r of p, either r or r + p is a primitive root of p2.
(mod mn).
Proof: If r is a primitive root of p, then the order of r modulo p2 is either p – 1 or p(p – 1) =
Now (a, mn) = 1  (a, m) = 1 and (a, n) = 1.
(p2). If r has order p – 1 modulo p2, then r + p is a primitive root of p2.
Therefore, a
  m
 1 mod m  and a  n   1 mod n  . Let d = gcd(ϕ(m), ϕ(n)).
Lemma 2: If p is an odd prime and r a primitive root of p such that r p-1  1 mod p 2 , then for  
Let
 p-1
 1 mod p k  .
k -2
each positive integer k  2, r p
  m   n 
h  (1) Proof: For k = 2 the result is true by the hypothesis. Let the result be true for k > 2. We shall
d
show that the result is true for k + 1.
Clearly, d  2.    m  ,   n  both are even  (2)
   
Since gcd r, p k 1  gcd r, p k  1, by Euler s theorem we have,

  m   n    mn 
  (mn)    1 mod p k 1 .
Hence, h
2

2 r
p k  2  p 1
r
 pk 1
 
n Therefore, there exists an integer a such that
Now a h  a  m    d
 1 mod m  (3)
p k  2  p 1
r  1  ap k 1 , p | a
 1  ap   1  ap  mod p k 1 
 m p k 1  p 1 k 1 p

 
k
r
and a h  a  n  d
 1 mod n  (4)

Since p | a, p k 1 | ap k . Hence
From (3) and (4), we have a h  1 mod mn   gcd  m, n   1 . This contradicts the assumption
 1 mod p k 1  .
k 1
( p 1)
that order of a is (mn). This contradiction proves that mn has no primitive root. rp

105 106
This shows the result is true for k + 1. Hence, by mathematical induction the given result will be We have 24  1 mod 15 , 44  1 mod 15 , 74  1 mod 15 , 84  1 mod 15 , 114  1 mod 15 ,
true for all values of k  2.
134  1 mod 15 and 144  1 mod 15
Theorem 4: There exists a primitive root for pk when p is an odd prime and k  1.
This shows that there exists no primitive root of 15.
Proof: Let p be an odd prime. If k = 1 then there exists a primitive root (mod p). Suppose
k > 1. By Lemma 1 and 2 there exists a primitive r (mod p) such that 10.2. The Theory of Indices
 1 mod p k  .
k 2
( p 1)
rp If r is a primitive root of n and (a, n) = 1 then the smallest positive integer h such that a 
h
 
In fact, any integer satisfying the condition r p 1  1 mod p 2 will do. We will show that r is a
r (mod n) is called the index of a relative to r. It is denoted by indr a. This can also be written as
r ind .a  a  mod n  .
primitive root for all powers of p.
Example 2: Find the index of 9 (mod 19).
Let n be the order of r mod pk. Then n must divide  p k  p k 1  p  1 . Also  
Solution: 2 is a primitive root of 19 and 28  9(mod 19). Therefore, ind2 9 = 8.
r  1 mod p
n k
 implies r  1 mod p  and  p  1 | n.
n
Therefore, n takes the form Example 3: Find the index of 5 (mod 13).

n p n1
 p  1 ,0  n1  k  1. Now, if n  p k 1
( p  1) then p k 2
( p  1) will be divisible by n and Solution: 2 is a primitive root of 13 and 29  5(mod 13). Therefore, ind2 5 = 9.
6, 7 and 11 are the other primitive roots of 13. Also, 69  5 (mod 13) and hence ind6 5  9.
we can write
73  5 (mod 13) and hence ind7 5 = 3 and 113  5 (mod 13) and hence ind11 5 = 3
 1 mod p k  .
k 2
( p 1)
rp
Example 4: Obtain the index of 17 (mod 18).
This contradicts the earlier assumed value of r. Therefore, n  p k 1 ( p  1) and r is a primitive
Solution: We can show that 5 is the smallest primitive root of 18. Now 53  17 (mod 18) and
k
root of p . therefore, ind517 = 3.
Corollary 2: There are primitive roots for 2pk where p is an odd prime and k  1. Theorem 5: Let a be a primitive root modulo n and b, c and k be any integers. Then
Proof: Let r be an odd primitive root for pk. Then (r, 2pk) = 1. The order n of r modulo 2pk i) b  c  mod n   ind a b  ind a c(mod  (n))
      
should divide  2 p k    2   p k   p k . Now, r n  1 mod 2 p k  r n  1 mod p k .    ii ) ind a  bc   ind a b  ind a c(mod  (n))

   
Therefore,  p k | n and so n   2 p k . Hence r is a primitive root of 2pk. iii ) ind a bk  k  ind a b(mod  (n ))
iv ) ind a 1  0(mod  (n)).
Example 1: Find the primitive root of 15.
Solution: The relatively primes to 15 are 2, 4, 7, 8, 11, 13, and 14. Proof: Let indab = r1 and indac = r2. Then

Also b  a r1  mod n  and c  a r2  mod n  . Now,

 15    3  5   3  15  1  2  4  8  23 i ) b  c  mod n   a r1  a r2  mod n   a r1 r2  1 mod n  .

Thus, 2 is the only prime divisor of (15) By definition,   n  | r1  r2  r1  r2 (mod  (n)) which proves i)
 m  15 8 We have,
  4
p 2 2 bc  a r1  a r2 (mod n)
Now a is a primitive root of 15 if a 4  1 mod 15 .  a r1  r2 (mod n).

107 108
ii) Now, if r = indabc then bc ≡ ar (mod n). Therefore, r1 + r2 ≡ r (mod ϕ(n)) and hence Proof: By properties ii) and iii) of Theorem 5, xk  a(mod n) can be written as a linear
ind a  bc   ind ab  ind a c(mod  (n)). congruence

iii) We have, k ind x  ind a(mod (n))

ind a bk =ind a (b  b  ...  k times) in the unknown ind x. Hence if d | ind a , there is no solution. But if d | ind a then there are
 ind a b  ind a b   upto k times(mod  ( n)) [using (ii) exactly d incongruent solutions.
=k  inda a b(mod  (n)). Theorem 9: Let n be an integer possessing a primitive root and let gcd(a, n) = 1. Then the
iv) Putting k = 0 in (iii), we have congruence xk  a(mod n) has a solution if and only if
inda1 ≡ 0 (mod (n)). a ( n )/d  1(mod n)
Theorem 6: If r is the smallest primitive root of n and rh  a (mod n) then h  indra (mod n). where d = gcd(k, (n)); if it has solution, there are exactly d solutions modulo n.
Proof: We have, r  a  mod n   a  r
h ind r a
 mod n  . Now, order of r (mod n) is (n). Proof: Taking indices, the congruence a ( n )/d  1(mod n) is equivalent to
Therefore, h = indra (mod n).  (n)
 ind a  0(mod  (n))
Theorem 7: If r is the smallest primitive root of n and if a1, a2 ,..., ak are all primes to n (mod d
which, in turn, holds if and only if d | ind a. But we have just seen that the latter is a necessary
(n)) then, ind. a1 + ind. a2 +…+ind. ak  ind.a1a2 … ak (mod (n)).
and sufficient condition for the congruence xk  a(mod n) to be solvable.
Proof: If r is the smallest primitive root of n, then, we have
Example 5: Construct the index (mod 18).
r ind.a1  a1  mod n 
Solution : we have (18) = (2.32) = (2) (32) = 6 and 5 is the smallest primitive root of 18.
r ind. a2
 a2  mod n 
Now,
50 = 1
r ind.ak  ak  mod n  .
51 = 5
Therefore, 52  7 (mod 18)
r ind.a1 inda2  ind. ak
 a1a2 ak  mod n  . 53  17 (mod 18)
54  13 (mod 18)
Hence, ind.a1  ind.a2   ind.ak  a1a2 ...ak  mod   n   .
55  11 (mod 18).
The theory of indices is applicable for the modulii having primitive roots. However, the table of
Therefore, the required index table for primitive root 5 is
indices may be prepared for each modulus. The theory of indices can be used to solve the
a 1 5 7 11 13 17
congruences. ind5a 0 1 2 5 4 3
Theorem 8: The congruence
xk  a(mod n) k 2 Example 6: Solve the linear congruence : 7x  2(mod 9)
where n is a positive integer having a primitive root and gcd(a, n) = 1, has no solution if Solution : We know that 2 is a primitive root modulo 9.

d | ind a and exactly d incongruent solutions if d | ind a where d = gcd(k, (n)). Now
21=2
109 110
 22 = 4  ind2x  3(mod 4)
23 = 8 = 3, 7, 11.
4
2  7 (mod 9) The integers corresponding to these indices will be 8, 11 and 7. Therefore, the required solutions
25  6 (mod 9) are
and 6
2  1 (mod 9). x  7, 8 and 11 (mod 13).
This gives that index of 2 is 1 and 7 is 4. Example 8: Solve the congruence 17 x 20  19  mod 37 
The given congruence 7x  2 (mod 9) is equivalent to ind.7 + ind.x  ind.2 (mod (9)) Solution: The given congruence is equivalent
 4+ ind.x  1 (mod 6) Ind. 17 + 20 ind. x  ind. 19(mod (37))
 ind.x  –3 (mod 6)
 7+20 ind. x  35 (mod 36)    37   36
 3 (mod 6) .
 20 ind. x  28 (mod 36)
 x  23 (mod 9)
 ind. x = 5, 14, 23, 32 (mod 36)
 8 (mod 9).
The integers corresponding to these indices are 32, 30, 5, 7. Therefore, the solution of the given
This gives that the solution of the given congruence are of the form 9t + 8 where t = 0,  1, .... .
congruence is given by x  5,7, 30, 32 (mod 37).
Example 7: Solve the congruence: x 3  5  mod 13
Example 9: Construct the index table for 17 with primitive root 5.
Solution: We know that 2 is a primitive root modulo 13. Solution: We have, (17) = 16 and 5 is the primitive root.
Now, Now, we have,
21 = 2 (mod 13) 50 = 1,
2
2 = 4 (mod 13) 51 = 5,
23 = 8 (mod 13) 52  8 (mod 17),
4
2  3 (mod 13)
53  6 (mod 17),
25  6 (mod 13)
54  13 (mod 17),
26  12 (mod 13)
55  14 (mod 17),
7
2  11 (mod 13)
56  2 (mod 17),
28  9 (mod 13)
57  10 (mod 17),
29  5 (mod 13)
58  16 (mod 17),
This gives that index number of 2 is 1 and 5 is 9.
59  12 (mod 17),
The given congruence x  5  mod 13 is equivalent to
3
510  9 (mod 17),
3 ind2x  ind25 (mod (13)). 511  11 (mod 17),
That is 3 ind2x  9(mod 12). 512  4 (mod 17),

111 112
 513  3 (mod 17), Therefore, 2 is the smallest primitive root of 19. Now we will find an integer h such that
14
5  15 (mod 17),
2h  7mod19, 0  h  18.
515  7 (mod 17).
This gives h = 6. We consider the congruence
Thus, we have the following index 516  1 (mod 17) table.

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ky  h mod  n

0 6 13 12 1 3 15 2 10 7 11 9 4 5 14 8 15 y  6mod 18.
ind.a
This gives y  4,10,16mod 18.

Therefore, the solution of the given congruence are given by

Example 10: Show that the congruence x18  5 (mod 73) is not solvable.
x  2 4 , 210 , 216 mod19
Solution : Here
 16, 7, 5 mod19.
 n   73  72
10.3. Summary
d  n,  n  18,72  18
 n  In this chapter we completely answered the question “what kind of integers have primitive
Therefore, a d  5  1mod 73.
4
roots?” which was asked in Chapter 9 by showing 2, 4, pk and 2pk are the only integers having
primitive roots. Also we introduced index of a modulo n and used to solve some congruence
Hence, by Theorem 9, the given congruence is not solvable.
equation.
Example 11: Solve x15  7mod19.
10.4. Keywords
Solution: Here k = 15 and n = 19. Consider Primitive root, Index of an element.

 n   19  18  2  3 . 2 10.5. Exercises:

d  n,  n  15,18  3 1. Verify that 3 is a primitive root mod 52, 53, and 72.
 n  18 2. Find a primitive root modulo p2 for each odd prime 11, 13, 17, and 19.
Therefore, a d 73 3. Find a primitive root modulo pk for each odd prime p and k ≥ 2:
6
7 a) p = 3, k = 4 b) p =5, k = 3.
 1mod19. 4. Determine whether each integer has a primitive root: 46, 486, 1024 and 2187.
5. If p is an odd prime, then prove that pk and 2pk have the same number of primitive roos.
Hence, by Theorem 9 the given congruence is solvable.
6. Assume that r is a primitive root of the odd prime p and (r  tp) p1  1(mod p 2 ) . Show
Obviously 2 and 3 are the only prime divisors of (19). Also
that r + tp is a primitive root of pk for each k ≥ 1.
2  7mod19
6
7. Using a table of indices for a primitive root of 11, solve the following congruences:
 1mod 19 a) 7x3 ≡ 3(mod 11) b) 3x4 ≡ 5(mod 11) c) x8 ≡ 10(mod 11).

113 114
 8. Solve each of the congruences using indices: UNIT –11
a) 7x ≡ 13(mod 18)
b) 2x4 ≡ 5(mod 13)
EULER’S CRITERION, LEGENDRE SYMBOL AND ITS PROPERTIES
c) 85x ≡ 5(mod 13)
Structure:
d) 34x + 1 ≡ 10(mod 19).
11.0. Objective
9. Using indices, determine the remainder when the first integer is divided by the second:
11.1. Euler’s Criterion
(a) 231001, 13 (b) 517 719, 13
11.2. Legendre Symbol
10. Let α be a primitive root modulo a positive integer m > 2. Then indα(m – 1) = ϕ(m) / 2.
11.3. Summary
11. Let α be a primitive root modulo a positive integer m > 2 and gcd(a, m) = 1. Then
11.4. Keywords
indα(m – a) = indα(a) + ( ϕ(m) / 2).
11.5. Exercises
12. Let p be an odd prime. Then the congruence x2 ≡ –1(mod p) is solvable if and only if p
11.6. References
is of the form 4k + 1.
11.0. Objective
10.6. References:
We studied solvability of linear congruences in chapter 3. In this chapter we study quadratic
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication congruences. This includes quadratic residue, Legendre symbol and its properties and we prove
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier Gauss Lemma.
3. Basic Number Theory, S. B. Malik, Vikas Publications
11.1. Euler’s Criterion
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
We are now going to study in detail polynomial congruences of degree two or, as they are called,
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer
quadratic congruences, that is to say, of the form ax2 + bx + c ≡0 (mod p) where we can assume
p to be an odd prime. So, consider the congruence

ax 2  bx  c  0 (mod p), p an odd prime, and a  0(mod p) . (5)

The supposition that p is an odd prime implies that gcd(4a, p) = 1. Thus, the
quadratic congruence in Eq. (1) is equivalent to
4(ax 2  bx  c)  0 (mod p) .

By using the identity 4a(ax 2  bx  c)  (2ax  b)2  (b2  4ac)

we have
(2ax  b)2  (b2  4ac) (mod p).
Putting y = 2ax + b and d = b2 – 4ac, we get
y 2  d (mod p). (6)

115 116
Thus, the problem of finding a solution to the quadratic congruence in Eq. (1) is equivalent to Theorem 1: (Euler’s criterion) Let p be an odd prime and gcd(a, p) = 1. Then a is a quadratic
that of finding a solution to a linear congruence and a quadratic congruence of the form residue of p if and only if a ( p1)/2  1(mod p).

x 2  a(mod p). (7) Proof: Let a be a quadratic residue mod p and (a, p) = 1. Then the quadratic congruence x2 ≡
a(mod p) has a solution, say x0.
Whenever x 2  a(mod p) has a solution x = x0, there is also a solution x = p – x0. This second
Thus, x02  a(mod p) where gcd( x0 , p)  1 (8)
congruence is not congruent to the first. For, x0 ≡ p – x0(mod p) implies that 2x0 ≡ 0(mod p),
p 1
By Fermat’s Little Theorem, we have x 0  1(mod p) (9)
which is impossible. By Lagrange’s Theorem of Chapter 9, x 2  a(mod p) has exactly two
Therefore,
solutions. Therefore, Eq. (3) has either no solutions or exactly two incongruent solutions.
a ( p 1)/2   x02 
( p 1)/2

Example 1: Solve the quadratic congruence 3x  4 x  7  0 (mod 13) .

2
 x0p 1 (mod p )
Solution: Multiply both sides by 4 3 = 12. Then, we get  1(mod p ). [from (2)
36 x  48x  84  0 (mod 13)
2

Conversely, suppose a ( p1)/2  1(mod p). Then, by Corollary 3 of Chapter 9, primitive root mod
that is,
(6 x  4)2  (16  84) (mod 13) p exists. Let r be a primitive root mod p. Then 1, r, r2, …, rp–1 forms a reduced residue system

(6 x  4)2  10 (mod 13) mod p and a  r k (mod p) for some integer k such that , 1 ≤ k ≤ p – 1.

Let y = 6x – 4. Then y2 ≡ 10(mod 13). This congruence has exactly two solutions, namely 6 and Now, we have,
1  a ( p 1)/2   r k 
( p 1)/2
7. (mod p )
k ( p 1)
Therefore, the solutions of the original congruence are given by those of the linear
r 2
(mod p ).
congruences 6x – 4 ≡ 6(mod 13) and 6x – 4 ≡ 7(mod 13), namely, x ≡ 6, 4(mod 13).
As r is a primitive root mod p, order of r is p – 1. This implies ( p  1) | k ( p21) . This implies that

Definition 1: Let p be an odd prime and gcd(a, p) = 1. If the quadratic congruence k must be an even integer, say 2t. Therefore, a  r 2t (mod p). This shows rt is a solution of
x  a(mod p) has a solution, then a is said to be a quadratic residue of p. Otherwise a is called
2
x 2  a(mod p).
a quadratic nonresidue of p. Corollary 1: Let p be an odd prime and gcd(a, p) = 1. Then a is a quadratic residue or non-
Note 1: If a ≡ b(mod p) and a is a quadratic residue of p, then b is also a quadratic residue of p. residue of p according to whether
Therefore, we only need to determine the quadratic nature of those positive integers less than p.
a ( p1)/2  1(mod p) or a ( p1)/2  1(mod p).
Example 2: Let p = 13. Then,
Proof: If p is an odd prime and gcd(a, p) = 1. Then,
12  122  1 (mod 13), 22  112  4 (mod 13), 32  102  9 (mod 13) , 42  92  3(mod 13),
(a ( p1)/2  1)(a ( p1)/2  1)  a ( p1)  1  0(mod p)
52  82  12 (mod 13) and 62  72  10(mod 13).
by Fermat’s theorem. Hence, either
Hence, 1, 3, 4, 9, 10 and 12 are quadratic residues modulo 13 while 2, 5, 6, 7, 8, and 11 are
a ( p1)/2  1(mod p) or a ( p1)/2  1(mod p)
quadratic non-residues modulo 13. This shows that the integers between 1 and 12 are divided
equally among the quadratic residues and non-residues.

117 118
but not both. If both holds, then we would have 1  1(mod p) , or equivalently, p | 2, which is Proof of (ii): Using part (i), we have

impossible. By Euler’s criterion, a quadratic non-residue of p does not satisfy a ( p 1)/2

 1(mod p) (ab / p)  (ab)( p1)/2  a ( p1)/2b( p1)/2  (a / p)(b / p)(mod p).

and hence it must satisfy a ( p1)/2  1(mod p) . Part (iii) is clear from the definition.

Example 3: Let p = 13 and a = 2. Consider Proof of part (iv): Clearly a satisfies the congruence x 2  a 2 (mod p) and hence (a2 / p) = 1.

2(131)/2  26  64  12  1(mod 13). Corollary 2: If p is an odd prime, then

Hence, 2 is a quadratic non-residue mod 13.  1 if p  1(mod 4)

( 1 / p)  
 1 if p  3(mod 4)
Suppose a = 3. Then,
Proof: Because (p – 1)/2 is even for a prime p of the form 4k + 1 and odd for p of the form 4k +
3(131)/2  36  (27)2  12  1(mod 13).
3, part (i) of Theorem 2, proves the required result.
Hence, 3 is a quadratic residue mod 13.
Example 4: Consider the congruence x 2  46(mod 17). Applying part (i) and (ii) of Theorem
11.2. The Legendre Symbol 2, we have,
For an odd prime p and an integer a with gcd(a, p) = 1, the Legendre symbol (a | p) is (–46 / 17) = (–1 / 17)(46 / 17) = (46 / 17). [17 ≡ 1(mod 4)
defined to be 1 if a is a quadratic residue modulo p, and −1 otherwise. For completeness, one Because 46 ≡ 12(mod 17), it follows that
defines (a / p) = 0 if p | a. The following theorem summarizes the essential properties of the (46 / 17) = (12 / 17). [by part (iii)
2
Legendre symbol. Now, (12 / 17) = (3 2 / 17) = (3 / 17).
From Example 2, we have (1 / 13) = (3 / 13) = (4 / 13) = (9 / 13) = (10 / 13) = (12 / 13) = 1 But
and (2 / 13) = (5 / 13) = (6 / 13) = (7 / 13) = (8 / 13) = (11 / 13) = –1. (3 / 17)  3(171)/2  38  812  ( 4)2  1(mod 17).
Theorem 2. Let p be an odd prime, and let a, b Z such that gcd(a, b) = 1. Then, we have Therefore, (–46 / 17) = –1.. Hence the quadratic congruence x 2  46(mod 17) has no solution.
(i) (a / p) ≡ a
(p−1)/2
(mod p); in particular, (−1 / p) = (−1) (p−1)/2
; Theorem 3: If p is an odd prime, then
(ii) (a / p)(b / p) = (ab / p);
p 1
(iii) a ≡ b (mod p) implies (a / p) = (b / p);  (a / p)  0.
a 1
(iv) (a2 / p) = 1.
Hence, there are precisely (p – 1)/2 quadratic residues and (p – 1)/2 quadratic non-residues of p.
Proof of (i) : If p divides a, then both sides of the congruence are 0. If p does not divide a, then,
Proof: Let r be a primitive root of p. Then 1, r, r2, …, rp–1 are just a permutation of the integers
by Fermat’s theorem,
1, 2, …, p – 1. Thus, for any a lying between 1 and p – 1, inclusive, there exists a unique
a 
( p 1)/2 2
 a p1  1(mod p) ,
positive integer k (1 ≤ k ≤ p – 1), such that a  r k (mod p) . By appropriate use of Euler’s
and so
a(p−1)/2 ≡ ±1 (mod p). criterion, we have
Applying Corollary 1, we have
(a / p)  ( r k / p)   r k    r ( p1)/2   ( 1)k (mod p).
( p 1)/2
a(p−1)/2 ≡ 1 (mod p) if and only if (a | p) = 1
k
(10)
and so
a (p−1)/2
≡ −1 (mod p) if and only if (a | p) = −1.

119 120
where, because r is a primitive root of p, r ( p1)/2  1(mod p) . But (a / p) and (–1)k are equal to But r1, r2,...,rm, s1, s2,…,sn are congruent (mod p) to a, 2a,…, [( p  1) / 2] a in some order.

either 1 or -1, so that equality holds in Eq. (6). Now add up the Legendre symbols in question to Hence,
obtain  p 1  p 1
 !   1 a  2a  a  mod p 
n
 
p 1 p 1  2   2 
 (a / p)   ( 1)  0
k
 p 1 
   p 1
  1 a   !  mod p 
a 1 a 1 n 2 
which is the desired conclusion. 
 2 
Corollary 3: The quadratic residues of an odd prime p are congruent mod p to the even powers Because [(p – 1) / 2]! is relatively prime to p, we have
of a primitive root r of p; the quadratic non-residues are congruent to the odd powers of r.
 p 1 
 
1   1 a   mod p 
n
Theorem 4: (Gauss Lemma): If p is an odd integer, a is an integer such that (a, p) = 1 and n is 2 

the number of integers in the set

 p 1 
 
  1  mod p  .
n
 a 2 
  p 1 
a, 2a,....,  a (11)
  2  
By Euler’s criterion we have

whose remainder upon division by p exceeds p / 2. Then (a / p)   1 .

n
 p 1 
 
  1  mod p   (a / p)   1 .
n n
(a / p)  a  2 

Proof: Since (a, p) =1, each integer of (7) is co-prime to p and no two of them are congruent to
Theorem 5: If p is an odd prime then
each other (mod p). Let r1, r2,…,rm be the remainder on division by p such that 0 < ri < p/2 and
s1,s2,...sn be the remainders such that p/2 < si < p. Then m + n = (p – 1) / 2, and the integers  1 if p  1 mod 8 or p  7  mod 8 

(2 / p)  
r1, r2, … ,rm p – s1, …, p – sn  1 if p  3  mod 8  or p  5  mod 8 

p 2 1
are all positive and less than p / 2. Hence, (2 / p)   1 8

We shall show that these integers are distinct. Suppose if possible p – si =rj for som i and Proof: By Gauss Lemma, we have
j. Then there exist integers h and k with 1  h, k  ( p  1) / 2 such that si  ha (mod p) and ri  ka (2 / p)   1
n

where n is the number of integers in the set

(mod p). This gives,  h  k  a  si  rj  p  0  mod p    h  k   0  mod p  .
  p  1 
But this is not possible because 1 < h + k  p – 1. Hence r1, r2,…,rm, p – s1,…,p – sn are all 2  1, 2  2, 2  3, ,2 
  2 
distinct. Thus, r1, r2,…,rm, p – s1,…, p – sn are simply the integers 1, 2,…, ( p  1) / 2 . Therefore, p
which on division by p have remainder greater than . For 1 ≤ k ≤ (p – 1) / 2, we have
their product is 2

[( p  1) / 2]!  r1, r2 ...rm  p  s1  ...  p  sn   p p

2k < p / 2 if and only if k < p / 4. Then there are   integers in the above set less than .
 r1.r2 ...rm   s1  ...   sn  mod p  4 2

  1 r1r2 ...rm s1...sn.

n p 1  p  p
Therefore, n     is the number of integers which are greater than .
2  
4 2

121 122
Since p is an odd prime it must have any one of the form 8k+1, 8k+3, 8k+5 or 8k+7. p1
Theorem 6: If p and 2p+1 are both odd primes then  1 2  2 is a primitive root of 2p+1.
Now,
Proof: We put q = 2p+1. Since p and 2p+1 are both odd primes, we have either p  1(mod 4) or
if p = 8k + 1 then n = 4k –[2k + (1/4)] = 4k – 2k = 2k
p  3 (mod 4).
if p = 8k + 3 then n = 4k + 1 – [2k + (3/4)] = 4k +1 – 2k = 2k + 1
 p1 
if p = 8k + 5 then n = 4k + 2 – [(2k +1) + (1/4)] = 4k + 2 – (2k + 1) = 2k + 1 If p 1 (mod 4) then  1 2 

 2  2 . Now (q) = q – 1 = 2p, the order of 2 modulo q is any one
and if p = 8k + 7 then n = 4k +3 – [(2k +1) + (3/4)] = 4k +3 – (2k + 1) = 2k + 2.
of the number 1, 2, p or 2p.
Thus, we see that n is even when p is of the form 8k+1 or 8k + 7 and therefore (2 / p)  1
Also we have
and if p is of the form 8k + 3 or 8k + 5 then n is odd which gives (2 / p)  1.
(2 / p)  2( q1)/2  2 p  mod q  .
Further
2
 8k 1 1
2 But q  3 (mod 8), there for    1.
  1 8 if p  8k  1 q
 Hence, 2p  –1(mod q). This shows that 2 cannot have order p modulo q. Also 2 cannot have
8k  3 1
2


p 2 -1
  1 8 if p  8k  3
1 8 = order 1 and 2 because 22  1(mod q) implies q /3 which is impossible. So the order of 2 modulo q
8k  5 1
2


 1 8 if p  8k  5 is 2p. This shows that 2 is a primitive root of q.
 8k  7 1
2
( p 1)/2
 1 8 If p  3mod 4 then 1  2  2 and
 if p  8k  7
2  (2 / q)  (1 / q)(2 / q)mod q.
p

 64 k 16 k
2

  1 8 if p  8k  1 Since q  7 (mod 8) we have ( 1 / q)  1.

 64 k 2  48k  8
  1 if p  8k  3 Also (2 / q)  1. Therefore, (–2)p  –1 (mod q).
 8

64 k 2  80 k  24
 This shows that –2 is a primitive root of q.
  1 8 if p  8k  5
 64 k 2 112 k  48 Theorem 7: There are infinitely many primes of the form 8k – 1.
 1 8 if p  8k  7 Proof : Suppose there are only finite number of primes of the form 8k – 1 given as p1, p2,…, pn.
 1 if p  1mod 8 Let

1 if p  3mod 8
N   4 p1 p2 ... pn   2.
2
=
 1 if p  5mod8
 1if p  7mod 8 Obviously N is an integer of the form 2(8k – 1). Therefore, it will have an odd prime divisor, say
 1 if p  1mod p p. So, N  0(mod p). This implies that x2  2(mod p) has a solution 4p1p2…pn (mod p).
=
1 if p  3mod p Therefore, (2 / p)  1 .
p 2 -1 Hence, p must be of the forms 8k + 1 or (8k – 1) by Theorem 5. Since p and 2, p1, p2,…,
Hence, (2 / p)  1 8 .
pn are coprime, p cannot be of the form 8k – 1. So it is of the form 8k + 1. This shows that all

123 124
prime divisors of N are of the form 8k + 1. This implies that N is of the form 8k + 1. This is a Let us use the fact that p ≡ a ≡ 1(mod 2) and translate this last equation into a congruence
modulo 2:
contradiction. Hence, there are infinitely many primers of the form 8k – 1.
( p 1)/2  ( p 1)/2  ka  
Theorem 8: If p is an odd prime and a an odd integer, with gcd(a, p) = 1, then 0   k  1       n  (mod 2)
k 1
 k 1  p  
 p 1 

 2 

 ka  or
(a / p)   1   p
k 1  . ( p 1)/2  ka 
n    (mod 2)
k 1  p 
Proof: We shall employ the same notation as in the proof of Gauss’ lemma. Consider the set of
The rest follows from Gauss’ lemma; for,
integers  p 1 
 
 2 
 ka 
  p 1 
S = a, 2a,....,  (a / p)  ( 1)n   1   p
k 1  
a
  2   as we desired to show.
Divide each of these multiples of a by p to obtain Example 5: Evaluate (504 / 23).
ka = qkp + tk 1 tk p–1
Solution : We have (504 / 23)  (62 14 / 23)  (62 / 23)(14 / 23)  (14 / 23)   6, 23  1
Then ka / p = qk + tk / p, so that [ka / p] = qk. Thus, for 1 k (p – 1) / 2, we may write ka in
the form  1.  14 isa quadratic non-residue of 23.

 ka  Example 6: Evaluate (168 / 11).

ka    p  tk (12)
 p
Solution: We have 168 = 23 3 7
If the remainder tk < p / 2, then it is one of the integers r1, r2, … ,rm; on the other hand, if tk >
 (168 /11)  (23  3  7 /11)  (2 /11)3 (3 /11)(7 /11)   1  1   1  1.
3
p / 2, then it is one of the integers s1, s2, …, sn.
Taking the sum of the (p – 1) / 2 equations in (8), we get the relation [ 2 and 7 are quadratic non- residues of 11 and 3 is a quadratic residue of 11]
( p 1)/2( p 1)/2  ka  m n Example 7: Evaluate ( 23 / 59).
 ka     p   rk   sk (13)
k 1 k 1  p  k 1 k 1 Solution: We have

We know that from Gauss’ lemma that the (p – 1) / 2 integers ( 23 / 59)  ( 1  23 / 59)  ( 1 / 59)  (23 / 59)
  1  (23 / 59)
r1, r2, … ,rm p – s1, …, p – sn
 (23 / 59)
are just a rearrangement of the integers 1, 2, …, (p – 1) / 2. Hence  1.  23 isa quadratic residue of 59 
( p 1)/2 m m m n
 k   rk   ( p  sk )  pn   rk   sk (14) Example 5: Evaluate n of Gauss Lemma for (5 / 19).
k 1 k 1 k 1 k 1 k 1
p  1 19  1
Solution : Here, a = 5 and p = 19. Therefore,   9. So, S = {5, 10, 15, 20, 25, 30,
Subtracting (10) from (9) gives 2 2
35, 40, 45}. With respect to modulo 19 the members of S will become 5, 10, 15, 1, 6, 11, 16, 2,
( p 1)/2  ( p 1)/2  ka   n
(a  1)  k       n   2  sk (15)
k 1  p  p 19
k 1
  k 1
and 7. Four of these numbers are greater than  . Therefore, n = 4.
2 2

125 126
Example 6: Evaluate n of Gauss Lemma for (11 / 23). .
p  1 23  1 9. Use Gauss lemma to evaluate each of the Legendre symbol:
Solution: Here, a = 11 and p = 23, Therefore,   11. So, S = {11, 22, 33, 44, 55,
2 2 (a) (8 / 11) (b) (7 / 13) (c) (11 / 23) (d) (6 / 31)
66, 77, 88, 99, 110, 121}. With respect to modulo 23 the members of S will become 11, 22, 10, 10. For an odd prime p, prove that there are (p – 1)/2 – ϕ(p – 1) quadratic non-residues of p
p 23 that are not primitive roots of p.
21, 9, 20, 8, 19, 7, 18, and 6. Five of these numbers are greater than  . Therefore, n = 5.
2 2
11.6. References:
11.3. Summary
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
In this chapter, we studied quadratic congruences and quadratic residues through Legendre
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
symbol.
3. Basic Number Theory, S. B. Malik, Vikas Publications

11.4. Keywords 4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley

Quadratic congruence, Quadratic residue, Legendre symbol. 5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer

11.5. Exercise
1. Solve the quadratic congruences:
a) x2 + 5x + 3 ≡ 0(mod 11)
b) x2 + 3x + 11 ≡ 0(mod 13)
2. Determine which of the following congruences are solvable:
a) x2 ≡ –10(mod 127)
b) x2 ≡ 73(mod 173)
c) x2 ≡ 2(mod 59)
3. Find all quadratic residues mod 19, given that 2 is a primitive root mod 19.
4. Verify that the quadratic residues of 17 are 1, 2, 4, 8, 9, 13, 15, and 16.
5. Show that 3 is a quadratic residue of 23, but a non-residue of 31.
6. Given that a is a quadratic residue of the odd prime p, prove the following:
a) a is not a primitive root of p
b) The integer p – a is a quadratic residue or non-residue of p according as p ≡
1(mod 4) or p ≡ 3(mod 4).
7. If p = 2k + 1 is prime, verify that every quadratic non-residue of p is a primitive root of p.
8. Evaluate the following Legendre symbol:
(a) (3 / 31) (b) (2 / 31) (c) (3 / 73) (d) (–23 / 59)

127 128
 y
 q
UNIT –12  0, 
 2
p q
B  2, 2 
C  

QUADRATIC RECIPROCITY LAW AND QUADRATIC CONGRUENCES E

Structure:
O (0,0) D (k,0) A p  x
12.0. Objective  ,0 
2 
12.1. Quadratic Reciprocity Law
12.2. Quadratic Congruences with Composite Moduli
A lattice point (whose coordinates are integers) (m, n) inside the boundary OABC satisfies
12.3. Summary
p 1 q 1
12.4. Keywords 1 m  and1  n  .
2 2
12.5. Exercises
We will count these lattice points. Since p and q are odd integers, the number of such points will
12.6. References
be
12.0. Objective  p 1  q 1
 .  (16)
In the last two chapters, we have seen how quadratic congruences leads to the definition of  2  2 
q
quadratic residues and then to the study of Legendre symbol and its properties. In this chapter Now the equation of diagonal OB is given by y  x. We will show that no lattice point lies on
p
we prove one of the most fascinating law “quadratic reciprocity law” which deals with the
the diagonal OB. Suppose if (m, n) lies on OB. Then
solvability of quadratic congruences. Also, we study the quadratic congruences with composite
q
moduli. n m  pn  qm  p | qm
p

12.1. Quadratic reciprocity law  p | m.  gcd  p, q   1

 p 1   q 1  p 1
Theorem 1: If p and q are distinct odd primes, then ( p / q)( q / p)   1 .
2  2 

. This is not possible because m  . Therefore no lattice point lies on the diagonal OB. Let R1
2
Proof : We consider a rectangular region R (excluding the boundaries) with vertices (0,0), be the portion of R below OB and R2 the portion of R above OB. We will count the lattice points

 p   q  p q inside these two regions. We consider a point D(k, 0) on OA. Let the perpendicular on D meets
 ,0  ,  0,  and  ,  .
 2   2  2 2  kq 
the diagonal on E. The number of lattice points lying on DE will be   .
 p
 p 1 
 
 2 
 kq 
Therefore, the number of lattice points lying in R1 will be   p .
k 1  

129 130
  q 1 
 
Example 2: Show that, (43 / 23)  (23 / 43).
 2 
 kp 
Similarly, the number of lattice points lying in R2 will be   q  . Thus, the total number of Solution: Here, we have 23 and 43 both are odd primes and both
k 1  
lattice points lying in R will be 23  4  5  3
 p 1   q 1  43  4  10  3
   
 2 
 kq   2 
 kp 
  p    q  (17) are of the form 4k + 3. Therefore, (43 / 23)  (23 / 43).
k 1   k 1  
Example 3: Evaluate (59 / 131).
From (1) and (2) we have
Solution : Here 59 and 131 both are odd primes and
 p 1 
 
 p 1  q 1  2 
 kp  59 = 4  14 + 3
 .
 2  2 
 q (18)
k 1   131 = 4  32 + 3
By Theorem 7 of Chapter 11, we have are of the form 4k + 3. Therefore,
 q 1 
 
 p 1 
 
(59 / 131)  (131 / 59)  (13 / 59)
 2   2 
 kq   kp 
( p / q)( q / p)   1   p
k 1 

   1 k 1
q
   (59 / 13)  13  1  mod 4 
 p 1   q 1   (7 / 13)  (13 / 7)  ( 1 / 7)
  1  
 2  2 

.
 ( 1)  1.
Corollary 1: If p and q are distinct odd primes then Example 4: Evaluate (71 / 73).
Solution: We have
1 if p  1 mod 4  or q  1 mod 4 
( p / q)( q / p)  
 1 if p  q  3  mod 4  (71 / 73)  (73 / 71)  73  4  18  1
 (2 / 71)
Proof: We have
 p 1   q 1   1.  71isan odd prime and 71  7  mod 8 
( p / q)( q / p )  1  .
2  2 


12.2. Quadratic Congruences with Composite Moduli

  p  1  q  1
1 if  .  iseven
  2  2  Theorem 2: If p is an odd prime and a is any integer such that (a, p) = 1 then the congruence

1if  p  1 . q  1  isodd x 2  a  mod p n  , n  1 has a solution if and only if (a / p)  1 .
   
  2  2 
Proof: Suppose the given congruence has a solution x0. Then
1if at least one of p or q  4k  1

1if both p and q  4k  3 x02  a  mod p n 
1if p 1mod 4 or q 1mod 4  p n |  x02  a 

1if p  q  3 mod 4  p |  x02  a 
Example 1: Show that, (113 / 43)  (43 / 113).  x 2  a  mod p  has a solution
Solution : Here 43 and 113 are both odd primes and 113 is of the form 4k+1 and 43 is of the
form 4k+3  (113 / 43)  (43 / 113).

131 132
 Therefore, by Euler’s criterion (a / p)  1. Conversely, suppose (a / p)  1. Then by Euler’s Let x1= x0 + y02n-1 is a solution of x2  a(mod 2n+1), because

criterion x 2  a  mod p  . This shows that the given statement is true for n =1. Now we assume x12  ( x0  y0 2n 1 )2  x02  x0 y0 2n  y02 22 n 2
 a  (b  x0 y0 )2n  y02 2n 32n 1
  
that x 2  a mod p m has a solution. We shall show that x 2  a mod p m1 also has a solution. 
By the way y0 was chosen, 2 | (b + x0y0); hence x12  ( x0  y0 2n1 )2  a(mod 2n1 ) has a
Let x0 be the solution of x  a mod p 2
 m
. Then x  a  bp
2
0
m
for some integer b. Obviously
solution for n  3.
(2x0, p) = 1. Therefore the linear congruence 2x0y  –b(mod p) has a solution say y0.
Conversely, suppose x2  a (mod 2n) has a solution x0 for each n  3 then we have
Let x1  x0  y0 p . m

x02  a  mod 2n 
Then
x12  ( x0  y0 p m )2  x02  2 x0 y0 p m  y02 p 2 m  x02  a  mod 8  .
 a  (b  2 x0 y0 ) p m  y02 p m1 p m1
m+1 m As a is odd, x0 will also be odd. We have
Since p | (b + x0y0), p | (b + x0y0)p , it follows that
x0  1,3,5,7  mod 8 or a  x02  1 mod 8
m1
x =( x0  y0 p )  a(mod p
2
1
m 2
).
Theorem 4: Let n  2k0 p1k1 prkr be the prime factorization of n > 1 and let gcd(a, n) = 1. Then
This shows that x1 is a solution of x2  a(mod pm+1). Hence, by mathematical induction we have
x 2  a  mod n  is solvable if and only if
that x2  a (mod pn) has a solution for n  1.
(a) (a / pi) = 1 for i = 1, 2, … ,r;
Theorem 3: If a is an odd integer, then (b) a  1(mod 4) if 4 | n, but 8 | n ; a  1(mod 8) if 8 | n.
i) x2  a (mod 2) always has a solution
Proof: Since the problem of solving the quadratic congruence x 2  a  mod n  is equivalent to
ii) x2  a (mod 4) has a solution iff a  1 (mod 4)
iii) x2  a (mod 2n), n  3 has a solution iff a  1 (mod 8). that of solving the system of congruences
Proof: 
x 2  a mod 2k0 
i) We have a  1 (mod 2) [ a is an odd integer ] x 2
 a  mod p 
k1
1
2
Therefore 1 is the solution of x  a (mod 2).
ii) Since a is an odd integer we have a  1 or 3 (mod 4) , Also, b2  1 (mod 4), where b is an x 2  a  mod prkr 
odd integer. Now the congruence x2  a (mod 4) has a solution b if a  1(mod 4). Also, if
the last two theorems may be combined to solve the quadratic congruence x 2  a  mod n  .
a  1(mod 4), then 1 and 3 both satisfy x2  1(mod 4).
Example 1: Show that the congruence x2  3 (mod 88) has no solution.
iii) Suppose a  1(mod 8). Then we have to show that x2  a (mod 2n), n  3 has a solution.
Solution: We have x2  3 (mod 88)
2
For n = 3 we have x  1 (mod 8). Obviously 1, 3, 5, and 7 satisfy this congruence. Thus,  3 (mod 811).
2
the given congruence has a solution for n = 3. Suppose the congruence x  a(mod 2 ) has n
This shows that the given congruence is solvable if the congruences
a solution x0 for n  3. Then, x  a  b  2 for someinteger t.
2
0
n x2  3 (mod 8) and x2  3 (mod 13) are solvable.

Also, x0y  –b(mod 2) has a unique solution y0. But, x  3 (mod 8) has no solution, because 3  1 mod 8 .
2

133 134
Therefore, the given congruence has no solution. We know that any solution of x2  91(mod 33) is also a solution of x2  91(mod 3).
2
Example 2: Show that the congruence x  9 (mod 40) is solvable. Now
2
Solution: We have, x  9(mod 40) which is equivalent to the following simultaneous quadratic x2  91(mod 3)
congruences  x2  1(mod 3).
2
x  9 (mod 8) Obviously 1 is a solution of this congruence. Let x0 = 1.
2
and x  9 (mod 5). Now,
Now 9  1 (mod 8) therefore, x2  9(mod 8) has a solution. x02  1  91  90
Also, (9 / 5)  (32 / 5) . Therefore, x2  9 (mod 5) has a solution. Hence, the given quadratic  91  3  30  .

congruence has a solution. Therefore, b = –30. Consider the congruence 2y  30(mod 3). Then, y  0(mod 3). Hence
y0 = 0. We have x1 = x0 + y032. Hence x1 = 1 + 0 32 = 1. Therefore x1 = 1 is a solution of
2
Example 3: Show that the congruence x  105 (mod 199) has no solution x2  91(mod 9).
Solution: Here 199 is a prime. We have Since, x12  1  91  90
(105 / 199)  (3  5  7 / 199)  (3 / 199)(5 / 199)(7 / 199)
 91  9  10  ,
 ( 1)(199 / 3)(199 / 5)( 1)(199 / 7)
[ 199  4  49  3, 3  4  0  3, 5  4  1  1 and 7  4  1  3] b = –10. Consider the linear congruence 2y  10(mod 9). Then, 2y  1(mod 9). Clearly y1 = 5 is
 (1 / 3)(4 / 5)(3 / 7)  1 1  ( 1)  (7 / 3)  ( 1)(1 / 3)  1 1  1 a solution of this congruence. Therefore, x2 = x1 + y132 = 1 + 5 9 = 46  19(mod 27). Hence, x2
Therefore, the given congruence has no solution. = 19 is a solution of the congruence x2  91(mod 27).
Example 4: Show that the congruence x2  608 (mod 743) is solvable.
12.3. Summary
Solution: Here 743 is a prime. We have
In this chapter we explored the theory of quadratic congruences via quadratic residue and
(608 / 743)  (4 2  2  19 / 743)  (4 2 / 743)(2 / 743)(19 / 743) established several criteria for determining the solvability of the congruence x2  a(mod p) where
 744 
  1 
 4 

  1 (743 / 19)  19  4  4  3 p is an odd prime p | a.

  1  1  (2 / 19)

186

 20 
12.4. Keywords
  1   1 4    1   1  1.
5
Quadratic Reciprocity Law, Composite Moduli.

Hence, the given congruence is solvable. 12.5. Exercise:

1. Let p = 11 and q = 7. Using the notation in the proof of the law of quadratic reciprocity
Example 5: Solve the congruence x2  91(mod 27)
Theorem, we have m + n + M + N = |S × T| = 15. Compute the numbers m, n,M, and N.
Solution: We use method given in Theorem 2. We have
Check that (7 / 11) = (−1)m and (11 / 7) = (−1)n.
x2  91(mod 27)
2. Use quadratic reciprocity to compute (7 / 43). Find an integer x such that x2 ≡ 7 (mod 43).
 91(mod 33).
3. Use quadratic reciprocity to compute (19 / 101). Find an integer x such that x2 ≡ 19 (mod
Now (91/ 3)  (1/ 3)  1. Therefore, x2  91(mod 33) has a solution. 101).

135 136
 4. Prove that the congruence (x2 − 2)(x2 − 17)(x2 − 34) ≡ 0 (mod p) has a solution for every
prime number p.
5. Use quadratic reciprocity to find all primes p for which −2 is a quadratic residue.
6. Use quadratic reciprocity to find all primes p for which 3 is a quadratic residue.
7. Find all primes for which −3 is a quadratic residue.
8. Find all primes for which 5 is a quadratic residue.
9. Find all primes for which −5 is a quadratic residue.
10. Let x1 = 3. Costruct integers xk such that xk2 ≡ 2 (mod 7k) and xk ≡ xk −1 (mod 7k −1) for k =
2, 3, 4.
11. Let p be a prime, p ≠ 3, and let a be an integer not divisible by p. Prove that if a is a
cubic residue modulo p, then a is a cubic residue modulo pk for every k ≥ 1.

12.6. References:

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

BLOCK – IV
2. Elementary Number Theory with Applications, Thomas Koshy, Elsevier
3. Basic Number Theory, S. B. Malik, Vikas Publications REPRESENTATION OF INTEGERS,
4. Elementary Number Theory and its Applications, Kenneth H. Rosen, Addison Wesley
5. Elementary Number Theory, Gareth A. Jones and Josephine Mary Jones, Springer FIBONACCI NUMBERS & CONTINUED
FRACTIONS

137 138
 UNIT – 13 Corollary 1: If m1, m2,…, mr are integers such that mi  ai2  bi2 ,1  i  r then m1.m2…mr = a2 +

b2 for some integers a and b.

SUM OF TWO SQUARES & SUMS OF MORE THAN TWO SQUARES
Theorem 2: Any integer of the form 4k +3 cannot be expressed as sum of two squres.
Proof: Any integer n can be written as n = 4k +r where r = 0, 1, 2, and 3. Therefore,
Structure:
13.0. Objective n  0, 1, 2, 3(mod 4) and n2  0, 1(mod 4)

13.1. Sum of two squares Suppose n = 4k+3 and if possible n = a2 + b2. Then n ≡ 3(mod 4) and hence 3  (a2 + b2) (mod

13.2. Method of expressing a prime p = 4k+1 as sum of two squares 4). Since a2  0, 1(mod 4) and b2  0, 1(mod 4), a2 + b2 is either 0, 1 or 2 (mod 4). It will never
13.3. Sum of more than two squares be 3.
13.4. Summary  a2 + b2  3(mod 4) never holds. So, n  a2 + b2.
13.5. Keywords Theorem 3: If p is prime and (a, p) = 1, then the linear congruence ax  y(mod p) has a solution
13.6. Exercises (x0, y0), where 0  x0  p and 0  y0  p.
13.7. References
Proof: Let m  1   p  . Then m2  p. The set of integers
13.0. Objective
 ax  y  : 0  x  m  1, 0  y  m  1
Mathematicians throughout history have been interested in problems regarding the representation
2
contains m elements. Since ax – y can take atmost p values, there exists integers (x1, y1) and (x2,
of integers as sums of squares. Diophantus, Fermat, Euler, and Lagrange are among the
y2) such that
mathematicians who made important contributions to the solution of such problems. There are
two main questions. First one is, which integers can be expressed as sums of two squares?  ax1  y1    ax2  y2  mod p 
Second one is, what is the smallest value of n such that every positive integer can be written as where x1  x2 or y1  y2 . Thus, we can write,
the sum not more than n squares? In this chapter, we shall discuss the problems of representing a( x1  x2 )   y1  y2  mod p 
numbers as sum of squares of two or more integers.
Setting x0  x1  x2 and y0  y1  y2 we see that (x0, y0) satisfies the given congruence and
13.1. Sum of Two Squares
0  x0  x1  x2  m  1   p   p and 0  y0  y1  y2  m  1   p   p
We have, 2 =12 +12 and 5 = 22 +12. Thus, 2 and 5 can be expressed as sum of two squares.
But 3 = 12 +12 + 12, 6 = 22 +12 +12 and 7 = 22 + 12 + 12 + 12 cannot be expressed as sum of Thus, (x0, y0) is the required solution.
two squares. Thus, all the integers cannot be expressed as sum of two squares. Theorem 4. (Fermat): An odd prime p is expressible as a sum of two squares iff p  1 (mod 4).
Theorem 1: If m and n are each sum of two squares, then their product mn is also a sum of two
Proof: Suppose, p is expressible as a sum of two square. Since p is an odd prime, we have p 
squares.
1(mod 4) or p  3 (mod 4). If p  3 (mod 4) then by Theorem 1, it cannot be expressed as sum of
Proof: Let m  a12  b12 and n  a22  b22 where a1, b1, a2 and b2 are integers. Then
two squares. Therefore, the only possibility is p  1 (mod 4).
mn   a  b
2
1
2
1  a
2
2 b   a a a b b a b b
2
2
2 2
1 2
2 2
1 2
2 2
1 2
2 2
1 2 Conversely, suppose p  1 (mod 4). Then the congruence

 a12a22  a12b22  b12a22  b12b22  2a1a2b1b2  2a1b2a2b1   a1a2  b1b2    a1b2  a2b1  . x 2  1 mod p 
2 2

This shows that the product mn can be expressed as sum of two squares. has a solution a, (say). This gives a2  –1 (mod p)  (a, p) = 1.

139 140
Therefore, the linear congruence ax  y (mod p) has a solution (x0, y0) such that Let a1 and a2 be odd and b1 and b2 be even. From (1) we have

0  x0  p and 0  y0  p a12  a22  b22  b12

Now, a 2  1 mod p    a1  a2  a1  a2    b2  b1  b2  b1  .
(2)
a x   x  mod p 
2 2
0
2
0 Let, (a1 – a2, b2 – b1) = d. Since a1 – a2 and b2 – b1 both are even integers, we have d is an even
 y02   x02  mod p  integer.
 x02  y02  0  mod p  Let, a1 – a2 = rd
This gives that there exists an integer k > 0 such that x  y  kp 2
0
2
0
b2 – b1 = sd (3)

 p  p for some integers r and s. Obviously gcd(r, s) =1. From (2) and (3) we have
2 2
Now, kp  x  y  2
0
2
0  2 p.
r(a1 + a2) = s(b2 + b1) (4)
Thus, we have, 0  kp  2 p 0k 2
From (4) we see that s | (a1 + a2) and r | (b2 + b1)
This gives k = 1. Hence, x02  y02  p.
Therefore, a1 + a2 = st (5)
Thus, p is expressible as sum of two squares. for some integer t. Then from (4) we have
Corollary 2: Any prime p of the form 4k+1 can be represented as sum of two squares uniquely. b2 + b1 = rt (6)
Proof: Suppose if possible Since (r, s) = 1, we see from (1) and (2) that t = gcd(a1 + a2, b2 + b1).
p = a2 + b2 = c2 + d2 where a, b, c and d are positive integers. Then Since a1 + a2, b2 + b1 both are even, t is even.

a 2d 2  b2c2  p  d 2  c2   0  mod p   ad  bc  mod p  or ad  bc  mod p  Therefore,

  a1  a2    a1  a2    b2  b1   b2  b1 
2 2 2 2
4n  2a12  2b12  2a22  2b22
Since, a, b, c and d are less than p , we have ad – bc = 0 or ad + bc = p .
 d 2  t 2 
Now, p   a  b  c    ad  bc    ac  bd   r 2d 2  s 2t 2  s 2d 2  r 2t 2   r 2  s 2  d 2  t 2  . Hence, n   r 2  s 2        .
2 2
2 2 2 2
d 2

 2   2  
 p 2   ac  bd  .
2

This shows that n is a composite number.

This gives ac – bd = 0. Thus we have ad = bc or ac = bd.
Theorem 6: A positive integer n > 1 can be written as the sum of two squares if and only if
If ad = bc then a | bc  a | c as gcd(a, b) = 1.
either it has no prime factor congruent to 3(mod 4) or if it has a prime factor congruent to 3 (mod
So c = ka. Putting this value of c in ad = bc we have d = bk.
4) then it occurs to an even power in the prime factorization of n.
Now p = c2 + d2 = k2(a2 + b2). This implies k = 1. Thus, a = c and b = d. Similarly, from the
Proof: Suppose n has the prime factorization.
condition ac = bd, we can show that a = d and b = c. Hence, the representation of p as a sum of
n  2r p1r1 p2r2 ... plrl q1s1 q2s2 ...qmsm (7)
two squares is unique.
Theorem 5: (Euler) If an integer n can be expressed as the sum of two squares in two different where pi ≡ 1 (mod 4) (1  i  l) and qj  3 (mod 4) (1  j  m).

ways, then n is composite. Suppose, n = x2 + y2 (8)

Proof: Let n be an odd integer and We will show that either each sj = 0 or if some sj  0 then it is an even integer. If all sj = 0 then

n  a12  b12  a22  b22 we have nothing to prove. If at least one sj  0 then we have to show that s1 is even. Suppose if
(1)
where a1, b1, a2 and b2 are integers and one of a1 and b1 is odd and one of a2 and b2 is odd. possible s1 is odd. Let d = (x, y). Then we have x = x0d, y = y0d, gcd(x0, y0) = 1.

141 142
 Theorem 7: A positive integer n can be expressed as the difference of two squares iff n is not of
n  x 2  y 2   x02  y02  d 2 
n
Now,  x02  y02 . (9)
d2 the form 4k +2.
Since s1 is odd, q1 divides x02  y02 to an odd power.
Proof: We know that a2  0 or 1 (mod 4) for all integers a. Therefore a 2  b2  0, 1 or 3 (mod 4).
Further gcd  x0 , q1   gcd  y0 , q1   1.
Hence, if n  2 (mod 4), we cannot have n = a2 – b2 for any integers a and b.
Let, y0t  x0  mod q1  (10)
If n is not of the form 4k +2 then n  0, 1 or 3 (mod 4).
Obviously it has a unique solution t ≡ t1 (mod q1).
2 2
n  n 1   n 1 
Therefore, 2  x02  y02  y02t12  y02  mod q1  If n = 1 or 3 (mod 4) then (n + 1) and (n – 1) are even integers such that n      ,
d  2   2 
This gives which is a difference of two squares.
y02 1  t12   0  mod q1  . 2 2
n  n 
If n ≡ 0 (mod 4) then we have n    1    1 which is again a difference of two square.
 1  t 2
1   0  mod q  1

  y0,q1   1 4  4 
 x 2  1 mod q1  Example 1: Express 113 and 229 as sum of two squares.

This has a solution t1 . Solution: we have

113 = 4∙28+1
Then q1 ≡ 3(mod 4) is not possible. So s1 cannot be odd. Hence, s1 is even. Conversely suppose
229 = 4∙57+1
each sj, 1  j  m is an even integer in the expression (1). Then, we have
Both are of the form 4k+1.
2 =1 +1=12 +12  2r = a2 + b2. [From Theorem 1]
Therefore 113 and 229 can be expressed as sum of two squares.
If pi  ai2  bi2 then piri  ci2  di2 . Therefore,
Now, 113 = 82 + 72 and 229 =152 + 22

n  2r p1r1 .... plrl q1s1 ....qmrm   a 2  b2  c12  d12  ...  cl2  d l2  q  ....  q
sl /2 2
1 m 
sm /2 2
Example 2: Express 153 as sum of two squares.

which is again sum of two square and which completes the proof. Solution : We have, 153  32  17  32  42  12   122  32

13.2. Method of expressing a prime p = 4k + 1 as sum of two squares Example 3: Express 1225 as the sum of two squares.

We use the continued fraction method to express p = 4k +1 as sum of two squares. The method is  
Solution : We have, 1225  52  49  52  72  42  32  72  282  212
as follows. Example 4: Express 1613 as the sum of two squares.
1  p  P1  p  P1 where P1   p  Solution: We have, 1613=4∙403+1 which is of the form 4k+1. Therefore it can be expressed as
p  P1 sum of two squares. We adopt the process of converting 1613 into a continued fraction till we
2  , Q1   p  P1  get Qr = Qr+1 for some r.
Q1
1613  40  40  1613 
p  P2 1  1613  40 
3  , Q2   p  P2  1  
Q2
1613  40 1613  40 1613  38
1    6
1613  402 13 13
p  Pn
 n1  , Qn   p  Pn  1613  38 1613  38
Qn 3  
1613  382 13
If Qr  Qr 1 then p  Pr21  Qr21 13

143 144
Thus, we have, 317  15 317  15 317  8
5    1
Q2  Q3  13. Here P3  38 317  152 23 23
4
Now, 1613  P32  Q32  382  132.
317  8 317  8 317  14
Example 5: Express 3185 as sum of two squares. 6    2
317  82 11 11
Solution : we have 3185 = 5∙72∙13 23
This prime factorization contains no odd power of a prime congruent to modulo 4. Therefore, the 317  14 317  14
7  
317  142 11
given number can be expressed as sum of two squares. Now
11
3185  5  7 2  13 Thus Q6 = Q7. Here P7 =14 Therefore,
  22  12    72  02    32  22 
317  P72  Q72  142  112.
 142  72    32  22 
Example 8: Express 153 as the difference of two squares.
 14  3  7  2   14  2  7  3
2 2
Solution: We have, 153 1 (mod 4).
 562  7 2. Therefore,
Example 6: Express 333 as the sum of two squares. 2 2 2 2 2
 n  1   n  1   153  1   153  1   153  1 
Solution: We have 333=32·37 n           77  76 .
2 2

 2   2   2   2   2 
This prime factorization contains no odd power of a prime congruent 3 modulo 4. Therefore, it
can be expressed as sum of two squares. Now
13.3. Sum of More Than Two Squares
333  32.37  32   62  12   182  32 . Theorem 8: If n is the form 8q + 7, then n is not expressible as the sum of three squares.
Proof: Suppose n = 8q + 7 and if possible n is the sum of three squares, i.e.,
Example 7: Express 317 as sum of two squares.
n = a2 + b2 + c2 (11)
Solution : We have, 317 = 4.79+1
for some integers a, b and c. Then we have
which is of the form 4k+1. Therefore, the given prime number can be expressed as sum of two
a 2  b2  c2  7  mod8
squares. (12)

Now Now a  1 mod 8 if a is odd

2

1  317  17  317  17  17  317   0 or 4  mod 8 if a iseven.

317  17 317  17 317  11 Similar, behavior is that of b2 and c2. Therefore, a2 +b2+c2 will be congruent (mod 8) to one of
2    1
317  172 28 28
the integers 0, 1, 2, 3, 4, 5, 6 and not to 7. This contradicts (12). Hence, n = 8q +7 is not
317  11 317  11 317  17 expressible as sum of three squares.
3    4
317  112 7 7
28 Theorem 9: Any integer of the form n  4m 8q  7  for integers m and q  0 is not a sum of
317  17 317  17 317  15 three squares.
4    8
317  172 4 4 Proof: For m = 0 the statement reduces to Theorem 8.
7

145 146
Suppose if possible congruence to each other (mod p). So at least one number of S1 say a2 is congruent (mod p) to
n  4m 8q  7   a 2  b2  c2 p p
(13) some number say –1 – b2 of S2 such that 0  a  and 0  b  .
for m  1 and integers a, b, c. 2 2

Therefore, a2 + b2 + c2  0 (mod 4) (14) Thus, we have a 2  1  b2  mod p   a 2  b2  1  hp

Now
a2  1 (mod 4) if a is odd for some positive integers h. Also

 0 (mod 4) if a is even 1 2 1  p2 p2 
h a  b2  1   
  1  p.
p p 4 4 
It is obvious that a, b, c all are even integers. Therefore, from (11) we have
Theorem 12: A prime p can be expressed as the sum of four squares.
2 2 2
a b c
         4 8q  7 
m 1
Proof: If p = 2 then we have 2 = 12 + 12 + 02 + 02
2 2 2
For the odd prime p let h be the smallest positive integer such that hp is the sum of four squares
Thus, we see that if 4m 8q  7  is the sum of three squares then 4m1 8q  7  is also a sum of i.e., hp = a2+b2+c2+d2. We shall show that h = 1. First we shall show that h is odd. Suppose if
three squares. Repeating the same procedure we see that 4m2 8q  7  , ,40 8q  7  is the sum possible h is even. Then a, b, c and d are all even or all odd or two are even and two are odd.
These numbers may be arranged as a  b  mod 2  and c  d  mod 2 
of three squares. But 40 8q  7  is not the sum of three squares. Thus, we have a contradiction.
1 1 1 1
Hence, n  4m 8q  7  is not expressible as the sum of three squares. These gives that  a  b  ,  a  b  ,  c  d  and  c  d  are all integers.
2 2 2 2
Theorem 10: (Euler) : If the integers m and n are each the sum of four squares then mn is also 2 2 2 2
a b a b cd  cd  h
 hp   
1
the sum of four squares. Also        is a representation of  2  p as a sum
2  2   2   2   2   
Proof: Let m  a12  b12  c12  d12 and n  a22  b22  c22  d 22 . of four squares. This is a contradiction as we have assumed that h is the smallest such integer.
Now Therefore, h is odd. For showing h = 1 we assume that h  1 then, least value of h is 3. We may
mn   a  b  c  d
2
1
2
1
2
1
2
1  a 2
2 b c d
2
2
2
2
2
2  choose integers a1, b1, c1, and d1 such that a1  a  mod h  , b1  b  mod h  , c1  c  mod h  ,
  a1a2  b1b2  c1c2  d1d 2    a1b2  a2b1  c1d 2  c2d1 
2 2
h
d1  d  mod h  and a1 , b1 , c1 , d1  .
  a1c2  a2c1  b1d 2  b2d1    a1d 2  a2d1  b1c2  b2c1  .
2 2
2
For obtaining the value of a1 we find the remainder r when a is divided by h. We put a1 = r or
This shows that mn is the sum of four squares.
h h
Theorem 11: If p is an odd prime, then there exists integers a, b and h such that a1 = r – h according as r  or r  respectively.
2 2
a 2  b2  1  hp where0  a  ( p  1) / 2,0  b  ( p  1) / 2 and0  h  p. Then, a1  b1  c1  d1  a  b  c  d  0  mod h 
2 2 2 2 2 2 2 2
 a12  b12  c12  d12  nh for some
Proof: Let non- negative integer n.
2
h
Thus, we have, 0  nh  a12  b12  c12  d12  4     h 2 .
  p  1     p  1  
2 2

S1  0,12 ,22 ,....,  2

  and S2   1, 1  1 , 1  2 , , 1  
2 2
 .
  2     2   Now, n cannot be zero otherwise, a1 = b1= c1 = d1 and consequently k | p which is not possible
because 1 < k < p.
Then the integers of S1 and S2 are all incongruent (mod p). The total numbers of integers in
Also, nh < h2  n < h. Thus, we have
S1  S2 is p+1. Therefore, there will be at least two integers among these p+1 integers which are

147 148
 h2 np   hp  nh    a 2  b2  c2  d 2  .  a12  b12  c12  d12   r 2  s 2  t 2  u 2 Waring’s problem
Waring, E in 1770 stated that every positive integer can be written as the sum four squares, nine
where
r  aa1  bb1  cc1  dd1 , s  ab1  ba1  cd1  dc1 cubes, nineteen fourth powers and so on. When we say that every number is expressible as the
t  ac1  a1c  bd1  db1 u  ad1  a1d  bc1  cb1. sum of four squares we mean that four is such a least number. It may also be more than four. For

Now, r  aa1  bb1  cc1  dd1  a  b  c  d  0  mod h  .

2 2 2 2 example, 36 = 32 +42 +52 +62 . Similarly, Waring’s assertion regarding cubes we mean that 9 is
1 1 1 1

2 2 2 2
the least number of positive integers whose sum of cubes is the given positive integer. Waring’s
 r  s  t  u r s t u
Similarly, s  t  u  0  mod h  . So, np             where , , , are assertion can be stated as follow:
h h h h h h h h
For any given positive integer k there exists a smallest integer N(k) depending only on k
all integers. Since 0 < n < h, we have a contradiction. Hence, h = 1.
such that every positive integer can be represented as the sum of N(k) kth powers. Thus, Waring
Theorem 13: (Lagrange): Any positive integer n can be expressed as a sum of four squares.
conjectured that N(2) = 4, N(3) = 9 and N(4) = 19.
Proof: If n = 1 then n = 12 +02+02+02 which is a sum of four squares.
For n > 1 we take n = p1 p2…pr as prime factorization. Since each prime can be expressed as the 13.4. Summary
sum of four squares, their product which is equal to n will also be expressed as sum of four In this chapter we studied integers which can be expressible as sum of squares of two or more
squares. integers and showed any integer of the form 4k + 1 can be expressed as sum of two squares.
Example 9: Express 459 as sum of four squares. 13.5. Keywords
Solution : We have Sum of squares, odd, even.
459 = 33  17 13.6. Exercise:
 32  3  17 1. Express each of the integers as sum of two squares:
 32 12  12  12  02   42  12  02  02  (a) 41 (b) 97 (c) 541 (d) 7250
2. Determine whether each integer can be written as sum of squares:
 32  4  1  0  02   1  4  0  0    0  0  4  0    0  0  1  0  
2 2 2
  (a) 101 (b) 315 (c) 315 (d) 454
3. Show that one more than twice the product of two consecutive integers can be written as
 32 52  32  42  12   152  92  122  32.
the sum of two square.
Example 9: Find the relation a2+b2+1 = hp for p = 19 and hence show that 319=42+42+42+32. 4. If n ≡ 3 or 6(mod 9), then show that n cannot be represented as sum of two squares.
5. A number is said to be triangular if it can be written in the form n(n + 1) / 2. If n is the
p  1 19  1
Solution: We have  9 sum of two triangular numbers, then prove that 4n + 1 is the sum of two squares.
2 2 6. Show that no positive integer n ≡ 7(mod 8) can be written as the sum of three squares.
Therefore, S1 = {02, 12, 22,…,92} and S2= { –1 – 02, –1 – 12, –1 – 22,…, –1 –92} 7. Show that no integer N of the form 4e(8n + 7) can be represented as the sum of three
Now we will find the integers of S1 which are congruent (mod 19) to the integers of S1. We have squares.
8. Express each prime as the sum of four squares:
12  –1 – 62(mod 19) 32  –1 – 32(mod 19) 82  –1 – 72(mod 19) (a) 43 (b) 89 (c) 197 (d) 349
Therefore, 62 +12 +1 = 219 , 32 +32 +1 = 119 82 +72 +1 = 6 19
13.7. Reference:
These are the required relations.
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
Since 6  19 = 82 + 72 +12 + 02 we have
2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
2 2 2 2
 8  0   8  0   7  1   7 1 
3 19           4 4 4 3
2 2 2 2

 2   2   2   2 

149 150
 UNIT – 14 The rabbit problem is as follows:
A pair of adult rabbits produces a pair of baby rabbits once each month. Each pair of
THE FIBONACCI SEQUENCE, IDENTITIES INVOLVING FIBONACCI NUMBERS baby rabbits requires one month to grow to be adults and subsequently produces one
pair of baby rabbits each month thereafter. Determine the number of pairs of adult
Structure:
and baby rabbits after some number of months. It is also assumed that rabbits are
14.0. Objective
immortal.
14.1. Introduction
This problem may be expressed mathematically in this way: The number of adult rabbit pairs in a
14.2. The Fibonacci numbers
particular month (say month n+2), Fn+2, is given by the number of adult rabbit pairs in the
14.3. Certain Identities Involving Fibonacci Numbers
previous month, An+1, plus the number of baby rabbit pairs from the previous month which grow
14.4. Summary
to be adults, bn+1;
14.5. Keywords
14.6. Exercises Fn2  Fn1  bn1 (15)
14.7. References In a given month (say month n+1), the number of pairs of baby rabbits will be equal to the
number of adult rabbit pairs in the previous month;
14.0. Objective
Another important problem that is usually discussed not only in Mathematics but also in bn1  Fn (16)
Computer Science, because of its recursive nature is “Rabbit Problem” that leads to Fibonacci Combining (1) and (2) gives the recursion relation for the number of adult rabbit pairs as
numbers. Fibonacci numbers have so much properties that a lot of literature can be found on this
Fn2  Fn1  Fn (17)
subject. In this chapter we discuss some of the important properties of Fibonacci numbers.
14.2. The Fibonacci Sequence
Growth of Rabbit
14.1. Introduction
Months Adult Pairs Young Pairs Total
The Italian mathematician Leonardo de Pisa was born in Pisa around 1175 AD. He is commonly
1 1 1 2
known as Fibonacci which is a shortened form of Filius Bonaccio (son of Bonaccio). His father,
2 2 1 3
Bonaccio, was a customs inspector in the city of Bugia on the north coast of Africa (presently 3 3 2 5
Bougie in Algeria) and as a result, Fibonacci was educated by the Mohammedans of Barbary. He 4 5 3 8
was taught the Arabic system of numbers and in the early thirteenth century returned to Italy to 5 8 5 13
publish the book Liber Abaci (Book offhe Abacus) in 1202 (Leonardo di Pisa 1857). This book 6 13 8 21
7 21 13 34
introduced the Arabic system of numbers to Europe and is responsible for Fibonacci's reputation
8 34 21 55
as the most accomplished mathematician of the middle ages. The book also posed a problem
9 55 34 89
involving the progeny of a single pair of rabbits which is the basis of the Fibonacci sequence (or 10 89 55 144
Fibonacci series). It was, however, Edouard Lucas, whose contribution to this area of
mathematics will be discussed in detail in the next chapter, who rediscovered the Fibonacci Hence the recursive relation (3) gives a sequence of numbers 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89,
sequence in the late nineteenth century, and properly attributed it to its original founder. 144, … with F1 = 1, F2 = 1 and Fn2  Fn1  Fn . This sequence is called Fibonacci sequence.
The Fibonacci sequence grows rapidly.

151 152
Theorem 1: We have Theorem 4: For m ≥ 1 and n ≥ 1, Fmn is divisible by Fm.
F5n2  10 n
for n  1. Proof: Proof is by induction on n. The result is obviously true when n = 1. Let us assume that

Proof: Proof is by induction. For n = 1, we have A7 = 13 > 10. Let us assume that the Fmn is divisible by Fm for n = 1, 2, …, k. From (4), we have Fm( k 1)  Fmk 1Fm  Fmk Fm1

inequality holds for arbitrary integer n = k, that is F5k 2  10k . Now we show that it also holds Because Fm divides Fmk by supposition, the right hand side of this expression (and hence, the left

for n = k + 1. Using the recursive formula (3) several times, we can write hand side) must be divisible by Fm. Accordingly, Fm / Fm(k+1), which was to be proved.
Lemma 1: If m = qn + r, then gcd(Fm, Fn) = gcd(Fr, Fn).
F5k 7  8F5k 2  5F5k 1
Proof: From (4), we have gcd( Fm , Fn )  gcd( Fqnr , Fn )  gcd( Fqn1Fr  Fqn Fr 1, Fn ) .
> 8F5k 2  2( F5k 1  F5k )
= 10F5k 2  10  10k  10k 1 Now from Theorem 4 and the fact that gcd(a+c, b) = gcd(a, b), whenever b / c, gives
gcd( Fqn1Fr  Fqn Fr 1, Fn )  gcd( Fqn 1Fr , Fn ).
completing the induction step and the argument.
Theorem 2: For the Fibonacci sequence, gcd(Fn+1, Fn) = 1 for every n ≥ 1. We claim that, gcd( Fqn1Fr , Fn )  1 . Suppose d  gcd( Fqn1Fr , Fn ). Then d / Fn and Fn / Fqn

Proof: Suppose gcd(Fn+1, Fn) = d. Then d / Fn+1 and d / Fn and hence d / Fn+1 – Fn i.e, d / Fn-1. implies d / Fqn and therefore d is a common divisor of the successive Fibonacci number Fqn-1 and
Now d / Fn and d / Fn-1 implies d / Fn-2. This shows d divides all Fibonacci numbers Fn-2, Fn-3, … Fqn. Because successive Fibonacci numbers are relatively prime, d = 1.
and hence d / F1. But F1 = 1. Hence d = 1. This completes the proof. We know that if gcd(a, c) = 1, then gcd(a, bc) = gcd(a, b). Hence, we have
We next prove a very important Theorem that the greatest common divisor of two gcd( Fm , Fn )  gcd( Fqn1Fr , Fn )  gcd( Fr , Fn ).
Fibonacci numbers is itself a Fibonacci number. In fact gcd(Fn, Fm) = ud where d = gcd(n, m). Let us now prove our main theorem.
Before proving this Theorem, we prove the following Theorems.
Theorem 5: The greatest common divisor of two Fibonacci numbers is again a Fibonacci
Theorem 3: We have number, that is,
Fmn  Fm1Fn  Fm Fn1 (18) gcd(Fn, Fm) = ud where d = gcd(n, m).
Proof: Assume that m ≥ n. Applying the Euclidean Algorithm to m and n, we get the following
Proof: We prove it by induction on n. When n = 1, (4) takes the form
system of equations:
Fm1  Fm1F1  Fm F2  Fm1  Fm
m  q1n  r1 0  r1  n
which is obviously true. Let us assume that the formula holds for n = 1, 2, 3, …, k and try to n  q2 r1  r2 0  r2  r1
verify it when n = k + 1. By our assumption, we have r1  q3r2  r3 0  r3  r2
Fmk  Fm1Fk  Fm Fk 1
Fm( k 1)  Fm1Fk 1  Fm Fk . rn 2  qn rn 1  rn 0  rn  rn 1
rn 1  qn 1rn  0.
Addition of these two equations gives us
Now, from above Lemma 1, we have
Fmk  Fm( k 1)  Fm1 ( Fk  Fk 1 )  Fm ( Fk 1  Fk ).
gcd( Fm , Fn )  gcd( Fr1 , Fn )  gcd( Fr1 , Fr2 )   gcd( Frn1 , Frn ).
From (3), we have
Since rn / rn-1, by Theorem 4, we have Frn | Frn 1 and hence gcd ( Frn , Frn 1 )  Frn . But rn , being the
Fm( k 1)  Fm1Fk 1  Fm Fk 2
last nonzero remainder in the Euclidean Algorithm for m and n, is equal to gcd(m, n). Hence
Which is precisely (4) with n replaced by k + 1. Hence, by induction (4) holds for all m ≥ 2 and
gcd ( Fn , Fm )  Fgcd( m,n ) . This completes the proof.
n ≥ 1.

153 154
Corollary 1: In the Fibonacci sequence, Fm / Fn if and only if m / n for n ≥ m ≥ 3. The important point is that except for the initial sign the right-hand side of this equation is the
Proof: One way we have already proved in Theorem 4. So, assume that Fm / Fn. Then same as the left-hand side, but with all the subscripts decreased by 1. By repeating the argument
gcd(Fm, Fn) = Fm. But, by Theorem 5, the value of gcd(Fm, Fn) = Fgcd(m, n). Hence, gcd(m, n) = m ( Fn21  Fn Fn2 ) can be shown to be equal to the expression (1)( Fn22  Fn1Fn3 ) , and hence
and therefore m / n.
Fn2  Fn1Fn1  (1)2 ( Fn22  Fn1Fn3 ) .
Example 1: We show that gcd(F16, F12) = gcd(987, 144). From Euclidean algorithm, we have
Continuing this process, after n – 2 such steps, we arrive at
gcd(987, 144) = 3 and gcd(16, 12) = 4. Now, F4 = 3. Hence gcd(F16, F12) = Fgcd(16, 12).
Fn2  Fn 1Fn 1  ( 1)n 2 ( F22  F3 F1 )
 ( 1)n 2 (12  2  1)  ( 1)n 1.
14.3. Certain Identities Involving Fibonacci Numbers
This completes the proof.
We move on and develop several of the basic identities involving Fibonacci numbers; these
should be useful in doing the problem at the end of the section. One of the simplest asserts that Note 1: For n = 2k, (6) becomes F22k  F2 k 1F2 k 1  1.

the sum of the first n Fibonacci numbers is equal to Fn+2 – 1. For instance, when the first eight In 1843, the French mathematician Jacques-Philippe-Marie Binet discovered a formula for
Fibonacci numbers are added together, we obtain expressing Fn in terms of the integer n; namely,
1 + 1 + 2 + 3 + 5 + 8 + 13 + 21 = 54 = 55 – 1 = F10 – 1
1  1  5   1  5  
n n

Fn      .
That this is typical of the general situation follows by adding the relations 5  2   2  
 
F1 = F3 – F2
This formula can be obtained by considering the two roots
F2 = F4 – F3
F3 = F5 – F4 1 5 1 5
 and   (21)
⋮ 2 2
Fn-1 = Fn+1 – Fn of the equation x2 – x – 1 = 0. Since they are roots of this equation, they must satisfy
Fn = Fn+2 – Fn+1  2    1 and  2    1.
On doing so, the left-hand side yields the sum of the first n Fibonacci numbers, whereas on the
Multiply first relation by τn and second by φn. Then, we obtain
right-hand side the terms cancel in pairs leaving only un+2 – u2. But u2 = 1. The consequence is
 n2   n1   n and  n2   n1   n .
that
Subtracting the second equation from the first, and dividing by τ – φ , leads to
F1  F2  F3   Fn  Fn2  1 (19)
 n 2   n 2  n 1   n 1  n   n
  (22)
Next, we prove another important identity:      
Theorem 6: We have
If we put H n  ( n2   n2 ) / (   ) , (8) can be written as
Fn2  Fn1Fn1  (1)n1. (20)
H n2  H n1  H n n  1.
Proof: We have
From (7), we have
F  Fn 1Fn 1  Fn ( Fn 1  Fn 2 )  Fn 1Fn 1
2
n
   1    5   1
 ( Fn  Fn 1 ) Fn 1  Fn Fn 2 .
Hence,
From (3), this can be written as    2 2
H1  1 H2    1.
F  Fn1Fn1  (1)( F
n
2 2
n 1  Fn Fn2 ) .    

155 156
All this shows that the sequence H1, H2, H3, … is precisely the Fibonacci sequence, which gives Because  2   2  3, this last expression becomes

 n n 1 4n 1
Fn  n 1. (23) (   4 n  2)  ( 4 n   4 n  2( ) 2 n )
  5 5
2
  2n   2n 
   F2 n
2
1 5  5 
Note 2: The number   is usually called Golden Ratio.
2
which is the required identity.
Note 3: (9) is called Binet’s formula.
Using (9), we can prove certain identities involving Fibonacci numbers. 14.4. Summary
Theorem 7: We have In this chapter we have seen that how rabbit problem leads to Fibonacci sequence and studied
Fn22  Fn2  F2n2 . some of its properties. Also we have seen that how nicely the Fibonacci numbers are connected

Proof: As we start, recall that   1 which has the immediate consequence ( )  1 for k ≥ 1, 2k
1 5
with golden ratio .
Then, 2
2 2 14.5. Keywords
  n2   n 2    n   n 
Fn22  Fn2      Fibonacci, sequence, identity, golden ratio.
       
14.6. Exercise
 2( n 2)  2   2( n 2)  2 n  2   2 n
 
(   )2 (   ) 2 1. For n = 1, 2, …, 10, show that 5Fn2  4( 1)n is a perfect square.


 2( n2)   2( n 2)   2 n   2 n 
2. Prove that if 2 | Fn , then 4 | Fn21  Fn21 . 
(   )2
3. Show that F  F  F 
1
2
2
2
3
2
 F  Fn Fn1 .
n
2

Now the expression in the numerator may be written as

4. For n ≥ 3, prove that F 2
n 1  Fn2  3Fn21  2  F12  F22  F32   Fn21  .
 2( n2)  ( )2 2n  ( )2 2n   2( n2)  ( 2   2 )( 2n2)   2n2) )
5. Evaluate gcd(F9, F12), and gcd(F15, F20).
On doing so, we get 6. Using induction on the positive integer n, establish the following formulae:
( 2   2 )( 2 n 2   2 n 2 ) a) F1  2F2  3F3   nFn  (n  1) Fn2  Fn4  2
Fn22  Fn2 
(   )2
b) F2  2F4  3F6   nF2n  nF2n1  F2n .
  2 n2   2 n2 
 (   )   7. Show that F2  F4  F6   F2n  F2 n1  1 .
   
 1.F2 n 2  F2 n 2 . 
8. Deduce F2 n1  F  F n
2 2
n 1 .
For a second illustration of the usefulness of the Binet formula, let us once again derive the 9. Use problem viii to obtain the following identities:
relation F2 n1F2 n1  1  F22n , (see Note 1). First, we calculate a) Fn21  Fn22  2F2 n1 for n ≥ 3
 
2 n 1
2 n 1
 
2 n 1 2 n 1
b) Fn22  Fn21  2( Fn2  Fn21 ) for n ≥ 2.
F2 n 1F2 n 1  1     1
 5  5  10. Prove that Fn Fn1  Fn2  Fn21  (1)n .
1 4n
 (    ( )   ( ) 2 n 1 2  5)
4n 2 n 1 2

5 14.7. Reference
1 4n
 (   4 n  ( 2   2 )  5). 1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
5
2. The Golden Ratio and Fibonacci Numbers, Richard A. Dunlap, World Scientific.

157 158
 UNIT – 15 214
6
1
(29)
35 35
FINITE CONTINUED FRACTIONS, CONVERGENTS OF A CONTINUED 4
35 3 35 1
FRACTION, SIMPLE CONTINUED FRACTIONS  8  that is  8 (30)
4 4 4 4
3
Structure: 4 1
 1 (31)
15.0. Objective 3 3

15.1. Finite continued fractions

15.2. Convergent fractions
15.3. Solution of linear Diophantine equation using continued fraction and the last expression is called a finite continued fraction.
15.4. Summary Definition 1: Let a0, a1,…, an be real numbers, all positive except possibly a0. The expression
15.5. Keywords
15.6. Exercises
15.7. References

15.0. Objective
A very important application of the Euclidean algorithm lies in the continued fractions, which
is called a finite continued fraction and is denoted by [a0; a1,…,an]. The numbers ak are called
also gives an alternative way of representing real numbers. In this chapter we shall show that
the terms or the partial quotients of the continued fraction. The reason for assuming ak > 0 for k
every rational number has finite continued fraction representation and shall see its link with the
≥ 1 in the above definition is that this guarantees that no division by zero will occur. A
solution of linear Diophantine equations.
continued fraction is said to be simple if all of the ai are integers.
15.1. Finite Continued Fractions Theorem 1: Every finite simple continued fraction is equal to a rational number, and every
Let us begin with the numbers a = 214 and b = 35. By applying the Euclidean algorithm rational number can be written as a finite simple continued fraction.
to these numbers we find Proof. The first part is trivial. For the second one, let a / b be the rational number, b > 0. Apply
214  35  6  4, (24)
the Euclidean algorithm to find the gcd of a and b:
35  4  8  3, (25)
4  3  1  1, (26) a = ba0 + r1, 0 < r1 < b,
3  1  3  0. (27) b = r1a1 + r2, 0 < r2 < r1,
We now divide both sides of Equation (1) by 35, obtaining r1 = r2a2 + r3, 0 < r3 < r2,
⋮
214 4
 6 (28) ri = ri+1ai+1 + ri+2, 0 < ri+2 < ri+1,
35 35
⋮
So we have obtained a first piece of information: the rational number 214 / 35 lies between 6 and rn−2 = rn−1an−1 + rn, 0 < rn < rn−1,
7, as 0 < 4 / 35 < 1. By writing 4 / 35 as the inverse of a number greater than 1, formula (5) rn−1 = rn an + 0.
becomes

159 160
As all the remainders are positive, so are all the quotients ai, with the possible exception of the Notice that may be obtained from by substituting for ak. Clearly, for k = n we

first one. Rewrite the equations given by the Euclidean algorithm dividing the first one by b, the get the complete original continued fraction. Every = [a0; a1, . . . , ak] is a rational number
second one by r1, the third one by r2 and so on, till the last one, to be divided by rn. So we obtain which will be denoted by pk / qk, where gcd(pk, qk) = 1.
Suppose now that we have computed the value of [a0; a1, a2,…,an] and want to compute
the value of [a0; a1, a2,…,an+1] without having to repeat the whole computation from scratch. The
following recursion formula describes how to find (n + 1)th convergent knowing nth convergent.
Theorem 2: If a0, a1, a2, . . . , an be real numbers with a1, a2, . . . positive. Let the sequences p0,
p1, p2, . . . , pn and q0, q1, q2, . . . , qn be defined recursively by

&
⋮
Then the kth convergent is given by

The left-hand sides of these equations are rational numbers, which are rewritten as the sum of an
Proof: We will prove this by Mathematical Induction. For k = 0, we have
integer and a fraction with numerator equal to 1. By successive eliminations, we get
[ ]

For k = 1
[ ]

until we obtain the expression Therefore the Theorem is valid for k = 0 and k = 1.
Now, assume that the theorem is valid for k with 2 ≤ k ≤ n. This means

[ ]

Now, consider
[ ]

[ ]
So we have represented the rational number a / b as a finite simple continued fraction.
[ ]
15.2. Convergent Fractions
Let [a0; a2, a3, . . . , an] be a finite simple continued fraction. The continued fraction obtained by [ ]
truncating this continued fraction after the k-th partial quotient is called k-th convergent and is ( )
denoted as follows: ( )
= [a0; a2, a3, . . . , ak], for each 1 ≤ k ≤ n. ( )
( )

161 162
Example 1: We have 173 / 55 = [3;6, 1, 7]. Let us compute the sequences pj and qj for j = 0, 1, To find a solution of equation ax by  1 , expand the rational number a / b as a simple continued
2, 3. We have fraction; say,
p0 = 3, q0 = 1 a
 [a0 ; a1 , a2 , an ] .
p1 = 3.6+1 = 19 q1 = 6 b
Now the last two convergents of this continued fraction are
p2 = 1.19+3 = 22 q2 = 1.6+1 = 7
pn 1 pn
p3 = 7.22+19 = 173 q3 = 7.7+6 = 55 Cn 1  and Cn  .
qn 1 qn
Since gcd(pn, qn) = 1 = gcd(a, b), it may be concluded that pn = a and qn = b.
By (i) of Theorem 3, we have pn qn1  qn pn1  (1)n1
Theorem 3: If a0, a1, a2, . . . , an be real numbers with a1, a2, . . . positive, with corresponding
convergent Then Replacing pn by a and qn by b, we have aqn1  bpn1  (1)n1

(i) ( ) ≥ Thus, with x = qn – 1 and y = –pn – 1, we have ax  by  (1)n1

(ii) ( ) ≥ If n is odd, then the equation ax  by  1 has the particular solution x = qn – 1 and y = –pn – 1;

(iii)
( )
≥ whereas if n is even, then a solution is given by x = –qn – 1 and y = pn – 1.
Example 2: Let us solve the linear Diophantine equation (–63)x + 23y = 7 where gcd(–63, 7) =
( )
(iv) ≥
63 p2 11
1. The continued fraction expansion of is [–3; 3, 1, 5]. Therefore C2   and
Proof (i): Write Then 23 q2 4
( ) ( ) p3 63
 and so p2 = –11, q2 = 4, p3 = –63 and q3 = 23. Hence (–63)4 + 23(11) = 1.
≥ , and it follows at once that ( ) q3 23
But since Hence ( ) as required. Consequently, x0 = 4 and y0 = 11 is a particular solution of (–63)x + 23y = 1. Therefore, x = 7x0
Proof (ii): Using the recursive definition of pn and qn and equality (i), we obtain = 28, y = 7y0 = 77 is a particular solution of (–63)x + 23y = 7.
( ) ( ) The general solution is given by x = 28 – 23t and y = 77 – 63t.
( ) ( ) ( ) .
Theorem 4: Let a0, a1, a2, . . . be real numbers with a1, a2, . . . positive, with corresponding
(iii) follows from (i) upon division by qn-1qn, which is nonzero for n ≥ 1.
(iv) follows from (ii) upon division by qn-2qn. convergents Then the convergents C 2i with even indices form a strictly increasing

sequence and the convergents C2j+1 with odd indices form a strictly decreasing sequence, and C2i
15.3. Solving linear Diophantine equation using continued fractions
< C2j+1, that is
Consider the equation
C0 < C2 < … < C2i < … < C2j+i < … < C3 < C1.
ax by  c (32) ( )
Proof: We have, . Hence if n ≥ 2 is even, then and if n ≥ 3
where a, b and c are integers. Let us assume gcd(a, b) = 1. Otherwise we can divide both sides
of Eq.(9) by d and we have gcd(a / d, b / d) = 1. is odd, then . Finally, by Theorem (iii), . Thus if i ≥
We know that a solution of Equation (9) can be obtained by solving the equation j, then C2j < C2i < C2i+1 and C2i < C2i+1 < C2j+1.
ax by  1 gcd(a, b) = 1 In the above example, 3 < (22 / 7) < (173 / 55) < (19 / 6) in accordance with C0 < C2 < C3 < C1.
and then multiplying both sides of this equation by c.

163 164
 UNIT – 16
Theorem 5: If qk is the denominator of the kth convergent Ck of the simple continued fraction
[a0; a1, a2,…,an], then qk – 1 ≤ qk for 1 ≤ k ≤ n, with strict inequality when k > 1.
INFINITE CONTINUED FRACTION, PERIODIC CONTINUED FRACTION
Proof: We prove the theorem by induction. Since q0 = 1 ≤ a1 = q1, the theorem is true for k = 1. AND PELL’S EQUATION
Assume that it is true for k = m where 1 ≤ m < n. Then
≥ Structure:

So that the inequality is also true for k = m+1. 16.0. Objective

15.4. Summary 16.1. Infinite continued fractions

In this chapter we have studied finite continued fractions, their nth convergents and some of its 16.2. Rational approximation to irrational numbers

properties. We showed that every rational number can be expressed as finite continued fraction 16.3. Periodic continued fractions

and vice versa. We showed how continued fraction can be used to solve diophantus equation. 16.4. Pell’s equation

15.5. Keywords 16.5. Summary

Finite continued fraction, simple continued fraction, convergents, rational. 16.6. Keywords

15.6. Exercise: 16.7. Exercises

1. Write each as a finite simple continued fraction: 16.8. References

(a) 57 / 23 (b) 89 / 55 (c) 79 / 91 (d) -43 / 17

16.0. Objective
2. Compute the convergents of each continued fraction:
We have seen that all rational numbers, can be represented as finite simple continued fractions.
(a) [1;1, 1, 1, 1, 1, 1] (b) [0;2, 7, 7, 6]
The main reason of interest of continued fractions, however, is in their application to the
(c) [3; 1, 4, 2, 7] (d) [-2; 5, 4, 7, 1]
representation of irrational numbers. In this chapter, we shall show that every irrational number
3. Represent each continued fraction as a rational number:
can be expressed as an infinite continued fraction. Also, in this chapter we shall investigate
(a) [1;2, 3, 4, 5] (b) [-3;5, 4, 3, 2]
another important equation called Pell’s equation and find complete solution to this problem.
4. Using finite continued fraction [1;1, 1, …, 1] prove that Fn2 Fn  Fn21  (1)n1 where n ≥ 1.
5. Solve each Linear Diophantine equation using continued fraction: 16.1. Infinite continued fraction
(a) 12x + 13y = 14 (b) 28x + 91y = 119 To expand an irrational number, we need infinite continued fractions; for example
6. Using the continued fraction for the given rational number r, find the continued fraction for 1 / r:
(a) 25 / 18 (b) 464 / 675 √ (√ )
√
15.7. Reference: √

1. Elementary Number Theory, David M. Burton, McGraw Hill Publication

2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
3. Encyclopedia of Mathematics and its Applications, Volume 11, Continued Fractions, √
Analytic Theory and Applications, William B. Jones and W. J. Thron, Addison-Wesley
The expression of √2 + 1 as a continued fraction uncovers a remarkable elegance and regularity,
4. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and Hugh
as opposed to its decimal representation, which does not show any regularity.
L. Montgomery, John Wiley & Sons, Inc.

165 166
Definition 1: Let ( ) be a sequence of real numbers, all positive except possibly a0. Infinite This shows that there is a positive integer between 0 and 1, which is a contradiction.
continued fraction is denoted by [a0; a1, a2, … ]. The infinite continued fraction is said to The converse of the above theorem is also true.
converge if the limit [ ] exists, and in that case the limit is also denoted Theorem 2: Every irrational number has a unique representation as an infinite continued
by [a0; a1, a2, … ]. fraction.
We know that, [a0; a1, a2,…,an] = , the above limit can be written as Proof: Let x0 be an arbitrary irrational number. Let us find the sequence of integers a0, a1, a2,
… as follows: Let
[ ] .
1
Let us now existence of the above limit. By Theorem 3, we have C 0 < C 2 < … < C 2i < … < C ak  [ xk ] and xk 1  k 0 (1)
xk  ak
2j+i < … < C 3 < C 1. Because the even-numbered convergents C2n form monotonically increasing
It is evident that xk+1 is irrational whenever xk is irrational. Since x0 is irrational all xk are
sequence and bounded above by C1, they will converge to a limit α that is greater than each C2n.
irrational by induction. Thus,
Similarly, odd numbered convergents C2n+1 are monotonically decreasing and bounded below by
C0 and hence converges to α’ that is less than each C2n+1. Let us prove α = α’. We have 0  xk  ak  xk  [ xk ]  1 (2)

( ) and hence
Consider, 1
xk 1  1 (3)
xk  ak
so that the integers ak+1=[xk+1] ≥ 1 for all k ≥ 0. Thus, we have a sequence of integers a0, a1, a2,
and hence
…, all positive except perhaps for a0.
| |
Now, (3) can be written as
Since the qi increases as i becomes large, Hence α = α’. 1
xk  ak  , k  0.
xk 1
Theorem 1: The value of any infinite continued fraction is an irrational number. Through successive substitutions, we obtain
Proof: Let us suppose that x denotes the value of the infinite continued fraction [a0; a1, a2, … ]; 1
xk  a0 
x1
that is, x is the limit of the sequence of convergents
1
 a0 
[ ] 1
a1 
Because x lies strictly between the successive convergents Cn and Cn+1 , we have x2
1
 a0 
| | | | | | 1
a1 
1
a2 
With the view to obtaining a contradiction, assume that x is a rational number, say, x = a / b, x3
where a and b > 0 are integers. Then
 [a0 ; a1 , a2 , , xn 1 ]
| | for every positive integer n. Now, we have to prove that the infinite simple continued fraction
and so, [a0, a1, a2, …] indeed converges to x0.
| | Let n be a fixed positive integer. Then,
As qi increase without bounds as i increases, we can chose n so large that b < qn+1 and hence xn 1 pn  pn 1
x0  [a0 ; a1 , a2 , , xn1 ] 
| | xn 1qn  qn 1

167 168
 pn Now, we prove that the representation of an irrational number as an infinite continued fraction is
where Cn  is the nth convergent of x0  [a0 ; a1, a2 , ] . Hence,
qn unique in the following theorem.
xn 1 pn  pn 1 pn Theorem 3: If the two infinite simple continued fractions [a0 ; a1, a2 , ] and [b0 ; b1, b2 , ]
x0  Cn  
xn 1qn  qn 1 qn
represent the same irrational number x, then ak = bk for k = 0, 1, 2, 3, …
( pn qn 1  pn 1qn )
 1
( xn 1qn  qn 1 )qn Proof: Suppose that x = [a0 ; a1, a2 , ] . Then, C0  a0 and C1  a0  we have from Theorem 4
n 1 a1
( 1)
 [by (i) of Theorem 3 of Unit 3 1
( xn 1qn  qn 1 )qn of Chapter 15, a0  x  a0  so that a0  [ x ] . Note that
a1
From (2), we have xn+1 > an+1 and therefore 1
[a0 ; a1, a2 , ]  a0 
1 1 1 [a1; a2 , a3 , ]
x0  Cn   
( xn 1qn  qn 1 )qn (an 1qn  qn 1 )qn qn 1qn Suppose that [a0 ; a1, a2 , ] = [b0 ; b1, b2 , ] then clearly, a0 = b0 = [x] and that
1 1 1
Because qk increases without bounds as k increases,  0 as n  . Hence a0   b0 
qn 1qn [a1; a2 , a3 , ] [b1; b2 , b3 , ]
so that
x0  n lim
  Cn  [a0 ; a1 , a2 , ]. [a1; a2 , a3 , ] = [b1; b2 , b3 , ]

Example 1: Consider the irrational number x0  23 . The successive irrational numbers xk Now assume that ak = bk and that [ak 1; ak 2 , ak 3 , ]  [bk 1; bk 2 , bk 3 , ] . Using the same

(and hence ak) can be computed as follows: argument, we see that ak+1 = bk+1, and
1 1
ak 1   bk 1 
x0  23  4  23  4 [  23   4 a0  4 [ak 2 ; ak 3 , ] [bk 2 ; bk 3 , ]
1 1 23  4 23  3 which implies
x1     1 a1  1 [ak 2 ; ak 3 , ]  [bk 2 ; bk 3 , ]
x0   x0  23  4 7 7
Hence by induction, we see that ak = bk for k = 0, 1, 2, …
1 7 23  3 23  3
x2     3 a2  3 Theorem 4: If x is an irrational number, then there are infinitely many rational numbers p / q
x1   x1  23  3 2 2 such that
1 2 23  3 23  4
x3     1 a3  1 p 1
x2   x2  23  3 7 7 x  (4)
q q2
1 7
x4    23  4  8  ( 23  4) a4  8 Proof: Let pk / qk be the kth convergent of the continued fraction of x. Then, by Theorem 2 of
x3   x3  23  4
Unit 4, we know that
Because x5 = x1, also x6 = x2, x7 = x3, x8 = x4; then we get x9 = x5 = x1, and so on, which means
pk 1 1
that the block of integers 1, 3, 1, 8 repeats indefinitely. We find that the continued fraction x   [ qk  qk 1
qk qk qk 1 qk2
expansion of 23 is periodic with the form Hence
pk 1
23  [4;1, 3, 1, 8, 1, 3, 1, 8, ] x  2
qk qk
 [4;1, 3, 1, 8] .
Consequently, the convergents of x, pk / qk , k = 1, 2, … are infinitely many rational numbers
which satisfy (4).

169 170
16.2. Rational approximation to irrational numbers Corollary 1: If 1 ≤ b ≤ qn, the rational number a / b satisfies
The following theorem and corollary shows that the convergents of the simple infinite p a
x n  x
qn b
continued fraction of an irrational numbers x are the best rational approximation to x.
Proof: Suppose
Theorem 5: Let pn / qn be the nth convergent of the continued fraction representing the irrational
p a
x n  x
number x. If a and b are integers, with 1 ≤ b < qn+1, then qn b
qn x  pn  bx  a then
p a
Proof: Consider the system of equations qn x  pn  qn x  n  b x   bx  a
qn b
pn  pn 1  a which is a contradiction to Theorem 5.
qn  qn 1  b Theorem 6: Let x be an arbitrary irrational number. If the rational number a / b where b ≥ 1
Then, the solutions of the above system of equations are given by and gcd(a, b) = 1, satisfies
  ( 1) (aqn 1  bpn 1 )
n 1
a 1
x 
  ( 1)n 1 (bpn  aqn ) b 2b2

Note that   0. For, if   0 , then (aqn1  bpn1 ) and, because gcd( pn1, qn1 )  1 , qn 1 | b or then a / b is one of the convergents pn / qn in the continued fraction representation of x.
Proof: Assume that a / b is not a convergent of x. Since the sequence qn is an increasing
b  qn1 , which is a contradiction to our hypothesis.
sequence, there exists a unique integer n for which qn ≤ b < qn+1. For this n, the last lemma
If   0 , then a  pn and b  qn and hence bx  a   qn x  pn  qn x  pn , which is gives the first inequality in the chain
the required result. So, assume   0. a 1
qn x  pn  bx  a  b x  
If   0, then the equation qn  b  qn1 implies that qn  0 and therefore   0. If b 2b
which may be written as
  0, then b  qn1 which implies b   qn1 and therefore  qn  b  qn1  0; this makes   0.
pn 1
Hence,  and  must have opposite signs. By Theorem 4 of Chapter 15, since x lies between x 
qn 2bqn
pn p
and n 1 , qn x  pn and qn1 x  pn1 will have opposite signs. This implies   qn x  pn  Since, a / b ≠ pn / qn, bpn – aqn is a nonzero integer, and hence 1 ≤ |bpn – aqn|.
qn qn 1
Now, consider
and   qn1 x  pn1  must have the same sign and therefore
1 bp  aqn p a p a 1 1
 n  n   n x  x  
  qn x  pn     qn1x  pn1    qn x  pn   qn1x  pn1 bqn bqn qn b qn b 2bqn 2b2
Since, qn  b ,
Now, consider
bx  a  ( qn  qn 1 ) x  ( pn  pn 1 ) 1 1 1 1 1
    .
2bqn 2b2 2b2 2b2 b2
   qn x  pn     qn 1 x  pn 1 
Therefore
  qn x  pn   qn 1 x  pn 1 1 1 1 1
    qn  b.
  qn x  pn bqn b2 qn b
 qn x  pn But this is a contradiction to the fact that qn ≤ b. This completes the proof.
which is the desired inequality.

171 172
16.3. Periodic Continued Fractions Let y  [1;3,1,8,1,3,1,8 ]  [1;3,1,8, y] . Then,
Definition 2: If an infinite continued fraction contains a block of partial denominators b1, b2, …, n -2 -1 0 1 2 3 4
bn that repeats indefinitely, the fraction is called periodic. We write a periodic fraction as an 1 3 1 8 y
a0 , a1, , am , b1, b2 , bn , b1, b2 , bn ,  pn 0 1 1 4 5 44 44y+5
More compactly as qn 1 0 1 3 4 35 35y+4
a0 , a1, , am , b1, b2 , bn 
 
44 y  5
where the over bar indicates that this block of integers repeats over and over. If b1, b2 , bn is the Hence, y   7 y2  8 y 1  0
35 y  4
smallest block of integers that constantly repeats, we say that b1, b2 , bn is the period of the 4  23 1 7 23  4 23
Since y is positive, y  , therefore, x  [4; y]  4   4  
expansion and that the length of the period is n. 7 y 4  23 4  23
Hence x  23.
For example

23  [4;1, 3, 1, 8, 1, 3, 1, 8, ] This shows that the values of the periodic simple continued fractions are the roots of quadratic

 [4;1, 3, 1, 8] equations with integer coefficients. Later we prove it in a theorem.

is periodic, whereas Definition 3: An irrational number ξ is called a quadratic irrational (or algebraic of degree two)
  [3; 7, 15, 1, 292, ] if it is the root of a quadratic polynomial with integer coefficients, that is if a 2  b  c  0 for
is not a periodic continued fraction.
suitable integer coefficients a, b, and c with a ≠ 0.
If a periodic simple continued fraction is given then the value of the continued fraction can be
Proposition 1: A real number ξ is a quadratic irrational if and only if it has the form
found easily.
  r  s d , where d is a positive integer that is not a perfect square, r and s are rational
Example 2: Let x  [3;6,1, 4,1, 4, ]  [3;6,1, 4]  [3;6, y] , where y  [1, 4]  [1; 4, y]
Then, numbers and s ≠ 0.
1 y 5y 1 Proof: Any real irrational solution of a quadratic equation ax2 + bx + c = 0 obviously has this
y  1  1 
4
1 4 y  1 4 y 1
form. Conversely, a real number of this form is irrational and satisfies the quadratic equation
y
which leads to the quadratic equation 4 y  4 y  1  0
2 (x – r)2 = s2d, which can be turned into a quadratic equation with integer coefficients upon

1 2 multiplication by squares of the denominators of r and s.

Since y > 0, and since this equation has only one positive root, y  .
2 Definition 4: Let d be a positive integer that is not a perfect square. We define Q  d  to be
From x = [3;6, y], we find that
1 25  19 2 14  2 the set of all real numbers ξ of the form   r  s d , with r and s rational. The number
x  3   .
1 86 2 4  '  r  s d is called the conjugate of ξ.
6
1 2
2 Note 1: Q  d  is a field. Hence, if ξ and η are numbers in Q  d  , then their sum ξ + η,

Example 3: Consider x  [4;1, 3, 1, 8, 1, 3, 1, 8, ]  [4;1, 3, 1, 8] difference ξ – η, product ξ η, and quotient ξ / η also belongs to Q  d  , the quotient of course
th
Using n convergents pn / qn, let us find the value of periodic continued fraction [4;1, 3, 1, 8] . provided η ≠ 0.
Note 2: Suppose ξ and η are in Q  d  , then (   )     , (   )     , ( )   

and ( /  )    / .

173 174
Proposition 2: If the number x has a periodic simple continued fraction expansion, then x is a Proof: We recall the recursive algorithm in Theorem 2 of Unit 4 for obtaining the continued
quadratic irrational. fraction expansion of x0  [a0 ; a1, a2 , ] . The terms an are given by
Proof: Being an infinite continued fraction, x is irrational. We prove x  Q  d  for a suitable 1
a0  [ x0 ], xn1  , and an1  [ xn1 ] for n  0, 1, 2,
xn  an
positive integer d that is not a perfect square.
and we have x0  [a0 ; a1, a2 , , an , xn1 ] for all n.
Let x  [a0 ; a1 , a2 , , am1 , b0 , b1 , , br 1 ] and y  [b0 , b1, , br 1 ]. Then y  [b0 ; b1 , , br 1 , y].

Let (pk, qk) be the convergents of the continued fraction [b0 ; b1, , br 1, y ]. Then un  d
Now suppose inductively that xn  , with integers un and vn that satisfy vn | (d  un2 ) .
vn
ypr 1  pr 2
y  [b0 ; b1, , br 1, y ]  , Then
yqr 1  qr 2
1 1 d  (an vn  un ) un 1  d
and solving for y we see that y satisfies a quadratic equation with integer co-efficients. Hence, y xn 1     ,
xn  an d  (an vn  un ) d  (an vn  un ) 2 vn 1
is a quadratic irrational.
vn vn
yPm1  Pm2
, am1 ] . Then, x  [a0 ; a1 , , am1 , y] 
Let (Pk, Qk) be the convergents of [a0 ; a1, a2 ,
yQm1  Qm2 
where un1  anvn  un , vn1  d  un21 / vn . 
Hence, by note above, x  Q  d  . Clearly, un+1 is an integer and un+1 ≡ –un(mod vn). Hence by the induction assumption,
d  un21  d  un2  0(mod vn ), that is vn divides d  un21 . Therefore, vn+1 is also an integer, and
The converse of Proposition 2 is also true, that is every quadratic irrational has a periodic simple
continued fraction expansion. The proof of this needs some preparatory work. vn1 | (d  un21 ) , because vnvn1  (d  un21 ). This completes the proof.

u d Example 4: Let us compute the continued fraction expansion of the number (1  5) / 3 using
Lemma 1: If x is a quadratic irrational, then x can be written in the form x  , where d is
v
u d
an integer that is not a perfect square, u and v are integer, and v | (d – u2). the above algorithm. Since 3 | (5  12 ), we first have to put the number in the form of .
v
Proof: By proposition 1, x  r  s D , where D is an integer that is not a perfect square, r and s Multiplying numerator and denominator by -3, we obtain
are rational numbers s ≠ 0. We can obviously write r = a / c and s = b / c, where a, b, and c are
integers and b > 0. Then, 3  45
x0  , that is u0  3, v0  9, and d  45.
ab D a c  b c D u d
2 2 9
x   ,
c cc v Now v0 / d  u02 , so we can start the algorithm. The result of the computations is shown in the
and the integers u = a|c|, v = c|c| and d = b c D satisfy the requirement v | (d – u2).
2 2
following table:
u  d
Theorem 7: Suppose x0  0 , where d is a positive integer that is not a perfect square, u0 n 0 1 2 3 4 5 6 7 8 9
v0
un -3 12 -1 5 5 3 6 6 3 5
and v0 are integers and v0 | (d  u02 ) . Define recursively the sequences  un 0 ,  vn 0 ,  an 0 , and
  

vn -9 11 4 5 4 9 1 9 4 5
 xn 0

as follows: an -1 1 1 2 2 1 12 1 2 2
u  d d  un21
xn  n , an   xn  and un1  an vn  un , vn 1  , for n  0.
vn vn Since (u9, v9) = (u3, v3), we conclude x9 = x3. Thus
Then un and vn are integers, vn | (d  un2 ) , and x0  [a0 ; a1, a2 , , an , xn1 ] for all n, and
1 5
 [1;1,1,2,2,1,12,1,2].
x0  [a0 ; a1, a2 , ] . 3

175 176
Lemma 2: Let x be a quadratic irrational and define xn as in Theorem 7. If the conjugate xk  0 By Lemma 4, there is an index k such that xn  0, and by Lemma 2, 1  xn  0 for all n  k.

for some index k, then 1  xk  0 for all n > k. Since xn > 1 for all n ≥ 1, we conclude that

Proof: By induction, it suffices to prove that xn  0 implies 1  xn 1  0. So assume xn  0 . 1  xn  xn 
2 d 2u
and 0  xn  xn  n
1 vn vn
Consider, xn 1  . Then, by Note 2, we have
xn  an for all n > k. Hence 0  vn  2 d and un > 0 if n > k. Moreover, using the relation
1
xn 1  (d  un21 )  vnvn1  0 , we obtain un21  d , that is un1  d for n > k. Thus, if n > k+1, then
xn  an
Since an ≥ 1, the denominator xn  an is strictly less than –1, so it follows that 1  xn 1  0 . 0  un  d and 0  vn  2 d . Hence, the ordered pairs (un, vn) can assume only a fixed

Lemma 3: Let x be a quadratic irrational, and define xn and an as in Theorem 7. If 1  xn  0 , number of possible pair values and so there are distinct integers i and j with j > i such that uj = ui
and vj = vi. This implies that xi = xj = xi+(j – i), and hence x has a periodic continued fraction.
then an  [1/ xn 1 ].
Note 1: All the continued fraction expansions of d takes the form d  [a0 ; a1 , a2 , , an ] that
Proof: We have, xn 1  1/ ( xn  an ) , and hence ( 1/ xn 1 )  an  xn . Since 0   xn  1 , it
is, the periodic part starts after one term, this initial term being [ d ] .
follows that [1/ xn 1 ]  [an  xn ]  an .
Note 2: If d is a positive integer that is not a perfect square, then the continued fraction
Lemma 4: If x is a quadratic irrational, then there exists an index k such that xk  0 .
expansion of d necessarily of the form d  [a0 ; a1 , a2 , a3 , , a3 , a2 , 2a0 ] .
Proof: Let (pk, qk) denote the kth convergent of x. Since x  [a0 ; a1 , a2 , , an1 , xn ], we have
For example, for d = 14 14  [3;1, 2,1,6] and 23  [4;1,3,1,8] ,
pn 1 xn  pn 2
x ,
qn 1 xn  qn 2 Theorem 9: Let (pn ,qn) denote the nth convergent of d , let the integers un and vn be defined
and solving for xn we obtain
qn 2 x  pn 2 qn 2  x  ( pn 2 / qn 2 )  for the number x = d as in Theorem , that is xn = (un+ d )/ vn with vn/(d –un2), and let r be the
xn    .
pn 1  qn 1 x qn 1  x  ( pn 1  qn 1 ) 
period length of the continued fraction expansion of d . Then
q  x  ( pn 2 / qn 2 ) 
By taking conjugates, we get xn   n 2  . (i) pn2  dqn2  (1)n1 vn1 for every n ≥ –1;
qn1  x  ( pn1  qn1 ) 
We now use the fact that the convergents pn / qn converges to x as n tends to infinity and that x’ (ii) vn = 1 for every n ≥ 0;
≠ x. It follows that the expression within parenthesis converges to (x’ – x) / (x’ – x), that is to 1, (iii) vn = 1 if and only if r/n.
as n tends to infinity. Consequently, the expression within parenthesis is certainly greater than 0 Proof. Write d = [a0, a1, a2, . . .] = [a0, a1, a2, . . . ,an, xn+1].
when n is big enough, that is xn has the same sign as qn2 / qn1, which is negative since qn is xn1 pn  pn1 (un1  d ) pn  vn1 pn1
(i) We have d  , which can also be written as
positive for all n ≥ 0. xn 1qn  qn 1 (un1  d )qn  vn 1qn 1
Theorem 8: A real number x has a periodic simple continued fraction expansion if and only if it un1 pn  vn1 pn1  dqn  (un1qn1  pn ) d  0.
is a quadratic irrational. Since d is irrational, it follows that
Proof: We have already proved that a periodic continued fraction is a quadratic irrational un 1 pn  vn 1 pn 1  dqn  0
[Proposition 2]. To prove the converse, let x = x0 be a quadratic irrational and write un 1qn  vn 1qn 1  pn  0
Eliminating un+1 from this system, we obtain pn2  dqn2  vn1 ( pn qn1  qn pn1 )  (1)n1 vn1 , where
un  d
xn  as in Theorem 7.
vn we used Theorem 3 of Unit 13 to get the last equality.

177 178
(ii) The convergents pn/qn are > d if n is odd and < d if n is even. Therefore, pn2  dqn2 has the If (x1, y1) and (x2, y2) are two positive solutions of x2 – dy2 = N, then
x12  x22  d ( y12  y22 ), and hence x1 < x2 if and only if y1 < y2. Thus, if we order the positive
same sign as (–1)n-1 , so it follows from (i) that vn 1 is positive for every n ≥ –1.
solutions according to increasing x-value or according to increasing y-value we will get the same
(iii) Since x = d has period length r, xkr 1  x1 for all positive integers k. It follows that
result.
1 1
xkr  akr    x0  a0  a0  d , If there is a positive solution in integers of Pell’s equation, then there is obviously a
xkr 1 x1
positive solution (x1, y1) with a least positive x-value. This solution has also the least y-value
That is xkr  akr  a0  d . Hence, vkr= 1 (and ukr= akr – a0).
among all positive solutions. Since it plays a special role we introduce the following definition.
Conversely, assume vn = 1; then xn = un + d , so an = [xn] = un+ [ d ] = un + a0
Definition 5: Suppose Pell’s equation x2 – dy2 = N has positive integral solutions. The
And xn - an = d - a0 = x0 – a0, that is xn1  1/ ( xn  an )  1/ ( x0  a0 )  x1. It follows from this
fundamental solution, or least positive solution, is the positive solution (x1, y1) such that x1 < u
that n is a multiple of the period length r.
and y1 < v for every other positive solution (u, v).
Proposition 3: Let d  [a0 ; a1, a2 , , ar 1,2a0 ]. Then an a0 for 1 n r – 1.
The following theorem gives a connection between Pell’s equation and continued fractions.

Proof: With x  x0  d , let xn  (un  d ) / vn be as in Theorem 7 and suppose 1 ≤ n ≤ r – 1. Theorem 10: Let d be a positive integer that is not a perfect square, and suppose | N | < d.
2 2
Then vn ≥ 2 by the above Theorem, and using Lemma 2 we conclude that xn  (un  d ) / vn  0 , If (u, v) is a positive solution in integers of x – dy = N, then there is a convergent (pn, qn) of the

simple continued fraction expansion of d . such that u /v = pn /qn.

because x0   d  0 . It follows that un  d  0, that is un  d and hence
Remark. The numbers u and v need not be relatively prime, but if c is their greatest common
xn  2 d / vn  d . Finally, an  [ xn ]  [ d ]  a0 .
divisor, then obviously c2 / N. Hence, if N is square-free, and in particular if N = ±1, then u and v
are necessarily relatively prime. That means that there is an index n such that u = pn and v = qn.
16.4. Pell’s Equation
Proof: We will consider a more general situation. Let d and N be any positive real numbers, not
The equation x2 – dy2 = N, with given nonzero integers d and N, is called Pell’s equation. If d is
negative, Pell’s equation can have only a finite number of solutions in integers, since x2 ≤ N and necessarily integers, such that d . is irrational and N < d . , and assume that u and v are positive
2
y ≤ –N /d. integers, such that d . is irrational and N < d . , and assume that u and v are positive integers
2
If d = a is a perfect square, then we have (x + ay) (x – ay) = N, and again there is only a 2 2
satisfying u – dv = N.
finite number of integral solutions to Pell’s equation, since there is only a finite number of ways Since
to factor N. u  u  u  dv
2 2
N
  d  d  2
We will therefore suppose that d is a positive integer that is not a perfect square. We will v v  v2 v
show that in that case there is either no solution at all or infinitely many solutions in integers. and the second factor of the left hand side is positive, we first conclude that (u / v)  d  0, and
When N = ±1, we will give a complete description of the set of solutions. consequently (u / v)  d  2 d . Hence
2 2
If (u, v) is an integral solution of Pell’s equation x – dy = N, then (±u, ±v) is also a u  N d 1
0    d  2  2  2.
v  v ( u / v  d ) 2v d v
solution for every combination of the signs. Thus, in order to find all integral solutions it suffices
By Theorem 6, u / v is a convergent of d .
to find all positive solutions, that is all solutions (u, v) with u > 0 and v > 0. If N is a perfect
Let now d and N be as in the statement of the Theorem 10. The case N > 0 is a special
square, there will of course be two additional trivial solutions (  N ,0), and if –N /d happens to case of what we have just proved.
be an integer that is a perfect square, (0,   N / d ) are two trivial solutions of Pell’s equation.

179 180
If N < 0, we rewrite the equation y 2  (1/ d ) x 2  ( N / d ). Since 0   N / d  d / d  1 / d , If r is even, then (–1)kr = 1 for all k, and hence (pkr-1, qkr-1) is a solution of x 2  dy 2  1 has no

we can apply the general case above, and we conclude that v / u is a convergent of 1 / d . positive solution, and of course no solution at all in integers. This proves part (i). If the period
length r is odd, then (–1)kr = 1 for k even, and = –1 for k odd, and this proves part (ii).
Suppose d has the continued fraction [a0, a1, a2, . . .]. Then 1/ d  [0, d ]
Example 5: We shall use Theorem 11 to find the fundamental solution of the equation
 [0, a0 , a1, a2 , ] . Hence, there is an n such that
x  19 y  1
2 2

u 1
 [0, a0 , a1, a2 , ]  The continued fraction expansion of 19  [4,2,1,3,1,2,8] . Since the period length is 6, the
v [a0 , a1, a2 , ] ,
fundamental solution is (x, y) = (p5, q5). The convergents are computed in the following table:
That is u / v  1/ [a0 , a1, a2 , ] is a convergent of d
n -2 -1 0 1 2 3 4 5
We now give a complete description if the solution set of Pell’s equation in the case N = ±1.
an 4 2 1 3 1 2
Theorem 11: Suppose d is a positive integer that is not a perfect square, let r be the period pn 0 1 4 9 13 48 61 170
length of the simple continued fraction expansion of d , and let  pn , qn n 0 be the corresponding
 qn 1 0 1 2 3 11 14 39

sequence of convergents.
Thus, the fundamental solution is (x, y) = (170, 39).
(i) Suppose r is even. Then
Theorem 11 gives a method for computing the successive solution of Pell’s equation but
a. x2 – dy2 = –1 has no solutions in integers;
it is tedious to compute convergents (pn, qn). Having found the fundamental solution, we can
b. all positive integral solutions of x2 – dy2 = 1 are given by x = pkr-1, y = qkr-1 for k =
find the remaining positive solutions by a simpler method, which will be described in Theorem
1, 2, 3, … , with x = pr-1 and y = qr-1 as the fundamental solution.
12 below.
(ii) Suppose r is even. Then
Lemma 5: Let (x1, y1) be an arbitrary integral solution of x 2  dy 2  M and (x2, y2) an arbitrary
a. all positive integral solutions of x2 – dy2 = –1 are given by x = pkr-1, y = qkr-1 for k
= 1, 3, 5, … , with x = pr-1 and y = qr-1 as the fundamental solution. integral solution of x 2  dy 2  N , and define the integers u and v by

b. all positive integral solutions of x2 – dy2 = 1 are given by x = pkr-1, y = qkr-1 for k = ( x1  y1 d )( x2  y2 d )  (u  v d ),
2, 4, 6, … , with x = p2r-1 and y = q2r-1 as the fundamental solution.
that is u  ( x1x2  y1 y2d ), v  ( x1 y2  x2 y1 ). Then (u, v) is a solution of x 2  dy 2  MN . If (x1,
2 2
Proof: By Theorem 10, the positive integral solutions of x – dy = ±1 are to be found among
y1) and (x2, y2) are positive solutions, then (u, v) is also positive.
the convergents (pn, qn). Furthermore, a0  [ d ]  1, so the sequence ( pn )n 0 is strictly
Proof: By taking conjugates we have ( x1  y1 d )( x2  y2 d )  (u  v d ), and hence
 pn , qn n0 will be the

increasing. Therefore, the first solution that appears in the sequence
u 2  dv 2  (u  v d )(u  v d )
fundamental solution.  ( x1  y1 d )( x2  y2 d )( x1  y1 d )( x2  y2 d )
According to Theorem 9, pn2  dqn2  (1)n1 vn1 , where vn ≥ 1 for all n and vn = 1 if and  ( x12  dy12 )( x22  dy22 )  MN .

only if r / n. Thus, pn2  dqn2  2 except when n = kr – 1 for some nonnegative integer k, in The solution (u, v) will obviously be positive if the original ones are positive.

which case Theorem 12: Let (x1, y1) be the fundamental solution of x 2  dy 2  1. Then all positive integral

pn2  dqn2  (1)kr . solutions are given by (xn, yn), n ≥ 1, where the integers xn and yn are recursively defined by
xn1  ( x1xn  y1 ynd ), yn1  ( x1 yn  y1xn ).

181 182
Proof: Clearly xn1  yn1 d  ( x1  y1 d )( xn  yn d )  ( x1  y1 d )n1. Hence by Lemma 5 Theorem 13: Suppose that x2 – dy2 = –1 has an integral solution, and let (x1, y1) denote the
fundamental solution. For n ≥ 1, define positive integers xn and yn recursively as in Theorem i,e.
with M = N = 1, if (xn, yn) is a positive solution of Pell’s equation x 2  dy 2  1 , then (xn+1, yn+1)
(xn + yn d ) = (x1 +y1 d )n. Then all positive integral solutions of x2 – dy2 = –1 are given by (xn,
will also be a positive solution. It therefore follows by induction, the (xn, yn) is a solution for all
yn) with n odd, and all positive integral solutions of x2 – dy2 = 1 are given by (xn, yn) with n even.
n.
In particular, (x2, y2) is the fundamental solution of x2 – dy2 = 1.
It remains to show that every positive integral solution is obtained in this way. Suppose
there is a positive solution (u, v) that is not of the form (xn, yn). Since xn forms an increasing 16.5. Summary
sequence, there must be some integer m such that xm u < xm+1. It follows that ym v < ym+1, In this chapter we studied infinite continued fractions and showed that every irrational number
because we get the same result if positive solutions are ordered according to their x value or y can be expressed as an infinite continued fraction and vice versa. We also showed how infinite
value. We cannot have equality, because u = xm would imply v = ym. Now (xm, –ym) is of course continued fractions can be used to completely determine the solutions of Pell’s equation.

also a (non-positive) solution of x 2  dy 2  1 , so by Lemma 5 we will obtain another solution (s, 16.6. Keywords
t) by defining Infinite continued fraction, periodic continued fraction, rational and irrational numbers,
(u  v d ) approximation, recursion formula.
s  t d  (u  v d )( xm  ym d )  .
( xm  ym d )
16.7. Exercise:
Since ( xm  ym d )  (u  v d )  ( xm1  ym1 d ), we have 1. Write down each irrational number as an infinite simple continued fraction:
( x  ym1 d ) (a) 5 (b) 7 (c) 15 (d) e
1  s  t d  m1  ( x1  y1 d ).
( xm  ym d ) 2. Using the continued fraction of π = [3; 7, 15, 1, 292, …] compute the value of π correct to
But s  t d  1/ ( s  t d ) and hence 0  s  t d  1. It now follows that eight decimal places.
3. Using the continued fraction of e = [2; 1, 2, 1, 1, 4, 1, 1, 6, 1, 1, 8, …] compute the value
s  12 ( s  t d )  12 ( s  t d )  12  0  0 of e correct to six decimal places.
t d  12 ( s  t d )  12 ( s  t d )  12  12  0, F
4. Prove that lim n 1   , the golden ratio.
n  F
So (s, t) is a positive solution. Therefore, s > x1 and t > y1, but this contradicts s  t d  n

5. Find all positive solutions of the following equations for which y < 250:
x1  y1 d . This, contradiction shows that every integral solution (u, v) must be of the form (xn, (a) x2 – 2y2 = 1 (b) x2 – 3y2 = 1 (c) x2 – 5y2 = 1.
yn). 6. Show that there are an infinitude of even integers n with the property that both n + 1 and
(n / 2) + 1 are perfect squares.
Example 2: In Example 1, we showed that the fundamental solution of x2 – 19y2 = 1
7. Find two positive solutions of each of the following equations:
is (x1, y1) = (170, 39). Using the recursion formulas (a) x2 – 23y2 = 1 (b) x2 – 26y2 = 1 (c) x2 – 33y2 = 1.
xn+1 = x1xn + 19y1yn, yn+1 = x1yn + y1xn,
16.8. References
we can compute the next positive solutions. They are
1. Elementary Number Theory, David M. Burton, McGraw Hill Publication
(x2, y2) = (57 799, 13 260)
2. An Introduction to the Theory of Numbers, G. H. Hardy and E. M. Wright, Oxford
(x3, y3) = (19 651 490, 4 508 361)
3. Encyclopedia of Mathematics and its Applications, Volume 11, Continued Fractions,
(x4, y4) = (6 681 448 801, 1 532 829 480)
Analytic Theory and Applications, William B. Jones and W. J. Thron, Addison-Wesley
Just as in the case of x2 – dy2 = 1, further solutions of the equation x2 – dy2 = –1 can be found its
4. An Introduction to the Theory of Numbers, Ivan Niven, Herbert S. Zuckerman and Hugh
fundamental solution. We leave the proof of the following result to the reader.
L. Montgomery, John Wiley & Sons, Inc.

183 184