Chapter Two Number Theory - Homepage | Fredonia.edu Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the

Chapter Two

Number Theory

2.1 INTRODUCTION

Number theory is that area of mathematics dealing with the properties of the integers under theordinary operations of addition, subtraction, multiplication and division. It is one of the oldest and,without dispute, one of the most beautiful branches of mathematics. Its problems and theoremshave been studied by mathematicians, both amateur and professional, for well over 2000 years.

In a large measure, the subject is characterized by the simplicity with which difficult problemscan be stated and the ease with which they can be understood and appreciated by persons withoutmuch mathematical background. Thus it should come as no surprise that such problems haveattracted the attention of professional mathematicians and amateurs alike.

Many of the most basic and interesting problems in number theory involve prime numbers. Hereis an example of one such problem: We prove in Section 2.4 that there are infinitely many primenumbers; but

Are there infinitely many primes of the form n2 + 1, where n ∈ Z+?

For instance, the primes 2, 5, and 17 are of this form, since 2 = 12 + 1, 5 = 22 + 1, and 17 = 42 + 1.This question is certainly easy to understand and yet, to this day, no one has determined the answerto it.

Another famous problem, one with an intriguing history, is due to the famous French mathe-matician Pierre de Fermat (1601-1665). To begin our discussion of it, recall from plane geometrythe Pythagorean theorem, which says that the side lengths a, b, and c of a right triangle (where c isthe length of the hypotenuse) satisfy the relation

c2 = a2 + b2

Triples (a, b, c) of positive integers that satisfy this relation and are called Pythagorean triples; thesmallest and most well-known is (3, 4, 5). Are there infinitely many Pythagorean triples? Well, ofcourse! Once we have one triple (a, b, c) we can get infinitely many others just by taking multiplesof it; that is, look at (na, nb, nc) where n is any positive integer. Starting with the triple (3, 4, 5),for instance, we obtain (6, 8, 10), (9, 12, 15), and so on. But multiples of a given triple are not veryinteresting. So let’s call a Pythagorean triple primitive provided it is not simply a multiple of somesmaller triple. We then get a revised, and more interesting, question: Are there infinitely manyprimitive Pythagorean triples? It turns out that the answer is yes. In fact, Pythagoras himself iscredited with the following result.

84 Chapter 2 Number Theory

Theorem 2.1 (Pythagoras): If n is an odd integer, n ≥ 3, then

(n,n2 − 1

2,n2 + 1

2)

is a primitive Pythagorean triple.�

Note that Pythagoras’ formula yields the following triples:

(3, 4, 5), (5, 12, 13), (7, 24, 25), (9, 40, 41), (11, 60, 61), (13, 84, 85), . . .

However, it does not give us all the primitive triples, for example, (8, 15, 17) does not fit Pythagoras’formula. For more on the problem of finding primitive Pythagorean triples, see Chapter Problems19 and 20.

Are you starting to think like a mathematician yet? Seeing that the equation z2 = x2 + y2

has infinitely many solutions in the positive integers, it may seem natural to wonder about similarequations of higher degree. What about the equation z3 = x3 + y3? Does this equation have anysolutions in the positive integers? That is, are there any triples (a, b, c) of positive integers suchthat c3 = a3 + b3?

In general, let d be a positive integer, and consider the equation

zd = xd + yd ♥

For d > 2, are there any solutions to equation ♥ in the positive integers? Fermat couldn’t find any;in fact, he claimed, in 1637, to have proved the following assertion.

Fermat’s Conjecture: For d > 2, no solutions to equation ♥ exist in the positive integers.

�

Now here’s where the story gets interesting. Fermat had the practice of making notes in hiscopy of the works of the Greek mathematician Diophantus (circa A.D. 300). He would quite oftenwrite down, without proof, a result he had discovered. The preceding conjecture is one of thesediscoveries. In fact, it is the only one that mathematicians had, until very recently, been unableto prove. Tantalizing us even further, Fermat himself wrote, “For this I have discovered a trulywonderful proof, but the margin is too small to contain it.” Because of this claim the conjecturehas been called Fermat’s last theorem, or FLT for short.

Many famous mathematicians worked on the Fermat conjecture. Euler, for example, provedthe conjecture for the case d = 3. Fermat himself proved it for d = 4 and, in 1825, Legendreand Dirichlet independently proved it for d = 5. More recently, in 1983, Gerd Faltings proved aconjecture of Mordell which implies that, for each d > 2, there are only finitely many (possiblynone!) solutions to equation ♥ in the positive integers. But, though many tried, no one was ableto prove Fermat’s conjecture — until recently, that is. As is often the case in mathematics, failedattempts to prove the general Fermat conjecture were far from fruitless; they gave rise to a wealthof important mathematics, including a good portion of abstract algebra.

Let us now fast-forward to the summer of 1993. A 40-year-old mathematics professor at Prince-ton University, Andrew Wiles, had just spent the last seven years working alone and in secrecy onthe world’s most famous unsolved math problem. Finally, a shout of “Eureka!” In fact, Wileshad managed to prove (he thought) an important special case of a very general conjecture known as

2.1 Introduction 85

the Shimura-Taniyama conjecture, and from this result Fermat’s last theorem follows as a corollary.Wiles decided to unveil his results by giving a series of three lectures in June at a number theoryconference at Cambridge University in England. Maintaining suspense to the very end, Wiles gavehis lecture series the very general title of “Modular Forms, Elliptic Curves, and Galois Represen-tations.” By the third lecture, many in the audience had guessed what Wiles was up to. Whenhe wrote his main theorem on the blackboard, there was an audible gasp in the room, and whenhe then wrote that Fermat’s last theorem followed as a corollary, the audience of mathematicians(usually a fairly staid bunch) broke into applause!

E-mail messages flashed the news across the world that Wiles had proven FLT. The news evenmade front page headlines in many newspapers, including the New York Times. But wait, a fewskeptics cautioned, shouldn’t the celebration be put on hold until the details of the proof havebeen checked? Haven’t other people claimed to have proven FLT, only to have errors found intheir proofs upon closer examination? Indeed, FLT is generally considered to hold the record forincorrect proofs; in fact, several purported proofs were at first judged to be correct and were actuallypublished in mathematics journals.

But following the Cambridge conference, even though no one had as yet read the 200 or so hand-written pages of Wiles’ manuscript, most of the experts believed that Wiles had indeed proven FLT— this based on Wiles’ excellent reputation, the outline of the proof he had given in his series oflectures, and the fact that his approach just seemed “right” to experts in the field.

Ever cautious, Wiles initially refused to circulate his manuscript broadly, preferring instead tohave a small number of close associates check it. He knew it was inevitable that a number ofminor errors would be uncovered — errors that, hopefully, could be fixed easily. Unfortunately, oneseemingly small gap turned out to be rather large. In December of 1993, Wiles sent out an e-mailmessage acknowledging that a gap had been found, but expressing the hope that it could be bridgedusing the ideas explained in his Cambridge lectures.

Fortunately, the story has a happy ending. With the help of a colleague, Richard Taylor, Wileswas able to fix his proof of FLT — as Faltings puts it, Taylor and Wiles did not bridge the gap,but rather circumvented it. A set of two manuscripts, a long one by Wiles alone, and anothershorter, joint paper by Taylor and Wiles, were released in late October, 1994. Having been checkedalready by several leading experts in the field, they were accepted for publication, and the articlesappeared in 1995 in the Annals of Mathematics [A. Wiles, Modular elliptic curves and Fermat’s LastTheorem, Ann. Math. 141 (1995), 443–551; R.L. Taylor and A. Wiles, Ring theoretic propertiesof certain Hecke algebras, Ann. Math. 141 (1995), 553–572]. Thus, for the record, let us formallystate Fermat’s last theorem.

Fermat’s Last Theorem (A. Wiles and R.L. Taylor, 1995): For any positive integer d > 2, the

equationzd = xd + yd

has no solution (x, y, z) such that each of x, y, and z is a positive integer.�

The primary aim of this chapter is to provide some basic information from elementary numbertheory. This includes a treatment of several number-theoretic algorithms. In addition, we provideadditional practice with mathematical induction, which provides an important technique for provingstatements about the positive integers. Many of the ideas and results presented in this chapter areused in succeeding chapters of this book, and will be encountered again by the student takingsubsequent course work in the mathematical sciences.


One of the most basic principles used in mathematics, especially in number theory, is the principleof well-ordering (PWO). This was introduced in Chapter 1, and we restate it now.

Principle of Well-ordering: Every nonempty subset of Z+ has a smallest element.�

It is not possible to prove the principle of well-ordering using the familiar properties satisfiedby the integers under addition and multiplication. However, a little thought should convince youof its self-evident nature. Hence, the principle of well-ordering is adopted as an axiom, or basicassumption.

To get a better grasp of the principle of well-ordering (or, well-ordering principle), let’s find thesmallest element of several nonempty subsets of Z+.

Example 2.1: Find the smallest element of each of these nonempty subsets of Z+.

(a) S1 = {n ∈ Z+ | n is prime}(b) S2 = {n ∈ Z+ | n is a multiple of 7}(c) S3 = {n ∈ Z+ | n = 110− 17m for some m ∈ Z}(d) S4 = {n ∈ Z+ | n = 12s + 18t for some s, t ∈ Z}

Solution:

(a) The set S1 is the set of primes, and the smallest prime is 2.(b) The set S2 is the set of positive multiples of 7, and the smallest positive multiple of 7 is 7.(c) Here we must find the smallest positive integer n of the form 110 − 17m, where m is an

integer. The number 110 = 110 − 17(0) is of this form and, as m increases, n decreases. In fact,as m takes on the values 0, 1, 2, 3, . . ., the values of n form the sequence

110, 93, 76, 59, . . . , 8,−9, . . .

Hence, the smallest element of S3 is 8. The number 8 just happens to be the remainder when 110is divided by 17. This is more than just a coincidence, as is shown in the next section where thedivision algorithm is discussed.

(d) In this part we are looking for the smallest positive number n of the form 12s+ 18t, where sand t are integers. Note that 12s + 18t = 6(2s + 3t); thus, any element of S4 must be a multiple of6. Moreover, 6 = 12(−1) + 18(1), so that 6 ∈ S4. This shows that 6 is the smallest element of S4.The number 6 happens to be the greatest common divisor of 12 and 18, an idea that is explored inSection 2.3.

�

We often make use of the following slight extension of the principle of well-ordering.

2.1 Introduction 87

Theorem 2.2: Any nonempty subset of the set {0, 1, 2, 3, . . .} of nonnegative integers has asmallest element.

Proof: Let S be an arbitrary nonempty subset of the set of nonnegative integers. We considertwo cases, depending on whether or not 0 ∈ S. In the first case, if 0 ∈ S, then clearly 0 is thesmallest element of S (because 0 is the smallest nonnegative integer). In the second case, if 0 /∈ S,then S is a nonempty subset of Z+. In this case the principle of well-ordering implies that S has asmallest element. In either case, then, S has a smallest element, and this completes the proof.

�

Exercise Set 2.1

1. Plato is credited with the following result: If n is a positive integer, n ≥ 3, then

(2n, n2 − 1, n2 + 1)

is a Pythagorean triple.

(a) Verify this result.(b) Find the Pythagorean triples given by Plato’s formula for n ∈ {3, 4, 5, . . . , 12}. Which of

them are primitive?(c) Give a necessary and sufficient condition (on n) for Plato’s formula to yield a primitive

Pythagorean triple.(d) In what sense do the formulas of Plato and Pythagoras (Theorem 2.1) complement each

other?

2. Using Fermat’s last theorem, show that the equation

z3 = 8x3 + 27y3

has no solution (x, y, z) in the positive integers.

3. Prove Theorem 2.1.

4. In general, a subset T of R is said to be well-ordered provided every nonempty subset of T hasa smallest element. Determine whether these subsets of R are well-ordered.

(a) ∅ (b) {−9,−6,−3, 0, 1, 2, 3}(c) {0} ∪ Q+ (d) 2Z

(e) {−9,−8,−7,−6, . . .}

5. Find the smallest element of each subset of Z+.

(a) A = {n ∈ Z+ | n = m2 − 10m + 28 for some integer m}(b) B = {n ∈ Z+ | n = 5q + 2 for some integer q}(c) C = {n ∈ Z+ | n = −150 − 19m for some integer m}(d) D = {n ∈ Z+ | n = 5s + 8t for some integers s and t}

6. Let T , T1, and T2 denote arbitrary subsets of R. Referring to the definition given in Exercise4, prove each of the following:


(a) If T is a finite subset of R, then T is well-ordered.(b) If T is well-ordered, then c + T is well-ordered for any real number c.(c) If T is well-ordered, then cT is well-ordered for any nonnegative real number c.(d) If T is a subset of Z and T itself has a smallest element, then T is well-ordered.(e) If T1 ⊆ T2 and T2 is well-ordered, then T1 is well-ordered.

7. Verify that (20, 21, 29) is a primitive Pythagorean triple that results neither from the formula ofPythagoras nor from the formula of Plato. (Is it the smallest Pythagorean triple that is missed byboth of these formulas? See Chapter Problem 20.)

2.2 DIVISION ALGORITHM

One of the fundamental concepts included in any introduction to number theory is that offactoring integers. In particular, given an integer n > 1, we are interested in expressing n as aproduct of primes. For example, if n = 132, then n = 2 · 2 · 3 · 11. Is it always possible to do this?Can it, for some n, be done in more than one way?

Before these questions can be answered, it is necessary to define and work with certain funda-mental terms, like factor and prime.

Definition 2.1: Let a and b be integers, with a 6= 0. We say that a divides b, denoted a | b,provided there is an integer q such that b = aq. In this case we also say that a is a factor (ordivisor ) of b and we call b a multiple of a.

�

Example 2.2:

(a) 2 | 6, since 2 · 3 = 6.(b) −3 | 27, since (−3)(−9) = 27.(c) 12 | (−72), since 12(−6) = −72.(d) 4 does not divide 7, since there is no integer q such that 4q = 7.(e) −8 does not divide 28, since there is no q ∈ Z such that (−8)q = 28.(f) For which integers m is it true that 0 is a multiple of m? In order for m | 0 to hold, there

must exist an integer q such that mq = 0. Note that q = 0 works, since m · 0 = 0. Thus, 0 is amultiple of m for every integer m. Now, if m is not zero and m is a factor of the integer n, thenn/m is also a factor of n; in fact,

n

m· m = n

However, this won’t work if m = 0. For this and other technical reasons, we do not allow 0 to be afactor.

�

Note that, for any integer b > 1, both of the numbers 1 and b are positive factors of b. For somepositive integers b these are the only positive factors of b.

2.2 Division Algorithm 89

Definition 2.2: An integer p > 1 is called a prime number (or, simply, a prime) provided theonly positive factors of p are 1 and p. An integer n > 1 that is not prime is called a composite

number (or, simply, a composite).�

Suppose that the integer n is composite. Then n > 1 and n is not prime. This means that n hasa factor d such that 1 < d < n. Thus it follows that n = dq, where q is an integer and 1 < q < n.In general, we refer to factors such as d and q as proper factors (or proper divisors) of n, andwe call 1 and n the trivial factors (or trivial divisors) of n.

Example 2.3: The numbers 2 and 3 are prime, 4 = 2 · 2 is composite, 5 is prime, 6 = 2 · 3 is

composite, 7 is prime, 8 = 2 · 4 is composite, and 9 = 3 · 3 is composite. The primes less than 100are:

2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97

Primes are discussed further in Section 2.4.�

Example 2.4: Find the factors of 126.

Solution: Note that126 = 2 · 63 = 3 · 42 = 6 · 21 = 7 · 18 = 9 · 14

so the set of positive factors of 126 is

S = {1, 2, 3, 6, 7, 9, 14, 18, 21, 42, 63, 126}

Moreover, for any integers a and b (a 6= 0), if a is a factor of b then −a is also a factor of b. Itfollows that the set of negative factors of 126 is

−1S = {−1,−2,−3,−6,−7,−9,−14,−18,−21,−42,−63,−126}

�

A number of basic properties of the relation divides are used in this and subsequent chapters.The next theorem lists several of these properties.

Theorem 2.3: The following implications hold for any integers a, b, and c, with a 6= 0:

1. If a | b, then a | (bx) for any integer x.2. If a | b and b | c, then a | c. (Here, b 6= 0.)3. If a | b and a | c, then a | (bx + cy) for any integers x and y.4. If a | b and b | a, then a = b or a = −b. (Here, b 6= 0.)5. If a | b and b is nonzero, then |a| ≤ |b|.

Proof: We give direct proofs of parts 2 and 4 and leave the remaining parts to Exercise 2; theproofs of parts 2 and 4 provide a good illustration of how the remaining parts are proved.


For part 2, assume a | b and b | c. Then there exist integers q1 and q2 such that b = aq1 andc = bq2. It follows (using substitution for b) that

c = bq2 = (aq1)q2 = a(q1q2)

Thus, there exists an integer q, namely q = q1q2, such that c = aq. Therefore, a | c.For part 4, assume a | b and b | a. Then there exist integers q1 and q2 such that b = aq1 and

a = bq2. Hence, we have thata = bq2 = (aq1)q2 = a(q1q2)

Since a 6= 0, it follows that 1 = q1q2 and, since q1 and q2 are integers, we have that either q1 = q2 = 1or q1 = q2 = −1. Hence, a = ±b.

�

Let us emphasize again the meaning of the statement “a is a factor of b.” This means thatthere is some integer q such that b = aq. You probably remember learning about “long division”in elementary school. In this process, one integer b, called the “dividend,” is divided by anotherinteger a, called the “divisor,” to obtain a “quotient” q and a “remainder” r. For example, whenb = 23 is long-divided by a = 7, we obtain a quotient of 3 and a remainder of 2. One then checksthis by noting that 23 = 7(3) + 2. However, note that 23 can be expressed in the form 7q + rin other ways; for example, 23 = 7(4) + (−5) = 7(2) + 9. Is it wrong to say that the quotientis 4 and the remainder is −5, or that the quotient is 2 and the remainder is 9? Well, yes it is,because, in long-dividing 23 by 7, one is taught to determine the largest quotient q for which theremainder r is nonnegative. This implies that the remainder must be less than the divisor. Infact, it should be remarked that, among all integer expressions of the form 23− 7q, one chooses thesmallest nonnegative one for the remainder.

In general, given integers a and b with a > 0, there exist unique integers q and r such thatb = aq + r, where 0 ≤ r < a. Analogous to what is stated above regarding 23 and 7, the remainderr will turn out to be the smallest nonnegative value of the expression b − aq, where q ∈ Z. Thisproperty is known as the “division algorithm,” and in this context the integers a, b, q, and r arecalled the divisor , dividend , quotient , and remainder , respectively.

Theorem 2.4 (Division Algorithm): Given integers a and b with a > 0, there exist integers q

and r such that b = aq + r and 0 ≤ r < a. Moreover, q and r are uniquely determined by a and b.

Proof: Let integers a and b be given with a > 0. We first show that there exist integers q and rsuch that b = aq + r and 0 ≤ r < a. In order to do this, we apply the extended version of theprinciple of well-ordering (Theorem 2.2) to the set

S = {b − ax | x ∈ Z and b − ax ≥ 0}

So S is a set of nonnegative integers. In order to apply Theorem 2.2, we must show that S isnonempty. If b ≥ 0, then b ∈ S, since, letting x = 0, we obtain b = b− a(0). Suppose, on the otherhand, that b < 0. Then b− ab ∈ S, since letting x = b yields b− ab = b(1− a) ≥ 0. Thus, in eithercase, S is nonempty. Therefore, by Theorem 2.2, S has a smallest element; call it r. Since r ∈ S,there is somex ∈ Z, say x = q, such that r = b − aq. Thus, b = aq + r and, since r ∈ S, we havethat r ≥ 0.


It remains to show that r < a. To do this, we proceed by contradiction and suppose that r ≥ a.Let t = r − a. Then t ≥ 0 and, since a > 0, we have that t < r. Moreover,

t = r − a = (b − aq) − a = b − (aq + a) = b − a(q + 1)

But this means that t ∈ S (let x = q + 1) and t < r, contradicting the fact that r is the smallestelement of S. This completes the proof of the existence of q and r.

We next show that the quotient q and the remainder r are uniquely determined by a and b. Toshow that there is a unique mathematical object with a given property, a standard technique is tosuppose that there are two objects with the given property, and then show that the two objectsmust, in fact, be equal. So, suppose that aq1 + r1 = b = aq2 + r2, where q1, r1, q2, and r2 areintegers and both 0 ≤ r1 < a and 0 ≤ r2 < a. We wish to show that q1 = q2 and r1 = r2. Assume,without loss of generality, that r1 ≤ r2; hence, r2 − r1 ≥ 0. Since aq1 + r1 = aq2 + r2, we obtain

a(q1 − q2) = r2 − r1

Thus, a | (r2 − r1). Since 0 ≤ r2 − r1 < a, it must be the case that r2 − r1 = 0. Therefore, r2 = r1.Then, since a(q1 − q2) = r2 − r1 = 0 and a 6= 0, we obtain that q1 − q2 = 0, so that q1 = q2. Thiscompletes the proof.

�

The proof of Theorem 2.4 is an “existence proof.” It concentrates on verifying the existence ofintegers q and r satisfying the properties stated in the theorem, rather than on giving a method forfinding q and r. However, the proof implicitly suggests an algorithm for finding q and r from a andb, using only the operations of addition and subtraction. We give an informal description of thisalgorithm here, leaving further investigation of it to the exercises.

If b ≥ 0, then consider the sequence

b − a(0), b − a(1), b − a(2), . . .

of numbers obtained by starting with b and then repeatedly subtracting a. Since a > 0, the numbersin this sequence are eventually negative; r = b − aq is the last nonnegative term in this sequence.On the other hand, if b < 0, then consider the sequence

b − a(0), b − a(−1), b − a(−2), . . .

of numbers obtained by starting with b and then repeatedly adding a. The numbers in this sequenceare eventually nonnegative; r = b− aq is the first nonnegative term. (Note in this case that q ≤ 0.)

The following corollary to Theorem 2.4 extends the division algorithm to handle the case of anegative divisor. Its proof is left to Exercise 10.

Corollary 2.5: Given integers a and b with a 6= 0, there exist uniquely determined integers q

and r such that b = aq + r, where 0 ≤ r < |a|.�


Example 2.5: In the context of Corollary 2.5, find q and r for the given a and b.

(a) a = 17, b = 110 (b) a = 7, b = −59(c) a = −11, b = 41 (d) a = −5, b = −27(e) a = 13, b = 7 (f) a = −13, b = 7

Solution:

(a) Since 110 = 17(6) + 8, we have that q = 6 and r = 8.(b) Since −59 = 7(−9) + 4, we have that q = −9 and r = 4. In this problem it is easy to make

the mistake of saying q = −8 and r = −3, since −59 = 7(−8)+ (−3). However, remember that anyremainder is required to be nonnegative, so r = −3 can’t be right.

(c) In this part we find that q = −3 and r = 8.(d) Here we find that q = 6 and r = 3.Parts (e) and (f) are meant to illustrate the following general problem: Given integers a and b

with 0 ≤ b < |a|, find q and r. This is actually an easy problem, since b = a(0) + b and b is a validremainder; see Exercise 24. In part (e), for example, note that

7 = 13(0) + 7 and 0 ≤ 7 < 13

Thus, q = 0 and r = 7. Similarly, in part (f), 7 = (−13)(0)+7 and 0 ≤ 7 < |−13|. Hence it followsthat q = 0 and r = 7.

�

Example 2.6: Show that any integer m is expressible in precisely one of the forms 3q, 3q + 1, or

3q + 2, where q is an integer.

Solution: Apply Corollary 2.5 with dividend m and divisor 3 — it states that there exist uniqueintegers q and r such that m = 3q + r, where 0 ≤ r < 3. Hence r = 0, r = 1, or r = 2. Since r isuniquely determined, it follows that m is expressible in precisely one of the forms 3q, 3q + 1, or3q + 2.

�

Example 2.7: Show that the product of any two consecutive integers is even.

Solution: According to the division algorithm (Corollary 2.5), every integer m is uniquelyexpressible in the form m = 2q + r, where 0 ≤ r < 2. Thus m is expressible in precisely one of theforms 2q or 2q + 1. If m = 2q, we call m an even integer, whereas if m = 2q + 1, we call m an odd

integer. Now, consider two arbitrary consecutive integers, n and n + 1, say. We want to showthat n(n + 1) is even. This means that we must show that n(n + 1) = 2k for some integer k. Weconsider two cases, depending on whether n itself is even or odd.

In the first case, suppose that n is even, say n = 2q. Then

n(n + 1) = 2q(2q + 1) = 2(2q2 + q)

This shows that n(n + 1) is even. (Here, k = 2q2 + q.)


In the second case, suppose that n is odd, say n = 2q + 1. Then

n(n + 1) = (2q + 1)(2q + 2) = 2(2q + 1)(q + 1)

so again n(n + 1) is even. (In this case, k = (2q + 1)(q + 1).)

�

In general, given an arbitrary positive integer n, the division algorithm tells us that every integeris expressible in precisely one of the following forms:

nq, nq + 1, nq + 2, . . . , nq + (n − 1)

In much of the discussion that follows you need to make use of this idea, so be ready for it. Thefollowing example illustrates this point.

Example 2.8: Show that the product of any two integers of the form 6k + 5 has the form 6k + 1.

Solution: Let m1 and m2 be two integers of the form 6k + 5. This means that m1 = 6k1 + 5 andm2 = 6k2 + 5 for some integers k1 and k2. Thus,

m1m2 = (6k1 + 5)(6k2 + 5)

= 36k1k2 + 30k1 + 30k2 + 25

= 36k1k2 + 30k1 + 30k2 + 24 + 1

= 6(6k1k2 + 5k1 + 5k2 + 4) + 1

Therefore, m1m2 has the form 6k + 1 (with k = 6k1k2 + 5k1 + 5k2 + 4), as was to be shown.�

As already noted, if the division algorithm is applied to an integer m and the divisor 3, then theremainder r is precisely one of the numbers 0, 1, or 2. Define the sets S0, S1, and S2 by

S0 = {3q | q ∈ Z} = 3Z

S1 = {3q + 1 | q ∈ Z} = 1 + 3Z

S2 = {3q + 2 | q ∈ Z} = 2 + 3Z

Then, for r ∈ {0, 1, 2}, Sr is the set of all those integers m that yield a remainder of r when dividedby 3. For instance, 11 = 3 · 3 + 2, so 11 ∈ S2, whereas −11 = 3(−4) + 1, so −11 ∈ S1. By theuniqueness of r, each integer m belongs to exactly one of the sets S0 , S1, or S2. It follows that:

1. Z = S0 ∪ S1 ∪ S2;

2. The sets S0, S1, and S2 are pairwise disjoint.

Because these two properties hold, we say that {S0, S1, S2} is a “partition” of the set Z. Theimportant concept of partition is explored further in Chapter 4.

In explicit form,S0 = {. . .− 9,−6,−3, 0, 3, 6, 9, . . .}S1 = {. . .− 8,−5,−2, 1, 4, 7, 10, . . .}S2 = {. . .− 7,−4,−1, 2, 5, 8, 11, . . .}

Note that two integers are in the same set Sr if and only if they differ by a multiple of 3. Thissuggests the following general and important result.


Theorem 2.6: Let m1, m2, and n be integers, with n 6= 0, and let the remainders upon divisionof m1 and m2 by n be r1 and r2, respectively. Then

r1 = r2 if and only if n | (m2 − m1)

Proof: Let m1, m2 , and n be integers, with n 6= 0, and let the remainders upon division of m1andm2 by n be r1 and r2, respectively. To prove this result, we must prove the two implications:

(1) If r1 = r2, then n | (m2 − m1).(2) If n | (m2 − m1), then r1 = r2.

According to the division algorithm,

m1 = nq1 + r1 and m2 = nq2 + r2

for some integers q1 and q2. Thus,

m2 − m1 = (nq2 + r2) − (nq1 + r1) = n(q2 − q1) + (r2 − r1)

We first prove (1) directly. Assume r1 = r2. Then r2 − r1 = 0, and so

m2 − m1 = n(q2 − q1)

which shows that n | (m2 − m1).To complete the proof, we must prove implication (2). This is left to Exercise 8.

�

Exercise Set 2.2

1. In the context of Corollary 2.5, find q and r for the given a and b.

(a) a = 11, b = 297 (b) a = 9, b = −63(c) a = 8, b = 77 (d) a = 6, b = −71(e) a = −5, b = 35 (f) a = −6, b = −39

2. Prove Theorem 2.3, parts 1, 3, and 5. Also, prove part 4 as a corollary to part 5.

3. Let a, b, and c be integers, with a 6= 0. Prove each of these implications:

(a) If a | b and a | c, then a2 | (bc).(b) If a | b, then a | (−b) and (−a) | b.

4. Prove that the following implication holds for any integers a, b, c, and d, with a and c nonzero:

If a | b and c | d, then (ac) | (bd).

5. Prove each of the following facts:

(a) The square of any odd integer is of the form 4k + 1 (for some integer k).(b) The square of any integer is of the form 3k or 3k + 1.


6. Let a, b, and c be arbitrary integers with a and c nonzero. Prove:

If (ac) | (bc), then a | b.

7. Apply the result of part (a) of Exercise 5 to show that none of the numbers 11, 111, 1111, and11111 is a perfect square. (Hint: Apply the division algorithm, with a divisor of 4.) Based on theresult of this exercise, make a general conjecture regarding numbers of the form 11 · · ·1.

8. Complete the proof of Theorem 2.6. (Hint: Show that r1 − r2 is a multiple of n and that0 ≤ |r1 − r2| < n. It follows that r1 − r2 = 0. Why?)

9. Let a, b, and c be arbitrary integers, with a 6= 0. Prove or disprove: If a | (bc), then eithera | b or a | c.

10. Prove Corollary 2.5. (Hint: If a < 0, then −a > 0, and we can apply Theorem 2.4 to findintegers q and r such that b = (−a)q + r, where 0 ≤ r < −a.)

11. Apply the result of part (b) of Exercise 5 to show that, for any integer m, 3m2 − 1 is not aperfect square.

12. Prove that:

(a) The sum of any two even integers is even.(b) The sum of any two odd integers is even.(c) The sum of any even integer and any odd integer is odd.

13. Prove: Given any three consecutive integers, (exactly) one of them is a multiple of 3. (Hint:Denote the three consecutive integers by m, m + 1, m + 2 and use the fact that m is expressible inexactly one of the forms 3q, 3q + 1, or 3q + 2.)

14. Prove that, for any integer m, m3 − m is a multiple of 3. (Hint: Note thatm3 − m = m(m2 − 1); if m is not a multiple of 3, what can be said about m2 − 1?)

15. Prove: For any integer m, (exactly) one of the integers m, m + 4, m + 8, m + 12, m + 16 is amultiple of 5.

16. Let m represent an arbitrary integer. Prove: If m has the form 6q + 5 for some integer q,then mhas the form 3k + 2 for some integer k. What about the converse of this implication?

17. Prove the following results as corollaries to Theorem 2.3.

(a) For any integer m, if m is even, then mx is even for any integer x.(b) For any positive integers m and n, if m | n, then m ≤ n.

18. Other than 2, show that no positive integer of the form n3 + 1 is prime. (Hint: Apply thestandard formula for factoring the sum of two cubes.)

19. Let p represent an arbitrary prime. Prove: If p has the form 3q + 1 for some integer q, then phas the form 6k + 1 for some integer k. (Hint: If p has the form 3q + 1, then p must be odd, sowhat can be said about q?)

20. Prove: If (a, b, c) is a Pythagorean triple, then one of a, b, or c is divisible by 3, one is divisibleby 4, and one is divisible by 5. (For example, if a = 5, b = 12, and c = 13, then 3 | b, 4 | b, and5 | a.)


21. In this exercise, we introduce the div and mod notation. Given integers a and b with a 6= 0,Corollary 2.5 states that there exist uniquely determined integers q and r such that b = aq + r,where 0 ≤ r < |a|. In this context, we define the operators div and mod as follows:

b div a = q

b mod a = r

Find b div a and b mod a for the pairs of integers a and b given in Exercise 1.

22. Given positive integers a and b, explain how to use a standard pocket calculator to compute

b div a and b mod a

23. Let m1 and m2 be integers such that

m1 div 5 = q1 m1 mod 5 = 2

m2 div 5 = q2 m2 mod 5 = 3

Find:

(a) (m1 + m2) div 5 (b) (m1 + m2) mod 5(c) (m1m2) div 5 (d) (m1m2) mod 5

24. Given integers a and b with 0 ≤ b < |a|, find b div a and b mod a.

25. Compute each of the following.

(a) 47 div 10 (b) 47 mod 10(c) 47 div (−10) (d) 47 mod (−10)(e) (−47) div 10 (f) (−47) mod 10(g) (−47) div (−10) (h) (−47) mod (−10)

26. Show, for a > 0, that

b div (−a) = −(b div a) and b mod (−a) = b mod a

27. Given that m1 div 7 = q1, m1 mod 7 = 2, m2 div 7 = q2, and m2 mod 7 = 6, find:

(a) (m1 + 5) div 7 (b) (m1 + 5) mod 7(c) (2m1) div 7 (d) (2m1) mod 7(e) (−m2) div 7 (f) (−m2) mod 7(g) (m1 + m2) div 7 (h) (m1 + m2) mod 7(i) (2m1 + 3m2) div 7 (j) (2m1 + 3m2) mod 7(k) (m1m2) div 7 (l) (m1m2) mod 7

28. Let a and b be positive integers with 1 ≤ a ≤ b.

(a) Find and verify a formula for (−b) div a in terms of b div a.(b) Find and verify a formula for (−b) mod a in terms of b mod a.

29. Let a and b be positive integers.

(a) What is the smallest possible value for b div a?(b) What is the largest possible value for b div a?

2.3 Euclidean Algorithm 97

Given a and b, suppose one guesses a value q′ for b div a in the range of possible values. Notethat, if 0 ≤ b − aq′ < a, then b div a = q′ and b mod a = b − aq′. However:

(c) If b − aq′ < 0, what does this indicate about the guess q′?(d) If b − aq′ ≥ a, what does this indicate about the guess q′?

30. Describe (and implement as a computer program) an algorithm that inputs integers a and bwith a 6= 0 and outputs b div a and b mod a. Base your algorithm on the results of Exercises 26,28, and the remarks following the proof of Theorem 2.4.

31. Several computer programming languages, such as Ada and C++, have built in operators tocompute b div a and b mod a for integers a and b. However, the results do not always agree withDefinition 2.3. If you are familiar with a language that has such operators, write a short programto test them.

2.3 EUCLIDEAN ALGORITHM

In this section we define the greatest common divisor of two integers and describe an efficientmethod for finding it, given the integers.

Definition 2.3: Given integers a and b, the integer c 6= 0 is called a common divisor (orcommon factor ) of a and b provided both c | a and c | b. If a and b are not both zero, then wedefine the greatest common divisor (or greatest common factor ) of a and b to be the largestcommon factor of a and b. The greatest common divisor of a and b is denoted by gcd(a, b).

�

Let us make a few observations about gcd(a, b). First, since 1 | a and 1 | b, we have that

1 ≤ gcd(a, b)

Second,gcd(b, a) = gcd(a, b)

so we may, without loss of generality, assume that |a| ≤ |b|. Third, since

gcd(−a, b) = gcd(a, b) = gcd(a,−b)

we can assume that 0 ≤ a ≤ b. Finally note that, for b > 0,

gcd(0, b) = b = gcd(b, b)

Thus, in seeking gcd(a, b), it suffices to consider the case when 1 ≤ a < b; in this case, 1 ≤gcd(a, b) ≤ a. In particular, this last statement implies that gcd(a, b) exists.


Example 2.9: Find:

(a) gcd(12, 36)(b) gcd(18, 42)(c) gcd(15, 28)

Solution:

(a) Note that 12 is a factor of 36; hence gcd(12, 36) = 12.(b) The positive factors of 18 are 1, 2, 3, 6, 9, and 18; of these, only 1, 2, 3, and 6 are factors of

42. Therefore, gcd(18, 42) = 6.(c) The positive factors of 15 are 1, 3, 5, and 15. Of these, only 1 is a factor of 28. Thus,

gcd(15, 28) = 1.

�

Generalizing the result of part (a) of the preceding example, note that, for 1 ≤ a < b,

gcd(a, b) = a if and only if a | b

For 1 ≤ a < b, a simple-minded method for finding d = gcd(a, b) is to search the list of numbersa, a − 1, a − 2, . . ., 2, 1, looking for the largest one that is a common factor of a and b. In theworst case (when gcd(a, b) = 1), this method would take a steps to find d, where each step consistsof determining whether a given positive integer is a common factor of a and b. In a number ofpractical applications (e.g., data encryption) in which gcd(a, b) must be computed, a might be anumber on the order of 10100. Even with a fast computer that performs, say, 1010 steps per second,finding gcd(a, b) by this method could take 1090 seconds in the worst case. Since there are less than108 seconds in a year, this is a very long time — far longer than the estimated age of the universe!

Fortunately, there is a much faster method, which goes way back to Euclid (≈ 300 B.C.), andis based on repeated application of the division algorithm. For this method, assume we are givenintegers a and b with 0 ≤ a < b; we wish to find gcd(a, b). First of all, let’s handle the easy case;namely, if a = 0, then gcd(a, b) = b. To handle the case when a > 0, we make use of the followinglemma.

Lemma 2.7: For integers a and b with 0 < a ≤ b, let r = b mod a. Then

gcd(a, b) = gcd(r, a)

Proof: Letd1 = gcd(a, b) and d2 = gcd(r, a)

We wish to show that d1 = d2. We do this by showing that d1 ≤ d2 and d2 ≤ d1.

Let q = b div a. Then b = aq + r. Since b = a(q) + r(1), by Theorem 2.3, part 3, any commonfactor of a and r is also a factor of b. Hence, d2 is a factor of b, and thus d2 is a common factor ofa and b. Therefore, d2 ≤ d1. (Why?)


Similarly, since r = b − aq = a(−q) + b(1), any common factor of a and b is also a factor of r.Hence, d1 is a factor of r, and thus d1 is a common factor of a and r. It follows that d1 ≤ d2.

�

Now consider finding gcd(a, b) when 0 < a ≤ b. By the division algorithm, there exist (unique)integers q and r such that b = aq + r, with 0 ≤ r < a. By Lemma 2.7, we see that

gcd(a, b) = gcd(r, a)

This observation forms the basis for a procedure known as the Euclidean algorithm. Note that, fora > 0, we replace the problem of finding gcd(a, b) with the problem of finding gcd(r, a). In thesense that r < a and a < b, this new problem constitutes a “reduced form” of the original problem.

But, you may ask, How do I now find gcd(r, a)? The answer is, Apply the same reasoning again!That is, if r = 0, then gcd(r, a) = a. Otherwise, let r′ be the remainder when a is divided by r; thengcd(r, a) = gcd(r′, r). The Euclidean algorithm is an example of a recursive algorithm, because itoperates by reducing a (nontrivial) instance of a given type of problem to a smaller instance of thesame type of problem.

Euclidean Algorithm: Given integers a and b with 0 ≤ a ≤ b:

0. If a = 0, then gcd(a, b) = b;1. Otherwise, let r be the remainder when b is divided by a; then gcd(a, b) = gcd(r, a).

�

Example 2.10: Use the Euclidean algorithm to compute gcd(64, 148).

Solution: Since 64 > 0, we apply the division algorithm to 64 and 148, obtaining148 = 64(2) + 20, namely, a quotient of 2 and a remainder of 20. By step 1 of the algorithm, then,

gcd(64, 148) = gcd(20, 64)

Next 20 > 0, so now we divide 64 by 20, obtaining a quotient of 3 and a remainder of 4. So, bystep 1 of the algorithm,

gcd(20, 64) = gcd(4, 20)

Still 4 > 0, so we apply the recursive step again. Dividing 20 by 4 yields a quotient of 5 and aremainder of 0, so that

gcd(4, 20) = gcd(0, 4)

Finally, gcd(0, 4) = 4. Therefore, putting all of the steps together, we see that

gcd(64, 148) = gcd(20, 64) = gcd(4, 20) = gcd(0, 4) = 4

�

It is the repeated application of Lemma 2.7 that indicates the general form of the Euclideanalgorithm. Let’s look at this form more carefully. Suppose that a and b are positive integers witha < b. We begin by setting r0 = b and r1 = a. We then successively apply the division algorithmas follows:


r0= r1q1 + r2 0 ≤ r2 < r1

r1= r2q2 + r3 0 ≤ r3 < r2

......

rk−1= rkqk + rk+1 0 ≤ rk+1 < rk

......

Consider the values r0, r1, r2, . . ., rk−1, rk, rk+1, . . . . In view of the requirement in the divisionalgorithm that any remainder be less than its corresponding divisor, we see that these numbersform a strictly decreasing sequence of integers; namely, that

r0 > r1 > r2 > · · · > rk−1 > rk > rk+1 > · · ·

However, the above sequence of remainders can’t go on forever, because each remainder isnonnegative, and it’s impossible to have an infinite, strictly decreasing sequence of nonnegativeintegers. Hence, there must be some positive integer n + 1 such that rn+1 = 0, and so the abovelist of relations can be rewritten as follows:

r0= r1q1 + r2 0 ≤ r2 < r1

r1= r2q2 + r3 0 ≤ r3 < r2

......

rn−2= rn−1qn−1 + rn 0 ≤ rn < rn−1

rn−1= rnqn + rn+1 rn+1 = 0

Then we obtain

gcd(a, b) = gcd(r2, a) = gcd(r3, r2) = · · · = gcd(rn+1, rn) = gcd(0, rn) = rn

It can be shown (see Chapter Problem 30) that the Euclidean algorithm requires not more than2 log2 a divisions to compute gcd(a, b). For a on the order of 10100, this bound is on the order of200(log2 10) ≈ 665. So the Euclidean algorithm is very efficient!

Given integers a and b, a linear combination of a and b (over Z) is any expression of the form

as + bt

with s, t ∈ Z. Our next result provides an important characterization of gcd(a, b), showing that itis the smallest positive integer that can be expressed as a linear combination of a and b. The proofof the theorem applies the division algorithm in a strong way, and also makes use of the principle ofwell-ordering.

Theorem 2.8: Let a and b be integers, not both 0. Then gcd(a, b) is the smallest positiveinteger expressible as a linear combination of a and b.

Proof: Consider the setS = {ax + by | x, y ∈ Z and ax + by > 0}

If we let x = a and y = b, then ax + by = a2 + b2 > 0 (since not both a and b are zero). Thus, theset S is nonempty. By the principle of well-ordering, S has a smallest element; call it d. So d isthe smallest positive integer expressible as a linear combination of a and b, say, d = as + bt, wheres, t ∈ Z. To show that d = gcd(a, b), we must verify the following:


1. d is a common divisor of a and b;2. If c is any common divisor of a and b, then c ≤ d.To show 1, we first apply the division algorithm to a and d, obtaining integers q and r such that

a = dq + r, with 0 ≤ r < d. To show that d | a, it suffices to show that r = 0. Since d = as + bt,we have that

r = a − dq = a − (as + bt)q = a(1 − sq) + b(−tq)

where both 1 − sq and −tq are integers. So r is a linear combination of a and b. But r < d, andd is the smallest positive linear combination of a and b, so r can’t be positive. Hence, r = 0, as wewished to show. In a completely analogous way, it can be shown that d | b.

Next, to show 2, let c be any common divisor of a and b. If c < 0, then clearly c ≤ d, so wemay assume that c > 0. Since c is a common divisor of a and b, it follows from Theorem 2.3, part3, that c is a divisor of any linear combination of a and b; in particular, c | d. Then, since both cand d are positive, it follows from part 5 of Theorem 2.3 (more directly, from Exercise 17, part (b)of Exercise Set 2.2), that c ≤ d. This completes the proof.

�

So, given integers a and b, not both zero, there exist integers s and t such that

gcd(a, b) = as + bt

We have an efficient algorithm, namely, the Euclidean algorithm, for finding gcd(a, b). Is there someway to extend this algorithm so that it also finds the integers s and t? Indeed there is, and it iscalled the extended Euclidean algorithm.

We illustrate the general form of the extended Euclidean algorithm by looking at a particularexample. In particular, let’s compute d = gcd(141, 486) and find integers s and t such that d =141s + 486t.

Recall that d is the last nonzero remainder obtained in the process of applying the Euclideanalgorithm. There is an especially nice way to display the remainders and quotients obtained alongthe way. In the general case, where 0 < a < b, if rn is the last nonzero remainder, then d = rn, andwe can display the results in the following table (recall that r0 = b and r1 = a):

b a r2 r3 r4 · · · rn 0q1 q2 q3 q4 · · · qn

It is easy to see how the relations obtained from our successive application of the division algorithmgive rise to the entries in this table. Namely, for 0 ≤ k < n, we have the relation

rk = rk+1qk+1 + rk+2

and in the table this information is entered into successive columns as follows:

· · · rk rk+1 rk+2 · · ·· · · qk+1 · · ·

In our particular example, with a = 141 and b = 486, you should verify that the following table isobtained:

486 141 63 15 3 03 2 4 5


Thus, we see that d = gcd(141, 486) = 3.The method for determining the values of s and t such that

3 = 141s + 486t

makes use of the above table. The idea is to express each remainder rk, 0 ≤ k ≤ n, as a linearcombination of a and b. That is, for each k, 0 ≤ k ≤ n, we wish to find integers sk and tk such that

rk = ask + btk

Then, when k = n, we obtain the desired relation expressing d as a linear combination of a and b.So the method generates two additional sequences: s0, s1, s2, . . . , sn and t0, t1, t2, . . . , tn. Thesetwo sequences are added as rows to the table, so that in general the table looks like this:

b a r2 · · · rn 0q1 q2 · · · qn

s0 s1 s2 · · · sn

t0 t1 t2 · · · tn

To get things started, we need to find values for s0, t0, s1, and t1 such that

b = r0 = as0 + bt0

a = r1 = as1 + bt1

That’s easy! Simply let s0 = 0, t0 = 1, s1 = 1, and t1 = 0. It’s also easy to obtain the values of s2

and t2. By the division algorithm,

r2 = b − aq1 = a(−q1) + b(1)

Hence, s2 = −q1 and t2 = 1. So far, then, our general table looks like this:

b a r2 r3 · · · rn 0q1 q2 q3 · · · qn

0 1 −q1 s3 · · · sn

1 0 1 t3 · · · tn

In our particular example, when a = 141 and b = 486, we have the following so far:

486 141 63 15 3 03 2 4 5

0 1 −3 s3 s4

1 0 1 t3 t4

It is important to understand that each column of this table indicates how to express the remainderin that column as a linear combination of a and b. For example, in the above table, the columncorresponding to k = 2 indicates that

63 = 141(−3) + 486(1)


Next, we need to determine values for s3 and t3 such that 15 = r3 = as3+bt3. To do this, we firstmake use of the division algorithm to express r3 in terms of r1 and r2. Recall that r1 = r2q2 + r3;hence:

15 = r3 = r1 − r2q2 = 141− 63(2)

We then use the values already found for s1, s2, t1, and t2 to replace each of r1 and r2 in the aboveexpression by a linear combination of a and b. In the general case, this gives us:

r3 = r1 − r2q2 = (as1 + bt1) − (as2 + bt2)q2 = a(s1 − s2q2) + b(t1 − t2q2)

and so we see that s3 = s1 − s2q2 and t3 = t1 − t2q2. In our particular example, we find that

r3 = 15 = 141− 63(2) =[141(1) + 486(0)

]−

[141(−3) + 486(1)

](2)

= 141(1− (−3)2) + 486(0− 1(2))

= 141(7) + 486(−2)

Thus, s3 = 7 and t3 = −2. (Check that 15 = 141(7) + 486(−2).)Try to notice a general pattern in the above expressions for s3 and t3. Can you guess what the

expressions for s4 and t4 are? Let’s work it out. Again the division algorithm is the key, becausefrom it we know that r2 = r3q3 + r4. Hence,

r4 = r2 − r3q3 = (as2 + bt2) − (as3 + bt3)q3 = a(s2 − s3q3) + b(t2 − t3q3)

Thus, s4 = s2 − s3q3 and t4 = t2 − t3q3. In our example, then, we find that

s4 = s2 − s3q3 = −3 − 7(4) = −31

t4 = t2 − t3q3 = 1 − (−2)(4) = 9

Hence, r4 = 3 = 141(−31) + 486(9). (Check this!) Since d = r4, our example is complete. Insummary, our results indicate that d = 3, s = −31, and t = 9, and here is the complete table:

486 141 63 15 3 0

3 2 4 50 1 −3 7 −31

1 0 1 −2 9

Let us now return to consideration of the extended Euclidean algorithm in the general case. Asalready noted, the results from an application of the algorithm can be displayed in table form asfollows:

b a r2 · · · rk−1 rk rk+1 · · · rn 0q1 q2 · · · qk−1 qk qk+1 · · · qn

s0 s1 s2 · · · sk−1 sk sk+1 · · · sn

t0 t1 t2 · · · tk−1 tk tk+1 · · · tn

Suppose that the above table has been completed through column k, except for the value of qk, andwe next wish to find qk and then fill in the values of rk+1, sk+1, and tk+1 in column k + 1. If weunderstand how this is done, then we understand how the extended Euclidean algorithm works ingeneral. Now then, we know how to obtain qk and rk+1, since these are the quotient and remainder,respectively, obtained by dividing rk−1 by rk. Hence it follows that rk−1 = rkqk + rk+1, and we


use this relation and the values from columns k − 1 and k to find sk+1 and tk+1. This is done asfollows:

rk+1 = rk−1 − rkqk = (ask−1 + btk−1) − (ask + btk)qk = a(sk−1 − skqk) + b(tk−1 − tkqk)

Thus, sk+1 = sk−1 − skqk and tk+1 = tk−1 − tkqk.In summary, the sequence s0, s1, s2, . . . , sn−1 is defined by

s0 = 0

s1 = 1

sk+1 = sk−1 − skqk, for k = 1, 2, . . . , n − 1

We say that the sequence is defined recursively by the initial values s0 = 0 and s1 = 1 and the recur-

rence relation (or recurrence formula) sk+1 = sk−1−skqk. Similarly, the sequence t0, t1, t2, . . . , tn−1

is defined recursively by the following initial values and recurrence relation:

t0 = 1

t1 = 0

tk+1 = tk−1 − tkqk, for k = 1, 2, . . . , n − 1

In words, to obtain the value of s in a given column, multiple the value of s in the precedingcolumn by the quotient in that column, and then subtract this product from the value of s in thecolumn two columns before the given one. Similarly, to obtain the value of t in a given column,multiply the value of t in the preceding column by the quotient in that column, and then subtractthis product from the value of t two columns before.

Example 2.11: Use the extended Euclidean algorithm to find d = gcd(1407, 3255) and integers s

and t such that d = 1407s + 3255t.

Solution: First, we successively apply the division algorithm to obtain the first two rows of thetable:

3255 1407 441 84 21 02 3 5 4

So we see that d = gcd(1407, 3255) = 21. Now we must complete the third and fourth rows of thetable using the initial values and recurrence relations for the s and t values. It is recommendedthat you complete the third row first, and then do the fourth row. Completing the third row, youshould get

3255 1407 441 84 21 0

2 3 5 40 1 −2 7 −37

For example, s = s4 = s2 − s3q3 = −2 − (7)5 = −2 − 35 = −37. We then do the fourth row; see ifyou get

3255 1407 441 84 21 02 3 5 4

0 1 −2 7 −371 0 1 −3 16


For instance, t = t4 = t2 − t3q3 = 1 − (−3)5 = 1 + 15 = 16. Therefore, d = 21, s = −37, andt = 16, and it can be checked that

21 = 1407(−37) + 3255(16)

Easy, is it not? And fast, too!�

A final comment about the extended Euclidean algorithm. When applying the algorithm byhand, some people prefer to generate the table one column at a time. For instance, in the aboveexample, suppose we have completed the table to this point:

3255 1407 4412

0 1 −21 0 1

At the next step, we divide 1407 by 441, obtaining a quotient of 3 and a remainder of 84. We thencompute the s and t values in column 3, and the table is updated as follows:

3255 1407 441 842 3

0 1 −2 7

1 0 1 −3

The entries in column 3 indicate that 84 = 1407(7)+3255(−3), and this relation can be checked. Ingeneral, if one checks that rk = ask+btk, but, after the next step, one finds that rk+1 6= ask+1+btk+1,then one knows that a mistake has just been made. That is, either a mistake has been made individing rk−1 by rk, or a mistake has been made in computing the values of sk+1 and tk+1. Onecould wait to the end, and simply check that d = as + bt, but if this does not check then one won’tknow at what step things went wrong.

As stated in Theorem 2.8, if d = gcd(a, b), then d is the smallest positive integer expressible asa linear combination of a and b, namely, as d = as + bt, where s, t ∈ Z. It is important to note,however, that just because some positive integer e is expressible as a linear combination of a and b,this does not necessarily imply that e = gcd(a, b). For example, 10 = 2(11) + 3(−4), but clearly10 6= gcd(2, 3).

There is an exceptional case that deserves special attention, however. Given a, b ∈ Z, supposethat there exist integers x and y such that 1 = ax + by. Then 1 is a linear combination of a and b,and 1 is the smallest positive integer. Therefore, 1 is the smallest positive linear combination of aand b, and so 1 = gcd(a, b). We state this result as a corollary to Theorem 2.8.

Corollary 2.9: Let a and b be integers, not both 0. Then gcd(a, b) = 1 if and only if

1 = ax + by for some integers x and y.�

Definition 2.4: Two positive integers a and b are called relatively prime providedgcd(a, b) = 1.

�


Just because two positive integers a and b are relatively prime, this does not mean, necessarily,that either a or b is a prime number. For example, 10 and 21 are relatively prime, and neither10 nor 21 is prime. What being relatively prime does mean is that 1 is the only positive commonfactor of a and b, and so, in particular, a and b have no common prime factors. Conversely, if aand b have no prime factors in common, then a and b are relatively prime.

In order to show that two given positive integers a and b are relatively prime, it suffices to findintegers x and y such that 1 = ax+by. Of course, one way to find x and y is to employ the extendedEuclidean algorithm. Sometimes, however, we can find x and y more directly, perhaps by trial anderror.

Example 2.12: Show that 5n + 3 and 7n + 4 are relatively prime for any nonnegative integer n.

Solution: The trick here is to notice that

1 = (5n + 3)(7) + (7n + 4)(−5)

Hence, by Corollary 2.9, it follows that 5n + 3 and 7n + 4 are relatively prime.�

There are a number of interesting, intriguing, and useful results that involve the concept ofrelatively prime. We present one of these and two of its corollaries next, with further applicationspresented in the exercises and chapter problems.

Theorem 2.10 (Euclid’s Lemma): Let a, b, and c be positive integers. If a | (bc) and a and b

are relatively prime, then a | c.

Proof: Assume a | (bc) and a and b are relatively prime. Since a | (bc), there is some integer qsuch that bc = aq. Since a and b are relatively prime, there exist integers x and y such that1 = ax + by. Thus,

c = c · 1 = c(ax + by) = a(cx) + (bc)y = a(cx) + (aq)y = a(cx + qy)

Since cx + qy is an integer, this shows that a | c.�

Compare Theorem 2.10 with Exercise 9 of Exercise Set 2.2.

Corollary 2.11: Let b and c be positive integers and let p be a prime. If p | (bc), then either

p | b or p | c.

Proof: Assume p | (bc). We know that either p is a factor of b or p is not a factor of b. If p is afactor of b, then the conclusion of the theorem holds and the proof is complete. If p is not a factorof b, then, since the only positive factors of p are 1 and p and p is not a factor of b, we see that pand b are relatively prime. Thus, by Euclid’s lemma, p | c, and so the proof is complete in thiscase, also. (Alternately, one can give a proof based on the logical equivalence presented in Chapter1, Problem 5, part (b).)

�


The preceding corollary can be extended to the case when a prime p divides a product of anyfinite number of factors. We state this result as Corollary 2.12, with the proof left to ChapterProblem 29.

Corollary 2.12: Let a1, a2, . . ., an be positive integers and let p be a prime. If p | (a1a2 · · · an),

then p | ai for some i, 1 ≤ i ≤ n.�

Theorem 2.8 characterizes the greatest common divisor of two integers a and b as a special linearcombination of a and b. Another very important and useful characterization of gcd(a, b) is presentedin the next theorem, whose proof is left to Exercise 2. Some textbooks take the stated condition asthe definition of gcd(a, b).

Theorem 2.13: Let a and b be integers, not both 0. Then a positive integer d is the greatestcommon divisor of a and b if and only if d satisfies the following two conditions:

1. d is a common divisor of a and b.2. If c is any common divisor of a and b, then c | d.

�

Exercise Set 2.3

1. Use the Euclidean algorithm to find gcd(a, b).

(a) a = 27, b = 81 (b) a = 120, b = 615(c) a = 1380, b = 3020 (d) a = 412, b = 936

2. Prove Theorem 2.13.

3. For the a and b given in each part of Exercise 1, apply the extended Euclidean algorithm tofind d = gcd(a, b) and integers s and t such that d = as + bt.

4. Let a and b be integers, not both 0. We know that gcd(a, b) can be expressed as a linearcombination of a and b. What other integers can be so expressed? Prove: Given an integer e, eis a linear combination of a and b if and only if e is a multiple of gcd(a, b).

5. Suppose the Euclidean algorithm is being applied to find gcd(a, b), and at some step theremainder ri+1 obtained is exactly 1 less than the remainder ri obtained at the previous step.What does this imply? Apply your observation to aid in finding gcd(383, 862).

6. Prove, using Corollary 2.9: For any positive integer n, n and n + 1 are relatively prime.

7. Prove: Any two consecutive odd positive integers are relatively prime.

8. Suppose the Euclidean algorithm is being applied to find gcd(a, b), and at some step werecognize that the remainder ri just obtained is prime.

(a) Show that either gcd(a, b) = ri or gcd(a, b) = 1.(b) How can one tell which of the alternative conclusions in part (a) holds?

Apply the observations made in parts (a) and (b) to aid in finding:


(c) gcd(40, 371) (d) gcd(52, 325)

9. Prove or disprove each of the following assertions about an arbitrary positive integer n.

(a) 2n and 4n + 3 are relatively prime.(b) 2n + 1 and 3n + 2 are relatively prime.

10. Let m and n be positive integers. Prove that gcd(m, m + n) | n.

11. Let a and b be integers such that 1 < a < b and a and b are relatively prime. Prove thefollowing assertions:

(a) gcd(−a + b, a + b) = 1 or 2 (Hint: Apply Theorem 2.3, part 3.)(b) gcd(2a + b, a + 2b) = 1 or 3(c) gcd(a + b, ab) = 1(d) gcd(a2, b2) = 1

12. Prove each of the following assertions about arbitrary positive integers a, b, c, and d.

(a) If a | c, b | c, and d = gcd(a, b), then (ab) | (cd).(b) If a | c, b | c, and a and b are relatively prime, then (ab) | c.

13. Let a, b, and d be integers with 0 < d ≤ a ≤ b. Prove: If d is a common divisor of a and band d can be expressed as a linear combination of a and b, then d = gcd(a, b).

14. Let m and n be positive integers, and let p be a prime such that p is not a factor of m. Showthat m and pn are relatively prime.

15. Let a, b, and n be positive integerswith n ≤ a and n ≤ b. Prove or disprove:

(a) If a mod n = b mod n, then gcd(n, a) = gcd(n, b).(b) If gcd(n, a) = gcd(n, b), then a mod n = b mod n.

16. Implement the Euclidean algorithm as a computer program. (The program is to inputintegers a and b with 0 ≤ a < b and output d = gcd(a, b).)

17. Let a and b be integers and let n, n1, and n2 be positive integers such that n = gcd(n1, n2).Prove:

If a mod n1 = b mod n1 or a mod n2 = b mod n2, then a mod n = b mod n.

18. Implement the extended Euclidean algorithm as a computer program. (The program is toinput integers a and b with 0 ≤ a < b and output d = gcd(a, b) and integers s and t such thatd = as + bt.)

19. Prove or disprove the converse of the implication in Exercise 17.

20. Describe (and implement as a recursive procedure) a recursive form of the extended Euclideanalgorithm.

21. In the context of the extended Euclidean algorithm, where rn = gcd(a, b) = asn + btn, definethe numbers sn+1 and tn+1 as follows:

sn+1 = sn−1 − snqn and tn+1 = tn−1 − tnqn

What is the value of the expression asn + btn?

22. In the context of the extended Euclidean algorithm, prove the following:

(a) sktk < 0 for 2 ≤ k ≤ n(b) sksk+1 < 0 for 1 ≤ k < n(c) tktk+1 < 0 for 2 ≤ k < n

2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 109

2.4 PRIME NUMBERS AND

THE FUNDAMENTAL THEOREM OF ARITHMETIC

As stated in Section 2.2, one of the basic notions in number theory is that any integer n > 1 maybe factored as a product of primes, and that such a factorization is essentially unique. We provethis result in this section, along with several other results concerning prime numbers.

We first prove the following lemma. Note: A lemma is a result which is used to prove another(usually more important) result.

Lemma 2.14: Every positive integer n > 1 has a prime factor.

Proof: Let P (n) represent the statement

n has a prime factor

When n = 2, we see that 2 is prime and is certainly a factor of itself. So P (2) is true.

Suppose it is not the case that P (n) holds for every integer n ≥ 2. Then the set

S = {n | n ≥ 2 and P (n) is false}

is a nonempty subset of the set of positive integers. It follows by the PWO that S contains asmallest element; denote this by n. Note that n must be composite, for otherwise n would be aprime factor of itself. It follows from this observation and our anchor step that n > 3.

Since n is composite, it can be factored as n = n1n2, where n1 and n2 are integers and 1 < n1 ≤n2 < n. It then follows, since n is the smallest element of S, that n1 has a prime factor. But sinceany factor of n1 is also a factor of n, we have shown that n has a prime factor. Thus P (n) is true, acontradiction. It follows that the set S is empty, and therefore P (n) is true for every integer n ≥ 2.

�

Let n be an integer, n > 1. By Lemma 2.14, n has a prime factor, and hence the set of primefactors of n is a nonempty subset of Z+. It follows from the principle of well-ordering that n has asmallest prime factor; we state this as a corollary to Lemma 2.14.

Corollary 2.15: Every integer n > 1 has a smallest prime factor.

�

We are now ready to prove that every integer n > 1 can be (uniquely) factored as a product ofprimes. This result is so important in number theory that it called the “fundamental theorem” of thesubject. Its proof suggests an algorithm (albeit a rather inefficient one) for finding the factorizationof a given integer n > 1. Before proceeding to the theorem, let’s illustrate the algorithm with anexample.

Example 2.13: We repeatedly apply the idea of Corollary 2.15 to factor n1 = 474383 as a

product of primes.


We begin by finding the smallest prime factor p1 of n1. Since n1 is odd, we see that 2 is not afactor of n1. Likewise, it can be checked that neither 3 nor 5 is a factor of n1. Then checking 7,we find that p1 = 7 is a factor of n1; in fact, n1 = 7 · 67769.

To complete the factorization at this point, we must factor n2 = 67769 as a product of primes.Again, we apply the idea of Corollary 2.15, namely, we want to find the smallest prime factor p2 ofn2. Now, ask yourself this question: Could p2 be 2 or 3 or 5? Clearly not, because any factor ofn2 is also a factor of n1, and so the smallest prime factor of n2 can’t be smaller than the smallestprime factor of n1.

Hence, p2 ≥ 7. However, it can be checked that 7 is not a factor of n2. The next prime after7 is 11, but 11 is also not a factor of n2. The next prime after 11 is 13, and 13 is a factor of n2; infact, n2 = 13 · 5213. Thus, p2 = 13.

At this point we have n1 = 7 · 13 · 5213. Letting n3 = 5213, we next need to find the smallestprime factor p3 of n3. Checking 13, we find that 13 is a factor of n3, and so p3 = 13. Also,n3 = 13 · 401.

The situation now is that n1 = 7 ·13 ·13 ·n4, where n4 = 401; the next task is to find the smallestprime factor p4 of n4. Checking 13 and the next several primes after 13, we find that none of 13,17, and 19 is a factor of 401. The next prime after 19 is 23, but 23 is greater than

√401. As a

result of this fact, we claim that 401 is itself a prime number! The reason goes as follows. If 401is not prime, namely, if 401 is composite, then Corollary 2.15 tells us that 401 has a smallest primefactor; call it p. We know from our work above that p ≥ 23, and so 401 = pt, for some t, with23≤ p ≤ t < 401. But then

401 = p t ≥ 232 = 469 > 401

This is a clear contradiction. Therefore, 401 must be prime, and so p4 = 401.Thus, we have factored n1 = 474383 as a product of primes; namely,

474383 = 7 · 13 · 13 · 401

�

The reasoning used in the above example to argue that 401 is prime can be generalized to provethe following useful lemma.

Lemma 2.16: Let n be an integer, n > 1. If n is composite, then n has a prime factor p suchthat p ≤ √

n.�

Theorem 2.17 (Fundamental Theorem of Arithmetic): Any integer n > 1 can be factored

as a product of primes, that is, n can be expressed as

n = p1p2 · · · pm

where p1, p2, . . ., pm are primes and p1 ≤ p2 ≤ · · · ≤ pm. Furthermore, the above factorization isunique in the sense that, if q1, q2, . . ., qm′ are primes with q1 ≤ q2 ≤ · · · ≤ qm′ andn = q1q2 · · · qm′ , then m = m′ and qi = pi for each i, 1 ≤ i ≤ m.

Proof: We first employ the principle of well-ordering to prove the existence part of the result, andthen show uniqueness. For n ≥ 2, let P (n) represent the statement

n can be expressed as a product of primes


Note that, if n is prime, then n is already expressed as a “product” of primes, namely, a productwith only one factor, that factor being n. In particular, 2 and 3 are prime, so that P (2) and P (3)are true.

Suppose that P (n) is false for some integer n, n > 3. Then the set

S = {n | n ≥ 2 and P (n) is false}

is a nonempty subset of Z+. It follows by the PWO that S contains a smallest element; as usual,denote it by n. It follows from the above remarks that n is composite.

By Corollary 2.15, n has a smallest prime factor; call it p1; then, since n is composite, n = p1n2

for some integer n2, 2 ≤ n2 < n. So, n2 is not in S, and it follows that n2 can be expressed as aproduct of primes, say n2 = p2 · · · pm, with p2 ≤ · · · ≤ pm. Since p1 is the smallest prime factor ofn, we have that p1 ≤ p2, and since n = p1n2, we have that

n = p1p2 · · · pm

This shows that P (n) holds, a contradiction. Therefore, S is empty, and it follows that P (n) holdsfor every integer n > 1.

Next we prove uniqueness. This time, we use the strong form of induction on n; let P (n) be thestatement that

n is uniquely expressible as a product of primes

Clearly, P (2) holds, and so the induction is anchored.Let k represent an arbitrary integer, k ≥ 2, and assume that P (n) holds for every integer n,

2 ≤ n ≤ k; explicitly, the induction hypothesis is that any such n is uniquely expressible as aproduct of primes.

To complete the proof, we must show that P (k+1) holds, namely, that k+1 is uniquely expressibleas a product of primes. This is clearly the case if k +1 is prime, so assume that k + 1 is composite.Suppose that we can factor k + 1 as a product of primes in two ways, say,

p1p2 · · ·pm = k + 1 = q1q2 · · · qm′

where p1, p2, . . ., pm, q1, q2, . . ., qm′ are primes such that p1 ≤ p2 ≤ · · · ≤ pm and q1 ≤ q2 ≤ · · · ≤qm′ . Since p1 | (k + 1), we have that p1 | (q1q2 · · · qm′). By the extended form of Euclid’s lemma(Corollary 2.12), pi must be a factor of qj for some j, i ≤ j ≤ m′. Now qj is prime, and so p1 = qj.Since q1 ≤ qj , we have that q1 ≤ p1. In a completely analogous manner, beginning with the factthat q1 | (k + 1), we can show that p1 ≤ q1. Therefore, p1 = q1. Now let n = (k + 1)/p1. Since2 ≤ n ≤ k, it follows from the induction hypothesis that n is uniquely expressible as a product ofprimes. Hence, it must be that m = m′ and that pi = qi for each i, 2 ≤ i ≤ m. Therefore, P (k+1)holds and the proof is complete.

�

Suppose now that an integer n > 1 is expressed as a product of primes, say, n = q1q2 · · · qm,with q1 ≤ q2 ≤ · · · ≤ qm. The primes q1, q2, . . . , qm need not be distinct, of course; however, we cancollect together all equal prime factors and express n in the following form:

n = pa1

1 pa2

2 · · · pak

k

where p1, p2, . . ., pk are primes such that p1 < p2 < · · · < pk and each ai is a positive integer. Wecall this the canonical factorization of n.


Example 2.14: Find the canonical factorization of:

(a) 474383 (b) 4918914(c) 5337423 (d) 983

Solution: For part (a), we see from Example 2.21 that the canonical factorization of 474383 is

474383 = 71 · 132 · 4011

For part (b), we proceed as follows: 2 is the smallest prime factor of 4918914 and 4918914 =2 · 2459457; then 3 is the smallest prime factor of 2459457 and 2459457 = 3 · 819819; then 3 is thesmallest prime factor of 819819 and 819819 = 3 · 273273; then again 3 is the smallest prime factor of273273 and 273273 = 3 · 91091; then 7 is the smallest prime factor of 91091 and 91091 = 7 · 13013;then again 7 is the smallest prime factor of 13013 and 13013 = 7 ·1859; then 11 is the smallest primefactor of 1859 and 1859 = 11 · 169; then 13 is the smallest prime factor of 169 and 169 = 13 · 13.

Therefore, the canonical factorization of 4918914 is

4918914 = 21 · 33 · 72 · 111 · 132

For (c), we proceed in a similar manner to find that

5337423 = 32 · 74 · 131 · 191

For part (d), checking the primes up to 31, we find that none is a factor of 983. The next primeafter 31 is 37, and 372 > 983. It follows from Lemma 2.20 that 983 is prime, and so the canonicalfactorization of 983 is 9831.

�

As an interesting sidelight to the preceding example, consider the problem of finding the canonicalfactorization of gcd(4918914, 5337423). With this purpose in mind, it is convenient to express thesenumbers as follows:

4918914 = 21 · 33 · 72 · 111 · 132 · 190

5337423 = 20 · 32 · 74 · 110 · 131 · 191

so that each factorization includes the same primes. Then we have

gcd(4918914, 5337423) = gcd(21 · 33 · 72 · 111 · 132 · 190, 20 · 32 · 74 · 110 · 131 · 191)

= 20 · 32 · 72 · 110 · 131 · 190

= 32 · 72 · 131

Note that, for each of the primes involved, we take the smaller of the two exponents to determineits contribution to gcd(4918914, 5337423). This procedure can be formulated in general termswithout much difficulty (see Chapter Problem 14). It should be mentioned that there are additionalapplications of canonical factorizations.

We next prove that the number of primes is infinite. You are no doubt aware of this fact butperhaps you have never seen a proof. The proof we give, which is credited to Euclid, is consideredone of the most elegant in all of mathematics.


Theorem 2.18: The number of primes is infinite.

Proof: We proceed by contradiction and suppose that the number of primes is finite. Supposethat P = {p1, p2, . . . , pn} is the set of all primes. Consider the integer m = 1 + p1p2 · · · pn.Clearly, m ≥ 2. Moreover, it is easy to verify that, for each i, 1 ≤ i ≤ n, no pi is a factor of m.(In fact, m mod pi = 1.) However, by Corollary 2.15, m has a smallest prime factor; call it q.Then q 6= pi for any i, 1 ≤ i ≤ n, so q /∈ P . This contradicts the supposition that P is the set of allprimes and therefore proves the result.

�

If one looks at a list of primes, say a list of all the primes less than 1000, one is hard-pressedto find any pattern to them. One interesting phenomenon is the occurrence of consecutive oddintegers both of which are prime; such as 3 and 5, 5 and 7, 11 and 13, 17 and 19, 29 and 31, 41 and43, and so on. Such pairs of odd integers are called twin primes, and it is conjectured that there areinfinitely many pairs of twin primes. Opposed to the phenomenon of twin primes, it can be shownthat, for any positive integer n, there exist n consecutive composite integers; see Exercise 2.

Although the primes individually do not follow any definite pattern or formula, we can saysomething about the number of primes up to n. Let us denote this function by π(n); that is, givena positive integer n, let π(n) denote the number of primes between 1 and n, inclusive. (Note thathere the Greek letter π is not denoting the famous constant 3.14159 · · · , but instead is being usedto name a function.) The great German mathematician Carl Freidrich Gauss, in 1793, made somecalculations concerning π(n), and came up with something like the following table:

n π(n) dn/ lnne

101 4 5102 25 22

103 168 145104 1229 1086

105 9592 8686106 78498 72383

Table 2.1

(Here, lnn denotes the natural logarithm of n. Also, we are using the “ceiling notation:” given areal number x, dxe denotes the smallest integer greater than or equal to x. Thus, the notationdn/ lnne indicates that the value n/ lnn is to be rounded up to the nearest whole number.) Itappears from the table that the function dn/ lnne provides a reasonably good approximation toπ(n), in the sense that the relative error

|π(n) − dn/ lnne |π(n)

decreases toward 0 as n increases; see Exercise 7. Gauss conjectured that this was indeed the case,and this was proved in 1896, independently, by both J. Hadamard and C.J. de la Vallee-Poussin.This result is known as the prime number theorem. We state it and consider an application, butdo not prove the theorem since it requires mathematical knowledge beyond the scope of ourdiscussion.


Theorem 2.19 (Prime Number Theorem): The function dn/ lnne provides an

approximation to π(n), and the relative error of this approximation approaches zero as napproaches infinity; that is

limn→∞

|π(n) − dn/ lnne|π(n)

= 0

�

Example 2.15: Consider the following question: If an odd (positive) integer m having k digits is

chosen at random, what is the probability that it is prime?

In particular, consider the case k = 6. Well, the number of 6-digit odd integers is

106 − 105

2= 450000

(since 106−105 is the number of 6-digit integers, and half of them are odd). Also, using informationfrom Table 2.1, we obtain that the number of 6-digit primes is

π(106) − π(105) = 78498− 9592 = 68906

Thus, the probability that a 6-digit odd integer chosen at random is prime is 68906 out of 450000;mathematically, such a probability is usually expressed as a fraction, decimal, or percentage:

68906

450000≈ .1531 ≈ 15.3%

Now consider the case k = 10: What is the probability that a 10-digit odd integer selected atrandom is prime? Well, the number of 10-digit odd integers is

1010 − 109

2= 4500000000

And the number of 10-digit primes is

π(1010) − π(109)

Table 2.1 does not provide the values for π(109) and π(1010). However, even though we may notknow their exact values, we can approximate these values using the prime number theorem. Doingso, we obtain that the number of 10-digit primes is approximately

⌈1010

ln 1010

⌉−

⌈109

ln 109

⌉= 386039539

Thus, the probability that a 10-digit odd integer chosen at random is prime is approximately

386039539

4500000000≈ .0858 ≈ 8.6%

�


Exercise Set 2.4

1. For each of these integers, find its smallest prime factor.

(a) 539 (b) 1575(c) 529 (d) 1601

2. For any positive integer n, show that there exist n consecutive positive integers each of which iscomposite. Hint: Consider the numbers

2 + (n + 1)!, 3 + (n + 1)! , . . . , n + (n + 1)!, n + 1 + (n + 1)!

3. For each of these integers, find its canonical factorization.

(a) 4725 (b) 9702(c) 180625 (d) 1662405

4. If p is an odd prime, show that:

(a) p is of the form 4k + 1 or of the form 4k + 3 (for some nonnegative integer k).(b) p is of the form 6k + 1 or of the form 6k + 5.

Give an example of an odd prime p of each of the specified forms:

(c) 4k + 1 (d) 4k + 3(e) 6k + 1 (f) 6k + 5

5. Prove each of the following statements.

(a) Any prime of the form 3n + 1 is also of the form 6k + 1.(b) If the positive integer n has the form 3k + 2, then n has a prime factor of this form.(c) The number 5 is the only prime of the form n2 − 4.(d) If p is a prime and p ≥ 5, then p2 + 2 is composite. (Hint: Apply the result of Exercise 4,

part (b).)

6. Prove: If p and q are primes with p ≥ q ≥ 5, then 24 | (p2 − q2).

7. Use mathematical induction to prove that the following statement P (n) holds for every n ∈ Z+:If a1, a2, . . . , an are integers with ai mod 3 = 1 for each i, 1 ≤ i ≤ n, then (a1a2 · · · · · an) mod 3 = 1.

8. Prove Lemma 2.14.

9. Prove the following implication concerning a positive integer k: If 2k − 1 is prime, then k isprime. (See also Exercise 6, part (c), of Exercise Set 1.1.)

10. Prove: If p, p + 2, and p + 4 are all (odd) primes, then p = 3. (Thus, 3, 5, and 7 are the onlythree consecutive odd primes; i.e., (3, 5, 7) is the only prime triplet.)

11. Given that π(107) = 664579, π(108) = 5761455, and π(109) = 50847534, add three rows toTable 2.1. (See Exercise 13.)

12. As regards the proof of Theorem 2.18, define an infinite sequence (p1, p2, p3, . . .) of primesrecursively as follows:

p1 = 2;

For n ≥ 2, pn = the smallest prime factor of 1 +

n−1∏

k=1

pk


(a) Find p2, p3, p4, p5, p6, p7, and p8.(b) Show that (p1, p2, p3, . . .) is an infinite sequence of distinct primes.

13. For a given positive integer n, when p(n) = dn/ lnne is used to approximate π(n), the(absolute) error in the approximation is |π(n) − p(n)|, and the relative error in the approximationis |π(n) − p(n)|/π(n). Complete Table 2.2. The prime number theorem says that the relativeerror approaches zero as n gets larger and larger. Based on the data in this table, what appears tohappen to the error as n gets larger and larger?

n π(n) dn/ lnne error relative error

101 4 5102 25 22103 168 145

104 1229 1086105 9592 8686

106 78498 72383107 664579

108 5761455109 50847334

Table 2.2

14. A method of finding all the primes up to some given positive integer n is known as the “sieveof Eratosthenes.” Start with a list of the integers from 2 to n. The first number on the list, 2, isprime; output 2 and then delete all multiples of 2 from the list. The first number on the new list,3, is prime; output 3 and then delete all multiples of 3 from the list. Continue this process untilonly prime numbers remain on the list, then output these. Implement the sieve of Eratosthenes asa program that inputs n and outputs all the primes≤ n.

15. Given that π(109) = 50847334 and π(1010) = 455052512, find the probability that a 10-digitodd integer chosen at random is prime. Compare this with the approximate value found inExample 2.23.

16. Design, and implement as a program, an algorithm that inputs a positive integer n andoutputs the first n primes.

17. Use the ideas in Example 2.15 to approximate the probability that a 50-digit odd integerchosen at random is prime.

18. Design, and implement as a program, an algorithm that inputs a positive integer n ≥ 2 andoutputs:

(a) the smallest prime factor of n(b) the canonical factorization of n

19. Let π′(k) denote the number of k-digit primes (where k represents a positive integer).

(a) Use the prime number theorem to develop an approximation p′(k) for π′(k).(b) Make a table, similar to Table 2.2, showing π′(k), p′(k), the error, and the relative error for

1 ≤ k ≤ 9.(c) Does the error in using p′(k) to approximate π′(k) appear to approach zero as k gets larger

and larger? What about the relative error?

2.5 Modular Addition and Multiplication 117

20. Execute the program of Exercise 18, part (a), for the following prime values of n. Measurethe runtime of the program in each case. How does the runtime vary with the size (number ofdigits ) of n? Try to answer this question as precisely as possible.

(a) 7 (b) 97 (c) 997 (d) 9973 (e) 99991

21. How would you choose, at random, an odd positive integer m having k digits?

22. Prove Theorem 2.18 by using mathematical induction to prove that there exist at least nprimes for any positive integer n.

2.5 MODULAR ADDITION AND MULTIPLICATION

When an integer m is divided by the positive integer n, a remainder r is obtained satisfying0 ≤ r ≤ n−1; that is, m mod n ∈ {0, 1, 2, . . . , n−1}. This set of possible remainders upon divisionby n is denoted by Zn and is called the set of integers modulo n. In this section we want todefine operations of addition and multiplication on Zn and determine what properties are satisfied bythese operations. The resulting algebraic structure is extremely important and useful in a numberof mathematical disciplines, including algebra, number theory, combinatorics, and computer science.

To begin and focus our discussion, let us recall some of the properties that are satisfied by thereal numbers under the operations of addition and multiplication.

Theorem 2.20: The operations of addition and multiplication on R satisfy the followingproperties:

1. The associative laws: For any x1, x2, x3 ∈ R,(a) (x1 + x2) + x3 = x1 + (x2 + x3)(b) (x1 · x2) · x3 = x1 · (x2 · x3)

2. The commutative laws: For any x1, x2 ∈ R,(a) x1 + x2 = x2 + x1

(b) x1 · x2 = x2 · x1

3. The distributive laws: For any x1, x2, x3 ∈ R,(a) x1 · (x2 + x3) = (x1 · x2) + (x1 · x3)(b) (x1 + x2) · x3 = (x1 · x3) + (x2 · x3)

4. The number 0 is the additive identity ; that is, 0 + x = x + 0 = x for any x ∈ R.

5. The number 1 is the multiplicative identity ; that is, 1 · x = x · 1 = x for any x ∈ R.

6. For every number x ∈ R, there is a number y ∈ R such that x + y = 0; y is called the(additive) inverse of x. Note that the inverse of x is −x.

7. For every number x ∈ R, except 0, there is a number y ∈ R such that xy = 1; y is called thereciprocal (or multiplicative inverse) of x. Note that the reciprocal of x is x−1 = 1/x.

�


Because it has the properties listed in Theorem 2.20, we call the algebraic structure (R, +, ·) (thereal numbers under addition and multiplication) a field . In particular, (R, +, ·) is called the field

of real numbers.Recall that the set of rational numbers is a subset of the set of real numbers; that is, Q ⊆ R.

Furthermore, for x, y ∈ Q, we have x + y ∈ Q and xy ∈ Q. Thus, we can consider the algebraicstructure (Q, +, ·). Immediately we see that the associative, commutative, and distributive lawshold; in fact, these are inherited from (R, +, ·). Since 0 and 1 are rational, 0 and 1 are the additiveand multiplicative identities of (Q, +, ·), respectively. Also, x ∈ Q has inverse −x ∈ Q, and thereciprocal of x is 1/x ∈ Q, provided x 6= 0. Therefore, (Q, +, ·) is also a field; it is called the field

of rational numbers.Since Q ⊆ R, we say that (Q, +, ·) is a subfield of (R, +, ·), and that (R, +, ·) is an extension field

of (Q, +, ·). In general, if (F, +, ·) and (E, +, ·) are fields and F ⊆ E, then (F, +, ·) is a subfield of(E, +, ·) and (E, +, ·) is an extension field of (F, +, ·). In particular, any field is a subfield andan extension field of itself.

It also makes sense to consider the algebraic structure (Z, +, ·); however, this is not a field.Note that it satisfies all the properties listed in Theorem 2.20 except property 7; for example, thereciprocal of 2 is 1/2, but 1/2 is not an integer.

The fields discussed above are infinite fields because the sets Q and R are infinite. The set Zn isfinite, of course, and the algebraic structure (Zn, +, ·) we are about to describe is a field if and onlyif n is prime. Moreover, when p is prime, (Zp, +, ·) can be used to construct fields with cardinalitiesp2, p3, p4, and so on. Having a catalog of such finite fields turns out to be useful for a variety ofapplications, particularly in the area of combinatorial designs.

We now define operations of addition and multiplication on Zn = {0, 1, 2, . . . , n − 1}. Initially,so as not to confuse these operations with the standard operations of addition and multiplicationon Z, we will denote the addition operation on Zn by ⊕ (this symbol is called “oplus”) and themultiplication operation on Zn by � (called “odot”). So then, for x, y ∈ Zn, we define:

x ⊕ y = (x + y) mod n

x � y = (xy) mod n

It is clear that (x + y) mod n ∈ Zn and (xy) mod n ∈ Zn, since x + y and xy are integers. So ⊕and � are valid (binary) operations on Zn.

For x, y ∈ Zn, it is sometimes convenient to present the values of x⊕y and x�y by giving additionand multiplication tables; these are like the familiar tables we all used in elementary school. Forinstance, the addition and multiplication tables for (Z5,⊕,�) are shown in Tables 2.3 (a) and (b).Note, for example, that 3⊕4 = (3+4) mod 5 = 7 mod 5 = 2, and 2�4 = (2·4) mod 5 = 8 mod 5 = 3.

(a)⊕ 0 1 2 3 40 0 1 2 3 4

1 1 2 3 4 02 2 3 4 0 1

3 3 4 0 1 24 4 0 1 2 3

(b)� 0 1 2 3 40 0 0 0 0 0

1 0 1 2 3 42 0 2 4 1 3

3 0 3 1 4 24 0 4 3 2 1

Tables 2.3 Addition and multiplication tables for (Z5,⊕,�)

Now, let’s see what properties are satisfied by these operations on Zn. Note that

x⊕ y = (x + y) mod n = (y + x) mod n = y ⊕ x


andx � y = (xy) mod n = (yx) mod n = y � x

so that both ⊕ and � are commutative. To prove that the associative and distributive laws hold,we need the following lemma.

Lemma 2.21: Let n ∈ Z+ and let m1, m2 ∈ Z. Then:

1. (m1 + m2) mod n =[(m1 mod n) + (m2 mod n)

]mod n

2. (m1m2) mod n =[(m1 mod n)(m2 mod n)

]mod n

Proof: Let

m1 div n = q1, m1 mod n = r1, m2 div n = q2, m2 mod n = r2

Thenm1 = nq1 + r1 and m2 = nq2 + r2

Thus,m1 + m2 = (nq1 + r1) + (nq2 + r2) = n(q1 + q2) + (r1 + r2)

andm1m2 = (nq1 + r1)(nq2 + r2) = n(nq1q2 + q1r2 + r1q2) + r1r2

Hence,

(m1 + m2) − (r1 + r2) = n(q1 + q2) and m1m2 − r1r2 = n(nq1q2 + q1r2 + r1q2)

In other words, both (m1 + m2) − (r1 + r2) and m1m2 − r1r2 are multiples of n. It follows fromTheorem 2.6 that

(m1 + m2) mod n = (r1 + r2) mod n

and(m1m2) mod n = (r1r2) mod n

which proves the lemma.�

Lemma 2.21 is important in its own right. Before proceeding, we illustrate a few of its applica-tions.

Example 2.16: Apply Lemma 2.21 to find:

(a) (2045 + 2761) mod 13 (b) (2045 · 2761) mod 13

Solution: For part (a), we apply Lemma 2.21, part 1, as follows:

(2045 + 2761) mod 13 =[(2045 mod 13) + (2761 mod 13)

]mod 13

= (4 + 5) mod 13 = 9 mod 13 = 9


And for part (b), we apply Lemma 2.21, part 2:

(2045 · 2761) mod 13 =[(2045 mod 13) · (2761 mod 13)

]mod 13

= (4 · 5) mod 13 = 20 mod 13 = 7

�

Example 2.17: Apply Lemma 2.21 to show that m2 mod 5 ∈ {0, 1, 4} for any integer m.

Solution: By Lemma 2.21, part 2, we have that

m2 mod 5 = (m mod 5)2 mod 5

Now, whereas there are infinitely many possible values for m, there are only 5 possible values form mod 5, namely, 0, 1, 2, 3, and 4. Checking these, we find that

02 mod 5 = 0, 12 mod 5 = 1, 22 mod 5 = 4, 32 mod 5 = 4, 42 mod 5 = 1

which verifies the result.�

Now we move on to prove that ⊕ and � are associative. Let x, y, z ∈ Zn; then

(x ⊕ y) ⊕ z =[(x + y) mod n

]⊕ z

= ([(x + y) mod n

]+ z) mod n

=[(x + y) + z

]mod n by Lemma 2.21, part 1

=[x + (y + z)

]mod n

= (x +[(y + z) mod n

]) mod n again by Lemma 2.21, part 1

= x ⊕[(y + z) mod n

]

= x ⊕ (y ⊕ z)

This shows that ⊕is associative. Next,

(x � y) � z =[(xy) mod n

]� z

= ([(xy) mod n

]z) mod n

=[(xy)z

]mod n by Lemma 2.21, part 2

=[x(yz)

]mod n

= (x[(yz) mod n

]) mod n again by Lemma 2.21, part 2

= x �[(yz) mod n

]

= x � (y � z)

which shows that �is associative.


Next, to verify the distributive laws — for x, y, z ∈ Zn:

x � (y ⊕ z) = x �[(y + z) mod n

]

= (x[(y + z) mod n

]) mod n

=[x(y + z)

]mod n

= (xy + xz) mod n

= ([(xy) mod n

]+

[(xz) mod n

]) mod n

= ([x � y

]+

[x� z

]) mod n

= (x � y) ⊕ (x � z)

This verifies one of the distributive laws, and the other follows from this one and commutativity:

(x ⊕ y) � z = z � (x ⊕ y) = (z � x) ⊕ (z � y) = (x � z) ⊕ (y � z)

Next we observe that the following three properties hold for any x ∈ Zn:

x ⊕ 0 = (x + 0) mod n = x mod n = x

x � 1 = (x · 1) mod n = x mod n = x

x ⊕ (−x mod n) = (x + ( − x)) mod n = 0 mod n = 0

It follows that 0 is the additive identity, 1 is the multiplicative identity, and the inverse of x is−x mod n. For x ∈ Z∗

n = Zn − {0}, note that

−x mod n = n − x

At this point we have shown that (Zn,⊕,�) has all the properties of a field, with the possibleexception of the existence of reciprocals for elements of Z∗

n. This brings us to the following importantresult.

Theorem 2.22: Let x and n be integers with 1 ≤ x < n. Then x has a reciprocal in Zn if andonly if gcd(x, n) = 1.

Proof: We prove sufficiency and leave the proof of necessity to Exercise 4.

Assume gcd(x, n) = 1. Then there exist integers s and t such that

1 = xs + nt

Thus, 1 − xs = nt, and it follows from Theorem 2.6 that (xs) mod n = 1 mod n = 1. Therefore, smod n is the reciprocal of x in Zn.

�

Corollary 2.23: For n ∈ Z+ with n ≥ 2, (Zn,⊕,�) is a field if and only if n is prime.

Proof: For sufficiency, note that, if n is prime, then gcd(x, n) = 1 for every x, 1 ≤ x < n. Itfollows from Theorem 2.22 that every such x has a reciprocal in Zn, and thus (Zn,⊕,�) is a field.


To prove necessity, assume n is composite. Then n = ab for some integers a and b with1 < a ≤ b < n. Hence, gcd(a, n) = a, and by Theorem 2.22, a does not have a reciprocal in Zn.Therefore, (Zn,⊕,�) is not a field.

�

Thus, we have an example of a finite field with p elements when p is prime, namely, (Zp,⊕,�).Having considered the properties satisfied by the operations of ⊕ and � on Zn, it becomes

cumbersome at this point to continue to use the special symbols ⊕ and � to denote these operations.Henceforth, unless stated otherwise, we agree to denote the addition and multiplication operationsin Zn (and in any field F ) by the familiar + and ·. For x ∈ Zn (and for x in any field F ), the(additive) inverse of x is denoted by −x and the reciprocal (multiplicative inverse) of x (if it exists)is denoted by x−1. (We should remark that the inverse of x is unique, as is the reciprocal of x, ifit exists; see Exercise 2.)

Example 2.18: Find each of the following elements in the field (Z23, +, ·).

(a) 10 + 17 (b) 10 · 17(c) −10 (the inverse of 10) (d) −17(e) 10−1 (the reciprocal of 10) (f) 17−1

Solution:

(a) Here, 10 + 17 = (10 + 17) mod 23 = 27 mod 23 = 4.(b) Here, 10 · 17 = (10 · 17) mod 23 = 170 mod 23 = 9.For parts (c) and (d) we use the fact that the inverse of x 6= 0 in Zn is n − x. Hence,

−10 = 23 − 10 = 13 and − 17 = 23 − 17 = 6

For part (e), we might observe that

10 · 7 = 70 mod 23 = 1

so that 10−1 = 7. Instead, let’s use the more systematic approach suggested by the proof of Theorem2.22. We apply the extended Euclidean algorithm to find integers s and t such that 1 = 10s + 23t;then 10−1 = s mod 23:

r 23 10 3 1 0

q 2 3 3s 0 1 −2 7

Thus, 10−1 = 7 mod 23 = 7.Part (f) is handled in a similar fashion. Applying the extended Euclidean algorithm we obtain:

r 23 17 6 5 1 0q 1 2 1 5

s 0 1 −1 3 −4


Thus, 17−1 = (−4) mod 23 = 19. (Check: 17 · 19 = 323 mod 23 = 1.)�

Example 2.19: For x ∈ Zn, note again the following facts:

x + 0 = 0 + x = x

x · 0 = 0 · x = 0

x · 1 = 1 · x = x

This, and the fact that 1 + 1 = 0, tells us everything about the addition and multiplication in thefield (Z2, +, ·), because Z2 = {0, 1}.

For the field (Z3, +, ·), we have the following additional results:

1 + 1 = 2, 1 + 2 = 2 + 1 = 0, 2 + 2 = 1, 2 · 2 = 1

The addition and multiplication tables for (Z4, +, ·) are shown in Tables 2.4 (a) and (b). Becauseof the facts stated above, we have reduced these tables somewhat by excluding 0 (as an operand)from the addition table and by excluding both 0 and 1 from the multiplication table. We knowfrom Corollary 2.23 that (Z4, +, ·) is not a field because 4 is not prime. In particular, we see fromTable 2.4(b) that 2 does not have a reciprocal.

�

(a)+ 1 2 3

1 2 3 02 3 0 1

3 0 1 2

(b)· 2 3

2 0 23 2 1

Tables 2.4 Addition and multiplication tables for (Z4, +, ·)

In Zn, we have−0 = 0 and 1−1 = 1

Moreover,−(−x) = x

and, when gcd(x, n) = 1,(x−1)−1 = x

Thus, in Z3 for example, once we have determined that −1 = 2, then it follows immediately that−2 = 1. Also, 2−1 = 2 in Z3. In Z5, the operation tables (Tables 2.3) show us that −1 = 4,−2 = 3, 2−1 = 3, and 4−1 = 4. In stating that 2−1 = 3, we are also implicitly stating that 3−1 = 2.

If a finite field F has n elements, then we say that F has order n. For what values of n doesthere exist a finite field of order n? This question is answered by the next theorem.

Theorem 2.24: There exists a finite field of order n if and only if n = pk for some prime p andsome positive integer k.

�


When k = 1 in Theorem 2.24, we already have an example of a field of order p, namely, (Zp, +, ·).It is beyond the scope of this text to discuss the general method used to construct a field of ordern = pk when p is prime and k is a positive integer, k ≥ 2. However, we do consider a few specificcases in the exercises and chapter problems. For example, Theorem 2.24 tells us that there is a fieldof order 4, and Corollary 2.23 tells us that this field is not (Z4, +, ·). A field of order 4 is presentedin Exercise 13.

For x ∈ Zn (and for x in any field F ), multiples and powers of x are defined in the usual way.Multiples of x are defined recursively, for m ∈ Z+, as follows:

1. 0x = 0

2. mx = x + (m − 1)x

3. − m(x) = −(mx)

Thus, for example, 2x = x + x, 3x = x + 2x = x + x + x, and −2(x) = −(2x) = −(x + x). Powersof x are defined recursively, for m ∈ Z+, as follows:

1. x0 = 1

2. xm = x · xm−1

3. x−m = (xm)−1

(Note: Rule 3 is valid only if (xm)−1 exists.) We call the power to which x is being raised anexponent, as usual. Thus, for example, x2 = x · x, x3 = x · x2 = x · x · x, and x−2 = (x2)−1.Multiples and exponents obey the usual properties; in particular, given x ∈ Zn and m1 , m2 ∈ Z, wehave that:

(m1x) + (m2x) = (m1 + m2) and m1(m2x) = (m1m2)x

xm1 · xm2 = xm1+m2 and (xm1 )m2 = xm1m2

(See Exercises 12 and 16.)

Example 2.20: Find each of the following elements in (Z13, +, ·):

(a) 4(7) (b) −3(7)(c) 743 (d) 7−43

Solution: For parts (a) and (b) we have the following:

4(7) = 7 + 7 + 7 + 7 = 28 mod 13 = 2

−3(7) = −(7 + 7 + 7) = −(21 mod 13) = −8 = 5

For part (c) the trick is to apply Lemma 2.21. In fact, there is a particularly effective andefficient method for computing powers modulo n called repeated squaring . We illustrate thismethod for the problem of part (c). We start by expressing the exponent, 43 in this case, as a sumof powers of 2; here, 43 = 1 + 2 + 8 + 32. Then, as an element of Z13,

743 = 71+2+8+32

= 71 · 72 · 78 · 732


Hence, to complete the calculation, we need to compute the elements 71, 72, 78, and 732. Actually,what we do is compute the list of values (71, 72, 74, 78, 716, 732). This is where the “repeatedsquaring” comes in, because

72 = (71)2, 74 = (72)2, 78 = (74)2, 716 = (78)2, 732 = (716)2

that is, each number on this list of values, after the first value, is the square of the preceding value.Using this idea we obtain the following values (remember that we are performing all operations inZ13):

71 = 7

72 = 49 mod 13 = 10

74 = 102 = 100 mod 13 = 9

78 = 92 = 81 mod 13 = 3

716 = 32 = 9

732 = 92 = 3

Thus,743 = 71+2+8+32

= 71 · 72 · 78 · 732

= 7 · 10 · 3 · 3= 7 · 10 · 9= 7 · 12

= 6

For part (d) then, we have7−43 = (743)−1 = 6−1 = 11

(Note that 6−1 = 11, since 6 · 11 = 66 mod 13 = 1.)

�

Exercise Set 2.5

1. Consider (Z6, +, ·).

(a) Give the addition table for Z6.(b) Find the inverse of each element.(c) Give the multiplication table for Z6.(d) Find the reciprocal of each element that has one.

2. For (Zn, +, ·), prove that:

(a) The inverse of any element x is unique.(b) For any element x, if x has a reciprocal, then it has a unique reciprocal.

(Recall that, to show that something (which is known to exist) is unique, assume that there aretwo of them, say x′ and x′′, and show that x′ = x′′.)

3. Consider the field (Z7, +, ·).


(a) Give the addition table for Z7.(b) Find the inverse of each element.(c) Give the multiplication table for Z7.(d) Find the reciprocal of each nonzero element.

4. Consider (Zn, +, ·), n ≥ 2 and let x ∈ Zn. Complete the proof of Theorem 2.22 by showingthat, if x has a reciprocal y in Zn, then gcd(x, n) = 1. (Hint: Let d = gcd(x, n), and let q1 =x div d and q2 = n div d; then q2 mod n = 1 � q2 = (y � x) � q2 = · · · = 0. It follows that q2 = n,and hence that d = 1.)

5. Apply Lemma 2.21 to find:

(a) (2054 + 2761) mod 17 (b) (2054 · 2761) mod 17

6. Apply Lemma 2.21 to show that m3 mod 7 ∈ {0, 1, 6} for any integer m.

7. Find each of the following elements in the field (Z31, +, ·):

(a) 7 + 27 (b) 7 · 27(c) −7 (d) −27(e) 7−1 (f) 27−1

8. Let m be an integer.

(a) Show that no integer of the form m2 + 1 is a multiple of 7.(b) Find the two possible values for m mod 13 given that m2 + 1 is a multiple of 13.


(a) 14 + 20 (b) 14 · 20(c) −14 (d) −20(e) 14−1 (f) 20−1

10. For (Zn, +, ·), prove directly from the definitions of the operations that:

(a) (−x)2 = x2 for any element x(b) (−x)3 = −(x3) for any element x

11. In the field (Z11, +, ·):

(a) Find 445 using the fact that 445 = ((43)3)5.(b) Find 445 using repeated squaring.(c) Find 523 using repeated squaring.

12. Prove that the following two properties of multiples hold in (Zn, +, ·), where x ∈ Zn andm1, m2 ∈ Z:

(a) (m1x) + (m2x) = (m1 + m2)x(b) m1(m2x) = (m1m2)x


(Hint: First use induction on m1 to prove that the property holds for all m1 ≥ 0; then prove thatthe property holds for m1 < 0.)

13. We can construct a field of order 4 by defining operations of addition and multiplication onZ2 × Z2 so that the properties of a field are satisfied. Consider the operations of addition andmultiplication (denoted, as usual, by + and ·, respectively) defined by the following operationtables:

+ (0, 0) (0, 1) (1, 0) (1, 1)(0, 0) (0, 0) (0, 1) (1, 0) (1, 1)

(0, 1) (0, 1) (0, 0) (1, 1) (1, 0)(1, 0) (1, 0) (1, 1) (0, 0) (0, 1)

(1, 1) (1, 1) (1, 0) (0, 1) (0, 0)

· (0, 0) (0, 1) (1, 0) (1, 1)(0, 0) (0, 0) (0, 0) (0, 0) (0, 0)

(0, 1) (0, 0) (0, 1) (1, 0) (1, 1)(1, 0) (0, 0) (1, 0) (1, 1) (0, 1)

(1, 1) (0, 0) (1, 1) (0, 1) (1, 0)

Note that the addition on Z2 × Z2 is defined as coordinate-wise addition modulo 2; that is,

(x1, y1) + (x2, y2) = (x1 + x2, y1 + y2)

where x1 + x2 and y1 + y2 denote the usual addition in Z2. Verify that (Z2 × Z2, +, ·) is a field asfollows:

(a) Show that + is associative.(b) Show that + is commutative.(c) What is the additive identity?(d) Show that each element has an inverse.(e) Show that · is associative.(f) Show that · is commutative.(g) What is the multiplicative identity?(h) Show that each element, except for the additive identity, has a reciprocal.(i) Show that the distributive laws hold.

14. Prove that the following properties hold in (Zn, +, ·), n ≥ 2, where x, y ∈ Zn,gcd(x, n) = gcd(y, n) = 1 (so that x−1 and y−1 exist), and m is a nonnegative integer:

(a) (x · y)−1 = x−1 · y−1

(b) (xm)−1 = (x−1)m

15. In each part, indicate whether the given statement is true or false, and justify your answer.

(a) (Z29, +, ·) is a field.(b) There exists a field of order 6.(c) There exists a field of order 8.(d) (Z8, +, ·) is a field.(e) There exists a field of order 9.(f) (Z9, +, ·) is a field.(g) There exists a field of order 10.(h) There exists a field of order 12.

16. Prove that the following two properties of exponents hold in (Zn, +, ·), where x ∈ Zn andm1, m2 ∈ Z (and, whenever the exponent on x is negative, assume gcd(x, n) = 1):


(a) xm1 · xm2 = xm1+m2

(b) (xm1 )m2 = xm1m2

17. Consider the field (Z7, +, ·). (Refer to Exercise 3.)

(a) Find the multiples of 6; that is, find: . . ., −3(6), −2(6), −1(6), 0(6), 1(6), 2(6), 3(6), . . . .(b) Find the powers of 6; that is, find: . . ., 6−3, 6−2, 6−1, 60, 61, 62, 63, . . . .(c) Find the multiples of 2.(d) Find the powers of 2.(e) Find the multiples of 3.(f) Find the powers of 3.(g) Compute 383 using repeated squaring.(h) Compute 383 using the result of part (f) and the fact that 383 = (36)13 · 35.

18. Let (F, +, ·) be a field and let 0 denote the additive identity (in particular, consider (Zp, +, ·),where p is prime). Show that the following properties are satisfied for any x, y ∈ F :

(a) Cancellation law of addition: If x + z = y + z for some z ∈ F , then x = y.(b) Cancellation law of multiplication: If xz = yz for some z ∈ F − {0}, then x = y.


(a) Find the multiples of 4; that is, find: . . ., −3(4), −2(4), −1(4), 0(4), 1(4), 2(4), 3(4), . . . .(b) Find the powers of 4; that is, find: . . ., 4−3, 4−2, 4−1, 40, 41, 42, 43, . . . .(c) Find the multiples of 3.(d) Find the powers of 3.(e) Compute 459 in two different ways.

20. Let (F, +, ·) be a finite field and let 0 denote the additive identity (in particular, consider(Zp, +, ·), where p is prime), and refer to Exercise 18.

(a) Consider the operation table for F under +; what does the cancellation law of addition implyabout each row (or column) of this table?

(b) Consider the operation table for F under ·; what does the cancellation law of multiplicationimply about each row (or column) of this table?

21. In this exercise we outline the construction of a field (F, +, ·) of order 8. LetF = {0, 1, a, a2, . . . , a6}, where, as usual, 0 is the additive identity and 1 is the multiplicativeidentity. The multiplicative structure of the field is implicit in the way the elements of F − {0}have been listed — as powers of the element a — where a7 = 1. Thus, for example, a2 · a3 = a5

and a4 · a5 = a9 = a7 · a2 = 1 · a2 = a2. The additive structure of the field is determined by thefollowing two rules: (1) every element x is its own inverse, that is, x + x = 0 for every x ∈ F ; (2)1 + a = a3. Using these two rules and the commutative and distributive laws, one can completethe addition table for the field; do so.

22. Having done Exercise 21, rename the elements of F using the elements of Z2 × Z2 × Z2 suchthat (0, 0, 0) is the additive identity, (0, 0, 1) is the multiplicative identity, and the addition iscoordinate-wise addition modulo 2; that is

(x1, y1, z1) + (x2, y2, z2) = (x1 + x2, y1 + y2, z1 + z2)

where x1 + x2, y1 + y2, and z1 + z2 denote the usual addition in Z2. Show the multiplication tablewith the renamed elements.

Chapter Problems 129

CHAPTER PROBLEMS

1. Compute the quotient q and the remainder r for the given dividend b and divisor a.

(a) b = 100, a = 13 (b) b = −100, a = 13(c) b = 100, a = −13 (d) b = −100, a = −13

2. Give an example of a set A such that Z+ ⊂ A ⊂ Z and:

(a) A is well-ordered.(b) A is not well-ordered.

3. Given that m1 div 6 = q1, m1 mod 6 = 3, m2 div 6 = q2, and m2 mod 6 = 5, find:

(a) (m1 + 4) div 6 (b) (m1 + 4) mod 6(c) (3m1) div 6 (d) (3m1) mod 6(e) (−m2) div 6 (f) (−m2) mod 6(g) (m1 + m2) div 6 (h) (m1 + m2) mod 6(i) (4m1 − m2) div 6 (j) (4m1 − m2) mod 6(k) (−m1m2) div 6 (l) (−m1m2) mod 6

4. For any positive integer n, prove that:

(a) n2 − n is a multiple of 2(b) n2 + 1 is not a multiple of 4(c) n(n + 1)(2n + 1) is a multiple of 6

5. Find d = gcd(a, b) and integers s and t such that d = as + bt.

(a) a = 357, b = 629 (b) a = 812, b = 1876(c) a = 1109, b = 4999 (d) a = 1278, b = 2844

6. Prove or disprove each of the following assertions about an arbitrary integer m:

(a) If m = 8k + 5 for some integer k, then m = 4t + 1 for some integer t.(b) If m = 4t + 1 for some integer t, then m = 8k + 5 for some integer k.

7. Find the canonical factorization of each of the following:

(a) 17892875 (b) 24635975

8. Let a, b, and c be integers with a odd. Prove: If a | b and a + b = 2c, then a | c.

9. Let a and b be positive integers with a < b. Find the relationship between:

(a) b div a and (b − a) div a(b) b mod a and (b − a) mod a


10. For positive integers a, b, and d, prove or disprove: If gcd(a, b) = d, then

gcd( a

d, b

)= 1

11. Let dk · · · d1d0 be the usual decimal representation of the positive integern; that is,

n = dk · 10k + · · ·+ d1 · 101 + d0

where di ∈ {0, 1, 2, . . . , 9}, 0 ≤ i ≤ k, are the digits of n and dk 6= 0. Prove that n is a multiple of3 if and only if d0 + d1 + · · ·+ dk is a multiple of 3.

12. For positive integers m and n with m ≤ n, use the Euclidean algorithm to findgcd(2m − 1,2n − 1).

13. Prove: If the positive integer n is both a perfect square and a perfect cube (for example,n = 64 = 82 = 43), then n is of the form 7k or 7k + 1 for some positive integer k.

14. Given positive integers a and b with 1< a ≤ b, let {p1, p2, . . . , pn} be the set of prime factors ofab, where p1 < p2 < · · · < pn. Further, suppose that

a = pa1

1pa2

2· · · pan

n

b = pb1

1 pb2

2 · · · pbn

n

where ai and bi are nonnegative integers for each i, 1 ≤ i ≤ n.

(a) Using the above expressions for a and b, give a formula for gcd(a, b) of the form

gcd(a, b) = pd1

1 pd2

2 · · · pdn

n

Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to find the canonicalfactorization of gcd(a, b) for the given values of a and b. (See Exercise 3 in Exercise Set 2.5 andProblem 7 above.)

(b) a = 4725, b = 9702(c) a = 180625, b = 1662405(d) a = 17892875, 24635975

15. For positive integers a, b, and c, prove that gcd(ac, bc) = c · gcd(a, b).

16. Given (positive) integers a and b, their least common multiple, denoted lcm(a, b), is defined asthe smallest positive integer c such that a | c and b | c. Suppose that a and b are expressed as inProblem 14.

(a) Give a formula for lcm(a, b) in the form

lcm(a, b) = pc1

1pc2

2· · · pcn

n

Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to find the canonicalfactorization of lcm(a, b) for the given values of a and b. (See Problem 14.)

(b) a = 4725, b = 9702(c) a = 180625, b = 1662405(d) a = 17892875, 24635975

Prove each of the following assertions:


(e) gcd(a, b)·lcm(a, b) = ab(f) For any positive integer n, if a | n and b | n, then lcm(a, b) | n.

17. For positive integers a, b, and d, prove: If gcd(a, b) = d, then

gcd

(a

d,

b

d

)= 1

18. For a positive integer n > 1, prove: If n | (35m + 26) and n | (7m + 3) for some integer m,then n = 11.

19. Recall that a triple (a, b, c) of positive integers such that c2 = a2 + b2 is called a Pythagoreantriple. Prove:

(a) If (a, b, c) is a Pythagorean triple, then ab is even.(b) If (a, b, c) is a Pythagorean triple, then (na, nb, nc) is a Pythagorean triple for any n ∈ Z+.A Pythagorean triple (a, b, c) is called primitive if gcd(a, b) = 1. (In this case it also happens

that gcd(a, c) = gcd(b, c) = 1.)(c) Prove: If (a, b, c) is a primitive Pythagorean triple, then a + b is odd.(d) Develop and implement as a program an algorithm that inputs a positive integer m and

outputs all primitive Pythagorean triples (a, b, c) such that 1 < a < b < c ≤ m.

20. Let s and t be positive integers with s > t and gcd(s, t) = 1 such that s + t is odd.

(a) Show that (s2 − t2, 2st, s2 + t2) is a primitive Pythagorean triple.(b) Obtain Theorem 2.1 as a corollary to the result in part (a).(c) Obtain the result of Exercise 1, part (c) of Exercise Set 2.1 as a corollary to the result in part

(a).(d) The formula in part (a) is credited to Euclid. Show that Euclid’s formula yields all primitive

Pythagorean triples.(e) Show that (3, 4, 5) is the only Pythagorean triple consisting of consecutive positive integers.

21. Let n1 and n2 be positive integers such that n1 | n2. Prove: For any integers m1 and m2,

If m1 mod n2 = m2 mod n2, then m1 mod n1 = m2 mod n1.

22. Let n1 and n2 be positive integers and let d = gcd(n1, n2). Prove that, for any integers m1

and m2:

If (m1n1) mod n2 = (m2n1) mod n2, then m1 mod(n2

d

)= m2 mod

(n2

d

).

What does this result say in the case that n1 and n2 are relatively prime?

23. Let p be a prime. An integer a with 1 < a < p is called a primitive root of p provided

{a, a2 mod p, a3 mod p, . . . , ap−1 mod p} = {1, 2, 3, . . . , p− 1}

Find all primitive roots of:

(a) 5 (b) 7 (c) 11 (d) 13


24. Let n be a positive integer such that n = 4k + 3 for some nonnegative integer k. Show that itis not possible to express n in the form n = a2 + b2 for some integers a and b.

25. In Section 2.2, we stated the division algorithm: Given integers b and a with a > 0, there existintegers q and r (uniquely determined by b and a) such that

b = aq + r and 0 ≤ r < a

Use of the strong form of induction to prove the existence part of this result.

26. Let m1 and m2 be integers and let n1 and n2 be positive integers such that each of m1, m2,and n2 is a multiple of n1. Prove:

If m1 mod n2 = m2 mod n2, then

(m1

n1

)mod

(n2

n1

)=

(m2

n1

)mod

(n2

n1

).

27. Let a and b be integers with 0 ≤ a < b and let d = gcd(a, b). Use the strong form of induction(on a) to show that there exist integers s and t such that d = as + bt. (Hint: In the inductive step,use the idea of the Euclidean algorithm. Let r = b mod (k + 1); then 0 ≤ r ≤ k andgcd(k + 1, b) = gcd(r, k + 1).)

28. Prove that there are infinitely many primes of the form 4k + 3. (Hint: Mimic the proof ofTheorem 2.22.)

29. Use induction on n to prove Corollary 2.12 (the extended version of Euclid’s lemma).

30. Let a and b be integers with 1 ≤ a ≤ b and let r = b mod a. Recall that the Euclideanalgorithm is based on the observation that gcd(a, b) = gcd(r, a).

(a) Show that 2r < b.

Let P (b) be the statement that, if 1 < a < b, then the number of divisions required by theEuclidean algorithm to compute gcd(a, b) is less than 2 log2 b.

(b) Use the result of (a) and the strong form of induction to prove that P (b) holds for all integersb ≥ 3.

(c) Use the result of (b) to prove that, if 1 < a < b, then the number of divisions required by theEuclidean algorithm to compute gcd(a, b) is less than 1 + 2 log2 a.

31. Let p be a prime and consider the field (Zp, +, ·).

(a) Prove: For any elements a and b, if a2 = b2, then either a = b or a = −b.(b) Does the result of part (a) hold in general for (Zn, +, ·)? (In other words, is the requirement

that n be prime necessary?)

32. Let a, b, and c be positive integers with 2 ≤ a < b and gcd(a, b) = 1. Consider the equation

ax + by = c F

(a) Discuss how to obtain a particular solution of equation F in integers x1 and y1.(b) Let (x1, y1) be a particular solution of equation F. Show that (x, y) is a solution, x, y ∈ Z,

if and only if x = x1 + bt and y = y1 − at for some integer t.(c) Show that equation F has a solution in nonnegative integers x and y if and only if, for any

particular solution (x1, y1), the closed interval [−x1/b, y1/a] contains an integer.(d) Show that the equation ax+ by = ab−a− b does not have a solution in nonnegative integers.


(e) Show that equation F has a solution in nonnegative integers for all c > ab − a − b. (Hint:Write c = ab− a− b + n, n ∈ Z+, and use the strong form of induction on n. Anchor the inductionby showing that F has a solution in nonnegative integers for n ∈ {1, 2, . . . , a}. In particular, forn ∈ {1, 2, . . . , a−1}, let x0 and y0 be integers such that n = ax0 + by0 . Note that y0 may be chosenso that 1 ≤ y0 < a. Then c = a(x0 + b − 1) + b(y0 − 1); show that x0 + b − 1 ≥ 0.)

33. Let p denote a prime.

(a) Prove that there do not exist positive integers a and b such that a2 = pb2.(b) Apply the result of part (a) to show that

√p is irrational.

34. Given a finite field (F, +, ·), the characteristic of F is the smallest positive integer c such thatc(1) = 0 (where 0 and 1 denote the additive and multiplicative identities of F , respectively).

(a) Show that the characteristic of Zp (where p is prime) is p.(b) Show that the characteristic of any finite field F must be prime.

(If the characteristic of F is the prime p, then the theorems of Lagrange and Cauchy from thetheory of finite groups can be used to prove that the order of F must be pk for some positiveinteger k, thus proving necessity in Theorem 2.27.)

35. Let the canonical factorizations of the positive integers a and b be given by:

a = pa1

1 pa2

2 · · · pak

k

b = qb1

1 qb2

2 · · · qbn

n

What conditions must be satisfied by the primes and/or the exponents if:

(a) a is a perfect square?(b) b is a perfect cube?(c) a | b?

36. Let n be a positive integer. The purpose of this problem is to develop efficient algorithms todo arithmetic modulo n; that is, given a, b ∈ Zn and a nonnegative integer m, we wish to compute,as elements of Zn, a ⊕ b, a � b, and am.

(a) Develop (and implement as a program) an algorithm to efficiently compute a + b. (Notethat, if a + b ≥ n, then a ⊕ b = a + b − n.)

(b) Develop an algorithm to efficiently compute a � b. Use the technique known as repeateddoubling: Compute a, 2a, 4a, and so on, by doubling; then use the binary representation of b todetermine which terms are needed for the final result. For example, when b = 101, we would have

a � b = a � (1 + 4 + 32 + 64) = a ⊕ 4a ⊕ 32a⊕ 64a

(c) Develop an algorithm to efficiently compute am. Use the repeated squaring technique.

37. Consider (Z9, +, ·).

(a) Give the addition table for Z9.(b) Find the inverse of each element.(c) Give the multiplication table for Z9.(d) Find the reciprocal of each element that has one.



(a) Give the addition table for Z11.(b) Find the inverse of each element.(c) Give the multiplication table for Z11.(d) Find the reciprocal of each nonzero element.

39. Let a and b be integers with 1 < a < b.

(a) Prove: If a and b are both even, then gcd(a, b) = 2 · gcd(a div 2, b div 2).(b) Prove: If a is even and b is odd, then gcd(a, b) = gcd(a div 2, b). (Or, if a is odd and b is

even, then gcd(a, b) = gcd(a, b div 2).)(c) Prove: If a < b, then gcd(a, b) = gcd(a, b − a). (Or, if b < a, then gcd(a, b) = gcd(a − b, b).)(d) Use the results of parts (a), (b), and (c) to design (and implement) an algorithm that inputs

positive integers a and b and outputs gcd(a, b).(e) Use the algorithm of part (d) to find gcd(1428, 2516).


(a) 10 + 39 (b) 10 · 39(c) −10 (d) −39(e) 10−1 (f) 39−1

(g) 1031 (h) 3942

41. Let n be a positive integer and let m be an integer with 0 ≤ m ≤ 2n+1 − 1.

(a) Show that m is uniquely expressible in the form

m = bn · 2n + bn−1 · 2n−1 + · · ·+ b1 · 21 + b0

where each bi is either 0 or 1. The representation (bnbn−1 · · · b1b0)2 is called the binary represen-

tation of m. (For example, the binary representation of 25 is (11001)2, or more simply, 11001.)(b) Design and implement an algorithm that inputs a nonnegative integer m and outputs the

binary representation of m.(c) Design and implement an algorithm that inputs a bit string (a string of 0s and 1s) and outputs

the nonnegative integer m having that string as its binary representation.

42. In this problem we outline the construction of a field (F, +, ·) of order 9. LetF = {0, 1, a, a2, . . . , a7}, where, as usual, 0 is the additive identity and 1 is the multiplicativeidentity. The multiplicative structure of the field is implicit in the way the elements of F − {0}have been listed — as powers of the element a — where a8 = 1. Thus, for example, a2 · a3 = a5

and a4 · a6 = a10 = a8 · a2 = 1 · a2 = a2. The additive structure of the field is determined by thefollowing two rules: (1) 3x = 0 (that is, x + x + x = 0) for every x ∈ F ; (2) 1 + a = a2. Usingthese two rules and the commutative and distributive laws, one can complete the addition table forthe field; do so.

43. Having done Problem 42, rename the elements of F using the elements of Z3 × Z3 such that(0, 0) is the additive identity, (0, 1) is the multiplicative identity, and the addition iscoordinate-wise addition modulo 3; that is

(x1, y1) + (x2, y2) = (x1 + x2, y1 + y2)


where x1 + x2 and y1 + y2 denote the usual addition in Z3. Show the multiplication table with therenamed elements.

44. Given that m1 div 6 = q1, m1 mod 6 = 3, m2 div 6 = q2, and m2 mod 6 = 5, redo Problem 3,replacing the divisor 6 by 3 in each part.

Documents

Chapter Two Number Theory - Homepage | Fredonia.edu Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the