00 Number Theory Step by Step

OUP CORRECTED PROOF – FINAL, 3/9/2020, SPi
Number Theory
Number Theory
Step by Step
Kuldeep Singh
1
3
Great Clarendon Street, Oxford, OX2 6DP,
United Kingdom
Oxford University Press is a department of the University of Oxford.
It furthers the University’s objective of excellence in research, scholarship,
and education by publishing worldwide. Oxford is a registered trade mark of
Oxford University Press in the UK and in certain other countries
© Kuldeep Singh 2020
The moral rights of the author have been asserted
First Edition published in 2020
Impression: 1
All rights reserved. No part of this publication may be reproduced, stored in
a retrieval system, or transmitted, in any form or by any means, without the
prior permission in writing of Oxford University Press, or as expressly permitted
by law, by licence or under terms agreed with the appropriate reprographics
rights organization. Enquiries concerning reproduction outside the scope of the
above should be sent to the Rights Department, Oxford University Press, at the
address above
You must not circulate this work in any other form
and you must impose this same condition on any acquirer
Published in the United States of America by Oxford University Press
198 Madison Avenue, New York, NY 10016, United States of America
British Library Cataloguing in Publication Data
Data available
Library of Congress Control Number: 2020944857
ISBN 978–0–19–884673–4
Printed and bound by
CPI Group (UK) Ltd, Croydon, CR0 4YY
Links to third party websites are provided by Oxford in good faith and
for information only. Oxford disclaims any responsibility for the materials
contained in any third party website referenced in this work.
Preface to Number Theory Step by Step
Number theory is one of the oldest branches of mathematics, and because of the burgeoning growth of
internet security we see applications of number theory prevalent in this field of security.
Historically, one of my primary concerns has been in finding a rigorous yet accessible textbook to
recommend to students. Based on the popularity of my previously published books, Engineering Mathe-
matics through Applications and Linear Algebra Step by Step, I have felt a need to write a book on number
theory that bridges the considerable divide between school and undergraduate mathematics.
I have been fortunate in that I had some students to assist in evaluating each chapter, and in response
to their reaction, I consequently modified, expanded, and added sections to ensure that its content en-
tirely encompassed the ability of students with a limited mathematical background, as well as the more
advanced readers. I believe this has allowed me to create a book that is simple in its explanation, yet
comprehensive in its approach to even the most challenging aspects of this topic.
Level
This book is intended for first- and second-year undergraduates. Many students find the transition be-
tween school and undergraduate mathematics difficult, and this book specifically addresses that gap and
allows seamless progression. It assumes limited prior mathematical knowledge, yet also covers difficult
material and answers tough questions through the use of clear explanation and a wealth of illustrations.
The emphasis of the book is on students learning for themselves by gradually absorbing clearly presented
text, supported by patterns, graphs, and associated questions.
Pedagogical Issues
The strength of the text is in the large number of examples and the step-by-step explanation of each topic
as it is introduced. It is compiled in such a way that allows self-study, with explicit solutions to all the sets
of problems freely available online. Also included are short historical biographies of the leading players
in the field of number theory. These are generally placed at the beginning of a section to engage the
interest of the student from the outset.
At the University of Hertfordshire there are between 70 and 80 mathematics undergraduates. In the
past, we have based our number theory course on various existing textbooks, but in general students
have found them hard to digest or lacking in rigorous explanation. This is a book that allows the student
to gradually develop an understanding of this topic, without the need for constant additional support
from a tutor.
Proposed Book
A large number of books on number theory currently exist, but they are either difficult to comprehend
and have a very formal structure, or are too applied, so are suitable for engineers but not for mathemati-
cians or physicists. Published textbooks on this subject tend to be rather static in their presentation.
By contrast, this book strives to be significantly more dynamic and encourages the engagement of the
reader with frequent question and answer sections. The question–answer element is sprinkled liberally
vi P R EFAC E TO N U M B E R T H E O RY ST EP BY ST EP
throughout the text, consistently testing the student’s understanding of the methods introduced, rather
than requiring them to remember by rote.
I anticipate a broad appeal. The simple yet concise nature of its content is specifically designed to
aid the students, but its rigorous approach and comprehensive manner makes it entirely appropriate
reference material for mathematicians at every level.
Background
I have held the position of Senior Lecturer in Mathematics at the University of Hertfordshire for over 25
years, where I teach number theory to second-year undergraduates.
My interest in mathematics began at school. I am originally of Sikh descent, and as a young child
often found English difficult to comprehend, but I discovered an affinity with mathematics, a universal
language that I could begin to learn from the same starting point as my peers.
My passion has always been to teach, and I have taught number theory at the University of Hertford-
shire since 2008.
I am also the author of Engineering Mathematics through Applications, a book that I am proud to say
is used widely as the basis for undergraduate studies in many different countries. Additionally, I have
authored Linear Algebra Step by Step, which is also widely used.
I also host and regularly update a website dedicated to mathematics.
My family and career leave little room for outside interest, but I am a keen football fan and occasional
cyclist.
Acknowledgements
I would particularly like to thank Della Avery—Mathematics Teacher, Ágnes Bonivárt—PhD stu-
dent,and Dr Laurence Taylor—Analysis and Data Visualisation Specialist,for their significant help in
improving this text.
Also thanks to Bharath Krishnamoorthy for doing an excellent job of typesetting this book.
Dedication
Shaheed Bibi Upkar Kaur
Kuldeep Singh
School of Physics, Astronomy and Mathematics
University of Hertfordshire
College Lane
Hatfield, Herts AL10 9AB
[email protected]
Homepage http://maths-for-all.co.uk/
Contents
Introduction to Number Theory Step by Step ix
1 A Survey of Divisibility 1
1.1 The Greatest Common Divisor 1

1.2 Division Algorithm 11
1.3 Euclidean Algorithm 18
1.4 Linear Diophantine Equations 30
Supplementary Problems 1 42
2 Primes and Factorization 45

2.1 Introduction to Primes 45
2.2 Testing Numbers for Primality 54
2.3 Properties of Prime Numbers 64
2.4 Least Common Multiple–LCM 77
3 Theory of Modular Arithmetic 91

3.1 Introduction to Congruences 91
3.2 Congruent Properties of Multiplication 111
3.3 Solving Linear Congruences 118
3.4 Chinese Remainder Theorem 130
3.5 Introduction to Factorization 141
4 A Survey of Modular Arithmetic with Prime Moduli 153

4.1 Introduction to Fermat’s Little Theorem 153
4.2 Wilson’s Theorem 163
4.3 Composite Integers and Pseudoprimes (False Primes) 171
4.4 Mersenne Numbers 182
4.5 Perfect Numbers and the Sigma Function 195
5 Euler’s Generalization of Fermat’s Theorem 209

5.1 Euler’s Totient Function 209
5.2 Euler’s Theorem 223
6 Primitive Roots and Indices 235

6.1 The Order of an Integer modulo n 235
6.2 Indices 246
6.3 Theory of Indices 254
6.4 Integers with Primitive Roots 267
6.5 Composite Integers with Primitive Roots – Companion Website
viii CON TE N TS
7 Quadratic Residues 277

7.1 Introduction to Quadratic Residues 277
7.2 The Legendre Symbol 290
7.3 Quadratic Reciprocity 301
7.4 Law of Quadratic Reciprocity (LQR) 315
7.5 Quadratic Residues of Composite Moduli Companion Website
8 Non–Linear Diophantine Equations 331

8.1 Sum of Two Squares 331
8.2 Sum of Four Squares 344
8.3 Pell’s Equation 353
Introductory Chapter
Companion Website
Brief Solutions 369
Symbolic Index 383
Index 384
Introduction to Number Theory Step

by Step
Number theory is one of the oldest branches of mathematics. Four thousand years ago the Babylonians
were writing down Pythagorean triples, such as
562 + 902 = 1062, 1192 + 1202 = 1692 and 12 7092 + 13 5002 = 18 5412 .1
However, since the advent of digital computer, number theory has seen a resurgence in interest, due to its
applications in computer science and cryptography. Number theory had no serious application for nearly
four thousand years. It was not used in construction, aerospace, manufacturing, finance, economics etc.
Number theory does not highlight any discrepancies in the distribution of wealth or promote the
destruction of humanity. Despite this we use numbers in our daily life—entering our date of birth,
phoning a friend, entering our pin number at a cash point machine. Did you know that in China you
cannot use the pin number 8964, 4689, 040689, or any version of these? This is because Tiananmen
Square massacre occurred on the 4th June 1989.
Our intuition may suggest that there is nothing interesting about numbers, but we would be totally
deluded because numbers have some appealing properties which we discuss in this book. We will come
across curious and surprising results about numbers, in particular positive integers.
What attributes will you learn from this number theory book?
Intellectual rigour, problem solving, reasoning, ability to deal with abstract concepts and interpreting
your solution to a given problem. It will also help you develop logical deduction skills and creativity
when writing proofs of results. It is not a collection of isolated techniques or algorithms that can be used
to solve a problem.
Moreover, number theory has a very rich history and this history is sprinkled throughout the book.
Wouldn’t you like to know how Gauss, Fermat or Euler solved a particular problem?
What is elementary number theory?
Number theory is essentially the study of positive integers and in this book, we only use elementary
methods to examine this. We do not apply mathematical analysis or advanced algebra to study the topics
discussed. Elementary number theory is where elementary does not imply easy or basic but just simply
means only elementary methods can be used. It is like asking someone to do the hurdles with a chain and
ball around their neck because you cannot use analytic or advanced algebraic methods to find solutions.
Elementary in this context is misleading because it can be a real challenge.
A “feature” of number theory is that it’s easy to formulate questions that many people can understand
but for which we still don’t have an answer. For instance, we expect there are infinitely many primes of
the form n2 + 1 (you can even start making a list—it’s prime for n = 1, 2, 4, 6, 10, 14, 16, 20, 24, 26, 36,
40, 54, . . . ) but this remains an unsolved problem.
1
https://en.wikipedia.org/wiki/Plimpton_322
x IN TR ODU CT ION TO N U M B ER T H E O RY ST EP BY ST E P
Another easily understood statement is the Legendre conjecture which remains unproven and says:
‘There is always a prime between n2 and (n + 1)2 .’
This result look so innocent that you would think that you can prove it by induction, but it has re-
mained unproven for the last 200 years.
What do we discuss in this book?
In the first chapter we look at divisibility of positive integers and we concentrate on the greatest common
divisor.
In Chapter 2 we prove the Fundamental Theorem of Arithmetic which claims that every positive
integer greater than 1 can be factorized into product of primes in a unique way. This Fundamental
Theorem of Arithmetic does not tell us how to factorize a given integer but just that a factorization
exists. In more modern applications of Number Theory such as cryptography, we are interested in the
following questions:
● How do we factorize a given positive integer?
● How to determine whether a given positive integer is prime?
Why are these questions important?
Factorization is used in public-key encryption as it provides security because it is easy to multiply two
large primes but very difficult to factorize them. For example, multiplying the two primes
23 456 761 and 9 876 543 139,
gives 23 456 761 × 9 876 543 139 = 231 671 711 917 712 779. However, factorizing the right-hand side
231 671 711 917 712 779 is a difficult task unless you know the above primes give this answer. This is,
in general a very hard problem, because no algorithms exist (yet) to find prime factorization efficiently.
How would you find a prime factor of 2251 − 1, which in decimal format is, 36185027886661311
06986593281521497120414687020801267626 233049500247285301247?
We will answer this question in Chapter 4. Why isn’t this factorization covered in Chapter 3?
This factorization is shown by introducing a new kind of arithmetic called modular or clock arithmetic
in Chapter 3. This clock arithmetic is carried out in a loop rather than a number line and focuses on the
remainder when two integers are divided. The remaining Chapters 4-8 rely on this modular arithmetic.
Additionally, in Chapter 3 we apply something called the Chinese Remainder Theorem which counts
things without actually counting them by using this new arithmetic.
Modular arithmetic can answer questions like-what are the last two digits of 11205 ? We examine these
types of questions in Chapter 5.
We use modular arithmetic to solve the following non –linear Diophantine equation
x2 − 127y = 2 or 7x6 − 13y = 6.
Diophantine equation means that the solutions x and y are restricted to being integers. In general
Diophantine equations are hard to solve by analytical means but we solve these and others of similar
nature in Chapters 6 and 7.
I NT RO D U C T I O N TO N U M B E R T H E O RY ST E P BY ST E P xi
In Chapter 7 we also ask whether the non-linear Diophantine equation such as
x2 − 4183y = 713,
has any integer solutions. This is not an easy task.

In Chapter 8 we prove one of the great results of mathematics; a prime of the form 4k + 1 can be
written as the sum of two squares; a2 + b2 . However, a prime which looks like 4k + 3 cannot be written
as a sum of two squares.
Naturally in this last chapter we look at Pythagorean triples;
a2 + b2 = c2 where a, b and c are integers.
Additionally, in the last chapter we show that every positive integer n can be written as a sum of four
squares:
n = a2 + b2 + c2 + d2 .
Why have we chosen to discuss these topics?
Firstly, this is what is covered in most elementary number theory modules throughout the developed
world. I have just done a web search of such a course and nearly all of them contain the topics discussed
above.
Positive integers are fundaniental in everyday life and as every positive integer greater than 1 can
be factorizeded into primes so primes and divisibility lead to more general and powerful results. For
example, you may be interested in the last few digits of a large number which in compact notation is
written as an . Again, to answer such questions we need to use modular arithmetic and the theory of this
arithmetic is based on primes.
Some of the topics may seem like detour such as Diophantine equations but they help in solving
equations of modular arithmetic.
For all the topics discussed in the book you do not need any analysis or advanced algebra and the only
prerequisite is you know how to construct a proof, which is explained in the Introductory Chapter. You
can use these discussed topics as a basis to investigate analytic or algebraic number theory.
..............................................................................................................................
1 A Survey of Divisibility
..............................................................................................................................
SECTION 1.1 The Greatest Common Divisor

By the end of this section you will be able to
● prove some properties of divisibility
● find the greatest common divisor of two integers
How would you find the greatest common divisor of 5291 and 3108?
How would you solve the equation 5291x + 3108y = c where x, y, and c are integers?
The aim of this chapter is to answer these types of questions. To answer these questions
we need to introduce the idea of divisibility and Euclidean algorithm, which is covered in
Sections 1.2 and 1.3 respectively of this chapter.
First in this section, we discuss divisors of integers so that we can define what is meant
by the greatest common divisor which is one of the basic building blocks of number theory.
The greatest common divisor plays an important part in factorizing numbers, which we
discuss in later chapters of the book.
1.1.1 Introduction to divisibility
The idea of divisibility is one which we are all familiar with, having encountered it early on
in our mathematical studies. The formal definition is:
Definition (1.1). We say integer a ≠ 0 divides integer b if and only if there exists an integer
m such that a × m = b.
We denote a divides b by a b.
Throughout the book, lower case italic letters will represent integers. For example, 5 100
because there is an integer m = 20 such that 5 × 20 =100. If a does not divide b then
we denote this by a b. For example, 5 101 because there is no integer m such that
5 × m = 101.
We say a is a divisor or a factor of b. This is equivalent to saying that b is a multiple

of a.
For the above example, 5 100, we say 5 is a divisor (or factor) of 100 or 100 is a multiple
of 5 because 5 × 20 = 100.
2 1 A SURV EY OF D I V I S I B I L I T Y
Divisors and factors are synonymous and you will find that we interchange between the
two when discussing divisibility of integers.
What are the divisors of 21?
Clearly 1, 3, 7, and 21 are divisors of 21, but so are −1, −3, −7, and −21. We have
1, −1, 3, −3, 7, −7, 21, and −21 are divisors of 21.
What are the divisors of −21?
We see that 3 −21 because 3 × (−7) = −21. Hence 3 is a divisor of −21. The divisors of
−21 are the same as the divisors of 21.
Note that in the list of divisors (factors) are both positive and negative integers.
Example 1.1
Determine the divisors of

(a) 100 (b) 1 (c) 15 (d) 30
Solution
(a) The divisors of 100 are (remember ±a means +a or −a):
±1, ±2, ±4, ±5, ±10, ±20, ±25, ±50, and ±100.
(b) The only divisors of 1 are ±1.

(c) The divisors of 15 are ±1, ±3, ±5, and ±15.
(d) Since 15 is a divisor of 30, it follows that all the divisors of 15 will also be divisors of 30. Making
use of the result of (c) and adding divisors ±2, ±6, ±10, ±30 gives
±1, ±2, ±3, ±5, ±6, ±10, ±15, and ±30 are the divisors of 30.
Now that we have established what is meant by a divisor, we can list some of their prop-
erties. In particular, we generalize the results of Example 1.1 (b) and (d).
The generalized results about divisors are stated in the next theorem. A theorem or propo-
sition is a mathematical statement that is proved by using mathematical reasoning—see
Introductory Chapter.
Theorem (1.2). Properties of divisors.

For integers a, b, c, and d we have the following:
(a) a 1 ⇔ a = ±1 (see the above Example 1.1 (b)).
(b) If a b and b c then a c (see Example 1.1 (d)).
(c) If a b and c d then (a × c) (b × d).
(d) a b and b a ⇔ a = ±b.
(e) If a b and b ≠ 0 then |a| ≤ |b|.
(For a reminder of the meaning of the two-way implication symbol ⇔, see the Introduc-
tory Chapter).
T H E G R E AT E ST C O M M O N D I V I S O R ( 1 – 1 0 ) 3
We use Definition (1.1) given at the start to prove these results.
Proof.
(a) We have an ⇔ in the statement, so we need to prove this both ways, ⇒ and ⇐.
For ⇒ we assume a 1 then deduce a = ±1.
For ⇐ we assume a = ±1 and deduce a 1.
(⇐). If a = ±1 (a = 1 or a = −1) then a 1 because 1 1 and −1 1.
1
(⇒). If a 1 then there is an integer m such that am = 1, which implies a = .
m
Since a is an integer so m = ±1 which gives a = ±1.

This symbol signifies the end of a proof.

(b) We have a b and b c so there are integers x and y such that
ax = b and by = c.
Substituting the first equation b = ax into by = c gives (ax) y = c implies

a × (xy) = c, by the associative law of multiplication. Since the product of two
integers, xy, is an integer, we have
a × integer = c implies a c.

Recall ‘⇒’ denotes ‘implies’. We will interchange between these throughout the
book.
(c) We have a b and c d, therefore there are integers m and n such that
am = b and cn = d.
Multiplying am = b and cn = d together gives am × cn = b × d. Re-arranging
ac × (mn) = b × d implies ac × (integer) = b × d implies (a × c) (b × d) .

(d) We are required to prove that a b and b a ⇔ a = ±b.

(⇐). If a = ±b (a = b or a = −b) then a b and b a. (Any integer divides itself or
its negative.)
(⇒). We have a b and b a, which implies there are integers x and y such that
ax = b and by = a.
Substituting b = ax into by = a gives a (xy) = a, which implies xy = 1. The

solutions to this equation xy = 1 are
x = 1, y = 1 or x = −1, y = −1.
Putting y = 1 or y = −1 into a = by gives a = b or a = −b; in other words, a = ±b.

(e) Suppose a b and b ≠ 0, then there is an integer m such that
a × m = b.
Taking the modulus (check the Introductory Chapter to see what is meant by the
modulus function, | |, and for some of its properties) of both sides gives
|b| = |a × m| = |a| × |m| [Because | x × y | = | x | × | y |].
We are given that b is not zero so m cannot be zero, therefore |m| ≥ 1.
Using this | m | ≥ 1 in the above | b | = | a | × | m | gives
| b | = | a | × | m | ≥ | a | × (1) = |a| .
Hence |b| ≥ |a|, which we can write the other way as | a | ≤ | b |.

We now give some numerical examples which make use of the results just presented.
Example 1.2
Determine all the positive divisors of 42.
Solution
While we could easily list the divisors of 42, we will make use of Theorem (1.2) (b). We know that 6 is
a divisor of 42, so we use Theorem (1.2) (b) which states:
a b and b c ⇒ a c.
It follows that any divisor of 6 is also a divisor of 42. Divisors of 6 are
1, 2, 3, and 6.
Since 42 = 6 × 7, so by using Theorem (1.2) (b) again we can state that any divisors of 7 are also divisors
of 42. The divisors of 7 are
1 and 7.
So far we have 1, 2, 3, 6, and 7 as divisors of 42.

Are there any other divisors?
Yes; 14, 21, and 42 itself. Bringing this all together, the positive divisors of 42 are
1, 2, 3, 6, 7, 14, 21, and 42.
The tau (pronounced ‘tour’) function of a positive integer, n, denoted by 𝜏 (n), gives the
number of positive divisors of n. For the above example we have 𝜏 (42) = 8. This 𝜏 (n) is an
important function in number theory.
From now on, we will concentrate on the positive divisors because we can find the neg-
ative ones by just placing a negative sign in front of the positive divisors.
Example 1.3
Given that 99 5544 and 168 1176, show, without using a calculator,
72 (5544 × 1176).
Solution
Since 72 = 9 × 8, so we need to show
(9 × 8) (5544 × 1176).
Clearly 9 99 and we are given 99 5544, therefore 9 5544.

Similarly 8 168, and we are given 168 1176, therefore 8 1176.
Applying Theorem (1.2) (c):
If a b and c d then (a × c) (b × d).
To 9 5544 and 8 1176 gives
(9 × 8) (5544 × 1176), which implies 72 (5544 × 1176).
1.1.2 Linear combination
A linear combination of integers b and c is an integer of the form bx + cy.
This linear combination is an important concept which is used throughout the book.
If a b and a c then a (bx + cy). We shall see the proof of this shortly, but beforehand
let us see a numerical demonstration.
Example 1.4
Given that 99 5544 and 99 594, show 99 (5544x + 594y) for any integers x and y.
Solution
We are given 99 5544, which implies there is an integer m such that
99m = 5544.
Similarly, from 99 594 there is an integer n such that 99n = 594. Considering the linear combination
5544x + 594y and substituting 99m = 5544 and 99n = 594 into this gives
5544x + 594y = 99mx

⏟ + 99ny
⏟
=5544 =594
=
⏟ 99 (mx + ny) = 99 (integer) [Sum of two integers is an integer] .
Factorizing
Hence 99 is a factor of 5544x + 594y or 99 (5544x + 594y).

Let us now prove this result for any given choice of integers.
Linear Combination Theorem (1.3). If a b and a c then a (bx + cy) for any integers x
and y.
What does this statement mean?
It says that if a divides both b and c then it divides any linear combination of b and c:
bx + cy.
Proof.
Suppose a b and a c. By Definition (1.1), there are integers m and n such that am = b and
an = c.
We are required to prove a (bx + cy). Substituting these b = am and c = an into the
linear combination bx + cy gives
bx + cy = (am) x + (an) y = a (mx + ny) [Factorizing].
We have a (integer) = bx + cy, therefore a (bx + cy). This completes our proof.

Example 1.5
Prove that if a b and a c then (i) a (b + c) (ii) a (b − c).

How do we prove these results?
We apply the previous Theorem (1.3):
If a b and a c then a (bx + cy).
Proof.
(i) Using Theorem (1.3) with x = y = 1 gives a (b + c).
(ii) Using Theorem (1.3) with x = 1 and y = −1 gives a (b − c).
Theorem (1.3) is only valid when a divides both integers; a b and a c. We can extend
Theorem (1.3) to apply to any number of integers:
If a b1 , a b2 , a b3 , ⋯ and a bn , then a divides any linear combination of these:
a (b1 x1 + b2 x2 + b3 x3 + ⋯ + bn xn ) .
This result can be proven by applying mathematical induction—see Exercises 1.1,

question 23.
1.1.3 Greatest common divisor
What does the greatest common divisor (or highest common factor) mean?
Let us consider two integers, 15 and 35. The divisors of these numbers are:
1, 3, 5, and 15 are the positive divisors of 15.
1, 5, 7, and 35 are the positive divisors of 35.
Which of these divisors are common to both numbers, 15 and 35?
1 and 5.
The greatest of these is 5, so we say that 5 is the greatest common divisor, or gcd, of 15
and 35.
The greatest common divisor of integers a and b is denoted by gcd (a, b). So, in the
case just discussed, we would write gcd (15, 35) = 5. The greatest common divisor is also
called the highest common factor in some texts, but we will stick to using greatest common
divisor.
Example 1.6
Suppose you want to tile a floor with dimensions 72 inches by 90 inches. What is the largest size of
square tile you can use to cover the entire floor without cutting any of the identical tiles?
Solution
How is this problem connected to the greatest common divisor?
Since we are to use square tiles, we need to find a common divisor of 72 and 90.
Also, we are looking for the largest size tiles, so we need to find the greatest common divisor, gcd,
of 72 and 90, or in notation form gcd (72, 90).
The positive divisors of 72 are {1, 2, 3, 4, 6, 8, 9, 12, 18, 24, 36, 72}. Recall from the Introductory Chap-
ter that a set is denoted by braces { } and is used to illustrate a grouping.
Which of these numbers are also divisors of 90?
{1, 2, 3, 6, 9, 18}.
This {1, 2, 3, 6, 9, 18} is the set of common divisors of 72 and 90. Thus
gcd (72, 90) = 18.
You need to buy 18-inch square tiles in order to cover the whole floor without cutting any of them.
The formal definition of greatest common divisor, gcd, is:
Definition (1.4). The positive integer g is the gcd of integers a and b which are not both
zero ⇔
(i) g a and g b [g is a common divisor]
(ii) If for any c we have c a and c b then c ≤ g [g is the largest of the common divisors].
Note that if gcd (a, b) = g where a and b are not both zero then g ≥ 1. It is important to
remember that g needs to satisfy both conditions (i) and (ii) in order to qualify as the gcd.
When finding the gcd we only need to consider the positive divisors, as gcd is a positive
integer. The following examples will present some cases of finding the gcd.
Example 1.7
Find the gcd of the following numbers:

(a) −12 and 30 (b) 30 and 100 (c) 10 and 21
Solution
(a) Since the gcd is positive, we only need to examine positive divisors of each number.
The positive divisors of −12 are {1, 2, 3, 4, 6, 12}.
The positive divisors of 30 are:
{1, 2, 3, 5, 6, 10, 15, 30}.
The common divisors of −12 and 30 are 1, 2, 3, and 6. Therefore,
gcd (−12, 30) = 6.

(b) Similarly, listing the positive divisors of 30 (as above):
{1, 2, 3, 5, 6, 10, 15, 30}.
Which of these are also divisors (factors) of 100?
{1, 2, 5, 10}.
Therefore, gcd (30, 100) = 10.
(c) The numbers 10 and 21 have no divisors or factors in common apart from 1, so
gcd (10, 21) = 1.

We say these numbers, 10 and 21, are relatively prime.
Two integers that only have a common divisor (factor) of 1 are relatively prime to each
other; we cover this in Subsection 1.3.2 of this chapter. There, we will also show a more
efficient way of evaluating the gcd: the Euclidean Algorithm.
Example 1.8
(i) Find g where g = gcd (36, 60).

36 60
(ii) Determine gcd ( , ). Comment on your answer.
g g
Solution
(i) The divisors of 36 are {1, 2, 3, 4, 6, 9, 12, 18, 36}.
Which of these numbers are also divisors of 60?

{1, 2, 3, 4, 6, 12}.
Therefore, g = gcd (36, 60) = 12.
36 60 36 60
(ii) The gcd of and is given by gcd ( , ) = gcd (3, 5) = 1.
12 12 12 12
You should not be surprised by your answer of 1, as we have divided each number by the greatest
common divisor of both integers 36 and 60. If 3 and 5 had a common factor, say f, which was greater
than 1, then the gcd of 36 and 60 would not be 12, as we evaluated in (i), but 12 × f.
We can use this result to simplify fractions. For example, we can simplify 36/60 by di-
36 3
viding the numerator and denominator by g = gcd (36, 60) = 12. We have = .
60 5
We can also use this division by the gcd to simplify ratios as you will see in Exercises 1.1,
question 3.
a b
Proposition (1.5). If gcd (a, b) = g then gcd ( , ) = 1.
g g
How do we prove this result?
By contradiction.
Proof.
a b
Let gcd ( , ) = d and suppose d > 1. By Definition (1.4) (of the gcd) we have
g g
|a a |
d | ⇒ dm = ⇒ (dg) m = a ⇒ dg | a.
|g g |
Similarly,
|b b |
d | ⇒ dn = ⇒ (dg) n = b ⇒ dg | b.
|g g |
Hence dg is also a common divisor of a and b. Since gcd (a, b) = g, so by Definition (1.4) (ii):
if c a and c b then c ≤ g [g is the largest common divisor],
we must have dg ≤ g. Dividing both sides by g gives d ≤ 1. This cannot be the case because
our supposition says d > 1. We have a contradiction. Our supposition d > 1 must be wrong.
a b
Therefore d = 1, which means we have gcd ( , ) = 1. (The integers a/g, b/g are relatively
g g
prime.)

We can extend the definition of the greatest common divisor to more than two integers.
Definition (1.6). The positive integer g is the gcd of the set of integers S = {a1 , a2 , a3 , ⋯ , an }
which are all non-zero ⇔ g is the largest integer that divides all the integers in the set S.
This is normally denoted by g = (a1 , a2 , a3 , ⋯ , an ).
We can evaluate the gcd of three integers which is given by:
gcd (a, b, c) = gcd (a, gcd (b, c)) where a, b, c are non-zero integers.
You are asked to prove this in Exercises 1.3, question 19.

Summary
The integer a is a divisor of b if and only if a × m = b where m is an integer.
If a b and a c then a is a divisor of any linear combination of b and c.
The gcd of a and b, gcd (a, b), is the largest integer which divides both a and b.
EXERCISES 1.1
(Brief solutions at end of book. Full By using this graph or otherwise, find
solutions available at <http://www.oup.co. two integer solutions to this equation:
uk/companion/NumberTheory>.)
24x + 120y = gcd (24, 120) .
1. You have a rectangular sheet of metal
of dimensions 60 inches by 84 inches. 8. Determine a particular integer
You want to cut this metal into smaller solution to 56x + 60y = gcd (56, 60).
identical squares. What is the largest 9. *Determine gcd (66, 165, 253).
size square you would need to ensure
there is no metal left over? 10. Determine gcd (a, a2 ) where a is a
non-zero integer.
2. Find gcd (57, 209). Hence or
57 11. Determine gcd (a + b, a2 − b2 ) where
otherwise simplify the fraction .
209 integers a + b and a2 − b2 are not both
3. Determine gcd (65, 1001). Hence zero.
write the ratio 65 ∶ 1001 in its simplest 12. Prove or disprove the following
form. statement:
4. In music, the fundamental frequency a b and c d implies (a + c) (b + d).
f0 is the gcd of the frequencies fn of the
harmonics. Find the fundamental 13. (a) Find the possible values of the
frequency f0 of the harmonics: integer a such that a 0.
(b) Find the possible values of the
f1 = 200Hz, f2 = 300Hz, f3 = 400Hz, integer a such that a 2.
and f4 = 500Hz.
14. Prove that a b ⇔ ac bc, provided
5. Compute 𝜏 (n) (tau function) for the c ≠ 0.
following n values: 15. Let a (b + c) and a b. Show that a c.
(a) 10 (b) 100 (c) 120 (d) 101 16. Prove that if a b and a c then
6. Determine the gcd of the following
a (b2 − c2 ) .
integers:
(a) −12, 34 (b) −36, −60 17. Show that a (b × c) /
⇒ a b or
(c) 60, −72 (d) 1001, 182 a c.
7. Plot the graph *Under what circumstances do you think

this result is true, that is a (b × c) ⇒ a b
24x + 120y = gcd(24, 120). or a c?
D I V I S I O N A LG O R I T H M ( 1 1 – 1 7 ) 11
18. Prove that (relatively prime means 21. *Prove that if d (n1 × n2 ) where d > 1
their gcd is 1): and gcd (n1 , n2 ) = 1, then only one of
the following holds:
(a) two consecutive integers are
relatively prime. either d n1 or d n2 .
(b) two consecutive odd integers are
22. Prove that gcd (−a, −b) = gcd (a, b)
relatively prime.
where a and b are not both
19. Let m and n be positive integers. Prove zero.
that if m n where m < n (m is a
n 23. Prove that if a b1 , a b2 , ⋯, and a bn
proper divisor) then m ≤ .
2 then a (b1 x1 + b2 x2 + ⋯ + bn xn ) for
20. *Show that if n is an odd integer then any integers x1 , x2 , ⋯ , xn .
gcd (n + 1, n2 + 1) = 2.
.........................................................................................................
SECTION 1.2 Division Algorithm

● understand the proof of the Division Algorithm and apply it
In the last section we found the greatest common divisor, gcd, of two integers by listing
the divisors of these integers and then selecting the largest common divisor. This is a very
inefficient way of evaluating the gcd because listing the divisors of large integers will be
very time-consuming. We need a much more efficient way of determining the gcd, which
we develop in the next section: the Euclidean Algorithm. However, the use of the Euclidean
Algorithm is based on the Division Algorithm which is discussed in this section.
Our aim in this section is to show there is a unique way of expressing any given integer
in terms of a quotient and remainder. (You will see what these terms mean below.)
1.2.1 Introduction to the Division Algorithm (procedure)
To introduce the concept of the quotient and remainder, we go back to long division. Let
us look at the simple case of 25 divided by 4:
6 Rem 1
4 25
−24
1
We can write this as
25 = 6 (4) + 1.
Here the number 6 is called the quotient, and 1 the remainder.

Of course, 25 can also be written as:
25 = 7 (4) − 3
25 = −5 (4) + 45
25 = 1 (4) + 21
⋮
In other words, there are infinitely many ways that we can write 25 as a multiple of 4 plus a
remainder. The question we wish to address is:
Is there a unique way of writing our integer in terms of a multiple and a remainder?
The answer is yes, and we achieve this by placing a restriction on the remainder; we require
that the remainder be greater than or equal to zero but less than what we are dividing by,
which in this case is 4. With this restriction, we have a unique way of dividing 25 by 4 which
is our first answer,
25 = 6 (4) + 1.
Before we look at proving this for the general case, we will consider some other examples.
Example 1.9
Express the following numbers in terms of quotient and remainder, where the remainder is the smallest
positive integer or zero (non-negative).
(a) 27 divided by 5 (b) 365 divided by 7 (c) −159 divided by 3
Solution
(a) We have 27 = 5 (5) + 2.
(b) Similarly, 365 = 52 (7) + 1.
(c) Finally, −159 = −53 (3) + 0.
In each of the above we have placed the quotient in front of the brackets.
We now generalize this result. Let a and b be any given integers with b ≥ 1. Then there
exists a quotient q and a remainder r, such that
a = bq + r.
The quotient q and remainder r for those cases given in Example 1.9 are:
(a) q = 5, r = 2 (b) q = 52, r = 1 (c) q = −53, r = 0
If we restrict the remainder r such that 0 ≤ r < b, then q and r are unique in the expression
a = bq + r, which we prove in the next Subsection 1.2.2.
We can look at this geometrically, as seen in Figure 1.1.
a=bq+r
0 b 2b qb
r
Figure 1.1 Geometric interpretation of the quotient and remainder expression of the integer a.
We choose our remainder r to be the smallest non-negative integer. The following exam-
ple is a demonstration of why we are interested in the smallest non-negative remainder.
Example 1.10
We have 51 litres of drink and we can get four portions out of each litre. There are 37 people at a party.
How many portions should we serve each person to be fair to everyone?
Solution
The total number of portions we have is 4 × 51 = 204. Writing this in the form a = bq + r where
0 ≤ r < b, with a = 204 and b = 37 gives
204 = 5 (37) + 19.
This means that to have a fair distribution of drinks we should serve each person five portions.
1.2.2 Proof of the Division Algorithm
We are now able to write down the general form of the Division Algorithm and prove it. The
proof of the Division Algorithm is challenging because it uses inequalities, Well-Ordering
Principle (WOP), and Without Loss of Generality (WLOG). The WOP and WLOG have
been explained in the Introductory Chapter, but in a nutshell:
Well-Ordering Principle:
Every non-empty subset of positive integers has a least element.
Without Loss of Generality means that instead of considering every case we consider
a particular case and the remaining arguments are similarly applied to the other cases.
In the proof we also use notation from set theory (see Introductory Chapter). We can
define a set using a rule; for example,
{x ∶ x is an even number }
such that
which would be read as ‘x such that x is an even number’. This set would be equivalent to
{2, 4, 6, 8, ⋯} where three dots (ellipsis), ⋯, show that the pattern continues and the above
colon, :, represents ‘such that’.
Division Algorithm (1.7). Given any integers a and b where b ≥ 1, then there exist unique
integers q called the quotient and r called the remainder such that
a = bq + r where 0 ≤ r < b.
We need to prove this result.
How?
The clue is in the statement; we need to show two things: 1) the existence of q and r and
2) the uniqueness of these integers.
Proof.
1) Existence
Let T be the set T = {a, a − b, a − 2b, a − 3b, ⋯}. Remember, b is our divisor so we can take
away multiples of b from a. Let S be the set which are the non-negative integers in T. We
can write the set S in compact notation as
S = {a − mb ∶ m is an integer and a − mb ≥ 0} .
Note that the set S will only contain non-negative integers.

To show that q and r exist, we need to show that the set S is non-empty (in other words,
that the set has some elements).
How do we show the set S is non-empty?
Select an integer m so that a − mb ≥ 0. Let m = − |a|.
Why?
Because substituting m = − |a| into a − mb gives
a − mb = a + |a| b ≥ 0 [Because b ≥ 1] .
This shows that S is non-empty. We can now apply the WOP to show that S has a least
element.
WOP implies that there exists a least element of the set S, say r, which is of course an
integer. We have r is a member of the set S, and furthermore it is the smallest number in
the set S, which implies there exists an integer m = q such that
r = a − mb = a − qb ≥ 0.
Showing that r is in the set is only part of the task; we also need to show that r < b.
How?
By contradiction, suppose r ≥ b.
So r − b ≥ 0, which implies it is in S and we are given that b ≥ 1, therefore
r − b < r.
But r is the smallest element of S and we have found a smaller element, r − b, which is also
in S, meaning we have a contradiction. Our supposition r ≥ b must be wrong, therefore
r < b. Hence 0 ≤ r < b.
(2) Uniqueness
How do we prove that the integers q and r are unique?
Suppose there also exist integers q′ and r ′ such that
a = bq′ + r ′ 0 ≤ r ′ < b. (∗)
We already have
a = bq + r 0 ≤ r < b. (∗∗)
What do we need to show?
We are required to show that q = q′ and r = r ′ .

Subtracting (∗∗) and (∗) gives
0 = b(q − q′ ) + (r − r ′ )
r ′ − r = b(q − q′ )
r′ − r
= q − q′ (1)
b
WLOG, assume that r ′ ≥ r. By the inequalities of (∗) and (∗∗) we have 0 ≤ r ′ − r < b and
we are given that b ≥ 1. Therefore, substituting this 0 ≤ r ′ − r < b into equation (1), we
have
r′ − r b
0≤ < = 1.
b b
r′ − r
From (1) we also have = q − q′ and q − q′ is an integer, therefore
b
0 ≤ q − q′ < 1.
The only integer that satisfies 0 ≤ q − q′ < 1 is 0, therefore
q − q′ = 0 ⇒ q = q′ .
Substituting this q − q′ = 0 into equation (1) gives r ′ = r, thus we see that both q and r are
unique.
We have proved not only that both q and r exist, but also that they are unique. This com-
pletes the proof of the Division Algorithm.

1.2.3 Applying the Division Algorithm
The Division Algorithm can also be applied to algebraic expressions in order to prove cer-
tain statements about integers, as the following examples demonstrate.
Example 1.11
Show that the square of any integer is of the form 3m or 3m + 1 where m is an integer.
Solution
Let n be any integer.
By applying the Division Algorithm (1.7):
For a and b there exist integers q and r such that a = bq + r where 0 ≤ r < b.
With b = 3 we can write any integer a = n as:
n = 3q + r where 0 ≤ r < 3.
Squaring both sides of this gives
2
n2 = (3q + r) = 9q2 + 6qr + r 2
=
⏟ 3 (3q2 + 2qr) + r 2 = 3k + r 2 where k = 3q2 + 2qr.
Factorizing
What values can r take?

r = 0, 1, and 2 because 0 ≤ r < 3.
Squaring r gives
r 2 = 02 , 12 , and 22 which gives 0, 1, and 4 respectively.
Substituting these r 2 = 0, 1, and 4 into the above n2 = 3k + r 2 gives
n2 = 3k, 3k + 1, and 3k + 4
= 3k, 3k + 1, and 3 (k + 1) + 1.
Note that n2 = 3 (integer) , 3 (integer) + 1, which says that any square number is of the form 3m or
3m + 1 where m is an integer.
Example 1.12
Show that the cube of any integer can only take one of the following forms:
9k, 9k + 1 or 9k + 8.
Solution
How do we show this result?
In the same manner as Example 1.11 by using the Division Algorithm (1.7):
For a and b there exist integers q and r such that a = bq + r where 0 ≤ r < b.
Applying this algorithm with b = 9 and a = n where n is any integer gives
n = 9q + r where 0 ≤ r < 9.
Taking the cube of this by using the binomial theorem (see Introductory Chapter) or expanding by
multiplying out,
3 3 2
n3 = (9q + r) =
⏟ (9q) + 3 (9q) r + 3 (9q) r 2 +r 3 = 9k + r 3 .
⏟⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⏟
By binomial = 9k where k is an integer
Since 0 ≤ r < 9 and r is an integer, it can only take the following values:
r = 0, 1, 2, 3, ⋯ , 7, and 8.
Finding the remainder r ′ for each of these cubes r 3 :
03 = 0 = 0 (9) + 0 gives r ′ = 0
13 = 1 = 0 (9) + 1 gives r ′ = 1
23 = 8 = 0 (9) + 8 gives r ′ = 8
33 = 27 = 3 (9) + 0 gives r ′ = 0
43 = 64 = 7 (9) + 1 gives r ′ = 1
53 = 125 = 13 (9) + 8 gives r ′ = 8
63 = 216 = 24 (9) + 0 gives r ′ = 0
73 = 343 = 38 (9) + 1 gives r ′ = 1
83 = 512 = 56 (9) + 8 gives r ′ = 8.
We see that r 3 can only have remainder values 0, 1, and 8 after dividing by 9. Hence the cube of any
integer has the form
n3 = 9k + r 3 = 9k, 9k + 1 or 9k + 8.
Example 1.13
Show that 3a2 − 1 is never a square number.

[Hint: The square of any integer is either of the form 3k or 3k + 1. See Example 1.11.]
Solution
By the hint, every square is of the form 3k or 3k + 1.
First consider the case where the square is of the form 3k.
Suppose 3a2 − 1 is a square number. Then
3a2 − 1 = 3k
3 (a2 − k) = 1.
This is impossible because 3 (integer) ≠ 1.

Similarly, consider the other case where the square is of the form 3k + 1:
3a2 − 1 = 3k + 1 implies 3 (a2 − k) = 2 [Re-arranging] .
We cannot have 3 (integer) = 2. Hence 3a2 − 1 is never a perfect square.

To close this statement, we extend the Division Algorithm (1.7) to a more general case
where we no longer require that b ≥ 1, but rather that b ≠ 0. This is given in Corollary (1.8)
below. A corollary is a result that follows from the main theorem or proposition. Generally,
it is a special case of the main result (see Introductory Chapter).
Corollary (1.8). Given any integers a and b with b ≠ 0, there exist unique integers q and r
such that
a = bq + r where 0 ≤ r < |b| .
Proof.
See Exercises 1.2, question 7.

Summary
Suppose we have any integers a and b ≥ 1, then there are unique integers q and r such that
a = bq + r where 0 ≤ r < b.
EXERCISES 1.2
(Brief solutions at end of book. Full 3. Prove by using the Division Algorithm
solutions available at <http://www.oup.co. that the fourth power of any integer is of
uk/companion/NumberTheory>.) the form 8k or 8k + 1.
1. Determine the quotient and remainder 4. Prove that for any integer a we have
in applying the Division Algorithm to 6 (a3 + 5a).
the following:
5. (i) Prove that 7 (a6 − 1) for any integer
(a) 31 divided by 4 a such that gcd (a, 7) = 1.
(b) −1001 divided by 12 (ii) Prove that for any integer a we have
(c) −10 001 divided by 137
7 (a7 − a).
2. Show that the square of any integer
6. Prove that for any integer a we have
looks like 4m or 4m + 1.
11 (a11 − a).
7. Prove Corollary (1.8).
.........................................................................................................
SECTION 1.3 Euclidean Algorithm

● solve linear equations
● obtain the gcd using the Euclidean Algorithm
E U C L I D E A N A LG O R I T H M ( 1 8 – 2 9 ) 19
1.3.1 Properties of the greatest common divisor (gcd)
Say we want to evaluate the gcd of 5291 and 3108; finding the common divisors of these
numbers is going to be cumbersome. We need to develop an efficient way to find the gcd of
such numbers (see Example 1.17 later in this section).
We introduce the Euclidean Algorithm, which provides an efficient way to find the gcd
of two integers. Computers use the Euclidean Algorithm or Stein’s Algorithm1 to evaluate
the gcd of two integers.
We begin by looking at equations of the form
ax + by = gcd (a, b) (a ≠ 0 or b ≠ 0),
where a, b, x, and y are integers.
Example 1.14
In Example 1.8 we found gcd (36, 60) = 12. Let us solve for integers x and y in
36x + 60y = 12.
Solution
We have a linear equation with two unknowns.
How can we solve this equation?
First, we divide through by 12, as it is a common factor. This simplifies to
3x + 5y = 1.
Now re-arrange to make y the subject:

1 − 3x
y= .
5
Remember that x and y are integers (they could be negative). We can choose any integer x such that
y is also an integer. For example, by letting x = 2 we have
1 − 3 (2)
y= = −1.
5
There are going to be many other pairs of x and y which work.
We can also solve the equation using graphs because 36x + 60y = 12 is equivalent to
1 − 3x
y= (see Example 1.14), which is a straight line as shown in Figure 1.2. As you
5
can observe from the graph, there are two integer points (pairs) which are on the line
36x + 60y = 12. For instance, we found the point (2, −1) in Example 1.14, but we could
also have found the solution x = −3, y = 2 which is the point (−3, 2).
Indeed, there are an infinite number of integer points on the line 36x + 60y = 12. This
leads us to ask:
1
https://en.wikipedia.org/wiki/Binary_GCD_algorithm.
4
36x + 60y = 12
2
(–3, 2)
x
–4 –2 2 4
(2, –1)
–2
–4
Figure 1.2 The graph shows two integer solutions to 36x + 60y = 12.
Can we always find integers x and y such that ax + by = g where g = gcd (a, b)?
It turns out that indeed we can, as we now prove.

Bézout’s Identity (1.9). There are integers x and y such that
ax + by = gcd (a, b) where a and b are not both zero.
We will show in the next section that integers of the form ax + by are multiples of the
gcd (a, b) (see Proposition (1.17) and Exercises 1.3, question 10).
First we show ax + by is a common divisor of a and b, and then we prove ax + by is the

largest of these common divisors.
Proof.
Common Divisor
Consider the set S given by
S = {ax + by ∶ ax + by > 0} where both integers a and b are not zero.
The set S is non-empty.
Why?
Let the integers x = a and y = b (we select these integers so that ax + by > 0), then
ax + by = a2 + b2 > 0 [Because a and b are not both zero].
Therefore S is non-empty, so by WOP:
Let d be the least element of the above set S.
This means there are integers x and y such that
ax + by = d. (∗)
To show that d is a common divisor of a and b, we make use of the Division Algorithm (1.7)
of the last section:
For integers m and n there exist q and r such that m = qn + r where 0 ≤ r < n.
We start by showing that d is a divisor of a by applying the Division Algorithm (1.7):
a = qd + r 0 ≤ r < d. (†)
Suppose r > 0, then transposing a = qd + r to make r the subject yields
r = a − qd.
Substituting ax + by = d from (∗) into this gives
r = a − q (ax + by) = (1 − qx) a − qyb

= a⏟
(1⎵−
⏟⎵ ⏟ +b (−qy)
qx) ⏟ >0 [Because r > 0] .
integer integer
This implies that r is in the set S because S is defined as
S = {ax + by ∶ ax + by > 0} .
But if r is in the set, then from (†) we have r < d. This is impossible because d is the least
element of S. Therefore our supposition r > 0 is wrong, which implies r = 0, and so a = qd,
which implies d a.
Similarly, by applying the Division Algorithm to integers b and d we can show that d b.
Hence d is a common divisor of a and b.
Largest Common Divisor

Next we show d to be the greatest common divisor, gcd, of a and b. Let c be another divisor
of both a and b, then
c (ax + by) ⏟
⇒ c d.
by (∗)
By Theorem (1.2) (e):
If a b and b ≠ 0 then |a| ≤ |b|.
It follows that as c d where c and d are both positive, so c ≤ d, which implies d must be the
greatest common divisor, gcd, of integers a and b. That is, d = gcd (a, b).
Thus by (∗) we have ax + by = gcd (a, b).

By the above proof we also have the following two results:
Proposition (1.10). Let gcd (a, b) = g. We have:

(i) If d a and d b then d g.
(ii) The gcd (a, b) = g is the least positive integer value of ma + nb where m and n range
over all the integers. (It is the least element in the set S given in the proof of Bézout’s
Identity (1.9).)
Proof.
See proof of Bézout’s Identity (1.9).

Proposition (1.11). Let gcd (a, b) = g. For any positive integer m we have
gcd (ma, mb) = mg.
Proof.

1.3.2 Relatively prime
We encountered the idea of two numbers being relatively prime back in Section 1.1. The
two integers 10 and 21 are relatively prime as they have no factor in common apart from 1.
The formal definition is:
Definition (1.12). Integers a and b not both zero are relatively prime (sometimes called
coprime) if
gcd (a, b) = 1.
Another example of relatively prime numbers is 5 and 13 because gcd (5, 13) = 1.
An important result concerning relatively prime numbers is Euclid’s Lemma. It is worth
learning this result, as it is used throughout number theory. Usually lemma means an in-
termediate result, or a result used to deduce an important theorem or proposition, but in
this case Euclid’s Lemma is a critical result in its own right. See Introductory Chapter for
an explanation of Lemma.
Euclid’s Lemma (1.13). If a (bc) with gcd (a, b) = 1 then a c.
Before we prove this, let us see it in action.

Example 1.15
Given 13 (5 × 1 604 938 257), show that 13 1 604 938 257.
Solution
Since gcd (13, 5) = 1, so by Euclid’s Lemma (1.13) we have 13 1 604 938 257.
Let us now prove the lemma.
Proof.
By Bézout’s Identity (1.9) given earlier:
if gcd (a, b) = g then there are integers m and n such that ma + nb = g,
there are integers m and n such that
ma + nb = 1 [Because we are given gcd (a, b) = g = 1].
Multiplying both sides by an integer, c, gives
cma + cnb = m (ac) + n (bc) = c. (∗)
Now we are given that a (bc), therefore there is an integer k such that
ak = bc.
Substituting this into (∗) gives
m (ac) + n(bc) = m (ac) + n (ak) =

⏟ a [mc + nk] =
⏟ c.
Factorizing By (∗)
This result a [mc + nk] = c implies that a × (integer) = c, so we have a c.

This completes our proof.

1.3.3 Applying the Euclidean Algorithm

Who was Euclid?
Euclid is famously known for his work The Elements, which is

also called Euclid’s Elements. This work has been used in
mathematics teaching for over 2000 years and was first
published as a book in 1482. Euclid’s Elements has been the
most popular mathematics textbook of all time.
Up until the 1970’s school mathematics in Britain consisted
of learning various parts of Euclid’s Elements. The concept of
mathematical proof and logical reasoning is what made this
work survive for so long.
Figure 1.3 Euclid (300 bc).

How are we going to find the greatest common divisor of 5291 and 3108?
Listing the divisors of each and looking for divisors which are common to both numbers will
take considerable time. We need a simpler approach—the Euclidean Algorithm. Generally
the Euclidean Algorithm is an extremely fast and efficient way of finding the gcd of two
integers because it just uses repeated division and subtraction and removes the need to find
all the factors of the two given integers. It is quicker and less tedious than finding all the
factors, especially if the integers are large.
Next, we describe the Euclidean Algorithm which is based on the repeated application of
the Division Algorithm (1.7) of the last section:
For integers a and b there exist q and r such that a = bq + r where 0 ≤ r < n.
We repeatedly apply the Division Algorithm to the two given integers a and b; the gcd of
these given integers a and b turns out to be the last non-zero remainder, as the next example
demonstrates.
Example 1.16
Determine gcd (666, 31).
Solution
We underline the remainder at each step for clarity.
Applying the Division Algorithm to 666 and 31 gives
666 = 21 (31) + 15.
The remainder is 15 which is non-zero, so we apply the Division Algorithm to 31 and 15:
31 = 2 (15) + 1.
Again, the remainder 1 is non-zero, so we continue to apply the Division Algorithm to 15 and 1:
15 = 15 (1) + 0.
Now we have a remainder of zero, which means we stop the process.

What is gcd (666, 31) equal to?
It is the last non-zero remainder which is 1. Hence gcd (666, 31) = 1, that is they are relatively prime.
The general Euclidean Algorithm procedure for a ≥ b ≥ 1 is given by:

1. Dividing a and b and applying the Division Algorithm gives
a = bq1 + r1 where 0 ≤ r1 < b.
2. If the remainder r1 = 0, then a = bq1 and gcd (a, b) = gcd (bq1 , b) = b. This means
we are done because we have found gcd (a, b) = b.
3. If r1 ≠ 0 then a = bq1 + r1 and we divide b by r1 . Writing this in terms of quotient q2

and remainder r2 gives
b = r1 q2 + r2 where 0 ≤ r2 < r1 .
4. If the remainder r2 = 0, then we are done. Otherwise we repeat the above process of
applying the Division Algorithm to r1 and r2 . We continue in this manner until we
get a remainder of zero.
5. The last non-zero remainder is the gcd of the given integers a and b.
We will prove step 2 below. However, prior to the proof of this we will demonstrate the
Euclidean Algorithm with an example.
Example 1.17
5291
By applying the Euclidean Algorithm, find gcd (5291, 3108) and simplify .
3108
Solution
Dividing 5291 by 3108 gives 5291 = 1 (3108) + 2183.
Since we do not have a zero remainder, we continue to apply the Division Algorithm until we get a
zero remainder:
5291 = 1 (3108) + 2183

3108 = 1 (2183) + 925
2183 = 2 (925) + 333
925 = 2 (333) + 259
333 = 1 (259) + 74
259 = 3 (74) + 37
Last non-zero remainder.
74 = 2 (37) + 0
The last non-zero remainder is 37, therefore
gcd (5291, 3108) = 37.
5291
How can we simplify the given fraction ?
3108
By Proposition (1.5) of Section 1.1:
a b
If gcd (a, b) = g then gcd ( , ) = 1.
g g
This implies that dividing the numerator 5291 and denominator 3108 by 37, which is the gcd, gives no
factors in common (apart from 1) after division. Therefore,
5291 143 × 37 143

= = [Cancelling 37′ s] .
3108 84 × 37 84
Thus 143/84 is the simplest fraction of 5291/3108, because by Proposition (1.5) we have
gcd (143, 84) = 1. So these numbers (143 and 84) are relatively prime.
We need to prove that the gcd of given integers a and b is equal to the gcd of b and r where
r is the remainder when we divide a by b. [This was step 2 of the Euclidean Algorithm.]
Proposition (1.14). If
a = bq + r where 0 ≤ r < b,
then g = gcd (a, b) = gcd (b, r).
Proof.
Let g1 = gcd (a, b) and g2 = gcd (b, r). We need to prove that g1 = g2 .
From g1 = gcd (a, b) we have g1 a, g1 b and we are given a = bq + r so g1 r.

Since g1 b and g1 r, so g1 is a common divisor of b and r so by the Definition (1.4):
(ii) if for any c we have c x and c y then c ≤ g where g = gcd (x, y),
we have g1 ≤ g2 because g2 = gcd (b, r).
Similarly, repeating the above process with g2 = gcd (b, r) we can deduce that
g2 ≤ g1 .
Hence g1 = g2 .

1.3.4 Solving linear equations
We can use the Euclidean Algorithm in reverse order to solve linear equations like
666x + 31y = gcd (666, 31) .
This is an example of a Diophantine equation, which we will describe in the next section.
In Example 1.16 we found gcd (666, 31) = 1. Thus this linear equation is
666x + 31y = 1.
It is going to have infinitely many solutions.
Why?
Drawing the graph of this straight line 666x + 31y = 1 is shown in Figure 1.4 on the next
page.
Any point on this straight line is a solution to 666x + 31y = 1. However, we are only
interested in integer solutions to this equation.
y
100
50
666x + 31y = 1
x
–4 –2 2 4
–50
–100
Figure 1.4 The graph shows an integer solution of the line 666x + 31y = 1.
How can we find integer solutions?
We can use Example 1.16 because we had:
666 = 21 (31) + 15 (∗)

31 = 2 (15) + 1 (∗∗)
From (∗∗) we have
1 = 31 − 2 (15)
= 31 − 2 (666 − 21 (31)) [By (∗)]
= 31 − 2 (666) + 42 (31) [Expanding the brackets]
= 43 (31) − 2 (666) [Collecting like terms] .
We have 31 (43) + 666 (−2) = 1. We wanted to solve 666x + 31y = 1.
What are the values of x and y?
Clearly x = −2 and y = 43. This is the point shown on the above graph in Figure 1.4. (This
is just one of infinitely many integer solutions.)
Example 1.18
Determine a particular integer solution of 5291x + 3108y = gcd (5291, 3108).
Solution
What are we trying to find?
The integer values of x and y which satisfy the given equation. We have already found the gcd of 5291
and 3108 in Example 1.17. We had the following (step numbers have been added):
(continued...)
5291 = 1 (3108) + 2183 (1)

3108 = 1 (2183) + 925 (2)
2183 = 2 (925) + 333 (3)
925 = 2 (333) + 259 (4)
333 = 1 (259) + 74 (5)
259 = 3 (74) + 37 (6)
37 was the last non-zero remainder, so gcd (5291, 3108) = 37. We use these six steps in reverse order
to obtain integer values of x and y such that
5291x + 3108y = 37.
From step (6) we can write 37 as
37 = 259 − 3 (74)
= 259 − 3 (333 − 259) [Using step (5)]
= 4 (259) − 3 (333) [Collecting like terms]
= 4 (925 − 2 (333)) − 3 (333) [Using step (4)]
= 4 (925) − 11 (2183 − 2 (925)) [Using step (3)]
= 26 (3108 − 2183) − 11 (2183) [Using step (2)]
= 26 (3108) − 37 (5291 − 3108) [Using step (1)]
From the last line we have 63 (3108) − 37 (5291) = 37.

What are the values of x and y in 5291x + 3108y = 37?
Re-writing 63 (3108) − 37 (5291) = 37 as
3108 (63) + 5291 (−37) = 37 yields x = −37 and y = 63.
The value 37 is the smallest positive integer value of 5291x + 3108y.
How do we know this?
Because of Proposition (1.10) (ii):

gcd (a, b) = g is the least positive integer value of ma + nb.
What can you say about the linear equation 5291x + 3108y = 36?
It has no integer solutions because the least value of this linear combination 5291x + 3108y
is 37.
Note that by applying the Euclidean Algorithm we can find the gcd of any two positive
integers, a and b, plus solve the linear equation
ax + by = gcd (a, b)
for integer solutions.
Summary
We use the Euclidean Algorithm to find the gcd of two numbers, a and b. By reversing the steps of the
Euclidean Algorithm we can solve the linear equation ax + by = gcd (a, b).
EXERCISES 1.3
(Brief solutions at end of book. Full 5. Given that gcd (a, b) = 1 and integers
solutions available at <http://www.oup.co. x0 and y0 are solutions to ax + by = 1,
uk/ companion/NumberTheory>.) determine an integer solution
to ax + by = c where c is an
1. By using the Euclidean Algorithm
integer.
determine:
6. Show that there is no integer solution
(a) gcd (156, 18) (b) gcd (129, 1011)
to the linear equation
(c) gcd (703, 111) (d) gcd (181, 232)
20x + 28y = 2.
2. Find a particular integer solution to
the linear equations: 7. Explain why there are no positive
(a) 156x + 18y = gcd (156, 18) integer solutions to
(b) 129x + 1011y = gcd (129, 1011) 5x + 6y = 1.
(c) 703x + 111y = gcd (703, 111)
[Hint: Sketch a graph.]
(d) 181x + 232y = gcd (181, 232)
8. Suppose 198 5x. Show that 198 x.
3. Determine the least positive integer
values of the following linear 9. Find different negative integers a and b
combinations (x and y are which satisfy the following:
integers):
(a) gcd (a, b) = 5
(a) 132x + 174y (b) 102x + 207y (b) gcd (a, b) = 100
(c) 99x + 1008y (d) 666x + 3020y (c) gcd (a, b) = 169
4. Find integers x and y in each of the 10. Prove that if there are integers x and y
following cases: such that ax + by = n then g n where
g = gcd (a, b).
(i) 314x + 785y = 157
(ii) 314x + 785y = 314 11. Prove that if integers a ≠ 0 and b such
(iii) 314x + 785y = −1570 that a b then gcd (a, b) = |a|.
12. (i) Prove that if a c and b c and (ii) Prove that if

gcd (a, b) = 1 then (a × b) c. gcd (a, n1 ) = gcd (a, n2 ) = ⋯
= gcd (a, nk ) = 1
(ii) Prove that if a1 c, a2 c, ⋯ , an c
then
and gcd (aj , ai ) = 1 where i ≠ j
then gcd (a, n1 × n2 ⋯ × nk ) = 1.
(a1 × a2 × ⋯ × an ) c. (iii) Prove that if gcd (a, b) = 1 then

gcd (an , bn ) = 1 where n is a natural
13. Prove that if gcd (a, b) = 1 then for any number.
d such that d a we have
16. Prove that if gcd (a, b) = 1 then
gcd (d, b) = 1.
gcd (a + b, ab) = 1.
14. Disprove the following:
17. *Prove Proposition (1.11).
a b2 ⇒ a b. 18. Let g = gcd (a, b) and d a, d b.

Prove that d g.
15. *(i) Prove that 19. Prove that
gcd (a, b) = gcd (a, c) = 1 gcd (a, b, c) = gcd (a, gcd (b, c))
⇔ gcd (a, bc) = 1.
where a, b, c are non-zero.
.........................................................................................................
SECTION 1.4 Linear Diophantine Equations

● solve Diophantine equations
● find general solutions of Diophantine equations
1.4.1 Introduction
The film Die Hard 3 contained the following scene2 :

On the fountain’s edge (infinite supply of water) there was an empty three-gallon con-
tainer and an empty five-gallon container.
2
https://www.youtube.com/watch?v=BVtQNK_ZUJg.
L I N E A R D I O P H A N T I N E E Q UAT I O N S ( 3 0 – 4 3 ) 31
The telephone message to Bruce Willis said that the only way to defuse the bomb was to
place exactly four gallons of water on the pressure-sensitive pad.
How can we get exactly four gallons of water with only three- and five-gallon containers?
We can formulate this problem as follows:

Let x and y be the number of times we fill (or empty) the five- and three-gallon containers
respectively. We have
4 − 5x
5x + 3y = 4 ⇒ y = [Transposing] .
3
We are only interested in integer solutions (whole gallons); with a bit of guesswork we try
x = 2, which gives
4 − 5x 4 − 5 (2)
y= = = −2.
3 3
This solution, x = 2 and y = −2, means that we fill the five-gallon container twice (x = 2)
and empty out the three-gallon container twice (y = −2). See Figure 1.5 for an illustration
of this:
Empty three gallons which leaves

Fill in the 5 gallon container. two gallons in the 5 gallon container.
5 gallon container 3 gallons

3 gallon container
2 gallons
Pour one gallon into the smaller

container until full. Empty 3 gallons and pour in 2 gallons.
Fill the 5 gallon container.
5 gallons 1 gallon
4 gallons
3 gallons
2 gallons
Figure 1.5
If x and y are integers then the above equation 5x + 3y = 4 is an example of a Diophantine

equation. In Diophantine equations we are only interested in integer solutions.
Diophantine equations are named after the Greek mathematician Diophantus.
Diophantus worked on equations and number theory.

However, when Diophantus was solving equations
he rejected negative and irrational solutions.
Not much is known about Diophantus’s life. We do
know that he lived in Alexandria, Egypt.
Figure 1.6 Diophantus (200–84 AD).
Definition (1.15). A general linear Diophantine equation with two variables is of the form
ax + by = c where the variables x and y are integers and both integers a and b are not zero.
This linear Diophantine equation ax + by = c may have no solution or infinitely many

solutions. These linear Diophantine equations are very important because they crop up
later in the book, especially when solving equations in Chapter 3.
In the last three chapters we discuss non-linear Diophantine equations which are much
harder to solve.
Example 1.19
Determine another integer solution to the above Diophantine equation, 5x + 3y = 4.
Solution
4 − 5x
From the previous page we have y = . By trial and error, let x = 5, then
3
4 − 5x 4 − 5 (5)
y= = = −7.
3 3
Hence x = 5 and y = −7 is another solution to 5x + 3y = 4. Check this.
Can we produce any other solutions to 5x + 3y = 4?
Yes. Let’s start with our first x solution, which we will call x0 . So x0 = 2 (on the previous
page) and we can write the general x solution as 2 plus any extra integer, say t, that will also
work as a solution to 5x + 3y = 4:
x = 2 + t where t is an integer.
4 − 5x
Substituting this x = 2 + t into y = gives
3
4 − 5 (2 + t) 4 − 10 − 5t −6 − 5t 5
y= = = = −2 − t.
3 3 3 3
We select t so that y is an integer. This means we can choose t to be any multiple of 3

because the fraction coefficient of t has a denominator of 3. If t = 3 we get the solution of
Example 1.19:
5 5
x = 2 + t = 2 + 3 = 5 and y = −2 − t = −2 − (3) = −7.
3 3
If t = 6 we have x = 2 + t = 2 + 6 = 8 and
5 5
y = −2 − t = −2 − (6) = −2 − 10 = −12.
3 3
We can write the general integer solution of 5x + 3y = 4 with t = 3m:
5 5
x = 2 + t = 2 + 3m and y = −2 − t = −2 − (3m) = −2 − 5m.
3 3
Hence the linear Diophantine equation 5x + 3y = 4 of the Die Hard problem has infinitely
many solutions; x = 2 + 3m, y = −2 − 5m for any integer m. This x = 2 + 3m, y = −2 − 5m
is the general solution of 5x + 3y = 4.
Example 1.20
Suppose in the Die Hard problem we had three-gallon and six-gallon containers and we wanted to
place exactly five gallons of water on the sensitive pad.
How is this possible?
Solution
We first formulate the problem. Let x and y be the number of times we fill the three- and six-gallon
containers respectively. We have the Diophantine equation
3x + 6y = 5.
Re-arranging this to make y, the subject gives
5 − 3x 5 1
y= = − x.
6 6 2
If x is a multiple of 2 then y would still not be an integer because we would have to add 5/6.
By the previous section on the Euclidean Algorithm we know we have solutions if we have
ax + by = g where gcd (a, b) = g.
We can also solve for any multiple of g, which means we can find integer solutions for
ax + by = mg.
For the given equation 3x + 6y = 5 the gcd of 3 and 6 is 3, but the right-hand side 5 is not a multiple
of 3.
Actually, we will show later that the given equation has no solutions.
Hence it is impossible to measure five gallons of water with only three- and six-gallon containers.
In this case, the straight line 3x + 6y = 5 never crosses an integer grid point:
2
3x + 6y = 5
x
–10 –8 –6 –4 –2 2 4 6 8 10
–2
–4
Figure 1.7 Note the line 3x + 6y = 5 misses the integer grid points.
None of the points (x, y) on this line have both x and y integer entries. This means that
the Diophantine equation 3x + 6y = 5 has no solution, because for Diophantine equations
we are only interested in integer solutions.
1.4.2 General Diophantine equations
Proposition (1.16). Let x0 and y0 be a solution to the Diophantine equation
ax + by = c.
Then x = x0 + bt and y = y0 − at, where t is any integer, is also a solution to this equation.
(The Die Hard problem gave the solution x = 2 + 3m, y = −2 − 5m.)
Proof.
As we are given that x0 and y0 is a solution to ax + by = c, therefore we have
ax0 + by0 = c. (∗)
Substituting x = x0 + bt and y = y0 − at into ax + by gives
ax + by = a (x0 + bt) + b (y0 − at)

= ax0 + abt + by0 − bat [Expanding]
= ax0 + by0 = c [By (∗)] .
Thus x = x0 + bt and y = y0 − at for any integer t is a solution to ax + by = c.

As t can be any integer in the above, x = x0 + bt and y = y0 − at, so we have infinitely many
solutions to ax + by = c provided we have some initial solution x0 and y0 .
Example 1.21
Solve the following for integer solutions:
30x + 29y = 1.
Solution
Clearly gcd (30, 29) = 1. By trial and error our solution is
x0 = 1 and y0 = −1.
Because 30 (1) + 29 (−1) = 1.

Are there any other solutions?
Yes. By the previous Proposition (1.16) with a = 30 and b = 29 we have that
x = x0 + bt = 1 + 29t and y = y0 − at = −1 − 30t
are also solutions to the given equations. Thus
x = 1 + 29t and y = −1 − 30t
for any integer t is the general solution of 30x + 29y = 1.

We can substitute any integer value for t and obtain particular integer solutions:
t x = 1 + 29t y = −1 − 30t
1 x = 1 + 29 = 30 y = −1 − 30 = −31
2 x = 1 + (29 × 2) = 59 y = −1 − (30 × 2) = −61
3 x = 1 + (29 × 3) = 88 y = −1 − (30 × 3) = −91
−1 x = 1 + 29 (−1) = −28 y = −1 − 30 (−1) = 29
−2 x = 1 + 29 (−2) = −57 y = −1 − 30 (−2) = 59
You may like to check that each of these x and y values satisfies the given equation
30x + 29y = 1.
As t can take on any integer value, we have infinitely many solutions to the given equation,
30x + 29y = 1.
Figure 1.8 on the next page shows the x, y values from the above table plotted on a graph. We see that
the line 30x + 29y = 1 intersects all these points, showing that they are solutions to the equation.
Proposition (1.17). Let gcd (a, b) = g. The Diophantine equation ax + by = c has integer
solutions ⇔ g c.
What does this proposition mean?
The integer ax + by is a multiple of gcd (a, b) = g.

y
(–57, 59)
50
30x + 29y = 1
(–28, 29)
x
–60 –40 –20 20 40 60 80
(30, –31)
–50 (59, –61)
–100 (88, –91)
Figure 1.8 Some of the integer solutions to 30x + 29y = 1.
How do we prove this?
We have an ⇔ in the statement so we need to prove this both ways, ⇒ and ⇐.
Proof.
(⇒). We assume ax + by = c has integer solutions and then deduce g c.
Suppose there are integers x and y such that ax + by = c. Since gcd (a, b) = g, so g a and
g b. By Proposition (1.3):
If c a and c b then c| (ax + by) for any integers x and y.
Applying this Proposition (1.3) to g a and g b gives
g (ax + by) .
Since ax + by = c, so g c [or c is a multiple of gcd (a, b) = g].
(⇐). For this part, we assume g c and deduce ax + by = c has integer solutions.
Consider the linear equation
ax + by = g.
By Bézout’s Identity (1.9) of the last section:
If gcd (a, b) = g then there are integers x and y such that ax + by = g.
Let us nominate these integers x0 and y0 . Therefore,
ax0 + by0 = g. (†)
Now consider the given equation ax + by = c. [This time on the right-hand side we have c
instead of g.]
We have g c, so there is an integer m such that gm = c. Multiplying x0 and y0 by m gives

x0 m and y0 m respectively. Substituting x = x0 m and y = y0 m into ax + by gives
ax0 m + by0 m = ⏟⎵ 0 + by
(ax⎵⏟⎵ ⎵⏟0 ) m = gm = c.
=g by (†)
Hence x = x0 m and y = y0 m is an integer solution to ax + by = c.

Note that this proposition is also saying that if g does not divide c, in symbolic notation
g c, then ax + by = c has no integer solutions. The Diophantine equation of Example 1.20,
3x + 6y = 5,
has no solutions because gcd (3, 6) = 3 and 3 does not divide 5.
Example 1.22
Determine which of the following Diophantine equations have integer solutions:

(a) 5x + 10y = 3 (b) 4x + 12y = 14 (c) 21x − 35y = −7 (d) 108x + 99y = 45
Solution
In each case we use the previous Proposition (1.17); check that gcd (a, b) divides c.
(a) The gcd (5, 10) = 5 and 5 3, so by the previous Proposition (1.17)
5x + 10y = 3 has no integer solutions.
(b) Similarly, gcd (4, 12) = 4 but 4 14, so the given equation 4x + 12y = 14 has no integer
solutions.
(c) We have gcd (21, −35) = 7 and 7 (−7), so 21x − 35y = −7 has solutions.
(d) Also gcd (108, 99) = 9 and 9 45, so 108x + 99y = 45 has solutions.
Proposition (1.17) only tells us whether there is a solution, but does not give us the
solution. The next proposition stipulates how we can find integer solutions to a linear
Diophantine equation from an initial solution.
Proposition (1.18). Let gcd (a, b) = g. If g c and x0 , y0 are particular solutions of the
equation
ax + by = c,
then all the other solutions of this equation are given by
b a
x = x0 + ( ) t and y = y0 − ( ) t where t is any integer.
g g
Proof.
Let x ′ and y ′ be a solution of ax + by = c. Therefore, we have
ax ′ + by ′ = c.
Since we are given that x0 , y0 are solutions, so ax0 + by0 = c. Equating these last two equa-
tions because both are equal to c yields
ax ′ + by ′ = ax0 + by0 = c.
Collecting like terms on one side:
a (x ′ − x0 ) = b (y0 − y ′ ) .
Dividing both sides of this by gcd (a, b) = g gives

a ′ b
(x − x0 ) = (y0 − y ′ ) . (∗)
g g
a b a |b
Since we have (integer) = (y0 − y ′ ), so || (y0 − y ′ ) . By Proposition (1.5):
g g g g
a b
if gcd (a, b) = g then gcd ( , ) = 1,
g g
a b
we have gcd ( , ) = 1. Applying Euclid’s Lemma (1.13):
g g
if k | (m × n) with gcd (k, m) = 1 then k | n,

a |b
| (y − y ′ ) gives ||| (y0 − y ′ ). Therefore, there is an integer t such that
a
to
g |g 0 g
a a
t = y0 − y ′ implies y ′ = y0 − t.
g g
a
We have one of our results, y = y ′ = y0 − ( ) t.
g
a
Substituting t = y0 − y ′ into (∗) gives
g
a ′ b a
(x − x0 ) = ( t) .
g g g
a
Cancelling from both sides yields
g
b b
x ′ − x0 = t implies x ′ = x0 + t = x.
g g

Example 1.23
Determine all the integer solutions of 30x + 35y = 565.
Solution
Applying the Euclidean Algorithm to 35 and 30 gives
35 = 30 + 5
30 = 6 (5) + 0.
Therefore, gcd (30, 35) = 5. Since 5 565, so the given equation 30x + 35y = 565 has integer
solutions.
Re-arranging the above gives 35 − 30 = 5.
We can solve the equation 30x1 + 35y1 = 5 because 30 (−1) + 35 (1) = 5, so
x1 = −1 and y1 = 1.
But how do we find a solution to 30x + 35y = 565?

Since 5 × 113 = 565, we multiply x1 = −1 and y1 = 1 by 113 which gives x0 = −113 and y0 = 113
respectively. Using the previous Proposition (1.18):
b a
x = x0 + ( ) t and y = y0 − ( ) t
g g
with a = 30, b = 35, g = 5, x0 = −113 and y0 = 113 gives:
b 35
x = x0 + ( ) t = −113 + ( ) t = −113 + 7t and
g 5
a 30
y = y0 − ( ) t = 113 − ( ) t = 113 − 6t.
g 5
The general solution of the given equation 30x + 35y = 565 is x = 7t − 113 and y = 113 − 6t where t
is any integer.
(You can select particular values of t to find particular solutions. For example, substituting t = 0 into
the above gives our initial solution x0 = −113 and y0 = 113.)
In a real-life problem, we generally need to restrict the values of the variables. For exam-
ple, the variables x and y may need to be positive. We place a restriction on our integer t,
which produces positive x and y values.
How do we cater for this restriction in mathematics?
By inequalities. You will need to know how to solve inequalities for the next example. They
were discussed in the Introductory Chapter.
Example 1.24
A bookstore places a total order of £565 on two kinds of books. A softback book costs £30 and a
hardback book costs £35.
How many hardback and softback books were ordered?
(continued...)
Solution
Formulating the equation gives
30x + 35y = 565
where x and y are the number of softback and hardback books ordered respectively.
This is the Diophantine equation of the previous example and we found the general solution to be
x = 7t − 113 and y = 113 − 6t.
In this case, we cannot let t take any integer value.

Why not?
Because x and y represent the number of books ordered, so they must be positive or zero. We need to
find which integer t gives positive or zero values of x and y. We are required to solve the inequalities
x = 7t − 113 ≥ 0 and y = 113 − 6t ≥ 0.
Solving the first inequality
113
7t − 113 ≥ 0 ⇔ 7t ≥ 113 ⇔ t ≥ = 16.14 (2dp).
7
Similarly,
113 113
113 − 6t ≥ 0 ⇔ 113 ≥ 6t ⇔ ≥ t or t ≤ = 18.83 (2dp) .
6 6
Hence t is an integer between 16.14 and 18.83.
What integer values can t take?
t = 17 or t = 18. Substituting t = 17 into x = 7t − 113 and y = 113 − 6t gives
x = (7 × 17) − 113 = 6 and y = 113 − (6 × 17) = 11.
Substituting the other integer value t = 18 into x = 7t − 113 and y = 113 − 6t gives
x = (7 × 18) − 113 = 13 and y = 113 − (6 × 18) = 5.
We have two solutions: x = 6, y = 11 or x = 13, y = 5. This means we have either ordered six soft-
back and 11 hardback books or 13 softback and five hardback books.
Note that in the Die Hard problem the integers x and y could be negative (pour out) as well
as positive (fill) and zero (empty). Any restriction on the integers x and y in a Diophantine
equation depends on the practical problem. For example:
Suppose you go shopping to buy some hotdogs and buns. If we let x and y be the
number of hotdogs and buns respectively then these variables must be positive or zero,
as we can’t leave the shop with a negative number of buns or hotdogs.
Next we state how to find solutions of a special Diophantine equation ax + by = c where
a and b are relatively prime.
Corollary (1.19). Let gcd (a, b) = 1 (relatively prime) and x0 , y0 be particular solutions of
the equation
ax + by = c.
Then all the other solutions of this equation are given by x = x0 + bt and y = y0 − at where
t is any integer.
Proof.

Summary
An example of a two-variable linear Diophantine equation is
ax + by = c.
We say this equation has a solution if there are integers x and y which satisfy this equation.
There exist solutions to this equation provided g c where gcd (a, b) = g. The general solution of
b a
this equation is given by x = x0 + ( ) t and y = y0 − ( ) t where t is any integer and x0 , y0 are
g g
particular solutions.
EXERCISES 1.4
(Brief solutions at end of book. Full purchase with £20, leaving no change.
solutions available at <http://www.oup.co. You must buy at least one of each.
5. Suppose in the Die Hard problem we
1. Find the general solution have four- and five-gallon containers
of the following Diophantine and we want to measure exactly three
equations: gallons. How can we do this?
(a) 2x + 3y = 5 6. Assume there are one hundred pence
(b) 3x + 6y = 9 in the pound (£). Using just 5p (£0.05)
(c) 15x − 20y = 10 and 10p (£0.10) pieces, how many of
each do you need in order to pay a
2. Determine whether the following
parking meter charge of £3.10.
equations have integer solutions. If
they do have solutions, find the general 7. Assume there are one hundred pence
solution: in the pound (£). First-class stamps
cost 60p (£0.60) and second-class
(a) 2x + 4y = 1
stamps cost 50p (£0.50) each.
(b) 48x + 56y = 32
What combination(s) of stamps can
(c) 54x + 180y = −72
you get for exactly £50, leaving no
3. Solve the following Diophantine change?
equations for general solutions, if
8. Each hotdog costs £0.24 and each bun
possible:
costs £0.14. List the combination(s) of
(a) 101x + 600y = 1001 hotdogs and buns that can be
(b) 181x + 232y = −100 purchased with exactly £5.
[For (b) see Exercises 1.3, 9. An ATM machine distributes £10 and
question 2 (d).] £20 notes. If you ask for £100, what
possible combinations of £10 and £20
4. A collection of bars costs £2 and a
notes can you get?
collection of rolls costs £3. List the
number of bars and rolls you can 10. Prove Corollary (1.19).
11. Prove that ax + by = 1 has integer 15. Let a ≠ 0 and consider the linear
solutions ⇔ gcd (a, b) = 1. equation ax + may = na. Prove that if
x0 , y0 is a particular solution of this
12. Let gcd (a, b) > 1. Show that the
equation then the general solution
equation ax + by = 1 has no solutions.
is given by x = x0 + mt and
13. Show that 45x + 81y = 1 has no y = y0 − t.
solutions.
16. Prove or disprove the following
14. Prove the following result: statements:
Let gcd (a, b) = 1 and a positive (a) If d a and d b, then the
integer k divides c. Let x0 , y0 be Diophantine equation ax + by = c
particular solutions of the equation has solutions.
akx + bky = c. (b) If d a, d b and d c, then the
Then all the other solutions of this Diophantine equation ax + by = c
equation are given by has solutions.
b a (c) The Diophantine equation
x = x0 + ( ) t and y = y0 − ( ) t
k k ax + (a + 1) y = 1 has solutions.
where t is any integer.
.........................................................................................................
Supplementary Problems 1
(Brief solutions at end of book. Full (b) −1007 divided by 20

solutions available at <http://www.oup.co. (c) −1 000 001 divided by 999
uk/companion/NumberTheory>.) 1.5. Determine the divisors of the
1.1. Find the gcd (69, 161). Simplify the following integers:
161 (a) 100 (b) −100 (c) 200
fraction .
69
1.2. (i) Find an integer solution to the 1.6. Which of the following are true:
equation 57x + 76y = gcd (57, 76). (a) 6 66 (b) 6 0 (c) 7 / 17
(ii) Find an integer solution to the (d) 7 / 98 (e) 0 7
equation 57x + 76y = 95. 1.7. Are there integers a, b, and c such
1.3. Find particular integer solutions to
that a (b × c) but a / b and a / c?
the following linear equations: 1.8. Explain what is meant by relatively
(a) 63x + 99y = gcd (63, 99) prime integers.
(b) 2014x + 2015y = gcd (2014, 2015) 1.9. Prove that 5 (n5 − n).
(c) (i) 2015x + 39y = gcd (2015, 39) 1.10. Prove that the cube of any integer is
(ii) 2015x + 39y = − gcd (2015, 39) of the form 7k or 7k ± 1.
1.4. Determine the quotient and [Hint: Use the Division Algorithm.]
remainder in applying the Division 1.11. Prove or disprove the following:
Algorithm to the following:
(a) 37 divided by 4 a b and b a implies a = b.
1.12. Disprove the following: 1.18. (i) Determine

gcd (1 000 001, 1 122 211).
a b and a bc ⇒ a c.
(ii) Let x and y be integers. Find the
In which case is this true? smallest positive value of
1.13. Prove d a and d b then d 2 ab. 1 000 001x + 1 122 211y.

1.14. Prove that the fourth power of an
(iii) Find an integer solution of
odd integer is of the form 16k + 1.
1.15. Show that there is no integer solution 1 000 001x + 1 122 211y = 202.
to the linear equation 6x + 30y = 4.
1.19. Let gcd (a, b) = 1. Prove that for
1.16. Explain what is wrong with the every integer c, the following
following: −2 4 implies that Diophantine equation ax + by = c
has integer solutions.
gcd (−2, 4) = −2.
1.20. Determine the general integer
1.17. Determine the first error, if any, in the solution in the variable t of the
following derivation (you must give Diophantine equation
reasons why you think there is an
error): 2014x + 2015y = 2016.
Step A Let n be an integer, then we Find a particular solution for t = 1.
can write this as 1.21. A fish and chip shop charges £2.80
for fish and £0.90 for a portion of
n = 4q + r where 0 ≤ r < 4.
chips. One evening the receipts were
Step B The fourth power of this £200.
integer is given by (i) What could be the least portion
4 4 3 2 of chips sold?
(4q + r) = (4q) + (4q) r + (4q) r 2 (ii) What could be the most portion
+4qr 3 + r4 of chips sold?
1.22. Prove that if a c but a (bc) then
= 4m + r4
gcd (a, b) > 1.
where
1.23. Prove that if an bn then a b where
m = 43 q4 + 42 q3 r + 4q2 r 2 + qr 3 .
a,b, and n are natural numbers.
Step C Considering the various 1.24. Prove that if a (b1 × b2 × ⋯ × bn )
reminders r we have and gcd (a, b1 ) = gcd (a, b2 ) = ⋯
= gcd (a, bn−1 ) = 1
4
(4q + r) = 4m + r4 = 4k or 4k + 1. (pairwise prime) then a bn .
..............................................................................................................................
2 Primes and Factorization

..............................................................................................................................
SECTION 2.1 Introduction to Primes

● understand the importance of primes
● prove some properties of primes
The aim of this chapter is to discuss primes, which are essential to understanding positive
integers. In this chapter we prove the Fundamental Theorem of Arithmetic which says that
every positive integer greater than 1 can be factorized into primes in a unique way. The
Fundamental Theorem of Arithmetic does not provide the factorization of the given integer,
but just stipulates that a factorization does exist.
In Section 2.2 we will show a technique of how to factorize a given integer into its primes.
We also discuss unsolved problems regarding the primes and examine their distribution in
Section 2.3.
We finish this chapter by establishing a technique for finding the least common multiple,
LCM, and gcd of two given integers. This technique relies on us first converting the given
integers into primes.
2.1.1 Importance of primes
Number theory is the study of integers, particularly the study of positive integers. Prime
numbers are central to this.
What is a prime number?
Definition (2.1). An integer p greater than 1 is called a prime number, or prime if its only
divisors are 1 and p. An integer greater than 1 that is not prime is called composite.
This definition implies that every integer greater than 1 is either a prime or a composite
number.
Examples of prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23, . . .
Examples of composite numbers are 4, 6, 8, 9, 10, 12, 14, 15, . . .
Note that the only even prime is 2.
46 2 P R IM ES A ND FAC TO R I Z AT I O N
Why are primes important?
For over 4000 years, number theory had no serious application. Then in the 1970s with
the advent of the digital computer came lots of applications for number theory. One such
application is the encryption of messages—the protection of messages so that they can only
be read by the recipient. This study of secure communication is called cryptography.
Encrpytion Decyption
Hello ?98@5678 Hello
Public key Private key

Figure 2.1 Public-key encryption.
Public-key encryption transforms a text message into something which makes no sense,
mostly changing letters to numbers by using a public key. The message is transformed back
to the original message by a private key and this process is called decryption.
These keys are large numbers.
What makes this large number key secure?
It is easy to multiply two large primes, p and q, to get a new number, n, that is n = p × q.
However, it is very difficult to go the other way, that is, given n, to factorize it into its large
prime factors p × q.
For example, multiplying the two primes 23 456 761 and 9 876 543 139 gives
23 456 761 × 9 876 543 139 = 231 671 711 917 712 779.
However, factorizing the right-hand side—231 671 711 917 712 779—is a difficult task un-
less you know the above primes give this answer.
Consider the following analogy: imagine there are thousands of different-coloured paint
cans and we mix two different-coloured paints. If we asked someone which two colours
were mixed by just showing them the final paint can, they would find it very difficult to
tell us.
Decrypting the message relies on factorizing the number n into two large prime factors,
p and q.
Is there any other real-life application of prime numbers?
Yes. Cicadas are insects which hibernate underground. Scientists believe that their lifecycle
has evolved in a way that allows them to minimize encounters with predators. They emerge
every 13 or 17 years. Once out of hibernation they mate and die, while the newborn cicadas
head for underground hibernation.
They have one shot at breeding and then they die.
I NT R O D U C T I O N TO P R I M E S ( 4 5 – 5 3 ) 47
If the cicadas emerged every eight years, then the predators with lifespans of one, two,
four, and eight years will coincide with the availability of cicadas. This could drive the
cicadas to extinction. Having a prime number of years of hibernation (13 or 17) ensures
predators are less likely to catch them.
2.1.2 Fundamental Theorem of Arithmetic
The Fundamental Theorem of Arithmetic is one of the most important results in mathe-
matics and claims the following:
Every integer greater than 1 is either a prime or a product of primes which is written
uniquely apart from the order.
We will prove this later in this section.
Examples of this are:
3 = 3, 10 = 2 × 5, 20 = 22 × 5, 100 = 22 × 52 , 101 = 101, . . . .
The Fundamental Theorem of Arithmetic says that the factorization of an integer greater
than 1 into primes is unique apart from the order.
What does this mean?
If we consider 100 = 22 × 52 , then 2 and 5 are the only primes which when multiplied to-
gether several times give 100. There are no other primes in the factorization of 100. Of
course, we can write
100 = 22 × 52 = 2 × 2 × 52 = 5 × 5 × 2 × 2 = . . .,
but this just changes the order of multiplication. The prime numbers 2 and 5 are the building
blocks of 100 (see Figure 2.2).
100
22 52
2 2 5 5
Figure 2.2
This fundamental theorem says that every integer greater than 1 is either a prime number
or can be made up by a product of primes. This means that primes are the building blocks
of the positive integers.
2.1.3 Properties of primes
Now we examine the divisors or factors of a positive integer greater than 1. For example
(recall from Chapter 1, a b implies a is a divisor of b):
2 364 implies that 2 (4 × 91) which implies 2 4.
Note that 2 is a prime number. Similarly, 7 is a prime and
7 98 ⇒ 7 (49 × 2) ⇒ 7 49.
In general, we have:
Proposition (2.2). If p is prime and p (a × b) then p a or p b.
Proof.
If p a then we have our result.
Suppose prime p does not divide a, that is p a, then gcd (a, p) = 1.
Why?
Let gcd (a, p) = g, then g p but the only factors of p are 1 and p because p is prime. This
implies that g = p or g = 1.
Also g a because g is a common divisor of a and p, so g ≠ p [not equal] because we are
supposing p does not divide a. Hence
g = gcd (a, p) = 1.
We are given p (a × b) and we need to show p b because our supposition is p a.
How do we show this?
We use Euclid’s Lemma of the last Chapter (1.13):

If x (y × z) and gcd (x, y) = 1 then x z.
Applying this to p (a × b) with gcd (a, p) = 1 gives p b. This completes our proof.

Next, we prove a corollary which extends the above proposition. We can extend this
Proposition (2.2) to a product of more than two terms:
Corollary (2.3). If p is prime and p (a1 × a2 × a3 × ⋯ × an ) then p a1 or p a2 or . . . or

p an .
We can prove this result by using mathematical induction. Remember the three steps of
induction from the Introductory Chapter:
Step 1: Check the result holds for some base case n = k0 .

Step 2: Assume the result is true for n = k.
Step 3: Use steps 1 and 2 to prove the result for n = k + 1.
Proof.
Step 1: With p (a1 × a2 ) we get p a1 or p a2 by Proposition (2.2).
Step 2: Assume the result is true for n = k:
p (a1 × a2 × a3 × ⋯ × ak ) implies that p a1 or p a2 or . . . or p ak .
Step 3: We are required to prove this result for n = k + 1, that is we need to prove that
p (a1 × a2 × ⋯ × ak × ak+1 ) implies that p a1 or . . . or p ak+1 .
We have p (a1 × a2 × a3 × ⋯ × ak × ak+1 ), which implies that
p (a1 × a2 × a3 × ⋯ × ak ) × ak+1 .
Applying the previous Proposition (2.2) to p (a1 × a2 × a3 × ⋯ × ak ) × ak+1 gives
p (a1 × a2 × a3 × ⋯ × ak ) or p ak+1 .
From p (a1 × ⋯ × ak ) it follows by step 2 that p a1 or . . . or p ak . Combining these results

with the above yields
p (a1 × a2 × ⋯ × ak × ak+1 ) which implies p a1 or p a2 , . . . , p ak or p ak+1 .
By mathematical induction we have our result.

If the a’s in this Corollary (2.3) are prime then p is equal to one of the a’s. For example,
7 (p1 × p2 × ⋯ × pk ) then one of the p’s is equal to 7.
We can generalize this:
Corollary (2.4). If p, q1 , q2 , q3 , ⋯ , qn are all primes and p (q1 × q2 × q3 × ⋯ × qn ) then

p = qk where qk is one of the primes amongst the list q1 , q2 , q3 , ⋯ , qn .
Proof.
We are given that p (q1 × q2 × q3 × ⋯ × qn ) where q’s are prime. Applying the previous
Corollary (2.3):
If p is prime and p (a1 × a2 × ⋯ × an ) then p a1 or p a2 or . . . or p an .
To p (q1 × q2 × q3 × ⋯ × qn ) implies that p qk where qk is one of the primes in the list

q1 , q2 , q3 , ⋯ , qn . Since qk is prime, the only divisors of this are 1 and qk . Therefore, from
p qk we have p = qk because both p and qk are prime.

Note that this result (2.4) is not valid for composite divisors. For example,
6 (2 × 3 × 7) but 6 ≠ 2, 6 ≠ 3, and 6 ≠ 7.
2.1.4 The proof of the Fundamental Theorem of Arithmetic
Before we state and prove the Fundamental Theorem of Arithmetic we look at some nu-
merical examples so that we can have an intuitive appreciation of the existence of prime
factorization.
For example, the following shows the prime factors of various numbers:
360 = 2 × 2 × 2 × 3 × 3 × 5 = 23 × 32 × 5
1 000 000 = 26 × 56
1 000 001 = 101 × 9901
2 789 865 215 = 5 × 557 973 043.
We use the Well-Ordering Principle (WOP) and Without Loss of Generality (WLOG) to
prove the theorem and these were discussed in the Introductory Chapter.
Fundamental Theorem of Arithmetic (2.5). Every integer n greater than 1 is either a prime
or can be written uniquely as the product of primes apart from the order.
First, we prove that n is a product of primes and then we show that this representation is
unique apart from the order.
Proof.
Proof that n is a product of primes (Existence Proof):
Either n > 1 is prime or composite. If n is a prime, then we are done.
If n is composite then it has a divisor, say d > 1, which implies d n.
Let S be the set of positive divisors greater than 1 of n. Then S is non-empty because d is
in S as d n.
Amongst this set S of positive divisors there must be a smallest divisor, call this p1 , of n.
Why?
Because of the WOP:

This p1 must be prime, otherwise we would have a smaller divisor of n. Since p1 n, we
can write n as
n = p1 × n1 where n1 is an integer.
If n1 is prime, then we have shown that n is a product of primes and only need to prove
uniqueness.
If n1 is composite, then we can repeat the above process.
Let p2 be the smallest divisor of n1 and, as above, p2 must be prime. Hence p2 n1 , so
n1 = p2 × n2 where n2 is an integer.
Substituting this n1 = p2 × n2 into the above n = p1 × n1 gives
n = p1 × p2 × n2 .
If n2 is prime, then we have our product of primes. If n2 is composite, then repeating the
above process we have
n = p1 × p2 × p3 × n3 .
This cannot continue forever because
n > n1 > n2 > n3 > ⋯ > nk > 1
(n has a finite number of prime divisors), there must be an integer, nk say, where nk is prime,
that is nk = pk . We have
n = p1 × p2 × p3 × ⋯ × nk = p1 × p2 × p3 × ⋯ × pk .
Hence, we have shown that n is a product of primes.

Uniqueness:
Suppose that
n = p1 × p2 × p3 × ⋯ × pr = q1 × q2 × q3 × ⋯ × qs (†)
where the p’s and q’s are prime and they are written in descending order, that is
p1 ≥ p2 ≥ p3 ≥ ⋯ ≥ pr and q1 ≥ q2 ≥ q3 ≥ ⋯ ≥ qs . (∗)
Without Loss of Generality (WLOG) assume s ≥ r.

By (†) we have p1 × (p2 × p3 × ⋯ × pr ) = q1 × q2 × q3 × ⋯ × qs , which implies
p1 (q1 × q2 × q3 × ⋯ × qs ) .
Applying the previous Corollary (2.4):

If p, q1 , q2 , q3 , ⋯ , qn are all primes and p (q1 × q2 × q3 × ⋯ × qn ) then p = qk .
To this p1 (q1 × q2 × q3 × ⋯ × qs ) yields
p1 = qk where qk is one of the primes in the list q1 , q2 , q3 , ⋯ , qs .
Since qk is an element in the ordered list it follows from (∗) that q1 ≥ qk (since q1 was the
largest element), and so p1 = qk ≤ q1 which implies p1 ≤ q1 .
Going the other way, that is by (†), we have q1 × (q2 × ⋯ × qs ) = p1 × p2 × ⋯ × pr which
implies
q1 (p1 × p2 × p3 × ⋯ × pr ) .
Again, by Corollary (2.4):

q1 = pm where pm is one of the primes in the list p1 , p2 , p3 , ⋯ , pr .
This q1 = pm implies that q1 ≤ p1 because by (∗), p1 is the largest prime in the list
p1 , p2 , p3 , ⋯ , pr .
The only way that both p1 ≤ q1 and q1 ≤ p1 are true is if
p1 = q1 .
Again, repeating this process, we obtain
p2 = q2 , p3 = q3 , p4 = q4 , . . . and pr = qr .
If s > r then by cancelling out the common factors—p1 with q1 , p2 with q2 , ⋯, and pr with
qr —in the multiplication p1 × p2 × p3 × ⋯ × pr = q1 × q2 × q3 × ⋯ × qs gives
1 = qr+1 × qr+2 × ⋯ × qs . [We get the 1 by cancelling out all the p’s.]
This is impossible because all the q’s are prime, and we have 1 = prime × prime × prime . . .
and the smallest prime is 2. This 1 = prime × prime × . . . is impossible.
Therefore, we have s = r which implies that
p1 = q1 , p2 = q2 , p3 = q3 , p4 = q4 , . . . , pr = qr .
The factorization of n is unique.

We have proved that any integer n > 1 can be expressed as a product of primes and the
representation is unique apart from the order.

Note that the prime factors may repeat. For example,
120 = 2 × 2 × 2 × 3 × 5 = 23 × 3 × 5.
We can also write the Fundamental Theorem of Arithmetic as:
Corollary (2.6). Every integer n greater than 1 is either a prime or can be written uniquely
as a product of primes apart from the order:
n = p1 k1 × p2 k2 × p3 k3 × ⋯ × pr kr where p’s are distinct primes.
In the above n = p1 k1 × p2 k2 × p3 k3 × ⋯ × pr kr the primes pj , are distinct and the indices,
kj , are positive integers. This representation:
n = p1 k1 × p2 k2 × p3 k3 × ⋯ × pr kr
is called the prime decomposition of n.

The compact product notation which is symbolized by the Greek letter pi, ∏, was dis-
cussed in the Introductory Chapter, but we give a couple of examples of this:
5 5
∏ (k) = 1 × 2 × 3 × 4 × 5 and ∏ (k2 ) = 12 × 22 × 32 × 42 × 52 .
k=1 k=1
We can write the prime decomposition of a number in compact notation as:

m
n = p1 k1 × p2 k2 × p3 k3 × ⋯ × pm km = ∏ pj kj .
j=1
Summary
A prime number is an integer greater than 1 with only factors of 1 and itself.
Every integer n > 1 can be written uniquely as a product of primes.
EXERCISES 2.1
(Brief solutions at end of book. Full 6. (a) Prove that consecutive integers
solutions available at <http://www.oup.co. have no prime factors in common.
(b) Prove that gcd (n, n + 1) = 1.
1. Write the prime decomposition of the
7. Evaluate the following products:
following numbers:
6 6 3 5
j i
(a) 56 (b) 57 (c) 200 (d) 360 (a) ∏(2j) (b) ∏( ) *(c) ∏ ∏( )
j=1 j=1 2 j=1 i=1 j
(e) 1001
2. Write the prime decomposition of the 8. Find the error in the following
following numbers: statements and give reasons for your
answers.
(a) 53 (b) 530 (c) 1988
(d) 666 (e) 2021 (a) 3 (−3 × (−5)) ⇒ 3 = −3.
3. (a) Let p be prime and assume it does (b) 6 (2 × 5 × 7) ⇒

not divide a. Prove that gcd (a, p) = 1. gcd (6, 2) = gcd (6, 5) = gcd (6, 7) = 1.
(b) Prove that if p and q are distinct 9. Show that the integers p, p + 2 where p
primes then gcd (p, q) = 1. is an odd prime has no common factor
greater than 1. (Show p and p + 2 are
4. Show that the smallest factor greater relatively prime.)
than 1 of pn is the prime p.
10. Let p be prime. Show that one of p,
5. (i) Prove that if p and q are distinct p + 2, or p + 4 is divisible by 3.
primes then gcd (pn , qn )=1 for any
natural number n. 11. Disprove the following statements:
(ii) Prove that if p and q are distinct (a) If p is prime then p + 2 is prime.
primes then gcd (pn , qm ) = 1 for any (b) The integer n2 + 1 is prime for
natural numbers m and n. n = 2m.
*(c) The integer n2 − 1 is composite. Show that for a prime number, p, we

have 𝜎 (p) = p + 1.
(d) The quadratic 4n2 − 2n + 1 where
n is a natural number produces primes. 13. The tau function 𝜏 (n) was defined in
Chapter 1 as the number of positive
*(e) The Euclid number N given by
factors of n. For example,
N = (2 × 3 × 5 × 7 × ⋯ × P) + 1 is
prime where P is a prime number.
𝜏 (12) = 6 because 1, 2, 3, 4, 6, 12.
⏟⎵⎵⏟⎵⎵⏟
12. The sigma function 𝜎 (n) in number 6 factors
theory is defined as the sum of positive
factors of n. (We define this formally in Show that for a prime number, p, we
Section 4.5.) have 𝜏 (p) = 2.
For example, See Supplementary Problems 4,
question 30 for a general formula to
𝜎 (12) = 1 + 2 + 3 + 4 + 6 + 12 = 28. evaluate the number 𝜏 (n).
.........................................................................................................
SECTION 2.2 Testing Numbers for Primality

● understand the ceiling and floor function
● test numbers for primality
How do we test whether 1001 is prime or composite?
We use the concept of the floor function, which is described below.
2.2.1 Floor and ceiling functions
As we get older we like to tell others that we are young. For example, if we are a day short
of our 52nd birthday, we might claim we are 51. This is an example of the floor function in
action. The floor function is defined as:
Definition (2.7). The floor function is denoted by ⌊x⌋ and is the greatest integer less than or
equal to x. We can write this in mathematical notation as:
⌊x⌋ = max {n ∶ n ≤ x, integer n} .
For the definition of max of a set, see the Introductory Chapter.

T ESTI N G N U M B E R S F O R P R I M A L I T Y ( 5 4 – 6 3 ) 55
In the above example we apply the floor function to justify our age:
364
⌊51 ⌋ = ⌊51.997⌋ = 51.
365
Although 51.997 is closer to 52, when we take the floor function it is the largest integer less
than 51.997, which is 51.
Similarly, we have
⌊7⌋ = 7, ⌊𝜋⌋ = ⌊3.14 ⋯⌋ = 3, ⌊e⌋ = ⌊2.72 ⋯⌋ = 2, ⌊2.9999⌋ = 2, ⌊−2.1⌋ = −3.
Be careful when taking the floor function of a negative number, as you may have observed
that ⌊−2.1⌋ = −3. You take the nearest integer which is less than −2.1:
–2.1
–5 –4 –3 –2 –1 0
Integers less than –2.1
Figure 2.3 Integers less than −2.1 are to the left.
Other applications of the floor function are:

1. There are 365.25 days in a non-leap year. In each of these years, we find the floor
function of 365.25:
⌊365.25⌋ = 365.
We adjust our calendar to 365 days in every non-leap year.
2. Say we manufacture one car every two and a half hours. How many cars would we
produce in 12 hours?
12
⌋ = ⌊4.8⌋ = 4.
⌊
2.5
We would manufacture four cars in 12 hours.
3. Postal rates are given in terms of the floor function. For example, letters of weight
between 0g and 100g cost 60p (£0.60) and those of weight between 101g and 250g
will cost £1.20. Say our letter weighs 100.9g, then the floor function of 100.9 is
⌊100.9⌋ = 100,
which means we would pay 60p and not £1.20.

Note that rounding 100.9 to the nearest integer gives 101, but the floor function
gives 100.
The graph of the floor function ⌊x⌋ is shown in Figure 2.4 below:
y
5
4
3
2
1
x
–5 4 –3 –2 –1 –1 1 2 3 4 5
y = ⌊x⌋
–2
–3
–4
–5
Figure 2.4
Next, we look at the ceiling function:

If a child is four months away from their tenth birthday, they might claim they are ten.
This is an example of the child applying the ceiling function to their age.
Definition (2.8). The ceiling function, denoted ⌈x⌉, is the least integer greater than or equal
to x. In mathematical notation, this is written as:
⌈x⌉ = min {n ∶ n ≥ x, integer n} .
(For the definition of min of a set, see Introductory Chapter.)

For example,
⌈7⌉ = 7, ⌈7.1⌉ = 8, ⌈𝜋⌉ = 4, ⌈e⌉ = 3, ⌈2.1⌉ = 3, ⌈−2.1⌉ = −2.
Again, be careful with negative numbers. For the ceiling function of −2.1 we are looking at
integers greater than −2.1, so we move to the right of the number line and find the closest
integer to the right of −2.1, which is −2 (see Figure 2.3).
Applications of the ceiling function are:
1. Mobile phone companies use the ceiling function for the number of minutes a phone
call lasts. For example, if you make a call which lasts three minutes and one second
then you end up paying for four minutes because
1
⌈3 ⌉ = ⌈3.02⌉ = 4.
60
Note that 3.02 is closer to 3 than 4, but the ceiling function gives the next integer
greater than or equal to 3.02, which is 4.
2. Say you want to purchase 21 buns and they are sold in packages of four. You will need
to buy
21
⌈ ⌉ = ⌈5.25⌉ = 6 packages.
4
3. Say you go boating and the rate is £1.20 for every half hour. If you have 40 minutes
of boating, then you would have to pay for two lots of half an hour because
40
⌈ ⌉ = ⌈1.33 ⋯⌉ = 2.
30
You will end up paying 2 × 1.20 = £2.40.
The graph of the ceiling function is:
y
5
4
3
2
1
x
–5 –4 –3 –2 –1 –1 1 2 3 4 5
y = ⌈x⌉
–2
–3
–4
–5
Figure 2.5
It is important that you realize the difference between finding the floor or ceiling and round-
ing a number. For example,
2.92 = 2.9 [Rounding to 1dp]

⌊2.92⌋ = 2 [Floor function]
⌈2.92⌉ = 3 [Ceiling function] .
We have three different answers for the number 2.92.

We will now use the floor function to test for compositeness.
2.2.2 Testing of composite numbers
How can we test whether a given number n is prime or composite?
Below we will show that a composite number n must have at least one factor which is less
than or equal to √n. For example, 10 = 2 × 5 is composite with factors 2 and 5. Evaluating
√10 = 3.16 (2dp) and one of the factors, 2, is less than 3.16. Since we are interested in
integers we take the floor function of this √10 = 3.16 (2dp) which is ⌊√10⌋ = 3 and factor
2 is less than 3.
Consider n = 105. The factors of 105 are 3, 5, and 7 because 3 × 5 × 7 = 105.

Evaluating ⌊√105⌋ = ⌊10.247⌋ = 10 and in this case all of the factors 3, 5, and 7 are less
than or equal to 10.
Another example is 57 = 19 × 3. Evaluating ⌊√57⌋ = ⌊7.55⌋ =7 and one of the factors, 3,
is less than or equal to 7.
The following result can be used for testing whether a number is composite (or prime):
Proposition (2.9). (This tests a given integer for compositeness.) If n > 1 is composite then
it has a divisor, d, such that 1 < d ≤ ⌊√n⌋.
It implies that if n is composite then it must have at least one divisor >1 which is less than
or equal to ⌊√n⌋. Recall divisors and factors are synonymous.
Proof.
We are given that n is composite. This implies there exist integers d1 and d2 that satisfy
1 < d1 < n and 1 < d2 < n such that n = d1 × d2 .
Suppose divisor d1 > ⌊√n⌋. Since d1 is an integer we have d1 > √n.
Applying the rules of inequalities from the Introductory Chapter, we have
n n 1 1
d2 = < = √n. [Using y > x > 0 implies < .]
d1 √n y x
Since d2 < √n and d2 is an integer, so d2 ≤ ⌊√n⌋. This completes our proof.

Note that this proposition says that to test whether a number is composite we only need
to look for divisors (factors) from 2 to ⌊√n⌋ (the floor function of √n).
Example 2.1
Test whether 371 is composite.
Solution
First, we need to find ⌊√371⌋ = ⌊19.26⌋ = 19. By the previous Proposition (2.9), if 371 is composite
then it must have a factor less than or equal to 19.
Clearly 2, 3, 4, and 5 are not factors of 371.
What about 6?
Since 6 is even, so it will not go into 371. Let us try the next integer, 7:
371 = 7 × 53.
Hence 371 is composite.

Another example is:

● 315 = 32 × 5 × 7, which implies factors of 315 are 32 = 9, 5, and 7.
● Evaluating the floor function of √315, which is ⌊√315⌋ = ⌊17.75⌋ = 17 and in this
case every factor 5, 7, and 9 is less than or equal to 17.
In the last section we discussed prime numbers, but how do we test for primality?
The previous Proposition (2.9) also says that if there is no divisor d of n such that
1 < d ≤ ⌊√n⌋ then n is prime. (Contrapositive of Proposition (2.9).)
For example, consider the number n = 983.
We use Proposition (2.9) to test if 983 is prime or not.
Why?
Because 983 is either composite or prime. If 983 is composite it must have a factor which is
≤ ⌊√983⌋ = ⌊31.353⌋ = 31.
So for testing whether 983 is prime we need to see if any of the numbers 2, 3, 4, ⋯, 31 are
factors of 983. Verify in your own time that these numbers are not factors of 983. Hence
983 is prime.
Even with a calculator, this is a pretty tedious task (checking 2, 3, 4, ⋯, 31 are divisors of
983) for a small number such as 983.
Can we simplify the above test?
Yes. The next corollary states that in order to test the integer n for compositeness, we only
need to check whether the primes up to ⌊√n⌋ are factors of n.
Corollary (2.10). If n > 1 is composite then it has a prime divisor p such that p ≤ ⌊√n⌋.
Proof.
By the previous Proposition (2.9):
If n is composite then it has a divisor d such that 1 < d ≤ ⌊√n⌋.
We have that n has a divisor d such that 1 < d ≤ ⌊√n⌋. By the Fundamental Theorem of
Arithmetic (2.5):
Every integer > 1 is either a prime or can be written as a product of primes.

Applying this theorem to d > 1 means there exists a prime p such that p d. Therefore,
p d and d n implies p n and
p≤d implies p ≤ ⌊√n⌋ [Because d ≤ ⌊√n⌋] .

How does this simplify the test for composite numbers?
Well for testing whether 983 is prime or composite we only need to see if the primes less
than or equal to ⌊√983⌋ = 31 go into 983. The primes up to 31 are
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, and 31.
There are 11 primes ≤ 31, and we only need to test if any of these are divisors of 983. By the
earlier Proposition (2.9) we had to check whether all the numbers between 2 and 31, that
is 2, 3, 4, 5, 6, 7, ⋯, 30, and 31, are divisors of 983.
Corollary (2.10) implies that to test a given integer n > 1 for primality we only have to
divide by the prime numbers between 2 and ⌊√n⌋.
The last Corollary (2.10) is a lot more useful to us than Proposition (2.9) because we can
test for primality with fewer divisors.
Example 2.2
Test if 1001 is prime. If 1001 is composite, write down its prime decomposition.
Solution
We first find ⌊√1001⌋ = ⌊31.63⌋ = 31. We need to check whether the following primes go into 1001:
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, and 31.
Clearly 2, 3, and 5 do not go into 1001.

What about the next prime, 7?
Well 7 × 143 = 1001. Therefore, 1001 is composite.
What are the other divisors of 1001?
To check if 143 is prime, we test primes up to ⌊√143⌋ = ⌊11.958⌋ = 11.
Since the primes 2, 3, and 5 are not factors of 1001 these cannot be factors of 143 because 143 1001.
The next prime, 7, is also not a factor of 143, but 11 is:
11 × 13 = 143.
Hence the prime decomposition is 1001 = 7 × 143 = 7 × 11 × 13.
Example 2.3
Find whether 1607 is prime or composite.
Solution
We first find ⌊√1607⌋ = ⌊40.087⌋ = 40. The list of primes below 40 are
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, and 37.
Check for yourself that none of these primes in the list are a factor of 1607.
Therefore, 1607 is prime.
Next we describe a method of how to locate primes.
2.2.3 The Sieve of Eratosthenes
Eratosthenes was born in Libya in 276 BC.

He spent some of his early life studying in
Athens. Eratosthenes is well known for his
estimate of the circumference of the Earth.
There were many estimates of the Earth’s
circumference at the time, but
Eratosthenes’ estimate was one of the
most accurate, being between 24 and
25 000 miles. Today we consider the
circumference of the earth at the equator
to be 24 902 miles. He is also well known
for his work on prime numbers.
Figure 2.6 Eratosthenes (276–194 BC).
Ancient Greeks were interested in finding the quantity of primes below a given number. For
example, there are 25 primes below 100 and 78 498 below a million. Eratosthenes developed
a method to find the primes below a given number which has come to be known as the Sieve
of Eratosthenes.
Table 2.1, below, shows the Sieve of Eratosthenes for positive integers less than or equal
to 100.
Table 2.1
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30
31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50
51 52 53 54 55 56 57 58 59 60
61 62 63 64 65 66 67 68 69 70
71 72 73 74 75 76 77 78 79 80
81 82 83 84 85 86 87 88 89 90
91 92 93 94 95 96 97 98 99 100
First, we write down all the integers between 2 and 100. Since 2 is prime, we circle all the
multiples of 2 or the even numbers apart from 2 itself. The first of the remaining integers
is 3, so it must be prime. Now we circle out all the multiples of 3 apart from 3 itself. We
continue this process for 5, 7, 11, 13, . . . The integers which do not fall through this sieve
are the prime numbers:
Hence the primes below 100 are
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
47, 53, 59, 61, 67, 71, 73, 79, 83, 89, and 97.
We use the following notation to count the number of primes:
Let x be any positive integer. Then 𝜋 (x) is the number of primes below or equal to x.
This might be a confusing use of the symbol 𝜋, but most of the literature on this topic tends
to use 𝜋 (x) to represent the number of primes less than or equal to x because the great
mathematician Gauss used this notation.
It is important that you don’t read this 𝜋 (x) as ‘𝜋 times x’.
For example,
𝜋 (100) = 25, 𝜋 (200) = 46, 𝜋 (1000) = 168, and 𝜋 (1 000 000) = 78 498.
What does 𝜋 (200) = 46 mean?
It means there are 46 primes below 200.
How many primes are there?
Infinitely many.
The following proof which was given by the Greek mathematician Euclid (300 BC) in his
13-volume Elements is one of the most beautiful.
Theorem (2.11). There are infinitely many primes.
By contradiction.
Proof.
Suppose we have a finite number of primes, these being
2, 3, 5, 7, 11, ⋯ , Q (∗)
where Q is the largest prime.

Consider the number N given by
N = (2 × 3 × 5 × 7 × 11 × ⋯ × Q) + 1. (†)
[This N is the product of the numbers in the list (∗) and then add 1. This N is often called
Euclid’s number.] This number N is either prime or composite.
If N is prime, then we are done because we have found a larger prime than Q, which
means that Q could not have been the largest prime.
If N is composite, then by the Fundamental Theorem of Arithmetic it must have a prime
factor, say P. This prime factor P cannot be one of the primes in the list (∗).
Why not?
Suppose it is, then we have P divides N and P divides 2 × 3 × ⋯ × P × ⋯ × Q, which implies

that
P [N − (2 × 3 × ⋯ × P × ⋯ × Q)] implies P 1.
[Because by (†) we have N − (2 × 3 × ⋯ × P × ⋯ × Q) = 1] .
This P 1 is impossible because P is prime. We have found a prime which is not in the
list (∗).
Hence there cannot be a finite number of primes.

Summary
If n > 1 is composite then it has a prime divisor p such that p ≤ ⌊√n⌋ where ⌊ ⌋ is the floor function.
EXERCISES 2.2
(Brief solutions at end of book. Full 3. Give an example of a real number x

solutions available at <http://www.oup.co. such that ⌊x⌋ = ⌈x⌉.
4. Plot the following graphs:
1. Determine the following:
(a) ⌊x⌋ + 1 (b) ⌊x⌋ − 1
(a) ⌊5⌋ (b) ⌊5.999⌋ (c) ⌊𝜋 e ⌋ (c) ⌈x⌉ + 1 (d) ⌈x⌉ − 1
(d) ⌊e𝜋 ⌋ (e) ⌈7⌉
5. Show that the following statements are
(f) ⌈7.0000000001⌉ (g) ⌈𝜋 e ⌉ false (that is they are not equal):
(h) ⌈e𝜋 ⌉
(a) ⌊2 × x⌋ = 2 × ⌊x⌋
2. Evaluate the following: (b) ⌈2 × x⌉ = 2 × ⌈x⌉
(a) ⌊6.3⌋ + ⌈−6.3⌉ (c) ⌈x⌉ = ⌊x⌋ + 1
(b) ⌊6.3⌋ + ⌊−6.3⌋ 6. Show that if n − 1 < x < n where n is a
(c) ⌊−6.3⌋ + ⌈−6.3⌉ natural number then
(d) ⌊−6.3⌋ + ⌊−6.3⌋
(a) ⌈x⌉ = n (b) ⌊x⌋ = n − 1
7. Show that if x − 1 < n < x where n is a (a) ⌈log10 (101)⌉

natural number then
(b) ⌊log2 (63)⌋
(a) ⌊x⌋ = n (b) ⌈x⌉ = n + 1
(c) ⌊logn (nx )⌋ where n is a natural
8. Test the following numbers for number and n − 1 < x < n.
compositeness. If they are composite,
13. **(a) Given that N ≥ 1 is a natural
write down their prime
number, prove that ⌊log10 (N)⌋ + 1
decomposition:
gives the number of digits of N.
(a) 161
(b) Determine the number of digits of
(b) 203
Googol = 10100 .
(c) 1003
(d) 1009 (c) The googolplex is the number
100
given by 10(10 ) . Find the number of
9. Test the following numbers for
digits of this googolplex.
compositeness. If they are composite,
give their prime decomposition: (d) *(i) Find the number of digits of
274 207 211 . [Hint: Change of the base
(a) (2 × 3 × 5 × 7) − 1
for logs is given by the formula
(b) (2 × 3 × 5 × 7) + 1 logc (a)
logb (a) = .]
10. Show that (2 × 3 × 5 × 7 × 11 × 13) + 1 logc (b)
is composite. (ii) What is the number of digits of
n
11. *Prove that 23 + 1 is composite for all 274 207 211 if we work with number
natural numbers n. [Hint: xm + 1 = base 2?
(x + 1) (xm−1 − xm−2 + xm−3 − ⋯ + 14. (i) Show that for real x ≥ 0 the
x2 − x + 1) , following is false: √⌊x⌋ = ⌊√x⌋.
provided m is odd.]
*(ii) Prove that for real x ≥ 0
12. Without using a calculator or we have
computer system, determine the
following (you will need to know ⌊√⌊x⌋⌋ = ⌊√x⌋ .
some properties of logs to answer this
question):
.........................................................................................................
SECTION 2.3 Properties of Prime Numbers

● understand some unsolved problems regarding primes
● prove properties of primes in an arithmetic progression
This section is split into two parts. In the first part we examine some unsolved problems
about primes, as there are many unanswered questions in number theory. For a more com-
prehensive list of unsolved problems in number theory, see the book by Richard Guy—
Unsolved Problems in Number Theory.
PR O P ERT I E S O F P R I M E N U M B E R S ( 6 4 – 7 6 ) 65
In the second part we look at how the primes are distributed.
2.3.1 Unsolved problems about primes
A conjecture is a mathematical statement that has not been proven. Generally, for a con-
jecture our intuition tells us that the statement is true, but we cannot find a proof.
1. Twin prime conjecture (de Polignac, 1846)
Primes like 11 and 13 are examples of twin primes.
Definition (2.12). Twin primes are numbers p and p + 2 where both p and p + 2 are prime.
Other examples are:

(i) 17 and 19 (ii) 41 and 43 (iii) 1 000 000 000 061 and 1 000 000 000 063
The twin prime conjecture of number theory is:
There are infinitely many primes p such that p + 2 is also prime.
No one has come up with a proof of this result, although most do believe it is true. The
largest known twin primes so far are
2996863034895 ⋅ 21290000 ± 1.
These numbers were discovered in 2016.

In 2013 Zhang1 showed that there are an infinite pair of primes p and q such that the
difference between them is less than 70 million, that is
q − p < 70 000 000.2
Lately this difference between primes p and q has been reduced to 246, that is there are
infinitely many pairs of primes p and q such that
q − p < 246.
Of course, the pair of primes p and q which are two apart also lie in this set:
q − p = 2.
However, we don’t know whether this pair p and q, which are two apart, are an infinite
set or a finite set. An interesting article on this can be found on the internet.3
1
In the Annals of Mathematics published by Princeton University and the Institute for Advanced
Study.
2
Closing the Gap by Vicky Neal.
3
https://www.maa.org/sites/default/files/pdf/upload_library/2/Ellenberg-Math%20Hor-
2014.pdf.
2. Lagrange’s conjecture (1775)
Every odd integer greater than 5 can be written as a sum p + 2q, where p and q are
both primes.
For example,
7 = 3 + 2 (2) , 9 = 5 + 2 (2) , 11 = 5 + 2 (3) , 13 = 3 + 2 (5) , 15 = 5 + 2 (5) , ⋯ .
Again, no one has been able to prove this.

3. Goldbach’s conjecture (1742)
Another unproven result in number theory is Goldbach’s conjecture:
Every even number greater than 2 can be written as a sum of two primes.
For example,
4 = 2 + 2, 6 = 3 + 3, 8 = 5 + 3, ⋯ , 100 = 53 + 47, ⋯ , 1000 = 509 + 491, ⋯ .
Again, this result has not been proven. Mathematicians have been trying to prove this re-
sult for over 270 years. Computers have verified this result for all the even integers up to
4 × 1018 .
Christian Goldbach was born in

Königsberg, now called Kaliningrad
(Russia) in 1690 and attended the local
university. He studied law as well as
mathematics. At the young age of 20 he
went on an education tour of Europe. In
1712 whilst in Oxford he met another
famous mathematician Bernoulli, where
the two of them discussed infinite series.
However, this topic did not appeal to
Goldbach. Five years later in 1717 he read
an article by Leibniz on evaluating the area
of a circle using infinite series. This time he
was fascinated.
Figure 2.7 Goldbach (1690–1764).
There also exists another Goldbach conjecture known as ‘Goldbach’s odd conjecture’,
which claims:
Every odd integer greater than 5 can be written as a sum of three primes.
In 1729, Goldbach began a correspondence with Euler which lasted for 35 years.4 In one
such correspondence in 1742 he made his famous conjecture.
4. Landau’s conjecture (1912)
Landau gave the following conjecture in 1912.
There are infinitely many primes of the form n2 + 1.
22 + 1 = 5, 42 + 1 = 17, 62 + 1 = 37, ⋯ .
If we tweak the n2 + 1 to n2 − 1, we find there is only one prime, 3, which is of this form;
22 − 1 = 3.
Edmund Landau (1877–1938) wrote a 372-page book called Differential and Integral Cal-
culus without a single illustration in the whole book. He proved the fundamental trigono-
metric identity
cos2 (𝜃) + sin2 (𝜃) = 1
with no reference to right-angled triangles. It was proven using the power series for the sine
and cosine functions. Landau defined 𝜋/2 as the smallest positive solution to cos (x) = 0.
There is no mention of the numerical value of 𝜋/2 or 𝜋, nor its relation to the circle.
All four of these problems have remained unproven for hundreds of years.
2.3.2 Distribution of primes
We have already proved that there are infinitely many primes.
How are these primes distributed?
This is one of the most interesting questions in the whole of mathematics.

While we see our number system as an ordered, predictable set, its primes are unpre-
dictable. There is no formula which locates all the primes, so we cannot say where the next
prime will sprout out from.
Mathematicians keep on searching for larger and larger primes. In 1876, the French
mathematician Édouard Lucas proved 2127 − 1 is prime, and this remained the largest
known prime for 75 years. It is only with the advent of the digital computer that we
carry on finding larger and larger primes on a regular basis. The largest prime number at
present (2019) is 282 589 933 − 1, and this has more than 24 million digits. We discuss these
(Mersenne) primes later in Section 4.4.
Electronic Frontier Foundation are offering a prize of $150 000 to anyone who finds the
first 100 million digit prime.
Table 2.2 shows the number of primes 𝜋 (N) below a certain number N and the distribu-
tion of primes below N:
4
http://eulerarchive.maa.org/correspondence/correspondents/Goldbach.html.
Table 2.2
N Number 𝜋(N) Number of primes 𝜋(N)/N Proportion of Percentage of primes

≤N primes below N
100 25 0.25 25
1 000 168 0.168 16.8
10 000 1 229 0.1229 12.29
100 000 9 592 0.095 92 9.592
1 000 000 78 498 0.078 498 7.8498
10 000 000 664 579 0.066 4579 6.64579
100 000 000 5 761 455 0.05 761 455 5.761455
1 000 000 000 50 847 534 0.050 847 534 5.0847534
Note that the proportion of primes below 100 is 25% and the proportion of primes below
1000 is 16.8%. The proportion is getting smaller for larger N, as you can observe from the
last column of the above table. For example, there are only two primes between 10100 and
10100 + 1000, but there are 168 between 1 and 1000.
The primes are thinning out for larger and larger values of N.
Will they eventually vanish?
No, because we have already proved that there are infinitely many primes. Figure 2.8 below
shows the graph of the prime counting function 𝜋 (x) against x:
The number of primes less than or equal to x.
78498
63951
49098
π(x)
33860
17984
x
200000 400000 600000 800000 1000000
Figure 2.8
As the slope of the curve is getting smaller for larger N, so this suggests that the primes
are thinning out. So for large numbers we expect to see large gaps between consecutive
primes, which also implies that we should have a large number of consecutive composite
integers.
How do we know there are many consecutive composite integers?
As we’ve already seen, there is no distribution of the primes which would allow us to tell
where the next prime is located. The twin prime conjecture has shown us that there are
situations where we only have one composite number between two primes. The difference
between two successive prime numbers is called the prime gap; Table 2.3 below gives the
first 12 primes and the corresponding prime gap:
Table 2.3
2 3 5 7 11 13 17 19 23 29 31 37
Gap 1 2 2 4 2 4 2 4 6 2 6
Also 3, 5, and 7 are the only three primes where there is a gap of two between each prime.
You are asked to show this in Exercises 2.3, question 3 (ii).
If we subtract one from the prime gap, then we get the number of consecutive composite
integers between the two primes. We can see that between 23 and 29 there are 6 − 1 = 5
composite integers: 24, 25, 26, 27, and 28.
Actually, we can prove that for any n we can find n consecutive composite integers.
Proposition (2.13). For any positive integer n there exists a consecutive sequence of n com-
posite integers.
This means that between some pairs of successive primes on the number line there will be
n composite integers next to each other.
Proof.
To prove this, we need to find consecutive composite integers, and for this we use the fac-
torial function n!. Recall that n! = 1 × 2 × 3 × 4 × ⋯ × (n − 1) × n.
Consider the list of consecutive integers:
I1 = (n + 1)! + 2, I2 = (n + 1)! + 3, I3 = (n + 1)! + 4, ⋯ ,

In−1 = (n + 1)! + n, In = (n + 1)! + (n + 1) . (∗)
Consider the first number in this list, I1 = (n + 1)! + 2. We know that 2 is a factor of this
number.
How?
Because (n + 1)! = 1 × 2 × 3 × 4 × ⋯ × (n + 1), so 2 is a factor of (n + 1)! and 2 is a factor of

2, therefore
2 [(n + 1)! + 2] .
Since 2 is a factor of I1 = (n + 1)! + 2, so it is a composite integer.
Similarly, the second number in the list, I2 = (n + 1)! + 3, is divisible by 3 and so is com-
posite. The last number In = (n + 1)! + (n + 1) is divisible by n + 1.
Hence the n numbers in this list (∗) are all composite because each of these has a factor
other than 1 and the number itself. We have produced n consecutive composite integers.

It means that we can choose any positive integer n, 5 for example, and somewhere on the
real number line we will find five composite numbers sat next to each other.
In the case of 5, we find that five composite numbers 24, 25, 26, 27, and 28 sit between the
prime numbers 23 and 29. Another set of five consecutive composite integers lies between
the primes 31 and 37.
This works for all n, no matter how large, so if we choose n to be one million, then some-
where on the number line we will find one million composite integers sat side by side.
The numbers in the list (∗ ) in the proof of Proposition (2.13) can be used to generate n
consecutive composite numbers. For example, if we choose n = 6 then the following six
integers are consecutive composite integers:
(6 + 1)! + 2 = 5042 [2 divides 5042]

(6 + 1)! + 3 = 5043 [3 divides 5043]
(6 + 1)! + 4 = 5044 [4 divides 5044]
(6 + 1)! + 5 = 5045 [5 divides 5045]
(6 + 1)! + 6 = 5046 [6 divides 5046]
(6 + 1)! + 7 = 5047 [7 divides 5047] .
Hence 5042, 5043, 5044, 5045, 5046, and 5047 are six composite consecutive integers.
The formula given in the proof of Proposition (2.13) produces a list of at least n consecutive
composite numbers. (It does not give us the first n consecutive composite integers). The
first seven consecutive composite integers are 90, 91, 92, 93, 94, 95, and 96 and we found
these by examining the Sieve of Eratosthenes as described in the last section.
2.3.3 Primes of the form 4n±1
As discussed in the previous subsection, there is no single formula or algorithm which gives
all or some of the primes.
However, can we find a sequence of numbers which picks up all or some of the primes?
Yes, as we will found out now.

We can write every integer in one of the following forms:
4n, 4n + 1, 4n + 2, or 4n + 3.
How do we know this?
Well we can prove this.
Proposition (2.14). Every integer has one of the following forms:
4n, 4n + 1, 4n + 2, or 4n + 3.
By applying the Division Algorithm (1.7):

For a and b ≥ 1, there exist q and r such that a = bq + r where 0 ≤ r < b.
Proof.
Let a be any integer and b = 4, then applying the Division Algorithm with q = n we have
a = 4n + r, 0 ≤ r < 4.
The remainder r can only take values of 0, 1, 2, or 3 because 0 ≤ r < 4. Substituting these
values of r into a = 4n + r gives
a = 4n, 4n + 1, 4n + 2, or 4n + 3.
Hence any integer a can be represented by one of these numbers.

We are interested in primes of this format: 4n, 4n + 1, 4n + 2, or 4n + 3. However, primes

cannot be of the form 4n or 4n + 2.
Why not?
Because these are even numbers so are divisible by 2, and the only even prime is 2.
Can we write all the odd primes in the form 4n + 1 or 4n + 3?
Yes. These numbers 4n + 1 or 4n + 3 cover all the odd numbers. Therefore, all the odd
primes (that is all the primes other than 2) must be captured by either of these numbers,
4n + 1 or 4n + 3.
Next, we prove there are infinitely many primes of the form 4n + 3. For example,
4 (1) + 3 = 7, 4 (2) + 3 = 11, 4 (4) + 3 = 19, 4 (5) + 3 = 23, 4 (7) + 3 = 31, ⋯ .
To prove this, we need a lemma:
Lemma (2.15). The product of two or more integers of the form 4n + 1 can be written in
the same form, 4n + 1.
Proof.
It is enough to prove this result for two arbitrary integers a and b of the form 4 (integer) + 1.
Let a = 4n1 + 1 and b = 4n2 + 1, then
a × b = (4n1 + 1) (4n2 + 1) = 16n1 n2 + 4n1 + 4n2 + 1

= 4 (4n1 n2 + n1 + n2 ) + 1
= 4n + 1 where n = 4n1 n2 + n1 + n2 .
Hence the product a × b is of the form 4n + 1.

We can repeat this process with another multiple of 4 (integer) + 1 and we will get an
answer of the form 4 (integer) + 1.

Proposition (2.16). There are infinitely many primes of the form 4n + 3.
By contradiction.
Proof.
Suppose there are a finite number of primes of the form 4n + 3. Let these be
p1 , p2 , p3 , ⋯ , P (†)
where P is the largest such prime. Consider the number
N = 4 (p1 × p2 × p3 × ⋯ × P) − 1. (∗)
We can rewrite N as
N = 4 (p1 × p2 × p3 × ⋯ × P) − 1
= 4 ([p1 × p2 × p3 × ⋯ × P] − 1) + 3.
Note that N is an odd number and of the form 4n + 3. Either N is composite or prime.
If N is prime then we are done, because we have a larger prime of the form 4n + 3 which
is greater than P.
If N is composite then it has a prime factor of the form 4n + 3.
Why?
N is odd and all odd numbers have the form 4n + 1 or 4n + 3. If all the factors of N were of
the form 4n + 1, then by the previous Lemma (2.15):
Product of two or more integers of the form 4n + 1 is of the same form, 4n + 1.
N would also be of this form 4n + 1, but it is not. Hence N must have at least one prime
factor of the form 4n + 3. Call this prime factor Q.
However, this prime factor Q of N cannot be one of the numbers in the list (†).
Why not?
Suppose Q is amongst the list (†), then Q (p1 × p2 × ⋯ × Q × ⋯ × P) and because Q is a

prime factor of N, so Q N. Therefore,
Q [N − 4 (p1 × p2 × ⋯ × P)] ⇒
⏟ Q (−1) because N − 4 (p1 × ⋯ × P) = −1.
by (∗)
This result Q (−1) is impossible because Q is prime.

Our supposition that there are a finite number of primes of the form 4n + 3 must be
wrong.

There are also infinitely many primes of the form 4n + 1, but this is much more difficult
to prove without Dirichlet’s Theorem (2.17), which is given next. You are asked to prove
this in Exercises 2.3, question 1 (a).
2.3.4 Primes in an arithmetic progression
Dirichlet proved the powerful result that the number of primes in an arithmetic progression
is infinite.
Who was Dirichlet?
Dirichlet was born in Germany in 1805

and by the age of 12 he had developed a
love for mathematics; spending all his
pocket money on purchasing mathematics
textbooks. After leaving school he decided
to study in Paris rather than Germany
because at that time the standard of
mathematics teaching and research was a
lot higher in France.
In 1828 Dirichlet managed to get an
academic post at the Military College in
Berlin which meant that he could also
teach at the University of Berlin. He
became Professor of Mathematics at the
University of Berlin where he remained
until 1855.
Figure 2.9 Dirichlet (1805–59).
In 1855 when Gauss, one of the greatest mathematicians of all time, passed away, Dirichlet
took up his chair in Göttingen. He stayed there until his death in 1859.
Dirichlet was the first to give the formal definition of a mathematical function. In 1837
Dirichlet proved that there are infinitely many primes in an arithmetic progression. With
this he became one of the founders of ‘analytic number theory’, a branch of number theory
which uses mathematical analysis to prove and solve problems in this field. Actually, ana-
lytic number theory is a very peculiar combination because number theory is discrete and
analysis is continuous: William Dunham called this combination onion milkshake.5
Next, we state the powerful result: Dirichlet’s Theorem about primes in an arithmetic
progression.
What is an arithmetic progression?
Consider a sequence of numbers 1, 8, 15, 22, 29, . . . where each term is seven more than
the previous term, then this sequence is an example of an arithmetic progression.
We can write a general arithmetic progression as follows:
a, a + b, a + 2b, a + 3b, ⋯
where a is the first term and b is the common difference.
5
Euler: The Master of Us All by William Dunham.
An arithmetic progression starts at some number, a say, and then proceeds with jumps
of equal size, b. For example, in the above case 1, 8, 15, 22, 29, . . . can be written as
1, 1 + 7, 1 + 2 (7) , 1 + 3 (7) , ⋯ .
Dirichlet’s Theorem (2.17). Let a and b be relatively prime positive integers, then the arith-
metic progression
a, a + b, a + 2b, a + 3b, ⋯
contains infinitely many primes.
Proof.
Omitted. (This is a tough proof and requires analysis. You can find this in most books on
analytic number theory.6 )

Let a = 2 and b = 3, then there are infinitely many primes in the list:
2, 2 + 3 = 5, 2 + 2 (3) = 8, 2 + 3 (3) = 11, 2 + 4 (3) = 14, 2 + 5 (3) = 17, ⋯ .
Note that Dirichlet’s Theorem does not claim that the arithmetic progression:
a, a + b, a + 2b, a + 3b, ⋯
consists solely of primes. In the above example, 8 and 14 are clearly not prime.
Example 2.4
Show that there are infinitely many primes that end with 999.
Solution
Let a = 999, b = 1000 so gcd (999, 1000) = 1. We can apply Dirichlet’s Theorem (2.17). We have:
N = 999, 999 + 1000, 999 + 2 (1000) , 999 + 3 (1000) , ⋯

N = 999, 1999, 2999, 3999, ⋯ . (†)
Dirichlet’s Theorem claims that there are infinitely many primes of this form (†).
Not all these numbers are prime, for example 999 is composite because 9 999.
2.3.5 Startling results about primes
A couple of amazing results in number theory are the following:

(a) If prime p is the sum of two squares, then p is of the form 4n + 1.
(b) A prime of the form 4n + 3 cannot be written as the sum of two squares.
You are asked to show these in Exercises 2.3, question 4.

6
Introduction to Analytic Number Theory by Tom Apostol, Chapter 7.
The converse of result (a) also holds: if prime p is of the form 4n + 1 then it can be written
as the sum of two squares. Moreover, this representation is unique. We prove this amazing
result in Chapter 8.
2.3.6 Generating primes
Is there a simple formula for generating all primes?
No. However, there are some simple formulae which generate some primes. For example,
the following quadratic
f (n) = n2 + n + 41
produces primes for n = 1, 2, 3, 4, ⋯ , 39. But when n = 40 we have
f (40) = 402 + 40 + 41
= 40 (40 + 1) + 41 = 41 (40 + 1) = 412 .
When n = 41 we have
f (41) = 412 + 41 + 41
= 41 (41 + 1 + 1) = 41 (43) .
Hence f (40) and f (41) are composite, not prime.

Fermat (a French lawyer and mathematician) thought he had a formula for finding
primes which was:
n
Fn = 22 + 1.
This Fermat number Fn does produce primes for n = 0, 1, 2, 3, and 4:

0 1 2 3 4
F0 = 22 + 1 = 3, F1 = 22 + 1 = 5, F2 = 22 + 1 = 17, F3 = 22 + 1 = 257, F4 = 22 + 1 = 65, 537.
However, when n = 5 then

5
F5 = 22 + 1 = 4 294 967 297 = 641 × 6 700 417.
Hence F5 is a composite number. So far there have been no other Fermat numbers,
n
Fn = 22 + 1, which are prime.
Summary
There are still many problems in number theory which remain unresolved, for example Goldbach’s
conjecture and the twin prime conjecture.
There are infinitely many primes, but there is no pattern apart from them thinning out for larger
and larger values.
L EA ST C O M M O N M U LT I P L E — LC M ( 7 7 – 8 9 ) 77
EXERCISES 2.3
(Brief solutions at end of book. Full (b) Prove that there are infinitely many
solutions available at <http://www.oup.co. primes of the form 3n + 2.
(c) Explain why there are no primes of
1. (a) Prove there are infinitely many the form 3n + 3.
primes of the form 4n + 1.
3. (i) Prove that the product of three
(b) Provide another proof that there are consecutive odd numbers is divisible
infinitely many primes of the form by 3.
4n + 3.
(ii) Prove that p = 3 is the only prime
(c) Let p prime such that p > 3. Prove such that p, p + 2, and p + 4 are all
that p is of the form 6n + 1 or prime.
6n + 5.
4. Prove the following important results:
Part (c) means that every prime > 3 can
(a) If a prime p is the sum of two squares
be written as 6n + 1 or 6n + 5.
then p is of the form 4n + 1.
2. (a) Prove that there are infinitely many
(b) A prime of the form 4n + 3 cannot be
primes of the form 3n + 1.
written as a sum of two squares.
.........................................................................................................
SECTION 2.4 Least Common Multiple—LCM

● understand what is meant by LCM
● evaluate the LCM and gcd by prime decomposition
● see the connection between gcd and LCM
2.4.1 Introduction to the least common multiple
Where do we use the least common multiple?
Whenever we add or subtract fractions.
What does least common multiple mean?
Say we want to find the least common multiple of 8 and 10, then we list the multiples of
each:
Multiples of 8 are 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, . . .
Multiples of 10 are 10, 20, 30, 40, 50, 60, 70, 80, 90, . . .
Which of these multiples are in both of these lists?
40 and 80.
The least of these is 40, so we say the least common multiple or LCM of 8 and 10 is 40.
The least common multiple—LCM of two non-zero integers a and b is the smallest
positive multiple amongst the common multiples of a and b.
Another definition of the LCM of non-zero integers a and b is the least positive integer
which is divisible by both integers a and b.
The LCM of a and b is denoted by [a, b].
Example 2.5
Determine [12, 15].
Solution
Listing the multiples of 12, we have
12, 24, 36, 48, 60, 72, 84, 96, 108, 120, 132, ⋯ .
The multiples of 15 are

15, 30, 45, 60, 75, 90, 105, 120, 135, ⋯ .
What numbers are common to both of these lists?
60 and 120.
The smallest of these is 60 so [12, 15] = 60 or the LCM of 12 and 15 is 60.
Can we always find the LCM of any two non-zero integers?
Yes. Consider non-zero integers a and b, then the product a × b is a common multiple of a
and b. This implies that the LCM of two non-zero integers always exists.
Next we give the formal definition of the LCM.
Definition (2.18). Let m be the LCM of non-zero integers a and b, that is [a, b] = m.
Then m satisfies
(i) both a m and b m [common multiple]
(ii) if both a n and b n then m ≤ n [least multiple].
2.4.2 Evaluation of the least common multiple
How do we find the LCM of 42 and 44?
If we make the lists of multiples of 42 and 44 and then find the smallest common multiple
of these numbers, we get [42, 44] = 924. This is a rather laborious exercise.
Is there a more efficient way of finding the LCM of such numbers?
Yes. We first find the prime decomposition (the atoms which make up these numbers) of
each of these integers:
42 = 2 × 3 × 7 and 44 = 22 × 11.
So the LCM of 42 and 44 must contain the multiples of these primes 2, 3, 7, and 11. Since
we have 22 in the prime decomposition of 44, so the common multiple must have a 22 .
Therefore, we have
[42, 44] = [2 × 3 × 7, 22 × 11] = 22 × 3 × 7 × 11 = 924.
This approach is much easier than listing multiples and then trying to find the smallest
common multiple. We can express this method as follows.
Proposition (2.19). Let a = p1 e1 × p2 e2 × ⋯ × pk ek and b = p1 f1 × p2 f2 × ⋯ × pk fk be the de-

compositions of a and b and ej ≥ 0 and fj ≥ 0. Then the LCM of a and b is given by
max(e2 , f2 )
[a, b] = p1 max(e1 , f1 ) × p2 × ⋯ × pk max(ek , fk ) .
The function max (a, b) = a if a ≥ b (see Introductory Chapter).
Why do we have the same primes in the decomposition of a and b?
We don’t. If there is a prime pj present in a but not in b then we write p0j = 1 in the de-
composition of b. (This is not the prime decomposition we discussed when proving the
Fundamental Theorem of Arithmetic, because primes are greater than 1.)
Proof.

Example 2.6
(i) Determine [57, 60].

(ii) Alice hits the bullseye 43 times in 57 attempts, and Bob hits it 46 times in 60 attempts. Who
has the better record?
1 1
(iii) Evaluate + and write your answer in its simplest form.
57 60
Solution
(i) The prime decomposition of 57 and 60 is
57 = 3 × 19 and 60 = 22 × 3 × 5. (continued...)
Using the previous Proposition (2.19), we have
[57, 60] = [3 × 19, 22 × 3 × 5]

= 2max(0, 2) × 3max(1, 1) × 5max(0,1) × 19max(1, 0)
= 22 × 31 × 51 × 191 = 1140
(ii) We use the result of (i) to determine whether Alice or Bob has the better record.
Why?
Because we can express their hits as a proportion of a common multiple. For economic rea-
sons we write the number of hits out of the LCM.
How many times does 57 go into 1140?
43 43 × 20 860
20, so Alice hits the bullseye = = , or 860 times out of 1140.
57 57 × 20 1140
How many times does 60 go into 1140?
46 46 × 19 874
19, so Bob hits the bullseye = = , or 874 times out of 1140.
60 60 × 19 1140
We conclude that Bob’s record is better, because out of 1140 attempts he has hit the bullseye
874 times compared to Alice’s 860 times.
(iii) From part (i) we have [57, 60] = 1140, therefore
1 1 20 × 1 19 × 1
+ =( )+( )
57 60 20 × 57 19 × 60
20 19 39 13
= + = = .
1140 1140 1140 380
You may argue that in the above example for part (ii) you would prefer to compare the
decimal forms of 43/57 and 46/60. However, this involves division and the above relies on
multiplication, which is an easier arithmetic operation.
2.4.3 Properties of the least common multiple
If two integers are relatively prime then what is their LCM equal to?
Consider the following examples of the LCM of relatively prime integers:
[5, 9] = 45
[100, 101] = 10 100
[333, 1000] = 333 000.
What do you notice about these results?
45 = 5 × 9, 10 100 = 100 × 101 and 333 000 = 333 × 1000.

Let a and b be relatively prime, which implies they have no factor in common apart from 1.
Then by extrapolating the above we have [a, b] = a × b. We claim for relatively prime inte-
gers that the LCM is equal to their product.
Proposition (2.20). Let a and b be relatively prime then [a, b] = a × b.
By using the definition of LCM and contradiction.
Proof.
Clearly the product a × b is a common multiple of both integers a and b. We need to show
that a × b is the least multiple of both these integers.
Suppose the LCM of a and b is m, that is [a, b] = m, where m < a × b.
By the definition of the LCM we have
a m and b m.
The first of these, a m, implies there is an integer n such that
a × n = m.
Substituting this a × n = m into b m yields
b (a × n) .
We are given that a and b are relatively prime, so gcd (a, b) = 1. By Euclid’s Lemma (1.13):
If x (y × z) with gcd (x, y) = 1 then x z.
Applying this to b (a × n) with gcd (a, b) = 1 gives b n. From this b n, we have n ≥ b.
This is a contradiction, because from above we have m < a × b. However, now with n ≥ b
we have m = a × n ≥ a × b.
Hence our supposition that [a, b] = m where m < a × b is wrong, so
[a, b] = a × b.

Determine [5, 1 000 004]. Since 5 and 1 000 004 are relatively prime, so by the previous
result we have
[5, 1 000 004] = 5 × 1 000 004 = 5 000 020.
In Exercises 2.4, question 12 we show that the LCM of two non-zero integers is unique.
2.4.4 Greatest common divisor (gcd) and LCM
How do we find the greatest common divisor, gcd, of two positive integers?
We could use the Euclidean Algorithm which was described in Section 1.3 in the previous
chapter. Another approach is the following:
Proposition (2.21). Let a = p1 e1 × p2 e2 × ⋯ × pk ek and b = p1 f1 × p2 f2 × ⋯ × pk fk be the de-

compositions of a and b and ej ≥ 0 and fj ≥ 0. Then the gcd is given by
gcd (a, b) = p1 min(e1 , f1 ) × p2 min(e2 , f2 ) × ⋯ × pk min(ek , fk ) .
Proof.

Generally, it is easier to use the Euclidean Algorithm to find the gcd of two given integers
over the prime decomposition method of Proposition (2.21). This is because finding the
prime decomposition of a given integer is a difficult and time-consuming problem.
Example 2.7
Determine gcd (5291, 3108). (We evaluated this in Example 1.17 of the previous chapter.)
Solution
The prime decomposition of each of these numbers is
5291 = 11 × 13 × 37 and 3108 = 22 × 3 × 7 × 37.
Applying the previous proposition gives
gcd (5291, 3108) = gcd (11 × 13 × 37, 22 × 3 × 7 × 37)

= 2min(0, 2) × 3min(0, 1) × 7min(0, 1) × 11min(1, 0) × 13min(1, 0) × 37min(1, 1)
= 20 × 30 × 70 × 110 × 130 × 371 = 1 × 1 × 1 × 1 × 1 × 37 = 37.
Hence gcd (5291, 3108) = 37. This method seems easier once we have found the prime decomposi-
tion of each of the numbers.
Next we show the connection between the gcd and the LCM. Consider the following
examples:
gcd (10, 12) × [10, 12] = 120

gcd (21, 30) × [21, 30] = 630
gcd (101, 100) × [101, 100] = 10 100.
What do you notice?

gcd (10, 12) × [10, 12] = 10 × 12
gcd (21, 30) × [21, 30] = 21 × 30
gcd (101, 100) × [101, 100] = 101 × 100.
In general, we have
gcd (a, b) × [a, b] = a × b [gcd × LCM = product of integers].
Proposition (2.22). Let a and b be positive integers then
gcd (a, b) × [a, b] = a × b.
We can use this result to check if we have evaluated the gcd and LCM of two given numbers
correctly.
By using the decomposition of a and b and showing that the left-hand side,
gcd (a, b) × [a, b], is equal to the right-hand side, a × b.
Proof.
Let a = p1 e1 × p2 e2 × p3 e3 × ⋯ × pk ek and b = p1 f1 × p2 f2 × p3 f3 × ⋯ × pk fk be the decomposi-
tions of a and b. [There may not be a prime present which is represented by pj 0 = 1.]
We apply propositions (2.19) and (2.21):

max(e2 , f2 )
(2.19) [a, b] = p1 max(e1 , f1 ) × p2 × p3 max(e3 , f3 ) × ⋯ × pk max(ek , fk )
min(e2 , f2 )
(2.21) gcd (a, b) = p1 min(e1 , f1 ) × p2 × p3 min(e3 , f3 ) × ⋯ × pk min(ek , fk )
to the left-hand side of the given expression, gcd (a, b) × [a, b] = a × b, which yields
gcd (a, b) × [a, b] = (p1 min(e1 , f1 ) × p2 min(e2 , f2 ) × ⋯ × pk min(ek , fk ) )

× (p1 max(e1 , f1 ) × p2 max(e2 , f2 ) × ⋯ × pk max(ek , fk ) )
=
⏟ p1 min(e1 , f1 )+max(e1 , f1 ) × p2 min(e2 , f2 )+max(e2 , f2 ) × ⋯
by the rules
ofindices
×pk min(ek , fk )+max(ek , fk ) . (†)
Examining each of the indices in the last expression:
min (ej , fj ) + max (ej , fj ) where j = 1, ⋯ , k.
If ej = fj then
min (ej , fj ) + max (ej , fj ) = ej + fj .
If ej < fj then
If ej > fj then we still have
min (ej , fj ) + max (ej , fj ) = fj + ej .

All three cases give the same result for the index of the primes:
Substituting this into (†) gives
gcd (a, b) × [a, b] = p1 e1 +f1 × p2 e2 +f2 × ⋯ × pk ek +fk . (∗)
Expanding the right-hand side of the given expression gcd (a, b) × [a, b] = a × b into its
primes yields
a × b = (p1 e1 × p2 e2 × ⋯ × pk ek ) × (p1 f1 × p2 f2 × ⋯ × pk fk )
=
⏟ p1 e1 +f1 × p2 e2 +f2 × ⋯ × pk ek +fk . (∗∗)
by the rules of indices
Comparing (∗) and (∗∗) gives us our required result:
gcd (a, b) × [a, b] = a × b.

This proposition gives us an amazing result: gcd times LCM equals the product:
gcd (a, b) × LCM (a, b) = product of a and b.
Example 2.8
Determine (i) gcd (36, 54) (ii) [36, 54].
Solution
(i) We have
gcd (36, 54) = gcd (22 × 32 , 2 × 33 ) [Because 36 = 22 × 32 and 54 = 2 × 33 ]

= 2min(2, 1) × 3min(2, 3) = 21 × 32 = 18.
(ii) Substituting a = 36, b = 54 and gcd (36, 54) = 18 into the previous result,
gcd (a, b) × [a, b] = a × b, gives
36 × 54
18 × [36, 54] = 36 × 54 which implies [36, 54] = = 108.
18
We have gcd (36, 54) = 18 and [36, 54] = 108.
2.4.5 LCM of three or more integers
So far we have only found the LCM of a pair of positive integers.

How do we find the least common multiple of 15, 27, and 36?
We use the following result:
Proposition (2.23). Let a1 , a2 , a3 , ⋯ , an be non-zero integers, then
[a1 , a2 , a3 , ⋯ , an−1 , an ] = [[a1 , a2 , a3 , ⋯ , an−1 ] , an ] .
Proof.

Example 2.9
Determine [15, 27, 36].
Solution
Applying the previous proposition with a1 = 15, a2 = 27, and a3 = 36 gives
[15, 27, 36] = [[15, 27] , 36] . (‡)
We need to first find [15, 27].

How?
By Proposition (2.19):
[a, b] = p1 max(e1 , f1 ) × p2 max(e2 , f2 ) × p3 max(e3 , f3 ) × ⋯ × pk max(ek , fk ) .
We have 15 = 3 × 5 and 27 = 33 , so using this proposition yields
[15, 27] = [3 × 5, 33 ] = 3max(1, 3) × 5max(1, 0) = 33 × 51 .
Substituting this [15, 27] = 33 × 51 into (‡) gives
[15, 27, 36] = [[15, 27] , 36] = [33 × 51 , 22 × 32 ]

= 2max(0, 2) × 3max(3, 2) × 5max(1, 0)
= 22 × 33 × 51 = 540.
Hence [15, 27, 36] = 540. The LCM of 15, 27, and 36 is 540.
We can extend Proposition (2.20), given in Section 2.4.3:

Let a and b be relatively prime integers then [a, b] = a × b to n pairwise relatively prime
integers a1 , a2 , a3 , ⋯, and an .
What does pairwise relatively prime mean?
This means every pair of different integers is relatively prime, that is
gcd (ak , am ) = 1 where k ≠ m.

For example, the integers in {2, 3, 5} are pairwise prime because
gcd (2, 3) = gcd (2, 5) = gcd (3, 5) = 1.
However the integers in {2, 3, 4} are not pairwise prime because gcd (2, 4) = 2.
Corollary (2.24). Let a1 , a2 , a3 , ⋯ , an be pairwise relatively prime integers then
[a1 , a2 , a3 , ⋯ , an ] = a1 × a2 × ⋯ × an .
Proof.

Summary
In this section we have defined the least common multiple (LCM) of two non-zero integers. The
notation for the LCM of a and b is [a, b] and can be determined by
[a, b] = p1 max(e1 , f1 ) × p2 max(e2 , f2 ) × p3 max(e3 , f3 ) × ⋯ × pk max(ek , fk ) .
Also, we have seen how LCM and gcd are related:
gcd (a, b) × LCM (a, b) = a × b [Product of a and b].
EXERCISES 2.4
(Brief solutions at end of book. Full 4. (i) Determine [20, 265, 530].
solutions available at <http://www.oup.co. 1 1 1
uk/companion/NumberTheory>.) (ii) Find + + by using the
20 265 530
result of (i).
1. Determine the LCM of the following
pairs of integers: 5. (i) Find [3, 4, 28].
(a) [45, 81] (b) [2000, 2015] (ii) Solve the following equation
(c) [1000, 1001] 1 1 1
+ + +x = 1
2. Hotdogs are sold in packages of ten 3 4 28
and buns come in packages of eight. without using a calculator.
What is the least amount of packages
you will need to purchase in order that 6. Find the LCM of the following:
there are no hotdogs or buns left over? (a) [60, 100]
3. Harry scores a mark of 64 out of 85 for (b) [600, 1 000]
mechanics and 69 out of 91 for real (c) [6 000, 10 000]
analysis. By finding the LCM, state
which examination was a better What do you notice about your results?
performance for Harry.
7. Show that [ab, ac] = a × [b, c] where 14. *There are between 500 and 600
a, b, and c are positive integers. soldiers in a battalion. We know when
[Hint: You may find the following they are divided into groups of six,
Proposition (1.11) helpful: eight, and 11 that there are three left
gcd (ab, ac) = a × gcd (b, c) provided over in each case. How many soldiers
a > 0.] are there in the battalion?
8. Let p and q be distinct primes. Show 15. Prove Corollary (2.24).
that [p, q] = p × q. [Hint: You may find the result of
Exercises 1.3, question 15 (ii) useful:
9. Prove that [a, ma] = ma where m and
gcd (a, n1 ) = gcd (a, n2 ) = ⋯ =
a are positive integers.
gcd (a, nk ) = 1 then
10. Let a, b and a, c be relatively prime
positive integers. Prove that gcd (a, n1 × n2 ⋯ × nk ) = 1.]
[a, bc] = a × b × c. 16. **Prove Proposition (2.19).
17. **Prove Proposition (2.21).

[Hint: You may find the result of
Exercises 1.3, question 15 (i) 18. Let [a, b] = m and n be a common
useful: multiple of a and b. Show that m n.
gcd (a, b) = gcd (a, c) = 1 ⇔ 19. *Prove Proposition (2.23).

gcd (a, bc) = 1.] 20. Prove that [n, n + 1] = n × (n + 1)
where n is a natural number.
11. Disprove the following statements for
positive integers a, b, and c: 21. *Let a and b be positive integers. Prove
that
(a) [p, p] = p2 where p is prime.
(b) [a, b] = a × b gcd (a, b) = gcd (a + b, [a, b]) .
(c) If [a, b] = n and [b, c] = m then [Hint: You may find the result of
[a, c] = m × n. Exercises 1.3, question 16 useful:
If gcd (x, y) = 1 then
(d) [a + b, c] = [a, c] + [b, c]
(e) [ab, ac] = a2 [b, c] gcd (x + y, xy) = 1.]
(f) gcd (a, b, c) × [a, b, c] = a × b × c. 22. **Let a, b, and c be positive integers.

12. Prove [a, b], where a and b are positive
Prove that
integers, is unique. gcd (a, b, c) × [ab, ac, bc] = a × b × c
13. Determine the following:
(a) [2, 3, 5, 7] Exercises 1.3, question 19 useful:
(b) [24, 35, 51, 64]
(c) [11, 121, 132, 99, 77] gcd (a, b, c) = gcd (a, gcd (b, c)) .]
.........................................................................................................
(Brief solutions at end of book. Full 2.9. Show that the only prime of the form
solutions available at <http://www.oup.co. n3 − 1 is 7 where n is a natural
uk/companion/NumberTheory>.) number.
[Hint:
2.1. Factorize the following integers into
an − 1 = (a − 1) (an−1 + an−2 +
their prime factors:
an−3 + ⋯ + 1).]
(a) 100 (b) 1000 (c) 161
2.10. Show that:
(d) 201 (e) 301
(a) For any real x the following is
2.2. Determine the following:
false: ⌈x⌉ = ⌊x⌋ + 1.
1 1 𝜋
(a) ⌊ ⌋ (b) ⌊− ⌋ (c) ⌈− ⌉ (b) If x is not an integer then the
2 2 4
following is true: ⌈x⌉ = ⌊x⌋ + 1.
𝜋
(d) ⌊− ⌋ (e) ⌊−7.1⌋ + ⌈−7.1⌉ (c) For any real x we have
4
(f) ⌊−7.1⌋ + ⌈7.1⌉ ⌊x + m⌋ = ⌊x⌋ + m where m is an
2.3. Determine integer.
⌊𝜋⌋ ⌊e⌋ (d) For any real x we have
(a) ⌊e⌋ + ⌊𝜋⌋
⌈𝜋⌉ ⌈e⌉ ⌈x + m⌉ = ⌈x⌉ + m where m is an
(b) ⌈e⌉ + ⌈𝜋⌉
⌈𝜋⌉ ⌈e⌉ integer.
(c) ⌈e ⌉ + ⌈𝜋 ⌉
2.11. Test whether the following numbers
2.4. Determine ⌊√⌊x⌋⌋ and ⌊√x⌋ for the
are prime:
following:
(a) 907 (b) 1009 (c) 1331
(a) x = 100
(b) x = 1000 2.12. Demonstrate that 101 and 103 are
(c) x = 2.75 twin primes.
What do you notice about your results? 2.13. Prove that gcd (p + 1, p2 + 1) = 2
where p is an odd prime.
2.5. Plot the graph of ⌊x⌋ + ⌈x⌉.
2.14. Prove that there are infinitely many
2.6. Explain why ⌊x⌋ ≤ x and ⌈x⌉ ≥ x by primes that end in 111.
sketching appropriate graphs. 2.15. Prove that there are infinitely many
2.7. Justify the following by sketching primes of the form 8n + 3.
appropriate graphs: 2.16. Show that p2 + 2p + 1 is composite
(a) x − 1 < ⌊x⌋ ≤ x for all the primes p.
(b) x ≤ ⌈x⌉ < x + 1 2.17. Show that pn (n is a natural number)
2.8. Show that the only prime of the form is odd for primes p ≥ 3.
n2 − 1 is 3 where n is a natural
number.
2.18. Prove that p4 + 4p2 + 5 is composite 2.23. Let x be a real number. Show that
for prime p. ⌊x⌋ + ⌊−x⌋ =
[Hint: Complete the square.] 0 if x is an integer
{
2.19. Let n be a square integer. Show that −1 if x is not an integer
every exponent of the prime 2.24. Provide another proof of Proposition
decomposition of this number is (2.20). [Hint: The result of Exercises
even. 1.3, question 12 (i) may be helpful:
2.20. Prove that n3 + 1 is composite for x z and y z, and gcd (x, y) = 1 then
n ≥ 2. (x × y) z].
2.21. *Prove that the number nm − 1 2.25. *Prove Proposition (2.22) without
is composite for n > 2 and using the prime decompositions of
m ≥ 2. integers.
2.26. Let a and n be positive integers with
2.22. In the following cases find the first
n > 1. Prove that:
positive integer n for which f (n) is
(a) **If an − 1 is prime then a = 2
composite:
and n is prime.
(a) f (n) = 2n2 + 11 (b) If a ≥ 3 then an − 1 is composite.
(b) f (n) = 2n2 + 29 2.27. Let n be a natural number and p be
prime. Show that if p an then p a.
..............................................................................................................................
Theory of Modular
3 Arithmetic
..............................................................................................................................
SECTION 3.1 Introduction to Congruences

● apply the rules of congruences
● prove properties of congruences
● deduce properties of large positive integers
Often, we are only interested in a particular property of a large positive number. For exam-
ple, we might be interested in the following questions:
1. What is the last digit of 2127 ?
2. Is 10171 + 1 divisible by 17?
3. What is the remainder when 1! + 2! + 3! + ⋯ + 20! is divided by 20?
To deal with such questions about large numbers we use modular arithmetic, which is
very similar to our normal arithmetic, as you will find later in this section.
In fact, we already use modular arithmetic every day. Simply being able to use a clock
requires us to use modular arithmetic in modulo 12 hours. We don’t say ‘13 o’clock’, we start
again at one o’clock. This is very useful; aside from anything else a 24-hour clock face would
be extremely cluttered.
The same logic applies here; if we are simply investigating some property of an integer
that doesn’t require us to know its precise digits, it is often enough to express it simply as a
multiple of some smaller integer plus any remainder.
Another name for modular arithmetic is the ‘arithmetic of remainders’, because we clas-
sify a number according to the remainder when divided by a fixed number n called modulo
n. The plural of modulo is moduli.
Modular arithmetic converts the infinite number line into a cyclical loop because it is
often an extremely efficient way of analysing large integers (see Figure 3.1 on the next page).
In modular arithmetic, the arithmetic is done in a loop or circle rather than on a number
line.
In a nutshell, modular arithmetic takes the infinite number line and converts it into a
loop and from this loop we can deduce many properties of numbers. For example, we can
use modular arithmetic to answer the following questions:
92 3 T HE ORY OF M O D U L A R A R I T H M ET I C
Figure 3.1 The number line is represented as a circle or loop.
Which numbers are divisible by 9?
We will show that if the sum of digits of an integer divides into 9 then the integer is divisible
by 9. This is an easy check to see if any number is divisible by 9, and we will cover this in
Example 3.8 at the end of this section.
What day was the 3rd September 1939?
(The day Britain and France declared war on Germany.) Actually, modular arithmetic can
be used to compute any day of the week in history or in the future.
9
What are the last two digits of 99 ?
You are asked to find these digits in Exercises 3.1, question 30.
What are the applications of modular arithmetic?
We rely on modular arithmetic more than you might think; your bank uses modular arith-
metic to verify that your credit card number is well formed, and the bar code on supermar-
ket products is also verified using modular arithmetic.
3.1.1 Definition of congruence
The notation 10 ≡ 3 (mod 7) is simply a way of expressing the number 10 in modulo 7, that
is 10 can be expressed as a multiple of 7 (in this case 1 × 7) with a remainder of 3. It is
verbally stated as ‘10 is congruent to 3 modulo 7’. The symbol for ‘congruent to’ is ≡ and
modulo n is normally shortened to (mod n).
Examples of modular arithmetic are:
(a) 10 ≡ 3 (mod 7). Modulo 7 is useful for evaluating days of the week. For example, if
today is Monday then in ten days’ time it will be Thursday because 10 ≡ 3 (mod 7)
tells us that the quantity contains at least one full cycle of seven, that is Monday to
Monday, plus three days.
(b) 25 ≡ 1 (mod 2). Modulo 2 is useful for seeing if the number is odd or even by check-
ing for a remainder of 0 or 1.
I N TR O D U CT I O N TO C O N G RU E N C E S ( 9 1 – 1 1 0 ) 93
(c) 50 ≡ 2 (mod 24). Modulo 24 can be used to find the time using a 24-hour clock. Sup-
pose it is 9am, then in 50 hours’ time it will be 11am because
50 ≡ 2 (mod 24),
that is an undefined number of cycles from 9am to 9am, plus two hours. We say that
50 is congruent to 2 (mod 24).
Definition (3.1). Let n be a fixed positive integer and a, b be integers. We say ‘a is congruent
to b modulo n’ and it is denoted by
a ≡ b (mod n)
⇔ a − b is a multiple of n or there exists an integer k such that a − b = kn.
In this definition, transposing a − b = (k × n) to make a the subject gives
a = (k × n) + b.
Note that b is a remainder after dividing a by n.

Saying that a is b more than a multiple of n is cumbersome when we are doing this on a
frequent basis. It is much more convenient to say ‘a is congruent to b modulo n’.
The theory of modular arithmetic was developed by one of the greatest mathematicians
of all time, Gauss (see Figure 3.2 below).
Gauss was one of the three greatest

mathematicians of all time, the others being
Archimedes and Newton.
By the age of 11, Gauss could prove that
√2 is irrational. At the age of 18 he
constructed a regular 17-sided polygon with
a compass and unmarked straight edge only.
Gauss went to the world-renowned centre
for mathematics—Göttingen. Later in life,
Gauss took up a post at Göttingen and
published papers in number theory, infinite
series, algebra, astronomy, and optics. The
unit of magnetic induction is named after
Gauss.
Figure 3.2 Gauss (1777–1855).

If the remainder is zero, that is b = 0 in the above definition, then we say a is divisible by
n or n is a divisor of a denoted n | a. For example:
6 ≡ 0 (mod 3) because 6 = (2 × 3) + 0
540 ≡ 0 (mod 6) because 540 = (90 × 6) + 0
We have the following proposition:
Proposition (3.2). Let a be an integer then
a ≡ 0 (mod n) ⇔ n | a.
In the above example we have 6 ≡ 0 (mod 3) ⇔ 3 | 6.
Proof.
Applying Definition (3.1):
a ≡ b (mod n) ⇔ a − b = kn,
to a ≡ 0 (mod n) gives
a ≡ 0 (mod n) ⇔ a − 0 = kn ⇔ n | a.
Hence a − 0 = a is a multiple of n or n | a.

Examples of non-zero remainders are:

5 divided by 4 gives a remainder of 1, so we can write this as 5 ≡ 1 (mod 4).
10 divided by 7 gives a remainder of 3, so we can write this as 10 ≡ 3 (mod 7).
What does 25 ≡ 1 (mod 24) mean?
25 divided by 24 gives a remainder of 1. This is an example of clock arithmetic. If it is 2pm,

then after 25 hours it will be 3pm because 25 ≡ 1 (mod 24).
We are not interested in dividing by 1 because the remainder will always be zero, that is
for every integer a we have a ≡ 0 (mod 1).
For congruences we consider modulo n ≥ 2.
How do we know integers a and b exist such that a ≡ b (mod n) ?
Because by the Division Algorithm (1.7) of Chapter 1:

Let a and n ≥ 1 then we have a = (n × q) + r where 0 ≤ r < n.
For example, writing 158 as a multiple of 10 plus any remainder, we have

158 = (15 × 10) + 8 which in modular notation is (158 is 8 more than a multiple of 10):
158 ≡ 8 (mod 10).
Similarly, we have
100 = (14 × 7) + 2 which is 100 ≡ 2 (mod 7).
Suppose today is Thursday.
What day will it be in 100 days time?
7, 14, 21, 28, … days after Thursday is a Thursday, so we are interested in the remain-
der of 100 divided by 7, which is 2. Hence in 100 days time it will be Saturday because
100 ≡ 2 (mod 7).
3.1.2 Complete system of residues
We have a = (n × q) + r ⇔
a ≡ r (mod n) [r is the remainder of a divided by n].
Remember modular arithmetic classifies a number according to the remainder.

Since the remainder r can be of any value 0, 1, 2, 3, 4, … , n − 1, we conclude that every
integer is congruent to one of these. Another name for these remainders is residues.
In everyday English language, what does the term residue mean?
It means what is left over after something has been removed.
What are the residues modulo 7?
The leftovers after dividing any number by 7 are 0, 1, 2, 3, 4, 5, or 6. We normally write

these residues in a set: {0, 1, 2, 3, 4, 5, 6}. This set {0, 1, 2, 3, 4, 5, 6} is a complete set of
residues modulo 7.
What about the residues {7, 8, 9, 10, 11, 12, 13} modulo 7?
This is also a complete set of residues modulo 7 because
7 ≡ 0 (mod 7) , 8 ≡ 1 (mod 7) , ⋯ , 13 ≡ 6 (mod 7).

Example 3.1
Write two more sets of complete residues modulo 7.
Solution
We can illustrate modulo 7 as a circle or clock, as shown in Figure 3.3.
We carry out the arithmetic for modulo 7 on this clock with the addition of integers going clockwise
and the subtraction of integers going anticlockwise:
…, –7, 0, 7, 14, 21,…
Subtract …, –1, 6, 13, 20,… …, –6, 1, 8, 15,… Add

numbers numbers
this way. this way.
Modulo 7
…, –2, 5, 12, 19,… …, –5, 2, 9, 16,…
…, –4, 3, 10, 17,…

…, –3, 4, 11, 18,…
Figure 3.3
We can consider integers from 14 onwards: {14, 15, 16, 17, 18, 19, 20}.
We can also consider negative integers which go anticlockwise, as you can observe from Figure 3.3.
Hence a set of negative integers which form a complete set of residues is
{−1, −2, −3, −4, −5, −6, −7}.
If a set of integers covers all the junctions (⋅) around the clock and this set only stops once
at each junction, then the set is said to be a complete system of residues. The formal defi-
nition is:
Definition (3.3). The set {r1 , r2 , r3 , ⋯ , rn−1 , rn } is said to form a complete set of residues
modulo n if every integer is congruent to one and only one rk in the set. This is also called
a complete system of residues modulo n.
A set of integers is a complete system if it satisfies both these conditions:

1. All stops are covered by the set.
2. The set only stops once at each junction.
The above sets:
{0, 1, ⋯ , 5, 6} , {7, 8, ⋯ , 12, 13} and {−1, −2, ⋯ , −6, −7}
are complete systems modulo 7.

How many of these sets can there be?
Infinitely many. In mathematics we are interested in unique answers if possible.
Can we define a unique set of integers which forms a complete system of residues?
Yes. The least residues, or actually the least non-negative residues.

The set of integers {0, 1, 2, 3, ⋯ , n − 1} is called the least non-negative residues
modulo n. For example, {0, 1, 2, 3, 4, 5, 6} is the least non-negative residues modulo 7.
Example 3.2
Write down the complete system of least non-negative residues of:

(a) modulo 10 (b) modulo 2 (c) modulo 5
Solution
(a) {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} (b) {0, 1} (c) {0, 1, 2, 3, 4}
Example 3.3
In the following, let x be the least non-negative residue modulo n. Find x.

(a) 34 ≡ x (mod 10) (b) 100 ≡ x (mod 9)
(c) −27 ≡ x (mod 7) (d) −100 ≡ x (mod 6)
Solution
(a) Dividing 34 by 10 yields 34 = (10 × 3) + 4, therefore
34 ≡ 4 (mod 10) so x = 4.
Note that we have written the number 34 as a multiple of 10 plus a remainder of 4.

(b) Dividing 100 by 9 gives 100 = (11 × 9) + 1, with a remainder of 1:
100 ≡ 1 (mod 9) implies x = 1.
(c) By the Division Algorithm we have −27 = (−4 × 7) + 1, therefore
−27 ≡ 1 (mod 7) implies x = 1.
(d) Similarly we have −100 = (−17 × 6) + 2. Therefore,
−100 ≡ 2 (mod 6) implies x = 2.
If in a set of residues {r1 , r2 , r3 , ⋯ , rn−1 , rn } there are two or more residues congruent
to each other modulo n, then this system cannot form a complete system of residues. This
means the set stops at least twice at a particular junction.
For example, none of the following are a complete system of residues modulo 5:
{10, 15, 20, 25, 30} , {−1, −2, −3, −4, −8} , and {0, 1, 2, 3, 4, 7} .
Why not?
We can illustrate modulo 5 as follows (see Figure 3.4):
…, –5, 0, 5, 10, 15,…
…, –1, 4, 9, 14,… …, –4, 1, 6, 11,…

Modulo 5
…, –2, 3, 8, 13,… …, –3, 2, 7, 12,…
Figure 3.4 Modulo 5 clock.
In the first set {10, 15, 20, 25, 30}, all the numbers are congruent to 0 modulo 5. The
stops 1, 2, 3, 4 (mod 5) are missing, so this set is not a complete system.
In the second set, {−1, −2, −3, −4, −8}, the stop 0 (mod 5) is missing, so cannot be a
complete system.
In the third set {0, 1, 2, 3, 4, 7} , we have 7 ≡ 2 (mod 5). This means we have two stops
at junction 2 (mod 5). Remember for a complete system we can only have one stop at each
junction.
Proposition (3.4). For arbitrary integers a and b we have
a ≡ b (mod n)
⇔ a and b leave the same non-negative remainder when divided by n.
How are we going to prove this result?
Since we have the symbol ⇔ in the statement, we need to prove this both ways: ⇒ and ⇐.
We use Definition (3.1) and the Division Algorithm.
Proof.
(⇒). We assume a ≡ b (mod n). By Definition (3.1):
a ≡ b (mod n) ⇔ a − b = kn.
There exists an integer k such that
a − b = kn. (∗)
By applying the Division Algorithm (1.7) to a and n we have
a = q1 n + r1 , 0 ≤ r1 < n.
Applying the Division Algorithm to b and n gives
b = q2 n + r2 , 0 ≤ r2 < n.
We are required to prove that the remainders are equal, that is r1 = r2 .

Substituting these results, a = q1 n + r1 and b = q2 n + r2 , into (∗) yields:
a − b = q1 n + r1 − (q2 n + r2 )
= (q1 − q2 ) n + (r1 − r2 )
=
⏟ kn where k = q1 − q2 .
by (∗)
This implies that r1 − r2 = 0, which gives r1 = r2 .

(⇐). Assume integers a and b leave the same remainder, say r, when divided by n. By the
Division Algorithm we have
a = q1 n + r 0≤r<n
b = q2 n + r 0 ≤ r < n.
Subtracting these gives
a − b = q1 n + r − q2 n − r
= (q1 − q2 ) n.
From this a − b = (q1 − q2 ) n we have that a − b is a multiple of n, which implies
a ≡ b (mod n).

An example of this result is
47 (mod 10) ≡ 37 (mod 10) ≡ 27 (mod 10) ≡ 7 (mod 10),
because 47, 37, 27, or 7 divided by 10 leaves the same remainder 7.

We normally write this in compact form as
47 ≡ 37 ≡ 27 ≡ 7 (mod 10).
If an integer a is not congruent to integer b modulo n then we denote this by
a ≢ b (mod n).
We say a is incongruent to b modulo n.

For example, 47 ≢ 6 (mod 10), because 47 divided by 10 gives remainder 7 and 6 divided
by 10 gives remainder 6. We say 47 is incongruent to 6 modulo 10.
3.1.3 Properties of congruences
The congruent symbol, ≡, can easily be confused with the equal sign =. This is because they
look alike, but they also have very similar properties.
Proposition (3.5). We have the following properties of congruences:

(i) a ≡ a (mod n).
(ii) If a ≡ b (mod n) then b ≡ a (mod n).
(iii) If a ≡ b (mod n) and b ≡ c (mod n) then a ≡ c (mod n).
Numerical examples of these results are:

(i) 7 ≡ 7 (mod 5).
(ii) 7 ≡ 2 (mod 5) ⇒ 2 ≡ 7 (mod 5).
(iii) 7 ≡ 2 (mod 5) and 2 ≡ −3 (mod 5) ⇒ 7 ≡ −3 (mod 5).
How do we prove the general results given in this Proposition?
By using Definition (3.1) which says:
a ≡ b (mod n) ⇔ a − b = kn.
Proof of (i).
We have a − a = 0 and 0 is a multiple of n because n × 0 = 0 therefore a ≡ a (mod n).

Proof of (ii).
We have a ≡ b (mod n), and this implies there is an integer k such that
a − b = kn [a − b is a multiple of n].
Multiplying this by −1 gives
− (a − b) = −kn
b − a = (−k) × n [b − a is a multiple of n] .
Since b − a is a multiple of n, so by Definition (3.1) we have b ≡ a (mod n).

Proof of (iii).
We assume a ≡ b (mod n) and b ≡ c (mod n). By using Definition (3.1) there exist integers
k and m such that
a − b = kn [a − b is a multiple of n]
b − c = mn [b − c is a multiple of n] .
Adding these two gives
a − b + b − c = kn + mn
a − c = (k + m) n [Simplifying and factorizing] .
From the last line we have a − c is a multiple of n, which implies a ≡ c (mod n).

We also need to establish some results, which involves addition, subtraction, and mul-
tiplication in modular arithmetic. We will leave division (or the multiplicative inverse) in
modular arithmetic for Section 3.3 of this chapter.
The next result concerns the addition and multiplication in modular arithmetic.
Proposition (3.6). If a ≡ b (mod n) and c ≡ d (mod n) then

(i) a + c ≡ (b + d) (mod n) (ii) ac ≡ bd (mod n)
Numerical illustrations of this proposition are:

1729 ≡ 2 (mod 11) and 4159 ≡ 1 (mod 11) .
This proposition says that
(i) 1729 + 4159 ≡ 2 + 1 ≡ 3 (mod 11) and (ii) (1729 × 4159) ≡ (2 × 1) ≡ 2 (mod 11) .
Notice that we did not need to evaluate the sum 1729 + 4159 or the product 1729 × 4159.
See how modular arithmetic subdues these numbers.
How do we prove the results of Proposition (3.6)?
By using Definition (3.1):
x ≡ y (mod n) ⇔ x − y = kn.
Proof of (i).
We are given a ≡ b (mod n) and c ≡ d (mod n). By this Definition (3.1) there exist integers
k and m such that
a − b = kn [a − b is a multiple of n]
c − d = mn [c − d is a multiple of n] .
Adding these together, a − b = kn and c − d = mn, gives
a − b + (c − d) = kn + mn
(a + c) − (b + d) = (k + m) n [Rearranging and factorizing] .
By the last line we have that (a + c) − (b + d) is a multiple of n, so by Definition (3.1):
a + c ≡ (b + d) (mod n).

Proof of (ii).
Similarly, we have a − b = kn and c − d = mn where k and m are integers. Multiplying the
first a − b = kn by c and multiplying the second c − d = mn by b:
ac − bc = knc
bc − bd = bmn.
Adding these gives
− bc + bc −bd = knc + bmn

ac ⏟⎵⏟⎵⏟
=0
ac − bd = (kc + bm) n [Factorizing]
Hence ac − bd is a multiple of n, therefore ac ≡ bd (mod n).

What use are these results just established?
As a practical application we can apply these results to clock arithmetic.
Example 3.4
If it is 7am, what will be the time in 100 hours?
Solution
Since we are given that our starting point is 7am, so we use modulo 24.
What do we need to determine first?
Write 100 modulo 24 in terms of the least non-negative residue:
100 ≡ 4 (mod 24) [Because 100 = (4 × 24) + 4 so remainder is 4].

We apply the previous property in Proposition (3.6) part (i):
If a ≡ b (mod n) and c ≡ d (mod n) then a + c ≡ b + d (mod n).
Since we start at 7am, adding 7 ≡ 7 (mod 24) and 100 ≡ 4 (mod 24) gives
7 + 100 ≡ 7 + 4 ≡ 11 (mod 24) .
Therefore, it will be 11am in 100 hours time.
3.1.4 Applications to integers
At the start of this chapter we mentioned that modular arithmetic is used to find properties
of large numbers. Consider the following example.
Example 3.5
Determine the remainder when 1! + 2! + 3! + 4! + ⋯ 99! + 100! is divided by 20.
Solution
Recall what n! means:
n! = n × (n − 1) × (n − 2) × ⋯ × 3 × 2 × 1.
To find the remainder after dividing by 20 means we have to work with modulo 20.
Adding the first few terms of the given sum, we have:
1! + 2! + 3! + ⋯ + 99! + 100! ≡ 1 + 2 + 3 (2) + 4 (3) (2) + 5⏟

(4) (3) (2) + 6 ⏟⏟⏟
(5) (4) (3) (2) + ⋯
=20 =20
(mod 20)
≡ 1⏟⎵
+⎵2⎵⏟⎵
+ 6⎵
+⎵⏟
24 +20 (3) (2) + 6 (20) (3) (2) + ⋯ (mod 20)
=33
≡ 33 + ⏟
0 + ⏟
0 + ⏟
0 +⋯+
Multiple of 20 Multiple of 20 Multiple of 20
⏟
0 (mod 20)
Multiple of 20
≡ 33 ≡ 13 (mod 20)
Hence the remainder is 13 after dividing the large sum 1! + 2! + ⋯ 99! + 100! by 20.
Note that modular arithmetic tones down large numbers, as you can observe from
Example 3.5. Next, we look at adding or multiplying the same congruence modulo n to
both sides:
Corollary (3.7). If a ≡ b (mod n) then for any integer c we have

(i) a + c ≡ b + c (mod n) (ii) (a × c) ≡ (b × c) (mod n)
Like the equal sign, adding or multiplying by the same congruence keeps the same congru-
ent relationship.
Proof.
If we apply the previous Proposition (3.6):
If a ≡ b (mod n), c ≡ d (mod n) then
(i) a + c ≡ b + d (mod n) (ii) ac ≡ bd (mod n) ,
with c ≡ c (mod n), then we have both our results:
(i) a + c ≡ b + c (mod n) (ii) ac ≡ bc (mod n).
3.1.5 Indices of congruences
We now consider indices of residues. We prove that if a is congruent to b modulo n

then taking each of these, a and b, to a natural number index keeps the same congruent
relationship.
Proposition (3.8). If a ≡ b (mod n) then ak ≡ bk (mod n) where k is a natural number.

A couple of numerical examples of this proposition are:
365 ≡ 1 (mod 7) then 365100 ≡ 1100 ≡ 1 (mod 7)

511
13 ≡ −1 (mod 14) then 13511 ≡ (−1) ≡ −1 ≡ 13 (mod 14).
We did not need to evaluate these large numbers 365100 and 13511 .
(365100 has 730 digits and 13511 has 570 digits.)
How do we prove this Proposition?
By applying mathematical induction with Proposition (3.6) (ii):
a × c ≡ b × d (mod n).
Proof.
We are given a ≡ b (mod n), so the result is true for k = 1. Assume it is true for an arbitrary
k = m, that is am ≡ bm (mod n). Consider the case k = m + 1:
am+1 ≡ am × a ≡ bm × b ≡ bm+1 (mod n).
Hence by mathematical induction we have our result.

We can use all these properties of adding, multiplying, and taking powers of congruences
to evaluate remainders of numbers.
In the next example we demonstrate how modular arithmetic is used to find the last digit
of a large number without finding all the digits of the number itself.
Example 3.6
Determine the last digit of 3101 .
Solution
The calculator will not show the last digit of this number 3101 because the number is too large (it has
49 digits):
3101 = ⏟⎵
3 ×⎵×⎵⏟⎵
3⎵ 3× ⎵
⋯ ×3.
⎵⎵⏟
101 copies
So how do we evaluate the last digit of 3101 ?

We are interested in finding the remainder (between 0 and 9) when 3101 is divided by 10. Therefore,
the last digit of any integer is the least non-negative residue modulo 10. This means we work with
modulo 10. Our goal is to find x in the following:
3101 ≡ x (mod 10) [x is the least non-negative residue modulo 10].
We know that 32 = 9 and 32 ≡ 9 ≡ −1 (mod 10) because:
0 (mod 10)
–1 or 9 (mod 10) 1 (mod 10)
Subtract Add
numbers numbers
–2 or 8 (mod 10) 2 (mod 10)
this way. this way.
Modulo 10
–3 or 7 (mod 10) 3 (mod 10)
Figure 3.5
We want to write the index 101 as a multiple of 2 plus a remainder because from above we have
32 ≡ −1 (mod 10), and this makes the arithmetic easier as we have a −1:
101 = (2 × 50) + 1 [By the Division Algorithm].
By using the rules of indices we have
3101 ≡ 3(2 × 50)+1

50
≡ (32 ) ×3 [Using the rules of indices]
50
≡ (9) ×3
50
≡
⏟ (−1) × 3 ≡ (1) × 3 ≡ 3 (mod 10)
From above
Therefore, the last digit of 3101 is 3, because the remainder after division by 10 is 3.
We will examine the last few digits of various integers in Chapters 4 and 5.
3.1.6 Divisibility tests
Example 3.7
Show that 42 | (1370 − 1).
Solution
What does the notation 42 | (1370 − 1) mean?
42 is a factor of 1370 − 1. This number 1370 − 1 has 78 digits, which is cumbersome to write down in
decimal format.
How are we going to show 42 divides 1370 − 1?
Using modular arithmetic with modulo 42. Note that:
132 = 169 ≡ 1 (mod 42) [Because 169 = (4 × 42) + 1].
Using the rules of indices we have
35
1370 ≡ (132 ) [Because 70 = 2 × 35]
35
≡ (1) [Because 132 = 169 ≡ 1 (mod 42)]
≡ 1 (mod 42).
Hence 1370 − 1 ≡ 1 − 1 ≡ 0 (mod 42) , which implies 1370 − 1 is a multiple of 42 or
42 | (1370 − 1).
We did not need to find the actual digits of the number 1370 − 1 in order to show that 42
is a factor of this number.
The next proposition says that the congruence relationship holds in a polynomial which
has integer coefficients—see Introductory Chapter for what is meant by a polynomial.
For example,
5x7 + 3x6 + 2x5 + ⋯ + x2 + 3x + 1
is a polynomial with integer coefficients.
Proposition (3.9). Let P (x) = c0 + c1 x + c2 x2 + ⋯ + cm−1 xm−1 + cm xm be an mth degree

polynomial, that is cm ≢ 0 (mod n), where the coefficients ck ’s are integers.
If a ≡ b (mod n) then P (a) ≡ P (b) (mod n).
Proof.

Example 3.8
Show that if the sum of digits of an integer divides into 9 then the integer is divisible by 9.
Solution
This is a very useful result in determining whether a number is divisible by 9 or not. For example, test
whether 984 567 is divisible by 9:
The sum of the digits is 9 + 8 + 4 + 5 + 6 + 7 = 39 and 9 does not divide into 39, therefore 984 567
is not divisible by 9.
Test 111 111 111 for divisibility by 9:
Similarly adding the digits of 111 111 111 gives
1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 = 9 and 9 | 9, therefore 9 | 111 111 111.

We need to prove this test for divisibility by 9 for the general case and not just these two numbers.
Proof.
Let the integer be N = an an−1 an−2 ⋯ a2 a1 a0 . The sum S of the digits is given by
S = an + an−1 + an−2 + ⋯ + a2 + a1 + a0 . (∗)
We are given that 9 divides into S, that is 9 | S or
S ≡ 0 (mod 9). (†)
How do we show that this results in 9 divides into the given integer N?
We show that N ≡ 0 (mod 9).
What does N = an an−1 an−2 ⋯ a2 a1 a0 mean?
It means that the unit’s digit is a0 , 10’s digit is a1 , 100’s digit is a2 , and so on:
Table 3.1
n−1 2 1 0
10n 10 ⋯ 10 = 100 10 = 10 10 = 1
an an−1 ⋯ a2 a1 a0
We can write this in expanded form as:
N = an an−1 an−2 ⋯ a2 a1 a0
= (an × 10n ) + (an−1 × 10n−1 ) + (an−2 × 10n−2 ) + ⋯ + (a2 × 102 ) + (a1 × 10)
+ (a0 × 1).
Since we are interested in divisibility by 9, so we use modulo 9.
What is 10 modulo 9 equal to?

10 ≡ 1 (mod 9).
By applying Proposition (3.8); a ≡ b (mod n) implies ak ≡ bk (mod n) we have
10k ≡ 1k ≡ 1 (mod 9) for any integer k.

(continued...)
Using these in the congruence below and applying Proposition (3.9):
N ≡ an an−1 an−2 ⋯ a2 a1 a0
≡ (an × 10n ) + (an−1 × 10n−1 ) + ⋯ + (a2 × 102 ) + (a1 × 10) + (a0 × 1) (mod 9)
≡ (an × 1) + (an−1 × 1) + ⋯ + (a2 × 1) + (a1 × 1) + (a0 × 1) [By above results]
≡ an + an−1 + an−2 + ⋯ + a2 + a1 + a0
⏟ S ≡ 0 (mod 9)
≡ [By (†)] .
By (∗)
Hence 9 | N because N ≡ 0 (mod 9).

In the last calculation we had N ≡ S (mod 9) which implies N − S = 9k, which we can re-
arrange as N − 9k = S. This implies that if 9 | N then 9 | S. We can re-state the above result
of Example 3.8 as:
Integer is divisible by 9 ⇔ the sum of its digits is divisible by 9.
Summary
Modular arithmetic is used to deduce certain properties of large numbers.
We say that a ≡ b (mod n) is equivalent to a − b is a multiple of n.

If a ≡ b (mod n) and c ≡ d (mod n) then
(3.6) a + c ≡ b + d (mod n), ac ≡ bd (mod n)
(3.8) ak ≡ bk (mod n).
EXERCISES 3.1
(Brief solutions at end of book. Full (a) {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}

solutions available at <http://www.oup.co. (b) {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
uk/companion/NumberTheory>.) 11, 12}
1. Write down three sets of complete (c) {0, 2, 4, 6, 8, 10, 12, 13, 14,
residues of the following moduli: 15, 16}.
(a) 5 (b) 10 (c) 13 3. Write down the complete system of

least non-negative residues of the
2. Explain why the following are not a following moduli:
complete system of residues
modulo 11: (a) 6 (b) 12 (c) 17
4. Determine x where x is the least 10. *Find the last two digits of 20142014 .
non-negative residue modulo n in the (This number has 6655 digits.)
following:
11. (a) Show that if a is an even number
(a) 100 ≡ x (mod 12) and n is a natural number then an is
(b) 666 ≡ x (mod 11) also even.
(c) −5 ≡ x (mod 15)
(b) Show that if a is an odd number
(d) 1000 ≡ x (mod 1001) and n is a natural number then an is
(e) −25 ≡ x (mod 7) also odd.
(f) −100 ≡ x (mod 24)
12. (a) Show that a square number a2
5. Find x where x is the least divided by 3 gives only remainders 0
non-negative residue modulo n of the or 1.
following:
(b) Show that a square number a2
(a) 2789 + 2788 ≡ x (mod 2787) divided by 4 gives only remainders 0
(b) 2789 × 2788 ≡ x (mod 2787) or 1.
(c) 5201 + 5211 ≡ x (mod 5200)
(d) 5201 × 5211 ≡ x (mod 5200) 13. Let p be prime of the form
p ≡ 3 (mod 4). Show that p cannot be
(e) 5198 + 5188 ≡ x (mod 5200)
written as the sum of two squares.
(f) 5198 × 5180 ≡ x (mod 5200)
[Hint: Use the result of question
6. Find the least non-negative residue of 12 (b).]
1729 (mod 5) , 1729 (mod 11), and
14. Let n be a natural number. Prove that
1729 (mod 1001).
6n ≡ 6 (mod 10).
7. Determine the last two digits of the
What conclusion can you draw about the
following by using modular last digit of powers of 6?
arithmetic:
15. Show that 2m ≢ 0 (mod 10) where m is
(a) 4 352 709 × 4 678 829 a natural number.
(b) 43527835
What does this mean in relation to digits of
8. Determine whether the following are 2m ?
true or false: [Hint: Write m = 4q + r 0 ≤ r < 4.]
(a) 12 ≡ 232 (mod 5) 16. Prove that the last digit of a square
(b) 15 ≢ 5 (mod 10) number can only be 0, 1, 4, 5, 6, or 9.
(c) 12 ≡ −1 (mod 11)
17. Let a be any integer. Show that the last
(d) 365 ≢ 1 (mod 7)
(e) −65 ≡ −29 (mod 12) digit of a3 can be any digit from 0 to 9.
(f) −43 ≢ −46 (mod 2) 18. *Disprove the following statements:
9. Determine the last digit of the (a) a2 ≡ b2 (mod n) ⇒ a ≡ b (mod n)
following numbers:
(b) a × b ≡ 0 (mod n) ⇒
(a) 3100 (b) 9100 a ≡ 0 or b ≡ 0 (mod n)
(c) 2100 (d) 4100
(c) ac ≡ bc (mod n) ⇒ a ≡ b (mod n).
19. Find the remainders in the following where pj ’s are distinct primes and
cases: a ≡ b (mod n) then a ≡ b (mod pj ) for
(a) 11567 is divided by 61 j = 1, 2, ⋯ , m.
(b) 11567 is divided by 43 25. Prove that a3 − a ≡ 0 (mod 3).
5
20. Show that F5 = 22 + 1 (Fermat 26. Show that 3 divides 4n − 1 where n is a
number with n = 5) is divisible natural number.
by 641.
27. Show that a natural number is divisible
21. Determine the last digit of by 3 if and only if the sum of the digits
1! + 2! + 3! + 4! + ⋯ + 1000!. is divisible by 3.
22. Determine the last digit of the 28. Show that
following numbers: (i) x7 ≡ x (mod 7)
(a) 19611961 (ii) x7 ≡ x (mod 6)
(b) 10231022 (iii) x7 ≡ x (mod 42)
(c) 20192019 29. *Prove the following by induction:
23. *Prove that at least one of k 22n+1 ≡ 9n2 − 3n + 2 (mod 54) where n
consecutive integers is divisible by k. is a natural number.
9
24. (a) Prove that if m | n and 30. *Show that the last two digits of 99 are
a ≡ b (mod n) then a ≡ b (mod m). 8 and 9.
(b) Prove that if ka ≡ kb (mod kn) 31. Prove Proposition (3.9).

then a ≡ b (mod n) where k > 0. 32. This is a test for divisibility by 11.
*(c) Prove that if a ≡ b (mod n) and Let a natural number N be written in
a ≡ b (mod m) then a ≡ b (mod m × n), its decimal format as:
provided gcd (m, n) = 1.
N = an an−1 an−2 ⋯ a2 a1 a0 where a’s are
(d) Let a ≡ b (mod nk ) for the digits of the number.
k = 1, 2, 3, ⋯ , r where gcd (ni ,nj ) = 1
for i ≠ j. Prove that Let
n
a ≡ b (mod n1 × n2 × ⋯ × nr ). T = a0 − a1 + a2 − a3 + ⋯ + (−1) an .
(e) Prove that if Show that 11 divides N ⇔ 11

divides T.
k k k
n = p11 × p22 × ⋯ × pmm
.........................................................................................................
CO N G RU E N T PR O P ERT I E S O F M U LT I P L I C AT I O N ( 1 1 1 – 1 1 7 ) 111
SECTION 3.2 Congruent Properties of Multiplication

● know when to apply the cancellation law
● compare ordinary and modular arithmetic
3.2.1 Cancellation of congruence
From the last section, Corollary (3.6), we have

a ≡ b (mod n) implies ac ≡ bc (mod n).
This means that we can multiply a ≡ b (mod n) by any integer c and the congruence still
holds.
Is the statement true going the other way,

ac ≡ bc (mod n) implies a ≡ b (mod n)?
No. For example,
6 × 2 ≡ 11 × 2 (mod 10) but 6 ≢ 11 (mod 10).
6 is not congruent to 11 modulo 10.

In ordinary algebra we know we can always divide through by non-zero numbers; for
example, if c is non-zero then
ac = bc implies that a = b.
However, in modular arithmetic:

ac ≡ bc (mod n) ⇒
/ a ≡ b (mod n) [Does not imply].
Can we rescue any way forward for cancellation in modular arithmetic?
There are cases where we can divide through by a common factor. For example,
2 × 6 ≡ 2 × 11 (mod 5) implies 6 ≡ 11 (mod 5).
(We will see why shortly.)

Other examples where this congruence holds are:
9 × 7 ≡ 3 × 7 (mod 6) implies 9 ≡ 3 (mod 6)

27 × 9 ≡ 7 × 9 (mod 10) implies 27 ≡ 7 (mod 10)
11 × 6 ≡ 11 × 19 (mod 13) implies 6 ≡ 19 (mod 13).
Why does this cancellation work in some cases but not all?
The next proposition gives the criteria governing when we can cancel out common factors.
Cancelling out common factors makes the arithmetic simpler.
n
Proposition (3.10). If ac ≡ bc (mod n) then a ≡ b (mod ) where g = gcd (c, n).
g
Note that in the above example
9 × 7 ≡ 3 × 7 (mod 6) implies 9 ≡ 3 (mod 6).
Relating this to the proposition we have the common factor c = 7 and n = 6.

n 6
The g = gcd (6, 7) = 1 and (mod ) = (mod ) = (mod 6). Therefore, it works in this
g 1
case.
Proof.
Let g = gcd (c, n) so there exist integers x and y such that
gx = c and gy = n. (∗)
n n
We are required to prove that divides a − b, or in notation form | (a − b).
g g
Why?
n
Because our aim is to show a ≡ b (mod ).
g
n
From (∗) we have y = , which means it is enough to prove that y | (a − b) .
g
We are given that ac ≡ bc (mod n), which means that ac − bc is a multiple of n.

Hence
ac − bc = kn
(a − b) c = kn [Factorizing]
(a − b) gx = kgy [Substituting c = gx and n = gy from (∗)] .
(a − b) x =⏟ ky implies y | (a − b) x.
Cancelling out g
We have y | (a − b) x, but we need to prove y | (a − b).
How?
We show that the gcd of x and y is equal to 1. Applying Proposition (1.5):

a b
if gcd (a, b) = g then gcd ( , ) = 1,
g g
c n
to gcd (x, y) =
⏟ gcd ( , ) = 1.
By (∗)
g g
Now we apply Euclid’s Lemma (1.13):
If a | (b × c) with gcd (a, b) = 1 then a | c.

To y | [(a − b) × x] with gcd (y, x) = 1 gives y | (a − b). We have our result because
n n
a ≡ b (mod y) implies a ≡ b (mod ) [Because y = ]
g g

We use this Proposition (3.10):
n
If ac ≡ bc (mod n) then a ≡ b (mod ) where g = gcd (c, n).
g
To simplify our calculation. Consider the numerical examples:
4
2 × 3 ≡ 2 × 7 (mod 4) implies 3 ≡ 7 (mod ) ≡ 7 (mod 2) .
2
6
3 × 15 ≡ 5 × 15 (mod 6) implies 3 ≡⏟ 5 (mod ) ≡ 5 (mod 2).
Because gcd (15, 6)=3 3
We can also use this Proposition (3.10) to help us solve linear congruences.
Example 3.9
Determine the integers x in the following congruence:
15x ≡ 45 (mod 10).
[This is an example of a linear congruence which we will discuss in the next section.]
Solution
We can rewrite the given congruence as 15x ≡ 15 × 3 (mod 10).
The greatest common divisor of 15 and 10 is
gcd (15, 10) = 5.
Applying the previous Proposition (3.10):
n
ac ≡ bc (mod n) implies a ≡ b (mod ) where g = gcd (c, n),
g
to the given congruence 15x ≡ 15 × 3 (mod 10) yields
10
x ≡ 3 (mod ) ≡ 3 (mod 2) ≡ 1 (mod 2).
5
The solution x ≡ 1 (mod 2) implies that x is an odd integer because the integers x satisfy x − 1 = 2t
(because x − 1 is a multiple of 2) where t is an integer or
x = 2t + 1.
By substituting various integers for t we have the following odd values for x:
x = 1, 3, 5, 7, ⋯ , −1, −3, ⋯ is a solution to 15x ≡ 45 (mod 10).
Let us consider the special case where gcd (c, n) = 1, that is integers c and n have no factor
in common apart from 1—they are relatively prime.
Cancellation Law (3.11). If ac ≡ bc (mod n) and gcd (c, n) = 1 then a ≡ b (mod n).
Proof.
Applying the previous Proposition (3.10) with g = gcd (c, n) = 1 gives
n
ac ≡ bc (mod n) implies a ≡ b (mod ) ≡ b (mod n).
1
Hence ac ≡ bc (mod n) implies a ≡ b (mod n).

An example is
9 × 3 ≡ 9 × 17 (mod 7) and gcd (7, 9) = 1, therefore 3 ≡ 17 (mod 7).
Consider the following (linear congruence):
12x ≡ 36 (mod 11) ⇒ 12x ≡ 12 × 3 (mod 11) ⇒

⏟ x ≡ 3 (mod 11).
Because gcd (12, 11)=1
Remember this solution x ≡ 3 (mod 11) implies x is 3 more than a multiple of 11, that is
x = 3 + 11t where t is any integer.
Next, we consider the Cancellation Law for modulo prime numbers.
Cancellation Law (3.12). If ac ≡ bc (mod p) where p is prime and p c then
a ≡ b (mod p).
Proof.
We are given the prime p does not divide c so gcd ( p, c) = 1.
Why?
Because by Exercises 2.1, question 3 (a):

Let p be prime and the prime does not divide c then gcd (p, c) = 1.
Applying the Cancellation Law (3.11) to ac ≡ bc (mod p) gives a ≡ b (mod p) , which is
our required result.

An application of this corollary with prime modulo 13 is
6 × 4 ≡ 6 × 30 implies 4 ≡ 30 (mod 13) because 13 6.
3.2.2 Properties of congruences related to zero modulo n
In ordinary arithmetic and algebra, we have
a × b = 0 implies a = 0 or b = 0.
Does this result also hold for modular arithmetic, that is

a × b ≡ 0 (mod n) then a ≡ 0 or b ≡ 0 (mod n) ?
No. For example,
4 × 5 ≡ 0 (mod 20) but 4 ≢ 0 (mod 20) nor 5 ≢ 0 (mod 20).
There are cases where a × b ≡ 0 (mod n) implies b ≡ 0 (mod n). Examples are
3 × 20 ≡ 0 (mod 10) gives 20 ≡ 0 (mod 10).

6 × 44 ≡ 0 (mod 11) gives 44 ≡ 0 (mod 11).
2 × 60 ≡ 0 (mod 15) gives 60 ≡ 0 (mod 15).
Why does this a × b ≡ 0 (mod n) imply b ≡ 0 (mod n) work in these cases but not in the general case?
Because in each of these cases the integers a and n are relatively prime. This means it only
works when gcd (a, n) = 1.
Proposition (3.13). If a × b ≡ 0 (mod n) and gcd (a, n) = 1 then b ≡ 0 (mod n).
Proof.
We have a × b ≡ 0 (mod n) implies a × b ≡ a × 0 (mod n). Applying Cancellation Law (3.11):
If x × y ≡ x × z (mod n) and g = gcd (x, n) = 1 then y ≡ z (mod n).
To a × b ≡ a × 0 (mod n) with gcd (a, n) = 1, we have b ≡ 0 (mod n) which is our required
result.

Ideally can we find a general analogous result to the one in basic algebra:
a × b = 0 implies a = 0 or b = 0?
Next is the general result which connects multiplication of two integers which is congruent
to zero modulo a prime.
Proposition (3.14). Let p be prime. We have:

(a) If a × b ≡ 0 (mod p) then a ≡ 0 (mod p) or b ≡ 0 (mod p).
(b) a2 ≡ b2 (mod p) ⇔ a ≡ ±b (mod p).
Both these results are important because they are used to solve linear and quadratic con-
gruences later in the book.
Proof of (a).
We are given a × b ≡ 0 (mod p) , therefore p | (a × b). By Proposition (2.2):
If p is prime and p | (a × b) then p | a or p | b.
We have p | a or p | b, which implies a ≡ 0 (mod p) or b ≡ 0 (mod p).

Proof of (b).

Note that Proposition (3.14) (a) is only true if we have a prime modulo:
a × b ≡ 0 (mod p) implies a ≡ 0 (mod p) or b ≡ 0 (mod p).
This means that if a × b ≡ 0 (mod p) then a or b is a multiple of the prime p.
For the second part (3.14) (b) we can write this as
a2 ≡ b2 (mod p) ⇔ a2 − b2 ≡ (a − b) (a + b) ≡ 0 (mod p)
⇔ p | (a − b) or p | (a + b).
Summary
We can use the following rules to simplify congruences:
n
(3.10) If ac ≡ bc (mod n) then a ≡ b (mod ) where g = gcd (c, n).
g
(3.11) If ac ≡ bc (mod n) and g = gcd (c, n) = 1 then a ≡ b (mod n).
(3.14) If a × b ≡ 0 (mod p) where p is prime then a ≡ 0 (mod p) or b ≡ 0 (mod p).
EXERCISES 3.2
(Brief solutions at end of book. Full 4. Give three different examples which
solutions available at <http://www.oup.co. satisfy the following:
uk/companion/NumberTheory>.) a × b ≡ 0 (mod n) implies
1. Check whether the following a ≡ 0 (mod n) or b ≡ 0 (mod n).
congruences satisfy the rule, 5. Give three different examples which
satisfy
ac ≡ bc (mod n) ⇒ a ≡ b (mod n). a × b ≡ 0 (mod p) ⇒
a ≡ b ≡ 0 (mod p)
(a) 5 × 4 ≡ 5 × 7 (mod 3) where p is prime.
(b) 9 × 12 ≡ 9 × 8 (mod 6)
(c) 6 × 11 ≡ 6 × 7 (mod 8) 6. Show that if x2 ≡ 0 (mod p) where p is
(d) 13 × 21 ≡ 13 × 7 (mod 26) prime then p | x.
(e) 13 × 31 ≡ 13 × 5 (mod 26) 7. Prove Proposition 3.14 (b).
(f) 101 × 35 ≡ 101 × 66 (mod 31)
8. Find the least non-negative residue x
2. Which integers x (general solution) modulo n in the following cases:
satisfy the following congruences?
(a) x2 ≡ 25 (mod 3)
(a) 2x ≡ 2 × 1 (mod 5) (b) x2 ≡ 100 (mod 11)
(b) 7x ≡ 7 × 3 (mod 14)
Also determine the general solution in
(c) 10x ≡ 10 × 12 (mod 6)
each case.
(d) 8x ≡ 8 × 5 (mod 48)
(e) −3x ≡ 3 × 5 (mod 21) 9. Disprove the following:
(f) −12x ≡ 12 × 7 (mod 108) (i) If gcd (x, n) = 1 and
(g) 15x ≡ 0 (mod 8) x2 ≡ 1 (mod n) then x ≡ ±1 (mod n).
3. Give three different examples which (ii) If gcd (x, n) = 1 and
satisfy the following: x2 ≡ a (mod n) then x ≡ ±a (mod n).
a × b ≡ 0 (mod n) but 10. Show that if an ≡ 0 (mod p) where p is
a ≢ 0 (mod n) and b ≢ 0 (mod n). prime then a ≡ 0 (mod p).
.........................................................................................................
SECTION 3.3 Solving Linear Congruences

● solve congruence equations
● see how solving congruences are related to linear Diophantine equations
● find the multiplicative inverse
3.3.1 Solving linear congruences
In algebra we have linear equations in one unknown x such as
2x + 1 = 7.
Solving this equation gives x = 3.

A linear congruence in modular arithmetic is an equation of the form
ax ≡ b (mod n).
The solution to this linear congruence is the set of integers x which satisfy this.
Why is the solution a set of integers rather than a unique integer?
Recall ax ≡ b (mod n) means that ax − b is a multiple of n or ax − b = kn for any

integer k.
Can we confine ourselves to a unique solution of the congruence ax ≡ b (mod n) ?
If two solutions x = x0 and x = x1 satisfy the linear congruence
ax ≡ b (mod n)
and they are congruent modulo n, that is x0 ≡ x1 (mod n), then we say these are the same
solution and count them as one solution.
For example, let us consider the linear congruence
2x ≡ 1 (mod 5).
We can trial a table of integers for x:
Table 3.2 Shows the junctions of 2x (mod 5).
x 0 1 2 3 4 5 6 7 8 9
2x (mod 5) 0 2 4 1 3 0 2 4 1 3
Therefore, x = 3 and x = 8 satisfy
2x ≡ 1 (mod 5).
S O LV I NG L I N E A R C O N G RU E N C E S ( 1 1 8 – 1 2 9 ) 119
However, they are the same solution.

Why?
Because 8 ≡ 3 (mod 5). We count this as one solution not two. [It is the same station in
modulo 5 clock.]
Since we are interested in solutions modulo 5, we only need to consider residues;
x = 0, 1, 2, 3, and 4 [least non-negative residues modulo 5].
Because all the other integers will be one of these in modulo 5, which is illustrated below:
…, –5, 0, 5, 10, 15,…
…, –1, 4, 9, 14,… …, –4, 1, 6, 11,…

Modulo 5
…, –2, 3, 8, 13,… …, –3, 2, 7, 12,…
Figure 3.6 Modulo 5 clock.
The congruence x ≡ 0, 1, 2, 3, 4 (mod 5) covers all the stations. Any other integer will stop
at one of these junctions.
A more systematic way of solving the above linear congruence is given next.
Example 3.10
Solve the linear congruence:

2x ≡ 1 (mod 5).
Solution
By definition of congruence, 2x ≡ 1 (mod 5) we have 2x is one more than a multiple of 5:
2x = 1 + 5y where y is an integer.
Re-arranging this, we have 2x − 5y = 1 which is a linear Diophantine equation; we solved these types
of equations in Section 1.4.
Making x the subject of 2x = 5y + 1 gives
5y + 1
x= .
2
Remember x must be an integer.
So what values of y can we use?
Only the odd integers, because if we choose an even number then we get even plus 1, which does not
give a whole number after dividing by 2.
(continued...)
5y + 1
Substituting y = 1, 3, 5, ⋯ , −1, −3, −5, ⋯ into x = gives
2
x = 3, 8, 13, ⋯ , −2, −7, −12, ⋯ respectively.

We count all these solutions as one or the same solution because they are all congruent to each
other modulo 5:
3 ≡ 8 ≡ 13 ≡ ⋯ ≡ −2 ≡ −7 ≡ ⋯ (mod 5).
See Figure 3.6 and you will notice that all these numbers 3, 8, 13, ⋯, −2, −7 stop at the same junction,
3 (mod 5).
We say the solution of 2x ≡ 1 (mod 5) is x ≡ 3 (mod 5).
Example 3.11
Solve the linear congruence:

2x ≡ 1 (mod 6) .
Solution
The solution of this linear congruence 2x ≡ 1 (mod 6) must be in the list
x = 0, 1, 2, 3, 4, and 5,
because we are working with modulo 6 in this case. Evaluating these we have:
Table 3.3 Junctions of 2x (mod 6).

x 0 1 2 3 4 5
2x (mod 6) 0 2 4 0 2 4
By examining this table, we find that there are no x values which satisfy
2x ≡ 1 (mod 6).
The set of integers 2x will not stop at junction 1 modulo 6.

There is no solution to the given linear congruence 2x ≡ 1 (mod 6).
2x ≡ 1 (mod 6) gives the Diophantine equation 2x − 6y = 1 which has no solution because

gcd(2, 6) = 2 and 2 1.
If we have ax ≡ b (mod n) then we only have to consider the least non-negative residues:
x = 0, 1, 2, 3, ⋯ , n − 1.
In solving 2x ≡ 1 (mod 5) we tried values of x up to 9 (see Table 3.2 at the beginning of this
section), but we only need to try x = 0, 1, 2, 3, 4.
3.3.2 Number of solutions of a linear congruence
The previous Example 3.11 demonstrates that there are some linear congruences which have
no solution.
How do we know which congruences have a solution?
The next proposition gives the criteria for a solution.
Proposition (3.15). The linear congruence
ax ≡ b (mod n)
has a solution ⇔ g | b where g = gcd (a, n).
In Example 3.10 we had 2x ≡ 1 (mod 5). The g = gcd (2, 5) = 1 and 1 | 1 so the linear
congruence 2x ≡ 1 (mod 5) has a solution.
On the other hand, in Example 3.11 we had 2x ≡ 1 (mod 6) the g = gcd (2, 6) = 2 and 2
does not divide 1, so there are no solutions to this linear congruence. (For this example you
would have noticed from the previous table that 2x (mod 6) only stops at 0, 2, and 4 modulo
6 because these numbers are multiples of g = gcd (2, 6) = 2.)
How do we prove this proposition (3.15)?
By Proposition (1.17) of Chapter 1 (Diophantine equations),

ax + by = c has integer solutions ⇔ g | c where gcd (a, b) = g.
Proof.
We have ax ≡ b (mod n) which means that there is an integer y such that
ax = b + ny implies ax − ny = b.
Let g = gcd (a, n). Then by Proposition (1.17) we conclude that the Diophantine equation
ax − ny = b
has a solution ⇔ g | b, which is our required result.

Example 3.12
Which of the following linear congruences have solutions?

(a) 7x ≡ 8 (mod 14) (b) 12x ≡ 8 (mod 6)
(c) 15x ≡ 21 (mod 9) (d) 36x ≡ 54 (mod 90)
Solution
(a) The greatest common divisor of 7 and 14, that is gcd (7, 14) = 7, but 7 does not divide 8, so by
the previous Proposition (3.15) the linear congruence 7x ≡ 8 (mod 14) has no solution.
(b) For 12x ≡ 8 (mod 6) the gcd (12, 6) = 6 but 6 8, therefore 12x ≡ 8 (mod 6) has no solution.
(c) For 15x ≡ 21 (mod 9) we have gcd (15, 9) = 3 and 3 divides 21 so the given linear congruence
15x ≡ 21 (mod 9) has solutions (we are not asked to find them).
(d) The gcd (36, 90) = 18 and 18 divides 54 so the given linear congruence 36x ≡ 54 (mod 90) has
solutions.
We will show that the congruence ax ≡ b (mod n) has exactly g = gcd (a, n) incongruent
solutions.
What does incongruent mean?
Not congruent. For example,

6x ≡ 2 (mod 4)
has solutions x ≡ 1 (mod 4) and x ≡ 3 (mod 4) but
3 ≢ 1 (mod 4) [3 is not congruent to 1 (mod 4)].
We say x ≡ 1 (mod 4) and x ≡ 3 (mod 4) are two incongruent solutions.
Why?
Because 1 (mod 4) and 3 (mod 4) are two different stops on the modulo 4 clock.
Example 3.13
Solve the linear congruence 6x ≡ 3 (mod 9).
Solution
We first find the greatest common divisor of 6 and 9:
gcd (6, 9) = 3.
Since 3 | 3, the given linear congruence 6x ≡ 3 (mod 9) has (exactly three) solutions.
In this case we are working with modulo 9, so we only need to consider
x = 0, 1, 2, 3, 4, 5, 6, 7, and 8.
Evaluating these gives:
Table 3.4 Shows junctions of 6x (mod 9).

x 0 1 2 3 4 5 6 7 8
6x (mod 9) 0 6 3 0 6 3 0 6 3
By using this table we see our solutions are
x ≡ 2, 5, 8 (mod 9).
Hence 6x ≡ 3 (mod 9) has three incongruent solutions: x ≡ 2, 5, 8 (mod 9).
By observing Table 3.4 in Example 3.13, we have that the congruences
6x ≡ 0, 3, 6 (mod 9)
have solutions because all these numbers—0, 3, 6 —are multiples of 3, which is the gcd of
6 and 9. The set of integers represented by 6x (mod 9) only stops at junctions 0, 3, 6 on the
modulo 9 clock.
Therefore, the following congruence equations 6x ≡ 1, 2, 4, 5, 7, and 8 (mod 9) will
have no solutions because 3 does not divide into any of these numbers 1, 2, 4, 5, 7, and 8.
Proposition (3.16). The linear congruence
ax ≡ b (mod n)
has exactly g incongruent solutions modulo n, provided g | b where g = gcd (a, n).
Proof.

In the proof of this Proposition (3.16), a list is used to find the g solutions of
ax ≡ b (mod n). It is given by the following formula where x0 is an initial solution:
n n n n
(3.17) x ≡ x0 , x0 + ( ) , x0 + 2 ( ) , x0 + 3 ( ) , ⋯ , x0 + ( g − 1) ( ) (mod n).
g g g g
These residues can be written in compact form as:
n
(3.18) x ≡ x0 + t ( ) (mod n) for t = 0, 1, 2, ⋯ , g − 1.
g
We find a solution x0 and then add multiples of n/g.
3.3.3 Solving linear congruence equations
To solve the ordinary linear equation
7x − 35 = 0,
it is easier to divide through by 7 and solve x − 5 = 0.
Can we divide through by a common factor for congruences?
We can divide through by the gcd (a, n) to find possible solutions of ax ≡ b (mod n)
because then we are dealing with a smaller modulo which is simpler to work with.
The next example demonstrates this.
Example 3.14
Find all the solutions of 7x ≡ 35 (mod 70).
Solution
First, we determine the greatest common divisor, gcd, of 7 and 70 which is
gcd (7, 70) = 7.
We need to check that 7 divides into 35. Since 7 | 35, so we have seven incongruent solutions.
Why?
Because by Proposition (3.16):
ax ≡ b (mod n) has exactly g solutions provided g | b where g = gcd (a, n).
Is there an obvious solution?

Modulo 70 is too large to work with. We can rewrite the given linear congruence as
7x ≡ 5 × 7 (mod 10 × 7).
Applying Proposition (3.10) from the last section,

n
ac ≡ bc (mod n) implies a ≡ b (mod ) where g = gcd (c, n),
g
to 7x ≡ 5 × 7 (mod 10 × 7) with g = 7 gives
x ≡ 5 (mod 10).
From the definition of congruence we have x − 5 = 10y or x = 5 + 10y. Recall we have seven incon-
gruent solutions, so substituting y = 0, 1, 2, 3, 4, 5, and 6 into x = 5 + 10y gives
x ≡ 5, 5 + 10, 5 + 2 (10) , 5 + 3 (10) , ⋯ , 5 + 6 (10)

≡ 5, 15, 25, 35, 45, 55 , 65 (mod 70) [Simplifying] .
You can check that all these satisfy the given congruence 7x ≡ 35 (mod 70).
We can also solve the congruence of Example 3.14 by the formula given earlier:
n
(3.18) x ≡ x0 + t ( ) (mod n) for t = 0, 1, 2, ⋯ , g − 1.
g
Solving 7x ≡ 35 (mod 70) with the initial solution x0 ≡ 5 (mod 70).
How do we find the other six solutions?

n 70
With x0 ≡ 5 (mod 70), n = 70 and g = 7 we have = = 10. Adding multiples of 10 with
g 7
t = 0, 1, 2, ⋯ , 7 − 1 to x0 ≡ 5 (mod 70) into this formula (3.18) gives
x ≡ 5, 5 + 10, 5 + 2 (10) , 5 + 3 (10) , ⋯ , 5 + (7 − 1) (10)

≡ 5, 15, 25, 35, 45, 55 , 65 (mod 70).
Example 3.15
Solve 7x ≡ 34 (mod 70).
Solution
First gcd (7, 70) = 7, but 7 does not divide into 34, therefore there are no solutions to
7x ≡ 34 (mod 70).
Example 3.16
Find all the incongruent solutions of the linear congruence
5x ≡ 34 (mod 7).
Solution
The gcd (5, 7) = 1, and 1 divides into 34.
How many solutions do we have of the given linear congruence?
One solution (unique solution).
How can we find this?
We can simplify the given congruence 5x ≡ 34 (mod 7) to make the arithmetic easier; note
that 34 ≡ 6 (mod 7), therefore 5x ≡ 34 ≡ 6 (mod 7). It is simpler to solve
5x ≡ 6 (mod 7) than 5x ≡ 34 (mod 7) .
Also note that 5 ≡ −2 (mod 7) and 6 ≡ −1 (mod 7). Using these results implies that we can solve
the equivalent easier equation:
−2x ≡ −1 (mod 7)
2x ≡ 1 (mod 7) [Multiplying by − 1] .
By observation we know x ≡ 4 (mod 7) is a solution because 2 × 4 ≡ 8 ≡ 1 (mod 7).

Checking that this solution is correct,
5 (4) ≡ 20 ≡ 6 ≡ 34 (mod 7) .
Therefore, 5x ≡ 34 (mod 7) has the unique solution x ≡ 4 (mod 7).
Example 3.17
Find all the incongruent solutions of the linear congruence
6x ≡ 34 (mod 68).
Solution
The gcd (6, 68) = 2 and 2 | 34, so there are two incongruent solutions modulo 68.
(continued...)
If you only have paper and pen, then modulo 68 is too tedious to work with.
Can we convert this to a smaller modulo and work with that?

Yes. By Proposition (3.10) of the previous section:
n
a × c ≡ b × c (mod n) implies a ≡ b (mod ) where g = gcd (c, n).
g
We are given 6x ≡ 34 (mod 68) which we can rewrite as:
(3 × 2) x ≡ 17 × 2 (mod 34 × 2) implies 3x ≡ 17 (mod 34) .
From this last congruence 3x ≡ 17 (mod 34) we have the Diophantine equation:
17 + 34y
3x = 17 + 34y ⇒ x = for integer y.
3
17 + 34y 17 + 34 (1)
Substituting y = 1 into this x = gives x = = 17. Recall we have two incongruent
3 3
solutions.
How do we find the other one?
From this solution x ≡ 17 (mod 34) we have (x is 17 more than a multiple of 34):
x = 17 + 34y where y is an integer.
What are values of y?
Since we have two solutions, so substituting y = 0, 1 into x = 17 + 34y gives
x ≡ 17, 51 (mod 68).
These are the two incongruent solutions modulo 68. Check these in your own time.
3.3.4 Unique solutions
If gcd (a, n) = 1 then how many solutions does the general linear congruence ax ≡ b (mod n) have?
Just one, a unique solution because g is the number of solutions of ax ≡ b (mod n), provided
g divides b. We can write this as a general result.
Corollary (3.19). If gcd (a, n) = 1 then the linear congruence ax ≡ b (mod n) has a unique
solution modulo n.
Proof.
Applying Proposition (3.16) with g = 1:
ax ≡ b (mod n) has exactly g solutions, provided g | b where g = gcd (a, n).
We are given g = gcd (a, n) = 1 and 1 | b, so we have a unique solution to ax ≡ b (mod n).

Example 3.18
Solve 6x ≡ 1 (mod 13).
Solution
Since gcd (6, 13) = 1, so we have a unique solution modulo 13. The congruence 6x ≡ 1 (mod 13)
implies that we have the Diophantine equation:
1 + 13y
6x = 1 + 13y which implies x = where y is an integer.
6
1 + 13 (5)
We choose y so that x is an integer. Let y = 5 then x = = 11. Hence
6
x ≡ 11 (mod 13).
1 1
In ordinary algebra we have 6x = 1 ⇒ x = . This x = 6−1 = is the inverse of 6. Simi-
6 6
larly, the unique solution of the above congruence 6x ≡ 1 (mod 13) is
x ≡ 11 (mod 13).
We call this x ≡ 11 (mod 13) the (multiplicative) inverse of 6 modulo 13.
3.3.5 Multiplicative inverse
Definition (3.20). If ax ≡ 1 (mod n) then the unique solution x of this congruence is called
the multiplicative inverse of a modulo n and is denoted by a−1 (mod n).
In Example 3.10 we had
2x ≡ 1 (mod 5) ⇒ x ≡ 3 (mod 5).
Therefore, we write this in compact notation as 2−1 ≡ 3 (mod 5).

In Exercises 3.3, question 13 we will show that:
Proposition (3.21). a (mod n) has an inverse ⇔ gcd (a, n) = 1.
Example 3.19
Determine 3−1 (mod 14).
Solution
To find the inverse means we need to solve 3x ≡ 1 (mod 14). The gcd (3, 14) = 1, so 3−1 (mod 14)
exists. By inspection
x ≡ 5 (mod 14) [Because 3 × 5 ≡ 15 ≡ 1 (mod 14)] .
The inverse of 3 modulo 14 is 5 modulo 14, or in notation form 3−1 ≡ 5 (mod 14).
Example 3.20
Determine the inverse of 3 modulo 15.
Solution
In this case we need to solve 3x ≡ 1 (mod 15). The gcd (3, 15) = 3, so there are no solutions to this
congruence 3x ≡ 1 (mod 15).
Therefore, 3 modulo 15 has no inverse, or we say the inverse does not exist.
Recall Proposition (3.21), which says that a (mod n) has an inverse if and only if
gcd (a, n) = 1.
This implies that only the relative prime residues to n have inverses.
Which least non-negative residues have inverses modulo 10?
1, 3, 7, and 9.
The residues 0, 2, 4, 5, 6, and 8 will not have inverses modulo 10 because they are not
relatively prime with 10.
If a−1 ≡ a (mod n) then we say that a is self-invertible, or has its own inverse. For exam-
ple, 12−1 ≡ 12 (mod 13) because 12 × 12 ≡ 144 ≡ 1 (mod 13).
Summary
(3.15) and (3.16) ax ≡ b (mod n) has solutions ⇔ g | b where g = gcd (a, n) and it has g incongruent
solutions.
The multiplicative inverse of a modulo n is the unique solution x (mod n) of ax ≡ 1 (mod n) and is
denoted by a−1 (mod n).
EXERCISES 3.3
(Brief solutions at end of book. Full (e) 8x ≡ 4 (mod 15)

solutions available at <http://www.oup.co. (f) 9x ≡ 10 (mod 16)
2. Solve the following linear congruence
1. Solve the following congruence equations:
equations:
(a) 2x ≡ 25 (mod 7)
(a) 3x ≡ 1 (mod 5) (b) 17x ≡ 3 (mod 5)
(b) 4x ≡ 2 (mod 7) (c) 27x ≡ 33 (mod 10)
(c) 7x ≡ 0 (mod 8) (d) 128x ≡ 1 (mod 5)
(d) 10x ≡ 5 (mod 13) (e) 32x ≡ 23 (mod 21)
(f) 54x ≡ 52 (mod 53)
3. Find all the solutions of the following 10. Give an example of a linear
linear congruences: congruence ax ≡ b (mod n) where
integer d > 1 divides a, n, and b but the
(a) 6x ≡ 2 (mod 4)
equation has no solutions.
(b) 12x ≡ 6 (mod 18)
(c) 15x ≡ 10 (mod 25) 11. Let p be prime. Show that a modulo
(d) 7x ≡ 21 (mod 1001) p has its own inverse ⇔
a ≡ ±1 (mod p).
4. Which of the following congruences
equations have no solutions? If any of 12. Show that if a−1 ≡ b (mod n) then
these have solutions, find them. b−1 ≡ a (mod n) .
(a) 12x ≡ 4 (mod 18) 13. Prove Proposition (3.21).
(b) 13x ≡ 5 (mod 65)
(c) 18x ≡ 1 (mod 16) 14. Show that the linear congruence
(d) 1001x ≡ 121 (mod 11) ax ≡ b (mod n) where gcd (a, n) = 1
(e) 15x ≡ 9 (mod 27) has the unique solution given by
(f) 407x ≡ 40 (mod 666)
x ≡ a−1 b (mod n).
5. Find all solutions of the following
congruences: Determine 9−1 (mod 21).
(a) 10x ≡ 20 (mod 15) 15. Show that every integer a such that
(b) 12x ≡ 18 (mod 48) 1 ≤ a < p where p is prime has a
(c) 12x ≡ 48 (mod 18) multiplicative inverse modulo p.
6. Consider the linear congruence 16. Show that none of the elements in
15x ≡ b (mod 25). Find the integers b {2, 3, ⋯ , p − 2} modulo p are
for which this linear congruence has self-invertible.
solutions. (Self-invertible means
a−1 ≡ a (mod n).)
How many incongruent solutions does it have?
17. Show that the equation
7. Consider the linear congruence n (a + b) x ≡ [a2 − b2 ] (mod (a + b))
equation nx ≡ b (mod n2 ) where n ≥ 1. has solutions.
Determine the integers b for which
there are solutions and state the How many solutions does this equation
number of solutions. have?
8. Find the multiplicative inverses of the 18. Show that the equation
following:
a n
(a) 6 (mod 13) (b) 5 (mod 6) x ≡ b (mod )
g g
(c) 12 (mod 17) (d) 16 (mod 17)
*(e) 9 (mod 101) (f) n + 1 (mod n) where g = gcd (a, n) has solutions.
9. Determine the integers a which have a How many solutions does this equation
multiplicative inverse: have?
(a) modulo 12 (b) modulo 13 19. Solve the linear Diophantine equation
(c) modulo 15. 15x − 6y = 3. Using your solutions to
this equation, solve 15x ≡ 3 (mod 6).
20. Use an equivalent congruence to find d ≡ e−1 (mod (p − 1) (q − 1)) .

the general solution of the following
Diophantine equations: (i) Determine Bob’s public key
numbers and the private key
(a) 6x + 7y = 100 number.
(b) 1998x + 100y = 5192
(ii) Alice encrypts a message M = 12
21. *Determine 71−1 (mod 771). by forming
22. (a) Explain why the congruence
Me ≡ a (mod pq)
equation x5 ≡ x (mod 5) has more than
one solution and find all the solutions. Bob recovers the message by using
(b) Solve the congruence his private key d such that
x5 + 1 ≡ 0 (mod 5) . M ≡ ad (mod pq) .
23. This is a question on cryptography— Find a (mod pq) and show that
secure communication.
M ≡ ad (mod pq) .
Let p = 11, q = 13, and e = 17. Bob’s
public key is given by the two numbers 24. **Prove Proposition (3.16).
p × q and e. Bob’s private key, the
number d, satisfies
.........................................................................................................
SECTION 3.4 Chinese Remainder Theorem

● prove the Chinese remainder theorem
● apply this theorem to solve simultaneous linear congruences
The Chinese remainder theorem helps us to solve the following problem:

Suppose you oversee an army and you need to count the number of soldiers you have.
You can count them one by one, but this is a tedious task and one prone to errors. An
easier way to count them is to group them into rows. Suppose the following:
If you place them in rows of three soldiers, then two soldiers are left over.
If you place them in rows of five soldiers, then three soldiers are left over.
If you place them in rows of seven soldiers, then two soldiers are left over.
We can convert this problem into modular arithmetic, which means we need to solve the
following simultaneous linear congruences for the number of soldiers x which satisfies:
x ≡ 2 (mod 3) [Dividing x by 3 leaves remainder 2]
x ≡ 3 (mod 5) [Dividing x by 5 leaves remainder 3]
x ≡ 2 (mod 7) [Dividing x by 7 leaves remainder 2].
The number of soldiers x needs to satisfy all three of these equations. We will solve this
in Example 3.24 later in this section. [We count the number of soldiers without actually
counting them.]
C H I N ES E R E M A I N D E R T H E O R E M ( 1 3 0 – 1 4 0 ) 131
3.4.1 Solving simultaneous linear congruences
Up to now we have solved a single linear congruence such as
ax ≡ b (mod n).
In this section we examine solving a set of simultaneous linear congruences. We’ll begin by
looking at an example before going on to develop the general method.
Example 3.21
Find x which satisfies both the following equations:
x ≡ 1 (mod 5) (1)
x ≡ 4 (mod 7) (2)
Solution
We need to find a value of x such that equations (1) and (2) are true. Let us first use brute force:
Table 3.5 Shows the junctions of x (mod 5) and x (mod 7).
x 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
x(mod 5) 1 2 3 4 0 1 2 3 4 0 1 2 3 4 0
x(mod 7) 1 2 3 4 5 6 0 1 2 3 4 5 6 0 1
From Table 3.5 the value of x that satisfies both our equations is x = 11 because
11 ≡ 1 (mod 5) and 11 ≡ 4 (mod 7).
Of course, we can apply brute force for simple integer values. However, we need a sys-
tematic way to solve these because modulo n may be a large number.
What does the first equation x ≡ 1 (mod 5) in the above example mean?
x is 1 more than a multiple of 5, that is x = 1 + 5k for some integer k.

Similarly, the other equation x ≡ 4 (mod 7) gives x = 4 + 7c for some integer c. Equating
these two Diophantine equations, x = 1 + 5k and x = 4 + 7c, gives
x = 1 + 5k = 4 + 7c
3 + 7c
k= .
5
Since k is an integer, we need 3 + 7c to be a multiple of 5. If c = 1 then
3 + 7c 3 + 7 (1) 10
k= = = = 2.
5 5 5
Substituting this c = 1 into x = 4 + 7c gives
x = 4 + 7 (1) = 11.
This is our solution of the previous example.
Example 3.22
Solve the simultaneous equations
x ≡ 31 (mod 49)
x ≡ 6 (mod 20)
Solution
From these equations and definition of congruence we have
x − 31 = 49k implies x = 31 + 49k

x − 6 = 20c implies x = 6 + 20c
where k and c are integers. Equating these last two equations because both are equal to x gives the
Diophantine equation:
25 + 49k
6 + 20c = 31 + 49k implies c = .
20
Since we want integer solutions, so we try values of k such that the numerator 25 + 49k is a multiple
of 20. (Multiplying 49 by multiples of 5 will give results ending in 5 or 0. Only results ending in 5 will
be divisible by 20 after adding 25.)
Hence we trial multiples of 5 for k, that is k = 5, 10, 15, ⋯. Note that k = 5, 10 does not give a
multiple of 20 but 15 does, because
25 + 49 (15)
c= = 38.
20
Substituting c = 38 into x = 6 + 20c gives x = 6 + 20 (38) = 766.
Checking that this x = 766 satisfies both the given equations:
x ≡ 766 ≡ 31 (mod 49)

x ≡ 766 ≡ 6 (mod 20)
Example 3.23
Find integers x such that when divided by 2, 3, and 5 the remainder is 1.
Solution
We can write the integer x satisfies the following congruence equations:
x ≡ 1 (mod 2) [Dividing x by 2 with remainder 1]


Means that x − 1 is a multiple of 2, 3, and 5 which we can write as:
x − 1 = 2k, x − 1 = 3c, and x − 1 = 5m where k, c, and m are integers.
Which number is a multiple of 2, 3, and 5?

Since gcd(2, 3) = gcd(3, 5) = gcd(2, 5) = 1, so the smallest number which is a multiple of 2, 3, and 5 is
2 × 3 × 5 = 30 [LCM of 2, 3, and 5 is 30].
This means that x − 1 is a multiple of 30 or
x − 1 = 30n which implies x ≡ 1 (mod 30).
Our solution is a multiple of 30 plus 1, that is x = 30n + 1.

The solution of the given three equations is x ≡ 1 (mod 30). Putting in various values of n such as
1, 2, 3, ⋯ into x = 30n + 1 gives
x = 30 + 1 = 31, x = (30 × 2) + 1 = 61, x = (30 × 3) + 1 = 91, ⋯ .
You may check that each of these solutions satisfies the given equations:
x ≡ 1 (mod 2) , x ≡ 1 (mod 3) and x ≡ 1 (mod 5) .
In the next subsection we encounter the Chinese remainder theorem which provides us
with a structured way of solving simultaneous linear congruence equations.
3.4.2 The proof of the Chinese remainder theorem
From the previous example we say the numbers 2, 3, and 5 are pairwise (relatively) prime.
What does pairwise prime mean?
It means that the only factor in common between any pair of numbers is 1:
gcd (2, 3) = 1, gcd (2, 5) = 1, and gcd (3, 5) = 1.
Hence 2, 3, and 5 are pairwise prime. (We discussed pairwise prime in Section 2.4).
Be careful; it is not good enough just to say if gcd (a, b, c) = 1 then a, b, and c are
pairwise prime.
For example, gcd(2, 3, 4) = 1 but gcd(2, 4) = 2. The integers 2, 3, and 4 are not pairwise
prime.
Let n1 , n2 , n3 , ⋯ , nr be integers such that any two of these numbers do not have a com-
mon factor apart from 1, that is
gcd(ni , nj ) = 1 for i ≠ j.
We say this list of integers n1 , n2 , n3 , ⋯ , nr are pairwise prime.

For example, the numbers 25, 26, and 27 are pairwise prime because
gcd (25, 26) = 1, gcd (26, 27) = 1, and gcd (25, 27) = 1.
Chinese remainder theorem (3.32). Let n1 , n2 , n3 , ⋯ , nr be positive integers which are

pairwise prime.
Then the simultaneous linear congruences
x ≡ a1 (mod n1 )
x ≡ a2 (mod n2 )
⋮
x ≡ ar (mod nr )
has a solution satisfying all these equations.

Moreover, the solution is unique modulo n1 × n2 × n3 × ⋯ × nr .
We need to show two things: (1) existence of solution and (2) uniqueness of solution.
Proof.
(1) Existence
Let n = n1 × n2 × n3 × ⋯ × nr . For each integer k = 1, 2, 3, ⋯ , r, let
n n1 n2 ⋯ nk−1 n/k nk+1 ⋯ nr

Nk = = = n1 n2 ⋯ nk−1 nk+1 ⋯ nr [Cancelling out nk ] .
nk n/ k
This means that Nk is the product of all the given moduli ni with the number nk missing.
Since the nk ’s are pairwise prime, so gcd (ni , nj ) = 1 for i ≠ j, which implies that
gcd (nk , Nk ) = 1 where Nk = n1 × n2 × ⋯ × nk−1 × nk+1 × ⋯ × nr .
Why?
Because by Exercises 1.3, question 15 (ii) we have:
If gcd (a, n1 ) = gcd (a, n2 ) = ⋯ = gcd (a, nk ) = 1 then gcd (a, n1 × n2 ⋯ × nk ) = 1.
Consider the linear congruence equation
Nk x ≡ 1 (mod nk ).
Does this equation have any solutions?
Yes, it has a unique solution because gcd (nk , Nk ) = 1. Let xk be the unique solution of
Nk x ≡ 1 (mod nk ) for each k, which implies that
Nk xk ≡ 1 (mod nk ) (†)
Note that xk is the multiplicative inverse of Nk (mod nk ).

We need to construct a solution which satisfies all the given simultaneous congruence
equations. The solution we consider is
x ′ = a1 N1 x1 + a2 N2 x2 + a3 N3 x3 + ⋯ + ar Nr xr .
Let us see if this solution x ′ satisfies the first given equation:
x ≡ a1 (mod n1 ).
Taking the solution under consideration to modulo n1 gives
x ′ ≡ a1 N1 x1 + a2 N2 x2 + a3 N3 x3 + ⋯ + ar Nr xr (mod n1 ). (∗)
By the above definition of Nk :
Nk = n1 × n2 × ⋯ × nk−1 × nk+1 × ⋯ × nr [Product of n’s with nk missing].
The numbers N2 , N3 , N4 , ⋯ , Nr are multiples of n1 because n1 is present in the prod-

uct. Therefore, these numbers N2 , N3 , N4 , ⋯ , Nr are congruent to zero modulo n1 , that is
N2 ≡ N3 ≡ N4 ≡ ⋯ ≡ Nr ≡ 0 (mod n1 ), so we have
a2 N2 x2 ≡ 0 (mod n1 ) , a3 N3 x3 ≡ 0 (mod n1 ) , ⋯ , ar Nr xr ≡ 0 (mod n1 ).
Substituting this into (∗) gives
x ′ ≡ a1 N1 x1 + 0 + 0 + ⋯ + 0 ≡ a1 N1 x1 (mod n1 ).
By the above (†) we have N1 x1 ≡ 1 (mod n1 ). Substituting this into the above
x ′ ≡ a1 N1 x1 (mod n1 ) gives
x ′ ≡ a1 N1 x1 ≡ a1 (1) ≡ a1 (mod n1 ).
Hence x ′ satisfies the first congruence equation x ≡ a1 (mod n1 ). Arguing along very sim-
ilar lines we can show that the solution constructed, x ′ , satisfies the remaining congruence
equations. Therefore, there is a solution to all the given congruences, x = x ′ .
(2) Uniqueness
Suppose there is another solution, y, which satisfies the given equations. This means we
have
x ≡ ak ≡ y (mod nk ) for k = 1, 2, 3, ⋯ , and r.
From this congruence x ≡ y (mod nk ) for k = 1, 2, 3, ⋯ , and r we have
n1 | (x − y) , n2 | (x − y) , ⋯ , nr | (x − y). (††)
Remember we are given that the nk ’s are pairwise prime: gcd (ni , nj ) = 1 for i ≠ j.
Applying the result of Exercises 1.3, question 12 (ii):
if a1 | c, a2 | c, ⋯ , an | c with gcd (aj , ai ) = 1 then (a1 × a2 × ⋯ × an ) | c,
to the above (††) list with a1 = n1 , a2 = n2 , ⋯ , ar = nr and c = x − y gives
(n1 × n2 × n3 × ⋯ × nr ) | (x − y).
This means that x − y is a multiple of n1 × n2 × n3 × ⋯ × nr , so by the definition of con-

gruence we have
x ≡ y (mod n1 × n2 × n3 × ⋯ × nr ).
Hence x and y are the same solution modulo n1 n2 n3 ⋯ nr . This completes our proof.

The proof gives us a systematic way of constructing the solutions of any given linear
simultaneous congruences. In the proof the solution we constructed was given by:
(3.23) x = a1 N1 x1 + a2 N2 x2 + a3 N3 x3 + ⋯ + ar Nr xr .
Note the various components of this formula are:
1. The ak ’s are the numbers on the right-hand side of the given equations
x ≡ ak (mod nk ).
2. The upper case Nk ’s are product of the given moduli with nk missing:
Nk = n1 × n2 × ⋯ × nk−1 × nk+1 × ⋯ × nr .
3. xk is the inverse of Nk modulo nk , that is xk satisfies
Nk xk ≡ 1 (mod nk ).
We use this formula (3.23) to solve the remaining examples.
3.4.3 Applying the Chinese remainder theorem
Example 3.24
Let us now solve the soldiers problem stated at the beginning of this section. Recall this problem was
equivalent to solving the simultaneous equations:
x ≡ 2 (mod 3) , x ≡ 3 (mod 5) and x ≡ 2 (mod 7).
Find the exact number of soldiers, given that there are between 500 and 600 soldiers.
Solution
How do we solve this problem?
We use the above formula:
(3.23) x = a1 N1 x1 + a2 N2 x2 + a3 N3 x3 + ⋯ + ar Nr xr .
In this case r = 3 because we are given three simultaneous equations:

x = (a1 × N1 × x1 ) + (a2 × N2 × x2 ) + (a3 × N3 × x3 ). (∗)
We can only use this formula if the given moduli 3, 5, and 7 are pairwise prime:
gcd (3, 5) = 1, gcd (3, 7) = 1 and gcd (5, 7) = 1.
Hence the given moduli 3, 5, and 7 are pairwise prime.

n
Each of these Nk ’s is given by where n is the product of the given moduli:
nk
n = 3×5×7 [Because we are given moduli 3, 5, and 7].
Therefore,
3 ×5×7
/
N1 = = 35 [3 missing in the product]
/3
3 ×/5 ×7
N2 = = 21 [5 missing in the product] .
/5
3 × 5 ×/
7
N3 = = 15 [7 missing in the product]
/7
We need to find the xk ’s which satisfy Nk xk ≡ 1 (mod nk ) for k = 1, 2, and 3:
N1 x1 ≡ 35x1 ≡ 1 (mod 3)
N2 x2 ≡ 21x2 ≡ 1 (mod 5)
N3 x3 ≡ 15x3 ≡ 1 (mod 7).
We are required to find the number x1 which satisfies 35x1 ≡ 1 (mod 3). Note that 35 ≡ 2 (mod 3), so
we have:
35x1 ≡ 2x1 ≡ 1 (mod 3) implies x1 = 2.
Similarly, solving the other two equations:
21x2 ≡
⏟ x2 ≡ 1 (mod 5) implies x2 = 1.
Because 21≡1(mod 5)
15x3 ≡
⏟ x3 ≡ 1 (mod 7) implies x3 = 1.
Since we are given

x ≡ 2 (mod 3) , x ≡ 3 (mod 5) and x ≡ 2 (mod 7) ,
so the ak ’s are:
a1 = 2, a2 = 3, and a3 = 2 [Because x ≡ ak (mod nk )].
Substituting a1 = 2, a2 = 3, a3 = 2, N1 = 35, N2 = 21, N3 = 15, x1 = 2, x2 = 1, and x3 = 1 into (∗)
gives
x = (a1 × N1 × x1 ) + (a2 × N2 × x2 ) + (a3 × N3 × x3 )

= (2 × 35 × 2) + (3 × 21 × 1) + (2 × 15 × 1) = 233.
We have x = 233, satisfying all the given simultaneous equations. However, there may be a smaller
number which also satisfies all the equations.
How can we find this number?
In the proof we are given that the solution is unique modulo n1 × n2 × n3 × ⋯ × nr . In our case we
have
n1 × n2 × n3 = 3 × 5 × 7 = 105.
Hence x = 233 ≡ 23 (mod 105). The general solution x is given by
x = 23 + 105t.
Therefore, our solution is 23 more than a multiple of 105.

We are given that there are between 500 and 600 soldiers, so substituting t = 5 into x = 23 + 105t
yields
x = 23 + 105 (5) = 548.
We have 548 soldiers in our ranks. We counted the soldiers without actually counting them one by
one.
Next, we expand the Chinese remainder theorem to cover linear congruences of the type
cx ≡ b (mod n) because (3.23) only applies to congruences like x ≡ b (mod n).
Proposition (3.24). Let n1 , n2 , n3 , ⋯ , nr be positive integers which are pairwise prime. Also,
integers ck ’s satisfy gcd (ck , nk ) = 1 for k = 1, 2, ⋯ , n. Then the simultaneous linear con-
gruences
c1 x ≡ b1 (mod n1 )
c2 x ≡ b2 (mod n2 )
⋮
cr x ≡ br (mod nr )
have a solution satisfying all these equations.

Moreover, the solution is unique modulo n1 × n2 × n3 × ⋯ × nr .
Proof.

Example 3.25
Solve the following simultaneous linear congruences:
2x ≡ 1 (mod 5) , 3x ≡ 9 (mod 6) and 4x ≡ 1 (mod 7).
Solution
This time we do not have x ≡ ? (mod m), but cx ≡ ? (mod m).
How do we solve these?
We convert them into x ≡ ? (mod m) by first multiplying each of these equations by an appropriate
factor. Multiplying the first congruence 2x ≡ 1(mod 5) by 3 gives
6x ≡
⏟ x ≡ 3(mod 5).
We can simplify the second equation 3x ≡ 9 (mod 6) by dividing through by gcd (3, 6) = 3:
3 9 6
x ≡ (mod ) implies x ≡ 3 ≡ 1 (mod 2).
3 3 3
We multiply the third given equation 4x ≡ 1 (mod 7) by 2:
8x ≡
⏟ x ≡ 2 (mod 7).
By combining the above evaluations, we now solve the equivalent system:
x ≡ 3 (mod 5) , x ≡ 1 (mod 2) and x ≡ 2 (mod 7).
First, we check that the moduli 2, 5, and 7 are pairwise prime:
gcd (2, 5) = gcd (2, 7) = gcd (5, 7) = 1.
The solution is given by using formula (3.23):
x = a1 N1 x1 + a2 N2 x2 + a3 N3 x3 + ⋯ + ar Nr xr .
Since we are given three equations, so we use this formula with r = 3:
x = (a1 × N1 × x1 ) + (a2 × N2 × x2 ) + (a3 × N3 × x3 ). (†)
Modulo n is the product of all the given moduli, therefore
n = n1 × n2 × n3 = 5 × 2 × 7 [We have moduli n1 = 5, n2 = 2, and n3 = 7].
Evaluating N1 , N2 , and N3 gives

5 ×2×7
/
N1 = = 14
5
/
5 ×/
2 ×7
N2 = = 35
2
/
5 × 2 ×/
7
N3 = = 10.
7
/
We need to find the xk ’s which are given by Nk xk ≡ 1 (mod nk ) for k = 1, 2, and 3:
N1 x1 ≡ 14x1 ≡ 1 (mod 5) [Remember n1 = 5]

N2 x2 ≡ 35x2 ≡ 1 (mod 2) [Remember n2 = 2]
N3 x3 ≡ 10x3 ≡ 1 (mod 7) [Remember n3 = 7].
Simplifying each of these congruences and solving gives:
14x1 ≡
⏟ −x1 ≡ 1 (mod 5) implies x1 = 4.
Because 14≡4≡−1(mod 5)
35x2 ≡ x2 ≡ 1 (mod 2) implies x2 = 1.

10x3 ≡ 3x3 ≡ 1 (mod 7) implies x3 = 5.
(continued...)
What other ingredients do we need in order to use (†)?

The given ak ’s which are a1 = 3, a2 = 1, and a3 = 2 because we are solving
x ≡ 3 (mod 5) , x ≡ 1 (mod 2) , and x ≡ 2 (mod 7).
Putting all these numbers a1 = 3, a2 = 1, a3 = 2, N1 = 14, N2 = 35, N3 = 10, x1 = 4, x2 = 1,

and x3 = 5 into (†) gives
x = (a1 × N1 × x1 ) + (a2 × N2 × x2 ) + (a3 × N3 × x3 )

= (3 × 14 × 4) + (1 × 35 × 1) + (2 × 10 × 5) = 303.
We write this x = 303 in modulo n1 × n2 × n3 which in this case is 5 × 2 × 7 = 70. Therefore,
x = 303 ≡ 23 (mod 70) .
Check that x ≡ 23 (mod 70) satisfies the three given simultaneous equations:
2 × 23 ≡ 1 (mod 5) , 3 × 23 ≡ 9 (mod 6) , and 4 × 23 ≡ 1 (mod 7).
Summary
To solve simultaneous congruence equations, we apply the Chinese remainder theorem to resolve for
the unknown.
EXERCISES 3.4
(Brief solutions at end of book. Full (a) 2x ≡ 1 (mod 3) , 5x ≡ 2 (mod 7)

solutions available at <http://www.oup.co. (b) 2x ≡ 1 (mod 13) , 3x ≡ 2 (mod 19)
uk/companion/NumberTheory>.) (c) 3x ≡ 5 (mod 7) , 5x ≡ 2 (mod 11),
9x ≡ 1 (mod 5)
1. Solve the following simultaneous
(d) x ≡ 3 (mod 7), x ≡ 9 (mod 11).
equations:
3. Find the least positive integer which
(a) x ≡ 5 (mod 7) ,
x ≡ 4 (mod 11)
leaves remainder 2 when divided by 7,
(b) x ≡ 0 (mod 5) ,x ≡ 0 (mod 6)
remainder 3 when divided by 9, and
(c) x ≡ 3 (mod 8) ,
x ≡ 5 (mod 13)
remainder 6 when divided by 11.
(d) x ≡ 1 (mod 3) ,
x ≡ 2 (mod 5),
x ≡ 3 (mod 7) 4. Find the least positive integer which
(e) x ≡ 1 (mod 5) , x ≡ 3 (mod 7), leaves remainder 1 when divided by 5,
x ≡ 5 (mod 11). remainder 2 when divided by 7,
remainder 3 when divided by 9, and
2. Solve the following simultaneous
remainder 4 when divided by 11.
equations. Write down the general
solution and the least positive 5. Show that the following linear system
integer which satisfies these has no solution:
equations:
x ≡ 1 (mod 2) and x ≡ 2 (mod 4) .
I N T RO D U C T I O N TO FAC TO R I Z AT I O N ( 1 4 1 – 1 5 2 ) 141
6. A general wanted to know how many (b) Let p1 , p2 , p3 , ⋯ , pk be distinct

soldiers he had in his battalion. primes such that x ≡ M (mod pj ) for
He placed them into rows as j = 1, 2, 3, ⋯ , k. Show that
follows: x ≡ M(mod p1 × p2 × p3 × ⋯ × pk ).
2 left over when placed in rows of 5. *(c) Prove that a ≡ b (mod mk ) ⇔
a ≡ b (mod [m1 , m2 , ⋯ , mn ]).
4 left over when placed in rows of 6.
These are important results which we
use throughout the book.
9. Prove Proposition (3.24).
What is the minimum number of soldiers he 10. Show that if a polynomial P (x) with
must have in his battalion? integer coefficients satisfies
7. Find the least positive integer x which P (x) ≡ 0 (mod n)
satisfies the following simultaneous
equations: where n = n1 × n2 × ⋯ × nr and
n1 , n2 , ⋯ , nr are pairwise prime
2x ≡ 1 (mod 5) , 3x ≡ 9 (mod 6) , integers then P (x) ≡ 0 (mod nk ) for
k = 1, 2, 3, … , r.
4x ≡ 1 (mod 7) and
11. Let integer x satisfy both the following
5x ≡ 9 (mod 11) . congruences:
8. (a) Let p and q be distinct primes x ≡ a (mod m)
such that x ≡ M (mod p) and x ≡ b (mod n) .
x ≡ M (mod q) . Show that
Show that there is a solution to this
x ≡ M (mod pq) . system ⇔ gcd (m, n) | (a − b).
.........................................................................................................
SECTION 3.5 Introduction to Factorization

● factorize positive integers using the difference of two squares
● factorize positive integers using modular arithmetic
3.5.1 Why factorize integers?
We discussed this in Section 2.1 under the importance of primes. We repeat some of this
information here.
Factorizing integers is critical in cryptography, because frequently encryption requires
us to multiply two large prime numbers, say p and q, to get their product n = p × q. This
product n = pq is not a secret but the two large primes p and q are. The idea of a product,
n = pq, being public but the factors, p and q, being secret forms the basis of public key
cryptography. To decrypt a message encrypted this way you have to find the factors (large
primes) p and q which multiply to give n. To crack this code, you need to factorize n, which
is not easy.
For example, consider the primes p = 19 993 445 929 and q = 4 567 834 463 then
n = p × q = 19 993 445 929 × 4 567 834 463 = 913 267 512 161 460 517.
Try factorizing n = 913 267 512 161 460 517 without having the knowledge that this
number is the product of the primes p and q.
Why is this a difficult problem?
For small numbers, factorizing can be done fairly quickly by hand through trial and error.
However, as the number gets larger, it becomes a very labour-intensive approach. Consider,
for example, factorizing 13 081. We could start with the first few primes 2, 3, 5, 7, 11,
13, … and see if they divide into 13 081. After sufficient attempts we arrive at
13 081 = 103 × 127.
So, we would have to go through the primes 2, 3, 5, … , 103 before we found any factors of
13 081—and 13 081 is a small number. We will show later in Example 3.26 how to obtain
this factorization of 13 081.
For large composite integers, factorization is time-consuming; an important question in
number theory and cryptography is:
Given a large positive integer n, how long does it take to factorize n?
It could take a couple of seconds, minutes, hours, days, months, years, etc. In 1977 Martin
Gardner wrote an article titled ‘A new kind of cipher that would take millions of years to
break’.1 The article gave a product of two secret large primes which was 129 digits long. It
was eventually cracked in 1993–4 by Atkins, Graff, et al., with 600 volunteers using 1600
machines.2
The article describes an algorithm called RSA which computers use to encrypt and de-
crypt messages. RSA stands for the surnames of Ron Rivest, Adi Shamir, and Leonard
Adleman who were academics at Massachusetts Institute of Technology (MIT) in 1977.
Adleman was a number theorist and Shamir and Rivest were computer scientists at MIT.3
At the time of publication of Gardner’s article, the acronym RSA was not used. (One of the
first appearances of the acronym RSA seems to be in 1979, in a paper by Ron Rivest.)
Even with computers, factorizing large composite numbers can take long periods of time.
Much effort has been spent trying to write codes and find mathematical shortcuts to get
around this. For the time being, due to the long periods involved for factorizing, public key
cryptography is a reliable way to protect data.
1
https://simson.net/ref/1977/Gardner_RSA.pdf.
2
The Joy of Factoring by Samuel S. Wagstaff, page 5 and Section 8.2.
3
https://blogs.ams.org/mathgradblog/2014/03/30/rsa/.
If we could find a quick and efficient way of factorizing integers then we could crack the
RSA encryption, which is the most used public encryption method at present. This is one
way of becoming a millionaire (but maybe doing so is morally questionable: do you make
things safer by pointing out a security flaw?).
However, in 2002 three Indian computer scientists, Agrawal, Kayal, and Saxena, showed
that testing an integer for primality can be done in polynomial time (this jargon means
it is an efficient algorithm).4 Note that this is just testing whether an integer is prime or
composite and not factorizing the integer, which up to now does not have an efficient
algorithm.
3.5.2 Difference of two squares
Throughout our mathematical careers we have used the method of difference of two squares
to solve quadratic equations. But at its heart lies an elegant way of expressing an odd integer
n, as the following demonstrates.
How would you factorize 391?
Let n = 391, then we could try to use the fundamental identity of algebra—the difference
of two squares:
n = a2 − b2 = (a − b) (a + b).
We need to find a way of writing 391 as the difference of two squares a2 − b2 . Since we
are interested in squares, we need to first evaluate the square root of 391:
√391 = 19.77 (2dp).
Hence 391 is not a perfect square number. As such, we look for the smallest perfect square
which is greater than 391.
Why?
Because we want to write 391 = a2 − b2 , so we let a be the ceiling function (remember: the
ceiling function of x denoted ⌈x⌉ is the nearest integer ≥ x) of √391:
a = ⌈√391⌉ = ⌈19.77⌉ = 20.
Evaluating a2 = 202 = 400. Next, we substitute a2 = 202 into 391 = a2 − b2 giving
391 = 202 − b2 implies b2 = 202 − 391 = 9 = 32 .
4
https://en.wikipedia.org/wiki/AKS_primality_test.
Hence we have
391 = 202 − b2 = 202 − 32

= (20 − 3) × (20 + 3) [Using a2 − b2 = (a − b) × (a + b)]
= 17 × 23.
Both 17 and 23 are prime, therefore the prime factorization of 391 is 17 × 23.
Example 3.26
Factorize 13 081 into prime factors.
Solution
Let n = 13 081, then we could try to use the difference of two squares:
n = a2 − b2 = (a − b) (a + b).
We need to express n = 13 081 as a2 − b2 so that we can use this fundamental identity. To use this, we
need to find the square root of n = 13 081 and then take the ceiling function of this number, because
we wish to subtract n from it. Let
a = ⌈√13 081⌉ = ⌈114.37⌉ = 115.
Since we are using the ceiling function, a2 = 1152 = 13 225 is greater than n = 13 081, their difference
being
a2 − n = 1152 − 13 081 = 144 = 122 .
2
Re-arranging this, we have 115 − 122 = 13 081 = n. Using the difference of two squares,
n = 13 081 = 1152 − 122

= (115 − 12) × (115 + 12) [Using a2 − b2 = (a − b) × (a + b)]
= 103 × 127.
Now factorizing 103 and 127 is not too difficult because of their small size.
We only need to test the primes below 10 because of Corollary (2.10):
If m > 1 is composite, then it has a prime divisor p such that p ≤ ⌊√m⌋ .
Let p be a prime factor of 103 then p ≤ ⌊√103⌋ = 10. Since none of the primes below 10 go into
103, it follows by Corollary (2.10) that the integer 103 is prime.
Similarly, 127 is prime because none of the primes 2, 3, 5, 7, and 11 go into 127.
Hence the prime factorization of 13 081 is given by 13 081 = 103 × 127.
3.5.3 Fermat factorization
This concept of factoring a given number n as the difference of two squares was developed
by the French mathematician Fermat (1601–65). More on the life of Fermat can be found
in the next chapter.
We may have to take various attempts to write a given integer as the difference of two
squares. The following example outlines how we deal with such numbers.
Example 3.27
Factorize 12 371 into its prime factors.
Solution
Let n = 12 371, then we need to find integers a and b such that
n = 12 371 = a2 − b2 .
We can rewrite this as b2 = a2 − 12 371. First, we find the ceiling function of the square root of
12 371:
⌈√12 371⌉ = ⌈111.22⌉ = 112 = a1 .
Rewriting 12 371 as a difference of two squares, 12 371 = a21 − b21 = 1122 − b21 .
Re-arranging this 12 371 = 1122 − b21 , we have
b21 = 1122 − 12 371 = 173.
Since 173 is not a perfect square, we trial the next integer after 112 which is 113, with
1132 − 12 371 = 398. Again 398 is not a square number. Therefore, we trial the next integer:
1142 − 12 371 = 625 and 625 = 252 . Now that we have a square number we can write:
1142 − 12 371 = 252

12 371 = 1142 − 252 [Re - arranging]
= (114 − 25) × (114 + 25) [Using a2 − b2 = (a − b) × (a + b)]
= 89 × 139.
Now factorizing these numbers 89 and 139 is much easier than trying to factorize the given number
12 371 because of their relatively small size.
It can be shown that both 89 and 139 are prime (you should check this). Hence
12 371 = 89 × 139.
The Fermat factorization of an integer n can be summarized as follows:

1. Let a1 = ⌈√n⌉. This a1 is the nearest integer ≥ √n.
2. Then we find a21 − n, and if this is a perfect square then we let b21 = a21 − n. We now
factorize
n = a21 − b21 = (a1 − b1 ) (a1 + b1 ).
3. If a21 − n is not a perfect square then we let a2 = a1 + 1, a3 = a2 + 1, … until a2k − n is
a perfect square for some positive integer k. Therefore,
n = a2k − b2k = (ak − bk ) (ak + bk ).

How do we know that this process will eventually stop?
Because of the following algebraic identity:
n+1 2 n−1 2
( ) −( ) = n.
2 2
This means we can write every odd integer n as the difference of two integer squares.
(You are asked to show this identity in Exercises 3.5, question 3.)
Therefore, for any odd positive integer n we have
n+1 n−1
a2 − b2 = n where a = and b = .
2 2
The French amateur mathematician Fermat used this method to factorize 2 027 651 281
(see Supplementary Problems 3, question 19).
The Fermat factorization method described above is quite effective if n has factors
close to √n.
How do we factorize n if the factors are not close to √n?
We can apply modular arithmetic, which is described next.
3.5.4 Factorization by using modular arithmetic
In this subsection we look at the quadratic congruence a2 ≡ b2 (mod n).

First we need to define what is meant by a non-trivial factor:
Definition (3.25). An integer d is a non-trivial factor of an integer n if

(i) d | n and (ii) d ≠ 1 and d ≠ n.
For example, the non-trivial factors of 12 are 2, 3, 4, and 6. Clearly 1 and 12 are factors
of 12, but these are the trivial factors of 12.
What are the non-trivial factors of 20?
2, 4, 5, and 10.
Next, we state the Factorization Theorem:
Factorization Theorem (3.26). Let a and b be integers which satisfy the congruence
a2 ≡ b2 (mod n) and a ≢ ±b (mod n).
Then gcd (a − b, n) is a non-trivial factor of n.

Let us explore this theorem by a numerical example:
202 ≡ 32 (mod 391) and 20 ≢ ±3 (mod 391) [In this case a = 20, b = 3, n = 391].
Evaluating gcd (20 − 3, 391) = gcd (17, 391) = 17, and so by the above Factorization Theo-
rem (3.26) we have that 17 is a factor of 391. Actually, 391 = 17 × 23.
Note that the two factors of 391 are 20 − 3 = 17 and 20 + 3 = 23. (We found these factors,
17 and 23, earlier in this section.)
Proof.
Let g = gcd (a − b, n). By the definition of greatest common divisor (gcd) we know that g is
a factor of n. However, we need to prove that g is a non-trivial factor of n.
Therefore, we must show that g ≠ n and g ≠ 1.
Case I: First we prove g ≠ n.
We have a2 ≡ b2 (mod n) but a ≢ b (mod n), which implies n (a − b). Hence
g = gcd (a − b, n) ≠ n.
Case II: Now we prove g ≠ 1.

We have
a2 ≡ b2 (mod n) ⇔ a2 − b2 ≡ (a − b) (a + b) ≡ 0 (mod n) .
The last result (a − b) (a + b) ≡ 0 (mod n) implies n | (a + b) (a − b).

However, a ≢ −b (mod n) implies a + b ≢ 0 (mod n), which implies n (a + b). By Sup-
plementary Problems 1, question 1.22:
If x y but x | (yz) then gcd (x, z) > 1.
We have n (a + b) but n | (a + b) (a − b), so g = gcd (n, a − b) > 1. Hence g ≠ 1.
By combining both these cases, g ≠ 1 and g ≠ n, we have that g is a non-trivial factor of n.

What advantage is there of using this congruence a2 ≡ b2 (mod n) rather than the well-known
identity, the difference of two squares: a2 − b2 = n?
Well a2 ≡ b2 (mod n) is equivalent to a2 − b2 = kn for some integer k. In this case we only

need to find different integers a and b such that a2 − b2 is a multiple of n, rather than being
exactly equal to n.
In the next example we will see that we have to compute a number of squares before we
get a2 ≡ b2 (mod n) and a ≢ ±b (mod n).
Example 3.28
Factorize 12 349 into prime factors.
Solution
Let n = 12 349. We need to find integers a and b such that
n × k = 12 349 × k = a2 − b2 where k is an integer.
If k = 1 then we have our difference of two squares. Let us first try to tackle this problem as the
difference of two squares. We find the ceiling function of the square root of 12 349:
a1 = ⌈√12 349⌉ = ⌈111.12⌉ = 112.
Now 1122 − 12 349 = 195. Clearly 195 is not a perfect square because
√195 = 13.96 (2dp) .
Factorizing 195 gives 195 = 3 × 5 × 13.
Let f (ak ) = a2k − 12 349 be a function where ak is our trial integer. Creating a table by selecting some
values just above 112 and finding the factors of a2k − 12 349, we obtain:
Table 3.6
ak f (ak ) = a2k − 12 349 Factors of f (ak )

2
112 112 − 12 349 = 195 3 × 5 × 13
2 2
113 113 − 12 349 = 420 2 ×3×5×7
⋮ ⋮ ⋮
2 2 2
118 118 − 12 349 = 1575 3 ×5 ×7
2 2
122 122 − 12 349 = 2535 3 × 5 × 13
We can write each of these results in the middle column as congruences:

1122 ≡ 195 ≡ 3 × 5 × 13 (mod 12 349)
1132 ≡ 420 ≡ 22 × 3 × 5 × 7 (mod 12 349)
1182 ≡ 1575 ≡ 32 × 52 × 7 (mod 12 349)
1222 ≡ 2535 ≡ 3 × 5 × 132 (mod 12 349).
Multiplying the last three results gives

1132 × [1182 ] × [1222 ] ≡ (22 × 3 × 5 × 7) × [32 × 52 × 7] × [3 × 5 × 132 ]
≡ 22 × 34 × 54 × 72 × 132 [Collecting like terms]
2 2
[113 × 118 × 122] ≡ (2 × 32 × 52 × 7 × 13) (mod 12 349).
To apply the Factorization Theorem (3.26) we must have:
a2 ≡ b2 (mod n) and a ≢ b (mod n) .

With a = 113 × 118 × 122 = 1 626 748, b = 2 × 32 × 52 × 7 × 13 = 40 950, and n = 12 349:
a = 1 626 748 ≡ 9029 (mod 12 349)

b = 40 950 ≡ 3903 (mod12 349) .
Hence a ≡ 9029 ≢ ±3903 ≡ ±b (mod 12 349).

We now need to evaluate
gcd (a − b, n) = gcd (1 626 748 − 40 950, 12 349) = gcd (1 585 798, 12 349).
By using the Euclidean Algorithm (Section 1.3) we can find this gcd:
1 585 798 = (128 × 12 349) + 5126
12 349 = (2 × 5126) + 2097

5126 = (2 × 2097) + 932
2097 = (2 × 932) + 233
932 = (4 × 233)
Hence gcd (1 585 798, 12 349) = 233. Therefore, by the Factorization Theorem (3.26):
gcd (a − b, n) is a non-trivial factor of n.

12 349
We have 233 is a factor of 12 349. Dividing these numbers gives = 53.
233
Both 53 and 233 are prime, so 12 349 = 53 × 233.
Note that the factors 53 and 233 are not close to ⌈√12 349⌉ = 112.
This may be a time-consuming way to factorize an integer, but there is no easy way to
factorize integers. It is the matching of squares that takes time.
Many computer factorization algorithms exist, each of which has its own advantages and
disadvantages. However, it remains true that to date there is no rapid, foolproof method for
factorizing large integers.
Summary
We can use the difference of two squares a2 − b2 = (a − b) (a + b) to factorize integers.
Also, if a2 ≡ b2 (mod n) and a ≢ ±b (mod n) then gcd (a − b, n) is a non-trivial factor of n.
EXERCISES 3.5
(Brief solutions at end of book. Full 10. (i) Show that 3n − 1 is a composite
solutions available at <http://www.oup.co. integer for n > 1.
(ii) Show that xn − 1 is a composite
1. Factorize the following integers into integer for n > 1 and x ≥ 3.
their prime factors: [Hint: an − bn = (a − b) (an−1 +
n−3
(a) 299 (b) 851 an−2 b + a b2 + ⋯ + abn−2 + bn−1 )
(c) 10 403 (d) 2479 for n > 1.]
2. Factorize the following into their 11. Trapdoor functions are used in
prime factors: cryptography because it is a function
(a) 9271 (b) 2146 *(c) 2 974 791 which is easily evaluated in one
3. Let n be an odd integer. Show that direction but difficult to evaluate in the
n+1 2 n−1 2 reverse direction. An example is
( ) −( ) = n. multiplication of two primes, p and q,
2 2
which can be carried out easily to
4. Factorize 1 236 519.
produce a number n = p × q, but to
5. (i) Factorize each of the following factorize n = p × q is difficult.
integers:
Factorize the following trapdoor
(a) 713 (b) 1271 (c) 403 functions (these small numbers are not
(ii) Solve the quadratic equation good candidates for the trapdoor
functions) into two primes:
403x2 + 1271x + 713 = 0
(a) 411 (b) 2419 (c) 17 947
leaving your answer in surd form.
12. Factorize the following integers using
(iii) Simplify the following fractions: modular arithmetic:
713 403 403
, , and . (a) 2201 *(b) 2189 (c) 9211
1271 1271 713
13. What type of integer n do we have if:
6. Factorize 18 861 649. Hence or
otherwise solve the quadratic a2 ≡ b2 (mod n) ⇒ a ≡ ±b (mod n) ?
x2 − 18 861 649 = 0. 14. Factorize the following integers into

their prime factors:
7. (i) Factorize 3 397 301 (you don’t
need to factorize this into prime (a) 9999 *(b) 999 999
factors). [Hint: Consider 10n − 1.]
(ii) Solve x2 + 164x − 3 397 301 = 0
(c) Repunits Rn are given by
without using the quadratic formula.
Rn = 11
⏟⏟⏟⋯ 1. For example, R5 = 11111
⏟.
8. *Factorize 53 using the difference of n ones 5 ones
two squares method. Factorize
What do you notice about this approach in (i) R4 (ii) R6 .

factorizing 53?
15. Determine the prime decomposition
9. Prove that the only prime of the form of 88 − 1 = 16 777 215.
n2 − 1 is 3, (n is a natural number.)
.........................................................................................................
(Brief solutions at end of book. Full 3.7. Prove the following statements:
solutions available at <http://www.oup.co. (a) If n is odd then
uk/companion/NumberTheory>.) n2 ≡ 1 (mod 8).
3.1. Determine whether the following are (b) For any n we have
true or false: n3 ≡ 0, 1, 6 (mod 7).
(c) For any n we have
(a) 2015 ≡ 5 (mod 10)
n4 ≡ 0 or 1 (mod 5).
(b) 266 ≡ 1 (mod 7)
(c) 17 ≡ −5 (mod 12) 3.8. Prove that every square number is
(d) −11 ≡ −57 (mod 34) congruent to 0 or 1 (mod 4).
(e) a ≡ 0 (mod 1) where a is any 3.9. Prove that if a ≡ b (mod n) and c > 0
integer. then ac ≡ bc (mod nc).
3.2. Find all solutions of the following 3.10. Prove that if a ≡ b (mod n) and
congruences: d | a, d | b and d | n where d is a posi-
a b n
(a) 7x ≡ 21 (mod 15) tive integer then ≡ (mod ).
d d d
(b) 12x ≡ 24 (mod 27)
3.11. Let p be prime such that p a. Show
(c) 10x ≡ 20 (mod 30)
that if ap ≡ a (mod p) then
(d) 3x ≡ 2 (mod 6)
ap−1 ≡ 1 (mod p).
3.3. Determine the multiplicative inverse
3.12. Give an example of the following:
of the following:
Let p be prime and x2 ≡ 1 (mod p)
(a) 5 (mod 12) (b) 7 (mod 15)
implies that both x − 1 ≡ 0 (mod p)
(c) 10 (mod 27) (d) 6 (mod 15)
and x + 1 ≡ 0 (mod p).
(e) 7 (mod 12) (f) 11 (mod 12)
(g) 9 (mod 13) (h) 9 (mod 15) 3.13. (a) Solve the following simultaneous
linear congruences:
3.4. Which least non-negative residues
have no multiplicative inverse x ≡ 1 (mod 3), x ≡ 2 (mod 4),
modulo 12? x ≡ 3 (mod 5).
3.5. Find the prime decomposition of (b) Suppose a teacher divides
48 531. students for group work and the
3.6. Let p be prime and a, b, n, and m be following applies:
natural numbers. Prove or disprove When divided into groups of three
the following statements: students one is left over.
(a) If n ≡ 0 (mod pa ) then When divided into groups of five
n ≡ 0 (mod pa+1 ). students three are left over.
(b) If pa ≡ 0 (mod n) then When divided into groups of seven
pa+1 ≡ 0 (mod n). students five are left over.
a
(c) If p ≡ 0 (mod n) then
What is the minimum number of
pa+m ≡ 0 (mod n).
a students in the class?
(d) If p ≡ 0 (mod n) and
pb ≡ 0 (mod m) then 3.14. Let p and q be distinct primes.
pmin(a, b) ≡ 0 (mod m + n) where Disprove the following:
min(a, b) is the smaller of the two If ap ≡ a (mod p) and
values and a ≠ b. aq ≡ a (mod q) then
apq ≡ a (mod pq).
3.15. *Let gcd (a, n) = 1 and k be the 3.20. *Provide another proof of
smallest positive integer such that Factorization Theorem (3.26).
ak ≡ 1 (mod n). Prove that 3.21. Show that x5 (mod 7) forms a
ah ≡ 1 (mod n) ⇔ k | h where h is a complete residue system modulo 7.
positive integer.
3.22. (a) Show that 2p ≢ 2 (mod p2 )
[Hint: Use the Division Algorithm.] where p is an odd prime.
3.16. *Let a be even and p be prime such (b) Show the result is true for the
that gcd (a, p) = 1 but prime p = 1093, that is
a2 ≡ −1 (mod p) . 2p ≡ 2 (mod p2 ).
Show that [Hint: You may use the result
2364 ≡ 1(mod 10932 ).]
p ≡ 1 (mod 4) .
3.23. **Lagrange’s Theorem. Let P (x) be a
3.17. *Show that the last two digits of a polynomial with integer coefficients
perfect square must be one of the (see Introductory Chapter for
following: definition) given by
00, e1, e4, 25, o6, and e9 where o P(x) = cm xm + cm−1 xm−1 + ⋯ +
represents odd and e represents c1 x + c0
even. where cm ≢ 0 (mod p) and p is
3.18. (i) Find all the incongruent prime.
solutions of x2 ≡ 1 (mod 8). Prove that the polynomial
(ii) Find all the incongruent congruence
solutions of x2 ≡ 1 (mod 7). P (x) ≡ 0 (mod p)
3.19. Factorize 2 027 651 281. has at most m incongruent solutions.
..............................................................................................................................
A Survey of Modular
4 Arithmetic with Prime
Moduli
..............................................................................................................................
SECTION 4.1 Introduction to Fermat’s Little Theorem

● prove Fermat’s Little Theorem
● apply Fermat’s Little Theorem to evaluate indices of congruences
What is the remainder when 3101 is divided by 31?
In Example 4.3 later in this section we will find that applying Fermat’s Little Theorem greatly
simplifies this problem.
We will also use Fermat’s Little Theorem (FlT) to solve linear congruences with prime
moduli and to find the inverse of a ( mod p) where p is prime. Also, in this section we will
evaluate indices in modular arithmetic in a much easier way than in the previous chapter.
In this chapter we confine ourselves to a prime modulo, that is n = p. In the next chapter
we generalize the results of this chapter to modulo a composite n. An outline of this pro-
gression can be seen in Figure 4.1.
Chapter 3 We examined: If n=prime Chapter 4

Solve ax ≡ b (mod n) or x ≡ ? (mod n) or
find a–1 (mod n) or
–1
am (mod n). a ≡ ? (mod n)
If n=composite Chapter 5 or am ≡ ? (mod n).
Figure 4.1
Additionally, in this chapter we use modular arithmetic to find factors of 2n − 1 and show
that if 2n − 1 is prime then it generates a perfect number.
4.1.1 Table of indices
First we develop a table of values and then we will state and prove an important result in-
volving a particular index with a prime modulo.
154 4 A SURV EY OF M O D U L A R A R I T H M ET I C W I TH P R I M E M O D U L I
Example 4.1
Construct a table of values for the first five powers of each positive residue modulo 5.
Solution
We evaluate the powers of the least positive residues a = 1, 2, 3, and 4 modulo 5.
This gives:
Table 4.1 Indices of least positive residues modulo 5.
a 1 2 3 4
2 2 2 2
a2 1 ≡ 1 (mod 5) 2 ≡ 4 (mod 5) 3 ≡ 4 (mod 5) 4 ≡ 1 (mod 5)
3 3 3 3
a3 1 ≡ 1 (mod 5) 2 ≡ 3 (mod 5) 3 ≡ 2 (mod 5) 4 ≡ 4 (mod 5)
4 4 4 4
a4 1 ≡ 1 (mod 5) 2 ≡ 1 (mod 5) 3 ≡ 1 (mod 5) 4 ≡ 1 (mod 5)
5 5 5 5
a5 1 ≡ 1 (mod 5) 2 ≡ 2 (mod 5) 3 ≡ 3 (mod 5) 4 ≡ 4 (mod 5)
What do you notice about the shaded results?
14 ≡ 24 ≡ 34 ≡ 44 ≡ 1 ( mod 5) .
In general a4 ≡ 1 ( mod 5), provided that a is not divisible by 5.
This result is no coincidence, but will also work with other prime moduli. For example,
you will find the following results:
112 ≡ 212 ≡ 312 ≡ 412 ≡ 512 ≡ 612 ≡ 712 ≡ 812 ≡ 912 ≡ 1012 ≡ 1112 ≡ 1212 ≡ 1 ( mod 13) .
This only works with a prime modulo and is an example of a general proposition named
after the French mathematician Pierre de Fermat: Fermat’s Little Theorem—FlT. (We use
the lower case l to distinguish from Fermat’s Last Theorem, which is normally denoted FLT.)
De Fermat was born in France and went to

the University of Toulouse where he
became a lawyer. He was more interested in
mathematics than law and spent his entire
time studying mathematics. He took an
interest in pure mathematics rather than its
applications. Fermat is well known for his
work in number theory
Figure 4.2 Fermat (1601–65).

IN T R O D U C T I O N TO F E RM AT ’ S L I TT L E T H E O R E M ( 1 5 3 – 1 6 2 ) 155
Fermat’s Last Theorem is more popular than his Little Theorem because it famously took
nearly 350 years to prove. Fermat’s Last Theorem states:
xn + yn = zn has no positive integer solutions for n ≥ 3.
Fermat wrote in the margin of his book:

‘I have discovered a remarkable proof which this margin is too small to contain.’
This Last Theorem was proved by the British mathematician Andrew Wiles in 1994 and
is incredibly complicated.
4.1.2 The proof of Fermat’s Little Theorem (FlT)
Fermat’s Little Theorem is a fundamental theorem in number theory and it is a result which
makes evaluating a power of a residue to a prime modulo much easier.
Fermat’s Little Theorem states that if p is prime and a is any integer such that p does not
divide a then
ap−1 ≡ 1 ( mod p) .
Here are some more numerical examples with moduli primes 7, 11, and 17:
57−1 ≡ 1 ( mod 7) , 211−1 ≡ 1 ( mod 11) and 1517−1 ≡ 1 ( mod 17) .
Is this always the case?
Yes. We need to prove this general result—FlT.
Fermat’s Little Theorem (4.1). Let a be an integer and p be a prime number which does not
divide a. Then
ap−1 ≡ 1 ( mod p) .
This result implies p divides ap−1 − 1 because ap−1 − 1 ≡ 0 ( mod p). For example,
530 ≡ 1 ( mod 31) or 31 | (530 − 1) .
Proof.
We examine the first p − 1 positive multiples of a:
a, 2a, 3a, 4a, ⋯ , (p − 1) a. (∗)
Each of these residues in the list (∗) are incongruent modulo p. This means that none of
these residues are congruent to each other modulo p.
Why?
Suppose there are two residues in the list (∗) which are congruent to each other:
k × a ≡ m × a ( mod p) where 1 ≤ k < m ≤ p − 1.
Then by the Cancellation Law (3.12) of the last chapter:

If a × c ≡ b × c ( mod p) and p c then a ≡ b ( mod p).
Applying this Cancellation Law to k × a ≡ m × a ( mod p) gives k ≡ m ( mod p) or
k − m ≡ 0 ( mod p), which implies k − m = 0 because from above we have
1 ≤ k < m ≤ p − 1. This k − m = 0 is impossible because k < m. Therefore, each of
the numbers in the list (∗) are incongruent.
Multiplying these numbers in the list (∗) gives
a × 2a × 3a × ⋯ × (p − 1) a ≡ 1⏟⎵
×⎵
2⎵×⎵3⎵⎵⏟⎵
× ⋯⎵
×⎵(p
⎵⎵−⎵⏟
1) × ⏟⎵
a ×⎵
a⎵×⎵⏟⎵
a ×⎵
⋯ ×a
⎵⎵⏟
=(p−1)! p−1 copies
≡ (p − 1)! × ap−1 ( mod p)

[Remember 1 × 2 × ⋯ × m = m!] .
Since the numbers in the list (∗) are not congruent to each other, so every one of these
numbers is congruent to one of 1, 2, 3, 4, …, p − 1 in some order. This implies that we have
(p − 1)! × ap−1 ≡ 1 × 2 × 3 × 4 × ⋯ × (p − 1)
≡ (p − 1)!( mod p) .
Applying the above Cancellation Law (3.12) to ap−1 × (p − 1)! ≡ 1 × (p − 1)! ( mod p) with
c = (p − 1)! because p (p − 1)! gives
ap−1 ≡ 1( mod p) .

Fermat’s Little Theorem (FlT) is useful in simplifying calculations.
Why?
If we have a prime modulo then it is simpler to work with ap−1 ≡ 1 ( mod p) because
1k ≡ 1 ( mod p) for any natural number k. Having residue 1 ( mod p) makes evaluation of
powers a lot easier.
4.1.3 Applications of FlT
Example 4.2
Find the least non-negative residue x such that
752 ≡ x ( mod 11) .

Solution
Since 11 is prime and 11 does not divide 7, so applying FlT:
ap−1 ≡ 1 ( mod p) ,
with a = 7 and p = 11 we have

710 ≡ 1 ( mod 11) . (∗)
Rewriting the given index of 52 as a multiple of 10 plus any remainder,
52 = (5 × 10) + 2.
Therefore,
752 ≡ 7(5×10)+2 ≡ 75×10 × 72 [Using am+n = am × an ]
5 n
≡ (710 ) × 72 [Using am×n = (am ) ]
(1) 5 × 49 ≡ 1 × 5 ≡ 5 ( mod 11) .
≡⏟
By (∗)
Hence x ≡ 752 ≡ 5 ( mod 11).
This 752 ≡ 5 ( mod 11) means that the 44-digit number
752 = 88 124 787 089 723 195 184 393 736 687 912 818 113 311 201
divided by 11 leaves remainder 5. Imagine evaluating 752 ( mod 11) without using FlT;
710 ≡ 1 ( mod 11) .
Example 4.3
Find the remainder when 3101 is divided by 31. (The number 3101 has 49 digits.)
Solution
Let r be the remainder such that
3101 ≡ r ( mod 31) .
Since 31 is prime and 31 does not divide 3, so we can apply FlT:
ap−1 ≡ 1 ( mod p) ,
with a = 3 and p = 31, we have

330 ≡ 1 ( mod 31) . (‡)
Rewriting the given index 101 as a multiple of 30 and any remainder 101 = (30 × 3) + 11 in
3101 ≡ r ( mod 31) yields
3
3101 ≡ 3(30×3)+11 ≡ (330 ) × 311 [By using the rules of indices]
≡ 13 × 311 [By (‡)]
≡ 311 ( mod 31) .
(continued...)
We need to write 311 as the least non-negative residue modulo 31. Evaluating indices of 3 which
gives a small remainder is the following:
33 ≡ 27 ≡ −4 ( mod 31) .
Using this 33 ≡ −4 ( mod 31) to simplify the above result 3101 ≡ 311 ( mod 31) gives
3101 ≡ 311
3
≡ 3(3×3)+2 ≡ (33 ) × 32 ≡ (−4) 3
⏟ × 9 ≡ −64 × 9 ≡ −2 × 9 ≡ −18 ≡ 13 ( mod 31) .
By above
We have r ≡ 3101 ≡ 13 ( mod 31). The remainder after dividing 3101 by 31 is 13.
Example 4.4
Let p be prime and a be an integer such that prime p does not divide a. Show that ap−2 is the inverse
of a modulo p. (In notation form we have a−1 ≡ ap−2 ( mod p).)
Solution
What does inverse mean in this case?
By Definition (3.20) of the last chapter:
ax ≡ 1 ( mod n) ⇒ solution x is inverse of a ( mod n).
By FlT we have
ap−1 ≡ 1 ( mod p) implies a (ap−2 ) ≡ 1 ( mod p) implies a−1 ≡ ap−2 ( mod p) .
We can use this result of Example 4.4 to find the inverse of a modulo p. For example,
determine 2−1 ( mod 31).
First the inverse of 2 modulo 31 exists because 2 and 31 are relatively prime.
From the previous Example 4.4, we have
2−1 ≡ 231−2 ≡ 229 ( mod 31) .
Evaluating a simpler index of 2 is 25 ≡ 32 ≡ 1 ( mod 31). We have
2−1 ≡ 229 ≡ 225 × 24 [Using the rules of indices]

5 5
≡ (2 ) × 16 ≡ 15 × 16 ≡ 16 ( mod 31) .
Hence the inverse of 2 modulo 31 is 16, that is 2−1 ≡ 16 ( mod 31). Note that
2 × 16 ≡ 32 ≡ 1 ( mod 31) .
We can also use FlT to solve linear congruences; ax ≡ b ( mod n).

Example 4.5
Solve the linear congruence 31x ≡ 5 ( mod 37).
Solution
Since 31 and 37 are relatively prime, so 31x ≡ 5 ( mod 37) has a unique solution.
First, we find the inverse of 31 modulo 37.
Why?
Because 31 × 31−1 ≡ 1 ( mod 37). Multiplying both sides of our given equation by 31−1 ( mod 37)
gives
⏟
31⎵−1
⎵⏟× ⏟ x ≡ 31−1 × 5 ( mod 37) implies x ≡ 31−1 × 5 ( mod 37) .
⎵⎵31 (∗)
≡1( mod 37)
Since 37 is prime and does not divide 31, so by the result of Example 4.4 we have
35
31−1 ≡ 3137−2 ≡ 3135 ≡
⏟ (−6) ( mod 37) . (†)
Because 31≡−6( mod 37)
35
We need to find (−6) modulo 37. First, we evaluate a small power of −6 and then we apply the
rules of indices:
2
(−6) ≡ 36 ≡ −1 ( mod 37) implies
35 34 2 17 17
(−6) ≡ (−6) × (−6) ≡ ((−6) ) × (−6) ≡ (−1) × (−6) ≡ 6 ( mod 37) .
35
So, by (†) we have 31−1 ≡ (−6) ≡ 6 ( mod 37). Substituting this into (∗) gives
x ≡ 6 × 5 ≡ 30 ( mod 37) .
Therefore, our solution to 31x ≡ 5 ( mod 37) is x ≡ 30 ( mod 37).
In Example 4.5 you may have noticed that solving 31x ≡ 5 ( mod 37) is easier than trying
to solve the Diophantine equation 31x = 5 + 37y, as we did in Chapter 3.
The following result extends Fermat’s Little Theorem.
Corollary (4.2). Let a be any integer and p be a prime number. Then
ap ≡ a ( mod p) .
How is this result different from FlT?
In FlT the prime p did not divide integer a. This result also applies to the case when p
divides a.
Additionally, this ap ≡ a ( mod p) implies
ap − a ≡ 0 ( mod p) which implies that the prime p divides ap − a.
How do we prove this result ap ≡ a ( mod p) ?
Consider two cases: I) p divides a II) p does not divide a.

Proof.
Case I: Assume prime p does divide a, that is p | a, then
a ≡ 0 ( mod p) implies ap ≡ 0p ≡ 0 ≡ a ( mod p) .
Therefore, we have our result ap ≡ a ( mod p).

Case II: Assume prime p does not divide a. In this case, we can use FlT (4.1):
ap−1 ≡ 1 ( mod p) .
We have ap−1 ≡ 1 ( mod p). Multiplying both sides of this by a gives
a × ap−1 ≡ (a × 1) ( mod p)
ap ≡ a ( mod p) .
This is our required result.

The Chinese knew this result for a = 2 and an odd prime p, that is 2p ≡ 2 ( mod p). They
did not have the modular arithmetic notation, so they knew it as p | (2p − 2).
We can apply this corollary to show a result that seems obvious.
Example 4.6
Show that the product of two consecutive integers is even.
Solution
How is this problem related to Fermat’s Little Theorem?
Well we can write two consecutive integers as a − 1 and a. Their product is
a (a − 1) = a2 − a.
We need to show that 2 divides this a2 − a.

How?
By using the previous Corollary (4.2):
ap ≡ a ( mod p) .
With the prime p = 2 gives
a2 ≡ a ( mod 2) implies a2 − a ≡ a (a − 1) ≡ 0 ( mod 2) .
From this result a (a − 1) ≡ 0 ( mod 2) , we have that 2 divides a (a − 1), or that the product of two
consecutive integers a − 1 and a is even.
Similarly, we can prove that the product of three consecutive integers is divisible by 3 (see
Exercises 4.1, question 14 (i)).
Additionally, FlT can be used for testing whether a given number is composite because
the contrapositive of FlT says:
If an−1 ≢ 1 ( mod n) then n is composite.
Hence if an−1 is not congruent to 1 ( mod n) then n is composite.

For example, 51000 ≡ 716 ( mod 1001), therefore 1001 is composite. Actually
1001 = 7 × 11 × 13.
4.1.4 Pseudoprimes
Is the converse of FlT true?
This means we need to check that if an−1 ≡ 1 ( mod n) then n is prime. Let n = 561 and
a = 2 then by using a calculator or computer algebra system we find that
2560 ≡ 1 ( mod 561) .
However, 561 = 3 × 11 × 17, therefore 561 is composite. The converse of FlT does not
hold;
an−1 ≡ 1 ( mod n) /⇒ n is prime.
We call numbers like 561 pseudoprimes—false primes. Another pseudoprime is 341
which is composite because 341 = 11 × 31. However,
2340 ≡ 1 ( mod 341) .
There is a difference between the pseudoprimes 341 and 561. Examine the following
results for modulo 341:
3340 ≡ 56, 5340 ≡ 67, 7340 ≡ 56, 23340 ≡ 1 ( mod 341) .
These do not always give an−1 ≡ 1 ( mod n).

However, for 561 this result works for every base number a provided gcd (561, a) = 1, that
is a560 ≡ 1 ( mod 561). The number 561 is called a Carmichael number. These are composite
numbers n such that to every base a we have
an−1 ≡ 1 ( mod n) provided gcd (a, n) = 1.
Carmichael numbers are very rare, the smallest being 561. There are only 2163 Carm-
ichael numbers in the first 25 billion natural numbers.
However, in 1994 it was proved that there are infinitely many Carmichael numbers.1 The
existence of Carmichael numbers prevents FlT being used to test primality. We will revisit
pseudoprimes and Carmichael numbers in Section 4.4.
1
Alford, Granville, and Pomerance, ‘There are Infinitely Many Carmichael Numbers,’ Ann.
Math. 139, 703–22, 1994.
Summary
FlT (4.1). Let a be an integer and p be a prime number which does not divide a. Then
ap−1 ≡ 1 ( mod p) .
This is a fundamental theorem of number theory which is used to simplify powers of residues modulo
a prime.
EXERCISES 4.1
(Brief solutions at end of book. Full 6. Show that 22046 ≡ 1 ( mod 2047). Check
solutions available at <http://www.oup.co. whether 2047 is prime.
7. Show that
1. Determine the least non-negative 740 353 606 ≡ 0 ( mod 40 353 607).
residue x of the following congruences:
(a) 7101 ≡ x ( mod 11) Is 40 353 607 prime?
(b) 21976 ≡ x ( mod 13) 8. Given that
(c) 51961 ≡ x ( mod 7) 21 234 566 ≡ 899 557 ( mod 1 234 567), is
(d) 32013 ≡ x ( mod 23) the number 1 234 567 composite or
(e) 262013 ≡ x ( mod 23) prime?
2. Determine the multiplicative inverse
9. Find a solution of x101 ≡ 5 ( mod 13).
of the following numbers by using
Fermat’s Little Theorem. Give your 10. Prove the following:
answer as the least non-negative (a) 1p−1 + 2p−1 + 3p−1 + ⋯
p−1
residue. + (p − 1) ≡ −1 ( mod p)
(a) 5 ( mod 11) (b) 9 ( mod 23) where p is prime.
(c) 2 ( mod 37) (d) 5 ( mod 41) (b) 1p + 2p + 3p + ⋯
p
3. (i) Determine the remainder when + (p − 1) ≡ 0 ( mod p)
62014 is divided by 11. where p is an odd prime.
(ii) Determine the remainder when You may find the following result
62013 is divided by 11. helpful:
4. (i) Find 821 ( mod 23). n (n + 1)
1+2+3+⋯+n = .
(ii) Solve the equation 2
8x ≡ 7 ( mod 23). 11. (i) Let p be prime and p n. Prove that
5. (a) Show that 28190 ≡ 1 ( mod 8191). the solutions of nx ≡ a ( mod p) is
given by
What can you say about the number 8191? x ≡ np−2 a ( mod p) .
(b) Show that 265 536 ≡ 1( mod 65 537).
(ii) Solve the linear congruence
What can you say about the number 65 537? 10x ≡ 11 ( mod 17).
WILSON’S THEOREM (163–170) 163
12. Determine the least non-negative 18. Prove that if p n then

remainder when 32013 is divided by 43. k(p−1)
n ≡ 1 ( mod p)
13. Compute the least positive residue x
where p is prime and k is a natural
such that number.
3101 ≡ x ( mod 103) . 19. Let p be an odd prime such that p n.
14. (i) Show that the product of any three
Show that the multiplicative inverse of
p−1 p−1
consecutive integers is divisible by 3. n 2 ( mod p) is n 2 ( mod p).
(ii) Show that the product of any three 20. Let p be an odd prime and x be a least
consecutive integers is divisible by 6. positive residue modulo p.
Show that
15. Explain why 1055210 ≢ 1 ( mod 211).
[The number 211 is prime.] xp+1 ≡ 4 ( mod p) ⇒ x ≡ 2 or
x ≡ −2 ( mod p) .
16. *Let n be a natural number. Prove that
25n61 + 52n p
21. Show that n2 ≡ n2 ( mod 2p − 1) where
is an integer.
77
2p − 1 is prime and it does not divide n.
Exercises 3.1, question 24 (d) helpful: 22. Let p be a prime. Prove that
ap ≡ bp ( mod p) ⇒ a ≡ b ( mod p) .
a ≡ b( mod mk ) ⇒ Note that we don’t have this result for
a ≡ b ( mod m1 ×m2 × ⋯ × mn ) algebra of real numbers:
ap = bp /
⇒ a = b unless
where k = 1, 2, ⋯ , n and
a = b = 1 or a = b = 0.
gcd (mi , mj ) = 1 for i ≠ j.]
23. *Let p be prime. Prove that p divides
12n13 + 23n
17. Show that is an integer (1 − n) (1 + n + n2 + n3 + ⋯ + np−2 ) ,
35
where n is a natural number. provided p does not divide n.
.........................................................................................................
SECTION 4.2 Wilson’s Theorem

● prove Wilson’s Theorem
● apply Wilson’s Theorem to find n! ( mod p)
Like Fermat’s Little Theorem, for Wilson’s Theorem we confine ourselves to a prime mod-
ulo. Wilson’s Theorem is valid both ways, that is the result is true going forwards ⇒ (suffi-
cient) and backwards ⇐ (necessary). This is not the case for Fermat’s Little Theorem, as we
observed in Subsection 4.1.4.
John Wilson (1741–93) attended the University of Cambridge, becoming Senior Wran-
gler, which means he achieved the highest marks on taking the Mathematical Tripos ex-
amination. However, John Wilson rediscovered Wilson’s Theorem, because it was known
700 years earlier by Ibn al-Haytham (965–1040 AD) who made major contributions to
mathematics (particularly geometry and number theory), optics (being the first to claim
that we see objects when light is reflected off an object into the eye), and astronomy. He is
also considered to be one of the first theoretical physicists.
Ibn al-Haytham was born in the Iraqi city of Basra but spent his adult life in Cairo, Egypt.
He dedicated his life to mathematics and physics after giving up on religion.2
Example 4.7
Find x in each of the following congruences:

(a) x ≡ 4! ( mod 5) (b) x ≡ 6! ( mod 7)
Solution
(a) Remember 4! = 1 × 2 × 3 × 4 = 24 ≡ 4 ≡ −1 ( mod 5). Therefore,
x ≡ 4! ≡ −1 ( mod 5) .
(b) Similarly, we have 6! = 1 × 2 × 3 × 4 × 5 × 6 = 720 and
x ≡ 6! ≡ 720 ≡ 6 ≡ −1 ( mod 7) .
These evaluations were nice and easy, but evaluating n! for a large n will not be so simple.
We want to find a simpler way of evaluating this n! modulo a prime.
We can be smart about this by using the inverse of a residue, as described in Example 4.8
below. The proof of Wilson’s Theorem relies on the inverse in modular arithmetic.
4.2.1 Multiplicative inverse
Can you recall what we mean by inverse of a ( mod n) ?
By Definition (3.20) of the last chapter:

If ax ≡ 1 ( mod n) then the solution x is the inverse of a ( mod n).
Recall a ( mod n) has an inverse ⇔ a and n are relatively prime (see (3.21) of the last
chapter).
Example 4.8
Determine the least non-negative residue x ( mod 13) in the following congruence:
x ≡ 12! ( mod 13) .
Solution
Remember what factorial ! means:
x ≡ 12! ≡ 1 × 2 × 3 × 4 × 5 × 6 × 7 × 8 × 9 × 10 × 11 × 12 ( mod 13) . (∗)
2
https://mathshistory.st-andrews.ac.uk/Biogrpahies/Al-Haytham
If we multiply the first and last numbers on the right-hand side of (∗) we have
1 × 12 ≡ 12 ≡ −1 ( mod 13) .
We can carry out some simplification on the remaining numbers 2, 3, . . . , 11 in the product on the
right-hand side.
We are dealing with a prime modulo, 13. If a = 2, 3, 4, . . . , 11 then gcd (a, 13) = 1, which implies
that each of these a’s will have an inverse because a and 13 are relatively prime. For example,
2 × 7 ≡ 14 ≡ 1 ( mod 13) .
Therefore, the inverse of 2 is 7 modulo 13. Similarly, we can pair up all the remaining numbers:
3 × 9 ≡ 27 ≡ 1 ( mod 13)
4 × 10 ≡ 40 ≡ 1 ( mod 13)
5 × 8 ≡ 40 ≡ 1 ( mod 13)
6 × 11 ≡ 66 ≡ 1 ( mod 13) .
Substituting these into (∗) gives
x ≡ 12! ≡ (1 × 12) ×⏟ ×⎵7)

(2⎵⏟ ⏟×⏟ ×⎵9)
(3⎵⏟ ⏟× ⏟
(4⎵×
⏟⎵ ⏟ ×⏟
10) ×⎵8)
(5⎵⏟ ⏟× ⏟
(6⎵×
⏟⎵11)
⏟ [By above]
≡1 ≡1 ≡1 ≡1 ≡1
≡ (−1) × (1) × (1) × (1) × (1) × (1)
≡ −1 ≡ 12 ( mod 13) .
We use these concepts of pairing residues with their inverse in the derivation of Wilson’s
Theorem. However, before we can derive the theorem we need one more result, namely this
lemma:
Lemma (4.3). Let p be prime, then

x2 ≡ 1( mod p) ⇔ x ≡ ±1 ( mod p) .
What does this result mean?
It means the inverse of x ≡ ±1 is x ≡ ±1 modulo p. This x ≡ ±1 is its own or self-inverse.

Comparing with real numbers, the inverse of 1 or −1 is 1 or −1 respectively.
Proof.
We use Proposition (3.14) (b):
a2 ≡ b2 ( mod p) ⇔ a ≡ ±b ( mod p)
with a = x and b = 1.

The consequence of Lemma (4.3) may not seem quite so obvious at first glance. However,
if we take a closer look at the two values of x which satisfy x2 ≡ 1 ( mod p) we can extract a
useful result.
This means that the values of x which satisfy x2 ≡ 1 ( mod p) are x ≡ 1 ( mod p) or
x ≡ −1 ≡ p − 1 ( mod p). Furthermore, each of these values for x is its own self-inverse—a
property we’ll use in our proof of Wilson’s Theorem.
In the previous Example 4.8 the congruence x ≡ ±1 ( mod p) of Lemma (4.3) corre-
sponds to
x ≡ 1 ( mod 13) and x ≡ −1 ≡ 12 ( mod 13) .
The modular inverse of 12 ( mod 13) is 12 ( mod 13) because
12 × 12 ≡ 144 ≡ 1 ( mod 13) .
4.2.2 Wilson’s Theorem
We are now able to prove Wilson’s Theorem.
Wilson’s Theorem (4.4). If p is prime, then
(p − 1)! ≡ −1( mod p) .
First, we establish the result for the first two primes, p = 2 and p = 3, then we prove the
result for the remaining primes.
Proof.
Let p = 2 or p = 3 then
(2 − 1)! ≡ 1 ≡ −1( mod 2)

(3 − 1)! ≡ 2 ≡ −1( mod 3) .
The result holds for p = 2 and p = 3.

Now let the prime p ≥ 5 and consider the least positive residues modulo p:
1, 2, 3, 4, … , p − 1.
By the previous Lemma (4.3) we know that the first and last numbers in this list, 1 and
p − 1, are their own inverses. Removing these two values from our list, we get the reduced
list of 2, 3, 4, …, p − 2.
The inverse of these remaining residues 2, 3, 4, …, p − 2 is another number in this list.
Why?
Consider again the linear congruence
ax ≡ 1 ( mod p) where a = 2, 3, 4, ⋯ , p − 2.
Since gcd(a, p) = 1, so this linear congruence ax ≡ 1 ( mod p) has a unique solution

x ≡ b ( mod p) where b ≢ a ( mod p) because each of the a = 2, 3, 4, ⋯ , p − 2 is not its
own inverse.
Why not?
Because by the result of Exercises 3.3, question 16 we have:
None of the elements in {2, 3, ⋯ , p − 2} modulo p is self-invertible.

This means that residues a and b can be paired up amongst the list
2, 3, 4, ⋯ , p − 2
such that a × b ≡ 1 ( mod p). Hence we have
×⎵
2⏟⎵3⎵×⎵4⎵⎵⏟⎵
× ⋯⎵
×⎵(p 2) ≡ 1 × 1 × 1 × ⋯ × 1 ≡ 1 ( mod p)
⎵⎵−⎵⏟
=(p−2)!
(p − 2)! ≡ 1 ( mod p) .
Therefore, we have:
(p − 1)! ≡ (p − 1) ⏟ −⎵
(p⎵⏟ ⏟ ( mod p)
2)!
≡1 by above
≡ (p − 1) ≡ −1 ( mod p) .
Example 4.9
Determine the residue x in each of the following congruences:

(a) x ≡ 16! ( mod 17) (b) x ≡ 11! ( mod 12) (c) x ≡ 10! ( mod 13)
Solution
(a) Since 17 is a prime, by Wilson’s Theorem we have
x ≡ 16! ≡ −1 ( mod 17) . (continued...)

(b) 12 is not prime so we cannot use Wilson’s Theorem. We have
x ≡ 11! ≡ 2 × ×4
3⏟ ×5 × 6 × 7 × 8 × 9 × 10 × 11
=12 ≡ 0 (mod 12)
≡ 2 × 0 × 5 × ⋯ × 11 ≡ 0 ( mod 12) .
(c) 13 is prime but we need to find 10! not 12!. By Wilson’s Theorem we have
12! ≡ −1 ( mod 13) . (∗)
Remember 12! = 12 × 11 × 10!. Substituting this into (∗) gives
12 × 11 × 10! ≡ (−1) × (−2) × 10! [Because 12 ≡ −1, 11 ≡ −2 ( mod 13)]

≡ 2 × 10! ≡ −1 ( mod 13) . (∗∗)
If we multiply the last line 2 × 10! ≡ −1 ( mod 13) by the inverse of 2 ( mod 13) then we can find
x ≡ 10! ( mod 13).
What is the inverse of 2 ( mod 13) ?
By inspection we find 7 ( mod 13) because 2 × 7 ≡ 14 ≡ 1 ( mod 13). Multiplying both sides of (∗∗) by
7 gives:
× 7 ×10! ≡ 7 × (−1) ≡ −7 ≡ 6 ( mod 13) .
2⏟
≡1
Hence x ≡ 10! ≡ 6 ( mod 13).
You are asked to prove Wilson’s Theorem again in the exercises by using FlT—Exercises
4.2, question 17.
You can also use Wilson’s Theorem to prove that the quadratic congruence
x2 ≡ − 1 ( mod p) has a solution ⇔ p = 2 or p ≡ 1 ( mod 4) (see Exercises 4.2, question 16).
(We examine quadratic residues in Chapter 7.)
4.2.3 Converse of Wilson’s Theorem
The converse of Wilson’s Theorem is also true.
Converse of Wilson’s Theorem (4.5). If (n − 1)! ≡ −1 ( mod n) then n is prime.
Using proof by contradiction.
Proof.
Suppose n is composite. This means that n has at least two non-trivial factors (defined in
(3.25) of the last chapter):
d1 × d2 = n where d1 > 1 and d2 > 1.
Without Loss Of Generality (WLOG), assume d2 > d1 . Therefore,
(n − 1)! = 1 × 2 × ⋯ × d1 × ⋯ × d2 × ⋯ × (n − 1)
= d1 × d2 × 1 × 2 × ⋯ × (n − 1) .
We have
(n − 1)! ≡ d⎵
⏟ ×⎵d⏟
1⏟ 2 ×1 × 2 × ⋯ × (n − 1) ( mod n)
≡0 (mod n) Because d1 ×d2 =n
≡ 0 × 1 × 2 × ⋯ × (n − 1) ≡ 0 ( mod n) .
This (n − 1)! ≡ 0 ( mod n) is impossible.
Why?
Because we are given (n − 1)! ≡ −1 ( mod n).

We have a contradiction to our supposition, so n cannot be composite, which means it
must be prime.

Can you think of an application where Theorem (4.5) may be helpful?
It can be used to test for prime numbers because if (n − 1)! ≡ −1 ( mod n) then we conclude
that n is prime. However, this is not very practical.
Why not?
(n − 1)! becomes very large even for small values of n. There are more efficient ways of
testing whether numbers are prime or composite, which we will discuss in the next few
sections.
Generalizing factorial results for modular arithmetic we have:
⎧−1 ( mod n) if n is prime

(n − 1)! ≡ 2 ( mod n) if n = 4
⎨
⎩ 0 ( mod n) for all other cases.
You are asked to prove this result in Exercises 4.2, question 10.
Summary
Wilson’s Theorem:
(n − 1)! ≡ −1 ( mod n) ⇔ n is prime.
EXERCISES 4.2
(Brief solutions at end of book. Full 9. Find the least non-negative residue
2
solutions available at <http://www.oup.co. (29 − 1)
[( )!] ( mod 29).
uk/companion/NumberTheory>.) 2
1. Determine the least non-negative 10. Prove the following:
residue x of the following congruences: (n − 1)!
(a) 10! ≡ x ( mod 11) ⎧−1 ( mod n) if n is prime

(b) 10! + 10! ≡ x ( mod 11) ≡ 2 ( mod n) if n = 4
⎨
(c) 10 (10!) + 8 (10!) ≡ x ( mod 11) ⎩ 0 ( mod n) for all other cases.
101 100
(d) 5 (10!) + 3 (10!) ≡ x ( mod 11) 11. Show that
2. Determine the remainder when 15! is x2 ≡ 1 ( mod n) /
⇒ x ≡ ±1 ( mod n).
divided by 17. 12. Let p be prime and gcd (n, p) = 1.
3. Determine the remainder when 25! is Prove that
divided by 17. (p − 1)! + np−1 ≡ 0 ( mod p).
4. Find x where x is the least 13. Let p be prime. Prove that

non-negative residue such that (p − 2)! ≡ 1 ( mod p).
14. Let p be an odd prime. Prove that
x ≡ 8 × 9 × 10 × 11 × 16×17 × 18 × 19 2 (p − 3)! ≡ −1 ( mod p).
( mod 13) .
15. Let p be prime. Show that
5. Evaluate the least residue x such that (p − 1)(p − 2) ⋯ (p − n) ≡
(−1)n n! ( mod p)
x ≡ 2 (20!) ( mod 23) . where 1 ≤ n < p.
16. **Consider the quadratic congruence
6. Without using a calculator determine x2 + 1 ≡ 0 ( mod p) where p is prime.
the least non-negative residue x such Prove that x2 + 1 ≡ 0 ( mod p) has a
that solution ⇔ p = 2 or p ≡ 1 ( mod 4).
96 × 97 × 98 × 99 × 100 ≡ x ( mod 101) . 17. Prove Wilson’s Theorem by using
Fermat’s Little Theorem.
7. Determine 61! ( mod 71).
[Hint: Consider the equation
8. Determine (n − 1)! ( mod n) for each xp−1 − 1 ≡ 0 ( mod p) .]
of the following n:
18. *Let p be an odd prime. Prove that
(a) n = 15 (b) n = 21 (c) n = 30 (1 × 3 × 5 × ⋯ × (p − 2))
2
p+1
What do you notice about your results? ≡ (−1) 2 ( mod p) .
.........................................................................................................
COM P O S I T E I N T E G E R S A ND P S E U D O P R I M E S ( FA L S E P R I M E S ) ( 1 7 1 – 1 8 1 ) 171
SECTION 4.3 Composite Integers and Pseudoprimes (False Primes)

● test and factorize composite integers
● determine pseudoprimes
● factorize integers of the type 2n − 1
There is no easy way to find out whether a given odd integer is prime or composite.
How do we test whether 218 − 1 = 262 143 is composite or prime? If it is composite then what is the
prime factorization of this number?
We answer these questions in Example 4.14 later in this section.

The only tools of factorization we have are the trial division of Chapter 2 and the Fermat
factorization method of Section 3.5. In this section we discuss other techniques to deter-
mine whether 2n − 1 is composite.
4.3.1 Composite integers
We can use FlT to test whether a given integer is composite.
Proposition (4.6). Let n be an odd integer. If
2n−1 ≢ 1 ( mod n)
then n is a composite integer.
This follows from the contrapositive of FlT.
Proof.
By Fermat’s Little Theorem (4.1):
If n is prime which does not divide a, then an−1 ≡ 1 ( mod n).
The contrapositive is:
If an−1 ≢ 1 ( mod n) where n a then n is composite.
We substitute a = 2 to arrive at our result:
2n−1 ≢ 1 ( mod n) implies the odd integer n is composite.

Example 4.10
Test whether 511 is composite.
Solution
How do we test whether 511 is composite or not?
Using the previous Proposition (4.6) with n = 511 gives
2511−1 ≡ 2510 ≡ x ( mod 511) .
Evaluating various indices of 2 we have
27 ≡ 128, 28 ≡ 256, 29 ≡ 512 ≡ 1 ( mod 511) .
We stop at 29 ≡ 1 ( mod 511) because this is a useful result to have, as 1 to any integer index is just
1. Remember we want to find 2510 ≡ x ( mod 511). Writing the index 510 as a multiple of 9 and any
remainder we have by the Division Algorithm
510 = (56 × 9) + 6.
Using the above result 29 ≡ 1 ( mod 511) and the rules of indices we have
56
2510 ≡ 2(56×9)+6 ≡ (29 ) × 26 ≡ 156 × 64 ≡ 64 ( mod 511) .
Since 2511−1 ≡ 2510 ≡ 64 ≢ 1 ( mod 511), so by the previous Proposition (4.6):

if 2n−1 ≢ 1 ( mod n) then n is composite,
we conclude that 511 is composite.
Note that the above proposition does not give us the factors of 511 but just tells us that
this number 511 is composite.
The general contrapositive statement of FlT is given by
an−1 ≢ 1 ( mod n) ⇒ n is composite provided n a.
In the above case we chose a to equal 2, but we could let a be any integer provided n a.
Therefore, the general proposition is:
Fermat’s Composite Test (4.7). Let n be an odd integer greater than 1. If
an−1 ≢ 1 ( mod n) for some a such that n a
then n is a composite integer.
Proof.
This is the contrapositive statement of FlT.

Why use this result an−1 ≢ 1 ( mod n) rather than the previous 2n−1 ≢ 1 ( mod n) ?
For some numerical examples we may have 2n−1 ≡ 1 ( mod n) but, as discussed in Section
4.1, this does not imply that n is prime (pseudoprime). To deduce that n is composite we
need to show for some other base, a say, such that an−1 ≢ 1 ( mod n).
Additionally, it can be easier to work with another base rather than 2. Plus, it is always
useful to not be constrained to a particular base.
Example 4.11
Show that 4369 is composite.
Solution
If we use base 2 we find by using a calculator ( justify in your own time) that
24369−1 ≡ 24368 ≡ 1 ( mod 4369) .
We will show in Supplementary Problems 4, question 15 that 4369 is a pseudoprime. However, if

we use base 3, then we find
34368 ≡ 3333 ≢ 1 ( mod 4369) .
So, by Fermat’s Composite Test (4.7) we conclude that 4369 is composite.
This is not a very efficient way of testing for composite integers, since it requires us to have
some way of knowing beforehand what base is most suited, something which isn’t always
obvious.
4.3.2 Pseudoprimes (false primes)
We briefly mentioned these towards the end of Section 4.1.
Example 4.12
Determine the least positive residue x such that 2340 ≡ x ( mod 341).
Solution
Evaluating various powers of 2 we have
28 ≡ 256, 29 = 512 ≡ 171 and 210 = 1024 ≡ 1 ( mod 341) .
Using the last result 210 ≡ 1 ( mod 341) and by the rules of indices we get
34
2340 ≡ (210 ) ≡ 134 ≡ 1 ( mod 341) .
Hence the least positive residue is x ≡ 2340 ≡ 1 ( mod 341).

This result 2340 ≡ 1 ( mod 341) does not imply that 341 is prime. In fact, 341 is composite
because
341 = 11 × 31.
For over 2500 years the mathematical community did think that if 2n−1 ≡ 1 ( mod n)
then n was prime. (Actually this modular arithmetic was not developed until the 19th
century, so for over 2000 years people wrongly thought that if n | (2n−1 − 1) then n is
prime.)
In 1819, the above example 2340 ≡ 1 ( mod 341) was discovered and it was found that 341
is a composite integer.3 This 341 is an example of a pseudoprime.
We define pseudoprime formally as:
Definition (4.8). A composite integer n is called a base a-pseudoprime (or just a pseudo-
prime) if
an−1 ≡ 1 ( mod n) where gcd (a, n) = 1 and a > 1.
For example, 341 is a base 2-pseudoprime because 2340 ≡ 1 ( mod 341). This 341 is the
smallest base 2-pseudoprime.
Example 4.13
Show that 91 is a base 3-pseudoprime.
Solution
First gcd (3, 91) = 1. For 91 to be a base 3-pseudoprime we need to show two things:
I) 91 is composite and II) 390 ≡ 1 ( mod 91).
Showing each of these:
I) 91 = 7 × 13 so 91 is composite.
II) Evaluating powers of 3 we have
34 ≡ 81 ≡ −10, 35 ≡ 3 × (−10) ≡ −30 ( mod 91) and

36 ≡ −30 × 3 ≡ −90 ≡ 1 ( mod 91) .
Using this last result 36 ≡ 1 ( mod 91) to evaluate 390 ≡ ? ( mod 91) we have
15
390 ≡
⏟ 36×15 ≡
⏟ (36 ) ≡ 115 ≡ 1 ( mod 91) .
because 90=6×15 by the rules of indices
Since 390 ≡ 1 ( mod 91), so 91 is a base 3-pseudoprime. (You are asked to show in Exercises 4.3, ques-
tion 3 (b) that 91 is not a base 2-pseudoprime.)
91 is the smallest base 3-pseudoprime. The numbers 217 and 25 are pseudoprimes of
bases 5 and 7 respectively and these are the smallest base 5- and 7-pseudoprimes (see
Exercises 4.3, question 18).
3
https://primes.utm.edu/curios/page.php/341.html.
4.3.3 Factorizing integers of the form 2n –1
Proposition (4.9). If m | n then (2m − 1) | (2n − 1) where m and n are positive integers.
Proof.
We are given that m | n, so there is an integer k such that
m × k = n.
We need to use the following algebraic identity (Introductory Chapter):
ar×s − 1 = (ar − 1) (ar(s−1) + ar(s−2) + ⋯ + ar + 1) .
Substituting a = 2 we have
2n − 1 = 2m×k − 1 = (2m − 1) (2m(k−1) + 2m(k−2) + ⋯ + 2m + 1) .
From this 2n − 1 = (2m − 1) (2m(k−1) + 2m(k−2) + ⋯ + 2m + 1) we have that 2m − 1 is a factor

of 2n − 1 or (2m − 1) | (2n − 1), which is our required result.

For example, 7 | 14, so by the previous proposition we have
(27 − 1) | (214 − 1) .
We can check this by computing the indices and subtracting 1:
27 − 1 = 127 and 214 − 1 = 16 383.

16 383
We find that = 129 so 127 | 16 383, which means we have (27 − 1) | (214 − 1).
127
We can use this Proposition (4.9) to find factors of 2n − 1.
Example 4.14
Factorize 218 − 1 = 262 143 into its prime factors.
Solution
The non-trivial factors (we defined non-trivial factors in the last chapter (3.25)) of the index 18 are 2,
3, 6, and 9. We use Proposition (4.9):
If m | n then (2m − 1) | (2n − 1).
Substituting m = 2, 3, 6, 9, and n = 18 into this proposition gives:
(22 − 1) | (218 − 1) implies 3 | (218 − 1) [Because 22 − 1 = 3]

(23 − 1) | (218 − 1) implies 7 | (218 − 1) [Because 23 − 1 = 7]
(26 − 1) | (218 − 1) implies 63 | (218 − 1) [Because 26 − 1 = 63]
(29 − 1) | (218 − 1) implies 511 | (218 − 1) [Because 29 − 1 = 511] .
(continued...)
Hence some of the factors of 218 − 1 are 3, 7, 63, and 511. Note that Proposition (4.9) does not say all
the factors of 2n − 1 are of the form 2m − 1 where m | n .
The largest factor in this list is 511 and dividing by this number gives
218 − 1
= 513 or 218 − 1 = 511 × 513. (∗)
511
By using the test for divisibility by 9 we have that adding the digits of 513 gives 5 + 1 + 3 = 9 and 9 | 9,
therefore 9 is a factor of 513:
513
= 57 or 513 = 9 × 57 = 32 × 57 = 32 × 3 × 19 = 33 × 19.
9
The factors of 511 are 7 × 73 = 511. Substituting these into (∗) yields
218 − 1 = 511 × 513 = (7 × 73) × (33 × 19) = 33 × 7 × 19 × 73.
Hence, we have factorized 218 − 1 into its prime factors, 33 × 7 × 19 × 73.
Example 4.15
Show that 2777 − 1 is a composite integer.
Solution
Clearly 7 | 777, so by Proposition (4.9) we have that 27 − 1 = 127 is a factor of 2777 − 1. Hence 2777 − 1
is composite.
The converse of Proposition (4.9) is also true:
Proposition (4.10). If (2m − 1) | (2n − 1) then m | n.
Proof.

Corollary (4.11). If n is composite then 2n − 1 is also composite.
Proof.

Take care to notice that this corollary does not imply that if n is prime then 2n − 1 is also
prime. For example, take n = 11 which is prime but 211 − 1 = 2047 = 23 × 89 is composite.
However, by the contrapositive form of Corollary (4.11) we have:

If 2n − 1 is prime then n is prime.
You are asked to prove this in Exercises 4.3, question 13. Summarizing this, we have
2n − 1 is prime ⇒ n is prime (statement).

But n is prime /⇒ 2n − 1 is prime (converse).
4.3.4 Generating pseudoprimes
The next result tells us how we can generate a new pseudoprime from a given pseudoprime.
Proposition (4.12). Show that 2341 − 1 is a base 2-pseudoprime.
Proof.
We need to prove two things:
I) 2341 − 1 is composite.
341 −2
II) 22 ≡ 1 ( mod 2341 − 1).
Proof of I).
Factorizing 341 gives 341 = 11 × 31, so 341 is composite. By the previous Corollary (4.11):
if n is composite then 2n − 1 is also composite,
we have that 2341 − 1 is composite.
Proof of II).
341
We need to show 22 −2 ≡ 1 ( mod 2341 − 1). From Example 4.12, we know that 341
is a base 2-pseudoprime, therefore 2340 ≡ 1 ( mod 341). Multiplying both sides of this
2340 ≡ 1 ( mod 341) by 2 gives
2 × 2340 ≡
⏟ 2341 ≡ 2 ( mod 341) .
By rules of indices
By definition of congruence we have
2341 − 2 = 341k for some integer k. (∗)

2341 −2
Let us now examine the congruence 2 ≡ x ( mod 2341 − 1). To prove part II), we need
to show that x ≡ 1 ( mod 2 − 1). By (∗) the index 2341 − 2 = 341k, so
341
341 −2
22 ≡ 2341k ( mod 2341 − 1) . (†)
Also 2341 − 1 ≡ 0 ( mod 2341 − 1) because m ≡ 0 ( mod m), which implies

2341 ≡ 1 ( mod 2341 − 1). We have
341 −2 k
22 ⏟ 2341k
≡ ≡
⏟ (2341 ) ≡ 1k ≡ 1 ( mod 2341 − 1) .
by (†) by rules of indices
341
We have shown 22 −2 ≡ 1 ( mod 2341 − 1).
As we have proved both parts I) and II), so 2341 − 1 is a base 2-pseudoprime.

This proposition says that if we have the base 2-pseudoprime 341 then by using this we
can produce another base 2-pseudoprime, 2341 − 1. This is not only true of 341, but is also
true for other pseudoprimes n.
Proposition (4.13). If n is a base 2-pseudoprime then 2n − 1 is also a base 2-pseudoprime.
Proof.
Exercises 4.3, question 11.

This leads us to say there are infinitely many base 2-pseudoprimes. You will be asked to
show this in Exercises 4.3, question 20.
A natural question to ask is:
Are there infinitely many base a > 1 pseudoprimes?
Yes, and you are asked to show this in Supplementary Problems 4, question 29.
4.3.5 Carmichael numbers
From Example 4.12 we have that 341 is a base 2-pseudoprime. If we use base 3 then we get
the following:
3340 ≡ 56 ( mod 341) .
Therefore, 341 is not a base 3-pseudoprime.

Some integers are pseudoprimes for all the bases a, provided gcd (a, n) = 1. For example,
561 satisfies this because
a560 ≡ 1 ( mod 561) provided gcd (a, 561) = 1.
But 561 is a composite number because 561 = 3 × 11 × 17. Such a number is called a
Carmichael number. This means that every a which is not a multiple of 3, 11, or 17 or a
combination of these will give a560 ≡ 1 ( mod 561).
However, the index 560 to base 3, 11, and 17 will not give 1 modulo 561:
3560 ≡ 375 ≢ 1, 11560 ≡ 154 ≢ 1 and 17560 ≡ 34 ≢ 1 ( mod 561) .

Definition (4.14). A composite integer n is called a Carmichael number if for every base
a we have
an−1 ≡ 1 ( mod n) provided gcd (a, n) = 1.
Other Carmichael numbers are 1105, 1729, 2465, … Actually there are infinitely many
Carmichael numbers, as stated in Section 4.1.
Robert Carmichael was born in 1879 in Alabama,

USA. In 1905 he started to submit problems to
American Mathematical Monthly. By 1909 he had
approximately 170 publications in this journal. In
1911 he taught at Indiana University and in 1915
he moved to the University of Illinois where he
became professor of mathematics. Carmichael
remained there for the rest of his academic career,
retiring in 1947. He also wrote textbooks on
relativity, number theory, calculus, trigonometry,
logic and algebra. Carmichael was the first one to
discover the above property for the number 561
in 1910. He passed away aged 88 in 1967.
Figure 4.3 Carmichael (1879–1967).
Example 4.16
Show that 561 is a Carmichael number.
Solution
How do we show this result?
561 = 3 × 11 × 17 is a composite integer. We also need to show that
a560 ≡ 1 ( mod 561) for every a such that gcd (a, 561) = 1.
We use FlT and the Chinese remainder theorem to show this. (continued...)
Proof.
First using FlT (4.1):
ap−1 ≡ 1 ( mod p) where p a
with moduli p = 3, 11, and 17 because 561 = 3 × 11 × 17 we have:
a2 ≡ 1 ( mod 3) [FlT with p = 3]

a10 ≡ 1 ( mod 11) [FlT with p = 11]
a16 ≡ 1 ( mod 17) [FlT with p = 17] .
However we don’t need these indices because we want to show a560 ≡ 1 ( mod 561), so we are interested
in the index 560. Using the rules of indices and the above results we have
280
a560 ≡ (a2 ) ≡ 1280 ≡ 1 ( mod 3) .
Similarly, by using the rules of indices in the bottom two congruences we have
56
a560 ≡ (a10 ) ≡ 156 ≡ 1 ( mod 11)
35
a560 ≡ (a16 ) ≡ 135 ≡ 1 ( mod 17) .
Let x = a560 , and putting this into the above computed congruences we have the simultaneous congruence
equations:
x ≡ 1 ( mod 3)
x ≡ 1 ( mod 11)
x ≡ 1 ( mod 17) .
Solving these using the result of Exercises 3.4, question 8 (b):
Let p1 , p2 , p3 , ⋯ , pk be distinct primes such that x ≡ M ( mod pj ) then
x ≡ M ( mod p1 × p2 × p3 × ⋯ × pk ) .
Using this on the above three simultaneous equations gives
x ≡ 1 ( mod 3 × 11 × 17) ≡ 1 ( mod 561) .
Substituting x = a560 into this yields

a560 ≡ 1 ( mod 561) .
This means that for every a we have a560 ≡ 1 ( mod 561), provided gcd (a, 561) = 1.
Therefore, 561 is a Carmichael number.

Summary
We can use an−1 ≢ 1 ( mod n) to show that n is a composite number.
Pseudoprimes are composite integers n which satisfy FlT:
an−1 ≡ 1 ( mod n) where gcd (a, n) = 1.

EXERCISES 4.3
(Brief solutions at end of book. Full 11. Prove Proposition (4.13).

solutions available at <http://www.oup.co.
12. Show that 1729 is a Carmichael
number.
1. Verify the following are composite
13. Prove that if 2n − 1 is prime then n is
integers by using FlT:
prime.
(a) 4097 (b) 32 767
14. Prove that if 2p − 1 is composite where
(c) 2197 [use base 13]
p is prime then 2p − 1 is a base
2. Show that 2047 is a base 2-pseudoprime.
2-pseudoprime.
15. Prove that if (2m − 1) | (2n − 1) then
3. (a) Show that 561 is a m | n.
(I) base 560-pseudoprime 16. Show that in general
n n
(II) base 562-pseudoprime (22 − 1) (22 + 1).
n
(b) Show that 91 is not a base 17. Explain why 2n | 22 .
2-pseudoprime.
18. (a) Show that 25 is a base
4. Show that the following are composite 7-pseudoprime but not a Carmichael
integers by finding a non-trivial factor number.
of each integer:
(b) Show that 217 is a base
(a) 2123 − 1 (b) 2161 051 − 1 5-pseudoprime but not a Carmichael
(c) 21769 − 1 number.
5. Factorize the following integers into its 19. *Show that if the Fermat number
n
prime factors: Fn = 22 + 1 is a composite integer
n
then Fn = 22 + 1 is a base
(a) 220 − 1 (b) 221 − 1 (c) 224 − 1
2-pseudoprime.
6. What is wrong with the following
20. *Prove that there are infinitely many
argument?
base 2-pseudoprimes.
105−1 ≢ 1 ( mod 5) implies 5 is
composite. 21. Show that the following statement is
false:
7. Prove that 3 is a factor of 22n − 1.
A composite number n is a Carmichael
8. Prove that 7 is a factor of 23n − 1. number ⇔ for every prime p which
9. Show that 2047 is a factor of 23751 − 1. satisfies p| n we have (p − 1) | (n − 1).
10. Prove Corollary (4.11). [Hint: Consider n = pk .]
.........................................................................................................
SECTION 4.4 Mersenne Numbers

● understand what is meant by a Mersenne number
● find a prime factor of a composite Mersenne number
How would you find a factor of 2251 − 1 where the index 251 is prime?
2251 − 1 is an example of a Mersenne number, which are important numbers.
Why?
Because the largest known primes are generally found amongst Mersenne primes, which
we define in this section. First we formulate a method to find a prime factor of a composite
Mersenne number such as 2251 − 1 in Example 4.20.
4.4.1 Definition of a Mersenne number
Who was Mersenne?
Father Marin Mersenne was born in 1588 near

Le Mans, which is now famous for its motor car
racing. As a young boy he took an interest in
religion and philosophy. In 1611 he entered
the Order of the Minims, which is a religious
sect. In 1616 he was elected superior of Place
Royale Monastery in Paris, where he remained
for the rest of his life. This is where he really
started to take an interest in mathematics, as
well as in religion. At that time, most
mathematicians tended to work in secret and
not share their mathematical ideas with each
other. Mersenne was the first to change this by
communicating with various mathematicians
of the day. He laid the foundations for setting
up academic discussion amongst
mathematicians and scientists in Europe.
Mersenne primes arose when Mersenne was
trying to find a formula that would represent
all primes.
Figure 4.4 Marin Mersenne (1588–1648).
MERSENNE NUMBERS (182–194) 183
Definition (4.15). The nth Mersenne number denoted Mn is defined as
Mn = 2n − 1.
We discussed Mersenne numbers in the last section without naming them. We proved
the following property of these numbers:
2n − 1 is prime ⇒ n is prime.
Though interesting, this is not a useful result.
Why not?
Because it is inefficient. We have if the larger integer 2n − 1 is prime then the smaller integer
n is prime, which means we have to first check 2n − 1 and then deduce that n is prime. For
example, we first need to check that 219 − 1 = 524 287 is prime and then conclude that the
index 19 is prime. It is much easier to test the smaller number 19 rather than 524 287.
Definition (4.17). Mersenne prime. If Mn = 2n − 1 is prime then it is called a Mersenne

prime.
Examples of the first few Mersenne primes are
22 − 1 = 3, 23 − 1 = 7, 25 − 1 = 31, ⋯ .
Mersenne listed the following 11 primes p for which he claimed that 2p − 1 was prime:
2, 3, 5, 7, 13, 17, 19, 31, 67 , 127 and 257 . (†)
His list had two incorrect primes because M67 = 267 − 1 and M257 = 2257 − 1 are composite.
Testing whether Mersenne numbers are prime has been an ongoing problem for nearly
400 years. Of course, the greatest strides have been made since the advent of the digital
computer. Prior to computer technology, the American mathematician Frank Cole (1861–
1926) found the following factorization in October 1903:
M67 = 267 − 1 = 147 573 952 589 676 412 927 = (761 838 257 287) × (193 707 721) .
Legend has it that Cole spent three years of Sunday afternoons trying to find these factors.
Frank Cole gave this factorization at a meeting of the American Mathematical Society
with the title ‘On the Factorization of Large Numbers’. He did not speak a single word,
but just showed the above factorization on the board. It was one of the strangest talks ever
given.4 Hence Cole showed that the Mersenne list of primes given in the list (†) was incorrect
because M67 = 267 − 1 is composite.
Also Mersenne missed three primes, 61, 89, and 107, from his list. All of these
Mp = 2p − 1 are prime for p = 61, 89 and 107.
4
Number Theory: A Historical Approach by John Watkins, page 135.
Listing Mersenne numbers for the first few prime numbers p, we have:
Table 4.2
p 2 3 5 7 11 13
p
2 −1 3 7 31 127 2047 = 23 × 89 8191
Recall from the last section that if p is prime then there is no guarantee that 2p − 1 is
prime, as you can observe for p = 11. Remember from the last section:
⇒ 2p − 1 is prime.
p is prime /
It is also claimed that there are infinitely many Mersenne primes. However, this is still a
conjecture as no one has been able to prove this so far.
Since 1996 there has been a computer programme called Great Internet Mersenne Prime
Search, abbreviated to GIMPS, which was started by George Woltman to find primes.
George Woltman was interested in

number theory from a very young age. He
graduated from MIT in Computer Science
in 1978. He has been working in the
computer software industry for most of his
working career.
You can find the GIMPS project by
Googling this term. You can also take part
in this project of finding the largest prime
by downloading the software onto your
machine.
Figure 4.5 George Woltman (1957–present).
4.4.2 Factorizing composite Mersenne numbers
We want to find a prime factor of a given composite Mersenne number Mn without using
the brute force technique of testing all the primes up to the square root of Mn .
The following is one such test:
Proposition (4.18). Let n be a natural number and p = 2n + 1 be an odd prime, then either
p | (2n − 1) or p | (2n + 1) but not both.
Let us consider a numerical example before we undertake the task of a proof.

Let n = 2, then p = 2n + 1 = (2 × 2) + 1 = 5 is an odd prime. We have
2n − 1 = 22 − 1 = 3 and 2n + 1 = 22 + 1 = 5.
In this case, we have p | (2n + 1) because 5 | 5. Of course 5 3.

Let us examine another numerical example.
This time let n = 15, then p = (2 × 15) + 1 = 31 and p = 31 is prime. Then
2n − 1 = 215 − 1 = 32 767 and 2n + 1 = 215 + 1 = 32 769.
By the given proposition, p = 31 divides only one of these numbers: 32 767 or 32 769.
32 767
Checking this with a calculator gives = 1057. So 31 | (215 − 1).
31
How do we prove the given result?
By using Fermat’s Little Theorem (4.1):
ap−1 ≡ 1 ( mod p) where p is prime and p a.
Proof.
We need to prove p | (2n − 1) or p | (2n + 1), which in terms of congruence means we are
required to show that
2n ≡ 1 ( mod p) or 2n ≡ −1 ( mod p) respectively.
We are given that p is an odd prime. So applying FlT with a = 2 we have
2p−1 ≡ 1 ( mod p) . (‡)
We are given p = 2n + 1, which implies p − 1 = 2n. Substituting this p − 1 = 2n into (‡) and
applying the rules of indices gives
2
2p−1 ≡ 22n ≡ (2n ) ≡ 1 ( mod p) .
2
We have (2n ) ≡ 1 ( mod p). Applying Lemma (4.3):
x2 ≡ 1 ( mod p) ⇔ x ≡ ±1 ( mod p) .
With x = 2n this gives 2n ≡ ±1 ( mod p). Hence 2n ≡ 1 ( mod p) or 2n ≡ −1 ( mod p).

To finish off the proof, we also need to show that p does not divide both of these; 2n + 1
and 2n − 1. Suppose it does, that is
p | (2n + 1) and p | (2n − 1) .
Then
p | [(2n + 1) − (2n − 1)] implies p | 2.
This p | 2 is impossible because we are given p = 2n + 1, which means p is an odd prime.
Hence p cannot divide both p | (2n − 1) and p | (2n + 1). This completes our proof.

Example 4.17
Determine a prime factor of M23 = 223 − 1.
Solution
Let n = 23 then p = (2 × 23) + 1 = 47 which is prime. By applying the previous result:
p | (2n − 1) or p | (2n + 1) where p = 2n + 1,
we have 47 | (223 − 1) or 47 | (223 + 1). By using our calculator on the first of these we find
223 − 1 = 47 × 178 481.
Hence a prime factor of 223 − 1 is 47. (The other number, 178 481, is also a prime.)
M23 is composite with prime factors 47 and 178 481. Not always will we get a pair of
prime factors when we perform such division.
In this example we found that 47 divides 223 − 1, which implies that 47 does not divide
23
2 + 1.
Our aim in this section is to find a prime factor of the composite Mersenne number
Mn = 2n − 1. A natural question is:
What type of prime is a factor of Mn = 2n − 1?
The next proposition gives us the form of primes for which we can conclude that p = 2n + 1
is a prime factor of 2n − 1 or 2n + 1.
Proposition (4.19). Let p = 2n + 1 be prime. Then we have the following:

(a) If p ≡ ±1 ( mod 8) then p | (2n − 1).
(b) If p ≡ ±3 ( mod 8) then p | (2n + 1).
A numerical example of this result is the previous example:
p = 47 = (2 × 23) + 1 ≡ 47 ≡ 7 ≡ −1 ( mod 8) .
Now n = 23, so applying result (a), p | (2n − 1), with p = 47 and n = 23 gives
47 | (223 − 1) .
Note that we do not need to use our calculator to determine a prime factor of 223 − 1.
To determine whether the prime p = 2n + 1 is a factor of 2n − 1 we need to check the
prime p leaves remainder 1 or 7 after dividing by 8.
Proof.
See Exercises 7.3, question 13 because we need to use quadratic residues.

We use this result in the next example.

Example 4.18
Find a prime factor of 250 + 1.
Solution
In this case let n = 50, then 2n + 1 = (2 × 50) + 1 = 101 which is prime. Let p = 101 then
p = 101 ≡ 5 ≡ −3 ( mod 8) .
Since p ≡ −3 ( mod 8), so by the previous Proposition (4.19) (b):

If p ≡ ±3 ( mod 8) then p | (2n + 1).
With p = 101 and n = 50 we have

101 | (250 + 1) .
Therefore, 101 is a prime factor of 250 + 1.
Notice how useful this proposition is, because it tells us that 101 is a prime factor of
250 + 1 = 1 125 899 906 842 625.
By writing out the decimal digits of 250 + 1 we can see that 5 is also a factor of this.
We will show in Exercises 4.4, question 15 that 2n + 1 is composite provided n is not a
power of 2. Hence 2n + 1 is composite for all n apart from when index n = 2m . This is why
we look for primes amongst 2n − 1, rather than 2n + 1.
Without Proposition (4.19), finding prime factors of composite numbers like 2n ± 1 is a
very tiresome task, even for small n.
Example 4.19
Find a prime factor greater than 3 of 2116 − 1 [3 is a factor because (22 − 1) | (2116 − 1)].
Solution
Let the index n = 116, then 2n + 1 = (2 × 116) + 1 = 233. We have to check that 233 is prime, other-
wise we cannot use the previous proposition.
How do we test 233 is prime?
By using Corollary (2.10) of Chapter 2:
If n > 1 is composite then it has a prime divisor q such that q ≤ ⌊√n⌋.
Determining the floor function of √233 gives
⌊√233⌋ = 15.
None of the primes below 15 go into 233, therefore 233 is prime.

Let p = 233, then
p = 233 ≡ 1 ( mod 8) .
We have p ≡ 1 ( mod 8), so applying the previous Proposition (4.19) (a):
(continued...)
if p ≡ ±1 ( mod 8) then p | (2n − 1) ,
with n = 116 and p = 233 we have

233 | (2116 − 1) .
Hence 233 is a prime factor of 2116 − 1.
We managed to find a prime factor, 233, of
2116 − 1 = 83 076 749 736 557 242 056 487 941 267 521 535.
Without this Proposition (4.19) it would be very time-consuming to find this prime factor,
233, of 2116 − 1. [Once this number is written in decimal digits we can see that 5 is also a
factor of 2116 − 1.]
Be careful when applying Proposition (4.19), as demonstrated by the following:
Locate the first error in the following derivation:
Step 1: Let n = 44 then 2n + 1 = (2 × 44) + 1 = 89 and 89 is prime.
Step 2: We have 89 ≡ 1 ( mod 8) .
Step 3: Therefore, 44 | (289 − 1).
There is definitely an error because 289 − 1 is an odd number and 44 is even, so
44 (289 − 1). Actually 289 − 1 is a Mersenne prime, so it has no factors apart from 1 and
itself. The error occurs in the last line (Step 3) because we should have
89 | (244 − 1) not 44 | (289 − 1) .
4.4.3 Germain primes
Definition (4.20). If q and p = 2q + 1 are both primes, then we say that q is a Germain prime.
For example, we say that 2 is a Germain prime because 2 is prime and
(2 × 2) + 1 = 5 is also prime.
Also 23 is a Germain prime because
(2 × 23) + 1 = 47 is prime.
However 47 is not a Germain prime because
(2 × 47) + 1 = 95 is composite.
Germain primes are named after the great French mathematician Sophie Germain.
{Digression: Sophie Germain proved that if there are non-zero integer solutions to
x5 + y5 = z5 (this is the special case of Fermat’s Last Theorem for n = 5) then one of the
integers (x, y, or z) must be divisible by 5.}
Sophie was born in Paris, France in 1776. When

she was 13 she read about the great Greek
mathematician Archimedes and his killing by a
Roman soldier—Archimedes was the first martyr
of mathematics. She was influenced by the fact
that Archimedes sacrificed his life for solving a
mathematical problem. She wanted to study at
the Ecole Polytechnique located in Paris which is
the first university of science and technology.
However, in the 18th century women were not
allowed to study at the Ecole Polytechnique and
almost all other universities. [Women were
denied formal education.]
She did, however, obtain lecture notes for
some of the courses at the Polytechnique by
using the decoy name of M. LeBlanc.
Sophie also managed to establish a
correspondence with the mathematicians
Lagrange and Gauss. Initially they did not realise
M. LeBlanc was a woman, and both were
Figure 4.6 Sophie Germain (1776–1831). surprised when they discovered Sophie’s true
identity.
Recall if the index n is prime then this does not guarantee that the Mersenne number
2n − 1 is prime. In this subsection we find a prime factor of composite Mersenne numbers
2q − 1 where the q is confined to a prime index. [We dealt with composite index in the last
section.]
Corollary (4.21). Let q and p = 2q + 1 both be primes. Note that q is a Germain prime.
(a) If q ≡ −1 ( mod 4) then p | (2q − 1).
(b) If q ≡ 1 ( mod 4) then p | (2q + 1).
Let us first examine a numerical example of part (a):

Let q = 11 ≡ 3 ≡ −1 ( mod 4) then p = (2 × 11) + 1 = 23 and both p = 23 and q = 11 are
prime.
This corollary (part (a)) claims that p | (2q − 1), which implies that 23 | (211 − 1). You
may like to check that 23 is a factor of 211 − 1 = 2047.
Proof.
(a) We prove this by applying Proposition (4.19) (a):
If p = 2n + 1 is prime then p | (2n − 1), provided p ≡ ±1 ( mod 8).

We are given that p = 2q + 1 with q ≡ −1 ( mod 4).
What does this q ≡ −1 ( mod 4) mean?
By the definition of congruence, q is one less than a multiple of 4:
q = 4k − 1 for some integer k.
Substituting this q = 4k − 1 into p = 2q + 1 gives
p = 2q + 1 = 2 (4k − 1) + 1
= 8k − 2 + 1 = 8k − 1 ≡ −1 ( mod 8) .
Hence p ≡ −1 ( mod 8), so applying Proposition (4.19) (a) with n = q gives
p | (2q − 1) .

(b) See Exercises 4.4, question 9.
Example 4.20
Find a prime factor of composite M251 = 2251 − 1. (The index 251 is prime.)
Solution
Let q = 251 and p = 2q + 1, then p = (2 × 251) + 1 = 503. You can check that 503 is prime. Thus both
q = 251 and p = 503 are primes. Therefore, 251 is a Germain prime.
Also we have
q = 251 ≡ 3 ≡ −1 ( mod 4) .
Applying the previous Corollary (4.21) (a):
if q ≡ −1 ( mod 4) then p | (2q − 1),
with q = 251 ≡ −1 ( mod 4) and p = 503 we have
503 | (2251 − 1) .
503 is a prime factor of the Mersenne number M251 = 2251 − 1.
M251 = 2251 − 1 has 76 digits and Example 4.20 has found a prime factor, 503, of this
76-digit number.
You should be able to recognize how effective the above corollary is in finding a prime
factor of composite Mersenne numbers.
If we were not given that M251 is composite, how would we know it is composite?
From the previous Corollary we have p | (2q − 1), or more formally:
Proposition (4.22). If q ≠ 3 is a Germain prime and q ≡ −1 ( mod 4) then the Mersenne

number Mq = 2q − 1 is composite and p | (2q − 1) where p = 2q + 1.
Proof.

Since 11 and 251 are Germain primes, so the Mersenne numbers M11 = 211 − 1 and
M251 = 2251 − 1 are both composite numbers. Another example is the following.
Let q = 83 ≡ 3 ≡ −1 ( mod 4) and p = 2 (83) + 1 = 167. You can check that both 83 and
167 are prime, which implies that 83 is a Germain prime. By Corollary (4.21)(a) p | (2q − 1)
we have 167 | (283 − 1). Hence M83 = 283 − 1 is a composite number and a prime factor of
this number is 167.
Let us add another technique which simplifies finding prime factors of composite
Mersenne numbers.
Proposition (4.23). Let q be an odd prime. Any prime factor p of the composite Mersenne
number Mq = 2q − 1 is of the form p = 2kq + 1 where k is an integer.
Proof.

This proposition implies that a prime factor p of the Mersenne number Mq = 2q − 1 is

confined to the form p = 2kq + 1. A prime of any other form will not be a factor of Mq .
For example, consider M29 = 229 − 1.
By using a computer algebra system we find the prime factors of this integer are
M29 = 229 − 1 = 233 × 1103 × 2089.
We can write each of these prime factors, 233, 1103, and 2089, as
2kq + 1 = (2 × 29 × k) + 1 = 58k + 1.
We have
233 = 58k + 1 where k = 4,

1103 = 58k + 1 where k = 19,
2089 = 58k + 1 where k = 36.
All the prime factors of M29 = 229 − 1 are of the form 58k + 1. Therefore, to factorize
29
2 − 1 we don’t need to go through all the primes 2, 3, 5, …, but only those of the form
58k + 1 or p ≡ 1 ( mod 58).
How do we know there are primes in this sequence of numbers of the form 58k + 1?
By Dirichlet’s Theorem (2.17) of Chapter 2:

Let a and b be relatively prime positive integers, then the arithmetic progression
a, a + b, a + 2b, a + 3b, ⋯ contains infinitely many primes.
In the above case, 58k + 1, we start with 1 and then jump 58 each time;
1, 59, 117, 175, 233, … contains infinitely many primes.
The next result makes life even easier.
Proposition (4.24). Let q be an odd prime. Any prime factor p of Mq = 2q − 1 is of the form
p ≡ ±1 ( mod 8) .
Proof.

Note that in the above M29 = 229 − 1 we have the prime factors satisfying
233 ≡ 2089 ≡ 1 ( mod 8) and 1103 ≡ −1 ( mod 8) .
Note that for p = 2kq + 1 we check that p is prime by substituting k = 1, 2, 3, ⋯.

If p is prime for k = 1 then q is a Germain prime because p = 2q + 1.
Example 4.21
Find a prime factor of the composite Mersenne number M37 = 237 − 1.
Solution
Let p be a prime factor of M37 = 237 − 1 with index q = 37. Note that 37 is prime. By Proposition (4.23)
the prime factor p must be of the form
p = (2 × k × q) + 1 = (2 × 37 × k) + 1 = 74k + 1 or p ≡ 1 ( mod 74) .
Writing out the list of numbers p = 74k + 1 for various k and checking that p is prime and satisfies
p ≡ ±1 ( mod 8) we have
p = (74 × 1) + 1 = 75 which is not prime.

p = (74 × 2) + 1 = 149 which is prime (check this).
This prime p = 149 must also satisfy p ≡ ±1 ( mod 8). Checking p = 149 ≡ 5 ( mod 8). This p cannot
be a prime factor of M37 because p ≡ 5 ≢ ±1 ( mod 8).
Substituting the next k = 3 into p = 74k + 1 gives
p = (74 × 3) + 1 = 223 which is prime.
Also 223 ≡ 7 ≡ −1 ( mod 8).

Since p = 223 satisfies both conditions that p is prime and p ≡ ±1 ( mod 8), so 223 is a prime
factor of the composite M37 = 237 − 1. (The other prime factor is 616 318 177 which implies
M37 = 237 − 1 = 223 × 616 318 177.)
In a letter to Father Mersenne dated June 1640, Fermat informed him of how he had
factorized this number M37 = 237 − 1. Fermat did not go through all the primes 2, 3, 5, …
but only those which were of the form p = 74k + 1 = 149, 223, ⋯ to factorize this Mersenne
number.
As a closing note, let us state that much like Mersenne primes, the question as to whether
or not there are infinitely many Germain primes remains unanswered.
The largest known Germain prime p as of March 2016 is
p = (2 618 163 402 417 × 21 290 000 ) − 1.
Note: Germain primes and the largest Germain prime known then are mentioned in the
2005 film Proof.
Summary
A Mersenne number Mn is given by Mn = 2n − 1. In this section we have factorized composite
Mersenne numbers. We have the following factorization of Mn :
p ≡ ± 1(mod 8) p | (Mn = 2n – 1)
p = 2n + 1
p ≡ ± 3(mod 8) p | (2n + 1)
Let q ≠ 3 be a Germain prime then:
q ≡ – 1(mod 4) (2q + 1) | (2q – 1)
Let p and q be prime:
p = 2kq + 1 Any prime factor p of Mq = 2q – 1 is of the form p ≡ ± 1(mod 8)
EXERCISES 4.4
(Brief solutions at end of book. Full (a) M43 (b) M73

uk/companion/NumberTheory>.) Which of these Mersenne numbers have an
index that is a Germain prime?
1. Find a prime factor greater than 3 of
the following integers: 3. Find a prime factor of the following
Mersenne numbers Mq :
(a) 26 + 1 (b) 214 + 1 (c) 215 − 1
(d) 220 − 1 (e) 2114 + 1 (f) 2504 − 1 (a) M83 (b) M131
(c) M179 (d) M191
2. Determine a prime factor of the
following composite Mersenne Which of these Mersenne numbers have an
numbers Mq : index that is a Germain prime?
4. Find a prime factor of the composite 9. Prove Corollary (4.21) (b).

Mersenne number M79 .
(You will need to be persistent to find a
11. Show that the following integers are
factor of this number.)
composite by finding a prime factor:
5. Show that 78 511 (prime) is a factor of
(a) 241 + 1 (b) 253 + 1
the composite Mersenne number
22617 − 1. 12. (i) Show that 239 is a Germain prime.
6. Show that the following are prime: (ii) Show that 2239 − 1 is a composite
Mersenne number. Find a prime
(a) M13 = 213 − 1 (b) M17 = 217 − 1
factor of 2239 − 1.
7. Determine the first error in the
(iii) Find another prime factor of
following derivation and give reasons
2239 − 1.
for your answer:
13. Find a prime factor of
Step A: A prime factor q of 2193 − 1 is
of the form M1559 = 21559 − 1
where the index 1559 is prime.
q = (2 × 193 × k) + 1 = 386k + 1.
14. *Locate the first error in the following
Step B: Substituting k = 1 into this derivation and give reasons for your
q = 386k + 1 gives q = 387 which is answer:
composite.
Step A: A prime factor p of 261 − 1 is of
Step C: Substituting k = 2 into this the form
q = 386k + 1 gives q = 773 which is
p = 122k + 1.
prime.
Step D: Therefore, 773 is a prime factor Step B: With k = 1 we have p = 123
of 2193 − 1. which is composite.
8. Determine the first error in the Step C: With k = 2 we have p = 245

following derivation and give reasons which is composite.
for your answer: Step D: With k = 3 we have p = 367
49
Step A: A prime factor q of 2 − 1 is of which is prime.
the form Step E: p = 367 ≡ −1 ( mod 8). Hence
p = 367 is a prime factor of 261 − 1.
q = (2 × 49 × k) + 1 = 98k + 1.
15. Prove that if n > 1 is not a power of 2
Step B: Substituting k = 1 into this then 2n + 1 is a composite integer.
q = 98k + 1 gives q = 99 which is
composite. Note that if n is a power of 2 then
2n + 1 is a Fermat number.
Step C: Substituting k = 2 into this
q = 98k + 1 gives q = 197 which is [Hint: If n is odd then we have the
prime. following result:
Step D: Therefore, 197 is a prime factor xn + 1 = (x + 1) (xn−1 − xn−2 + xn−3

of 249 − 1. −xn−4 + ⋯ − x + 1) .]
PE R F E CT N U MB ERS A ND T H E S I G M A F U N C T I O N ( 1 9 5 – 2 0 8 ) 195
16. (a) Let 8p + 7 be prime where 18. **Prove Proposition (4.23).

p ≥ 1. Prove that 24p+3 − 1 is You may find the result of
composite. Supplementary Problems 3, question 15
useful:
(b) Let q = 4n − 1 and p = 8n − 1
both be prime for n > 1. Prove that Let gcd (a, n) = 1 and k be the smallest
p | (2q − 1) . positive integer such that
17. Show that 41 is a Germain prime. ak ≡ 1 ( mod n) .
Explain why (2 × 41) + 1 = 83 is not a
factor of 241 − 1. Then ah ≡ 1 ( mod n) ⇔ k | h.
.........................................................................................................
SECTION 4.5 Perfect Numbers and the Sigma Function

● test whether a given Mersenne number is prime
● understand what is meant by a perfect number
● relate the sigma function to perfect and prime numbers
A fruitful source of primes is the Mersenne primes. By the late 1970s only 27 Mersenne
primes were known, but by the end of 2017 we knew of 50. The largest prime as of January
2019 is the Mersenne prime Mp :
M82 589 933 = 282 589 933 − 1 (The index 82 589 933 is prime).
This M82 589 933 = 282 589 933 − 1 has over 24 million digits.
This prime was found using the GIMPS described in the last section.
But how did GIMPS find this prime?
In essence it uses what we call the Lucas–Lehmer test which we state below:
Lucas–Lehmer test for Mersenne Primes (4.25). The Mersenne number Mp = 2p − 1 is

prime ⇔ Sp−2 ≡ 0 ( mod Mp ) where Sk is defined as the least non-negative residue such
that S0 = 4 and Sk ≡ S2k−1 − 2 ( mod Mp ) for integer k ≥ 1.
This test is part of computational number theory, which is a growing area of number the-
ory. You are asked to apply this test to 213 − 1, see Exercises 4.5, question 1.
The Electronic Frontier Foundation is offering the following rewards for finding large
prime numbers:
● $150 000 to the first individual or group that discovers a prime number with at least
100 million decimal digits
● $250 000 to the first individual or group that discovers a prime number with at least
a billion decimal digits.
In this section we will use the Mersenne primes to construct (even) perfect numbers.
4.5.1 Perfect numbers
We will show that perfect numbers are closely related to Mersenne primes.
Perfect numbers have been known for over 2000 years. However, after the ancient Greeks,
perfect numbers were forgotten about until the 1500s when Cataldi, Fermat, Descartes, and
Mersenne studied them.
Before we define perfect numbers we need to define proper factors or proper divisors:
Definition (4.26). A proper factor of a number n is any positive factor of n apart from n
itself.
For example, the proper factors of 12 are 1, 2, 3, 4, and 6 but not 12.
What are the proper factors of 30?
1, 2, 3, 5, 6, 10, and 15 (excluding 30).
1, 2, and 3 are proper factors of 6 and if we add these we get
1 + 2 + 3 = 6.
1, 2, 4, 7, and 14.
Again if we add all the proper factors of 28 we get
1 + 2 + 4 + 7 + 14 = 28.
What do you notice about the sum of proper factors in these last two examples?
The sum of all the proper factors of 6 and 28 gives 6 and 28 respectively.
Such numbers, 6 and 28, are examples of perfect numbers.
Definition (4.27). A natural number n is called a perfect number if the sum of all its proper
factors (divisors) of n is equal to n.
Equivalently if d1 , d2 , d3 , ⋯ , dk are all the proper factors of n and
d1 + d2 + d3 + ⋯ + dk = n
then we say n is a perfect number.
Another example of a perfect number is 496 because the proper factors of 496 are
1, 2, 4, 8, 16, 31, 62, 124, and 248.

Adding all these gives
1 + 2 + 4 + 8 + 16 + 31 + 62 + 124 + 248 = 496.
Why call these numbers perfect?
A number like 12 is an example of an abundant number because its proper factors, 1, 2, 3,

4, and 6, sum to greater than 12:
1 + 2 + 3 + 4 + 6 = 16 and 16 > 12.
The Greeks made analogies of abundant numbers, with animals having more than five
fingers on one hand.
A number like 10 is an example of a deficient number because its proper factors 1, 2, and
5 sum to less than 10:
1 + 2 + 5 = 8 and 8 < 10.
Again the Greeks viewed deficient numbers as representing animals having less than five
fingers on one hand.5
Let d1 , d2 , ⋯ , dk be proper divisors of n. Then:
If d1 + d2 + ⋯ + dk > n then n is an abundant number.
If d1 + d2 + ⋯ + dk < n then n is a deficient number.
Therefore, 6, whose proper factors sum to exactly 6, is called a perfect number. The
Greeks also thought a perfect union of sexes was 6 = 2 × 3: 2 for female and 3 for male. A
natural set of questions to ask is:
How can we locate these perfect numbers? Is there a formula we can use to generate these or do we
have to check each number by adding its proper factors?
Yes, there is a formula to find even perfect numbers, which we describe next.
The Greek mathematician Euclid (300 BC) stated and proved the following result:
Theorem (4.28). Let p be a prime number. If the Mersenne number 2p − 1 is prime then
N = 2p−1 ⏟
(2⎵p⏟
−⎵⏟
1) is a perfect number.
prime
5
http://www-history.mcs.st-and.ac.uk/HistTopics/Perfect_numbers.html.
Before attempting a proof, let us look at the first few perfect numbers N:
22−1 (22 − 1) = 6 with prime p = 2

23−1 (23 − 1) = 28 with prime p = 3
25−1 (25 − 1) = 496 with prime p = 5
27−1 (27 − 1) = 8128 with prime p = 7
213−1 (213 − 1) = 33 550 336 with prime p = 13.
The first four perfect numbers in this list were known to the ancient Greeks, but the fifth
perfect number 213−1 (213 − 1) = 33 550 336 was not discovered until the 1500s.
Why did we miss the prime 11 in this list?
In Table 4.2 in Section 4.4.1 we showed that 211 − 1 = 23 × 89 is composite.
In the given formula N = 2p−1 (2p − 1) we must have that 2p − 1 is prime. Note that there
are large gaps between consecutive perfect numbers:
6, 28, 496, 8128, 33 550 336, …
Peter Barlow in his book An Elementary Investigation of the Theory of Numbers, published
in 1811, claimed the following about the perfect number 230 (231 − 1):
230 (231 − 1) is the greatest that ever will be discovered; for as they are merely curious, without
being useful, it is not likely that any person will ever attempt to find one beyond it.6
At the start of this section we stated that M82 589 933 = 282 589 933 − 1 was the largest prime
at present (2019).
What is the largest perfect number so far?
2p−1 (2p − 1) = 282 589 932 (282 589 933 − 1) .
How do we prove the stated theorem?
By using the sum of the geometric series (see Introductory Chapter for sum and definition
of geometric series) which we will just state:
a (1 − rn )
(4.29) a + ar + ar2 + ⋯ + arn−1 = .
1−r
Proof.
We assume that 2p − 1 is prime. The proper factors of N = 2p−1 (2p − 1) are the powers of 2
starting with 20 = 1 to 2p−1 and then their multiples with the prime 2p − 1. Hence the list
of proper factors of N is given by:
6
An Elementary Investigation of the Theory of Numbers by Peter Barlow, page 43.
1, 2, 22 , ⋯ , 2p−2 , 2p−1 ,
⏟⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⏟ p − 1, 2 (2p − 1) , 22 (2p − 1) , ⋯ , 2p−2 (2p − 1) .
2⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟ (∗)
First part Second part
We do not include the factor 2p−1 (2p − 1) because it is not a proper factor of
N = 2p−1 (2p − 1) .
Dividing this list into two parts by first summing all the powers of 2 and then the multiples
of powers of 2 with the prime 2p − 1.
Summing the powers of 2 which is the first part of the numbers in the list (∗):
1 + 2 + 22 + 23 + ⋯ + 2p−1 .
This is a geometric series with a = 1, r = 2, and n = p. Applying the sum formula (4.29)
yields
1 (1 − 2p ) (1 − 2p )
1 + 2 + 22 + 23 + ⋯ + 2p−1 = = = − (1 − 2p ) = 2p − 1. (‡)
1−2 −1
Summing the multiples of 2p − 1 with powers of 2 which is the second part of the
numbers in the list (∗):
(2p − 1) + 2 (2p − 1) + ⋯ + 2p−2 (2p − 1) =

⏟ (2p − 1) [1 + 2 + 22 + 23 + ⋯ + 2p−2 ] .
Factorizing
(∗∗)
If we examine the square brackets sum in (∗∗) then we see that this is a geometric series
with a = 1 and r = 2. Using the geometric series sum formula (4.29) with a = 1, r = 2, and
n = p − 1 we get
1 (1 − 2p−1 ) (1 − 2p−1 )
1 + 2 + 22 + 23 + ⋯ + 2p−2 = = = 2p−1 − 1.
1−2 −1
Putting this into the previous calculation (∗∗) gives
(2p − 1) + 2 (2p − 1) + ⋯ + 2p−2 (2p − 1) = (2p − 1) [2p−1 − 1] . (‡‡)
Adding equations (‡) and (‡‡) which gives the sum of all the proper factors of N,
1 + 2 + 22 + ⋯ + 2p−1 + ⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟
⏟⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⏟ (2p − 1) + 2 (2p − 1) + ⋯ + 2p−2 (2p − 1)
=2p −1 =(2p −1)[2p−1 −1]
= (2p − 1) + (2p − 1) [2p−1 − 1]

=
⏟ (2p − 1) [1 + 2p−1 − 1]
Factorizing
=
⏟ (2p − 1) [2p−1 ] = N.
Simplifying
Since the sum of all the proper factors is (2p − 1) [2p−1 ] = N, so N is a perfect number.

2000 years after Euclid, one of the greatest mathematicians of all time, Euler (pronounced
‘oiler’) proved that the converse of the above theorem is also true.
Theorem (4.30). Every even perfect number N is of the form:
N = 2p−1 (2p − 1)
where (2p − 1) is prime.
Proof.

This theorem gives rise to the question:
Are there any odd perfect numbers?
We don’t know. No one has been able to find one, but this does not mean there aren’t any.
This is one of the oldest conjectures in mathematics. Our intuition indicates there aren’t
any, but see Example 4.24 later in this section.
4.5.4 The sigma function
Now we introduce the sigma function and relate it to perfect and prime numbers.
Definition (4.31). The sigma function 𝜎 (n) of a natural number n is defined as the sum of
all the positive divisors (factors) of n. Let d1 , d2 , ⋯ , dk be all the divisors of n, then
𝜎 (n) = d1 + d2 + ⋯ + dk .
This sigma function 𝜎 (n) is sometimes called the ‘sum-of-divisors function’.

We did discuss this informally in Exercises 2.1, question 12.
Example 4.22
Determine (a) 𝜍 (10) (b) 𝜍 (12) (c) 𝜍 (28) (d) 𝜍 (31)
Solution
(a) The positive divisors of 10 are 1, 2, 5, and 10, therefore
𝜍 (10) = 1 + 2 + 5 + 10 = 18.
(b) Similarly, we have that the positive divisors of 12 are 1, 2, 3, 4, 6, and 12. Therefore,
𝜍 (12) = 1 + 2 + 3 + 4 + 6 + 12 = 28.
(c) The positive divisors of 28 are 1, 2, 4, 7, 14, and 28. Adding these factors gives
𝜍 (28) = 1 + 2 + 4 + 7 + 14 + 28 = 56.
(d) 31 is prime, so the only divisors are 1 and 31. Adding these two numbers gives
𝜍 (31) = 1 + 31 = 32.
4.5.5 Properties of the sigma function
Notice from the previous example that 𝜎 (31) = 32.
What do you predict the sigma function of a prime number will be?
As the only factors of a prime p are 1 and p, therefore we should have
𝜎 (p) = p + 1.
Proposition (4.32). We have that p is a prime number ⇔ 𝜎 (p) = p + 1.
Proof.

From the previous example part (c) we have 𝜎 (28) = 56 = 2 × 28. Recall 28 is a perfect
number.
What do you think the sigma function will be for a perfect number n?
𝜎 (n) = 2n.
Proposition (4.33). Let n be a perfect number then 𝜎 (n) = 2n.
Proof.
Let d1 , d2 , ⋯ , dk−1 , and dk be the proper factors of the given n. Note that n is also a factor
of n. We are given that n is a perfect number, therefore
𝜎 (n) = d
⏟⎵1+
⎵⎵ 2 +⋯
d⎵⏟⎵⎵⎵+
⎵⏟dk +n = n + n = 2n.
=n because n is a perfect number

Therefore, 𝜎 (6) = 2 × 6 = 12 and 𝜎 (496) = 2 × 496 = 992 because 6 and 496 are perfect
numbers.
How would you determine 𝜎 (561) ?
561 is not prime or perfect. We use the multiplicative property to evaluate 𝜎 (561).
The sigma function is multiplicative.
Definition (4.34). A general function f (n) of a positive integer n = a × b is called multi-

plicative if
f (a × b) = f (a) × f (b) whenever gcd (a, b) = 1.
In the next subsection we prove the function 𝜎 (n) is multiplicative. We will show the
following property of the sigma function:
k k k k
If n = p1 1 × p22 × p33 × ⋯ × pmm where p’s are distinct primes then
k k k k k k k
𝜎 (n) = 𝜎 (p1 1 × p22 × p33 × ⋯ × pmm ) = 𝜎 (p1 1 ) × 𝜎 (p2 2 ) × 𝜎 (p3 3 ) × ⋯ × 𝜎 (pkmm ) .
How does multiplicative help in evaluating 𝜎 (561) ?
We don’t want to find all the factors of 561.
Example 4.23
Determine 𝜍 (561).
Solution
Let us first decompose 561 into its prime factors (you can easily check that 561 is divisible by 3 and 11
by using appropriate tests):
561 = 3 × 11 × 17.
Clearly 3, 11, and 17 are distinct primes. Assuming 𝜍 (n) is multiplicative, therefore
𝜍 (561) = 𝜍 (3 × 11 × 17) = 𝜍 (3) × 𝜍 (11) × 𝜍 (17)

= 4 × 12 × 18 = 864 [Because 𝜍 (p) = p + 1] .
What does 𝜎 (561) = 864 mean?
If we add all the positive factors of 561 then we get 864, which implies that 561 is a deficient
number. For a deficient number n we have 𝜎 (n) < 2n, see Exercises 4.5, question 3.
In this example we easily evaluated 𝜎 (561) without listing all the factors of 561 and then
summing them. However, we do need to find the prime decomposition of n.
Say we want to find 𝜎 (pk ) where k is a natural number and p is prime.
Proposition (4.35). Let p be prime and k be a positive integer, then
pk+1 − 1
𝜎 (pk ) = .
p−1
Proof.
Listing all the positive factors of pk where p is prime we have 1, p, p2 , p3 , ⋯ , pk−1 , and pk .
Adding these factors gives 𝜎 (pk ):
1 (1 − pk+1 ) a (1 − rn )
k 2 k By a + ar + ar2 + ⋯ + arn−1 =
𝜎 (p ) = 1 + p + p + ⋯ + p = [ 1−r ]
1−p with a = 1, r = p and n = k + 1.
pk+1 − 1 Multiplying numerator
= [ ]
p−1 and denominator by − 1.
pk+1 − 1
We have shown 𝜎 (pk ) = , which completes our proof.
p−1

Example 4.24
Determine 𝜍 (945).
Solution
The prime decomposition of 945 = 5 × 189 = 5 × 9 × 21 = 5 × 32 × 3 × 7 = 33 × 5 × 7.
Since these are distinct primes and using that the sigma function is multiplicative, so
𝜍 (945) = 𝜍 (33 × 5 × 7) = 𝜍 (33 ) × 𝜍 (5) × 𝜍 (7)

33+1 − 1
=( ) × 6 × 8 = (40) × 48 = 1920.
3−1
Hence 𝜍 (945) = 1920. Adding all the positive factors of 945 gives 1920, which means 945 is an abun-
dant number. Your intuition suggests that an odd number cannot be abundant because it does not
have a factor which is half of 945. This 945 is the only odd number below 1000 which is abundant.
For an abundant number n we have 𝜎(n) > 2n, see Exercises 4.5, question 3.
4.5.6 Multiplicativity of the sigma function
In this subsection we prove that the sigma function, 𝜎(n), is multiplicative.
Proposition (4.36). Let n = pk × qm where p and q are different primes. Then
𝜎 (n) = 𝜎 (pk × qm ) = 𝜎 (pk ) × 𝜎 (qm ) .

Proof.
Since p and q are distinct primes, so by Exercises 2.1, question 5 (ii) we have
gcd (pk , qm ) = 1.
Listing the factors of n = pk × qm where p and q are distinct primes in a table and sum-
ming these using the geometric sum series formula (4.29) we have:
Factors List of factors Summation of factors

pk+1 − 1
Factors of pk 1, p, p2 , ⋯ , pk−1 , pk
p−1
qm − 1
Factors of qm q, q2 , ⋯ , qm−1 , qm q(
q−1 )
qm − 1
Factors of p × qm pq, pq2 , ⋯ , pqm−1 , pqm pq (
q−1 )
qm − 1
Factors of p2 × qm p2 q, p2 q2 , ⋯ , p2 qm−1 , p2 qm p2 q (
q−1 )
⋮ ⋮ ⋮
qm − 1
Factors of pk × qm pk q, pk q2 , ⋯ , pk qm−1 , pk qm pk q (
q−1 )
Adding the numbers in the highlighted last column gives

qm − 1 qm − 1 qm − 1 qm − 1
q( ) + pq ( ) + p2 q ( ) + ⋯ + pk q ( )
q−1 q−1 q−1 q−1
qm − 1 qm − 1
= q( [1 + p + p2 + ⋯ + pk ] [Factorizing q (
) ⏟⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⏟ )]
q−1 q−1
pk+1 −1
=
p−1
qm − 1 pk+1 − 1
= q( )( ). (∗)
q−1 p−1
Adding the first entry in the last column in the table to this summation in (∗) gives
qm − 1 pk+1 − 1 pk+1 − 1
𝜎 (pk × qm ) = q ( )( )+( )
q−1 p−1 p−1
pk+1 − 1 qm − 1 pk+1 − 1
=( ) [q ( ) + 1] [Factorizing ( )]
p−1 q−1 p−1
pk+1 − 1 qm+1 − q + q − 1 pk+1 − 1 qm+1 − 1
=( )[ ]=( )[ ].
p−1 q−1 p−1 q−1
Using the previous Proposition (4.35) to evaluate 𝜎 (pk ) and 𝜎 (qm ) gives:
pk+1 − 1 qm+1 − 1
𝜎 (pk ) = and 𝜎 (qm ) = .
p−1 q−1
pk+1 − 1 qm+1 − 1
Substituting this 𝜎 (pk ) = and 𝜎 (qm ) = into the above yields
p−1 q−1
pk+1 − 1 qm+1 − 1
𝜎 (pk × qm ) = ( )×[ ] = 𝜎 (pk ) × 𝜎 (qm ) .
p−1 q−1

Proposition (4.37). Let the prime decomposition of a natural number n be given by

k k k k
n = p11 × p22 × p33 × ⋯ × pmm where pj ’s are distinct primes.
Then
k k k k k k k k
𝜎 (n) = 𝜎 (p1 1 × p22 × p33 × ⋯ × pmm ) = 𝜎 (p11 ) × 𝜎 (p22 ) × 𝜎 (p33 ) × ⋯ × 𝜎 (pmm ) .
We say the sigma function 𝜎 (n) is multiplicative.
Proof.

Summary
A natural number n is called a perfect number if the sum of its proper factors is equal to n. Mersenne
primes can be used to create even perfect numbers.
We can use the multiplicative property of the sigma function 𝜍 (n) to evaluate 𝜍 (n), which tells us
the sum of divisors of n. This 𝜍 (n) also tells us whether n is a prime, perfect, abundant, or deficient
number.
If n = p × q then 𝜍 (n) = 𝜍 (p) × 𝜍 (q) where p and q are distinct primes.
EXERCISES 4.5
(Brief solutions at end of book. Full 1. By applying the Lucas–Lehmer test,

solutions available at <http://www.oup.co. determine the primality of
M13 = 213 − 1.
2. Determine the following: 11. Prove Proposition (4.37).
(a) 𝜎 (15) (b) 𝜎 (77) 12. (a) Show that

(c) 𝜎 (171) (d) 𝜎 (200) 𝜎 (p3 ) = (p2 + 1) (p + 1)
3. (a) Show that n is an abundant where p is prime.
number ⇔ 𝜎 (n) > 2n. (b) Show that
(b) Show that n is a deficient number 𝜎 (p5 ) = (p2 − p + 1)
⇔ 𝜎 (n) < 2n. (p2 + p + 1) (p + 1)
(c) Show that n is a perfect number where p is prime.
⇔ 𝜎 (n) = 2n. 13. (i) Prove that the last digit of 22k is
Characterize the numbers in question either 4 or 6.
2 into perfect, abundant, or deficient
numbers. *(ii) Prove that for every even perfect
number the last digit is either a 6
4. Determine 𝜎 (500). or an 8.
5. Prove that a prime number is a 14. Show that if p is an odd prime then the
deficient number. even perfect number
6. Show that the following is false:
2p−1 (2p − 1) ≡ 1 ( mod 9) .
‘An even number is an abundant
number.’ 15. *Find the fallacy in the following
7. Show that the following statement is argument:
false: Let N be a perfect number, then
‘There is one perfect number for any N = 2p−1 (2p − 1) where 2p − 1 is
given number of digits.’ prime. Hence every perfect number is
even.
8. (a) Show that 𝜎 (2n ) = 2n+1 − 1.
16. Let N be a perfect number. Prove the
(b) Show that 𝜎 (pn ) = pn+1 − 1 where following:
p is prime. (a) m × N where m > 1 is an abundant
9. **Prove Theorem (4.30). number.
N
(b) where d is a non-trivial divisor
10. Prove Proposition (4.32). d
of N is a deficient number.
.........................................................................................................
(Brief solutions at end of book. Full (b) 125 ( mod 127)

solutions available at <http://www.oup.co. (c) 540! ( mod 541)
uk/companion/NumberTheory>.) 4.2. (i) Determine the least non-negative
4.1. Determine the multiplicative inverse residue x ( mod 29) such that
of the following prime moduli, giving
x ≡ 1027 ( mod 29) .
your answer as the least non-negative
residue: (ii) Solve the linear congruence
(a) 10 ( mod 101) 10x ≡ 9 ( mod 29).
4.3. Determine the least non-negative 4.12. *Find at least three factors of the
residue x ( mod 11) such that composite integer 1 111 111 111.
1
71 000 003 ≡ x ( mod 11) . 4.13. Show that (10e − 1), where e is an
9
even integer, is divisible by 11.
4.4. (i) Evaluate the multiplicative inverse
4.14. Show that 102n ≡ 1 ( mod 99).
of 30 ( mod 31).
4.15. Explain what the difference between
(ii) Find the least non-negative
pseudoprime and Carmichael
residue x ( mod 31) such that
number is.
5 (29!) ≡ x ( mod 31) . Show that 4369 is a pseudoprime.
4.16. Show that 1105 is a Carmichael
4.5. Determine the multiplicative inverse number.
of 11! ( mod 13).
4.17. Let p and q be distinct primes. Prove
4.6. Let p be a prime. Show that the that pq−1 + qp−1 ≡ 1 ( mod pq).
multiplicative inverse of
4.18. Let p be an odd prime. Prove that
(p − 3)! ( mod p) is (p − 2) ( mod p).
p | (2p−1 − 1) .
4.7. Factorize the following integers into
n!
their prime factors: 4.19. *(i) The notation n Cr =
r! (n − r)!
(a) 214 − 1 (b) 215 − 1 where 1 ≤ r ≤ n. Show that
(c) 216 − 1. p
Ck ≡ 0 ( mod p)
5n
4.8. (a) Show that 31 is a factor of 2 − 1. where p is prime and 1 ≤ k < p.
(b) Show that 2047 is a factor of (ii) Prove that
21 100 001 111 − 1. Find another factor
(a + b)p ≡ ap + bp ( mod p)
of this number.
where p is prime.
4.9. Let m, n, and a be positive integers
greater than 1. Prove that if m | n (iii) Prove that
p
then (a1 + a2 + ⋯ + an ) ≡
p p p
a1 + a2 + ⋯ + an ( mod p)
(am − 1) | (an − 1) . where p is prime.
[Hint: ars − 1 = (ar − 1) (ar(s−1) + 4.20. **Prove that if a ≡ b ( mod p) where
ar(s−2) + ar(s−3) + ⋯ + ar + 1).] p is prime then ap ≡ bp ( mod p2 ).
4.10. (a) Without a calculator, show that 4.21. Disprove the following result:
11 55
5 − 1 is a factor of 5 − 1. xn ≡ x ( mod n) .
(b) Determine the prime 4.22. Show the following result:
decomposition of 510 − 1. For a composite integer n we have
5
4.11. Factorize 10 + 1 = 100 001. xn − 1 = (xm − 1) Pn−m (x) , where
[Hint: If n is odd then xn + 1 = Pn−m (x) is a n − m degree
(x + 1) (xn−1 − xn−2 + xn−3 − xn−4 + polynomial (defined in the
⋯ − x + 1).] Introductory Chapter) and integer
m > 1.
4.23. (i) Show that if n a and 4.29. ***Prove that there are infinitely
n−1
a ≢ 1 ( mod n) then n is
2 many pseudoprimes to the base a
composite. where a > 1.
(ii) Explain why 4.30. Prove that
1729−1 k k k
12 2 ≡ 1 ( mod 1729) 𝜏 (p11 × p22 × ⋯ × pr r ) =
but 1729 is composite. (k1 + 1) × (k2 + 1) × ⋯ × (kr + 1)
n
4.24. Prove the following is false: if 2 − 1 where 𝜏 (n) gives the number of
is composite then n is composite. positive divisors of n. This 𝜏 (n) was
4.25. *Prove that n (2n − 1) for all n ≥ 2. defined in Chapter 1.
4.26. We say different positive integers m [Hint: You can assume that 𝜏 (n) is
and n are amicable ⇔ the sum of the multiplicative.]
proper divisors of m is equal to n and 4.31. *Let
the sum of the proper divisors of n is gcd (x, 5) = gcd (x, 29) = gcd(x, 73) = 1.
equal to m. Show that 220 and 284
Prove that
are amicable.
4.27. Let p be an odd prime. Prove that x(5×29×73)−1 ≡ 1 ( mod (5 × 29 × 73)) .
pn
[(p − 1)!] ≡ −1 ( mod p) . 4.32. *Let p be an odd prime. Prove that
4.28. *Let p be an odd prime. Prove that p+1
2
p−1 p−1 2 22 42 62 ⋯ (p − 1) ≡ (−1) 2 ( mod p) .
(p − 1)! ≡ (−1) 2 [( )!] ( mod p) .
2
..............................................................................................................................
Euler’s Generalization of
5 Fermat’s Theorem
..............................................................................................................................
SECTION 5.1 Euler’s Totient Function

● evaluate Euler’s totient function for any natural number
● prove properties of Euler’s totient function
What are the last two digits of 11205 ?
We will answer this question in Example 5.12 of Section 5.2 by working with the composite
modulo 100. We cannot use Fermat’s Little Theorem (4.1) because that is only valid when
we have a prime modulo:
ap−1 ≡ 1 (mod p) where p is prime and p a.
Can we extend this result to an arbitrary modulo n, that is can we have
asome index ≡ 1 (mod n) ?
Yes, and the result is identical, but the index is 𝜙 (n):
a𝜙(n) ≡ 1 (mod n).
What is 𝜙 (n) ?
This is called Euler’s (pronounced oiler’s) phi or totient function and is denoted by 𝜙 (n).
This symbol 𝜙 is the Greek letter ‘phi’ pronounced ‘fee’ as in ‘fees’. Gauss gave us the symbol
𝜙 (n), whilst Euler had used 𝜋N for 𝜙 (N).
Why are we interested in a result like a𝜙(n) ≡ 1 (mod n) ?
In RSA (as discussed in Section 3.5) encryption applications, a number is raised to a large
power and the remainder is the quantity of interest.Since we are interested in remainders
and large indices, so we work with modular arithmetic. Working with something that gives
1 (mod n) is easy to compute because
1index ≡ 1 (mod n).

210 5 E UL E R’ S G EN E R A L I Z AT I O N O F F ERM AT ’ S T H E O R E M
Without RSA encryption, we could not securely transmit confidential details such as our
credit card number over the internet. 1
As an example, the RSA encryption system works with modulo n such that n = p × q
where p, q are large primes. Decryption of this relies on computing Euler’s totient function
𝜙 (n) which is difficult to evaluate if you don’t know the prime factorization of n, as we will
see later. In this section, we will discover that if you know the factorization of n, which is
no easy task, then finding 𝜙 (n) is not difficult.
Doesn’t this make the system easy to break?
No, because you choose the number n = p × q to be one whose factorization you know but
others don’t. This means that the system is hard to break unless you know the prime factor-
ization of n upfront. (Factorization is enormously difficult even for powerful computers.)
𝜙 (n)
Another application of 𝜙 (n) is that gives the probability that a number we choose
n
between 1 and n is relatively prime to n.
5.1.1 Definition of Euler’s totient function
How many incongruent residues modulo n have an inverse?
It is going to be all the residues a ( mod n), such that gcd (a, n) = 1. The function 𝜙(n)
counts the number of incongruent residues that have an inverse modulo n.
We need something which will count the number of incongruent residues ( mod n) that
have an inverse. This counting is done by Cardinality which was defined in the Introductory
Chapter:
The Cardinality, denoted Card, of a set is the number of elements in the set. For
example,
Card {2, 4, 5} = 3, Card {a, b, c, d, e, f, g, h} = 8.
Euler’s totient function (5.1). Let n be a natural number. The Euler totient function 𝜙 (n)
is defined as
𝜙 (n) = Card {a ∶ gcd (a, n) = 1 and 1 ≤ a ≤ n} .
What does this notation mean in everyday English?
Well gcd (a, n) = 1 implies that a and n are relatively prime. Decoding the notation,
⏟ {a
Card ∶
⏟ gcd⎵(a,
⏟⎵ ⎵⏟⎵ =1
n)⎵⎵⏟ ≤ a ≤ n }.
and 1⏟⎵⏟⎵⏟
counts such that between 1 and n
a and n are relatively prime
1
https://blogs.ams.org/mathgradblog/2014/03/30/rsa/.
EU L E R ’ S TOT I E N T F U N C T I O N ( 2 0 9 – 2 2 2 ) 211
The number 𝜙 (n) gives how many integers between 1 and n are relatively prime to n.
Hence 𝜙 (n) gives the number of incongruent residues that have an inverse modulo n.
Example 5.1
Evaluate (a) 𝜙 (6) (b) 𝜙 (10) (c) 𝜙 (5) (d) 𝜙 (11).
Solution
(a) 𝜙 (6) counts the number of integers from 1 to 6 which are relatively prime to 6.
Hence evaluating gcd of the numbers between 1 and 6, with 6:
gcd(1, 6) = 1 , gcd(2, 6) = 2, gcd(3, 6) = 3, gcd(4, 6) = 2,
gcd(5, 6) = 1 , gcd(6, 6) = 6.
The only numbers which are relatively prime to 6 are 1 and 5, therefore
𝜙 (6) = Card {a ∶ gcd (a, 6) = 1 and 1 ≤ a ≤ 6}
= Card {1, 5} = 2 [Because the set {1, 5} has 2 elements].
(b) Similarly, 𝜙 (10) is the number of integers between 1 and 10 which only have a common factor
of 1 with 10:
𝜙 (10) = Card {a ∶ gcd (a, 10) = 1 and 1 ≤ a ≤ 10}
= Card {1, 3, 7, 9} = 4.
(c) For 𝜙 (5) we note that 5 is prime, so all the integers between 1 and 4 are relatively prime to 5:
𝜙 (5) = Card {a ∶ gcd (a, 5) = 1 and 1 ≤ a ≤ 5}
= Card {1, 2, 3, 4} = 4.
(d) Similarly, as 11 is prime we have
𝜙 (11) = Card {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} = 10.
5.1.2 Euler’s totient function for primes
We can create a table of values for Euler’s totient function:
Table 5.1
n 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
𝜙 (n) 1 1 2 2 4 2 6 4 6 4 10 4 12 6 8 8 16 6 18 8
Leonhard Euler was born in Basel,

Switzerland and is the most prolific
mathematician of all time. St Petersburg
Academy was publishing papers by Euler
48 years after his death. He contributed to
number theory, real analysis, complex
analysis. He was the first to make complex
numbers natural and respectable. He gave
us the symbols f (x), sin(x), ∑, and ex .
Fourier series, Bessel functions, and Venn
diagrams could be named Euler series,
Euler functions, and Euler diagrams, as he
discovered them first. He is one of the
greatest mathematical manipulators of all
time. It is said that the 18th-century
mathematics belonged to Euler.
Euler had 13 children, although sadly
only five survived. Incredibly, despite being
blind for the last 17 years of his life, he
continued working in the field of
Figure 5.1 Leonhard Euler 1707—1783 mathematics until his death in 1783.
What do you notice about the highlighted results in Table 5.1?
Each of the n values is prime and Euler’s totient function 𝜙 (n) for these is one less than
n. This is always the case.
Proposition (5.2). We have that n is prime ⇒ 𝜙 (n) = n − 1.
Proof.
We assume n is prime. Then all the integers 1, 2, 3, 4, …, n − 1 have only a common factor
of 1 with prime n. Recall Card counts the number of elements in a set:
𝜙 (n) = Card {a ∶ gcd (a, n) = 1 and 1 ≤ a ≤ n}
= Card {1, 2, 3, 4, ⋯ , n − 1} = n − 1.

Proposition (5.3). For a natural number n:
𝜙 (n) = n − 1 ⇔ n is prime.
Since we have ⇔, we must prove the result both ways.

Proof.
(⇒). Assume 𝜙 (n) = n − 1. By the definition of 𝜙 (n) we have
𝜙 (n) = Card {a ∶ gcd (a, n) = 1 and 1 ≤ a ≤ n} = n − 1. (∗)
Reference (∗) means that there are n − 1 natural numbers between 1 and n which are
relatively prime to n. For a = 1, 2, 3, ⋯ , n − 1 we have
gcd (a, n) = 1.
None of these numbers a = 1, 2, ⋯ , n − 1 apart from 1 are factors of n, so n must be

prime.
(⇐). Proposition (5.2).

Result (5.3) means there are n − 1 incongruent residues which have an inverse modulo
prime n.
Can we use this:

𝜙 (n) = n − 1 ⇔ n is prime
as a test for primality?
Not practical, because if n is a large integer then we will show that to evaluate 𝜙 (n) you need
to find the prime factorization of n first.
Recall for evaluating 𝜙 (n) we do not need to find the natural numbers ≤ n that are rel-
atively prime to n, but just how many. We need to develop a much more efficient way to
evaluate 𝜙 (n), which is demonstrated next. First we examine prime powers.
5.1.3 Euler’s totient function of a prime power
Trying to find the number 𝜙 (pk ) where k is a natural number will quickly become difficult,
as pk will become large very rapidly. Proposition (5.4) given next provides us with a method
to reduce the computations.
Proposition (5.4). If p is prime and k is a natural number then
𝜙 (pk ) = pk − pk−1 = pk−1 (p − 1).
To help prepare us for proving this, we’ll first look at two examples to see it working.
Example 5.2
Compute 𝜙 (16).
Solution
The number 𝜙 (16) tells us how many integers between 1 and 16 are relatively prime to 16.
The natural numbers between 1 and 16 that have a common factor greater than 1 with 16 are the
even numbers:
S = {2, 4, 6, 8, 10, 12, 14, 16}.
We can rewrite this set as
S = {2, 2 (2) , 3 (2) , 4 (2) , 5 (2) , 6 (2) , 7 (2) , 8 (2)}.
The number of elements, or Cardinality, of this set is 8.

The remaining natural numbers (odd numbers) must be in the set, which gives 𝜙 (16).
This implies there are 16 − 8 = 8 integers which are relatively prime (these are all the odd numbers
up to 16) to 16 so
𝜙 (16) = 16 − 8 = 8.
[As a check, we can list the set: 𝜙 (16) = Card {1, 3, 5, 7, 9, 11, 13, 15} = 8.]
Alternatively, we could have used the above Proposition (5.4). Note that 16 = 24 :
𝜙 (24 ) = 24 − 23 = 16 − 8 = 8.
We give another example to help further cement the idea.
Example 5.3
Evaluate 𝜙 (27).
Solution
Like in Example 5.2, we write the set S whose elements have a common factor of greater than 1 with
27 = 33 (these incongruent residues don’t have an inverse modulo 27):
S = {3, 6, 9, 12, 15, 18, 21, 24, 27}.
Writing these elements in a set S as multiples of 3:
S = {1 (3) , 2 (3) , 3 (3) , 4 (3) , 5 (3) , 6 (3) , 7 (3) , 8 (3) , 9 (3)}.
Hence 𝜙 (27) = 27 − 9 = 18 because the 9 integers in S are not relatively prime to 27.
We can check this by listing the integers which are relatively prime to 27:
𝜙 (27) = Card {1, 2, 4, 5, 7, 8, 10, 11, 13, 14, 16, 17, 19, 20, 22, 23, 25, 26} = 18.
⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟
There are 18 elements in this set (multiples of 3 missing)
These 18 integers do have an inverse modulo 27.

Using formula (5.4) with 27 = 33 gives us our expected result:
𝜙 (27) = 𝜙 (33 ) = 33 − 32 = 27 − 9 = 18.

Notice that in both the above examples, the set of numbers with common factors greater
than 1 with pk was given by
S = {p, 2p, 3p, 4p, ⋯ , pk−1 p},
and in both cases the Cardinality of this set was Card {S} = pk−1 . So for these examples
𝜙 (pk ) = pk − pk−1 .
We are now in a good position to prove the general statement of Proposition (5.4):
If p is prime and k is a natural number then
𝜙 (pk ) = pk − pk−1 .
This implies there are pk − pk−1 incongruent residues that have an inverse modulo pk .
Follow this proof very carefully, as the reasoning is based on Examples 5.2 and 5.3.
Proof.
The integers between 1 and pk which have a common factor greater than 1 with pk are
S = {p, 2p, 3p, 4p, 5p, ⋯ , pk−1 p}.
Why?
Because gcd ( pk , np) ≥ p > 1.
How many elements are in this set S?
The number of elements or Cardinality of this set is
Card {S} = Card {p, 2p, 3p, 4p, 5p, ⋯ , pk−1 p} = pk−1 .
All the other integers below pk are relatively prime to pk apart from the ones in this set S.
What is 𝜙 (pk ) equal to?
𝜙 (pk ) is the number pk minus the number of integers in the set S which is pk−1 :
Number of natural Number of natural numbers ≤ pk

𝜙 (pk ) = ( k) − ( ) = pk − pk−1 .
numbers between 1 and p that have
⏟⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⏟ ⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟a common factor > 1
=pk =pk−1

Example 5.4
Evaluate (a) 𝜙 (134 ) (b) 𝜙 (510 ) (c) 𝜙 (121)
Solution
In each case we apply the previous Proposition (5.4):
𝜙 (pk ) = pk − pk−1 .
(a) Applying this formula with p = 13 and k = 4 we have
𝜙 (134 ) = 134 − 134−1 = 134 − 133 = 26 364.
What does this 26 364 signify?

There are 26 364 natural numbers below 134 = 28 561 which only have a common factor of
1 with 134 . These 26 364 are all the integers between 1 and 28 561, but with multiples of 13
missing.
(b) Similarly, applying the above formula with p = 5 and k = 10:
𝜙 (510 ) = 510 − 59 = 7 812 500.
This answer means there are nearly eight million (7 812 500) natural numbers below 510 which
only have a common factor of 1 with 510 .
How many natural numbers have a common factor > 1 with 510 ?
510 − 7 812 500 = 1 953 125.

So nearly two million (1 953 125) natural numbers have a common factor greater than 1
with 510 .
Adding these two numbers 7 812 500 and 1 953 125 gives 510 = 9 765 625 because each
natural number below 510 is either relatively prime or not with 510 .
(c) How do we find 𝜙 (121)?
Note that 121 = 112 . We have
𝜙 (121) = 𝜙 (112 ) = 112 − 111 = 121 − 11 = 110.
This means that there are 110 natural numbers which are relatively prime to 121. (This 𝜙 counts
all the integers from 1 to 121 but with 11, 22, 33, 44, …, 110, and 121 (multiples of 11) missing,
hence 121 − 11.)
Note we don’t have to find which numbers are relatively prime to pk . The number 𝜙 (n)
for each n of Example 5.4 is well over half of n.
Why?
Because each of these numbers only has one prime divisor (>2), so only the multiples of
that prime are missing.
What are the limitations of this formula 𝜙 (pk ) = pk − pk−1 ?
This formula is only valid for prime powers. We would like a formula for 𝜙 (n) where n is
any natural number.
5.1.4 Euler’s totient function of any natural number
What does multiplicative mean?
Recall from the last chapter’s Definition (4.34) that a multiplicative function f satisfies
f (m × n) = f (m) × f (n) whenever gcd (m, n) = 1.
Theorem (5.5). Euler’s totient function 𝜙(m × n) is multiplicative (m and n are natural
numbers):
𝜙 (m × n) = 𝜙 (m) × 𝜙 (n) provided gcd(m, n) = 1.
Proof.
Example 5.5
Compute the number 𝜙 (111).
Solution
We write 111 in its prime decomposition as 111 = 3 × 37. Since gcd(3, 37) = 1, we can use the multi-
plicative property of 𝜙 (n):
𝜙 (111) = 𝜙 (3 × 37)
= 𝜙 (3) × 𝜙 (37) [By 𝜙 (m × n) = 𝜙 (m) × 𝜙 (n)]
= (3 − 1) (37 − 1) = 72 [By Prop (5.2) 𝜙 (p) = p − 1]
What does 72 signify?

There are 72 natural numbers between 1 and 111 which are not multiples of 3 or 37. Therefore 72
incongruent residues have an inverse modulo 111, and here are some of them:
𝜙 (111) = Card ⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟

{1, 2, 4, 5, 7, ⋯ , 35, 38, 40, ⋯ , 73, 76, 77, 79, 80, ⋯ , 110} = 72.
Multiples of 3 and 37 missing
Corollary (5.6). If the integers mj are pairwise prime then
𝜙 (m1 × m2 × ⋯ × mk ) = 𝜙 (m1 ) × 𝜙 (m2 ) × ⋯ × 𝜙 (mk ) .
Pairwise prime was defined in Section 3.4:
gcd(mi , mj ) = 1 for i ≠ j and 1 ≤ i, j ≤ k.

Proof.

We also have the following:
Lemma (5.7). Let p1 , p2 , ⋯ , pr be distinct primes and k1 , k2 , ⋯ , kr be natural numbers.

Then
k k k k k k
𝜙 (p11 × p22 × ⋯ × pr r ) = 𝜙 (p11 ) × 𝜙 (p22 ) × ⋯ × 𝜙 (pr r ) .
Proof.
By Exercises 2.1, question 5 (ii):
If p and q are distinct primes then gcd( pn , qm ) = 1.
k k
Using this and the previous Corollary (5.6) with m1 = p11 , …, mr = pr r gives us our result.

How can we use this result (5.7) to find 𝜙 (n) of any natural number n greater than 1?
We use the Fundamental Theorem of Arithmetic (2.5) which says:

Every positive integer greater than 1 can be written as a product of primes uniquely
apart from the order.
Examples are
5 = 5, 10 = 2 × 5, 24 = 23 × 3, 100 = 22 × 52 , ⋯ .
We use this theorem along with 𝜙 being multiplicative to prove the following result.
Proposition (5.8). Let n > 1 and its prime decomposition be

k k k k
n = p11 × p22 × p33 × ⋯ × pr r where p’s are distinct primes.
Then the number 𝜙 (n) is given by

k k −1 k k −1 k k −1 k k −1
𝜙 (n) = (p11 − p11 ) × (p22 − p22 ) × (p33 − p33 ) × ⋯ × (pr r − pr r ).
This looks like a tedious formula. Unless you have a lot of primes in your n you will find
this straightforward to apply, but first we must prove this.
How?
By applying the previous Lemma (5.7) and Proposition (5.4).

Proof.
k k k k
We are given that n = p11 × p22 × p33 × ⋯ × pr r so we have
k k k k
𝜙 (n) = 𝜙 (p11 × p22 × p33 × ⋯ × pr r )
k k k k
= 𝜙 (p11 ) × 𝜙 (p22 ) × 𝜙 (p33 ) × ⋯ × 𝜙 (pr r ) [By (5.7)]
k k −1 k k −1 k k −1
= (p11 − p11 ) × (p22 − p22 ) × ⋯ × (pr r − pr r ) [By (5.4) 𝜙 (pk ) = pk − pk−1 ] .

There is a slightly easier way to write this result:
k k k
Proposition (5.9). Let n = p11 × p22 × ⋯ × pr r , then
1 1 1
𝜙 (n) = n (1 − ) (1 − ) ⋯ (1 − ) .
p1 p2 pr
Proof.

This result (5.9) is easier to use than (5.8) to evaluate the number 𝜙 (n).
Example 5.6
Compute the following numbers (a) 𝜙 (100) (b) 𝜙 (101) (c) 𝜙 (144) (d) 𝜙 (2010)
Solution
In each case we apply the formula of Proposition (5.9).
(a) We first decompose 100 into its primes:
2
100 = 102 = (2 × 5) = 22 × 52 .
Applying Proposition (5.9) with p1 = 2, p2 = 5, and n = 100 gives
1 1 1 4
𝜙 (100) = 100 (1 − ) (1 − ) = 100 ( ) ( ) = 40.
2 5 2 5
What does this answer of 40 mean?
There are 40 natural numbers below 100 which are relatively prime to 100. We do not need to
locate them. Notice how this formula works:
Half the natural numbers (all the odd numbers) up to 100 are relatively prime with 100.
1
These 50 odd numbers below 100 are counted by 100 ( ) = 50.
2
Of these 50 odd numbers, 1/5 of them are multiples of 5 and the remaining 4/5 are relatively
4
prime with 100, which is given by 50 ( ) = 40.
5 (continued...)
Listing some of the integers which are relatively prime to 100:
Card {1, 3, 7, 11, 13, 17, ⋯ , 97, 99} = 40 = 𝜙 (100).

⏟⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⏟
Multiples of 2 and 5 missing
(b) 101 is a prime number.

How do we find 𝜙 (101) ?
Use Proposition (5.2) which says:
If p is prime then 𝜙 (p) = p − 1.
Hence 𝜙 (101) = 101 − 1 = 100. This means there are 100 natural numbers which are rela-
tively prime to 101. This answer is much larger than the 40 natural numbers which are relatively
prime to 100.
Notice our answers to the last two parts:
𝜙 (100) = 40 and 𝜙 (101) = 100.
The 𝜙 function jumps from 40 to 100 in just one integer step.

(c) Similarly, writing the prime decomposition of 144:
2
144 = 122 = (22 × 3) = 24 × 32 .
Applying Proposition (5.9) with primes p1 = 2, p2 = 3, and n = 144 yields
1 1 1 2
𝜙 (144) = 144 (1 − ) (1 − ) = 144 ( ) ( ) = 48.
2 3 2 3
This implies there are 48 incongruent residues that have an inverse modulo 144. Since the
only primes involved in producing 144 are 2 and 3, so 𝜙 (144) counts the number in the set of
natural numbers below 144 which have no multiples of 2 or 3:
𝜙 (144) = Card ⏟⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⏟

{1, 5, 7, 11, 13, 17, ⋯ , 143} = 48.
No multiple of 2 or 3 in this set
(d) What is the prime decomposition of 2010?
2010 = 201 × 10
= (67 × 3) × (5 × 2) = 2 × 3 × 5 × 67.
Applying Proposition (5.9) to this we have
1 1 1 1
𝜙 (2010) = 2010 (1 − ) (1 − ) (1 − ) (1 − )
2 3 5 67
1 2 4 66
= 2010 ( ) ( ) ( ) ( ) = 528.
2 3 5 67
There are 528 integers between 1 and 2010 which have a gcd of 1 with 2010. There are 528
natural numbers which are not multiples of 2, 3, 5, or 67 below 2010.
Note that 𝜙 (n) is only defined for natural numbers n:

(n)
20
18
16
14
12
10
8
6
4
2
n
2 4 6 8 10 12 14 16 18 20
Figure 5.2 The graph of 𝜙 (n) against n.
As n gets larger, we might have expected 𝜙 (n) to get larger as well. This is clearly false, as
can be seen from the graph. An example of this is 𝜙 (59) = 58 but 𝜙 (60) = 16. Of course,
the general trend is upwards for large n, as you can see from the following table:
Table 5.2 The number 𝜙 (n) for various values of n.
n 99 999 9 999 99 999 999 999 9 999 999

𝜙 (n) 60 648 6 000 64 800 466 560 6 637 344
You might have noticed from this Table 5.2 that the number 𝜙 (n) is even for all n. This
is no coincidence, for we have the following general result:
Proposition (5.10). For n > 2, 𝜙 (n) is an even integer.
Proof.
k k
Let the prime decomposition of n be written as n = p11 × ⋯ × pr r . Then by Proposition
(5.8):
k k −1 k k −1 k k −1 k k −1
𝜙 (n) = (p11 − p11 ) × (p22 − p22 ) × (p33 − p33 ) × ⋯ × (pr r − pr r )
k −1 k −1 k −1
= p11 (p1 − 1) × p22 (p2 − 1) × ⋯ × pr r (pr − 1) [Factorizing].
If the only prime in n > 2 is p1 = 2 then we have 𝜙 (n) = 2k1 −1 (2 − 1) which is even because
2k1 −1 is a multiple of 2 (k1 > 1 because we are given n > 2).
If we have any distinct primes from 2 in n then
k −1 k −1 k −1
𝜙 (n) = p11 (p1 − 1) × p22 (p2 − 1) × ⋯ × pr r (pr − 1)
is even because one of the primes must be odd and an odd number minus 1 gives an even
number.
In either case, we have our required result.

Summary
Euler’s totient function 𝜙 (n) for a positive integer n > 1 gives the number of incongruent residues that
have an inverse modulo n:
𝜙 (n) = Card {a ∶ gcd (a, n) = 1 and 1 ≤ a ≤ n}.
We can find 𝜙 (n) by using the following formula:

1 1 1 k k k
𝜙 (n) = n (1 − ) (1 − ) ⋯ (1 − ) where n = p11 p22 ⋯ pr r .
p1 p2 pr
EXERCISES 5.1
(Brief solutions at end of book. Full 8. Are there any natural numbers n such
solutions available at <http://www.oup.co. that 𝜙 (n) = n?
9. What is the probability that a number
1. Determine the Euler totient function m ∈ {1, 2, 3, ⋯ , 164} is relatively
𝜙 (n) of the following prime numbers: prime to 164?
(a) 13 (b) 211 (c) 311 10. (a) Determine the number of
(d) 1973 (e) 1999 (f) 2017 incongruent residues that have an
inverse modulo 310.
2. Find the Euler totient function 𝜙 (n) of
the following numbers: (b) Show that the probability of a
given residue a ( mod pn ) has a
(a) 15 (b) 64 (c) 200 1
(d) 1000 (e) 1001 (f) 666 multiplicative inverse is 1 − where p
p
is prime.
3. Find the Euler totient function 𝜙 (n) of
the following numbers: 11. Solve the following equations for a
1000 1000 general n such that:
(a) 2 (b) 3
(c) 51000 (d) 71000 n n
(a) 𝜙 (n) = (b) 𝜙 (n) =
2 3
Interpret your result in each case. 12. Give an example of a natural number n
n
m
4. Show that 𝜙 (p ) = 𝜙 (p) p m−1
where p such that 𝜙 (n) < . Give reasons for
3
is a prime and m is a natural number. your choice.
1 n 13. Let n = 2k1 × 3k2 × 5k3 . Show that
5. Show that 𝜙 (2n ) = (2 ) where n is a
2
natural number. 4
𝜙 (n) = n.
1 n 15
What does 𝜙 (2n ) = (2 ) signify?
2 14. Let p be prime and p | n . Prove that
6. Show that 𝜙 (10m ) = 4 (10m−1 ) where
m is a natural number. n (p − 1)
𝜙 (n) ≤ .
p
7. Prove that 𝜙 (nm ) = nm−1 𝜙 (n).
EULER’S THEOREM (223–234) 223
15. (i) Is it possible to have 𝜙 (n) ≥ n? 𝜙 (m) = 2n−1 (2n−1 − 1) .

Give reasons for your answer.
𝜙 (n) 25. **(i) Let gcd(m, n) = g. Prove that
(ii) Show that 0 < < 1 for n > 1.
n
16. Disprove 𝜙 (m + n) = 𝜙 (m) + 𝜙 (n) 𝜙 (m) × 𝜙 (n) × g
𝜙 (m × n) = .
where m and n are natural numbers. 𝜙 (g)
17. Prove that
(ii) Prove Proposition (5.5).
k k−2
𝜙 (𝜙 (p )) = p 𝜙 [p (p − 1)] 26. **Show that for natural numbers a
and b:
where p is prime and k ≥ 2.
18. *Let d be a positive divisor of n, that is 𝜙([a, b]) × 𝜙(gcd(a, b)) = 𝜙(a) × 𝜙(b)
d | n . Prove that 𝜙 (d) | 𝜙 (n) .
where [a, b] = LCM (a, b).
[Hint: Consider the prime
decompositions of d and n.] 27. *(i) Prove that
19. Show that 𝜙 (22k+1 ) = l2 where l is a ∑ 𝜙 (d) = pk where p is prime.

d | pk
natural number.
***(ii) Prove that
20. Prove that
∑ 𝜙 (d) = ∑ 𝜙 (d) ∑ 𝜙 (d′ )
𝜙 (pk qk ) = pk−1 qk−1 𝜙 (p) 𝜙 (q) d | pk qm d | pk d′ | qm
= pk qm
where p and q are distinct primes. where p and q are distinct primes.
21. Prove Corollary (5.6). (iii) Prove Gauss’s Theorem, that is for
22. Prove Proposition (5.9). any natural number n we have
23. *Given that gcd(m, n) = 2, prove that ∑ 𝜙 (d) = n.
d|n
𝜙 (mn) = 2𝜙 (m) 𝜙 (n) .
This (iii) is an astonishing result
24. Let m be an even perfect number, that
proved by Gauss.
is m = 2n−1 (2n − 1) where 2n − 1 is
prime and n ≥ 2. Prove that
.........................................................................................................
SECTION 5.2 Euler’s Theorem

● understand what is meant by a reduced residue system
● prove Euler’s Theorem
In the last section we defined 𝜙 (n) which gives the number of integers between 1 and n that
are relatively prime to n. In this section we find the integers which are relatively prime to n
(or the incongruent residues that have an inverse modulo n).
5.2.1 Introduction
In the last chapter we established Fermat’s Little Theorem (4.1):

Let a be an integer and p be a prime number which does not divide a. Then
ap−1 ≡ 1 (mod p) .
We noticed how useful this result is in evaluating powers of a modulo p in Chapter 4.

However, this result is limited to prime moduli only.
Can we extend this to any moduli,

ax ≡ 1 (mod n) where n is any natural number?
Yes. For example, we have the following numerical results:
34 ≡ 1 (mod 10)
98 ≡ 1 (mod 16)
57400 ≡ 1 (mod 1000).
This last result, 57400 ≡ 1 (mod 1000), says the last three digits of 57400 are 001.
Recall having ax ≡ 1 (mod n) is a useful result because it cuts down on the arithmetic
when evaluating powers of residues modulo n.
In each of the above cases the moduli 10, 16, 1000 are composite and the index is not 1
less than the moduli 10, 16, 1000 respectively.
Why does it work for these values?
In this section we answer the question of what conditions lead to ax ≡ 1 (mod n) and ex-
amine how x and n are related.
Example 5.7
(i) Determine 𝜙 (10) where 𝜙 is Euler’s totient function.

(ii) Which incongruent residues have an inverse modulo 10?
Solution
(i) We have 𝜙(10) = 𝜙(2 × 5) = 𝜙(2) × 𝜙(5) = 1 × 4 = 4.
There are four natural numbers below 10 which are relatively prime to 10.
(ii) Note that 𝜙 (10) = 4 does not tell us which four incongruent residues have an inverse. For a
small number like 10 we can list them; it is the four integers which are relatively prime to 10,
and these are 1, 3, 7, and 9 because
gcd (1, 10) = gcd (3, 10) = gcd (7, 10) = gcd (9, 10) = 1.
Example 5.8
Let r1 = 1, r2 = 3, r3 = 7, r4 = 9, and a = 3. Determine the least positive residues x1 , x2 , x3 , and x4

such that:
ar1 ≡ x1 (mod 10) , ar2 ≡ x2 (mod 10) , ar3 ≡ x3 (mod 10) and ar4 ≡ x4 (mod 10).
Solution
Substituting r1 = 1, r2 = 3, r3 = 7, r4 = 9, and a = 3, gives
ar1 ≡ 3 × 1 ≡ 3 (mod 10)

ar2 ≡ 3 × 3 ≡ 9 (mod 10)
ar3 ≡ 3 × 7 ≡ 21 ≡ 1 (mod 10)
ar4 ≡ 3 × 9 ≡ 27 ≡ 7 (mod 10).
What do you notice about your results?

ar1 , ar2 , ar3 , and ar4 are congruent to the given r2 = 3, r4 = 9, r1 = 1, and r3 = 7 modulo 10 re-
spectively. We have
ar1 ≡ r2 , ar2 ≡ r4 , ar3 ≡ r1 , and ar4 ≡ r3 (mod 10).
It is no coincidence that each of our results were congruent to the given values of rj . This
is because each of these rj ’s is relatively prime to 10, as established in Example 5.7 (ii). [In
Example 5.7 (ii) we found these numbers to be 1, 3, 7, and 9, which are the given rj values
in Example 5.8.]
This property isn’t unique to n = 10, but will hold for any n > 1; we’ll see this for modulo
n = 9 next.
Example 5.9
Let r1 = 1, r2 = 2, r3 = 4, r4 = 5, r5 = 7, r6 = 8 and a = 2.
Determine the least positive residues xj for j = 1, 2, 3, ⋯ , 6 such that:
arj ≡ xj (mod 9) . (∗)
Solution
Substituting r1 = 1, r2 = 2, r3 = 4, r4 = 5, r5 = 7, r6 = 8, and a = 2 into (∗) gives
ar1 ≡ 2 × 1 ≡ 2 ≡ r2 (mod 9)
ar2 ≡ 2 × 2 ≡ 4 ≡ r3 (mod 9)
ar3 ≡ 2 × 4 ≡ 8 ≡ r6 (mod 9)
ar4 ≡ 2 × 5 ≡ 1 ≡ r1 (mod 9)
ar5 ≡ 2 × 7 ≡ 5 ≡ r4 ( mod 9)
ar6 ≡ 2 × 8 ≡ 7 ≡ r5 (mod 9).
Summarizing these results:
ar1 ≡ r2 , ar2 ≡ r3 , ar3 ≡ r6 , ar4 ≡ r1 , ar5 ≡ r4 and ar6 ≡ r5 (mod 9) .

(continued...)
Placing them in a table:
rj r1 r2 r3 r4 r5 r6
2rj (mod 9) r2 r3 r6 r1 r4 r5
Again, we have 2rj ≡ rk (mod 9) for some 1 ≤ j ≤ 6 and 1 ≤ k ≤ 6.

Note that there are six of these natural numbers rj , which we’d expect, since 𝜙 (9) = 6.
The set of natural numbers, rj ’s, in the above example is called a reduced residue system
modulo 9, that is
S = {1, 2, 4, 5, 7, 8} is a reduced residue system modulo 9.
What does a reduced residue system modulo n mean?
It is those incongruent residues which have an inverse modulo n. Hence it is the set of
residues {r1 , r2 , ⋯ , r𝜙(n) } which only have a common factor of 1 with n and any two differ-
ent members, ri and rj , are not congruent modulo n, that is
ri ≢ rj (mod n) [not congruent].
Definition (5.11). A reduced residue system modulo n is the set of integers {r1 , r2 , ⋯ , r𝜙(n) }
such that
(i) gcd (ri , n) = 1 for i = 1, 2, 3, ⋯ , 𝜙 (n).
(ii) ri ≢ rj (mod n) where i ≠ j.
What is a reduced residue system modulo 12?
{1, 5, 7, 11} . (†)
Because these residues are relatively prime to 12,
gcd (1, 12) = gcd (5, 12) = gcd (7, 12) = gcd (11, 12) = 1.
(†) is not the only reduced residue system modulo 12. Here is another:
{1, −7, 19, −1} .
What is the difference between the complete and reduced residue system?
A complete residue system modulo 12 would be
{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11} .
A reduced residue system contains only those members in the complete system which are
relatively prime to n. Like (†) for modulo 12.
Note the difference between 𝜙 (n) and the reduced residue system modulo n.
𝜙 (n)—gives the number of incongruent residues which are relatively prime to n. The
reduced residue system modulo n gives the set of incongruent residues that are relatively
prime to n. Clearly this set will have 𝜙 (n) members.
5.2.2 Proof of Euler’s Theorem
Before we prove Euler’s Theorem (5.14) we need a couple of lemmas.
Lemma (5.12). If gcd (a, n1 ) = gcd (a, n2 ) = ⋯ = gcd (a, nk ) = 1 then
gcd (a, n1 × n2 ⋯ × nk ) = 1.
Proof.
See complete solution to Exercises 1.3, question 15 (ii).

Example 5.10
By using your results of Example 5.9, show that 26 ≡ 1 (mod 9).
Solution
By Example 5.9 we have:
rj 1 2 4 5 7 8
2rj (mod 9) 2 4 8 1 5 7
Recall the rj ’s represent the reduced residue system modulo 9, and as you can observe from the table:
2rj ≡ rk (mod 9) .
Multiplying out 2rj for each j = 1, 2, 3, ⋯ and 6:
(2 × 1) (2 × 2) (2 × 4) (2 × 5) (2 × 7) (2 × 8) ≡ 2 (4) (8) (1) (5) (7) ( mod 9)

(2 × 2 × 2 × 2 × 2 × 2) [1 × 2 × 4 × 5 × 7 × 8] ≡ 1 × 2 × 4 × 5 × 7 × 8 (mod 9) [Rearranging]
⏟⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⏟
=26
26 [1 × 2 × 4 × 5 × 7 × 8] ≡ [1 × 2 × 4 × 5 × 7 × 8] (1) (mod 9) (∗)
where gcd (9, 1) = gcd (9, 2) = gcd (9, 4) = gcd (9, 5) = gcd (9, 7) = gcd (9, 8) = 1. Applying the pre-
vious Lemma (5.12) to these gcd’s gives
gcd (9, 1 × 2 × 4 × 5 × 7 × 8) = 1.
Applying the Cancellation Law (3.11) of Chapter 3:
ac ≡ bc (mod n) ⇒ a ≡ b (mod n) provided gcd (n, c) = 1,
to (∗) gives
26 ≡ 1 (mod 9) .
Note that 𝜙 (9) = 6, which implies 2𝜙(9) ≡ 1 (mod 9).

Lemma (5.13). Let n >1 and gcd (a, n) = 1. If {r1 , r2 , r3 , ⋯ , r𝜙(n) } is a reduced residue
system modulo n then so is
S = {ar1 , ar2 , ar3 , ⋯ , ar𝜙(n) } .
We need to show two things:

(1) No two members of S are congruent modulo n.
(2) gcd (ari , n) = 1.
Proof.
(1) No two members of S are congruent modulo n.
Suppose the following two residues are congruent modulo n:
arj ≡ ark (mod n) where rj ≢ rk ( mod n) and 1 ≤ j, k ≤ 𝜙 (n).
We are given gcd (a, n) = 1, so applying the Cancellation Law (3.11) to arj ≡ ark (mod n)
gives
rj ≡ rk ( mod n).
This is a contradiction, so the arj ’s are not congruent to each other modulo n.
(2) Every member of S is relatively prime to n.
Since gcd (ri , n) = 1 and gcd (a, n) = 1, so applying Lemma (5.12):
if gcd (a, n1 ) = gcd (a, n2 ) = ⋯ = gcd (a, nk ) = 1 then gcd (a, n1 × n2 ⋯ × nk ) = 1 to
gcd (ri , n) = 1 and gcd (a, n) = 1 gives gcd (a × ri , n) = 1.
This gcd (a × ri , n) = 1 implies that ari and n are relatively prime, so ari must be a member
of reduced residue system modulo n:
ari ≡ rk (mod n) .
Hence S = {ar1 , ar2 , ar3 , ⋯ , ar𝜙(n) } is a reduced residue system modulo n.

In the above, as S = {ar1 , ar2 , ar3 , ⋯ , ar𝜙(n) } is also a reduced residue system, so each
of these residues is congruent to one of the residues in {r1 , r2 , r3 , ⋯ , r𝜙(n) }.
Euler’s Theorem (5.14). Let n be an integer > 1 and gcd (a, n) = 1. Then
a𝜙(n) ≡ 1 ( mod n).
Proof.
Let {r1 , r2 , r3 , ⋯ , r𝜙(n) } be a reduced residue system modulo n. By the previous Lemma
(5.13) we have
{ar1 , ar2 , ar3 , ⋯ , ar𝜙(n) } is also a reduced residue system modulo n.

Multiplying these residues gives:
ar1 × ar2 × ar3 × ⋯ × ar𝜙(n) ≡ r1 × r2 × r3 × ⋯ × r𝜙(n) (mod n)

Because there are
a𝜙(n) [r1 × r2 × ⋯ × r𝜙(n) ] ≡ [r1 × r2 × ⋯ × r𝜙(n) ] (mod n) [ ]
𝜙 (n) multiples of a
Each of the rj ’s is relatively prime to n, that is gcd (rj , n) = 1 for j = 1, ⋯ , 𝜙(n). Using
Lemma (5.12):
if gcd (n1 , a) = ⋯ = gcd (nk , a) = 1 then gcd (n1 × n2 ⋯ × nk , a) = 1,
on gcd (r1 , n) = gcd (r2 , n) = ⋯ = gcd (r𝜙(n) , n) = 1 gives
gcd (r1 × r2 × ⋯ × r𝜙(n) , n) = 1.
Applying the Cancellation Law (3.11):

yx ≡ zx (mod n) ⇒ y ≡ z (mod n) , provided gcd (x, n) = 1
on the above result
a𝜙(n) [r1 × r2 × ⋯ × r𝜙(n) ] ≡ [r1 × r2 × ⋯ × r𝜙(n) ] (1) ( mod n)
gives
a𝜙(n) ≡ 1 ( mod n).

Like FlT, Euler’s Theorem is a fundamental theorem of number theory.
Example 5.11
Determine the least non-negative residue x in the following:
3170 ≡ x (mod 200) .
Solution
Since 200 is composite and gcd (3, 200) = 1, so we can use Euler’s Theorem to evaluate x.
We first determine 𝜙 (200).
How?
1 1 1
𝜙 (n) = n (1 − ) (1 − ) ⋯ (1 − ) .
p1 p2 pr
What is the prime decomposition of 200?
200 = 2 × 100 = 2 × (4 × 25) = 2 × (22 × 52 ) = 23 × 52 . (continued...)

By (5.9) with n = 200, p1 = 2 and p2 = 5 we have
1 1
𝜙 (200) = 200 (1 − ) (1 − ) = 80.
2 5
By applying Euler’s Theorem (5.14),
a𝜙(n) ≡ 1 (mod n) ,
with a = 3, n = 200 and 𝜙 (200) = 80 gives
3𝜙(200) ≡ 380 ≡ 1 (mod 200). (†)
However we need to evaluate 3170 ≡ x (mod 200). By the Division Algorithm we can write the index
170 as a multiple of 80 plus any remainder:
170 = (2 × 80) + 10.
Therefore,
2
3170 ≡ 3(2×80)+10 ≡
⏟ (380 ) × 310 ≡ (1) 2 10 10
⏟ × 3 ≡ 3 ( mod 200). (∗)
By the rules of indices By (†)
We need to find 310 :

2 2
310 ≡ (35 ) ≡ (243) ≡ 432 ≡ 1849 ≡ 49 ( mod 200).
Putting this 310 ≡ 49 ( mod 200) into (∗) gives
3170 ≡ 310 ≡ 49 ( mod 200) .
This means that if we divide the large number 3170 by 200 the remainder is 49. Note we do not have
to find the decimal digits of 3170 .
Example 5.12
Determine the last two digits of 11205 .
Solution
11205 has 213 digits, but we are not interested in finding all these digits.
We are only interested in the last two digits, so we need to determine the least non-negative residue
of 11205 modulo 100. (The remainder after dividing by 100 gives the last two digits.)
From previous calculations we have 𝜙 (100) = 40. We use Euler’s Theorem (5.14):
a𝜙(n) ≡ 1 (mod n).
The gcd (11, 100) = 1, so applying this with a = 11 and n = 100 we have
11𝜙(100) ≡ 1140 ≡ 1 ( mod 100) . (∗∗)

We need to write the given index 205 as a multiple of 40 and any remainder by using the Division
Algorithm:
205 = (5 × 40) + 5.
Hence
5
11205 ≡ 11(5×40)+5 ≡ (1140 ) × 115 ≡ (1) 5 5 5
⏟ × 11 ≡ 11 ( mod 100).
By (∗∗ )
We only need to evaluate 115 modulo 100:

2 2
115 ≡ (112 ) × 11 ≡ (121) × 11
2
≡ (21) × 11 ≡ (441) × 11 ≡ (41) × 11 ≡ 451 ≡ 51 ( mod 100).
The last two digits of 11205 are 5 and 1 respectively.
Next, we prove Fermat’s Little Theorem (also proved in the last chapter) using Euler’s
Theorem.
Fermat’s Little Theorem (5.15). If p is prime and p does not divide into a, then
ap−1 ≡ 1 (mod p) .
Proof.
We are given p a, so gcd (a, p) = 1. We can use Euler’s Theorem (5.14):
a𝜙(n) ≡ 1 (mod n)
with n = p. Remember for prime p we have 𝜙 (p) = p − 1. Therefore,
a𝜙(p) ≡ ap−1 ≡ 1 (mod p) .

Summary
A reduced residue system only includes those incongruent residues which have an inverse.
We can use Euler’s Theorem to evaluate powers of residues of any moduli n.
Let n be an integer greater than 1 and gcd (a, n) = 1, then
a𝜙(n) ≡ 1 ( mod n).

EXERCISES 5.2
(Brief solutions at end of book. Full 11. For the following either give a proof or
solutions available at <http://www.oup.co. exhibit a counterexample:
Let gcd (a, n) = 1 then
1. Let r1 = 1, r2 = 3, r3 = 5, r4 = 7, and
a = 3. Determine the least a𝜙(𝜙(n)) ≡ 1 (mod n) .
non-negative residues xj for 12. (a) Let gcd (a, n) = 1. Prove that
j = 1, 2, 3, 4 such that
arj ≡ xj (mod 8) . a−1 ≡ a𝜙(n)−1 (mod n) .
(b) Let gcd (a, n) = 1. Show that the

solution of the linear congruence
2. Write down two different reduced
residue systems modulo 8. ax ≡ b (mod n)
3. Find the last digit of 72014 . is given by x ≡ ba𝜙(n)−1 (mod n).

4. Determine the last two digits of 131000 . 13. Let the primes p = 3, q = 23 and
n = p × q.
5. Determine the least non-negative
residue x in 111767 ≡ x ( mod 301). (i) Determine 𝜙 (n).
1 000 000 (ii) Determine 3−1 ( mod 𝜙 (n)).
6. Find the last three digits of 27 .
14. *Let gcd (m, n) = 1. Prove that
7. Solve the following linear congruences
by using Euler’s Theorem: m𝜙(n) + n𝜙(m) ≡ 1 (mod mn) .
(a) 7x ≡ 33 (mod 50)
[Hint: Use the Chinese remainder
(b) 13x ≡ 51 (mod 100)
theorem.]
(c) 13x ≡ 52 (mod 100)
15. Let p and q be distinct primes. Prove
8. Solve the linear congruences
that pq−1 + qp−1 ≡ 1( mod pq).
15xj ≡ bj ( mod 32)
16. Let a be a natural number such that
for bj = 5, 7, 9, 11, and 13. gcd (a, 16) = 1. Find the multiplicative
[Hint: See question 12.] inverse of a3 modulo 16 as
power of a.
9. Let n be a positive integer such that
gcd (n, 10) = 1. Prove that n | 99 ⋯ 99 17. Let {r1 , r2 , r3 , ⋯ , r𝜙(n) } be a set of
where there are 𝜙 (n) number of 9’s in reduced residue system modulo n.
99 ⋯ 99. Show that r−1
j ≡ rk (mod n) where
10. Let p be prime such that p a where a 1 ≤ j, k ≤ 𝜙 (n).

is a positive integer. Prove that [The inverse of any residue in the
reduced residue system is also in this
n −pn−1
ap ≡ 1 (mod pn ) . system.]
18. *(i) Let {r1 , r2 , r3 , ⋯ , r𝜙(n) } be a set 19. **Determine the last three digits of
of reduced residue system modulo n. 2019
Prove that 20192019 .
n n
r1 × r2 × r3 × ⋯ × r𝜙(n) ≡ ±1 ( mod n) . [Tower rule am = a(m ) .]
(ii) Prove Wilson’s Theorem.
.........................................................................................................
(Brief solutions at end of book. Full 5.5. Find the last three digits of 20112011 .
5.6. Let n be odd. Determine a formula
for 𝜙 (2m n) where m is a natural
5.1. (i) Determine 𝜙 (100) where 𝜙 is the number.
Euler totient function.
5.7. Solve 23x ≡ 5 (mod 100).
(ii) Determine the last two
digits of 5.8. Let n = 2m 3k . Show that 𝜙 (n) = n/3.
20132013 . n
Explain what is meant by 𝜙 (n) = .
3
(iii) **Find the last two
5.9. (i) Explain what is meant by
digits of
2013 n
20132013 . 𝜙 (n) = .
n n 2
[Hint: Tower rule am = a(m ) .] n
(ii) Prove that if 𝜙 (n) = then
(iv) Explain why we cannot use 2
Euler’s Theorem a𝜙(n) ≡ 1 (mod n) to n = 2m .
find the least positive residue 5.10. (i) Determine the least non-negative
x ( mod 100) in the following residue x (mod 4) in the following:
congruence: 34 + 32 + 2 (3) ≡ x ( mod 4) .
20142014 ≡ x (mod 100) .
5.2. Determine the number 𝜙 (n) for the (ii) Show that
following integers: a4 + a2 + 2a ≡ 0 ( mod 4)
(a) 1000 for any integer a.
(b) 10 000 5.11. Decryption in an RSA system relies
(c) 100 000 on evaluating Euler’s phi function
(d) 1 000 000 𝜙 (n) where n = pq and p and q are
large distinct primes. Of course,
once we know the prime
5.3. Find the values of factorization of n then 𝜙 (n) is easy
(a) 𝜙 (2014) (b) 𝜙 (2015) to work out. For the following prime
(c) 𝜙 (2016) (d) 𝜙 (2017) multiplications compute the number
[2017 is prime.] 𝜙 (n) in each case.
5.4. Determine the natural numbers n (a) n = 1 299 709 × 15 485 863
4n (b) n = 1 726 943 × 179 424 673
such that 𝜙 (n) = .
5
5.12. (i) Compute 𝜙 (561) and explain

what your answer signifies. What do you notice about your results?
(ii) By computing the actual values, 5.19. Let p be prime and m ≥ 2 be a

show that 2𝜙(561) ≡ 1 (mod 561). natural number. Prove that
[Hint: Examine the factors of 𝜙(561).]
(i) 𝜙 (𝜙 (pm )) =
(iii) Determine the smallest positive
[pm−1 − pm−2 ] 𝜙 (p − 1)
integer 𝜆 such that 2𝜆 ≡ 1 ( mod 561).
2
(iv) Find a relationship between 𝜆 (ii) 𝜙 (𝜙 (pm )) = pm−2 𝜙 ((p − 1) ).
and 𝜙 (561). k k k
5.20. Let n = p11 × p22 × p33 where the pj ’s
5.13. (i) Evaluate 𝜙 (111). are distinct primes. Show that
(ii) How many incongruent residues k −1 k −1 k −1
𝜙 (n) = [p11 × p22 × p33 ] 𝜙 (p1 )
modulo 111 will not have a
multiplicative inverse? 𝜙 (p2 ) 𝜙 (p3 ) .
n2 n2 −1
5.14. Prove that 𝜙 (10 ) = 4 × 10 . 5.21. (a) Prove that if n is odd then
5.15. For the following either give a proof 𝜙 (2n) = 𝜙 (n) .
or exhibit a counterexample: (b) Prove that if n is even then
(a) If a ≡ b (mod n) then 𝜙 (2n) = 2𝜙 (n) .
𝜙 (a) = 𝜙 (b) . 5.22. Given that
(b) If a ≡ b (mod n) then gcd (x, y, z) = gcd (x, gcd(y, z)),
𝜙 (a) ≡ 𝜙 (b) (mod n) . show that the following statement is
(c) If a ≡ b (mod n) then false:
𝜙 (a) ≡ 𝜙 (b) (mod 𝜙 (n)) . If gcd (m1 , m2 , ⋯ , mk ) = 1 then
𝜙 (m1 × m2 × ⋯ × mk )
5.16. *Let 2p − 1 be a Mersenne prime.
= 𝜙 (m1 ) × 𝜙 (m2 ) × ⋯ × 𝜙 (mk ) .
Prove that
𝜙 (2p − 1) = 2p−1 + 2p−2 + ⋯ + 22 + 2. 5.23. (i) Find a formula for 𝜙 (n) .
n
𝜙 (n)
5.17. The expression gives the (ii) Given that 𝜙 (n) | n , show that
n n
probability that a number you = 3.
choose between 1 and n is relatively 𝜙 (n)
5.24. Prove that
prime to n. Evaluate this expression
for 𝜙(ma)𝜙(mb) = [𝜙(m)]2 𝜙(a)𝜙(b),
provided m, a, and b are pairwise
(a) n = 500
prime.
(b) n = 929 (prime number)
(c) n = 111 × 929. 5.25. Let d be a divisor of n. Determine
∑ 𝜙 (d) for
Show that for a prime number p we d|n
𝜙 (p) 1
have = 1 − . Explain what (a) n = 10
p p
(b) n = 15
this result signifies.
(c) n = 24.
5.18. Determine the reduced residue
system modulo 30. What do you notice about your results?
..............................................................................................................................
Primitive Roots and

6 Indices
..............................................................................................................................
SECTION 6.1 The Order of an Integer Modulo n

● evaluate the order of a (mod n)
● prove properties of order
In this chapter we will see the limitations of using Euler’s Theorem to evaluate the least
positive residue x such that am ≡ x (mod n). We find the first positive index k such that
ak ≡ 1 (mod n).
So far we have only dealt with linear congruences ax ≡ b (mod n), but in this chapter
we solve non-linear congruences such as ax k ≡ b (mod n). We solve these non-linear con-
gruences by converting them to linear form and then use the results of Chapter 3 to solve
them.
6.1.1 Definition of order
How can we find the last three digits of 7311 ?
Since we are interested in the last three digits, so we need to work with modulo 1000. We
know the gcd (7, 1000) = 1, so we can use Euler’s Theorem (5.14):
a𝜙(n) ≡ 1 (mod n) .
1 1
We have 𝜙 (1000) = 1000 (1 − ) (1 − ) = 400. Therefore, by applying Euler’s Theorem
2 5
with a = 7, n = 1000 we have 7400 ≡ 1 (mod 1000). However, we want to find the least pos-
itive residue x in
7311 ≡ x (mod 1000) . (∗)
The index 311 < 400, so using 7400 ≡ 1 (mod 1000) will not help. This means that Euler’s
Theorem in trying to help find x in (∗) is of no use. In this section we will see how we can
reduce this calculation. We find the last three digits in Example 6.6 later in this section by
first determining the smallest index k such that
7k ≡ 1 (mod 1000) .
Let us first consider a simpler example.

236 6 P R IM I TI VE R O OTS A N D I N D I C ES
Example 6.1
Determine the smallest positive k such that 4k ≡ 1 (mod 13).
Solution
We evaluate with base 4 to various indices until we get to 1 (mod 13):
41 ≡ 4 ≢ 1 (mod 13)
42 ≡ 16 ≡ 3 ≢ 1 (mod 13)
43 ≡ 64 ≡ 12 ≢ 1 (mod 13)
2
44 ≡ (42 ) ≡ 32 ≡ 9 ≢ 1 (mod 13)
45 ≡ 44 × 4 ≡ 9 × 4 ≡ 36 ≡ 10 ≢ 1 (mod 13)
46 ≡ 45 × 4 ≡ 10 × 4 ≡ 40 ≡ 1 (mod 13) .
We see that for k = 6 we have 4k ≡ 1 (mod 13).
The first positive index of 4 to give 1 modulo 13 is 6.

Another example is with powers of 5 modulo 12:
51 ≡ 5 ≢ 1 (mod 12) and 52 ≡ 25 ≡ 1 (mod 12) .
The first positive index of 5 to give 1 modulo 12 is 2.
Why are we interested in an integer being congruent to 1 modulo n?
It makes the arithmetic of evaluating indices much easier because 1m ≡ 1 (mod n).
How do we know that such an index exists?
Because by Euler’s Theorem (5.14)
a𝜙 (n) ≡ 1 (mod n) provided gcd(a, n) = 1.
The first index of an integer which hits 1 modulo n is called the order. The formal defini-
tion is:
Definition (6.1). Let n > 1 and gcd (a, n) = 1. The order of a modulo n is the smallest pos-
itive integer k such that ak ≡ 1 (mod n).
From the above examples we have that the order of 4 (mod 13) is 6 and of
5 (mod 12) is 2.
T H E O R D ER O F A N I N T E G E R M O D U LO n (235–245) 237
Example 6.2
Find the order of

(a) 5 modulo 6 (b) 2 modulo 13
Solution
(a) We examine the powers of 5 modulo 6:
51 ≡ 5 ≢ 1 (mod 6) and 52 ≡ 25 ≡ 1 (mod 6) .
The order of 5 modulo 6 is 2.

(b) We examine powers of 2 modulo 13:
21 ≡ 2, 22 ≡ 4, ⋯ , 211 ≡ 7, 212 ≡ 1 (mod 13) .
The order of 2 modulo 13 is 12.
6.1.2 Properties of order
We now explore some of the properties of order.
Proposition (6.2). If a ≡ b (mod n) then a and b (mod n) have the same order.
Proof.
Let k be the order of a modulo n. Therefore,
ak ≡ 1 (mod n) .
Using Proposition (3.8) of Chapter 3 which says
a ≡ b (mod n) implies ak ≡ bk (mod n) ,
we have ak ≡ bk ≡ 1 (mod n). This k must be the smallest positive index of b such that
bk ≡ 1 (mod n) .
Why?
Because if there is a smaller integer, say m < k, such that bm ≡ am ≡ 1 (mod n) then m would
be the order of a modulo n. Hence k is the order of b modulo n.

In the definition of order, (6.1), why do we need the integers a and n to be relatively prime, that is
gcd (a, n) = 1?
We will see through using an example what happens when such integers aren’t relatively
prime. Let us consider a case where gcd (a, n) > 1.
Example 6.3
Find the least non-negative residues b for the following:
2k ≡ b (mod 6) where k = 1, 2, 3, 4 and 5.
Solution
Substituting k = 1, 2, 3, 4 and 5 into 2k ≡ b (mod 6)
21 ≡ 2, 22 ≡ 4, 23 ≡ 2, 24 ≡ 4, 25 ≡ 2 (mod 6) .
We begin to see a pattern emerging in our results, namely that the residues are either 2 or 4 (mod 6).
Why do we only get 2 or 4 as the least positive residues in this case?
We can rewrite 2k ≡ 2 (2k−1 ) ≡ b ( mod 6). The gcd (2, 6) = 2 which implies that
2(2k−1 ) ≡ b (mod 6),

and is only true if 2 | b.
Why?
Because of Proposition (3.15) of Chapter 3:
ax ≡ b (mod n) has a solution ⇔ g | b where g = gcd (a, n)
2k will always be an even residue. In fact, 2k ≢ 1 (mod 6) for any positive integer k.
We can generalize this because it is not just restricted to this case, as we’ll now prove.
Proposition (6.3). If gcd (a, n) > 1 then ak ≢ 1 (mod n) for any positive integer k.
By contradiction.
Proof.
Let g = gcd (a, n) > 1. Suppose there exists a positive integer k such that
ak ≡ 1 (mod n) . (∗)
By using the rules of indices we can rewrite ak = aak−1 . Rewriting (∗) gives
ak ≡ a (ak−1 ) ≡ 1 (mod n) .
Since g = gcd (a, n) > 1 and for this congruence to hold we must have g | 1.
Why?
Because by Proposition (3.15):

ax ≡ b (mod n) has a solution ⇔ g | b.
Applying this to a (ak−1 ) ≡ 1 (mod n) results in g | 1. This g | 1 is impossible because

g > 1. Hence our supposition must be wrong, therefore there is no integer k such that
ak ≡ 1 (mod n). This completes our proof.

If gcd (a, n) > 1 then a (mod n) has no order, or we say the order does not exist.
6.1.3 Further properties of order
Which indices give 1 modulo n?
Here are some examples of 2 modulo 7:
23 ≡ 1 (mod 7) , 26 ≡ 1 (mod 7) , 29 ≡ 1 (mod 7) , 212 ≡ 1 (mod 7) .
The order of 2 modulo 7 is 3. Note that the index in each case is a multiple of 3, that is
23m ≡ 1 (mod 7).
Similarly, the order of 2 modulo 13 is 12 (see Example 6.2 (b)) and we have:
212 ≡ 1 (mod 13) , 224 ≡ 1 (mod 13) , 236 ≡ 1 (mod 13) , 248 ≡ 1 (mod 13) .
Again, any index of 2 which is the multiple of 12 is congruent to 1 modulo 13.
Example 6.4
(i) Find the order k of 3 modulo 8.

(ii) Determine 32k , 33k , 34k , ⋯ , 3mk modulo 8, where m is any natural number.
Solution
(i) We have 32 ≡ 9 ≡ 1 (mod 8).
Therefore, the order of 3 modulo 8 is 2 because the first index to give us 1 modulo 8 is 2. So
k = 2 and 3k ≡ 1 (mod 8).
(ii) Evaluating 32k gives
k k
32k ≡
⏟ (32 ) ≡
⏟ (1) ≡ 1 (mod 8) .
By rules of indices By part (i)
Similarly, 33k ≡ 34k ≡ ⋯ ≡ 3mk ≡ 1 (mod 8).
Can there be an index of 3 which is not a multiple of the order 2 yet is still congruent to 1 modulo 8?
No, and we will see why through the use of contradiction in our next proof. We will prove
that ah ≡ 1 (mod n) if and only if h is a multiple of the order k.
Proposition (6.4). Let a modulo n have order k. Then ah ≡ 1 (mod n) ⇔ k | h.

We have ⇔ statement, so we prove this both ways.
Proof.
We are given that the order of a modulo n is k. This implies that
ak ≡ 1 (mod n). (∗)
(⇐). Assume k | h. Therefore, there is an integer m such that k × m = h. We have
ah ≡ ak×m ≡ (ak ) m
⏟ ≡ (1) m
⏟ ≡ 1 (mod n).
By rules of indices By(∗)
Thus ah ≡ 1 (mod n), which is our required result for this part of the proof.
(⇒) . Assume ah ≡ 1 (mod n).

We prove this part by contradiction.
Suppose the order k does not divide h, that is k h. By the Division Algorithm there exist
integers q and remainder r such that
h = kq + r where 0 < r < k.
Note that in this case we have a non-zero remainder (r > 0) because k h.

Examining ah ≡ 1 (mod n) and substituting h = kq + r we have
q
ah ≡ akq+r ≡ (ak ) × ar [By the rules of indices]
q r r
≡ (1)
⏟ × a ≡ a ≡ 1 (mod n) [Because ah ≡ 1 (mod n)] .
By(∗)
This ar ≡ 1 (mod n) is impossible because r is less than k, 0 < r < k, and k is the order of a
modulo n. Recall Definition (6.1):
The order of a modulo n is the smallest positive integer k such that ak ≡ 1 (mod n).
Our supposition that k does not divide h must be wrong, so k | h.

As we have seen throughout our investigations so far, number theory builds upon pre-
vious results. In the following corollary we establish a link between Euler’s totient function
described in the last chapter and the work we have been doing on the order of integers
modulo n.
Corollary (6.5). Let a modulo n have order k. Then k | 𝜙 (n).
Proof.
Let k be the order of a modulo n. Recall the order of a (mod n) only exists if gcd (a, n) = 1.
By Euler’s Theorem (5.14) of the last chapter we have:
a𝜙(n) ≡ 1 (mod n) .
Substituting h = 𝜙 (n) into the previous Proposition (6.4) gives k | 𝜙 (n), which is our re-
quired result.

What does this Corollary (6.5) mean?
To find the order of a modulo n we only need to examine the positive factors of the num-
ber 𝜙 (n). This means that we do not need to check each individual index a1 , a2 , ⋯ , a𝜙(n)
modulo n. This corollary makes the evaluation of the order much simpler.
Example 6.5
Find the order of 2 modulo 17.
Solution
The integers 2 and 17 are relatively prime, so the order of 2 (mod 17) exists.
Since 17 is a prime number, so what is 𝜙 (17) equal to?
Applying 𝜙 (p) = p − 1, where p is prime, we have
𝜙 (17) = 17 − 1 = 16.
What are the positive factors of 16?

1, 2, 4, 8, and 16. We only need to test these indices to the base 2:
2 2
21 ≡ 2, 22 ≡ 4, 24 ≡ 16 ≡ −1 and 28 ≡ (24 ) ≡ (−1) ≡ 1 (mod 17) .
Hence the order of 2 modulo 17 is 8. Recall the order is the smallest positive index of 2 which gives
1 (mod 17).
Now let us tackle the problem stated at the start of this chapter where applying Euler’s
Theorem did not help.
Example 6.6
Determine the last three digits of 7311 .
Solution
From the introduction we know we must find the least positive residue x such that
7311 ≡ x (mod 1000) .
Recall we had 𝜙 (1000) = 400 and the prime decomposition of 400 = 24 × 52 . The positive factors of
400 are 1, 2, 4, 5, 8, 10, 16, 20, 25, 40, 50, 80, 100, 200, and 400. We only need to test these indices of
7 until we get 1 (mod 1000):
71 ≡ 7, 72 ≡ 49, 74 ≡ 401, 75 ≡ 807, 78 ≡ 801, 710 ≡ 249, 716 ≡ 601, 720 ≡ 1 (mod 1000) . (∗)
(continued...)
Hence the order 7 (mod 1000) is 20. Writing the index of 311 as a multiple of 20 and any remainder
gives 311 = (15 × 20) + 11. Therefore, using the rules of indices and the results in (∗) we have
15
7311 ≡ 7(15×20)+11 ≡ (720 ) × 711 ≡ ⏟
1 ×711 ≡ 710 × 7 ≡ ⏟
249 ×7 ≡ 1743 ≡ 743 (mod 1000) .
By (∗) By (∗)
The last three digits of 7311 are 743.
Note that using the order of 7 (mod 1000) makes the calculation much simpler.
6.1.4 Relationship between indices
In this subsection we ask the following question:
If ai ≡ a j (mod n) then what is the relationship between indices i and j?
Example 6.7
Show that 28m+5 ≡ 25 (mod 17) where m is any positive integer.
Solution
By Example 6.5 we know that the order of 2 modulo 17 is 8. This implies
28 ≡ 1 (mod 17). (∗)
Using this we have

m
28m+5 ≡ (28 ) × 25 [By the rules of indices]
≡ (1) m 5 5
⏟ × 2 ≡ 2 (mod 17) .
By(∗)
Thus 8m + 5 ≡ 5 (mod 8) for any integer m, and by Example 6.7 we have
28m+5 ≡ 25 (mod 17) .
Example 6.8
Show that 212m+r ≡ 2r (mod 13) where m and r are any positive integers.
Solution
By Example 6.2 (b) we know that the order of 2 modulo 13 is 12. Therefore,
212 ≡ 1 (mod 13). (†)

We have
m
212m+r ≡
⏟ (212 ) × 2r ≡ (1) 2 r r
⏟ × 2 ≡ 2 (mod 13) .
By rules of indices By (†)
Note that 12m + r ≡ r (mod 12) and 212m+r ≡ 2r (mod 13).
Why is this 212m+r ≡ 2r (mod 13) a useful result?
Say we want to find the least non-negative residue x such that 21000 ≡ x (mod 13), then we
can break the index 1000 into a multiple of 12 (order of 2 (mod 13)) and any remainder,
1000 = (83 × 12) + 4. Therefore, we have
21000 ≡ 2(83×12)+4 ≡ 24 ≡ 16 ≡ 3 (mod 13) .
It is much easier to evaluate 24 rather than 21000 modulo 13.

Generalizing the results of these two examples, we have the following proposition.
Proposition (6.6). Let a modulo n have order k. Then a j ≡ am ( mod n) ⇔ j ≡ m ( mod k)

where j, m are positive integers.
Proof.
We are given that a modulo n has order k, so
ak ≡ 1 (mod n) . (∗∗)
(⇐) . For this part we need to show a j ≡ am ( mod n).

Assume j ≡ m ( mod k). By the definition of congruence, we have
j − m = ks where s is an integer.
We can also write this as j = m + ks. Considering the index j of a modulo n:
a j ≡ am+ks
s
≡ am × (ak ) [Using the rules of indices]
≡ am × (1) s m
⏟ ≡ a (mod n) .
By (∗∗)
Hence we have a j ≡ am (mod n).

(⇒) . Assume a j ≡ am (mod n). For this part we need to prove j ≡ m (mod k).
How?
By contradiction.
Suppose j ≢ m (mod k) which implies j − m ≠ kq [not equal].
Since j − m ≠ kq there must be some remainder r > 0 such that
j − m = kq + r where 0 < r < k.
We have j = m + kq + r where 0 < r < k. Writing the index j as j = m + kq + r:

q
a j ≡ am+kq+r ≡ am × (ak ) × ar [Using the rules of indices]
≡ am × (1)
⏟ ×a
q r
By (∗∗)
≡ a × ar (mod n).
m
We have am × ar ≡ a j (mod n) and by assumption a j ≡ am (mod n), therefore
am × ar ≡ a j ≡ am ≡ am × (1) (mod n) .
The gcd (a, n) = 1 which implies gcd (am , n) = 1, so applying the Cancellation Law (3.9):
if a × c ≡ b × c (mod n) and g = gcd (c, n) = 1 then a ≡ b (mod n),
to the above am × ar ≡ am × (1) (mod n) implies ar ≡ 1 (mod n).
But ar ≢ 1 (mod n) because r is greater than 0 and less than k, 0 < r < k. Recall k is the
order of a modulo n.
This means that we have a contradiction. Our supposition j ≢ m (mod k) must be wrong,
so j ≡ m (mod k), which is our required result.

Note that Proposition (6.6) is a useful result in evaluating large indices.
Why?
Because we have
a j ≡ am ( mod n) ⇔ j ≡ m ( mod k).
So if j is a larger index than m and j ≡ m (mod k) then we only need to work out am in order
to find a j modulo n. This is demonstrated in the next example.
Example 6.9
Determine the least non-negative residue x such that 61 000 004 ≡ x (mod 17).
Solution
Since gcd (6, 17) = 1, so 6 (mod 17) has an order. As 17 is prime, so 𝜙 (17) = 16. The positive factors
of 16 are 1, 2, 4, 8, and 16, so we need to find
61 , 62 , 64 , 68 and 616 (mod 17) .

Actually we only need to evaluate 62 , 64 , 68 ≡ ? (mod 17) because we know 61 ≡ 6 (mod 17) and by
Euler’s Theorem, 616 ≡ 1 (mod 17). Evaluating the indices 2, 4, and 8 with base 6 gives:
2
62 ≡ 36 ≡ 2, 64 ≡ 22 ≡ 4, 68 ≡ (64 ) ≡ 42 ≡ 16 ≡ −1 (mod 17) . (†)
Since none of these is congruent to 1 modulo 17, so the order of 6 modulo 17 is 16. Let k be the order
of 6 modulo 17, so k = 16.
We use the previous Proposition (6.6),
a j ≡ am ( mod n) ⇔ j ≡ m ( mod k),
to evaluate 61 000 004 ≡ x (mod 17). Applying this Proposition with k = 16 gives:
1 000 004 ≡ 4 (mod 16) .
By Proposition (6.6), we have
61 000 004 ≡ 64 ≡ 4 (mod 17) [By (†)].
Observe how Proposition (6.6) makes life easier because we have
61 000 004 ≡ 64 ≡ 4 (mod 17).
Summary
The order of a modulo n is the smallest positive index k such that ak ≡ 1 (mod n).
We can find the order k of a modulo n by using:
Corollary (6.5). Let the integer a modulo n have order k. Then k | 𝜙 (n); the order is a factor of 𝜙 (n).
EXERCISES 6.1
(Brief solutions at end of book. Full (c) 9 (mod 16) (d) 11 (mod 25)
solutions available at <http://www.oup.co. (e) 3 (mod 13)
3. Given that the order of 5 modulo 13 is
4, determine the least non-negative
1. Find the order of 2:
residue x such that 5101 ≡ x (mod 13).
(a) modulo 7 (b) modulo 11
(c) modulo 17 (d) modulo 23 4. Determine the order of 3 modulo 100.
Hence, or otherwise, find the last two
2. Determine the orders of the following:
digits of 31001 .
(a) 3 (mod 10) (b) 7 (mod 12)
5. Determine the order 7 modulo 60. 13. Prove that if a has order 2k modulo
Also find the inverse of 7 modulo 60 prime p where p is odd then
and solve the linear congruence ak ≡ −1 (mod p) .
7x ≡ 59 (mod 60) .
14. Let p be an odd prime and
6. Find the order of 5 modulo 21. a ≢ 1 (mod p). Show that the order of a
Hence, or otherwise, solve modulo pm divides pm − pm−1 .
5x ≡ 16 (mod 21) . 15. Let km be the order of a modulo n.
Show that k | 𝜙 (n).
7. In each of the following cases
determine the least non-negative 16. Prove that if a modulo n has order k
residue x: then so does the inverse of a modulo n
have order k.
(a) 31000 ≡ x (mod 17)
(b) 3970 ≡ x (mod 98) 17. Let 2 (mod p) where p is an odd prime
have order rs where s > 1. If
8. *Determine the last three digits
311 2r ≢ 1 (mod p), prove that
of 3 .
9. Let the order of a modulo n be k. Show 2r(s−1) + 2r(s−2) + 2r(s−3) + ⋯
that inverse of a modulo n is + 2r + 1 ≡ 0 (mod p) .
ak−1 (mod n) .
[Hint: 2rs − 1 = (2r − 1) (2r(s−1) +
10. Prove that if a modulo n has order mk 2r(s−2) + 2r(s−3) + ⋯ + 2r + 1).]
where m, k are positive integers then
am has order k. 18. Let a ≢ 1 (mod p) and a (mod p) have
order k. Prove that
11. Explain why a (mod 2) where a is odd
has order 1. ak−1 + ak−2 + ak−3 + ⋯ + 1 ≡
0 (mod p)
12. Let p be prime. If the order of a where p is prime.
modulo p is k, show that
19. *Let a modulo prime p have order 4.
4
k | (p − 1) . Show that (a + 1) ≡ −4 (mod p).
.........................................................................................................
SECTION 6.2 Indices

● determine the order of am (mod n)
● determine the order of an integer modulo n
6.2.1 Indices of integers modulo n
So far, we have only found orders of some very low integers such as 2, 3, 6, … This is be-
cause finding ak involves tiresome calculations. In this section we establish a much simpler
procedure to find the order of a modulo n.
IN D I C E S ( 2 4 6 – 2 5 3 ) 247
Example 6.10
(i) Determine the order k of 3 modulo 7.

(ii) Find 31 , 32 , ⋯ and 36 modulo 7.
Solution
(i) Since 3 and 7 are relatively prime, so the order of 3 modulo 7 exists. From the previous section we
have that the order k of a (mod n) satisfies k | 𝜙 (n) and in Chapter 5 we saw that if p is prime then
𝜙 (p) = p − 1. Since 7 is prime, so we have 𝜙 (7) = 7 − 1 = 6. Therefore, the order k of 3 modulo 7
must be a positive factor of 6. That is, k must equal one of 1, 2, 3, or 6:
31 ≡ 3, 32 ≡ 9 ≡ 2, 33 ≡ 27 ≡ 6, 36 ≡ 1 (mod 7) .
Hence the order is k = 6 of 3 (mod 7).

(ii) We have
31 ≡ 3, 32 ≡ 2, 33 ≡ 6, 34 ≡ 81 ≡ 4, 35 ≡ 34 × 3 ≡ 4 × 3 ≡ 5 and 36 ≡ 1 (mod 7) .
Placing the results of part (ii) in ascending residues:

36 ≡ 1, 32 ≡ 2, 31 ≡ 3, 34 ≡ 4, 35 ≡ 5 and 33 ≡ 6 (mod 7) .
36 ≡ 1(mod 7)
33 ≡ 6(mod 7)
Modulo 7
35 ≡ 5(mod 7) 32 ≡ 2(mod 7)
34 ≡ 4(mod 7) 31 ≡ 3(mod 7)
Figure 6.1 The integers 3k on the modulo 7 clock.
Figure 6.1 shows that the reduced residue system modulo 7 can be written as
3x ≡ r (mod 7) where r = 1, 2, 3, 4, 5, 6.
x
Note that 3 (mod 7) generates all the residues in the reduced residue system. All these
numbers 31 , 32 , ⋯ , 3k are incongruent modulo 7. (No two of them are congruent to each
other.) This is true for the general case:
Proposition (6.7). Let a (mod n) have order k. Then the integers a, a2 , ⋯ , ak are incongru-
ent modulo n.
Proof.
Suppose
a j ≡ am (mod n) where j, m ∈ {1, 2, 3, 4, ⋯ , k} .
Required to prove that j = m.
By Proposition (6.6) of the last section:
a j ≡ am (mod n) ⇔ j ≡ m (mod k).
We have j ≡ m (mod k), which implies that j = m because j, m ∈ {1, 2, 3, 4, ⋯ , k}.
Hence the integers a, a2 , a3 , ⋯ , ak are incongruent modulo n.

Example 6.11
Given that the order of 2 (mod 13) is 12, find the orders of the following modulo 13:
(i) 4 (ii) 8 (iii) 3 (iv) 11
Solution
We are given that the order of 2 modulo 13 is 12, which implies that
212 ≡ 1 (mod 13).
We use this result to find the order of the given numbers.

(i) Since 4 = 22 , we can rewrite the index 12 as
6
212 ≡ (22 ) ≡ 46 ≡ 1 (mod 13).
Hence the order of 4 is 6 because we have 46 ≡ 1 (mod 13).

How do we know the index 6 is the smallest?
If there was a smaller index, then the order of 2 (mod 13) would be smaller than 12.
(ii) Similarly, we can write the index 12 in terms of 3 because 8 = 23 :

4
212 ≡ (23 ) ≡ 84 ≡ 1 (mod 13).
Since 84 ≡ 1 (mod 13), so the order of 8 modulo 13 is 4.
(iii) How do we find the order of 3 modulo 13?

Clearly 3 is not a power of 2. We use the previous Proposition (6.7):
Let a modulo n have order k. Then a, a2 , a3 , ⋯ , ak are incongruent modulo n.
In our case a = 2, which has order 12. Applying this proposition means that
2, 22 , 23 , ⋯ , 212 (∗)
are incongruent modulo 13. (This is the reduced residue system modulo 13.) One of these numbers
in (∗) is congruent to 3 modulo 13 because 3 is in the reduced residue system modulo 13.
Which one?
We can determine this by trial and error:
24 ≡ 16 ≡ 3 (mod 13) . (†)

IN D I C E S ( 2 4 6 – 2 5 3 ) 249
This implies that the order of 3 modulo 13 is the same as the order of 24 modulo 13. We are given that
212 ≡ 1 (mod 13). Rewriting the index 12 as a multiple of 4:
3 3
212 ≡ (24 ) ≡
⏟ (3) ≡ 1(mod 13).
By (†)
Hence the order of 3 modulo 13 is 3.
(iv) Again 11 is not a power of 2, so we use brute force to find which power of 2 gives 11(mod 13):
27 ≡ 128 ≡ 11(mod 13).
Since we have index 7 and this has no factor in common with 12 apart from 1, that is gcd (7, 12) = 1,
so we cannot write 12 as a multiple of 7.
How can we find the order of 11 modulo 13?
We are given 212 ≡ 1(mod 13), therefore by using the rules of indices we have
12 7 7
(27 ) ≡ (212 ) ≡ (1) ≡ 1 (mod 13).
The order of 27 is 12. We cannot find a smaller positive index which will give 1 modulo 13. Since
27 ≡ 11 (mod 13), so the order of 11 modulo 13 is 12.
We will show later (Corollary (6.9)) that if gcd (s, k) = 1 (that is s and k are relatively prime)
where k is the order of a then the order of as is also k.
Example 6.12
Determine the order of 3 (mod 50). Also find the remainder when 311002 is divided by 50.
Solution
Since the gcd (3, 50) = 1, so the order of 3 (mod 50) is a positive factor of 𝜙 (50) and
𝜙 (50) = 𝜙 (2 × 52 ) = 𝜙 (2) × 𝜙 (52 ) = 1 × (52 − 5) = 20.
The positive factors of 20 are 1, 2, 4, 5, 10, and 20. Computing these indices (apart from 20) with base
3 gives
31 ≡ 3, 32 ≡ 9, 34 ≡ 81 ≡ 31, 35 ≡ 31 × 3 ≡ 43, 310 ≡ 432 ≡ 49 (mod 50) . (∗)
Therefore, the order of 3 modulo 50 is 20 because 3𝜙(50) ≡ 320 ≡ 1 (mod 50).
Let remainder r be the least positive residue in 311002 ≡ r (mod 50).

From (∗) we have 34 ≡ 31 (mod 50) which implies that
1002
r ≡ 311002 ≡ (34 ) ≡ 34008 ≡ 3(200×20)+8 ≡ (3
⏟ 20 ) 200 × 38 ≡ 38 ≡ 11 (mod 50) .
≡1(mod 50)
Notice how the computation is much easier by using the order of 3 (mod 50). Hence
311002 ≡ 11 (mod 50) says that 311002 divided by 50 leaves remainder 11.
The next proposition summarizes the above results and gives a much simpler technique for
evaluating the order of as .
k
Order Formula (6.8). Let a modulo n have order k. Then as (mod n) has order
gcd (s, k)
where s is a positive integer.
Proof.
We are given that a modulo n has order k. This implies that
ak ≡ 1 ( mod n). (†)
Let g = gcd (s, k). Then there exist integers x and y such that
gx = s and gy = k (∗)
y
where gcd (x, y) = 1. We examine (as ) :
(as ) ≡ (agx )
y k/g
[By (∗)]
k
≡ (ax ) [Using the rules of indices]
k x x
≡ (a ) ≡ (1)
⏟ ≡ 1 (mod n).
By(†)
Let as have order r. We need to prove that r = y because from (∗) we have
k k
y= = .
g gcd (s, k)
How do we show this?
We prove r | y and y | r and then we conclude that y = r.

Showing r | y:
Since the order of as is r we have
r
(as ) ≡ 1 (mod n).
y
From above (as ) ≡ 1 (mod n), therefore r | y because of Proposition (6.4):
Let a modulo n have order m. Then ah ≡ 1 (mod n) ⇔ m | h.
Showing y | r:
r
Since as has order r, then (as ) ≡ 1 (mod n) and by (†) we have ak ≡ 1 (mod n):
r
(as ) ≡ asr ≡ ak ≡ 1 (mod n) .
Again by the above Proposition (6.4) we have k | sr. Substituting gx = s and gy = k (these
are from (∗)) into k | sr gives
gy | gxr which implies y | xr. [cancelling g’s]
From above we have gcd (x, y) = 1. Applying Euclid’s Lemma (1.13):
if a | bc and gcd (a, b) = 1 then a | c,

IN D I C E S ( 2 4 6 – 2 5 3 ) 251
to y | xr with gcd (x, y) = 1 gives

y | r.
We have both r | y and y | r, which implies that y = ±r because by Proposition (1.2) (d),
a|b and b | a ⇔ a = ±b.
y cannot be negative because gy = k and k is the order of a modulo n. Hence y = r which
k k
means the order of as is y = = . This is our required result.
g gcd (s, k)

Corollary (6.9). Let a modulo n have order k. If gcd (s, k) = 1 then

as has order k where s is a positive integer.
Means that a and as have the same order.
Proof.
Apply the Order Formula (6.8) with gcd (s, k) = 1.

In Example 6.11 (iv) we found that the order of 27 is 12. Since
gcd (7, 12) = 1 [7 and 12 are relatively prime],
so both 2 and 27 have the same order, 12.
Example 6.13
Complete the following table which gives the orders of integers modulo 11 by evaluating the indices
to base 2.
Table 6.1
Integer j 1 2 3 4 5 6 7 8 9 10
Order of j (mod 11)
Solution
If j = 1 then the order of 1 is clearly 1 because 11 ≡ 1 (mod 11).
To establish the table of the order of the remaining integers we apply the Order Formula (6.8):
k
Order of as = where k is the order of a.
gcd (s, k)
We can use powers of a = 2. (Why use base 2 will be answered in the next section.)
(continued...)
The integers 2 through to 10 can all be expressed as 2index modulo 11. For example, 2 ≡ 21 ≡ 2 (mod 11).
Also, by Euler’s Theorem we have 2𝜙(11) ≡ 210 ≡ 1 (mod 11).
So far, we have:
0(mod 11)
210 ≡ 1(mod 11)
21 ≡ 2(mod 11)
Modulo 11
Figure 6.2 Integers 2k on the modulo 11 clock.
We use the Order Formula (6.8) with base a = 2 and k = 10 to find the order of the remaining inte-
gers modulo 11:
The order of 22 ≡ 4 (mod 11) is
10 10
= =5 [Using (6.8) with s = 2 and k = 10] .
gcd (2, 10) 2
10 10
= = 10 [Using (6.8) with s = 3 and k = 10] .
gcd (3, 10) 1
The order of 24 ≡ 16 ≡ 5 (mod 11) is
10 10
= =5 [Using (6.8) with s = 4 and k = 10] .
gcd (4, 10) 2
10 10
= =2 [Using (6.8) with s = 5 and k = 10] .
gcd (5, 10) 5
10 10
= =5 [Using (6.8) with s = 6 and k = 10] .
gcd (6, 10) 2
10 10
= = 10 [Using (6.8) with s = 7 and k = 10] .
gcd (7, 10) 1
10 10
= =5 [Using (6.8) with s = 8 and k = 10] .
gcd (8, 10) 2
IN D I C E S ( 2 4 6 – 2 5 3 ) 253
10 10
= = 10 [Using (6.8) with s = 9 and k = 10] .
gcd (9, 10) 1
Summarizing the above results in a table gives
Table 6.2
Integer j 1 2 3 4 5 6 7 8 9 10
Order of j (mod 11) 1 10 5 5 5 10 10 10 5 2
Note from the bottom row of the table that the order of j (mod 11) is a positive factor of 𝜙 (11) = 10.
In this example we use indices to base 2 to generate all the integers given in the above
table.
Why?
Well 2 modulo 11 has order 𝜙 (11) = 10. We will show in the next section that if the order
of r (mod n) is 𝜙 (n) then the following
{r, r 2 , r 3 , ⋯ , r 𝜙(n) }
gives a reduced residue system modulo n (see Proposition (6.11) given in the next section).
Such an r is called a primitive root of n. More on this in the next section.
Summary
k
Let a modulo n have order k. Then the integer as where s is a positive integer has order .
gcd (s, k)
EXERCISES 6.2
(Brief solutions at end of book. Full 3. Determine the order of the following
solutions available at <http://www.oup.co. integers modulo 2520:
1, 2, 3, 4, 5, 6, 7, 8, 9, 10 (mod 2520) .
1. Find the order of the following:
(a) 1 (mod 5) (b) 2 (mod 5) 4. Determine the following:
(c) 3 (mod 5) (d) 4 (mod 5)
31 , 32 , 33 , ⋯ , 3𝜙(17) (mod 17) .
2. Determine the order of the following:
(a) 2 (mod 11) (b) 3 (mod 11) What do you notice about the resulting
(c) 5 (mod 11) (d) 7 (mod 11) residues?
5. (i) Show that (b) Show that the order of

(n − 1) (mod n) where n > 2 is 2.
71 , 72 , 73 , ⋯ , 7𝜙(11) (mod 11)
10. (a) Let p be prime and gcd (a, p) = 1.
produce a reduced residue system
Show that if the order of a (mod p) is k
modulo 11 and complete the following
and k is even then
table:
k
Integer a 1 2 3 4 5 6 7 8 9 10 a 2 ≡ (p − 1) (mod p) .
S
s where 7 ≡
a (mod 11) (b) Let n ≥ 2 and gcd (a, n) = 1.
Disprove that if the order of a (mod n) is
(ii) By using your results of part (i), k
k and k is even then a 2 ≡ ±1 (mod n).
complete the following table:
11. Let n ≥ 2 and gcd (a, n) = 1. Disprove
Integer a 1 2 3 4 5 6 7 8 9 10 the following:
Order of
𝜙(n)
a (mod 11)
If a 2 ≢ 1 (mod n) then the order of
a (mod n) is 𝜙 (n).
6. Complete the following table which
gives the orders of integers modulo 13. 12. Let n ≥ 2 and gcd (a, n) = 1. Prove the
following:
Integer a 1 2 3 4 5 6 7 8 9 10 11 12 𝜙 (n)
Order of If ak ≢ 1 (mod n) for 1 ≤ k ≤ then
2
a (mod 13) the order of a (mod n) is 𝜙 (n).
13. Determine the order of 32 (mod 89).
7. Determine the orders of the complete
14. (a) Determine the order of
residue system modulo 12.
81 (mod 105) .
8. State the number of integers which have (b) Determine the order of
an order modulo n for
81 (mod 106) .
(a) n = 20 (b) n = 200
(c) n = 2000 (d) n = 20 000 15. Determine the least positive index x
such that 4x − 1 is divisible by 83.
9. (a) Show that the order of 1 (mod n)
is 1. 16. *Find the order of 2 (mod 1001).
.........................................................................................................
SECTION 6.3 Theory of Indices

● understand what is meant by a primitive root
● use properties of indices
● solve non-linear congruence equations
T H E O RY O F I N D I C E S ( 2 5 4 – 2 6 6 ) 255
6.3.1 Primitive roots
First, we define what is meant by a primitive root.
Definition (6.10). If a (mod n) has order 𝜙 (n) then a is called a primitive root modulo n
or just a primitive root of n.
Means the following:
a ≢ 1 (unless a = 1) , a2 ≢ 1 (unless 𝜙 (n) = 2) , ⋯ , a𝜙(n)−1 ≢ 1 but a𝜙(n) ≡ 1 (mod n) .
The first time aindex is congruent to 1 modulo n is when the index is the number 𝜙 (n). For
example, 2 is a primitive root of 11 because
21 ≡ 2, 22 ≡ 4, 23 ≡ 8, 24 ≡ 5, … , 29 ≡ 6 and 210 ≡ 1(mod 11).
Recall 𝜙 (11) = 10; the first index of 2 which is congruent to 1 (mod 11) is 10:
0(mod 11)
25 ≡ 10(mod 11)
210 ≡ (1mod 11)
26 ≡ 9(mod 11) 21 ≡ 2(mod 10)
23 ≡ 8(mod 11) Modulo 11 28 ≡ 3(mod 11)
27 ≡ 7(mod 11)
22 ≡ 4(mod 11)
29 ≡ 6(mod 11)
24 ≡ 5(mod 11)
Figure 6.3 Illustrates the integers 2k modulo 11.
Note that 2, 22 , ⋯, 2𝜙(11) covers a reduced residue system (mod 11) in some order.
Another example is that 2 is a primitive root of the prime 101. This means that the 100
numbers in
{2, 22 , 23 , ⋯ , 299 , 2100 } are congruent to {1, 2, 3, ⋯ , 99, 100} in some order.
How do we know that primitive roots exist in the general case?
In the next section we will show that every prime has a primitive root.
In Section 6.5 (website material) we will show that the integers n = 2, 4, pk , 2pk where p
is an odd prime have primitive roots.
Example 6.14
Show that 3 is a primitive root of 7.
Solution
The integer 7 is prime so 𝜙 (7) = 7 − 1 = 6. The positive divisors of 6 are 1, 2, 3, and 6. Evaluating
these indices to the base 3 yields:
31 ≡ 3, 32 ≡ 2, 33 ≡ 6 and 36 ≡ 1 (mod 7) .
Hence 3 is a primitive root of 7.
Example 6.15
Show that 2 is not a primitive root of 7.
Solution
Since 23 ≡ 1 (mod 7), so the order of 2 modulo 7 is 3 and not 6 which means 2 is not a primitive root
of 7.
Proposition (6.11). Let gcd (r, n) = 1 and r1 , r2 , r3 , ⋯ , r𝜙(n) be integers relatively prime to
n. If r is a primitive root of n, then
r, r 2 , r 3 , ⋯ , r 𝜙(n)
are congruent modulo n to r1 , r2 , r3 , ⋯ , r𝜙(n) in some order.
Proof.
See Exercises 6.3, question 20. These rj ’s where 1 ≤ j ≤ 𝜙 (n) are the reduced residue system
modulo n because gcd (rj , n) = 1.

6.3.2 Theory of indices
Let r be a primitive root of n. By the previous Proposition (6.11) we have that the first 𝜙 (n)
powers of r,
r, r 2 , r 3 , ⋯ and r 𝜙(n) ,
are congruent in some order to those residues in the reduced residue system.
From Example 6.14 we have seen that r = 3 is a primitive root of 7; the powers of 3 modulo
7 are:
31 ≡ 3, 32 ≡ 2, 33 ≡ 6, 34 ≡ 4, 35 ≡ 5 and 36 ≡ 1 (mod 7) . (†)
This set {1, 2, 3, 4, 5, 6} is the reduced system modulo 7 and each of these numbers in this
set are congruent to 3index modulo 7.
In general, if a is an arbitrary residue belonging to the reduced residue system then this
residue a can be expressed as
a ≡ r k (mod n)
for an index k where 1 ≤ k ≤ 𝜙 (n) and r is a primitive root of n.
Example 6.16
Given that 3 is a primitive root of 89, find the value of k such that 3k ≡ 81 (mod 89).
Solution
We have 34 ≡ 81 (mod 89), therefore k = 4.
k = 4 is called the index of 81 relative to 3 and normally denoted by ind3 (81) = 4 be-
cause
34 ≡ 81 (mod 89) .
We write the formal definition of index as follows:
Definition (6.12). Let r be a primitive root modulo n. If the gcd (a, n) = 1, then the smallest
positive index k such that
r k ≡ a (mod n)
is called the index of a relative to r. This k is denoted by indr (a) or just ind (a).
This definition says that if the number a is in the reduced residue system modulo n then
we can express it as a power of a primitive root of n.
Since r is a primitive root of n, so 1 ≤ indr (a) ≤ 𝜙 (n) (see Exercises 6.3, question 15). We
have k = indr (a), so the above definition can be written as:
(6.13) r indr (a) ≡ a (mod n) .
For simplicity, we will use this.
Example 6.17
Show that 2 is a primitive root of 5. Find the following with respect to modulo 5:
(a) ind2 (1) (b) ind2 (2) (c) ind2 (3) (d) ind2 (4) (e) ind2 (17)
Solution
Evaluating the powers of 2 we have
21 ≡ 2, 22 ≡ 4, 23 ≡ 3 and 24 ≡ 1( mod 5).
Hence 2 is a primitive root of 5. Using these results, we have
(a) ind2 (1) = 4 because from above we have 24 ≡ 1(mod 5).

(b) ind2 (2) = 1 because from above we have 21 ≡ 2 ( mod 5).
(c) ind2 (3) = 3 because from above we have 23 ≡ 3 ( mod 5).
(continued...)
(d) ind2 (4) = 2 because from above we have 22 ≡ 4 (mod 5).

(e) 17 is not amongst this list of powers of 2.
How do we evaluate ind2 (17)?

Well 17 ≡ 2 ( mod 5) and by part (b) we have ind2 (2) = 1, therefore
ind2 (17) = 1.
What does this result ind2 (17) = 1 mean?
17 ≡ 2 ≡ 21 (mod 5) .
In Proposition (6.15) we will show that if a ≡ b (mod n) then indr (a) = indr (b).
Example 6.18
Show that 3 is a primitive root of 5. Find the following with respect to modulo 5:
(a) ind3 (1) (b) ind3 (2) (c) ind3 (3) (d) ind3 (4) (e) ind3 (18)
Solution
Evaluating the powers of 3, we have
31 ≡ 3, 32 ≡ 4, 33 ≡ 2 and 34 ≡ 1 (mod 5).
Therefore, 3 is a primitive root of 5. Using these results gives:

(a) ind3 (1) = 4 (b) ind3 (2) = 3 (c) ind3 (3) = 1 (d) ind3 (4) = 2
(e) Similarly to the previous example, we have
18 ≡ 3 (mod 5) and by part (c) ind3 (3) = 1.
Hence ind3 (18) = 1.
6.3.3 Properties of indices
In this subsection we prove some of the rules of indices and you will notice that they are
analogous to the rules of logs in algebra, except that the base is a primitive root.
From the previous two examples we have
ind2 (2) = 1 and ind3 (3) = 1.
Can we say that indr (r) = 1?
Yes, but we need to prove this for the general case.
Proposition (6.14). Let r be a primitive root of n. Then indr (r) = 1.

Proof.
We have r 1 ≡ r (mod n), therefore indr (r) = 1.

Note that indr (r) = 1 is analogous to logm (m) = 1.

Proposition (6.15). Let r be a primitive root of n. If a ≡ b (mod n), then
indr (a) = indr (b) .
What does this proposition mean?
We have already seen this in Examples 6.17 (e) and 6.18 (e):
17 ≡ 2 ( mod 5) we had ind2 (17) = ind2 (2)

18 ≡ 3 ( mod 5) we had ind3 (18) = ind3 (3).
Proof.
We use the definition of the index given in (6.13):
r indr (a) ≡ a (mod n) .
Applying this, we have
r indr (a) ≡ a (mod n) and r indr (b) ≡ b ( mod n).
We are given that a ≡ b (mod n), therefore
r indr (a) ≡ r indr (b) (mod n).
Next, we use Proposition (6.6):

Let r modulo n have order k. Then r j ≡ rm (mod n) ⇔ j ≡ m (mod k).
We are given that r is a primitive root of n, so the order of r is 𝜙 (n). Applying this Propo-
sition (6.6) to r indr (a) ≡ r indr (b) (mod n) gives
indr (a) ≡ indr (b) (mod 𝜙 (n)) .
From the definition of index, we have
1 ≤ indr (a) ≤ 𝜙 (n) and 1 ≤ indr (b) ≤ 𝜙 (n) .
This implies that indr (a) = indr (b), which is our required result.

Proposition (6.16). Let r be a primitive root of n and indr (a) be the index of a relative to r.
Then we have the following results:
(a) indr (ab) ≡ indr (a) + indr (b) (mod 𝜙 (n))
(b) indr (ak ) ≡ k indr (a) (mod 𝜙 (n))
(c) indr (1) ≡ 0 (mod 𝜙 (n)) and indr (r) ≡ 1 (mod 𝜙 (n)).
Note the analogy of these results with logarithms:

(a) log (AB) = log (A) + log (B)
(b) log (An ) = n log (A)
(c) log (1) = 0 and loga (a) = 1.
How do we prove these results given in Proposition (6.16)?
We use the definition of the index given in (6.13):

r indr (a) ≡ a (mod n) .
Proof.
(a) Using the ordinary rules of indices, we have
r indr (a)+indr (b) = r indr (a) r indr (b) .
Applying Definition (6.13) on this,
r indr (a) ≡ a (mod n) and r indr (b) ≡ b (mod n).
Multiplying these two results and using the rules of indices gives
r indr (a)+indr (b) ≡ r indr (a) r indr (b) ≡ ab (mod n).
Using Definition (6.13) on indr (ab) gives
r indr (ab) ≡ ab (mod n).
Equating these results, r indr (a)+indr (b) ≡ ab ( mod n) and r indr (ab) ≡ ab (mod n), we have
r indr (a)+indr (b) ≡ r indr (ab) ≡ ab (mod n).
Applying Proposition (6.6) of Section 6.1:
r j ≡ rm ( mod n) ⇔ j ≡ m ( mod k) where k is the order of r (mod n),
to the last result,

r indr (a)+indr (b) ≡ r indr (ab) (mod n),
yields
indr (a) + indr (b) ≡ indr (ab) (mod 𝜙(n)).
Recall r is a primitive root, so the order of r is 𝜙 (n). This is our required result.

(b) We need to prove indr (ak ) ≡ k indr (a) (mod 𝜙(n)).
Again, applying the definition of the index (6.13),
r indr (a) ≡ a (mod n),
on indr (ak ) gives

k
r indr (a ) ≡ ak (mod n). (∗)
We have r indr (a) ≡ a (mod n). Taking this to the power k yields
k
(r indr (a) ) ≡ ak (mod n)
r k indr (a) ≡ ak (mod n). (∗∗)
Equating the two results, (∗) and (∗∗), we have

k
r indr (a ) ≡ r k indr (a) (mod n).
Again using Proposition (6.6),
r j ≡ rm ( mod n) ⇔ j ≡ m (mod k),

k
on r indr (a ) ≡ r k indr (a) (mod n) gives
indr (ak ) ≡ k indr (a) (mod 𝜙(n)).
(c) See Exercises 6.3, question 15.

6.3.4 Solving non-linear congruence (Diophantine) equations
We have solved linear congruences in Chapter 3, but in this section we solve non-linear
congruences where the index of the unknown is greater than 1.
We want to solve congruences of the type
xd ≡ a (mod n) (†)
where the integer index d > 1.

We convert this into linear form.
How?
By using the rules of indices that we’ve just established. By these rules we have
d ind (x) ≡ ind (a) (mod 𝜙 (n)) .
Under what conditions do we have a solution(s) to this linear congruence?
From Chapter 3, Proposition (3.16):
cx ≡ b (mod n) has exactly g solutions provided g | b where g = gcd (c, n) .
Applying this to the above linear congruence
d ind (x) ≡ ind (a) (mod 𝜙 (n))

implies that if g | ind (a) where g = gcd (d, 𝜙 (n)) then there are exactly g incongruent so-
lutions. If g does not divide ind (a) then this equation has no solutions, which implies that
the initial equation (†) has no solutions.
We can illustrate this as:
Non – linear congruence Linear congruence

xd =− a(mod n) d ind (x) =
− ind (a) (mod ϕ (n))
Taking indices
Figure 6.4 Converting non-linear to linear form.
Example 6.19
Solve 7x6 ≡ 6 (mod 13).
Solution
We want to use a small base to solve the given congruence. We need to first find a primitive root of
13 so that we can use the rules of indices that were established. The following evaluation shows that 2
is a primitive root modulo 13. (We can avoid all this computation, but it will help in solving the given
equation.)
21 ≡ 2 (mod 13) , 22 ≡ 4 (mod 13) , 23 ≡ 8 (mod 13)

24 ≡ 3 (mod 13) , 25 ≡ 24 × 2 ≡ 3 × 2 ≡ 6 (mod 13)
26 ≡ 25 × 2 ≡ 6 × 2 ≡ 12 (mod 13)
27 ≡ (−1) × 2 ≡ −2 ≡ 11 (mod 13)
28 ≡ (−2) × 2 ≡ −4 ≡ 9 (mod 13)
29 ≡ 9 × 2 ≡ 18 ≡ 5 (mod 13)
210 ≡ 5 × 2 ≡ 10 (mod 13)
211 ≡ 10 × 2 ≡ 7 (mod 13)
212 ≡ 1 (mod 13) .
We confirm that 2 is a primitive root of 13, since gcd (2, 13) = 1, 𝜙 (13) = 12, and the first index of 2
to give 1 (mod 13) is 12.
We create the table of indices based on these results:
Table 6.3
a 1 2 3 4 5 6 7 8 9 10 11 12
ind2 (a) 12 1 4 2 9 5 11 3 8 10 7 6
a ≡ b ( mod n) implies indr (a) = indr (b) .
Applying this to the given equation 7x6 ≡ 6 (mod 13) with r = 2 yields
ind2 (7x6 ) = ind2 (6) .

We use the rules of indices given in Proposition (6.16) to find x :
(b) indr (ak ) ≡ k indr (a) (mod 𝜙 (n)).
Since 13 is prime, so 𝜙 (13) = 12. Applying these rules to ind2 (7x6 ) = ind2 (6) yields:
ind2 (7) + ind2 (x6 ) ≡ ind2 (6) (mod 12)

ind2 (7) + 6 ind2 (x) ≡ ind2 (6) (mod 12) (∗)
By locating 6 and 7 in the top row of Table 6.3 and reading the corresponding entries in the bottom
row, we have ind2 (7) = 11 and ind2 (6) = 5. Substituting these into (∗) gives
11 + 6 ind2 (x) ≡ 5 (mod 12)

6 ind2 (x) ≡ −6 ≡ 6 (mod 12) .
Let g = gcd (6, 12) = 6, therefore simplifying this 6 ind2 (x) ≡ 6 (mod 12) gives
6 6 12
ind2 (x) ≡ (mod ) ⇒ ind2 (x) ≡ 1 (mod 2) .
6 6 6
Recall ind2 (x) ≡ 1 (mod 2) means ind2 (x) is one more than a multiple of 2; ind2 (x) = 1 + 2k where k is
an integer. Since g = 6 and 6 | 6, so we have six incongruent solutions. Substituting k = 0, 1, 2, 3, 4 5
into this ind2 (x) = 1 + 2k gives us
ind2 (x) ≡ 1, 3, 5, 7, 9, 11 (mod 12).
Locating these residues in the bottom row of Table 6.3 and reading off corresponding entries in the
top row yields
x ≡ 2, 8, 6, 11, 5, 7 (mod 13).
You may like to check that each of these solutions x ≡ 2, 5, 6, 7, 8, 11 (mod 13) satisfies the given
7x6 ≡ 6 (mod 13). Checking that x ≡ 2 (mod 13) works:
7 × 26 ≡ 7 × 64 ≡ 7 × (−1) ≡ −7 ≡ 6 (mod 13) .
Recall the given congruence 7x6 ≡ 6 (mod 13) means 7x6 is 6 more than a multiple of 13,
that is 7x6 = 6 + 13y, which is a non-linear Diophantine equation. Substituting the solution
x = 2 into this gives
448 − 6
7 × 26 = 448 = 6 + 13y which implies y= = 34.
13
Hence one solution to 7x6 = 6 + 13y is x = 2, y = 34. You are asked to find other solutions
in Exercises 6.3, question 16, where you will see that choosing a different primitive root of
13 will give the same solutions.
Example 6.20
Solve the following by using the primitive root 2 modulo 13:
8x ≡ 5 (mod 13) .
(continued...)
Solution
Applying the rules of indices to 8x ≡ 5 (mod 13) gives the linear form
x ind2 (8) ≡ ind2 (5) (mod 12).
Since we are using the same primitive root and modulo, so we can use the same Table 6.3 as the
previous example. Using Table 6.3 to find ind2 (8) and ind2 (5) gives
x (3) ≡ 9 ⇒ 3x ≡ 9 (mod 12) .
Again the gcd (3, 12) = 3 and 3 | 9, which implies we have three incongruent solutions.
Simplifying the above equation 3x ≡ 9 (mod 12) yields
x ≡ 3 (mod 4) , which implies x = 3 + 4k where k is an integer.
Substituting k = 0, 1, 2 gives x ≡ 3, 7, 11 (mod 12).

You can check that each of these x ≡ 3, 7, 11 (mod 12) are indeed the solutions to
8x ≡ 5 (mod 13) .
6.3.5 Testing xm ≡ a (𝐦𝐨𝐝 n) for solutions
We can use the following for testing if xm ≡ a (mod n) has solutions.
Proposition (6.17). Let n have a primitive root and a and n be relatively prime. The
congruence
xm ≡ a (mod n)
has a solution ⇔ a𝜙(n)/g ≡ 1 (mod n) where g = gcd (m, 𝜙 (n)). Additionally, there are
exactly g incongruent solutions.
Proof.

Example 6.21
Solve the following:

x 4 ≡ 12 (mod 13) .
Solution
First note that 12 ≡ −1 (mod 13). We know 𝜙 (13) = 12 and g = gcd (4, 12) = 4.
Substituting a = −1 into the previous Proposition (6.17) gives
12/4 3
1212/4 ≡ (−1) ≡ (−1) ≡ −1 (mod 13) .
Hence x 4 ≡ 12 (mod 13) has no solution because 1212/4 ≡ −1 ≢ 1 (mod 13).

You can actually show this non-linear congruence x 4 ≡ 12 (mod 13) has no solutions by
using Table 6.3 of Example 6.19:
4 ind2 (x) ≡ ind2 (12) (mod 12) ⇒ 4 ind2 (x) ≡ 6 (mod 12) .
The gcd (4, 12) = 4 and 4 6, so there are no solutions to x 4 ≡ 12 (mod 13). However,
the advantage of the previous Proposition (6.17) is that we don’t have to form a table of
values, as we know from the outset whether the given congruence has solutions.
Example 6.22
Solve x3 ≡ 12 (mod 13).
Solution
From the previous example we have 12 ≡ −1 (mod 13), 𝜙 (13) = 12, and g = gcd (3, 12) = 3.
Substituting a = −1 into Proposition (6.17) we have
12/3 4
(−1) ≡ (−1) ≡ 1 (mod 13) .
The given equation x3 ≡ 12 (mod 13) has solutions, and taking indices we have
3 ind2 (x) ≡ ind2 (12) (mod 12) [Converting to linear form].
Using Table 6.3 of Example 6.19 on 3 ind2 (x) ≡ ind2 (12) (mod 12) we have
3 ind2 (x) ≡ 6 (mod 12) .

The gcd (3, 12) = 3 and 3 | 6, therefore we have three incongruent solutions:
ind2 (x) ≡ 2 (mod 4) implies ind2 (x) ≡ 2, 6, 10 (mod 12).
Using the Table 6.3 of Example 6.19 in reverse direction gives
x ≡ 4, 12, 10 (mod 13) .
The given congruence x3 ≡ 12 (mod 13) means x3 is 12 more than a multiple of

13 therefore x3 = 12 + 13y. Substituting the solution x = 4 into this gives
64 − 12
43 = 64 = 12 + 13y implies y = = 4.
13
Hence one solution to the Diophantine equation x3 = 12 + 13y is x = 4, y = 4. Of course,
there are infinitely many solutions because x ≡ 4, 10, 12 (mod 13). If we substitute the other
two simplest values of x we obtain x = 10, y = 76 and x = 12, y = 132.
Summary
We use the following rules of indices to solve non-linear congruences:

(b) indr (ak ) ≡ k indr (a) (mod 𝜙 (n))
(c) indr (1) ≡ 0 (mod 𝜙 (n)) and indr (r) ≡ 1 (mod 𝜙 (n)) .
These rules help in converting a given non-linear congruence to linear form.
EXERCISES 6.3
(Brief solutions at end of book. Full the least non-negative residue x such
solutions available at <http://www.oup.co. that
uk/companion/NumberTheory>.) 7100 6100 ≡ x (mod 17).
1. Determine which of the following 10. Use this table of the primitive root 2 of
numbers are a primitive root of 7: 13 to answer the questions below.
(a) 3 (b) 5 a 1 2 3 4 5 6 7 8 9 10 11 12
2. Determine which of the following ind2 (a) 12 1 4 2 9 5 11 3 8 10 7 6
numbers are a primitive root of 11: (a) Solve the congruence

(a) 3 (b) 5 (c) 7 7x ≡ 3 ( mod 13).
3. Show that 2 is a primitive root (b) Find the least non-negative
modulo 9. remainder after 5100 × 750 × 999 is
4. Show that 5 is a primitive root divided by 13.
modulo 49. *(c) Determine the integers
1 ≤ a ≤ 12 such that x a ≡ 9 (mod 13)
5. Show that 7 is not a primitive root has no solutions.
modulo 19.
11. Determine the integers a such that
6. Determine a primitive root modulo 11. 1 ≤ a ≤ 16 and ax6 ≡ 8 (mod 17) has
By using this primitive root, solve the solutions.
following congruence equations:
12. Determine which of the following
(a) 2x 4 ≡ 7 (mod 11)
congruences are solvable:
(b) 3x2 ≡ 5 (mod 11)
(c) 5x5 ≡ 6 (mod 11) (a) x3 ≡ 89 (mod 197)
(b) x2 ≡ 89 (mod 197)
7. Assume that 2 is a primitive root of (c) x2 ≡ 197 (mod 89)
modulo 19. Solve the following: (d) x2 ≡ 218 (mod 111)
(a) 6x5 ≡ 7 (mod 19)
13. Determine the number of incongruent
(b) 4x9 ≡ 4 (mod 19)
solutions of:
(c) x6 ≡ 7 (mod 19)
(a) x3 ≡ 2 (mod 29)
8. Show that 3 is a primitive root modulo (b) x16 ≡ 25 (mod 29)
17. Complete the following table:
14. (i) Show that 3 is a primitive root
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 modulo 223 (223 is prime).
ind3 (a)
*(ii) Solve the quadratic congruence
Solve the following equations: x2 ≡ 183 (mod 223).
(a) x 4 ≡ 4 (mod 17) Find solutions to the Diophantine
(b) 12x8 ≡ 5 (mod 17) equation
(c) 12x8 ≡ 6 (mod 17) x2 = 183 + 223y.
(d) 5x ≡ 3 (mod 17)
*(iii) Solve the cubic congruence
9. By using the table you established x3 ≡ −1 (mod 223) and the
in the previous question, determine Diophantine equation
x3 + 1 = 223y.
I N TE G ER S WI T H P R I M I T I V E R O OTS ( 2 6 7 – 2 7 6 ) 267
15. (a) Let r be a primitive root modulo n. 19. Let p be prime and gcd (a, p) = 1.
Show that if a and n are relatively Prove that xm ≡ a(mod p) has a
prime then 1 ≤ indr (a) ≤ 𝜙 (n) . p−1
solution ⇔ a g ≡ 1(mod p) where
(b) Prove Proposition (6.16) (c). g = gcd (m, p − 1).
16. Show that 7 is a primitive root and use 20. Prove Proposition (6.11).
this to solve 7x6 ≡ 6 ( mod 13). Also
find solutions to the non-linear 21. *Prove Proposition (6.17).
Diophantine equation 7x6 = 6 + 13y. 22. *Let p be an odd prime and have a
17. Solve x 14
≡ 27 (mod 37) by using the primitive root. Show that
primitive root 2 of modulo 37. (a) x2 ≡ −1(mod p) has solutions
18. Let r be a primitive root of an odd ⇔ p ≡ 1(mod 4).
prime p. Prove that 4
(b) x ≡ −1(mod p) has solutions
p−1
indr (p − 1) = . ⇔ p ≡ 1(mod 8).
2
.........................................................................................................
SECTION 6.4 Integers with Primitive Roots

● determine all the incongruent primitive roots modulo a prime
● understand the proof that every prime modulo has a primitive root
We might not have realized from the last section, but not all integers have primitive roots.
In this section we examine which integers do have primitive roots.
6.4.1 Primitive roots of primes
We first test to see if we have any primitive roots of a prime modulo.
Example 6.23
Determine all the incongruent primitive roots modulo 13.
Solution
In Example 6.19 from the previous section we showed that 2 is a primitive root modulo 13. How can
we find if there are other primitive roots modulo 13?
By Corollary (6.9):
Let a modulo n have order k. Then as has order k ⇔ gcd (s, k) = 1.
(continued...)
The integer 2 modulo 13 has order k = 𝜙 (13) =12 because 2 is a primitive root. The integers which
are relatively prime to k =12 are s = 1, 5, 7, and 11. So the primitive roots are given by 2s because they
will have the same order as k = 12 by the above corollary:
21 ≡ 2, 25 ≡ 6, 27 ≡ 11 and 211 ≡ 7 (mod 13) .
Hence the primitive roots modulo 13 are 2, 6, 7, and 11.
This example demonstrates that if we can find one primitive root of a prime modulo then
we can find the others by using the above Corollary (6.9).
Next, we state the general case.
Proposition (6.18). Let r be a primitive root modulo p where p is prime. Then r m (mod p)
is also a primitive root modulo p, provided gcd (m, p − 1) = 1.
Proof.

Example 6.24
Determine all the incongruent primitive roots modulo 19.
Solution
First we need to find one primitive root modulo 19. From Exercises 6.3, question 7 we have that 2 is a
primitive root modulo 19.
As 19 is prime, so 𝜙 (19) = 18. Therefore, the order of 2 modulo 19 is 18.
Which natural numbers up to 18 are relatively prime to 18?
There are going to be 𝜙 (18) = 𝜙 (2) × 𝜙 (9) = 1 × (9 − 3) = 6 of these and they are
1, 5, 7, 11, 13, and 17.
By the previous Proposition (6.18), the primitive roots are given by these numbers as indices to the
base 2:
21 ≡ 2, 25 ≡ 13, 27 ≡ 14, 211 ≡ 15, 213 ≡ 3 and 217 ≡ 10 (mod 19) .
Hence the primitive roots modulo 19 are 2, 3, 10, 13, 14, and 15.
We will show in the next chapter that using the Law of Quadratic Reciprocity, which
is one of the most powerful results of number theory, makes finding a primitive root of a
prime number easier.
6.4.2 Number of solutions
The following is a version of Proposition (6.17) given in the last section.

Proposition (6.19). Let p be prime and d | (p − 1). The congruence
x d ≡ 1 (mod p)
has exactly d incongruent solutions.
Proof.

When d = p − 1, we have that the solutions x to Fermat’s Little Theorem,

xp−1 ≡ 1 (mod p), satisfy the reduced residue system (mod p) (see Exercises 6.4,
question 19).
Example 6.25
Solve x5 ≡ 1(mod 11).
Solution
How many solutions does the given congruence x5 ≡ 1 (mod 11) have?
By the previous Proposition (6.19):
Let d | (p − 1). The congruence x d ≡ 1 (mod p) has exactly d incongruent solutions.
We have 𝜙 (11) = 11 − 1 = 10 and 5 | 10, so we have five incongruent solutions modulo 11.
Next we find these five incongruent solutions. We test whether 2 is a primitive root modulo 11.
Evaluating the powers of 2 modulo 11 gives
21 ≡ 2, 22 ≡ 4, 23 ≡ 8, 24 ≡ 5, 25 ≡ 10, 26 ≡ 20 ≡ 9
27 ≡ 18 ≡ 7, 28 ≡ 14 ≡ 3, 29 ≡ 6, 210 ≡ 1 (mod 11) .
Hence 2 is a primitive root modulo 11. Creating the table for the primitive root 2 gives
Table 6.4
Integer a 1 2 3 4 5 6 7 8 9 10
ind2 (a) 10 1 8 2 4 9 7 3 6 5
Using the rules of indices to convert x5 ≡ 1 (mod 11) into linear form gives
ind2 (x5 ) ≡ ind2 (1) (mod 10)

5 ind2 (x) ≡ ind2 (1) (mod 10) . (∗)
From Table 6.4 we have ind2 (1) = 10. Substituting this ind2 (1) = 10 into (∗) yields
5 ind2 (x) ≡ 10 (mod 10) ⇒ ind2 (x) ≡ 2 ≡ 0 (mod 2) .
From this ind2 (x) ≡ 2 ≡ 0 (mod 2) we have ind2 (x) = 0 + 2k = 2k (even integer):
ind2 (x) ≡ 2, 4, 6, 8, 10 (mod 10).
Locating these integers in the bottom row of the above Table 6.4 and reading off the corresponding
entries in the top row yields
(continued...)
x ≡ 4, 5, 9, 3, 1 (mod 11).
Putting these into ascending order gives the five incongruent solutions
x ≡ 1, 3, 4, 5, 9 (mod 11).
Check that these solutions satisfy the given equation x5 ≡ 1(mod 11).
The given congruence x5 ≡ 1 (mod 11) implies that x5 is one more than a multiple of 11;
5
x = 1 + 11y, which is a non-linear Diophantine equation. Checking one of the solutions
found in the previous example, x ≡ 3 (mod 11), we have
35 = 243 = 1 + (11 × 22) .
Hence x = 3, y = 22 is one solution to the Diophantine equation x5 = 1 + 11y.
6.4.3 Proof of primitive roots modulo a prime
In this subsection we prove that every prime has a primitive root. It is a challenging proof,
but we have broken it into smaller pieces to sweeten the pill.
Lemma (6.20). Let p be a prime number and d be a positive divisor of p − 1. The number
of positive integers less than p of order d modulo p is 0 or 𝜙 (d).
Proof.
For each divisor d of p − 1, let N (d) be the number of positive integers a such that
1 ≤ a ≤ p − 1 and the order of a modulo p is d.
We consider two cases:
Case I is where there is no integer of order d.
Case II is where there is an integer of order d.
Case I
If there is no integer of order d modulo p then clearly N (d) = 0. We have our required result
because N (d) = 0.
Case II
Let there be an integer a modulo p of order d. Then we have
ad ≡ 1 (mod p) . (†)
Let a modulo n have order k. Then the integers a, a2 , ⋯ , ak are incongruent modulo n.
Therefore, a, a2 , a3 , ⋯ , ad are incongruent modulo p and these d integers are the solu-
tions of x d ≡ 1 (mod p).
Why?
Because for 1 ≤ j ≤ d we have

d j
(a j ) ≡ (ad ) ≡
⏟ 1j ≡ 1 (mod p) .
By (†)
We examine the order of a j (mod p). By Corollary (6.9):

Let a modulo n have order d. Then as has order d ⇔ gcd (s, d) = 1.
Therefore a j has order d ⇔ gcd ( j, d) = 1.
By the definition of Euler’s totient function we have that there are 𝜙 (d) positive integers
j such that 1 ≤ j ≤ d, which are relatively prime to d.
Hence there are exactly 𝜙 (d) positive integers a j modulo p which have order d.
Thus N (d) = 𝜙 (d).
Combining both cases we have N (d) = 0 or N (d) = 𝜙 (d).

Example 6.26
This is Table 6.2 ( j is replaced by a) established in Example 6.13 giving the integer modulo 11 and its
order:
Integer a 1 2 3 4 5 6 7 8 9 10
Order of a (mod 11) 1 10 5 5 5 10 10 10 5 2
Find N (d) where N (d) is the number of positive integers a such that 1 ≤ a ≤ 𝜙 (11) and the order of
a (mod p) is d where d | (p − 1). Also determine ∑ N (d).
d | (p−1)
What do you notice about your result?
Solution
Since 11 is prime, so 𝜙 (11) = 10 and we use Corollary (6.5):
Let a modulo n have order k. Then k | 𝜙 (n).
The order of a (mod p) is a positive divisor of 𝜙 (11) = 10. (See bottom row of the above table.) The
positive divisors of 10 are 1, 2, 5, and 10.
From the bottom row of the above Table 6.2 we have
N (1) = 1, N (2) = 1, N (5) = 4 and N (10) = 4.
Adding these gives
∑ N (d) = N (1) + N (2) + N (5) + N (10) = 1 + 1 + 4 + 4 = 10.

d | 10
Note that ∑ N (d) = 10 = 𝜙 (11) because

d | 10
N (1) = 𝜙 (1) = 1, N (2) = 𝜙 (2) = 1, N (5) = 𝜙 (5) = 4, N (10) = 𝜙 (10) = 4.

This last result ∑ N (d) = 10 = 𝜙 (11) is no coincidence, but is a general result:

d | 10
∑ N (d) = 𝜙 (p) where p is prime.

d | (p−1)
Theorem (6.21). Let p be a prime number and d be a positive divisor of p − 1. There are
exactly 𝜙 (d) incongruent integers modulo p of order d.
Proof.
Let d be a positive divisor of p − 1 and N (d) denote the number of integers a such that
1 ≤ a ≤ p − 1 and the order of a modulo p is d.
By Corollary (6.5):
Let the integer a modulo n have order k. Then k | 𝜙 (n).
This implies that every integer a in 1 ≤ a ≤ p − 1 must have an order which is a positive
divisor of 𝜙 (p) = p − 1. Therefore, each of these a’s has an order d where d | (p − 1). Let
d1 , d2 , ⋯ , dk be the positive divisors of p − 1. By the previous Lemma (6.20) we have
∑ N (d) = N (d1 ) + N (d2 ) + ⋯ + N (dk )

|
d (p−1)
= [0 or 𝜙 (d1 )] + [0 or 𝜙 (d2 )] + ⋯ + [0 or 𝜙 (dk )] = p − 1. (∗)
Also, by Exercises 5.1, question 27 (iii) we have Gauss’s Theorem:
∑ 𝜙 (d) = n.
d|n
Applying this we have
∑ 𝜙 (d) = 𝜙 (d1 ) + 𝜙 (d2 ) + ⋯ + 𝜙 (dk ) = p − 1. (∗∗)

d | (p−1)
Equating (∗) and (∗∗) yields
∑ N (d) = ∑ 𝜙 (d) = p − 1.
d | (p−1) d | (p−1)
This last line implies N (dj ) = 𝜙 (dj ) where 1 ≤ j ≤ k.
Why?
Because if N (dj ) = 0 rather than 𝜙 (dj ) then (∗) and (∗∗) would not equate.
Hence for a general positive divisor d of p − 1 we have N (d) = 𝜙 (d), so we have exactly
𝜙 (d) incongruent integers modulo p of order d.

Primitive Root Theorem (6.22). Every prime p has a primitive root and there are 𝜙 (p − 1)
incongruent primitive roots.
Proof.
Apply the previous theorem with d = p − 1 because (p − 1) | (p − 1). Hence there are
𝜙 (p − 1) incongruent integers of order p − 1 modulo p. Therefore, there are 𝜙 (p − 1) ≥ 1
primitive roots of p.
Every prime has a primitive root and there are 𝜙 (p − 1) of them.

We can use a primitive root of prime moduli to prove some important results such as
Wilson’s Theorem (4.4) (see Exercises 6.4, question 20).
Summary
In this section we have proved that every prime has a primitive root and found all the incongruent
primitive roots modulo a prime.
EXERCISES 6.4
(Brief solutions at end of book. Full 4. Show that if d is even then

solutions available at <http://www.oup.co. (p − 1) (mod p) is a solution to
xd − 1 ≡ 0 (mod p)
1. Determine all the incongruent
primitive roots of the following primes: where p is prime.
(a) 7 (b) 11 (c) 17 (d) 23 5. Determine the least non-negative
residues x in the following:
2. Solve the following congruences:
(a) x ≡ 1 + 2 + 22 + 23 +
(a) x3 ≡ 1 (mod 7)
24 + 25 (mod 7)
(b) x 4 ≡ 1 (mod 13)
(c) x11 ≡ 1 (mod 23) (b) x ≡ 1 + 3 + 32 + 33 +
34 + 35 (mod 7)
3. Consider the congruence
(c) x ≡ 1 + 3 + 32 + 33 + 34 + 35 +
d
x − 1 ≡ 0 (mod 19) . 36 + 37 + 38 + 39 (mod 11)
Solve this congruence for all d which (d) x ≡ 1 + 2 + 22 + 23 + 24 + 25 +
are the positive factors of 𝜙 (19). 26 + 27 + 28 + 29 + 210 + 211 (mod 13).
What do you notice about your result when What do you notice about your results?
d = 𝜙 (19)?
∗
6. Let p be an odd prime. Prove that if 13. The integers 2, 3, 10, 13, 14, and 15 are
p r and r ≢ 1 (mod p) then the primitive roots modulo 19.
Determine the least non-negative
1 + r + r 2 + ⋯ + r p−3 + r p−2 ≡ 0 (mod p) . residue x in the product
If r ≡ 1(mod p), then determine the x ≡ 2 × 3 × 10 × 13 × 14 × 15 (mod 19) .
least non-negative residue x in
14. Let r be a primitive root modulo prime
1 + r + r 2 + ⋯ + r p−3 + r p−2 ≡ x (mod p) . p. Prove that the multiplicative inverse
of r (mod p) is also a primitive root
modulo p.
8. Let r1 and r2 be incongruent primitive
roots modulo p where p is an odd 15. *Prove that the product of all the
prime. Show that r1 × r2 is not incongruent primitive roots of a prime
necessarily a primitive root p is congruent to 1 (mod p).
modulo p. 16. (i) Show that 3 is a primitive root
3
9. The incongruent primitive roots modulo F3 = 22 + 1 (F3 is a Fermat
modulo 19 are 2, 3, 10, 13, 14, and 15. prime).
Determine the order of (ii) Solve the quadratic congruence
(a) −2 (mod 19) x2 ≡ −1 (mod F3 ) .
(b) −3 (mod 19)
[The square roots of −1 (mod F3 ).]
(c) −10 (mod 19)
(d) −13 (mod 19) 17. (i) Show that 2 is a primitive root
(e) −14 (mod 19) modulo 243.
(f) −15 (mod 19) (ii) Solve the quadratic congruence
10. *Let p (be an odd prime) of the form x2 ≡ 82 (mod 243) .
p ≡ 3 (mod 4). Also let r be a primitive
root modulo p. Prove that −r has [Note 243 is composite.]
p−1 18. **Prove Proposition (6.19).
order .
2
11. The incongruent primitive roots [Hint: Use Lagrange’s Theorem:
modulo 17 are 3, 5, 6, 7, 10, 11, 12, Let
and 14.
P (x) = cm xm + cm−1 xm−1 + ⋯ + c1 x + c0
Determine the order of:
where cm ≢ 0 (mod p) and p is prime.
(a) −3 (mod 17)
(b) −5 (mod 17) Then polynomial congruence
(c) −6 (mod 17)
P (x) ≡ 0 (mod p)
(d) −7 (mod 17)
(e) −10 (mod 17) has at most m incongruent solutions.
(f) −11 (mod 17) We proved this (Lagrange) result in
(g) −12 (mod 17) Supplementary Problems 3,
(h) −14 (mod 17) question 3.23.]
12. *Let p be an odd prime of the form 19. Prove that the solutions a of FlT (4.1)
p ≡ 1(mod 4). Also let r be a primitive belong to the reduced residue system
root modulo p. Prove that −r is also a modulo p where p is prime:
primitive root of p.
If ap−1 ≡ 1 (mod p) then p a.
∗
20. Prove Wilson’s Theorem (4.4) by (b) Show that the quadratic
using a primitive root of a prime: Diophantine equation x2 = r + 61y,
where r is a primitive root of 61, has no
If p is prime then
solutions.
(p − 1)! ≡ −1 (mod p).
(c) Show that the quadratic
21. Solve the non-linear Diophantine Diophantine equation x2 = r + py,
equation x6 = 1 + 13y. where p is an odd prime and r is a
22. (a) The prime 61 has 2 as a primitive primitive root, has no solutions.
root. Find all the primitive roots of 61.
.........................................................................................................
(Brief solutions at end of book. Full (ii) Determine the multiplicative

solutions available at <http://www.oup.co. inverse of 5 (mod 13).
uk/companion/NumberTheory>.) (iii) Solve the congruence
6.1. Determine the orders of 3: 8x7 ≡ 12 (mod 13).
(a) modulo 7 (b) modulo 13 (iv) Solve the congruence
(c) modulo 23 (d) modulo 29
8x6 ≡ 12 (mod 13).
For which of these moduli prime is 3 a (v) Solve the congruence
primitive root?
8x8 ≡ 12 (mod 13).
6.2. (i) Determine the order of 5
6.6. Show that 5 is a primitive root of 23.
modulo 31.
Complete the following table:
(ii) Find the least non-negative
a 1 2 3 4 5 6 7 8 9 10 11
residue x (mod 31) such that
ind5 (a)
51000 ≡ x (mod 31) .
a 12 13 14 15 16 17 18 19 20 21 22
6.3. Determine the order of 7 modulo ind5 (a)
100. Hence, or otherwise, find the
last two digits of 71003 . Solve the following equations:
6.4. Find the order and multiplicative (a) x12 ≡ 4 (mod 23)
inverse of 10 (mod 37). Solve the (b) 7x10 ≡ 2 (mod 23)
linear congruence (c) 9x11 ≡ 14 (mod 23)
(d) 11x ≡ 5 (mod 23)
10x ≡ 21 (mod 37) .
6.7. By using the table established in your
6.5. By using the following table of the answer to the previous question,
primitive root 2 of modulo 13: determine the least non-negative
a 1 2 3 4 5 6 7 8 9 10 11 12
residue x (mod 23) in each of the
ind2 (a) 12 1 4 2 9 5 11 3 8 10 7 6 following cases:
(i) Solve the congruence (a) 669 770 ≡ x (mod 23)

(b) x ≡ 9666 11100 171000 (mod 23)
5x7 ≡ 1 (mod 13).
6.8. The integer 2 is the least primitive 6.15. Let a modulo n have order k. Show
root of the prime 19. that am has order k ⇔ gcd (k, m) = 1.
6.16. Let r be a primitive root of the prime
a 1 2 3 4 5 6 7 8 9 10 11
ind2 (a) 18 1 13 2 16 14 6 3 8 17 12 p. Prove that the least non-negative
residue of r m (mod p) is also a
a 12 13 14 15 16 17 18 primitive root of
ind2 (a) 15 5 7 11 4 10 9 p ⇔ gcd (m, p − 1) = 1.
6.17. Prove that if n has a primitive root
By using this table or otherwise,
then it has exactly 𝜙 (𝜙 (n))
determine the least non-negative
incongruent primitive roots.
residue x (mod 19) in each of the
following cases: 6.18. Let a > 1. Prove that if a has order
n − 1 modulo n then n is prime.
(a) x ≡ 5100 7100 8100 9100 (mod 19)
6.19. Solve x6 ≡ 11 (mod 19) and the
(b) x ≡ 111 000 001 151 000 003 181 000 007
Diophantine equation x6 = 11 + 19y.
(mod 19)
100 6.20. **Find a positive integer n which has
(c) x ≡ 5100 (mod 19)
100 100 no primitive roots.
[recall 5100 = 5(100 ) .]
6.21. Let the positive integers m and n have
[Hint: You may find the following
primitive roots. Show that mn does
result useful for part (c):
not necessarily have primitive roots.
10n ≡ 10 (mod 18) .]
6.22. *(i) Let r be an odd integer. Prove
m−2
6.9. Let a be a primitive root of p where p that r 2 ≡ 1 (mod 2m ) for m ≥ 3.
is prime. Show that
(ii) Prove that the integer 2m for
k
a ≢ 1 (mod p) m ≥ 3 has no primitive roots.
where 1 ≤ k < p − 1. 6.23. *Show that if m, n > 2 and
6.10. Determine the order of gcd (m, n) = 1 then the integer mn
10 modulo 18. has no primitive roots.
6.11. Solve the following:

[Hint: You may find the following
3
(a) x ≡ 2 (mod 37) from Exercises 3.4, question 8 (c)
(b) x16 ≡ 10 (mod 37) helpful:
by using the primitive root 2 of 37. a ≡ b (mod mk ) for k = 1, 2, ⋯ , r
6.12. Let the order of a(mod n) and ⇔ a ≡ b (mod [m1 , m2 , ⋯ , mr ]).]
b (mod n) be r. Show that the order
of ab (mod n) is not necessarily equal The square brackets represent the
to r by considering: LCM of the integers.
(a) modulo 9 (b) modulo 19 6.24. **Let n be a positive integer which
6.13. *Prove that the order of has no primitive roots. Prove that
a modulo (an − 1) is n. 𝜙(n)
6.14. Let n = 2m . If the order of a modulo r 2 ≡ 1 (mod n)

m−1
n is k, show that k | 2 . for every r such that gcd (r, n) = 1.
..............................................................................................................................
7 Quadratic Residues
..............................................................................................................................
SECTION 7.1 Introduction to Quadratic Residues

● understand what is meant by a quadratic residue
● test which integers are quadratic residues
● solve quadratic congruences
7.1.1 Introduction
In Chapter 3 we solved linear congruences ax ≡ b (mod n), but in this chapter we test
whether the quadratic congruence x 2 ≡ a (mod p) where p is an odd prime has solutions.
If it does, then, by the definition of congruence, p (x 2 − a). We will use this to find the
prime factorization of integers such as x 2 + 1, x 2 − 2, x 2 − 3, ⋯.
If x 2 ≡ a (mod p) has a solution x, then we say x is the square root of a modulo p.
Equations of this type, x 2 ≡ a (mod p), are called quadratic congruences and are gener-
ally difficult to solve. For example, the solution to x 2 ≡ 2 (mod 127) could be any integer
1, 2, 3, …, 126 (mod 127) and we solve this in Example 7.5 later in this section. First, we
solve some simpler quadratic congruences.
Example 7.1
Determine x 2 for all the least positive residues modulo 11.
Solution
Let x = 1, 2, 3, ⋯ , 10. Tabulating and evaluating x 2 (mod 11):
Table 7.1
x 1 2 3 4 5 6 7 8 9 10
x 2 (mod 11) 1 4 9 5 3 3 5 9 4 1
Note that x 2 (mod 11) cannot take all the values 1, 2, ⋯ , 10 (mod 11). The congruence x 2 (mod 11)
can only be 1, 3, 4, 5, and 9 modulo 11, which are graphed in Figure 7.1.
(continued...)
278 7 Q UA DRATIC R E S I D U E S
x2 (mod 11) Line of symmetry

10
x
1 2 3 4 5 6 7 8 9 10
Figure 7.1
Sketching the modulo 11 clock, we have that x 2 (mod 11) only stops at junctions 1, 3, 4, 5, and 9
modulo 11:
0(mod 11)
10(mod 11) 1(mod 11)
9(mod 11)
2(mod 11)
8(mod 11) Modulo 11

3(mod 11)
7(mod 11)
4(mod 11)
6(mod 11) 5(mod 11)

Figure 7.2
Hence x 2 (mod 11) will not stop at junctions 2, 6, 7, 8, and 10 modulo 11.
Why does x 2 (mod 11) only take values 1, 3, 4, 5, and 9 modulo 11?
2
Remember 10 ≡ −1 (mod 11) so 102 ≡ (−1) ≡ 1 (mod 11). Similarly,
2
9 ≡ −2 implies 92 ≡ (−2) ≡ 4 (mod 11)
2
8 ≡ −3 implies 82 ≡ (−3) ≡ 9 (mod 11)
2
7 ≡ −4 implies 72 ≡ (−4) ≡ 16 ≡ 5 (mod 11)
2
6 ≡ −5 implies 62 ≡ (−5) ≡ 25 ≡ 3 (mod 11) .
Note the symmetrical nature of the above graph and Table 7.1 (bottom row).
IN T RO D U C T I O N TO Q UA D R AT I C R E S I D U E S ( 2 7 7 – 2 8 9 ) 279
We say 1, 3, 4, 5, and 9 are the quadratic residues of 11 and 2, 6, 7, 8, and 10 are the
quadratic non-residues of 11.
If a is a quadratic non-residue of p then the equation x 2 ≡ a (mod p) has no solution.
7.1.2 Quadratic residues modulo p
For most of this chapter we confine ourselves to modulo p where p is an odd prime.
The formal definition of quadratic residue is:
Definition (7.1). Let p be an odd prime. The integer a is a quadratic residue of p if
x 2 ≡ a (mod p) where p a has a solution.
If the quadratic equation x 2 ≡ a (mod p) has no solution, then we say that a is a quadratic
non-residue of p.
Example 7.2
Solve the congruence x 2 ≡ 2 (mod p) for (i) p = 7 (ii) p = 13.
Solution
(i) Let x = 1, 2, 3, ⋯ , 6. Tabulating and evaluating x 2 (mod 7):
Table 7.2
x 1 2 3 4 5 6
x 2 (mod 7) 1 4 2 2 4 1
Hence x 2 ≡ 2 (mod 7) implies x ≡ 3 or 4 (mod 7). This means that the square roots of
2 (mod 7) are 3 or 4 (mod 7). This is represented graphically as follows:
x2 (mod 7)
5 Line of symmetry
2 x2 ≡ 2(mod 7)
x
1 2 3 4 5 6
Figure 7.3
(continued...)
(ii) Similarly, for x 2 (mod 13) we have:

Table 7.3
x 1 2 3 4 5 6 7 8 9 10 11 12
x 2 (mod 13) 1 4 9 3 12 10 10 12 3 9 4 1
By looking at the bottom row of this Table 7.3 we see that there is no x such that
x 2 ≡ 2 (mod 13).
Hence x 2 ≡ 2 (mod 13) has no solution which means there is no square root of 2 (mod 13).
Graphing these points gives:
x2 (mod 13) Line of symmetry
12
10
8
6
4
2 x2 ≡ 2(mod 13)
x
1 2 3 4 5 6 7 8 9 10 11 12 13
Figure 7.4
Since there is no intersection on the line x 2 ≡ 2 (mod 13), so there is no solution.
Creating a table for p = 7, 11, or 13 is simple enough, but if p = 29 then we don’t want to
evaluate x 2 (mod 29) for x = 1, 2, 3, ⋯ , 28.
Is there a simpler way of deciding whether a given integer is a quadratic residue of 29?
Yes, as we will see in Example 7.3 later in this section. First note that we do not need to
evaluate all the residues
2
12 , 22 , 32 , ⋯ , (p − 1) (mod p) .
Why not?
2 2 2 2
Because (p − 1) ≡ (−1) ≡ 12 (mod p), (p − 2) ≡ (−2) ≡ 22 (mod p) , … and we have the
following general result:
2
Proposition (7.2). Let p be prime then (p − a) ≡ a2 (mod p).
Proof.
2 2
(p − a) ≡ (−a) ≡ a2 (mod p) .

We can use this Proposition (7.2) to solve quadratic congruences; x 2 ≡ a (mod p).
Consider the congruence x 2 ≡ 4 (mod 29). Clearly x ≡ 2 (mod 29) is a solution to this.
By Proposition (7.2) we see that another solution is
x ≡ −2 ≡ 29 − 2 ≡ 27 (mod 29).
How many solutions does the general quadratic congruence x 2 ≡ a (mod p) have?
We have two or no solutions, provided p does not divide a.
Proposition (7.3). Let p be an odd prime and p a. The quadratic congruence
x 2 ≡ a (mod p)
has no solutions or exactly two incongruent solutions.
Proof.
Let r be a primitive root of p. (We always have a primitive root of a prime p—see Primitive
Root Theorem (6.22) of the last chapter.)
Then taking indr of both sides of the given congruence x 2 ≡ a (mod p) yields
indr (x 2 ) ≡ indr (a) (mod p − 1) [Remember 𝜙 (p) = p − 1].
To convert this to linear form we use the rules of indices of Proposition (6.16) (b) in the last
chapter:
indr (b k ) ≡ k × indr (b) (mod 𝜙 (n)).
Applying this to the above congruence indr (x 2 ) ≡ indr (a) (mod p − 1) gives
2 × indr (x) ≡ indr (a) (mod p − 1) . (∗)
This is now a linear congruence which we dealt with in Chapter 3.

Making use of Proposition (3.16):
cx ≡ b (mod n) has g incongruent solutions, provided g b where g = gcd (c, n).
From (∗) we have g = gcd (2, p − 1) = 2 because p is an odd prime, so p − 1 is even.

By Proposition (3.16), the linear congruence (∗) has a solution provided 2 indr (a). In
this case it has exactly two incongruent solutions. If 2 indr (a) then (∗) has no solutions.
Hence x 2 ≡ a (mod p) has exactly two incongruent solutions or no solutions.

This proposition means that if the square root of a (mod p) exists then it will have exactly
two square roots. Note that we must have an odd prime modulo p, as this result does not
hold for composite moduli. For example
x 2 ≡ 4 (mod 15) ⇒ x ≡ 2, 7, 8, 13 (mod 15) [Four solutions].

7.1.3 Number of quadratic residues
How many quadratic residues do we have of an odd prime p?
From Examples 7.1 and 7.2 we had the following results:
(a) (b) (c)
1 2
1 2 3 5
1 3 3 6 4 6
2 5 4 7 9 7
4 6 5 8 10 8
9 10 12 11
Quadratic Quadratic Quadratic Quadratic Quadratic Quadratic

residues non-residues residues non-residues residues non-residues
p=7 p = 11 p = 13
Figure 7.5
What is the number of quadratic and quadratic non-residues of p?
For all these examples the split between quadratic and quadratic non-residues of p is half
p−1
and half. That is, there are quadratic residues and the same number of quadratic
2
non-residues. This means that for half the residues we can find square roots and for the
other half we cannot.
This is always the case for an odd prime. Next, we prove this for the general case.
p−1
Proposition (7.4). Let p be an odd prime. Then there are exactly quadratic residues
2
p−1
and quadratic non-residues of p.
2
Proof.
Consider the quadratic congruence x 2 ≡ a (mod p).
Let r be a primitive root modulo p. Applying the rules of indices of Chapter 6 we have
2 indr (x) ≡ indr (a) (mod p − 1) [Linear form].
Then, by the proof of the previous Proposition (7.3), we have that this congruence,
2 indr (x) ≡ indr (a) (mod p − 1), only has solutions provided 2 indr (a). This means that
we only have solutions if indr (a) is even.
By Exercises 6.3, question 15 (a):
1 ≤ indr (a) ≤ 𝜙 (n),
we have that indr (a) goes through all the integers 1, 2, 3, ⋯ , p − 1 and there are exactly
p−1 p−1
even numbers in this list. Hence there are exactly quadratic residues of p.
2 2
p−1 p−1
Similarly, there are odd numbers in the list 1, 2, 3, ⋯ , p − 1, so there are
2 2
quadratic non-residues of p.

101 − 1 503 − 1
For example, 101 has = 50 quadratic residues and 503 has = 251
2 2
quadratic residues. Note that both 101 and 503 are primes.
7.1.4 Determining the quadratic residues
The previous Proposition (7.4) gives us the number of quadratic residues of p, but not the
actual residues themselves. We need a way to check whether a given integer is a quadratic
residue of p. The next theorem gives us a method for testing whether a given integer is a
quadratic residue of p or not.
Euler’s Criterion (7.5). Let p be an odd prime such that p a. Then

p−1
a is a quadratic residue of p ⇔ a 2 ≡ 1 (mod p) .
Proof.
We have an if and only if, ⇔, so we need to prove this both ways.
p−1
(⇒). Let a be a quadratic residue of p. We need to prove a 2 ≡ 1 (mod p).
By the definition of quadratic residue, there is a solution x to the congruence
x 2 ≡ a (mod p) .
p−1
Taking this congruence x 2 ≡ a (mod p) to the power yields
2
p−1 p−1
(x 2 ) 2 ≡
⏟ xp−1 ≡ a 2 (mod p) . (∗)
By the rules of indices
We have p x.
Why?
Suppose p x then p x 2 , and so x 2 ≡ 0 (mod p). However, from above, x satisfies
x 2 ≡ a ≡ 0 (mod p) implies p a.
We are given p a. This is a contradiction so p x.

By Fermat’s Little Theorem (4.1):
Let p be a prime number such that p n. Then np−1 ≡ 1 (mod p).
From the above congruence (∗) we have
p−1
xp−1 ≡ 1 ≡ a 2 (mod p) .
p−1
Thus we have a 2 ≡ 1 (mod p).
p−1
(⇐). For this part we assume a 2 ≡ 1 (mod p). We need to prove that a is a quadratic
residue of p. This means we need to find an x such that x 2 ≡ a (mod p).
Let r be a primitive root of p. Since r is a primitive root, so there is an integer k such that
r k ≡ a (mod p) . (†)
p−1
Raising this congruence to the power gives
2
p−1 k(p−1) p−1
(r k ) 2
≡
⏟ r 2 ≡a 2 ≡ 1 (mod p) .
By rules of indices
Since r is a primitive root, so the order of r is p − 1. We use Proposition (6.4):
Let a modulo n have order k. Then ah ≡ 1 (mod n) ⇔ k h.

k(p−1)
From above we have r 2 ≡ 1 (mod p), so applying Proposition (6.4) to this gives
k (p − 1) k (p − 1)
(p − 1) which implies (p − 1) m = where m is an integer. Transposing
2 2
this to make k the subject gives k = 2m.
Substituting this k = 2m into (†) yields
2
r k ≡ r 2m ≡
⏟ (r m ) ≡ a (mod p) .
By rules of indices
Let x = r m , therefore x 2 ≡ r 2m ≡ a (mod p), so a is a quadratic residue of p.

Now we use this result (7.5) to test whether various integers are quadratic residues of 29.
Example 7.3
Determine whether the following integers are quadratic residues of prime 29:
(a) 2 (b) 5 (c) 28 (d) 11
Solution
In each case we apply Euler’s Criterion (7.5) with p = 29:
p−1
a is a quadratic residue of p ⇔ a 2 ≡ 1 (mod p).
p − 1 29 − 1
We have = = 14.
2 2
29−1
(a) In this case let a = 2 and find x such that 2 2 ≡ 214 ≡ x (mod 29). Evaluating a lower index
of 2:
25 ≡ 32 ≡ 3 (mod 29).
We use this to evaluate 214 . Writing the index 14 as a multiple of 5 plus any remainder,
14 = (2 × 5) + 4. Therefore,
2
214 ≡ 2(2×5)+4 ≡ (25 ) × 24 [By the rules of indices]
≡
⏟ 32 × 16 ≡ 144 ≡ 28 ≡ −1 (mod 29).
From above
Since 214 ≡ −1 ≢ 1 (mod 29), so 2 is a quadratic non-residue of 29.

(b) Similarly let a = 5, then we need to find the least positive residue of 514 modulo 29. We have
3
52 ≡ 25 ≡ −4 (mod 29) and (−4) ≡ −64 ≡ −6 (mod 29).
Combining these together we have
3 3
56 ≡ (52 ) ≡ (−4) ≡ −6 (mod 29).
We use this to evaluate 514 modulo 29:
514 ≡ 5(2×6)+2 ≡ 52×6 × 52 [By the rules of indices]

2 2
≡ (56 ) × 52 ≡ (−6) × (−4) [From above]
≡ 36 × (−4) ≡ 7 × (−4) ≡ −28 ≡ 1 (mod 29).
Since 514 ≡ 1 (mod 29), so 5 is a quadratic residue of 29.

(c) This is simple enough because 28 ≡ −1 (mod 29), which implies
14
2814 ≡ (−1) ≡ 1 (mod 29).
Hence 28 is a quadratic residue of 29.

(d) We need to test whether 11 is a quadratic residue of 29. For this we need to find the least
positive residue of 1114 modulo 29. Working out 112 gives
112 ≡ 121 ≡ 5 (mod 29).
From (b) we have 56 ≡ −6 (mod 29), therefore

6
1112 ≡ (112 ) ≡ 56 ≡ −6 (mod 29).
We have 1114 ≡ 1112 × 112 ≡ −6 × 5 ≡ −30 ≡ −1 (mod 29). Hence 11 is a quadratic non-
residue of 29 because 1114 ≡ −1 ≢ 1 (mod 29).
In this example we found that 5 and 28 are quadratic residues of 29.
It means that we have solutions to the following congruences: x 2 ≡ 5, 28 (mod 29). This
implies the square roots of 5 and 28 (mod 29) exist.
Also, in the above example we showed that 2 and 11 are quadratic non-residues of 29.
It means that there is no solution to the quadratic congruences:
x 2 ≡ 2 (mod 29) and x 2 ≡ 11 (mod 29).
The square roots of 2 (mod 29) and 11 (mod 29) do not exist.
p−1
You may have noticed from the previous example that a 2 ≡ 1 or −1 (mod p). This is
always the case.
Proposition (7.6). Let a be any integer and p an odd prime, then

p−1
a 2 ≡ ±1 (mod p) , provided p a.
Proof.

Euler’s Criterion does not give us the square roots, but it does tell us which residues do
have square roots. Finding square roots in modular arithmetic is no easy task unless we are
dealing with small moduli, as you will see in Example 7.4 below.
7.1.5 Determining modular square roots
In this subsection we solve equations of the type x 2 ≡ a (mod p) where p a.
Example 7.4
Solve the following quadratic congruences:

(a) x 2 ≡ 12 (mod 13) (b) x 2 ≡ 2 (mod 13) (c) x 2 + 4x + 5 ≡ 0 (mod 13)
Solution
(a) We first use Euler’s Criterion (7.5) to test whether 12 is a quadratic residue:
p−1
Our prime p = 13 and we take a = 12 in this case. Therefore,
13−1
6
12 2 ≡ 126 ≡ (−1) ≡ 1 (mod 13) [Because 12 ≡ −1 (mod 13)].
By Euler’s Criterion, 12 is a quadratic residue of 13, so we have solutions.

How many solutions does this equation x 2 ≡ 12 (mod 13) have?
Two incongruent solutions. Squaring some initial values x = 1, 2, 3, and 4 does not work—try it. How-
ever, for x = 5 we have
52 ≡ 25 ≡ 12 (mod 13) .
Hence x ≡ 5 (mod 13) is one solution. We need to find the other solution which cannot be congru-
ent to 5 modulo 13, because we have two incongruent solutions.
By Proposition (3.14) (b):
a2 ≡ b2 (mod p) ⇔ a ≡ ±b (mod p) .
Hence the other solution is given by
x ≡ −5 ≡ 8 (mod 13) .
Our two solutions are x ≡ 5 (mod 13) and x ≡ 8 (mod 13) [or x ≡ ±5 (mod 13)].
(b) Now we need to solve x 2 ≡ 2 (mod 13).
How do we test whether there is a solution?

We need to check if 2 is a quadratic residue of 13.
How?
Again, we use Euler’s Criterion (7.5) with a = 2 and p = 13:
13−1
2 2 ≡ 26 ≡ 64 ≡ −1 (mod 13) .
Since 26 ≡ −1 ≢ 1 (mod 13), so 2 is a quadratic non-residue of 13. This means that the given
quadratic congruence x 2 ≡ 2 (mod 13) has no solutions. (We showed this in Example 7.2 (ii) by eval-
uating each of the residues. Note it is much easier to use Euler’s Criterion.)
(c) We are required to solve x 2 + 4x + 5 ≡ 0 (mod 13).
How?
We first complete the square on the quadratic. (See Introductory Chapter for completing the square.)
Completing the square on the given quadratic:
2
x 2 + 4x + 5 = ⏟⎵
x2 + + 4 +1 = (x + 2) + 1 ≡ 0 (mod 13) .
4x⎵⏟
⎵⏟⎵
2
=(x+2)
2
Subtracting 1 from both sides gives (x + 2) ≡ −1 (mod 13).
Let y = x + 2, then we have the equation y 2 ≡ −1 (mod 13).
Remember −1 ≡ 12 (mod 13) and we have solved this in (a). Using the solutions y ≡ 5 (mod 13)
and y ≡ 8 (mod 13) of part (a), we have
y = x + 2 ≡ 5 (mod 13) ⇒ x ≡ 3 (mod 13)

y = x + 2 ≡ 8 (mod 13) ⇒ x ≡ 6 (mod 13) .
Our solutions are x ≡ 3, 6 (mod 13).
You will show in Exercises 7.1, question 8 that we can convert
ax 2 + bx + c ≡ 0 (mod p) to y 2 ≡ m (mod p) provided p a.
Note that in the above example we can solve x 2 ≡ −1 (mod 13) but not x 2 ≡ 2 (mod 13).
This means that the square roots of −1 modulo 13 are 5 and 8 modulo 13. However, the
square root of 2 modulo 13 does not exist.
Compare these results with real numbers. We can find the square root of 2 but not the
square root of −1 in real numbers.
Finding square roots of a (mod p) is a difficult task for larger moduli because it is im-
practical to trial all the integers from 1 to (p − 1) /2. We did use a primitive root in the last
chapter to solve quadratic congruences (see questions 14 and 17 of Exercises 6.3 and 6.4
respectively). We also have the following result:
If a is a quadratic residue of p where p ≡ 3 (mod 4) then the quadratic congruence
x 2 ≡ a (mod p) has the solutions given by
p+1
x ≡ ±a 4 (mod p) .
You are asked to show this in Exercises 7.1, question 12.

However, the square root of a (mod p) when p ≡ 1 (mod 4) can be solved by using a prim-
itive root, or one may use the Tonelli–Shanks Algorithm.1,2
Now we solve the quadratic congruence stipulated at the start of this section:
x 2 ≡ 2 (mod 127) .
Example 7.5
Determine the square root of 2 (mod 127) where 127 is prime.
Solution
To find the square root of 2 (mod 127) we need to solve x 2 ≡ 2 (mod 127). This is more difficult to solve
because we have modulo 127 and it is not practical to trial all the integers from 1 to (127 − 1) /2 = 63.
First, note that 127 ≡ 3 (mod 4) so we can use the above formula.
By applying Euler’s Criterion we can show that 2 is a quadratic residue of 127, so x 2 ≡ 2 (mod 127)
p+1
has solutions. Substituting a = 2 into the above formula x ≡ ±a 4 (mod p) gives
127+1
x ≡ ±2 4 ≡ ±232 (mod 127) .
Now 27 ≡ 128 ≡ 1 (mod 127). Using this result to write the index 32 we have
4
x ≡ ±232 ≡
⏟ ± [27×4 × 24 ] ≡ ± [(27 ) × 16] ≡
⏟ ± [14 × 16] ≡ ±16 (mod 127) .
By the rules of indices 27 ≡1(mod 127)
Therefore, our solutions to x 2 ≡ 2 (mod 127) are x ≡ 16, −16 ≡ 16, 111 (mod 127).
This x 2 ≡ 2 (mod 127) implies x 2 = 2 + 127y, which is a quadratic Diophantine equa-

tion and has the solutions x = 16, 111. Transposing this to find y gives
x 2 − 2 162 − 2 1112 − 2
y= = , = 2, 97.
127 127 127
Hence two solutions to x 2 − 127y = 2 are x = 16, y = 2 and x = 111, y = 97.
1
https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm.
2
The Joy of Factoring by Samuel Wagstaff, page 45.
Summary
Integer a is a quadratic residue of p if x 2 ≡ a (mod p) has solutions, otherwise a is a quadratic
non-residue of p. The quadratic x 2 ≡ a (mod p) only has solutions for half the integers a in
{1, 2, ⋯ , p − 1}.
We use Euler’s Criterion to test which integers are quadratic residues.
EXERCISES 7.1
(Brief solutions at end of book. Full (a) x 2 + 2x + 2 ≡ 0 (mod 23)

solutions available at <http://www.oup.co. (b) x 2 + 4x + 2 ≡ 0 (mod 23)
uk/companion/NumberTheory>.) (c) x 2 + 6x + 5 ≡ 0 (mod 23)
1. Find x 2 (mod p) for all the least 6. Prove that −1 is a quadratic residue of
positive residues of the following. In an odd prime p ⇔ p ≡ 1 (mod 4).
each case plot the graph of x against
7. Prove the following results for the odd
x 2 (mod p) for:
prime p:
(a) p = 5 (b) p = 17 (c) p = 19
(a) If a is a quadratic residue then
For each of these primes p solve p − a is a quadratic residue
x 2 ≡ 2 (mod p) and the equivalent ⇔ p ≡ 1 (mod 4).
quadratic Diophantine equation
(b) If a is a quadratic residue then
x 2 = 2 + py.
p − a is a quadratic non-residue
2. Determine the number of quadratic ⇔ p ≡ 3 (mod 4).
residues of the following primes:
8. (i) Show that the quadratic
(a) 1223 (b) 3571 (c) 104 729 congruence ax 2 + bx + c ≡ 0 (mod p)
(d) 179 424 673 where p a can be written as
3. Determine whether the following are y 2 ≡ m (mod p).
quadratic residues of prime 37:
(ii) Solve the following quadratic
(a) 6 (b) 2 (c) 12 (d) 5 congruences, all moduli are prime:
4. Determine the square root of the (a) 2x 2 + 2x + 1 ≡ 0 (mod 29)
following: *(b) 5x 2 + 9x + 4 ≡ 0 (mod 101)
(c) 7x 2 + 9x + 3 ≡ 0 (mod 41)
(a) 2 (mod 17) (b) 16 (mod 17)
(d) 2x 2 + 20x + 49 ≡ 0 (mod 61)
(c) 5 (mod 17)
5. Solve the following quadratic
congruences: 10. Prove that if a is a quadratic residue of
p then a is not a primitive root of p.
11. Prove the following results for an odd 12. *Prove that if a is a quadratic residue
prime p: of p where p ≡ 3 (mod 4) then the
quadratic congruence x 2 ≡ a (mod p)
(a) The product of two quadratic p+1
non-residues of p is a quadratic residue has the solutions x ≡ ±a 4 (mod p).
of p. Solve the following quadratic
congruences (all moduli are prime):
(b) The product of a quadratic residue
and quadratic non-residue of p is a (a) x 2 ≡ 3 (mod 83)
quadratic non-residue. *(b) x 2 ≡ 2 (mod (213 − 1))
(c) x 2 ≡ 5 (mod 127)
(c) The square of a quadratic residue
of p is a quadratic residue. 13. Prove that the multiplicative inverse of
a quadratic residue of p is also a
quadratic residue of p.
.........................................................................................................
SECTION 7.2 The Legendre Symbol

● evaluate the Legendre symbol
● use properties of the Legendre symbol to test integers for quadratic
residue
7.2.1 The Legendre symbol
Legendre was a French mathematician

born to a wealthy family from Paris. From
1775–80 he taught mathematics at the
École Militaire, which is a military college
located in Paris.
Legendre won the Berlin Academy Prize
in 1782 for solving an applied
mathematics problem. As a consequence
of this he became an associate of the
French Academy of Sciences.
He is best known for Legendre
polynomials. You can use these
polynomials to develop approximations
that are as close as you like to difficult
functions that may be impossible to
calculate any other way.
Additionally, he worked in number
theory, proving Fermat’s Last Theorem for
the case n = 5 which was built on the
Figure 7.6 Adrien-Marie Legendre (1752—1833).
works of Dirichlet and Sophie Germain.
TH E L E G E N D R E SY M B O L ( 2 9 0 – 3 0 0 ) 291
How can we find whether the quadratic congruence x 2 ≡ 48 (mod 79) has solutions?
If we apply Euler’s Criterion (7.5) from the previous section:

p−1
a is a quadratic residue of p ⇔ a 2 ≡ 1 (mod p),
79−1
then we need to test whether 48 2 ≡ 4839 (mod 79) is congruent to 1 (mod 79) or not.
This is no easy task because we need to evaluate 4839 . We want to find a simpler way to
test whether the above quadratic congruence x 2 ≡ 48 (mod 79) has solutions (see Example
7.6 (b) later in this section).
Rather than using Euler’s Criterion, a much more efficient way of testing whether a given
integer is a quadratic residue is to use the Legendre symbol (and its properties), which we
define next.
Definition (7.7). Let p be an odd prime and a be any integer that is not divisible by p, that
a
is p a. The Legendre symbol ( ), also denoted (a/p), is given by
p
a 1 if a is a quadratic residue of p
( )={
p −1 if a is a quadratic non-residue of p
This notation is shorthand, but maybe it should carry a word of caution. The Legendre
symbol does not mean ‘a divided by p’, but is just a way of quickly denoting that the square
a
root of a(mod p) does or does not exist. If it does exist, then ( ) = 1, and if it does not then
p
a
we write ( ) = −1.
p
From the results of the last section we have the following illustration by using the Legen-
dre symbol on the primes p = 7, 11, and 13:
If p = 7 we have:
3 5 6
= = = –1
1 2 4 1 7 7 7
= = =1 3
7 7 7 2 5
4 6
Quadratic Quadratic
residues non-residues
Figure 7.7 (a)
If p = 11 we have:
1 2
1 3 4 5 9 3 6
= = = = =1 2 6 7 8 10
11 11 11 11 11 4 7 = = = = = –1
5 8 11 11 11 11 11
9 10
Quadratic Quadratic
Figure 7.7 (b)
If p = 13 we have:
1 2
3 5
1 3 4 9 10 12
= = = = = =1 4 6 2 5 6 7 8 11
13 13 13 13 13 13 = = = = = = –1
9 7 13 13 13 13 13 13
10 8
12 11
Quadratic Quadratic
Figure 7.7 (c)
If p a, then the Legendre symbol is not defined.
7.2.2 Properties of the Legendre symbol
We have the following result:
Proposition (7.8). Let p be an odd prime and a be an integer such that p a. Then
a p−1
( ) ≡ a 2 (mod p) .
p
Proof.
p−1
By Euler’s Criterion we have that a is a quadratic residue ⇔ a 2 ≡ 1 (mod p). By the above
definition of the Legendre symbol for integer a being a quadratic residue we have
a p−1
( ) = 1 ≡ 1 ≡ a 2 (mod p) .
p
p−1
a
Similarly, if a is a quadratic non-residue we have ( ) = −1 ≡ a 2 (mod p).
p

We will see in the remainder of this section how the following properties of the Legendre
symbol can help us reduce the amount of work needed in determining whether a given
integer is a quadratic residue of an odd prime.
Proposition (7.9). Let p be an odd prime and a, b be integers such that p a and p b. We
have
a b
(a) If a ≡ b (mod p) then ( ) = ( ).
p p
a2
(b) ( ) = 1.
p
a×b a b
(c) ( ) = ( ) × ( ) (Multiplicative property).
p p p
Let us look at a numerical example for (a). We have 23 ≡ 2 (mod 7).
From Figure 7.7(a) we know 2 is a quadratic residue of 7, therefore 23 is also a quadratic
residue of 7 because x 2 ≡ 2 ≡ 23 (mod 7) has solutions. Hence the square root of 2 (mod 7)
and 23 (mod 7) both exist, so the Legendre symbol is (2/7) = (23/7) = 1.
Similarly 10 ≡ 3 (mod 7), but by Figure 7.7(a) we know that 3 is a quadratic non-residue
of 7, so 10 is also a quadratic non-residue of 7. Hence (3/7) = (10/7) = −1.
Proof of (a).
(a) We are given that a ≡ b (mod p), therefore x 2 ≡ a (mod p) has solutions
a b
⇔ x 2 ≡ b (mod p) because x 2 ≡ a ≡ b (mod p). Hence the Legendre symbols ( ) = ( ).
p p
[Either square roots of a (mod p) and b (mod p) both exist, or neither does.]

4
(b) A numerical example of (b) is ( ) = 1 because 22 ≡ 4 (mod 7). The square root of
7
4 (mod 7) is ±2 (mod 7).
Proof of (b).
a2
We are required to prove ( ) = 1. This means we need to prove x 2 ≡ a2 (mod p) has
p
solutions. By Proposition (3.14) (b):
a2 ≡ b2 (mod p) ⇔ a ≡ ±b (mod p) .
We have x ≡ ±a (mod p) is a solution to x 2 ≡ a2 (mod p), so a2 is a quadratic residue of p

a2
which implies that the Legendre symbol ( ) = 1.
p

(c) A numerical example of (c) is (101 is prime):

55 5 × 11 5 11
( )=( )=( )×( ).
101 101 101 101
Proof of the multiplicative property (c).

a×b a b
This time we need to prove ( ) = ( ) × ( ).
p p p
By the previous Proposition (7.8) we have
a×b p−1 p−1 p−1
a b
( ) ≡ (a × b) 2 ≡
⏟ a 2 × b 2 ≡ ( ) × ( ) (mod p) .
p By the rules of indices p p
By the definition of the Legendre symbol (7.7) we have:

a×b a b
( ) ≡ ±1 (mod p) and ( ) × ( ) ≡ (±1) × (±1) ≡ ±1 (mod p) .
p p p
a×b a b
Since p is an odd prime, so ( ) = ( ) × ( ). This completes our proof.
p p p

We can use this proposition to test whether a given integer is a quadratic residue of an
odd prime p.
Example 7.6
Test whether the following integers are quadratic residues of the corresponding prime:
(a) 177 of the prime 89 (b) 48 of the prime 79
Solution
(a) We have 177 ≡ 88 ≡ −1 (mod 89). We use the previous Proposition (7.9)(a):
a ≡ b (mod p) implies (a/p) = (b/p) .
177 −1
With a = 177, b = −1, and p = 89 we obtain ( ) = ( ).
89 89
We just need to test whether −1 is a quadratic residue of 89. Testing −1 gives
89−1 p−1
−1 a
( ) ≡ (−1) 2 [By (7.8) ( ) ≡ a 2 (mod p)]
89 p
44
≡ (−1) ≡ 1 (mod 89) .
−1
We have ( ) ≡ 1 (mod 89), so −1 is a quadratic residue of 89, which implies that 177 is also a
89
quadratic residue of 89. We can find the square root of 177 (mod 89).
(b) At the start of this section we posed the question of whether x 2 ≡ 48 (mod 79) is solvable or
not. Now we answer this question.
Integer 48 is a composite number because 16 × 3 = 42 × 3 = 48. This time we use the multiplicative
property (c) of the previous proposition:
a×b a b
( ) = ( ) × ( ).
p p p
With a = 42 , b = 3 and p = 79:
48 42 × 3 42 3 3 3
( )=( ) = ( )×( ) = ⏟1 ×( ) = ( ). (∗)
79 79 79 79 By (7.9)(b)
79 79
Using Euler’s criterion we have

79−1
3
( ) ≡ 3 2 ≡ 339 (mod 79) .
79
Evaluating a small power of 3 gives
34 ≡ 81 ≡ 2 (mod 79) .
Hence, we use 34 ≡ 2 (mod 79) to find the least positive residue of 339 (mod 79):
9
339 ≡ 3(4×9)+3 ≡ (34 ) × 33 [By rules of indices]
≡ 29 × 27 [Because 34 ≡ 2 (mod 79)]
≡ 512 × 27 ≡ 38 × 27 ≡ 1026 ≡ 78 ≡ −1 (mod 79) .
Hence 3 is a quadratic non-residue of 79 because 339 ≡ −1 (mod 79). So (3/79) = −1.

Substituting our result into (∗) gives
48 3
( ) = ( ) = −1.
79 79
Since the Legendre symbol (48/79) = −1, so 48 is a quadratic non-residue of 79.
79−1
Notice how Proposition (7.9) makes life easier in evaluating 48 2 ≡ 4839 (mod 79).
7.2.3 Combination of quadratic residues
Let QR represent quadratic residues and NR represent quadratic non-residues.
What can we say about the following products:
QR × QR, QR × NR, and NR × NR?
By Exercises 7.1, question 11 we established
QR × QR = QR, QR × NR = NR, and NR × NR = QR.
We can show this using the Legendre symbol:
QR × QR = 1 × 1 = 1 = QR, QR × NR = 1 × (−1) = −1 = NR,
and NR × NR = (−1) × (−1) = 1 = QR.

A demonstration of NR × NR = QR is given for p = 7:
1 3
2 5
4 6
Quadratic residues Quadratic non-residues

Figure 7.8
Note that 3 and 5 are quadratic non-residues of the prime 7 but
3 × 5 ≡ 15 ≡ 1 (mod 7) ,
and 1 is a quadratic residue of 7. We have NR × NR = QR.
7.2.4 Square root of –1 (mod p)
Clearly 1 is always a quadratic residue of an odd prime p. This means that the square root
of 1 (mod p) always exists.
1
Proposition (7.10). Let p be an odd prime. Then ( ) = 1.
p
Proof.
1
Since x 2 ≡ 1 ⇔ x ≡ ±1 (mod p), so ( ) = 1. This completes our proof.
p

Can we always find the square root of −1 (mod p)?
No. The following example demonstrates that it depends on the prime p.
Example 7.7
Test whether −1 is a quadratic residue of the primes (a) 89 (b) 31.
Solution
−1
(a) Note that in the previous Example 7.6 (a) we showed that ( ) ≡ 1 (mod 89), therefore −1
89
is a quadratic residue of 89.
−1
(b) We need to find the Legendre symbol ( ).
31
How?
By using Euler’s Criterion (7.5):
p−1
With p = 31 and a = −1 we have
p−1 31−1
15
a 2 ≡ (−1) 2 ≡ (−1) ≡ −1 (mod 31) .
Therefore, −1 is a quadratic non-residue of the prime 31.
Hence, we can find the square root of −1 (mod 89), but not of −1 (mod 31). This means
that −1 may or may not be a quadratic residue of a prime p.
How can we test for which primes −1 is a quadratic residue?
From Exercise 7.1, question 7 we have the following results:

(a) If a is a quadratic residue then p − a is a quadratic residue ⇔ p ≡ 1 (mod 4).
(b) If a is a quadratic residue then p − a is a quadratic non-residue ⇔ p ≡ 3 (mod 4).
Putting a = 1 into this p − a ≡ p − 1 ≡ −1 (mod p) gives us that −1 is a quadratic residue

of p ⇔ p ≡ 1 (mod 4). [This is question 6 of the same exercise.] We have:
−1 1 if p ≡ 1 (mod 4)
Proposition (7.11). Let p be an odd prime. Then ( )={ .
p −1 if p ≡ 3 (mod 4)
p−1
Note that for −1 to be a quadratic residue of an odd prime p then has to be even,
p−1
2
as then (−1) 2 will be 1.
This is what is captured by p ≡ 1 (mod 4) because this implies p − 1 = 4k so
p − 1 4k p−1
= = 2k. Therefore, is even.
2 2 2
Proof.
Use the above result of Exercises 7.1, question 7 with a = 1.

This means that −1 is a quadratic residue of a prime p of the form p ≡ 1 (mod 4) but not of
the prime p ≡ 3 (mod 4).
Example 7.8
Determine whether −1 is a quadratic residue of the primes

(a) 1 000 000 000 061 (b) 1 000 000 000 063
(continued...)
Solution
In each case we use the result of the previous proposition.
(a) Since 1 000 000 000 061 ≡ 1 (mod 4), so the Legendre symbol is
−1
( ) = 1.
1 000 000 000 061
−1 is a quadratic residue of 1 000 000 000 061.
(b) Also 1 000 000 000 063 ≡ 3 (mod 4), therefore −1 is a quadratic non-residue of
1 000 000 000 063.
7.2.5 Factorization
−1 1 if p ≡ 1 (mod 4)
What does the above result ( )={ mean?
p −1 if p ≡ 3 (mod 4)
It means that the quadratic congruence x 2 ≡ −1 (mod p) has a solution if and only if the
odd prime p satisfies p ≡ 1 (mod 4). Using the definition of congruence we have
x 2 ≡ −1 (mod p) ⇔ x 2 + 1 = mp for some integer m.
As stipulated at the start of this chapter, we can use this concept to factorize numbers of
the form x 2 + 1. Let us try some numerical values for x 2 + 1 and its factorization:
x x2 + 1 Factorization of x2 + 1 Odd prime factors p of x2 + 1

1 2 2 None
2 5 5 5
3 10 2×5 5
4 17 17 17
5 26 2 × 13 13
6 37 37 37
2
7 50 2×5 5
8 65 5 × 13 5, 13
9 82 2 × 41 41
10 101 101 101
11 122 2 × 61 61
12 145 5 × 29 5, 29
13 170 2 × 5 × 17 5, 17
14 197 197 197
15 226 2 × 113 113
Note from the last column that all the odd prime factors p of x 2 + 1 satisfy p ≡ 1 (mod 4):
5 ≡ 13 ≡ 17 ≡ 29 ≡ 37 ≡ 41 ≡ 61 ≡ 101 ≡ 113 ≡ 197 ≡ 1 (mod 4) .
If there is a solution x such that x 2 + 1 ≡ 0 (mod p), which implies p | (x2 + 1), then
p ≡ 1 (mod 4).
This suggests that if we want to factorize an integer like x 2 + 1 then the odd prime factors
p of this x 2 + 1 will satisfy p ≡ 1 (mod 4). For example, if we want to factorize 262 + 1 = 677
then we know that all of the odd prime factors p of 262 + 1 = 677 satisfy p ≡ 1 (mod 4).
Actually 677 is prime and 677 ≡ 1 (mod 4).
Example 7.9
Factorize 462 + 1 = 2117.
Solution
From above we have that the odd prime factors p of 462 + 1 = 2117 satisfy p ≡ 1 (mod 4). We trial the
first few primes of this format. Clearly 5 is not a factor of 2117. No point trying 7 or 11 because 7 ≢ 1
and 11 ≢ 1 (mod 4).
What about the next prime 13 because 13 ≡ 1 (mod 4)?
2117
= 162.846 …
13
Hence 13 is not a factor of 2117. Selecting the next few primes p which satisfy p ≡ 1 (mod 4) gives
17, 29, 37, 41, and we find that
2117
= 73.
29
73 is also prime and 73 ≡ 1 (mod 4), so 2117 = 29 × 73.
There are 14 primes below ⌊√462 + 1⌋ = 46, but we only need to test the six primes below
46 that are ≡ 1 (mod 4) to find a factor of 462 + 1 = 2117.
What we have seen is that if we are looking for the prime factors of an integer that looks
like x 2 + 1, we only need to try odd primes p that satisfy p ≡ 1 (mod 4).
7.2.6 Applying the formula
Example 7.10
Determine whether 63 is a quadratic residue of 13.
Solution
Well we have 63 ≡ −2 (mod 13). By the earlier Proposition (7.9):
(a) if a ≡ b (mod p) then (a/p) = (b/p),

63 −2
we have ( ) = ( ). We can write −2 as −1 × 2, and so by the multiplicative property (7.9)
13 13
(c) we have
63 −2 −1 2
( ) = ( ) = ( ) × ( ). (†)
13 13 13 13
2
From Figure 7.7(c) we have the Legendre symbol ( ) = −1 because 2 is a quadratic non-residue of
13
13. Since 13 ≡ 1 (mod 4), so by previous Proposition (7.11):
−1 1 if p ≡ 1 (mod 4)
( )={
p −1 if p ≡ 3 (mod 4)
−1 −1 2
we have ( ) = 1. Substituting these results, ( ) = 1 and ( ) = −1, into (†) gives
13 13 13
63 −1 2
( ) = ( ) × ( ) = 1 × (−1) = −1.
13 13 13
So 63 is a quadratic non-residue of 13. [The square root of 63 (mod 13) does not exist.]
Summary
a 1 if a is a quadratic residue of p
The Legendre symbol is ( ) = {
p −1 if a is a quadratic non-residue of p
We use this and the properties of the Legendre symbol to determine whether a given integer is a
quadratic residue of an odd prime.
EXERCISES 7.2
(Brief solutions at end of book. Full not divide any of these integers. Prove
solutions available at <http://www.oup.co. that
uk/ companion/NumberTheory>.) a1 a a
( )×( 2)×⋯×( n) =
p p p
1. Show that the following integers are
a1 × a2 × ⋯ × an
quadratic residues of 31: ( )
p
(a) 35 (b) 71 (c) 56 a
where ( ) is the Legendre symbol.
p
(d) 94 (e) 47
6. Let a = p1 k1 × p2 k2 × ⋯ × pn kn be the
2. Determine whether the following
prime decomposition of a. Let p be
integers are quadratic residues
prime such that p a. Prove that
of 47:
k k kn
a p1 1 p 2 p
(a) 46 (b) 95 (c) 90 ( )=( ) ×( 2) ×⋯×( n)
p p p p
(d) 58 (e) 90 × 58 m
where ( ) is the Legendre symbol.
p
3. Factorize the following
p−1
integers: 7. Show that if p ≡ 1 (mod 4) then a 2
(a) 182 + 1 = 325 where gcd (a, p) = 1 is a quadratic

(b) 302 + 1 = 901 residue of p.
(c) 532 + 1 = 2810 8. Prove that the Legendre symbol
(d) 602 + 1 = 3601 −1 p−1
( ) = (−1) 2
(e) 242 + 1 = 577 p
(f) 1042 + 1 = 10 817 where p is an odd prime.
(g) 3022 + 1 = 91 205 9. (i) Show that if p (x 2 + 1) then
(h) 10142 + 1 = 1 028 197 p ≡ 1 (mod 4).
4. Show that a2n (n is a natural number) (ii) Prove that there are infinitely many
is a quadratic residue of a prime p, primes of the form 4n + 1 without
provided p a. using Dirichlet’s Theorem. (We have
5. Let p be an odd prime and a1 , a2 , already proven this using Dirichlet’s
a3 , ⋯ , an be integers such that p does Theorem—see Exercises 2.3, question
1 (a).)
Q UA D R AT I C R E C I P R O C I T Y ( 3 0 1 – 3 1 4 ) 301
10. Prove that the Legendre symbol (b) Prove that r 2n+1 is a quadratic
non-residue of p.
ab2 a
( )=( ) *(c) By using the primitive root r show
p p p−1
that there are quadratic residues
2
given that gcd (a, p) = gcd (b, p) = 1. p−1
and quadratic non-residues of p.
2
11. Let p be an odd prime. Prove that
p−1 13. Determine the quadratic residues of
a a
∑ ( ) = 0 where ( ) is the Legendre the prime p = 17 by using the
a=1 p p
primitive root 3 modulo 17. Hence, or
symbol.
otherwise, find the square roots of
12. Let r be a primitive root of an odd 13 (mod 17).
prime p.
14. *Assuming 2 is a primitive root of the
(a) Prove that r 2n is a quadratic prime 101, find the square roots of
residue of p. 14 (mod 101).
.........................................................................................................
SECTION 7.3 Quadratic Reciprocity

● understand and use Gauss’s Lemma
● test for which primes 2 is a quadratic residue
● use the Law of Quadratic Reciprocity to test whether an integer is a
quadratic residue
How do we test whether the quadratic congruence x 2 ≡ 713 (mod 4831) has solutions?
4831−1
713
We need to evaluate the Legendre symbol ( ) ≡ 713 2 ≡ 7132415 (mod 4831), which
4831
is still tedious even by using the properties of the Legendre symbol. We compute this Legen-
dre symbol in Example 7.18 towards the end of this section by applying the Law of Quadratic
Reciprocity (LQR) which is one of the most powerful results in number theory.
7.3.1 Gauss’s Lemma
Rather than just formally state Gauss’s Lemma, we are going to explore some examples
to build up an intuitive understanding. Gauss’s Lemma helps determine whether a given
integer is a quadratic residue of an odd prime by counting negative residues. Example 7.11
demonstrates how.
Example 7.11
Solution
It is not difficult to determine whether 7 is a quadratic residue of 11 because of the small numbers
involved. We can use Euler’s Criterion (7.5):
p−1
Let a = 7 and p = 11, then we need to find the least positive residue x in
11−1
7 2 ≡ 75 ≡ x (mod 11) .
Normally the difficulty with Euler’s Criterion is evaluating 75 (mod 11). This is not too arduous be-
cause 5 is not a large index. However, we are going to tackle this problem differently because in general
there is no easy way to find x.
11 − 1
Let a = 7 and b be the first = 5 least positive integers 1, 2, 3, 4, and 5. Multiplying each of
2
these b’s by 7 we have:
b 1 2 3 4 5
7 × b (mod 11) 7 14 ≡ 3 21 ≡ 10 28 ≡ 6 35 ≡ 2
p − 1 11 − 1
Those products whose least positive residue is greater than = = 5 we can write as a
2 2
negative residue, giving us:
7 × b (mod 11) 7 ≡ −4 3 10 ≡ −1 6 ≡ −5 2
Writing out the product of these,
(7 × 1) × (7 × 2) × (7 × 3) × (7 × 4) × (7 × 5) ≡ (−4) × 3 × (−1) × (−5) × 2

3
75 × ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟
(1 × 2 × 3 × 4 × 5) ≡ (−1) ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟
(1 × 2 × 3 × 4 × 5) [Because we have 3 minus signs] ,
=5! =5!
3
75 ≡ (−1) (mod 11) [Cancelling 5! because 11 5!]
3
We have 75 ≡ (−1) ≡ −1 (mod 11). Now by Euler’s Criterion we conclude that 7 is a quadratic non-
residue of 11.
This example demonstrates that we can check whether 7 is a quadratic residue of 11 by

examining the residues of the product of 7 and the first half of the least positive residues of
11. It is given by the number of negative residues in this product 7 × b.
How do we calculate the number of negatives in this product?

11 − 1
Well the non-zero least residues which are greater than halfway = 5 are 6, 7, 8, 9,
2
and 10 modulo 11. We write each of these as negative residues:
6 ≡ −5, 7 ≡ −4, 8 ≡ −3, 9 ≡ −2 and 10 ≡ −1 (mod 11) .

In the previous Example 7.11 we wrote any residues of the product greater than (p − 1) /2
as negative residues.
How many non-zero residues are greater than (p − 1) /2 for p = 17?
There are (17 − 1) /2 = 8, which we write as negative residues:
9 ≡ −8, 10 ≡ −7, 11 ≡ −6, 12 ≡ −5, 13 ≡ −4, 14 ≡ −3, 15 ≡ −2 and 16 ≡ −1 (mod 17) .
We can illustrate the general case as:
0(mod p)
–1(mod p) 1(mod p)
Modulo p
Negative Positive
(p-1)/2(mod p)
Figure 7.9
In the previous Example 7.11 we used Euler’s Criterion which meant we needed to find
11−1
1
7 2 (mod 11). That is why we found the first half, 1 to (11 − 1) = 5 multiples of 7 rather
2
than the whole lot from 1 to 10. We considered only the first half of the least positive
residues. So, in order to determine the number of negative residues of the product, we
p−1
write any residue greater than halfway as a negative residue.
2
Another example will help clarify the idea.
Example 7.12
Solution
17 − 1
We start with the first half of the residues from 1 to = 8, that is 1, 2, 3, 4, 5, 6, 7, and 8. We can
2
create a table of values:
b 1 2 3 4 5 6 7 8
2 × b (mod 17) 2 4 6 8 10 ≡ −7 12 ≡ −5 14 ≡ −3 16 ≡ −1
Notice that any residue of the product greater than 8 has been written as a negative residue. Multiply-
ing these, we have
(continued...)
(2 × 1) × (2 × 2) × (2 × 3) × (2 × 4) × (2 × 5) × (2 × 6) × (2 × 7) × (2 × 8) ≡ 2 × 4 × 6 × 8 × (−7)
× (−5) × (−3) × (−1)
4
28 (1 × 2 × 3 × 4 × 5 × 6 × 7 × 8) ≡ (−1) (1 × 2 × 3 × 4 × 5 × 6 × 7 × 8)
4
28 8! ≡ (−1) 8!
4
28 ≡ (−1) (mod 17) .
4
We have 28 ≡ (−1) ≡ 1 (mod 17), so by Euler’s Criterion we conclude that 2 is a quadratic residue
of 17.
g
In both examples we ended up with (−1) where g is the number of negative residues in
the product. This is no coincidence. Note, though, that we can reason that when g is even
our integer a will be a quadratic residue, but when it is odd it will be a quadratic non-residue.
In order to prove Gauss’s Lemma we need a couple of lemmas:
Lemma (7.12). Let p be an odd prime and a be an integer such that p a. The following
residues:
p−1
a, 2a, 3a, ⋯ , ( ) a (mod p) are incongruent.
2
Proof.
Suppose two of the residues in the given list are congruent to each other:
p−1
ka ≡ ma (mod p) where k, m ∈ {1, 2, 3, ⋯ , }.
2
Required to prove that k = m, because this will imply ka and ma are the same residue.
We have (k − m) a ≡ 0 (mod p). Applying Proposition (3.14) (a):
xy ≡ 0 (mod p) ⇒ x ≡ 0 (mod p) or y ≡ 0 (mod p) ,
to (k − m) a ≡ 0 (mod p) implies (k − m) ≡ 0 (mod p) or a ≡ 0 (mod p). However, we are

given that p a so a ≢ 0 (mod p), therefore (k − m) ≡ 0 (mod p). From above we have
k, m ∈ {1, 2, ⋯ , (p − 1) /2}, therefore k − m = 0 ⇒ k = m.
Hence the given list of residues are incongruent modulo p.

Lemma (7.13). Let p be an odd prime and a be an integer such that p a. Then
p−1
a, 2a, 3a, ⋯ , ( ) a ≢ 0 (mod p) .
2
None of the given residues are congruent to 0 modulo p.
Proof.

Gauss’s Lemma is an important result in number theory. Normally a lemma is used as a

stepping stone to prove a more important result, but some lemmas have become important
in themselves, such as Euclid’s and Gauss’s lemmas.
Gauss’s Lemma (7.14). Let p be an odd prime and a be an integer such that p a. Consider
the set of the product of a and the first half of least positive residues of p:
p−1
S = {a, 2a, 3a, ⋯ , ( ) a} .
2
Let g be the number of negative residues in this list; these are the ones which are greater
p−1 a g
than . Then the Legendre symbol is given by ( ) = (−1) .
2 p
Proof.
Consider the p − 1 least positive residues modulo p:
1, 2, 3, ⋯ , −3 ,
p⏟ −2 ,
p⏟ −1 .
p⏟
≡−3(mod p) ≡−2(mod p) ≡−1(mod p)
We can split these into two equal halves:

p−1 p−1 p+1
1, 2, 3, ⋯ , , +1 = , ⋯ , −3, −2, −1 . (∗)
⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟ 2 ⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⎵⏟
2 2
First (p−1)/2 residues Last (p−1)/2 residues
p+1
We can write the integer in (∗) as a negative residue because
2
p+1 p−1 p−1
≡ p− ≡− (mod p) .
2 2 2
Writing the last half of the list in (∗) as negative residues gives
p−1 p−1
1, 2, 3, ⋯ , , − , ⋯ , −3, −2, −1 . (∗∗)
⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟ 2 ⏟⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⏟
2
First (p−1)/2 residues Last (p−1)/2 residues
Illustrating this on the modulo p clock we have:

0(mod p)
–2(mod p) 2(mod p) Remember 0(mod p) is not

Modulo p in the list (**).
–((p–1)/2)(mod p) (p–1)/2(mod p)
Figure 7.10
By Lemma (7.12) we have that the residues in the given set

p−1
S = {a, 2a, 3a, ⋯ , ( ) a} (mod p)
2
are incongruent. This means that each one of these residues in S must be congruent to only
one of the non-zero residues shown in Figure 7.10.
Why?
Because this list (∗∗) covers all the non-zero residues modulo p. If ka is an integer in set S
then it can be expressed as an integer in (∗∗), which we can write as an element in
p−1 p−1
{− , ⋯ , −3, −2, −1, 1, 2, 3, ⋯ , }.
2 2
p−1 p−1
Multiplying these residues of S = {a, 2a, 3a, ⋯ , ( ) a} gives
2 2
p−1 g p−1
(a × 1) × (a × 2) × (a × 3) × ⋯ × (a × ) ≡ (−1) (1 × 2 × 3 × ⋯ × )
2 2
g is the number of
[ ]
negative residues in S
p−1 p−1 g p−1
a 2 ( )! ≡ (−1) ( )!
2 2
p−1
g
a 2 ≡ (−1) (mod p) . (†)
By Proposition (7.8) from the previous section:

a p−1
( ) ≡ a 2 (mod p)
p
and by (†) we have
a p−1
g
( ) ≡ a 2 ≡ (−1) (mod p) .
p
g a g
Since p is an odd prime and (−1) is +1 or −1, so ( ) = (−1) . We have our result.
p
Example 7.13
2
Determine ( ) using Gauss’s Lemma.
19
Solution
Gauss’s Lemma (7.14):
g
(a/p) = (−1) where g is the number of negative residues.
We need to examine the product of 2 and the first half of the least positive residues modulo 19:
19 − 1
S = {2 (1) , 2 (2) , 2 (3) , ⋯ , 2 ( )} = {2, 4, 6, 8, 10, 12, 14, 16, 18} (mod 19).
2
p − 1 19 − 1
We divide this set S into two equal halves by writing the residues greater than = = 9 as
2 2
negative residues.
Hence, we write the above set S as
S = {2, 4, 6, 8, 10, 12, 14, 16, 18} = {2, 4, 6, 8, −9, −7, −5, −3, −1} (mod 19) .
2 5
There are five negative residues in S, so by Gauss’s Lemma ( ) = (−1) = −1.
19
The Legendre symbol is equal to −1, therefore 2 is a quadratic non-residue modulo 19.
p−1 19 − 1
In the above set S there are = = 9 residues and five of these are negative
2 2
and four are positive. To use Gauss’s Lemma, we don’t need to worry about the number of
positive residues, our concern is only with the number of negative residues in this list.
Example 7.14
2
Determine ( ) using Gauss’s Lemma.
41
Solution
We split the product of 2 and the least positive residues into two equal halves, where the split occurs
p − 1 41 − 1
halfway at = = 20. We have the following for the prime 41:
2 2
S = {2, 4, 6, ⋯ 18, 20, 22, ⋯ , 36, 38, 40} = { 2,

⏟⎵4, 6, ⋯
⎵⎵⏟⎵ 20,
⎵⎵⏟
These are 10 positive residues
− 19, −17, ⋯ , −5, −3, −1 } (mod 41) .

⏟⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⏟
These are 10 negative residues
2 10
Since we have ten negative residues, so by Gauss’s Lemma we have ( ) = (−1) = 1.
41
Therefore, 2 is a quadratic residue of 41, so the square root of 2 modulo 41 exists.
7.3.2 Checking 2 for quadratic residues
In this subsection we test for which prime moduli the integer 2 is a quadratic residue, that
is we need to find for which primes we can find the square root of 2 modulo p.
2 1 if p ≡ ±1 (mod 8)
Proposition (7.15). Let p be an odd prime. Then ( ) = { .
p −1 if p ≡ ±3 (mod 8)
What does this result mean?
If p ≡ ±1 (mod 8) then 2 is a quadratic residue of p. The quadratic congruence

x 2 ≡ 2 (mod p) has a solution if and only if the odd prime p satisfies p ≡ ±1 (mod 8). Using
the definition of congruence, we have
x 2 ≡ 2 (mod p) ⇔ x 2 − 2 = mp for some integer m.
This implies that any odd prime factor p of the integer x 2 − 2 satisfies p ≡ ±1 (mod 8).
We can use this to factorize integers which look like x 2 − 2. Let us try some numerical
values for x 2 − 2 and its factorization:
x x2 − 2 Factorization of x2 − 2 Odd prime factors p of x2 − 2

1 −1 −1 None
2 2 2 None
3 7 7 7
4 14 2×7 7
5 23 23 23
6 34 2 × 17 17
7 47 47 47
8 62 2 × 31 31
9 79 79 79
2
10 98 2×7 7
11 119 7 × 17 7, 17
12 142 2 × 71 71
13 167 167 167
14 194 2 × 97 97
15 223 223 223
Note from the last column that all the odd prime factors p of x 2 − 2 satisfy
p ≡ ±1 (mod 8):
17 ≡ 97 ≡ 1 (mod 8) and 7 ≡ 23 ≡ 31 ≡ 47 ≡ 71 ≡ 79 ≡ 167 ≡ 223 ≡ −1 (mod 8) .
This suggests that if we wanted to factorize an integer like x 2 − 2 then the odd prime factor p
of this will satisfy p ≡ ±1 (mod 8). For example, if we want to factorize 652 − 2 = 4223 then
we know all the prime factors p of 652 − 2 = 4223 satisfy p ≡ ±1 (mod 8). In the example
below, we factorize this number.
Example 7.15
Factorize 652 − 2 = 4223.
Solution
By the above theory, the prime factors p of 4223 satisfy p ≡ ±1 (mod 8). The first few primes of this
form are 7, 17, 23, 31, 41, 47. We don’t need to find any other primes because ⌊√4223⌋ = 64, and
these are the only primes below 64 which satisfy p ≡ ±1 (mod 8). There are 18 primes below 64, but
we only need to check these six.
4223
The prime 41 goes into 4223 because = 103, which implies 4223 = 41 × 103. Both primes 41
41
and 103 are congruent to 1 and −1 modulo 8 respectively.
How do we prove the result (7.15)?
Apply Gauss’s Lemma (7.14) and consider the four odd primes p such that
p ≡ ±1, ±3 (mod 8) .
Proof of (7.15).
Consider the set of the product of 2 and the first half of least positive residues of p:
p−1
S = {2 (1) , 2 (2) , 2 (3) , ⋯ , 2 ( )} (mod p) .
2
p−1
The number of negative residues g are the ones greater than . This is given by:
2
g = (number of residues in S) − (number of positive residues in S)
p−1 p
= − (number of residues r which satisfy 2r < )
2 2
p−1 p p−1 p
= − (number of residues r < ) = − ⌊ ⌋ (where ⌊ ⌋ is the floor function) .
2 4 2 4
p−1 p
Therefore, g = − ⌊ ⌋ gives the number of negative residues in the set S. Then by
2 4
Gauss’s Lemma we have
2 g
( ) = (−1) .
p
Case I
If p ≡ 1 (mod 8) then p is one more than a multiple of 8; p = 8k + 1 where k is a positive
integer, and so substituting this into the above g gives
p−1 p 8k + 1 − 1 ⎢ 8k + 1 ⎥ 8k 1
g= −⌊ ⌋ = − = − ⌊2k + ⌋ = 4k − 2k = 2k.
2 4 2 ⎣ 4 ⎦ 2 4
Case II
If p ≡ −1 (mod 8) then p = 8k − 1, and so
p−1 p 8k − 1 − 1 ⎢ 8k − 1 ⎥ 8k 2 1
g= −⌊ ⌋ = − = − − ⌊2k − ⌋ = 4k − 1 − (2k − 1) = 2k.
2 4 2 ⎣ 4 ⎦ 2 2 4
Combining both these cases (I and II) we have that when p ≡ ±1 (mod 8) then
2 g
g = 2k, which is even, so ( ) = (−1) = (−1) = 1. Hence 2 is a quadratic residue if
2k
p
p ≡ ±1 (mod 8).
Case III
If p ≡ 3 (mod 8) then p = 8k + 3 and
p−1 p 8k + 3 − 1 ⎢ 8k + 3 ⎥ 8k 2 3
g= −⌊ ⌋ = − = + − ⌊2k + ⌋ = 4k + 1 − (2k) = 2k + 1.
2 4 2 ⎣ 4 ⎦ 2 2 4
Case IV
If p ≡ −3 (mod 8) then we can write this as p = 8k − 3 and
p−1 p 8k − 3 − 1 ⎢ 8k − 3 ⎥ 8k 4 3
g= −⌊ ⌋ = − = − − ⌊2k − ⌋ = 4k − 2 − (2k − 1)
2 4 2 ⎣ 4 ⎦ 2 2 4
= 2k − 1.
Again, combining the last two cases (III and IV) together, we have:
2 g
When p ≡ ±3 (mod 8) then g = 2k ± 1 which is odd, so ( ) = (−1) = (−1)
2k±1
= −1.
p
Therefore, 2 is a quadratic non-residue if p ≡ ±3 (mod 8). This completes our proof.

7.3.3 Law of Quadratic Reciprocity
Next, we state one of the most important and powerful results in number theory. The proof
of this is given in the next section.
Law of Quadratic Reciprocity (LQR) (7.16). Let p and q be distinct odd primes. Then
p q (
p−1
)×(
q−1
)
( ) × ( ) = (−1) 2 2 .
q p
Proof.
See next section.

By using this law, we have the following useful result:
Corollary (7.17). Let p and q be distinct odd primes, then
p (q/p) if p ≡ 1 (mod 4) or q ≡ 1 (mod 4)

( )={
q − (q/p) if both p ≡ 3 (mod 4) and q ≡ 3 (mod 4)
Proof.
See next section.

We use this corollary to test if a given integer is a quadratic residue of an odd prime p.
For example, the following Legendre symbols are equivalent:
5 31
( ) = ( ) because 5 ≡ 1 (mod 4) .
31 5
7 31
( ) = − ( ) because 7 ≡ 31 ≡ 3 (mod 4) .
31 7
This corollary is normally used in conjunction with the properties of the Legendre symbol
established in Proposition (7.9):
a b a2 a×b a b
(a) If a ≡ b (mod p) then ( ) = ( ) (b) ( ) = 1 (c) ( ) = ( )×( )
p p p p p p
Example 7.16
101
Evaluate the Legendre symbol ( ) where 61 is prime.
61
Solution
If we used Euler’s Criterion, then we would need to find
61−1
101 2 ≡ 10130 (mod 61) .
To determine whether 10130 ≡ ±1 (mod 61) is a laborious task. Much easier to use the previous
Corollary (7.17) and the properties of the Legendre symbol.
Since 101 ≡ 40 (mod 61) and 40 = 23 × 5, so by Proposition (7.9) we have
101 40 23 × 5 22 × 2 × 5 22 2 5 2 5
( )=( )=( )=( )= ( ) ×( ) × ( ) = ( ) × ( ). (†)
61 61 61 61 ⏟61 61 61 61 61
=1 because 22 is QR
2
To compute ( ) we use Proposition (7.15):
61
2 1 if p ≡ ±1 (mod 8)
( )={
p −1 if p ≡ ±3 (mod 8)
2
Since p = 61 ≡ 5 ≡ −3 (mod 8), so ( ) = −1.
61
5
Evaluating the other Legendre symbol in (†), ( ), we have (by using the previous formula (7.17)):
61
5 61 1 Because (p/q) = (q/p) if p or q ≡ 1 (mod 4)

( )=( )=( )=1 [ ].
61 5 5 and 61 ≡ 1 (mod 5)
2 5
Substituting ( ) = −1 and ( ) = 1 into (†) gives
61 61
101 2 5
( ) = ( ) × ( ) = (−1) × 1 = −1.
61 61 61
101
Hence ( ) = −1 implies that 101 is a quadratic non-residue of 61. The square root of 101 modulo
61
61 does not exist.
Example 7.17
Show that 15 is a quadratic residue of the prime 173.
Solution
15
We need to show that the Legendre symbol ( ) = 1. Since 15 = 3 × 5, so
173
3×5 3 5
( )=( )×( ). (∗)
173 173 173
First, we compute the Legendre symbol (5/173).

Note that 5 ≡ 1 (mod 4), so repeatedly applying formula (7.17) gives

( )=( )=( ) [ ]
173 5 5 and 173 ≡ 3 (mod 5)
5 2
=
⏟ ( ) =
⏟ ( ).
Because 3 Because 3
5≡1(mod 4) 5≡2(mod 3)
We now use Proposition (7.15):
2 1 if p ≡ ±1 (mod 8)
( )={
p −1 if p ≡ ±3 (mod 8)
2 5 2
Since 3 ≡ 3 (mod 8), so ( ) = −1, which implies ( ) = ( ) = −1.
3 173 3
3
We also need to evaluate ( ) in (∗):
173

( )=( )=( ) [ ]
173 3 3 and 173 ≡ 1 (mod 4) and 173 ≡ 2 (mod 3)
= −1 [From above] .
5 3
Putting these evaluations, ( ) = −1 and ( ) = −1, into (∗) gives
173 173
15 5 3
( )=( )×( ) = (−1) × (−1) = 1.
173 173 173
Hence 15 is a quadratic residue of 173. [Note that 5 and 3 are quadratic non-residues of 173.]
Now we test whether we can find solutions to x 2 ≡ 713 (mod 4831) which we stated at
the start of this section.
Example 7.18
713
Evaluate the Legendre symbol ( ) where 4831 is prime. [Hint: 713 = 23 × 31.]
4831
Solution
By the given hint and multiplicative property of the Legendre symbol, we have
713 23 × 31 23 31
( )=( )=( )×( ). (∗)
4831 4831 4831 4831
Computing each of the Legendre symbols on the right-hand side separately.
23
Evaluating ( ):
4831
p q
23 4831 Using (7.17); ( ) = − ( ) if p ≡ q ≡ 3 (mod 4)
( ) = −( ) [ q p ]
4831 23 because 23 ≡ 4831 ≡ 3 (mod 4)
1
= −( ) [Because 4831 ≡ 1 (mod 23)]
23
= −1 [Because 1 is always a quadratic residue] .
31
Evaluating the other Legendre symbol ( ):
4831
31 4831 Using (7.17); (p/q) = − (q/p) if p ≡ q ≡ 3 (mod 4)

( ) = −( ) [ ]
4831 31 because 31 ≡ 4831 ≡ 3 (mod 4)
26
= −( ) [Because 4831 ≡ 26 (mod 31)]
31
2 × 13 2 13
= −( ) = −( ) × ( ). (†)
31 31 31
Since p = 31 ≡ −1 (mod 8), so by Proposition (7.15):
2 1 if p ≡ ±1 (mod 8)
( )={
p −1 if p ≡ ±3 (mod 8)
2
we have ( ) = 1. Evaluating the other Legendre symbol on the right-hand side of (†):
31
13 31 Because (7.17) (p/q) = (q/p) if p or q ≡ 1 (mod 4)

( )=( ) [ ]
31 13 and 13 ≡ 1 (mod 4)
5
=( ) [Because 31 ≡ 5 (mod 13)]
13
13 3
=
⏟ ( )=( ) [Because 13 ≡ 3 (mod 5)]
By (7.17)
5 5
5 2
=
⏟ ( ) =
⏟ ( ) =
⏟ −1.
By (7.17)
3 Because 5≡2(mod 3) 3 By (7.15) with 3≡3(mod 8)
2 13 2
Substituting our calculations ( ) = 1 and ( ) = ( ) = −1 into (†) yields
31 31 3
31 2 13
( ) = − ( ) × ( ) = − (1) × (−1) = 1.
4831 31 31
31 23
Putting our computations, ( ) = 1 and ( ) = −1, into (∗) gives
4831 4831
713 23 31
( )=( )×( ) = (−1) × 1 = −1. (‡)
4831 4831 4831
713
Since ( ) = −1, so 713 is a quadratic non-residue of the odd prime 4831. This means that the
4831
quadratic congruence x 2 ≡ 713 (mod 4831) has no solutions.
Note that by (‡) we have that 23 is a NR and 31 is a QR of the prime 4831.
We can also use the Law of Quadratic Reciprocity to find a primitive root of a modulo
prime and find the square root of a (mod p) (see Exercises 7.3, question 15).
By using the Law of Quadratic Reciprocity, we normally end up testing either −1 or 2
for quadratic residue. It is worth investing some time learning for which primes these two
integers (−1 and 2) are quadratic residues. We repeat the odd primes p for which these are
quadratic residues or quadratic non-residues:
−1 1 if p ≡ 1 (mod 4)
(7.11) ( )={
p −1 if p ≡ 3 (mod 4)
2 1 if p ≡ ±1 (mod 8)
(7.15) ( )={
p −1 if p ≡ ±3 (mod 8)
Another test for which 2 is a quadratic residue is the following:
p2 −1
2
Corollary (7.18). Let p be an odd prime then ( ) = (−1) 8 .
p
Proof.

Summary
We can simplify the evaluation of the Legendre symbol by using the Law of Quadratic Reciprocity
(LQR) and its corollary.
We used Gauss’s Lemma to establish for which primes 2 is a quadratic residue.
EXERCISES 7.3
(Brief solutions at end of book. Full 2. Determine whether the following

solutions available at <http://www.oup.co. integers are quadratic residues of the
uk/companion/NumberTheory>.) prime 131:
1. Evaluate the following Legendre (a) 14 (b) 12 (c) 15 (d) 65
a
symbols ( ) where p is prime in each 3. (i) Prove that 2 is a quadratic residue of
p
case: prime p ⇔ p ≡ ±1 (mod 8).
12 15
(a) ( ) (b) ( ) (ii) Factorize the following integers:
71 101
(c) (
28
) (d) (
75
) (a) 182 − 2 = 322
163 541 (b) 232 − 2 = 527
360 115 (c) 512 − 2 = 2599
(e) ( ) (f) ( )
1223 1987
700 703 (d) 272 − 2 = 727
(g) ( ) (h) ( ) (e) 1052 − 2 = 11 023
3571 4409
(f) 472 − 2 = 2207
[Hint: 703 = 19 × 37.]
(g) 1952 − 2 = 38 023
LAW O F Q UA D R AT I C R E C I P R O C I T Y ( LQ R ) ( 3 1 5 – 3 2 9 ) 315
4. Prove Lemma (7.13). 10. Determine the following Legendre

symbols by using Gauss’s Lemma:
3 3
6. Show that prime 1223 satisfies (a) ( ) (b) ( )
13 17
1223 (2611 − 1). 3 3
(c) ( ) (d) ( )
[Hint: Use Euler’s Criterion.] 19 23
11. *(i) Prove that for prime p > 3 we have
7. Determine the least positive residue x
3 1 if p ≡ 1 or 11 (mod 12)
in 2271 ≡ x (mod 541) where 541 is ( )={ .
p −1 if p ≡ 5 or 7 (mod 12)
prime.
(ii) Show that 3 is a quadratic residue
8. Determine the least positive residues x
of p ⇔ p ≡ 1, 11 (mod 12).
in the following cases (1987 is a
prime): (iii) Factorize the following integers:
(a) 25995 ≡ x (mod 1987) (a) 622 − 3 = 3841
(b) 26995 ≡ x (mod 1987) (b) 1042 − 3 = 10 813
9. (i) Prove that for odd prime p we have (c) 2002 − 3 = 39 997
−2 1 if p ≡ 1 or 3 (mod 8) (d) 3642 − 3 = 132 493
( )={ (e) 5682 − 3 = 322 621
p −1 if p ≡ −1 or −3 (mod 8) .
(ii) Prove that if the odd prime p 12. (a) Show that x 2 ≡ 3 (mod Fn ) where
n
satisfies the Fermat prime Fn = 22 + 1 has no
p (x 2 + 2) solutions for n = 1, 2, 3 and 4.
then p ≡ 1, 3 (mod 8). *(b) Prove that for any positive
integer n
(iii) Factorize the following integers n
(−2 replaced by +2 of question 3): Fn = 22 + 1 ≡ 5 (mod 12).
(a) 182 + 2 = 326 13. Prove Proposition (4.19) of Chapter 4.

(b) 232 + 2 = 531 14. *Prove Proposition (4.24) of Chapter 4.
(c) 512 + 2 = 2603
15. **By using the Law of Quadratic
(d) 272 + 2 = 731
Reciprocity find the first primitive root
(e) 1052 + 2 = 11 027
of the prime modulo 223. By using this
(f) 472 + 2 = 2211
primitive root, find the square root of
(g) 1952 + 2 = 38 027
32 (mod 223).
.........................................................................................................
SECTION 7.4 Law of Quadratic Reciprocity (LQR)

● understand the application of the Law of Quadratic Reciprocity
● prove the Law of Quadratic Reciprocity
7.4.1 Appreciation of the Law of Quadratic Reciprocity
We restate the Law of Quadratic Reciprocity from the last section:

p q (
p−1
)×(
q−1
)
( ) × ( ) = (−1) 2 2 .
q p
Why is this a useful rule?
Well in the last couple of sections we established a rule for testing the integers −1 and 2 by
looking at a given prime and seeing how it was related to modulo 4 and 8 respectively.
What about if an integer is not equal to −1 and 2?
10
Say we wanted to find the Legendre symbol ( ) where the prime, p say, is >100. We know
p
10 = 2 × 5, so we have
10 2 5
) = ( ) × ( ).
(
p p p
For evaluating (2/p) we can use (7.15) from the last section:
2 1 if p ≡ ±1 (mod 8)
( )={
p −1 if p ≡ ±3 (mod 8)
But how do we compute (5/p)?
If 5 and p are distinct odd primes then we can use LQR (7.16) or Corollary (7.17).
In general, if we want to test whether integer a is a quadratic residue of an odd prime p
then we decompose a into its prime decomposition and then apply Corollary (7.17).
For example, if a = q1 × q2 × ⋯ × qm where q’s are primes then the Legendre symbol
a q1 × q2 × ⋯ × qm q1 q2 qm
( )=( ) = ( ) × ( ) × ⋯ × ( ).
p p p p p
This means that we can use the Law of Quadratic Reciprocity or its corollary to find the
Legendre symbol (a/p) which tells us whether a is a quadratic residue modulo p.
In this section we prove LQR (7.16), but before we can do this we need to establish some
results. Consider the following example.
Example 7.19
p−1 q−1
( )×( )
Determine (−1) 2 2 for:
(a) p ≡ q ≡ 1 (mod 4) (b) p ≡ q ≡ 3 (mod 4)
(c) p ≡ 1 (mod 4), q ≡ 3 (mod 4) (d) p ≡ 3 (mod 4), q ≡ 1 (mod 4)
Solution
(a) We are given p ≡ q ≡ 1 (mod 4), so there are positive integers k and m such that
p = 4k + 1 and q = 4m + 1.
p−1 q−1
Substituting these p = 4k + 1 and q = 4m + 1 into the index ( )×( ) gives
2 2
p−1 q−1 4k + 1 − 1 4m + 1 − 1
( )×( )=( )×( ) = 2k × 2m [Even integer].
2 2 2 2
p−1 q−1
( )×( ) 2k×2m
Hence (−1) 2 2 = (−1) = 1, because we have an even index.
(b) Similarly, for p ≡ q ≡ 3 (mod 4) we have positive integers k and m such that
p = 4k + 3 and q = 4m + 3.
p−1 q−1
Substituting these p = 4k + 3 and q = 4m + 3 into the index ( )×( ) gives
2 2
p−1 q−1 4k + 3 − 1 4m + 3 − 1
( )×( )=( )×( )
2 2 2 2
= (2k + 1) × (2m + 1) = 4km + 2k + 2m + 1 [Odd integer] .
p−1 q−1
( )×( ) 4km+2k+2m+1
Hence (−1) 2 2 = (−1) = −1 because we have an odd index.
For (c) and (d) see Exercises 7.4, question 2.
You will see the solutions to (c) and (d) are 1.
p−1 q−1
p q ( )×( )
From these results of Example 7.19, what can we conclude about ( ) × ( ) = (−1) 2 2 ?
q p
Apart from when both p ≡ q ≡ 3 (mod 4), we have
p q (
p−1
)×(
q−1
)
( ) × ( ) = (−1) 2 2 = 1.
q p
What does this imply?

p q p q p q
It implies ( ) = ( ) = 1 or ( ) = ( ) = −1. This ( ) = ( ) = 1 implies that p is a
q p q p q p
quadratic residue modulo q and that q is a quadratic residue modulo p. The other result,
(p/q) = (q/p) = −1, implies that p is a quadratic non-residue modulo q and q is a quadratic
non-residue modulo p. Both are quadratic residues or both are quadratic non-residues.
However, if p ≡ q ≡ 3 (mod 4) then by the previous example part (b) we have
p q (
p−1
)×(
q−1
)
( ) × ( ) = (−1) 2 2 = −1.
q p
What does this imply?
p q p q
( ) = 1 and ( ) = −1 or ( ) = −1 and ( ) = 1.
q p q p
The Legendre symbols in this case are different, that is p is a quadratic residue of q but q is
a quadratic non-residue of p or vice versa.
7.4.2 Eisenstein’s Lemma
The proof of the Law of Quadratic Reciprocity given towards the end of this section is the
one given by Gotthold Eisenstein.
Originally Eisenstein was from a Jewish

family but even before Eisenstein was born
the family had converted to Christianity.
Eisenstein had five siblings, none of them
survived childhood. As a young child he
took a great interest in mathematics and
music. He excelled in mathematics at school
and when he was just 17 years old he
attended lectures at the University of Berlin.
Writing in his autobiography, Eisenstein
stated why he loved mathematics: ‘This way
of deducing and discovering new truths from
old ones . . . had an irresistible fascination
with me.’
Eisenstein died at the young age of 29 of
tuberculosis.
Figure 7.11 Eisenstein (1823–52).
Eisenstein met Gauss at the University of Göttingen in 1844 and Gauss was impressed by
Eisenstein’s proof of the Law of Quadratic Reciprocity.
Before we state Eisenstein’s Lemma, which is going to help us to prove the Law of
Quadratic Reciprocity, we demonstrate a numerical example of the lemma.
Example 7.20
(q−1)/2 (p−1)/2
p×k⎥ q×k⎥
Determine ∑ ⎢ + ∑ ⎢ where ⌊ ⌋ is the floor function, p = 11, and q = 13. Also
k=1 ⎣ q ⎦ k=1⎣ p ⎦
p−1 q−1
evaluate ( )×( ).
2 2
Solution
Evaluating the first expression on the left-hand side by substituting p = 11 and q = 13 gives
(q−1)/2 (13−1)/2
p×k⎥
∑ ⎢ = ∑ ⎢ 11 × k ⎥
k=1 ⎣
q ⎦ k=1 ⎣ 13 ⎦
6
11 × k ⎥ 11 × 1 11 × 2 11 × 3 11 × 4 11 × 5 11 × 6
= ∑⎢ =⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋
k=1 ⎣
13 ⎦ 13 13 13 13 13 13
11 22 33 44 55 66
=⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋
13 13 13 13 13 13
= 0 + 1 + 2 + 3 + 4 + 5 = 15 [Remember ⌊ ⌋ is the floor function] .
Similarly, evaluating the second expression we have:
(p−1)/2 (11−1)/2 5
q×k⎥
∑ ⎢ = ∑ ⎢ 13 × k ⎥ = ∑ ⎢ 13 × k ⎥
k=1 ⎣
p ⎦ k=1 ⎣ 11 ⎦ k=1 ⎣ 11 ⎦
13 × 1 13 × 2 13 × 3 13 × 4 13 × 5
=⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋
11 11 11 11 11
13 26 39 52 65
= ⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋
11 11 11 11 11
= 1 + 2 + 3 + 4 + 5 = 15
Adding these two results together gives
(q−1)/2 (p−1)/2
p×k⎥ q×k⎥
∑ ⎢ + ∑ ⎢ = 15 + 15 = 30.
k=1 ⎣
q ⎦ k=1 ⎣
p ⎦
p−1 q−1
Working out ( )×( ) with p = 11 and q = 13 yields
2 2
11 − 1 13 − 1
( )×( ) = 5 × 6 = 30.
2 2
(q−1)/2 (p−1)/2
p×k⎥ q×k⎥ p−1 q−1
In this case we have ∑ ⎢ + ∑ ⎢ =( )×( ).
k=1 ⎣ q ⎦ k=1 ⎣ p ⎦ 2 2
q p
We can illustrate this example graphically by drawing a line y = x or x = y and counting
p q
the number of integer (lattice) points above and below this line:
Figure 7.12
By lattice point, we mean a point whose (x and y) coordinates are both integers.
13
We can count the number of lattice points below the line y = x by counting each of the
11
13
lattice points on the vertical lines x = 1, 2, 3, 4 and 5 but below the diagonal y = x, as
11
shown in Figure 7.12. This is the sum evaluated in the previous Example 7.20:
5
13 × k ⎥
∑⎢ = 1 + 2 + 3 + 4 + 5 = 15.
k=1 ⎣ 11 ⎦
11
Similarly, the number of lattice points above the diagonal x = y is counted by the num-
13
ber of lattice points on horizontal lines y = 1, 2, 3, 4, 5 and 6.
This is given by the calculation in Example 7.20:
6
11 × k ⎥
0+1+2+3+4+5 = ∑⎢ = 15.
k=1 ⎣ 13 ⎦
As you can see from Figure 7.12, the number of lattice points inside the rectangle between
0 and p/2 = 11/2 and 0 and q/2 = 13/2 is
p−1 q−1 11 − 1 13 − 1
( )×( )=( )×( ) = 5 × 6 = 30.
2 2 2 2
13
Since p = 11 and q = 13 are distinct odd primes, the straight line y = x does not lie on
11
any of the lattice points between x = 0 and p/2 = 11/2 and y = 0 and q/2 = 13/2.
(q−1)/2 (p−1)/2
p × k⎥ q × k⎥ p−1 q−1
This result from the above example ∑ ⎢ + ∑ ⎢ =( )×( )
k=1 ⎣ q ⎦ k=1 ⎣ p ⎦ 2 2
is not just true for these distinct primes, but is true for all distinct odd primes p and q.
This is Eisenstein’s Lemma.
Eisenstein’s Lemma (7.19). Let p and q be distinct odd primes. Then

(q−1)/2 (p−1)/2
p × k⎥ q × k⎥ p−1 q−1
∑ ⎢ + ∑ ⎢ =( )×( ).
k=1 ⎣
q ⎦ k=1 ⎣
p ⎦ 2 2
We have demonstrated a numerical example, but now we prove this general result.
Proof.
p×k q−1
We are given that p and q are distinct, so for any k from 1 to cannot be an integer.
q 2
q×k p−1
Similarly, for any k from 1 to cannot be an integer.
p 2
q × k⎥
Recall ⎢ is the floor function which counts the number of positive integers
⎣ p ⎦
q×k
≤ .
p
We need to find the number of lattice points (positive integers) below the line
q q×x
y= x= , that is in the lower triangle ACD shown in Figure 7.13:
p p
p−1
Figure 7.13 x =
2
The floor function ⌊(q × k) /p⌋ gives the number of lattice points on the vertical line x = k
which lies in the lower triangle ACD.
q × k⎥
The number of lattice points on each vertical line x = k is ⎢ . We sum the number of
⎣ p ⎦
(p−1)/2
p−1 q × k⎥
lattice points on each of the lines from x = 1 to x = which is given by ∑ ⎢ ,
2 k=1 ⎣ p ⎦
which is the total number of lattice points in the lower triangle ACD.
Similarly, we count the lattice points in the upper triangle ABC as shown in Figure 7.14
on the next page.
p × k⎥
The floor function ⎢ gives the number of lattice points on the horizontal line y = k
⎣ q ⎦
which lie in the triangle ABC, as shown below.
Figure 7.14
We want to find the total number of lattice points in this triangle ABC.
How?
We find the number of lattice points along each of the horizontal lines from y = 1 to
q−1 p × k⎥
y= . Each horizontal line y = k has ⎢ lattice points in the triangle ABC and
2 ⎣ q ⎦
q−1 p × k⎥ q−1
we have y = 1, ⋯ , y = horizontal lines, so we sum ⎢ from k = 1 to k = :
2 ⎣ q ⎦ 2
(q−1)/2
p × k⎥
∑ ⎢ .
k=1 ⎣
q ⎦
(q−1)/2
p × k⎥
This sum ∑ ⎢ gives us the total number of lattice points in the upper triangle
k=1 ⎣ q ⎦
ABC shown in Figure 7.15 below:
Figure 7.15
The total number of lattice points in the rectangle ABCD is given by adding the lattice
points in each triangle, that is
(q−1)/2 (p−1)/2
p × k⎥ q × k⎥
∑ ⎢ + ∑ ⎢ .
k=1 ⎣
q ⎦ k=1 ⎣
p ⎦
⏟⎵⎵⎵⏟⎵⎵⎵⏟ ⏟⎵⎵⎵⏟⎵⎵⎵⏟
=Number of lattice points in triangle ABC =Number of lattice points in triangle ACD
Clearly the number of lattice points inside the rectangle ABCD shown in the above diagram
p−1 q−1
is ( )×( ). Hence we have our result:
2 2
(q−1)/2 (p−1)/2
p × k⎥ q × k⎥ p−1 q−1
∑ ⎢ + ∑ ⎢ =( )×( ).
k=1 ⎣
q ⎦ k=1 ⎣
p ⎦ 2 2
We use this lemma to prove the Law of Quadratic Reciprocity. Before we provide the
proof we look at a numerical example, as well as stating the remaining lemma.
Example 7.21
Let p = 23 and a = 3. Show that
(p−1)/2
a×k⎥
∑ ⎢ ≡ g (mod 2)
k=1 ⎣ p ⎦
where g is the number of negative residues as defined in Gauss’s Lemma (7.14).
Solution
p − 1 23 − 1
We are given that p = 23, a = 3 and k = 1, 2, 3, ⋯ , = = 11.
2 2
(p−1)/2
⎢ a × k ⎥ 11 3k
Evaluating the summation ∑ = ∑ ⌊ ⌋ gives
k=1 ⎣ p ⎦ k=1 23
11
3k 3 6 9 12 15 18 21 24 27 30 33
∑ ⎢ ⎥ = ⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋+⌊ ⌋
k=1 ⎣ 23 ⎦ 23 23 23 23 23 23 23 23 23 23 23
= 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 1 + 1 + 1 = 4.
Writing the elements a × k (mod 23) in the set S and any least residue > 11 as a negative residue,
we have
S = {3, 3 (2) , 3 (3) , 3 (4) , 3 (5) , 3 (6) , 3 (7) , 3 (8) , 3 (9) , 3 (10) , 3 (11) } (mod 23)
≡ {3, 6, 9, 12, 15, 18, 21, 24, 27, 30, 33} ≡ {3, 6, 9, − 11, −8, −5, −2 , 1, 4, 7, 10} (mod 23) .
⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟
There are 4 negative residues
Since there are four negative residues modulo 23 in the above set S, so g = 4. We have
11
3k
∑ ⎢ ⎥ = 4 ≡ g (mod 2) .
k=1 ⎣ 23 ⎦
This is no coincidence, but is generally true so long as a is odd.
Lemma (7.20). Let p be an odd prime and a also be odd such that p a. Let g be the number
of negative residues as defined in Gauss’s Lemma (7.14). We have
(p−1)/2
a × k⎥
∑ ⎢ ≡ g (mod 2) .
k=1 ⎣ p ⎦
Proof.

Note: Lemma (7.20) can be understood as follows: g (mod 2) is either 1 (in the case that
g is odd) or 0 (in the case that g is even). From Gauss’s Lemma we know that the Legendre
a
symbol ( ) is equal to (−1)g where g is the number of negative residues. Well, the actual
p
value of g is not too important, but what is important is whether g is odd or even.
7.4.3 Proof of the Law of Quadratic Reciprocity
p q (
p−1
)×(
q−1
)
( ) × ( ) = (−1) 2 2 .
q p
Proof.
p−1
Consider the least positive residues modulo p which are the product of q and the first
2
least positive residues:
p−1
S = {q, 2q, 3q, ⋯ , ( ) q} (mod p) .
2
By the previous Lemma (7.20) with a = q we have
(p−1)/2
k × q⎥
∑ ⎢ ≡ g (mod 2) (†)
k=1 ⎣
p ⎦
where g is as defined in Gauss’s Lemma (7.14).

q−1
Applying Lemma (7.20) again to the set containing the product p and the first least
2
positive residues,
q−1
T = {p, 2p, 3p, ⋯ , ( ) p} (mod q) .
2
With a = p we have
(q−1)/2
k × p⎥
∑ ⎢ ≡ h (mod 2) (††)
k=1 ⎣
q ⎦
where h is the same representation as g was in Gauss’s Lemma (7.14).
By applying Gauss’s Lemma (7.14):

a g
( ) = (−1)
p
p q
to ( ) and ( ) we have
q p
(p−1)/2 (q−1)/2
kq kp
p q g h g+h ∑ ⌊
p
⌋+ ∑ ⌊ ⌋
q
( ) × ( ) = (−1) × (−1) = (−1) = (−1) k=1 k=1 [By (†) and (††)] .
q p
By Eisenstein’s Lemma (7.19):
(q−1)/2 (p−1)/2
k × p⎥ k × q⎥ p−1 q−1
∑ ⎢ + ∑ ⎢ =( )×( ).
k=1 ⎣
q ⎦ k=1 ⎣
p ⎦ 2 2
Substituting this into the last line of the above calculation yields
(p−1)/2 (q−1)/2
k×q k×p
p q ∑ ⌊
p
⌋+ ∑ ⌊
q
⌋ (
p−1
)×(
q−1
)
( ) × ( ) = (−1) k=1 k=1 = (−1) 2 2 .
q p

This Law of Quadratic Reciprocity (LQR) is a very powerful result, as you may have
noticed from the last section. A more useful result, which was stated in the last section, is:
Corollary (7.17). Let p and q be distinct odd primes, then

( )={
Proof.

We have used this corollary to see if a given integer is a quadratic residue of an odd prime
p in the last section. We apply this again in the example below.
Example 7.22
Determine whether the congruence x 2 ≡ 35 (mod 541) is solvable (541 is prime).
Solution
35
We need to evaluate the Legendre symbol ( ). Since 35 = 5 × 7, so we have
541
35 5 7
( )=( )×( ). (∗)
541 541 541 (continued...)
All of 5, 7, and 541 are distinct odd primes, so we can use the previous Corollary (7.17):

( )={
Since 5 ≡ 1 (mod 4), so using this on the first term on the right-hand side of (∗) gives
5 541 1
( )=( )=( )=1 [Because 541 ≡ 1 (mod 5)] .
541 5 5
Examining the second term on the right-hand side of (∗) we have 7 ≡ 3 (mod 4) but
541 ≡ 1 (mod 4), so using the above corollary we have
7 541 2
( )=( )=( ) [Because 541 ≡ 2 (mod 7)] .
541 7 7
We have already established a test for the residue 2, Proposition (7.15):
2 1 if p ≡ ±1 (mod 8)
( )={
p −1 if p ≡ ±3 (mod 8)
2
Since 7 ≡ −1 (mod 8), so applying this we have ( ) = 1.
7
5 2
Multiplying these two Legendre symbols ( ) = 1 and ( ) = 1 of (∗) together gives
541 7
35 5 7
( )=( )×( ) = 1 × 1 = 1.
541 541 541
Hence x 2 ≡ 35 (mod 541) is solvable. (We can find the square root of 35 modulo 541.)
Summary
p−1 q−1
p q ( )×( )
In this section we have proven the Law of Quadratic Reciprocity (LQR), ( ) × ( ) = (−1) 2 2 ,
q p
by using Eisenstein’s Lemma.
EXERCISES 7.4
(Brief solutions at end of book. Full (b) x 2 ≡ 40 (mod 101)

solutions available at <http://www.oup.co. (c) x 2 ≡ 36 (mod 1223)
uk/companion/NumberTheory>.) (d) x 2 ≡ 89 (mod 197)
1. Determine which of the following (e) x 2 ≡ 197 (mod 89)
congruences are solvable (all moduli
2. Evaluate parts (c) and (d) of Example
are prime):
7.19.
(a) x 2 ≡ 12 (mod 89)
3. Show that if p and q are distinct odd 11. Let p = 13 and a = 16. Show that
primes then (p−1)/2
ka
1 if p ≡ 1 (mod 4) or ∑ ⎢ ⎥ = 23 but g = 2 where g is
p q k=1 ⎣ p⎦
( )×( ) = { q ≡ 1 (mod 4)
q p as defined in Gauss’s Lemma. Explain
−1 if p ≡ q ≡ 3 (mod 4)
why Lemma (7.20) fails in this case.
4. Prove that for prime p > 3 we have 12. Prove that the odd prime divisors
p
( ) if p ≡ 1 (mod 4) of the integer n2 + 1 are of the form
3
( ) = { p3 4k + 1.
p −( ) if p ≡ 3 (mod 4)
3 13. Prove that there are infinitely many
5. (i) Prove that for prime p > 3 we have primes of the form 3m + 1 without
1 if p ≡ 1 (mod 6) using Dirichlet’s Theorem. [Hint: You
−3
( )={ may find the result of question 5
p −1 if p ≡ 5 (mod 6) helpful.]
(ii) Determine the prime factorization 14. Determine the least positive residues x
of the following: in the following cases (1993 is prime):
(a) 1042 + 3 = 10 819
(a) 25997 ≡ x (mod 1993)
(b) 2362 + 3 = 55 699 (b) 26997 ≡ x (mod 1993)
(c) 3622 + 3 = 131 047
15. Prove that if the prime p = 8k + 1 then
6. Show that the prime factors p > 3 of p−1
the integer n2 − n + 1 are of the form p (2 2 − 1).

6k + 1. [Hint: Use the result of
16. Let p ≡ 1 (mod 4). Show that the
question 5 and let p (n2 − n + 1), and 2a a
2
then consider (2n − 1) .] Legendre symbols ( ) = ( ) where
p p
7. *Prove that there are infinitely many a is odd and p a.
primes of the form 8k − 1 without 17. Show that if p ≡ 1 (mod 4) then
using Dirichlet’s Theorem. p−1
2
[Hint: Suppose there are a finite a a
∑ ( ) = 0 where ( ) is the Legendre
number of primes p1 , p2 , ⋯ , pk of this a=1 p p
form and consider the integer symbol. [Hint: You may find the result
2 of question 7 of Exercises 7.1 helpful.]
(4p1 p2 ⋯ pk ) − 2 and then use
Proposition (7.15).] 18. The following table shows some of the
odd primes for which 5 is a quadratic
8. Determine
(q−1)/2 (p−1)/2
residue and quadratic non-residue:
k × p⎥ k × q⎥
∑ ⎢ + ∑ ⎢ Prime p 3 7 11 13 17 19
k=1 ⎣ q ⎦ k=1 ⎣ p ⎦ (5/ p) −1 −1 1 −1 −1 1
for the primes p = 17 and q = 13. Also Prime p 23 29 31
interpret your answer geometrically by (5/ p) −1 1 1
counting the lattice points above and *(i) Predict the congruence describing
q
below the line y = x. the primes for which 5 is a quadratic
p
residue and the primes for which 5 is a
quadratic non-residue.
10. *Prove Lemma (7.20). Prove your predicted formula.
(ii) Factorize the following integers (if Factorize the following:

you could not predict the formula, use
(a) 1202 − 7 = 14 393
brief solutions to see the formula for
(b) 3542 − 7 = 125 309
prediction and then do these
factorizations): 20. Assume 3 x. Show that one of
the prime factors of x 2 + 3 is of the form
(a) 1042 − 5 = 10 811
(b) 5042 − 5 = 254 011 12n + 7.
19. *Prove the following for prime p where 21. Prove that there are infinitely many
p 7: primes of the form 3n − 1.
7
( ) = 1 if p ≡ ±1, ±3, ±9 (mod 28) .
p
.........................................................................................................
(Brief solutions at end of book. Full 751

(a) ( )
solutions available at <http://www.oup.co. 919
123
uk/companion/NumberTheory>.) (b) ( )
4567
7892
(c) ( )
7.1. Solve x 2 ≡ 196 (mod 211) where 211 1 234 567 891
is prime. [Hint: 7892 = 22 × 1973 where 1973
7.2. Solve the following quadratic is prime.]
congruences: Interpret each of your results in
relation to quadratic congruences.
(a) 5x 2 + 2x ≡ 20 (mod 101)
7.6. **By using the Law of Quadratic
(b) x 2 − x − 6 ≡ 0 (mod 103)
Reciprocity, or otherwise, find the
7.3. *Solve the quadratic congruence first primitive root of the prime
x 2 ≡ 7 (mod 787) (787 is prime) and modulo 97. By using this primitive
the quadratic Diophantine equation root find the square roots of
x 2 = 7 + 787y. 35 (mod 97).
7.4. Determine the square roots of the 7.7. By first finding a primitive root of
following (all moduli are prime): the prime 101 solve the following
quadratic Diophantine equations:
(a) 3 (mod 131)
(b) 11 (mod 127) (a) x 2 − 101y = 14
(c) 3 (mod 251) (b) x 2 − 101y = 22
(c) x 2 − 101y = 44
7.5. Compute the following Legendre
a 7.8. Show that the following result is
symbols ( ) where p is an odd p2 −1
p
prime: false: (−1/p) = (−1) 4 .
7.9. *(i) Find the primes p > 3 for which 7.15. Let p be an odd prime. Prove that
the square root of 3 (mod p) exists. the Legendre symbol
(p+5)(p−1)
(ii) Factorize the following integers: −2
( ) = (−1) 8 .
(a) 3062 − 3 = 93 633 p
(b) 2142 − 3 = 45 793 Determine whether −2 is a quadratic
(c) 6022 − 3 = 362 401 residue of the prime 1 000 003.
7.10. Determine particular solutions of the 7.16. **Let p be an odd prime. Prove that
quadratic Diophantine equations: x4 ≡ − 1 (mod p) has a solution
(a) x 2 + 11y = 5 ⇔ p ≡ 1 (mod 8).
(b) x 2 + 23y = 2 Factorize the following integers:
(c) x 2 + 53y = −1 (a) 124 + 1 = 20 737
7.11. *Without using Dirichlet’s Theorem (b) 224 + 1 = 234 257
prove the following: (c) 504 + 1 = 6 250 001
(a) There are infinitely many primes 7.17. (i) Prove that for prime p > 3 we
of the form 8k + 3. [Hint: Consider have
2
N = [3 × 5 × 7 × ⋯ × (2n + 1)] + 2.] 12 1 if p ≡ ±1 (mod 12)
(b) There are infinitely many primes ( )={ .
p −1 if p ≡ ±5 (mod 12)
of the form 8k − 3. [Hint: Consider
2
N = [3 × 5 × 7 × ⋯ × (2n + 1)] + 4.] (ii) Factorize the following integers:
7.12. Show that if p is a prime of the form (a) 1512 − 12 = 22 789
4k + 3 and a, b are integers such that (b) 20032 − 12 = 4 011 997
a2 + b2 ≡ 0 (mod p), then 7.18. (i) Prove that every primitive root of
a ≡ b ≡ 0 (mod p). odd prime p is a quadratic
non-residue of p.
7.13. Express the following primes as the
sum of two squares a2 + b2 : *(ii) Prove that there is a quadratic
(a) 313 (b) 1237 (c) 1249 non-residue of odd prime p which is
We will prove in Theorem (8.3) in not a primitive root of p.
the next chapter that if a prime p 7.19. *Let a be a quadratic residue of an
satisfies p ≡ 1 (mod 4) then we can odd prime p. Prove that square roots
write the prime as the sum of two of a (mod p) are given by ±r n where
squares. r is a primitive root of p and n is
7.14. Let p be an odd prime. Show that
some positive integer.
there are integers a, b such that 7.20. *Show that the non-linear
p = a2 + 2b2 ⇒ p ≡ 1 or 3 (mod 8). Diophantine equation x3 − 5 = y 2
Also, in the next chapter we will has no solution.
show that if p ≡ 1 or 3 (mod 8) then 7.21. Prove that −5 is a quadratic residue
2
p = a + 2b . 2 for the primes p satisfying
Express the following primes as p ≡ 1, 3, 7, 9 (mod 20).
a2 + 2b2 . [Hint: Use the result of Exercises 7.4,
(a) 211 (b) 1019 (c) 1249 question 18.]
..............................................................................................................................
Non-Linear Diophantine
8 Equations
..............................................................................................................................
SECTION 8.1 Sum of Two Squares

● test which integers can be written as a sum of two squares
● convert a given integer into a sum of two squares
In Chapter 2 (Section 2.3.5) we discussed which primes could be written as the sum of two
squares. In this chapter we will prove one of the most amazing theorems in mathematics:
that every prime p which satisfies p ≡ 1 (mod 4) can be written as the sum of two squares,
that is
p = a2 + b2 .
Also in this section we extend this to which positive integers (not only primes) can be con-
verted into a sum of two squares.
In the next section we show that every positive integer n can be written as a sum of four
squares: n = a2 + b2 + c2 + d2 .
In the last section we examine the quadratic Diophantine equation x2 − Ny2 = c which
is closely related to x2 − py = c ( p is an odd prime), investigated in the last chapter.
8.1.1 Pythagorean triples
Fermat’s Last Theorem states that:

There is no positive integer solution x, y, and z such that xn + yn = zn for n ≥ 3.
Hence the Diophantine equation xn + yn = zn for n ≥ 3 has no solutions. For n = 1 and
n = 2 there are solutions. We look at the Diophantine equation when n = 2.
So, we are looking for integers which satisfy Pythagoras’s Theorem and these are called
Pythagorean triples.
332 8 N ON- LI NE A R D I O P H A N T I NE EQ UAT I O NS
What are Pythagorean triples?
z x2 + y2 = z2 These are integers x, y and

z which satisfy
y
x2 + y2 = z 2 .
x
Figure 8.1
Examples are
32 + 42 = 52 , 52 + 122 = 132 , 72 + 242 = 252 , 19802 + 98012 = 99992 , ⋯ .
Consider the first of these Pythagorean triples 32 + 42 = 52 . From this we can show:
2 2 2
(3n) + (4n) = (5n) where n is any positive integer.
This implies there are infinitely many Pythagorean triples.

There are many ways of generating Pythagorean triples. One way is to start with an odd
2
(2n + 1)
positive integer x = 2n + 1. Square this and half the result: . The other two Pyth-
2
agorean triples are given by subtracting and adding half to this:
2 2 2 2
(2n + 1) 1 (2n + 1) − 1 (2n + 1) 1 (2n + 1) + 1
y= − = , z= + = .
2 2 2 2 2 2
112 − 1 112 + 1
For example, when n = 5 we have x = 11, y = = 60, z = = 61. The
2 2
2 2 2
Pythagorean triples are x = 11, y = 60, z = 61. Check that x + y = z .
In Exercises 8.1, question 5 (c) you are asked to show that if you start with an even integer
x = 2mn then the Pythagorean triples are given by the following formula:
x = 2mn, y = n2 − m2 , and z = n2 + m2
where n > m, mn is odd and m, n are relatively prime. In the special case when m = 1 we
have the Pythagorean triples x = 2n, y = n2 − 1, and z = n2 + 1.
8.1.2 Sum of two squares
Can every positive integer be written as a sum of two squares?
Well we can write 1 = 12 + 02 , 2 = 12 + 12 .
But can we find integers x and y such that x2 + y2 = 3?
No. Therefore, we conclude that not every positive integer can be expressed as a sum of two
squares, as we simply cannot write 3 as a sum of two squares.
S U M O F T W O S Q UA R E S ( 3 3 1 – 3 4 3 ) 333
We extend our question of squares to:
Can every positive integer be written as the sum of three squares?
No, because to write 7 we need four squares, 7 = 22 + 12 + 12 + 12 .

Actually we will show in the next section that every positive integer can be written as a
sum of four squares. In this section we explore which integers can be written as a sum of
two squares.
The following table highlights (the numbers boxed up) 43 out of the first 100 integers
which are sums of two squares.
Can you spot any pattern to these highlighted integers?
Table 8.1
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30
31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50
51 52 53 54 55 56 57 58 59 60
61 62 63 64 65 66 67 68 69 70
71 72 73 74 75 76 77 78 79 80
81 82 83 84 85 86 87 88 89 90
91 92 93 94 95 96 97 98 99 100
Clearly it is not all the integers, nor just the odd or even ones.
So what is the pattern?
Well the squares are definitely part of sum of two squares because we can write a square
number, n2 , as n2 = n2 + 02 . Also n2 + 1 can be written as sum of two squares because
n2 + 1 = n2 + 12 . However, these two, n2 and n2 + 1, do not capture all of the highlighted
numbers in Table 8.1. Actually there is no simple pattern for which numbers can be ex-
pressed as a sum of two squares. We will give a criterion to test which integers can be con-
verted into a sum of two squares in result (8.5) later in this section.
To convert a given integer into a sum of two squares we need to use the algebraic identity
discussed in the next subsection.
8.1.3 Two squares identity
What does the term identity mean in mathematics?
Two expressions are equal for all values of the variables; for example,
2
(x + y) = x2 + 2xy + y2 and cos2 (𝜃) + sin2 (𝜃) = 1 are identities.
However 2x − 1 = 0 is not an identity because this equation is only valid if x = 1/2.

The following identity converts a product into a sum and is called the Conversion or Two
Squares Identity:
Conversion Identity (8.1). For any integers a, b, c, and d we have

2 2
(a2 + b2 ) (c2 + d2 ) = (ac − bd) + (ad + bc) .
Proof.
Expanding the left-hand side gives
(a2 + b2 ) (c2 + d2 ) = a2 c2 + a2 d2 + b2 c2 + b2 d2 . (∗)
Expanding the right-hand side of the above yields

2 2
(ac − bd) + (ad + bc) = (a2 c2 − 2abcd + b2 d2 ) + (a2 d2 + 2abcd + b2 c2 )
= a2 c2 + b2 d2 + a2 d2 + b2 c2 [Because − 2abcd + 2abcd = 0] .
Comparing the last line with (∗) give us our identity:

2 2
(a2 + b2 ) (c2 + d2 ) = (ac − bd) + (ad + bc) .

We use this identity (8.1) to convert a product (factorized) into a sum, as the next example
demonstrates.
Example 8.1
Convert 225 into a sum of two squares in two different ways.
Solution
You may have noticed an obvious solution is 152 = 225, so we have 225 = 152 + 02 .
Another representation can be found by factorizing 225 and then converting this product into a sum
by the above Conversion Identity:
225 = 5 × 45.
We can express 5 as 5 = 12 + 22
and 45 = 9 + 36 = 32 + 62 . By putting these into the above identity
(8.1) with a = 1, b = 2, c = 3, and d = 6 we obtain
225 = 5 × 45
= (12 + 22 ) × (32 + 62 )
2 2
= ([1 × 3] − [2 × 6]) + ([1 × 6] + [2 × 3]) [Converting product to sum (8.1)]
2
= (−9) + 122 = 92 + 122 .
Hence converting 225 into sum of two squares gives 225 = 92 + 122 .
Note that converting an integer into a sum of two squares does not give a unique rep-
resentation because 225 = 152 + 02 = 92 + 122 . However, if the given integer is prime then
the representation is unique as the sum of two squares, which we will show later.
First we factorize the given integer and then apply the identity (8.1) repeatedly to convert
the product into a sum, as the next example demonstrates.
Example 8.2
Convert 8177 into a sum of two squares.
Solution
The prime decomposition of 8177 is
8177 = 13 × 17 × 37.
Writing each of these numbers as the sum of two squares gives
13 = 22 + 32 , 17 = 12 + 42 and 37 = 12 + 62 .
By applying the Conversion Identity to the product 13 × 17 we obtain
13 × 17 = (22 + 32 ) × (12 + 42 )
2 2
= ([2 × 1] − [3 × 4]) + ([2 × 4] + [3 × 1]) [By (8.1)]
2
= (−10) + 112 = 102 + 112 .
We have converted the product into a sum of two squares: 13 × 17 = 102 + 112 . Applying the identity
(8.1) again to 13 × 17 = 102 + 112 and 37 = 12 + 62 yields
8177 = (13 × 17) × 37

= (102 + 112 ) × (12 + 62 )
2 2
= ([10 × 1] − [11 × 6]) + ([10 × 6] + [11 × 1]) [By (8.1)]
2
= (−56) + 712 = 562 + 712 .
Hence 8177 as a sum of two squares is 562 + 712 .
This sum of squares 562 + 712 representation of 8177 is not unique. There are three other
ways of representing 8177 as a sum of two squares. Actually, here are the four sum of square
representations of 8177:
8177 = 162 + 892 = 442 + 792 = 492 + 762 = 562 + 712 .
In Exercises 8.1, question 23 you are asked to show the following:

If n is the product of r distinct primes p which satisfy p ≡ 1 ( mod 4) then the number of
different ways n can be expressed as a sum of two squares is 2r−1 .
Therefore 8177 = 13 × 17 × 37, which has three distinct primes satisfying
13 ≡ 17 ≡ 37 ≡ 1 ( mod 4) ,
has 23−1 = 22 = 4 different sum of squares representations.
What is special about these integers, 225 and 8177, that we can write them as a sum of two squares?
Their prime decomposition gives primes p which satisfy p ≡ 1 ( mod 4). We now prove that
if the prime p satisfies p ≡ 1 ( mod 4) then it can be written as the sum of two squares. You
are asked to show that this sum of squares representation of prime p is unique in the exer-
cises. First we need a lemma.
Lemma (8.2). If prime p ≡ 1 (mod 4) then there exist positive integers x and y such that
x2 + y2 = kp where k < p and it is a positive integer.
Proof.

One of the most startling theorems in mathematics is the following:
Theorem (8.3). Every prime p satisfying p ≡ 1 ( mod 4) can be written as the sum of two
squares.
This says that all the primes that leave a remainder of 1 when divided by 4 can be written
as the sum of two squares.
To prove this, we need to use the Well-Ordering Principle (WOP) which was given in the
Introductory Chapter:
WOP: Every non-empty subset of positive integers has a least element.
This is a challenging and long proof.
Proof.
Let p ≡ 1 ( mod 4). By the previous lemma, there exist positive integers x and y such that
x2 + y2 = kp where 0 < k < p.
By the Well-Ordering Principle (WOP) let m be the least of these k’s, that is
x2 + y2 = mp where m is the least positive integer satisfying this.
What do we need to show?
Required to prove that m = 1.
How?
By contradiction. Suppose m > 1.

We define integers a and b such that
m m
a ≡ x ( mod m) and b ≡ y ( mod m) where − < a, b ≤ .
2 2
Therefore,
a2 + b2 ≡ x2 + y2 = mp ≡ 0 ( mod m) . (∗)
Thus there is an integer n (≥ 0) such that
a2 + b2 = mn. (∗∗)
Multiplying these together, (∗) and (∗∗), gives
(a2 + b2 ) (x2 + y2 ) = (mn) (mp) = m2 np.
Now using the Conversion Identity (8.1) on the left-hand side yields
(a2 + b2 ) (x2 + y2 ) = (b2 + a2 ) (x2 + y2 )

2 2
⏟ (bx − ay) + (by + ax) = m2 np.
= (†)
By (8.1)
Examining both terms inside the brackets (bx − ay) and (by + ax):
bx − ay ≡ yx − xy ≡ 0 ( mod m) because a ≡ x ( mod m) and b ≡ y ( mod m) .
Similarly,
by + ax ≡ yy + xx ≡ y2 + x2 ≡ 0 ( mod m) [By (∗)].
Thus both bx − ay and by + ax are multiples of m, which implies that we can divide (†) by
m2 and get the following sum of two squares:
2 2
by + ax bx − ay
( ) +( ) = np. (††)
m m
m m
From the earlier inequality − < a, b ≤ we have
2 2
m 2 m 2 m2
a2 + b2 ≤ ( ) +( ) = .
2 2 2
By (∗∗) and the above inequality it follows that
m2 m
a2 + b2 = mn ≤ ⇒ n≤ ⇒ n < m. (‡)
2 2
If n = 0 then we have our result.
Why?
From (∗∗)
a2 + b2 = 0 ⇒ a=b=0 ⇒ x ≡ a ≡ 0 ( mod m) and y ≡ b ≡ 0 ( mod m) .
This implies m | x and m | y . From this it follows that
m2 | (x2 + y2 ) ⇒ m2 | mp ⇒ m | p .
⏟
By (∗)
We know that m < p because m is the least of k’s and 0 < k < p. The only divisors of a prime
p are 1 and p. Therefore we have m = 1, which is our required result.
If n is a positive integer, then from (††) we have that np is the sum of two squares and (‡)
shows that n < m. This is a contradiction.
Why?
Because m was the least positive integer which is the sum of two squares, and now we have
found a smaller positive integer n. Our supposition that m > 1 must be wrong, so m = 1
which implies x2 + y2 = mp = p. Hence p ≡ 1 ( mod 4) can be written as the sum of two
squares.

A prime p that satisfies p ≡ 1 ( mod 4) can be expressed as the sum of two squares.
In the exercises we will prove that the converse is also true, and we have uniqueness:
Theorem (8.4). An odd prime p can be written as sum of two squares uniquely ⇔
p ≡ 1 ( mod 4) .
If p = 2 then 12 + 12 = 2, which is the sum of two squares.
Proof.

The conversion of a prime number to sum of two squares is unique. On the other hand,
the conversion of a composite number may not give a unique sum of two squares, as we
observed in Example 8.1.
The next subsection sets up a criterion for testing which integers (not only primes) can
be written as a sum of two squares.
8.1.4 Sum of Two Squares Theorem
Now we prove the criterion to test which integers can be converted into sum of two squares:
Sum of Two Squares Theorem (8.5). Let m be a positive integer given by

m = p1 × p2 × ⋯ × pr × N2 where the p’s are distinct primes.
Then m can be expressed as a sum of two squares, provided every prime pj satisfies pj = 2
or pj ≡ 1 (mod 4) for j = 1, ⋯ , r.
In Exercises 8.1, question 11 you are asked to show that any integer m > 1 (if m = 1 then
m = 12 + 02 ) can be written as
m = p1 × p2 × ⋯ × pr × N2 .
Proof.
Let m = p1 × p2 × ⋯ × pr × N2 . If we can prove that the product p1 × p2 × ⋯ × pr can be
converted into sums of two squares then we are done.
Why?
Because this implies p1 × p2 × ⋯ × pr = a2 + b2 and we have
m = ( p1 × p2 × ⋯ × pr ) × N2
= (a2 + b2 ) × N2
2 2
= (aN) + (bN) .
So we only need to show that the product of primes p1 × p2 × ⋯ × pr can be written as a

sum of two squares.
How?
By mathematical induction.
The base case r = 1 holds because by Theorem (8.3):
If n = p where p ≡ 1 (mod 4) then we can write n as the sum of two squares.
Assume this is also true for the product of k primes, that is r = k:
p1 × p2 × ⋯ × pk = x2k + y2k . (∗)
Required to prove the case for r = k + 1:
2 2
p1 × p2 × ⋯ × pk × pk+1 = (xk+1 ) + (yk+1 ) .
Consider the left-hand side of this equation:
(p1 × p2 × ⋯ × pk ) × pk+1 = (x2k + y2k ) × pk+1 .

⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟ (†)
=x2k +y2k By (∗)
Recall we are given that the prime pk+1 is either 2 = 12 + 12 or pk+1 ≡ 1 ( mod 4). In either
case we can write this prime as the sum of two squares (by Theorem (8.3)):
pk+1 = x 2 + y 2 .
Substituting this pk+1 = x 2 + y 2 into (†) gives
(x2k + y2k ) × pk+1 = (x2k + y2k ) × (x 2 + y 2 ) .
We can convert this product (x2k + y2k ) × (x 2 + y 2 ) into a sum of two squares by applying
the Conversion Identity (8.1):
2 2
(a2 + b2 ) × (c2 + d2 ) = (ac − bd) + (ad + bc) .
By applying this to the above derivation we obtain
p1 × p2 × ⋯ × pk+1 = (x2k + y2k ) × (x 2 + y 2 )

2 2
= (xk x − yk y) + (xk y + yk x) [By (8.1)]
2 2
= (xk+1 ) + (yk+1 ) where xk+1 = xk x − yk y and yk+1 = xk y + yk x.
Hence by mathematical induction p1 × p2 × ⋯ × pr can be written as a sum of two

squares, therefore m = p1 × p2 × ⋯ × pr × N2 can be converted into sum of two squares,
provided pj = 2 or pj ≡ 1 (mod 4). This completes our proof.

Example 8.3
Convert 1352 into a sum of two squares.
Solution
We first factorize 1352. Since 1352 is even, so 2 is a factor; actually, 8 = 23 is a factor:
1352 = 8 × 169 = 23 × 132 .
Writing this 1352 = 23 × 132 into the format m = p1 × p2 × ⋯ × pr × N2 given in (8.5),
1352 = 23 × 132 = ⏟
2 ×⏟
(2⎵×
⏟⎵
2 2
⏟ = 2 × 26 .
13)
=p1 =N
Since p1 = 2, so we can express 1352 as a sum of two squares:
1352 = 2 × 262
= (12 + 12 ) × 262 = 262 + 262 .
Example 8.4
Convert 360 into sum of two squares.
Solution
Factorizing 360 gives 360 = 23 × 32 × 5. Rewriting this in the format of the Sum of Two Squares
Theorem (8.5), m = p1 × p2 × ⋯ × pr × N2 , we have
360 = 23 × 32 × 5 = ⏟
2 × ⏟
5 × (2
⏟⏟⏟× 3)2 . (∗)
=p1 =p2 =N
Since the primes p1 = 2 and p2 = 5 ≡ 1 (mod 4), so we can express 360 as the sum of two squares.
First we convert the product of these two primes:
2 × 5 = 10 = 12 + 32 .
Putting this 2 × 5 = 10 = 12 + 32 into (∗) yields

2
360 = (2 × 5) × (2 × 3)
= (12 + 32 ) × 62
2 2
= (1 × 6) + (3 × 6) = 62 + 182 .
Hence 360 = 62 + 182 . (This representation is unique because only 5 ≡ 1(mod 4)).
Example 8.5
Convert 255 into sum of two squares.
Solution
Let us first see if it is possible to express 255 as the sum of two squares. Factorizing 255 yields 3 × 5 × 17.
Since one of the primes is 3 ≡ 3 (mod 4), so 255 cannot be written as a sum of two squares.
Now we investigate which integers cannot be written as a sum of two squares.
8.1.5 Integers not expressed as a sum of two squares
Is there a pattern to the 57 numbers which are not highlighted (cannot be expressed as a sum of two
squares) in Table 8.1?
If n ≡ 3 (mod 4) then n cannot be written as a sum of two squares. For example, in the table
we see that if n = 3, 7, 11, 15, ⋯ , which are all congruent to 3 modulo 4 and these cannot
be written as a sum of two squares,
3 ≠ a21 + b21 , 7 ≠ a22 + b22 , 11 ≠ a23 + b23 , 15 ≠ a24 + b24 , …
We need to prove this holds for all n such that n ≡ 3 (mod 4).
Proposition (8.6). If n ≡ 3 (mod 4) then n cannot be expressed as a sum of two squares.
How do we prove this statement?
By contradiction.
Proof.
Let n ≡ 3 (mod 4). Suppose we can express n as a sum of two squares: n = a2 + b2 .
By Exercises 1.2, question 2:
The square of any integer is of the form 4m or 4m + 1.
Applying this, we have a2 ≡ 0, 1 ( mod 4) and b2 ≡ 0, 1 ( mod 4).
Adding these together gives
n = a2 + b2 ≡ 0,
⏟1 + 0,
⏟1 ≡ 0, 1, 2 ( mod 4) .
=a2 =b2
This n ≡ 0, 1, 2 ( mod 4) implies that n ≢ 3 ( mod 4), which is a contradiction because we

are given n ≡ 3 ( mod 4). Therefore, our supposition that n can be written as a sum of two
squares is wrong, so n cannot be expressed as a sum of two squares.

For example, 27 ≡ 3 ( mod 4) cannot be written as a sum of two squares. This congruence
n ≡ 3 ( mod 4) does not pick up all the integers which cannot be written as a sum of two
squares. For example, from Table 8.1 we have that composite number 69 cannot be expressed
as a sum of two squares, but 69 ≡ 1 ≢ 3 ( mod 4).
Note that 69 is not a prime, otherwise by Theorem (8.3) we would be able to write it as a
sum of two squares. Actually 69 = 82 + 22 + 12 ; we need three squares to write 69.
The prime factors of 69 = 3 × 23 and
3 ≡ 23 ≡ 3 (mod 4) .
Sometimes to test whether a given integer can be written as the sum of two squares it is
easier to use the converse of the Sum of Two Squares Theorem (8.5), which is:
Converse of Sum of Two Squares Theorem (8.7). Let m = p1 × p2 × ⋯ × pr × N2 where p’s

are distinct primes. If m can be expressed as sum of two squares then none of these primes
pj satisfies pj ≡ 3 ( mod 4) for j = 1, ⋯ , r.
Proof.

From the last three results (8.5), (8.6), and (8.7), we have the following corollary:
Corollary (8.8). Let n = p1 × p2 × ⋯ × pr × N2 where p’s are distinct primes. Then n

cannot be expressed as a sum of two squares ⇔ it has a prime factor pj ≡ 3 ( mod 4) for any
j = 1, ⋯ , r.
Proof.

This Corollary says that if p ≡ 3 ( mod 4) is present to an odd power in the prime factor-
ization of n then n cannot be written as a sum of two squares. This is an easy check to see
which numbers can be written as a sum of two squares.
However, if the prime p ≡ 3 ( mod 4) appears to an even index then the number n can be
written as a sum of two squares. For example, 7 ≡ 3 ( mod 4) and
245 = 5 × 72 = 142 + 72 .

Summary
In this section we have converted a given integer into sum of two squares.
The criterion for testing whether a given integer can be written as a sum of two squares is given by:
Let m = p1 × p2 × ⋯ × pr × N2 provided every prime pj = 2 or pj ≡ 1 (mod 4).
EXERCISES 8.1
(Brief solutions at end of book. Full 6. Show that 2n , where n is a natural

solutions available at <http://www.oup.co. number, can be written as sum of two
uk/ companion/NumberTheory>.) squares.
1. Convert the following integers into 7. Show that the positive integer n k
sum of two squares: where k is an even positive integer can
be written as a sum of two squares.
(a) 36 (b) 37 (c) 101
(d) 170 (e) 229 8. Prove that if we can write the natural
number n as a sum of two squares then
2. Express the following into sum of two
we can also write k2 n as a sum of two
squares:
squares.
(a) 256 (b) 281
9. Prove the following:
(c) 512 (d) 2048
Let p be prime such that p ≡ 1 ( mod 4)
3. Convert the following integers into
and k be a natural number. We
sum of two squares:
can write n = pk as a sum of two
(a) 202 (b) 205 (c) 180 squares.
4. Convert the following integers into 10. Prove Lemma (8.2).
sum of two squares:
11. Show that any integer n > 1 can be
(a) 2016 written as n = p1 × p2 × ⋯ × pr × N2
(b) 2015 where p’s are distinct primes.
(c) 2017 [Hint: 2017 is prime. 12. Prove the following identity for any
Consider the square root of 2017.] integers a, b, c, and d:
(d) 2018 [Hint: 2018 = 2 × 1009 and 2
(a2 + b2 ) × (c2 + d2 ) = (ac + bd)
determine 1009 − 282 .]
2
(e) 2019 = 3 × 673 + (ad − bc) .
(f) 2020 This is another sum of squares identity
5. Show the following identities like (8.1).
concerning Pythagorean triples: 13. This is a question on Pythagorean
2 2
(a) (3n) + (4n) = (5n)
2 triples.
2 2 2
(b) (2n) + (n2 − 1) = (n2 + 1) Convert the following squares to sum
2 2 2 of two non-zero squares:
(c) (2mn) + (n2 − m2 ) = (n2 + m2 )
(a) 52 (b) 172 (c) 292 (d) 2022
14. Show the Pythagorean triple identity 20. Let n = 2 × pe × qk where

2 2 2 2 2
p ≡ 3 (mod 4), e is even, q ≡ 1 (mod 4),
(a2 + b ) = (a2 − b ) + (2ab) by
using sum of squares identity. and k is any natural number. Show
that n can be expressed as a sum of two
15. Show that:
squares.
If gcd (x, y) = 1 and x2 + y2 = z2
then 21. Disprove the following statements:
gcd (x, z) = gcd (y, z) = 1. (a) If m is a sum of two squares and
m | n then n is also a sum of two
16. Determine the integers x and y such squares.
that x2 + y2 = 178.
(b) If both m and n can be expressed
17. Find all four different representations as sum of two squares then m + n can
of 1105 = 5 × 13 × 17 as a sum of two also be written as sum of two
squares. squares.
18. Prove the following: (c) Assume all three positive distinct
integers n1 , n2 , and n3 cannot be
If n = p × q where p ≡ q ≡ 1 (mod 4)
expressed as a sum of two squares.
then we can write n as a sum of two
Therefore, n1 + n2 + n3 cannot be
squares.
expressed as a sum of two squares.
19. (a) Explain why 6 cannot be expressed
22. **(i) Prove the following:
as a sum of two squares.
A prime p satisfying p ≡ 1 (mod 4) can
(b) Show that if n ≡ 3 or 6 (mod 9)
be written uniquely as the sum of two
then n cannot be expressed as a sum of
squares.
two squares.
(c) Show that if (ii) Prove Theorem (8.4).
n ≡ 6, 12, 24, 30 (mod 36) 23. *Prove the following:
If n is the product of r distinct primes

then n cannot be expressed as a sum of
pj which satisfy pj ≡ 1 (mod 4) then the
two squares.
number of different ways n can be
*(d) Explain why we cannot say
expressed as a sum of two squares is
n ≡ 18 (mod 36) 2r−1 .
24. **Prove Theorem (8.7).
can be written as a sum of two
squares. 25. Prove Corollary (8.8).
.........................................................................................................
SECTION 8.2 Sum of Four Squares

● understand the limitations of the sum of three squares
● convert a given integer into sum of four squares
S U M O F F O U R S Q UA R E S ( 3 4 4 – 3 5 2 ) 345
8.2.1 Sum of three squares
Why isn’t the main title of this Section ‘8.2 Sum of Three Squares’?
Clearly if we extend our sum to three squares then this will cover more than the two squares,
because we could use 02 as our third square to include all the sums of two squares. The
following integers need three non-zero squares:
3 = 12 + 12 + 12 , 6 = 22 + 12 + 12 , 14 = 12 + 22 + 32 , 19 = 12 + 32 + 32 , . . .
Again all the positive integers cannot be written as a sum of three squares because
7 = 22 + 12 + 12 + 12 .
For 7 we need four squares. The other problem with three squares is that there is no three-
square identity like the one we had for two squares given in the last section:
2 2
(8.1) (a2 + b2 ) × (c2 + d2 ) = (ac − bd) + (ad + bc) .
This means we cannot convert a product of three squares into a sum of three squares:
(a2 + b2 + c2 ) × (x2 + y2 + z2 ) ≠ d
⏟⎵⎵⎵⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⎵⎵⎵⏟ ⏟⎵+
2 e2 +
⎵⏟⎵ ⎵⏟f2 [Not Equal] .
Product of Three Squares Sum of Three Squares
For example, 143 = 11 × 13 and
11 = 32 + 12 + 12 ; 13 = 32 + 22 + 02 .
However
143 = 11 × 13 ≠ x2 + y2 + z2 [Not Equal] .
2 2 2 2
Actually, 143 = 11 + 3 + 3 + 2 . Furthermore, we also have the following result:
Proposition (8.9). A positive integer which looks like 4n (8m + 7) cannot be expressed as a
sum of three squares.
This means we cannot write numbers like
40 ((8 × 0) + 7) = 7, 41 ((8 × 0) + 7) = 28, 41 ((8 × 1) + 7) = 60, . . .
as a sum of three squares.
Proof.

Naturally we ask, is it pretty gloomy and negative for three squares?
No, because if n ≡ 3 ( mod 8) then we can write this as a sum of three positive squares. You
are asked to prove this in Supplementary Problems 8, question 8.6.
However, for both the above reasons, no three-square identity and Proposition (8.9),
converting a given integer into sum of three squares is an impossible task.
8.2.2 Sum of Four Squares Identity
In this subsection we will show the powerful result:

Every positive integer can be expressed as the sum of four squares.
To prove this we need a four-square identity, which is given by:
Sum of Four Squares Identity (8.10).
2 2
(a2 + b2 + c2 + d2 ) × (x2 + y2 + z2 + w2 ) = (ax + by + cz + dw) + (ay − bx + cw − dz)
2 2
+ (az − bw − cx + dy) + (aw + bz − cy − dx) .
This identity converts product of four squares into sum of four squares.
Proof.

We use this four-square identity to convert a given positive integer into sum of four
squares, as the following example demonstrates.
Example 8.6
(i) Convert 15 into sum of four squares.

(ii) Convert 105 into sum of four squares.
Solution
(i) First we factorize 15 into 3 × 5. Writing each of these integers, 3 and 5, as sum of four squares
gives
3 = 12 + 12 + 12 + 02 and 5 = 22 + 12 + 02 + 02 .
Using the above Sum of Four Squares Identity (8.10) to convert from product to sum,
(12 + 12 + 12 + 02 ) × ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟
3 × 5 = ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟ (22 + 12 + 02 + 02 ) [Product of four squares]
=3 =5
2 2
= ([1 × 2] + [1 × 1] + [1 × 0] + [0 × 0]) + ([1 × 1] − [1 × 2] + [1 × 0] − [0 × 0])
2 2
+ ([1 × 0] − [1 × 0] − [1 × 2] + [0 × 1]) + ([1 × 0] + [1 × 0] − [1 × 1] − [0 × 2])
2 2 2
= 32 + (−1) + (−2) + (−1) = 32 + 12 + 22 + 12 [Sum of four squares] .
Therefore, 15 as sum of four squares is 32 + 22 + 12 + 12 .

(ii) Note that 105 = 7 × 15. Applying (8.10) to convert the product 105 = 7 × 15 into sum of four
squares gives:
(32 + 22 + 12 + 12 ) × ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟
15 × 7 = ⏟⎵⎵⎵⎵⏟⎵⎵⎵⎵⏟ (22 + 12 + 12 + 12 ) [Product of four squares]
=15 by part (i) =7
2 2
= ([3 × 2] + [2 × 1] + [1 × 1] + [1 × 1]) + ([3 × 1] − [2 × 2] + [1 × 1] − [1 × 1])
2 2
+ ([3 × 1] − [2 × 1] − [1 × 2] + [1 × 1]) + ([3 × 1] + [2 × 1] − [1 × 1] − [1 × 2])
2
= 102 + (−1) + 02 + 22 = 102 + 22 + 12 + 02 [Sum of four squares] .
Thus 105 = 102 + 22 + 12 + 02 . This shows we only need three non-zero squares for 105.
Sometimes it is easier to tackle this conversion by trial and error rather than using the
four-square identity. For example, we know 105 is 100 + 5 and 100 = 102 and 5 = 22 + 12 ,
so 105 = 102 + 22 + 12 + 02 .
8.2.3 Solving x2 + y2 ≡ −1(𝐦𝐨𝐝 p)
In order to prove that every positive integer can be written as the sum of four squares we
need to use modular arithmetic.
First, we establish Lemma (8.11) and to prove this we need to use the pigeonhole principle
which was defined in the Introductory Chapter:
The Pigeonhole Principle
If k + 1 or more objects are placed into k boxes, then at least one of the boxes contains
two or more of these objects.
Lemma (8.11). Let p be an odd prime. There are integers x and y such that
p−1
x2 + y2 ≡ −1 ( mod p) where 0 ≤ x, y ≤ .
2
Before we provide a proof of this result, here are some numerical examples of this:
(a) Some of the solutions of x2 + y2 ≡ −1 ( mod 13) which lie in the stipulated condi-
p − 1 13 − 1
tion 0 ≤ x, y ≤ = = 6 are:
2 2
{x = 5, y = 0} , {x = 3, y = 4} , {x = 4, y = 3} ( mod 13) .
(b) Some of the solutions of x2 + y2 ≡ −1 ( mod 17) are
{x = 1, y = 7} , {x = 0, y = 4} , {x = 5, y = 5} ( mod 17) .
(c) Some of the solutions of x2 + y2 ≡ −1 ( mod 11) are
{x = 1, y = 3} , {x = 3, y = 1} , {x = 4, y = 4} ( mod 11) .
You may like to check these solutions.

Proof.
We need to show that for every odd prime p the given quadratic congruence
p−1
x2 + y2 ≡ −1 ( mod p) has solutions x and y, such that 0 ≤ x, y ≤ .
2
By transposing this given equation x2 + y2 ≡ −1 ( mod p) we obtain
x2 ≡ −1 − y2 ( mod p) .
Splitting the two sides of this equation into two sets S and T yields
p−1 2 p−1
S = {02 , 12 , 22 , ⋯ , ( ) } [Subsituting x = 0, 1, 2, 3, ⋯ , into x2 ]
2 2
p−1 2
T = {−1 − 02 , −1 − 12 , −1 − 22 , ⋯ , −1 − ( ) } [Substituting y = 0, 1, 2, ⋯ ,
2
p−1
into − 1 − y2 ]
2
Any two different integers in S are not congruent to each other.
Why not?
Suppose a2 , b2 are both in S with a ≠ b (different) but a2 ≡ b2 ( mod p), then
a2 ≡ b2 ( mod p) ⇒ a ≡ ±b ( mod p).

p−1
This a ≡ ±b ( mod p) cannot be the case because a, b ∈ {0, 1, 2, ⋯ , ( )}, and from
2
a ≡ b ( mod p) we have a = b. From a ≡ −b ( mod p) we have a = −b. Both of these are
impossible.
Therefore, no two different integers in S are congruent to each other.
Similarly, no two different integers in T are congruent to each other.
The number of integers in each set is given by the cardinality of the set which is
p−1 2 p−1
Card (S) = Card {02 , 12 , 22 , ⋯ , ( ) } = 1+ .
2 2
p−1
Similarly, the number of integers in set T is Card (T) = 1 + . Therefore, there are
2
p−1 2+p − 1
Card (S) +Card (T) = 2 (1+ ) =2( ) = p + 1 integers in S ∪ T (S or T).
2 2
By the pigeonhole principle (defined above) there must be at least one integer in S which
is congruent to an integer inT because there are only p integers modulo p, but we have p + 1
integers in S ∪ T. Therefore, there are integers x0 and y0 such that
p−1
x20 ≡ −1 − y20 ( mod p) where 0 ≤ x0 , y0 ≤ .
2

You may agree that the above is a beautiful proof.

Example 8.7
By writing out the two sets given in the previous proof, determine x and y such that
x2 + y2 ≡ −1 ( mod 19) where 0 ≤ x, y ≤ (19 − 1) /2 = 9.
Solution
Transposing the given equation,
x2 ≡ −1 − y2 ( mod 19) .
p − 1 19 − 1
In this case we have p = 19, so = = 9. Therefore, there are 9 + 1 = 10 integers in each
2 2
set (20 altogether in S or T);
S = {02 , 12 , 22 , 32 , 42 , 52 , 62 , 72 , 82 , 92 } ≡ {0, 1, 4, 9, 16, 25, 36, 49, 64, 81} (mod 19)
T = {−1 − 02 , −1 − 12 , −1 − 22 , −1 − 32 , −1 − 42 , −1 − 52 , −1 − 62 , −1 − 72 , −1 − 82 , −1 − 92 }
≡ {−1, −2, −5, −10, −17, −26, −37, −50, −65, −82} (mod 19) .
The least non-negative residues modulo 19 of these sets, S and T, are given by
S′ = 0, 1 , 4, 9, 16, 6, 17, 11, 7, 5 (mod 19) [Second element]
T ′ = 18, 17, 14, 9, 2, 12, 1 , 7, 11, 13 (mod 19) [Seventh element].
There are five integers 1, 7, 9, 11, and 17, which are in both sets S′ and T ′ . If we take the integer 1
which is common to both these sets, S′ and T ′ , then from the set S this corresponds to 12 , the second
element in S. The integer 1 is the seventh element in T ′ , so it corresponds to the seventh element in
the set T which is −1 − 62 . Therefore, solving x2 ≡ −1 − y2 (mod 19) gives:
12 ≡ −1 − 62 ( mod 19) implies x ≡ 1, y ≡ 6 ( mod 19) .

Similarly, the integer 7 is common to both sets S′ and T ′ and is the corresponding penultimate
integer in the set S and third from last in the set T respectively.
So we have
82 ≡ −1 − 72 ( mod 19) implies x ≡ 8, y ≡ 7 ( mod 19) .
Similarly, for the remaining common integers 9, 11, and 17 we have
9: 32 ≡ −1 − 32 ( mod 19) implies x ≡ 3, y ≡ 3 ( mod 19)

11: 72 ≡ −1 − 82 ( mod 19) implies x ≡ 7, y ≡ 8 ( mod 19)
17: 62 ≡ −1 − 12 ( mod 19) implies x ≡ 6, y ≡ 1 ( mod 19).
Our five solutions (recall there were five common integers in both sets S and T ) are
{x = 1, y = 6}, {x = 8, y = 7}, {x = 3, y = 3}, {x = 7, y = 8}, {x = 6, y = 1} (mod 19) .

Notice the symmetry in the solutions: x ≡ 1, y ≡ 6 and x ≡ 6, y ≡ 1 ( mod 19).
Why do we have this symmetry?
Because of the quadratic nature; 12 + 62 ≡ 62 + 12 ≡ 37 ≡ −1 ( mod 19).
Note that the solutions in the above example to x2 + y2 ≡ −1 ( mod 19) are only the ones
which satisfy 0 ≤ x, y ≤ 9. There are other solutions to this equation x2 + y2 ≡ −1 ( mod 19)
which you are asked to find in Exercises 8.2, question 6.
Corollary (8.12). Let p be an odd prime. There exists a positive integer m with m < p such
that mp can be written as a sum of four squares.
This statement claims that the product of any odd prime p with a multiple m such that
0 < m < p can be written as a sum of four squares.
Proof.
We need to prove that there are integers x, y, z, and w which satisfy
x2 + y2 + z2 + w2 = mp.
p−1
By the previous Lemma (8.11) there exist integers x and y such that 0 ≤ x, y ≤ and
2
x2 + y2 ≡ −1 ( mod p) ⇔ x2 + y2 + 1 ≡ 0 ( mod p)
⇔ x2 + y2 + 1 = mp for some integer m.
p−1
Since 0 ≤ x, y ≤ , so
2
2 2
2 2
(p − 1) (p − 1)
x +y +1 ≤ + +1
4 4
2
(p − 1) p2
= +1 < + 1 < p2 .
2 2
Thus, we can write the above x2 + y2 + 1 = mp as
x2 + y2 + 1 = x2 + y2 + 12 + 02 = mp < p2 .
Therefore, there is an integer m such that x2 + y2 + 12 + 02 = mp where m < p.

Example 8.8
Determine the values of m as defined in the previous corollary for modulo 19 and convert mp into sum
of four squares.
Solution
In the previous example we solved x2 + y2 ≡ −1 ( mod 19) and obtained the solutions
{x = 1, y = 6} , {x = 8, y = 7} , {x = 3, y = 3} , {x = 7, y = 8} , {x = 6, y = 1} (mod 19) .
For the first three solutions we have
x2 + y2 + 12 + 02 = 12 + 62 + 12 + 02 = 38 = 2 × 19 implies m = 2
x2 + y2 + 12 + 02 = 82 + 72 + 12 + 02 = 114 = 6 × 19 implies m = 6
x2 + y2 + 12 + 02 = 32 + 32 + 12 + 02 = 19 = 1 × 19 implies m = 1.
The remaining two solutions have already been covered by the symmetric nature of x and y, because
72 + 82 + 12 = 82 + 72 + 12 = 114 and 62 + 12 + 12 = 12 + 62 + 12 = 38.
Hence converting 38, 114, and 19 into sum of four squares gives
38 = 62 + 12 + 12 + 02 , 114 = 82 + 72 + 12 + 02 and 19 = 32 + 32 + 12 + 02 .
Example 8.9
Convert 133 into sum of four squares.
Solution
First we factorize 133 = 7 × 19. In the previous example we converted 19 into sum of four squares:
19 = 32 + 32 + 12 + 02 .
We know 7 = 22 + 12 + 12 + 12 . We need to use the Sum of Four Squares Identity (8.10):

2 2
(a2 + b2 + c2 + d2 ) × (x2 + y2 + z2 + w2 ) = (ax + by + cz + dw) + (ay − bx + cw − dz)
2 2
+ (az − bw − cx + dy) + (aw + bz − cy − dx) .
Remember this identity converts a product of four squares into a sum of four squares.
Applying this identity to the product 133 = 7 × 19 gives
7 × 19 = (22 + 12 + 12 + 12 ) × (32 + 32 + 12 + 02 ) [Product of four squares]

2 2
= ([2 × 3] + [1 × 3] + [1 × 1] + [1 × 0]) + ([2 × 3] − [1 × 3] + [1 × 0] − [1 × 1])
2 2
+ ([2 × 1] − [1 × 0] − [1 × 3] + [1 × 3]) + ([2 × 0] + [1 × 1] − [1 × 3] − [1 × 3])
2
= 102 + 22 + 22 + (−5)
= 102 + 52 + 22 + 22 [Sum of four squares] .
Therefore, 133 as sum of four squares is 102 + 52 + 22 + 22 .
8.2.4 Sum of Four Squares Theorem
First we state that every prime can be expressed as the sum of four squares.
Then we prove the more general statement:
Every positive integer can be expressed as the sum of four squares.
Theorem (8.13). Every prime can be expressed as the sum of four squares.
Proof.

Now for the general result.
Lagrange’s Sum of Four Squares Theorem (8.14). Every positive integer can be expressed
as the sum of four squares.
How are we going to prove this?
Using the previous Theorem (8.13) and Sum of Four Squares Identity (8.10).
Proof.
If n = 1 then 1 = 12 + 02 + 02 + 02 which means we have our result.
Let n > 1. By the Fundamental Theorem of Arithmetic (2.5):
Integer n > 1 is either a prime or can be written as the product of primes:
k k k k
n = p11 × p22 × p33 × ⋯ × pl l .
If n is prime, then we have our result by the previous Theorem (8.13).

k k k k
If n is product of primes, n = p11 × p22 × p33 × ⋯ × pl l , then we can write each one of
these primes as sum of four squares by Theorem (8.13).
By Sum of Four Squares Identity (8.10) we can convert each product into a sum of four
k k k k
squares. Thus n = p11 × p22 × p33 × ⋯ × pl l can be written as the sum of four squares.

Summary
In this section we have shown that every positive integer can be converted into a sum of four squares.
We can use the Sum of Four Squares Identity (8.10) to convert from a product to a sum of four squares.
EXERCISES 8.2
(Brief solutions at end of book. Full (a) 217 (b) 819

solutions available at <http://www.oup.co. (c) 2109 = 3 × 19 × 37
uk/ companion/NumberTheory>.)
4. Convert the following into sum of four
1. Convert the following integers into squares:
sum of four squares by using the Sum
(i) 343 = 73
of Four Squares Identity (8.10).
(ii) 2401 = 74
(a) 35 (b) 49 (c) 945 (iii) 16 807 = 75
(d) 310 (e) 465 (f) 143
Determine a formula for converting
2. Express the following as sum of four 7n , where n is a natural number, to
squares: sum of four squares.
(a) 3072 = 210 × 3 Let x = a2 + b2 + c2 + d2 . Determine a
(b) 4992 = 27 × 3 × 13 formula for converting xn into sum of
(c) 2015 four squares.
(d) 2016
5. Convert the following into sum of four
(e) 2020
squares:
3. Convert the following integers into
(a) 6a2 b2 (b) 7a2 b2 (c) na2 b2
sum of four squares:
where n is a positive integer
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 353
6. Find all the incongruent solutions of 9. *Let n > 169 be an integer. Show that
x2 + y2 ≡ −1 ( mod 19). [See n can be written as the sum of five
Example 8.7.] positive squares. [Hint: Consider
n = m + 169.]
7. Determine all the incongruent
solutions of x2 + y2 ≡ −1 ( mod 13). 10. Show that expressing a positive integer
into sum of four squares is not
8. If x = a2 + b2 + c2 + d 2 , show that
unique.
2 2 2
2x = (a + b) + (a − b) + (d − c)
2 11. Prove that 8m + 7 cannot be
+ (c + d) . written as a sum of three
Given 1984 = 402 + 162 + 82 + 82 , squares.
convert 12. Prove Proposition (8.9).
(i) 3968 = 2 × 1984 into sum of four
squares. 13. Prove Sum of Four Squares Identity
1984 (8.10).
(ii) 992 = into sum of four
2
squares. [Hint: Use part (i).] 14. ***Prove Theorem (8.13).
.........................................................................................................
SECTION 8.3 Pell’s Equation

● find a solution of Pell’s equation
● determine all solutions of Pell’s equation
8.3.1 Brahmagupta
The great Indian mathematician and astronomer Brahmagupta (598–670 AD) made the
following claim:
‘A person who can solve the equation x2 − 92y2 = 1 within a year is a mathematician.’
How would you solve this equation?
One way would be to transpose our equation so that
x2 = 1 + 92y2 implies x = √1 + 92y2 .
If we substitute y = 1 then x = √1 + 92 = √93.

However, the Indian mathematicians were only looking for positive integer solutions and
x = √93 is not an integer. We can find positive integer solutions using trial and error by
substituting various integers for y and then finding x from x = √1 + 92y2 . This can be time-
consuming because the least positive solution to this equation x2 − 92y2 = 1 is x = 1151 and
y = 120. Check for yourself that these values of x and y are indeed a solution, that is
11512 − 92 (1202 ) = 1.
In the last chapter we solved x2 − py = a where p is an odd prime for integer solutions
(see Supplementary Problems 7, question 7.7). Now we explore x2 − Ny2 = 1 and again we
are only interested in integer solutions. We will see later in this section that the ratio of
x
solutions provides good rational approximations for √N.
y
In this section our aim is to find the least positive solution to equations of the type
x2 − Ny2 = 1, and from this least positive solution we can find all the other solutions.
The general equation of this type x2 − Ny2 = 1 where N is a non-square (or square-free)
integer is called Pell’s equation, named after the British mathematician, John Pell.
John Pell (1611–85) was born in Sussex, England and by the time he was six years old
he had become an orphan. However, even after such a difficult upbringing he managed to
secure a place at Trinity College Cambridge in 1624, aged only 13.
After leaving Cambridge he became a school teacher. In 1632 he married and had eight
children (four boys and four girls).
John Pell worked in algebra and number theory, producing a table of factors of positive
integers up to 100 000.
As discussed above, Pell’s equation x2 − Ny2 = 1 was first examined by Brahmagupta but
Euler attributed this equation to Pell. So Pell’s equation is a misnomer. There are many
misnomers in mathematics, but perhaps the most famous is Pythagoras’s Theorem, as this
was known to the Babylonians, Egyptians, Chinese, and Indians long before Pythagoras
was born.
We will continue to use the misnomer Pell’s equation, as most of the literature on number
theory tends to use this.
Example 8.10
Determine a solution of Pell’s equation.
x2 − 2y2 = 1.
Solution
Transposing the given equation yields
x2 = 1 + 2y2 ⇔ x = √1 + 2y2 .
One way of solving this equation x = √1 + 2y2 is to trial different integers for y = 1, 2, 3, 4, … and then
stop when 1 + 2y2 is a square number.
Remember we are looking for integer solutions. Substituting y = 1 is not going to work because
x = √1 + 2 = √3 and √3 is not an integer.
Substituting y = 2 into the above equation x = √1 + 2y2 gives
x = √1 + 2y2 = √1 + 2(22 ) = √9 = 3.
Thus we have a positive integer solution, x = 3 and y = 2, to the given equation
x2 − 2y2 = 1 [32 − 2(22 ) = 1].

P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 355
By examining the graph of x2 − 2y2 = 1 we can see there are infinitely many solutions to
this equation because all the points on the graph x2 − 2y2 = 1 are solutions, but we are only
interested in (positive) integer solutions (lattice points):
y
x2 –2y2 = 1 (3, 2)
(–3, 2)
x2 – 2y2 = 1 x
(–3, –2)
(3, –2)
Figure 8.2
By positive solutions we mean that both integers x and y that satisfy Pell’s equation
x2 − Ny2 = 1 are positive. In the above graph we only need to consider the point (3, 2).
Why?
Because from this positive solution (3, 2) we can find the other solutions:
(−3, 2) , (3, −2) and (−3, −2) .
In general, if (x, y) is a positive integer solution then so are
(−x, y) , (x, −y) , and (−x, −y) solutions.
Why?
2 2
Because squaring (−x) = +x2 and (−y) = +y2 satisfies
x2 − Ny2 = 1.
As stated above, Brahmagupta was the first to look at these types of equations.
Brahmagupta worked at the astronomical

observatory in Ujjain which is in the present state
of Madhya Pradesh in India. Ujjain was such an
important centre that it was considered as the
mark for zero longitude by the Indian
mathematicians.
Figure 8.3 Brahmagupta (598–670 AD).

Brahmagupta was the first to define the number zero by saying1 :

When zero is added to a number or subtracted from a number, the number remains
unchanged.
He was also the first person to use negative numbers.2
Furthermore, he was the first to work with Pell’s equation, x2 − Ny2 = 1. In particular, he
examined
x2 − 8y2 = 1
and found solutions x = 17, y = 6 and x = 3363, y = 1189.
He also noticed that the ratio of the solutions x/y gives good approximations to √8:
17 3363
− √8 = 0.0049 (2sf) and − √8 = 0.000 000 13 (2sf).
6 1189
This last approximation 3363/1189 to √8 has an error of 13 parts in 100 million.
8.3.2 Solving Pell’s equation
For Pell’s equation x2 − Ny2 = 1 the integer N > 1 and it is not a square number, or equiv-
alently we say that N is square-free.
Why do we need these conditions?
If N = 0 then our equation x2 − Ny2 = 1 becomes x2 = 1 which implies x = ±1, and y is any
positive integer.
If N is a square number, then we only have the trivial solutions x = ±1,
y = 0. You are asked to show this in Exercises 8.3, question 8.
We are interested in non-trivial solutions of x2 − Ny2 = 1, which means we need N > 1
and N is square-free.
How can we find solutions of x2 − Ny2 = 1?
We rewrite the left-hand side as the difference of two squares:
x2 − Ny2 = (x + y √N) (x − y √N) = 1.
These numbers x + y √N and x − y √N are critical in solving x2 − Ny2 = 1.
Why?
Consider the equation in Example 8.10:
x2 − 2y2 = 1 (Here N = 2).
1
http://www-groups.dcs.st-and.ac.uk/history/Biographies/Brahmagupta.html.
2
https://nrich.maths.org/5961.
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 357
We found a solution to be x = 3 and y = 2. Now
x + y √N = 3 + 2√2.
We say that the irrational number 3 + 2√2 produces a solution of x2 − 2y2 = 1 because
(3 + 2√2) (3 − 2√2) = 9 − (4 × 2) = 1.
Similarly, for Brahmagupta’s equation x2 − 8y2 = 1 we stated a solution x = 17, y = 6, so

it follows that 17 + 6√8 gives a solution of x2 − 8y2 = 1.
At the start of this section we had the equation x2 − 92y2 = 1 which has a solution of
x = 1151 and y = 120. We say the irrational number 1151 + 120√92 produces a solution of
x2 − 92y2 = 1.
Next we examine the general irrational number x + y √N.
Proposition (8.15). Let N > 1 be square-free. Then
x + y √N = a + b √N ⇔ x = a, y = b.
Proof.
(⇐). Clearly if x = a, y = b then
x + y √N = a + b √N.
(⇒). Now consider x + y √N = a + b √N. Required to prove x = a, y = b.

Suppose y ≠ b (not equal). Collecting like terms of x + y √N = a + b √N on one side:
y √N − b √N = a − x
a−x
(y − b) √N = a − x implies √N = .
y−b
a−x
This √N = implies that √N is rational. However, we are given that N is square-free,
y−b
therefore √N is irrational. We have a contradiction to our supposition y ≠ b, so y = b.
Substituting this y = b into x + y √N = a + b √N yields x = a.

Proposition (8.16). For integers a, b, c, d, and N we have the identity:

2 2
(a2 − Nb2 ) (c2 − Nd2 ) = (ac + Nbd) − N (ad + bc) .
Proof.

Proposition (8.17). If the irrational number r = a + b√N produces a solution of Pell’s

1
equation x2 − Ny2 = 1, then so does the reciprocal = r−1 .
r
Proof.
We are given that r = a + b√N produces a solution of x2 − Ny2 = 1, so by substituting x = a
and y = b we have:
a2 − Nb2 = 1. (∗)
Converting the left-hand side into the difference of two squares gives
a2 − Nb2 = (a + b√N) (a − b√N) = 1 ⇒ r (a − b√N) = 1.
Dividing both sides of this r (a − b √N) = 1 by r gives r−1 = a − b√N. We can write
r−1 = a − b√N = a + (−b) √N. By the symmetric nature of quadratics we have
2
a2 − Nb2 = a2 − N (−b) =
⏟ 1.
By (∗)
Hence r−1 = 1/r produces a solution of x2 − Ny2 = 1.


A numerical example of this is the following:

The equation x2 − 92y2 = 1 which has the solution x = 1151 and y = 120 implies that the
irrational number r = 1151 + 120√92 produces a solution of x2 − 92y2 = 1. Therefore, by
the previous proposition we conclude that
1 1
r−1 = = = 1151 − 120√92
r 1151 + 120√92
also provides a solution.

Checking this by substituting x = 1151, y = −120 into x2 − 92y2 gives
2
x2 − 92y2 = 11512 − [92 × (−120) ] = 1.
We can display these solutions graphically as follows:
y (1151 , 120)
120 x2 – 92y2 =1
60
x
200 400 600 800 1000 1200
–60
–120 (1151 , –120)
Figure 8.3
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 359
Example 8.11
Determine r = a + b√5 which produces a solution of Pell’s equation
x2 − 5y2 = 1.
Also show that r−1 produces a solution.
Solution
Transposing the given equation x2 − 5y2 = 1, we have
x2 = 1 + 5y2 which implies x = √1 + 5y2 .
By trialling integer values for y we have for y = 4 (trialling integers y = 1, 2, 3 will not give an integer
for x):
x = √1 + 5 (42 ) = √81 = 9.
Hence a solution of x2 − 5y2 = 1 is x = 9 and y = 4. Therefore, r = 9 + 4√5.
From the previous proposition we have
r−1 = 9 − 4√5 = 9 + (−4) √5 which implies x = 9, y = −4.
Substituting x = 9 and y = −4 into x2 − 5y2 gives

2
x2 − 5y2 = 92 − 5 (−4) = 1.
Hence r−1 = 9 − 4√5 also produces a solution.
Note that the reciprocal r−1 = 9 − 4√5 gives us (9, −4) which is negative y, but we are
interested in positive integer solutions because we can find this (9, −4) from (9, 4).
Proposition (8.18). If the irrational numbers r = a + b√N and s = c + d√N produce solu-
tions of Pell’s equation x2 − Ny2 = 1 then so does the product r × s.
Proof.
We are given that r = a + b√N and s = c + d√N produce solutions of x2 − Ny2 = 1. Con-
sider the product r × s:
r × s = (a + b√N) (c + d√N)
= ac + ad√N + bc√N + bdN [Expanding]

= (ac + bdN) + (ad + bc) √N [Factorizing] .
Let 𝛼 = ac + bdN and 𝛽 = ad + bc. Therefore,
r × s = (ac + bdN) + (ad + bc) √N = 𝛼 + 𝛽 √N.
We need to show that 𝛼 2 − N𝛽 2 = 1. Substituting 𝛼 = ac + bdN and 𝛽 = ad + bc into

𝛼 2 − N𝛽 2 yields
2 2
𝛼 2 − N𝛽 2 = (ac + bdN) − N (ad + bc) . (∗)
Applying Identity (8.16),

2 2
(ac + Nbd) − N (ad + bc) = (a2 − Nb2 ) (c2 − Nd2 ) ,
to the right-hand side of (∗) gives
𝛼 2 − N𝛽 2 = (a2 − Nb2 ) (c2 − Nd2 ) . (∗∗)
Since we are given that r = a + b√N and s = c + d√N produces solutions of x2 − Ny2 = 1, so
a2 − Nb2 = 1 and c2 − Nd2 = 1 respectively. Substituting this a2 − Nb2 = 1 and c2 −Nd2 = 1
into (∗∗) gives
𝛼2 − N𝛽 2 = 1 × 1 = 1.
Hence r × s = 𝛼 + 𝛽 √N produces a solution of x2 − Ny2 = 1.


Example 8.12
Check that both r = 5 + 2√6 and s = 47 525 + 19 402√6 produce solutions of Pell’s equation,
x2 − 6y2 = 1.
Furthermore, show that the product r × s also produces a solution.
Solution
First, checking that r = 5 + 2√6 gives a solution to x2 − 6y2 = 1. Let x = 5, y = 2 so
x2 − 6y2 = 52 − (6 × 22 ) = 1.
Hence r = 5 + 2√6 gives a solution of x2 − 6y2 = 1.

Similarly, checking that s = 47 525 + 19 402√6 also produces a solution:
47 5252 − (6 × 19 4022 ) = 1.
Hence s = 47 525 + 19 402√6 also gives a solution of x2 − 6y2 = 1.

Evaluating the product r × s gives
r × s = (5 + 2√6) (47 525 + 19 402√6)
= (5 × 47 525) + (5 × 19 402) √6 + (2 × 47 525) √6 + (2 × 19 402 × 6)

= 237 625 + 97 010√6 + 95 050√6 + 232 824
= 470 449 + 192 060√6.
Substituting x = 470 449 and y = 192 060 into x2 − 6y2 yields
470 4492 − (6 × 192 0602 ) = 1.
Hence the product r × s = 470 449 + 192 060√6 produces a solution of x2 − 6y2 = 1.
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 361
Recall that ratio of the solution x/y provides a good approximation to √6:
470 449
− √6 = 5.534 × 10−12 .
192 060
The discrepancy between 470 449/192 060 and √6 is just over five and a half parts in a
trillion.
Example 8.13
Consider Pell’s equation of the last example:
x2 − 6y2 = 1.
Determine another positive solution to this equation.
Solution
From Example 8.12 we have that r = 5 + 2√6 produces a solution of x2 − 6y2 = 1. Consider the
product r × r:
2
r × r = r2 = (5 + 2√6)
2
= 52 + (2 × 5 × 2√6) + (2√6) = 25 + 20√6 + (4 × 6) = 49 + 20√6.
By the previous Proposition (8.18) we have that the product r × r = 49 + 20√6 produces a solution to
the given equation x2 − 6y2 = 1. Check that x = 49, y = 20 does indeed give a solution.
From this example x2 − 6y2 = 1, we can see from the graph below that r = 5 + 2√6 and
r2 = 49 + 20√6 produce positive integer solutions:
(49, 20)
20
10 (5, 2) x2 – 6y2 = 1
x
10 20 30 40 50
Figure 8.4
We have shown in the previous example that if r = a + b√N produces a solution then so
does r2 .
Extending this, could r3 also produce a solution?
Yes, because we have proven that both r 2 and r produce a solution so by Proposition (8.18)
their product r 2 × r = r 3 also produces a solution.
Similarly, r 4 , r 5 , r 6 , ⋯ all produce solutions of x2 − Ny2 = 1.
In Exercises 8.3, question 14 you are asked to show that all the positive integer solutions
n
of x2 − 6y2 = 1 are given by r n = (5 + 2√6) where n = 1, 2, 3, ⋯.
Proposition (8.19). If r = a + b√N produces a positive solution of Pell’s equation

n
x2 − Ny2 = 1 then so does r n = (a + b√N) = 𝛼 + 𝛽 √N where n = 1, 2, 3, ⋯.
Proof.

Proposition (8.19) implies that there are infinitely many solutions of Pell’s equation. We
can use this proposition to find other solutions of Pell’s equation x2 − Ny2 = 1, as the next
example demonstrates.
Example 8.14
Check that r 3 where r = 5 + 2√6 gives a solution of x 2 − 6y 2 = 1.
Solution
From the previous example we already have that r 2 = 49 + 20√6 yields a solution to the given equa-
tion. Now r 3 = r 2 × r, therefore
r 3 = r 2 × r = (49 + 20√6) (5 + 2√6)
= 245 + 98√6 + 100√6 + (40 × 6) = 485 + 198√6.
Substituting x = 485 and y = 198 into x 2 − 6y 2 gives
x 2 − 6y 2 = 4852 − (6 × 1982 ) = 1.
Hence r 3 = 485 + 198√6 yields a solution of x 2 − 6y 2 = 1.
8.3.3 Fundamental solution of Pell’s equation
First, we establish the least positive integer solution of Pell’s equation x2 − Ny2 = 1 which
is called the fundamental or seed solution. In this subsection we will show that from this
fundamental solution we can generate all the other solutions to Pell’s equation.
We define the fundamental (seed) solution or least positive solution x0 , y0 of x2 − Ny2 = 1,
which satisfies x0 < x ′ and y0 < y ′ where x ′ and y ′ are any other positive integer solutions
to x2 − Ny2 = 1.
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 363
However, determining the fundamental solution can be a very challenging task because
the only tool we have is to trial integer values of y and then check if 1 + Ny2 is a square
number so that x = √1 + Ny2 is an integer. So finding the fundamental solution depends
on the square-free number N and uses brute force computation.
Note that if N were one less than a square number we would trial y = 1. For example, if
N = 8, 15, 24, 35, 48, ⋯ , n2 − 1 then with y = 1 we have
x2 = 1 + Ny2 = 1 + (n2 − 1) × 12 = n2 which implies x = √n2 = n.
So in the case of N = n2 − 1 we have the solution
x = n and y = 1 to x2 − Ny2 = x2 − (n2 − 1) y2 = 1.
Proposition (8.20). Let r = a + b√N and s = c + d√N both produce positive solutions of
Pell’s equation x2 − Ny2 = 1. Then r < s ⇔ a < c.
Proof.

The next theorem tells us how to generate solutions from the least positive solution.
Theorem (8.21). Let r = a + b√N produce the least positive solution of Pell’s equation
x2 − Ny2 = 1.
n
Then this equation has all its positive integer solutions produced by r n = (a + b√N)
where n is a natural number.
Proof.

We demonstrate this theorem in the following example.
Example 8.15
Find two different solutions of x2 − 12y2 = 1.
Solution
By trialling integer values of y = 1, 2, 3 ⋯ into x = √1 + 12y2 we obtain the solution
2
x = √1 + 12 (2) = 7, y = 2 which implies r = 7 + 2√12.
(continued...)
Another solution is given by r 2 . Hence from r = 7 + 2√12 we can evaluate r 2 :
2 2
r 2 = (7 + 2√12) = 49 + (2 × 7 × 2√12) + (2√12)
= 49 + 28√12 + 48 = 97 + 28√12.
Therefore, r 2 = 97 + 28√12 produces another solution: x = 97, y = 28 of x 2 − 12y 2 = 1.

n
All the positive solutions of x 2 − 12y 2 = 1 are given by r n = (7 + 2√12) where n = 1, 2, 3, ⋯.
Summary
In this section we have found solutions of Pell’s equation
x2 − Ny2 = 1 where N > 1 is square-free.
We find the least positive solution r by trialling positive integer values for y and then stopping when
1 + Ny2 is a square number. We use this least positive solution r to generate all other positive
solutions by finding positive integer powers of r.
EXERCISES 8.3
(Brief solutions at end of book. Full (ii) Determine a rational

solutions available at <http://www.oup.co. approximation to √2 using r of
uk/ companion/NumberTheory>.) part (i).
1. Determine the least positive solution What is the discrepancy between your
for the following values of N in Pell’s approximation and √2?
equation x2 − Ny2 = 1 by
x 1
substituting appropriate integer (iii) Show that = 2 + 2 gives an
y √ y
values for y:
approximation to √2.
(a) N = 3 (b) N = 7
(c) N = 8 (d) N = 11 To get a good approximation to √2 what
(e) N = 10 (f) N = 12 condition do you need your solution to
satisfy?
2. Check that r = 649 + 180√13
(b) Let x and y be solutions of
produces a solution of x2 − 13y2 = 1.
x 1
Determine another positive solution of x2 − Ny2 = 1. Show that = 2+ 2
y √ y
this equation x2 − 13y2 = 1.
gives an approximation of √N. (The
3. (a) (i) Show that r = 577 + 408√2 Greek mathematician Archimedes
produces a solution of used this to find approximations
x2 − 2y2 = 1. for √N.)3
3
Number Theory: A Historical Approach by John Watkins, page 409.
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 365
4. (i) By using your r = 3 + 2√2 of (iv) Determine the condition on m for

2
2
Example 8.10, determine r , r , and3 u2 − 2 (mv) = 1 to have a solution.
r 4 . Check that these also yield 7. Determine three different solutions of
solutions of x 2 − 2y 2 = 1.
x2 − 47y2 = 1.
(ii) Find approximations of √2 by
8. Show that if N > 0 is a square number
using r, r 2 , r 3 , and r 4 and the
then x2 − Ny2 = 1 only has trivial
discrepancy between √2 and solutions: x = 1, y = 0 or
your approximations correct x = −1, y = 0.
to 3sf.
9. Check that r = 55 + 12√21 produces
(iii) Explain why the solutions to the
the least positive solution of
equation x 2 − 2y 2 = 1 give rational
x2 − 21y2 = 1. Determine two more
approximations to √2. positive solutions of x2 − 21y2 = 1.
5. Show that if N=n2 − 1 where n is a
10. Prove identity (8.16).
natural number then the least positive
solution of x2 − Ny2 = 1 is given by 11. Prove Proposition (8.19).
x = n, y = 1. 12. Prove the following:
Determine the least positive solutions
If r = a + b√N produces a solution of
of x2 − Ny2 = 1 where
Pell’s equation x2 − Ny2 = 1 then so
n
(a) N = 15 (b) N = 24 does r n = (a + b√N) , where n is any
(c) N = 35 (d) N = 48 integer.
6. (i) Check that r = 17 + 12√2 yields a 13. Prove Proposition (8.20).
solution of x2 − 2y2 = 1.
14. *Prove that all the positive solutions of
(ii) Hence or otherwise find a solution x2 − 6y2 = 1 are produced by
of u2 − 8v2 = 1. n
r n = (5 + 2√6)
(iii) Hence or otherwise find a solution
of u2 − 32v2 = 1. where n is a natural number.
15. Prove Theorem (8.21).
.........................................................................................................
(Brief solutions at end of book. Full gcd (a, b) = 1 then both a and b are
solutions available at <http://www.oup. co. squares.
uk/companion/NumberTheory>.) 8.3. *Prove that if any prime p > 5 can be
8.1. Let n be the product of four written as a2 + 5b2 then
consecutive integers. Show that n + 1 p ≡ 1 or 9 ( mod 20) .
is a square number. 8.4. Provide another proof that if
8.2. *(i) Prove that if gcd (x, y) = g then n ≡ 7 ( mod 8) then n ≠ x2 + y2 + z2 .
gcd (xm , ym ) = gm where m is a [The number n cannot be written as
positive integer. sum of three squares.] See
(ii) Prove that if a × b = n2 and Exercises 8.2, question 11.
8.5. Prove that 13 + 23 + 33 + ⋯ + n3 = (a) x2 − 13y2 = 3

2
(1 + 2 + 3 + ⋯ + n) . (b) x2 − 13y2 = −3
[Hint: 1 + 2 + 33 + ⋯ + n3 =
3 3 (c) x2 − 13y2 = −1
1 2 2
8.14. Determine the least positive solution
n (n + 1) .]
4 of the following:
8.6. *(a) Prove that every integer n which
satisfies n ≡ 3 ( mod 8) can be written (a) x2 − 23y2 = 1
as a sum of three non-zero squares. (b) x2 − 59y2 = −2
(c) x2 − 61y2 = −4
(b) Disprove that if n can be written
as a sum of three squares then 8.15. (a) Find all the solutions of
x2 + y2 = 245.
n ≡ 3 ( mod 8) .
(b) Determine all the distinct
2 2
8.7. Disprove that n = a + b has no solutions of x2 + y2 = 6409 where
divisor d of the form d ≡ 3 ( mod 4). 6409 = 13 × 17 × 29.
8.8. Let p be an odd prime. Prove that p 8.16. (i) Check that r = 221 + 27√67
can be expressed as the sum of two provides a solution of
squares ⇔ p ≡ 1 or 5 ( mod 8). x2 − 67y2 = −2.
8.9. (a) Prove that if p is an odd prime (ii) Determine r 2 and show that r 2
then there are integers x and y such provides a solution of x 2 − 67y 2 = 4.
that x2 + y2 ≡ −4 ( mod p) where
(iii) Determine r 3 and m in
p−1 x 2 − 67y 2 = m so that r 3 provides a
0 ≤ x, y ≤ .
2 solution to this equation.
(b) Find all the integers x and y such *(iv) Predict a relationship between
that x2 + y2 ≡ −4 ( mod 19) where r n and m where x 2 − 67y 2 = m and
prove your predicted result.
0 ≤ x, y ≤ (19 − 1)/2. 8.17. Show that the non-linear
Diophantine equation x 3 = 2y 2 + 2
8.10. Verify that
has no solutions.
r = 1 766 319 049 + 226 153 980√61
provides a solution of x2 − 61y2 = 1. 8.18. (i) Verify that r = 170 + 39√19
produces a solution of x2 − 19y2 = 1.
8.11. Prove that the quadratic Diophantine
equation x2 − Ny2 = −1 has no (ii) Determine r2 , r3 , and r4 in
solutions if N ≡ 3 ( mod 4). (You will a + b√19 form. Check that
need to use results of Jacobi symbols these also yield solutions of
from Section 7.5 (online material) for x2 − 19y2 = 1.
this question.) (iii) Find the discrepancy between
8.12. Show that the quadratic Diophantine √19 and your approximations
equation x2 − 11y2 = −2 has correct to 4sf by using r, r 2 , r 3 , r 4 .
solutions but x2 − 11y2 = 2 does not
8.19. Find the fundamental solution
have solutions. Determine the seed
r = a + b√14 of x2 − 14y2 = 1.
solution of x2 − 11y2 = −2.
Also determine the solution r 5 .
8.13. Determine the least positive solution Find the discrepancy between √14
of the following equations: and the solution r 5 correct to 4sf.
P E L L’S E Q UAT I O N ( 3 5 3 – 3 6 7 ) 367
8.20. Express the following product 8.23. Prove that a solution of Pell’s
(a2 + nb2 ) (c2 + nd2 ) as x2 + ny2 by equation x2 − (N2n − 1) y2 = 1 where
writing out the integers x and y. n is a natural number is
8.21. Prove that if each of the integers y = 1, x = Nn .
n1 , n2 , n3 , ⋯ , nk can be written as
8.24. Prove that there are infinitely many
sum of two squares then their
integer solutions of
product can also be written as a sum
of two squares. x2 − (N2 + 1) y2 = 1.
8.22. ∗ (a) Prove that there are infinitely 8.25. ***Prove that every prime p > 3
many integer solutions of satisfies p ≡ 1 or 3 (mod 8) ⇔
p = x2 + 2y2 .
x 2 − Ny 2 = z 2 (If p = 2 then x = 0, y = 1 and if
p = 3 then x = y = 1.)
for any integer N.
8.26. Prove that every prime p > 3 that
(b) Determine the fundamental
satisfies p ≡ 1 (mod 3) can be written
solution of Pell’s equation
as p = x2 + 3y2 .
x2 − 230y2 = 1. (If p = 3 then x = 0, y = 1.)
Brief solutions
CHAPTER 1
EXERCISES 1.1
1. 12 9. 11
3
2. 19, 10. |a|
11
3. 13, 5 ∶ 77 11. |a + b|
4. 100Hz 12. False.
5. (a) 4 (b) 9 (c) 16 (d) 2 13. (a) Any integer
6. (a) 2 (b) 12 (c) 12 (d) 91 (b) ±1, ±2
7. x = −4, y = 1 or x = 6, y = −1 17. 22 |11 × 12 but 22 11 or 22 12.
(Any example like this will do.)
8. x = −1, y = 1
EXERCISES 1.2
1. (a) q = 4, r = 3
(b) q = −84, r = 7
(c) q = −73, r = 0
EXERCISES 1.3
1. (a) 6 (b) 3 (c) 37 (d) 1 4. (You may get different answers to the
2. (You may get different answers to the following because the solutions are not
following because the solutions are not unique.)
unique.) (i) x = −2, y = 1
(a) x = −1, y = 9 (ii) x = −4, y = 2
(b) x = −47, y = 6 (iii) x = 20, y = −10
(c) x = 1, y = −6 5. x = x0 c, y = y0 c
(d) x = −91, y = 71 9. (a) a = −5, b = −10
3. (a) 6 (b) 3 (b) a = −100, b = −200
(c) 9 (d) 2 (c) a = −169, b = −338
370 BR IE F SOLU TI O N S
EXERCISES 1.4
1. (a) x = 3t − 5, y = 5 − 2t 7. The number of first- and second-class

(b) x = 3 + 2t, y = −t stamps is 500 + 5t and −500 − 6t
(c) x = −2 − 4t, y = −2 − 3t respectively with
2. (a) No solution t = −84, −85, −86, ⋯ , −100.
(b) x = 7t − 4, y = 4 − 6t 8. The number of hotdogs and buns is 1
(c) x = 12 + 10t, y = −4 − 3t and 34 or 8 and 22 or 15 and 10 respec-
3. (a) x = 101 101 + 600t, tively.
y = −17 017 − 101t 9. 5 lots of £20 and no £10, 4 lots of £20
(b) x = 9100 + 232t, y = −7100 − 181t and 2 lots of £10, 3 lots of £20 and 4 lots
4. One bar and six rolls or four bars and of £10, 2 lots of £20 and 6 lots of £10, 1
four rolls or seven bars and two rolls. of £20 and 8 lots of £10, 10 lots of £10
and no £20 note.
5. Empty out the four-gallon container
three times and fill in the five-gallon 16. (a) False
container three times. (b) False
(c) True
6. The number of 5p and 10p coins is 2t
and 31 − t respectively with t between 0
and 31 (inclusive).
SUPPLEMENTARY PROBLEMS 1
1.1. 7/3 1.6. (a) and (b) only.

1.2. (i) x = −1, y = 1 (ii) x = −5, y = 5 1.7. Yes 27 | 54 but 27 9 and 27 6.
1.3. (a) x = −3, y = 2 1.11. Disprove because statement is false
(b) x = −1, y = 1 5 | −5 and −5 | 5 but 5 ≠ −5.
(c) (i) x = −1, y = 52 1.12. False because a counterexample is
(ii) x = 1, y = − 52 8 12 and 8 |(12 × 4) ⇒ 8 4.
1.4. (a) Q is 9 and R is 1 1.17. Step B.
(b) Q is −51 and R is 13
1.18. (i) 101 (ii) 101
(c) Q is −1002 and R is 997.
(iii) x = −4022, y = 3584
1.5. (a) {±1, ±2, ±4, ±5, ±10, ±20, ±25,
1.20. x = 2015t − 1 and y = 1 − 2014t.
±50, ±100}
PS x = 2014 and y = −2013.
(b) As part (a)
1.21. (i) 20 (ii) 216
(c) {±1, ±2, ±4, ±5, ±10, ±20, ±25,
±50, ±100, ±200}
BR I E F S O LU T I O N S 371
CHAPTER 2
EXERCISES 2.1
1. (a) 23 × 7 (b) 3 × 19 (c) 23 × 52 7. (a) 46 080 (b) 45/4 (c) 2000/9

(d) 23 × 32 × 5 (e) 7 × 11 × 13 11. You could substitute the following to
2. (a) 53 (b) 2 × 5 × 53 (c) 22 × 7 × 71 produce a counterexample:
(d) 2 × 32 × 37 (e) 43 × 47 (a) p = 2 (b) n = 8 (c) n = 2
(d) n = 4 (e) P = 13
EXERCISES 2.2
1. (a) 5 (b) 5 (c) 22 (d) 23 8. (a) 7 × 23 (b) 7 × 29

(e) 7 (f) 8 (g) 23 (h) 24 (c) 17 × 59 (d) prime
2. (a) 0 (b) −1 (c) −13 (d) −14 9. (a) 11 × 19 (b) prime
3. Any integer will do. 12. (a) 3 (b) 5 (c) n − 1
13. (b) 101 (c) 10100 + 1
(d) (i) 22 338 597 (ii) 74 207 212
EXERCISES 2.3
(No brief solutions)
EXERCISES 2.4
1. (a) 405 (b) 806 000 (c) 1 001 000 8

5. (i) 84 (ii)
21
2. 4 and 5 packs of hotdogs and buns
6. (a) 300 (b) 3000 (c) 30 000
respectively.
13. (a) 210 (b) 114 240 (c) 30 492
3. Real analysis.
59 14. 531
4. (i) 1060 (ii)
1060
2.1. (a) 22 × 52 (b) 23 × 53 (c) 7 × 23 2.4. (a) 10 (b) 31 (c) 1

(d) 3 × 67 (e) 7 × 43 2.11. (a) prime (b) prime
2.2. (a) 0 (b) −1 (c) 0 (d) −1 (c) composite; 113
(e) −15 (f) 0 2.22. (a) 11 (b) 29
2.3. (a) 17 (b) 145 (c) 87
CHAPTER 3
EXERCISES 3.1
1. (a) {0, 1, 2, 3, 4}, {0, −1, −2, −3, −4}, (d) 11 (mod 5200)
and {5, 6, 7, 8, 9} (e) 5186 ( mod 5200)
(b) {0, 1, ⋯ , 8, 9} , {−1, −2, ⋯ , −9, −10}, (f) 40 ( mod 5200)
and {10, ⋯ , 18, 19} 6. 4 ( mod 5), 2 ( mod 11) and
(c) {0, 1, ⋯ , 11, 12} , {−1, ⋯ , −12, −13}, 728 ( mod 1001)
and {13, ⋯ , 24, 25} 7. (a) 61 (b) 43
2. (a) 0 ( mod 11) missing. 8. (a) true (b) false (c) false
(b) 11 ≡ 0 ( mod 11) (d) false (e) true (f) true
(c) 13 ≡ 2 ( mod 11) 9. (a) 1 (b) 1 (c) 6 (d) 6
3. (a) {0, 1, ⋯ , 5} 10. 16
(b) {0, 1, ⋯ , 10, 11}
19. (a) 50 (b) 1
(c) {0, 1, ⋯ , 15, 16}
21. 3
4. (a) 4 (b) 6 (c) 10
(d) 1000 (e) 3 (f) 20 22. (a) 1 (b) 9 (c) 9
5. (a) 3 (mod 2787)
(b) 2 (mod 2787)
(c) 12 (mod 5200)
EXERCISES 3.2
1. (a) Yes (b) No (c) No 5. 10 × 5 ≡ 0 ( mod 5),

(d) No (e) Yes (f) Yes 78 × 91 ≡ 0 ( mod 13) and
2. (a) 1 + 5t (b) 1 + 2t (c) 3t 85 × 153 ≡ 0 ( mod 17)
(d) 5 + 6t (e) 2 + 7t 8. (a) x ≡ 1 or 2 ( mod 3), x = 1 + 3t or
(f) 2 + 9t (g) x = 8t x = 3s + 2
3. 4 × 3 ≡ 0 ( mod 12), 7 × 5 ≡ 0 ( mod 35) (b) x ≡ 1 or 10 ( mod 11), x = 1 + 11s
and 12 × 15 ≡ 0 ( mod 30) or x = 10 + 11t
4. 5 × 12 ≡ 0 ( mod 6), 9. (i) 42 ≡ 16 ≡ 1 ( mod 15) but
6 × 105 ≡ 0 ( mod 35) 4≢ ±1 ( mod 15).
and 84 × 147 ≡ 0 ( mod 7) (ii) 72 ≡ 10 ( mod 39) but
7≢ ±10 ( mod 39)
EXERCISES 3.3
1. (a) x ≡ 2 ( mod 5) 7. b is a multiple of n and there are n

(b) x ≡ 4 ( mod 7) solutions.
(c) x ≡ 0 ( mod 8) 8. (a) 11 ( mod 13)
(d) x ≡ 7 ( mod 13) (b) 5 ( mod 6)
(e) x ≡ 8 ( mod 15) (c) 10 ( mod 17)
(f) x ≡ 10 ( mod 16) (d) 16 ( mod 17)
2. (a) x ≡ 2 ( mod 7) (e) 45 ( mod 101)
(b) x ≡ 4 ( mod 5) (f) 1 ( mod n)
(c) x ≡ 9 ( mod 10) 9. (a) a = 1, 5, 7 and 11
(d) x ≡ 2 ( mod 5) (b) 1, 2, 3, ⋯, 12
(e) x ≡ 4 ( mod 21) (c) 1, 2, 4, 7, 8, 11, 13, 14
(f) x ≡ 52 ( mod 53)
10. 12x ≡ 2 ( mod 8)
3. (a) x ≡ 1, 3 ( mod 4)
14. No solution.
(b) x ≡ 2, 5, 8, 11, 14, 17 ( mod 18)
(c) x ≡ 4, 9, 14, 19, 24 ( mod 25) 17. |a + b|
(d) x ≡ 3, 146, 289, 432, 575, 718, 18. 1
861 ( mod 1001) 19. x = 1 − 2t and y = 2 − 5t.
4. (a), (b), (c) and (f) have no solutions. x ≡ 1, 3, 5 ( mod 6)
(d) x ≡ 0, 1, 2, ⋯ , 10 ( mod 11) 20. (a) x = 5 + 7t and y = 10 − 6t
(e) x ≡ 6, 15, 24 ( mod 27) (b) x = 4 + 50t and y = −28 − 999t
5. (a) x ≡ 2, 5, 8, 11, 14 ( mod 15) 21. (a) x ≡ 0, 1, 2, 3, 4 ( mod 5)
(b) No soln (b) x ≡ 4 ( mod 5)
(c) x ≡ 1, 4, 7, 10, 13, 16 ( mod 18)
22. 695 ( mod 771)
6. b is a multiple of 5 and there are 5
23. (i) 143, 17 and d = 113
solutions.
(ii) a ≡ 12 ( mod 143)
EXERCISES 3.4
1. (a) x ≡ 26 ( mod 77) 3. 534

(b) x ≡ 0 ( mod 30)
(c) x ≡ 83 ( mod 104) 4. 1731
(d) x ≡ 52 ( mod 105)
(e) x ≡ 346 ( mod 385)
6. 1492
2. (a) x ≡ 20 ( mod 21), x = 21t + 20, 20
(b) x ≡ 7 ( mod 247), x = 7 + 247t, 7
7. 653
(c) x ≡ 249 ( mod 385), x = 249 + 385t,
249
(d) x ≡ 31 ( mod 77), x = 31 + 77t, 31
EXERCISES 3.5
1. (a) 13 × 23 (b) 23 × 37 7. 1763 × 1927, x = 1763, −1927

(c) 101 × 103 (d) 37 × 67 8. 53 is prime
2. (a) 73 × 127 (b) 2 × 29 × 37 11. (a) 3 × 137 (b) 41 × 59
(c) 3 × 29 × 31 × 1103 (c) 131 × 137
4. 33 × 41 × 1117 12. (a) 31 × 71 (b) 11 × 199
5. (i) (a) 23 × 31 (c) 61 × 151
(b) 31 × 41 14. (a) 9 × 11 × 101
(c) 13 × 31 (b) 33 × 7 × 11 × 13 × 37
−41 + √485 −41 − √485 (c) (i) 11 × 101
(ii) ,
26 26 (ii) 3 × 7 × 11 × 13 × 37
23 13 13
(iii) , and 15. 32 × 5 × 7 × 13 × 17 × 241
41 41 23
6. 432 × 1012 , x = ±4343
3.1. (a) T (b) F (c) F (d) T (e) T 3.4. 2, 3, 4, 6, 8, 9 and 10 ( mod 12)
3.2. (a) 3 ( mod 5) (b) 2, 11, 20 ( mod 27) 3.5. 3 × 71 × 227
(c) 2, 5, 8, 11, ⋯ , 29 ( mod 30) 3.12. 52 ≡ 1 ( mod 2)
(d) No solution
3.13. (a) 58 ( mod 60) (b) 103
3.3. (a) 5 (mod 12) (b) 13 (mod 15)
3.18. (i) 1, 3, 5 and 7 ( mod 8)
(c) 19 (mod 27) (d) No inverse
(ii) ±1 ( mod 7)
(e) 7 (mod 12) (f) 11 (mod 12)
(g) 3 (mod 13) (h) No inverse 3.19. 46 061 × 44 021
CHAPTER 4
EXERCISES 4.1
1. (a) 7 ( mod 11) 6. Composite.

(b) 9 ( mod 13) 7. No.
(c) 3 ( mod 7)
8. Composite.
(d) and (e) 1 ( mod 23)
9. x ≡ 5 ( mod 13)
2. (a) 9 ( mod 11) (b) 18 ( mod 23)
(c) 19 ( mod 37) (d) 33 ( mod 41) 11. (ii) x ≡ 13 ( mod 17)
3. (i) 9 (ii) 7 12. 8
4. (i) 3 ( mod 23) (ii) x ≡ 21 ( mod 23) 13. 69 ( mod 103)
EXERCISES 4.2
1. (a) 10 ( mod 11) (b) 9 ( mod 11) 6. 82 ( mod 101)

(c) 4 ( mod 11) (d) 9 ( mod 11) 7. 70 ( mod 71)
2. 1 8. (a) 0 ( mod 15)
3. 0 (b) 0 ( mod 21)
4. 1 ( mod 13) (c) 0 ( mod 30)
5. −1 ( mod 23) 9. 28 ( mod 29)
EXERCISES 4.3
4. (a) 7 (b) 2047 (c) 229 − 1 (b) 72 × 127 × 337

5. (a) 3 × 52 × 11 × 31 × 41 (c) 32 × 5 × 7 × 13 × 17 × 241
EXERCISES 4.4
1. (a) 13 (b) 29 (c) 31 (d) 41 7. Step A.

(e) 229 (f) 1009 11. (a) 83 (b) 107
2. (a) 431 (b) 439 12. (ii) 479 (iii) 1913
3. (a) 167 (b) 263 (c) 359 (d) 383 13. 3119
4. 2687 14. Step E
6. Step D.
EXERCISES 4.5
2. (a) 24 (b) 96 3. All the numbers in q2 are deficient apart

(c) 260 (d) 465 from 200.
4. 1092
4.1. (a) 91 ( mod 101) 4.7. (a) 3 × 43 × 127

(b) 63 ( mod 127) (b) 7 × 31 × 151
(c) 540 ( mod 541) (c) 3 × 5 × 17 × 257
4.2. (i) 3 ( mod 29) (ii) 27 ( mod 29) 4.8. (b) 7
4.3. 2 ( mod 11) 4.10. (b) 23 × 3 × 11 × 71 × 521
4.4. (i) 30 ( mod 31) (ii) 5 ( mod 31) 4.11. 11 × 9091
4.5. 1 ( mod 13) 4.12. 11, 41 and 271
CHAPTER 5
EXERCISES 5.1
1. (a) 12 (b) 210 (c) 310 8. 1

(d) 1972 (e) 1998 (f) 2016 20
9.
41
2. (a) 8 (b) 32 (c) 80 10. (a) 120
(d) 400 (e) 720 (f) 216
11. (a) n = 2a (b) n = 2a 3b
3. (a) 2999 (b) 2 × 3999
12. n = 30
(c) 4 × 5999 (d) 6 × 7999
EXERCISES 5.2
1. 3, 1, 7, 5 ( mod 8) 8. x1 ≡ 11, x2 ≡ 9, x3 ≡ 7, x4 ≡ 5 and

2. {1, 3, 5, 7} and {−1, 11, 13, 17} x5 ≡ 3 ( mod 32)
3. 9 11. False statement.
4. 01 13. (i) 44 (ii) 15 (mod 44)
5
5. 127 ( mod 301) 16. a ( mod 16)
6. 001 19. 179
7. (a) 19 ( mod 50)
(b) 27 ( mod 100)
(c) 4 ( mod 100)
5.1. (i) 40 (ii) 53 (iii) 53 5.11. (a) 20 127 098 728 296
5.2. (a) 400 (b) 4000 (b) 309 856 001 913 024
(c) 40 000 (d) 400 000 5.12. (i) 320 (iii) 40 (iv) 𝜆 |𝜙 (561)
5.3. (a) 936 (b) 1440 5.13. (i) 72 (ii) 39
(c) 576 (d) 2016 5.17. (a) 2/5 (b) 928/929 (c) 0.65
5.4. n = 5m 5.18. {1, 7, 11, 13, 17, 19, 23, 29}
5.5. 611 1
5.23. (i) (p − 1) (p2 − 1) ⋯
5.6. 2m−1 𝜙 (n) p1 p2 ⋯ pr 1
(pr − 1)
5.7. 35 ( mod 100)
5.25. (a) 10 (b) 15 (c) 24
CHAPTER 6
EXERCISES 6.1
1. (a) 3 (b) 10 (c) 8 (d) 11 5. 4, 43 modulo 60 and x ≡ 17 ( mod 60)

2. (a) 4 (b) 2 (c) 2 (d) 5 (e) 3 6. 6 and x ≡ 20 ( mod 21)
3. 5 ( mod 13) 7. (a) 16 ( mod 17) (b) 81 ( mod 98)
4. 20 and 03. 8. 147
EXERCISES 6.2
1. (a) 1 (b) 4 (c) 4 (d) 2 8. (a) 8 (b) 80 (c) 800 (d) 8000
2. (a) 10 (b) 5 (c) 5 (d) 10 13. 11
3. Only 1 has order 1. Order does not exist 14. (a) No order (b) 13
for the rest. 15. 41
4. {1, 2, 3, 4, 5, ⋯ , 15, 16} 16. 60
7. Only 1, 5, 7 and 11 have order modulo
12. The order is 1 for 1 ( mod 12) and 2
for the rest.
EXERCISES 6.3
1. (a) and (b) 11. a = 1, 2, 4, 8, 9, 13, 15, 16

2. (c) 12. (a), (d) Solvable
6. (a) x ≡ 5, 6 ( mod 11) 13. (a) One solution
(b) x ≡ 3, 8 ( mod 11) (b) Four solutions
(c) x ≡ 2, 6, 7, 8, 10 ( mod 11) 14. (ii) 39, 184 ( mod 223),
7. (a) x ≡ 4 ( mod 19) x = 39, y = 6, x = 184, y = 151
(b) x ≡ 1, 4, 5, 6, 7, 9, 11, 16, 17 ( mod 19) (iii) 40, 184, 222 ( mod 223),
(c) x ≡ 2, 3, 5, 14, 16, 17 ( mod 19) x = 40, y = 287, x = 184, y = 27 935,
8. (a) x ≡ 6, 7, 10, 11 ( mod 17) x = 222, y = 49 063
(b) x ≡ 3, 5, 6, 7, 10, 11, 12, 14 ( mod 17) 16. 2, 5, 6, 7, 8, 11 ( mod 13); x = 2, y = 34;
(c) No solution. x = 5, y = 8413; x = 6, y = 25 122;
(d) x ≡ 13 ( mod 16) x = 7, y = 63 349; x = 8, y = 141 154 and
9. x ≡ 16 ( mod 17) x = 11, y = 953 917.
10. (a) x ≡ 8 ( mod 12) 17. 8, 29 ( mod 37)
(b) 10 (c) a = 3, 6, 9, 12
EXERCISES 6.4
1. (a) 3, 5 (b) 2, 6, 7, 8 6. p − 1 ( mod p)

(c) 3, 5, 6, 7, 10, 11, 12, 14 9. The order is 9 in each case.
(d) 5, 7, 10, 11, 14, 15, 17, 19, 20, 21 11. All are primitive roots so order is 16.
2. (a) 1, 2, 4 ( mod 7) 13. 1 ( mod 19)
(b) 1, 5, 8, 12 ( mod 13)
16. (ii) 16, 241 ( mod 257)
(c) 1, 2, 3, 4, 6, 8, 9, 12, 13, 16, 18
( mod 23) 17. (ii) 80, 163 ( mod 243)
3. 1 ( mod 19); 1, 18 ( mod 19); 1, 7, 21. {x = 1, y = 0}, {x = 3, y = 56},
11 ( mod 19); 1, 4, 5, 6, 7, 9, 11, 16, {x = 4, y = 315},
17 ( mod 19); 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, {x = 9, y = 40 880},
11, 12, 13, 14, 15, 16, 17, 18 ( mod 19). {x = 10, y = 76 923},
FLT {x = 12, y = 229 691}
5. (a) 0 ( mod 7) (b) 0 ( mod 7) 22. (a) {2, 6, 7, 10, 17, 18, 26, 30, 31, 35, 43,
(c) 0 ( mod 11) (d) 0 ( mod 13) 44, 51, 54, 55, 59}
6.1. (a) 6 (b) 3 (c) 11 (d) 28 6.7. (a) 12 ( mod 23)

3 is a primitive root of 7 and 29. (b) 6 ( mod 23)
6.2. (i) 3 (ii) 5 ( mod 31) 6.8. (a) 7 ( mod 19)
(b) 6 ( mod 19)
6.3. 4 and 43
(c) 5 ( mod 19)
6.4. Order is 3, inverse is 26 ( mod 37)
6.10. No order.
and x ≡ 28 ( mod 37).
6.11. (a) No solution
6.5. (i) 5 ( mod 13) (ii) 8 ( mod 13)
(b) x ≡ 10, 14, 23, 27 ( mod 37)
(iii) 5 ( mod 13)
(iv) and (v) No solution 6.19. x ≡ 4, 6, 9, 10, 13, 15 ( mod 19);
{x = 4, y = 215}, {x = 6, y = 2455},
6.6. (a) 4, 19 ( mod 23)
{x = 9, y = 27 970}, {x = 10, y = 52 631},
(b) No solution
{x = 13, y = 254 042} and
(c) 5, 7, 10, 11, 14, 15, 17, 19, 20, 21,
{x = 15, y = 599 506}.
22 ( mod 23)
(d) 5 ( mod 22) 6.20. 15
CHAPTER 7
EXERCISES 7.1
1. (a) 1, 4 ( mod 5); no solution. 4. (a) x ≡ 6, 11 ( mod 17)

(b) 1, 2, 4, 8, 9, 13, 15, 16 ( mod 17); (b) x ≡ 4, 13 ( mod 17)
x ≡ 6, 11 ( mod 17); x = 6, y = 2 and (c) No solutions
x = 11, y = 7. 5. (a) No solutions
(c) 1, 4, 5, 6, 7, 9, 11, 16 and 17 ( mod 19); (b) x ≡ 3, 16 ( mod 23)
no solution. (c) x ≡ 18, 22 ( mod 23)
2. (a) 611 (b) 1785 (c) 52 364 8. (a) 8, 20 ( mod 29)
(d) 89 712 336 (b) 80, 100 ( mod 101)
3. (a), (b), and (d) are quadratic non- (c) and (d) No solutions
residues of 37 and (c) is a quadratic 12. (a) 13, 70 ( mod 83)
residue of 37. (b) 128, 8063 ( mod 213 − 1)
(c) No solution
EXERCISES 7.2
2. (a) Quadratic non-residue (f) 29 × 373 (g) 5 × 17 × 29 × 37

(b) Quadratic residue (h) 109 × 9433
(c) Quadratic non-residue 13. 1, 2, 4, 8, 9, 13, 15, and 16. Square roots
(d) Quadratic non-residue are 8, 9 ( mod 17).
(e) Quadratic residue
14. 32, 69 ( mod 101)
3. (a) 52 × 13 (b) 17 × 53
(c) 2 × 5 × 281 (d) 13 × 277 (e) 577
EXERCISES 7.3
1. (a) 1 (b) −1 (c)−1 (d) 1 9. (iii) (a) 2 × 163 (b) 32 × 59

(e) −1 (f) 1 (g) −1 (h) −1 (c) 19 × 137 (d) 17 × 43 (e) 11 207
2. (a) NR (b) QR (c) QR (d) QR (f) 3 × 11 × 67 (g) 11 × 3457
3. (a) 2 × 7 × 23 (b) 17 × 31 10. (a) QR (b) NR (c) NR (d) QR
(c) 23 × 113 (d) 727 (e) 73 × 151 11. (iii) (a) 23 × 167 (b) 11 × 983
(f) 2207 (g) 47 × 809 (c) 23 × 37 × 47 (d) 47 × 2819
7. 539 ( mod 541) (e) 132 × 23 × 83
8. (a) 625 ( mod 1987) 15. 3 and square roots are 60, 163 ( mod 223).
(b) 676 ( mod 1987)
EXERCISES 7.4
1. (a) Unsolvable (b) Unsolvable 8. 48

(c) Solvable (d) Unsolvable 14. (a) 25 ( mod 1993) (b) 26 ( mod 1993)
(e) Unsolvable
5 1 if p ≡ ±1 ( mod 5)
2. 1 in both cases. 18. ( ) = {
p −1 if p ≡ ±2 ( mod 5)
5. (ii) (a) 31 × 349 (b) 73 × 763 (a) 19 × 569 (b) 19 × 29 × 461
(c) 7 × 97 × 193 19. (a) 37 × 389 (b) 292 × 149
7.1. 14, 197 ( mod 211) 7.9. (i) p ≡ ±1 ( mod 12)

7.2. (a) x ≡ 20 ( mod 101) (ii) (a) 3 × 232 × 59
(b) x ≡ 3, 101 ( mod 103) (b) 11 × 23 × 181 (c) 13 × 61 × 457
7.3. 105, 682 ( mod 787); 7.10. (a) x = 4, y = −1 and x = 7, y = −4
x = 105, y = 14 and (b) x = 5, y = −1 and x = 18,
x = 682, y = 591 y = −14
(c) x = 23, y = −10 and x = 30,
7.4. (a) 38, 93 ( mod 131)
y = −17
(b) 30, 97 ( mod 127)
(c) 76, 175 ( mod 251) 7.13. (a) 122 + 132 (b) 92 + 342
(c) 152 + 322
7.5. (a) −1 (b) −1 (c) 1 2
7.14. (a) 72 + 2 (9)
7.6. 5 and square roots are 2
(b) 212 + 2 (17)
36, 61 ( mod 97). 2 2
(c) 31 + 2 (12)
7.7. (a) {x = 32, y = 10} and {x = 69, y = 47}
7.15. Yes, it is.
(b) {x = 27, y = 7} and {x = 74, y = 54}
7.16. (a) 89 × 233 (b) 73 × 3209
(c) No solution. (c) 97 × 64 433
7.17. (a) 41 × 1753 (b) 112 × 71 × 467
CHAPTER 8
EXERCISES 8.1
1. (a) 62 + 02 (b) 62 + 12 (c) 102 + 12 (e) Impossible

(d) 132 + 12 (e) 152 + 22 (f) 382 + 242
2. (a) 162 + 02 (b) 162 + 52 13. (a) 32 + 42 (b) 152 + 82
(c) 162 + 162 (d) 322 + 322 (c) 202 + 212 (d) 402 + 1982
3. (a) 92 + 112 (b) 62 + 132 (c) 122 + 62 16. x = 3, y = 13 or the other way round.
4. (a) and (b) Not possible 17. 92 + 322 , 242 + 232 , 122 + 312 and
(c) 92 + 442 42 + 332
(d) 132 + 432
EXERCISES 8.2
1. (a) 52 + 32 + 12 + 02 (iii) 982 + 492 + 492 + 492

(b) 72 + 02 + 02 + 02 2
(c) 302 + 62 + 32 + 02 (7m ) + 02 + 02 + 02 if n = 2m
7n = { 2 2 2 2
(d) 172 + 42 + 22 + 12 (2 × 7m ) + (7m ) + (7m ) + (7m ) if n = 2m + 1
(e) 212 + 42 + 22 + 22 2
(xm ) + 02 + 02 + 02 if n = 2m
xn = {
(f) 112 + 32 + 32 + 22 (axm )
2 2 2
+ (bxm ) + (cxm ) + (dxm )
2
if n = 2m + 1
2. (a) 322 + 322 + 322 + 02 2 2 2
5. (a) (2ab) + (ab) + (ab) + 02
(b) 642 + 242 + 162 + 82 2 2 2 2
(b) (2ab) + (ab) + (ab) + (ab)
(c) 422 + 72 + 92 + 112 2 2 2 2
(d) 362 + 242 + 122 + 02 (c) (xab) + (yab) + (zab) + (wab)
(e) 382 + 242 + 02 + 02 provided n = x2 + y2 + z2 + w2
{x = 1, y = 6}, {x = 1, y = 13}, {x = 3, y = 3}, {x = 3, y = 16},
3. (a) 142 + 42 + 22 + 12
(b) 242 + 152 + 32 + 32 {x = 6, y = 1}, {x = 6, y = 18}, {x = 7, y = 8}, {x = 7, y = 11},
(c) 442 + 122 + 52 + 22 6. {x = 8, y = 7}, {x = 8, y = 12}, {x = 11, y = 7}, {x = 11, y = 12},

{x = 12, y = 8}, {x = 12, y = 11}, {x = 13, y = 1}, {x = 13, y = 18},
4. (i) 142 + 72 + 72 + 72
{x = 16, y = 3}, {x = 16, y = 16}, {x = 18, y = 6}, {x = 18, y = 13}
(ii) 492 + 02 + 02 + 02
{x = 0, y = 5}, {x = 0, y = 8}, {x = 3, y = 4}, {x = 3, y = 9},
7. {x = 4, y = 3}, {x = 4, y = 10}, {x = 5, y = 0}, {x = 8, y = 0},
{x = 9, y = 3}, {x = 9, y = 10}, {x = 10, y = 4}, {x = 10, y = 9}
8. (i) 562 + 242 + 162 + 02
(ii) 282 + 122 + 82 + 02
EXERCISES 8.3
1. (a) x = 2, y = 1 (b) x = 8, y = 3 5. (a) x = 4, y = 1 (b) x = 5, y = 1

(c) x = 3, y = 1 (d) x = 10, y = 3 (c) x = 6, y = 1 (d) x = 7, y = 1
(e) x = 19, y = 6 (f) x = 7, y = 2 6. (ii) u = 17, v = 6
2. x = 842 401 and y = 233 640 (iii) u = 17, v = 3
3. (ii) 577/408, 0.000 002 124 (iv) Must be a factor of 12
4. (i) r3 = 99 + 70√2, r4 = 577 + 408√2 7. x = 48, y = 7,
3 17 99 577 x = 4607, y = 672
(ii) , , and and x = 442 224, y = 64 505
2 12 70 408
The error is 0.0858, 0.002 45, 9. x = 6049, y = 1320 and
0.000 072 2, 0.000 002 12(3sf) x = 665 335, y = 145 188
respectively.
8.9. {x = 2, y = 7} , {x = 7, y = 2} , 8.16. (ii) 97 684 + 11 934√67

{x = 3, y = 5} , {x = 5, y = 3} , (iii) 43 176 770 + 5 274 882√67
{x = 6, y = 6}
8.18. (ii) r2 = 57 799 + 13 260√19,
8.12. x = 3 and y = 1
r3 = 19 651 490 + 4 508 361√19,
8.13. (a) x = 4 and y = 1 r4 = 6 681 448 801 + 1 532 829 480√19
(b) x = 7 and y = 2
(iii) 0.000 075 42, 6.523 × 10−10 ,
(c) x = 18 and y = 5
5.643 × 10−15 , 4.882 × 10−20
8.14. (a) x = 24 and y = 5
8.19. r = 15 + 4√14,
(b) x = 23 and y = 3
r5 = 12 082 575 + 3 229 204√14
(c) x = 39 and y = 5
and 1.281 × 10−14
8.15. (a) x = 14, y = 7
8.22. (b) x = 91, y = 6
(b) 282 + 752 , 32 + 802 , 352 + 722 and
532 + 602
Symbolic Index
⇒ 3 𝜙 (n) 209 [a, b] 78

⇐ 3 Fn 76 max { } 54
⇔ 2 Card { } 210 min { } 56
m |n 1 ⌈x⌉ 56 indr (a) or ind(a) 257
m n 1 ⌊x⌋ 54 a
( ) 291
gcd (a, b) 7 a ≡ b ( mod n) 93 p
a ≢ b ( mod n) 99 𝜋 (x) 62
𝜏 (n) 4 n
𝜍 (n) 200 a−1 ( mod n) 127 ∏ () 53
j=1
Index
A decryption 46, 210 Fermat factorization 145

deficient number 197, 202 Fermat’s Last Theorem 155, 188,
abundant number 197, 203, 206 Die Hard 30, 33, 34 290, 331
Agrawal, Kayal, Saxena 143 difference of two squares 143–45, Fermat numbers 76
al-Haytham, Ibn 164 147–49, 356, 358 Fermat primes 76
approximation 354, 356, 361 Diophantine equation 26 Fermat’s Composite Test 172
arithmetic of remainders 91 Diophantine equation linear 32 Fermat’s Little Theorem 155, 231
arithmetic progression 73–75, 192 Diophantine equation floor function 54–55
quadratic 288, 331 floor function graph 56
B
Diophantus 31–32 fundamental solution 362–63
Barlow, Peter 198 Dirichlet 74, 290 Fundamental Theorem of Arithmetic
base 173–74, 177–79 Dirichlet’s theorem 75, 192 47, 50, 52, 218
Bézout’s Identity 20, 23, 36 divisible by 9 92, 107 fundamental theorem of number
Brahmagupta 353, 354, 355, 356 Division Algorithm 13 theory 162, 229
divisor 1
C Dunham, William 74 G
Cancellation Law 114, 156, 227, Gardner, Martin 142

E
228–29, 244 Gauss 62, 93, 209
cardinality 210, 214–15, 348 Ecole Polytechnique 189 Gauss’s Lemma 301, 305
Carmichael numbers 161, 178 Eisenstein, Gotthold 318 Gauss’s Theorem 223, 272
Carmichael, Robert 179 Eisenstein’s lemma 320 gcd prime decomposition
ceiling function 56, 143–45 Electronic Frontier Foundation 67, formula 82
ceiling function graph 57 196 geometric series 198–99, 204
Chinese remainder theorem 134, encrypted 142 Germain prime definition 188
179 encryption 46, 141, 209–10 Germain prime largest 193
Cicadas 46 Eratosthenes 61 Germain primes 188–93
Cole, Frank 183 Euclid 23, 62, 197 Germain, Sophie 189
complete set of residues 95–96 Euclid number 54, 63 GIMPS 184, 195
complete system of residues 96–97 Euclid’s Lemma 22 Goldbach, Christian 66
composite number 45, 57 Euclidean Algorithm 24–25 Goldbach’s conjecture 66
congruence definition 92–3 Euler 67, 200, 209, 212, 354 Goldbach’s odd conjecture 66
congruent symbol 92, 100 Euler’s Criterion 283 Göttingen 74, 93, 318
conjecture 65 Euler’s Theorem 228 Graph of ceiling function 57
consecutive composite integers Euler’s totient function Graph of floor function 56
69–70 definition 210 greatest common divisor 7
consecutive integers 11, 53, 69, 160, Euler totient function formula 219 Guy, Richard 64
163 even prime 45, 71
contrapositive 59, 171 H
Converse of Sum of Two Squares F highest common factor 7
Theorem 342
conversion identity 334–5, 339 factor 1
I
converting non-linear to linear factorial 69
form 262 factorization 141–42 identity 143, 146, 175, 333
converting product to sum 334 factorization modular incongruent 99
arithmetic 146–49 incongruent solutions 122, 123
D factorization of x2 Ⴛ 1 298 indices in modular arithmetic 104,
factorization of x2 Ⴜ 2 308 153
De Polignac 65 Factorization Theorem 146 indices properties 259
decrypt 142 Fermat 76, 154–55 indr (a) or ind(a) 257
IN D E X 385
inequalities 39–40, 58 N remainder 11–13, 25, 91

integer solutions 27, 31 residues 95–8, 128, 210–11
inverse 101, 127–8, 153, non-linear congruences 235, RSA 142–3, 209–10
158, 164 261, 265
irrational numbers 357–59 NR 295–96 S
number of primes function 62, 68
L seed solution 362
O self-invertible 128–9, 167
Lagrange’s conjecture 66 set 7, 9, 13–14, 20–22, 95, 210, 215,
Lagrange’s Sum of Four Squares order definition 236 348–9
Theorem 351 order does not exist 239 Sieve of Eratosthenes 61, 70
Lagrange’s Theorem 152, 274 Order Formula 250 sigma function 54, 200–203
Landau’s conjecture 67 order of am 246, 250 sigma function definition 200
Landau, Edmund 67 order properties 237–42 sigma of a perfect number 201
Law of Quadratic Reciprocity (LQR) sigma of a prime 201
P
310, 316, 324 simultaneous linear
Law of Quadratic Reciprocity (LQR) pairwise (relatively) prime 85–86, congruences 130–31, 134, 138
proof 324 133, 217 solutions unique 126
LCM of three or more integers 84–5 Pell, John 354 square root 143–45
Least common multiple, LCM 78 perfect number definition 196 square root (modular) 277, 281, 291,
least non-negative residues 97 Pigeonhole Principle 347 293, 296, 314
least positive integer polynomial 106 square root of Ⴜ1 modulo p 297
solution 362–63 polynomial time 143 square root of 2 modulo p 308
least positive integer value 22 prime decomposition 52–3 square-free 354, 356–57, 363, 364
Legendre, Adrien-Marie 290 prime gap 69 Stein’s Algorithm 19
Legendre polynomials 290 prime largest 67, 195 subset 13–14, 20, 50, 336
Legendre symbol definition 291 primes 45 Sum of Four Squares Identity 346
Legendre symbol properties 292–3 primitive root definition 255 Sum of Two Squares Theorem 338
lemma 22 probability 210 sum-of-divisors function 200
linear combination 5 product notation 52–53 symmetrical 278
Linear Combination Theorem 6 proper factor definition 196
linear congruence 118 pseudoprimes 161, 173–4, 177 T
logarithms 260 public key cryptography 142 tau function 4, 10, 54, 208
Lucas, Édouard 67 public key encryption 46 theorem 2
Lucas–Lehmer test 195 Pythagoras Theorem 331–2, 354 Tonelli–Shanks Algorithm 288
Pythagorean triples 332 trapdoor functions 150
M
Trinity College Cambridge 354
Massachusetts Institute of Q twin prime conjecture 65
Technology - MIT 142 two-way implication symbol 2
QR 295–6
max 54, 79
quadratic congruence 168, 277,
Mersenne number composite W
281, 288
183–84, 186
quadratic non-residue Well-Ordering Principle (WOP) 13,
Mersenne list 183
definition 279 20, 50, 336
Mersenne number definition 183
quadratic residue definition 279 Wiles, Andrew 155
Mersenne prime 183
quadratic residues combination 295 Wilson, John 163
Mersenne, Marin 182
quotient 11, 13 Wilson’s Theorem 166
min 56, 82
Without Loss of Generality
moduli 91
R (WLOG) 13, 50–51, 169
modulo 91
Woltman, George 184
modulo definition 93 reduced residue system 226–8, 247,
multiplicative function 217 255–7 Z
multiplicative function relatively prime 8, 22, 80, 210,
definition 202 223, 227 Zhang 65

00 Number Theory Step by Step

Uploaded by

Copyright:

Available Formats

00 Number Theory Step by Step

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

00 Number Theory Step by Step

Uploaded by

Copyright:

Available Formats

OUP CORRECTED PROOF – FINAL, 3/9/2020, SPi

Preface to Number Theory Step by Step

Introduction to Number Theory Step by Step ix

1.1 The Greatest Common Divisor 1

2 Primes and Factorization 45

3 Theory of Modular Arithmetic 91

4 A Survey of Modular Arithmetic with Prime Moduli 153

5 Euler’s Generalization of Fermat’s Theorem 209

6 Primitive Roots and Indices 235

7 Quadratic Residues 277

8 Non–Linear Diophantine Equations 331

Brief Solutions 369

Symbolic Index 383

Introduction to Number Theory Step

What is elementary number theory?

What do we discuss in this book?

Why are these questions important?

23 456 761 and 9 876 543 139,

x2 − 127y = 2 or 7x6 − 13y = 6.

In Chapter 7 we also ask whether the non-linear Diophantine equation such as

has any integer solutions. This is not an easy task.

a2 + b2 = c2 where a, b and c are integers.

Why have we chosen to discuss these topics?

SECTION 1.1 The Greatest Common Divisor

1.1.1 Introduction to divisibility

We say a is a divisor or a factor of b. This is equivalent to saying that b is a multiple

What are the divisors of 21?

1, −1, 3, −3, 7, −7, 21, and −21 are divisors of 21.

What are the divisors of −21?

Determine the divisors of

(b) The only divisors of 1 are ±1.

Theorem (1.2). Properties of divisors.

We use Definition (1.1) given at the start to prove these results.

This symbol signifies the end of a proof.

Substituting the first equation b = ax into by = c gives (ax) y = c implies

Multiplying am = b and cn = d together gives am × cn = b × d. Re-arranging

ac × (mn) = b × d implies ac × (integer) = b × d implies (a × c) (b × d) .

(d) We are required to prove that a b and b a ⇔ a = ±b.

Substituting b = ax into by = a gives a (xy) = a, which implies xy = 1. The

Putting y = 1 or y = −1 into a = by gives a = b or a = −b; in other words, a = ±b.

(e) Suppose a b and b ≠ 0, then there is an integer m such that

|b| = |a × m| = |a| × |m| [Because | x × y | = | x | × | y |].

We are given that b is not zero so m cannot be zero, therefore |m| ≥ 1.

Using this | m | ≥ 1 in the above | b | = | a | × | m | gives

Hence |b| ≥ |a|, which we can write the other way as | a | ≤ | b |.

Determine all the positive divisors of 42.

It follows that any divisor of 6 is also a divisor of 42. Divisors of 6 are

So far we have 1, 2, 3, 6, and 7 as divisors of 42.

1, 2, 3, 6, 7, 14, 21, and 42.

Clearly 9 99 and we are given 99 5544, therefore 9 5544.

If a b and c d then (a × c) (b × d).

To 9 5544 and 8 1176 gives

(9 × 8) (5544 × 1176), which implies 72 (5544 × 1176).

1.1.2 Linear combination

A linear combination of integers b and c is an integer of the form bx + cy.

5544x + 594y = 99mx

Hence 99 is a factor of 5544x + 594y or 99 (5544x + 594y).

What does this statement mean?

bx + cy = (am) x + (an) y = a (mx + ny) [Factorizing].

Prove that if a b and a c then (i) a (b + c) (ii) a (b − c).