0% found this document useful (0 votes)

15 views45 pages

M3P14

Uploaded by

corso.annamaria.polo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

15 views45 pages

M3P14

Uploaded by

corso.annamaria.polo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 45

M3P14 Number Theory

Lectured by Prof Toby Gee

Typed by David Kurniadi Angdinata
Autumn 2018

1
π =3+
1
7+
1
15 +
1
1+
1
292 +
1
1+
1
1+
1
1+
..
.
4 4 12
=0+ =0+ =3+
12 12 32
1+ 1+ 6+
32 22 52
2+ 2
3+ 2
6+
5 3 72
2+ 5+ 6+
.. .. ..
. . .
2 2 4
=2+ =2+ =2+
1
1 1·2 1·3
1 + 1+ 3+
1
1 2·3 3·5
2 + 1+ 4+
1
1 3·4 5·7
3 + 1+ 4+
.. .. ..
. . .
13
=3+
13 + 23
6+
13 + 2 3 + 3 3 + 4 3
6+
1 + 23 + 33 + 43 + 53 + 63
3
6+
13 + 2 3 + 3 3 + 4 3 + 5 3 + 6 3 + 7 3 + 8 3
6+
..
.

Syllabus
Prime numbers and factorisation. Euclid’s algorithm and consequences. Congruences. The structure of
(Z/nZ)× . Primality testing and factorisation. RSA algorithm. Quadratic reciprocity. Sums of squares.
Pell’s equation. Continued fractions. Diophantine approximation. Primes in arithmetic progressions.
Arithmetic functions. The distribution of prime numbers.

1
M3P14 Number Theory Contents

Contents
0 Introduction 4

1 Euclid’s algorithm and unique factorisation 5

1.1 Divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2 Euclid’s algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 Unique factorisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4 Linear diophantine equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Congruences and modular arithmetic 7

2.1 Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Linear congruence equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 The Chinese remainder theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
×
3 The structure of (Z/nZ) 9
3.1 The Euler Φ function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Euler’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

4 Primality testing and factorisation 13

4.1 Factorisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 Testing primality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5 Public-key cryptography 16
5.1 Messages as sequences of classes modulo n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.2 The Rivest-Shamir-Adleman (RSA) algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.3 Signing with RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.4 Discrete logarithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6 Quadratic reciprocity 17
6.1 Quadratic residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.2 Computing Legendre symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.3 Proof of quadratic reciprocity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.4 Jacobi symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

7 Sums of squares 22
7.1 Sums of two squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
7.2 Sums of four squares - the ring of quaternions . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
7.3 Proof of Lagrange’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
7.4 Sums of three squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

8 Pell’s equation 26
8.1 Pell’s equation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
8.2 Quadratic subrings of C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
8.3 Factorisation in quadratic rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
8.4 Back to Pell’s equation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
8.5 Constructing the fundamental 1-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
8.6 The equation x2 − dy 2 = −1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

9 Continued fractions 30
9.1 Rational continued fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
9.2 Infinite continued fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
9.3 Best approximations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
9.4 Returning to Pell’s equation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
9.5 Periodic continued fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2
M3P14 Number Theory Contents

10 Diophantine approximation 36
10.1 Liouville’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
10.2 Constructing transcendentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
10.3 Roth’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

11 Primes in arithmetic progressions 37

11.1 Primes in arithmetic progressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
11.2 Elementary results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
11.3 Cyclotomic polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
11.4 Primes congruent to 1 mod n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

12 Arithmetic functions 40
12.1 Dirichlet convolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
12.2 Möbius inversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

13 The distribution of prime numbers 41

13.1 Reminder of asymptotic notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
13.2 The prime number theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
13.3 The Brun-Titchmarsh theorem and the Selberg sieve . . . . . . . . . . . . . . . . . . . . . . . 43

3
M3P14 Number Theory 0 Introduction

0 Introduction
Lecture 1
Roughly speaking number theory is the study of the integers. More specifically, problems in number theory Friday
often have a lot to do with primes and divisibility, congruences, and include problems about the rational 05/10/18
numbers. For example, solving equations in integers or in the rationals, such as x2 − 2y 2 = 1, etc. We
will be looking at problems that can be tackled by elementary means, but this does not mean easy. Also
the statements of problems can be elementary without the solution being elementary, such as Fermat’s last
theorem, or even known, such as the twin prime conjecture. Sometimes we will state interesting things, like
the prime number theorem, without proving them. Typically these will be things that we could prove if the
course was much longer. We will start the course with a look at prime numbers and factorisation, a review of
×
Euclid’s algorithm and consequences, congruences, the structure of (Z/nZ) , RSA algorithm, and quadratic
reciprocity. We will return to primes at the end, too. The following are typical questions here.
How do you tell if a number is prime?

How many primes are there congruent to a mod b for given a and b?

How many primes are there less than n?

A warning is that we will be using plenty of things from the compulsory first and second year algebra courses,
about groups, rings, ideals, fields, Lagrange’s theorem, the first isomorphism theorem, and so on. You may
want to revise this material if you are not comfortable with it. The course is not based on any particular
book, although some material, such as continued fractions, was drawn from the following.
A Baker, A concise introduction to the theory of numbers, 1984

Not everything we will do is in that book, though.

4
M3P14 Number Theory 1 Euclid’s algorithm and unique factorisation

1 Euclid’s algorithm and unique factorisation

1.1 Divisibility
Definition 1. If a, b ∈ Z, we say that a divides b, and a | b, if there exists c ∈ Z such that b = ac. If a
does not divide b, write a - b.
If a | b and a | c then a | rb + sc for any r, s ∈ Z.
Definition 2. The greatest common divisor (gcd) or highest common factor (hcf ) of a and b is the
largest positive integer dividing a and b. Write it as (a, b).
Example. (−10, 15) = 5.
Note. The ring Z is a principal ideal domain (PID). If f1 , . . . , fn ∈ R, write (f1 , . . . , fn ) for the ideal
generated by the fi . Then for a, b ∈ Z, the ideal (a, b) is generated by the gcd (a, b), by Theorem 6 below.
Definition 3. n ∈ Z is prime if n has exactly two positive divisors, namely 1 and n.
Note. Frequently when people talk about prime numbers they restrict to the positive case. If we write, let
p be a prime number, then we will usually mean p > 0.
Note. 1 is not prime.

1.2 Euclid’s algorithm

Proposition 4. If a, b ∈ Z, not both zero, then for any n ∈ Z, (a, b) = (a, b − na).
Proof. By definition, it is enough to show that if r | a and r | b then r | a and r | b − na and conversely.
Theorem 5. Let a, b ∈ Z with b > 0. Then there exist unique q, r ∈ Z with 0 ≤ r < b and a = qb + r.
Proof. Take q = ba/bc. By definition 0 ≤ a/b − q < 1, that is 0 ≤ a − qb < b, so take r = a − qb. Uniqueness
is easy.
Euclid’s algorithm is as follows. Let a, b ∈ Z not both zero. Without loss of generality, 0 ≤ b ≤ a.
Step 1. If b = 0, output a.
Step 2. Otherwise, replace (a, b) with (b, r) as in Theorem 5. Then go to step 1.
This algorithm terminates because |a| +|b| decreases when we apply step 2.
Example.

3 = 12 − 9
= 12 − (21 − 12)
(120, 87) = (87, 33) 120 = 87 + 33
= 2 (12) − 21
= (33, 21) 87 = 2 (33) + 21
= 2 (33 − 21) − 21
= (21, 12) 33 = 21 + 12
= 2 (33) − 3 (21)
= (12, 9) 21 = 12 + 9
= 2 (33) − 3 (87 − 2 (33))
= (9, 3) 12 = 9 + 3
= 8 (33) − 3 (87)
= (3, 0) 9 = 3 (3) + 10.
= 8 (120 − 87) − 3 (87)
= 8 (120) − 11 (87) .
Theorem 6. If a, b ∈ Z, not both zero, then there exist r, s ∈ Z such that (a, b) = ra + sb.
Proof. Idea is to write (an , bn ) for the sequence of pairs in Euclid’s algorithm, and use downwards induction
on n. 1
1 Exercise

5
M3P14 Number Theory 1 Euclid’s algorithm and unique factorisation

1.3 Unique factorisation

Proposition 7. Let n, a, b ∈ Z with n | ab and (n, a) = 1. Then n | b.
Proof. Since (n, a) = 1, we can write rn + sa = 1, so b = n (rb) + (ab) s, which is divisible by n.
If (n, a) = 1, we say that n and a are coprime. Lecture 2
Tuesday
Corollary 8. If p is prime and p | ab then p | a or p | b.
09/10/18
Proof. If p - a then (p, a) = 1, so Proposition 7 implies p | b.
Proposition 9. If (a, b) = 1, and a | n and b | n, then ab | n.
Proof. By 6, we can write 1 = ra + sb with r, s ∈ Z. So n = r (na) + s (nb), which is divisible by ab.
We say that m1 , . . . , mn ∈ Z are pairwise coprime if (mi , mj ) = 1 for all i 6= j.
Corollary 10. If m1 , . . . , mn are pairwise coprime and mi | N for all i then m1 . . . mn | N .
2
Proof. Induction on n, where n = 2 is Proposition 9.
Proposition 11. Every n ∈ Z∗ can be written as ±p1 . . . pr where pi are prime, and r could be zero.
Proof. Use induction on |n|. The case |n| is trivial, so suppose |n| > 1. Then either |n| is prime, or |n| = ab
for 1 < a, b < |n|, and by induction each of a and b is a product of primes.
Theorem 12. Every n ∈ Z>0 can be written as ±p1 . . . pr where pi are prime and are uniquely determined
up to ordering.
Proof. Existence is Proposition 11. Suppose that n = p1 . . . pr = q1 . . . qs , with pi and qi prime. Then
without loss of generality suppose r, s ≥ 1. Then p1 | p1 . . . pr , so p1 | q1 . . . qs . By Corollary 8, either
p1 | q1 or p1 | q2 . . . qs . Proceeding inductively, eventually p1 | qi for some i. Since qi is prime this means
p1 = qi . We then have p2 . . . pr = q1 . . . qi−1 qi+1 . . . qs . Since this product is smaller than n, by the inductive
hypothesis we must have r − 1 = s − 1 and the pi , except p1 , are a rearrangement of the qj , except qi .

1.4 Linear diophantine equations

Let a, b, c ∈ Z∗ . Want to solve
ax + by = c, x, y ∈ Z.
Example. 2x + 6y = 3 has no solutions.
In general, there are no solutions if (a, b) - c. Suppose that (a, b) | c. Then
a b c
ax + by = c ⇐⇒ x+ y= .
(a, b) (a, b) (a, b)
By Theorem 6, since (a/ (a, b) , b/ (a, b)) = 1, we can find r, s ∈ Z with ar/ (a, b) + bs/ (a, b) = 1, so

a rc b sc c
+ = .
(a, b) (a, b) (a, b) (a, b) (a, b)
So x = rc/ (a, b) and y = sc/ (a, b) is a solution. Then X and Y is another solution if and only if

a b a b a b
X+ Y = x+ y ⇐⇒ y − Y, X − x.
(a, b) (a, b) (a, b) (a, b) (a, b) (a, b)

See that the solutions are exactly

nb na
X =x+ , Y =y− .
(a, b) (a, b)

2 Exercise

6
M3P14 Number Theory 2 Congruences and modular arithmetic

2 Congruences and modular arithmetic

2.1 Congruences
Definition 13. Let n ∈ Z∗ , usually n > 0. Let a, b ∈ Z. We say that a is congruent to b mod n if and
only if n | a − b. Write a ≡ b mod n.
≡ is an equivalence relation, and we write Z/nZ for the equivalence classes, which is a ring.
Example. If a ≡ b mod n and c ≡ d mod n, then

a + c ≡ b + d mod n, ac ≡ bd mod n.

If a ∈ Z, we sometimes write a for the image of a in Z/nZ.

Example. If n = 12, then 25 = 1.
So every element of Z/nZ is equal to r for some unique r ∈ {0, . . . , n − 1}. We often write

Z/nZ = {0, . . . , n − 1} .

Example. If n = 6, we could write 3 + 4 = 1 and 3 × 4 = 0.

Let R be a commutative ring with unity. Then a unit of R is an element x such that there exists y ∈ R
with xy = 1. Write R× for the set of units in R. This is a group under multiplication.
Example.
Z× = {±1}.
Q× = Q \ {0} = {x ∈ Q | x 6= 0}.
× ×
We want to understand (Z/nZ) . Which elements of {0, . . . , n − 1} are in (Z/nZ) ? If r ∈ Z and r ∈
×
(Z/nZ) then there exists s ∈ Z such that rs ≡ 1 mod n. This implies that (r, n) = 1. Conversely, if
(r, n) = 1, then there exist x, y ∈ Z such that rx + ny = 1, that is rx ≡ 1 mod n, that is r is a unit. So
×
(Z/nZ) = {0 ≤ i < n | (i, n) = 1} .

Example. If p is a prime, then

×
(Z/pZ) = {1, . . . , p − 1} .
So Z/pZ is a ring with the property that every non-zero element has a multiplicative inverse, so it is a field.
Another equivalent way to see this is to check that pZ is a maximal ideal of Z.
Thus every non-zero congruence class modulo p is a unit.

2.2 Linear congruence equations

Lecture 3
Consider the question of solving Wednesday
ax ≡ b mod c, a, b, c, x ∈ Z. 10/10/18
This is equivalent to solving
ax + cy = b, y ∈ Z.
We saw yesterday that this has solutions if and only if (a, c) | b. Furthermore, there is a unique solution
modulo c/ (a, c), because all the solutions are obtained by adding multiples of c/ (a, c) to our given x, and
subtracting the corresponding multiple of a/ (a, c) from y. This implies that there are (a, c) solutions to the
original congruence modulo c. If x0 is one solution, the others are
cj
x0 + , 0 ≤ j < (a, c) .
(a, c)
×
In particular, if (a, c) = 1 then there is a unique solution to ax ≡ b mod c. Indeed a ∈ (Z/cZ) , so it has
an inverse a−1 , and x ≡ a−1 b mod c is the unique solution.

7
M3P14 Number Theory 2 Congruences and modular arithmetic

Example.
2x ≡ 3 mod 6 has no solutions as (2, 6) = 2 - 3.

2x ≡ 4 mod 6 if and only if x ≡ 2 mod 3, which has solutions x ≡ 2 mod 6 and x ≡ 5 mod 6.

2.3 The Chinese remainder theorem

Theorem 14 (Chinese remainder theorem). Let m1 , . . . , mn ∈ Z>0 be pairwise coprime. Then the natural
map
∼
Z/m1 . . . mn Z −
→ Z/m1 Z × · · · × Z/mn Z
is an isomorphism of rings. Consequently,
× ∼ × ×
(Z/m1 . . . mn Z) −
→ (Z/m1 Z) × · · · × (Z/mn Z)

is an isomorphism of abelian groups.

Remark. This is false without the assumption that mi pairwise coprime, such as m1 = m2 = 2.
Proof. The map
Z/m1 . . . mn Z → Z/m1 Z × · · · × Z/mn Z
is a ring homomorphism between two rings of order, or cardinality, m1 . . . mn . So to show that it is an
isomorphism, it is enough to show that it is an injection, so we only need to check that the kernel is zero.
So we need to know that if mi | N for all i, then m1 . . . mn | N . This is Corollary 10. For the second part,
just use that if R and S are rings, then
×
(R × S) ∼= R× × S × .

The first part says that given any ai ∈ Z, there is a unique x mod m1 . . . mn with x ≡ ai mod mi . Write
M
M = m1 . . . mn , Mi = .
mi
Choose qi such that qi Mi ≡ 1 mod mi , using (Mi , mi ) = 1 because (mj , mi ) = 1 for all j 6= i. Then take

x = a1 q1 M1 + · · · + an qn Mn .

Then
x ≡ ai qi Mi ≡ ai mod mi .

8
×
M3P14 Number Theory 3 The structure of (Z/nZ)

3 The structure of (Z/nZ)×

3.1 The Euler Φ function
×
Let Φ (n) be the order of (Z/nZ) , that is
Φ (n) = # {1 ≤ i < n | (i, n) = 1} .
Example. If p is prime, Φ (p) = p − 1.
Φ is called Euler’s Φ function.
Definition 15. Let f be a function on the positive integers. Say that f is strongly multiplicative if
f (mn) = f (m) f (n) ,
for all m and n. Say f is multiplicative if this holds whenever (m, n) = 1.
Φ is multiplicative by Theorem 14, because if (m, n) = 1 then
× ∼ × ×
(Z/mnZ) −
→ (Z/mZ) × (Z/nZ) .
pai i , where pi are distinct
Q
Φ is not strongly multiplicative, since Φ (4) = 2 6= 1 = Φ (2) Φ (2). Write n = i
primes. Then Φ (n) = i Φ (pai i ). If p is prime then
Q

1
Φ (pa ) = # {1 ≤ i < pa | (i, pa ) = 1} = # {1 ≤ i < pa | p - i} = pa − pa−1 = pa 1 − .
p
pai i , then
Q
If n = i
Y Y
Y Y 1 1 1
Φ (n) = Φ (pai i ) = pai i 1− =n 1− =n 1− .
i i
pi i
pi p
p|n

3.2 Euler’s theorem

Theorem 16 (Euler’s theorem). If (a, n) = 1, then
aΦ(n) ≡ 1 mod n.
×
Proof. This is equivalent to showing that aΦ(n) = 1 in (Z/nZ) . This is a group of order Φ (n), so this is
immediate from Lagrange’s theorem.
Corollary 17 (Fermat’s little theorem). If p is prime and p - a, then
ap−1 ≡ 1 mod p.
Proof. Theorem 16 with n = p, so Φ (n) = p − 1.
×
Next, want to understand the structure of (Z/nZ) . By Theorem 14, it is enough to study the case that n
is a prime power. We will begin by considering the case that n is prime.
×
Example. Let n = 5. Then(Z/5Z) = {1, 2, 3, 4}. This has order four. So it is either cyclic of order four
×
or a product of two cyclic groups of order two. Since 22 = 4, 23 = 3, and 24 = 1, (Z/5Z) is cyclic of order
four.
×
Next, (Z/pZ) is cyclic of order p − 1 for any prime p. Lecture 4
Friday
Definition 18. If G is a group and g ∈ G is an element, the order of g is the least a ≥ 1 such that g a = 1.
× 12/10/18
In particular, if (g, n) = 1, then we write ordn g for the order of g in (Z/nZ) , the order of g modulo n.
Proposition 19. If G is a group and g is an element of order a, then g n = 1 if and only if a | n.
b
Proof. If n = ab then g n = (g a ) = 1b = 1. Conversely, write n = ab + r with 0 ≤ r < a. Then g r = 1 and
since r < a we have r = 0.

9
×
M3P14 Number Theory 3 The structure of (Z/nZ)

In particular, if (g, n) = 1, then g Φ(n) = 1, by Euler’s theorem, so Proposition 19 implies that ordn g | Φ (n).
×
We want to prove that if p is prime, then (Z/pZ) is cyclic. Equivalently, we need to show that there exists
g such that ordp g = Φ (p) = p − 1. We will do this by counting the number of elements of each order. The
×
key point is that Z/pZ is a field. For any d ≥ 1, the elements of (Z/pZ) of order dividing d are exactly the
roots of the X d − 1 in Z/pZ, by Proposition 19.
Example. The equation X 2 = 1 has exactly two solutions modulo p for any prime p, namely ±1, but it
can have more modulo n if n is composite. For example, if n = 15, then 4 and 11 are also solutions, since
X 2 − 1 ≡ 0 mod n if and only if n | (X + 1) (X − 1), for example 15 | (4 + 1) (4 − 1).
×
Definition 20. g ∈ Z with (g, p) = 1 is a primitive root if ordp g = p − 1, that is (Z/pZ) = hgi.

Lemma 21. Let R be a commutative ring, and let P (X) ∈ R [X]. If α ∈ R has P (α) = 0, then there exists
Q (X) ∈ R [X] such that P (X) = (X − α) Q (X).
Example. If R = Z/15Z, X 2 − 1 = (X + 1) (X − 1) = (X + 4) (X − 4).
Proof. Induction on deg P , where deg P = 0 is obvious. Let deg P = d, and assume the result holds for
degree at most d−1. Let P (X) = cX d +. . . and S (X) = P (X)−cX d−1 (X − α). Then S (X) has degree at
most d−1. Also S (α) = 0. By induction, we can write S (X) = (X − α) R (X). Set Q (X) = cX d−1 +R (X).
Then (X − α) Q (X) = cX d−1 (X − α) + S (X) = P (X).
Theorem 22. Let F be a field. Let P (X) be a polynomial in F [X]. Then P (X) has at most d distinct
roots in F .

Proof. Induction on d = deg P , where d = 1 is obvious. If P has no roots, then we are done. Otherwise,
let α be a root. By Lemma 21, P (X) = (X − α) Q (X), and Q (X) has degree d − 1, so we are done by
induction.
×
Corollary 23. Let d be any divisor of p − 1. Then there are exactly d elements of (Z/pZ) of order dividing
d.

Proof. We have to show that X d − 1 has exactly d roots in Z/pZ. By Fermat’s little theorem, X p−1 − 1 has
exactly p − 1 roots. Since d | p − 1, we can write

p−1 −1

X p−1 − 1 = X d − 1 Xd d + · · · + 1 = X d − 1 Q (X) ,

deg Q = p − 1 − d.

Then X p−1 − 1 has exactly p − 1 roots, X d − 1 has at most d roots, and Q (X) has at most p − 1 − d roots,
by Theorem 22. So X d − 1 has exactly d roots.
Example. Let p = 7. There are
one element of order one,

two elements of order dividing two, so one element of order two,

three elements of order dividing three, so two elements of order three, and

six elements of order dividing six, so two elements of order six.

Lemma 24. For any n ≥ 1, we have X

Φ (d) = n.
d|n

Proof. For each d | n, the elements of {1, . . . , n} with (i, n) = n/d are exactly those of the form i = (n/d) j
for 1 ≤ j ≤ d and (j, d) = 1. There are exactly Φ (d) such elements. Since the n/d run over all the divisors
of n, we are done.

10
×
M3P14 Number Theory 3 The structure of (Z/nZ)

×
Theorem 25. Let p be prime, and let d | p − 1. Then there are exactly Φ (d) elements of (Z/pZ) of order
×
d. In particular, there are Φ (p − 1) primitive roots, and (Z/pZ) is cyclic.
Proof. Induction on d, where d = 1 is obvious. Assume the result holds for all d0 | d and d0 6= d. Then by
Lemma 24, X
Φ (d) = d − Φ (d0 ) .
d0 |d, d0 6=d
Now use the inductive hypothesis and Corollary 23.
Lecture 5
n × Tuesday
Proposition 26. Let p be an odd prime and n ≥ 1. Then (Z/p Z) is cyclic.
16/10/18
Proof. Consider three cases.
n = 1. Theorem 25.
n = 2. Let g be a primitive root modulo p. Claim that either g p−1 6≡ 1 mod p2 and g is a generator for
× × ×
Z/p2 Z , or g p−1 ≡ 1 mod p2 and g + p is a generator for Z/p2 Z . Either way, Z/p2 Z is
cyclic. Suppose firstly that
g p−1 6≡ 1 mod p2 .
×
= Φ p2 = p (p − 1). So ordp2 g | p (p − 1). On the other hand, g ordp2 g ≡ 1

Then # Z/p2 Z
2 ordp2 g
mod p , so g ≡ 1 mod p, so p − 1 | ordp2 g, because ordp g = p − 1 by assumption. But
ordp2 g 6= p − 1, as g p−1 6≡ 1 mod p2 . So ordp2 g = p (p − 1), as required. Suppose now that
g p−1 ≡ 1 mod p2 .
p−1
It suffices to show that (g + p) 6≡ 1 mod p2 , as we can then apply the analysis above with g + p
in place of g. By the binomial theorem,
p−1
(g + p) ≡ g p−1 + (p − 1) g p−2 p ≡ 1 + (p − 1) g p−2 p mod p2 .
p−1
Since p - (p − 1) g p−2 , (g + p) 6≡ 1 mod p2 , as required.
n ≥ 2. It suffices to show that if ordp2 g = p (p − 1), then ordpn g = pn−1 (p − 1). We do this by induction

on n. So assume that ordpn g = pn−1 (p − 1). Then ordpn g | ordpn+1 g, and ordpn+1 g | Φ pn+1 =
pn (p − 1). So either ordpn+1 g = pn (p − 1), or ordpn+1 g = pn−1 (p − 1). So we need to show that
n−1
gp (p−1)
6≡ 1 mod pn+1 .
n−2
To do this, consider g p (p−1) modulo pn−1 and modulo pn . Since Φ pn−1 = pn−2 (p − 1),
n−2 n−2
by Euler’s theorem, g p (p−1) ≡ 1 mod pn−1 . Write g p (p−1) = 1 + pn−1 t. Since ordpn g =
n−2
pn−1 (p − 1) by assumption, g p (p−1) 6≡ 1 mod pn , that is p - t. Then
p
pn−1 (p−1)
n−2
p (p−1) n−1 p n p 2(n−1) 2
t + · · · + pp(n−1) tp

g = g = 1+p t =1+p t+ p
2
≡ 1 + pn t mod pn+1 ,
since r (n − 1) ≥ n + 1 if and only if (r − 1) n ≥ r + 1 and p > 2, so

n+1 2n−1 2(n−1)+1 p 2(n−1)
p p =p p .
2
n−1
So g p (p−1)
6≡ 1 mod pn+1 , because p - t.

Example.
×
(Z/2Z) = {1}.
×
(Z/4Z) = {1, 3} is cyclic of order two, with 3 as a generator.
×
(Z/8Z) = {1, 3, 5, 7} is not cyclic, since 12 ≡ 32 ≡ 52 ≡ 72 ≡ 1 mod 8, so every element has order
two.

11
×
M3P14 Number Theory 3 The structure of (Z/nZ)

Lemma 27. For n ≥ 0 we have n

52 ≡ 1 + 2n+2 mod 2n+3 .
n
Proof. Induction on n, where n = 0 is obvious. Assume that 52 = 1 + 2n+2 t with t odd. Then
n+1 2
52 = 1 + 2n+1 t = 1 + 2n+3 t + 22(n+2) t2 = 1 + 2n+3 t + 2n+1 t2 ,

where t + 2n+1 t2 is odd.

Proposition 28. If n ≥ 2 then there is an isomorphism
× ∼
(Z/2n Z) −
→ Z/2Z × Z/2n−2 Z.
×
In particular, if n ≥ 3, then (Z/2n Z) is not cyclic.

Proof. Let hgi denote the group 1, . . . , g ord g−1 generated by g. Consider the natural map
×
h−1i × h5i → (Z/2n Z) .
s s
This is injective, because if ±1 (5) ≡ 1 mod 2n then in particular ±1 (5) ≡ 1 mod 4 so ±1 ≡ 1 mod 4, so
we must have 5s ≡ 1 mod 2n , that is 5s = 1 in h5i. Then h−1i has order 2 and h5i has order ord2n 5 = 2n−2
×
by Lemma 27. So h−1i × h5i has order 2 2n−2 = 2n−1 = Φ (2n ) = # (Z/2n Z) . So the map h−1i × h5i →
n ×
(Z/2 Z) is an injection of groups of the same order, so it is a bijection.
×
Theorem 29. (Z/nZ) is cyclic if and only if either
n = 1, 2, 4,

n = pr for p > 2 prime and r ≥ 1, or

n = 2pr for p > 2 prime and r ≥ 1.

Lecture 6
×
Primitive roots are generators of (Z/nZ) . Find them in practice by guessing small values of g, and seeing Wednesday
if g is a generator. There are Φ (p − 1) primitive roots, which means that you have a high probability of 17/10/18
success. Could work out 1, . . . , g p−2 and check these are distinct. This would be inefficient. Better is to
check for some prime q | p − 1 whether g (p−1)/q = 1 or not. This works, because if g (p−1)/q = 1 then g is not
a primitive root, while if g (p−1)/q 6= 1 then ordp g | p − 1 and ordp g - (p − 1) /q. If this holds for all q | p − 1,
then ordp g = p − 1, because otherwise it would be a proper divisor, and so would divide (p − 1) /q for some
prime q | p − 1.
Example. Let p = 31, so p − 1 = 30 = (2) (3) (5). Then g is a primitive root if and only if

g 15 6= 1, g 10 6= 1, g 6 6= 1.

Is 2 a primitive root? 22 = 4, 24 = 16, 26 = 2, but 210 = 215 = 1 because 25 = 32 = 1.

How about 3? 32 = 9, 34 = 19, 36 = 16, 38 = 20, 310 = 25, 315 = 30. So 3 is a primitive root modulo 31.

12
M3P14 Number Theory 4 Primality testing and factorisation

4 Primality testing and factorisation

The idea is that testing whether n ∈ Z is prime is easy. Factoring n is expected to be hard. Easy here means
that there is an algorithm to check whether n is prime or not which runs in time polynomial in log n. It is
known that a deterministic algorithm exists to do this, the Agrawal-Kayal-Saxena (AKS) algorithm,
in 2005. We will see an algorithm that runs faster than this in practice. On the other hand, for factoring
there are algorithms which are better than exponential in log n, but there is nothing close to polynomial
time, and the general expectation is that no such algorithm should exist.

4.1 Factorisation
How do we factor three digit numbers, or small four digit numbers, say at most 400 if we wanted√ to factor
with a paper or a calculator? If n ≤ 400 and n√is composite, √
then it has a prime factor at most 400 = 20,
since if d | n then d (n/d) = n, so either d ≤ n or n/d ≤ n. So you only have to be able to check for
divisibility by
2, 3, 5, 7, 11, 13, 17, 19.
2, 5. Checking for divisibility is easy, by just looking at the last digit.
3, 11. Use that 10 ≡ 1 mod 3 and 10 ≡ −1 mod 3. So
X X X X i
ai 10i ≡ ai mod 3, ai 10i ≡ ai (−1) mod 11.
i i i i

So you can check divisibility by 3, or 9, by checking for the sum of the digits, and 11 by taking
the alternating sum.
7. 10x + y ≡ 0 mod 7 if and only if −2 (10x + y) ≡ 0 mod 7, if and only if x − 2y ≡ 0 mod 7.
13, 17, 19. There are no good tests.
If n ≤ 400 and n is not divisible by 2, 3, 5, 7, 11, then the smallest prime factor of n is at least 13. Since
133 > 400, it can have at most two prime factors. So if you want to factor numbers at most 400, you only
have to remember a short list
132 , 13 (17) , 13 (19) , 13 (23) , 13 (29) , 172 , 17 (19) , 17 (23) , 192 .
Example.
143 ≡ 1 − 4 + 3 ≡ 0 mod 11.
144 ≡ 1 + 4 + 4 ≡ 0 mod 9.
154 ≡ 15 − 2 (4) = 7 ≡ 0 mod 7.
Lecture 7
Factor four digit numbers by an algorithm due to Fermat. The idea is to first check for small prime factors Friday
by hand, say p = 2, . √
. . , 19. If n is composite and does not have any small factors, then the prime factors of 19/10/18
n should be close to n. If n = ab for a and b odd and a ≤ b, then
2 2 2 2
a+b b−a a+b b−a
n = ab = − , −n= .
2 2 2 2
2
If you know (a + b) /2 and (b − a) /2, you can recover a and b. So take m such that m2 ≤ n < (m + 1) . If
2
n = m2 , done. Otherwise check if (m + i) − n is a square for increasing i.
Example. Let n = 6077. Then 772 < 6077 < 782 , so
782 − 6077 = 7,
792 − 6077 = 164,
802 − 6077 = 323,
812 − 6077 = 484 = 222 .
Thus 6077 = 812 − 222 = (103) (59).

13
M3P14 Number Theory 4 Primality testing and factorisation

There exist algorithms for factoring n which run in better than exponential time in log n, such as the
quadratic sieve and the general number field sieve.
Example. Let n = 1649. Then 402 < 1649 < 412 , so
412 − 1649 = 32 = 25 ,
422 − 1649 = 115,
3 2
432 − 1649 = 200 = (2) (5) .
3 2
Since 412 ≡ 25 mod 1649 and 432 ≡ (2) (5) mod 1649,
2 2
802 ≡ (41) (43) = 17632 ≡ 1142 mod 1649.
Then
2
0 ≡ 1142 − 802 = (194) (34) = (2) (17) (97) mod 1649.
In fact, 1649 = (17) (97). Better for this last step would be to have computed
(194, 1649) = 97, (34, 1649) = 17.
Can do this quickly using Euclid’s algorithm. To make this into an efficient algorithm, need to have a way
given x1 , . . . , xr to find a subset whose product is a square. If we know the prime factorisation for the xi ,
we can write
xi = pa1 i1 . . . pakik .
Qr
Want to choose i = 0, 1 such that i=1 xi i is a square. Equivalently, for each j, want the exponent of pj to
be even, that is
Xr
i aij ≡ 0 mod 2.
i=1
Let
3 2
x1 = 25 , x2 = (5) (23) , x3 = (2) (5) , p1 = 2, p2 = 5, p3 = 23.
Ignore all numbers with a large prime factor, so here ignore 23. Then

5 0 1 0
1 2 ≡ 0 0 mod 2 ⇐⇒ 1 2 = 0 0
3 2 1 0
in Z/2Z, a field F2 , that is 1 + 2 = 0, so 1 = 2 = 1.
This step, solving linear equations in Z/2Z, can be done efficiently. The remaining difficulty is to find a
supply of m ∈ Z such that m2 −n has only small prime factors. The idea is that if we fix a list of small primes
to start with, we get congruence conditions on m. It turns out that there is a straightforward algorithm for
solving m2 ≡ n mod p. This gives two possible values for m mod p. If you do this for lots of primes p, you
get a supply of congruence conditions for m, so you can eliminate ever considering m such that m2 − n has
large prime factors.
Example. m2 = 1649 ≡ 2 mod 3 has no solutions.

4.2 Testing primality

Lecture 8
Euler’s theorem states that if (a, n) = 1 then aΦ(n) ≡ 1 mod n. In particular if p is prime then ap−1 ≡ 1 Tuesday
mod p for 1 ≤ a ≤ p − 1. In particular, if 2n−1 6≡ 1 mod n, then n cannot be prime. The problem is that 23/10/18
there exists n composite such that an−1 ≡ 1 mod n for all (a, n) = 1, the Carmichael numbers. It is
known that infinitely many of these exist. The Miller-Rabin test is a test for whether odd n ∈ Z is prime
or not. Today let n ≡ 3 mod 4. Example sheet is n ≡ 1 mod 4.
Lemma 30. Let n > 1 be congruent to 3 mod 4. Then n is prime if and only if
n−1
a 2 ≡ ±1 mod n, (a, n) = 1.

14
M3P14 Number Theory 4 Primality testing and factorisation

Proof.
2
If n is prime, then an−1 ≡ 1 mod n by Fermat’s little theorem, so a(n−1)/2 ≡ 1 mod n, so
a(n−1)/2 ≡ ±1 mod n.
Suppose firstly that n = pk with p prime, and k ≥ 2. Try
a = 1 + p.
Then
n−1 n−1
a 2 ≡1+ p mod p2 ,
2
by the binomial theorem. If a(n−1)/2 ≡ ±1 mod n, then

n−1 n−1
±1 ≡ a 2 ≡ 1 + p ≡ 1 mod p,
2
so
n−1
1≡1+ p mod p2 ,
2
then p | (n − 1) /2, so p | n − 1. But p | n, a contradiction.
The remaining case is that n is composite but not a power of a prime. Write n = rs for r, s > 1, and
odd, and (r, s) = 1. By the Chinese remainder theorem,
Z/nZ ∼
= Z/rZ × Z/sZ.
Choose a such that
a ≡ −1 mod r, a≡1 mod s.
Then (a, r) = (a, s) = 1, so (a, n) = 1. Since n ≡ 3 mod 4, (n − 1) /2 is odd, so
n−1 n−1
a 2 ≡ −1 mod r, a 2 ≡1 mod s.
(n−1)/2
So a 6≡ ±1 mod n.

×
Lemma 31. Suppose that n ≡ 3 mod 4 is composite. Then the set of a ∈ (Z/nZ) which satisfy a(n−1)/2 ≡
×
±1 mod n is a proper subgroup of (Z/nZ) .
Proof. Certainly 1(n−1)/2 ≡ 1 mod n. If a(n−1)/2 ≡ ±1 mod n and b(n−1)/2 ≡ ±1 mod n,
−1
n−1

n−1 n−1 n−1 n−1
−1 2 −1
(ab) 2 ≡a 2 b 2 ≡ (±1) (±1) ≡ ±1 mod n, a ≡ a 2 ≡ (±1) ≡ ±1 mod n.

×
So this set is a subgroup of (Z/nZ) . It is a proper subgroup by Lemma 30.
×
Corollary 32. At most half the elements of (Z/nZ) satisfy a(n−1)/2 ≡ ±1 mod n.
×
Proof. The set of such elements is a proper subgroup of (Z/nZ) by Lemma 31, so it has index at least
two.
In fact, with a bit more work, you can improve this to show that at least 34 of the numbers 1 ≤ a ≤ n − 1
satisfy a(n−1)/2 6≡ ±1 mod n. So if you randomly choose numbers 1 ≤ a ≤ n − 1 x times, x and n is
composite, the probability that you find some a with a(n−1)/2 6≡ ±1 mod n is at least 1 − 14 . This gives
a probabilistic algorithm to check if n is prime in polynomial time. If you assume the generalised Riemann
hypothesis (GRH) you can find some
l
2
m n−1
1 ≤ a ≤ 2 (log n) , a 2 6≡ ±1 mod n.

In practice it is even better.

Example. If n < 341550071728321, then one of a = 2, 3, 5, 7, 11, 13, 17 will work.

15
M3P14 Number Theory 5 Public-key cryptography

5 Public-key cryptography
Public-key cryptography is private communication and identity verification.

5.1 Messages as sequences of classes modulo n

How do we turn messages into numbers in Z/nZ? The idea is to choose n very large. Say n > 28k . Write
down your message. Break it up into strings of at most k characters. Encode each character as an 8 bit
binary number. String these integers together to get an 8k bit binary number. Regard that as an integer
modulo n.

5.2 The Rivest-Shamir-Adleman (RSA) algorithm

Now apply some function f : Z/nZ → Z/nZ, and then tell whoever you are trying to communicate with the
result of this computation. Then they should apply some other function g : Z/mZ → Z/nZ, to get back the
number you started with. So want f to be injective. Want to be able to make f public without making g
public. The idea is to choose two large prime numbers p and q and set n = pq. Choose (e, Φ (n)) = 1. Find
d such that
de = 1 mod Φ (n) = (p − 1) (q − 1) = n − (p + q) + 1.
Publish n and e, and you keep p, q, Φ (n) , d secret. Let f (x) = xe mod n and g (x) = xd mod n. Then
d
(xe ) ≡ xde ≡ x mod n,
because de ≡ 1 mod Φ (n) and xΦ(n) ≡ 1 mod n. So if someone wants to send you a message c ∈ Z/nZ,
they compute ce ∈ Z/nZ, and send it to you. To decode it, you compute
d
(ce ) ≡ cde ≡ c mod n.
This assumes that (c, n) = 1, but the probability of this is extremely high. The prevailing assumption is
that with only the information n and e, it is hopeless to discover d, or to find any other way of recovering c
from ce . Lecture 9
Lecture 9 is a problems class. Wednesday
24/10/18
5.3 Signing with RSA
Lecture 10
If you have functions f, g : Z/nZ → Z/nZ with f ◦ g = g ◦ f = id, then you can also verify your identity, Friday
that is sign messages. Again, make f public, and any time you publish a message m, you also publish g (m). 26/10/18
Then anyone can apply f to g (m) to recover m = f (g (m)), but without g, no one can forge your signature.

5.4 Discrete logarithms

×
Suppose that n is prime, or more generally that (Z/nZ) is cyclic. Let g be a generator for this group, that
×
is a primitive root. For any a ∈ (Z/nZ) , we can write a = g m for some unique 0 ≤ m < Φ (n). We call m
the discrete logarithm of a to base g, and write m = logg (a).
Example. If you want to solve
xr ≡ a mod n,
write x = g y , and the congruence becomes equivalent to
yr ≡ logg (a) mod Φ (n) .
Unfortunately, or fortunately for cryptography, computing logg is believed to be a hard problem. In partic-
ular, there is no known polynomial time algorithm.
Example. Imagine that you have a system where you need to store passwords for different users, but you
do not want to store the actual passwords. One way to do this is to choose a large prime p and a primitive
root g, and if someone inputs x as their password, you store g x mod p. If they later input y, you compute
g y , and check it matches what you stored. If it does then y ≡ x mod p − 1.

16
M3P14 Number Theory 6 Quadratic reciprocity

6 Quadratic reciprocity
6.1 Quadratic residues
Let p be a prime number.
Definition 33. If (a, p) = 1, then a is a quadratic residue (QR) if and only if there is a solution to
x2 ≡ a mod p. If (a, p) = 1 and is not a QR, it is called a quadratic non-residue (QNR).
Example.
If p = 2, 1 is a QR.
2
If p = 3, 1 is a QR, and −1 is a QNR, since 12 ≡ (−1) ≡ 1 mod 3.
If p = 5, 1 and 4 are QRs, and 2 and 3 are QNRs, since 12 ≡ 42 ≡ 1 mod 5 and 22 ≡ 32 ≡ 4 mod 5.
Lemma 34. If p > 2 then there are exactly (p − 1) /2 QRs, and (p − 1) /2 QNRs modulo p.
Proof. The map
× ×
(Z/pZ) −→ (Z/pZ)
x 7−→ x2
is a group homomorphism with kernel {±1}. So the image has order (p − 1) /2, and the image is exactly the
QRs.
Proposition 35. Suppose that (a, p) = (b, p) = 1. Then
if a and b are both QRs, then ab is a QR,
if one of a and b is a QR and one is a QNR, then ab is a QNR, and
if a and b are both QNRs, then ab is a QR.
Proof. Let H be the image of
× ×
(Z/pZ) −→ (Z/pZ)
,
x 7−→ x2
×
that is H is the QRs. Then (Z/pZ) /H is a group of order two by Lemma 34, so it is cyclic of order two.
×
This statement is a restatement of Proposition 35, since (Z/pZ) = H ∪ 1 + H.
Definition 36. Let a ∈ Z and p a prime. Then the Legendre symbol is

 1 a is a QR modulo p
a
p = 0 p|a .

−1 a is a QNR modulo p


Proposition 35 can be restated as saying that

×
(Z/pZ) −→ {±1}

a
a 7−→ p

is a group homomorphism, that is

ab a a
p = p p .

Even holds if we do not assume that (a, p) = (b, p) = 1. Lecture 11

Tuesday
Theorem 37 (Euler’s criterion). If p is an odd prime, and p - a, then 30/10/18
p−1
a
p ≡a mod p.
2

17
M3P14 Number Theory 6 Quadratic reciprocity

2
Proof. Let g be a primitive root modulo p, and write a ≡ g r mod p for 0 ≤ r < p − 1. Now g (p−1)/2 =
p−1
g p−1 ≡ 1 mod p. So g (p−1)/2 ≡ ±1 mod p. Since g is a primitive root, 6≡ 1 mod p, so g (p−1)/2 ≡ −1
g 2
mod p. So
p−1 r
p−1

p−1
r
a 2 ≡ (g r ) 2 ≡ g 2 ≡ (−1) mod p.

But

2
a
p =1 ⇐⇒ ∃s ∈ Z, (g s ) ≡ a mod p
⇐⇒ 2s ≡ r mod p − 1
⇐⇒ r ∈ 2Z
r
⇐⇒ (−1) ≡ 1 mod p.

6.2 Computing Legendre symbols

Proposition 38. −1 is a square modulo p if and only if p = 2 or p ≡ 1 mod 4.
Proof. p = 2 is trivial. If p > 2, then by Euler’s criterion,
p−1
−1
p ≡ (−1) 2 mod p,

so in fact p−1
−1
p = (−1) 2 .
Then (
p−1 1 p ≡ 1 mod 4
(−1) 2 = .
−1 p ≡ 3 mod 4

Proposition 39 (Gauss’ lemma).

(

2 1 p ≡ ±1 mod 8
p = ,
−1 p ≡ ±3 mod 8
that is
p2 −1
2
p = (−1) 8 .
Proof.
p−1
2
p ≡2 2 mod p,
by Euler’s criterion. Let q = (p − 1) /2, and let
p−1
Q = (2) (4) . . . (p − 3) (p − 1) = (2 (1)) . . . (2 (q)) = 2q q! = 2 2 q!.

Subtracting p from every term which is bigger than q,

r
Q ≡ (2) (4) . . . (−3) (−1) ≡ (−1) q! mod p,
r
where r is the number of odd integers in 1, . . . , q. Since p - q!, we have 2(p−1)/2 ≡ (−1) mod p. Now the
following holds. 3 (
r 1 p ≡ ±1 mod 8
(−1) = .
−1 p ≡ ±3 mod 8

3 Exercise

18
M3P14 Number Theory 6 Quadratic reciprocity

Example. If p ≡ 1 mod 8, say p = 1+8n, then q = 4n. Odd integers in 1, . . . , 4n are 1, 3, . . . , 4n−3, 4n−1,
so r = 2n.

Example.
27 = 1, since 2 ≡ 32 mod 7.

112

= −1, since squares modulo 11 are 1, 4, 9, 5, 3.
2
−1 −2
2
−1 2
11 = −1, so 11 = 11 11 = (−1) = 1, since −2 ≡ 3 mod 11.

Theorem 40 (Law of quadratic reciprocity). If p and q are odd primes, then

p−1 q−1
p q 2 2
q = p (−1) ,

p q p q
that is q = p unless p ≡ q ≡ 3 mod 4, when q =− p .

Example.

p5 = p

5 for p 6= 5. QRs modulo 5 are 1 and 4. So
(

5 1 p ≡ ±1 mod 5
p = .
−1 p ≡ ±2 mod 5

What is 3
p for p 6= 3? If p ≡ 1 mod 4, then
(

3 p
1 p ≡ 1 mod 3
p = 3 = .
−1 p ≡ −1 mod 3

If p ≡ −1 mod 4, then (

3 p
1 p ≡ −1 mod 3
p =− 3 = .
−1 p ≡ 1 mod 3
So (
p ≡ ±1 mod 12

3 1
p = .
−1
p ≡ ±5 mod 12

For example, 37 = −1, since QRs are 1, 2, 4, and 11 3

= 1, since 52 ≡ 3 mod 11.

196 2
3 2
3

= 19 19 = (−1) (−1) = 1, since 19 = −1, because 19 ≡ 3 mod 8, and 19 ≡ −1 mod 12,
by the above.

In general to compute ap , we could do the following. Use that if a ≡ b mod p then ap = pb . So
without loss of generality |a| < p. Then write a = ± i qisi for qi prime. Then
Q

Y si
a ±1 qi
p = p p .
i
si si

qi qi qi
If si is even, then p = 1. If si is odd, then . We have formulas for −1
p p= and 2
p . If q
p

is an odd prime, q < p, then use quadratic reciprocity to relate pq and pq . Then repeat modulo q.

19
M3P14 Number Theory 6 Quadratic reciprocity

6.3 Proof of quadratic reciprocity

Lecture 12
p2 −1)/8

The proof of this is due to Rousseau, in 1991. This resembles the proof we gave that 2
p = (−1)( . Wednesday
31/10/18
Theorem 41 (Wilson’s theorem). If p is prime, then (p − 1)! ≡ −1 mod p.
Proof of Theorem 40. We will write down several choices of coset representatives for {±1}, and compare
× ×
them, that is we will write down choices of x or −x for each x ∈ (Z/pqZ) . Write elements of (Z/pqZ) as
× ×
pairs (α, β) ∈ (Z/pZ) × (Z/qZ) .
For our first set of coset representatives, take
p−1

(x, y) 1 ≤ x ≤ 2 , 1≤y ≤q−1 .
Let A be the product of these coset representatives. This is by definition
p−1

p−1
q−1
A= 2 ! , (−1) 2 .

The second set of representatives is

q−1

(x, y) 1 ≤ x ≤ p − 1, 1 ≤ y ≤ 2 .
Let B be the product of these representatives. Then by symmetry,
q−1

p−1
B = (−1) 2 , q−1 2 ! .

For the third set of representatives, select the pairs (x, y) which correspond via the Chinese remainder
theorem to the set
1 ≤ i ≤ pq−1

2 (i, pq) = 1 .
Let C be the product of these coset representatives. What is the x-coordinate of C? It is
pq−1
Y2
i.
i=1, (i,pq)=1

So
pq−1 pq−1 pq−1
   
,
Y2 Y2 Y2
i= i i , (1)
   

i=1, (i,pq)=1 i=1, (i,p)=1 i=1, (i,p)=1, q|i
  
pq−1 q−1 q−1 p−1
p 2 p 2 + 2
Y2  Y  Y 
i= i  i , (2)
  
  
i=1, (i,p)=1 i=1, (i,p)=1 q−1
i=p 2 +1, (i,p)=1

pq−1 p−1
Y2 Y2 p−1
p−1

i= qj = q 2
2 !. (3)
i=1, (i,p)=1, q|i j=1, (j,p)=1

Combining (1) , (2) , (3), get that the x-coordinate of the product is
pq−1 q−1 q−1
2 p−1

Y (p − 1)! 2
2 ! (−1) 2
i= p−1 = p−1 .
p−1

i=1, (i,pq)=1 q 2
2 ! q 2

So C, the product of these representatives, is

q−1 p−1

q p
C = (−1) 2 p , (−1) 2
q .

20
M3P14 Number Theory 6 Quadratic reciprocity

A, B, C all agree up to sign, that is up to multiplication by ±1, that is up to multiplication by

× ×
(−1, −1) ∈ (Z/pZ) × (Z/qZ) .

Looking at y-coordinates, C = pq A. Similarly C = pq B. So B = pq p
q A. To swap between A and
B, just change the signs of everything with 1 ≤ x ≤ (p − 1) /2 and (q + 1) /2 ≤ y ≤ q − 1. So

p−1 q−1
2 2
B = (−1) A.
So
p−1 q−1
q p 2 2
p q = (−1) .

6.4 Jacobi symbols

These are an extension of Legendre symbols which are useful for making computations.
Definition 42. Write b = i pri i for pi distinct primes. Then the Jacobi symbol is
Q

a
Y a ri
b = pi .
i
a a

A warning is that = 1 does not imply that a is a square modulo b. On the other hand,
b b = −1 implies
that a is not a square modulo b. Lecture 13
Lemma 43. Friday
02/11/18
1. a1ba2 = ab1 ab2 and b1ab2 = ba1 a

b2 .

2. ab depends only on a mod b.

2
3. ab = 1.

−1
(b−1)/2
4. b = (−1) .
2
= (−1)(
2
b −1)/8
5. b .
6. If a, b > 0 are both odd

a−1 b−1

a b 2 2

b a = (−1) .
Proof. All of these statements are true for Legendre symbols, that is for b prime, and a prime in 6. 1 to 3
follow immediately, and 4 to 6 also follows from 1 and the corresponding statements for Legendre symbols.
For 5, it is enough to show that if it holds for b1 and b2 , then it holds for b1 b2 . Since

2 2 2
b1 b2 = b1 b2 ,

we need to show that

b21 −1 b22 −1 (b1 b2 )2 −1
(−1) 8 (−1) 8 = (−1) 8 ,
that is need
2
b21 − 1 + b22 − 1 ≡ (b1 b2 ) − 1

mod 16,

that is b21 −1 b22 − 1 ≡ 0 mod 16. This is true because b21 ≡ b22 ≡ 1 mod 4.
Example. Since
7411 9283 1872 16 117 117
= − 7411 40

9283 =− 7411 =− 7411 =− 7411 7411 =− 7411 117 =− 117
8 5 2 5 5 117 2

=− 117 117 =− 117 117 = 117 = 5 = 5 = −1,

7411 is not a square modulo 9283.

21
M3P14 Number Theory 7 Sums of squares

7 Sums of squares
Which integers are the sum of two squares? Which integers are the sum of four squares?

7.1 Sums of two squares

Definition 44. We say that n ∈ Z is a sum of two squares if
n = x2 + y 2 , x, y ∈ Z.
Example. If n = x2 + y 2 , then since x2 , y 2 ≡ 0, 1 mod 4, we cannot have n ≡ 3 mod 4.
Example. 21 ≡ 1 mod 4, but 21 is not a sum of two squares. On the other hand, we will see that all
primes which are 1 mod 4 are sums of two squares.
Definition 45. The Gaussian integers Z [i] are the subring of C consisting of
a + bi, a, b ∈ Z.
The norm is defined by
N : Z [i] −→ Z>0
,
a + bi 7−→ a2 + b2
that is N (z) = z z̄. Then N (zw) = (zw) (zw)
¯ = (z z̄) (ww̄) = N (z) N (w).
Lemma 46. If m and n are each a sum of two squares, then so is mn.
Proof. If z = a + bi and w = c + di, then zw = (ac − bd) + (ad + bc) i, so
2 2
a2 + b2 c2 + d2 = (ac − bd) + (ad + bc) .

Theorem 47 (Fermat’s two square theorem). If p ≡ 1 mod 4 is prime, then p is a sum of two squares.
Lemma 46 and Theorem 47 together allow you to give a complete classification of the integers which are
sums of two squares, in terms of their prime factorisations.
Definition 48. A ring R is a Euclidean domain if it is an integral domain, that is ab = 0 implies that
a = 0 or b = 0, and there exists a function N : R → Z≥0 such that for all a, b ∈ R with b 6= 0, there exist
q, r ∈ R such that a = qb + r, and r = 0 or N (r) < N (b).
If R is a Euclidean domain, then you can carry out Euclid’s algorithm. In particular, irreducible elements
are the same as prime elements, and every element can be factored as a product of primes, uniquely up to
reordering and multiplication by units. Then Z [i] together with N is a Euclidean domain. By definition,
n ∈ Z is a sum of two squares if and only if there exists z ∈ Z [i] with N (z) = n. Since N (zw) = N (z) N (w),
all we have to do is to figure out what the primes in Z [i] are, and what their norms are. The units in Z [i]
are ±1 and ±i. 4 Two elements of Z [i] are associates if their ratio is a unit, that is z and w are associates
if z = uw for u = ±1, ±i. Lecture 14
2 Tuesday
Lemma 49. Let p be a prime in Z [i]. Then there is a prime q of Z such that either N (p) = q or N (p) = q .
06/11/18
In the latter case, p is an associate of q. Given q a prime in Z, there exists p such that N (p) = q if and only
if q is a sum of two squares.
Proof. Write n = N (p), and let n = q1s1 . . . qrsr be the prime factorisation of n in Z. By definition n = pp̄,
so p | n in Z [i], and so since p is prime, p | qi for some i. Write q = qi . Then p | q implies that q = pv for
some v, so N (p) N (v) = N (pv) = N (q) = q 2 . If N (p) = 1, then p is a unit, a contradiction. So N (p) | q 2 ,
so N (p) = q or N (p) = q 2 , as claimed. If N (p) = q 2 , then N (v) = 1, so v is a unit, and since q = pv, p is
an associate of q, by definition. If N (p) = q, then writing p = a + bi, we have q = a2 + b2 . Conversely, if
q = a2 + b2 = (a + bi) (a − bi), then since p | q, we have either p | a + bi or p | a − bi, so N (p) | N (a + bi) = q
or N (p) | N (a − bi) = q, and either way N (p) = q.

4 Exercise

22
M3P14 Number Theory 7 Sums of squares

Corollary 50. The primes in Z [i] are either of the form a + bi with a2 + b2 a prime in Z, or are primes of
Z which are not sums of two squares.
Theorem 51. If p = 2 or p ≡ 1 mod 4, then p is a sum of two squares.
Proof. By Corollary 50, we just have to show that p is not a prime in Z [i]. There exists n such that n2 ≡ −1
mod p. If p = 2 obvious, and if p ≡ 1 mod 4,
p−1
−1
p = (−1) 2 = 1,

by Euler’s criterion. That is, p | n2 + 1 = (n + i) (n − i). If p were prime, then p | n + i or p | n − i, that is

there exist c, d ∈ Z such that n ± i = p (c ± di), so 1 = pd, a contradiction.
Remark. If p ≡ 3 mod 4 then p is not a sum of two squares, even modulo four.
Remark. In practice, to go from n2 + 1 ≡ 0 mod p to finding a and b with a2 + b2 = p, you just compute
(n + i, p) = a + bi. You can do this computation with Euclid’s algorithm in Z [i].
Theorem 52. n ∈ Z is a sum of two squares if and only if its prime factorisation only contains primes
congruent to 3 mod 4 to even powers, that is
Y Y
n = 2a pri i qi2si .
pi ≡1 mod 4 qi ≡3 mod 4

Proof. Suppose n is of this form. Then 2, each pi , and each qi2 are all sums of two squares, so n is a sum of
two squares by Lemma 46. Conversely suppose that n = a2 + b2 , and write a + bi as a product of primes in
Z [i]. Then n = N (a + bi) is the product of the norms of these primes, and we already saw that the norms
of primes in Z [i] are either 2, a prime which is 1 mod 4, or the square of a prime which is 3 mod 4.

7.2 Sums of four squares - the ring of quaternions

Lagrange’s theorem states that every positive integer is a sum of four squares.
Definition 53. H, the ring of quaternions, is the ring of sums

a + bi + cj + dk, a, b, c, d ∈ R,

such that
addition is

(a + bi + cj + dk) + (A + Bi + Cj + Dk) = (a + A) + (b + B) i + (c + C) j + (d + D) k,

multiplication is
ij = −ji = k, jk = −kj = i, ki = −ik = j.
∗
If z = a + bi + cj + dk, we write z ∗ = a − bi − cj − dk, so (zw) = w∗ z ∗ .
Define
N (z) = zz ∗ = a2 + b2 + c2 + d2 .
∗
Then N (zw) = zw (zw) = zww∗ z ∗ = zN (w) z ∗ = zz ∗ N (w) = N (z) N (w), because N (w) ∈ R. So

a2 + b2 + c2 + d2 x2 + y 2 + z 2 + w2 = N (a + bi + cj + dk) N (x + yi + zj + wk)

= N ((a + bi + cj + dk) (x + yi + zj + wk))

2 2
= (ax − by − cz − dw) + (ay + bx + cw − dz)
2 2
+ (az − bw + cx + dy) + (aw + bz − cy + dx) .

In particular, if m and n are sums of four squares, then mn is a sum of four squares. So to prove Lagrange’s
theorem, it suffices to show that all primes are sums of four squares.

23
M3P14 Number Theory 7 Sums of squares

7.3 Proof of Lagrange’s theorem

We already saw that 2, and any prime congruent to 1 mod 4, is a sum of two squares. It remains to show
that any prime congruent to 3 mod 4 is a sum of four squares. Lecture 15
Wednesday
Lemma 54. If p ≡ 3 mod 4 is prime, then there exist x and y such that 07/11/18
x2 + y 2 + 1 ≡ 0 mod p.

Proof. Firstly, claim there exists a such that ap = 1 and a+1 p = −1. If not, since p1 = 1, we must
have
2 p−1
p = · · · = p = 1.

But we know that there are (p − 1) /2 values of b with 1 ≤ b ≤ p − 1 and pb = −1, a contradiction. Since

p ≡ 3 mod 4, −1 p = −1 by Euler’s criterion. So

−(a+1) a+1 −1
p = p p = 1.

Choose x and y such that

x2 ≡ a mod p, y 2 ≡ − (a + 1) mod p.
Then x2 + y 2 ≡ −1 mod p.
By Lemma 54, there exist x, y ∈ Z such that

x2 + y 2 + 1 = pr,

for some r. Since the congruence x2 + y 2 + 1 ≡ 0 mod p only depends on x and y modulo p, we can find x
and y with −p/2 < x, y < p/2. Then
x2 + y 2 + 1
= r < p.
p
Proposition 55. Suppose that

x2 + y 2 + z 2 + w2 = pr, 1 ≤ r < p.

If r > 1, there exist x0 , y 0 , z 0 , w0 , r0 such that

x02 + y 02 + z 02 + w02 = pr0 , 1 ≤ r0 < r.

Proposition 55 implies that p is a sum of four squares, starting with x, y, r as above, z = 1, and w = 0.

Proof.
Suppose firstly that r is even. Then either x, y, z, w are all even, all odd, or two are even and two are
odd. So without loss of generality x ≡ y mod 2 and z ≡ w mod 2. Then take
x+y x−y z+w z−w r
x0 = , y0 = , z0 = , w0 = , r0 = .
2 2 2 2 2

24
M3P14 Number Theory 7 Sums of squares

Suppose now that r is odd, and choose a, b, c, d ∈ (−r/2, r/2) such that

x ≡ a mod r, y ≡ b mod r, z ≡ c mod r, w ≡ d mod r.

Then
a2 + b2 + c2 + d2 ≡ x2 + y 2 + z 2 + w2 = pr ≡ 0 mod r.
2
Write a2 + b2 + c2 + d2 = rr0 . Then rr0 < 4 (r/2) = r2 , so 0 ≤ r0 < r. If r0 = 0 then a = b = c = d = 0,
so r0 divides each of x, y, z, w. Since x2 + y 2 + z 2 + w2 = pr, we get r2 | pr so r | p, and since r < p,
we get r = 1, and we are done. Otherwise 1 ≤ r0 < r. Then

(rr0 ) (rp) = a2 + b2 + c2 + d2 x2 + y 2 + z 2 + w2

2 2
= (ax + by + cz + dw) + (−ay + bx + cw − dz)
2 2
+ (−az − bw + cx + dy) + (−aw + bz − cy + dx) .

Then

ax + by + cz + dw ≡ x2 + y 2 + z 2 + w2 ≡ 0 mod r,
−ay + bx + cw − dz ≡ −xy + yx + zw − wz ≡ 0 mod r,
−az − bw + cx + dy ≡ −xz − yw + zx + wy ≡ 0 mod r,
−aw + bz − cy + dx ≡ −xw + yz − zy + wx ≡ 0 mod r.

So take
ax + by + cz + dw −ay + bx + cw − dz
x0 = , y0 = ,
r r
−az − bw + cx + dy −aw + bz − cy + dx
z0 = , w0 = .
r r

Remark 56. This can be interpreted as a version of Euclid’s algorithm in the ring

a + bi + cj + dk
a ≡ b ≡ c ≡ d mod 2 .
2

Note. This ring is non-commutative, and also, for example, 5 = (1 − 2i) (1 − 2i) = (1 + 2j) (1 − 2j), so you
have to be careful with unique factorisation, etc.

7.4 Sums of three squares

7 is the smallest positive integer which is not a sum of three squares. In fact no integer congruent to 7
mod 8 can be a sum of three squares, because the squares modulo 8 are 0, 1, 4.
Theorem 57. A positive integer is not a sum of three squares if and only if it is of the form

4a (8k + 7) .

Proving that numbers are not of this form is beyond this course. Serre’s a course in arithmetic is a good
place to look.

25
M3P14 Number Theory 8 Pell’s equation

8 Pell’s equation
8.1 Pell’s equation
Let d ∈ Z>1 be squarefree. Pell’s equation is

x2 − dy 2 = 1.

Example. Let d = 2. Then (x, y) = (3, 2) is a solution. In fact, there are infinitely many solutions, and
this is true for any d.
We will find it useful to write √ √
x2 − dy 2 = x + dy x − dy .
This suggests that we should look at a ring like
h√ i n √ o
Z d = a + b d a, b ∈ Z .

Definition 58. If α ∈ C, then Z [α] is the smallest subring of C containing α.

Example.
If α = 1, then Z [α] = Z.
If α = i, Z [i] is what we wrote before.
On the other hand Z [π] is the ring of a0 + · · · + an π n for ai ∈ Z and n arbitrary.
√ √ √ 2 √
Also Z 3 2 is not just the set a + b 3 2 a, b ∈ Z , because this set does not contain 3 2 = 3 4.

h i h i
Also Z p1 contains 1/pn for all n, so in fact Z p1 = {a/pn | a ∈ Z, n ≥ 0}.

An alternative definition is that Z [α] is the intersection of all subrings of C containing α. Lecture 16
Lecture 16 is a problems class. Friday
09/11/18
8.2 Quadratic subrings of C
Lecture 17
Definition 59. Say that α ∈ C is an algebraic integer of degree two if it is a root of a polynomial Tuesday
13/11/18
X 2 + aX + b, a, b ∈ Z, α∈
/ Z.

Example.
α = i is a root of X 2 + 1.
√
α = d is a root of X 2 − d for d > 1 squarefree.
Proposition 60. If α is an algebraic integer of degree two, then

Z [α] = {x + yα | x, y ∈ Z} .

Proof. Since α ∈ / Q, since if α = r/s for (r, s) = 1 then r2 + ars + bs2 = 0, so s | r2 , so s | 1,

/ Z, we have α ∈
so α ∈ Z. So if x, y ∈ Z and x + yα = 0, then x = y = 0. Certainly every x + yα ∈ Z [α]. The set {x + yα}
is closed under addition and subtraction, so we only have to check that is closed under multiplication. But

(x + yα) (X + Y α) = xX + (xY + yX) α + yY α2

= xX + (xY + yX) α + yY (aα + b)
= (xX + byY ) + (xY + yX + ayY ) α.

26
M3P14 Number Theory 8 Pell’s equation

If α is an algebraic integer of degree two, say that Z [α] is a real quadratic subring of C if α ∈ R, and an
imaginary quadratic subring of C if α ∈ / R. Let α∗ be the other root of X 2 + aX + b = 0.
√ ∗ √
Example. i∗ = −i = ī and d = − d.
If z = x + yα ∈ Z [α], write z ∗ = x + yα∗ . If Z [α] is imaginary quadratic, then α∗ = ᾱ, and z ∗ = z̄. This is
not true if Z [α] is real quadratic. Define N (z) = zz ∗ . Since α and α∗ are the roots of X 2 + aX + b, we have
α + α∗ = −a and αα∗ = b. If z = x + yα, then
N (z) = (x + yα) (x + yα∗ ) = x2 + xy (α + α∗ ) + y 2 αα∗ = x2 − axy + by 2 ∈ Z.
∗ ∗
We have (zw) = z ∗ w∗ , so N (z) N (w) = zz ∗ ww∗ = (zw) (zw) = N (zw). So N : Z [α] → Z is multiplicative.
Then N (x + yα) = 0 if and only if x = y = 0. If Z [α] is imaginary quadratic then z ∗ = z̄, and N (z) ≥ 0.
5

If Z [α] is real quadratic, we can have N (z) < 0.

√ √ √ √
Example. If α = d, then N d = d − d = −d < 0, and
√ √ √ ∗ √ √
N x + y d = x + y d x + y d = x + y d x − y d = x2 − dy 2 .

So solutions to Pell’s equation are the same thing as elements of Z [α] of norm one.

8.3 Factorisation in quadratic rings

Definition 61. The units of Z [α] are by definition the elements with multiplicative inverses, and they form
× ×
a group Z [α] under multiplication. We say that z, w ∈ Z [α] are associates if z = uw for u ∈ Z [α] .
×
If u ∈ Z [α] , then write 1 = uv. Then 1 = N (1) = N (u) N (v), so N (u) = ±1. Conversely if N (u) = ±1,
×
then ±1 = N (u) = u (u∗ ), so u (±u∗ ) = 1, so u ∈ Z [α] . So
×
Z [α] = {z ∈ Z [α] | N (z) = ±1} .
Write
×,1
Z [α] = {z ∈ Z [α] | N (z) = 1} .
×,1 ×
Then Z [α] is a multiplicative subgroup of Z [α] .

8.4 Back to Pell’s equation

√
Example. If α = d for d > 1 squarefree, then
h√ i×,1 n √ o
Z d = x + y d x2 − dy 2 = 1 .
× ×,1
If Z [α] is imaginary quadratic, then Z [α] = Z [α] is finite. What are the possibilities for this group? 6
h√ i×,1 √
What is Z d ? Certainly contains ±1. Anything else will be of the form x + y d with x, y 6= 0.
√ h√ i×,1
Lemma 62. Let x + y d be an element of Z d . Then
√
x > 0, y>0 ⇐⇒ x + y d > 1,
√
x > 0, y<0 ⇐⇒ 0 < x + y d < 1,
√
x < 0, y>0 ⇐⇒ −1 < x + y d < 0,
√
x < 0, y<0 ⇐⇒ x + y d < −1.
√ √ √ √ √
Proof. If x, y > 0 then x + y d > y d ≥ d > 1. Then x − y d = 1/ x + y d ∈ (0, 1). So replacing y
√
by −y, we get x > 0 and y < 0, so 0 < x + y d < 1. Replacing (x, y) with (−x, −y) gives the forward in
the third and fourth lines. Since the four possibilities for the right hand side are exhaustive for x, y 6= 0, we
are done.
5 Exercise
6 Exercise

27
M3P14 Number Theory 8 Pell’s equation

√ √ h√ i×,1
Lemma 63. Let z = x + y d and z 0 = x0 + y 0 d be two elements of Z d with z, z 0 > 1, that is
x, y, x0 , y 0 > 0. Then z > z 0 if and only if y > y 0 .
√ √ √
Proof. z − 1/z = x + y d − x − y d = 2y d, so just need to check that z > z 0 if and only if z − 1/z >
z 0 − 1/z 0 . But z − 1/z is increasing, since its derivative is 1 + 1/z 2 > 0.
h√ i×,1 Lecture 18
Suppose that there exists z ∈ Z d , so z 6= ±1. By replacing z by ±z ±1 , we can assume that z > 1. So Wednesday
√ 14/11/18
by Lemma 62, if z = x + y d, then x, y > 0. Let
√ h√ i×,1
=x+y d∈Z d , x, y > 0,
h√ i
with y as small as possible. Call the fundamental 1-unit of Z d .
h√ i×,1
Proposition 64. Suppose that Z d 6= {±1}, and let be the fundamental 1-unit. Then every element
h√ i×,1
n
of Z d is of the form ±n for some n ∈ Z. Conversely, N (±n ) = N (±1) N () = 1.
h√ i×,1
Proof. Let z ∈ Z d , so z 6= ±1. After replacing z by ±z ±1 , we may assume that z > 1. Choose n ≥ 0
h√ i×,1
−n
such that n ≤ z < n+1 . Then 1 ≤ z−n < , and N (z−n ) = N (z) N () = 1. So z−n ∈ Z d . So
by the choice of , and Lemma 63, we have z−n = 1, that is z = n .
√
Example. Let d = 2 and x2 − 2y 2 = 1. Then y = 2 and x = 3 is a solution. So = 3 + 2 2. Then
√ 2 √ 2
2 = 3 + 2 2 = 17 + 12 2, and 172 − 2 (12) = 1.

8.5 Constructing the fundamental 1-unit

√ √ √
The idea is that if x2 − dy 2 = 1 for x, y > 0, then x/y ≈d. Then x − y d = 1/ x + y d , which is small.
√
So one way to try to find 1-units is to find rational numbers which are good approximations to d. Want
√
to make x/y − d as small as possible for y of a given size. More generally, if α ∈ R \ Q, we might want
to find x, y > 0 such that
x C
− α < n,
y y
where C and n are fixed.
n = 0. Trivial.
n = 1, C = 1. Trivial, by just choosing any y and x/y as close to α as you can.
n = 2, C = 1. Not obvious. In fact there always exist infinitely many x and y with |x/y − α| < 1/y 2 , as
we now show.
Theorem 65 (Dirichlet’s theorem). Let α ∈ R \ Q, and let Q ∈ Z>1 . Then there exist p, q ∈ Z, such that
1
1 ≤ q < Q, |p − qα| < .
Q
Proof. For 1 ≤ k ≤ Q − 1, let ak = bkαc. Then 0 < kα − ak < 1. Consider the Q intervals

1 Q−1
0, , ..., ,1 .
Q Q
The set
{0, α − a1 , . . . , (Q − 1) α − aQ−1 , 1} ,
contains Q + 1 elements, so some pair of them must be in the same interval. The difference of these two
elements is of the form p − qα for 1 ≤ q < Q.

28
M3P14 Number Theory 8 Pell’s equation

Corollary 66. For any α ∈ R \ Q, there exist infinitely many pairs p, q ∈ Z such that
p 1
α− < 2.
q q
Proof. Certainly there exists p for q = 1. It is then enough to prove that if |α − p/q| < 1/q 2 , there exist p0
and q 0 such that
p0 1 p0 p
α− 0 < 2 , α− 0 < α− .
q (q 0 ) q q
Choose Q such that 1/Q < |α − p/q|. By Theorem 65, there exist p and q 0 with
0

p0 1 1
1 ≤ q 0 < Q, α− < < 2.
q0 Qq 0 (q 0 )
Also
p0 1 1 p
α− < ≤ < α− ,
q0 Qq 0 Q q
as required.
We can now show the following.
Theorem 67. If d > 1 is squarefree, then there exist x and y such that y 6= 0 and x2 − dy 2 = 1.
√
Proof. By Corollary 66, there exist infinitely many (pi , qi ) for pi , qi > 0 such that pi /qi − d < 1/qi2 , that
√
is pi − qi d < 1/qi . Then
√ √ √ 1 √ √
pi + qi d ≤ pi − qi d + 2qi d < + 2qi d < 3qi d.
qi
So
√ √ √ √ √

1
N pi + qi d = pi + qi d pi − qi d < 3qi d = 3 d.
qi
√ √ √
So there exists M ∈ −3 d, 3 d such that N pi + qi d = M for infinitely many i. Then there exists
(p0 , q0 ) such that
pi ≡ p0 mod M, qi ≡ q0 mod M,
for infinitely many i. Now consider (pi , qi ) 6= (pj , qj ) of this form, that is
√ √
N pi + qi d = N pj + qj d = M, pi ≡ pj mod M, q i ≡ qj mod M.
Then √ √
√ √

pi − qi d pi − qi d pj + qj d (pi pj − dqi qj ) + (pi qj − pj qi ) d
√ = = ,
pj − qj d M M
pi qj ≡ pj qi mod M, pi pj − dqi qj ≡ p2i − dqi2 = M ≡ 0 mod M.
So √ !
pi − qi d M
N √ = = 1,
pj − qj d M
√ √ h√ i×,1
so pi − qi d / pj − qj d ∈ Z d , as required.

8.6 The equation x2 − dy 2 = −1

h√ i× Lecture 19
x2 − dy 2 = −1 has a solution if and only if there exists u ∈ Z d such that N (u) = −1. Given such a u, Friday
16/11/18
all solutions to the equation are given by ±un for n ∈ Z, since N (v) = −1 if and only if N (v) = N (u), if
and only if N (v/u) = 1.
Example. If d = 3, there are no solutions, as X 2 ≡ −1 mod 3 has no solutions.

29
M3P14 Number Theory 9 Continued fractions

9 Continued fractions
9.1 Rational continued fractions
Let p/q ∈ Q. Write
p p
= a0 + r0 , a0 = ∈ Z, 0 ≤ r0 < 1.
q q
If ri 6= 0, write
1 1
= ai+1 + ri+1 , ai+1 = ∈ Z≥1 , 0 ≤ ri+1 < 1.
ri ri
Eventually get some rn = 0. Write
p 1
= a0 + .
q 1
a1 +
1
··· +
an
Example.
40 2 19 1 40 1
=2+ , =9+ =⇒ =2+ .
19 19 2 2 19 1
9+
2+0

9.2 Infinite continued fractions

Let α ∈ R \ Q. As above, set a0 = bαc, write

α = a0 + r0 , a0 = bαc ∈ Z, 0 ≤ r0 < 1.

Define sequences ai and ri by

1 1
= ai+1 + ri+1 , ai+1 = ∈ Z≥1 , 0 ≤ ri+1 < 1.
ri ri

By definition, ai ≥ 1 if i > 0. Write

1
α = a0 + .
1
a1 +
1
a2 +
...
√
Example. Let α = 3. Then
√ √
√ 1 1 3+1 3−1
a0 = 1, r0 = 3 − 1, = √ = =1+ ,
r0 3−1 2 2
√
3−1 1 2 √ √
a1 = 1, r1 = , =√ = 3+1=2+ 3−1 ,
2 r1 3−1
√ 1 1 1
a2 = 2, r2 = 3 − 1 = r0 , =√ = ,
r2 3−1 r0
so (
1 i > 0 odd
ai = .
2 i > 0 even

If a0 , . . . , an ∈ R, then
1
[a0 ; a1 , . . . , an ] = a0 + .
1
a1 +
1
··· +
an

30
M3P14 Number Theory 9 Continued fractions

Lemma 68. If a0 , . . . , an ∈ R, define pi and qi for 0 ≤ i ≤ n by

p0 = a0 , q0 = 1, p1 = a0 a1 + 1, q1 = a1 , pi = ai pi−1 + pi−2 , qi = ai qi−1 + qi−2 .
Assuming that no qi = 0, we have [a0 ; a1 , . . . , an ] = pn /qn .
Proof. Induction on n.
n = 0. a0 = a0 /1 is trivial.
n = 1. a0 + 1/a1 = (a0 a1 + 1) /a1 is trivial.
n > 1. Define sequences p0i and qi0 for 0 ≤ i ≤ n − 1 by applying the definition to the sequence
1
a0 , . . . , an−2 , an−1 + .
an
By definition, p0i = pi and qi0 = qi if i ≤ n − 2. By induction,
p0

1
a0 ; a1 , . . . , an−2 , an−1 + = n−1
0 .
an qn−1
By definition,
1
[a0 ; a1 , . . . , an ] = a0 ; a1 , . . . , an−2 , an−1 + .
an
So we only need to show that p0n−1 /qn−1
0
= pn /qn , and
p0n−1 (an−1 + 1/an ) p0n−2 + p0n−3 (an−1 + 1/an ) pn−2 + pn−3
0 = 0 0 =
qn−1 (an−1 + 1/an ) qn−2 + qn−3 (an−1 + 1/an ) qn−2 + qn−3
(an an−1 + 1) pn−2 + an pn−3 an (an−1 pn−2 + pn−3 ) + pn−2 an pn−1 + pn−2 pn
= = = = .
(an an−1 + 1) qn−2 + an qn−3 an (an−1 qn−2 + qn−3 ) + qn−2 an qn−1 + qn−2 qn

Suppose now that ai ≥ 1 if i ≥ 1. Then qi = ai qi−1 + qi−2 ≥ qi−1 + qi−2 . So the qi form an increasing
sequence, in fact with qi ≥ qi−1 + qi−2 ≥ 2qi−2 , so it even increases exponentially. If a0 , a1 , · · · ∈ R is an
infinite sequence with ai ≥ 1 for all i, say that pi /qi is the i-th convergent to
1
a0 + .
1
a1 +
1
a2 +
...
Lemma 69. For all n,
n−1
pn qn−1 − qn pn−1 = (−1) .
Proof. Obvious for n = 1. For the inductive step,
pn qn−1 − qn pn−1 = (an pn−1 + pn−2 ) qn−1 − (an qn−1 + qn−2 ) pn−1
= pn−2 qn−1 − qn−2 pn−1
= − (pn−1 qn−2 − qn−1 pn−2 ) .

Note. If ai ∈ Z, then pi , qi ∈ Z, and Lemma 69 implies that (pn , qn ) = 1. In general, Lemma 69 implies
that
pn pn−1 1
− = .
qn qn−1 qn qn−1
Pn
If ai ≥ 1 for all i ≥ 1, then the sequence qi increases exponentially. So i=1 1/qi qi−1 converges, so that
(pn /qn ) is a Cauchy sequence, so it converges.

31
M3P14 Number Theory 9 Continued fractions

Lecture 20
Lemma 70. Let α ∈ R \ Q, and let [a0 ; a1 , a2 , . . . ] be the corresponding continued fraction. Then pn /qn < α
Tuesday
if n is even, and pn /qn > α if n is odd.
20/11/18
Proof. Induction on n.
n = 0. a0 = bαc < α and p0 /q0 = a0 /1 = a0 .
n odd. By induction, we have [a1 ; a2 , . . . , an ] < 1/ (α − a0 ), since α = a0 + 1/ (a1 + 1/ . . . ). That is,
α − a0 < 1/ [a1 ; a2 , . . . , an ], that is
1 pn
α < a0 + = [a0 ; a1 , . . . , an ] = .
[a1 ; a2 , . . . , an ] qn
n even. The same argument with >.

Corollary 71. Assume α ∈ R \ Q and a0 , a1 , · · · ∈ Z be coming from its continued fraction. Let pn /qn =
[a0 ; a1 , . . . , an ] be the n-th convergent. Then
pn 1
α− < .
qn qn qn+1
In particular, pn /qn → α as n → ∞.
Proof. Either pn /qn < α < pn+1 /qn+1 or pn /qn > α > pn+1 /qn+1 , by Lemma 70. Either way,
pn pn pn+1 1
−α < − ≤ ,
qn qn qn+1 qn qn+1
by Lemma 69.
Note. 1/qn qn+1 < 1/qn2 , so the sequence (pn /qn ) satisfies the requirements of Dirichlet’s theorem.

9.3 Best approximations

Fix α ∈ R \ Q. Define ai and ri by
α = a0 + r0 , a0 = bαc ∈ Z, 0 < r0 < 1,
If i ≥ 1,
1 1
= ai+1 + ri+1 , ai+1 = ∈ Z≥1 , 0 < ri+1 < 1.
ri ri
Lemma 72. For all n,
pn + pn−1 rn
α= .
qn + qn−1 rn
Proof. α = [a0 ; a1 , . . . , an , 1/rn ], so set pn+1 = pn /rn + pn−1 and qn+1 = qn /rn + qn−1 . Then by Lemma 68,
pn+1 pn /rn + pn−1 pn + pn−1 rn
α= = = .
qn+1 qn /rn + qn−1 qn + qn−1 rn

Corollary 73. For all n,

32
M3P14 Number Theory 9 Continued fractions

Theorem 74. Let h, k ∈ Z and 0 < |k| < qn+1 . Then

|kα − h| ≥ |αqn − pn | ,
with equality only if |k| = qn . If |k| ≤ qn , then
h pn
−α ≥ −α ,
k qn
with equality if and only if h/k = pn /qn .
Proof. By Lemma 69 there exist u, v ∈ Z such that h = upn + vpn+1 and k = uqn + vqn+1 , since
−1
h pn pn+1 u u pn pn+1 h 1 qn+1 −pn+1 h
= ⇐⇒ = = n .
k qn qn+1 v v qn qn+1 k (−1) −qn pn k
By assumption, 0 < |k| < qn+1 . So u 6= 0, else k = vqn+1 , so |v| < 1 is a contradiction. If v 6= 0, then u and
v have opposite signs, else
|k| = |uqn | +|vqn+1 | ≥ qn + qn+1 > qn+1 .
If v = 0, then h = upn and k = uqn , and everything is easy. If v 6= 0, then write
kα − h = u (αqn − pn ) + v (αqn+1 − pn+1 ) .
Then u and v have opposite signs. By Lemma 70, αqn − pn and αqn+1 − pn+1 also have opposite signs. So
u (αqn − pn ) and v (αqn+1 − pn+1 ) have the same sign. So
|kα − h| = |u (αqn − pn )| +|v (αqn+1 − pn+1 )| > |αqn − pn | ,
if u, v 6= 0. For the last part, if |k| ≤ qn then 1/|k| ≥ 1/qn . So |kα − h| /|k| ≥ |qn α − pn | /qn , that is
|α − h/k| ≥ |α − pn /qn |.
Corollary 75. If h, k ∈ Z with |α − h/k| < 1/2k 2 , then
h pn
= ,
k qn
for some n.
Proof. Without loss of generality k ≥ 1, and qn ≤ k < qn+1 for some n. Then
pn h pn h 1 1
− ≤ −α + α− = |αqn − pn | + |αk − h|
qn k qn k qn k

1 1 1 1 h 1 1 1 1
≤ + |αk − h| = k + α− < + ≤ ,
qn k qn k k 2k qn k kqn
by Theorem 74. So |pn /qn − h/k| < 1/kqn . So pn /qn − h/k = 0, as required.

9.4 Returning to Pell’s equation

√ Lecture 21
Pell’s equation is x2 − dy 2 = 1. If (x, y) is a solution, then d − x/y is small. Wednesday
21/11/18
Proposition √ 76. Let d > 1 be squarefree, and let pn /qn be the sequence of convergents for the continued
fraction for d. If x, y > 0 with x2 − dy 2 = ±1, then x = pn and y = qn for some n.
Proof.
Firstly suppose x2 − dy 2 = 1. It is enough to show that x/y = pn /qn for some n. Since (p
n , qn ) = 1,
this implies that x = rpn and y = rqn for some r, and then 1 = x2 − dy 2 = r2 p2n − dqn2 , so r = 1.
√ 2
√ √
By Corollary 75, it suffices to prove that d − x/y < 1/2y . Since x − y d = 1/ x + y d > 0, so
√ √
x > y d, and x/y > d. So
x √ x √ √ 1

1 1 1 1 1 1
− d = − d= x−y d = √ < √ √ = √ < 2.
y y y y x+y d y y d+y d 2 dy 2 2y

33
M3P14 Number Theory 9 Continued fractions

Now assume x2 − dy 2 = −1. Again enough to √ show

that x/y = p√
n /qn . Trick is to rewrite as
2 2
√
y − x /d = 1/d. Then y − x/ d = (1/d) / y + x/ d > 0. So y > x/ d, so
√
y 1 y 1 1 x 1 1/d 1 1/d 1/ d 1
−√ = −√ = y− √ = √ < √ √ = < 2.
x d x d x d x y + x/ d x x/ d + x/ d 2x2 2x
√ j √ k
So Corollary 75 implies that y/x is a convergent for the continued fraction of 1/ d. Then 1/ d = 0,
√ √ √
so the continued fraction for 1/ d is of the form [0; a0 , a1 , . . . ]. The next step is 1/ 1/ d = d. So
√ √
if d = [a0 ; a1 , a2 , . . . ], then 1/ d = [0; a0 , a1 , . . . ], since
√ 1 1 1
d = a0 + , √ =0+ .
1 d 1
a1 + a0 +
1 1
a2 + a1 +
... ...
√
So the convergents for 1/ d are the qn /pn . So y/x = qn /pn for some n, and x/y = pn /qn .

Example.
√
3 = [1; 1, 2, 1, 2, . . . ] = 1; 1, 2 .

√ √ √ √ √ √
2=1+

2 − 1 , 1/ 2 − 1 = 2 + 1 = 2 + 2 − 1 , so 2 = 1; 2 .
√ √ √ √ √ √
5=2+

5 − 2 , 1/ 5 − 2 = 5 + 2 = 4 + 5 − 2 , so 5 = 2; 4 .
√
7 = 2; 1, 1, 1, 4 .

√
13 = 3; 1, 1, 1, 1, 6 .

√
43 = 6; 1, 1, 3, 1, 5, 1, 3, 1, 1, 12 .

Definition 77. We say that [a0 ; a1 , a2 , . . . ] is eventually periodic if there exist N, d > 0 such that
an+d = an for all n ≥ N . We say that it is periodic if we can take N = 0.
Fact 78. The following are facts.
√
The continued fraction of d is eventually periodic.
In fact, it is of the form
a0 ; a1 , . . . , am−1 , 2a0 .

a1 , . . . , am−1 is symmetric, that is ai = am−i for 1 ≤ i ≤ m − 1.

The n for which p2n − dqn2 = ±1 are exactly the n for which n ≡ −1 mod m. If n = lm − 1, then
lm
p2n − dqn2 = (−1) .

The fundamental 1-unit is ( √

pm−1 + qm−1 d m even
√ .
p2m−1 + q2m−1 d m odd

There is a solution to x2 − dy 2 = −1 if and only if m is odd, in which case the solutions are

(x, y) = (pn , qn ) , n≡m−1 mod 2m.

34
M3P14 Number Theory 9 Continued fractions

Example.
Let x2 − 43y 2 = ±1, so m = 10 is even, so there are no solutions to x2 − 43y 2 = −1. The smallest
solution for x2 − 43y 2 = 1 is p9 and q9 . Then
i 0 1 2 3 4 5 6 7 8 9
a 6 1 1 3 1 5 1 3 1 1
,
p 6 7 13 46 59 341 400 1541 1941 3482
q 1 1 2 7 9 52 61 235 296 531
2
so p9 = 3482, so 34822 − 43 (531) = 1 is the smallest solution.
For 13, m = 5 so p4 and q4 is the smallest solution for x2 − 13y 2 = −1 and p9 and q9 is the smallest
solution for x2 − 13y 2 = 1. Then
i 0 1 4 2 3
a 3 1 1 1 1
,
p 3 4 18 7 11
q 1 1 5 2 3
2 2 √
so 18 − 13 (5) = −1 is the smallest solution, and N 18 + 5 13 = −1, so
√ 2 √

N 18 + 5 13 = N 649 + 180 13 = 1.
√
In fact, it follows from our facts that this is the fundamental 1-unit, that is p9 + q9 13.

9.5 Periodic continued fractions

Lecture 22
Definition 79. α ∈ R \ Q is a quadratic irrational if it is a root of some aX 2 + bX + c = 0, for a, b, c ∈ Q Friday
not all zero. 23/11/18
Proposition 80. If α has an eventually periodic continued fraction, then α is a quadratic irrational.
Proof.
Suppose firstly that the continued fraction of α is periodic. Suppose an+d = an for all n, for some
d ≥ 1. Then
1
α = a0 + .
1
a1 +
1
··· +
1
ad−1 +
α
This gives an equation of the form α = (xα + y) / (zα + w) for w, x, y, z ∈ Z, by applying Lemma 72 to
[a0 ; a1 , . . . , ad−1 , α]. Then (zα + w) α − (xα + y) = 0, that is zα2 + (w − x) α − y = 0. Since α ∈ R \ Q,
we conclude that α is a quadratic irrational.
Suppose now that α is only eventually periodic. Then
1
α = a0 + ,
1
a1 +
1
··· +
1
aN +
β
where β has a periodic continued fraction. So β is a quadratic irrational. To complete the proof, we
need to show that if γ is a quadratic irrational, then 1/γ and γ + n are quadratic irrationals for any
n ∈ Z. If γ is a root of aX 2 + bX + c = 0, then 1/γ is a root of cX 2 + bX + a = 0, and γ + n is a root
2
of a (X − n) + b (X − n) + c = 0.

In fact, the converse is also true. All quadratic irrationals have eventually periodic continued fractions.

35
M3P14 Number Theory 10 Diophantine approximation

10 Diophantine approximation
10.1 Liouville’s theorem
Definition 81. Let d ∈ Z≥1 . Then α ∈ C is algebraic of degree d if there exists a polynomial of degree
d with integer coefficients and α as a root, and there does not exist such a polynomial of smaller degree.
Example. d = 1 is Q and d = 2 is the quadratic irrationals.
Theorem 82 (Liouville’s theorem). Let α ∈ R be algebraic of degree d. Then for any e ∈ R>d , there are
only finitely many p/q ∈ Q with
p 1
− α < e.
q q
Proof. Let P (X) be a polynomial of degree d with coefficients in Z, with P (α) = 0. Choose > 0 such that
the only root of P (X) in [α − , α + ] is α. Write P (X) = (X − α) Q (X). Then Q (X) is a polynomial of
degree d − 1 with real coefficients, so in particular it is continuous, so there exists K such that |Q (x)| ≤ K
for x ∈ [α − , α + ]. Assume that |p/q − α| < 1/q e . We may assume that q is large enough that 1/q e < .
Since P has integer coefficients and is of degree d, we have |P (p/q)| ≥ 1/q d . Note that P (p/q) 6= 0, or we
could replace P by P 0 with P (X) = (qX − p) P 0 (X). Since |p/q − α| < , p/q ∈ [α − , α + ], so

1 p p p p K
≤ P = −α Q ≤ K −α < e.
qd q q q q q
So K > q e−d , so K 1/(e−d) > q. So there are only finitely many possible q, so only finitely many p/q.

10.2 Constructing transcendentals

Recall that α ∈ C is algebraic if it is algebraic of some degree d, and otherwise it is transcendental. The
set of polynomials with integer coefficients is countable, so the set of algebraic numbers is countable. Since
R is uncountable, transcendental numbers exist. Liouville’s theorem gives a criterion. If for every e > 0,
there are infinitely many p/q with |α − p/q| < 1/q e , then α cannot be algebraic.
Pk
Example. Let α = n≥1 10−n! and αk = n=1 10−n! . Then αk is rational with denominator q = 10k! , and
P

∞
X 1 1 1 1 1 2
|α − αk | = = 1 + + . . . = 1 + + . . . < k+1 .
10n! 10(k+1)! 10(k+2)!−(k+1)! q k+1 10k+1 q
n=k+1

If d ∈ Z>0 , and k > d, then 2/q k+1 < 1/q d . So there exist infinitely many p/q = αk such that |α − p/q| <
1/q d . Take d arbitrarily large, so α is transcendental.

10.3 Roth’s theorem

Lecture 23
Theorem 83 (Roth’s theorem). Suppose that α is algebraic. Then for any > 0, there exist only finitely Tuesday
many x/y ∈ Q with |α − x/y| < 1/y 2+ . 27/11/18
This can be used to show that many more numbers are transcendental than Liouville’s theorem could.
−3n
P
Example. n≥1 10 is transcendental.
Example. We saw that if d > 1 is squarefree, then x2 − dy 2 = 1 has infinitely many solutions with x, y ∈ Z.
Suppose now that d > 1, and consider x3 − dy 3 = 1.
3
d = e3 is a cube. Then x3 − dy 3 = x3 − (ey) = 1, so either (x, y) = (1, 0) or (x, y) = (0, 1) and d = 1.
√ √
d is not a cube. Then 3 d ∈ R \ Q is algebraic, as X 3 − d = 0. Suppose x > 1, so x > 3 dy. Then
√
3 x3 − dy 3 1 1 1
x − dy = √
3
√3
= √3
√
3
< √ 3
= √ 3
.
2
x + x dy + d y 2 2 2
x + x dy + d y 2 2 3 d y2 2 3 d2 y 2
√ √
3
√3
So x/y − 3 d < 1/3 d2 y 3 . Choose any 0 < < 1. Then 1/3 d2 y 3 < 1/y 2+ , for all y sufficiently
large. So Roth’s theorem tells us that there are only finitely many solutions. Similarly if x < 0.

36
M3P14 Number Theory 11 Primes in arithmetic progressions

11 Primes in arithmetic progressions

11.1 Primes in arithmetic progressions
A question is how are the prime numbers distributed modulo n? Are there infinitely many primes congruent
to a mod n for each a and n? The answer is no in general.
Example. There are finitely many primes congruent to 2 mod 4, or 0 mod 2.
If (a, n) 6= 1 then since any number is congruent to a mod n is divisible by (a, n), we can have at most one
prime. If (a, n) = 1, there is no obvious obstruction.
Example. There are infinitely many primes congruent to 1 mod 2.
Theorem 84 (Dirichlet’s theorem). If (a, n) = 1, then there are infinitely many primes congruent to a
mod n.
We will prove this for a = 1.

11.2 Elementary results

Theorem 85. There are infinitely many primes.
Proof. Let S be a finite set of primes, and let
Y
Q=1+ p.
p∈S

Then Q > 1, so it has a prime factor q. Then q ∈

/ S, so we are done.
Theorem 86. There are infinitely many primes congruent to 3 mod 4.
Proof. Let S be a finite set of primes which are congruent to 3 mod 4. Let
Y
Q=2+ p2 .
p∈S

Then Q > 1, and Q ≡ 3 mod 4, so Q has a prime factor q which has q ≡ 3 mod 4. Then q ∈
/ S, so we are
done.
Lemma 87. Let x be even, and p be a prime factor of x2 + 1, then p ≡ 1 mod 4.

Proof. Certainly p is odd. Then x2 + 1 ≡ 0 mod p, so x2 ≡ −1 mod p, so −1
p = 1, so p ≡ 1 mod 4.

Theorem 88. There are infinitely many primes congruent to 1 mod 4.

Proof. Let S be a finite set of primes congruent to 1 mod 4. Let
 2
Y Y
Q=1+4 p2 = 1 + 2 p .
p∈S p∈S

Then Q > 1, and if q is a prime factor of Q then q ∈

/ S, and q ≡ 1 mod 4 by Lemma 87.
The general idea is to find a polynomial P (x) such that every prime factor of P (nx) is congruent to a
mod n, or at least one. Turns out that this can be done only when a2 ≡ 1 mod n. We will find such
polynomials for a = 1.
Theorem 89. For any prime q, there are infinitely many primes congruent to 1 mod q.
Definition 90. The q-th cyclotomic polynomial is
Xq − 1
Φq (X) = = X q−1 + · · · + 1.
X −1

37
M3P14 Number Theory 11 Primes in arithmetic progressions

Theorem 91. Let p 6= q be prime, and let a ∈ Z. Then p | Φq (a) if and only if a has order q mod p.

Proof. a has order q mod p if and only if aq ≡ 1 mod p and a 6≡ 1 mod p. If p | Φq (a) then p | aq − 1. If
also a ≡ 1 mod p, then Φq (a) ≡ Φq (1) ≡ q 6≡ 0 mod p, a contradiction. Conversely if aq ≡ 1 mod p and
a 6≡ 1 mod p, then (aq − 1) / (a − 1) ≡ 0 mod p.
Lecture 24
Wednesday
Corollary 92. If p 6= q is prime, and a ∈ Z, and p | Φq (a), then p ≡ 1 mod q.
28/11/18
Proof. By Theorem 91, a has order q mod p. But ap−1 ≡ 1 mod p, by Fermat’s little theorem. So
q | p − 1.
Theorem 93. Let q be prime. Then there are infinitely many primes with p ≡ 1 mod q.
Proof. Let S be a finite set of primes which are congruent to 1 mod q. Let
Y
R= p.
p∈S

Consider Φq (qR) ≥ qR + 1 > 1. Let p be a prime factor of Φq (qR). By Corollary 92, either p = q, or p ≡ 1
q−1
mod q. Since Φq (qR) = (qR) + · · · + 1 ≡ 1 mod qR, so p 6= q, p ∈
/ S, and p ≡ 1 mod q.

11.3 Cyclotomic polynomials

Definition 94. Let n ∈ Z≥1 . Then

Y 2πai
Φn (X) = X −e n .
1≤a≤n, (a,n)=1

Lemma 95. For any n, we have Y

Xn − 1 = Φd (X) .
d|n, d>0

Proof. Each side is a monic polynomial, so we just need to check that the roots are the same, with multipli-
cities. The left hand side are the n-th roots of unity, with multiplicity one each. The right hand side is Φd ,
the primitive d-th roots of unity, with multiplicity one. Each n-th root of unity is a primitive d-th root of
unity for some unique d | n. The result follows.

From this it is easy to deduce the following.

Lemma 96. For any n ≥ 1, Φn (X) ∈ Z [X].
Proof. By induction on n. If n = 1, Φ1 (X) = X − 1. Assume that the result holds for all d | n for d < n.
By Lemma 95, if we set Y
P (X) = Φd (X) ,
d|n, 0<d<n
n
then P (X) ∈ Z [X], P (X) is monic, and X − 1 = Φn (X) P (X). Write
X X
Φn (X) = ai X i , P (X) = bi X i ,
i i

and assume that not all ai ∈ Z. Let q be maximal with aq ∈ / Z. Let e = deg P , so P (X) = X e + be−1 X e−1 +
q+e
· · · + b0 . Then the coefficient of X in Φn (X) P (X) is

aq + aq+1 be−1 + · · · + aq+e b0 , aq+1 be−1 + · · · + aq+e b0 ∈ Z.

Since Φn (X) P (X) = X n − 1 ∈ Z [X], this is a contradiction.

38
M3P14 Number Theory 11 Primes in arithmetic progressions

Definition 97. Let F be any field, and let P (X) ∈ F [X]. Then P 0 (X), the derivative of P (X), is defined
Pd
as follows. If P (X) = n=0 an X n , then
d
X
P 0 (X) = nan X n−1 .
n=1
0 0
Note. (P + Q) = P 0 + Q0 and (P Q) = P 0 Q + P Q0 .
2
Lemma 98. Suppose that (X − α) divides P (X). Then α is a root of both P and P 0 .
2
Proof. Write P (X) = (X − α) R (X). Then
2
P 0 (X) = (X − α) R0 (X) + 2 (X − α) R (X) = (X − α) ((X − α) R0 (X) + 2R (X)) .

Corollary 99. If p - n, then Φn (X) has no repeated roots modulo p.

Proof. It suffices to show that X n − 1 has no repeated roots modulo p. The derivative of X n − 1 is nX n−1 ,
so its only root is zero, which is not a root of X n − 1. So we are done by Lemma 98.
Note. If n = p,
p p−1
X p − 1 ≡ (X − 1) mod p, Φp (X) ≡ (X − 1) mod p.
Theorem 100. Suppose p - n and a ∈ Z. Then p | Φn (a) if and only if a has order exactly n mod p.
Proof. Firstly suppose that a has order exactly n. Then a is a root of X n − 1 mod p, but not a root of
X d − 1 for any d | n for d < n. Since Φd (X) | X d − 1, a cannot be a root of Φd (X) for any d | n for d < n.
Let Y
X n − 1 = Φn (X) Φd (X) , (4)
d|n, 0<d<n

so a is a root of Φn (X) mod p, that is p | Φn (a). Conversely, suppose that p | Φn (a). Then a is a root of
Φn (X) mod p, so by (4), a is a root of X n − 1 mod p. We need to show that a is not a root of X d − 1 for
any d | n for d < n. Writing Y
Xd − 1 = Φe (X) ,
e|d

a would be a root of Φe (X) for some e | d | n. So by (4), a is a root of both Φn (X) and Φe (X), so a is a
repeated root of X n − 1 mod p. This contradicts Corollary 99.
Corollary 101. If p - n, and a ∈ Z, then if p | Φn (a), then p ≡ 1 mod n.
Proof. a has order n mod p by Theorem 100, so n | p − 1, by Fermat’s little theorem.

11.4 Primes congruent to 1 mod n

We are now in a position to prove the following.
Theorem 102. If n ∈ Z≥1 , there are infinitely many primes p with p ≡ 1 mod n.
Proof. Let S be a finite set of primes congruent to 1 mod n, and let
Y
R= p.
p∈S

For each k, let Qk = Φn (knR) ∈ Z. Note that not all Qk are ±1, since Φn (X) is a non-constant polynomial.
n
Thus choose k large enough that Qk > 1, so there is a prime p dividing Qk . Since Qk divides (knR) − 1,
no prime dividing n or R can divide Qk . Thus p is not in S, and by Corollary 101 p is congruent to 1
mod n.
Lecture 25
Lecture 25 is a problems class. Friday
30/11/18
39
M3P14 Number Theory 12 Arithmetic functions

12 Arithmetic functions
Lecture 26
An arithmetic function is a function f : Z≥1 → C, such as Φ. Tuesday
04/12/18
12.1 Dirichlet convolution
The set of arithmetic functions is a ring in the following way. Addition is (f + g) (n) = f (n) + g (n).
Multiplication is Dirichlet convolution f ∗ g,
X n X
(f ∗ g) (n) = f (d) g = f (a) g (b) .
d
d|n, d≥1 a,b≥1, ab=n

We have f ∗ g = g ∗ f and f ∗ (g ∗ h) = (f ∗ g) ∗ h, and both are given by

X
(f ∗ g ∗ h) (n) = f (a) g (b) h (c) .
a,b,c≥1, abc=n

Then f ∗ (g + h) = f ∗ g + f ∗ h. There exists a multiplicative unit , that is f ∗ = ∗ f = f . This is easy

to figure out. We need X
f (n) = (f ∗ ) (n) = f (a) (b) .
ab=n

Example. f (4) = f (4) (1) + f (2) (2) + f (1) (4). This forces (1) = 1 and (2) = (4) = 0.
So (
1 n=1
(n) = .
0 n>1

12.2 Möbius inversion

The Möbius function µ : Z≥1 → C is defined as follows.

1
 n=1
µ (n) = (−1)k n = p1 . . . pk is a product of distinct prime factors .

0 otherwise


Lemma 103. If 1 is the function 1 (n) = 1 for all n, then 1 ∗ µ = .

Proof. (1) = (1 ∗ µ) (1) = 1 × 1. If n > 1, we just have to check that
X X
µ (d) = 1 (a) µ (b) = 0.
d|n ab=n

Let p1 , . . . , pk be the distinct primes dividing n. Then

1
! 1
! k
X X 1 +···+k
X 1
X k
Y
µ (d) = (−1) = (−1) ... (−1) = 0, n= pi i .
d|n (1 ,...,k ), i =0,1 1 =0 k =0 i=1

Proposition 104 (Möbius inversion). If f and g are arithmetic functions then g = f ∗ 1 if and only if
f = g ∗ µ.
Proof. (f ∗ 1) ∗ µ = f ∗ (1 ∗ µ) = f ∗ = f , by Lemma 103, and (g ∗ µ) ∗ 1 = g ∗ (µ ∗ 1) = g ∗ = g.
P
Example. Let id (n) = n. Then id = Φ ∗ 1. That is, n = d|n Φ (d). So Φ = id ∗µ. So
X n X µ (d)
Φ (n) = µ (d) =n .
d d
d|n d|n

40
M3P14 Number Theory 13 The distribution of prime numbers

13 The distribution of prime numbers

Let π (X) be the number of primes p such that p ≤ X.

13.1 Reminder of asymptotic notation

A B, or A = O (B), means there exists a constant C > 0 such that |A| ≤ CB, and B A means A B.
Example. If x ≥ 1, x x2 ex /x100 .
A k B means A B with the constant C depending on k.
Example. kx k x.
A = o (B) means for all > 0 we have |A| ≤ B as some other specified parameter becomes large enough.
Example. 1/ log x = o (1) as x → ∞.
A ∼ B means A = (1 + o (1)) B.

13.2 The prime number theorem

Theorem 105 (Prime number theorem).
X
π (X) ∼ , X → ∞.
log X
Theorem 106. There exist constants 0 < c1 < 1 < c2 such that for all sufficiently large X,
X X
c1 ≤ π (X) ≤ c2 .
log X log X
This implies that
X
π (X) = O .
log X
Lecture 27
Proof. Wednesday
05/12/18
Firstly consider the lower bound. We will prove that for some C1 > 1, we have
Y
≥ C1n . (5)
p≤2n

Given (5), we have Y

π(2n)
(2n) ≥ p ≥ C1n .
p≤2n

Taking logarithms,
1 2n
π (2n) ≥ log C1 .
2 log 2n
This gives the lower bound if X = 2n ∈ Z is even, but since π (X + 1) − π (X) ≤ 1, it is easy to get
the lower bound for all X. We will prove (5) by considering the prime factors of

2n Y
= pvp (n) .
n
p≤2n

Claim that
√
1. if p > 2n then vp (n) ≤ 1,
2. for all p ≤ 2n, pvp (n) ≤ 2n, and
3. p≤2n pvp (n) ≥ 4n / (2n + 1).
Q

41
M3P14 Number Theory 13 The distribution of prime numbers

Suppose 1 to 3 are true. Then

4n Y Y Y
≤ pvp (n) = pvp (n) pvp (n) by 3
2n + 1 √ √
p≤2n p≤ 2n 2n<p≤2n
√
≤ (2n) (
2n)
π
Y
pvp (n) by 2
√
2n<p≤2n
√
≤ (2n) (
2n)
π
Y
p by 1
√
2n<p≤2n
√ √
≤ (2n) (
2n)
π
Y 2n
Y
p ≤ (2n) p.
p≤2n p≤2n

So Y 4n
p≥ √ .
2n
p≤2n (2n + 1) (2n)
For n sufficiently
√
large, and any 4 > C1 , the right hand side is at least C1n , that is if K > 1, K n ≥
2n
(2n + 1) (2n) for all n sufficiently large. 7
P∞
1. In the first example sheet question 11, the exact power of p dividing m! is i=1 m/pi . So
∞
2n (2n)! X 2n n
= =⇒ vp (n) = i
−2 i .
n n!n! i=1
p p
√
For any x ∈ R, b2xc − 2 bxc ≥ 0, and in fact b2xc − 2 bxc = 0 or b2xc − 2 bxc = 1. If p > 2n,
then p2 > 2n, so all terms in the sum vanish if i ≥ 2, so the sum is at most one.
2. Note that the terms in the sum are zero as soon as pi > 2n, that is
log 2n log 2n
i> =⇒ vp (n) ≤ =⇒ pvp (n) ≤ 2n.
log p log p
3.
2n
4n

2n
X 2n 2n Y 2n
4n = 22n = (1 + 1) = ≤ (2n + 1) =⇒ pvp (n) = ≥ .
i=0
i n n 2n + 1
p≤2n

Claim that there exists C2 > 1 such that for all X sufficiently large, we have
Y
p ≤ C2X . (6)
X
2 ≤p≤X

Suppose we know (6). Then

X

π(X)−π
Y X 2
C2X ≥ p≥ .
2
X
2 ≤p≤X

Taking logarithms,
X X log C2
π (X) ≤ π + . (7)
2 log X
2
Suppose that X is large enough that (6) holds for X, . . . , X/2m−1 . Substituting X, . . . , X/2m−1 into
(7), and summing,
m X
X X
2i
π (X) ≤ π + 2 log C 2 .
2m i=1
log 2Xi

7 Exercise

42
M3P14 Number Theory 13 The distribution of prime numbers

√ √
Now fix X and choose m to be largest possible with 2m ≤ X. Then X/2m ≥ X, so (6) is indeed √
, X/2m−1 provided that X is sufficiently large. Since m is maximal such that 2m ≤ X,
valid for X, . . . √
we have 2m ≥ X/2. So
√

X X
π ≤ ≤ 2 X.
2m 2m
So substituting into the above,
m m
√ X √ √

X
2i 2 log C2 X X X
π (X) ≤ 2 X + 2 log C2 X
≤2 X+ 1 ≤ 2 X + (4 log C2 ) .
i=1
log 2i 2 log X i=1
2i log X
√
This gives our upper bound, because X X/ log X. Now remains to prove (6). We saw above that
if n ∈ Z then
2n
Y 2n X 2n
p≤ ≤ 4n = .
n i=0
i
n<p≤2n

Take n = bX/2c. Then 2n ≤ X, and we get

Y Y
p ≤ 22n ≤ 2X =⇒ p ≤ X2X < C2X ,
X X X
j k
2 <p≤2 2 2 <p≤X

for X sufficiently large, for any C2 > 2.

Lecture 28
Lecture 28 is a problems class. Friday
07/12/18
13.3 The Brun-Titchmarsh theorem and the Selberg sieve
Lecture 29
What can we say about the number of primes p with X < p ≤ X + Y ? That is, π (X + Y ) − π (X). Think Tuesday
of Y being fixed for a moment. The best possible lower bound is zero. 11/12/18
Example. n! + 2, . . . , n! + n is a sequence of consecutive composite numbers.
It was conjectured, in 1920s, by Hardy and Littlewood that π (X + Y ) ≤ π (X) + π (Y ), that is π (X + Y ) −
π (X) ≤ π (Y ). This is no longer believed.
Theorem 107.
(2 + o (1)) Y
π (X + Y ) − π (X) ≤ ,
log Y
where o (1) is as Y → ∞ and X is fixed.
In X + 1, . . . , X + Y , about half of these are divisible by two, about a third of these are divisible by three,
and about a sixth of these are divisible by six. If p1 , . . . , pk are primes, the error term is 2k , so can only
consider the first log Y primes, which implies Theorem 107 for Y / log log Y . Selberg’s idea is to weight the
inclusion-exclusion count.
Proof. Let λ1 , λ2 , · · · ∈ R be any sequence with λ1 = 1. Let R < Y be fixed for now. Later we will choose
1
R=Y 2 − . Set  2
X
ν (n) =  λd  ≥ 0.
d|n, d≤R

Suppose that p is prime, and p > R. Then by definition, ν (p) = λ21 = 1, so

X X X
π (X + Y ) − π (X) = 1 ≤ π (R) + ν (n) ≤ R + ν (n) .
X<p≤X+Y X<n≤X+Y X<n≤X+Y

43
M3P14 Number Theory 13 The distribution of prime numbers

P
Now have to choose λi to minimise X≤n≤X+Y ν (n), so
 2   
X X X X X X
ν (n) =  λd  =  λd1   λd2 
X<n≤X+Y X<n≤X+Y d|n, d≤R X<n≤X+Y d1 |n, d1 ≤R d2 |n, d2 ≤R
    

X X X Y (d1 , d2 )
= λd1 λd2   1 =  λd1 λd2  + O (1) ,
d1 d2
d1 ,d2 ≤R X<n≤X+Y, d1 |n, d2 |n d1 ,d2 ≤R

since lcm (d1 , d2 ) = d1 d2 / (d1 , d2 ). Putting this together,

X λd1 λd2 (d1 , d2 ) X
π (X + Y ) − π (X) ≤ Y + R + O (1) |λd1 λd2 | ,
d1 d2
d1 ,d2 ≤R d1 ,d2 ≤R

where the leading term is

X λd1 λd2 (d1 , d2 )
Y ,
d1 d2
d1 ,d2 ≤R

and the error term is X

R + O (1) |λd1 λd2 | .
d1 ,d2 ≤R

Now choose λi such that λ1 = 1, in such a way as to minimise the leading term. Then choose R = Y c for
c < 12 . Check that for any > 0, we have λd d . Then
X
|λd1 λd2 | ≤ R2+2 = Y 2c(1+) .
d1 d2
→
−
Choose < 1/2c − 1, then Y 2c(1+) Y / log Y . Write λ = (λ1 , λ2 , . . . ), so
→
− X λd λd (d1 , d2 )
1 2
Q λ = .
d1 d2
d1 ,d2 ≤R
→−
Want to minimise this subject to λ1 = 1. Want to diagonalise Q λ . Use, a slight variant of, Möbius
P P
inversion. For any m, m = d|m Φ (d). Take m = (d1 , d2 ). Then (d1 , d2 ) = δ|(d1 ,d2 ) Φ (δ), so
 2
→
− X λd λd (d1 , d2 ) X X λd
1 2
Q λ = = Φ (δ)   ,
d1 d2 d
d1 ,d2 ≤R δ≤R δ|d, d≤R
P
by using that δ | d1 and δ | d2 if and only if δ | d1 d2 / (d1 , d2 ). Set uδ = δ|d, d≤R λd /d. Then
→− X
Q λ = Φ (δ) u2δ .
δ≤R
Lecture 30
Claim that Wednesday
λd X δ
= µ uδ . (8) 12/12/18
d d
d|δ, δ≤R

The right hand side is

   
X δ
X δ  X λd0  X λd0
µ =  µ .
d d0 0
d0 d
d|δ, d≤R δ|d0 , d0 ≤R 0
d ≤R d|δ|d

So we need to show that (

X δ 1 d = d0
µ = .
0
d 0 otherwise
d|δ|d

44
M3P14 Number Theory 13 The distribution of prime numbers

The sum is equal to

d0 d0
X
µ (m) = (1 ∗ µ) = .
d d
m|d0 /d
P
The condition that λ1 = 1 translates via (8) to the condition that 1 = δ≤R µ (δ) uδ . The Cauchy-Schwarz
inequality is |ab| ≤ |a||b|, that is
!1 !1
X X 2 X 2
ai bi ≤ a2i b2i ,
i i i
with equality if and only if there exists λ such that bi = λai for all i. So
 1  1
2 2
X X X µ (δ)2
2 
1= µ (δ) uδ ≤  Φ (δ) uδ  .
Φ (δ)
δ≤R δ≤R δ≤R

So
→
− X 1 X µ (δ)2
Q λ = Φ (δ) u2δ ≥ , D= .
D Φ (δ)
δ≤R δ≤R

Equality holds when uδ = µ (δ) /DΦ (δ). We are going to show that D ≥ log R + O (1). Since R = Y c , this
gives us a leading term of
Y Y 1 Y
= = .
log R log Y c c log Y
1
c< 2 implies that 1/c > 2, so
X µ (δ)2 X 1
D= = .
Φ (δ) Φ (δ)
δ≤R δ≤R, δ squarefree

If δ is squarefree, write δ = p1 . . . pk . Then

1 1
Φ (δ) = (p1 − 1) . . . (pk − 1) = p1 . . . pk 1 − ... 1 − .
p1 pk
So −1
X 1Y 1
D= 1− .
δ p
δ≤R, δ squarefree p|δ
−1
Now, (1 − 1/p) = 1 + 1/p + . . . . So
X
X 1Y 1 1
D= 1 + + ... ≥ = log R + O (1) ,
δ p n
δ≤R, δ squarefree p|δ n≤R

by taking n ≤ R, and writing n = pa1 1 . . . pamm

and δ = p1 . . . pm ≤ R squarefree, so

1 1 1 1
= . . . am −1 .
n δ pa1 1 −1 pm
The only thing remaining is to show that λd d . Recall that uδ = µ (δ) /DΦ (δ). So
d X µ dδ µ (δ) µ dδ µ (δ)

X δ d X
λd = d µ uδ = = .
d D Φ (δ) D Φ (δ)
d|δ, δ≤R d|δ, δ≤R d|δ, δ≤R, δ squarefree

Write δ 0 = δ/d. Since δ = δ 0 d, and δ is squarefree, we have (δ 0 , d) = 1, so Φ (δ) = Φ (δ 0 ) Φ (d). So

d X 1 d
|λd | ≤ 0)
= .
Φ (d) D 0 Φ (δ Φ (d)
δ ≤R, δ 0 squarefree

Need to show that Φ (d) d1− if d is squarefree, where Φ (d) = p|d (p − 1). If p is sufficiently large, then
Q

p − 1 ≥ p1− . If p is not sufficiently large, then (p − 1) /p > 0 can be regarded as a constant.

Count and Colour 63609
No ratings yet
Count and Colour 63609
1 page
Cover
No ratings yet
Cover
2 pages
Suma
No ratings yet
Suma
1 page
Add Fractions
No ratings yet
Add Fractions
3 pages
Fractions 3
No ratings yet
Fractions 3
6 pages
Addition of Dissimilar Fractions and Whole Numbers
No ratings yet
Addition of Dissimilar Fractions and Whole Numbers
7 pages
500 Followers: Freebie
No ratings yet
500 Followers: Freebie
10 pages
Addition Practice 10
No ratings yet
Addition Practice 10
1 page
Write The Addition Sentence For Each Set
No ratings yet
Write The Addition Sentence For Each Set
4 pages
Chapter 16 Addition & Subtraction Within 100 (Revision)
No ratings yet
Chapter 16 Addition & Subtraction Within 100 (Revision)
7 pages
3rd Post Test in Math K2
No ratings yet
3rd Post Test in Math K2
1 page
Reviewer in Math Kinder Monthly April
No ratings yet
Reviewer in Math Kinder Monthly April
6 pages
Mixed Number JJC To Print
No ratings yet
Mixed Number JJC To Print
4 pages
Grade 5 Math: Fractions Practice
No ratings yet
Grade 5 Math: Fractions Practice
2 pages
Addition Tables Page
No ratings yet
Addition Tables Page
1 page
Addition Tables Page
No ratings yet
Addition Tables Page
1 page
(448280) 8 Add and Subtract Fractions With Any Denominator
No ratings yet
(448280) 8 Add and Subtract Fractions With Any Denominator
2 pages
Math Workshop First Quarter Test
No ratings yet
Math Workshop First Quarter Test
14 pages
QP Gamatrain - Com VKTVBF
No ratings yet
QP Gamatrain - Com VKTVBF
3 pages
Translating Words to Math Expressions
No ratings yet
Translating Words to Math Expressions
14 pages
Name - Math Quiz 1)
No ratings yet
Name - Math Quiz 1)
3 pages
Fife Commutative-Property-Of-Addition-Activity-Sheet
No ratings yet
Fife Commutative-Property-Of-Addition-Activity-Sheet
3 pages
Odd and Even Numbers
No ratings yet
Odd and Even Numbers
2 pages
Addition Practice for Students
No ratings yet
Addition Practice for Students
19 pages
Math Fluency 0 1
No ratings yet
Math Fluency 0 1
1 page
01
No ratings yet
01
1 page
Math Adding 1-10: Skills Practice Homework Warm Up Assessment
No ratings yet
Math Adding 1-10: Skills Practice Homework Warm Up Assessment
7 pages
Log Math
No ratings yet
Log Math
3 pages
1 Additon K
No ratings yet
1 Additon K
20 pages
ade1Math-Practice Worksheet (CH 2 Addition)
No ratings yet
ade1Math-Practice Worksheet (CH 2 Addition)
2 pages
HTTPSWWW - Cemc.uwaterloo - Caresourcespotw Strands2019 20EnglishPOTWA 19 Combined3 4.PDF#Page1
No ratings yet
HTTPSWWW - Cemc.uwaterloo - Caresourcespotw Strands2019 20EnglishPOTWA 19 Combined3 4.PDF#Page1
161 pages
Auri 103
No ratings yet
Auri 103
10 pages
Exercise: Draw A Circle Around The Smaller Number
No ratings yet
Exercise: Draw A Circle Around The Smaller Number
6 pages
WORKSHEE2 Math Term2
No ratings yet
WORKSHEE2 Math Term2
2 pages
Basic Facts - Addition With 2
No ratings yet
Basic Facts - Addition With 2
2 pages
Multiplication Readiness
No ratings yet
Multiplication Readiness
1 page
Grade 1 Math Mock Test
No ratings yet
Grade 1 Math Mock Test
4 pages
Easily: Name: ................................................
No ratings yet
Easily: Name: ................................................
1 page
Math's
No ratings yet
Math's
2 pages
Aw2e Basic - Maestro D Legal
No ratings yet
Aw2e Basic - Maestro D Legal
2 pages
Sai Chitra Model English School
No ratings yet
Sai Chitra Model English School
1 page
Suma y Resta de Fracciones 7 C
No ratings yet
Suma y Resta de Fracciones 7 C
1 page
Safwan CT 3
No ratings yet
Safwan CT 3
4 pages
Ilovepdf Merged
No ratings yet
Ilovepdf Merged
51 pages
Write, or in Each Circle
No ratings yet
Write, or in Each Circle
2 pages
CT-3 Math Practice Paper
No ratings yet
CT-3 Math Practice Paper
7 pages
Aryan 2
No ratings yet
Aryan 2
3 pages
Belajar Menulis Angka
No ratings yet
Belajar Menulis Angka
19 pages
கணித பயிற்றி சேர்த்தல்
No ratings yet
கணித பயிற்றி சேர்த்தல்
6 pages
Single Digit Packet
No ratings yet
Single Digit Packet
14 pages
Prasanna Bharathi Primary School: Day - 1 Write The Numbers From 501 To 600
No ratings yet
Prasanna Bharathi Primary School: Day - 1 Write The Numbers From 501 To 600
6 pages
Signogramas
No ratings yet
Signogramas
2 pages
Dominic Ferron - Multiplication of Mixed Numbers HW 3.19
No ratings yet
Dominic Ferron - Multiplication of Mixed Numbers HW 3.19
3 pages
Grey Colorful Illustrative Secret Code Addition Math Worksheet
No ratings yet
Grey Colorful Illustrative Secret Code Addition Math Worksheet
1 page
Reviewer in Math Kinder Monthly April
No ratings yet
Reviewer in Math Kinder Monthly April
6 pages
Nursery One Mathematics
No ratings yet
Nursery One Mathematics
2 pages
Grade 6 Adding Mixed Numbers Fractions Like Denominators B
No ratings yet
Grade 6 Adding Mixed Numbers Fractions Like Denominators B
2 pages
Mat João Eear
No ratings yet
Mat João Eear
34 pages
Symmetries, Fields and Particles: Cambridge Part III Maths
No ratings yet
Symmetries, Fields and Particles: Cambridge Part III Maths
45 pages
Notes of Trace Inequalities
No ratings yet
Notes of Trace Inequalities
66 pages
Advanced Complex Analysis Notes
No ratings yet
Advanced Complex Analysis Notes
38 pages
Ua2 2025
No ratings yet
Ua2 2025
61 pages
Analytic NT
No ratings yet
Analytic NT
63 pages
FALecture Notes
No ratings yet
FALecture Notes
90 pages
MA40254 Differential and Geometric Analysis: Exercises 1
No ratings yet
MA40254 Differential and Geometric Analysis: Exercises 1
4 pages
8124 27375 1 PB
No ratings yet
8124 27375 1 PB
35 pages
Complex Geometry
No ratings yet
Complex Geometry
131 pages
Convolution
No ratings yet
Convolution
17 pages
M3P11
No ratings yet
M3P11
27 pages
Lectures
No ratings yet
Lectures
707 pages
Part 7
No ratings yet
Part 7
9 pages
Effective
No ratings yet
Effective
7 pages
Prime Number
No ratings yet
Prime Number
3 pages
CLMD4A MathG8
100% (3)
CLMD4A MathG8
40 pages
STEP 2019 Paper1
No ratings yet
STEP 2019 Paper1
12 pages
0606 s11 Ms 12
No ratings yet
0606 s11 Ms 12
8 pages
PDF Maker 1730091483124
No ratings yet
PDF Maker 1730091483124
29 pages
Syllabus of Pathfinder For Olympiad Mathematics
No ratings yet
Syllabus of Pathfinder For Olympiad Mathematics
3 pages
Activity 4 Application of Matrix Operations GROUP 1
No ratings yet
Activity 4 Application of Matrix Operations GROUP 1
8 pages
Bbps - Pre Board
No ratings yet
Bbps - Pre Board
7 pages
Genmath q1 Mod8 TheDomainandRangeofRationalFunctions v2
100% (2)
Genmath q1 Mod8 TheDomainandRangeofRationalFunctions v2
25 pages
Chapter 1: Linear Relations Test B (45 Marks) : Part A - Multiple-Choice
No ratings yet
Chapter 1: Linear Relations Test B (45 Marks) : Part A - Multiple-Choice
9 pages
Sets Relations and Functions JEE Mains Notes
No ratings yet
Sets Relations and Functions JEE Mains Notes
6 pages
Papper Maths Class 8th
No ratings yet
Papper Maths Class 8th
5 pages
UG SEM-3 MJC-4 Mathematics (2023-2027)
No ratings yet
UG SEM-3 MJC-4 Mathematics (2023-2027)
15 pages
X Ntse QP Mixed Test-6
No ratings yet
X Ntse QP Mixed Test-6
2 pages
Guided Notes
No ratings yet
Guided Notes
1 page
Momentum Matrix Elements
No ratings yet
Momentum Matrix Elements
4 pages
Mathematical - Physics-14-Eigenvalue Problems
No ratings yet
Mathematical - Physics-14-Eigenvalue Problems
25 pages
Chapter - 2. Exponents of Real Numbers
No ratings yet
Chapter - 2. Exponents of Real Numbers
30 pages
Calculus 1: Integral Evaluation Guide
No ratings yet
Calculus 1: Integral Evaluation Guide
69 pages
Module 2 PDF
No ratings yet
Module 2 PDF
21 pages
Jan 2011 CSEC Maths P2 Solutions
No ratings yet
Jan 2011 CSEC Maths P2 Solutions
42 pages
ChemE 105
No ratings yet
ChemE 105
6 pages
Multiplying Rational Numbers
No ratings yet
Multiplying Rational Numbers
4 pages
Further Integration Notes
No ratings yet
Further Integration Notes
18 pages
Grade 8 Math & Research Specs
No ratings yet
Grade 8 Math & Research Specs
5 pages
WC - Xii Maths QP Set 3 2024-25
No ratings yet
WC - Xii Maths QP Set 3 2024-25
6 pages
APM2613 - Assessment 3 - 2024
No ratings yet
APM2613 - Assessment 3 - 2024
3 pages
DLL - September 11 - 15, 2023 (Week 2)
No ratings yet
DLL - September 11 - 15, 2023 (Week 2)
4 pages
Engineering Mathematics-I KAS103T
No ratings yet
Engineering Mathematics-I KAS103T
4 pages
Mini-Lesson 1: Section 1.1: Order of Operations
No ratings yet
Mini-Lesson 1: Section 1.1: Order of Operations
11 pages
Maximum Length Sequence
No ratings yet
Maximum Length Sequence
9 pages

M3P14

Uploaded by

M3P14

Uploaded by

M3P14 Number Theory

Lectured by Prof Toby Gee

1 Euclid’s algorithm and unique factorisation 5

2 Congruences and modular arithmetic 7

4 Primality testing and factorisation 13

11 Primes in arithmetic progressions 37

13 The distribution of prime numbers 41

 How many primes are there less than n?

Not everything we will do is in that book, though.

1 Euclid’s algorithm and unique factorisation

1.2 Euclid’s algorithm

1.3 Unique factorisation

1.4 Linear diophantine equations

See that the solutions are exactly

2 Congruences and modular arithmetic

If a ∈ Z, we sometimes write a for the image of a in Z/nZ.

Example. If n = 6, we could write 3 + 4 = 1 and 3 × 4 = 0.

Example. If p is a prime, then

2.2 Linear congruence equations

2.3 The Chinese remainder theorem

is an isomorphism of abelian groups.

3 The structure of (Z/nZ)×

3.2 Euler’s theorem

 two elements of order dividing two, so one element of order two,

 six elements of order dividing six, so two elements of order six.

Lemma 24. For any n ≥ 1, we have X

Lemma 27. For n ≥ 0 we have n

where t + 2n+1 t2 is odd.

 n = pr for p > 2 prime and r ≥ 1, or

 n = 2pr for p > 2 prime and r ≥ 1.

 Is 2 a primitive root? 22 = 4, 24 = 16, 26 = 2, but 210 = 215 = 1 because 25 = 32 = 1.

4 Primality testing and factorisation

4.2 Testing primality

In practice it is even better.

5.1 Messages as sequences of classes modulo n

5.2 The Rivest-Shamir-Adleman (RSA) algorithm

5.4 Discrete logarithms

Proposition 35 can be restated as saying that

is a group homomorphism, that is     

Even holds if we do not assume that (a, p) = (b, p) = 1. Lecture 11

6.2 Computing Legendre symbols

Proposition 39 (Gauss’ lemma).

Subtracting p from every term which is bigger than q,

Theorem 40 (Law of quadratic reciprocity). If p and q are odd primes, then

For example, 37 = −1, since QRs are 1, 2, 4, and 11 3

6.3 Proof of quadratic reciprocity

 The second set of representatives is

So C, the product of these representatives, is

A, B, C all agree up to sign, that is up to multiplication by ±1, that is up to multiplication by

6.4 Jacobi symbols

2. ab depends only on a mod b.

we need to show that

7411 is not a square modulo 9283.

7.1 Sums of two squares

by Euler’s criterion. That is, p | n2 + 1 = (n + i) (n − i). If p were prime, then p | n + i or p | n − i, that is

7.2 Sums of four squares - the ring of quaternions

= N ((a + bi + cj + dk) (x + yi + zj + wk))

7.3 Proof of Lagrange’s theorem

Choose x and y such that

If r > 1, there exist x0 , y 0 , z 0 , w0 , r0 such that

x02 + y 02 + z 02 + w02 = pr0 , 1 ≤ r0 < r.

x ≡ a mod r, y ≡ b mod r, z ≡ c mod r, w ≡ d mod r.

7.4 Sums of three squares

Definition 58. If α ∈ C, then Z [α] is the smallest subring of C containing α.

Proof. Since α ∈ / Q, since if α = r/s for (r, s) = 1 then r2 + ars + bs2 = 0, so s | r2 , so s | 1,

(x + yα) (X + Y α) = xX + (xY + yX) α + yY α2

If Z [α] is real quadratic, we can have N (z) < 0.

8.3 Factorisation in quadratic rings

8.4 Back to Pell’s equation

8.5 Constructing the fundamental 1-unit

8.6 The equation x2 − dy 2 = −1

9.2 Infinite continued fractions

Define sequences ai and ri by

By definition, ai ≥ 1 if i > 0. Write

Lemma 68. If a0 , . . . , an ∈ R, define pi and qi for 0 ≤ i ≤ n by

9.3 Best approximations

How many primes are there less than n?

two elements of order dividing two, so one element of order two,

six elements of order dividing six, so two elements of order six.

n = pr for p > 2 prime and r ≥ 1, or

n = 2pr for p > 2 prime and r ≥ 1.

Is 2 a primitive root? 22 = 4, 24 = 16, 26 = 2, but 210 = 215 = 1 because 25 = 32 = 1.

is a group homomorphism, that is

The second set of representatives is

Now assume x2 − dy 2 = −1. Again enough to √ show

a1 , . . . , am−1 is symmetric, that is ai = am−i for 1 ≤ i ≤ m − 1.

The fundamental 1-unit is ( √

Then f ∗ (g + h) = f ∗ g + f ∗ h. There exists a multiplicative unit , that is f ∗ = ∗ f = f . This is easy

Lemma 103. If 1 is the function 1 (n) = 1 for all n, then 1 ∗ µ = .

So we need to show that (

p − 1 ≥ p1− . If p is not sufficiently large, then (p − 1) /p > 0 can be regarded as a constant.