NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Transcription

1 NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two oerations defined on them, addition and multilication, which are commutative (a + b = b + a, ab = ba) and associative (a + (b + c) = (a + b) + c, a(bc) = (ab)c) and which interact via the distributive law (a(b + c) = ab + ac). These oerations have neutral elements 0 and 1 resectively (if a is an integer, a + 0 = a and a 1 = a). Notice also that each integer can be negated (a + ( a) = 0). In modern algebra language, a set having the aforementioned roerties is called a commutative ring. The two oerations in Z are not created equal, however; while every integer can be negated (for examle, 3 + ( 3) = 0), not every integer can be inverted (for examle, there is no integer a such that 3a = 1). Indeed, the only integers whose recirocals are also integers are 1 and 1. In general, an element a of a commutative ring is called a unit if there is an element b of the ring such that ab = 1. The rational numbers, denoted by Q, are all the ratios of integers: Q = { a b a, b Z and b 0} (of course, we consider 4 and 2 to be the same element of Q). Notice 6 3 that, like Z, Q is a commutative ring, but that any nonzero element of Q can be inverted (if a Q and a 0, then certainly b Q also). b a Commutative rings having this additional roerty are called fields. Another field you are familiar with is the real numbers, which we will denote by R. Notice that Z Q R. We know how Z sits in R (imagine a number line with the integers marked off). You may have thought less about how Q sits in R. Proosition 1. Between any two real numbers, there is a rational number. Proof. Let a, b R, a < b. We can find a ositive integer n such that < b a. Then at least one of the rational numbers 1 n lies between a and b. {..., 2 n, 1 n, 0, 1 n, 2 n,... }

2 Because of Proosition 1, we say that Q is dense in R. However, not all real numbers are rational; a real number which is not rational is called irrational. Proosition 2. e is irrational. Proof. Suose that e were rational. Then e = a/b for some ositive integers a and b. It follows that the number α defined by ( α = b! e 1 1 1! 1 2! 1 3! 1 ) b! is an integer (imagine multilying the b! through), and since e is defined by e = n=0 1 n!, α is ositive. But the definition of e, along with the formula for the sum of a convergent geometric series, gives that ( ) 1 α = b! (b + 1)! + 1 (b + 2)! + = 1 b (b + 1)(b + 2) + < 1 b (b + 1) 2 + = 1 b+1 = 1 b b+1 We find that α < 1, a contradiction since α is a ositive integer. Note that e is an infinite sum of ositive rational numbers; as such, it is the limit of an increasing sequence of rational numbers (namely, the sequence of artial sums), yet e itself is not rational. Indeed, R has the roerty that every increasing sequence of rational numbers is either unbounded or converges to an element of R. In fact, R is the smallest such field, in the sense that any other field having this roerty contains R. We will see more irrational numbers later; indeed, it turns out that the irrationals are much more numerous than the rationals. Another field that you may have worked with is the field of comlex numbers C: C = {a + bi a, b R}, where i = 1. Many of the commutative rings that we study in these notes are contained in C. DIVISIBILITY

3 Let us first focus on the integers Z, and study their multilicative structure. We begin by discussing how integers break down into simler multilicative arts. Definition 3. If a, b Z and b 0, we say that b divides a if there is an integer c such that a = bc. We denote b divides a by b a; synonyms for this that you may be familiar with are b is a divisor of a, b is a factor of a, a is a multile of b and a is divisible by b. If b is not a divisor of a, we write b a. Examle , 7 16 Examle 5. The ositive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. Notice that any nonzero integer a is a divisor of 0 (0 = a 0) and is divisible by 1 (a = 1 a); a direct consequence of the former statement is the surrisingly useful Corollary 6. If a is an integer, and there is a ositive integer b such that b a, then a 0. We have only discussed divisiblity in Z; notice that the notion of divisibility is trivial in Q (i.e. if b is a nonzero rational number, then b divides every rational number) since we can invert any nonzero element of Q. Indeed, divisibility is a trivial notion in every field. Therefore, when we discuss divisibility, we will mean it in the context of the integers, unless otherwise stated. Proosition 7. Let a, b, c Z. (1) If a b and b c, then a c. (2) If a b and a c, then for any integers x and y, a (bx + cy). Proof. (1) Since a b and b c, there are integers m and n such that b = ma and c = nb. Then c = n(ma) = (nm)a, so a c. (2) Since a b and a c, there are integers m and n such that b = ma and c = na. Then bx + cy = (ma)x + (na)y = (mx + ny)a, so a (bx + cy). THE PRIMES Notice that every integer a > 1 has at least two ositive divisors, namely 1 and a; these are sometimes called the trivial divisors of a. If d a and 1 < d < a, d is called a roer divisor of a.

4 Definition 8. An integer > 1 is called rime if its only ositive divisors are 1 and (i.e., if it has no roer divisors). An integer n > 1 that is not rime is called comosite. Examle 9. The first five rime numbers are 2, 3, 5, 7 and 11. Prime numbers can be thought of, then, as multilicatively the simlest ositive integers. We now demonstrate their central lace in multilicative number theory. Proosition 10. If a ositive integer n is comosite, then the smallest roer divisor of n is rime. Proof. Let d be the smallest roer divisor of n. If d had a roer divisor m, then by Proosition 7 (1), m would be a roer divisor of n. But m < d, so we have a contradiction. Therefore d has no roer divisors, i.e., d is rime. Theorem 11. Every integer n > 1 is a roduct of rime numbers. Proof. By induction. Since 2 is rime, the theorem is certainly true for n = 2. Now suose it is true for all the integers from 2 u to n. If n + 1 is rime, the theorem is true for n + 1. If n + 1 is comosite, then by Proosition 10, it has a rime divisor. Writing n + 1 = m, we see that 2 m n. By the induction hyothesis m is a roduct of rimes, and therefore so is n + 1 = m. Examle = 2 42 = = We see that the rimes are the multilicative building blocks of Z, and therefore it is natural to study them as a distinguished set. One obvious question to ask is how many rimes are there? Theorem 13. (Euclid) There are infinitely many rime numbers. Proof. Let S be any finite set of rime numbers. Consider the integer n = 1 + S. If n is rime, then n / S, since n is larger than any element of S. If n is comosite, then by Proosition 10, n has a rime factor q. Notice that q / S, for if it were in S, then it would divide n 1 = S, and then by Proosition 7 it would divide n (n 1) = 1, a contradiction. In any case, S does not contain all of the rimes. Now that we have shown that there are infinitely many rimes, let us consider the question of identifying the rimes among all the ositive

5 integers. Suose we start from the very definition of a rime number: an integer n > 1 with no roer divisors. We can immediately see a foolroof way to determine whether a ositive integer n is rime: search for roer divisors of n; if we find one, n is not rime, and if we do not find any, n is rime. Since a roer divisor d of n satisfies 1 < d < n, we know that this algorithm will involve no more than n 2 stes. Now that we have an algorithm, let us consider how to make it more efficient. First of all, let us note the obvious fact that the algorithm need not involve n 2 stes for every n. Indeed, if we find a roer divisor of n, we may terminate our algorithm immediately at that oint and conclude that n is not rime. In the extreme case that n is comosite and the first integer we check haens to be a divisor of n, our algorithm consists of just one ste. In general, then, the efficiency of our algorithm will deend artly uon our testing the integers that are most likely to be divisors of n first. Fortunately this is not difficult to do, because we know that one half of the ositive integers are divisible by 2, one third of the ositive integers are divisible by 3, and so on. Therefore we should test the integers for divisors of n in increasing order. Notice that if n is not rime and we search in this way, we will automatically find the smallest roer divisor d of n first. Recall that, by Proosition 10, d is rime. We now rove another very imortant roerty of d. Proosition 14. If n is comosite and d is the smallest roer divisor of n, then d n. Proof. Consider the alternative. Combining Proositions 10 and 14, we obtain the following Algorithm 15. (for determining whether n is rime) Search for divisors of n among the rimes n, in increasing order beginning with 2. If a divisor is found, we conclude that n is comosite and sto the search. If a divisor is not found, we conclude that n is rime. Examle is rime, because 113 = and 113 is not divisible by 2, 3, 5 or 7. Not a bad test; we don t need to check all the integers u to n for divisors, just those u to n, and among these we only need to consider the rimes. There is something about our rimality test that may bother you: to use it to test the rimality of n, we need to have a list of the rimes

6 n. How do we find such a list? It turns out that we have an efficient way to find one, and for this we may thank the ancient Greek Eratosthenes. This rocess involves many of the ideas we used in deriving Algorithm 15. Algorithm 17. (Sieve of Eratosthenes, for finding all the rimes m) List the integers from 2 to m, then aly the following iterative rocedure to this list. The integers not eliminated in this rocess are the rimes m. (1) Determine the smallest integer in the list. (2) If > m, sto. If m, circle it and eliminate all multiles of, excet for itself, from the list and go back to ste (1). Proof that Algorithm 17 works. First, it is clear that in the algorithm only comosite numbers are eliminated. Let us now show that the circled numbers are all rimes. We do this by induction. Clearly 2 is the smallest circled integer, and it is rime. Now suose that the first k circled integers are rimes. The sieve removed all of the multiles of these k rimes (excet themselves); hence the (k + 1)st circled integer is not divisible by any of the rimes that are smaller than it, and is therefore rime itself by Proosition 10. Finally, what about the remaining uncircled numbers? They remain because they are not multiles of any of the circled rimes, which as we have seen are all the rimes m; by Proositions 10 and 14, then, the remaining numbers are also rime.

7 COMMON DIVISORS Consider the following roblem: we wish to tile a rectangular floor that is 12 feet by 18 feet. For ease of cutting, we wish to use tiles that are square, of uniform size, and have integral side length s (in feet). Given these constraints, we would like to minimize the number of tiles we use (so as to minimize the amount of cutting). How shall we do this? Since we are using tiles of uniform size, it is clear that this is equivalent to finding the largest usable tile. If we use m rows and n columns of tiles, then, we have the following relationshis: ms = 18 and ns = 12. These imly that s is a divisor of both 18 and 12, so the maximal s is the largest integer that is a divisor of both 18 and 12, namely 6. Definition 18. If m and n are nonnegative integers, d is a common divisor of m and n if d m and d n. If m and n are not both zero, the greatest common divisor (gcd) of m and n is denoted by (m, n). Examle 19. The ositive divisors of 20 are {1, 2, 4, 5, 10, 20}, and those of 35 are {1, 5, 7, 35}. The common divisors of 20 and 35 are {1, 5}, and so (20, 35) = 5. Examle 20. If m is a ositive integer, then (m, 0) = m, since m is the largest divisor of m and any ositive integer divides zero. We see that comuting the gcd of two ositive integers can always be done in a straightforward way: list the divisors of each, and find the largest integer that aears in both lists. For large numbers, however, this rocedure can become quite unwieldy. For examle, 2310 has 32 divisors, and 1092 has 24 divisors; we might hoe that there is a quicker way to find (2310, 1092). Indeed, Euclid discovered an algorithm for doing this which has not been significantly imroved to this date. Algorithm 21. (Division Algorithm) Let m and n be ositive integers. Then there exist unique integers q and r such that and 0 r < m. n = mq + r Proof. Let q = n/m (recall that if r R, r denotes the largest integer that is less than or equal to r). Since (n/m) 1 < n/m n/m,

8 it follows that 0 = n m(n/m) n mq < n m((n/m) 1) = m, so let r = n mq. For uniqueness, suose n = mq 1 + r 1 = mq 2 + r 2 where 0 r 1, r 2 < m. Without loss we may assume that r 1 r 2. Subtracting our two exressions for n, we find that m(q 1 q 2 ) = r 2 r 1. Hence m (r 2 r 1 ). Since 0 r 2 r 1 < m, it follows that r 2 r 1 = 0, so r 2 = r 1. Then our last dislayed equation gives m(q 1 q 2 ) = 0, and since m 0, it must be that q 1 q 2 = 0, so q 1 = q 2. Examle 22. If we divide m = 7 into n = 38, we get a quotient of q = 5 and a remainder of r = 3. Euclid s algorithm combines the division algorithm with the following Proosition 23. Let m, n and r be as in the division algorithm. Then (m, n) = (m, r). Proof. By definition (m, n) divides m and n, and since r = n mq, by Proosition 7 (2), (m, n) divides r. Since (m, n) is a common divisor of m and r, we have that (m, n) (m, r). On the other hand, (m, r) divides m and r, and since n = mq + r, Proosition 7 (2) tells us that (m, r) divides n. Hence (m, r) is a common divisor of m and n, and therefore (m, r) (m, n). We conclude that (m, n) = (m, r). Algorithm 24. (Euclidean Algorithm) Let m and n be ositive integers with m < n. By the division algorithm, we have n = mq 1 + r 1 with 0 r 1 < m. If r 1 0, we find by the division algorithm m = r 1 q 2 + r 2 with 0 r 2 < r 1. For i 2, if r i 0, aly the division algorithm to obtain r i 1 = r i q i + r i+1 with 0 r i+1 < r i. In this way we obtain a sequence r 0 = m > r 1 > r 2 > r 3 > 0.

9 Therefore r k = 0 for some k. By Proosition 23, (m, n) = (m, r 1 ) = (r 1, r 2 ) = = (r k 1, r k ) = (r k 1, 0) = r k 1. Examle 25. (1092, 2310) = (1092, 126) = (126, 84) = (84, 42) = (42, 0) = 42 The Euclidean Algorithm is extremely efficient; in fact, it allows us to find the gcd of two integers without factoring either one. As a byroduct of the algorithm, we can write (m, n) as a linear combination of m and n. Proosition 26. If m and n are ositive integers, then there exist integers a and b such that (m, n) = am + bn. Notice that, in the notation of Proosition 26, one of the integers a and b will be ositive, and the other negative. Examle 27. Referring back to the revious examle, the division that roduced the gcd, 42, as remainder tells us that 42 = , while the receding divisions gave us Then 84 = and 126 = = 126 ( ) = = 9( ) 1092 = Proosition 28. If m and n are ositive integers, then the set {am + bn a, b Z} consists of all of the integer multiles of (m, n). Proof. By Proosition 7 (2), every element of the set is a multile of (m, n). And by Proosition 26, (m, n) is in the set. Therefore any multile d(m, n) of (m, n) is also in the set, for if we write (m, n) = am + bn, then d(m, n) = d(am + bn) = (da)m + (db)n.

10 UNIQUE FACTORIZATION We roved earlier (Theorem 11) that every ositive integer is a roduct of rimes. Our aim now is to show that the rime factorization of an integer is unique; that is, one always obtains the same rime factors no matter what ath one takes to a rime factorization of a number: 90 = 3 30 = = = 5 18 = = We rove one reliminary result. Proosition 29. If is rime and mn, then m or n. Proof. Since mn, mn = q. Suose m. Then (m, ) = 1, so by Proosition 26 we can find integers a and b such that ma + b = 1. Then n = n 1 = n(ma + b) = (mn)a + nb = (q)a + nb = (qa + nb), and therefore n. Theorem 30. The rime factorization of an integer n > 1 is unique. Proof. Suose n can be written as a roduct of rimes as n = 1 2 k = q 1 q 2 q l. Then 1 q 1 (q 2 q l ), so by Proosition 29, either 1 q 1 (in which case 1 = q 1 ), or 1 q 2 q l. In the latter case, by the same argument either 1 = q 2 or 1 q 3 q l. By exhaustion we find that 1 = q i for some 1 i l. Canceling these, we find that 2 k = l j=1, j i We may aly the same argument to show that 2 = q j for some j i; cancelling these and continuing in this fashion, we eventually eliminate all the s, so that the left hand roduct becomes 1. It follows that at this oint, all of the q s must have been canceled as well (else the roduct of the remaining q s would be > 1). Thus the two factorizations are the same u to ordering. Definition 31. If m is a ositive integer and is a rime, define v (m) to be the highest ower of that divides m (this is a well-defined notion by Theorem 30). q j.

11 Notice that m = rime v(m), and that v (m) = 0 for all but finitely many rimes. We worked hard to rove that integers have unique factorizations into rimes, a result that is robably quite familiar to you. It may be so familiar to you that the fact seems trivial. Is it? The answer to this question is no, in the following sense: there are number systems very similar to the integers in which factorization into rimes is not unique. Examle 32. Consider the number system Z[ 6] = {a + b 6 a, b Z} (in fact, this is a commutative ring; note that 6 = 6i in our usual notation for C). In this number system, 2 and 5 are rimes in the sense that they have no nontrivial divisors (for examle, the only divisors of 2 are ±1 and ±2); indeed, so are and 2 6. The fact that 2 5 = 10 = (2 + 6)(2 6) shows that we do not have unique factorization in the number system Z[ 6], since 10 has two different factorizations. Thinking back to the roof of Theorem 30, if we were to try the same technique to rove that Z[ 6] has unique factorization, the art that would fail would be the art involving Proosition 29, since the analog of this does not hold in Z[ 6]. Our examle shows this, for even though 2 has no nontrivial divisors in Z[ 6] and it is a divisor of the roduct (2 6)(2+ 6), it is clearly not a divisor of either factor. Unique factorization allows us to rove the irrationality of many real numbers. Proosition is an irrational number. Proof. Suose 7 were rational. Then 7 = a b for some integers a and b. It follows that a 2 = 7b 2. Then v 7 (a 2 ) = v 7 (7b 2 ), but v 7 (a 2 ) = 2v 7 (a) is even and v 7 (7b 2 ) = 1 + 2v 7 (b) is odd, a contradiction.

12 The roof of the receding roosition generalizes easily to rove Theorem 34. If b and m are ositive integers, and b not the mth ower of another integer, then the mth root of b is irrational. Examle /3, 27 are irrational.

13 CONGRUENCES We develo here the language of congruences, which is extremely useful when discussing number theoretic questions. Definition 36. Let a, b and m be integers, with m > 0. We say that a is congruent to b modulo m if m (a b); in this case, we write a b (mod m). Examle (mod 5), since 5 (23 8) = (mod 8), since 8 53 ( 3) = (mod 7), since 7 28 Examle 38. The integers that are congruent to 0 modulo 3 are {..., 6, 3, 0, 3, 6,... }, those congruent to 1 modulo 3 are {..., 5, 2, 1, 4, 7,... }, and those congruent to 2 modulo 3 are {..., 4, 1, 2, 5, 8,... }. These sets are sometimes called the congruence classes (or residue classes) modulo 3. We see that every integer is congruent either to 0, 1 or 2 modulo 3; in general, modulo m, every integer is congruent to exactly one of {0, 1, 2,..., m 1}. We often choose these m numbers as reresentatives of the congruence classes modulo m (of course, we could also choose other sets, such as {1, 2,, m}). Note that the integers congruent to 0 modulo m are those that are multiles of m; moreover, if a is a ositive integer and we get a remainder of r uon dividing m into a, then a r (mod m). When we work modulo m, we consider integers a and b to be the same if a b (mod m); hence the integers become a finite set, and are much easier to work with. We use this idea, for examle, when secifying times. If it is 17 hours after midnight, we say that it is 5:00, not 17:00. This is because 17 5 (mod 12), i.e., we secify hours of the day modulo 12. Of course, with hours in military time we work modulo 24. In both cases, when dealing with minutes we work modulo 60. Notice that in standard time the reresentatives we choose for the hours (when we work modulo 12) are 1, 2, 3,..., 12, while for the minutes (when we work modulo 60) we use the reresentatives 0, 1, 2,..., 59. We now show that we can do arithmetic modulo m, and that this is consistent with the usual arithmetic in Z.

14 Proosition 39. Suose a, b, c, d and m are integers, m > 0, a c (mod m) and b d (mod m). Then a + b c + d (mod m) and ab cd (mod m). Proof. Since a c (mod m) and b d (mod m), we know that m (a c) and m (b d). Then by Proosition 7 (2), m (a c) + (b d) = (a + b) (c + d), so a+b c+d (mod m). Moreover, by Proosition 7 (1), m b(a c) = ab bc and m c(b d) = bc cd. Hence Proosition 7 (2) gives that and therefore ab cd (mod m). m (ab bc) + (bc cd) = ab cd, Notice that Proosition 39 imlies that the congruence classes modulo m form a commutative ring under the addition and multilication induced from Z. This ring is denoted Z/mZ. Examle 40. Suose we wish to know what is modulo 10. One way to do this is to multily these numbers together and look at the result. Another way is to use Proosition 39; clearly (mod 10) and (mod 10), and therefore (mod 10). Examle 41. Suose we wish to calculate modulo 7. Rather than actually comuting (which has hundreds of digits), we can simly note that and then by Proosition 39, 4 3 = 64 1 (mod 7), = (4 3 ) (mod 7).

15 We see that modular arithmetic is often easier than the usual arithmetic in Z, since there are only m congruence classes modulo m. Another way that modular arithmetic differs from that in Z is that there are usually many units modulo m, whereas in Z, the only units are 1 and 1. For examle, there is no integer a such that 5a = 1, but modulo 7 we have that 5 3 = 15 1 (mod 7). Proosition 42. Let a and m be integers, m > 0. There exists an integer b such that ab 1 (mod m) if and only if (a, m) = 1. Proof. Suose that (a, m) = 1. By Proosition 26, there exist integers b and n such that ab + mn = 1. Then ab = 1 mn 1 (mod m). Now suose that there exists an integer b such that ab 1 (mod m). Then ab 1 = km for some integer k. By Proosition 7 (2), (a, m) ab km = 1, and therefore (a, m) = 1. Corollary 43. If ax ay (mod m) and (a, m) = 1, then x y (mod m). Proof. Since (a, m) = 1, we can find b such that ab 1 (mod m). Then x (ab)x b(ax) b(ay) (ab)y y (mod m). Thus we may cancel a common factor a from a congruence modulo m if (a, m) = 1. Notice that we may NOT cancel in general if (a, m) > 1; for examle, (mod 15) even though 8 3 (mod 15). Definition 44. If a and m are integers, we say that a and m are corime, or relatively rime, if (a, m) = 1. We have seen that there are only m distinct congruence classes modulo m. Let us now study this ring further. Definition 45. For m 1, let U(m) = {1 a m (a, m) = 1}. The Euler hi function φ is defined by φ(m) = #U(m). Notice that, by Proosition 42, the numbers in U(m) are reresentatives for the units in the integers modulo m. Examle 46. U(6) = {1, 5}, U(11) = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, U(12) = {1, 5, 7, 11}, so φ(6) = 2, φ(11) = 10, φ(12) = 4

16 Proosition 47. If is rime, then φ() = 1. Proof. Since the only ositive divisors of are 1 and, { 1 if a (a, ) = if a Therefore U() = {1, 2,..., 1}. The units in the integers modulo m have many interesting roerties. Before we get to these, we rove two reliminary roositions. Proosition 48. If a, b and m are ositive integers and a b (mod m), then (a, m) = (b, m). Proof. Since a b (mod m), a b = km for some integer k. By definition, (b, m) divides m, and by Proosition 7 (2), (b, m) divides a = b + km. Since (b, m) is a common divisor of m and a, (b, m) (a, m). On the other hand, (a, m) is a divisor of m by definition, and Proosition 7 (2) tells us that (a, m) divides b = a km. Since (a, m) is a common divisor of m and b, (a, m) (b, m). Proosition 49. Let a, b and c be ositive integers. (1) If (a, b) = (a, c) = 1, then (a, bc) = 1. (2) If a c and b c and (a, b) = 1, then ab c. (3) If a bc and (a, b) = 1, then a c. Proof. (1) By contradiction. Suose (a, bc) = d > 1. Then d has a rime divisor by Theorem 11. Since d and d bc, bc by Proosition 7 (1). Then b or c by Proosition 29, so (a, b) or (a, c), a contradiction. (2) Since a c, c = ka for some integer k. Moreover, by Proosition 26, we can find integers m and n such that ma + nb = 1. Then k = k 1 = k(ma + nb) = cm + knb. It follows by Proosition 7 (2) that b k, so there is an integer l such that k = bl. Hence c = ka = l(ab), and ab c. (3) Since a bc and (a, b) = 1, there exist integers k, m and n such that bc = ak and ma + nb = 1. Then c = c(ma + nb) = cma + nbc = cma + nka = a(cm + nk), and therefore a c.

17 Proosition 50. If a and m are integers with m 1 and (a, m) = 1, then there is an r φ(m) such that a r 1 (mod m). Proof. Consider the integers a, a 2, a 3,..., a φ(m)+1. Since (a, m) = 1, (a n, m) = 1 for any n 1 by Proosition 49 (1). Hence the list above has φ(m) + 1 elements, each corime to m. By Proosition 48, the least residues of these are in the set U(m). Since U(m) has φ(m) elements, it follows that these owers of a cannot all be distinct modulo m. So a i a j (mod m) for some i < j. By Corollary 43, then, a j i 1 (mod m). Definition 51. If a and m are corime integers with m 1, we call the smallest ositive integer r such that a r 1 (mod m) the order of a modulo m. Examle 52. The order of 3 modulo 11 is 5, since (mod 11), (mod 11), (mod 11) (mod 11), (mod 11). Proosition 53. Suose a and m are integers with m > 0 and (a, m) = 1. If s is a ositive integer such that a s 1 (mod m), then the order of a modulo m divides s. Proof. Denote by t the order of a modulo m. By the division algorithm we obtain s = qt + r with 0 r < t. Then 1 a s a qt+r (a t ) q a r a r (mod m). Since r < t, r = 0 by the definition of order, and therefore t s. Theorem 54. (Fermat) If m 1 and (a, m) = 1, then a φ(m) 1 (mod m). Proof. Consider the set of φ(m) congruence classes modulo m reresented by the set of integers U(m) = {n 1 n m and (n, m) = 1}. By Corollary 43, the φ(m) integers

18 {an n U(m)}, also reresent φ(m) distinct congruence classes modulo m. Indeed, since (an, m) = 1 by Proosition 49 (1), it follows that the congruence classes reresented by these two sets are the same. Therefore n an a φ(m) n (mod m). n U(m) n U(m) n S Uon canceling, we find that a φ(m) 1 (mod m). Corollary 55. If m 1 and (a, m) = 1, then the order of a modulo m divides φ(m). Examle 56. Suose we want to know the order of 5 modulo 257. Since 257 is rime and 5 257, we know that this order is a divisor of φ(257) = 256 = 2 8. Since the divisors of 2 8 are 1, 2, 2 2,..., 2 8, to find the order of 5 we need only comute (mod 257), 5 4 = (5 2 ) 2 = (mod 257) (mod 257), (mod 257) (mod 257), (mod 257) (mod 257), and therefore 5 has order 256 modulo 257. Corollary 57. If is rime and a, then a 1 1 (mod ). Corollary 58. If is rime and a is any integer, then a a (mod ). We end this section by considering the question of simultaneous congruences. Theorem 59. (Chinese Remainder Theorem) Suose m 1, m 2,..., m r are ositive integers such that (m i, m j ) = 1 if i j. Let a 1, a 2,..., a r be any integers, and write m = m 1 m 2 m r. Then there exists an integer x such that x a i (mod m i ) for every 1 i r. Moreover, for any integer y satisfying these congruences, y x (mod m).

19 Proof. For each 1 j r, m/m j is an integer, and by Proosition 49 (1), (m/m j, m j ) = 1. Then by Proosition 42, there is an integer b j such that (m/m j )b j 1 (mod m j ). Let r x = (m/m j )b j a j. j=1 Since (m/m j )b j 0 (mod m i ) if i j, it follows that for every 1 i r, x (m/m i )b i a i a i (mod m i ). Now, if y is any solution of the stated congruences, then m i (x y) for all i. By Proosition 49 (2), it follows that m (x y), and thus x y (mod m).

20 POLYNOMIALS Some of the most famous roblems in number theory are stated in terms of olynomials. Perhas the most renowned of all, and which remained unsolved for 350 years, is known as Fermat s Last Theorem. Theorem 60. (Wiles) If x, y and z are ositive integers and n 3, then x n + y n z n. There are many techniques for studying integer solutions of olynomial equations. We illustrate some here. Examle 61. The equation x 2 + 5y 2 = 2 has no integer solutions, because if x, y Z, the LHS (left hand side) is nonnegative. Notice that this equation has no real solutions either, by the same argument. Examle 62. The equation x 2 + 5y 2 = 2 has no integer solutions. To see this, notice first that if x, y Z, then LHS 5y 2 5 whenever y 0. So any solution would have y = 0, but this leaves x 2 = 2, which has no integer solution. Notice that this equation has infinitely many real solutions; indeed, its grah in the real lane is an ellise. Examle 63. The equation x 2 5y 2 = 2 has no integer solutions. To see this, notice that if x, y Z, then LHS x 2 (mod 5). Now, (mod 5), (mod 5), (mod 5), (mod 5), (mod 5), and since every integer is congruent to one of {0, 1, 2, 3, 4} modulo 5, it follows that x 2 cannot be congruent to 2 modulo 5. Notice that this equation has infinitely many real solutions; indeed, its grah is a hyerbola. Examle 64. The equation x 2 + 5y 2 = 1 has exactly two integer solutions, (x, y) = (±1, 0). To see this, note that LHS 5y 2 5 if y 0, so any integer solution would have y = 0, leaving x 2 = 1. Examle 65. The equation x 2 5y 2 = 1 has infinitely many integer solutions. To see this, note first that (x, y) = (9, 4) is an integer solution. Now, we may factor the LHS, giving us (x y 5)(x + y 5) = 1, and so (9 4 5)( ) = 1. For each n 1, define a n, b n Z by ( ) n = a n + b n 5. Then (9 4 5) n = a n b n 5, and since

21 1 = 1 n = [( )(9 5)] n = (a n + b n 5)(an b n 5) = a 2 n 5b 2 n, we find that (x, y) = (a n, b n ) is an integer solution of our equation for every n 1. And since a n+1 > a n for every n 1, it follows that these constitute infinitely many distinct integer solutions. For examle, ( ) 2 = , and so (x, y) = (161, 72) is a solution. Perhas the most widely known olynomial equation is that arising in the Pythagorean Theorem: x 2 + y 2 = z 2. Let us now study this equation. Notice that if (x, y, z) is an integer solution of this equation (called a Pythagorean trile), then (x/z, y/z) is a oint with rational coordinates (a rational oint) on the unit circle. We now use a geometric argument to show that we can arametrize the rational oints on the unit circle (and therefore the Pythagorean triles). Consider a line through the oint ( 1, 0) with rational sloe m. Its equation is y = m(x + 1), and such a line intersects the unit circle in a second oint. To see what this other oint is, we substitute and factor: 1 = x 2 + [m(x + 1)] 2, and therefore 0 = (m 2 + 1)x 2 + 2m 2 x + (m 2 1) = (x + 1)[(m 2 + 1)x + (m 2 1)]. Therefore the second oint of intersection is ( ) 1 m 2 (x, y) = 1 + m, 2m m 2 Hence every m Q gives us a rational oint on the unit circle. Moreover, if (a, b) ( 1, 0) is a rational oint on the unit circle, then the line through it and ( 1, 0) has sloe b/(a + 1), a rational number. It follows that using our lines of rational sloe through ( 1, 0), we obtain all of the rational oints on the unit circle. Letting m = a/b in our receding discussion, we find: Theorem 66. Every Pythagorean trile (x, y, z) with y even has the form x = b 2 a 2, y = 2ab, z = a 2 + b 2,

22 with a, b Z. Let us now focus on olynomials of one variable. Let Z[x] denote the set of olynomials in one variable x with coefficients in Z. We consider quadratic olynomials first. Proosition 67. Let be rime, x Z. Then x 2 1 (mod ) if and only if x ±1 (mod ). Proof. Using Proosition 29, x 2 1 (mod ) (x 2 1) = (x 1)(x + 1) (x 1) or (x + 1) x 1 (mod ) or x 1 (mod ) Theorem 68. (Wilson s Theorem) If is rime, then ( 1)! 1 (mod ). Proof. One can easily check that the theorem is true if = 2 or = 3, so let us assume that 5. For each 1 a 1, (a, ) = 1, so by Proosition 42 there is a b Z such that ab 1 (mod ). By Proosition 67, b a (mod ) only if a = 1 or a = 1. Therefore, in the roduct ( 1)!, we may air each 2 a 2 with its multilicative inverse and multily them (giving 1 modulo ). It follows that 2 ( 1)! = 1 a ( 1) 1 1 ( 1) 1 a=2 Examle 69. If = 7, (mod ). 6! = 1 (2 4) (3 5) (mod 7). Some very interesting henomena arise in the study of olynomial equations modulo. Proosition 70. Let be a rime. Then x 2 1 (mod ) has an integer solution x if and only if = 2 or 1 (mod 4).

23 Proof. If = 2, take x = 1. Suose is odd from now on. If 1 (mod 4), we now show that we can build a solution. Using Theorem 68 and the fact that ( 1)/2 is even, 1 ( 1)! = = 2 j 1 j=1 [ ] [ ] + 1 ( 2) ( 1) ( j) 1 j=1 ( 1) j=1 2 j( j) 1 j= j 2 j j=1 2 2 ( j 2 ) 1 j=1 (mod ), so indeed we have a solution if 1 (mod 4). Now suose that we have a solution x. Clearly x, and therefore ( 1) 1 2 (x 2 ) 1 2 x 1 1 (mod ) by Corollary 57. Since 1 is not congruent to 1 modulo, it follows that ( 1)/2 is even, and therefore 1 (mod 4). We have just seen that the question of whether x 2 1 (mod ) has a solution naturally divides the odd rimes u into congruence classes (1 and 3) modulo 4. Notice that Proosition 70 imlies that the olynomial x is never equal to a rime that is congruent to 3 modulo 4 when x is an integer. An interesting oen question in number theory is: Is x rime for infinitely many integer values of x? Indeed, there is no olynomial in Z[x] of degree at least two which has been roven to be rime for infinitely many integer values of x. We now exand our view to olynomials of higher degree. Algorithm 71. (Division Algorithm for olynomials) Given f(x), g(x) Z[x] with f(x) monic and deg(f(x)) 1, there exist unique q(x), r(x) Z[x] such that with 1 deg(r(x)) < deg(f(x)). g(x) = q(x)f(x) + r(x) Proof. For the existence of q(x) and r(x), consider the set S = {g(x) h(x)f(x) h(x) Z[x]}.

24 Since f has ositive degree, the set S clearly has elements of ositive degree. Let r(x) be an element of S of minimal degree. Then r(x) = g(x) q(x)f(x) for some q(x) Z[x]. We claim that 0 deg(r(x)) < f(x), because if deg(r(x)) deg(f(x)), then if the leading coefficient of r(x) is c, we have that g(x) [ q(x) + c x deg(r(x)) deg(f(x))] f(x) is an element of S with degree less than deg(r(x)), a contradiction. For uniqueness, suose g(x) = q 1 (x)f(x) + r 1 (x) = q 2 (x)f(x) + r 2 (x) with 0 deg(r 1 (x)) deg(r 2 (x)) < deg(f(x)). Then r 1 (x) r 2 (x) = (q 2 (x) q 1 (x))f(x). Since deg(r 1 (x) r 2 (x)) < deg(f(x)), it must be that q 2 (x) q 1 (x) = 0. Thus q 1 (x) = q 2 (x); this along with the last dislayed equation imlies that r 1 (x) = r 2 (x). Theorem 72. If f Z[x] is a monic olynomial and 1 deg(f(x)) <, then f has no more than deg(f(x)) distinct roots modulo. Proof. By induction on the degree of f. If deg(f(x)) = 1, then f(x) = x a for some a Z. Clearly this has exactly one root: x a (mod ). Now suose that the theorem is true for all olynomials of the given form of degree n. If n = 1 we re done. If not, let f be a monic olynomial of degree n + 1. If f has no roots modulo, the theorem is certainly true for f. So let us assume that there is an integer a such that f(a) 0 (mod ). By the Division Algorithm, f(x) = (x a)q(x) + r(x) with 0 deg(r(x)) < 1. Hence r(x) has degree zero, i.e. r(x) = r Z. Since 0 f(a) r (mod ), we have that r. Moreover, since deg(q(x)) < deg(f(x)), we have by the induction hyothesis that q(x) has < deg(f(x)) roots modulo. Now, for any b Z, so by Proosition 29, f(b) = (b a)q(b) + r (b a)q(b) (mod ), f(b) 0 (mod ) b a (mod ) or q(b) 0 (mod ). Thus f has deg(f(x)) solutions modulo.

25 Notice that by Corollary 58, when we are working modulo, there is no need to consider olynomials of degree. Examle 73. The assumtion that is rime is crucial in Theorem 72. For examle, x 2 1 (mod 8) has four solutions modulo 8: 1, 3, 5 and 7. Moreover, x 2 1 (mod 24) has 8 solutions modulo 24: 1, 5, 7, 11, 13, 17, 19 and 23. Proosition 74. Suose is an odd rime, a Z and a. Then x 2 a (mod ) has zero or two solutions modulo. Proof. If there are no solutions, we are done. On the other hand, if there exists an x Z such that x 2 a (mod ), then x is also a solution, and since is odd, x and x are not congruent modulo. Thus we have at least two solutions modulo in the latter case, and by Theorem 72, we have exactly two solutions modulo. We now endeavor to use our results on olynomials to describe the structure of the set of units of Z/Z when is a rime. Recall that, by Proostion 42, the congruence classes reresented by {1, 2,..., 1} are the units of Z/Z. Proosition 75. Suose a, b and m are integers with m > 0 and (a, m) = (b, m) = 1. If a has order k modulo m, b has order l modulo m and (k, l) = 1, then ab has order kl modulo m. Proof. By Proosition 49 (1), (ab, m) = 1, so ab has an order modulo m; denote this order by r. Now, (ab) kl = (a k ) l (b l ) k 1 l 1 k 1 so by Proosition 53, r kl. Furthermore, (mod m), b kr = 1 b kr = (a k ) r (b kr ) = (ab) kr = ((ab) r ) k 1 k 1 (mod m), so by Proosition 53, l kr. Since (k, l) = 1, it follows by Proosition 49 (3) that l r. By considering a lr, an exactly analogous argument shows that k r. Since (k, l) = 1, Proosition 49 (2) tells us that kl r. As we showed earlier that r kl, it must be that r = kl. Definition 76. If a and m are integers with m > 0 and (a, m) = 1, we call a a rimitive root modulo m if a has order φ(m) modulo m. Notice that by Theorem 54, φ(m) is the maximal order that an element can have modulo m.

26 Examle is a rimitive root modulo 7, since it has order 6: (mod 7), (mod 7), (mod 7), (mod 7), (mod 7), (mod 7). In general, if a is a rimitive root modulo a rime, all of the congruence classes {1, 2,..., 1} are owers of a, i.e., the ositive owers of a run through all of the nonzero congruence classes modulo. Theorem 78. If is rime, then there exists a rimitive root modulo. Proof. If = 2, then x = 1 is a rimitive root modulo. Assume from now on that is odd. We claim first that if d ( 1) and d > 0, then x d 1 (mod ) has exactly d solutions modulo. To see this, write 1 = de. We know that y e 1 = (y 1)(y e 1 + y e y + 1). Letting y = x d, it follows that x 1 1 = x de 1 = (x d 1)(x d(e 1) + x d(e 2) + + x d + 1). By Corollary 57, x 1 1 has 1 roots modulo. And by Theorem 72, x d(e 1) has d(e 1) = ( 1) d roots. By Proosition 29, it follows that x d 1 has at least d roots modulo, and by Theorem 72 it therefore has exactly d roots modulo. For each rime divisor q of 1, define α(q) := q vq( 1). By what we have just shown, x α(q) 1 has α(q) roots modulo. Moreover, x α(q)/q 1 has α(q)/q roots modulo, each of which, of course, is a root of x α(q) 1. Thus x α(q) 1 has α(q) (α(q)/q) roots that are not roots of x α(q)/q 1. By Proosition 53, the roots of x d 1 0 (mod ) are those elements whose order modulo is a divisor of d. Thus we have shown the existence of α(q) (α(q)/q) elements of order α(q). To finish the roof, for each rime divisor q of 1, let β q be an integer whose order modulo is α(q). Then by Proosition 75, q ( 1) β q has order q ( 1) α(q) = 1.

27 PSEUDOPRIMES Recall that we have an algorithm for testing whether a ositive integer is rime (Algorithm 15). Since we have a rimality test, our goal should now be to find the most efficient rimality test ossible. Notice that Corollary 57 gives a necessary condition for a number n to be rime: if n is rime, it must be the case that a n 1 1 (mod n) for any integer a such that n a. Therefore we can use Corollary 57 to rove that numbers are comosite. For examle, suose we wanted to rove that 91 is comosite. One way would be to exhibit a roer divisor of 91, for examle 7. Another way to rove this would be to note that 2 91, and that (mod 91); it follows from Corollary 57 that 91 is not rime. This second method of roof that 91 is comosite might seem a bit strange and indirect. However, as we will see, its indirectness is its strength; indeed, notice that it allowed us to rove that 91 is comosite WITHOUT FINDING A PROPER DIVISOR OF 91. Of course, we could take this same aroach for any odd integer n: (mod 9), (mod 15), (mod 21), (mod 25), (mod 27), (mod 33). Notice that our 2-test detects every odd comosite 33. This is very intriguing because, as we will now see, alying the 2-test takes much less work than using Algorithm 15. Definition 79. For any real number x, we denote by π(x) the number of rimes that are less than or equal to x. Examle 80. The first 8 rimes are 2, 3, 5, 7, 11, 13, 17 and 19. Therefore π(10) = 4, π(13) = 6, π(14) = 6 and π(19) = 8. In the worst case, which is when n is rime, Algorithm 15 involves testing all of the rimes u to n for divisors; that is, it will take π( n) stes. How about our 2-test? We may imlement this test in an efficient way as follows. If n 1 = log 2 (n 1) j=1 a j 2 j (a j = 0 or 1) is the binary exansion of n 1, we may by successive squaring comute Then 2 2, 2 4 = (2 2 ) 2, 2 8 = (2 4 ) 2,..., 2 log 2 (n 1) (mod n).

28 2 n 1 j with a j =1 2 2j (mod n). This entire rocess involves no more than 2 log 2 (n) multilications. If we comare π( n) to 2 log 2 (n) for increasingly large values of n, we see that the 2-test becomes much more efficient than Algorithm 15 as n grows: π( 10000) = 25, 2 log 2 (10000) = π( ) = 168, 2 log 2 ( ) = π( ) = 1229, 2 log 2 ( ) = The question, then, is Is the 2-test a rimality test? Unfortunately the answer is no ; indeed, the smallest comosite number that asses the 2-test is 341 = Thus the 2-test is not a rimality test. You might be thinking what is so secial about 2? The answer is nothing. Indeed, for any n such that 3 n we may subject n to a 3-test as well to try to determine whether n is comosite. Indeed, if we aly it to 341 we find that (mod 341), and we may conclude by Theorem 54 that 341 is comosite. Like the 2-test, the 3-test is not a rimality test either; the smallest comosite that asses the 3-test is 91. However, we saw that the comosite 341, which asses the 2-test, does not ass the 3-test; also, the comosite 91 asses the 3-test, but does not ass the 2-test. Perhas the 2-test and 3-test together constitute a rimality test? Unfortunately this is not the case either. The smallest comosite that asses both the 2-test and the 3-test is So we have not found another rimality test yet, but erhas we are simly not working hard enough yet. Indeed, recall that for a ositive integer n, Theorem 54 offers us an a-test for any integer a such that (a, n) = 1 (of course, since these tests involve comutations modulo n, we may as well assume that 1 a n). And since each a-test is much more efficient (for large n) than Algorithm 15, we could aly multile a-tests and still do less work than if we were to aly Algorithm 15. Definition 81. If n is comosite and (a, n) = 1, we call n a seudorime to the base a if a n 1 1 (mod n).

29 Examle 82. As we discussed above, 341 is a seudorime to the base 2, and 91 is a seudorime to the base 3. Examle 83. {341, 561, 645, 1105, 1387, 1729, 1905} is the set of all seudorimes to the base 2 that are 2000, and {91, 121, 286, 671, 703, 949, 1105, 1541, 1729, 1891} is the set of all seudorimes to the base 3 that are 2000, and {4, 124, 217, 561, 781, 1541, 1729, 1891} is the set of all seudorimes to the base 5 that are We see from the last examle that the only comosite less than 2000 that asses 2-test, 3-test and 5-test is We might hoe that finding a rimality test simly comes down to alying enough a-tests. Definition 84. A comosite integer n is called a Carmichael number if it is a seudorime to the base a for every integer a with (a, n) = 1. The question of whether a battery of a-tests will constitute a rimality test comes down to the question are there any Carmichael numbers, and if so, how many? For our goal of using Theorem 54 to create a new rimality test, this question has the worst ossible answer; Alford, Granville and Pomerance have rove that there DO exist Carmichael numbers (561 is the smallest), and there are infinitely many of them. QUADRATIC RESIDUES We have seen some of the interesting asects of quadratic olynomials. We now develo language that will make discussion of this toic easier. Definition 85. Let m be a ositive integer. If a is an integer that is corime to m, we say that a is a quadratic residue modulo m if there exists an integer x such that x 2 a (mod m); if no such x exists, we call a a quadratic nonresidue modulo m. Notice that by the very definition of quadratic residue, if a and b are integers such that (a, m) = 1 = (b, m) and a b (mod m), then a is a quadratic residue modulo m if and only if b is a quadratic residue modulo m.

30 Examle 86. Since (mod 5), (mod 5), (mod 5) and (mod 5), 1 and 4 are quadratic residues modulo 5, and 2 and 3 are quadratic nonresidues modulo 5. Examle 87. If is rime, by Proosition 70, 1 is a quadratic residue modulo if and only if = 2 or 1 (mod 4). Proosition 88. Let be an odd rime. Then exactly ( 1)/2 of the integers {1, 2,..., 1} (i.e., exactly half of them) are quadratic residues. Proof. Follows directly from Proosition 74. Definition 89. If ( is ) an odd rime and a is an integer, we define the a Legendre symbol by ( ) a 1 if a is a quadratic residue modulo, = 1 if a is a quadratic nonresidue modulo, 0 if a. Notice ( ) that, ( by ) the definition of quadratic residue, if a b (mod ), then =. a b Proosition 90. Let be an odd rime, a an integer ( ) such that a, and suose g is a rimitive root modulo. Then = 1 if and only if g 2n a (mod ) for some ositive integer n. ( ) Proof. First suose that = 1. Then there exists an integer x such a that x 2 a (mod ). Notice that since a, x. Hence x g n (mod ) for some ositive integer n, and therefore a x 2 (g n ) 2 g 2n (mod ). Now suose that a( ) g 2n for some integer n. Then a (g n ) 2 (mod ), and therefore = 1. a ( Recall ) that Proosition 70 tells us that if is an odd rime, then = 1 if and only if 1 (mod 4). Since ( 1)/2 is even if and 1 only if 1 (mod 4), we have that ( ) 1 = ( 1) 1 2. a

31 Proosition 91. If is an odd rime, a is an integer and a, then ( ) a a ( 1)/2 (mod ). Proof. By Corollary 57, (a ( 1)/2)2 ( 1 ) (mod ), so by Proosition ( ) 67, a ( 1)/2 ±1 (mod ). And since = ±1, we have that ±1 (mod ). Let g be a rimitive root modulo. Then a g s (mod ) for some ositive integer s. Hence a ( 1)/2 1 (mod ) (g s ) ( 1)/2 1 (mod ) ( ) ( ) 1 a ( 1) s 2 s = 1 2 ( ) ( by Proosition 90. And since is odd, = 1 if and only if (mod ). a a a a ) 1 Proosition 92. If a and b are integers and is a rime, then ( ) ab = ( a ) ( ) b. ( ) ab Proof. Let us first consider the case where ab. Then = 0 by ( ) a definition. And by Proosition 29 either a (in which case = 0) ( ) ( ) ( ) or b (in which case = 0); thus = 0. b Suose from now on that ab. Then a and b. By Proosition 92, Then ( ) a a ( 1)/2 (mod ) and a b ( ) b b ( 1)/2 ( ) ( ) a b a ( 1)/2 b ( 1)/2 (ab) ( 1)/2 (mod ). (mod ),

32 ( and this last is congruent modulo to a b ) ab by Proosition 92. Since ( ) ab is odd (and therefore (1 ( 1)) = 2), it follows that = ( ) ( ). Now that we have roven some of the basic roerties of the Legendre symbol, let us turn our attention to finding an efficient way to comute it. The most owerful tool for doing this is known as Gauss law of quadratic recirocity. The following two roositions are useful in the roof of this law. Proosition 93. (Lemma of Gauss) Let be an odd rime, a an integer such that a. Consider the least residues of ( ) 1 1 a, 2 a,..., a 2 ( ) modulo. If exactly n of these least residues exceed /2, then = ( 1) n. a Proosition 94. If is an odd rime, a is an odd integer such that a, and we define t by then ( a t = ) ( = ( 1) t. Moreover, 2 2 ja, 1 j=1 ) = ( 1) Theorem 95. (Gauss law of quadratic recirocity) If and q are distinct odd rimes, then ( ) ( ) q = ( 1) 1 q q Proof. Define S = {(x, y) x, y Z, 1 x 1 2, 1 y q 1 2 },

33 S 1 = {(x, y) S qx > y}, S 2 = {(x, y) S qx < y}. Notice that if (x, y) S, then qx y, for if qx = y, then qx, so by Proosition 29, q or x. But and q are distinct rimes, so q, and since 1 x 1, x, a contradiction. It follows 2 that S 1 S 2 =. Moreover, it is clear that S 1 S 2 = S. Therefore #S = #S 1 + #S 2. Since #S 1 = 2 1 j=1 we have by Proosition 94 that ( q ) ( ) q qj and #S 2 = 2 q 1 j=1 j q, = ( 1) #S 1+#S 2 = ( 1) #S = ( 1) 1 q Corollary 96. Suose and q are distinct odd( rimes. ) ( ) q (1) If 1 (mod 4) or q 1 (mod 4), then =. q ( ) ( (2) If 3 (mod 4) and q 3 (mod 4), then = In the next roosition we collect results that, along with Theorem 95 and Proosition 92, allow us to comute Legendre symbols with great efficiency. q q ). Proosition 97. Let be an odd rime. ( (1) ( (2) ) 1 2 ) = { 1 if 1 (mod 4) { 1 if 3 (mod 4) 1 if 1, 7 (mod 8) 1 if 3, 5 (mod 8) = Proof. We already roved the first art above. For the second art, since is odd, 1, 3, 5 or 7 (mod 8). If 1 (mod 8), then = 8k + 1 for some ositive integer k. Then by Proosition 94,

34 ( ) 2 = ( 1) = ( 1) 8k2 +2k = 1. If 3 (mod 8), then = 8k + 3 and ( ) 2 = ( 1) = ( 1) 8k2 +6k+1 = 1. If 5 (mod 8), then = 8k + 5 and ( ) 2 = ( 1) = ( 1) 8k2 +10k+3 = 1. Finally, if 7 (mod 8), then = 8k + 7 and ( ) 2 = ( 1) = ( 1) 8k2 +14k+6 = 1. ( Examle 98. To illustrate the use quadratic recirocity, let us comute 70 ) 103. By Proosition 92, ( ) = ( Thus ( ) = ( 1)(1)( 1)(1) = 1. ) ( ) ( ) ( ) Examle 99. We can use quadratic ( ) recirocity to comletely characterize all the rimes such that = 1. First note that ( 3 3 2) = 1 and ( ( ) 3 3) = 0. Since 3 3 (mod 4), Corollary 96 tells us that 3 = ( ) 3 ( ) 3 if 1 (mod 4) and = ( 3) if 3 (mod 4). Moreover, one can easily check that 1 is a quadratic residue modulo 3 and that 2 is a nonresidue modulo 3. Hence ( ( 3) = 1 if 1 (mod 3) and 3) = 1 if 2 (mod 3). Putting all of this together using the Chinese Remainder Theorem, we find that if is rime, then ( ) 3 = 0 if = 3, 1 if 1 or 11 (mod 12), and 1 if 5 or 7 (mod 12).