Basic Number Theory 1

Transcription

1 Basic Number Theory 1 Divisibility Basic number theory uncovers the multiplicative structure of the integers. As such, the most important relation between integers is divisibility: the nonzero integer a divides the integer b, written a b, if and only if there is some third integer k for which ak = b. We can also express this relation by saying that a is a divisor of b, or b is divisible by a, or b is a multiple of a. Divisibility is a partial order on the set N of natural numbers (the positive integers); that is, the divides relation is reflexive, antisymmetric and transitive: Proposition For all x, y,z N, (1) x x; (2) if x y, then y x; and (3) if x y and y z, then x z. // If we include 0 with the natural numbers, we obtain the set N 0 of whole numbers. The special integers 0 and 1 have unique divisibility properties: Proposition Every whole number (except 0) divides 0, while 0 divides no whole number. Moreover, no whole number (except 1) divides 1, while 1 divides every whole number. //

2 Basic Number Theory 2 More generally, divisibility is naturally compatible with linear combinations of integers. Any integer of the form ax +by (where a and b are fixed integers and x and y are variable integers) is called an integer linear combination of a and b. Proposition If a b and a c, then a divides any linear combination of b and c. // The building blocks of the integers with respect to the divisibility relation are the prime numbers: the integer p is a prime number if its only divisors are 1 and itself. (The number 1 is not considered a prime because of its special divisibility properties, which are linked to the fact that 1 is the multiplicative identity element.) Numbers other than 1 that are not prime are called composite; therefore, composite numbers have divisors other than themselves and 1. Proposition If a and b are natural numbers and a b, then a b. // This simple proposition implies that every composite number n must have at least one divisor m strictly between 1 and n. (Why?)

3 Basic Number Theory 3 The most fundamental property of the set of natural numbers is generally taken as an axiom: The Well-Ordering Principle Every nonempty subset of N contains a smallest element. In particular, 1 is the smallest natural number. From this axiom, we can deduce two of the most useful theorems in all of number theory: The Division Algorithm Let m,n N with m n. Then there exist a uniquely determined pair of numbers q N and integer r that satisfy mq + r = n, 0 r < m. We call q the quotient and r the remainder on dividing n by m. Proof First we prove the existence of the numbers q and r. To do this, we form the set S consisting of those natural numbers of the form S = {n mx +1 x N }.

4 Basic Number Theory 4 By definition, S is a subset of N; moreover, we observe that the number n m + 1 lies in S (corresponding to the case x = 1) precisely because m n, so S is nonempty. Therefore, there is a least element in the set S. Let q be the value of x that makes n mx +1 the least element in S, and set r = n qm. Then necessarily, n = qm + r and r = (n qm +1) 1 0. Also, if r m, then n m(q +1) +1 = r m +1 1, contradicting the choice of q as the value of x that makes n mx +1 the least element in S. So we conclude that, indeed, r m. This proves that there exists a pair of desired numbers q and r satisfying the necessary conditions. Next, we show that there is only one such pair possible, by assuming that q and r are a second such pair. Then, by definition, qm + r = n = q m + r, 0 r, r < m. Without loss of generality, we may assume that r r ; therefore, m > r r r 0, but r r = (q q )m, so r r is simultaneoulsy a nonnegative number smaller than m which is a multiple of m. This forces r r = 0 r =, whence

5 Basic Number Theory 5 also (q q )m = 0 q q = 0 q = q. Therefore, the two pairs are actually the same pair; that is, the quotient q and remainder r are uniquely determined. // The Fundamental Theorem of Arithmetic Every natural number n has a unique factorization as a product of prime numbers, up to the order in which the factors are written. By this, we mean that for each n there is a uniquely determined subset of prime numbers, ordered in size as p 1 < p 2 < < p r, together with an associated sequence of natural number exponents e 1,e 2,,e r so that e n = p 1 e 1 p 2 e 2 p r e r = p i i. (For convenience sake, we will allow r = 0 here to represent the prime factorization of n = 1, also recognized as an empty product of primes.) Proof As before, we separate the proof of existence from the proof of uniqueness. For existence, consider the set S of natural numbers which do not have prime factorizations, as stated in the theorem. The proof is complete if we can argue that S is the empty set. So suppose it is not. Then, being a nonempty subset of N, it must have a least r i=1

6 Basic Number Theory 6 element; call it n. Then n cannot be 1, for 1 has the empty prime factorization as described above, nor is n prime, as it would then have an equally simple prime factorization: p 1 = n, e 1 = 1. So n must be composite. Thus, we can find numbers a and b with 1 < a,b < n so that n = ab. But since a and b are smaller than n, they do not lie in S, so each of them possesses a prime factorization. Therefore, the product of these two factorizations provides a prime factorization of n, contradicting that n is an element of S and finishing our argument. For the uniqueness part of the theorem, we again make use of the Well-Ordering Principle to define the set S to be the set of natural numbers which have more than one prime factorization; if this set is empty, we re done. So suppose that S is not empty, whence it has a least element, which we again call n. That is, the number n has two prime factorizations of the form n = p 1 e 1 p 2 e 2 p r e r = q 1 d 1 q 2 d 2 q s d s. which we simplify by writing in the form n = p 1 P = q 1 Q where P and Q represent the complementary factors in these factorizations.

7 Basic Number Theory 7 Then p 1 q 1, else we could cancel the common term from both factorizations, forcing P = Q, exhibiting in the process a number smaller than n with two prime factorizations, violating the minimality of n. Without loss of generality then, suppose that p 1 < q 1. Applying the Division Algorithm, we may write q 1 = xp 1 + y, 0 < y < p 1 for quotient x and remainder y. Thus, p 1 P = (xp 1 + y)q p 1 (P xq) = yq, showing that yq is a multiple of p 1. In particular, this means that, since yq < p 1 Q < q 1 Q = n, the number yq has a unique prime factorization that must involve the prime p 1, and it is clearly formed by bringing together the prime factorizations of y and Q. But y < p 1, so y cannot be a multiple of p 1, and the prime factorization of Q involves only the primes q 1,q 2,,q s, none of which is p 1. This contradiction ends the proof. // An important corollary of the Fundamental Theorem of Arithmetic is a very useful fact:

8 Basic Number Theory 8 Corollary p is prime whenever p ab, it must be that either p a or p b. Proof [ ] Suppose p is prime. If p ab, then there is an integer q for which pq = ab. By the FTA, the prime factorization of pq must involve p, so the prime factorization of ab must also involve p. Again by the FTA, the prime factorization of ab must consist of bringing together prime factorizations of a and b, so at least one of these factorizations must involve p. Thus, either p a or p b. [ ] Suppose the integer p has the property that whenever p ab, either p a or p b. If it were the case that p was composite, then there would be some factorization of p in the form ab with 1 < a,b < p. But p = ab p ab. So either p a or p b. But this forces p a or p b, both of which lead to contradictions. Therefore, p must be prime. // A crucial concept in elementary number theory is the greatest common divisor of a pair of integers m and n, which we denote gcd(m,n ). Rather than compare the sets of divisors of m and n to identify the greatest common member of both sets, a more

9 Basic Number Theory 9 reasonable method to find gcd(m,n ) uses the prime factorizations of m and n. We can express the prime factorizations of the two numbers by using the same sequence of primes for both, allowing the exponents to take on the value 0 if that prime is not a factor of the number: thus, we write m = p 1 d 1 p 2 d 2 p r d r and n = p 1 e 1 p 2 e 2 p r e r with the same sequence p 1 < p 2 < < p r of primes, and nonnegative exponents d 1,d 2,,d r and e 1,e 2,,e r. Proposition With the above notation for the prime factorizations of m and n, gcd(m,n ) = p 1 min(d 1,e 1 ) p 2 min( d 2,e 2 ) p r min( d r,e r ). // As straightforward as this looks, however, there is a far simpler method for computing gcd(m,n ), via an ancient technque, the Euclidean algorithm (so-called because it appears at the beginning of Book VII of Euclid s Elements). For example, suppose we wish to compute gcd(13320,22140). Using the division algorithm, we find that =

10 Basic Number Theory 10 This relation implies that any common divisor of and and in particular their gcd must also be a divisor of Significantly, it also implies that any common divisor of 8820 and and in particular their gcd is a common divisor of of and It follows that gcd(8820, 13320) gcd(13320, 22140) and gcd(13320, 22140) gcd(8820, 13320). So gcd(13320, 22140) = gcd(8820, 13320). This principle can be codified in the following Proposition If m n are positive integers and integers q, r satisfy m = qn + r, 0 r < n, by the Division Algorithm, then gcd(m,n ) = gcd(n,r). Proof Easy. // Applying this proposition allows us to say that gcd(8820, 13320) = gcd(4500, 8820), since 4500 is the remainder of the division of by We may therefore reduce the size of the original numbers we are dealing without having yet computed the gcd. Continuing:

11 Basic Number Theory 11 (13320,22140) = (8820,13320) = (4500,8820) = (4320,4500) = (180,4320) = = = = = = Note that at each stage, the previous divisor becomes the new dividend and the previous remainder becomes the new divisor, the divisions ending when the remainder reaches 0. The final nonzero remainder is the desired gcd. This process is the Euclidean algorithm. It can be much abbreviated by laying out the computations in a simple array: The second column holds the integer quotients ( q i) for the divisions obtained when we divide a

12 Basic Number Theory 12 number in the first column ( r i) into the number above it ( r i 1). The remainder of the division ( r i+1) becomes the subsequent number in the first column, and so on: r i 1 r i r i+1 q i (Note how much less computation is required to find the gcd by the Euclidean algorithm than via the prime factorizations of m and n. Indeed, the Euclidean algorithm has long been revered for its remarkable simplicity.) Theorem gcd(m,n) is representable as an integer linear combination of m and n. That is, there exist integers x and y so that gcd(m,n ) = xm + yn. In fact, gcd(m, n) is the smallest positive integer linear combination of m and n. Proof We need only prove the final statement since the first assertion follows from it directly. Let S be the set of all positive integers of the form xm + yn. Clearly, S is non-empty (consider x = 1, y = 0, or x = 0, y = 1), so it has a least element. Call this number g = x 0 m + y 0 n.

13 Basic Number Theory 13 Now g is divisible by every common factor of m and n; in particular, gcd(m, n) g. So gcd(m, n) g. On the other hand, dividing m by g yields a quotient and remainder: m = qg + r, 0 r < g. Subtituting for g in this equation we obtain m = q(x 0 m+ y 0 n)+ r, or r = (1 qx 0 )m+( qy 0 )n. But this means either that r is in S and is smaller than g, which is impossible, or that r = 0. Therefore, the latter must be true, and g m. An entirely similar argument shows that g n, too. So g is a common divisor of m and n, whence g gcd(m, n), implying that g gcd(m, n). We can then conclude that g = gcd(m, n). // It is possible to extend the Euclidean algorithm slightly so as to compute the values of x and y for which gcd(m,n) = xm + yn: Find x and y so that gcd(22140, 13320) = 22140x y. Consider solutions to the equation r = 22140x y

14 Basic Number Theory 14 r x y q We place the trivial solutions x = 1, y = 0, and x = 0, y = 1 in the first two rows of the array (recognizable as the 2 2 identity matrix), then use the same arithmetic from the integer division of each value of r by the subsequent value to determine the subsequent values of x and y as well (think elementary row operations): if the (i 1)st and ith rows of the array are determined by equations r i 1 = 22140x i y i 1 r i = 22140x i y i and r i+1 = r i 1 q i r i, then the (i+1)st row is determined by subtracting q i times the ith equation from the (i 1)st: x i+1 = x i 1 q i x i, y i+1 = y i 1 q i y i.

15 Basic Number Theory 15 When the array produces the gcd as the last nonzero remainder, the row of the array containing this gcd also contains the appropriate coefficients that represent it as a linear combination of and 13320: for instance, from the above array, we see that 180 = If the numbers a, b have gcd = 1, we see that they share no common factors besides 1. Such are numbers are said to be relatively prime to each other. Euclid s Lemma If a bc and gcd(a, b) = 1, then a c. Proof Since gcd(a, b) = 1, we can find integers x and y so that ax +by = 1. Multiplying through by c gives cax + cby = c, and since both terms on the left are divisible by a (the second term because a bc), it follows that a c. // Proposition If a c, b c and gcd(a, b) = 1, then ab c. Proof As in the previous proof, we write ax +by = 1 for suitable integers x, y. Then, a c, b c

16 Basic Number Theory 16 c = ak = bl for integers k and l, so c = c(ax +by) = cax + cby = (bl )ax + (ak)by = ab(lx +ky) ab c. // To solve the more general equation ax + by = c in integers (that is, given integers a, b, c, find suitable integer solutions x, y), we apply Brahmagupta s Theorem Given integers a, b, c, the Diophantine equation (*) ax + by = c has no integer solutions unless gcd(a, b) c, in which case the solutions to (*) are the same as those to (**) a gcd(a,b) x + b gcd(a,b) y = c gcd(a,b). Moreover, if x = x 0, y = y 0 is any one solution to (**), then all solutions to (**) have the form x = x 0 + for any integer k. b gcd(a,b) k, y = y 0 a gcd(a,b) k

17 Basic Number Theory 17 Proof If (*) has a solution, then since gcd(a, b) divides the left side of the equation, it must divide the right: gcd(a, b) c. When this condition holds, dividing through (*) by gcd(a, b) yields (**), so both equations have the same set of solutions. Putting a = a gcd(a,b), b = b gcd(a,b), c = c gcd(a,b), note that since a and b are relatively prime, we can, by the extended Euclidean algorithm, find integers X, Y so that a X + b Y = 1. It follows that x 0 = c X, y 0 = c Y satisfy (**). Thus, (**) is solvable. If x = x 0, y = y 0 is any one solution to (**) and x = x 1, y = y 1 is another, then subtracting these two equations gives the relation a (x 0 x 1 ) = b (y 0 y 1 ). And since a and b have no common factors, we conclude that a (y 0 y 1 ). It follows that y 1 = y 0 k a and so also x 1 = x 0 +k b. // In a groundbreaking work in 1801, Gauss developed one of the most useful concepts in all of number theory, the idea of congruence: where a, b, m are integers and m is nonzero, he writes a b (modm), read as a is congruent to b modulo m, to mean that

18 Basic Number Theory 18 a b (modm) m (a b) a,b have the same remainder when divided by m Here, m is called the modulus. Congruences are prototypical examples of equivalence relations: Proposition Congruence mod m is an equivalence relation (it is reflexive, symmetric, transitive). // At least as important is the fact that congruence mod m is compatible with arithmetic. Proposition If a b (mod m) and c d (modm), then (1) a + c b +d (modm); (2) ac bd (mod m); (3) a k b k (modm) for any positive integer k. // Proposition (1) Reduction: If a b (mod m) and n m, then a b (mod n). (2) Cancellation: If ac bc (mod m), then a b (mod m gcd(c,m ) ). //

19 Basic Number Theory 19 Because congruence mod m is an equivalence relation, the integers are partitioned into equivalence classes under this relation, called more appropriately congruence classes mod m. (Thus, every integer belongs to exactly one congruence class mod m and no two congruence classes have any numbers in common.) There are exactly m congruence classes mod m and they are determined by the m possible remainders (or as Gauss called them, residues) r = 0, 1,, m 1 on division by m. These m numbers constitute the standard residue system (SRS) mod m, e.g. {0, 1, 2, 3, 4, 5, 6} is a SRS mod 7. The Cancellation property of congruences, namely that ac bc (modm) a b (mod ), implies m gcd(c,m ) that in general, one may not divide through a congruence by a common factor: if ac bc (mod m), we may not be able to conclude that a b (modm). (Give an example of this!) It is possible to cancel common factors only if gcd(c, m) = 1, that is, the factor we want to cancel is prime to the modulus. In another interpretation, this says that numbers have multiplicative inverses mod m only when they are relatively prime to m.

20 Basic Number Theory 20 The Euclidean algorithm can be used not only to determine that gcd(c, m) = 1, but at the same time to find the inverse mod m of c: gcd(c,m) = 1 x, y (cx +my = 1) x, y (cx +my 1 (modm)) x (cx 1 (modm)) exhibiting x as a multiplicative inverse of c mod m. (Recall that while the integer x is not a unique solution to the equation cx + my = 1, all other solutions are conrguent to x mod m, so the congruence class of x is unique; that is, c has a unique multiplicative inverse as a congruence class mod m.) Fundamental Theorem of Linear Congruences The linear congruence ax b (mod m) is solvable only if gcd(a,m) b. When it does have solutions, the congruence has exactly gcd(a,m) congruence classes of solutions mod m: if x 0 is one congruence class solution, all others have the form x x 0 + m k (modm), for k = 0,1,,(a,m) 1. gcd( a,m )

21 Basic Number Theory 21 Proof Solving the congruence ax b (modm) is equivalent to solving the linear equation ax + my = b. So by Brahmagupta s Theorem, the congruence is solvable precisely when gcd(a, m) b, and has solutions of the desired form x x 0 + m gcd( a,m ) k (modm) for integral values of k. These solutions are distinct mod m for exactly the gcd(a, m) values indicated above. // Congruences with composite moduli are best handled by reducing them to systems of congruences with prime power moduli; the vehicle for doing this is the versatile Chinese Remainder Theorem Let m 1,m 2,,m k be pairwise relatively prime moduli. Then the system of simultaneous congruences x c 1 (modm 1 ) x c 2 (mod m 2 ) x c k (mod m k ) has a unique solution x c (modm) modulo the product m = m 1 m 2 m k of the given moduli.

22 Basic Number Theory 22 Proof Let M i = m m i. Since the m i are pairwise relatively prime, (M i,m i ) = 1. Therefore, for each i we can solve each of the congruences M i x 1 (mod m i ) to compute the inverses of the M i mod m i. Then c = c 1 M 1 M c 2 M 2 M c k M k M k 1 solves the original system since c 1 M 1 M c k M k M k 1 c i M i M i 1 (mod m i ) c i 1(mod m i ) c i (modm i ) The solution is unique mod m because if c and d are two solutions to the system, then for all i, c d (modm i ) m i (c d), and since the m i are pairwise relatively prime, it follows that m (c d), that is, c d (modm). // The proof of the theorem also suggests a speedy algorithm for computing a solution to the system. We illustrate with an example:

23 Basic Number Theory 23 Example: The system x 8 (mod12) x 6 (mod13) is equivalent to a single congruence, which is found via the following computations: c M M 1 cmm 1 x 8 (mod12) x 6 (mod13) x 32 (mod156)