An Introduction to Number Theory with Cryptography (Solutions, Instructor Solution Manual) [1 ed.] 9781482214444, 9781482214413, 1482214415

Citation preview

solutions MANUAL FOR An Introduction to

Number Theory with Cryptography by

James S. Kraft Lawrence C. Washington

solutionS MANUAL FOR An Introduction to

Number Theory with Cryptography by

James S. Kraft Lawrence C. Washington

Boca Raton London New York

CRC Press is an imprint of the Taylor & Francis Group, an informa business

CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2014 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper Version Date: 20130815 International Standard Book Number-13: 978-1-4822-1444-4 (Ancillary) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com

Contents 1 Divisibility 1.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . .

1 1 8 11

2 Unique Factorization 13 2.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3 Applications of Unique Factorization 18 3.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 29 4 Congruences 30 4.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 47 5 Cryptographic Applications 49 5.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 5.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 55 6 Polynomial Congruences 57 6.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 6.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 6.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 61 7 Order and Primitive Roots 62 7.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 7.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 7.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 70

i

8 More Cryptographic Applications 72 8.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 8.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 8.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 75 9 Quadratic Reciprocity 76 9.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 9.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 10 Primality and Factorization 87 10.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 10.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 10.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 91 11 Geometry of Numbers 93 11.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 11.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 12 Arithmetic Functions 102 12.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 12.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 12.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 106 13 Continued Fractions 108 13.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 13.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 13.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 114 14 Gaussian Integers 116 14.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 14.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 14.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 117 15 Algebraic Integers 119 15.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 15.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 16 Analytic Methods 123 16.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 16.2 Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 16.3 Computer Explorations . . . . . . . . . . . . . . . . . . . . . . . 126 A Supplementary Topics 127 A.1 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

ii

Chapter 1

Divisibility 1.1

Exercises

1. 120 = 5 · 24, 165 = 11 · 15, 98 = 14 · 7 2. 7 = 7 · 1, 25 = 10 · (5/2) and 5/2 is not an integer, −160 = 32 · (−5) 3. (a) 1, 2, 4, 5, 10, 20 (b) 1, 2, 4, 13, 26, 52 (c) 1, 3, 5, 13, 15, 39, 65, 195 (d) 1, 7, 29, 203 4. (a) 1, 2, 3, 4, 6, 12 (b) 1, 13 (c) 1, 3, 5, 15 (d) 1, 2, 4, 8, 16 5. (a) True: If c | a then there exists j with a = cj. Therefore, ab = c(jb), which says that c | ab. (b) True: If c | a and c | b, there exist j and k with a = cj and b = ck. Therefore, ab = c2 (jk), which means that c2 | ab. (c) False: Let c = 4, a = 1, b = 7. Then c - a, c - b, but c | a + b. 6. (a) Let n1 and n2 be even. Then there exist k1 and k2 such that n1 = 2k1 and n2 = 2k2 . Therefore, n1 + n2 = 2(k1 + k2 ), so n1 + n2 is even. (b) Let n1 and n2 be odd. Then there exist k1 and k2 such that n1 = 2k1 +1 and n2 = 2k2 + 1. Therefore, n1 + n2 = 2(k1 + k2 + 1), so n1 + n2 is even. (c) Let n1 and n2 be even. Then there exist k1 and k2 such that n1 = 2k1 and n2 = 2k2 . Therefore, n1 n2 = 2(2k1 k2 ) = 4(k1 k2 ), so n1 n2 is even and is a multiple of 4. (d) Let n1 and n2 be odd. Then there exist k1 and k2 such that n1 = 2k1 +1 and n2 = 2k2 + 1. Therefore, n1 n2 = 2(2k1 k2 + k1 + k2 ) + 1, so n1 + n2 is odd. 1

7. Note that n2 − n = n(n − 1). If this is a prime, we must have n = ±1 or n − 1 = ±1. These give n2 − n = 0, 2, 2, 0. Therefore, n = −1 and n = 2 make n2 − n prime. 8. a3 −a = (a−1)a(a+1), which is the product of three consecutive integers, one of which must be a multiple of 3. Therefore, the product is a multiple of 3. 9. (a), (b), (c), (d) If qp + 1 = n2 , then qp = n2 − 1 = (n + 1)(n − 1). Since p, q are primes, this says that we must have {n − 1, n + 1} = {p, q}. This says that |p − q| = 2. For (a), we have q = 3, so get p = 5. For (b), we get p = 3, 7. For (c), we get p = 31. The only way to factor pq is (up to order) p · q or 1 · pq. Since n − 1 > 1, the factorization (n − 1)(n + 1) must be the same as p · q or q · p. Therefore, p, q = n − 1, n + 1, up to order, so |p − q| = 2. 10. (a) If 2 ≤ j ≤ n, then n! + j = ((n!/j) + 1)j, and both factors are larger than 1. Therefore, n! + j is composite. (b) Let n = 101 in (a). Then 101! + 2, 101! + 3, . . . , 101! + 101 are all composite. (In fact, 101! + j is composite for −478 ≤ j ≤ 138, so we get 617 consecutive composites.) 11. (a) If x2 − y 2 = 2, then (x + y)(x − y) = 2, so x + y and x − y are divisors of 2. By changing signs if necessary, we may assume that x ≥ y ≥ 0. Therefore, x + y = 2 and x − y = 1, which yields x = 3/2 and y = 1/2, which are not integers. Now let p be an odd prime. Note that ((p + 1)/2)2 − ((p − 1)/2)2 = p. Since p is odd, (p ± 1)/2 is an integer, so p is a difference of two squares. Therefore, all odd primes are differences of two squares. (b) If p = x4 −y 4 = (x2 +y 2 )(x+y)(x−y), we may assume that x > y > 0. Since the only nonnegative factors of p are 1 and p, and x2 + y 2 > x + y > x − y > 0, we have three factors, which is impossible. Therefore, no prime is the difference of two fourth powers. 12. As in the proof of Euclid’s theorem, let p1 , . . . , pn be the first n primes and let N = p1 · · · pn + 1. Then N has a prime factor p that is not one of p1 , . . . , pn . Therefore, p = pk for some k ≥ n + 1. We now have pn+1 ≤ pk = p ≤ N , which is the desired result. 13. Here are some examples: 2 · 3 · 5 · 7 · 11 · 13 + 1 = 59 · 509 2 · 3 · 5 · 7 · 11 · 13 · 17 + 1 = 19 · 97 · 277 2 · 3 · 5 · 7 · · · 19 + 1 = 347 · 27953 2 · 3 · 5 · 7 · · · 1 · 19 + 1 = 347 · 27953 2 · 3 · 5 · 7 · · · 19 · 23 + 1 = 317 · 703763 2 · 3 · 5 · 7 · · · 23 · 29 + 1 = 331 · 571 · 34231 The prime p = 31 yields a prime. The next case of primality is p = 379.

2

See C. Caldwell and Y. Gallot, On the primality of n! ± 1 and 2 × 3 × 5 × · · · × p ± 1, Mathematics of Computation, 71 (2002), 441-448. 14. Let p be an odd prime. Then 3 + p is an even integer that is a sum of two primes. There are infinitely many primes so there are infinitely many such even integers. 15. For each prime p, there is an n with n2 < p < (n + 1)2 . Suppose there is a largest such n, call it N . Then all primes are less than (N + 1)2 , which contradicts Euclid’s theorem. Therefore, there are infinitely many such n. 16. (a) quotient = 6, remainder = 1, (b) quotient = 8, remainder = 8, (c) quotient = 11, remainder = 8, (d) quotient = −10, remainder = 10 17. (a) quotient = 1, remainder = 0, (b) quotient = 0, remainder = 9, (c) quotient = 24, remainder = 6, (d) quotient = 6, remainder = 0 18. (a) When a = b, we have a = b · 1 + 0, so quotient = 1 and remainder = 0. (b) When a = kb, we have a = b · k + 0, so quotient = k and remainder = 0. (c) When 0 < a < b, we have a = b · 0 + a, so quotient = 0 and remainder = a. 19. Divide n2 + 1 by n + 1 to get n2 + 1 = (n + 1)(n − 1) + 2. If n + 1 | n2 + 1, then n + 1 must divide 2, so n + 1 = ±1, ±2. Therefore, n = −3, −2, 0, 1. Each of these values works. 20. Divide n3 −1 by n+1 to get n3 −1 = (n+1)(n2 −n+1)−2. If n+1 | n3 −1, then n + 1 must divide 2, so n + 1 = ±1, ±2. Therefore, n = −3, −2, 0, 1. Each of these values works. 21. A person who is worth i billion adds 20i to the final number. Expand the final number in base 20: a0 + a1 20 + a2 202 + · · · . Then ai is the number of people worth i billion. 22. (a) 3, (b) 2, (c) 1 23. (a) 12, (b) 3, (c) 1 24. Let d = gcd(n, n + 1). Then d | n and d | n + 1, so d | (n + 1) − n = 1. Therefore, d = 1. 25. Let d = gcd(2n − 1, 2n + 1). Then d | (2n + 1) − (2n − 1) = 2, so d = 1 or 2. But 2n − 1 is odd and d | 2n − 1, so d 6= 2. Therefore, d = 1. 26. Let d = gcd(a + b, a − b). Then d | (a + b) + (a − b) = 2a and d | (a + b) − (a − b) = 2b. Therefore, d | gcd(2a, 2b) = 2 · gcd(a, b) = 2, so d = 1 or 2. 27. Let d = gcd(b, c). Then d | c, so d | a. Also, d | b. Therefore, d | gcd(a, b) = 1, so d = 1. 3

28. Let d = gcd(5a + 1, 12a − 9). Then d | 12(5a + 1) − 5(12a − 9) = 57, so d = 1, 3, 19, 57. If a = 0, then d = 1. If a = 1, then d = 3. If a = −4, then d = 19. If a = 34, then d = 57. (This last example was found by finding the multiple 3 · 57 = 171 = 5 · 34 + 1, which is one more than a multiple of 5). 29. (n + 1)(n! + 1) − ((n + 1)! + 1) = n, so d = gcd(n! + 1, (n + 1)! + 1) divides n and n! + 1. Therefore, d divides (n! + 1) − n · (n − 1)! = 1, so d = 1. 30. (a) Let d = gcd(n2 + n + 6, n2 + n + 4). Then d divides (n2 + n + 6) − (n2 + n + 4) = 2, so d = 1 or 2. But n2 + n is always even, so n2 + n + 4 and n2 + n + 6 are always even, so 2 | d. Therefore, d = 2. (b) Let d = gcd(n2 + n + 5, n2 + n + 3). Then d divides (n2 + n + 5) − (n2 + n + 3) = 2, so d = 1 or 2. But n2 + n is always even, so n2 + n + 3 and n2 + n + 5 are always odd. Therefore, d = 1. x y 100 1 0 31. (a) 14 0 1 2 1 −7 Therefore, gcd(14, 100) = 2 = 100 − 14 · 7. x y 1 0 (b) 84 6 0 1 Therefore, 6 = gcd(6, 84) = 6 · 1 + 84 · 0. x y 630 1 0 0 1 (c) 182 84 1 −3 14 −2 7. Therefore, 14 = gcd(182, 630) = 630 · (−2) + 182 · 7. x y 1848 1 0 1776 0 1 (d) 72 1 −1 48 −24 25 24 25 −-26. Therefore, 24 = gcd(1776, 1848) = 1776 · (−26) + 1848 · 25. x y 203 1 0 13 0 1 8 1 −15 32. (a) 5 −1 16 3 2 −-31 2 −3 47 1 5 −78. Therefore, 1 = gcd(203, 13) = 203 · 5 + 13 · (−78). 4

x y 209 1 0 0 1 (b) 57 38 1 −3 19 −1 4. Therefore, 19 = gcd(57, 209) = 57 · 4 + 209 · (−1). x y 2205 1 0 465 0 1 1 −4 (c) 345 120 −1 5 105 3 −14 15 −4 19. Therefore, 15 = gcd(465, 2205) = 465 · 19 + 2205 · (−4). x y 1066 1 0 42 0 1 16 1 −25 (d) 10 −2 51 6 3 −76 4 −5 127 2 8 −203. Therefore, 2 = gcd(1066, 42) = 1066 · 8 + 42 · (−203). 33. Apply the Euclidean algorithm: n2 + n + 1 = 1 · n2 + (n + 1) n2 = (n − 1)(n + 1) + 1 n + 1 = (n + 1) · 1 + 0. The last nonzero remainder is 1. Therefore, gcd(n2 , n2 + n + 1) = 1. 34. (a) 89 = 55 + 34 55 = 34 + 21 34 = 21 + 13 21 = 13 + 8 13 = 8 + 5 8=5+3 5=3+2 3 = 2 + 1. Therefore, gcd(89, 55) = 1. (b) Since Fn+1 = Fn + Fn−1 and 0 ≤ Fn−1 < Fn , we have quotient = 5

1 and remainder = Fn−1 . The next step is Fn = Fn−1 + Fn−2 , so the quotient is 1 and the remainder is Fn−2 . At the jth step, the quotient is 1 and the remainder is Fn−j . The (n − 2)nd step is 3 = 2 + 1, so the gcd is 1. 35. (a) 13 = 2 · 5 + 3, 5 = 1 · 3 + 2, 3 = 1 · 2 + 1, 2 = 2 · 1 + 0 (b) 1111111111111 = 100001000 · 11111 + 111, 11111 = 100 · 111 + 11, 111 = 10 · 11 + 1, 11 = 11 · 1 + 0 (c) If a = bq + r with r > 0, then c = dQ + R, where Q is q ones, each separated by b − 1 zeros, and the last 1 is followed by r zeroes; and R is r ones. 36. Suppose ai 6= 0. Then T contains the nonzero numbers ai and −ai , so T contains a positive integer. Let e = a1 x1 + · · · + an xn be the smallest positive integer in T . Pick some index j and write aj = eq + r with 0 ≤ r < e. Then r = aj − eq is a linear combination of a1 , . . . , an , as in the proof of Theorem 1.11. Since r is smaller than e, we must have r = 0, so e | aj . Therefore, e divides each aj . If d is any common divisor of a1 , . . . , an then d divides a1 x1 + · · · + an xn , so d ≤ e. Therefore, e is the largest common divisor. By construction, e is a linear combination of a1 , . . . , an . 37. (a) 12345 = 1 · 53 + 2 · 52 + 3 · 5 + 4 = 194. (b) 101012 = 24 + 22 + 1 = 21. (c) 11111 = 112 + 11 + 1 = 133. 38. (a) Do the division algorithm, as explained in Section 1.8: 54321 = 6 · 9053 + 3 9053 = 6 · 1508 + 5 1508 = 6 · 251 + 2 251 = 6 · 41 + 5 41 = 6 · 6 + 5 6=6·1+0 1 = 6 · 0 + 1. The answer is 1055253. (b) The answer is 11110100001001000000. (c) The answer is 160410. 39. (a) One solution is (2, 1). By Theorem 1.14, all solutions are given by x = 2 + 4t, y = 1 − 3t. (b) One solution is (6, 3). All solutions are given by x = 6 − 7t, y = 3 − 5t. (c) One solution is (−5, 2). All solutions are given by x = −5 + 23t, y = 2 − 9t. (d) There are no solutions because 2 = gcd(4, 6) does not divide 11.

6

40. (a) One solution is (3, 1). All solutions are given by x = 3 + t, y = 1 − 4t. (b) The extended Euclidean algorithm gives us the equation 1 = (−5)(44) + (13)(17). Multiply by 9 to get the solution (−45, 117). All solutions are given by x = −45 − 17t, y = 117 − 44t. (c) There are no solutions because 3 = gcd(60, 9) does not divide 31. (d) One solution is (1, −1). All solutions are given by x = 1 + 3t, y = −1 − 20t. 41. Let x be the number of horses and y be the number of oxen. Then 1770 = 31x + 21y. One solution is (51, 9). All solutions (possibly negative) are given by x = 51 + 21t. y = 9 − 31t. We need x ≥ 0 and y ≥ 0, which means that t ≥ −2 and t ≤ 0. Therefore, t = −2, −1, 0 and (x, y) = (9, 71), (30, 40), (51, 9). 42. The original check was for 100x + y and you received 100y + x. Therefore, 100y + x = 2(100x + y) + 47. This becomes −199x + 98y = 47. One solution of this equation is (−33 · 47, −67 · 47) = (−1551, −3149). All solutions of the equation are given by x = −1551 + 98t, y = −3149 + 199t. Only t = 16 gives a value where 0 ≤ x < 100. The answer is 17 dollars and 35 cents. 43. Because gcd(a, b) = 1, there are integers x0 and y0 with ax0 − by0 = c. All solutions are given by x = x0 − bt, y = y0 − at. Whenever t is a large negative integer, both x and y are positive. Therefore, infinitely many t yield positive solutions. 44. Let x be the number of nickels, let y be the number of dimes, and let z be the number of quarters. Then x + y + z = 20 and 5x + 10y + 25z = 200. Substitute z = 20 − x − y into the second equation to obtain 20x + 15y = 300. One solution is (15, 0). All solutions are given by x = 15+3t, y = 0− 4t. Since we are assuming that x, y ≥ 1, we must have t = −1, −2, −3, −4. These yield (x, y, z) = (12, 4, 4), (9, 8, 3), (6, 12, 2), (3, 16, 1) (we’re lucky; each has z ≥ 1; otherwise, we would have to delete some values). 45. Let x be the number of teenagers and let y be the number of adults. Then 15x + 13y = 500. One solution is (29, 5). All solutions are given by x = 29 + 13t, y = 5 − 15t. Only t = 0, −1, −2 give nonnegative values for x and y. This gives the solutions (x, y) = (29, 5), (16, 20), (3, 35). The largest number of people is 3 + 35 = 38 and the smallest is 29 + 5 = 34. 46. (a) You need to solve 13x + 7y = 71 in non-negative integers. By Propositions 1.16 and 1.17, we know that 13 · 7 − 13 − 7 = 71 is the largest number that cannot be expressed using non-negative x and y. (b) You need to solve 13x+7y = 75 in non-negative integers. One solution is (2, 7) (this is the only solution). 7

47. (a) (i) Use the solution for 10 and then add thirty 3-cent stamps. (ii) Use the solution for 8 and then add eighty-four 3-cent stamps. (iii) Use the solution for 8 and then add ninety-eight 3-cent stamps. (b) Every number greater than k + a − 1 differs from a number on the list by a positive multiple of a. 48. If n > 1 is composite, then n = rs with an r, s > 1. Then an − 1 has as − 1 as a factor. Since an − 1 > as − 1 > 1, the factor is non-trivial, so an − 1 is composite. Therefore, if an − 1 is prime, n must be prime. Also, a − 1 is a factor of the prime an − 1, so a − 1 must be 1, which means that a = 2. 49. If n > 1 is not a power of 2, then n = rs with an odd number r > 1. Then an + 1 has as + 1 as a factor. Since an + 1 > as + 1 > 1, the factor is non-trivial, so an + 1 is composite. Therefore, if an + 1 is prime, n must be a power of 2.

1.2

Projects

1. (a) When you divide an integer by 4, the remainder is 0, 1, 2, or 3. If the integer is odd the remainder is 1 or 3. This means that the integer is of the form 4k + 1 or 4k + 3. (b) If both sets were finite, there would be a finite number of odd primes. Since there is an infinite number of primes, there is an infinite number of odd primes. (2 is the only even prime). Therefore at least one of these sets is infinite. (c) (i) Since (1 + 4k1 )(1 + 4k2 ) = 1 + 4k1 + 4k2 + 16k1 k2 = 1 + 4k, the product of two elements of S1 remains in S1 . (ii) If we divide N by 4, the remainder is 3. Since N > pn and pn is the largest prime in S3 , N is not prime. So, N is divisible by some prime. If we divide N by any of the pi , the remainder is 3, not 0. So, none of the pi divide N . (iii) If N were a product only of primes in S1 , then N would also be in S1 . Since N leaves a remainder of 3 when divided by 4, N cannot have prime divisors only in S1 (iv) By (iii), N is divisible by a prime not in S1 . By (ii), this can’t occur. So, S3 cannot be finite and must be infinite. (d) Assume that 5, 13, ..., qn are all the primes in S3 . Let M = (2q1 q2 q3 · · · qn )2 + 1. If p is a prime and p divides M , then p must be in S1 . So, p = qi for some i. This is impossible, since when we divide M by any qi the remainder is 1, not 0. Therefore there must be an infinite number of primes in S1 . 8

(e) First notice that when we divide any integer by 6, the remainder is 0, 1, 2, 3, 4, or 5. If n is an odd integer, the remainder when divided by 6 must be 1, 3, or 5. Therefore every prime except 2 and 3 is in T1 or T5 . Now, let m = 1 + 6k1 and n = 1 + 6k2 be two integers. Then mn = 1 + 6k for some integer k, so a product of primes in T1 has the form 6k + 1. Now, assume that T5 has only a finite number of primes and let 5, 11, ..., pn be a list of all of them. If N = 6p1 p2 p3 · · · pn − 1, then N has the form 6k + 5. When N is divided by 2, or 3, or a prime q in T5 , the remainder is q − 1 6= 0, so all the prime divisors of N must be in T1 . But, if N is a product only of elements in T1 , then N would have the form 6k + 1, which is a contradiction. Therefore, T5 must be infinite. (f) Assume that T1 contains a finite number of primes, 7, 13, ...pn . Let N = 3p1 p2 · · · pn and let M = N 2 + N + 1. If a prime p | M , then p ∈ T1 . But, when we divide M by 3 or by a prime in T1 , the remainder is 1 and not 0. Therefore, T1 must contain an infinite number of primes. 2. (a)

2

1 1

(b)

8

3

2

3

1

9

1

(c)

6

2

2

2

(d)

5

2 3 1

1

In general, we alternately cut a square from the top and then a square from the side. 3. (a) The Euclidean Algorithm says that if a ≥ b > 0, we can perform the following series of operations to obtain rn−1 = gcd(a, b).

a = q1 b + r1 , with 0 ≤ r1 < b b = q2 r1 + r2 , with 0 ≤ r2 < r1 r1 = q3 r2 + r3 , with 0 ≤ r3 < r2 .. . rn−3 = qn−1 rn−2 + rn−1 , with 0 ≤ rn−1 < rn−2 rn−2 = qn rn−1 + 0. 10

Starting at k = 1, we see that rn−1 ≥ 1 = F2 . Similarly, rn−2 ≥ 2 = F3 . We now proceed using complete induction: Assume that rn−j ≥ Fj+1 for all 0 ≤ j ≤ k.. Then rn−(j+1) ≥ rn−j + rn−(j+1) ≥ Fj+1 + Fj where the last inequality follows from the inductive hypothesis. Since Fj+1 + Fj = Fj+2 by the definition of the Fibonacci numbers, we see that rn−(j+1) ≥ Fj+2 , so rn−k ≥ Fk+1 for all k. (b) We know that b = q2 r1 + r2 ≥ r1 + r2 , so b ≥ r1 + r2 = rn−(n−1) + rn−(n−2)) ≥ Fn + Fn−1 = Fn+1 . (c) A computation shows that F3 = 2 > φ and that F4 = 3 > φ2 . We use complete induction and assume that φj−2 < Fj for all j ≤ k.We now multiply both sides of the identity φ2 = φ + 1 by φk−3 and get φk−1 = φk−2 + φk−3 . By induction, φk−2 < Fk and φk−3 < Fk−1 . Therefore φk−1 = φk−2 + φk−3 < Fk + Fk−1 = Fk+1 . (d) We have n − 1 divisions with b > Fn+1 > φn−1 from (b). Now, log10 (φ) > 1/5, and so log10 (b) > log10 (φn−1 ) ≥ (n − 1) log10 (φ) > (n − 1)/5. (e) If b has m decimal digits, then b < 10m . So, (n − 1)/5 < log10 (b) < m. Therefore, (n − 1) < 5m which implies that n ≤ 5m,

1.3

Computer Explorations

1. (a) The starting values m = 54 and m = 55 each take 112 steps to get to 1. (b) For each starting value m, the iterations eventually go to 1. This is because is n ≥ 2 is even then f (f (n)) ≤ (n/2) + 1 < n and if n > 1 is odd, then f (f (n)) = (n + 1)/2 is less than n. Therefore, every two iterations decreases the value, so eventually the output must be 1. (c) For m = 5, the iterates are 5, 26, 13, 66, 33, 166, 83, 416, 208, 104, 52, 26, at which point it starts repeating. For m = 6, the sequence is 6, 3, 16, 8, 4, 2, 1, so it reaches 1. For m = 7, the sequence seems to be gradually tending towards infinity. 11

2. (a) We have (note that the fractions don’t add to 1 because 2 is missing from the counts for the numerators) 80 π4,1 (1000) = , π(1000) 168 π4,1 (100000) 4783 = , π(100000) 9592 π4,1 (1000000) 39175 = , π(1000000) 78498

π4,3 (1000) 87 = π(1000) 168 π4,3 (100000) 4808 = π(100000) 9592 π4,3 (1000000) 39322 = π(1000000) 78498

The ratios approach 1/2 as x → ∞. (b) π4,1 (x) > π4,3 (x) when x = 26861 and when x = 26862. 3. The remainder is 1 when the original number is not a multiple of 7, and the remainder is 0 when the original number is a multiple of 7. For example, when 26 = 64 is divided by 7, the remainder is 1. This is a special case of Fermat’s theorem (see Chapter 4). 4. The ratio should be approximately 6/π 2 . See Proposition 3.11. 5. There is a string of 13 composites starting at 114. There is a string of 51 composites starting at 19610. There is a string of 111 composites starting at 370262. These numbers are much smaller than the numbers used in Exercise 10, which are 11! + 2 = 39916802, 51! + 2 ≈ 1.55 × 1066 , and 101! + 2 ≈ 9.43 × 10159 . 6. (a) and (b) 24 + 4 = 8 · 2, 34 + 4 = 85 = 17 · 5, 44 + 4 = 260 = 26 · 10, 54 + 4 = 629 = 37 · 17, etc. (c) n4 + 4 = (x + 2n)(x − 2n) = x2 − 4n2 , so x2 = n4 + 4n2 + 4 = (n2 + 2)2 . Therefore, x = n2 + 2, so a = n2 + 2n + 2 and b = n2 − 2n + 2. A simple check shows that ab = n4 + 4 always holds.

12

Chapter 2

Unique Factorization 2.1

Exercises

1. (a) 32 · 54 , (b) 5625 is a square 2. (a) 26 · 33 , (b) 1728 is a cube 3. Use Theorem 2.2 with a = b. Since p | a · a, we have p | a or p | a. This means that p | a. 4. Since p2 | ab, it follows that p2 occurs in the prime factorization of ab. Let pi be the power of p in the factorization of a and let pj be the power of p in the prime factorization of b. Then pi+j is the power of p in the prime factorization of ab, so i + j ≥ 2. Since gcd(a, b) = 1, either i = 0 or j = 0. Therefore, either i ≥ 2 or j ≥ 2, which means that either p2 | a or p2 | b. Another solution: Since p | ab, either p | a or p | b. Let’s assume that p | a. Since gcd(a, b) = 1, we have gcd(p2 , b) = 1. By Proposition 1.13 (with (a, b, c) = (p2 , b, a)), we must have p2 | a. 5. (a) Write a = 2a2 3a3 · · · and b = 2b2 3b3 · · · . By Proposition 2.6, nap ≤ nbp for each p, so ap ≤ bp for each p. Use Proposition 2.6 again to get a | b. (b) Write a = 2a2 3a3 · · · and b = 2b2 3b3 · · · . Proposition 2.6 says that map ≤ nbp for each p. Since m ≥ n, ap ≤ bp for each p. Use Proposition 2.6 again to get a | b. (c) Let a = 4, b = 2, m = 1, n = 2. 6. (a) and (b) Write a = 2a2 3a3 5a5 · · ·

and

b = 2b2 3b3 5b5 · · · .

Then an = 2na2 3na3 5na5 · · · and bn = 2nb2 3nb3 5nb5 · · · . Let dp = min(ap , bp ). Then ndp = min(nap , nbp ). Proposition 2.7 says that
n gcd(an , bn ) = 2nd2 3nd3 5nd5 · · · = 2d2 3d3 5d5 · · · = gcd(a, b)n . 13

7. Let d = gcd(a, c). Then d | c, so d | a + b. Since d | a, we have d | b. 8. Let d = gcd(a, b). By Proposition 1.3, d | ax + by = 1. Therefore, d = 1. 9. The answer is 3: If we have 4 consecutive integers, one of them is divisible by 4. An example of 3 consecutive squarefree integers is 1, 2, 3. 10. The answer is 8: If we have 9 consecutive odd integers, one of them is divisible by 9. This can be seen as follows: Let the consecutive odd integers be n + 2j for 0 ≤ j ≤ 8. Write n = 18q + r with 0 ≤ r < 18. Since n is odd and 18j is even, r must be odd. Write r = 2k + 1 with 0 ≤ k ≤ 8. If 0 ≤ k ≤ 4, then n + 2(4 − k) = (18q + 2k + 1) + 2(4 − k) = 18q + 9, which is a multiple of 9. If 5 ≤ k ≤ 8, then n + 2(13 − k) = (18q + 2k + 1) + 2(13 − k) = 18q + 27, which is a multiple of 9. It is possible to have 8 consecutive odd squarefree integers: 29, 31, 33, 35, 37, 39, 41, 43. Note that we couldn’t start at 11, because then the 8th number would be 25, which is not squarefree. 11. Let n = 2n2 3n3 · · · . Then r = n2 and m = 3n3 · · · . 12. (a) and (b) Let d = gcd(an , b), for some n ≥ 1. If q is a prime dividing d, then q | a and q | b, so q | gcd(a, b) = p. Therefore, the only prime factor of d is p, so d = pj for some j. Since p | a2 and p | b, we have j ≥ 1. Suppose j > n. Then pj | an implies that p2 | a (look at the power of p in a). But pj | b, and j > n ≥ 1, so p2 | b. Therefore, p2 | gcd(a, b) = p, which is a contradiction. Therefore, 1 ≤ j ≤ n. Each of these is possible: Let a = p and b = pj with j ≤ n. Then gcd(an , b) = gcd(pn , pj ) = pj . To summarize, gcd(an , b) = pj for some j with 1 ≤ j ≤ n. 13. Since gcd(a, p2 ) = p, the power of p in the prime factorization of a is p1 . Since gcd(b, p3 ) = p2 , the power of p in the prime factorization of b is p2 . (a) The power of p in the prime factorization of ab is p3 , so gcd(ab, p4 ) = p3 . (b) Let d = gcd(a + b, p4 ). Then d is a power of p. Since p | a and p | b, we have p | a + b. Suppose p2 | a + b. Since p2 | b, we have p2 | (a + b) − b = a, which is a contradiction. Therefore, d = p.

2.2

Projects

1. (a) If a and b are elements in H, then a = 1 + 4k1 , b = 1 + 4k2 . Then ab = (1 + 4k1 )(1 + 4k2 ) = 1 + 4(k1 + k2 ) + 16k1 k2 = 1 + 4k ∈ H Therefore, H is closed under multiplication. 14

Numbers of the form 3 + 4k are not closed under multiplication: (3 + 4k1 )(3 + 3k2 ) = 1 + 4m for some integer m. (For example, 7 · 11 = 77 = 1 + 4 · 19.) (b) The first ten Hilbert numbers are 1, 5, 9, 13, 17, 21, 25, 29, 33, 37. (c) The first ten Hilbert primes are 5, 9, 13, 17, 21, 28, 33, 37, 41, 49. The first Hilbert prime that is not a prime number is 9. (d) Let p = 3 + 4k1 and q = 3 + 4k2 be prime numbers. Then m = pq = 1 + 4k is a Hilbert number. As an integer, m can be factored in exactly one way as a product of primes, namely m = pq. If it were possible to factor m as the product of two Hilbert numbers, this would give rise to a factorization (in the integers) of m different from m = pq. Since this is impossible, m is a Hilbert prime. (e) If p is a prime of the form 4k + 1, then it can’t have a non-trivial factorization so it’s a Hilbert prime. Now assume that p is a Hilbert prime that is not a prime. Write p = q1 q2 . . . qn , as the prime factorization of p. Then none of the qi can be Hilbert numbers since p cannot factor as a product of Hilbert numbers. Furthermore, n must be even since the product of an odd number of integers of the form 4k + 3 is not a Hilbert number. Using this, write p = (q1 q2 )(q3 q4 ) . . . (qn−1 qn ). Each pair of products is in H. Therefore, if p is a Hilbert prime, n = 2. (f) 441 = 9 · 49 = 21 · 21. (g) Answers will vary. Here are two possibilities. 4389 = 21 · 209 = 33 · 133 = 57 · 77 33649 = 77 · 437 = 133 · 253 = 161 · 209 (h) We begin the sieve by writing only the integers that are of the form 1 + 4k. (We’ve only written these up to 93.) 1 33 65

5 37 69

9 41 73

13 17 21 25 29 45 49 53 57 61 77 81 85 89 93

Ignore 1, put a circle around 5 and then cross out every fifth number. 1

5

9

13

17

21

// 25

29

33

37

41

// 49 45

53

57

61

// 65

69

73

77

// 89 85

93

81

Now put a circle around 9 (the first number after 5 that has not been crossed out) and cross out every ninth number that’s in our array. 1

5

9

13

17

21

// 25

29

33

37

41

// 49 45

53

57

61

// 65

69

73

77

// 81

85

89

93

15

Continue in this manner, circling the first number that is not crossed out and then crossing out multiples of that number. The final result for the first 32 integers of the form 1 + 4k is

5

9

33

37

41 // 65

69

73 1

13 // 45

17

49

21

53

77

// 81

// 85

// 25

57

89

29

61

93

2. (a) [15, 21] = 105, [30, 40] = 120, [5, 47] = 235 (b) gcd(15, 60) = 15, [15, 60] = 60 (c) If d = gcd(a, b), there are integers k1 and k2 with a = k1 d and b = k2 d. Since a | [a, b] and b | [a, b], there are integers k3 and k4 with [a, b] = k3 a and [a, b] = k4 b. Therefore [a, b] = k3 a = k3 (k1 d) = (k3 k1 )d = k gcd(a, b). So, (a, b) | [a, b]. (d) Using the notation from (c), gcd(a, b) = [a, b] if and only if k1 k3 = k2 k4 = 1. Since each ki is a positive integer, k1 = k2 = k3 = k4 = 1. This means that gcd(a, b) = a, gcd(a, b) = b, [a, b] = a, [a, b] = b, which forces a = b. (e) (i) [p, q] = pq, (ii) [pq, p2 r] = p2 qr, (iii) [pq, 2q 2 r3 ] = 2pq 2 r3 (f) Let a = 2a2 3a3 · · · and b = 2b2 3b3 · · · be the prime factorizations of a and b. Let cp = max(ap , bp ) and let [a, b] = n. For n to be divisible by both a and b, each prime p that occurs in the factorization of n must occur to a power at least as big as ap and bp . This means that the smallest positive integer that that is divisible by both a and b (i.e. [a, b]) is 2c2 3c3 5c5 · · · . (g) Let a = 2a2 3a3 · · · and b = 2b2 3b3 · · · be the prime factorizations of a and b. Let dp = min(ap , bp ) and cp = max(ap , bp ). We have already seen that gcd(a, b) = 2d2 3d3 5d5 · · · and that [a, b] = 2c2 3c3 5c5 · · · .

16

Therefore, the exponent of a prime p in [a, b] · gcd(a, b) is min(ap , bp ) + max(ap , bp ) = ap + bp , which is the same as the exponent of p in ab. Since this is true for each prime, [a, b] · gcd(a, b) = ab. (h) Since gcd(3, 6, 8) = 1 and [3, 6, 8] = 24, their product is 24, which is not equal to 3 · 6 · 8. (i) Let a = 2a2 3a3 · · · , b = 2b2 3b3 · · · and c = 2c2 3c3 · · · . Since a | c, ap ≤ cp for all primes p and because b | c, bp ≤ cp for all primes p. Therefore max(ap , bp ) ≤ cp for all primes p. Let [a, b] = 2m2 3m3 · · · , so mp = max(ap , bp ) for all p. Since max(ap , bp ) ≤ cp , we see that mp ≤ cp and therefore, [a, b] | c. Here is an alternate proof. The division algorithm says that c = q[a, b] + r

where 0 ≤ r < [a, b].

Also, a | [a, b] and a | c, so [a, b] = as1 and c = as2 for integers s1 , s2 . So, as2 = aqs1 + r and a(q2 − qq1 ) = r. So, a|r. Similarly, b|r. Since 0 ≤ r < [a, b], we must have r = 0 from the definition of [a, b]. This means that c = q[a, b], so [a, b] | c. (j) We write the solutions as ordered pairs, (a, b). (p2 , 1), (1, p2 ), (p2 , p2 ), (p2 , p), (p, p2 ). (k) Let a = pap q aq and b = pbp q bq . If [a, b] = p2 q, then max(ap , bp ) = 2 and max(aq , bq ) = 1. If ap = 2, there are three choices for bp . If bp = 2 there are only two more choices for ap since we’ve already considered ap = bp . This gives five possible pairs. Similarly if aq =1, there are two choices for bq and if bq = 1 there is only one more choice for aq . This gives a total of 5 · 3 = 15 possibilities. (l) If a = 2a2 3a3 · · · and b = 2b2 3b3 · · · and [a, b] = n, then np = max(ap , bp ). If np = ap , there are np + 1 choices for ap . If np = bp , we have np more choices for ap since the possibility that ap = bp was already counted. This gives 2np + 1 choices for each prime p and the total number of solutions is (2n2 + 1) (2n3 + 1) (2n5 + 1) · · ·

17

Chapter 3

Applications of Unique Factorization 3.1

Exercises

1. Write n = 2n2 3n3 5n5 · · · . (a) We need n2 odd and all other np even, and we need n3 − 1 and all other np to be multiples of 3. We can do this by letting n2 = 3, n3 = 4, and all other np = 0. This yields n = 23 34 = 648. (b) We need n2 odd and all other np even, and we need n3 − 1 and all other np to be multiples of 3, and we need n5 − 1 and all other np to be multiples of 5. We can do this by letting n2 = 15, n3 = 10, n5 = 6, and all other np = 0. This yields n = 215 310 56 . 2. (a) We need n2 odd and all other np even, and we need n3 + 1 and all other np to be multiples of 3. We can do this by letting n2 = 3, n3 = 2, and all other np = 0. This yields n = 23 32 = 72. (b) We need n2 odd and all other np even, and we need n3 + 1 and all other np to be multiples of 3, and we need n5 + 1 and all other np to be multiples of 5. We can do this by letting n2 = 15, n3 = 20, n5 = 24, and all other np = 0. This yields n = 215 320 524 . 3. Let z = un . By Proposition 1.17, we can write n = ax + by with x, y ≥ 0. Therefore, un = (ux )a (uy )b , which is an ath power times a bth power. 4. Write b = ah, c = ib, d = jc, e = kd. Since they each eat a different

18

number of pancakes, we have h, i, j, k > 1. Then 47 = a + b + c + d + e = a + b + c + (1 + k)d = a + b + (1 + (1 + k)j)c = a + (1 + (1 + (1 + k)j)i)b = (1 + (1 + (1 + (1 + k)j)i)h)a. Since 47 is prime and the first factor is larger than 1, we must have a = 1 and 1 + (1 + (1 + (1 + k)j)i)h = 47. Therefore (1 + (1 + (1 + k)j)i)h = 46. Since 46 = 2 · 23 is prime, and h > 1 and the factor 1 + (1 + (1 + k)j)i is larger than 2, we must have h = 2 and 1 + (1 + (1 + k)j)i = 23. Therefore, (1 + (1 + k)j)i = 22. Since i > 1 and 1 + (1 + k)j > 2, we have i = 2 and 1 + (1 + k)j = 11. Therefore, (1 + k)j = 10. Since j > 1 and 1 + k > 2, we have j = 2 and 1 + k = 5. Therefore, k = 4. Putting everything together, we have a = 1, b = 2, c = 4, d = 8, e = 32. (b) One such sequence of primes is 2, 5, 11, 23, 47. (c) The fact that 5, 11, 23, 47 are prime forced the factorizations used in the solution to (a). √ 5. n 64 is rational exactly when 64 is an nth power. Since 64 = 26 , this is for n = 1, 2, 3, 6. √ 6. n 81 is rational exactly when 81 is an nth power. Since 81 = 34 , this is for n = 1, 2, 4. 2 2 2 7. (a) If √ x = a/b √ then x = a /b ,√which √ is2rational.√ 3) = 5+2 6 is rational. Therefore, (b) If 2+ 3√is rational, then ( 2+ √ √ √ √ 6 = 12 (5 + 2 6 − 5) is rational. But 6 is irrational. Therefore, 2 + 3 must be irrational. √ √ √ 2 8. If x = a + √ b is rational, then x = a + b + 2 ab is rational, which means that ab is rational. √Therefore, ab is a square. It follows that if ab √ is not a square, then a + b is irrational.

9. The rational root theorem says that the only possible rational roots are ±1 and ±1/2. The only one of these that works is 1/2. 10. The rational root theorem says that the only possible rational roots are ±1. Neither of these works, so there are no rational solutions. 11. Multiply each decimal by 36. The only one that yields an approximate integer is 1.6666667, and we have 36 × 1.6666667 = 60.0000012. Since 60/36 = 5/3, we try 5/3 and find that 5/3 is the only rational root of the polynomial. 12. Multiply each decimal by 1092. We obtain approximately −312, 420, and 637. Therefore, the roots appear to be −312/1092 = −2/7, 420/1092 = 5/13, and 637/1092 = 7/12. When these are substituted into the polynomial, we find that these are actually roots. 19

√ √ √ √ 13. (a) Let z = 2 + 3. Then z 2 = 5 + 2 6 and z 4 = 49 + 20 6. Therefore, z 4 − 10z 2 + 1 = 0. (b) The rational root theorem√says √ that the only possible rational roots of x4 − 10x2 + 1 are ±1.Since 2 + 3 6= ±1, it must be irrational. 14. For (7, 24, 25), we need n2 − m2 = a = 7, so we have n = 4, m = 3. This yields b = 2mn = 24 and c = m2 + n2 = 25, as desired. For (8, 15, 17), we need n2 − m2 = 15 and m2 + n2 = 17. Subtracting these yields 2m2 = 2, so m = 1, and therefore n = 4. 15. We need n2 − m2 = a = 37. This means that n = 19, m = 18, so b = 2mn = 684 and c = m2 + n2 = 685. 16. We need 2mn = 44, so mn = 22. The possibilities with 0 < m < n are (m, n) = (1, 22), (2, 11). These give (a, b, c) = (483, 44, 485), (117, 44, 125). 17. We need m2 + n2 = 65 and 0 < m < n. The two possibilities are (m, n) = (1, 8), (4, 7). These yield (a, b, c) = (63, 16, 65), (33, 56, 65). 18. Start with (3, 4, 5) and multiply by 13 to get (39, 52, 65). Also, start with (5, 12, 13) and multiply by 5 to get (25, 60, 65). 19. First let’s find the primitive triples with b = 18. We need 2mn = 18, which has no solutions with m and n of opposite parities. Therefore, there are no primitive triples. Every Pythagorean triple is a multiple of a primitive triple, so we now look for primitive triples with b a factor f of 18. For f = 9, we have n2 − m2 = 9, so m = 4, n = 5. This yields (9, 40, 41). Multiply by 2 and reorder to obtain the imprimitive triple (80, 18, 82). Now consider f = 6. We have 2mn = 6, which has no solutions with m and n of opposite parities. Now consider f = 3. We have n2 − m2 = 3, so n = 2, m = 1. This yields (3, 4, 5). Multiply by 6 and reorder to obtain the imprimitive triple (24, 18, 30). Finally, the cases f = 2 and f = 1 do not yield triples. To summarize, the triples are (80, 18, 82), (24, 18, 30). 20. Write the terms of the arithmetic progression as z − d, z, z + d. Then (z − d)2 + z 2 = (z + d)2 implies that z 2 = 4zd, so z = 4d. Therefore, the Pythagorean triple is (3d, 4d, 5d). This is primitive when d = 1, which corresponds to (3, 4, 5). We also see that all Pythagorean triples in arithmetic progression are multiples of (3, 4, 5). 21. The case of odd n is given in the hint. If n = 2r k with r ≥ 2, use the method preceding Theorem 3.5. If n = 2k with k odd, construct a triple for k and double it. 22. (a) Since j is odd, 2n = 2j+1 is a square. Since n + m is assumed to be a square, 2n(n + m) is a product of squares and therefore is a square. (b) Let (a, b, c) be the triple, with a = n2 − m2 , b = 2nm, c = n2 + m2 . The perimeter is 2n2 + 2mn = 2n(n + m). Part (a) shows a way to find m, n. For example let n = 23 = 8 and let m = 1. This yields the triple (63, 16, 65), which has perimeter 144 = 122 . 20

23. First, start with an odd z: Write z = 2y+1 and square it to get 4y 2 +4y+1. This splits to yield b = 2y 2 + 2y and c = 2y 2 + 2y + 1. We want n2 + m2 = 2y 2 + 2y + 1 and n2 − m2 = z = 2y + 1. Adding these together yields 2n2 = 2y 2 + 4y + 2 = 2(y + 1)2 . Therefore, we take n = y + 1 = (z + 1)/2. Then 2mn = 2y 2 + 2y yields m = y, so m = (z − 1)/2. Now, start with a z that is a multiple of 4: z = 4y. The procedure yields a = 4y 2 − 1 and c = 4y 2 + 1. Since n2 − m2 = a and n2 + m2 = c, we have n = 2y = z/2 and m = 1. 24. If x2 − y 2 = 7 with x > y > 0 then (x + y)(x − y) = 7. Since 7 is prime, we must have x + y = 7 and x − y = 1, so x = 4, y = 3 and 7 = 16 − 9. 25. If x2 − y 2 = p with x > y > 0 then (x + y)(x − y) = p. Since p is prime, we must have x + y = p and x − y = 1, so x = (p + 1)/2, y = (p − 1)/2. 26. We have (x + y)(x − y) = 20. Since x + y and x − y are both even or both odd, and x + y > x − y, we have (x + y, x − y) = (10, 2). Therefore, x = 6 and y = 4. 27. We have (x + y)(x − y) = 15. This yields (x + y, x − y) = (15, 1), (5, 3). These give (x, y) = (8, 7), (4, 1). 28. We want (z + y)(z − y) = x3 . Let z + y = x2 and z − y = x. Then z = (x2 + x)/2 and y = (x2 − x)/2. It is easily checked that x3 + y 2 = z 2 , as desired. 29. We have         1000 1000 1000 1000 + + + = 200 + 40 + 8 + 1 = 249, 5 25 125 625 and 

     1000 1000 1000 + + ··· + = 500 + 250 + · · · = 994. 2 4 512

Therefore, 10249 | 1000! and there are 249 zeros at the end of its decimal expansion. 30. We have

and





   123 123 + = 24 + 4 = 28, 5 25

     123 123 123 + + ··· + = 117. 2 4 64

Therefore, 1028 | 123! and there are 28 zeros at the end of its decimal expansion.

21

31.



     50 50 50 + + ··· + = 47. 2 4 32

Therefore 247 is the largest power of 2 dividing 50!. 32.



       100 100 100 100 + + + = 48. 3 9 27 81

Therefore 348 is the largest power of 3 dividing 100!. 33. A calculation shows that 528 | 124! and 531 | 125!. Moreover, 2119 | 124! and 2119 | 125!. Therefore, 1028 | 124! and 1031 | 125! (these are the highest powers of 10 dividing these numbers). Therefore, there is no n with n! ending in exactly 30 zeros. 34. A calculation shows that 5100 | 405! and that 405! ends in 100 zeros. Therefore, n! ends in 100 zeros for 405 ≤ n ≤ 409. j 2k j 2k 35. Since pp + pp2 = p + 1, the power of p dividing p2 ! is pp+1 . Similarly, the power of p dividing (p2 − p)! is p − 1, and the power of p dividing p! is p1 . Write  2 p = p2 !/(p!(p2 − p)!). p The power of p in this expression is pe , where e = (p + 1) − 1 − (p − 1) = 1. 2
Therefore, p, but not p2 , divides pp . 36. Let n be an integer. The probability that a prime p divides n is 1/p2 , so the probability that p2 - n is 1 − p12 . The probability that no square of a  Q  prime divides n is p 1 − p12 = 1/ζ(2) = 6/π 2 . 37. (a) In the notation of the proof of Theorem 3.10, −1 (1 − 3−2 )−1 (1 − 5−2 )−1 · · · (1 − p−2 = m )

X n∈S(3,5,...,pm )

1 . n2

The right-hand side is the sum over the odd integers all of whose prime factors are at most pm . Take the limit as m → ∞. The left side becomes the product over all odd primes and the right side becomes the sum of the reciprocals of the squares of the odd integers, as desired. (b) Let P be the product in part (a). Theorem 3.10 implies that (1 − 2−2 )−1 P = ζ(2) = π 2 /6. Therefore, P = (3/4)π 2 /6 = π 2 /8.

22

3.2

Projects

1. (a) Expand and collect like terms.. We get that the left hand and right hand sides are x2 z 2 + x2 t2 + y 2 z 2 + y 2 t2 . (b) (1 · 2 + 2 · 3)2 + (1 · 3 − 2 · 2)2 = 82 + 12 = 65 So, m = 1 and n = 8 and the triple is (63, 16, 65). (1 · 2 − 2 · 3)2 + (1 · 3 + 2 · 2)2 = 42 + 72 + 65. So, m = 4 and n = 7 and the second triple is (33, 56, 65). (c) 221 = 13 · 17 = (22 + 32 )(12 + 42 ). This leads to the Pythagorean triples (171, 140, 221) and (21, 220, 221). (d) 493 = 17 · 29 = (12 + 42 )(22 + 52 ). This leads to the Pythagorean triples (475, 132, 493) and (155, 468, 493). (e) 91 = 7 · 13 and while 13 = 22 + 32 , 7 cannot be written as the sum of two squares. In fact, one cannot find two integers whose squares sum to 91. 2. (a) Note that since x > y > 0, x + y > 2. Now, xk − y k = (x − y)(xk−1 + xk−1 y + · · · + xy k−2 + y k−1 ) ≥ xk−1 + xk−1 y + · · · + xy k−2 + y k−1 ≥ xk−1 + y k−1 ≥ x + y > 2. (b) If a prime p divides both n and n + 1, then p | ((n + 1) − n) = 1. This is impossible, so gcd(n, n + 1) = 1. Since n and n + 1 are relatively prime, if n(n + 1) were a perfect kth power, then both n and n + 1 would have to be perfect k powers from Lemma 3.6. But part (a) says that k powers cannot differ by 1. (c) If we call our three consecutive integers n − 1, n and n + 1, we need to show that (n − 1)(n)(n + 10 = n(n2 − 1) cannot be a perfect kth power. We will now show that this is impossible. If a prime p | n then p | n2 , so p - n2 − 1. Therefore n and n2 − 1 are relatively prime. By Lemma 3.6, we conclude that if n(n2 − 1) is a perfect kth power, then both n and n2 − 1 are perfect kth powers. Let n = ak and n2 − 1 = bk . Then n2 = a2k is also a perfect kth power. But this means that both n2 and n2 − 1 are consecutive perfect kh powers, which is impossible. (d) n(n + 1)(n + 2)(n + 3) = (n2 + 3n + 1)2 − 1 (e) From (d), the product of four consecutive integers is of the form n2 − 1 for some positive integer n. If n2 − 1 = m2 , then n2 − m2 = 1 ⇒ (n − m)(n + m) = 1 23

which says that either n + m = n − m = 1 or n + m = n − m = −1. These imply that n = 0 or m = 0. This contradicts the fact that the product of positive integers must be positive. 3. (a) If a is even then c must be even as well (because a2 + 2b2 = c2 and 2b2 is always even). So, since gcd(a, c) = 1, a and c must both be odd. (b) Since both c and a are odd, (c + a)/2 and (c − a)/2 are integers. If a prime p divides both of them, then p divides their sum (which is c ) and their difference (which is a). This is impossible since gcd(a, c) = 1. So, (c + a)/2 and (c − a)/2 are relatively prime. (c) We know that 2b2 = c2 − a2 = (c + a)(c − a) and that both c + a and c − a are even. So, (c + a)(c − a) is a multiple of 4. This means that 2b2 is a multiple of 4, so b2 is even, which means that b is even. Writing b = 2b0 , we get 2

2

2

2b2 = 2 · 4b0 = 8b0 c2 − a2 = (c + a)(c − a) so 2b0 =

(c + a) (c − a) . 2 2

Since (c + a)/2 and (c − a)/2 are relatively prime, they can’t both be even. If (c+a)/2 is even then (c+a)/4 and (c−a)/2 are relatively prime and their product if b02 . From Lemma 3.6, (c+a)/4 = k 2 so (c+a)/2 = 2k 2 for some integer k. Similarly if (c + a)/2 is odd, then the product of the relatively prime integers (c + a)/2 and (c − a)/4 is a square, so (c + a)/2 = k 2 for some integer k. (d) (i) If (c + a)/2 = m2 , then (c − a)/2 = 2n2 , so c = m2 + 2n2 and a = m2 − 2n2 . (ii) If (c + a)/2 = 2m2 , then (c − a)/2 = n2 , so c = 2m2 + n2 and a = 2m2 − n2 . From this we see that a = ±(n2 − 2m2 ) and c = n2 + 2m2 . Because 2b2 = c2 − a2 , we get that
2 2b2 = (n2 + 2m2 )2 − ±(n2 − 2m2 ) = 4m2 n2 . Dividing by 2 and taking the positive square root (since b > 0) we get that b = 2mn. (e) As triples (a, b, c) we get (1, 2, 3), (7, 4, 9), (7, 6, 11), (1, 12, 17), (17, 6, 19). (Answers to this may vary.) (f) Let y = −t(x − 1) where −t = m/n is a (negative) rational number. Then this line intersects x2 + 2y 2 = 1 at the point  2  2mn 2m − n2 , . 2m2 + n2 2m2 + n2 24

We want to see where this line intersects the ellipse. We find that if m = 1, n = 1, the line intersects the ellipse at (1/3, 2/3) which corresponds to the point (1, 2, 3). We see that m = 2, n = 1 ↔ (7, 4, 9); m = 3, n = 1 ↔ (17, 6, 19); m = 3, n = 2 ↔ (7, 6, 11); m = 3, n = 4 ↔ (1, 12, 17). 4. (a) We will use the fact that if 0 ≤ a < 1 and m is an integer, then ba + mc = m. Begin by looking at a0 a1 aj−1 n = j + j−1 + · · · + + aj + aj+1 p + · · · + am pm−j . j p p p p Since ai ≤ p − 1, a1 aj−1 a0 + j−1 + · · · + j p p p p−1 p



1 pj−1

p−1 p−1 p−1 = + j−1 + · · · + j p p p


j. This means that there are at least n n − 1 primes less than 22 . Since the Fermat numbers are odd, 2 was not 26

included in these n − 1 primes. This makes a total of at least n primes n less than 22 . (e) Let pn be the nth prime. We will use strong induction to show that n 1 for every m ≥ 1, pn < 22 . Since p1 = 2 < 22 this is true for k = 1. Now k assume that for every k ≤ n, pk < 22 . Let N = p1 p2 p3 · · · pn + 1. Then, as in Euclid’s proof N is either a prime or is divisible by a prime p which is larger than pn . k

By the induction hypothesis, pk < 22 for k = 1, 2, . . . n. Therefore, 1

2

3

k

2

N < 22 22 22 · · · 22 + 1 = 22+2

+23 +···+2n n+1

If N is prime, then pn+1 ≤ N < 22 n+1 pn+1 ≤ p < 22 .

n+1

+ 1 = 22

−2

n+1

+ 1 < 22

.

. If N is not prime, and p | N , then

n

Therefore, by induction, pn < 22 for all n. 6. (a) We’re given that b/a = φ where φ is a root of x2 − x − 1. If we substitute x = b/a into this polynomial and multiply both sides by a2 we get b2 − ab − a2 = 0. Now, notice that b a = ⇐⇒ b2 − ab = a2 ⇐⇒ b2 − ab − a2 = 0. b−a a Since we know that b2 − ab − a2 = 0, we see that b a = = φ. b−a a (b) Suppose that φ is rational. Choose positive integers a and b with φ = b/a and a and b as small as possible. This gives a b × a rectangle that is the smallest rectangle whose sides have φ as their ratio. Following the procedure in part (a) and we get an a × (b − a) rectangle whose sides also have φ as their ratio. But, a < b and b − a < a. (b − a ≥ a ⇒ b ≥ 2a ⇒ b/a ≥ 2, which is not true.) This contradicts the choice of a and b and shows that φ is irrational. (c) √ If we add or multiply two rational numbers, the result is rational. If 5 is rational then 1√ 1 1 5 is rational and + √ =φ 2 2 2 5 is rational. This contradiction shows that

√

5 is irrational. 27

7. (a) Let the area of the northwest square be A1 , the area of the southeast square A2 and the area of the overlap (i.e. the central square) be A3 . Then b2 = 2a2 + A1 + A2 − A3 since the overlap gets counted twice. Since b2 = 2a2 by assumption, A1 + A2 − A3 = 0, or A1 + A2 = A3 . (b) Using the notation in (a), A1 = A2 = s2 and A3 = r2 . So, r2 = 2s2 . √ Then there are positive integers a and b with (c) √ Assume 22 is rational. 2 = b/a, so b = 2a2 . Since b2 = a2 + a2 , we can go through the process described in part (a) with our b × b square being the smallest possible square with integer sides whose area can be expressed as the sum of the areas of two other congruent squares. But, using parts (a) and (b), we then get a smaller r × r square with the same property. This contradiction √ shows that 2 is irrational. (d) From the diagram, r = b − a and s + (b − a) + (b − a) = s + 2b − 2a = b, so s = 2a − b. Therefore, the relation is (2a − b)2 = 2(a − b)2 and this is a geometric version of proof 2 in 3.2.1. 8. (a) If p | n2 − m2 and p | n2 + m2 then p | (n2 + m2 ) + (n2 − m2 ) = 2n2 and p | (n2 + m2 ) − (n2 − m2 ) = 2m2 . Then, p | 2, or p | n2 and p | m2 . Since gcd(m, n) = 1, the only possibility is that p | 2. So, the only prime that can divide both n2 +m2 and n2 −m2 is 2 and d = gcd(n2 −m2 , n2 +m2 ) = 1 or 2. (b) If d = 1, then n2 − m2 a = 2 2 n +m c with gcd(a, c) = gcd(n2 − m2 , n2 + m2 ) = 1. Cross multiplying gives us a(n2 + m2 ) = c(n2 − m2 ). When we write out the prime factorization of each of the four numbers, there can be no primes in common between a and c and no primes in common between n2 + m2 and n2 − m2 . So, for the two sides to be equal, the prime factorizations of a and n2 − m2 must be the same and the prime factorizations of c and n2 + m2 must be the same. So, a = n2 − m2 and b = n2 + m2 . (c) If d = gcd(n2 − m2 , n2 + m2 ) = 2, then 2 | n2 − m2 and 2 | n2 + m2 . Therefore, n and m have the same parity. If both are even, d would be 4. This shows that both n and m must be odd. This means that n1 =

n+m 2

and n2 =

n−m 2

are integers. Assume that there’s a prime p with p | n1 and p | m1 . Then p | n1 + m1 = n and p | n1 − m1 = m. Since gcd(n, m) = 1, this is impossible. So, gcd(n1 , m1 ) = 1, 28

(d) Since gcd(n1 , m1 ) = 1, n1 and m1 can’t both be even. If both are odd then n1 = 1 + 2k1 and m1 = 1 + 2k2 so n + m = 2 + 4k1 and n − m = 2 + 4k2 . We then see that 2n = 4 + 4(k1 + k2 ), so n = 2 + 2(k1 + k2 ) is even. This contradiction tells us that n1 and m1 can’t both be odd. Therefore, one is odd and the other even. (e) From part (d) we know that n1 2 + m1 2 is odd. So, if p | 2m1 n1 and p | n1 2 + m1 2 , then p 6= 2 and p | m1 n1 (so p | m1 or p | n1 ) and p | n1 2 + m1 2 . If p | m1 and p | n21 + m21 , then p | n1 . So, p | m1 and p | m1 which is a contradiction because gcd(n1 , m1 ) = 1. Similarly, p - n1 . So, gcd(2m1 n1 , m21 + n21 ) = 1. (f) We know that n2 − m2 n+m n−m a = 2 and n1 = , m1 = . 2 c n +m 2 2 Solving for n and m in the latter two equations, we get n = m1 + n1 and m = n1 − m1 . We then have a (n1 + m1 )2 − (n1 − m1 )2 4m1 n1 2m1 n1 = = = 2 . 2 2 2 2 c (n1 + m1 ) + (n1 − m1 ) 2(n1 + m1 ) n1 + m21 (g) Since gcd(2m1 n1 , m21 + n21 ) = 1, the same argument from part (b) shows that a = 2m1 n1 and c = m21 + n21 .

3.3

Computer Explorations

1. The largest ratios for n ≤ 10000 occur for 12, 60, 120, 2520, 5040. These are numbers with many divisors, so the sum of divisors for these numbers is large. The small values are for prime numbers and other numbers with few divisors. 2. The arithmetic progression 199, 409, 619, 829, . . . , 2089 consists only of primes.

29

Chapter 4

Congruences 4.1

Exercises

1. (a) Divide 27 by 14. The remainder is 13. (b) Divide 16 by 14. The remainder is 2. (c) Divide −20 by 14. The remainder is −6. Add 14 to get 8. Alternatively, you could say that 8 is the remainder when you divide −20 by 14, but it’s easier for most people to get the negative remainder and then add 14. (d) Divide 311 by 14. The remainder is 3. (e) Divide −91 by 14. The remainder is −7. Add 14 to get 7. (f) Divide 42 by 14. The remainder is 0. 2. (a) Divide 11 by 8. The remainder is 3. (b) Divide −5 by 8. The remainder is −5. Add 8 to get 3. (c) Divide 121 by 8. The remainder is 1. (d) Divide 2014 by 8. The remainder is 6. Note that you only need to work with the last three digits 014, because multiples of 1000 are automatically multiples of 8. (e) Divide −83 by 8. The remainder is −3. Add 8 to get 5. (f) Divide 57 by 8. The remainder is 1. 3. (a) 96 − 6 = 90 = 9 · 10, so 96 and 6 differ by a multiple of 10. (b) 101 − (−9) = 110 = 10 · 11, so 101 and −9 differ by a multiple of 11. (c) It’s easier to use the second minus the first: 13 − (−5) = 18 = 2 · 9, so −5 and 13 differ by a multiple of 9. 4. (a) 77 − 12 = 65 = 13 ∗ 5, so 77 and 12 differ by a multiple of 5. (b) 136 − 31 = 105 = 21 ∗ 5, so 136 and 31 differ by a multiple of 5. (c) −11 − (−60) = −11 + 60 = 49 = 7 ∗ 7, so −11 and −60 differ by a multiple of 7.

30

5. We need 234 − 123 = 111 to be a multiple of n. The divisors of 111 are 1, 3, 37, 111, so the answer is 1, 3, 37, 111. 6. We need 1855 − 1777 = 78 to be a multiple of n. The divisors of 78 are 1, 2, 3, 6, 13, 26, 39, and 78, so the answer is 1, 2, 3, 6, 13, 26, 39, 78. 7. After every 12 jumps, the bug is back at 12. Since 12345 ≡ 9 (mod 12), the bug stops at 9 jumps past the 12. The answer is 9. 8. After every multiple of 7 days, it’s Monday. Since 150 ≡ 3 (mod 7), we go 3 days past Monday to get Thursday. 9. (a) If n ≡ 0 (mod 2), then n(n + 1) ≡ 0(0 + 1) ≡ 0 (mod 2). If n ≡ 1 (mod 2), then n(n+1) ≡ 1(1+1) ≡ 0 (mod 2). These are the only choices for n mod 2, so n(n − 1) is always even. (b) There are six choices for n mod 6. If n ≡ 0 (mod 6), then n(n+1)(n+ 2) ≡ 0 ∗ 1 ∗ 2 ≡ 0. If n ≡ 1, then n(n + 1)(n + 2) ≡ 1 ∗ 2 ∗ 3 ≡ 0. If n ≡ 2, then n(n + 1)(n + 2) ≡ 2 ∗ 3 ∗ 4 ≡ 0. If n ≡ 3, then n(n + 1)(n + 2) ≡ 3 ∗ 4 ∗ 5 ≡ 0. If n ≡ 4, then n(n + 1)(n + 2) ≡ 4 ∗ 5 ∗ 6 ≡ 0. If n ≡ 5, then n(n + 1)(n + 2) ≡ 5 ∗ 6 ∗ 7 ≡ 0. This completes the proof.
(n+1)n
(c) We have n+1 = 2∗1 , which is an integer, so n(n+1) = 2∗ n+1 ≡0 2 2
(n+2)(n+1)n n+2 (mod 2). Similarly, we have 3 = , which is an integer, so 3∗2∗1
n(n + 1)(n + 2) = 6 ∗ n+2 ≡ 0 (mod 6). 3 10. Suppose n = am with m > 1. If a is even then n = am is a multiple of 4, so n 6≡ 2 (mod 4). If a is odd, then a ≡ ±1 (mod 4), so n = am ≡ ±1 6≡ 2 (mod 4). 11. We need to compute n3 + (n + 1)3 + (n + 2)3 mod 9. This can be done by considering n ≡ 0, 1, 2, . . . , 8 (mod 9). For example, for n ≡ 0, we have 03 + 13 + 23 ≡ 0 (mod 9), and for n ≡ 1 we have 13 + 23 + 33 ≡ 0 (mod 9). The remaining seven cases are similar. 12. “Last digit” means “mod 10,” so we need to look at the possibilities for n2 (mod 10). Squaring 0, 1, 2, . . . , 8, 9 yields the last digits 0, 1, 4, 9, 6, 5, 6, 9, 4, 1, so these are the possibilities for last digits. Note that we could have saved time by noticing that every integer is congruent to one of 0, ±1, ±2, ±3, ±4, 5 mod 10, so we needed to square only 0, 1, 2, 3, 4, 5. 13. Since n is odd, we have n ≡ 1 (mod 2). By Fermat’s theorem, if 5 - n then n4 ≡ 1 (mod 5). If 5 | n then n4 ≡ 0 (mod 5), so we have either n4 ≡ 1 (mod 2), or

n4 ≡ 1 (mod 5),

n4 ≡ 1 (mod 2),

n4 ≡ 0 (mod 5).

These yield n4 ≡ 1 (mod 10) or n4 ≡ 5 (mod 10). The possible last digits of n4 are 1, 5. 31

14. Compute n3 (mod 9) for n = 0, 1, 2, 3, . . . , 8 to get 0, 1, 8, 0, 1, 8, 0, 1, 8. The answer is 0, 1, 8. 15. (a) True. Write m = dk. If a ≡ b (mod m), then a − b = mj for some j. Therefore, a − b = (jd)k, so a ≡ b (mod d). (b) False. For example, 3 | 6 and 1 ≡ 4 (mod 3), but 1 6≡ 4 (mod 6). (c) True. If a = b then a − b = 0 ∗ n for each positive n, so a ≡ b (mod n). (d) True. Suppose a > b. Choose n > a − b. By assumption a − b is a positive multiple of n, which is impossible because 0 < a − b < n. Therefore, a > b is impossible. Similarly, b > a is impossible. Therefore, a = b is the only possibility. (e) True. Corollary 4.18 says that kx ≡ kb (mod m) has a unique solution mod m. Since x = a and x = b are solutions, a ≡ b (mod m).. 16. (a) If a, b, c are not divisible by 3 then a2 ≡ b2 ≡ c2 ≡ 1 (mod 3). Therefore, a2 + b2 ≡ 1 + 1 6≡ 1 ≡ c2 (mod 3), so a2 + b2 6= c2 . Therefore, at least one is a multiple of 3. (b) If a, b, c are not divisible by 5, then a2 ≡ ±1 (mod 5), and similarly for b and c. Therefore, a2 + b2 ≡ −2, 0, +2 (mod 5), so a2 + b2 6≡ c2 (mod 5), and a2 + b2 6= c2 . It follows that one of a, b, c is divisible by 5. (c) If (a, b, c) is primitive, then one of a and b has the form 2mn, where one of m, n is even. Therefore, 2mn is a multiple of 4. From (a) and (b), we know that abc is a multiple of 15. We have just proved that it is a multiple of 4, so it is a multiple of 4 ∗ 15 = 60. If (a, b, c) is not primitive, it is a multiple of a primitive triple, so abc is still a multiple of 60. 17. Since x2 ≡ 0, 1 (mod 3), we have x2 + 3y 2 ≡ 0, 1 6≡ 2 (mod 3). Therefore, x2 + 3y 2 6= n. 18. Let n be an odd integer. By looking at the squares of 1, 3, 5, 7, we see that n2 ≡ 1 (mod 8). Therefore, n2 ≡ 1 or 9 (mod 16). Squaring this shows that n4 ≡ 12 or 92 ≡ 1 (mod 16). Therefore, n4 = 16k + 1 for some k. 19. (a) Since p, q ≥ 5, we have p, q 6≡ 0 (mod 3). Since q − p = 2, we cannot have p ≡ 1 (mod 3). Therefore, p ≡ 2 (mod 3), so q = p+2 ≡ 1 (mod 3). Therefore, p + q ≡ 2 + 1 ≡ 0 (mod 3). (b) If p ≡ 1 (mod 4), then q ≡ p + 2 ≡ 3 (mod 4). If p ≡ 3 (mod 4), then q ≡ p + 2 ≡ 1 (mod 4). Therefore, p + q ≡ 1 + 3 ≡ 0 (mod 4). (c) Since p+q is a multiple of 3 and of 4, it is a multiple of 12 by Proposition 2.4. 20. (a) Compute n2 mod 8 for n ≡ 0, 1, 2, 3, . . . , 7 to get n2 ≡ 0, 1, or 4 (mod 8). (b) A square is 0 or 1 mod 4. Therefore, if x, y are integers, then x2 + y 2 ≡ 0, 1, 2 (mod 4). In particular, a sum of two squares is never 3 mod 4. (c) If x, y, z are integers, then using all the possibilities from (a) yields 32

x2 + y 2 + z 2 ≡ 0, 1, 2, 3, 4, 5, 6 (mod 8). Therefore a sum of 3 squares cannot be 7 mod 8. 21. Problem 14 showed that if n is an integer then n3 ≡ 0, 1, 8 (mod 9). Therefore, if a3 + b3 + c3 ≡ 0 (mod 9), then at least one of a3 , b3 , c3 is 0 mod 9. This implies that at least one of a, b, c is a multiple of 3. 22. (a) Since z ≥ y, we have z! ≡ 0 (mod y!). Therefore, if x! + y! = z!, we have x! ≡ 0 (mod y!). If 1 ≤ x < y then x! < y!, so x! 6≡ 0 (mod y!). Therefore, x = y. If x = y, then z! = 2x!, which implies that z = 2 and x = y = 1. (b) Let x = n! and y = (n! − 1)!, and z = (n!)!. Then x!y! = z!. 23. (a) Suppose n 6≡ 0 (mod m + 1). Let j ≡ n (mod m + 1) with 0 < j ≤ m. Alice removes j markers. When Bob removes i markers, Alice removes m + 1 − i markers. Every time after Alice plays, the number of markers is 0 (mod m + 1). Since Bob removes at most m markers, after he plays the number of markers is nonzero mod m + 1. Therefore, Bob cannot leave 0 markers, so he does not win. Therefore, Alice wins. Conversely, suppose n ≡ 0 (mod m + 1). Then Bob follows Alice’s strategy from above. Whenever Alice removes j markers, Bob removes m+1−j markers. Then Bob wins. (b) Suppose n 6≡ 1 (mod m + 1). Then Alice starts by removing enough markers to leave a number that is 1 (mod m + 1). If Bob removes j markers, Alice removes m + 1 − j. After Alice’s moves, there is always a number of markers that is 1 (mod m+1). Eventually, there is one marker left, which Bob must take, so he loses. Conversely, if n ≡ 1 (mod m + 1), then Alice takes a number of markers. This leaves a number of markers that is not 1 (mod m + 1). Then Bob uses the “first person” strategy to win. Therefore, Alice does not win. 24. (a) We have (x + a)(x − a) = x2 − a2 ≡ 0 (mod p). By Proposition 4.9. x + a ≡ 0 (mod p) or x − a ≡ 0 (mod p). Therefore, x ≡ ±a (mod p). Since a 6≡ −a (mod p), there are exactly two solutions. (b) Consider the map that sends each of the p − 1 nonzero numbers mod p to its square mod p. By (a), each square mod p comes from exactly two numbers. Therefore, there are (p − 1)/2 squares. 25. Congruences mod 9 can be done by dividing and finding the remainder, or by adding the digits mod 9. We’ll add the digits. (a) 1453 ≡ 1 + 4 + 5 + 3 ≡ 4 (mod 9). The answer is 4. (b) 1927 ≡ 1 + 9 + 2 + 7 ≡ 1 (mod 9). The answer is 1. (c) 1066 ≡ 1 + 0 + 6 + 6 ≡ 4 (mod 9). The answer is 4. (d) 1855 ≡ 1 + 8 + 5 + 5 ≡ 1 (mod 9). The answer is 1. (e) 4004 ≡ 4 + 0 + 0 + 4 ≡ 8 (mod 9), so 4004 ≡ 8 (mod 9). Therefore, −4004 ≡ −8 ≡ 1 (mod 9). The answer is 1. (f) 753 ≡ 7 + 5 + 3 ≡ 6 (mod 9), so 753 ≡ 6 (mod 9). Therefore, −753 ≡ −6 ≡ 3 (mod 9). The answer is 3. 33

26. Congruences mod 11 can be done by dividing and finding the remainder, or by using the alternating sum of the digits. We’ll use this latter method. (a) 1777 ≡ 7 − 7 + 7 − 1 ≡ 6 (mod 11). The answer is 11. (b) 43 ≡ 3 − 4 ≡ −1 (mod 11). Therefore, −43 ≡ 1 (mod 11). The answer is 1. (c) 275 ≡ 5 − 7 + 2 ≡ 0 (mod 11). The answer is 0. (d) 1234567 ≡ 7 − 6 + 5 − 4 + 3 − 2 + 1 ≡ 4 (mod 11). The answer is 11. (e) 83 ≡ 3 − 8 ≡ −5 (mod 11). Therefore, −83 ≡ 5 (mod 11). The answer is 5. (f) 235711 ≡ 1 − 1 + 7 − 5 + 3 − 2 ≡ 3 (mod 11). The answer is 3. 27. Observe that 123456789 ≡ 0 (mod 9), so the product must be 0 mod 9: 0 ≡ 1+2+1+9+3+2+a+3+1+1+1+2+6+3+5+2+6+9 ≡ a+3 (mod 9). Therefore, a must be 6. 28. 43434343 ≡ 4 + 3 + 4 + 3 + 4 + 3 + 4 + 3 ≡ 1 (mod 9) and 43434343 ≡ 3 − 4 + 3 − 4 + 3 − 4 + 3 − 4 ≡ −4 (mod 11). Therefore, 434343432 is congruent to 1 mod 9 and congruent to (−4)2 = 16 ≡ 5 (mod 11). We have 18865ab151841649 ≡ a + b + 4 (mod 9), 18865ab151841649 ≡ a − b + 3 (mod 11). Therefore, a + b ≡ 6 (mod 9) and a − b ≡ 2 (mod 11). Because a and b are less than 10, we must have a + b = 6 or 15, and a − b = 2 or −9. The only solution is ab =42. 29. Since 12 is a multiple of 3, we see that 1210 is a multiple of 9, so 1210 ≡ 0 (mod 9). Since 12 ≡ 1 (mod 11), we have 1210 ≡ 110 ≡ 1 (mod 11). Therefore, we must have 61917ab4224 ≡ a + b ≡ 0 (mod 9), 61917ab4224 ≡ b − a + 9 ≡ 1 (mod 11). Because a and b are less than 10, we must have a + b = 0 or 9 or 18, and b − a = −8 or 3. The only solution is ab =36. 30. (a) The multiplicative inverse of 3 mod 11 is 4. Multiply by 4 to get x ≡ 12x ≡ 4 ∗ 8 ≡ 10 (mod 11). The answer is 10. (b) Since gcd(6, 9) = 3 and 3 - 7, there are no solutions. (c) Divide everything by 4 to get x ≡ 3 (mod 8). The solutions mod 32 are obtained by adding multiples of 8 to get 3, 11, 19, 27. See Theorem 4.17. 31. (a) The multiplicative inverse of 5 mod 21 is 17. Multiply by 17 to get x ≡ 17 ∗ 19 = 323 ≡ 8 (mod 21). Another way is to notice that 19 ≡ 40 34

(mod 21), so we can solve 5x ≡ 40 (mod 21). Dividing by 5 yields x ≡ 8 (mod 21). The answer is 8. (b) Since gcd(4, 19) = 1, we can divide by 4 to get 2x ≡ 3 (mod 19). Change this to 2x ≡ 22 (mod 19) and divide by 2 to get x ≡ 11 (mod 19). The answer is 11. (c) Use the Extended Euclidean Algorithm to find the inverse of 91 mod 121: x y 121 1 0 91 0 1 30 1 −1 1 −3 4. Therefore, 1 = −3(121) + 4(91), which means that 4 ∗ 91 ≡ 1 (mod 121). Multiply 91x ≡ 3 (mod 121) by 4 to get x ≡ 12 (mod 121). The answer is 12. 32. We have gcd(10, 24) = 2 so there is a solution if and only if 2 | n. The answer is 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22. 33. We have gcd(25, 30) = 5 so there is a solution if and only if 5 | n. The answer is 0, 5, 10, 15, 20, 25. 34. (a) We could find the inverse of 3 mod 17 by the Extended Euclidean Algorithm, but it’s easier to change the congruence to 3x ≡ 18 (mod 17) and divide by 3 to obtain x ≡ 6 (mod 17). The answer is 6. (b) Multiply by 6 to get x ≡ 6 ∗ 5 ≡ 13 (mod 17). The answer is 13. 35. (a) Use the Extended Euclidean Algorithm to find the inverse of 83 mod 100: x y 100 1 0 83 0 1 17. 1 −1 15 −4 5 2 5 −6 1 −39 47 This tells us that 1 = −39 ∗ 100 + 47 ∗ 83, so 47 ∗ 83 ≡ 1 (mod 100). The answer is 47. (b) Multiply by 47, the answer to (a), to get x ≡ 47 ∗ 2 ≡ 94 (mod 100). The answer is 94. 36. The squares mod 7 are 0, 1, 2, 4. If a2 + b2 ≡ 0 (mod 7), then we must have a2 ≡ b2 ≡ 0 (mod 7), which says that a ≡ b ≡ 0 (mod 7). Another way to see this: If a 6≡ 0 (mod 7), then −1 ≡ (b/a)2 (mod 7). But −1 is not a square mod 7. Therefore, a ≡ 0 (mod 7). This implies that b ≡ 0 (mod 7).

35

37. Suppose x2 −2y 2 = 10. Then x2 −2y 2 ≡ 0 (mod 5). If y 6≡ 0 (mod 5), we have 2 ≡ (x/y)2 (mod 5), which is impossible. Therefore, y ≡ 0 (mod 5). Therefore, x2 ≡ 2y 2 ≡ 0 (mod 5), so x ≡ 0 (mod 5). Therefore, x2 − 2y 2 is a multiple of 25, so it cannot equal 10. Therefore, there are no integer solutions to x2 − 2y 2 = 10. 38. The numbers that are 1 mod 7 are 1, 8, 15, · · · . Mod 3, these are 1, 2, 0 · · · . Therefore, x ≡ 8 (mod 31) 39. The numbers that are 4 mod 11 are 4, 15, 26, 37, · · · . Of these, 37 ≡ 2 (mod 7), so we now have x ≡ 37 (mod 77). The possible values of x are 37, 114, · · · . of these, 37 ≡ 1 (mod 3), so the answer is x ≡ 37 (mod 231). 40. The three congruences can be changed to x ≡ 4 (mod 5),

x ≡ 6 (mod 7),

x ≡ 2 (mod 11).

The numbers x ≡ 2 (mod 11) are 2, 13, . . . . Since 13 ≡ 6 (mod 7), we now have x ≡ 13 (mod 77). This yields 13, 90, 167, 244, . . . . Since 244 ≡ 4 (mod 5), the answer is x ≡ 244 (mod 385). 41. We need to solve the simultaneous congruences x ≡ 1 (mod 2),

x ≡ 2 (mod 3),

x ≡ 3 (mod 4)

x ≡ 4 (mod 5),

x ≡ 5 (mod 6),

x ≡ 0 (mod 7).

Note that the congruences mod 4 and mod 6 imply the congruences mod 2 and mod 3, so we can omit the congruences mod 2 and mod 3. Combining the mod 7 and mod 6 congruences yields x ≡ 35 (mod 42). Combine this with the mod 5 congruence to get x ≡ 119 (mod 210). The Chinese Remainder Theorem does not guarantee that we can combine this with the mod 4 congruence because gcd(210, 4) 6= 1. However, there is still a solution in this case, namely x = 119. The answer is 119. Here is another way to do the problem. It is easy to seen that any number that is −1 (mod 60) satisfies all the congruences except possibly the congruence mod 7. So we combine x ≡ −1 (mod 60) and x ≡ 0 (mod 7) to obtain x ≡ 119 (mod 420). 42. Mod 10, the number is 1 ∗ 3 − 4 ∗ 1 = −1 ≡ 9 (mod 10). Mod 9, we have 7 ∗ 1 − 1 ∗ 6 ≡ 1 (mod 9). Combining these two congruences yields 19 (mod 90). Since the answer is between 0 and 90, the answer 19. 43. Let p1 , p2 , . . . , p100 be 100 distinct primes. The Chinese Remainder Theorem says that there is an x with x ≡ 0 (mod p21 ), x ≡ −1 (mod p22 ), . . . , x ≡ −99 (mod p2100 ). Then x, x + 1, . . . , x + 99 are not squarefree. 44. Since n is a multiple of 11, we can write n = 11r. The information tells us that r is not divisible by any number less than 11, so r ≥ 11. In fact, r = 11 solves the problem, since n = 121 satisfies the conditions. The answer is 121. 36

45. Notice that x = −1 solves the congruences. Add 60 = lcm(2, 3, 4, 5) to get 59. An answer is 59. 46. Let d = gcd(m, n). First, suppose that there is a solution x. Since x ≡ a (mod m), we also have x ≡ a (mod d). Similarly, x ≡ b (mod d). Therefore, a ≡ b (mod d). Conversely, suppose that a ≡ b (mod d). Since a − b is a multiple of d, Theorem 1.14 implies that there are integers s and t such that a − b = ms + nt. Let x = a − ms = b + nt. Then x ≡ a (mod m) and x ≡ b (mod n), as desired. 47. Let d = gcd(b, n). Let q be a prime dividing d. Then q | b. Since b ≡ 1 (mod p) for each prime p that divides n but not m, we cannot have q = p. Therefore, q must divide m. But b ≡ a (mod m). Since q | m and q | b, we must have q | a. Therefore, q | m and q | a, so gcd(a, m) 6= 1, contrary to assumption. Therefore, no primes divide d, so d = 1. This means that gcd(b, n) = 1. 48. We have 100 ≡ 4 (mod 9)6. By Corollary 4,23, 2100 ≡ 24 ≡ 16 (mod 97). The answer is 16. 49. We have 1234 ≡ 4 (mod 10). By Corollary 4.23, 21234 ≡ 24 ≡ 16 ≡ 5 (mod 11). The answer is 5. 50. We have 75 ≡ 3 (mod 72). By Corollary 4.23, 375 ≡ 33 ≡ 27 (mod 73). The answer is 27. 51. We have 50 ≡ 4 (mod 46). By Corollary 4.23, 750 ≡ 74 ≡ 492 ≡ 22 ≡ 4 (mod 47). The answer is 4. 52. We have 222 ≡ 6 (mod 12) and 111 ≡ 3 (mod 12). Corollary 4.23 implies that 111222 + 222111 ≡ 1116 + 2223 (mod 13). Since 111 ≡ 7 (mod 13) and 222 ≡ 1 (mod 13), we obtain 76 + 13 ≡ 117650 ≡ 0 (mod 13). The answer is 0. 53. Since 5555 ≡ 5 (mod 6) and 2222 ≡ 2 (mod 6), Corollary 4.23 implies that 22225555 + 55552222 ≡ 22225 + 55552 (mod 7). Since 2222 ≡ 3 (mod 7) and 5555 ≡ 4 (mod 7), we obtain 35 + 42 ≡ 243 + 16 = 259 ≡ 0 (mod 7). 54. Note that 2730 = 2 ∗ 3 ∗ 5 ∗ 7 ∗ 13 By Fermat’s theorem for p = 7, if gcd(n, 7) = 1 then n6 ≡ 1 (mod 7) and therefore n12 ≡ 1 (mod 7). Multiplying by n yields n13 ≡ n (mod 7). This also holds if n ≡ 0 (mod 7), so n13 − n is always a multiple of 7. Similarly, n13 − n is always a multiple of 2, 3, 5, 13. Therefore, it is a multiple of 2730. 37

55. First, suppose that p - a. Fermat’s theorem tells us that ap−1 ≡ 1 (mod p). Since (p − 1)! = (p − 1)(p − 2)! , we also have a(p−1)! ≡ (ap−1 )(p−2)! ≡ 1(p−2)! ≡ 1 (mod p). Therefore, a(p−1)!+1 ≡ a (mod p). If p | a, then both sides of this congruence are 0 (mod p), so the congruence holds for all a. 56. Note that 510 ≡ 2 ∗ 3 ∗ 5 ∗ 17. By Fermat’s theorem for p = 5, we have n4 ≡ 1 (mod 5) when n 6≡ 0 (mod 5). Therefore n16 ≡ (n4 )4 ≡ 14 ≡ 1, and n17 ≡ n (mod 5). If n ≡ 0 (mod 5), the congruence also holds, so n17 − n is a multiple of 5 for all n. Similarly, n17 − n is a multiple of 2, 3, and 17 for all n. Therefore, it is a multiple of 2 ∗ 3 ∗ 5 ∗ 17 = 510. 57. Since an (mod 5) depends only on n (mod 4), by Corollary 4.23, we have to check only n = 1, 2, 3, 4. For n = 1, we have 1 + 2 + 3 + 4 = 10 ≡ 0 (mod 5). For n = 2, we have 12 + 22 + 32 + 42 ≡ 0 (mod 5). Similarly for n = 3. For n = 4, we have 14 + 24 + 34 + 44 ≡ 4 (mod 5). Therefore, the sum is divisible by 5 if and only if n 6≡ 0 (mod 4). 58. (a) Suppose x2 ≡ −1 (mod p). Raise both sides to the (p − 1)/2 power to get xp−1 ≡ (x2 )(p−1)/2 ≡ (−1)(p−1)/2 (mod p). Fermat’s theorem says that xp−1 ≡ 1 (mod p). If p ≡ 3 (mod 4), then (p − 1)/2 ≡ 1 (mod 2), so we obtain 1 ≡ −1 (mod p), which is impossible. Therefore, x2 6≡ −1 (mod p). (b) If p | n2 + 1, then n2 ≡ −1 (mod p). By (a), we cannot have p ≡ 3 (mod 4). Since p is odd, we must have p ≡ 1 (mod 4). (c) Suppose p1 , p2 , . . . , pr are all the primes that are 1 (mod 4). Let N = (2p1 · · · pr )2 +1. Let p be a prime dividing N . Since N is odd, p is odd. By (b), p ≡ 1 (mod 4). Therefore, p = pi for some i, which means that p | N and p | N − 1. Therefore, p | 1, which is impossible. This contradiction shows that there cannot be only finitely many primes that are 1 mod 4. 59. We have φ(21) = 12 and 60 ≡ 0 (mod 12). By Corollary 4.32, 560 ≡ 50 ≡ 1 (mod 21). The answer is 1. 60. We have φ(385) = φ(5)φ(7)φ(11) = 240. By Euler’s theorem, 3240 ≡ 1 (mod 385). The answer is 1. 61. We have φ(35) = 24 and 35 ≡ 11 (mod 24). By Corollary 4.32, 235 ≡ 211 ≡ 2048 ≡ 18 (mod 35). The answer is 18. 62. “Last two digits” means “mod 100.” We have φ(100) = 40. Since 403 ≡ 3 (mod 40), Corollary 4.32 implies that 123403 ≡ 1233 ≡ 233 (mod 100). The last congruence is because 123 ≡ 23 (mod 100). A short calculation (or use a calculator) yields the answer 67. 63. “Last three digits” means “mod 1000.” We have φ(1000) = 400. Since 40404 ≡ 4 (mod 400), Corollary 4.32 says that 10140404 ≡ 1014 (mod 1000). 38

We can calculate 1014 on a calculator, or we can do the following: 1012 = 10201 ≡ 201 (mod 1000). Then 1014 ≡ 2012 ≡ 40401 ≡ 401 (mod 1000). The answer is 401. 64. (a) We have φ(4) = 2 and 13 ≡ 1 (mod 2), Corollary 4.32 says that 1313 ≡ 131 ≡ 1 (mod 4). Alternatively, 1313 ≡ 113 ≡ 1 (mod 4). (b) Since φ(10) = 4, Corollary 4.32 implies that 13

1313

≡ 131 ≡ 3 (mod 10).

Therefore, the answer is 3. 65. “Last four digits” means “mod 10000.” We have φ(10000) = 4000. Since 8004002 ≡ 2 (mod 4000), Corollary 4.32 implies that 2078004002 ≡ 2072 ≡ 2849 (mod 10000). The answer is 2849. 66. (a) We have 34 ≡ 1 (mod 10), so we have to look at only 31 ≡ 3, 32 ≡ 9, 33 ≡ 7, 34 ≡ 1 (mod 10). The possible last digits are 1, 3, 7, 9. (b) We can’t use Euler’s theorem for 10 because gcd(4, 10) 6= 1. However, we can simply compute 41 ≡ 4, 42 ≡ 6, 43 ≡ 4, . . . , to see that the possible last digits are 4, 6. (c) The powers of 6 are 6, 36, 216, . . . , so the only last digit is 6. (d) Euler’s theorem tells us that 74 ≡ 1 (mod 10). The powers of 7 mod 10 are 7, 72 ≡ 9, 73 ≡ 3, and 74 ≡ 1. The possible last digits are 1, 3, 7, 9. 67. For all of this problem, it is useful to observe that if pb is a prime power occurring in the prime factorization of x, then (p − 1)pb−1 = φ(pb ) | φ(x). In particular, this implies that p − 1 ≤ φ(x). (a) The only primes that can divide x have p − 1 ≤ 2, so p = 2, 3. If 32 | x, then φ(x) ≥ φ(9) = 6, so 9 - x. Similarly, 8 - x. This leaves 1, 2, 3, 4, 6, 12 as the remaining possibilities. Checking these yields the answer 3, 4, 6. (b) We could get a list of possibilities, as in (a), and find out that there are no solutions. Or we could observe that the formula for φ(n) in Theorem 4.29 implies that φ(n) is even if n > 2. In any case, the answer is no solutions. (c) If φ(x) = 4 and p | x, then p ≤ 5. Moreover, 52 - x and 32 - x. Also, 24 - x. Therefore, the possibilities are products of 2j with 0 ≤ j ≤ 3, and possibly 3 and 5. Trying the choices yields 8, 4 · 3, 2 · 5, 5. The answers are 5, 8, 10, 12. (d) If φ(x) = 10, the only possible prime power divisors of x are 3, 11, and 2j for 0 ≤ j ≤ 2, . This yields the answers 11, 22. (e) If φ(x) = 14, the only possible prime power divisors of x are 3 and 2j for 0 ≤ j ≤ 2. These cannot combine to yield φ(x) = 14, so there are no solutions. 39

68. (a) True. The statement is true for prime powers: If 1 < pa | pb then b φ(pa ) = (p − 1)pa−1 divides (p − 1)pb−1 = φ(p If pa = 1, Q then φ(pa ) | Q ). ai b pbi i . Then φ(p ), also. In general, if d | n, write d = pi and n = Q Q bi ai φ(d) = φ(pi ) divides φ(n) = φ(pi ) because then each prime power factor pai i of d divides the corresponding prime power factor pbi i of n. (b) False. Let d = 2 and n = 3. Then φ(2) = 2 divides φ(3) = 2, but 2 - 3. (c) True. Use Theorem 4.29. Since d | n, the primes dividing dn are the same as those dividing n. Therefore, Y φ(dn) = dn (1 − 1/p) = dφ(n). p|n

69. (a) False. 2 has k = 1 distinct prime factors but 21 - φ(2). (b) True. Each factor pa contributes a factor (p − 1)pa−1 to φ(n). Since p is odd, p − 1 is a multiple of 2. Therefore, φ(n) is a multiple of 2k . 70. (a) and (b) Consider the numbers 1, 11, 111, 1111, . . . (mod n). Two of them must be congruent mod n, so we can subtract and get 111 · · · 1110000 · · · 000 ≡ 0 (mod n). Since gcd(10, n) = 1, we can divide by powers of 10 to get 111 · · · 111 ≡ 0 (mod n). Another way: We have 10φ(9n) ≡ 1 (mod 9n). Therefore, 10φ(9n) −1 = 999 · · · 999 ≡ 0 (mod 9n). Divide by 9 to obtain 111 · · · 111 ≡ 0 (mod n). 71. (a) φ(N ) = φ(2)φ(3)φ(5) · · · = 1 · 2 · 4 · · · ≥ 8. (b) If 1 < a, then Lemma 1.6 says that a has a prime factor p. Since we are supposing that N contains all primes as factors, we must have that p | a and p | N , so gcd(a, N ) > 1. (c) Since gcd(a, N ) 6= 1 for all a with 1 < a < N , we have φ(N ) ≤ 2. But φ(N ) ≥ 8, so we have a contradiction. Therefore, there cannot be finitely many primes. (When there are infinitely many primes, we cannot form the product that defines N .) 72. The proof of Wilson’s theorem pairs numbers with their inverses mod p. For p = 13, the pairs are (2,7), (3,9), (4,10), (5, 8), (6,11). Note that 1 and 12 ≡ −1 do not get paired with other numbers. 73. Wilson’s theorem says that (p − 1)! ≡ −1 ≡ p − 1 (mod p). Since gcd(p − 1, p) = 1, we can divide by p−1 to obtain (p−2)! ≡ 1 (mod p). Therefore, p | (p − 2)! − 1.

40

74. Wilson’s theorem says that (p − 1)! ≡ −1 (mod p). Therefore, −1 ≡ (p − 1)! = (p − s)!(p − (s − 1))(p − (s − 2)) · · · (p − 1) ≡ (p − s)!(−1)(s − 1)(−1)(s − 2) · · · (−1)(1) ≡ (p − s)!(−1)s−1 (s − 1)! (mod p). Multiply by (−1)s−1 to obtain (s − 1)!(p − s)! ≡ (−1)s (mod p). 75. Suppose a + b ≥ 2p − 1. If a ≤ p − 1 and b ≤ p − 1, then a + b ≤ 2p − 2, which contradicts the assumption. Therefore, either a ≥ p or b ≥ p, so at least one of a! and b! has a factor of p. This implies that a!b! ≡ 0 (mod p). 76. Let b be a factor of n with 1 < b < n. If b 6= n/b, then both b and n/b occur as factors in (n−1)!, so (n−1)! ≡ 0 (mod n). Now suppose b = n/b, so n = b2 . If b > 2 then 2b < b2 = n, so both b and 2b occur as factors in (n − 1)!, so (n − 1)! is a multiple of b2 = n. If b = 2, then n = 4, which is the exceptional case. 77. (a) Since j(p − j) ≡ −j 2 (mod p), we have (using Wilson’s theorem) −1 ≡ (p − 1)! ≡ (−12 )(−22 )(−32 ) . . . (−((p − 1)/2)2 ) ≡ (−1)(p−1)/2 (((p − 1)/2)!)2 . (b) If p ≡ 1 (mod 4), then (p − 1)/2 is even, so (−1)(p−1)/2 = +1. Therefore, (a) yields x2 ≡ −1 (mod p).

4.2

Projects

1. (a) If a ≡ b (mod pk ), then a = b + cpk . Then, 1 ap = (b+cpk )p = bp +pbp−1 cpk + p(p−1)bp−2 c2 p2k +· · · ≡ bp (mod pk+1 ). 2 (b) If gcd(b, p) = 1 and m ≥ 1, Fermat’s theorem says that bp−1 ≡ 1 (mod p). We now use induction to show that (1)

b(p−1)

pm−1

≡ 1 (mod pm ) for all m.

When m = 1, we just get Fermat’s theorem. Now assume that (1) is true for m = k, so b(p−1)

pk−1

≡ 1 (mod pk ) for all k.

From part (a), we then know that  p pk−1 b(p−1) ≡ 1 (mod pk+1 ). 41

pk

But the LHS of this congruence is just b(p−1) . Therefore equation 1 is true for all m. (c) We know from the multiplicativity of φ that m1 m1 m1 bφ(n) = bφ(p1 )φ(p1 )···φ(p1 ) . i −1 , using part (b) we get that bφ(pi Since φ(pi mi ) = (pi − 1)pm i mi (mod p ). We then get that

mi

)

≡ 1

i bφ(n) ≡ 1 (mod pm i ) for each 1 ≤ i ≤ r.

(d) From the Chinese Remainder Theorem mr 1 m2 bφ(n) ≡ 1 (mod pm 1 p2 · · · pr ) ≡ 1 (mod n).

2. (a) Since gcd(mi , mj ) = 1 if i 6= j, we have gcd(m/mi , mi ) = 1. Therefore the equation (m/mi )x ≡ 1 (mod mi ) has a unique solution, which we call bi . (b) If i 6= j, bi (m/mi ) contains mj as a factor. This means that bi (m/mi ) ≡ 0 (mod mj ). (c) From parts (a) and (b), we know that ai bi (m/mi ) ≡ ai (mod mj ) if i = j and ai bi (m/mi ) ≡ 0 (mod mj ) if i 6= j. So, if x = a1 b1 (m/m1 ) + a2 b2 (m/m2 ) + · · · + ar br (m/mr ), and we reduce x (mod mi ), each term reduces to 0 except for the ith. Therefore, x ≡ ai (mod mi ). (d) We have a1 = 1, a2 = 2, a3 = 2, m1 = 3, m2 = 5, and m3 = 7. Therefore m = 3 · 5 · 7 = 105. The solutions to the three congruences 35b1 21b2 15b2

≡ 1 (mod 3) ≡ 1 (mod 5) ≡ 1 (mod 7)

are b1 = 2, b2 = 1, and b3 = 1. So, the solution is x = 2 · 2 · 35 + 3 · 1 · 21 + 2 · 1 · 15 = 233 ≡ 23 (mod 105). (e) We already solved the system 35b1 21b2 15b2

≡ 1 (mod 3) ≡ 1 (mod 5) ≡ 1 (mod 7)

in part (a). Using b1 = 2, b2 = 1, and b3 = 1 together with the m/mi we now use a1 = 1, a2 = 3, and a3 = 2 and get x = 1 · 2 · 35 + 3 · 1 · 21 + 2 · 1 · 15 = 163 ≡ 58 (mod 105) 42

3. We write n in base b as n = am bm + am−1 bm−1 + · · · + a1 b + a0 . (a) If b = 2, then n = am 2m + am−1 2m−1 + · · · + a1 2 + a0 and n ≡ a0 (mod 2), so n is divisible by 2 if and only if a0 = 0. (b) If b = 5, then b ≡ 1 (mod 2), so bk ≡ 1 (mod 2) for k ≥ 0. Therefore, n = am 5m +am−1 5m−1 +· · ·+a1 5+a0 ≡ am +am−1 +· · · a1 +a0 (mod 2). Therefore n (mod 2) is the same as the sum of the digits of n (mod 2) and n is divisible by 2 if and only if the sum of its digits is divisible by 2. (c) If b = 8, then n = am 8m + am−1 8m−1 + · · · + a1 8 + a0 and n ≡ a0 (mod 2), so n is divisible by 2 if and only if a0 = 0, 2, 4, 6. (d) If b = 2 then n ≡ a1 2 + a0 (mod 4). So, n is divisible by 4 if and only if the number formed by its last two digits is divisible by 4 which means that the number must end in 00. If b = 5, notice that 5 ≡ 1 (mod 4), so 5k ≡ 1 (mod 4). Therefore, n = am 5m +am−1 5m−1 +· · ·+a1 5+a0 ≡ a0 +a1 +a2 +a3 +· · ·+am (mod 4). Therefore n is divisible by 4 if and only if the sum of its digits is divisible by 4. If b = 8, then n = am 8m + am−1 8m−1 + · · · + a1 8 + a0 , so n ≡ a0 (mod 4) and n is divisible by 4 if and only if its last digit is 0 or 4. If b = 12, then n = am 12m + am−1 12m−1 + · · · + a1 12 + a0 so n ≡ a0 (mod 4) and n is divisible by 4 if and only if its last digit is 0, 4, or 8. (e) • Since 14 ≡ 0 (mod 14), we get that an integer n when written in base 14 is divisible by 14 if and only if its last digit is 0.

43

• Since 14 ≡ 0 (mod 2), 14 ≡ 0 (mod 7) and 142 ≡ 0 (mod 4), we have the following result: an integer n written in base 14 is divisible by 2 if and only if its last digit is even. (So, if in base 14, A = 10, B= 11, C = 12, and D = 13, n is divisible by 2 if and only if its last digit is 0, 2, 4, 6, 8, A or C.) It is divisible by 7 if and only if its last digit is 0 or 7. It is divisible by 4 if and only if the number formed by its last two digits is divisible by 4. • Since 14 ≡ 1 (mod 13) (and so 14k ≡ 1 (mod 13) for k ≥ 0) we get that an integer n written in base 14 is divisible by 13 if and only if the sum of its digits is divisible by 13. • We have 14 ≡ −1 (mod 3), 14 ≡ −1 (mod 5), and 14 ≡ −1 (mod 15). This means that if n = am 14m + am−1 14m−1 + · · · a1 14 + a0 then n is divisible by 3, 5 or 7 if and only if a0 − a1 + a2 − a3 + · · · + (−1)m am is a multiple of 3, 5, or 15, respectively. 4. Let n = am 16m + am−1 16m−1 + · · · + a1 16 + a0 , where 0 ≤ ai ≤ 15 for all i. (a) We see that n ≡ a0 (mod 2). So, n is divisible by 2 if and only if a0 is divisible by 2 if and only if a0 = 2, 4, 6, 8, A, C, E. (b) Since 16 ≡ 1 (mod 3), 16k ≡ 1 (mod 3) for all k ≥ 0. Therefore n ≡ am + am−1 + · · · + a1 + a + 0 (mod 3). This means that n is divisible by 3 if and only if the sum of its digits is divisible by 3. (c) Since 16 ≡ 0 (mod 4), 16k ≡ 0 (mod 4) for all k ≥ 0. Therefore, n ≡ a0 (mod 4) and n is divisible by 4 if and only if a0 is divisible by 4 if and only if a0 = 0, 4, 8, C. (d) Since 16 ≡ 1 (mod 5), 16k ≡ 1 (mod 5) for all k ≥ 0. Therefore n ≡ am + am−1 + · · · + a1 + a0 (mod 5). This means that n is divisible by 5 if and only if the sum of its digits is divisible by 5. (e) Since 16 ≡ 0 (mod 8), 16k ≡ 0 (mod 8) for all k ≥ 0. Therefore, n ≡ a0 (mod 8) and n is divisible by 8 if and only if a0 is divisible by 8 if and only if a0 = 0, 8. (f) Since A = 2 · 5, n is divisible by A if and only if n is divisible by both 2 and 5. (g) Since 16 ≡ 1 (mod F ), 16k ≡ 1 (mod F ) for all k ≥ 0. Therefore n ≡ am + am−1 + · · · + a1 + a0 (mod F ). This means that n is divisible by F if and only if the sum of its digits is divisible by F . (h) No. For example, 1516 = 2110 leaves a remainder of 1 when divided by 5 and 2016 = 3210 leaves a remainder of 2 when divided by 5. 44

5. (a) Since (x + 50)2 = x2 + 100x + 2500, we have (x + 50)2 ≡ x2 (mod 100). (b) Similarly, (50 − x)2 = x2 − 100x + 2500, so (50 − x)2 ≡ x2 (mod 100). (c) If 25 ≤ a ≤ 50, then 0 ≤ 50−a ≤ 25, so part (b) tells us that the square of every integer between 25 and 50 is the same mod 100 as the square of an integer between 0 and 25. If 0 ≤ a ≤ 25, then 50 ≤ a + 50 ≤ 75, so part (b) tells us that the square of every integer between 50 and 75 is the same mod 100 as the square of an integer between 0 and 25. Finally, if 75 ≤ a ≤ 100 then a2 ≡ (100 − a)2 (mod 100) and 0 ≤ 100 − a ≤ 25. We have shown that mod 100 we need only consider the squares from 0 to 25. By calculating these 26 squares, we see that 122 = 144 is the only case whose last two digits are repeated and non-zero. Working backwards, we see that 12, 38, 62, and 88 are the only numbers mod 100 whose squares have repeated last digits. These are the numbers that are ±12 (mod 50). (d) If x = ±(12 + 50k) then 2

x2 = (±(12 + 50k)) = 144 + 1200k + 2500k 2 . So, if x2 ≡ 444 (mod 1000), then 444 ≡ 144 + 200k + 500k 2 (mod 1000), so 200k + 500k 2 ≡ 300 (mod 1000). After dividing both sides by 100 we see that 5k 2 + 2k ≡ 3 (mod 10) which is equivalent to 1 + 2k + 5k 2 ≡ 4 (mod 10). (e) Trying 0 ≤ k ≤ 9, we find that k ≡ −1 (mod 10) is the only solution, so k = −1 + 10j. Therefore, x = ±(12 + 50(−1 + 10j)) ≡ ±38 (mod 500). (f) When we write x = ±(38 + 500j), we get that x2 = 1444 + 38000j + 250000j 2 . If x2 ≡ 4444 (mod 10000), then 250000j 2 + 38000j + 1444 ≡ 4444 (mod 10000) so 8000j ≡ 3000 (mod 10000). Dividing by 1000 we get 8j ≡ 3 (mod 10) which has no solution since 8j − 3 is odd and can’t be a multiple of 10. Therefore, the square of a number can’t end in four 4’s. 6. (a) Consider b · ca (mod n)). If a is even then a → a/2, b → b and c → c2 (a/2) (mod n). This means that b · ca (mod n)) → b · c2 = b · ca (mod n). If a is odd then a → a − 1, b → bc and c → c (mod n). This means that b · ca (mod n) → bc · ca−1 = b · ca (mod n). In both cases b · ca (mod n) remains unchanged. (b) From part (a), the quantity 1·y x (mod n) remains unchanged throughout the process. So, when the algorithm ends (i.e. when a = 0), the final result will still be y x (mod n) which is also b · c0 (mod n). Therefore, b ≡ y x (mod n). (c) If y = 3, x = 13, n = 19, then the algorithm begins with 313 (mod 19). It then proceeds as follows with congruences taken mod 19: 45

i 1 · 313 → (1 · 3) · 312
6 ii 3 · 312 → 3 · 32 = 3 · 96 iii 3 · 96 → 3 · (92 )3 = 3 · 813 ≡ 3 · 53 iv 3 · 53 → (3 · 5) · 52 v 15 · 52 → 15 · (52 )1 ≡ 15 · 61 vi 15 · 61 → (15 · 6) · 60 = 90 ≡ 12 (mod 19) A calculation shows that this is, in fact, 313 (mod 19). (d) By referring to the above computation we see that we have the following values of b before reducing mod 19. (We are using the fact that 81 ≡ 5 (mod 19).) i b=3 ii b = 3 iii b = 3 iv b = 3 · 81 = 31+4 v b = 31+4 vi b = 31+4 · 812 = 31+4 · 38 = 31+4+8 Write x = am 2m + am−1 2m−1 + · · · + a1 2 + a0 where each ai is 0 or 1. If x is even then a0 = 0 and if x is odd, a0 = 1. We start off with a = x. If a is even a → a/2 which in binary form has a → am 2m + am−1 2m−1 + · · · + a1 · 2. If a is odd, a → a − 1 which in binary form has a → am 2m + am−1 2m−1 + · · · + a1 2 + a0 · 0. If we think of the binary form of a as vector we have the following: a even : a = [am , am−1 , . . . , a1 , 0] → [am , am−1 , . . . , a1 ], b → b, c → c2 a odd : a = [am , am−1 , . . . , a1 , 1] → [am , am−1 , . . . , a1 , 0], b → bc, c → c If a = 2j a0 with a0 odd then b will change after a gets divided by 2 j times. j j This changes c to c2 and changes b to y 2 . This process continues and m

b → 1 → y a0 → y a0 +a1 2 → · · · → y am 2

46

+am−1 2m−1 +···+a1 2+a0

.

4.3

Computer Explorations

1. (a) The primes are 1093 and 3511. (b) The primes are 11 and 1006003. (c) Here are some examples: 74 ≡ 1 (mod 52 ), 1170 ≡ 1 (mod 712 ), 13862 ≡ 1 (mod 8632 ). 2. The congruence is true when n 6≡ 2 (mod 4). Here is a proof: We have x3 + (n − x)3 ≡ x3 + (−x)3 ≡ 0 (mod n). Therefore, all the terms in the sum cancel unless x = n − x, which means x = n/2 and hence n is even. The term (n/2)3 is a multiple of n if n is a multiple of 4 (because n2 /4 = (n/4)n). If n ≡ 2 (mod 4), then n/2 is odd, so (n/2)2 − 1 is even. Therefore, (n/2)3 − (n/2) = (n)((n/2)2 − 1)/2 ≡ 0 (mod n), so the term that doesn’t get canceled is congruent to n/2 mod n. 3. There is a solution when p = 2 and when p ≡ 1 (mod 4). There is no solution when p ≡ 3 (mod 4). This is part of Quadratic Reciprocity. See Theorem 9.4. 4. There is a solution when p = 2, 5 and when p ≡ 1 or 4 (mod 5). There is no solution when p ≡ 2, 3 (mod 5). This follows from Quadratic Reciprocity. See Chapter 9. 5. There is a solution when p = 2 and when p ≡ 1, 7 (mod 8). There is no solution when p ≡ 3, 5 (mod 8). This is part of Quadratic Reciprocity. See Theorem 9.4. 6. (a) The primitive divisors: n

p

2

3

3

7

4

5

5

31

6

none

7

127

8

17

9

73

10

11

47

(b) The primitive divisors: n

p

2

2

3

13

4

5

5

11

6

7

7

1093

8

41

9

757

10

61

7. (a) n = 3689648 solves the congruences. The numbers 3689648, 3689649, 3689650, 3689651, 3689652, 3689653 are not squarefree because they are divisible by 22 , 32 , 52 , 72 , 22 , 112 , respectively.. (b) The numbers 22020, 22021, 22022, 22023, 22024, 22025 are not squarefree.

48

Chapter 5

Cryptographic Applications 5.1

Exercises

1. ATDAWN = 0, 19, 3, 0, 22, 13 7→ 13, 2, 14, 13, 3, 0 = NCONDA. To find the decryption function, solve y ≡ 9x + 13 (mod 26) for x: Since 3 · 9 ≡ 1 (mod 26), we have 3y ≡ x + 13, so x ≡ 3y + 13 gives the decryption. Show this works: NCONDA = 13, 2, 14, 13, 3, 0 7→ 0, 19, 3, 0, 22, 13 = ATDAWN. 2. THEBEACH = 19, 7, 4, 1, 4, 0, 2, 7 7→ 0, 20, 25, 4, 25, 23, 11, 20 = AUZEZXLU. To find the decryption function, solve y ≡ 7x + 23 (mod 26) for x: Since 15 · 7 ≡ 1 (mod 26), we have 15y ≡ x + 7, so x ≡ 15x + 19 (mod 26) gives the decryption. Show this works: AUZEZXLU = 0, 20, 25, 4, 25, 23, 11, 20 7→ 19, 7, 4, 1, 4, 0, 2, 7 = THEBEACH. 3. First, find the decryption function: Solve y ≡ 3x + 11 (mod 26) for x: Since 9 is the inverse for 3, we have 9y ≡ x + 21, so x ≡ 9y + 5. Therefore, QBULF = 16, 1, 20, 11, 5 7→ 19, 14, 3, 0, 24 = TODAY. 4. First, find the decryption function: Solve y ≡ 17x + 9 (mod 26) for x: Since 23 is the inverse for 17, we have 23y ≡ x + 25, so x ≡ 23y + 1. Therefore, QPMZ = 16, 15, 12, 25 7→ 5, 8, 17, 4 = FIRE. 5. First, find the decryption function: Solve y ≡ 5x + 17 (mod 26) for x: Since 21 is the inverse for 5, we have 21y ≡ x + 19, so x ≡ 21y + 7. Therefore, YRFE = 24, 17, 5, 4 7→ 17, 0, 8, 13 = RAIN. 6. First, find the decryption function: Solve y ≡ 7x+5 (mod 26) for x: Since 15 is the inverse for 7, we have 15y ≡ x + 23, so x ≡ 15y + 3. Therefore, 49

LFICJBOPS = 11, 5, 8, 2, 9, 1, 14, 15, 18 7→ 12, 0, 19, 7, 8, 18, 5, 20, 13 = MATHISFUN 7. Let ax + b be the encryption function. Since D = 3 encrypts to K = 10 and O = 14 encrypts to R = 17, we have 10 ≡ 3a + b,

17 ≡ 14a + b (mod 26).

Subtracting these yields 7 ≡ 11a, which yields a = 3. Since 3a+b ≡ 10, we have b = 1. Therefore, the encryption function is 3x + 1. The decryption function is 9x + 17. Therefore, O = 14 decrypts to 13 = N and N = 13 decrypts to E. The plaintext is DON E. 8. Let ax + b be the encryption function. Since S = 18 encrypts to Y = 24 and T = 19 encrypts to F = 5, we have 24 ≡ 18a + b,

5 ≡ 19a + b (mod 26).

Subtracting these yields 19 ≡ −a, which yields a = 7. Since 18a + b ≡ 24, we have b = 2. Therefore, the encryption function is 7x + 2. The decryption function is 15x + 22. Therefore, W = 22 decrypts to 14 = O and D = 3 decrypts to 15 = P . The plaintext is ST OP . 9. We need 2x1 + 1 ≡ 2x2 + 1 (mod 26), so x1 ≡ x2 (mod 13). Take any two letters differing by 13 places. For example, A = 0 and N = 13 both encrypt to 1 = B. 10. We need 13x + 7 ≡ 7 = H. Therefore, x ≡ 0 (mod 2). So we can use letters in even positions: ACEGIKM OQSU W Y . Here are some possibilities: ACE, AIM, WAY, GEM, KEY. 11. The modulus is n = 149 · 317 = 47233. The decryption exponent is obtained by solving 71d ≡ 1 (mod 148 · 316). This can be done by the extended Euclidean algorithm and yields d = 28983. 12. The modulus is n = 28692529. The decryption exponent is obtained by solving 97d ≡ 1 (mod 3490 · 8218). This can be done by the extended Euclidean algorithm and yields d = 26019713. 13. Since 307d ≡ 1 (mod (p − 1)(q − 1)), we have d = 28110403. Therefore, the message is m ≡ 21511484d ≡ 250519 (mod n), so m = Y ES. 14. (a) Alice receives c ≡ me ≡ 80512166043 ≡ 3469604637 (mod n). (b) 6043d ≡ 1 (mod (p − 1)(q − 1)), so d = 2429201107. (c) Alice computes 34696046372429201107 ≡ 8051216 (mod n). 15. (a) Compute c ≡ 80512162347 ≡ 87694236463 (mod n) (b) d ≡ 2347−1 ≡ 53380876259 (mod (p − 1)(q − 1)) (c) Check that cd ≡ 8051216 (mod n). 50

16. (a) Bob computes c ≡ me ≡ 7151504122103115 ≡ 10718 (mod 21631). (b) Factor n to get p = 97 and q = 223. Since de ≡ 1 (mod (p−1)(q −1)), the decryption exponent is d = 8525. (c) Alice computes cd ≡ 107188525 ≡ 3004 (mod n). This is congruent to the original message mod n but it is not equal to it. That’s because m > n. (d) One way: Use larger n. Another way: Break m into blocks of 4 digits: 7151 5041 2210 311. 17. Calculate d = 7313. The plaintext is 120 which is AT

TH

EM

2008 OV

513

1522

905,

IE. So the plaintext is AT THE MOVIE.

18. Compute d = 4277549. Then compute cd (mod n) for each block c to obtain 120 1415 1514, which is AT

NO

ON . So the plaintext is AT NOON.

19. (a) and (b) The beginning of the plaintext is TO BE OR. A reasonable guess is NO TT OB E, which breaks into blocks as NO TT OB E = 1415||2020||1502||05. When these are encrypted, they yield the ciphertext. 20. If e = 1, then the ciphertext equals the plaintext, so there is no encryption. If e = 2, then gcd(2, (p − 1)(q − 1)) = 2 6= 1, so it is impossible to have a decryption exponent d. 21. Since gcd(e1 , e2 ) = 1, there exist integers x and y such that e1 x + e2 y = 1. Let c1 and c2 be the two ciphertexts. Since e1 , e2 , n are public, Eve can use the extended Euclidean algorithm to find x and y and can compute cx1 cy2 ≡ me1 x me2 y ≡ m1 ≡ m (mod n). 22. Let d = gcd(p − 1, q − 1). Then λ(n) = (p − 1)((q − 1)/d) ≡ 0 (mod p − 1) because (q − 1)/d is an integer. Therefore, if gcd(m, p) = 1, we have mλ(n) ≡ 1 (mod p). Since d0 e ≡ 1 (mod λ(n)), we can write d0 e = 1 + λ(n)k for some k, so 0

md e ≡ m1 (mλ(n) )k ≡ m(1)k ≡ m (mod p). 0

Similarly, if gcd(m, q) = 1, we have md e ≡ m (mod q). Putting things 0 together, we find that if gcd(m, pq) = 1, then md e ≡ m (mod n). If 0 0 gcd(m, n) = p, then md e ≡ m (mod q) and me d ≡ 0 ≡ m (mod p), so 0 0 me d ≡ m (mod pq). Similarly, if gcd(m, q) = q, then md e ≡ m (mod n). 0 0 Finally, if gcd(m, pq) = pq, then m ≡ 0 (mod n), so md e ≡ 0d e ≡ 0 ≡ m (mod n). Therefore, all cases yield the correct decryption. 51

23. (a) r = n − φ(n) + 1 = pq − (p − 1)(q − 1) + 1 = p + q. (b) (x − p)(x − q) = x2 − (p + q)x + pq = x2 − rx + n. (c) The quadratic formula says that the roots of x2 − (218957 − 217980 + 1)x + 218957 = x2 − 978x + 218957 are √ 978 ± 9782 − 4 · 218957 = 347, 631. 2 These are the primes p and q. 24. The requirement is that de ≡ 1 (mod φ(n)), where φ(n) = (p − 1)(q − 1)(r − 1). The justification that this works is the same as for when n is the product of two primes. 25. Alice computes m1 ≡ (123e c)d ≡ 123ed cd ≡ 123 · m (mod n), because 123ed is the RSA encryption and decryption of 123. Therefore, Eve divides m1 by 123 mod n and obtains m. 26. Eve knows that c1 ≡ me1 ≡ 1075e me ≡ 1075e c (mod n). Therefore, Eve computes 1075e (mod n) and divides c1 by this. This yields c ≡ me (mod n). Then Eve does a short message attack on c.

5.2

Projects

1. (a) IT SJ decrypts to DONE. (A shift of 21). (b) LCP Y L decrypts to RIVER (a shift of 6) and ARENA (a shift of 15). (c) AB → HI or NO.

AD → OR or BE.

AI → GO or WE.

2. (a) Unchanged messages are m = 0, 1, 4, 5, 6, 9, 10, 11, 14. (b) Unchanged messages are m = 0, 1, 10, 11, 21, 34, 44, 45, 54. (c) Assume that m3 ≡ m (mod pq). Then m3 ≡ m (mod p)

and

m3 ≡ m (mod q).

So, m3 − m = m(m − 1)(m + 1) ≡ 0 (mod p) and m3 − m = m(m − 1)(m + 1) ≡ 0 (mod q). This means that m ≡ 0 (mod p) or m − 1 ≡ 0 (mod p) or m + 1 ≡ 0 (mod p) and m ≡ 0 (mod q) or m − 1 ≡ 0 (mod q) or m + 1 ≡ 0 (mod q).

52

Since there are three possibilities for m mod p and three for m (mod q), there are 9 choices for m ( m ≡ 0 (mod p), m ≡ 0 (mod q); m ≡ 0 (mod p), m ≡ 1 (mod q), ...) and using the Chinese Remainder Theorem each of these nine choices leads to a unique choice mod pq. 3. (a) To change 11971077 to a word, we use repeated divisions by 26. The remainders are in bold font. 11971077 = 26 (26 (26 (26 ((0 · 26 + 26) + 5)) + 2) + 18) + 1 This forms the word ZEBRA. (b) JAZZ = 10 · 263 + 1 · 262 + 26 · 26 + 26 = 177138 (c) Since n = 383 · 401, φ(n) = 382 · 400 = 152800 and a solution to 7d ≡ 1 (mod 152800) is d = 109143. (d) We have c ≡ 1443167 (mod 153583) ≡ 62506 (mod 153583). Alice receives c = 62506 and decrypts c by computing cd ≡ 62506109143 (mod 153583) ≡ 144316 (mod 153583). This is the correct decryption. (e) We have ≡ 80512167 (mod 153583) ≡ 105367 (mod 153583), so Alice receives 105367 as the ciphertext. She then computes 105367d ≡ 105367109143 ≡ 64900 (mod 153583). The problem here is that the message m = 8051216 is larger than the modulus n = 153583. 4. (a) For example, p1 = 127, p2 = 347, p3 = 563 and set n = p1 p2 p3 = 24810847. The encryption exponent e must be relatively prime to φ(n) = (p1 − 1)(p2 − 1)(p3 − 1) = 24500952. The decryption exponent d must satisfy ed ≡ 1 (mod 24500952). If we choose e = 5, then d = 9800381. (b) Since T = 20 and O = 15, T O = 2015. When we encrypt we get 14919455 ≡ 20155 (mod 24810847). To decrypt, we calculate 149194559800381 (mod 24810847) and get 2015 back. (c) We must have gcd(e, φ(n)) = 1 and we calculate d by solving de ≡ 1 (mod n). If the message is m, encrypt by calculating me ≡ c (mod n). We decrypt by calculating cd (mod n). If gcd(m, n) = 1, this works because ce ≡ (md )e ≡ med ≡ m(1+kφ(n)) ≡ m1 (mφ(n) )k ≡ m1k ≡ m (mod n), where we have used Euler’s generalization of Fermat’s theorem to say that mφ(n) ≡ 1 (mod n). (d) Suppose n is the product of three primes and a comparably sized m is the product of two primes. Then the size of the smallest prime in the factorization of n will, in general, be less than the size of the smallest prime in the factorization of m.

53

5. (a) Assume that the two people are B and C. Then B has b and b1 ≡ r (mod b) and C has c and c1 ≡ r (mod c). The CRT says that B and C can find a unique x (mod bc) with x ≡ b1 (mod b) and x ≡ b2 (mod c). Since r < bc, and they can choose 0 ≤ x < bc, they know r = x. When B and C calculate x (mod a), they retrieve s. (b) Assume that there are n trustworthy people, A1 , A2 , . . . , An , and the president wants to have k of them share a secret s. Choose integers a0 < a1 < a2 < · · · < an with the following properties: (i) gcd(ai , aj ) = 1 if i 6= j. (ii) s < a0 . (iii) a0 · an · an−1 · · · an−k+2 < a1 · a2 · · · ak The president then chooses a random number m and calculates r = s + a0 m < a1 · a2 · · · ak . Now each Ai gets a0 , ai and ri ≡ r (mod ai ). Assume that some collection of k individuals get together. Collectively they can calculate an x (mod A(k)) where A(k) is the product of their k a0i s. This x is computed using the CRT and has the property that x ≡ ri (mod ai ). Since A(k) < a1 · a2 · · · ak , when they reduce x mod a0 they get back s. (c) Here’s an example of a (2, 3) system. Let a = 71, b = 91, c = 251, d = 307. Choose the secret s = 45 and m = 313. Then r = 22268. The following distribution occurs: B gets 91 and 64 ≡ 22268 (mod 91), C gets 180 and 89 ≡ 22268 (mod 251), D gets 164 and 239 ≡ 22268 (mod 307). We’ll now show how B and D can find the secret s = 45. (The same method works with any choice of two people.) B and D need to use the Chinese Remainder Theorem to find the unique solution 0 ≤ x < 27937 = 91 · 307 to the congruences x ≡ 64 (mod 91), x ≡ 164 (mod 307). We find that the solution is x ≡ 22268 (mod 27937) and the secret s ≡ 22268 (mod 71) ≡ 45 (mod 71). Here’s an example of a (3, 4) system. Let a = 131, b = 281, c = 503, d = 577, e = 743. Choose the secret s = 97 and m = 1043. Then r = 136730. The following distribution occurs: B gets 281 and 164 ≡ 136730 (mod 281), 54

C gets 503 and 417 ≡ 136730 (mod 503), D gets 577 and 558 ≡ 136730 (mod 577). E gets 743 and 18 ≡ 136730 (mod 743). And all four get a = 131. Now, B, C, and D solve the following three congruences using CRT (the same method works for any three of them): x ≡ 164 (mod 281), x ≡ 417 (mod 503), x ≡ 558 (mod 577). The Chinese Remainder Theorem tells us that x ≡ 136730 (mod 81554911). When we reduce 136730 mod 131 we get the secret is 97. (d) In the Mignotte system, each person has ni where ni ≡ n (mod pi ) where pi is the prime they’ve been given. So, each person is able to eliminate all integers which are not congruent to ni mod pi . In the AsmuthBloom system, each person receives r mod pi , but r is not the secret it’s the secret s together with the padding am. This prevents them from eliminating possibilities for s. A more formal argument follows. Suppose that k − 1 people get together and see if they can obtain any information about s. Let s0 be any of the possible secrets. Consider the congruences r0 ≡ s0 (mod a0 ) r0 ≡ bi (mod ai ) for k − 1 values of i. This has a solution mod a0 times the product of these k − 1 numbers ai . Since an · an−1 · · · an−k+2 is the product of the largest k − 1 numbers given to the Ai , we have Y r0 < a0 ai ≤ a0 an an−1 · · · an−k+2 < a1 a2 · · · ak . k−1 values

Therefore, every possible secret s0 arises from an r0 that satisfies the required inequality. Therefore, k − 1 people cannot rule out any s0 , so no information about s is leaked.

5.3

Computer Explorations

1. (a) ban encrypts to 8933, bat encrypts to 33378, bay encrypts to 27120 (there does not seem to be anything that indicates only one letter has been changed). (b) Solve 3d ≡ 1 (mod (p − 1)(q − 1)) to get d = 27667. (c) 27121 decrypts to 34994, which is nowhere close to the intended 20125 (= bay). 55

2. (a) x = 15722514660548359 (b) Since 0 ≤ m < ni for i = 1, 2, 3, multiply to get 0 ≤ m3 < n1 n2 n3 . (c) We know that m3 ≡ ci (mod ni ) for i = 1, 2, 3 and x also satisfies these congruences. Since the solution in the Chinese remainder theorem is unique mod n1 n2 n3 and x and m3 are less than n1 n2 n3 , they must be equal. (d) Calculate x1/3 = 250519, which is yes.

56

Chapter 6

Polynomial Congruences 6.1

Exercises

1. (a) We have (x − 2)(x − 3) ≡ 0 (mod 19). By Proposition 4.9, either x − 2 ≡ 0 or x − 3 ≡ 0, so x ≡ 2, 3 (mod 19). (b) Since 25 ≡ 6 (mod 19), this is the same problem as (a). The answer is x ≡ 2, 3 (mod 19). (c) Since the polynomials in (a) and (b) are congruent mod 19, and the polynomial in (a) factors as (x − 2)(x − 3), the factorization of the polynomial in (b) is x2 − 5x + 25 ≡ (x − 2)(x − 3) (mod 19). 2. The two solutions mod 5 are easily seen (by trial and error) to be x ≡ 1, 2 (mod 5). We want to modify these to get solutions mod 53 . Let’s start with x1 = 1. The Newton-Raphson method yields x2 ≡ 1 −

5 f (1) ≡ 1 − ≡ 1 + 5 ≡ 6 (mod 25), f 0 (1) 4

and x3 ≡ 6 −

f (6) 50 ≡6− ≡ 56 (mod 125). f 0 (6) 14

If we start with x1 = 2, then x2 ≡ 2 −

f (2) 10 ≡2− ≡ 2 − 10 ≡ 17 (mod 25), 0 f (2) 6

and x3 ≡ 17 −

f (17) 325 ≡ 17 − ≡ 67 (mod 125). f 0 (17) 36

The two solutions mod 125 are 56, 67.

57

3. The two solutions mod 7 are 3 and 4. We want to modify these to get solutions mod 72 . Let’s start with x1 = 3 The Newton-Raphson method yields 7 f (3) ≡ 3 − ≡ 10 (mod 49). x2 ≡ 3 − 0 f (3) 6 If we start with x1 = 4, then x2 ≡ 4 −

f (4) 14 ≡4− ≡ 39 (mod 49). 0 f (4) 8

The two solutions are 10, 39. 4. Trial and error yields the solution x = 1 mod 7. We want to modify it to get a solution mod 73 . We start with x1 = 1 The Newton-Raphson method yields x2 ≡ 1 −

7 f 0 (1) ≡1− ≡ 22 (mod 49) f (1) 16

and x3 ≡ 22 −

f (22) 13573 49 · 4 ≡ 22 − ≡ 22 − ≡ 267 (mod 343). f 0 (22) 1717 2

We obtain the solution 267. 5. (a) We can factor the polynomial as (x+4)(x−1). We get two roots mod 7: x ≡ 1, 3 (mod 7). We get two roots mod 3: x ≡ 1, 2 (mod 3). There are four ways to combine these via the Chinese Remainder Theorem. These yield x ≡ 1, 8, 10, 17 (mod 21). (b) We can factor the polynomial as (x + 4)(x − 1). We get two roots mod 7: x ≡ 1, 3 (mod 7). However, since −4 ≡ 1 (mod 5), we get only one root mod 5: x ≡ 1 (mod 5). There are two ways to combine these roots via the Chinese Remainder Theorem. These yield x ≡ 1, 31 (mod 35). 6. (a) By Fermat’s theorem, each a with 1 ≤ a ≤ p − 1 is a root of f (x). This gives p − 1 distinctQroots. p−1 (b) Let g(x) = f (x) − j=1 (x − j). Then g(a) ≡ 0 (mod p) for each a with 1 ≤ a ≤ p − 1, so g(x) has p − 1 roots. The terms xp−1 from f (x) and the product cancel each other, so the degree of g(x) is less than p − 1. (c) Since g(x) has more roots than its degree, g(x) must be 0 mod p, by Qp−1 Proposition 6.1. Therefore, f (x) ≡ j=1 (x − j). (d) When x = 0 in (c), we get −1 ≡

p−1 Y

(−j) ≡ (−1)p−1 (p − 1)! ≡ (p − 1)! (mod p).

j=1

58

6.2

Projects

1. (a) Since 12 = 22 · 3, 22 is the largest power of 2 dividing 12. Therefore, |12|2 = 2−2 = 1/4. Similarly, |12|3 = 3−1 = 1/3. (b) The case x = y is easy, so assume that x 6= y. Write x − y = ps b with p - b. Then |x − y|p ≤ p−r ⇔ s ≥ r ⇔ x ≡ y (mod pr ). (c) Let a = pr c and b = ps d where r or s (or both) may be 0 and p - c, p - d. Then ab = pr+s cd. So, |ab|p = p−(r+s) = p−r p−s = |a|p |b|p . If pr is the largest power of p dividing a then it’s also the largest power of p dividing −a. Therefore | − a|p = |a|p . (d) If a = ±pa1 1 pa2 2 · · · pamm , then Y Y |a| |a|p = pa1 1 pa2 2 · · · pamm |pa1 1 pa2 2 · · · pamm |p = p

p

pa1 1 pa2 2 · · · pamm

Y

|pa1 1 |p |pa2 2 |p · · · |pamm |p .

p

|pai i |

−ai

If p = pi , then =p the last product becomes

and if p 6= pi , then |pai i |p = p0i = 1. Therefore

1 −a2 m pa1 1 pa2 2 · · · pamm p−a p2 · · · p−a = 1. m 1

(e) Let a = pr c and b = ps d where r or s (or both) may be 0 and p - c, p - d. Without loss of generality, assume that s ≤ r. Then ps | (a + b) (Corollary 1.4), so |a + b|p ≤ p−s . Also, Max(|a|p , |b|p ) = p−s . So, |a + b|p ≤ Max(|a|p , |b|p ). (f) Let x ∈ DR1 (a1 ) and let z be in the intersection of the two disks. Then |x − a2 |p = |(x − a1 ) + (a1 − z) + (z − a2 )|p ≤ Max (|(x − a1 )|p , |(a1 − z)|p , |(z − a2 )|p ) . Since x ∈ DR1 (a1 ), |x − a1 | ≤ R1 , since z ∈ DR1 (a1 ), |a1 − z|p ≤ R1 , and since z ∈ DR2 (a2 ), |a2 − z|p ≤ R2 . Therefore, Max (|(x − a1 )|p , |(a1 − z)|p , |(z − a2 )|p ) ≤ R2 , and |x − a2 |p ≤ R2 so ∈ DR2 (a2 ) (g) and (h) We know that |a|p = |(a + b) − b|p ≤ Max (|(a + b)|p , | − b|p ) = Max (|(a + b)|p , |b|p ) 59

If Max (|(a + b)|p , |b|p ) = |b|p , we obtain |a|p ≤ |b|p , contrary to assumption. Therefore, Max (|(a + b)|p , |b|p ) = |a + b+p , and we obtain |a|p ≤ |a + b|p ≤ Max (|a|p , |b|p ) = |a|p . This implies that |a|p = |a + b|p , as desired. (i) Assume that two of the sides do not have the same length. We may assume then that |a − b|p 6= |b − c|p and then, without loss of generality, that |a − b|p > |b − c|p . Part (h) then tell us that |(a − b) + (b − c)|p = |a − b|p . On the other hand, since (a − b) + (b − c) = (a − c), we see that |(a − b) + (b − c)|p = |a − c|p . Therefore, |a − b|p = |a − c|p and the triangle is isosceles. 2. (a) x1 ≡ x1 (mod ps ) and f (x1 ) ≡ 0 (mod pc+2s ) because r = c + 2s. (b) Since xk ≡ x1 (mod ps+1 ), we have f 0 (xk ) ≡ f 0 (x1 ) (mod ps+1 ). Since f 0 (x1 ) ≡ 0 (mod ps ) and f 0 (x1 ) 6≡ 0 (mod ps+1 ), the same is true with xk in place of x1 . (c) We know that f (xk ) ≡ 0 (mod p2 with f 0 (xk ) 6≡ 0 (mod ps+1 ). So,

k−1

c+2s

k−1

) and f 0 (xk ) ≡ 0 (mod ps ) k−1

αp2 c+2s f (xk ) = f 0 (xk ) βps

=

αp2

c+s

β

where p - β. (d) By Lemma 6.4, f (xk+1 ) = f (xk ) + (xk+1 − xk ) f 0 (xk ) + (xk+1 − xk )2 g(xk+1 ). Now, xk+1 − xk ≡ −

k f (xk ) (mod p2 c+s ). f 0 (xk )

Since ps | f 0 (xk ), f 0 (xk ) (xk+1 − xk ) ≡ −f (xk ) (mod p2 n

2

Therefore f (xk+1 ) ≡ (xk+1 − xk ) g(xk+1 ) (mod p2 xk+1 − xk ≡ −

2

 −

c+2s

c+2s

)

). But,

k f (xk ) ≡ 0 (mod p2 c+s ), 0 f (xk )

so (xk+1 − xk ) ≡

n

f (xk ) f 0 (xk ) k+1

Therefore, f (xk+1 ) ≡ 0 (mod p2

60

2

c+2s

≡ 0 (mod p2

).

k+1

c+2s

).

k

k

(e) Since r > 2s, we have c ≥ 1 and p2 ≤ p2 c+2s . Since there is a solution k to f (x) ≡ 0 (mod p2 c+2s ) for all k ≥ 1, there is a solution to f (x) ≡ 0 k (mod p2 ) for all k ≥ 1. (f) If p = 2, f (x) = x2 − 17 and x1 = 1 then f (x1 ) ≡ 0 (mod 24 ) and f 0 (x1 ) ≡ 0 (mod 21 ), so in the notation of the project, r = 4, s = 1, and c = r − 2s = 2. Then, x2 ≡ x1 −

f (x1 ) ≡ 9 (mod 25 ) f 0 (x1 )

and f (x2 ) ≡ f (9) ≡ 64 (mod 26 ) ≡ 0 (mod 26 ). We now calculate x3 . x3 ≡ x2 −

f (x2 ) ≡ 233 (mod 29 ) f 0 (x2 )

and f (x3 ) ≡ f (233) ≡ 54272 ≡ 0 (mod 210 ). So, our solution is x = 233.

6.3

Computer Explorations

1. (a) One solution is x = 6501255 · · · 182. The other is y = 5100 − x = 1387353 · · · 443. (b) The base 5 expansions are x = 2 + 1 · 5 + 2 · 52 + 1 · 53 + 3 · 54 + · · · + 4 · 599 y = 3 + 3 · 5 + 2 · 52 + 3 · 53 + 1 · 54 + · · · + 0 · 599 Notice that a0 + b0 = 5 and ai + bi = 4 for i ≥ 1. This is because 5 + 4 · 5 + 4 · 52 + 4 · 53 + · · · + 4 · 599 = 5100 . Therefore, y = 5100 − x = (5 − a0 ) + (4 − a1 )5 + (4 − a2 )52 + · · · . (c) The digit 0 occurs 23 times, 1 occurs 20 times, 2 occurs 17 times, 3 occurs 20 times, and 4 occurs 20 times. It is expected (but not proved) that the distribution of the digits among the 5 possible values is fairly uniform when the expansion is computed arbitrarily far. (d) Because of (b) we know that each 0 among the ai corresponds to a 4 among the bi , etc. One exception is that a0 = 2 corresponds to b0 = 3. In the expansion of y, the digit 0 occurs 20 times, 1 occurs 20 times, 2 occurs 16 times, 3 occurs 21 times, and 4 occurs 23 times.

61

Chapter 7

Order and Primitive Roots 7.1

Exercises

1. We know that ord13 (5) | 12, so the possibilities are 1, 2, 3, 4, 6, 12. If we try these, we find that 54 ≡ 1 (mod 13) and no smaller power has this property. Therefore, ord13 (5) = 4. 2. The possible orders divide 10, so they are 1, 2, 5, 10. We have 42 6≡ 1 (mod 11) but 45 ≡ 1 (mod 11), so ord11 (4) = 5. 3. Observe that 14 ≡ −1 (mod 15). Therefore, 142 ≡ (−1)2 ≡ 1 (mod 15), and ord15 (14) = 2. 4. The possible orders divide φ(10) = 4, so they are 1, 2, 4. Since 32 6≡ 1 (mod 10) and 34 ≡ 1 (mod 10), we have ord10 (3) = 4. 5. The possible orders divide φ(121) = 110, so they are 1, 2, 5, 10, 11, 22, 55, 110. Since 35 ≡ 1 (mod 121) and no smaller exponent works, we have ord121 (3) = 5. 6. (a) Since ord11 (a) | 10, the possible values for ord11 (a) are 1, 2, 5, 10. (b) Computing 2j (mod 11) and 5j (mod 11) for j = 1, 2, 5, 10, we find that 210 ≡ 1 and 55 ≡ 1, and these are the smallest such powers. Therefore, ord11 (2) = 10 and ord11 (5) = 5. 7. (a) Since ord17 (a) | 16, the possible values for ord11 (a) are 1, 2, 4, 8, 16. (b) Computing 2j (mod 17) for j = 1, 2, 4, 8, 16, we find that 28 ≡ 1, and this is the smallest such power. Therefore, ord17 (2) = 8. 8. Since b7 ≡ 1 (mod p), we have (−b)14 ≡ b14 ≡ 1 (mod p). By Theorem 7.1, ordp (−b) | 14, so ordp (−b) = 1, 2, 7, 14. Since the order of b is 7, we have (−b)2 = b2 6≡ 1 (mod p), so ordp (−b) 6= 1, 2. Also, (−b)7 = −b7 ≡ −1 6≡ 1 (mod p), so the order is not 7. Therefore, the order is 14.

62

9. If ordn (a) = 1, then a1 ≡ 1 (mod n). Conversely, if a1 ≡ 1 (mod n), then 1 is certainly the smallest positive exponent j with aj ≡ 1. Therefore, ordn (a) = 1. 10. If q | (3p − 1)/2 then 3p ≡ 1 (mod q). Therefore, ordq (3) | p, so the possible orders are 1 and p. But 31 6≡ 1 (mod q), so the order is p. By Corollary 7.2, p | q − 1, so q ≡ 1 (mod p). 11. (a) Since 332 ≡ −1 (mod p), we have 364 ≡ 1. Therefore, ordp (3) | 64, and ordp (3) - 32. The only choice is ordp (3) = 64. (b) By Corollary 7.2, ordp (3) | p − 1, so (b) implies that 64 | p − 1. 12. We have bi ≡ 1 (mod n) if and only if b−i ≡ 1 (mod n). Therefore, the orders of b and b−1 must be equal. 13. Since an ≡ 1 (mod an − 1), we have ordan −1 (a) ≤ n. But am < an − 1 when 0 < m < n, so am 6≡ 1 (mod an − 1) when 0 < m < n. Therefore, ordan −1 (a) = n. By Corollary 7.2, n | φ(an − 1). 14. We have am ≡ 1 (mod n). Write m = kd and let b ≡ ad . Then bk ≡ akd ≡ 1 (mod n). If bj ≡ 1 for some j with 0 < j < k then ajd ≡ 1. But jd < kd = m = ordn (a), which cannot happen. Therefore, k is the smallest exponent, so k = ordn (b). 15. Let ` = lcm(b, c) and z = ordmn (a). Since ab ≡ 1 (mod m) and ` is a multiple of b, then a` ≡ 1 (mod m). Similarly, a` ≡ 1 (mod n). Proposition 2.4, applied to a` − 1, implies that a` ≡ 1 (mod mn). Now, Theorem 7.1 implies that z | `. Since az ≡ 1 (mod mn), we have az ≡ 1 (mod m) and (mod n). Therefore, b | z and c | z, so ` | z. Therefore, ` = z, which is the desired equality. 16. Suppose bi ≡ bj (mod n) for some 0 ≤ i < j ≤ d − 1. Since gcd(b, n) = 1, we can divide by bi to obtain 1 ≡ bj−i (mod n). This is impossible, since 0 < j − i < d. Therefore, the powers of b are distinct mod n. 17. We have bx ≡ by (mod n) ⇔ bx−y ≡ 1 (mod n) ⇔ ordn (b) | x − y. 18. (a) Direct calculation shows that 3j 6≡ 1 (mod 7) for 0 < j < 6, but 36 ≡ 1 (mod 7). Therefore, ord7 (3) = 6, so 3 is a primitive root mod 7. (b) 35 ≡ 1 (mod 11), so ord11 (3) = 5 < 10. Therefore, 3 is not a primitive root. 19. (a) We need to show that 2j 6≡ 1 (mod 13) when 0 < j < 12. This can be done by direct calculation, or we can proceed as follows. Since ord13 (2) | 12, the possible orders are 1, 2, 3, 4, 6, 12. By Theorem 7.1, 2m ≡ 1 (mod 13) ⇐⇒ ord13 (2) | m. Since 26 = 64 6≡ 1 (mod 13), we see that ord13 (2) - 6. Since 24 6≡ 1 (mod 13), we have ord13 (2) - 4. The only 63

remaining possible order is 12, which means that 2 is a primitive root. (b) Corollary 7.8 says that the primitive roots have the form 2j (mod 13) with gcd(j, 12) = 1. Therefore, the primitive roots are 2, 25 ≡ 6, 27 ≡ 11, and 211 ≡ 7. The answer is 2, 6, 7, 11. 20. (a) We know that ord31 (2) | 30, so the possibilities are 1, 2, 3, 5, 6, 10, 15, 30. If we try these, we find that 25 ≡ 1 (mod 31) and no smaller power has this property. Therefore ord31 (2) = 5. (b) We know that ord23 (2) | 22. If we try 11, we find that 211 ≡ 1 (mod 23). Therefore, ord23 (2) = 11 6= 22, so 2 is not a primitive root. 21. A calculation shows that ord17 (3) = 16, so 3 is a primitive root. By Corollary 7.8, the primitive roots are 3j (mod 17), where 1 ≤ j ≤ 16 and j is odd. These are 3, 10, 5, 11, 14, 7, 12, 6. 22. By Proposition 7.7, ord101 (2j ) = 100/ gcd(j, 100). To get an element of order 10, we need gcd(j, 100) = 10. For example, j = 10 works, so 210 = 1024 ≡ 14 (mod 101) has order 10. Therefore, 14 has order 10. Other possible answers are 6, 17, 65. 23. Let s ≡ t2 (mod p), so s is a square mod p. Then s(p−1)/2 ≡ tp−1 ≡ 1 (mod p), so ordp (s) ≤ (p − 1/2. Therefore, s is not a primitive root. 24. Suppose g k is a primitive root. Let 1 ≤ a ≤ p − 1. Then a ≡ (g k )i (mod p) for some i. Therefore, g ik ≡ a, so every a is a power of g. This means that g is a primitive root. 25. By Exercise 12, if g is a primitive root, so is g −1 . If g ≡ g −1 , then g 2 ≡ 1 (mod p), which does not happen when p > 3. Therefore, we can pair the primitive roots by pairing g with g −1 (mod p). No element gets paired with itself. Therefore, in the product of the primitive roots, g and g −1 cancel, so the product is 1 mod p. 26. (a) Since (g j )2 ≡ 1 (mod p), we have 2j ≡ 0 (mod p − 1), by Theorem 7.1. Therefore, j ≡ 0 (mod (p − 1)/2). (b) Let k = ordp (−g). Then 1 ≡ (−g)k ≡ (−1)k g k (mod p), so g k ≡ ±1 (mod p). By (a), k ≡ 0 (mod (p − 1)/2), so k = (p − 1)/2 or p − 1. (c) By (b), we need to show that ordp (−g) 6= (p − 1)/2. But (p − 1)/2 is even, so (−g)(p−1)/2 = (−1)(p−1)/2 g (p−1)/2 ≡ g (p−1)/2 6≡ 1 (mod p), so the order is not (p − 1)/2. Therefore, (b) implies that the order is p − 1, so −g is a primitive root. (d) In this case, (p−1)/2 is odd, so the calculation in (c), plus Proposition 7.6, shows that (−g)(p−1)/2 ≡ −g (p−1)/2 ≡ (−1)(−1) ≡ 1 (mod p). 64

Therefore, −g is not a primitive root. 27. (a) We need the formula 1 + 2 + 3 + · · · + j = j(j + 1)/2. With j = p − 2, we get 0 + 1 + 2 + · · · + (p − 2) = (p − 2)(p − 1)/2. Since (p − 1)/2 is an integer and p − 2 ≡ −1 (mod p − 1), we have 0 + 1 + 2 + · · · + (p − 2) ≡ −(p − 1)/2 ≡ (p − 1)/2 (mod p − 1). (b) From (a) and Corollary 4.23 and Proposition 7.6, we have g 0+1+2+···+(p−2) ≡ g (p−1)/2 ≡ −1 (mod p). (c) The numbers g j (mod p) for j = 0, 1, 2, . . . , p − 2 run through the numbers 1, 2, 3, . . . , p − 1 in some order. Therefore, (p − 1)! ≡ g 0 g 1 g 2 · · · g p−2 ≡ g 0+1+2+···+(p−2) ≡ −1 (mod p). 28. (a) Lemma 4.25 says that the numbers ba (mod p) for 1 ≤ a ≤ p − 1 are a rearrangement of the numbers 1, 2, 3, . . . , p − 1 (mod p). Therefore, Pp−1 S ≡ a=1 (ba)j (mod p). (b) By (a), we have S ≡ bj S, so (bj − 1)S ≡ 0 (mod p). Since bj − 1 6≡ 0 (mod p), we have S ≡ 0 (mod p). (c) If j ≡ 0 (mod p − 1), then aj ≡ 1 (mod p) for all a with gcd(a, p) = 1. Therefore, S ≡ 1 + 1 + · · · + 1 ≡ p − 1 ≡ −1 (mod p). 29. (a) By Proposition 7.6, y 4 ≡ g (p−1)/2 ≡ −1 (mod p). (b) x2 ≡ y 2 + 2 + y −2 ≡ y −2 (y 4 + 1) + 2 ≡ 0 + 2 ≡ 2 (mod p). 30. Let k = ordn (bi ). Then bik = (bi )k ≡ 1 (mod n), so ik ≡ 0 (mod d). Therefore, k ≡ 0 (mod d/ gcd(i, d)), by Theorem 4.17. In particular, k ≥ d/ gcd(i, d). Moreover, (bi )d/ gcd(i,d) = (bd )i/ gcd(i,d) ≡ 1i/ gcd(i,d) ≡ 1 (mod n) (note that the exponent i/ gcd(i, d) is an integer, so this calculation makes sense). Therefore k ≤ d/ gcd(i, d), so they are equal, as desired. 31. (a) Suppose x2 ≡ a (mod p). Write x ≡ g j (mod p). Then g i ≡ a ≡ x2 ≡ g 2j (mod p), so i ≡ 2j (mod p − 1). Since p − 1 is even, this implies that i ≡ 2j ≡ 0 (mod 2), so i is even. Conversely, if i is even, then i = 2k for some k, so a ≡ (g k )2 (mod p). Therefore, a is a square mod p. (b) There are (p − 1)/2 even values of i with 0 ≤ i < p − 1. By (a), these are the nonzero squares mod p, so there are (p−1)/2 nonzero squares mod p. 32. (a) 1/39 = 0.025641 (b) The order is the period of the decimal, so ord39 (10) = 6. 65

33. 1/37 = 0.027 (b) The order is the period of the decimal, so ord37 (10) = 3. 34. (a) 11/21 = 0.523809 (b) The order is the period of the decimal, so ord21 (10) = 6. 35. Here are three random examples: 1/47 = 0.0212765957446808510638297872340425531914893617 1/19 = 0.052631578947368421 1/11 = 0.09 36. Here’s an example: 1/21 = 0.047619. We have 047 + 619 = 666. 37. The period length of 1/mn is z = ordmn (10), and similarly for m and n. Let ` = lcm(a, b). Since 10a ≡ 1 (mod m) and ` is a multiple of a, we have 10` ≡ 1 (mod m). Similarly, 10` ≡ 1 (mod n). Since gcd(m, n) = 1, we have 10` ≡ 1 (mod mn) (this follows from the uniqueness in the Chinese Remainder Theorem, or from Proposition 2.4 applied to 10` − 1). Therefore, z = ordmn (10) | `, by Theorem 7.1, so 10z ≡ 1 (mod m) and (mod n). By Theorem 7.1, a | z and b | z. Therefore, ` | z. It follows that z = `, which is what we were trying to prove. 38. Try x = 1, 2, 3, . . . until you get 28 ≡ 3 (mod 11). The answer is 8. 39. Try x = 1, 2, 3, . . . until you get 35 ≡ 5 (mod 17). The answer is 5. 40. (a) We have 11 ≡ 757 ≡ (29 )57 ≡ 2513 (mod 101). Therefore, 513 is an answer. Using Corollary 4.23, we can reduce 513 mod 100 to obtain 213 ≡ 11 (mod 101). Therefore, 13 is another possible answer. (b) We can compute that 9·89 ≡ 1 (mod 100) by the Extended Euclidean algorithm. Therefore, 789 ≡ (29 )89 ≡ 21 = 2 (mod 101), by Corollary 4.23. The answer is 89. 41. We have h(p−1)/2 ≡ (g x )(p−1)/2 ≡ (g (p−1)/2 )x ≡ (−1)x (mod p), by Proposition 7.6. Therefore, h(p−1)/2 ≡ +1 (mod p) if x is even, and h(p−1)/2 ≡ −1 (mod p) if x is odd. 42. In the notation of Subsection 7.5.1, we have N = 4 and g = 3, so the two lists are 1, 3, 9, 10 5, 5 · 3−4 ≡ 3, 5 · 3−8 ≡ 12, 5 · 3−12 ≡ 14. The match is 31 ≡ 5 · 3−4 , so 35 ≡ 5. Therefore, x = 5. 66

43. In the notation of Subsection 7.5.1, we have N = 5 and g = 5, so the two lists are 1, 5, 2, 10, 4 3, 3 · 5−5 ≡ 22, 3 · 5−10 ≡ 8, 3 · 5−15 ≡ 5, 3 · 5−20 ≡ 6. The match is 51 ≡ 3 · 5−15 , so 516 ≡ 3. Therefore, x = 16.

7.2

Projects

1. (a) Since g is a primitive root mod p, we know that p − 1 = ordp (g). If g j ≡ 1 (mod p2 ), then g j ≡ 1 (mod p) since p | p2 . Therefore, p − 1 divides j. (b) By Corollary 7.2, j | φ(p2 ) = p(p − 1). Since (p − 1) | j from part (a), j = p − 1 or j = p(p − 1). (c) From part (b) we know that if g p−1 ≡ 1 (mod p2 ), then ordp2 (g) = p − 1. This tells us that ordp2 (g) = p − 1 ⇐⇒ g p−1 ≡ 1 (mod p2 ) ⇐⇒ g p ≡ g (mod p). (Notice that we can divide both sides of g p ≡ g (mod p) by g because gcd(g, p) = 1.) (d) We know that (g + p)p = g p + pg p−1 p +

p(p − 1) p−2 2 g p + · · · + pp ≡ g p (mod p2 ) 2

So, if g p ≡ g (mod p2 ), then (g + p)p ≡ g (mod p2 ) 6≡ g + p (mod p2 ). (e) Since g is a primitive root mod p and g + p ≡ g (mod p), we see that g + p is also a primitive root mod p. Therefore ordp2 (g + p) = p − 1 or p(p − 1) from part (a), as is the case with g. If ordp2 (g) = p − 1, then g p ≡ g (mod p2 ) from part (c), so (g + p)p 6≡ g + p (mod p2 ). We then know that (g + p)p−1 6≡ 1 (mod p2 ) which forces ordp2 (g + p) = p(p − 1). (f) We know from part (d) that either g or g +p has order p(p−1) = φ(p2 ). Therefore either g or g + p is a primitive root mod p2 . Let b be a primitive root mod p2 . This means that if gcd(c, p) = 1 then c is a power of b mod p2 . 2. (a) Note that bc 6≡ 0 (mod p), then p - b and p - c. Since bp ≡ cp (mod pn+1 ), we know that bp ≡ cp (mod p) and then b ≡ c (mod p). (By Fermat’s theorem, bp ≡ b (mod p) and cp ≡ c (mod p).) Now write that b = c + apk with p - a and k ≥ 1. We will show that k < n leads to a contradiction. Using the binomial theorem we see that bp = (c+apk )p = cp +pcp−1 apk +· · ·+ppk ap ≡ cp +pk+1 acp−1 (mod pk+2 ). Since p - a, we see that bp ≡ cp (mod pk+1 ) but bp 6≡ cp (mod pk+2 ). So, if k < n, then k + 2 ≤ n + 1 and bp 6≡ cp (mod pn+1 ). This contradiction shows that if bp ≡ cp (mod pn+1 ), then b ≡ c (mod pn ). 67

(b) Let g be a primitive root mod pn and let m = ordpn+1 (g). Then m | φ(pn+1 ) = (p − 1)pn . So, g m ≡ 1 (mod pn+1 ), g m ≡ 1 (mod pn ) and g is a primitive root mod pn . This means that φ(pn ) | m. Since m | φ(pn+1 ) and φ(pn ) | m we have ordpn+1 (g) = m = (p − 1)pn = φ(pn+1 ) or m = (p − 1)pn−1 = φ(pn ). (c) If g φ(p

n

)

g (p−1)p

≡ 1 (mod pn+1 ), then

n−1

  n−2 p ≡ 1 (mod pn+1 ) =⇒ g (p−1)p ≡ 1p (mod pn+1 ).

From part (a) we get g (p−1)p

n−2

≡ 1 (mod pn ).

This contradicts g being a primitive root mod pn since (p−1)pn−2 < φ(pn ). n So, g φ(p ) 6≡ 1 (mod pn+1 ). (d) Since part (b) tells us that ordpn+1 (g) = φ(pn ) or φ(pn+1 ) and the former is ruled out by part (c), we must have ordpn+1 (g) = φ(pn+1 ). Since primitive roots mod p exist, Project 1 tells us that primitive roots mod p2 exist, this Project tells us that a primitive root mod pn , n ≥ 2, is also a primitive root mod pn+1 . Thus, primitive roots exist mod pn for all n ≥ 1. 3. (a) Assume that m divides n. Let gcd(c, m) = 1. From Exercise 47, Chapter 4, here exists c0 with gcd(c0 , n) = 1 and c0 ≡ c (mod m). Since g is a primitive root mod n, there is an i with g i ≡ c0 (mod n). Therefore, g i ≡ c (mod m), so every such c is a power of g mod m. Therefore g is a primitive root mod m. (b) If a is odd, a2 ≡ 1 (mod 8). Since φ(8) = 4, no element can have order φ(8) so no primitive root mod 8 can exist. (c) Since p and q are distinct odd prime, gcd(p, q) = 1. From Fermat’s Theorem, we know that bp−1 ≡ 1 (mod p) and bq−1 ≡ 1 (mod q). This means that
(q−1)/2 bp−1 ≡ 1 (mod p) and

bq−1


(p−1)/2

≡ 1 (mod q).

From the Chinese Remainder Theorem, we get b(p−1)(q−1)/2 ≡ 1 (mod pq). (d) Note that φ(pq) = (p − 1)(q − 1). Since b(p−1)(q−1)/2 ≡ 1 (mod pq) and (p − 1)(q − 1)/2 < φ(pq), there is no primitive root mod pq.

68

(e) We know that bp−1 ≡ 1 (mod p) and b2 ≡ 1 (mod 4) because b is m odd. Let p − 1 = 2m. Then bp−1 = b2m = (b2 ) ≡ 1 (mod 4). Using the p−1 Chinese Remainder Theorem, we get b ≡ 1 (mod 4m). (f) Since p − 1 < φ(4p) = 2(p − 1) and bp−1 ≡ 1 (mod 4p), there can’t be a primitive root mod 4p. (g) We know that φ(2pn ) = φ(2)φ(pn ) = φ(pn ). Because h ≡ g (mod pn ), h is also a primitive root mod pn . If ha ≡ 1 (mod 2pn ) with a < φ(2pn ) = φ(pn ), then ha ≡ 1 (mod pn ). Since a < φ(pn ), this contradicts the fact that h is a primitive root mod pn . Therefore, h is a primitive root mod pn . (h) Assume p is an odd prime. From Theorem 7.9, primitive roots exist mod p and from the first two projects they exist mod every power of p. One quickly checks that there is a primitive root mod n when n = 1, 2, 4, and part (g) shows that there is a primitive root mod twice a power of p. Every other integer is a multiple of n = 8, 4p or two odd primes. Since (b), (d), and (f) say that no primitive roots exists for these n, part (a) says that no primitive roots exists for multiples of n. 4. We prove a version of Midy’s theorem for base b. The proof for any base is a rewriting of the proof for base 10 in the book. Theorem Let p be prime with p - b and let 0 < a < p. Let a = 0.c1 c2 c3 . . . cm p be the base b expansion of a/p, where m is the period (that is, the period is exactly m, not smaller). Suppose m is even: m = 2n. Then c1 c2 · · · cn + cn+1 cn+2 · · · c2n = (b − 1)(b − 1) · · · (b − 1). This is the number consisting of n repetitions of b − 1. (This is addition in base b, so c1 c2 · · · cn represents c1 bn−1 + c2 bn−2 + · · · + cn .) Proof. Let A = c1 c2 · · · cn and B = cn+1 cn+2 · · · c2n . Then a bn A + B bn A + B = + + ··· p b2n b4n The formula for the sum of a geometric series implies that 1 b2n

+

Therefore, a p

=

1 b4n

+ ··· =

bn A + B b2n − 1

b−2n 1 . = 2n 1 − b−2n b −1 =

bn A + B . (bn − 1)(bn + 1)

Multiply by (bn + 1)(bn − 1)p to obtain a(bn + 1)(bn − 1) = (bn A + B)p. 69

Since p - a, this implies that p divides b2n − 1 = (bn − 1)(bn + 1). Since p is prime (this is where we use this hypothesis), p divides bn − 1 or bn + 1. If p | bn − 1, we have ordp (b) ≤ n, hence 2n = ordp (b) ≤ n, which is impossible. Therefore, p - bn − 1. We conclude that p divides bn + 1. Therefore, a(bn + 1)/p is an integer. Since this integer equals (bn A + B)/(bn − 1), we have bn A + B ≡ 0 (mod bn − 1). But bn ≡ 1 (mod bn − 1), so A + B ≡ 0 (mod bn − 1). Because A and B are n-digit numbers (in base b), 0 ≤ A, B ≤ bn − 1. Moreover, at least one of A, B is nonzero (since a 6= 0), so A + B > 0. We cannot have A = B = bn − 1 = (b − 1) · · · (b − 1) since that gives a/p = .(b − 1)(b − 1) · · · = 1, contradicting a < p. Therefore, at least one of A, B is less than bn − 1 and 0 < A + B < 2(bn − 1). The only multiple of bn − 1 in this range is bn − 1, so A + B = bn − 1 = (b − 1)(b − 1) . . . (b − 1).

7.3

Computer Explorations

1. Up to 1000, there are 67 primes for which 2 is a primitive root. The estimate is 63. Up to 10000, there are 470 primes for which 2 is a primitive root. The estimate is 460. Up to 100000, there are 3603 primes for which 2 is a primitive root. The estimate is 3587. 2. (a) 2100 − 1 = 3 · 53 · 11 · 31 · 41 · 101 · 251 · 601 · 1801 · 4051 · 8101 · 268501 (b) If ordp (2) = 100, then p must occur in the factorization of 2100 − 1. We could check the order of 2 mod each of the primes in the above factorization, or we could remove the primes that occur in the factorizations of 250 − 1 and 220 − 1. We end up with 101, 8101, and 268501 as the three primes for which ordp (2) = 100. 3. Here are some: 211 − 1 = 23 · 89 223 − 1 = 47 · 178481 229 − 1 = 233 · 1103 · 2089 237 − 1 = 23 · 616318177 241 − 1 = 13367 · 164511353 70

4. (a) and (b) Brute force yields x = 100. This is also obtained from Baby Step - Giant Step: We have N = 34. The list 5i (mod 1093) for 0 ≤ i < 34 contains 532 ≡ 233. The list 489 · 5−34j for 0 ≤ j < 34 contains 489 · 5−34·2 ≡ 233. This is a match, so 532 ≡ 489 · 5−34·2 , therefore 5100 ≡ 489.

71

Chapter 8

More Cryptographic Applications 8.1

Exercises

1. The key is g ab ≡ 320 ≡ 32 ≡ 9 ≡ 2 (mod 7). For the second congruence, we used Corollary 4.23. 2. The key is g ab ≡ 232 ≡ 22 ≡ 4 (mod 11). For the second congruence, we used Corollary 4.23. 3. The key is g ab ≡ 299 ≡ 29 ≡ 512 ≡ 18 (mod 19). For the second congruence, we used Corollary 4.23. 4. The key is g ab ≡ 584 ≡ 518 (mod 23). We could use a calculator to reduce 518 mod 23. but we can also proceed as follows. 52 = 25 ≡ 2 (mod 23), so 516 ≡ 28 ≡ 256 ≡ 3 (mod 23). Therefore, 518 ≡ 516 52 ≡ 3 × 2 ≡ 6 (mod 23). The secret is 6. 5. If Alice chooses p − 1 as the secret exponent, then she sends 1 ≡ g p−1 (mod p) to Bob. When Bob raises this to a power, he still gets 1. Moreover, Eve sees Alice send 1 to Bob, so Eve knows that g ab will still be 1. If Alice uses 1 as her secret exponent, then she sends g to Bob. Eve sees this and deduces that the exponent is 1. Therefore, when Bob sends g b (mod p) to Alice, Eve knows that this is g ab and therefore obtains the key. 6. Suppose d = ordp (g) is small. Let a ≡ a1 (mod d), with 0 ≤ a1 < d. Exercise 17 in Chapter 7 says that g a ≡ g a1 (mod p). Also, since ab ≡ a1 b (mod d), g ab ≡ g a1 b (mod p). Eve intercepts g a (mod p). Since d is small, she can compute g i (mod p) for 0 ≤ i < d until she finds g i ≡ g a (mod p). This i is a1 . Because she has intercepted g b (mod p), she computes (g b )a1 (mod p) to get the secret. 72

(p−1)k

7. (a) Since n = (p − 1)k for some k, we have a ≡ g1 ≡ 1 (mod p). To “prove” that he won, Bob sends n = (p − 1)k to Alice and Alice computes (p−1)k g2 ≡ 1 = a (mod p), which means that Bob wins. (b) We have (p−1)n/d

a(p−1)/d ≡ g1

≡ (g1p−1 )n/d ≡ 1n/d ≡ 1 (mod p)

(note that the exponent n/d is an integer, so the calculation makes sense). (c) By Proposition 6.1, (8.3) has at most (p−1)/d solutions. The numbers g2di for 0 ≤ i < (p − 1)/d are solutions because (p−1)i

(g2di )(p−1)/d ≡ g1

≡ 1 (mod p).

Therefore, these are all of the solutions. (d) If (p−1)/d is small, Bob can compute g2di (mod p) for 0 ≤ i < (p−1)/d until he gets a. The corresponding di is the exponent n0 . 0

0

8. (a) Bob computes c3 ≡ cβ2 (mod p). Then c3 ≡ mβαβ ≡ mα by Corollary 4.23, because ββ 0 ≡ 1 (mod p − 1). 0 α0 αα0 (b) Alice computes m ≡ cα ≡ m1 ≡ m by 3 (mod p), because c3 ≡ m 0 Corollary 4.23, because ββ ≡ 1 (mod p − 1). (c) See the solutions to (a) and (b). 9. r ≡ g y ≡ 34 ≡ 81 ≡ 4 (mod 7) and c ≡ hy m ≡ 66 6 ≡ (−1)6 6 ≡ 6 (mod 7). Alice receives (4, 6). 10. r ≡ g y ≡ 28 ≡ 256 ≡ 9 (mod 13), and c ≡ hy m ≡ 58 10 ≡ 10 (mod 13). Alice receives 9, 10. 11. r ≡ g y ≡ 22475007 (mod 46454609), and c ≡ hy m ≡ 45118009 (mod 46454609). Alice receives (22475007, 45118009). 12. r ≡ g y ≡ 395988176 (mod 612985319), and c ≡ hy m ≡ 21182817 (mod 612985319). Alice receives (395988176, 21182817). 13. m ≡ cr˙ −x ≡ 2 · 21−7 ≡ 14 (mod 23). The message is 14. 14. m ≡ cr˙ −x ≡ 34 · 9−13 ≡ 33 (mod 59). The message is 33. 15. m ≡ cr˙ −x ≡ 4214 · 1976−6475 ≡ 1948 (mod 6581). The message is 1948. 73

16. m ≡ cr˙ −x ≡ 25581 · 26642−6491 ≡ 2880 (mod 45893). The message is 2880. 17. Call the two ciphertexts (r1 , c1 ) and (r2 , c2 ). Since r1 = r2 , we know that y1 = y2 . In Section 8.4, it is shown that m1 /m2 ≡ c1 /c2 (mod p) in this case. Therefore, 3/m2 ≡ 8/9, so m2 ≡ 27/8 ≡ 5 (mod 13). The message is 5. 18. Eve knows p, y, h, and c. Since c ≡ hy m (mod p), she computes m ≡ h−y c (mod p). 19. Compute the verification equation: 8690e ≡ 209, 5909e ≡ 1059, 636e 6≡ 921, 5120e ≡ 347 (mod 10379). Therefore, (921, 636) is the forgery. 20. Compute the verification equation: 72702e ≡ 983, 34711523 ≡ 76, 1910562731 ≡ 2731, 65782e 6≡ 3771 (mod 443617). Therefore, (3771, 65782) is the forgery. 21. (a) n = pq = 19 · 13 = 247, (b) d ≡ 5−1 ≡ 173 (mod (p − 1)(q − 1)). (c) s ≡ 93d ≡ 175 (mod n). 22. (a) n = pq = 667, (b) d ≡ 13−1 ≡ 237 (mod (p − 1)(q − 1)). (c) s ≡ 197d ≡ 604 (mod n). 23. (a) n = pq = 210589, (b) d ≡ 91−1 ≡ 11511 (mod (p − 1)(q − 1)). (c) s ≡ 147d ≡ 144505 (mod n). 24. (a) n = pq = 2519599, (b) d ≡ 13−1 ≡ 774277 (mod (p − 1)(q − 1)). (c) s ≡ 935d ≡ 2093565 (mod n). 25. Since 59e ≡ 31 (mod 77), the signature is valid. 26. Since 63e ≡ 47 (mod 95), the signature is valid. 27. Since 794e ≡ 1751 6≡ 91 (mod 2911), the signature is not valid. 28. Since 1424e ≡ 1208 6≡ 2136 (mod 5141), the signature is not valid. 29. We need m ≡ se (mod n). Therefore, let m ≡ 113 ≡ 22 (mod 187).

8.2

Projects

1. (a) First, note that since s ≡ k −1 (m − xr) (mod p − 1), we see that m ≡ sk + xr (mod p − 1). By Fermat’s Theorem, g m ≡ g (sk+xr) (mod p)

74

Therefore, r

v2 ≡ g m ≡ g (sk+xr) ≡ g sk g xr ≡ (g k )s (g x ) ≡ rs hr ≡ v1 (mod p) (b) If Eve knows x, she can calculate h since g and p are public. She can then take any message m0 , choose her own random k 0 with gcd(k 0 , p − 1) = 0 −1 1 and compute r0 ≡ g k (mod p) and s0 ≡ k 0 (m0 −xr0 ) (mod p−1). The 0 0 0 signed message is then (m , r , s ). Since Alice’s public information (p, g, h) has not been altered, Bob can verify exactly as before while remaining unaware that m0 came form Eve, not Alice. (c) Suppose Eve discovers the value of k. That, together with m, r, and s, allows her to find x: First, since s ≡ k −1 (m − xr) (mod p − 1), rx ≡ m − ks (mod p − 1). There are then gcd(r, p − 1) choices for x. Eve now calculates g x (mod p) for each of them and stops when she get h. (d) Since r ≡ g k (mod p), if the same value of k is used for m1 and m2 , Eve will see that the same r has been transmitted. Say that Eve sees (m1 , r, s1 ) and (m2 , r, s2 ). She knows that si ≡ k −1 (mi − xr) for i = 1, 2 and can use this to get that both s1 k − m1 and s2 k − m2 are congruent mod p − 1 to −xr. This tells Eve that s1 k − m1 ≡ s2 k − m2 (mod p − 1) so (s1 − s2 )k ≡ m1 − m2 (mod p − 1). Since s1 , s2 , m1 , m2 are known, Eve can find the gcd(s1 − s2 , p − 1) solutions to this congruence. Since Eve knows r, she can find which of these solutions is Alice’s k by calculating g k for each one of them and stopping when she gets r.

8.3

Computer Explorations

1. Solve the discrete log problem to obtain x = 345 (or y = 543). Then compute (2y )x ≡ 9620345 ≡ 7557 (mod 12347). 2. (b) y (p−1)/2 ≡ −1 for the jack and king and +1 for the queen and ace. Because α is odd, if x(p−1)/2 ≡ −1, then y (p−1)/2 ≡ (xα )(p−1)/2 ≡ (−1)α ≡ −1, and similarly, if x(p−1/2 ≡ +1 then y (p−1)/2 ≡ +1. (c) There are many such primes p. We should have p > 1721050514 (= queen). One example is p = 2000000087, which yields +1 for the ace and −1 for the other three cards.

75

Chapter 9

Quadratic Reciprocity 9.1

Exercises

1. This problem is most easily done by trying numbers until one works. We find that 52 ≡ 62 ≡ 3 (mod 11), so x = 5 and x = 6 work. 2. 

38 79



3.



 19 = 79   19 = (+1) (since 79 ≡ 7 (mod 8)) 79     79 3 =− =− 19 19     19 1 =+ = = 1. 3 3 

2 79

3 17





 =

17 3

 =

  2 = −1. 3

4. 

31 103





      103 10 2 5 =− =− 31 31 31 31     31 1 = −(+1) =− = −1. 5 5

=−

5. 

19 101





   101 6 = 19 19        2 3 19 1 = = (−1)(− )= = 1. 19 19 3 3 =

76

Therefore, x2 ≡ 19 (mod 101) has solutions. 6. 

23 79





     10 2 5 =− =− 23 23 23       23 3 5 = −(+1) =− =− 5 5 3   2 =− = +1. 3

=−

79 23



7. (a) Since x2 ≡ 2 (mod 11) has no solutions, and 11 | 209, there are no 2 solutions to  x ≡ 2 (mod  209).        47 3 11 2 9 (b) Since 11 = 11 = − 3 = − 3 = 1 and 47 = 11 = 19 1, there is a solution to x2 ≡ 47 (mod 11) and a solution to x2 ≡ 47 (mod 19). The Chinese Remainder Theorem combines these and gives a solution (actually, 4 of them) to x2 ≡ 47 (mod 209).       7 107 2 8. (a) =− =− = −1. 107 7 7 (b) By Euler’s criterion,   7 −1 = ≡ 7(107−1)/2 ≡ 753 (mod 107). 107 (c) We know that ord107 (7) | 107−1 = 106, so ord107 (7) = 1, 2, 53, or 106. Since 72 6≡ 1 and 753 ≡ −1 6≡ 1 (mod 107), we must have ord107 (7) = 106. 9. (a) Since 22 ≡ 1 (mod 3), we have 2k ≡ 1 (mod 3) for all even k. Therefore, p ≡ 1 + 1 ≡ 2 (mod 3). (b) Since p ≡ 1 (mod 4),       p 2 3 = = = −1. p 3 3 m

(c) Since ordp (3) | p − 1 = 22 , we must have that the order of 3 mod p is a power of 2. (d) By Euler’s criterion,   3 −1 ≡ ≡ 3(p−1)/2 (mod p), p m

so ordp (3) - (p − 1)/2 = 22 −1 . Since ordp (3) is a power of 2, the smallest m it can be is 22 = p−1. But this is the largest that the order of an element can be, so ordp (3) = p − 1, which means that 3 is a primitive root for p. (e) Simply change 3 to a in (c) and (d). 77

10. Since p ≡ q (mod 28), we have p ≡ q (mod 7). Therefore,     p q = . 7 7     7 p Also, = δ , where δ = +1 when p ≡ 1 (mod 4) and δ = −1 p 7 when p ≡ 3 (mod 4). A similar result holds for q. Since p ≡ q (mod 4), the δ is the same for p and q. Therefore,         7 p q 7 =δ =δ = . p 7 7 q 11. Since p ≡ q (mod 5), we have     q p = . 5 5     5 p Also, = . A similar result holds for q. Therefore, p 5         5 p q 5 = = = . p 5 5 q 12. (a) and (b) Since p ≡ 1 (mod 4) and p ≡ 9 (mod q),        2 q p 9 3 = = = = (±1)2 = +1. p q q q 13. Let g be a primitive root mod p and write b ≡ g i (mod p). Then b(p−1)/3 ≡ 1 =⇒ g i(p−1)/3 ≡ 1 =⇒ i(p − 1)/3 ≡ 0 (mod p − 1) =⇒ i ≡ 0 (mod 3) =⇒ b is a cube mod p. Conversely, if b ≡ c3 , then b(p−1)/3 ≡ cp−1 ≡ 1 (mod p) by Fermat’s theorem. 14. x3 ≡ b2p−1 ≡ (bp−1 )2 b ≡ 12 b ≡ b (mod p).

78

15. Since −5 is a square mod 5 and mod 2, we assume from now on that p 6= 2, 5. First, suppose that p ≡ 1 (mod 4). Then      −1 5 −5 = p p p   5 =+ p   p . = 5 This equals 1 if and only if p ≡ 1, 4 (mod 5). Since p ≡ 1 (mod 4), this becomes p ≡ 1, 9 (mod 20). Now suppose that p ≡ 3 (mod 4). Then      −5 −1 5 = p p p   5 =− p   p =− . 5 This equals 1 if and only if p ≡ 2, 3 (mod 5). Since p ≡ 3 (mod 4), this becomes p ≡ 3, 7 (mod 20). Therefore, −5 is a square mod p if and only if p = 2, 5 or p ≡ 1, 3, 7, 9 (mod 20). 16. (a) When k ≥ 5, we have k! ≡ 0 (mod 5). Therefore, 1! + 2! + · · · + n! ≡ 1! + 2! + 3! + 4! ≡ 3 (mod 5). (b) The value of 1! + 2! + · · · + n! is 1 for n = 1, is 3 for n = 2, is 9 for n = 3, is 33 for n = 4. Therefore, n = 1 and n = 3 yield squares. When n ≥ 5, the sum is 3 mod 5. But 3 is not a square mod 5, so the sum cannot be a square. 17. (a) When n ≥ p, we have q = n! + 1 ≡ 1 (mod p). When n ≥ 4, we have q = n! + 1 ≡ 1 (mod 4). Therefore,       q 1 p = = = 1. q p p Since n ≥ p and p is assumed to be an odd prime, the only other choice   3 is n = 3 and p = 3. We have q = 3! + 1 = 7 and = −1. 7 (b) The values of n are 11, 27, 37, 41, 73, 77, 116, 154. For each of these, q = n! + 1 and p can be any prime up to n. For example, p = 3 works for each q.

79

18. (a) Since p ≡ 3 (mod 4), we have 2p ≡ 6 (mod 8), so q = 2p + 1 ≡ 7 (mod 8). The supplementary law says that 2 is a square mod q. (b) By Euler’s criterion,   2 1= ≡ 2(q−1)/2 ≡ 2p (mod q). q Therefore, q | 2p − 1. 19. (a) Since 2p ≡ 1 (mod q),  p  p    2 2 1 = = = 1. q q q   2 = 1. Since p is odd, we must have q (b) The supplementary law says that since 2 is a square mod q, we must have q ≡ 1, 7 (mod 8). 20. Suppose that p1 , . . . , pn are all of the primes that are 3 mod 8. Let N = (p1 · · · pn )2 + 2. Since (p1 · · · pn ) is odd and the square of an odd number is 1 mod 8, we have N ≡ 3 (mod 8). Therefore, N cannot be a product only of primes that are congruent to 1 mod 8. Let p 6≡ 1 (mod 8) be a prime factor of N . Since −2 ≡ (p1 · · · pn )2 (mod p), we have that −2 is a square mod p. The supplementary laws show that if p ≡ 5, 7 (mod 8) then −2 is not a square mod p, so we must have p ≡ 1, 3 (mod 8). But p 6≡ 1 (mod 8), so p ≡ 3 (mod 8). Since p is not one of p1 , . . . , pn , the list did not contain all primes that are 3 mod 8. Since no finite list contains all primes that are 3 mod 8, there must be infinitely many such primes. 21. Suppose that p1 , . . . , pn are all of the primes that are 7 mod 8. Let N = (p1 · · · pn )2 − 2. Since (p1 · · · pn ) is odd and the square of an odd number is 1 mod 8, we have N ≡ −1 (mod 8). Therefore, N cannot be a product only of primes that are congruent to 1 mod 8. Let p 6≡ 1 (mod 8) be a prime factor of N . Since 2 ≡ (p1 · · · pn )2 (mod p), we have that 2 is a square mod p. The supplementary law says that p ≡ 1, 7 (mod 8). But p 6≡ 1 (mod 8), so p ≡ 7 (mod 8). Since p is not one of p1 , . . . , pn , the list did not contain all primes that are 7 mod 8. Since no finite list contains all primes that are 7 mod 8, there must be infinitely many such primes. 22. (a) Suppose that p ≡ 1 (mod 4). Then        −3 −1 3 3 = =+ p p p p     p 2 = = = −1. 3 3

80

Now suppose that p ≡ 3 (mod 4). Then        −3 −1 3 3 = =− p p p p     p 2 =+ = = −1. 3 3 (b) Suppose p1 , . . . , pn are all of the primes that are 1 mod 3. Let N = (p1 · · · pn )2 + 3. Let p be a prime factor of N . Then p 6= 3 and p 6= p1 , . . . , pn . Since (p1 · · · pn )2 ≡ −3 (mod p), part (a) implies that p ≡ 1 (mod 3). Therefore, the list was not complete. Since no finite list can be complete, there must be infinitely many primes that are 1 mod 3. 23. (a) Looking at n ≡ 0, 1 (mod 2), we see that n2 + n + 1 ≡ 1 (mod 2), so n2 + n + 1 has only odd prime factors. 2 (b) Since (2n + 1)2 + 3 = 4(n2 + n + 1), we have p | (2n  + 3.  + 1) −3 = 1. Part (c) Part (b) says that (2n + 1)2 ≡ −3 (mod p), so p (a) of Exercise 22 implies that we cannot have p ≡ 2 (mod 3), so p ≡ 1 (mod 3). 24. (a) By Lemma 4.25, the set {g · 1, g · 2, . . . , g · (p − 1)} mod p is the same as {1, 2, . . . , p − 1}, but rearranged. Therefore, the sum in (a) is the same sum S, with rearranged. So the sums  the  terms     are  equal. gj g j g (b) Since = , we can factor out of each term and p p p  p g S = S. obtain p   g (c) By Proposition 7.6 and Euler’s criterion, ≡ g (p−1)/2 ≡ −1 p (mod p). (d) From (b) and (c), we have S = −S, so S = 0. (e) Since S = 0, the number of summands equal to +1 is the same as the number of summands equal to −1. This means that the number of squares mod p is equal to the number of nonsquares. 25. Since 23 ≡ 3 (mod 4), we use Proposition 9.5 and compute 2(23+1)/4 ≡ 26 ≡ 64 ≡ 18 (mod 23). A check shows that 182 ≡ 2 (mod 23). 26. Since 19 ≡ 3 (mod 4), we use Proposition 9.5 and compute 11(19+1)/4 ≡ 115 ≡ (121)2 11 ≡ 72 11 ≡ 7 (mod 19). A check shows that 72 ≡ 11 (mod 19).

81

27. Since 29 ≡ 5 (mod 8), we use Proposition 9.6 and compute 7(29−1)/4 ≡ 77 ≡ 1 (mod 29). Therefore, we compute y ≡ 7(29+3)/8 ≡ 74 ≡ 23 (mod 29). A check shows that 232 ≡ 7 (mod 29). 28. Since 29 ≡ 5 (mod 8), we use Proposition 9.6 and compute 5(29−1)/4 ≡ 57 ≡ −1 (mod 29). Therefore, we compute y ≡ 2(29−1)/4 5(29+3)/8 ≡ 27 54 ≡ 18 (mod 29). A check shows that 182 ≡ 5 (mod 29). 29. The discriminant is b2 − 4ac = 49 + 40 = 89 ≡ 15 (mod 89). Since         3 5 89 89 15 = = 89 89 89 3 5    2 4 = = (−1)(+1) = −1, 3 5 there are no solutions. 30. The discriminant is b2 − 4ac = 25 − 28 ≡ 20 (mod 23). Since 

20 23



2     2 5 5 = = 23 23 23   3 = = −1, 5 

there are no solutions. 31. Since b2 − 4ac ≡ 256 − 36 ≡ 13 ≡ 62 (mod 23), the quadratic formula says that the solutions are −16 ± 6 ≡ −5, −11 ≡ 18, 12 (mod 23). 2 32. Since b2 − 4ac ≡ 1 − 20 ≡ 3 ≡ 52 (mod 11), the quadratic formula says that the solutions are 1±5 ≡ 3, −2 ≡ 3, 9 (mod 11). 2 82

33. 

35 223





     223 13 35 =− =− 35 35 13   9 =− = −1. 13

=−

34. 

35 73





     73 3 35 = =− 35 35 3   2 =− = +1. 3 =

35. 

203 3511



    2   3511 60 2 15 =− =− =− 203 203 203 203     3  8 2 203 =+ =+ = +1. =+ 15 15 15 

36. 

55 401



 =

401 55



 =

16 55

 = +1.

37. (a) 

35 143



      143 3 35 =− =− = 35 35 3   2 = = −1. 3

(b) Since a square makes the Jacobi symbol equal to +1, part (a) implies that35 is mod 143.  nota square  35 2 (c) = = −1 by the supplementary law. Since a square mod 11 11 143 is a square mod 11, we see that 35 cannot be a square mod 143.       5 77 2 38. (a) = = = −1. 77 5 5 (b) Since a square makes the Jacobi symbol equal to +1, part (a) implies that5 is  nota square   mod  77. 5 7 2 (c) = = = −1. Since a square mod 77 is a square mod 7 5 5 7, we see that 5 cannot be a square mod 77. 83



     3 35 2 =− = = +1. 35 3 3 (b)  No.See  thewarning  near the beginning of Section 9.4. 5 2 3 = = = −1. Since a square mod 35 is a square mod (c) 5 3 3 5, we see that 3 cannot be a square mod 35.           55 3 13 1 13 =− = = = = +1. 40. (a) 55 13 13 3 3 (b)  No.  See the of Section 9.4.  warning   near  the  beginning  13 3 5 2 (c) = = = = −1. Since a square mod 55 is a 5 5 3 3 square mod 5, we see that 13 cannot be a square mod 35. 39. (a)

41. The number 3 · 2 ≡ 6 (mod 7) is the only number among {3 · 1, 3 · 2, 3 · 3} that  is congruent mod 7 to a number between 7/2 and 7. Therefore, n = 1  3 = (−1)1 = −1. and 7 The numbers 3·3 and 3·4 are the numbers among {3·1, 3·2, 3·3, 3·4, 3·5, 3·6} that are congruent   mod 13 to a number between 13/2 and 13. Therefore, 3 n = 2 and = (−1)2 = 1. These answers agree with what is obtained 13 using quadratic reciprocity. 42. There are no numbers among {1·1, . . . , 1·(p−1)/2} that  are congruent mod 1 p to numbers between p/2 and p. Therefore, n = 0 and = (−1)0 = 1. p 43. The numbers {−1 · 1, . . . , −1 · (p − 1)/2} are congruent mod p to {p − 1, . . . , (p + 1)/2}. All numbers are between p/2 and p. Therefore,   of these −1 = (−1)(p−1)/2 . This is exactly what Theorem n = (p − 1)/2 and p 9.4(b) says.

9.2

Projects

1. (a) Either directly substitute the four numbers into f (x) and check that the result is 0, or make the substitution u = x2 , and get f (u) = u2 −2u+9 √ 2 which has roots u = x = 1 ± 2 2i. If x = a + bi, square x and solve. (b) If f (x) = g(x)h(x) and g(x) = ax + b, then g(−b/a) = f (−b/a) = 0. Since we already know all four roots of f (x), we know that none of them are rational. (Or use the rational root test.) √ (c) Let r = 2 + i. Then the four roots of f (x) are r, r, −r, and −r where a + bi = a − bi. If (x − r1 )(x − r2 ) has rational coefficients then the sum and product of r1 and r2 is rational. For their product to be rational, r1

84

and r2 must be complex conjugates. If r1 and r2 are complex conjugates, r1 + r2 is irrational. (d) From (b) and (c) the only way f (x) can factor into polynomials with rational coefficients is for: f (x) = g(x)h(x) where g(x) and h(x) each have degree 2. From (c), neither g(x) nor h(x) can factor if the product of the factors has rational numbers. But using the quadratic formula, every quadratic factors if we allow complex numbers. Therefore, g(x) and h(x) cannot exist and f (x) can’t factor into lower degree polynomials with rational coefficients. (e) Taking all congruences mod p, we get (x2 + 2sx − 3)(x2 − 2sx − 3) = x4 − (6 + 4s2 )x2 + 9 ≡ x4 − (6 − 4)x2 + 9 ≡ x4 − 2x2 + 9 (mod p) (f) Since p ≡ 3 (mod 8), p ≡ 3 (mod 4), quadratic reciprocity says that      −1 2 −2 = = (−1)(−1) = 1. p p p (g) Since t2 ≡ −2 (mod p), (x2 − 2t − 1)(x2 + 2t − 1) = x4 − 2x2 − 4t2 + 1 ≡ x4 − 2x2 − 4(−2) + 1 ≡ x4 − 2x2 + 9 (mod p) (h) This is a direct result from the supplementary law of quadratic reciprocity for 2. (i) Since u2 ≡ 2 (mod p), (x2 + 2ux − 3)(x2 − 2ux + 3) = x4 + (6 − 4u2 )x2 + 9 ≡ x4 − (6 − 4 · 2)x2 + 9 ≡ x4 − 2x2 + 9 (mod p). (j) With all congruences taken mod 2, we get x4 − 2x2 + 9 ≡ x4 + 1 ≡ (x + 1)4 (mod 2). 2. While doing this project, all our congruences will  be taken mod p and we will be using Proposition 9.3 which says that ap ≡ a(p−1)/2 (mod p).   k0 k0 (a) c20 −1 ≡ (nm )2 −1 ≡ n(p−1)/2 ≡ −1 because np = −1. (b) r02 ≡ am+1 ≡ a · am ≡ at0 k0 −1

(c) t02

(2k0 −1 )/2

≡ (am )

≡ ap−1/2 ≡ 1 because 85

  a p

= −1

(d) By the definition of ti , ordp (ti ) | 2ki −1 . So, ordp (ti ) = 2ki+1 with 1 ≤ ki+1 ≤ ki − 1 < ki . ki+1 −1

ki+1

≡ 1, t2i (e ) Since ti2 and ordp (ti ) = 2ki+1

≡ ±1. It can’t be +1 because 2ki+1 −1 < 2ki+1

(f) We begin by calculating ki+1

csi+1 ≡ (bi 2 )2

−1

≡ c2i

ki −1

≡ −1.

(g) Next, we see that 2 ri+1 ≡ b2i ri2 ≡ b2i ati ≡ b2i ti a ≡ ti+1 a ≡ ati+1 ≡ −1 · .

(h) Finally, we see that ki+1 −1

t2i+1

ki+1 −1

c2i+1

ki+1

≡ (b2i ti )2

ki+1

ti2

3. Assume that a

−1

n−1 2

−1

ki+1

≡ (−1)(t2i ≡

a n

ki+1 −1

≡ (ci+1 ti )2 −1

≡

) ≡ (−1)(−1 ≡ 1).

≡ ±1 (mod n).

Therefore, a(n−1) ≡ 1 (mod p) and n is an a - pseudoprime by definition. (b) Since 2

( 561−1 ) 2

 ≡ 1 (mod 561) ≡

2 561

 ,

we see that (c) This is true because 2

864

 ≡ 1 (mod 1729) ≡

and 3864 ≡ 1 (mod 1729) ≡



2 1729



3 1729



,

.

(d) An example is a = 17 since 17864 ≡ 1 (mod 1729) and

86



3 1729

 = −1.

Chapter 10

Primality and Factorization 10.1

Exercises

1. 2880 = 26 32 5 2. 85680 = 24 32 5 · 7 · 17 3. 1152 = 27 32 4. 899 = 900 − 1 = (30 + 1)(30 − 1) = 31 · 29 5. 391 = 400 − 9 = (20 + 3)(20 − 3) = 23 · 17 6. 551 = 576 − 25 = (24 + 5)(24 − 5) = 29 · 19 7. (a) 621 = 625 − 4 = (25 + 2)(25 − 2) = 27 · 23 = 33 23 (b) 621 = 33 · 23 8. (a) pq = n = (x + y)(x − y). Since we have assumed that p > q and x − y > 1, we have x + y = p and x − y = q. This yields x = (p + q)/2 and y = (p − q)/2. √ √ (b) The Fermat method starts with x ≈ n = pq . By part (a), it √ continues until x = (p + q)/2, so there are approximately (p − q)/2 − pq steps. (c) The left side is ((p + q)/2)2 − pq = ((p − q)/2)2 = (t/2)2 = t2 /4. √ (d) The assumption implies that (p + q)/2 + pq ≈ p + p = 2p. Therefore, part (c) implies that p+q √ − pq ≈ (t2 /4)/(2p) = t2 /(8p). 2 (e) Combining parts (b) and (d) tells us that the number of steps is approximately t2 /(8p) ≈ (1080 )2 /(8 × 1099 ) ≈ 1061 /8 ≈ 1060 . (f) The same calculation as in (e) tells us that we need around (1050 )2 /(8× 1099 ) ≈ 10/8 steps. So we need very few steps. 87

9. Calculate 214 ≡ 4 (mod 15), so 15 is composite. 10. We have 672 ≡ (2140 )2 ≡ 2280 ≡ 1 (mod 561). Therefore, 672 ≡ 1 but 67 6≡ ±1, which is impossible if 561 is prime. Therefore, 561 is composite. (This is the Strong Fermat test (Proposition 10.4.) 11. (a) 211 = 2048 ≡ 1 (mod 2047). (b) Since 1023 = 11 · 93, we have 21023 ≡ (211 )93 ≡ 193 ≡ 1 (mod 2047). (c) In the notation of Proposition 10.4, we have b = 2, k = 1, s = 1023, and b0 ≡ 21023 ≡ 1 (mod 2047). This is the case j = 0 in the definition of a strong pseudoprime. 12. Note that 1729 = 7 · 13 · 19. Suppose that gcd(b, 1729) = 1. Then b 6≡ 0 (mod 7), so b6 ≡ 1 (mod 7). Since 1728 ≡ 0 (mod 6), we have b1728 ≡ 1 (mod 7). Similarly, b1728 ≡ 1 (mod 13) and (mod 19). Therefore, b1728 ≡ 1 (mod 1729). Since b was arbitrary, 1729 is a Carmichael number. 13. Suppose that gcd(b, 41041) = 1. Then gcd(b, 7) = 1, so b6 ≡ 1 (mod 7). Since 41040 ≡ 0 (mod 6), we have b41040 ≡ 1 (mod 7). Similarly, b41040 ≡ 1 (mod 11), (mod 13), and (mod 41). Therefore, b41040 ≡ 1 (mod 41041). Since b was arbitrary, 41041 is a Carmichael number. 14. (a) We have pqr = (6k + 1)(12k + 1)(18k + 1) = 1296 ∗ k 3 + 396 ∗ k 2 + 36 ∗ k + 1 ≡ 1 (mod 36k). Therefore, n − 1 ≡ 0 (mod 36k). Since 36k is a multiple of p − 1, q − 1, and r − 1, Suppose gcd(b, pqr) = 1. Then gcd(b, p) = 1, and bp−1 ≡ 1 (mod p), so we have bn−1 ≡ 1 (mod p). Similarly, bn−1 ≡ 1 (mod q) and bn−1 ≡ 1 (mod r). Therefore, bn−1 ≡ 1 (mod pqr), so n is a Carmichael number. (b) The values k = 6, 35, 45, 521, 55, 56, 100 yield n =294409, 56052361, 118901521, 172947529, 216821881, 228842209, 1299963601. 15. Write ed = 1 + (p − 1)(r − 1)k for some k. Then cd ≡ med ≡ m(mp−1 )(r−1)k ≡ m(1)(r−1)k ≡ m (mod p) and cd ≡ med ≡ m(mr−1 )(p−1)k ≡ m(1)(p−1)k ≡ m (mod p). The first calculation used Fermat’s theorem and the second computation use the Carmichael property of r. Therefore, both p and r divide cd − 1. Since gcd(p, r) = 1, we can combine these to obtain cd ≡ m (mod pr). 88

16. Calculate 328 ≡ 1 (mod 29) and gcd(3(29−1)/7 − 1, 29) = 1. Since F > N , we have proved that 29 is prime. 17. Calculate 330 ≡ 1 (mod 31), gcd(3(31−1)/2 − 1, 29) = 1, gcd(3(31−1)/3 − 1, 31) = 1. Since F > N , we have proved that 31 is prime. 18. For F3 = 257, calculate 3128 ≡ −1 (mod 257). For F4 = 65537, calculate 332768 ≡ −1 (mod 65537). P´epin’s test shows that F3 and F4 are prime. 19. In the notation of the Pocklington-Lehmer test, we can write m − 1 = F N with F = 2n and N = k. Then am−1 ≡ (−1)2 ≡ 1 (mod m) and a(m−1)/2 − 1 ≡ −1 − 1 ≡ −2 (mod m). Therefore, gcd(a(m−1)/2 − 1, m) = 1. Since F > N , the Pocklington-Lehmer test implies that m is prime. 20. Calculate gcd(284 − 123, 851) = 23 to get 851 = 23 · 37. 21. Calculate gcd(427 − 333, 893) = 47 to get 893 = 19 · 47. 22. We have 300 = 4·74, so 5112 ≡ 4·75 ≡ 4·12512 ≡ (2·1251)2 (mod 23711). Calculate gcd(2 · 1251 − 511, 23711) = 181 to get 23711 = 131 · 181. 23. Multiply the two relations to obtain (937·1666)2 ≡ (2·3·7)2 (mod 28321). Calculate gcd(937 · 1666 − 2 · 3 · 7, 28321) = 223 to get 28321 = 127 · 223. 24. We have 672 ≡ (2140 )2 ≡ 2280 ≡ 12 (mod 561). Calculate gcd(67 − 1, 561) = 33 to get 561 = 33 · 17. The complete factorization is 561 = 3 · 11 · 17. 25. (a) Compute 414 ≡ 1 (mod 15). (b) Compute 15 − 1 = 2 · 7. Then compute b0 ≡ 47 ≡ 4 (mod 15) and b1 ≡ 42 ≡ 1 (mod 15). Since b1 = 1 and b0 6≡ ±1 (mod 15), we see that 15 is not a strong 4-pseudoprime. (c) We have 42 ≡ 1 (mod 15). Calculate gcd(4 − 1, 15) = 3, which yields 15 = 3 · 5. 26. (a) Compute 634 ≡ 1 (mod 35). (b) Compute 35 − 1 = 2 · 17. Then compute b0 ≡ 617 ≡ 6 (mod 35) and b1 ≡ 62 ≡ 1 (mod 35). Since b1 = 1 and b0 6≡ ±1 (mod 35), we see that 35 is not a strong 6-pseudoprime. (c) We have 62 ≡ 1 (mod 35). Calculate gcd(6 − 1, 35) = 5, which yields 35 = 5 · 7. 27. Calculate gcd(23! − 1, 77) = gcd(63, 77) = 7, which yields 77 = 7 · 11. 89

28. (a) Calculate gcd(23! − 1, 115) = gcd(63, 115) = 1. This doesn’t work because 5 and 23 are the factors of 115, but 5 − 1 has too high a power of 2 and 23 − 1 has the large prime factor 11. (b) Calculate gcd(24! − 1, 115) = 5, which yields 115 = 5 · 23. 29. Calculate gcd(24! − 1, 91) = 91. Since 224 ≡ 1 (mod 91), we write 24 = 23 3. Let b0 ≡ 23 ≡ 8 (mod 91). Then b1 ≡ 82 ≡ 64 (mod 91) and b2 ≡ 642 ≡ 1 (mod 91). Compute gcd(64 − 1, 91) = 7, which yields the factorization 91 = 7 · 13. 30. If n = 2a2 3a3 · · · , then ln 2 gets subtracted from ln n a total of a2 times, ln 3 gets subtracted a3 times, ln 5 gets subtracted a5 times, and ln 7 gets subtracted a7 times. The result is ln(n/(2a2 3a3 5a5 7a7 )). This equals 0 if and only if n = 2a2 3a3 5a5 7a7 , which is the same as saying that n is 10-smooth.

10.2

Projects

1. (a) Since 2n−1 ≡ 1 (mod n), 2n ≡ 2 (mod n). But, M = 2n − 1, so M − 1 = 2n − 2 =⇒ M − 1 ≡ 0 (mod n) =⇒ M − 1 = nk 0 for some integer k 0 . Because M is odd M − 1 is even. Since n is odd, k 0 must be even, so k 0 = 2k. So, M − 1 = 2nk. (b) Since 2n = M + 1, 2n ≡ 1 (mod M ) and then 2nk ≡ 1 (mod M ). (c) We have nk =

2n − 2 M −1 = = 2n−1 − 1 2 2

which is an odd integer. b

(d) We can write n = ab with 1 < a, b < n. When writing 2ab = (2a ) we get 2ab − 1 = (2a − 1)((2a )b−1 + (2a )b−2 + · · · + 2a + 1. (e) We know that M − 1 = 2nk = 2s where s is an odd integer, and that 2s ≡ 1 (mod M ) from parts (b) and (a). Therefore M is a strong 2 pseudoprime by definition. (f) Let n be a 2-pseudoprime. (For example, n = 341. The M = 2231 −1 is a new, larger 2-pseudoprime and in fact a strong 2- pseudoprime. Continue 0 this process, creating M1 = 2M −1, 2M −1 etc. This will form a sequence 231 < M < M1 < · · · < Mr < · · · with Mi = 2Mi −1 for i = 2, 3, . . . and each Mi a strong 2 - pseudoprime.

90

n

n

2. (a) Since Fn = 22 + 1, 22 ≡ −1 (mod Fn ). n

(b)We see that bn = 22 , so bn ≡ −1 (mod Fn ). (c) Since bi+1 ≡ b2i (mod Fn ) we have bn+1 ≡ b2n ≡ (−1)2 ≡ 1 (mod Fn ). (d) We know that bn+1 ≡ 1 (mod Fn ) and that if j < n + 1, then bj 6≡ 1 (mod Fn ). (If bj ≡ 1 (mod Fn ) for j < n + 1, then bn ≡ 1 (mod Fn + 1)). Since bn ≡ −1 (mod Fn ), if Fn is composite, Fn is a strong 2-pseudoprime by definition. 3. (a) Since n ≡ −1 (mod 24), n ≡ −1 (mod 3). So, if x2 − y 2 = n and 3 | y, then x2 ≡ −1 (mod 3). Because every integer is 0 or ±1 (mod 3), the square of an integer cannot be −1 (mod 3). Therefore, 3 - y. (b) If x2 − y 2 ≡ −1 (mod 24), then x2 − y 2 ≡ −1 (mod 4). If 2 | y, then 4 | y 2 . So, if 2 | y, then x2 ≡ −1 (mod 4) which is impossible since the square of an integer is 0 or 1 mod 4. (c) From (a) and (b) we know that y ≡ 1 (mod 2) and y ≡ ±1 (mod 3). Therefore y 2 ≡ 1 (mod 8) and y 2 ≡ 1 (mod 3). Therefore, y 2 ≡ 1 (mod 24) by the Chinese Remainder Theorem. (d) Because x2 + −y 2 ≡ −1 (mod 24) and y 2 ≡ 1 (mod 24), x2 − y 2 ≡ x2 − 1 ≡ −1 (mod 24), so x2 ≡ 0 (mod 24). This means that 23 · 3 | x2 so 22 · 3 = 12 | x and x ≡ 0 (mod 12). (e) If n = 68041439, and x2 − y 2 = n, then x√is a multiple of 12. Take x1 = 8256, the first multiple of 12 larger than n.Then x21 − n = 120097 is not a square. (f) Next, try x2 = 8268. then, 82682 −n = 7192 . Therefore, 82682 −7192 = 68041439, so (8268 − 719)(8268 + 719) = 7549 · 8987 = 68041439.

10.3

Computer Explorations

1. The seven 2-pseudoprimes are 341, 561, 645, 1105, 1387, 1729, 1905. None are strong 2-pseudoprimes. 2. (a) One example is p = 109. (b) One example is q = 607. (c) With the p and q from parts (a) an (b), we use B = 25 and compute 225! ≡ 58316 (mod n),

gcd(58315, n) = 109.

(d) One example is r = 101. (e) We have m = 101 · 109 = 11009. Take B = 25. Compute 225! ≡ 1 91

(mod n), so gcd(225! − 1, m) = m. Now try Algorithm 10.10. Write 25! = 22 2s, where s = 3698160658676859375 and let b0 ≡ 2s ≡ 9080 (mod m), b1 ≡ b20 ≡ 11008 ≡ −1 (mod m). Then b2 = 1 but we do not get a factorization. Repeat the above with 3 in place of 2. Again we get gcd(325! − 1, m) = m, so we use Algorithm 10.10. We have b0 ≡ 3s ≡ 9484 (mod m), b1 ≡ b20 ≡ 2726, and b2 ≡ 1 (mod m). We compute gcd(2726 − 1, m) = 109. 3. (a) n = 655802 − 12 = 65579 · 65581. (b) 65578 = 2 · 32789 and 65580 = 22 3 · 5 · 1093. Each p − 1 has a large prime factor, so we expect the p − 1 method to fail. 4. (a) 171021 values of n ≤ 106 yield gcd(n, 9699690) = 1. (b) There are 78498 primes less than 106 . This is about half the number obtained in part (a) (c) The product is .171024, which is approximately the answer to part (a) divided by 106 , (d) The probability that an integer is not divisible by p is 1 − 1/p, so the probability that it is not divisible by any primes less than 20 is the product in part (c). Since gcd(9699690, n) = 1 exactly when n is not divisible by any primes less than 20, we see that the probability that gcd(9699690, n) = 1 is the product in part (c). Multiplying this probability by 106 gives the expected number of cases with gcd = 1.

92

Chapter 11

Geometry of Numbers 11.1

Exercises

1. Let N be large. Take a rectangle with corners at (.1, −N ), (.9, −N ), (.1, N ), (.9, N ). Its area is 1.6N . If N = 1000, the area is larger than 1000. 2. Let N be large. Consider the rectangle with corners at (±N, ±.5). Its area is 2N . Now remove the line segments 1 ≤ x ≤ N and −N ≤ x ≤ −1. The resulting region still has area 2N and is centrally symmetric, but it is not convex. When N > 500, its area is larger than 1000. 3. For each side of the polygon, there is a corresponding side that is symmetric across the origin. Therefore, the sides can be paired up. Clearly, no side gets paired with itself. Therefore, there is an even number of sides. 4. (a) The base is from (−5, −1) to (−3, −1), so it has length 2. The height is 2. Therefore, the area is 4. (b) The base of P 0 has length 1.98 and height 1.98, so its area is 3.9204. Note that P 0 lies strictly inside P and therefore contains neither the vertices of P nor (±1, 0) and (4, 1) and (−4, −1), all of which lie on the sides of P . The only integer point inside P 0 is (0, 0). (c) Let P 00 be the parallelogram with vertices at (−999.99, −.99), (−998.01, −.99), (999.99, .99), (998.01, 1.01). Its area is 3.9204 and it is convex and centrally symmetric, but it contains no integer points except (0, 0). The longest distance between vertices is approximately 2000. 5. 41 = 52 + 42 6. 97 = 92 + 42

93

7. 221 = 52 + 142 . Also, 221 = 112 + 102 . 8. 1073 = 322 + 72 . Also, 1073 = 282 + 172 . 9. The Euclidean algorithm for gcd(1237, 546) is 1237 = 2 · 546 + 145 546 = 3 · 145 + 111 145 = 1 · 111 + 34 111 = 3 · 34 + 9 34 = 3 · 9 + 7 9=1·7+2 7 = 3 · 2 + 1. The first two remainders less than 342 + 92 .

√

1237 are 34 and 9. We have 1237 =

10. The Euclidean algorithm for gcd(100049, 17682) is 100049 = 5 · 17682 + 11639 17682 = 1 · 11639 + 6043 11639 = 1 · 6043 + 5596 6043 = 1 · 5596 + 447 5596 = 12 · 447 + 232 447 = 1 · 232 + 215. We can stop here because we have the remainders less than obtain 100049 = 2322 + 2152 .

√

100049. We

2 2 11. (a) In the notation of Proposition 11.3,  B is the  disc x1 + x2 < 2p, which √ p √u has area 2πp. Use the matrix A = . Its determinant is p 2. 0 2 √ √ Therefore, vol(B 0 ) = 2πp/(p 2) = π 2. √ (b) π 2 > 4 and B 0 is convex and centrally symmetric, so Minkowski’s theorem applies. (c) Since u2 + 2 ≡ 0 (mod p), we have (px + uy)2 + 2y 2 ≡ (u2 + 2)y 2 ≡ 0 (mod p). (d) Parts (b) and (c) imply that p = (px + uy)2 + 2y 2 .

12. 23 = 32 + 32 + 22 + 12 13. 123 = 72 + 72 + 52 + 02 = 112 + 12 + 12 + 02 = 82 + 72 + 32 + 12 . 14. (a) 7 = 22 + 12 + 12 + 12 and 15 = 32 + 22 + 12 + 12 . (b) 105 = (2 · 3 − 1 · 2 − 1 · 1 − 1 · 1)2 + (2 · 2 + 1 · 3 + 1 · 1 − 1 · 1)2 + (2 · 1 + 1 · 3 + 1 · 2 − 1 · 1)2 + (2 · 1 + 1 · 3 + 1 · 1 − 1 · 2)2 = 22 + 72 + 62 + 42 . 94

(c) 105 = 102 + 22 + 12 (d) Since 105 = 3 · 5 · 7 and 3 ≡ 3 (mod 4), Theorem 11.6 says that 105 is not a sum of two squares. 15. (a) Just multiply it out. (b) Again, multiply it out. (c) Take norms of everything in the formula in part (a). 16. An easy way is to look at numbers 1 + 5y 2 for y = 1, 2, . . . . This yields 92 − 5 · 42 = 1, so (x, y) = (9, 4) is a solution. 17. An easy way is to look at numbers 1 + 7y 2 for y = 1, 2, . . . . This yields 82 − 7 · 32 = 1, so (x, y) = (8, 3) is a solution. 18. (x1 , y1 ) = (9, 4), x2 , y2 ) = (161, 72), (x3 , y3 ) = (2889, 1292), (x4 , y4 ) = (51841, 23184). Calculation shows that each of these satisfies x2n −5yn2 = 1. 19. (a) x2 − 11y 2 = 1 ⇒ x2 ≡ 1 (mod 11) ⇒ x ≡ ±1 (mod 11). (b) Look at x ≡ ±1 (mod 11). These are x = 1, 10, 12, . . . . This quickly yields the solution (x, y) = (10, 3). 20. x2 − dy 2 = −1 ⇒ x2 ≡ −1 (mod p), which is impossible by part (b) of Theorem 9.4 or by Exercise 58(b) in Chapter 4. 21. (a) If both x and y are odd, then 1 − d · 1 ≡ 4 (mod 8) (note that −4 ≡ 4 (mod 8)). This implies that d ≡ 5 (mod 8), contradiction. Therefore, one, and hence both, of x, y are even. (b) If x is odd, then x2 − dy 2 = ±4 becomes 1 ≡ 0 (mod 2), which is a contradiction. Therefore, x is even. Therefore, x2 ≡ 0 (mod 4). We now have 0 − dy 2 ≡ 0 (mod 4). Since d is squarefree, y must be even. (c) Combine (a) and (b). √ 22. Expand (x + y d)3 to get x1 = x3 + 3xy 2 d,

y1 = 3x2 y + dy 3 .

Since x and y are odd, x2 ≡ y 2 ≡ 1 (mod 8), and x1 = x(x2 + 3dy 2 ) ≡ x(1+3·5·1) ≡ 0 (mod 8). Similarly, y1 = y(3x2 +dy 2 ) ≡ y(3·1+5·1) ≡ 0 (mod 8). Also, x21 − dy12 = (x3 + 3xy 2 d)2 − d(3x2 y + dy 3 )2 = x6 + 6x4 y 2 d + 9x2 y 4 d2 − 9dx4 y 2 − 6d2 x2 y 4 − d3 y 6 = (x2 − dy 2 )3 = (±4)3 = ±64.

95

23. (a) Start with (8, 1, 3). Then 8 + 1 · m ≡ 0 (mod 3), so m ≡ 1 (mod 3). The value m = 7 makes |m2 − 61| smallest. The new triple is   8 · 7 + 1 · 61 8 + 1 · 7 72 − 61 , , = (39, 5, −4). 3 3 3 2 2 This yields the relation √ 393 − 61 · 5 = −4 √ (b) Compute (39 + 5 61) = 29718 + 3805 61. This yields 297182 − 61 · 38052 = −1 √ √ (c) Compute (29718 + 3805 61)2 = 1766319049 + 226153980 61. This yields 17663190492 − 61 · 2261539802 = 1.

11.2

Projects

1. (a) If an integer a is odd, then a2 ≡ 1 (mod 8) and if a is even, a2 ≡ 0 (mod 4). To have three squares add up to n, at least one must be odd. If one is odd, the result is 1 (mod 4), if two are odd, the result is 0 (mod 4) and if all three are odd, the result is 3 (mod 8). So, one can never get 7 (mod 8). (b) Assume a > 0. If a ≡ 0 (mod 3), a3 ≡ 0 (mod 9). If a ≡ 1 (mod 3), a3 ≡ 1 (mod 9). If a ≡ −1 (mod 3), a3 ≡ −1 (mod 9). So, adding up three cubes gives us 0, ±1, ±2, ±3 (mod 9). Since there are infinitely many integers that are not congruent to ±4 (mod 9), there are infinitely many integers that are not the sum of three non-negative cubes. (c) 23 = 13 + 13 + 13 + 13 + 13 + 13 + 13 + 23 + 23 . 239 = 53 + 33 + 33 + 33 + 23 + 23 + 23 + 23 + 13 (d) Since 33 = 27 and adding 13 eight times is too small, we begin with writing 23 = 23 + x. The we want to write 23 − 23 = 15 as a sum of seven cubes. Again we need to start with 15 = 23 + y, so we need y = 7 written as a sum of six cubes which is clearly impossible. (e) 1290740 = 13 + 13 + 253 + 493 + 543 + 1003 (f) The number is 34. 2. (a) If x = y − z then (y − z)2 + 4yz = p. After expanding and collection terms we get y 2 + 2yz + z 2 = (y + z)2 = p. Thus is impossible if p is a prime. If x = 2y, then (2y)2 + 4yz = p, so 4y(y + z) = p. Since p is a prime and 4y 6= 1, this is impossible as well. Therefore x 6= y − z and x 6= 2y. (b) We examine each case and use the fact that x, y, and z are positive integers. Case 1: (x, y, z) ∈ A. Then x1 = x + 2z, y1 = z, z1 = y − z − x. 96

Clearly x1 > 0 and y1 > 0. Since (x, y, z) ∈ A, y1 − z1 − x1 > 0. Case 2: : (x, y, z) ∈ B. Then x1 = 2y − x, y1 = y, z1 = x − y + z. Clearly y2 > 0. Since (x, y, z) ∈ B, x < 2y and y − z < x. This tells us that x1 > 0 and z1 > 0. Case 3: : (x, y, z) ∈ C. Then x1 = x − 2y, y1 = x − y + z, z1 = y. Clearly z1 > 0. Since (x, y, z) ∈ C, 2y < x so x1 > 0. Also, y1 = x − y + z > 2y − y + z = y + z > 0. To show that x21 + 4y1 z1 = p we also go case by case. Case 1: x21 + 4y1 z1 = (x + 2z)2 + 4z(y − z − x) = x2 + 4xz + 4z 2 + 4yz − 4z 2 − 4xz = x2 + 4yz = p. Case 2: x21 + 4y1 z1 = (2y − x)2 + 4y(x − y + z) = 4y 2 − 4xy + x2 + 4xy − 4y 2 + 4yz = x2 + 4yz = p. Case 3: x21 + 4y1 z1 = (x − 2y)2 + 4(x − y + z)y = x2 − 4xy + 4y 2 + 4xy − 4y 2 + 4yz = x2 + 4yz = p. (c) Again, we go case by case. Case 1: (x, y, z) ∈ A. Then x1 = x + 2z, y1 = z, z1 = y − z − x and x1 − 2y1 = x + 2z − 2z > 0 Case 2: : (x, y, z) ∈ B. Then x1 = 2y − x, y1 = y, z1 = x − y + z and y1 − z1 = y − (x − y + z) = 2y − x − z = x1 − z < x1 and x1 = 2y − x < 2y = 2y1 . Case 3: : (x, y, z) ∈ C. Then x1 = x − 2y, y1 = x − y + z, z1 = y and x1 − (y1 − z1 ) = x1 − (x − y + z − y) = x1 − (x − 2y + z) = x − 2y − (x − 2y + z) = −z < 0. (d) If h((x, y, z)) = (x, z, y), then h (h((x, y, z))) = h((x, z, y)) = (x, y, z). so h(s) = s if s ∈ S. (e) We go case by case. 97

Case 1: (x, y, z) ∈ A. Then f (x, y, z) = (x + 2z, z, y − z − x) ∈ C so f (x + 2z, z, y − z − x) = ((x + 2z) − 2z, (x + 2z) − z + (y − z − x), z) = (x, y, z). Case 2: : (x, y, z) ∈ B. Then f (x, y, z) = (2y − x, y, x − y + z) ∈ B so f (2y − x, y, x − y + z) = (2y − (2y − x), y, (2y − x) − y + (x − y + z)) = (x, y, z). Case 3: : (x, y, z) ∈ C. Then f (x, y, z) = (x − 2y, x − y + z, y) ∈ A so f (x − 2y, x − y + z, y) = ((x − 2y) + 2y, y, (x − y + z) − y − (x − 2y)) = (x, y, z). So, f (f (s)) = s for all s ∈ S. (f) Let T = {t1 , t2 , . . . , tn } and assume that g(ti ) 6= ti for 1 ≤ i ≤ n. Note that if g(ti ) = tj , then g(tj ) = ti because g is an involution.We can now write T as a disjoint union of pairs of elements (ti , g(ti )). This means that T has an even number of elements, so a set with an odd number of elements must have an i with g(ti ) = ti . (g) Let T = {t1 , t2 , . . . , tn }. We may assume that g(t1 ) = t1 and that if i 6= 1, g(ti ) = tj , i 6= j. Again, note that g(tj ) = ti . So, T consists of {t1 } together with each {ti , g(ti ) | i 6= 1}. Since the latter set has an even number of elements, T must have an odd number of elements. (h) If f (x, y, z) = (x, y, z) for (x, y, z) ∈ St then (x, y, z) ∈ B. (It can’t be in A because f takes the first coordinate of a point in A to a triple with a larger first coordinate. It can’t be in C because because f takes the first coordinate of a point in C to a triple with a smaller first coordinate.) So, we must have (x, y, z) = (2y − x, y, x − y + z). We get x = 2y − x so x = y. Because (x, y, z) ∈ S, x2 + 4yz = p. Substituting, we get x2 + 4xz = p =⇒ x(x + 4z) = p =⇒ x = 1 because p is prime. So, x = 1, y = 1 and z = (p − 1)/4 and the triple (1, 1, (p−1)/4) is the unique (x, y, z) with f (x, y, z) = (x, y, z). (Note that this is where p ≡ 1 (mod 4) was necessary.) (i) From parts (h) and (g) we know that S has an odd number of elements. From (f), there is an s ∈ S for which the involution h (defined by h(x, y, z) = (x, z, y)) has h(s) = s. If s = (u, v, w), then u2 + 4vw = p and h(s) = (u, w, v) = (u, v, w). This means that u2 + 4v 2 = p.

98

3. (a) We see that xy = a2 d2 − b2 c2 . Since a2 ≡ −b2 (mod n) and d2 ≡ −c2 (mod n) we have a2 d2 ≡ b2 c2 (mod n) and a2 d2 − b2 c2 ≡ 0 (mod n). So, xy ≡ 0 (mod n). (b) We know that a2 − c2 = d2 − b2 . Since a > c, a2 − c2 > 0, so d2 − b2 > 0 and d > b. (We are using the fact that all numbers considered are nonnegative.) Note that if c = 0, then since c ≥ d ≥ 0, d = 0. This means that n = 0 which is impossible, so c 6= 0. If d = 0, then n = a2 + b2 = c2 , that c ≥ a. But we’ve assumed that c < a. So, d 6= 0. We now know that a < c and b < d. So, bc < dc < ad since neither c nor d can be 0. This tells us that y = ad − bc > 0. If ad − bc = 1, then ad = bc + 1, so bc < dc < ad = bc + 1. This means that dc is an integer between consecutive integers which is impossible. Therefore y = ad − bc > 1. Now, assume y > x. Then (ad − bc) − (ad + bc) = −2bc > 0. This contradiction tells us that y ≤ x. So, 1 < y ≤ x. (c) We have x2 + (ac − bd)2 = (ad + bc)2 + (ac − bd)2 = a2 d2 + b2 c2 + a2 c2 + b2 d2 = (a2 + b2 )(c2 + d2 ). (d) Since a ≥ b ≥ 0 and c ≥ d > 0, we know that ad − bc ≥ 0. Also, ad − bc = 0 iff a/b = d/c. Since a/b ≥ 1 and d/c ≤ 1, the only way this could be true is if a = b and c = d. If that occurs then since bc < dc < ad, we get ac < c2 < ac which is a contradiction. So, ac − bd > 0. (e) Because x2 + (ac − bd)2 = (a2 + b2 )(c2 + d2 ) = n2 we get x2 < n2 . So, x < n. (f) We know that gcd(x, n) and gcd(y, n) are divisors of n. If gcd(x, n) = 1, then we can divide the congruence xy ≡ 0 (mod n) by x to get y ≡ 0 (mod n). This is impossible because y < n. Similarly we can’t have gcd(y, n) = 1 because x < n. If gcd(x, n) = n then n | x which can’t occur if x < n. Similarly, if gcd(y, n) = n then n | y. (g) From the above, if we can write an intger n as a sum of squares in two different way, we can find a nontrivial factor of n. We already know from Theorem 11.4 that if n is a prime with n ≡ 1 (mod 4)n, then can be written as a sum of two squares in at least one way. A second way would lead to a nontrivial divisor of n, so if n is prime, that can’t occur. (h) Since 1000009 = 10002 + 32 = 9722 + 2352 , 99

using our previous notation we write a = 1000, b = 3, c = 972, d = 235. Then x = ad + bc = 1000 · 235 + 3 · 972 = 237916 y = 1000 · 235 − 3 · 972 = 232084 and gcd(x, n) = 293, gcd(y, n) = 3413. In fact 1000009 = 293 · 3413. 4. (a) The two triangles have a common angle A. Since they are right triangles, all three corresponding angles are equal, which means that the triangles are similar. (b) The triangles √ are similar, so DE/DA = BC/AC. By the Pythagorean 101. Also, AD = 1 and BC = 1. Therefore, AD = theorem, AC = √ 1/ 101. (c) In the triangle just considered, let A = (0, 0), B = (10, 0), C = (10, 1). The integer points closest to the line are D = (1,√ 0) and (9,1). We just showed that the distance from D to the line is 1/ 101, which is greater than r. So the line does √ not hit the tree. By symmetry, the point (9,1) also is at a distance 1/ 101 from the line, so the line misses the tree at this point. The other trees are farther away from the line, so the line misses all trees. (d) The area of R is (20)(2w) = 40w > 40(1/10) = 4. Minkowski’s theorem says that there is a point (x, y) 6= (0, 0) with integer coordinates inside R. (e) The point (x, y) is inside the rectangle, so the distance from (x, y) to L is less than w. Since r > w, L intersects the tree. (f) x2 + y 2 ≤ 102 + w2 < 100 + 12 = 101. Since x2 + y 2 is an integer, x2 + y 2 ≤ 100. (g) The line L was arbitrary, and L intersects a tree (by part (e)) in the orchard (by part (f)). Therefore, we have proved that every line intersects a tree in the orchard. 5. (a) If each point of the unit square has at most 4 points of B above it, then the total area of the points of B above the unit square is at most 4 times the area of the unit square. But the area of B is greater than 4, so this is impossible. Therefore, some point has at least 5 points above it. (b) Let the points (ak , bk ) be the five points found in part (a), all lying above a point P in the unit square. Then each point (ak , bk ) is of the form P + (x, y), where (x, y) has integer coordinates. Therefore, any difference (ai , bi )−(aj , bj ) equals the difference of two points with integer coordinates (the P ’s cancel) and therefore has integer coordinates. (c) There are four differences (ai − a1 , bi − b1 ) for 2 ≤ i ≤ 5. There are 4 combinations (even, even), (even, odd), (odd, even), (odd, odd). If all four occur, then we have (even, even), as desired. If some combination is missing, then some combination occurs twice, say for i and j. Subtract

100

the two: (ai − a1 , bi − b1 ) − (aj − a1 , bj − b1 ) = (ai − aj , bi − bj ). Since the parities of the entries of the two points match, the difference has even coordinates. Therefore, in both cases, we get a difference with even coordinates. (d) The rectangle is symmetric about the origin, so the fact that (aj , bj ) is in R implies that (−aj , −bj ) is in R. (e) The point (x, y) with x = (ai −aj )/2 and y = (bi −bj )/2 is the midpoint of the line segment from (ai , bi ) to (−aj , −bj ). Therefore, it is inside R.

101

Chapter 12

Arithmetic Functions 12.1

Exercises

1. (a) for 2: 1, 2; for 4: 1, 2, 4; for 15: 1, 3, 5, 15; for 30: 1, 2, 3, 5, 6, 10, 15, 30; for 60: 1, 2, 3, 4, 5, 6, 10, 12, 15, 20, 30, 60. (b) σ(2) = 3, σ(4) = 7, σ(15) = 24, σ(30) = 72, σ(60) = 168 (c) σ(4)σ(15) = 7·24 = 168 = σ(60) but σ(2)σ(30) = 3·72 6= 168 = σ(60). 2. τ (1000) = τ (23 53 ) = (3 + 1)(3 + 1) = 16. 3. σ(20) = σ(4)σ(5) = 7 · 6 = 42. 4. We need τ (n) = 32. Here are some answers: 231 , 23 37 , 2 · 3 · 5 · 7 · 11. 5. The case n = 1 is easy, so assume that n ≥ 2. If n is prime, then φ(n) = n − 1. Conversely, if φ(n) = n − 1 then every positive integer less than n is relatively prime to n. Therefore, n cannot have any prime factors less than n, so n is prime. 6. The case n = 1 is easy, so assume that n ≥ 2. If n is prime, its only divisors are 1 and n, so σ(n) = 1 + n. Conversely, suppose σ(n) = 1 + n. Since we already know that 1 and n are divisors, we have that σ(n) = 1 + n + other divisors. Therefore, there are no other divisors, so n is divisible only by 1 and n, which means that n is prime. 7. σ(2p −1) = 1+(2p −1) = 2p , so σ(σ(2p −1)) = 1+2+· · ·+2p = 2p+1 −1 = 2n + 1. 8. Since σ(n) ≥ 1 + n, if σ(n) = 5 then n ≤ 4. But σ(1) = 1, σ(2) = 3, σ(3) = 4, σ(4) = 7. So there are no solutions to σ(n) = 5.

102

9. There are many such pairs. The following are some examples: φ(5) = φ(8) = 4, φ(7) = φ(9) = 6, φ(5) = φ(10) = 4, φ(13) = φ(21) = 12. 10. n = 15 and n = 104 are two examples. 11. Let n = pa q b rc · · · be the prime factorization of n. If φ(n) = 14 then there can be only one odd prime power factor (since each supplies p−1, which is even). Therefore, n = 2a pb . We cannot have 2a > 4 nor (p − 1)pb−1 > 14. If 2a > 2 then there is no odd prime factor, so n = 2a , which cannot yield φ(n) = 14. Therefore, n = 2a pb with a = 0, 1 and (p − 1)pb−1 ≤ 14. Trying all cases yields no example with φ(n) = 14. 12. (a) If n is an even perfect number then n = 2p−1 (2p − 1) for some prime number p. The case p = 2 yields n = 6, so now assume that p is odd. Since 24 ≡ 1 (mod 5), we see that 2p−1 ≡ 1, 4 (mod ) and 2p ≡ 2, 3 (mod 5). Therefore, n ≡ 1(2 − 1) or 4(3 − 1) (mod 5), hence n ≡ 1, 3 (mod 5). Since n is even, we have n ≡ 6, 8 (mod 10). (b) The perfect numbers 33550336 (for p = 13) and 8589869056 (for p = 17) give one example. The perfect numbers 137438691328 (for p = 19) and 2305843008139952128 (for p = 31) give another example. P 13. Take the relation 2n = d|n d and divide by n. Note that is d | n then n/d is a divisor of n. We obtain 2=

X 1 X 1 = . n/d d0 0 d|n

d |n

14. (a) Write n = 2a2 3a3 · · · . Then τ (n) = (a2 + 1)(a3 + 1) · · · , which is odd if and only if ap is even for each p, which happens if and only if n is a square. (b) Since the divisors are paired up, the number of divisors is odd if and only if some divisor pairs with itself, which happens if and only if n is a square. 15. The squares are open, the rest are closed. The number of times the nth door changes status is the the number of divisors of n, which is odd if and only if n is a square (see Exercise 14). 16. Since 3 · 19 = σ(72 ) | 2n, we must have 19 | n. Also, 3 · 61 = σ(132 ) | 2n, so 61 | n. Compute n/(19 · 61) = 19. We therefore have n = 192 61. 17. σ(pq) = (p + 1)(q + 1) and φ(pq) = (p − 1)(q − 1). Add them together to get σ(n) + φ(n) = (pq + (p + q) + 1) + (pq − (p + q) + 1) = 2pq + 2.

103

Q Q 18. (a) We have φ(m) = m p|m (1 − 1/p) and φ(n) = n p|n (1 − 1/p) and Q φ(mn) = mn p|mn (1 − 1/p). If p | m but p - gcd(m, n), then the factor (1 − 1/p) appears in φ(m) and φ(mn), but not in φ(n). If p | n but p - gcd(m, n), then the factor (1 − 1/p) appears in φ(n) and φ(mn), but not in φ(m). But if p | gcd(m, n), then the factor (1 − 1/p) appears in φ(m), φ(n), and φ(mn). Therefore, φ(m)φ(n)/φ(mn) has all of the factors (1−1/p) cancel except those p dividing gcd(m, n). This yields the formula in the problem. Q (b) Since p|gcd(m,n) (1 − 1/p) ≤ 1, with equality if and only if the product is empty, we have φ(m)φ(n) ≤ φ(mn), with equality if and only if gcd(m, n) has no prime divisors, which is equivalent to saying that gcd(m, n) = 1. 19. (a) σ(pa ) = 1 + p + p2 + · · · + pa and each summand is odd. so the sum is odd if and only if a is even. (b) σ(2a ) = 1 + 2 + 22 + · · · + 2a and each term except the first is even. (c) Write n = 2a2 3a3 · · · . Then σ(n) = σ(2a2 σ(3a3 ) · · · . This is odd if and only if each factor is odd, which happens if and only if ap is even for p ≥ 3. Therefore, σ(n) is odd if and only if n is a power of 2 times an odd square. If the exponent of 2 is even, this is a square. If the exponent of 2 is odd, this is twice a square. (d) If n is a square, then σ(n) is odd, so σ(n) 6= 2n. Therefore, n is not perfect. 20. Assume gcd(m, n) = 1. If m has a square factor, then mn also has a square factor, so µ(m) = 0 and µ(mn) = 0. Therefore, µ(m)µ(n) = µ(mn). Similarly, this holds if n has a square factor. Now assume that both m and n are squarefree. Since gcd(m, n) = 1, the prime factors of m and n are disjoint sets, so mn has no square factors. Moreover, if m is the product of j primes and n is the product of k primes, then mn is the product of j + k primes. Therefore, µ(mn) = (−1)j+k = (−1)j (−1)k = µ(m)µ(n). 21. (a) µ is multiplicative, so µ2 is multiplicative. Proposition 12.8 implies that g(n) is multiplicative. (b) If gcd(m, n) = 1 then the prime factors of m and n are disjoint sets, so ω(mn) = ω(m) + ω(n). Therefore, 2ω(mn) = 2ω(m)+ω(n) = 2ω(m) 2ω(n) . (c) Let n = pa be a prime power with a ≥ 1. Then X µ(d)2 = µ(1)2 + µ(p)2 + µ(p2 )2 + · · · + µ(pa )2 d|pa a

= 1 + 1 + 0 + · · · + 0 = 2 = 2ω(p ) . Moreover, the formula of the problem holds for n = 1 = p0 . Since both sides of the formula in the problem are equal for prime powers, Proposition 12.7 says that the two sides of the equation are equal for all n.

104

22. We have σ(m) ≥ 2m and σ(n) ≥ 1 + n. Therefore, σ(mn) = σ(m)σ(n) ≥ (2m)(1 + n) = 2m + 2mn > 2mn. This means that mn is abundant.
23. There are kj divisors of n that have exactly j prime factors. Such d have µ(d) = (−1)j and τ (n/d) = 2k−j . Therefore, 1=

X d|n

k   X n k µ(d)τ ( ) = (−1)j 2k−j = (2 − 1)k = 1. d j j=0

24. (a) If p is prime and a ≥ 1, we have (pa+1 − 1)/(p − 1) p σ(pa ) = < . pa pa p−1 Let n =

Q

p|n

pap be the prime-power factorization of n. Then σ(n) Y σ(pap ) Y p = < . n pap p−1 p|n

p|n

(b) If n has only one prime factor, call it p, then σ(n)/n < p/(p − 1) ≤ 2/(2 − 1) = 2, so σ(n) < 2n and n is not perfect. If n has two distinct prime factors, call them p and q, then σ(n) Y p−1q−1 5 3 < p/(p − 1) ≤ ≤ < 2. n p q 5−13−1 p|n

Therefore, σ(n) < 2n, so n is not perfect. It follows that an odd perfect number must have at least 3 distinct prime factors. 25. Because σ is multiplicative, if σ(m) is prime then m is a prime power. Say m = pa . Then σ(pa ) = (pa+1 − 1)/(p − 1). By the technique of the proof of Proposition 1.18, if this is prime then a + 1 must be prime. But τ (pa ) = a + 1, so τ (m) is prime.

12.2

Projects

1. (a) The sum of the divisors of 220 that are less than 220 is 284 and the sum of the divisors of 284 that are less than 284 is 280 so they form an amicable pair. (We can use our formula for σ(a) to verify this after noting that the sum of the divisors of a less than a is σ(a) − a). (b) We know that a and b are amicable iff X X b= d and a = d d|a d6=a

d|b d6=b

105

Since σ(a) =

X

d + a and σ(b) =

d|a d6=a

X

d + b,

d|b d6=a

we see that a and b are amicable if and only if σ(a) = σ(b) = a + b. (c) Assume that p, q, and r are prime, Then σ(a) = σ(2n pq) = (2n+1 − 1)(p + 1)(q + 1) and σ(b) = σ(2n r) = (2n+1 − 1)(r + 1). Since p + 1 = 3 · 2n−1 , q + 1 = 3 · 2n and r + 1 = 9 · 22n−1 , we see that σ(a) = (2n+1 − 1)(3n−1 )(3 · 2n ) and σ(b) = (2n+1 − 1)(9 · 22n−1 ). So σ(a) = 9 · 22n−1 = σ(b). Also, notice that     a + b = 2n pq + 2n = 2n (9 · 22n−1 − 9 · 2n−1 + 1) + 2n 9 · 22n−1 11 . When we multiply, collect like term and simplify we get that this is (2n+1 − 1)(9 · 22n−1 ) = σ(a) = σ(b). (d) We see that if n = 2, = p = 5, q = 11, and r = 71 are all prime. We also see that a = 22 · 5 · 11 = 220 and b = 22 · 71 = 284. We get that p, q, and r are all prime when n = 2, 4, and 7. When n = 4 we get that a = 17286 and b = 18416. When n = 7 we get that a = 9363584 and b = 9537056. (e) 1184 = 25 · 37 and 12102 · 5 · 11. Since 1184 is not a power of 2 times two primes, 1210 would have to be a with n = 1. But if n = 1, a = 20. Or, 118 would be b with n = 5 which doesn’t work either. (f) Since a + b = σ(a) = σ(b) = 9 · 22n−1 (2n−1 − 1). (g) σ(a) = (25 − 1)(19 + 1)(6451 + 1)(27103 + 1) = 10842250496 and σ(b) = (25 − 1)(109 + 1)(307 + 1)(103231 + 1) = 108422504960. Since they are equal, a and b form an amicable pair. But a+b = 108422504960 leaves a remainder of 5 when divided by 9.

12.3

Computer Explorations

1. n = 223092870 = 2 · 3 · 5 · 7 · 11 · 13 · 17 · 19 · 23. 2. The estimate in the previous problem shows that φ(n) > 100 when n ≥ 461. Here are some examples: φ(1) = φ(2) = 1 φ(3) = φ(4) = φ(6) = 2 φ(5) = phi(8) = φ(10) = φ(12) = 6 φ(101) = φ(125) = φ(202) = φ(250) = 100. 106

P 3. For example, n≤x µ(n) = 1 when x = 100, equals −6 when x = 500, and equals 2 when x = 1000. 4. (a) 1, 2, 4, 6, 12, 24, 36, 48, 60, 120, 180, 240, 360, 720, 840, 1260, 1680, 2520, 5040, 7560. (b) 8! = 40320 but τ (27720) = 96 = τ (8!). Since 27720 < 8!, it follows that 8! is not highly composite. Similarly, 9! = 362880 and τ (166320) = 160 = τ (9!), so 9! is not highly composite. 5. (a) 504, 540, 600, 630, 660, 720, 840, 960. (b) σ(360360) = 1572480 > 1481040 = σ(9!).

107

Chapter 13

Continued Fractions 13.1

Exercises

1. p0 /q0 = 1/1, p1 /q1 = 5/4, p2 /q2 = 16/13, p3 /q3 = 21/17, and q4 = 64. The inequalities are easily verified. For example, 1 1.234567 − p3 = 1.234567 − 21 ≈ .000727 < ≈ .000919 q3 17 17 ∗ 64 2. The continued fraction expansion of .123456789 is [0, 8, 9, 1, . . . ]. This yields the convergents p0 /q0 = 0/1, p1 /q1 = 1/8, p2 /q2 = 9/73, p4 /q4 < 10/81. We have |.123456789 − (10/81)| ≈ 1.1 × 10−9 . 3. Find the beginning of the continued fraction expansion of .2357111317 to get [0, 4, 4, 8, . . . ]. The convergents are p0 /q0 = 0/1, p1 /q1 = 1/4, p2 /q2 = 4/17, p3 /q3 = 33/140. We have |.2357111317 − (4/17)| ≈ .0004 < .001 4. Find the beginning of the continued fraction expansion of 3141/5926 to get [0, 1, 1, 7, . . . ]. The convergents are p0 /q0 = 0/1, p1 /q1 = 1/1, p2 /q2 = 1/2, p3 /q3 = 8/15, p4 /q4 = 9/17. We have |(3141/5926) − (9/17)| ≈ .0006 < .001 5. Find the beginning of the continued fraction expansion of 1357/2468 to get [0, 1, 1, 4, 1, 1, · · · ]. The convergents are p0 /q0 = 0/1, p1 /q1 = 1/1, p2 /q2 = 1/2, p3 /q3 = 6/11. We have |(1357/2468) − (6/11)| ≈ .004 < .005 6. Write the table 0 1

1 0

1 1 1

The answer is 43/30. 108

2 3 2

3 10 7

4 43 30

7. Write the table 0 1

1 0

1 4 1

3 13 3

5 30 7

7 43 10

The answer is 43/10. 8. One way is to compute bπ and then let a be the closest integer to the result. For example, 4π ≈ 12.566, so a = 13 and 13/4 is an approximation. The answers are 3/1,

9.

10.

11.

12.

6/2,

9/3,

13/4,

16/5,

19/6.

A calculation shows that none of these are as close an approximation to π as 22/7. √ (a) Use a calculator to obtain 7 = [2, 1, 1, 1, 4]. Theorem 13.2 tells us that when we get to 4 = 2a0 , the continued fraction starts repeating. (b) We have [2, 1, 1, 1] = 8/3, so a solution is (x, y) = (8, 3). √ (a) Use a calculator to obtain 11 = [3, 3, 6]. Theorem 13.2 tells us that when we get to 6 = 2a0 , the continued fraction starts repeating. (b) We have [3, 3] = 10/3, so a solution is (x, y) = (10, 3). √ (a) Use a calculator to obtain 15 = [3, 1, 6]. Theorem 13.2 tells us that when we get to 6 = 2a0 , the continued fraction starts repeating. (b) We have [3, 1] = 4/1, so a solution is (x, y) = (4, 1). √ (a) We have a0 = b n2 + 1c = n, and

1 , 2n + ( n2 + 1 − n) √ so the continued fraction starts repeating after one step: n2 + 1 = [n, 2n]. (b) We need only the first entry in the continued fraction: [n] = n/1, and (x, y) = (n, 1) gives a solution. √ 13. (a) We have a0 = b n2 − 1c = n − 1 and p p n2 + 1 = n + ( n2 + 1 − n) = n +

√

p 1 n2 − 1 = (n − 1) + √ . 2 ( n − 1 + (n − 1))/(2n − 2) Moreover, √

n2 − 1 + (n − 1) 1 =1+ √ . 2n − 2 n2 − 1 + (n − 1)

109

√ Since b n2 − 1 + (n − 1)c = 2(n − 1) = 2a0 , the continued fraction starts repeating at this point. Therefore, p n2 − 1 = [n − 1, 1, 2n − 2]. (b) Since [n − 1, 1] = n/1, we obtain (x, y) = (n, 1). √ 14. (a) We have a0 = b n2 − 2c = n − 1 and p 1 n2 − 2 = (n − 1) + √ . 2 ( n − 2 + (n − 1))/(2n − 3) Moreover, √

n2 − 2 + (n − 1) 1 =1+ √ 2 2n − 3 ( n − 2 + (n − 2))/2

and √

n2 − 2 + (n − 2) 1 = (n − 2) + √ 2 2 ( n − 2 + (n − 2))/(2n − 3) = (n − 2) +

1 1+

√

1 n2 −2+(n−1)

.

√ Since b n2 − 2 + (n − 1)c = 2(n − 1) = 2a0 , the continued fraction starts repeating at this point. Therefore, p n2 − 2 = [n − 1, 1, n − 2, 1, 2n − 2]. (b) Since [n − 1, 1, n − 2, 1] = (n2 − 1)/n, we obtain (x, y) = (n2 − 1, n). 15. Let x = [ 1, 2, 3 ]. Then x = [1, 2, 3, x]. By Equation (13.4), x=

10x + 3 p2 x + p1 , = q2 x + q1 7x + 2

2 so 7x2 + 2x = 10x + 3, which √ means that 7x − 8x − 3 = 0. The quadratic formula yields x = (4 + 37)/7.

16. Let x = [ 2, 1 ]. Then x = [2, 1, x]. By Equation (13.4), x=

p1 x + p0 3x + 2 = , q1 x + q0 x+1

2 so x2 + x = 3x + 2, which √ means that x − 2x − 2 = 0. The quadratic formula yields x = 1 + 3.

17. Let x = [ 2 ]. Then x = [2, x] and√x = 2 + 1/x, so x2 − 2x − 1 = 0. The quadratic formula yields x = 1 + 2. Therefore, [1, 2] = 1 +

√ 1 1 √ = 2. =1+ x 1+ 2 110

18. Let x = [ 4 ]. Then x = [4, x] and√x = 4 + 1/x, so x2 − 4x − 1 = 0. The quadratic formula yields x = 2 + 5. Therefore, [2, 4] = 2 +

√ 1 1 √ = 5. =2+ x 2+ 5

19. If a2 + b2 = c2 and a + 1 = b, then 2a2 + 2a + 1 = c2 . This √ becomes x2 − 2y 2√= −1 with x = 2a + 1 and y = c. The odd powers of 1 + 2 yield xn + yn 2 that are solutions of x2n − 2yn2 = −1. Note that xn is always odd (since x2n ≡ −1 (mod 2)), so we can take a = (xn − 1)/2,

c = yn .

20. If n = y 2 and 2n + 1 = x2 , then x2 − 2y 2 = 1. This has infinitely many solutions, and they yield infinitely n.

13.2

Projects

1. (a) [1, 1] = 2/1, [1, 1, 1] = 3/2, [1, 1, 1, 1] = 5/3 (b) We’ll use strong induction. If n = 0, p0 = 1 = F2 and q0 = 1 = F1 If n = 1, p1 = 2 = F3 and q1 = 1 = F2 Now, assume that for all n ≤ k pk = Fk+2 and qk = Fk+1 . Then by the recursion formula for pk and qk , pk+1 = ak+1 pk + pk−1 =⇒ pk+1 = 1 · Fk+2 + Fk+1 = Fk+3 , qk+1 = ak+1 qk + qk−1 =⇒ qk+1 = 1 · Fk+1 + Fk+ = Fk+2 . Therefore, pk = Fk+2 and qk = Fk+1 for all k. (c) Let [1, 1, 1, . . . ] = x. Then x+1 p0 x + p−1 = . q0 x + q−1 x √ So, x2 = x + 1 and by the quadratic formula, x = (1 ± 5)/2. Since x > 0, we see that x = φ. x = [1, x] =

(d) φ = [1, 1, 1, . . . ] = lim

n→∞

pn Fn+2 = lim . n→∞ Fn+1 qn

2. (a) Consider the N + 1 numbers 0, {x}, {2x}, . . . , {N X}. If two of these numbers are the same (which can only happen if x is rational) then there is an i and a j with {ix} = {jx}. In this case, since {ix} − {jx} = 0, |{ix} − {jx}| < 1/N . If {ix} 6= {jx} for every i 6= j, we have N + 1 distinct numbers. Consider the N disjoint intervals [0, 1/N ) , [1/N, 2/N ) , . . . , [(N − 1)/N, 1] . 111

Since 0, {x}, {2x}, . . . , {N X} has N + 1 distinct numbers, the pigeon hole principle says that one of the above intervals has an {ix} and {jx} with i 6= j in it. For this i and j, |{ix} − {jx}| < 1/N. (b) If x is rational, x = a/b and bx − a = 0. Assume that x is irrational. Since |{ix} − {jx}| < 1/N , |(ix − bixc) − (jx − bjxc)|; ; so |bx − a| < 1/N where b = j − i and a = bix − jxc. Since x is irrational, i 6= j and we may assume that j > i. Then 1 ≤ b ≤ N and |bx − a| < 1/N . (c) Since |bx − a| < 1/N, x −

1 a . < b bN

Since b = j − i < N we get a 1 x − < 2 . b b 3. (a) We’ve chosen b with qk ≤ b < qk+1 . With this b, |bx − a| ≥ |qk x − pk |. So, a 1 1 |qk x − pk | ≤ |bx − a| = |b| x − < |b| 2 = . b 2b |2b| Dividing both sides by qk , we get x − p k < 1 . qk 2bqk (b) If a/b 6= pk /qk , then |aqk − bpk | ≥ 1 and a pk aqk − bpk − = ≥ 1 . bqk b qk bqk (c) Using the inequalities from the given and part (a),       a p k  a pk  a pk − = −x + x− −x + x− ≤ b qk b qk b qk 1 1 < 2 + . 2b 2bk This, together with part (b), says that a pk 1 1 1 ≤ − < 2 + . bqk b qk 2b 2bk 112

So, 1 1 1 < 2 + . bqk 2b 2bk (d) Subtracting 1/2bk from both sides of the inequality we got in part (c) gives us 1 1 < 2 so b2 < bqk and b < qk . 2bqk 2b This is a contradiction, so we must have a/b = pk /qk . 4. (a) The table for [2, 5, 1] looks like

0 1

2 2 1

1 0

5 11 5

1 13 6

and for [2, 6] we get

0 1

1 0

2 2 1

6 13 6

so they are both 13/6. (b) We see that the two expressions are identical up to ak−1 . If we call p0j /qj0 the jth convergent for [a0 , a1 , . . . , ak−1 , ak − 1, 1] and pj /qj the jth convergent for [a0 , a1 , . . . , ak−1 , ak ], then pi = p0i and qi = qi0 for 0 ≤ i ≤ k − 1. Then, pk = ak pk−1 + pk−2 and qk = ak qk−1 + qk−2 , so [a0 , a1 , . . . , ak−1 , ak ] =

pk . qk

Also, p0k = (ak−1 − 1)pk−1 + pk−2 = ak pk−1 + pk−2 − pk−1 = pk − pk−1 and p0k+1 = 1 · (pk − pk−1 ) + pk−1 = pk . 0 = qk . Therefore Similarly, qk+1

[a0 , a1 , . . . , ak−1 , ak − 1, 1] = 113

pk . qk

So, [a0 , a1 , . . . , ak−1 , ak ] = pk /qk = [a0 , a1 , . . . , ak−1 , ak − 1, 1]l. (c) If [a0 , a1 , a2 , · · · ] = [b0 , b1 , b2 , . . . ] and ai = bj for 0 ≤ j ≤ k − 1 then 1 = [b0 , b1 , b2 , . . . , ] [a1 , a2 , a3 , . . . ] 1 = b0 + . [b1 , b2 , b3 , . . . ]

[a0 , a1 , a2 , . . . , ] = a0 +

Since a0 = b0 we get [a1 , a2 , a3 . . . , ] = [b1 , b2 , b3 . . . , ]. We can continue doing this as long as ai = bi , which is until i = k − 1. So, [ak , ak+1 , ak+2 , . . . , ] = [bk , bk+1 , bk+2 , . . . , ]. (d) We know that [ak , ak+1 , ak+2 , . . . , ] = ak +

1 ≤ ak + 1 [ak+1 , ak+2 , ak+3 , . . . ]

If [ak , ak+1 , ak+2 , . . . , ] = ak + 1, then [ak+1 , ak+2 , ak+3 , . . . ] = 1, so 1 = [ak+1 , ak+2 , ak+3 , . . . ] = ak+1 +

1 . [ak+2 , ak+3 , ak+4 , . . . ]

This means that ak+1 = 1 and the fractional part of [ak+1 , ak+2 , ak+3 , . . . ] is zero, so the fraction terminates at ak+1 . Similarly, if ak+1 = 1 and the fraction terminates at ak+1 , then [ak , 1] = ak + 1. (e) As we’ve seen [bk , bk+1 , bk+2 , . . . , ] = bk + s with 0 ≤ s < 1, so [bk , bk+1 , bk+2 , . . . , ] ≥ bk . If we have equality, then s = 0 and the fraction terminates at bk . (f) From (d) and (e), bk ≤ [bk , bk+1 , bk+2 , . . . , ] = [ak , ak+1 , ak+2 , . . . , ] ≤ ak + 1. But, by assumption, ak < bk . So, ak < bk ≤ ak + 1. Since ak and bk are integers, we must have ak + 1 = bk . From (d) and (e), [a0 , a1 , . . . ] terminates at ak+1 = 1 and [b0 , b1 , . . . ] terminates at bk .

13.3

Computer Explorations

√ 1. The continued fraction for 61 is [7, 1, 4, 3, 1, 2, 2, 1, 3, 4, 1, 14]. We have [7, 1, 4, 3, 1, 2, 2, 1, 3, 4, 1] = 29718/3805, but 297182 − 61 · 38052 = −1. Square: √ √ (29718 + 3805 61)2 = 1766319049 + 226153980 61, and 17663190492 − 61 · 226153980 = 1.

114

√ 2. The continued fraction for 109 is [10, 2, 3, 1, 2, 4, 1, 6, 6, 1, 4, 2, 1, 3, 2, 20]. We have [10, 2, 3, 1, 2, 4, 1, 6, 6, 1, 4, 2, 1, 3, 2] = 8890182/851525, but 88901822 − 109 · 8515252 = −1. Square: √ √ (8890182 + 851525 109)2 = 158070671986249 + 15140424455100 109, and 1580706719862492 − 109 · 151404244551002 = 1. 3. e = [2, 2, 1, 1, 4, 1, 1, 6, 1, 1, 8, 1, 1, 10, 1, 1, · · · ] e+1 = [2, 6, 10, 14, 18, 22, 26, 30, 34, 38, 42, · · · ] e−1 e2 + 1 = [1, 3, 5, 7, 9, 11, 13, 15, 17, 19, · · · ]. e2 − 1

115

Chapter 14

Gaussian Integers 14.1

Exercises

1. (a) Expand both sides. (b) Take the square of the absolute value of the two sides of the equation (x1 + y1 i)(x2 + y2 i) = (x1 y1 − x2 y2 ) + (x1 y2 + x2 y1 )i to get an expression for |z1 z2 |2 . Part (a) shows that this equals |z1 |2 |z2 |2 . 2. The associates are obtained by multiplying by ±1 and ±i, so the associates of 3 + 5i are 3 + 5i, −3 − 5i, −5 + 3i, and 5 − 3i. 3. The associates are obtained by multiplying by ±1 and ±i, so the associates of 1 + i are 1 + i, 1 − i, −1 + i, −1 − i. 4. 4 + 6i = 2(2 + 3i) = −i(1 + i)2 (2 + 3i). Both 1 + i and 2 + 3i are irreducible because their norms are prime. 5. First, compute N (7+6i) = 49+36 = 85 = 5·17 = (2+i)(2−i)(4+i)(4−i). Trying various combinations yields (2 + i)(4 + i) (or (−1 + 2i)(1 − 4i)). 6. One way: (7 + i)(3 + 4i) = 17 + 31i, which is not a multiple of 9. Another way: If 9 | (7 + i)(3 + 4i), then taking norms yields 81 | 50 · 25, which is false. 7. False: Let α = 2 + i and β = 2 − i. 8. Since αβγ = 1, each of α, β, γ is a unit. The combinations that add to 1 are, up to order, (1, −1, 1), (i, −i, 1). The first does not satisfy αβγ = 1, but the second does. Therefore, the solution is {α, β, γ} = {i, −i, 1} (in some order). 9. (a) 85 = 5 · 17 = (2 + i)(2 − i)(4 + i)(4 − i), (b) Use (2 + i)(4 + i) = 7 + 6i to get 85 = 72 + 62 . Use (2 + i)(4 − i) = 9 + 2i to get 85 = 92 + 22 . 10. (a) If α | n then n = αβ for some β. Take conjugates to get αβ = n. Therefore, α | n. 116

(b) Suppose (2 + 3i)k = n, where k 6= 0 and n is an integer. Taking norms yields 13k = n2 , so k > 0 and n = 13k/2 . Therefore, (2 + 3i)k = ((2+3i)(2−3i))k/2 . Since 2+3i and 2−3i are non-associated irreducibles, this contradicts unique factorization. 11. (a) a + bi is irreducible and divides (c + di)(c − di), so it divides one of the factors. (b) Taking norms of both sides of the equation, we see that N (γ) = 1, so γ is a unit. (c) The four possibilities correspond to γ = 1, −1, i, −i, respectively. 12. (a) Let α = x + iy. The points in the planes represented by the associates of α are (x, y), (−y, x), (−x, −y), (y, −x). p It is easy to see that the distance from one point on this list to the next is 2(x2 + y 2 ), so the side lengths are equal. Moreover, the edges meeting at a vertex are perpendicular. For example, the edges meeting at (−y, x) have slopes −(x−y)/(x+y) and (x+ y)/(x − y), which are negative reciprocals, so the sides are perpendicular. Therefore, the quadrilateral is a square. (b) The point (−y, x) is the 90-degree rotation of (x, y), and similarly each point on the list in (a) is a 90-degree rotation of its predecessor. Therefore, exactly one of the points lies either inside the first quadrant or on the x-axis.

14.2

Projects

1. (a) The division algorithm for integers says that we can write a = qn + r with 0 ≤ r < n. If r > n/2 then |r − n| < n/2, so we can rewrite this as a = (q + 1)n + (r − n) and have a remainder with absolute value at most n/2. Similarly, we can write b = q2 n + r2 with |r2 | ≤ n/2. (b) N (r1 + r2 i) = r12 + r22 ≤ (n/2)2 + (n/2)2 < n2 = N (n). (c) We have r1 + ir2 = αβ − (q1 + q2 i)ββ, which is clearly a multiple of β. (d) Dividing the relation in (c) by β yields α = ηβ + ρ. We have N (βρ) = N (r1 + r2 i) < N (n) = N (ββ). Divide by N (β) to obtain N (ρ) < N (β).

14.3

Computer Explorations

1. The (non-associated) Gaussian irreducibles are 1 + i, which has norm 2; p, where p ≡ 3 (mod 4) is prime and has norm p2 ; and a ± bi, where p = a2 + b2 is a prime that is 1 mod 4. The last irreducibles have norm p. Therefore, when x ≥ 2, the number of irreducibles with norm at most x is √ 1 + #{p ≤ x | p ≡ 3 (mod 4)} + 2 × #{p ≤ x | p ≡ 1 (mod 4)}.

117

We obtain the following data: x = 105 : 6

x = 10 : 7

x = 10 :

1 + 13 + 2 × 609 = 1232, 1 + 87 + 2 × 39175 = 78438, 1 + 619 + 2880504 = 5761628,

The ratios predicted/actual are .881, .923, .942.

118

predicted = 1086 predicted = 72382 predicted = 5428681.

Chapter 15

Algebraic Integers 15.1

Exercises

−1 1. The multiplicative inverse of u1 u2 is u−1 1 u2 , which is a product of elements of R, hence is in R. √ 2. If αβ = 7 then N (α)N (β) = 49. If N (α) = 7, and α = a + b −5, then a2 + 5b2 = 7, which is impossible. Therefore, N (α) 6= 7, and similarly, N (β) 6= 7. Therefore, N (α) = 1 or N√ (β) = 1, so either α or β is a unit. This proves that 7 is irreducible in Z[ −5]. √ If αβ = −5 then N (α)N (β) = 5, so N (α) √ = 1 or N (β) = 1. Therefore, √ either α or β is a unit. This proves that −5 is irreducible in Z[ −5].

3. (a) If a is odd, then 1 + b − b2 ≡ 0 (mod 2), which has no solutions. Similarly, b cannot be odd. (b) If both a and b are even, then the left side is a multiple of 4. (c) If αβ √= 2 with α and β non-units, then N (α) = ±2. Write α = a + b(1 + 5)/2. Then ±2 = N (α) = a2 + ab − b2 , which has no solutions by Part (b). √ 4. If 5 = αβ, then −5 = N (α)N (β), √ so N (α) = ±1 or N (β) = ±1. Therefore, either α or β is a unit, so 5 is irreducible. √ 5. (a) φ−1 = −1 + φ, (1 + φ)−1 = 2 − φ, (1 + 2φ)−1 = 5 − 2 = −3 + 2φ, √ (2 + 3φ)−1 = (7 − 3 5)/2 = 5 − 3φ. (b) Part (a) shows that the statement is true for n = 2, 3, 4. Assume that it is true for n = k. Since (φ)(Fk−1 +Fk φ) = φFk−1 +Fk (φ+1) = Fk +φFk+1 , and Exercise 1 says that the product of two units is a unit, Fk + φFk+1 is a unit. Therefore, the statement is true for n = k + 1. By induction, the statement is true for all n. 6. (a) If αβ = 2 and √ α and β are not units, then N (α)N (β) = 4, so N (α) = 2. Write α = a+b −13. Then a2 +13b2 = 2, which is impossible. Therefore, 119

√ 2 is irreducible. The proofs that 7 and 1± −13 are irreducible are similar 2 2 2 2 and use the facts that √ a + 13b 6= 7 and a + 13b 6= 2. (b) 14 = 2 · 7 = (1 + −13)(1 − sqrt−13) are two factorizations of 14 into irreducibles, so unique factorization fails. √ √ (c) We have n + 1 = (2)((n + 1)/2) = (1 + −n)(1 − −n). This gives two distinct factorizations of n + 1. We need to show that some of the factors are irreducible. As in part (a), for 2 this reduces to showing that √ the equation a2 + nb2 = 2 has no solution. If 1 + −n = αβ with α and β non-units, then√1 + n = N (α)N (β), so N (α), N (β) ≤ (n + 1)/2 < n. Write α = a + b −n. Then N (α) = a2 + nb2 < n implies that b = 0. Therefore, α is an integer. Similarly, β is an integer. Therefore, the √ −n = αβ is an integer, which is false. Therefore, complex number 1 + √ √ 1 + −n is irreducible. Similarly, 1 − −13 is irreducible. The factor (n+1)/2 might not be irreducible (for example, if n = 41 then (n+1)/2 = 21 = 3 · 7. However, this does not matter. The irreducible 2 appears in the factorization n√ + 1 = (2)((n √ + 1)/2) and it does not appear in the factorization (1 + −n)(1 − −n), so the factorizations are different. Therefore, unique factorization fails. √ √ 7. (a) ( 2 − 1)−1 = 2 + 1. (b) Multiply it out. (c) The norm of the left side of Part (b) is −(a2 − 2b2 ) and the norm on the right√side is (2b − a)2 −√ 2(a − b)2 . (d) a = 3b < 2b, and a = 3b > b. √ √ √ (e) Take norms of the relation (2 − 3)(a + b 3) = (2a − 3b) + (2b − a) 3 to get 0 = a2 − 3b2 = (2a − 3b)2 − 3(2b − a)2 . Since b was as small as possible and √ 0 < 2b−a < b, we have a contradiction. Therefore, a, b do not exist, so 3 is irrational. √ √ √ 8. (a) (1 + −3)/2 is an algebraic integer in Q( −3) that is not in Z[ −3]. (b) As in the beginning of the √ proof of Proposition 15.6, if u is a unit, then N (u) = 1. Write u = a + b −3. Then 1 = N (u) = a2 + 3b2 implies that a = ±1 and b = 0, so u = ±1. √ √ (c) The only associates of 2 in Z[ −3] √ √ are ±2, so √1 ± −3 and 2√are not associates in Z[ −3]. √ However, 1+√ −3 = 2(1+ −3)/2, and 1+ −3)/2 is a unit is Z[(1 + −3)/2], so 1 + −3)/2 and 2 are associates in Z[(1 + √ −3)/2]. 9. If π | αβ then πγ = αβ for some γ. Since π is in the factorization into irreducibles on the left, it (or an associate) must occur in the factorization of the right into irreducibles, which comes from the factorization of α and β. So π | α or π | β.

120

15.2

Projects

√ 1. (a) Suppose −2 = αβ. Then 2 = N (α)N (β), so N (α) = 1 or √ N (β) = 1. By Proposition 15.6, either α or β is a unit, which means that −2 has no non-trivial  factorization.     Therefore, it is irreducible.     −2 2 −1 (b) p = −1 = p2 = −1 if and p p . By Theorem 9.4, we have p     = p2 = +1 if and only if p ≡ 1 (mod 8). only if p ≡ 3 (mod 8), and −1 p   These are the two cases that make −2 = +1. p (c) Suppose x2 + 2y 2 = p. If p | y then p | x, so p2 | x2 + 2y 2 = p, which is impossible. Therefore, p - y. Therefore, we can divide by y 2 mod p and obtain (x/y)2 ≡ −2 (mod p). Since p ≡ 5, 7 (mod 8), this is impossible by part (b). If p factors as αβ with α and β non-units, then p2 = N (p) = N (α)N (β) implies √ that N (α) = p. Write α = x + y −2. Then p = x2 + 2y 2 , which is impossible. Therefore, p is irreducible. 2 (d) By part √ (b), there √ is an integer x with x ≡ −2 (mod p), which means that p |√ (x + −2)(x −√ −2). (e) If p is irreducible, then part (d) implies that p | x + −2 or p | x − −2. But neither of these is true. Therefore, p factors: p = αβ with α, β non-units. Then p2 = N (p) = N (α)N (β), which implies that N (α) = N (β) = p. By the analogue of Proposition 14.2, α and β are irreducible, so p is a product of two irreducibles. (f) and (g) By part (e), we have that p = αβ with √ α and β irreducible. This implies, as in (e), that N (α) = p. Write α = a + b −2. Then p = N (α) = a2 + 2b2 . Let π be irreducible and let p be a prime dividing N (π). Let π0 be an irreducible dividing p. Then π0 | ππ, so π0 | π or π. Since π0 , π, π are irreducible, π0 is an associate of either π or π. If π0 is an associate of π, then π 0 is an associate of π/ Since π0 and π 0 are irreducibles from (a), (c), (e), we’re done. 2 2. (a) x√2 ≡ z 2 (mod √ 2). If x ≡ z (mod 2) then 2y ≡ 0 (mod 4), so 2 | y. (b) If (√ −2)(a + b√ −2) = n, then √ n = −2b, which is even. (c) If ( −2)(a + b −2) = x + y −2, then x = −2b, which is even. √ 2 √ √ (d) π | −( −2 x implies √ that π divides −2 or x. Since π 6= ± −2, we have π | x. Similarly, if π | −( −2)3 y then π | y. (e) Let gcd(a, b) = 1. Then there exist integers m, n such that am + bn = 1. If π divides a and b, then π divides 1, which is impossible. √ √ √(f) Suppose π is an irreducible dividing x + −2y and x − −2y. If√π = ± −2 then √ π | x, which means x is even, by part (b). Now suppose π 6= ± −2, Then π | x± √ −2y, so π divides the sum, which is 2x and π divides the difference, which is 2 −2y. By part (d), π | x, y. By part (e), this is impossible. Therefore, π does not exist, so are relatively prime. √ √ the two numbers prime, (g) Since (x + −2y)(x√− −2y) = z 2 , and the factors are relatively √ Lemma 15.9 says that x + −2y = ±α2 for some α. Write α = a + −2b. Then √ √ √ x + −2y = ±(a + −2b)2 = ±(a2 − 2b2 ) ± 2 −2ab.

121

Therefore, x = ±(a2 − 2b2 ) and y = ±2ab. Since z 2 = x2 + 2y 2 = (a2 − 2b2 )2 + (2ab)2 = (a2 + 2b2 )2 , we have z = ±(a2 + 2b2 ). 3. (a) Let γα = p for some α. Then N (γ)N (α) = N (p) = p2 , so N (γ) = ±p or ±p2 . (b) In (a), if N (γ) = ±p2 then N (α) = ±1, so α is a unit. (c) If γγ = ±p, which divides ππ, then γ | ππ. Since there is unique factorization, γ | π or π, by Exercise 9. Since γ, π, π are irreducible, γ is an associate of either π or π. (d) From (a), (b), (c), if γ is irreducible, either γ is an associate of a prime number p and N (γ) = ±p2 , or γ is an associate of π or π, with N (π) = ±p. Therefore, N (γ) = ±p. 4. (a) 2   2 163 b b 163 2 b ≥ . N (α) = a + + 163 ≥ 2 2 4 4 Since N (α) is an integer, N (α) ≥ 41. (b) Suppose γ = δβ, where δ, β are non-units. Then N (δ)N (β) = N (γ) < 412 , so 1 < N (δ) < 41 or 1 < N (β) < 41. Since γ is not a multiple of an integer other than ±1, the same holds for δ and β. Therefore, part (a) applies and tells us this is impossible. (c) √     2 2 1 + −163 1 1 163 163 n+ ≤ 39 + < 412 . = n+ + + 2 2 4 2 4 √ Since (d) From (c) and (b), we know that n + (1 + −163)/2 is irreducible. √ it is not a unit times a prime, Project 3 tells us that N (n + (1 + −163)/2) is prime. N

122

Chapter 16

Analytic Methods 16.1

Exercises

1. There is a prime p with n/2 < p ≤ n. Since 2p > n, the prime p occurs exactly once in n!. Therefore, n! cannot be a kth power because all exponents in the prime factorization would have to be a multiple of k. 2. (a) Let 2k be the highest power of 2 that is less than or equal to n. The term 1/2k is the only term with 2k dividing its denominator. Let Q equal 2k−1 times the product of all odd integers up to n. If the sum S is an integer, so is QS. But (Q)(1/j) is an integer for each j ≤ n except for j = 2k−1 , where Q/j is an odd number divided by 2, so it is not an integer. Therefore, QS is not an integer, so S is not an integer. (b) Let p be a prime satisfying n/2 < p ≤ n. There is no other multiple of p less than n, so nothing can cancel the p from the denominator. Therefore, the sum is not an integer. 3. There is a prime p with n2 /2 < p ≤ n2 . This p occurs in only one column. This column’s product is a multiple of p but no other column’s product is a multiple of p, so the column products cannot all be the same. 4. We have li(x) → ∞ and x/ ln x → ∞ as x → ∞, so we can use l’Hˆopital’s d d Rule. We have dx li(x) = 1/ ln x and dx (x/ ln x) = (−1 + ln x)/(ln x)2 . Therefore, the limit is lim

x→∞

1/ ln x ln x = lim = 1. x→∞ −1 + ln x (−1 + ln x)/(ln x)2

123

5. (a) π(2x) > .921(2x)/ ln(2x) and π(x) < 1.106x/ ln(x). Therefore, 1.842x 1.106x − ln x + ln 2 ln x .736x ln x − 1.106(ln 2)x = (ln x + ln 2)(ln x) 9x > >0 (ln x + ln 2)(ln x)

π(2x) − π(x) >

when x ≥ 106 . The next-to-last inequality is because .736 ln x − 1.106 ln 2 > 9 when x ≥ 106 . (b) The calculation in (a) shows that π(2x) − π(x) → ∞ as x → ∞. Therefore, when x is sufficiently large, π(2x) − π(x) > 106 .

16.2

Projects

1. (a) The m with 1 < m ≤ 18 and gcd(m, 18) = 1 are 5, 7, 11, 13, 17. Each of these is prime. (b) If p - n, then gcd(p2 , n) = 1. But p2 < n and p2 is not prime. so n is not prime finding. (c) Since p21 , . . . , p2r ≤ n, part (b) implies that p1 , · · · , pr | n, so (p1 · · · pr ) | n. This tells us that p1 · · · pr ≤ n < p2r+1 . (d) Let p be a prime. Bertrand’s postulate says that there is a prime q with p < q ≤ 2p. Clearly, q 6= 2p, so p < q < 2p. In particular, there is a prime q with pr < q < 2pr , so pr+1 < 2pr . Similarly, pr < 2pr−1 , so pr+1 < 2pr < 4pr−1 . (e) From (c) and (d), we have p1 · · · pr < pr+1 pr+1 < (2pr )(4pr−1 ). Divide by pr pr+1 to get the result. (f) We have p1 p2 p3 = 2 · 3 · 5 > 8, so (e) implies that we must have r − 2 ≤ 2, so r ≤ 4. Therefore, n < p2r+1 = p25 = 121. (g) Part (f) says that we need to look only at n ≤ 120. This search can be sped up by using the proof of (c) to conclude that if n > 25 then 2 · 3 · 5 divides n. At this point, a brute force search yields n = 2, 3, 4, 6, 8, 12, 18, 24, 30. 2. (a) Since π(pn ) = n, if we let x = pn in the inequality A

x x ≤ π(x) ≤ B , ln x ln x

we get A

pn pn ≤n≤B . ln pn ln pn

(b) If we take logarithms of the three quantities in (a) we get     pn pn ln A ≤ ln n ≤ ln B . ln pn ln pn 124

So, ln A + ln pn − ln(ln pn ) ≤ ln n ≤ ln B + ln pn − ln(ln pn ). Divide both sides by ln pn to get ln A ln(ln n) ln n ln B ln(ln n) +1− ≤ ≤ +1− . ln pn ln pn ln pn ln pn ln pn Since

ln A ln B ln(ln n) , and −→ 0 as n −→ ∞, ln pn ln pn ln pn 0.9 ≤

ln n ≤ 1.1 ln pn

for n sufficiently large. (c) From part (a), we get A n B ≤ ≤ . ln pn pn ln pn Taking reciprocals and multiplying by n gives us n ln pn n ln pn ≤ pn ≤ . B A From part (b), ln n ln n ≤ ln pn ≤ . 1.1 .9 So, 1 1 n ln n ≤ pn ≤ n ln n 1.1B .9A (d) This series diverges by the integral test: make the substitution u = ln x, so du = x1 dx. Then Z ∞ Z ∞ 1 1 dx = du. x ln x u 2 ln 2 which diverges. (e) From part (c), 1 .9A ≥ pn n ln n and this implies that

∞ ∞ X X 1 .9A ≥ . p n ln n n=1 n n=1

Part (d) now tells us that ∞ X 1 p n=1 n

diverges. 125

16.3

Computer Explorations

1. (a) The number of prime pairs and the ratio π2 (x)/(x/(ln x)2 ) are as follows: x = 104 :

205 pairs

ratio = 1.74

5

1224 pairs

ratio = 1.62

6

8169 pairs

ratio = 1.56

58980 pairs

ratio = 1.53

x = 10 : x = 10 : 7

x = 10 : x = 104 x = 105 x = 106 x = 107

: : : :

205 pairs 1224 pairs 8169 pairs 58980 pairs

ratio ratio ratio ratio

= 1.74 = 1.62 = 1.56 = 1.53

(b) First, we have the following prime pairs: (11, 13), (17, 19), 29, 31), (41, 43), (71, 73), (137, 139), (269, 271), (521, 523), (1031, 1033), (2027, 2029), (4049, 4051), (8087, 8089), (16139, 16142). Note that if (a, b), (c, d) are two consecutive pairs on the list, then d < 2a. Now let 7 ≤ x ≤ 107 . Choose a pair (a, b) with x < b ≤ 2x. If x < a, we’re done, because (a, b) lies between x and 2x. If x ≥ a, then 2x ≥ 2a > d, where (c, d) is the next pair. But x < b < c, so (c, d) is between x and 2x. (b) 1.9x 2x − >0 π2 (2x) − π2 (x) ≥ (ln(2x))2 (ln x)2 when x > 1012 . This inequality can be proved as follows. We have
1.9x x 2x − = 2(ln x)2 − 1.9(ln(2x))2 . 2 2 2 2 (ln(2x)) (ln x) (ln(2x)) (ln x) Since
1 d 2(ln x)2 − 1.9(ln(2x))2 = (.2 ln x − 3.8 ln 2) > 0 dx x
when x > 219 , therefore when x > 1012 . Since 2(ln x)2 − 1.9(ln(2x))2 > 0 when x = 1012 and it is an increasing function, it is positive for all x > 1012 . This proves the inequality. 2. The ratios are 101 .92

102 1.15

103 1. 16

104 1.13

126

105 1.10

106 1.08

107 1.07

Appendix A

Supplementary Topics A.1

Exercises

1. Let a = 3 and r = 1/4. The sum is a/(1 − r) = 4. 91 91 91 + 100 2. .91919191 · · · = 100 2 + 1003 + · · · . Let a = 91/100 and r = 1/100. The sum is a/(1 − r) = 91/99.

3. We have 1/(1 − r) = 3, which yields r = 2/3. 4. If 1/(1 − r) = 1/3, then r = −2. But the series does not converge when r = −2. 5. The statement is true for n = 1. If it’s true for n = k then 1 + 2 + · · · + k + (k +1) = 12 k(k +1). Add k +1 to both sides to get 1+2+· · ·+k +(k +1) = 1 1 2 k(k + 1) + (k + 1) = 2 (k + 1)(k + 2). Therefore, the statement is true for n = k + 1. By induction, it is true for all n. 6. The statement is true for n = 1. If it’s true for n = k then k + 2 ≤ 3k . Multiply both sides by 3 to get 3k + 6 ≤ 3k+1 . Since k + 3 ≤ 3k + 6, we have (k + 1) + 2 ≤ 3k+1 , so the statement is true for n = k + 1. By induction, it’s true for all n. 7. The statement is true for n = 1. If it’s true for n = k then 12 + 22 + · · · + k 2 = 61 k(k + 1)(2k + 1). Add (k + 1)2 to both sides to get 12 + 22 + · · · + k 2 + (k + 1)2 = 16 k(k + 1)(2k + 1) + (k + 1)2 = 16 (k + 1)(k + 2)(2k + 3). Therefore, the statement is true for n = k + 1. By induction, it’s true for all n. 8. The statement is
true for n = 1. If it’s true for n = k then 13 + 23 + · · · + 2 k 3 = 12 k(k + 1) . Add (k + 1)3 to both sides to get 13 + 23 + · · · + k 3 +
2
2 (k + 1)3 = 12 k(k + 1) + (k + 1)3 = 12 (k + 1)(k + 2) . Therefore, the statement is true for n = k + 1. By induction, it’s true for all n.

127

9. The “proof” fails for the passage from n = 1 to n = 2. When there are only two horses, the set with only Ed missing and the set with only the other horse missing do not overlap, so we cannot conclude anything about the colors. 10. (a) Subtract off the largest possible multiples of the factorials, starting at the largest, to get the expansions: 50 = 2 · 4! + 0 · 3! + 1 · 2! + 0 · 1!, 73 = 3 · 4! + 0 · 3! + 0 · 2! + 1 · 1!, 533 = 4 · 5! + 2 · 4! + 0 · 3! + 2 · 2! + 1 · 1! (b) We’ll prove this by strong induction. Suppose it’s true for all n < k. We’ll prove it for n = k. Let m be such that m! ≤ k < (m + 1)!. Let j be the largest j such that j(m!) ≤ k. Since j < (m+1)m!, we have j < m+1. Let i = k − j(m!). Then 0 ≤ i < m!. Since i < m! ≤ k, there is a Cantor expansion for i. Since i < m!, the Cantor expansion of i does not use m!. Therefore, k = j(m!) + Cantor expansion of i is the Cantor expansion of k, as desired. By strong induction, every k has a Cantor expansion. 11. (a) (a + b)5 = a5 + 5a4 b + 10a3 b2 + 10a2 b3 + 5ab4 + b5 . All of the middle coefficients are multiples of 5. (b) (a + b)7 = a7 + 7a6 b + 21a5 b2 + 35a4 b3 + 35a3 b4 + 21a2 b5 + 7ab6 + b7 . All of the middle coefficients are multiples of 7. (c) (a + b)6 = a6 + 6a5 b + 15a4 b2 + 20a3 b3 + 15a2 b4 + 6ab5 + b6 . (d) Coefficients are 1, 10, 45, 120, 210, 252, 210, 120, 45, 10, 1

n n! 12. nk = n! k! (n − k)! = (n−k)! (n − (n − k))! = n−k .

Pn Pn 13. (a) 2n = (1 + 1)n = j=0 nj 1j 1n−j = j=0 nj .

Pn Pn (b) 0 = (−1 + 1)n = j=0 nj (−1)j (1)n−j = j=0 nj (−1)j . 14. The statement is true for n = 1. Assume that it’s true for n = k, so F1 + F2 + · · · + Fk = Fk+2 − 1. Add Fk+1 to both sides to obtain F1 + F2 + · · · + Fk + Fk+1 = Fk+1 + Fk+2 − 1 = Fk+3 − 1. Therefore, the statement is true for n = k + 1. By induction, it’s true for all n. 15. (a) The statement is true for n = 1. Assume that it’s true for n = k. Then F1 + F3 + · · · + F2k−1 = F2k . Add F2k+1 to both sides and use the identity F2k + F2k+1 = F2(k+1) to obtain F1 + F3 + · · · + F2k−1 + F2k+1 = F2k + F2k+1 = F2k+2 . 128

Therefore, the statement is true for n = k + 1. By induction, it’s true for all n. (b) F1 + F3 + · · · + F2n can be written as √
(1/ 5) φ + φ3 + · · · + φ2n−1  √  − (1/ 5) (−φ)−1 + · · · + (−φ)−(2n−1) . Sum the two geometric series to obtain  2n+1  1 φ − φ (−φ)−(2n+1) − (−φ) √ − φ2 − 1 (−φ)2 − 1 5  2n+1  1 φ − φ + (−φ)−(2n−1) + φ =√ . φ2 − 1 5 But φ2 − φ − 1 = 0, so φ2 − 1 = φ. Use this in the denominator to obtain
1 √ φ2n − (−φ)−2n . 5 This is Binet’s formula for F2n . 16. (a) The statement is true for n = 2. Assume that it’s true for n = k, so Fk2 − Fk+1 Fk−1 = (−1)k−1 . We now compute 2 Fk+1 − Fk+2 Fk = Fk+1 (Fk + Fk−1 ) − (Fk+1 + Fk )Fk

= Fk+1 Fk−1 − Fk2 = − Fk2 − Fk+1 Fk−1




= −(−1)k−1 = (−1)k . Therefore, the statement is true for n = k + 1. By induction, it’s true for all n. (b) Binet’s formula tells us that Fn2 − Fn+1 Fn−1
2

 1 n φ − (−φ)−n − φn+1 − (−φ)−1−n φn−1 − (−φ)1−n = 5
1 −2(−1)n + (−1)n+1 φ2 + (−1)n+1 φ−2 = 5 (all of the other terms cancel). Since −2(−1)n + (−1)n+1 φ2 + (−1)n+1 φ−2 = (−1)n+1 (φ + φ−1 )2 √ = (−1)n+1 ( 5)2 , we obtain Fn2 − Fn+1 Fn−1 = (−1)n+1 = (−1)n−1 . 129

√ √ 17. (a) Explicitly calculate φ2 = φ + 1 =√(3 + 5)/2, and φ−2 = 2/(3 + 5) = √ (3 − 5)/2. Therefore, φ2 + φ−2 = 5. (b) Use Binet’s formula:
2
2  1  n+1 2 2 φ Fn+1 − Fn−1 = − (−φ)−n−1 − φn−1 − (−φ)1−n 5
1 2n+2 = φ − 2(−1)n+1 + (−φ)−2n−2 − φ2n−2 + 2(−1)n−1 − (−φ)−2n+2 5

1 2 = φ − φ−2 φ2n − (−φ)−2n 5  1 √ √ = ( 5 5F2n 5 = F2n . 18. (a) We’ll use strong induction. The formula is true for n = 1 and n = 2. Assume that it’s true for all n ≤ k. In particular, Lk−1 = φk−1 + (−φ)1−k and Lk = φk + (−φ)−k . Therefore, Lk+1 = Lk + Lk−1 = φk + φk−1 + (−φ)−k + (−φ)−k+1 . Multiply the relation φ2 = φ + 1 by φk−1 to obtain φk+1 = φk + φk−1 . Multiply the relation φ2 − φ = 1 by (−φ)−k−1 to obtain (−φ)−k+1 + (−φ)−k = (−φ)−k−1 . We obtain Lk+1 = Lk + Lk−1 = φk+1 + (−φ)−k−1 . Therefore, the formula is true for k + 1, and hence for all n ≤ k + 1. By induction, it is true for all n. (b) Ln+1 φ + (−1)n+1 φ−2n−1 φn+1 + (−φ)−n−1 = →φ = Ln φn + (−φ)−n 1 + (−1)n φ−2n as n → ∞, since |φ−1 | < 1, so φ−n → 0 as n → ∞. (c) Binet’s formula and part (a) tell us that

1 φn − (−φ)−n φn + (−φ)−n Fn Ln = √ −5
1 = √ φ2n − (−φ)−2n 5 = F2n . (d) We’ll use strong induction. The formula is true for n = 2 and n = 3. Suppose it is true for all n ≤ k. Then Fk = Lk−1 + Lk+1 and Fk−1 = Lk−2 + Lk . Add these together to get Fk+1 = Fk + Fk−1 = (Lk−1 + Lk+1 ) + (Lk−2 + Lk ) = (Lk−2 + Lk−1 ) + (Lk + Lk+1 ) = Lk + Lk+2 . 130

Therefore, the formula is true for k + 1, and hence for all n ≤ k + 1. By induction, it is true for all n. 19. Let xn be the number of pairs of rabbits after n months. In the (n + 1)th month, there are xn−1 pairs of rabbits that are at least one month old, and each such pair produces a new pair, so after n + 1 months there are the xn+1 new pairs plus the xn pairs that were already there. So xn+1 = xn+1 + xn . Since x0 = x1 = 1, x2 = 2, x3 = 3, and x4 = 5, we see that xn = Fn+1 . Therefore, x12 = F13 = 233, so there are 233 pairs of rabbits after 12 months.

131

K21752 ISBN: 978-1-4822-1444-4

90000

w w w. c r c p r e s s . c o m

9 781482 214444