Number Theory and Cryptography (MAS3214)
advertisement
Number Theory and Cryptography
(MAS3214)
Lecture Notes
Wiki Linked
Michael C. White
Newcastle University
Semester 2 – 2014/15
Useful Facts
http://www.mas.ncl.ac.uk/˜nmcw/MAS3214
The module home page has:
I
Lecture Notes
I
Problem Class Sheets
I
Assignment Sheets
I
Past Exam papers
I
Reminders of Dates
I
Other downloadable Handouts
I
Blackboard:
I
Solutions to the above and ReCap recordings
I
CBAs:
I
Computer based assessments using NUMBAS, must be run
via RAS
Week 1 26/01/15 - L1 L2 L3 : CBA1(practice)
1.0 Prime Numbers
- 1.1 Prime Numbers
- 1.2 Composite Numbers
- 1.3 Fundamental Theorem of Number Theory
- 1.4 Counting Primes: π(100)
2.0 Coprime Numbers
- 2.1 Coprime Numbers
- 2.2 The Extended Euclid Algorithm
- 2.3 Consequences of Euclid’s Algorithm
- 2.4 Exercise on Euclid’s Algorithm
3.0 Euler’s Phi Function
- 3.1 The Euler Phi Function φ(n)
- 3.2 Sieving for Primes
- 3.3 Sieving Primes
- 3.4 Coprime Pairs
- 3.5 Sieving for Co-Prime Numbers
Week 2 02/02/15 - L4 L5 DC1: CBA1(exam)
4.0 Single Linear Congruences
- 4.1 Single Linear Equations - Special Case
- 4.2 Example Single Equation - Special Case
- 4.3 Single Linear Equations - General Case
5.0 Chinese Remainder Theorem
- 5.1 Chinese Remainder Theorem
- 5.2 Three Simultaneous Equations
- 5.3 Three Examples Continued
- 5.4 General Chinese Remainder Theorem - Proof
Week 3 09/02/15 - L6 L7 PC2:
6.0 Endless Primes
- 6.1 There are Infinitely Many Primes: Euclid’s
Theorem
- 6.2 Gaussian Primes (4k + 3 Primes)
- 6.3 Euler’s Proof: There are infinitely many
primes
7.0 The Zeta Function
- 7.1 Infinite Products over Primes
- 7.2 Möbius Function µ(n)
- 7.3 Möbius Function - Examples
Week 4 16/02/15 - L8 L9 DC2: Assignment A
8.0 Multiplicative Functions
- 8.1 Arithmetical and Multiplicative Functions
- 8.2 The Möbius function µ is Multiplicative - Proof
- 8.3 Euler’s Phi function φ is Multiplicative
- 8.4 The Phi Formula φ(n)
9.0 The Divisor Function
- 9.1 Divisor function - the Definition
- 9.2 The Formula for the Divisor Function
- 9.3 The Divisor function is Multiplicative
- 9.4 Solving Equations with the Divisor function τ
Week 5 23/02/15 - L10 L11 PC3: CBA2(practice)
10.0 Sum of Divisors Function
- 10.1 Sum of Divisors function - the Definition
- 10.2 Formula for Sum of Divisors σ - Derivation
- 10.3 Sum of Divisors σ is Multiplicative - Proof
- 10.4 Equations with the Sum Divisor function σ
11.0 New from Old
- 11.1 New Arithmetical Functions from Old
- 11.2 New Multiplicative Functions from Old
- 11.3 More New Arithmetical Functions from Old
Week 6 02/03/15 - L12 L13 DC3: CBA2(exam)
12.0 The Möbius Inversion Formula
- 12.1 More New Multiplicative Functions from Old
- 12.2 Example of Convolution Product
- 12.3 Convolving with µ
- 12.4 Möbius Inversion Formula
13.0 Dirichlet Series
- 13.1 Three Easy Examples of Dirichlet Series
- 13.2 Dirichlet Multiplication Theorem
- 13.3 Three Harder Examples of Dirichlet Series
Week 7 09/03/15 - L14 L15 PC4:
14.0 Euler’s Theorem
- 14.1 Fermat’s Little Theorem
- 14.2 Euler’s Theorem
- 14.3 Example Euler’s Theorem
15.0 Polynomial Congruences
- 15.1 Lagrange’s Theorem
- 15.2 Examples of Lagrange’s Theorem
- 15.3 Examples of Lagrange’s Theorem
EASTER Break Sa 14/03/15 - Su 12/04/15
Week 8 13/04/15 - L16 L17 DC4: Assignment B
16.0 Roots of Unity
- 16.1 Roots of Unity - Special Case
- 16.2 Examples of Roots of Unity
- 16.3 Roots of Unity - General Case
17.0 Quadratic Residues
- 17.1 Quadratic Residues
- 17.2 How many Quadratic Residue are there?
- 17.3 Euler’s Criterion
- 17.4 Example using Euler’s Criterion
Week 9 20/03/15 - L18 L19 PC5:
18.0 Legendre Symbol
- 18.1 The Legendre Symbol
- 18.2 Legendre Symbol - Properties
- 18.3 The Jacobi Symbol
- 18.4 Jacobi Symbol - Properties
19.0 Quadratic Reciprocity
- 19.1 Quadratic Reciprocity
- 19.2 Example using Quadratic Reciprocity
Week 10 27/04/15 - L20 L21 DC5: CBA4(practice)
20.0 Gauss’s Lemma
- 20.1 Why Quadratic Reciprocity works
- 20.2 Gauss’s Lemma
- 20.3 Square Root of 2
- 20.4 Square Root of 2 - Continued
21.0 Final Example
- 21.1 An idea of the proof of Quadratic reciprocity
Week 11 04/05/15 - L22 L23 : Bank Holiday Monday:
CBA4(exam)
22.0 Revision
- 22.1 Written Assignment A
- 22.2 Written Assignment B
Week 12 11/05/15 - RL1 RL2
1.1 Prime Numbers
Definition: What is a Prime Number?
I
A natural number n > 1, is called prime if its only positive
divisors are 1 and n
I
We say n is composite if n = ab, where a, b ∈ N and a, b > 1
Asides
I
Really we have defined irreducible rather than prime.
Prime should be more like: “p|ab implies p|a or p|b”
I
It is usual to say that 1 is not a prime. “1”is a unit
The definition is designed to avoid the following:
3 = 1 × 3, 3 = 6 × 12 , −3 = (−1) × 3, 3 = (−1)(−3),
5 = (2 + i)(2 − i) = 22 + 12 ,
13 = 22 + 32 = (2 + 3i)(2 − 3i)
1.2 Composite Numbers
Tests for divisibility
I
I
I
I
I
I
I
the last digit is even
10: the last digit is 0
5: the last digit is 0 or 5
9: the digits add up to a multiple of 9
3: the digits add up to a multiple of 3
25: the last two digit are 00, 25, 50 or 75
4: the last two digits give a multiple of 4.
2:
How about 2012 or 2010?
I
I
11: The Wavy Line Test, eg 1 0 8 9.
How about 2013 or 1994?
Beware 91 = 7 × 13 and its friend 51 = 3 × 17.
All other primes to 100 are spotted by TimesTable Test
Ex: Which primes below 200 aren’t spotted?
1.3 Fundamental Theorem of Number Theory
Unique Factorization into Primes
Every natural number n > 1, can be written uniquely (up to
ordering the product) as a product of prime powers:
n = p1α1 p2α2 . . . prαr
This is more subtle than our familiarity leads us to believe
We are used to always ending factorizations with the same primes:
and 12 = 3 × 4 = 3 × 2 × 2
12 = 2 × 6 = 2 × 2 × 3
But Unique Factorization does not hold in many similar number
systems.
e.g. in 2Z, 60√= 2 × 30
× 10 which does not factor in 2Z
√= 6√
e.g. in Z + Z 6, 6 = 6 × 6 = 2 × 3
1.4 Counting Primes: π(100)
π(n) = the number of primes up to n,
. . . and so π(10) = 4, being {2, 3, 5, 7}
Ex:
2,
13,
31,
53,
73,
List the Primes below 100 and compute π(100)
3, 5, 7, 11,
17, 19, 23, 29
37, 41, 43, 47
59, 61, 67, 71,
79, 83, 89, 97
. . . and so π(100) = 25
The Prime Number Theorem
In fact the number of prime is remarkably regular
π(n) ≈
n
log(n)
2.1 Coprime Numbers
Definition and Examples
I
We denote by (a, b) the largest number which divides a and b
I
This number is called the: Highest Common Factor (hcf)
. . . or Greatest Common Divisor (gcd)
I
If (a, b) = 1, then we say that a and b are coprime
I
e.g. (6, 15) = 3, (10, 21) = 1,
so 10 and 21 are coprime, but neither is prime
Note: d|a and d|b
⇐⇒ d|a and d|(b − a)
I
I
I
I
Eg: d|6 and d|9
⇐⇒ d|6 and d|(9 − 6)
⇐⇒ d|6 and d|3
⇐⇒ d|(6 − 3) = 3 and d|3 ⇐⇒ d|3
2.2 The Extended Euclid Algorithm
Statement of Euclid Algorithm
Given any pair of non-zero integers n and m,
there exist numbers a and b, such that
an + bm = (a, b)
Algorithm: Find a, b such that a55 + b49 = 1 = (55, 49)
Method: Do the same thing on both | sides
55
49
(55 − 49)
49
6
49
6
49 − 8 × 6
6
1
6
1
|
|
|
|
|
|
n
m
(n − m)
m
(n − m)
m
(n − m) m − 8 × (n − m)
(n − m)
m − 8n + 8m
(n − m)
−8n + 9m
And we can see that −8n + 9m = 1, i.e.
(−8) × 55 + (+9) × 49 = −440 + 441 = 1
2.3 Consequences of Euclid’s Algorithm
Definition We say a is invertible (mod n) if there exists ā such
that āa ≡ 1 (mod n)
Lemma a is invertible mod n iff (a, n) = 1
I
I
(⇐=) By the Extended Euclid Algorithm there exist ā and n̄,
such that āa + n̄n = 1,
so āa ≡ 1 (mod n) and so a is invertible.
( =⇒ ) If āa ≡ 1 (mod n), then āa − 1 = n̄n,
āa + n̄n = 1, and any common divisor of a and n divides 1
Lemma If a|n, b|n and (a, b) = 1 then ab|n
I
Coprime reflex: āa + b̄b = 1, multiply to turn 1 into n gives
ā(an) + b̄(bn) = n, so ā bn (ab) + b̄ na (ab) = n, so
ab|n
Lemma If a|nm and (a, n) = 1 then a|m
I
Reflex: āa + n̄n = 1, multiply to turn 1 into m
gives āam + n̄nm = m, so (ām)a + (n̄ nm
a )a = m, so a|m
2.4 Exercise on Euclid’s Algorithm
Find the inverse of 17 (mod 100)
100
17
(100 − 5 × 17)
17
15
17
15
17 − 15
15
2
15 − 7 × 2
2
1
2
|
n
m
|
(n − 5m)
m
|
(n − 5m)
m
|
(n − 5m)
m − (n − 5m)
|
(n − 5m)
6m − n
| (n − 5m) − 7 × (6m − n)
(6m − n)
|
(8n − 47m)
(6m − n)
And we can see that +8n − 47m = 1, i.e.
(8) × 100 + (−47) × 17 = 800 + 799 = 1
Giving −47 ≡ 53 (mod 100) as the inverse
3.1 The Euler Phi Function φ(n)
We denote by φ(n) the number of integers less than n, which are
coprime to n, i.e. φ(n) = #{k : 1 ≤ k ≤ n, (k, n) = 1}
Examples
I
I
I
#{1, 6 2, 6 3, 6 4, 5 6 6}, so φ(6) = 2
φ(7) = #{1, 2, 3, 4, 5, 6, 6 7}, so φ(7) = 6
φ(8) = #{1, 6 2, 3, 6 4, 5, 6 6, 7, 6 8}, so φ(8) = 4
φ(6) =
More Generally: for p prime
I
φ(p) = (p − 1)
I
φ(2n ) = 2n−1
I
φ(p n ) = p n − p n−1 = p n (1 − p1 )
Later we will derive the general formula:
α1 α2
α1 α2
1
α
α
r
r
φ(p1 p2 . . . pr ) = p1 p2 . . . pr 1 − p1 · · · 1 −
1
pr
3.2 Sieving for Primes
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9
19
29
39
49
59
69
79
89
99
10
20
30
40
50
60
70
80
90
100
3.3 Sieving Primes
Sieve of Eratosthenes - Computing π(100) again
I
(a) Cross out 1. It is not a prime
I
(b) Circle the next number. It is a prime
I
(c) Cross of all (proper) multiples of this prime.
They are not primes
I
(d) Go To (b)
I
How many numbers did we leave not crossed out?
I
About
N + 1−
N
2
+ 1−
N
3
+
N
6
+ 1−
N
5
+ ···
This gives the estimate for π(N) to be
1
1
1
π(N) ≈ N 1 −
1−
1−
× · · · + error
2
3
5
Sadly the error is about π(N), and the product is about 0.
3.4 Coprime Pairs
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
7
8
9
10
3.5 Sieving for Co-Prime Numbers
I
I
I
I
I
Cross out squares where (k, l) = 2,
then (k, l) = 3, then (k, l) = 5, then (k, l) = 7
How many squares did we leave not crossed out?
We started with N 2 squares, where N = 10
How many squares did we leave not crossed out?
About
N2 −
N 2
2
−
N 2
3
+
N 2
6
63
+ ···
This gives an estimate for the proportion of coprime pairs to be
1
1
1
Proportion ≈ 1 − 2
1− 2
1 − 2 × · · · + error
2
3
5
In this case the error is about 0.
And the product
Y 1
6
1− 2 = 2
π
pi
p prime
i
≈ 0.6079
10
4.1 Single Linear Equations - Special Case
I
Example: Solve 7x ≡ 2 (mod 10)
We multiply both sides by 3, in order to get rid of the 7
3 × 7 × x ≡ x ≡ 3 × 2 ≡ 6 (mod 10)
I
Special Case If (a, n) = 1, then the equation
ax ≡ b (mod n), has a unique solution for x (mod n).
Proof By the Extended Euclid Algorithm there exist ā and n̄,
such that āa + n̄n = 1, so āa ≡ 1 (mod n).
Hence x ≡ āax ≡ (1 − n̄n)x ≡ āax ≡ āb (mod n) is the
unique solution.
4.2 Example Single Equation - Special Case
Solve 7x ≡ 2 (mod 100)
I
Example:
I
Method 1
I
Note that 7 × 11 × 13 = 1001,
I
so 7 × 143 = 1001, and 7 × 43 ≡ 1 (mod 100)
I
43 × 7 × x ≡ x ≡ 43 × 2 ≡ 86 (mod 100)
I
Example: Solve 3x ≡ 4 (mod 10)
I
Method 2
3x ≡ 4 ≡ 14 ≡ 24 (mod 10)
So x ≡ 8 (mod 10)
Method 3:
If all else fails, use the Extended Euclid
Algorithm!
I
I
I
I
4.3 Single Linear Equations - General Case
I
Example: Solve 3x ≡ 6 (mod 15)
It is tempting to divide both sides by 3, giving
x ≡ 2 (mod 15), but x = 7
is also a solution.
I
-
I
General Case The equation ax ≡ b (mod n), has a solution
if and only if (a, n)|b.
b
n
a
x ≡ (a,n)
(mod (a,n)
)
These are the same solutions as: (a,n)
I
Example:
I
(12, 15) = 3 and 3|15,
so we need to solve 4x ≡ 2 (mod 5),
which has the unique solution x ≡ 3 (mod 5).
Beware! x ≡ 3, 8, 13 (mod 15)
I
I
I
Solve 12x ≡ 6 (mod 15)
4.4 Single Linear Equations - Proof of General Case
I
ax ≡ b (mod n) has a solution iff ax − b = qn
for some q.
I
Proof (⇐=)
I
If there is a solution then: b = ax − qn,
I
and (a, n) divides a and n,
I
Then (a, n) also divides b.
I
Proof ( =⇒ )
I
a
n
Note ( (a,n)
, (a,n)
) = 1 and
so
a
(a,n) x
a
(a,n) x
≡
b
(a,n)
(mod
b
(a,n)
n
(a,n) )
is an integer,
has a unique solution, i.e.
b
n
− (a,n)
= q (a,n)
multiplying by (a, n) gives:
ax − b = qn for the same q i.e. ax ≡ b (mod n).
5.1 Chinese Remainder Theorem
Simultaneous Equations
Solve the following two simultaneous linear equations
in one unknown
x ≡2
(mod 5),
x ≡3
(mod 7)
The key to the Chinese Remainder Theorem method is to find two
special number E1 and E2 .
In this case the special numbers are E1 = 21 and E2 = 15.
What makes these numbers special is that . . .
21 ≡ 1 (mod 5)
21 ≡ 0 (mod 7)
212 ≡ 21 (mod 35)
15 ≡ 0 (mod 5)
15 ≡ 1 (mod 7)
152 ≡ 15 (mod 35)
We can use these to find a solution to the equations above:
x = (2) × 21 + (3) × 15 = 87
Ex:
Find a solution to:
x ≡ 1 (mod 5), x ≡ −1 (mod 7)
x = (1)E1 + (−1)E2 = 21 − 15 = 6
5.2 Three Simultaneous Equations
Solve
I
I
I
I
I
I
x
≡ 1 (mod 2)
x
≡ 4 (mod 5)
x
≡ 2 (mod 7)
We now need to find three special number E1 , E2 and E3 .
Set N = 2.5.7, n1 = 2, n2 = 5, n3 = 7, Ni = N/ni
What is special about Ei is that
Ei ≡ 1 (mod ni ) and Ei ≡ 0 (mod Ni )
We can find Ei by solving the equation
Ei = xi Ni ≡ 1 (mod ni ) for xi , giving us Ei
For example to find E3 we solve
E3 = x3 10 ≡ 1 (mod 7) for x3 , x3 = 5, so E2 = 5 × 10 = 50
We still need E1 and E2 , which are obtained by solving
E1 = x1 35 ≡ 1 (mod 2) E2 = x2 14 ≡ 1 (mod 5)
5.3 Example Continued – Three Simultaneous Equations
E1 :
Solve x1 35 ≡ 1 (mod 2)
Clearly x1 = 1 is a solution, which gives
E1 = x1 N1 = 1 × 35 = 35
E2 :
Solve x2 14 ≡ 1 (mod 5)
E3 :
Solve x3 10 ≡ 1 (mod 7)
Clearly x2 = −1 is a solution, which gives
E2 = x2 N2 = (−1) × 14 = −14
Clearly x3 = 5 is a solution, which gives
E3 = x3 N3 = 5 × 10 = 50
The Formula for the General Solution is
x ≡ a1 E1 + a2 E2 + a3 E3 (mod N)
So the solution is
x ≡ 1(35) + 4(−14) + 2(50) ≡ 79 ≡ 9 (mod 70)
5.4 General Chinese Remainder Theorem - Proof
Let n1 , n2 , . . . , nr be pairwise coprime (i.e. (ni , nj ) = 1 for i 6= j),
and a1 , . . . , ar be given.
Then the simultaneous congruence equations
x ≡ ai (mod ni )
(0 ≤ i ≤ r )
have a unique solution x (mod n1 . . . nr )
I Set N = n1 . . . nr and Ni = N/ni . Note that (ni , Ni ) = 1
I We know that there are solutions to xi Ni + yi ni = 1
I Set Ei = xi Ni .
Note Ei ≡ 1 (mod ni ) and Ei ≡ 0 (mod Ni )
I The latter shows that for j 6= i we have Ei ≡ 0 (mod nj )
I Set x = a1 E1 + · · · + ar Er .
Note x ≡ 0 + ai Ei + 0 ≡ ai (mod ni )
I If x 0 is another solution, then
(x − x 0 ) ≡ 0 (mod ni ), i.e. ni |(x − x 0 )
I As (ni , nj ) = 1 for i 6= j we have
n1 . . . nr |(x − x 0 ), i.e. x ≡ x 0 (mod n1 . . . nr )
6.1 There are Infinitely Many Primes – Euclid’s Theorem
Euclid’s Proof
I
Assume there are only finitely many primes
I
There is at least one, namely 2
I
List the primes: p1 , p2 , . . . , pn
I
Consider
I
This number cannot be divisible by any prime p1 , p2 , . . . , pn .
It has remainder 1
I
Thus any prime divisor of N is another prime, which is a
contradiction
I
Hence there are infinitely many primes
N = p1 p2 . . . pn + 1
Note: This proof gives a way of constructing new primes:
If I know 2, 5, 11 then I consider:
2 × 5 × 11 + 1 = 111 = 3 × 37, and 3 is new
6.2 Gaussian Primes (4k + 3 Primes)
Note: All odd primes are equal to (4k + 1) or (4k + 3)
There are Infinitely many (4k + 3) primes
I
I
I
I
I
I
I
I
Assume there are only finitely (4k + 3) primes
There is at least one, namely 3
List the (4k + 3) primes: p1 , p2 , . . . , pn
Consider N = 4p1 p2 . . . pn − 1
N is not be divisible by any prime p1 , p2 , . . . , pn .
N is not divisible by 2 as N is odd
If N = q1 . . . qm with qj all (4k + 1) primes.
N ≡ q1 . . . qm ≡ 1 6≡ 3 ≡ 4p1 . . . pn − 1 (mod 4)
Thus any prime divisor of N is a new (4k + 3)
prime, which is a contradiction
6.3 Euler’s Proof: There are infinitely many primes
If there are only finitely many primes.
Consider the (finte!) product of infinite sums:
1
1
1+ + 2 +
2 2
1
1
1+ + 2 +
5 5
1
1
1
1
+ ···
×
1 + + 2 + 3 + ··· ×
23
3 3
3
1
1
1
× ··· × 1 +
+
+ ···
+ ···
53
pn pn2
−1
Qn 1
Summing the Geometric Series, gives the value: j=1 1 − pj
Expanding the brackets gives:
∞
X1
1 1
1
1
1
1
1
1+ + + 2 + +
+ + + ··· =
2 3 2
5 2.3 7 23
k
k=1
PN
1
k=1 k
R N+1
1
x=1 x
Qn
1
pj
−1
≥
dx = log(N + 1) → ∞ 6= j=1 1 −
This contradiction shows that there are not only n primes,
and in fact can give a good estimate about their distribution.
7.1 Infinite Products over Primes
Consider the infinite product of infinite sums:
1
1
1
1
1
1
1 + s + 2s + ·
1 + s + 2s + · · · · 1 + s + 2s + · · · ·
2
2
3
3
pn pn
Summing the Geometric Series, gives:
Q∞ j=1
1−
1
pjs
−1
Expanding the brackets gives:
∞
X 1
1 1
1
1
1
1
1
1+ s + s + 2s + s + s s + s + 3s +· · · =
2 3 2
5 2 .3 7 2
ks
k=1
We define the The Riemann Zeta Function as
∞
∞ −1
X
Y
1
−s
ζ(s) =
=
1 − pj
ns
n=1
j=1
The computation above shows that the infinite sum and infinite
product are both equal. [Aside: ζ(2) = π 2 /6]
7.2 Möbius Function µ(n)
Recall
−1
Q∞ −s
ζ(s) = j=1 1 − pj
and so
Expanding the infinite product for
1
ζ(s)
1
ζ(s)
=
Q∞ j=1
1−
pj−s
gives
1
1
1
1
1
1
1 − s − s − s + s s − s + s s + ···
2
3
5
2 .3
7
2 .5
P
µ(n)
We define the function µ(n) so this sum equals ∞
n=1 ns
Definition
(
(−1)n if all αj = 1
α1
α
n
µ(p1 . . . pn ) =
0
if any αj > 1
α1
and µ(1) = 1, where p1 . . . pnαn is a Collected Prime Factorization
7.3 Möbius Function - Examples
Examples: Values of the Möbius Function
µ(1) = 1, µ(2) = − 1 µ(3) = − 1
µ(4) = 0, µ(15) = + 1, µ(100) = 0
Dirichlet Series
A Dirichlet Series is an expression of the form
G (s) =
∞
X
g (n)
n=1
ns
We have seen the Dirichlet Series for
ζ(s) and 1/ζ(s)
P∞
They are rather like Power Series: n=1 an x n
In a Power Series we have: x n . x m = x n+m
1
In a Dirichlet Series we have: n1s . m1s = (nm)
s
8.1 Arithmetical and Multiplicative Functions
Definitions
I
We call a function f : N → R an arithmetical function
I
We call a function f : N → R multiplicative if
(n, m) = 1 implies f (nm) = f (n)f (m)
I
We call a function f : N → R a character if
f (nm) = f (n)f (m) for all n, m ∈ N [Note: a character is
always multiplicative]
Examples
I
f (n) = n2 is a character, and so multiplicative as
f (nm) = (nm)2 = n2 m2 = f (n)f (m)
I
We denote fk (n) = nk . Show fk (n) is multiplicative.
fk (nm) = (nm)k = nk mk = fk (n)fk (m)
I
Note π(n) is an arithmetical function, but it is not
multiplicative. π(2) = 1, π(5) = 3, π(10) =
4
8.2 The Möbius function µ is Multiplicative - Proof
I
Consider two coprime natural number n, m > 1,
n = p1α1 p2α2 . . . prαr and m = q1β1 q2β2 . . . qsβs .
I
If either n or m has a repeated divisor, then so does nm and
so µ(nm) = 0 = µ(n)µ(m).
I
As they are coprime, pi 6= qj , and so
α
α
β
β
I
nm factorizes as p1 1 p2 2 . . . prαr q1 1 q2 2 . . . qsβs
From the formula:
µ(n) = (−1)r , µ(m) = (−1)s , µ(nm) = (−1)r +s
I
Clearly giving µ(nm) = µ(n)µ(m)
I
Finally, if say m = 1, then µ(nm) = µ(n) = µ(n)µ(m)
I
8.3 The Euler Phi function φ is Multiplicative - Proof
I
I
Every number 0 ≤ x < n1 n2 gives a pair of numbers (x1 , x2 )
x ≡ x1 (mod n1 ) where 0 ≤ x1 < n1
x ≡ x2 (mod n2 ) where 0 ≤ x2 < n2
Also by the Chinese Remainder Theorem, every such pair
(x1 , x2 ) arises from a unique x (mod n1 n2 )
·|
0|
1|
2|
0
0
10
5
1
6
1
11
2
12
7
2
3
3
13
8
4
9
showing Z15 ∼
= Z3 × Z5
4
14
I
e.g.
I
φ(n1 n2 ) entries: Note that any x coprime to n1 n2 must give
rise to a pair (x1 , x2 ) coprime to n1 and n2 respectively
φ(n1 )φ(n2 ) entries: Pairs (x1 , x2 ) such that xi is coprime to ni
There is a pair (x̄1 , x̄2 ) such that x̄i xi ≡ 1 (mod ni )
The Chinese Remainder Theorem says this pair arises from
some x̄ (mod n1 n2 ), which satisfies x̄x ≡ x̄i xi ≡ 1 (mod ni )
Hence x is coprime to n1 n2 . So φ(n1 n2 ) = φ(n1 )φ(n2 )
I
I
I
I
8.4 The Phi Formula φ(n)
Theorem:
α1 α2
α1 α2
α
α
r
r
φ(p1 p2 . . . pr ) = p1 p2 . . . pr 1 −
φ(1) = 1
I
It is clear that φ(1) = 1
I
We have already noticed that
1
p1
φ(p α ) = p α − p α−1 = p α 1 −
I
I
I
I
··· 1 −
1
p
1
pr
and
This is the Basis Step for a proof by induction on the number
of prime divisors
α
α
r +1
r +1
) = φ(p1α1 p2α2 . . . prαr )φ(pr +1
)
Note φ(p1α1 p2α2 . . . prαr pr +1
as they are coprime
By Induction we know the formula for φ(p1α1 p2α2 . . . prαr ) and
αr +1
from the Basis Step we know the formula for φ(pr +1
)
α
r +1
Putting them together gives φ(p1α1 p2α2 . . . prαr pr +1
)=
αr +1
p1α1 p2α2 . . . prαr pr +1
1 − p11 · · · 1 − pr1+1 as required
9.1 Divisor function - the Definition
Definition The divisor function
τ (n) = the number of divisors of n.
Find τ (20):
The clever method is to arrange the divisors of 20 in
a grid.
20 50 20 51
21 50 21 51
22 50 22 51
Now observe that the rectangle is 2 by 3,
and so has 6 elements, τ (20) = 6.
Find τ (106 ):
Note:
τ (106 ) = τ (26 .56 ) = 7 × 7 = 49
9.2 The Formula for the Divisor Function
The Formula for the Divisor Function τ - Derivation
τ (p1α1 p2α2 . . . prαr ) = (α1 + 1) . . . (αr + 1) and τ (1) = 1
I
Each divisor d of p1α1 p2α2 . . . prαr is of the form
d = p1γ1 p2γ2 . . . prγr where 0 ≤ γj ≤ αj .
I
This shows that there are (αj + 1) choices for γj
I
Hence there are (α1 + 1) . . . (αr + 1) choices for d, i.e.
τ (n) = (α1 + 1) . . . (αr + 1)
Find τ (1001):
τ (1001) = τ (11 × 91) = τ (11)τ (7 × 13) =
τ (11)τ (7)τ (13) = 23 = 8
τ (1001) = 8
9.3 The Divisor function is Multiplicative
The Divisor Function τ is multiplicative - Proof
I
Consider two coprime natural number n, m > 1.
Where n = p1α1 p2α2 . . . prαr and m = q1β1 q2β2 . . . qsβs .
I
As they are coprime, pi 6= qj , and so
I
nm has collected prime factorization
p1α1 p2α2 . . . prαr q1β1 q2β2 . . . qsβs
I
From the formula:
τ (n) = (α1 + 1) . . . (αr + 1)
τ (m) = (β1 + 1) . . . (βs + 1)
τ (nm) = (α1 + 1) . . . (αr + 1)(β1 + 1) . . . (βs + 1)
I
Clearly giving τ (nm) = τ (n)τ (m)
I
Finally, if say m = 1, then τ (nm) = τ (n) = τ (n)τ (m)
9.4 Solving Equations with the Divisor function τ
Find the smallest natural number with τ (n) = 20
Note that 1 is not a solution
Now assume that the solution n = p1α1 p2α2 . . . prαr
I
First consider the case r = 1
I
τ (p α ) = (α + 1) = 20, gives α = 19.
The smallest p 19 is 219 .
I
Next consider r = 2,
τ (p1α1 p2α2 ) = (α1 + 1)(α2 + 1) = 20 = 2 × 10 = 4 × 5
If (α1 + 1) = 2, (α2 + 1) = 10, we have n = p11 p29 .
Smallest is n = 31 .29 = 1536
If (α1 + 1) = 4, (α2 + 1) = 5, we have n = p13 p24 .
Smallest is n = 23 .34 or 33 .24 . Smallest is 24 .33 = 432
I
Next consider r = 3,
τ (p1α1 p2α2 p3α3 ) = (α1 + 1)(α2 + 1)(α3 + 1) = 2 × 2 × 5
This gives n = p11 p21 p35 . Smallest is n = 31 .51 .25 = 240
10.1 Sum of Divisors function - the Definition
Definition
The Sum ofP
Divisor function σ(n) = the sum of the divisors of n,
i.e. σ(n) = P
d|n d
Note: τ (n) = d|n 1
Find σ(20):
The clever method no longer seems so clever.
Arrange the divisors of 20 in a grid.
20 50 20 51
21 50 21 51 are the terms of (20 + 21 + 22 )(50 + 51 )
22 50 22 51
This gives σ(20) = 7 × 6 = 42.
Find σ(100):
Note:
σ(100) = σ(22 .52 ) = (1 + 2 + 4)(1 + 5 + 25) =
7 × 31 = 217
10.2 Formula for Sum of Divisors σ - Derivation
σ(p1α1 p2α2 . . . prαr ) = σ(p1α1 ) . . . σ(prαr ),
α+1
with σ(p α ) = p p−1−1 and σ(1) = 1,
I
First note that the divisors of p α are p γ , where 0 ≤ γ ≤ α,
and these number form a Geometric Series, whose sum is
p α+1 −1
α
p−1 , which is σ(p ). Also clearly σ(1) = 1
I
Each divisor d of p1α1 p2α2 . . . prαr is of the form
d = p1γ1 p2γ2 . . . prγr where 0 ≤ γj ≤ αj .
I
Observe each occurs exactly once inQ
the expansion of
Q
αj
αj
r
r
j=1 (1 + pj + · · · + pj ) =
j=1 σ(pj )
I
This shows that the sums of divisors of n, σ(n) =
σ(p1α1 p2α2 . . . prαr ) = σ(p1α1 ) . . . σ(prαr )
Find σ(1001):
σ(1001) = σ(11)σ(7)σ(13) = 12 × 8 × 14 = 1344
10.3 Sum of Divisors σ is Multiplicative - Proof
I
I
I
I
I
I
Consider two coprime natural number n, m > 1.
Where n = p1α1 p2α2 . . . prαr and
m = q1β1 q2β2 . . . qsβs .
As they are coprime, pi 6= qj , and so
nm has collected prime factorization
p1α1 p2α2 . . . prαr q1β1 q2β2 . . . qsβs
From the formula:
σ(p1α1 p2α2 . . . prαr ) = σ(p1α1 ) . . . σ(prαr )
σ(q1β1 q2β2 . . . qsβs ) = σ(q1β1 ) . . . σ(qsβs )
σ(nm) = σ(p1α1 ) . . . σ(prαr )σ(q1β1 ) . . . σ(qsβs )
Clearly giving σ(nm) = σ(n)σ(m)
Finally, if say m = 1, then
σ(nm) = σ(n) = σ(n)σ(m)
10.4 Equations with the Sum Divisor function σ
Find all the solutions to σ(n) = 42
Note: 1 is not a solution. Assume that the solution
n = p1α1 p2α2 . . . prαr
I
We know that σ is multiplicative and so
I
σ(n) = σ(p1α1 p2α2 . . . prαr ) = σ(p1α1 ) . . . σ(prαr ) = 42
I
Showing that σ(piαi )|42
I
We now build a table to find possible values of σ(piαi ) which
could occur in a factorization of a solution n.
I
THE TABLE
I
We see that we may have:
I
42 = 6 × 7 = σ(51 )σ(22 ) = σ(20)
I
42 = 3 × 14 = σ(21 )σ(131 ) = σ(26)
I
42 = σ(411 ) = σ(41)
11.1 New Arithmetical Functions from Old
Recall f0 (d) P
= 1 and f1 (d) = d are (easily)
multiplicative
P
and τ (n) = d|n f0 (d) and
P σ(n) = d|n f1 (d) are multiplicative
Example: Set h(n) = d|n µ(d)
h(6) =
I
Compute:
I
µ(1) + µ(2) + µ(3) + µ(6) = 1 − 1 − 1 + 1 = 0,
Compute: h(7) = µ(1) + µ(7) = 1 − 1 = 0,
I
Compute:
h(8) =
µ(1) + µ(2) + µ(4) + µ(8) = 1 − 1 + 0 + 0 = 0,
h(p α ) =
P
d|n µ(d),
= p γ (0 ≤
I
Compute:
I
Note: if d|p α , then d
γ ≤ α)
P
P
Showing d|pα µ(d) = αk=0 µ(p k )
I
I
So h(p α ) = µ(1) + µ(p) + µ(p 2 ) + · · · + µ(p α ) =
µ(1) + µ(p) + µ(p 2 ) + · · · = 1 − 1 + 0 = 0
I
h(1) = 1! How about h(n)?
11.2 New Multiplicative Functions from Old
Theorem If f (n) is multiplicative then so is h(n) =
P
d|n
f (d)
I
Consider the pair of coprime numbers
n = p1α1 p2α2 . . . prαr and m = q1β1 q2β2 . . . qsβs
I
Any divisor of nm is of the form d = d1 d2 , where d1 |n, d2 |m
so p1γ1 . . . prγr and q1δ1 . . . qsδs . Note (d1 , d2 ) = 1
I
So
h(nm) =
X
f (d) =
d1 |n,d2 |m
I
f (d1 )f (d2 ) =
f (d1 d2 ) =
d1 |n,d2 |m
d|nm
X
X
X
f (d1 )
d1 |n
Hence h(n) is also multiplicative
X
d2 |m
f (d2 ) = h(n)h(m)
11.3 More New Arithmetical Functions from Old
Examples
P
I
We define g (n) =
I
As τ (n) is multiplicative we know that g (n) multiplicative
I
I
We can work out the value on prime powers quite easily
P
P
P
g (p α ) = d|pα τ (d) = αk=0 τ (p k ) = αk=0 (k + 1)
I
These are the triangle numbers: so g (p α ) = 21 (α + 1)(α + 2)
I
I
So g (20) = g (22 51 ) = g (22 )g (51 ) = 6.3 = 18
P
Similary for h(n) = d|n τ (d)3
I
h(p α ) = τ (1)3 + τ (p)3 + τ (p 2 )3 + · · · τ (p α )3
d|n
τ (d)
11.4 More New Arithmetical Functions from Old
Definition Convolution Product of f and g
n
X
X
(f ∗ g )(n) =
f (d)g
=
f (d1 )g (d2 )
d
d|n
Example:
I
d1 d2 =n
Set h(n) = (µ ∗ τ )(n)
Compute:
h(6) =
µ(1)τ (6) + µ(2)τ (3) + µ(3)τ (2) + µ(6)τ (1)
= +4 − 2 − 2 + 1 = 1,
I
Compute:
h(7) =
µ(1)τ (7) + µ(7)τ (1) = 2 − 1 = 1,
12.1 More New Multiplicative Functions from Old
Theorem If f and g are multiplicative then so is h = f ∗ g
I
I
I
Recall: Any d such that d|nm is of the form d = d1 d2 , where
d1 |n, d2 |m. Note (d1 , d2 ) = 1 and also ( dn1 , dm2 ) = 1
P
nm
h(nm)
=
d|nm f (d)g ( d ) =
P
nm
f
(d
d
)g
(
)=
1
2
d
|n,d
|m
d
1
2
1 d2
P
m
n
)g
(
)=
f
(d
)f
(d
)g
(
1
2
d
|n,d
|m
d
d
1
2
1
2
P
n P
m
d1 |n f (d1 )g ( d1 )
d2 |m f (d2 )g ( d2 ) = h(n)h(m)
Hence h(n) is also multiplicative
Compute:
I
I
I
Set h(n) = (µ ∗ τ )(n)
As h(n) is multiplicative we only need h(p α )
because h(n) = h(p1α1 ) . . . h(prαr )
We have h(p α ) =
pα
α
µ(1)τ (p ) + µ(p)τ ( p ) + · · · = (α + 1) − α = 1
12.2 Example of Convolution Product
Show: φ ∗ f0 = f1
i.e.
I
I
I
I
I
I
I
I
P
d|n
φ(d) × 1 = n
P
Set h(n) = (φ ∗ f0 )(n) i.e., d|n φ(d) × 1 = n
As φ and f0 are multiplicative so is h
We compute h(p α )
We have
h(p α ) = φ(p α ) + φ(p α−1 ) + · · · + φ(p) + φ(1)
= p α (1 − p1 ) + p α−1 (1 − p1 ) + · · · + p 1 (1 − p1 ) + 1
which telescopes to be equal to give p α = f1 (p α )
we now use that f1 is also multiplicative to give
h(p1α1 . . . prαr ) = h(p1α1 ) . . . h(prαr ) =
f1 (p1α1 ) . . . f1 (prαr ) = p1α1 . . . prαr = f1 (p1α1 . . . prαr )
12.3 Convolving with µ
Compute: (µ ∗ σ)(20)
+µ(1)
+µ(2)
+µ(4)
(µ ∗ σ)(20) =
+µ(5)
+µ(10)
+µ(20)
I
I
I
σ(20)
σ(10)
σ(5)
=
σ(4)
σ(2)
σ(1)
+42
−18
+0
−7
+3
+0
= 20
We might guess that (µ ∗ σ)(n) = n = f1 (n), which is true
P
But recalling that σ(n) = d|n f1 (d),
We might guess that convolving with µ recovers the new
function obtained using the New from Old Method.
12.4 Möbius Inversion Formula
Theorem Let f P
be a multiplicative function
and let g (n) = d|n P
f (d), then setting
h(n) = (µ ∗ g )(n) = d|n µ(d)f ( dn ), we have h(n) = f (n)
Proof
I
I
I
I
As f is multiplicative, then so is g
As g and µ are multiplicative, then so is h
P
pα
α
α
h(p ) = (µ ∗ g )(p ) = d|pα µ(d)g ( d ) =
α
α−1
µ(1)g
(p
)
+
µ(p)g
(p
) + ··· =
Pα
P
α−1
k
k
α
f
(p
)
−
k=0
k=0 f (p ) + 0 = f (p )
h(p1α1 p2α2 . . . prαr ) = h(p1α1 ) · · · h(prαr ) =
f (p1α1 ) · · · f (prαr ) = f (p1α1 p2α2 . . . prαr )
13.1 Three Easy Examples of Dirichlet Series
A Dirichlet Series is an expression of the form G (s) =
I
n=1
ns
∞
X
Y
1
−s −1
=
= ζ(s) =
1 − pi
s
n
n=1
p prime
i
The Dirichlet Series of f1 (n) = n is ζ(s − 1)
∞
X
f1 (n)
n=1
I
g (n)
n=1 ns
The Dirichlet Series of f0 (n) is the Riemann Zeta Function
∞
X
f0 (n)
I
P∞
ns
∞
X
Y 1
−(s−1) −1
=
= ζ(s − 1) =
1 − pi
ns−1
n=1
pi prime
The Dirichlet Series of µ(n) is 1/ζ(s), almost by µ’s definition
∞
X
µ(n)
n=1
ns
Y
1
−s +1
=
=
1 − pi
ζ(s) p prime
i
13.2 Dirichlet Multiplication Theorem
Theorem Given the Dirichlet Series of f and g are
P∞ f (n)
P∞ g (m)
F (s) = n=1 ns and G (s) = m=1 ms
The Dirichlet Series of (f ∗ g ) is F (s)G (s)
I
Consider the product of the two Dirichlet Series
! ∞
!
∞
X f (n)
X g (m)
F (s)xG (s) =
ns
ms
n=1
I
Equating terms in
I
The coefficient of
1
N s , collects
1
N s is
X
m=1
terms where nm = N
f (n)g (m) = (f ∗ g )(N)
nm=N
I
So the product F (s)G (s) equals
Dirichlet Series for (f ∗ g )
P∞
N=1
(f ∗g )(N)
Ns
which is the
13.3 Three Harder Examples of Dirichlet Series
I
2
The Dirichlet Series of τ (n) is ζ(s)
P
We apply the DMT to τ (n) = d|n 1 × 1 = (f0 ∗ f0 )(n)
∞
X
τ (n)
n=1
I
ns
=
∞
X
1
ns
n=1
!2
2
= ζ(s) =
Y
1 − pi−s
−2
pi prime
The Dirichlet Series of σ(n) is ζ(s − 1)ζ(s)
We apply the DMT to σ(n) = (f1 ∗ f0 )(n) giving
DS(σ)(s) = DS(f1 )(s)×DS(f0 )(s) = ζ(s−1)ζ(s)
I
The Dirichlet Series of φ(n) is ζ(s−1)
ζ(s)
We apply the DMT to (φ ∗ f0 )(n) = n = f1 (n) giving
DS(φ)(s) × DS(f0 ) = DS(f1 )(s),
which is DS(φ)(s) × ζ(s) = ζ(s − 1)
14.1 Fermat’s Little Theorem
Theorem Let p be a prime, then for all a we have
ap ≡ a (mod p)
Note: If (a, p) = 1 then we can cancel and get ap−1 ≡ 1 (mod p)
I
I
I
I
27 ≡ 128 ≡ 126 + 2 ≡ 2 (mod 7)
35 ≡ 243 ≡ 3 (mod 5)
210 ≡ 1024 = 1023 + 1 ≡ 1 (mod 11)
Beware: 2561 ≡ 2 (mod 561), but 561 = 3.11.17
561 is a Carmichael Number
Computing a power quickly:
2φ(9) ≡ 26 (mod 9)
xi
1 2 63 4 5 66 7 8 69
×2
2 4
8 10
14 16
(mod 9) 2 4
8 1
5 7
Note this is the first line in another order, so
26 (1.2.4.5.7.8) ≡ 2.4.8.1.5.7 (mod 9). Cancel: 26 ≡ 1 (mod 9)
14.2 Euler’s Theorem
Theorem Let (a, n) = 1, then we have
aφ(n) ≡ 1 (mod n)
Note: If n, is prime, then φ(p) = (p − 1) gives ap−1 ≡ 1 (mod p)
The proof follows the method of the example 2φ(9) (mod 9)
I
List the φ(n) numbers 1 ≤ xi ≤ n, such that (xi , n) = 1
I
Multiply them all by a. Note (axi , n) = 1 as well
I
Reduce all the number so yi ≡ axi (mod n) and 1 ≤ yi ≤ n
I
Note (yi , n) = (axi , n) = 1 as well
I
If yi = yj then axi ≡ axj (mod n), and
cancelling gives xi ≡ xj (mod n) so i = j
I
This shows that y1 , . . . , yφ(n) are φ(n) numbers coprime to n
I
The yi must be the xi is some order so
I
aφ(n) .x1 . · · · .xφ(n) ≡ y1 . · · · .yφ(n) ≡ x1 . · · · .xφ(n) (mod n)
I
Cancelling gives aφ(n) ≡ 1 (mod n)
14.3 Example Euler’s Theorem
I
34 ≡ 3φ(10) ≡ 1 (mod 10)
I
3φ(100)
I
210 ≡ 1024 = 1023 + 1 ≡ 1 (mod 11)
Example:
≡
φ(22 .52 )
3
≡ 340 ≡ 1 (mod 100)
34 (mod 10)
xi
1 6 2 3 6 4 6 5 6 6 7 6 8 9 6 10
×3
3
9
21
27
(mod 10) 3
9
1
7
Note last line is the first line in another order, so
34 (1.3.7.9) ≡ 3.9.1.7 (mod 10).
Cancelling gives 34 ≡ 1 (mod 10)
Of course 34 = 81 ≡ 1 (mod 10)
14.4 Public Key Cryptography - Applying Euler
The (3, 100) Public Key Cipher
I
To send 17 send the last two digits of
173 = 17 × 17 × 17 = 49113;
I
Encode: 17 as the number 13.
I
It is hard to see how to decode this message.
I
To decode: I compute 1327 (mod 100), [27 is my Secret!]
I
1327 = (((13)3 )3 )3 ) ≡ ((97)3 )3 ≡ 733 ≡ 17.
I
Why 27? ”Because” 100 = 22 × 52 and φ(100) = 40
3 × 27 = 81 ≡ 1 (mod 40).
I
(173 )27 = 173×27 = 1781 = 1780 × 17 ≡ 1 × 17 = 17
I
In practice the power (3 here) is a large random number,
I
The secret decryptor is the inverse of this random number
I
The modulus (100 here) in a product of two large random
primes, so φ(pq) = (p − 1)(q − 1).
15.1 Lagrange’s Theorem
Theorem Let p be a prime, then the equation
P(x) = x n + an−1 x n−1 + · · · + a1 x + a0 ≡ 0
(mod p)
has at most n solutions (mod p).
I The proof is by Induction on n
I For n = 1, clearly x + a0 ≡ 0 (mod p) has exactly one solution
I Inductive Step: degree of P(x) is n > 1
I If P(x) ≡ 0 (mod p) has no solution then we are done; 0 < n
I Otherwise, if P(λ) ≡ 0 (mod p), then divide P(x) by (x − λ)
I This gives P(x) = Q(x)(x − λ) + r , and
P(λ) = Q(λ)(λ − λ) + r ≡ r ≡ 0 (mod p) Beware!
I Note: degree of Q(x) is (n − 1) and so, by induction, it has at
most (n − 1) roots
I Any root of P(x) ≡ Q(x)(x − λ) (mod p) is either λ or one
of the (at most (n − 1)) roots of Q(x).
I So P(x) has at most 1 + (n − 1) = n roots
15.2 Examples of Lagrange’s Theorem
I
Example 1:
x 3 + x + 1 ≡ 0 (mod 11) has the root
x =2
But: x 3 + x + 1 = (x − 2)(x 2 + 2x + 5) + 11,
and 2 is not a root of x 3 + x + 1 = 0.
I
Example 2: x 3 ≡ 1 (mod 3) has 1 root
Aside: (x − 1)3 = (x 3 − 3x 2 + 3x − 1) ≡ x 3 − 1 (mod 3)
15.3 Examples of Lagrange’s Theorem
I Example 3: x 3 ≡ 1 (mod 7) has 3 roots
13 = 1 ≡ 1 (mod 7), 23 = 8 ≡ 1 (mod 7),
43 = 64 ≡ 1 (mod 7)
Aside:
I
x 3 − 1 = (x − 2)(x 2 + 2x + 4) + 7 (mod 7)
Example 4: x 2 ≡ 1 (mod 15) has 4 roots!
x 2 ≡ 1 (mod 3) and x 2 ≡ 1 (mod 5)
x ≡ ±1 (mod 3) and x ≡ ±1 (mod 5)
The Chinese Remainder Theorem allows us to put these
together as 4 solutions (mod 15)
(±1) × 6 + (±1) × 10 = ±1, ±4
16.1 Roots of Unity - Special Case
In some cases we can guarantee that a polynomial has the
maximum number of roots.
Theorem If p is prime and d|(p − 1) then x d − 1 ≡ 0 has d
distinct roots
I
As d|(p − 1) we have (p − 1) = dq.
I
Set X = x d . Note
(X − 1)(X q−1 + X q−2 + · · · + X + 1) = (X q − 1) = (x dq − 1)
(x d − 1)((x d )q−1 + (x d )q−2 + · · · + (x d ) + 1) = ((x d )q − 1)
I
Recall that all the numbers x = 1, · · · , (p − 1), solve the
RHS, x dq − 1 ≡ 0 (mod p) by the Little Fermat Theorem
I
Lagrange’s Theorem tells that
(x d )q−1 + (x d )q−2 + · · · + (x d ) + 1 has at most d(q − 1) roots
I
This means that (x d − 1) ≡ 0 must have all the other
(p − 1) − d(q − 1) = dq − d(q − 1) = d roots
16.2 Examples of Roots of Unity
I
Example 1: d = 2, p = 5; (Well any odd prime!)
x 2 ≡ 1 (mod p) has 2 roots
(±1)2 ≡ 1 (mod p)
d = 3, p = 7; x 3 − 1 ≡ 0 (mod 7) has 3
I
Example 2:
roots
I
Example 3: d = 4, p = 13; (Well any 4k + 1 prime!)
x 4 ≡ 1 (mod p) has 4 roots
I
I
I
(±1)4 ≡ 1 (mod p)
always gives 2 roots
(x 4 − 1) = (x 2 − 1)(x 2 + 1) so the other roots are square
roots of −1 (mod p)
(±5)2 = 25 ≡ −1 (mod 13),
are the other 2 roots
16.3 Roots of Unity - General Case
Theorem Let p be a prime and h = (d, p − 1).
Then x d − 1 ≡ 0 has h distinct roots
I
We show that x d − 1 ≡ 0 (mod p) and x h − 1 ≡ 0 (mod p)
have the same solutions
I
As h|(p − 1) we know x h − 1 ≡ 0 (mod p) has h solutions
I
Easy implication (⇐=): If x h ≡ 1 (mod p), then
d
d
x d ≡ (x h ) h ≡ 1 h ≡ 1 (mod p),
I
Hard implication ( =⇒ ): by the extended euclid algorithm,
there exists a and b such that h = ad + b(p − 1)
x h = x ad+b(p−1) = x ad x b(p−1) = (x d )a (x p−1 )b ≡ 1 (mod p)
I
Example How many roots are there to x 3 ≡ 1 (mod 2011)?
(3, 2010) = 3, so there are 3 solutions
I
Example How many roots are there to x 4 ≡ 1 (mod 2011)?
(4, 2010) = 2, so there are only 2 solutions
16.4 Primitive Roots of Unity
We call x a primitive dth root of unity modulo p, if it solves
xd ≡ 1
(mod p),
but not x a ≡ 1 (mod p), for any smaller a > 1.
I
Notice that if x a ≡ 1 (mod p) and x b ≡ 1 (mod p)
I
Then there exist ā, b̄, so that aā + b b̄ = (a, b)
I
So x (a,b) ≡ x aā+bb̄ ≡ 1 (mod p)
I
which is a smaller power, unless a = b.
I
This shows there is a smallest power!
I
If we set g (n) to be the number of primitive dth roots of unity
I
Every root of x n ≡ 1 is a primitive root for some d|n
P
Hence d|n g (d) = n
P
P
g
(d)
=
n
=
d|n
d|n φ(d) = n, so g (n) = φ(n)
I
I
17.1 Quadratic Residues
We now move on
√ to solving quadratics equations.
b 2 −4ac
Recall x = −b± 2a
so we only need to discover how to square
root numbers.
Definition Let p be an odd prime and p 6 |a.
We say that a is a Quadratic Residue (mod p) if we can solve
x 2 ≡ a (mod p), otherwise we call a and quadratic non-residue.
Demo Example: What are the quadratic residues (mod 13)?
I
We (cleverly) list the numbers (mod 13)
I
List:
I
I
±1, ±2, ±3, ±4, ±5, ±6
Squares: 1, 4, 9, 16, 25, 36
(mod p): 1, 4, 9, 3, 12, 10
I
Note that exactly half of the non-zero numbers are quadratic
residues, just like in R
I
You might expect to be unlucky sometimes and some squares
reduce (mod p) to become equal
17.2 How many Quadratic Residue are there?
Theorem Let p be an odd prime. Then exactly
number 1, 2, . . . , (p − 1) are quadratic residues
I
We (cleverly) list the numbers (mod p)
I
List:
p−1
2
of the
±1, ±2, . . . , ± p−1
2
2
2
1 ,2 ,...,
p−1 2
2
I
Squares:
I
This shows that there are at most
I
But perhaps some do become equal when we reduce (mod p)
I
2
2
If 0 < x < y ≤ p−1
2 and x ≡ y (mod p), i.e.
p|(y 2 − x 2 ) = (y − x)(y + x), so p|(y ± x)
I
But if x 6= y then 0 < (y ± x) ≤ 2( p−1
2 )=p−1<p
I
This shows that p cannot divide (y ± x) or y 2 − x 2 unless
x =y
I
Hence our list does consist of
p−1
2
p−1
2
quadratic residues
different quadratic residues
17.3 Euler’s Criterion
Euler’s Theorem Let p be an odd prime, and p 6 |a. Then
p−1
(1) a 2 ≡ ±1 (mod p)
p−1
(2) a 2 ≡ +1 (mod p) iff a is a quadratic residue (mod p)
p−1
2
2
≡ ap−1 ≡ +1 (mod p) by Fermat’s Theorem
I
(1) a
I
(2)(⇐=) If a is a quadratic residue, say a = x 2 , then
p−1
p−1
2
2
a 2 ≡ x
≡ x p−1 ≡ +1 (mod p) by Fermat’s Theorem
I
p−1
I
(2)( =⇒ ) Note: x 2 − 1 ≡ 0 (mod p), has exactly
solutions, as p−1
2 |(p − 1)
I
We know p−1
2 of them are the quadratic residues,
so all the roots are!
p−1
2
17.4 Example using Euler’s Criterion
Example: Use Euler’s Criterion to decide whether (or not) 2 is a
quadratic reside (mod 23)!
I
We compute
2
I
I
I
I
p−1
2
=2
23−1
2
= 211 = 2048 = 89 × 23 + 1 ≡ +1
(mod 23)
So 2 is a quadratic reside (mod 23), of course the square
root is obvious in this case, but there is a formula for it:
23+1 2
p−1
23+1
2
Note: 2 4
= 2 2 = 2 2 + 2 ≡ 21 (mod 23)
24
So the square root is 2 4 = 26 = 64
This formula works whenever p ≡ 3 (mod 4), and is used in
cryptography
Example: Use Euler’s Criterion to decide whether (or not) 2 is a
quadratic residue (mod 17) and/or (mod 19)!
17−1
2
2
= 28 = 256 = 15 × 17 + 1 ≡ 1 (mod 17) Yes!
19−1
2 2 = 29 = 512 = 27 × 19 − 1 ≡ −1 (mod 19) No
18.1 The Legendre Symbol
p−1
It is useful to have a notation for the ±1 ≡ a 2 (mod p)
Definition If p is an odd prime, then we define
+1 a is a quadratic residue (mod p)
a
= −1 a is a quadratic non-residue (mod p)
p
0
p|a
Examples:
I
= +1, as 32 ≡ 2 (mod 7)
41−1
20
2
+1,
as
(−1)
=
(−1)
=
Compute −1
=
41
In general: −1
depends only on p ≡ ±1 (mod 4)
p
I
Can we solve x 2 ≡ 17 (mod 5)?
I
I
Compute
2
7
+1
(±1)2 = 1, (±2)2 = 4
and 1, 4 6≡ 2 ≡ 17 (mod 5) No!
18.2 Legendre Symbol - Properties
Theorem Let p be an odd prime. Then
ab
a
b
=
p
p
p
ab
p
≡ (ab)
p−1
2
≡a
p−1
2
≡
a
p
b
p
I
Note:
I
But: ±1 − ±1 = −2, 0, +2, so is only a multiple of p if it is 0
b
So ab
= pa
p
p
I
b
p−1
2
(mod p)
Examples:
Compute
−2
23
I
Compute
25
17
I
But what is the value of
I
−2
23
=
−1
23
:
:
2
23
25
17
= (−1)(+1) = −1 No
5
5
= 17 17 = (±1)2 = +1
5
17
?
18.3 The Jacobi Symbol
The Legendre Symbol can be generalised to include the case where
the denominator is not a prime.
Definition Let a be an integer and n an odd integer, with
collected prime factorisation n = p1α1 p2α2 . . . prαr . Then we define
αr
a a α1 a α2
a
···
=
n
p1
p2
pr
where the right hand side is a product of Legendre Symbol
Examples:
2 2 I Compute 2 = 2
45 3
5 = (+1)(−1)
2
I Compute 2 = 2
= (−1)(−1) = +1
15
3
5
I
BEWARE! x 2 ≡ 2 (mod 15) has no solution!
2
2
= +1
Compute 25
= 25
I
BEWARE! x 2 ≡ 2 (mod 25) has no solution!
I
18.4 Jacobi Symbol - Properties
Theorem
Let n be an odd number. Then
b
I ab = a
n
n
n
m−1 n−1
n
m
I
2
2
=
×
(−1)
if m is also odd
m
n
n−1
I −1 = (−1) 2
n
n2 −1
2
I
8
n = (−1)
These properties are easily deduced from the corresponding
properties of the Legendre Symbol, which we will now examine.
19.1 Quadratic Reciprocity
What is the value of
5
17
?
Theorem Let p and q be distinct, odd primes, then
p−1
q−1
p
q
(
)(
2
2 )
=
(−1)
q
p
I
By Quadratic Reciprocity
5−1
5
17
( 17−1
2 )( 2 ) =
=
×
(−1)
17
5
17
5
=
2
5
17
5
I
As 17 ≡ 2 (mod 5),
I
We saw above that x 2 ≡ 2 (mod 5) has no solutions
I
So
5
17
= (−1)
Note: the Theorem of Quadratic Reciprocity says that often
we can solve x 2 ≡ p (mod q) iff we can solve x 2 ≡ q (mod p)
19.2 Example using Quadratic Reciprocity
Find
I
I
I
I
I
I
I
21
2011
21
2011
3
= 2011
2011
×
3
7
2011
Factor:
3
Flip: 2011
=
(−1)?
Reduce
andQR Sign:
1
3
1
=
×
(−1)
= (−1)
2011
3
7
2011
Flip: 2011 = 7 × (−1)?
7
2
Sign 2011 = 7 × (−1)1 = (+1)(−1) = (−1)
(as 32 ≡ 2 (mod 7))
7 21
3
Hence 2011 = 2011 2011 = (−1)(−1) = +1
. . . and so we can solve x 2 ≡ 21 (mod 2011)
In fact 9462 = 894916 ≡ 21 (mod 2011)
20.1 Why Quadratic Reciprocity works
5
17
I
Why is the value of
I
We can compute 5 2 = 58 (mod 17).
Imagine p and a were larger!
Recall the method for computing the power ap−1 (mod p) in
Euler’s Theorem.
p−1
In this case we want to compute a 2 (mod p), so we list
only the numbers 1 to p−1
2
I
I
what it is?
17−1
Example: 58 (mod 17)
xi
1 2 3 4 5 6 7 8
×5
5 10 15 20 25 30 35 40
(mod 17) +5 −7 −2 +3 +8 −4 +1 +6
Note: the final line is the same as the first except for some sign
changes and the order: so 58 × 8! ≡ (−1)3 8! (mod 17).
Cancelling gives 58 ≡ −1 (mod 17)
20.2 Gauss’s Lemma
Gauss’s Lemma Let p be an odd prime and p 6 |a.
Set X = {1, 2 . . . , p−1
2 }.
Let ` be the number
of x ∈ X so that ax ≡ −z (mod p), for z ∈ X
Then pa = (−1)`
I
I
I
List the numbers 1 ≤ x ≤ p−1
2 , giving {k : 1 ≤ k ≤
Multiply them all by a, giving {ak : 1 ≤ k ≤ p−1
2 }.
Reduce all the number in the list (mod p), so that
− p−1
2
I
I
I
I
I
I
p−1
2 ,
p−1
2 }.
p−1
2
yk ≡ ak (mod p) and
≤ yk ≤
giving {yk }k=1
If yk = ±yl then ak ≡ ±al (mod p), and
cancelling gives k ≡ ±l (mod p), so p|(k ± l)
p−1
Note: −(p − 1) = 2(− p−1
2 ) ≤ (k ± l) ≤ 2(+ 2 ) = +(p − 1)
The only multiple of p inthis range
is 0. So
k−
l = 0
p−1
Multiplying gives a 2 × p−1
! ≡ (−1)` p−1
! (mod p).
2
2
p−1
Cancelling gives pa ≡ a 2 ≡ (−1)` (mod p),
a
`
Again as p ≡ (−1) (mod p), then pa = (−1)`
20.3 Square Root of 2
Note: We cannot use Quadratic Reciprocity to compute
but we can use Gauss’s Lemma
2
p
Let p be an odd prime. Then
= (−1)
We first consider the case p ≡ +1 (mod 4)
I
List
I
p+3
Times 2: 2, 4, . . . , p−1
2 ; 2 , . . . , (p − 1)
I
I
p−3
Reduce: 2, 4, . . . , p−1
2 ; − 2 , . . . , (−1)
p−1
p−1
p−1
− 4
=
Note: ` =
2
4
p−1
p+1 ( 4 )
p 2 −1
2
`
2
= (−1) 8 , as
p = (−1) = (−1)
I
Next we consider the case p ≡ 3 (mod 4)
I
2
p
,
p 2 −1
8
I
p−1
2 :
p+3
p−1
1, 2, . . . , p−1
4 ; 4 ,..., 2
p+1
2
is odd
p−1
2
is odd
20.4 Square Root of 2 - Continued
Let p be an odd prime. Then
2
p
= (−1)
p 2 −1
8
I
Next we consider the case p ≡ 3 (mod 4)
I
List
I
p+1
Times 2: 2, 4, . . . , p−3
2 ; 2 , . . . , (p − 1)
I
p−1
Reduce: 2, 4, . . . , p−3
;
−
2
2 , . . . , (−1)
p−1
p−3
p+1
Note: ` =
− 4
=
2
4
p+1
p−1 ( 4 )
p 2 −1
2
`
2
= (−1) 8 , as
p = (−1) = (−1)
p 2 −1
2
Thus in either case: p = (−1) 8
I
I
I
p−1
2 :
p+1
p−1
1, 2, . . . , p−3
4 ; 4 ,..., 2
Note [(8k ± 1)2 − 1]/8 = [64k ± 16k + 1 − 1]/8 = 8k 2 ± 2k is even
[(8k ± 3)2 − 1]/8 = [64k ± 48k + 9 − 1]/8 = 8k 2 ± 6k + 1 is odd
Exercise: Can we solve x 2 ≡ 2 (mod 2011)?
p = 2011, No! 11 is not next to a multiple of 8
21.1 An idea of the proof of Quadratic reciprocity
Example: Show that we can x 2 ≡ 3 (mod p) iff p is next to a
multiple of 12 (where p 6= 2, 3)
p−1
p
3
I
2
=
(−1)
p
3
p−1
I This equals +1 if p = (−1) 2 = ±1
3
I If both equal +1, then p ≡ 1 (mod 3) and p ≡ +1 (mod 4),
I By the Chinese Remainder Theorem p ≡ +1 (mod 12)
I If both equal −1, then p ≡ 2 (mod 3) and p ≡ 3 (mod 4),
I By the Chinese Remainder Theorem p ≡ −1 (mod 12)
I Hence we have solution only when p ≡ ±1 (mod 12)
I
I
I
I
I
We only consider the case p ≡ +1 (mod 12)
p−1 (p+5)
2p−2 2p+4
p−1
List p−1
:
1,
2,
.
.
.
,
;
,
.
.
.
,
;
,
.
.
.
,
2
6
6
6
6
2
p−1 (p+5)
2p−2 2p+4
3p−3
Times 3: 3, 6, . . . , 2 ; 2 , . . . , 2 ; 2 , . . . , 2
(p−5)
2p+4
p−3
Reduce: 3,6, . . . ,p−1
. . . , −2p+2
2 ; − 2 ,
2 ; 2 ,..., 2
Note: l =
is even, so
2p−2
6
3
p
−
= +1
p−1
6
=
p−1
6
= (12k + 1 − 1)/6 = 2k
22.1 Written Assignment A
1. [B6 2009/10] : [15 Marks]
(a) Prove that there are infinitely many primes of the form
3k − 1, where k is a natural number;
(b) Denote the nth such prime by pn , so p1 = 2 and p2 = 5.
Show that pn+1 ≤ 3p1 p2 . . . pn − 1.
n−1
(c) Prove by induction that pn ≤ 32 .
2. [A1 2012/13] : [10 Marks]
(a) Prove that (5n − 1) is always a multiple of 4;
(b) Prove that if (5n − 1)/4 is a prime, then n is also a prime;
(c) Find a prime p, such that (5p − 1)/4 is not a prime.
3. [B6 2013/14] : [10 Marks] Let M = 2a−1 b, where b is odd
and let N = 2q−1 (2q − 1), where 2q − 1 is a prime number.
Show that: (i) σ(M) = (2a − 1)σ(b); (ii) σ(N) = 2N
4. [B5 (c) 2005/06] : [15 Marks] [STARRED (a) Prove that if
q > 6 is a prime, then q 2 ≡ ±1 (mod 10);
(b) Show that p 2 ≡ −1 (mod 10) for infinity many primes.
(c) Give an odd prime which does not satisfy this.
22.2 Written Assignment B
1. [20 Marks] Let n have prime factorisation p1α1 . . . prαr .
Define the function ν by: ν(p1α1 . . . prαr ) = 2r , ν(1) = 1.
(a) Compute: ν(12), ν(13), ν(14).
Define h(n) = (µ ∗ ν)(n), where µ is the Möbius function.
(b) Compute: h(12), h(13), h(14)
(c) Prove that h(n) = |µ(n)|.
2. [20 Marks] Recall f2 (n) = n2 .
(a) Show that f2 is multiplicative.
Define h(n) = (µ ∗ f2 )(n).
(b) Show h(p1α1 . . . prαr ) = (p1α1 . . . prαr )2 (1 −
1
) · · · (1
p12
−
1
)
pn2
(c) Find the Dirichlet Series for h.
3. [B7 (d) 2009/10] : [10 Marks] [STARRED]
Let φ, σ and τ be the standard arithmetical functions, which
you may assume are multiplicative.
Prove that for all natural numbers n we have:
(φ ∗ σ)(n) = nτ (n)
