Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition 1. Let n be a positive integer (the modulus). We say that two integers a, b are congruent mod n, which is written as a ≡ b (mod n), if n|b − a. Example 2. 1. If a and b are arbitrary integers, a ≡ b (mod 1), since 1 divides every integer and in particular it divides b − a. 2. For n = 2, two integers a and b are congruent mod 2 if and only if their difference b − a is even. This happens exactly when a and b are both even or they are both odd. 3. Something similar happens for n = 3. Every integer has remainder 0, 1 or 2 when divided by 3, and it is easy to check that a ≡ b (mod 3) if and only if a and b have the same remainder when divided by 3. In fact, this generalizes: As we have seen, given integers n > 0 and a, there exist unique integers q, r with 0 ≤ r ≤ n − 1, such that a = nq + r. Here, r is the remainder when you divide a by n. With this said, we have the following alternate way to describe congruences: Proposition 3. Two integers a, b are congruent mod n if and only if they have the same remainder when divided by n. Proof. First suppose that a, b are congruent mod n. Thus, b − a = nk for some integer k, so that b = a + nk. Now long division with remainder says that a = nq + r, with 0 ≤ r ≤ n − 1. Hence, b = a + nk = nq + r + nk = nq + nk + r = n(q + k) + r, with 0 ≤ r ≤ n − 1. Thus, we have written b as a multiple of n, namely n(q +k), plus r, with 0 ≤ r ≤ n−1. By the uniqueness 1 of long division with remainder, r is the remainder when we divide n into b. So a and b have the same remainder when divided by n. Conversely, suppose that a and b have the same remainder when divided by n. By definition, a = nq1 + r and b = nq2 + r for some integers q1 , q2 . Then b − a = nq2 + r − (nq1 + r) = nq2 − nq1 = n(q2 − q1 ). Thus b − a is a multiple of n. We are used to seeing the integers grouped into even and odd integers. Likewise, we can group integers according to their remainders when divided by 3, or by n. In general, we call the set of all integers congruent to a given integer a mod n a congruence class mod n. It is easy to see that the number of congruence classes mod n is n, and that they are described by the set of possible remainders 0, 1, . . . , n − 1. We will say a little more about this in the next section. Let us conclude this section by saying a few words about why congruences are a good thing to study. One answer is that they describe cyclical phenomena: days of the week, hours of the day, dates of the year if there are no leap years or leap centuries, . . . It is important to have a kind of mathematics to describe such phenomena. A second answer is that we might want to study certain complicated equations in integers. For example, we might want to show that there are no interesting integer solutions to the equation xk + y k = z k for any k > 2. Of course, this is a very hard equation to study! We might try to look at the easier equation xk + y k ≡ z k (mod n) for various n. For any given n, there are really only finitely many x, y, z to check, so that the existence question for solutions is much easier to decide. The existence or nonexistence of solutions to the congruence equation, and more generally the structure of all of the solutions, might give us some clues as to whether the original equation in integers has a solution. At the end of the seminar, we will try to look at simpler examples of this idea. Properties of congruences There are two kinds of properties of congruences. The first set of properties is as follows: Proposition 4. Let n be a positive integer. 1. For all a ∈ Z, a ≡ a (mod n). 2. For all a, b ∈ Z, if a ≡ b (mod n), then b ≡ a (mod n). 2 3. For all a, b, c ∈ Z, if a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n). These properties look like the usual properties of equality, and they are given the same names (reflexive, symmetric, transitive). Any relationship between two integers (or elements of a more general set) which satisfies all three properties is called an equivalence relation. It is easy to prove Proposition 4. For example, to see (1), for every integer a, a − a = 0, and n · 0 = 0, so n|a − a and hence by definition a ≡ a (mod n). As for (2), n|b − a if and only if n|a − b, so a ≡ b (mod n) if and only if b ≡ a (mod n). We leave (3) as an exercise. A typical example of how to apply these properties is as follows: given an r with 0 ≤ r ≤ n − 1, if a ≡ r (mod n) and a ≡ b (mod n), then b ≡ r (mod n) as well. The second set of properties we use about congruences is that we can add and multiply them in a consistent way. The following generalizes the fact that the sum of two odd numbers or two even numbers is always even, that the sum of an odd and an even number is odd, the product of two odd numbers is always odd and the product of two numbers, one of which is even, is always even: Proposition 5. Let n be a positive integer. Suppose that a1 ≡ a2 (mod n) and that b1 ≡ b2 (mod n). Then a1 + b1 ≡ a2 + b2 (mod n) and a1 b1 ≡ a2 b2 (mod n). Proof. We shall just prove the second statement and leave the first as an exercise. By assumption, n|a2 − a1 and n|b2 − b1 . Write a2 − a1 = nk1 and b2 − b1 = nk2 . Thus a2 = a1 + nk1 and b2 = b1 + nk2 . Hence a2 b2 = (a1 + nk1 )(b1 + nk2 ) = a1 b1 + nk1 b1 + nk2 a1 + n2 k1 k2 . Subtracting off the a1 b1 term gives a2 b2 − a1 b1 = n(k1 b1 + k2 a1 + nk1 k2 ), so that n divides a2 b2 − a1 b1 . Thus by definition a1 b1 ≡ a2 b2 (mod n). We can view the algebraic operations of + and · as operations on the finite set of congruence classes mod n; this is an example of a finite algebraic system. We will say more about this in a minute, but first let us record some of the usual properties of congruence addition and multiplication. We will not verify all of these properties; they follow immediately from the usual properties of addition and multiplication of integers. The first set of properties have to do with addition: 3 Proposition 6. Let n be a positive integer. (i) (Associativity of addition) For all a, b, c ∈ Z, (a + b) + c ≡ a + (b + c) (mod n). (ii) (Commutativity of addition) For all a, b ∈ Z, a + b ≡ b + a (mod n). (iii) (Additive identity) For all a ∈ Z, a + 0 ≡ a (mod n). (iv) (Additive inverses) For all a ∈ Z, a + (−a) ≡ 0 (mod n). Next we consider multiplication: Proposition 7. Let n be a positive integer. (i) (Associativity of multiplication) For all a, b, c ∈ Z, (a · b) · c ≡ a · (b · c) (mod n). (ii) (Commutativity of multiplication) For all a, b ∈ Z, a · b ≡ b · a (mod n). (iii) (Multiplicative identity) For all a ∈ Z, a · 1 ≡ a (mod n). Notice that we do not speak about multiplicative inverses or cancellation, and in fact we shall see that cancellation is not always possible. Before that, though, we need the following property linking addition and multiplication: Proposition 8. (Multiplication distributes over addition) Let n be a positive integer. For all a, b, c ∈ Z, a · (b + c) ≡ ab + ac (mod n). 4 In the usual way, we always have a · 0 ≡ 0 (mod n) for every a (because a · 0 = a · (0 + 0) = a · 0 + a · 0. But notice that, if for example we take n = 6, 2 · 3 ≡ 0 ≡ 2 · 0 (mod 6), although 3 is not congruent to 0 mod 6, so that we cannot just cancel off the nonzero factor 2. For another example with n = 9, 3 · 5 ≡ 6 ≡ 3 · 2 (mod 9), but we cannot cancel off the 3 to get 6 ≡ 2 (mod 9). (Why not?) Note that, if a has a multiplicative inverse mod n, i.e. if there exists an x such that ax ≡ 1 (mod n), then we can cancel off multiplication by a, since if ab ≡ ac (mod n), then multiply by x to get x(ab) ≡ x(ac) (mod n); (xa)b ≡ (xa)c (mod n); 1 · b ≡ 1 · c (mod n). Thus b ≡ c (mod n). Let us collect more information on congruence addition and multiplication. We will work out the example n = 6. We just write down the possible remainders mod 6 in the following table for addition. So the meaning of the entry corresponding to the row labeled by 3 and the column labeled by 4 is that, if a ≡ 3 (mod 6) and b ≡ 4 (mod 6), then a + b ≡ 1 (mod 6). + 0 1 2 3 4 5 0 0 1 2 3 4 5 1 1 2 3 4 5 0 2 2 3 4 5 0 1 3 3 4 5 0 1 2 4 4 5 0 1 2 3 5 5 0 1 2 3 4 Here is the corresponding table for multiplication: · 0 1 2 3 4 5 0 0 0 0 0 0 0 1 0 1 2 3 4 5 2 0 2 4 0 2 4 3 0 3 0 3 0 3 4 0 4 2 0 4 2 5 0 5 4 3 2 1 Note the huge number of patterns in these tables. For example, both are symmetric about the top-left-to-lower-right diagonal, which is equivalent to 5 the statement that addition and multiplication are commutative. (But it is not easy to see how associativity would show up in the table.) For the addition table, notice that all of the rows are the same except that they are shifted over by one, with the understanding that when you reach 6 = 0 you start over. This reflects the cyclical nature of addition mod 6. Here are some other patterns: multiplication by 5 has the effect of reversing the order of the nonzero entries. Why is this so? The top-left-to-lower-right diagonal in the addition table shows up as a row (and hence column) in the multiplication table. Where is this row, and what is the explanation for why it shows up? With a little effort, you should be able to notice many other patterns in the tables. Equations in congruences We just look at the most basic kinds of equations, linear equations. First, the additive equation a + x ≡ b (mod n) always has a (unique) solution, following the steps of middle school algebra: a+x≡b (mod n); (a + x) + (−a) ≡ b + (−a) (mod n); x + (a + (−a)) ≡ b − a (mod n); x ≡ b − a (mod n). Note that the above was long and tedious enough, even though we skipped a few steps! (Which ones?) Of course, most of you would do this in one step in your head. Multiplicative equations are another story: they need not always have a solution, and if they do, the solution need not be unique! For example, the equation 2x ≡ 3 (mod 8) has no solution: if it did, 8 would divide 2x − 3, which is always an odd number. On the other hand, the equation 2x ≡ 4 (mod 8) has two solutions mod 8: x ≡ 2 (mod 8) and x ≡ 6 (mod 8). On the other hand, the equation 5x ≡ 3 (mod 7) has exactly one solution mod 7: x ≡ 2 (mod 7). So we need some criterion to decide when an equation of the form ax ≡ b (mod n) has a solution, and, if so, how many. We will just discuss the existence question here and leave the problem of deciding how many solutions there are to the exercises. Fortunately, the work has already been done for us in the very first lecture. Proposition 9. The equation ax ≡ b (mod n) has a solution if and only if d = gcd(a, n) divides b. 6 Proof. The proof follows by writing out the definitions carefully and seeing what they say. The equation ax ≡ b (mod n) has a solution if and only if n divides ax − b for some x, if and only if there exist integers x and k such that ax − b = nk, if and only if b = ax + n(−k). Set y = −k; clearly b = ax + n(−k) for some integers x and k if and only if b = ax + ny for some integers x and y. But Corollary 6 in the first lecture says that the equation b = ax + ny has a solution in integers x and y if and only if d = gcd(a, n) divides b. Running through the chain of logical equivalences, we see that ax ≡ b (mod n) has a solution if and only if d = gcd(a, n) divides b. Let us give some easy consequences of the above. The first has to do with the existence of multiplicative inverses. After all, a multiplicative inverse of a mod n is just a solution to the equation ax ≡ 1 (mod n). So we see: Corollary 10. There exists a multiplicative inverse for a mod n if and only if a and n are relatively prime, i.e. gcd(a, n) = 1. Proof. There exists a multiplicative inverse for a mod n if and only if the equation ax ≡ 1 (mod n) has a solution, if and only if the gcd of a and n divides 1, if and only if the gcd of a and n is equal to 1. An x such that ax ≡ 1 (mod n) is usually written as a−1 , with the understanding that this is not the same as the rational number 1/a, and that the answer will depend on n. For example, 2−1 (mod 11) = 6, but 2−1 (mod 17) = 9. The next corollary says that we can cancel off relatively prime factors. (In fact, this is an if and only if statement in a certain sense; see the exercises.) Corollary 11. Suppose that a and n are relatively prime, and that ab ≡ ac (mod n). Then b ≡ c (mod n). Proof. If a and n are relatively prime and ab ≡ ac (mod n), find an x such ax ≡ 1 (mod n), i.e. find a−1 . Then multiplying the equality ab ≡ ac (mod n) gives b ≡ xab ≡ xac ≡ c (mod n). We will use the next corollary later. (It could have been proven easily in the first lecture, with a slightly different proof.) Corollary 12. Let n be a positive integer. Then a1 and a2 are both relatively prime to n if and only if a1 a2 is relatively prime to n. 7 Proof. Suppose that a1 and a2 are both relatively prime to n. Using Corollary 10, find x1 such that a1 x1 ≡ 1 (mod n) and find x2 such that a2 x2 ≡ 1 (mod n). Then (a1 a2 )(x1 x2 ) ≡ 1 (mod n). In other words, a1 a2 has the multiplicative inverse x1 x2 mod n. So, by the other direction of Corollary 10, a1 a2 and n are relatively prime. Conversely, if a1 a2 is relatively prime to n, then there exists x such that (a1 a2 )x ≡ 1 (mod n). But then a1 (a2 x) ≡ 1 (mod n), so that a2 x is a multiplicative inverse for a1 mod n. Thus a1 and n are relatively prime. Likewise, a1 x is a multiplicative inverse for a2 mod n, so that a2 and n are relatively prime. Note that congruences to a prime modulus look especially nice from the point of view of multiplicative inverses. The reason is that, if p is a prime number, then p and a are not relatively prime if and only if p divides a. Put another way, this says: Corollary 13. Let p be a prime number. If a is not congruent to zero mod p, then there exists a multiplicative inverse for a mod p. The above says that, when working with congruences mod a prime number p, we can add, subtract, multiply, and divide by all nonzero numbers. So in the sense mod p arithmetic is like arithmetic with the rational numbers. Euler’s ϕ-function As we have seen, for a positive integer n, the integers relatively prime to n have special properties. The number of these, properly counted, is important enough to have a special name: Definition 14. Let n be a positive integer. The number of integers r such that 0 ≤ r ≤ n − 1 and such that r and n are relatively prime is called the Euler ϕ-function ϕ(n). Put another way, ϕ(n) counts the number of integers r with 0 ≤ r ≤ n−1 which have a multiplicative inverse mod n. Here is a table of some of the small values of ϕ(n): n ϕ(n) 1 1 2 1 3 2 4 2 5 4 6 2 7 6 8 4 9 7 10 4 From the definition of ϕ(n) and basic properties of prime numbers, we have: 8 Proposition 15. If p is a prime number, then ϕ(p) = p − 1. One can give more general formulas for ϕ(n). We shall discuss these in the exercises. Exercises Exercise 1. Compute the following operations mod n (give your answer in terms of an integer r with 0 ≤ r ≤ n − 1: 2+7 −3 (mod 8); 4·5 (mod 5); 62 (mod 7); (mod 9). Exercise 2. For each of the following a (mod n), find a−1 (mod n), i.e. find an integer x with ax ≡ 1 (mod n), or explain why such an integer does not exist: 5−1 (mod 11); 7−1 2−1 (mod 28); (mod 101) 4−1 (mod 101). Exercise 3. Let n = 2k + 1 be an odd number. What is 2−1 (mod n)? What happens when n = 2k is even? Extra credit: how to find the multiplicative inverse of 3 mod n. First suppose n = 3k + 2 for some k. What is 3−1 (mod n)? (It looks a lot like the answer for 2−1 .) If n = 3k + 1, find 3−1 (mod n) as follows. First find a number x such that 3x ≡ −1 (mod n), and then note that 3(−x) ≡ 1 (mod n); finally, write −x as a number between 0 and n−1. What if n = 3k? Exercise 4. Given the following equations in congruences, find all possible solutions x (mod n): there may be more than one, or none. 5+x≡1 10x ≡ 5 (mod 7); (mod 25); 4x ≡ 2 (mod 11); 3x ≡ 0 10x ≡ 2 (mod 25); 5x + 6 ≡ 3 (mod 27) (mod 12). Exercise 5. Write down addition and multiplication tables for addition and multiplication mod n, where n = 1, 2, 3, 4, 5. Meditate upon your answer, and see if you can make any conjectures. Exercise 6. Prove (3) of Proposition 4: Given a positive integer n, for all a, b, c ∈ Z, if a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n). Exercise 7. Show that, if a1 ≡ a2 (mod n) and b1 ≡ b2 (mod n), then a1 + b1 ≡ a2 + b2 (mod n). 9 Exercise 8. Suppose that a is not relatively prime to n. Show that there always exist b, c with b not congruent to c mod n, such that ab ≡ ac (mod n). Exercise 9. In this exercise, we determine the number of solutions to the congruence equation ax ≡ b (mod n). Of course, we will identify two solutions if they are congruent mod n, because otherwise there would be infinitely many solutions as long as there was at least one solution. Let d = gcd(a, n). We have seen that, if d does not divide b, then there are no solutions to this equation. Thus, henceforth, we assume that d|n. (i) Show that, if ax1 ≡ b (mod n) and ax2 ≡ b (mod n), then a(x2 −x1 ) ≡ 0 (mod n). Conversely, if ay ≡ 0 (mod n) and ax1 ≡ b (mod n), then ax2 ≡ b (mod n), where x2 = x1 + y. Argue that, given one solution x1 to the congruence ax ≡ b (mod n), then all of the solutions are of the form x1 + y where ay ≡ 0 (mod n), and every such expression is in fact a solution. Thus, it suffices to count the number of y such that ay ≡ 0 (mod n). n (ii) With d = gcd(a, n) as above, show that a · ≡ 0 (mod n), and in d kn fact, for every k with 0 ≤ k ≤ d − 1, a · ≡ 0 (mod n). (Why do we d only consider the k ≤ d − 1?) Thus there are at least d solutions to the congruence ay ≡ 0 (mod n), and hence to the congruence equation ax ≡ b (mod n). (iii) To see that the d solutions above are all of the solutions mod n, show n n that, if n divides a`, then divides ` as follows. First show that d d a and are relatively prime (write d = ax + ny and divide by d), and d n a n a then use the fact that divides · ` and that and are relatively d d d d prime. Exercise 10. Make a table of ϕ(n) for 11 ≤ n ≤ 20. Exercise 11. Let n = pa be the power of a prime number. What is ϕ(pa )? Exercise 12. A beautiful formula for ϕ(n) is the following: X ϕ(d) = n. d|n In other words, the sum of the values of ϕ over all of the divisors of n is exactly n. Verify this formula when n = p is a prime number, and for all other n ≤ 10. 10