Gabriel Dospinescu - Teoria Numerelor

An introduction to number theory
Gabriel Dospinescu, A.M.S.P 2012

July 6, 2012
1
1 Lectures 1 and 2: Making sense of abstract nonsense
This rst lecture introduces a few basic denitions of abstract algebra (much more is to come
in the next lectures...) and gives examples of fundamental rings in number theory. Most of
this course will try to give a glimpse on their structure and will explain how they are related
to more down to earth problems in number theory.
1.1 Some dry denitions
A group is just a set enhanced with a multiplication rule, satisfying some natural properties.
More precisely, suppose that G is a set and that : GG G is a map such that
We have (a b) c = a (b c) for all a, b, c G.
There is an element 1 G such that a 1 = 1 a = a for all a G.
For any a G one can nd b G such that ab = ba = 1.
We say that (G, ) is a group. Most of the time the operation will be obvious and so
well simply say that G is a group. Also, I will write ab instead of a b. The element b in
the third axiom is unique (exercise) and we call it a
1
.
Remark 1.2. Basically all groups that well encounter in this course will be commutative,
i.e. we will have ab = ba for all a, b G.
Next, we have more developed sets, which are called commutative unital rings (or
simply rings, to simplify). This time we have a set R and two operations + : R R R,
: R R R such that
(R, +) is a commutative group. We call 0 its unit element (i.e. what was called 1 in
the denition of a group).
There exists 1 R such that a 1 = 1 a = a for all a R.
We have a b = b a and (a b) c = a (b c) for all a, b, c R.
+ and are compatible, i.e. we have a(b +c) = ab +ac.
Of course, people also study rings which are not unital or commutative, but for our
purposes well stick to this class of rings. The thing to keep in mind is that you can add and
multiply things in a ring, but one has to be careful, because one cannot do divisions in an
arbitrary ring. Speaking about divisions, lets introduce two very important denitions.
Denition 1.3. a) An element x of a ring R is called a unit if one can nd y R such that
xy = yx = 1. Such a y is then unique and we call it x
1
.
b) A eld is a ring in which every nonzero element is a unit.
There is one point which you should be aware of: if R is a ring and a, b, c R are nonzero
and satisfy ab = ac, then it does not necessarily follow that b = c. This is the case if R is a
eld, as then you can multiply by a
1
. If course, there are other rings for which you have
this cancelation law (they are called domains and well see them in the next lecture).
1.4 The usual examples....
Of course, you already know quite a few rings: Z, Q, R, C. What are their units? For Z,
they are 1, as 1 are the only divisors of 1. On the other hand, Q, R, C are elds, so
their units are precisely the nonzero elements.
2
1.5 The ring Z/nZ
Recall that if a, b Z and n is a nonzero integer, we write a = b (mod n) if n[ab. If a Z,
we denote
a = a +nZ = a +nb[b Z
and call it the residue class of a mod n. There are exactly n residue classes, those of
0, 1, ..., n 1, and we call Z/nZ the set of these residue classes. So
Z/nZ = 0, 1, ..., n 1.
By denition, x = y as elements of Z/nZ if and only if x = y (mod n). This causes some
diculties when trying to dene maps from Z/nZ to a set X. Indeed, suppose you are given
a map g : Z X. You would like to dene a map f : Z/nZ X by setting f( x) = g(x).
You can do this if and only if g is n-periodical, i.e. g(x) = g(x +n) for all x.
Proposition 1.6. Z/nZ becomes a ring for the following operations: a + b = a +b and
a b = ab. The units of Z/nZ are the elements a with gcd(a, n) = 1 (so there are (n)
units).
Proof. The fact that these operations are well dened is a consequence of basic properties
of congruences: you need to check that if a = c and b = d, then a +b = c +d and ab = cd.
Checking that Z/nZ becomes a ring for these operations is just a matter of unwinding
denitions. Lets consider the units issue. By denition, a is a unit if and only if there is

b
such that a
b = 1. The last is equivalent to ab = 1, that is ab = 1 (mod n). By Bezout,

such b exists i a is relatively prime to n.
Understanding the units of Z/nZ will occupy most of the next lecture and is a basic and
very important result in number theory.
1.7 Rings of polynomials and formal series
An extremely important construction of rings is the following: let R be a ring (recall that
its commutative unital). The ring of polynomials with coecients in R is denoted
R[X]. Its elements are of the form

n0
a
n
X
n
, where a
n
R and only nitely many of
them are nonzero. Let me recall how you add and multiply two polynomials
n
a
n
X
n
+

n
b
n
X
n
=

n
(a
n
+b
n
)X
n
,
_
n
a
n
X
n
_
n
b
n
X
n
_
=

n
_
n
i=0
a
i
b
ni
_
X
n
.
The largest n for which a
n
,= 0 is said to be the degree of the polynomial. We can
dene the set of n-variables polynomials with coecients in R, denoted R[X
1
, ..., X
n
], by
induction: R[X
1
] = R[X] and R[X
1
, ..., X
n
] = (R[X
1
, ..., X
n1
])[X
n
]. You can easily prove
that any element in R[X
1
, ..., X
n
] can be uniquely written in the form
f(X
1
, ..., X
n
) =

i
1
,...,i
n
0
a
i
1
,...,i
n
X
i
1
1
...X
i
n
n
,
3
with a
i
1
,...,i
n
R almost all (i.e. all except nitely many) equal to 0.
What happens if you dont impose the condition that only nitely many a
n
s should
be nonzero? Well, you get the ring of formal series (or generating functions) with
coecients in R, which plays an extremely important role in combinatorics (and not only,
its a crucial technical tool in number theory, too). Well denote this ring R[[X]].
Let me give you right away an example which shows why we do care about polynomials
when doing number theory. It is hard to nd something more elegant than the following
proof of the famous Lucass theorem:
Theorem 1.8. (Lucas) Write n = n
0
+n
1
p +... +n
k
p
k
in base p and let m = m
0
+m
1
p +
... +m
k
p
k
with 0 m
i
p 1. Then
_
n
m
_
=
k
i=0
_
n
i
m
i
_
(mod p).
Proof. Let R = Z/pZ and note that (1 +X)
p
= 1 +X
p
in R[X], as all binomial coecients
_
p
i
_
(1 i < p) are multiples of p. We deduce immediately that (1 +X)
p
j
= 1 +X
p
j
in R[X]
for any j 1. But then we have in R[X]
(1 +X)
n
= (1 +X)
n
0
(1 +X)
pn
1
... (1 +X)
n
k
p
k
= (1 +X)
n
0
(1 +X
p
)
n
1
...(1 +X
p
k
)
n
k
.
Simply identity the coecients of X
m
(as elements of R, not as integers!).
1.9 The ring of arithmetic functions
An arithmetic function is simply a map f : N
C. There is a very nice and useful operation

on arithmetic functions, called the convolution product (or Dirichlet convolution)
f g(n) =

ab=n
f(a)g(b) =

d|n
f(d)g
_
n
d
_
.
Note that every time I write a sum indexed by d[n, I mean that the sum is taken over all
positive divisors of n. The following theorem resumes the main properties of the convolution
product:
Theorem 1.10. The set of arithmetic functions becomes a commutative ring with unity
when endowed with the usual addition and with multiplication dened by . The element 1
of this ring is the map sending 1 to 1 and everything else to 0. The units of this ring are
precisely the arithmetic functions f such that f(1) ,= 0.
Proof. The fact that its a ring is a simple exercise left to the reader (for instance, in order
to prove that (f g) h = f (g h), you can easily check that
(f g) h(n) =

abc=n
f(a)g(b)h(c),
and this is obviously symmetric in f, g, h). The nontrivial part is the computation of the
units of this ring.
Suppose that f is a unit and let f
1
be its inverse for . Then we must have f
1
(1) =
1
f(1)
(thus f(1) ,= 0) and
d|n
f
1
(d)f
_
n
d
_
= 0 for n > 1.
4
This gives us the recipe for the construction of f
1
: simply dene f
1
(1) = 1/f(1) and then
inductively dene
f
1
(n) =
1
f(1)
d|n,d<n
f
_
n
d
_
f
1
(d).
Well come back to this ring once we have discussed the unique factorization.
1.11 The ring of p-adic integers Z
p
For a variety of reasons, reduction mod p is awfully insucient. The best way to reduce
modulo arbitrary powers of a prime p, while still working in a reasonable algebraic (and
especially analytic) context is using p-adic numbers. Very roughly, a p-adic number is a kind
of generating function of the variable p (a prime), with coecients in Z/pZ. These guys play
an absolutely crucial role in modern number theory and well see some applications in the
next lectures.
I prefer to introduce the p-adic integers algebraically, so I will need a denition.
Denition 1.12. A sequence ( x
n
)
n1
, x
n
Z/p
n
Z is called compatible if x
n+1
x
n
(mod p
n
) for all n, where x
n
Z is any lifting of x
n
. Let Z
p
be the set of all compati-
ble sequences.
For instance, any (usual) integer n denes the compatible sequence (n (mod p
k
))
k
. But
there are many more compatible sequences (for instance Z
p
is uncountable).
It is very easy to make Z
p
a ring, by dening addition and multiplication of sequences
componentwise. So the sum of the sequences (a
n
)
n
and (b
n
)
n
is the sequence (a
n
+b
n
)
n
, and
similarly for the product. Ill leave as an easy exercise to check that this makes sense (i.e.
the sequences thus obtained are compatible) and satises the axioms of a ring. We call this
ring the ring of p-adic integers.
Proposition 1.13. A compatible sequence (x
n
) denes a unit in Z
p
if and only if its rst
component is nonzero.
Proof. One direction being obvious, let us assume that the rst component is nonzero. By
compatibility, all x
n
are relatively prime to p, thus their classes mod p
n
are invertible. Simply
choose y
n
to be the inverse of x
n
mod p
n
and check that it forms a compatible sequence
(trivial), which is the inverse of x by construction.
The following result is very important.
Theorem 1.14. Any nonzero p-adic integer x can be uniquely written x = p
k
u for some
nonnegative integer k and some unit u.
Proof. We will need the following easy
Lemma 1.15. If x Z
p
and p
m
x = 0 then x = 0.
Proof. By induction on m we may assume that m = 1. Next, write x as a compatible
sequence ( x
n
)
n
and observe that the condition px = 0 simply says that p x
n
= 0 in Z/p
n
Z.
This means that x
n
= p
n1
y
n
for some integers y
n
. But since p
n
divides x
n+1
x
n
, we see
that p divides y
n
for all n and so all components of x are zero.
5
Assume now that x = p
k
u = p
l
v for some u, v units and some nonnegative integers k, l.
If k > l, lemma 1.15 yields p
kl
u = v. As v is invertible, we deduce that p
kl
uv
1
= 1,
which contradicts proposition 1.13. Similarly, we cannot have k < l, so that k = l. Applying
lemma 1.15 once more, we get u = v, which proves the uniqueness part of the theorem.
To prove the existence, write x as a compatible sequence and let m be the largest integer
j such that x
j
0 (mod p
j
). Then y
n
=
x
n+m
p
m
are integers, since by compatibility x
n+m

x
m
0 (mod p
m
). Moreover, since x
n
is compatible, so is y
n
. Then by construction the
sequence y
n
denes a p-adic integer y such that p
m
y = x. We claim that y is a unit, which
will nish the proof of the rst part of the theorem. But note that the rst component of y
n
does not vanish, so the result follows from proposition 1.13.
1.16 The ring Z[]

Let f Q[X] be a nonconstant polynomial and let be a complex root of f. We dene
Z[] = g()[g Z[X]
and we call it the ring generated by . It is the smallest ring that contains . We dene
Q[] =
f()
g()
[f, g Q[X].
This is the smallest eld containing .
Exercise 1.17. Prove that Q[] = f()[f Q[X].
This ring Z[] has a very rich arithmetic structure and in the next lectures well see some
basic things about it. It is a subring of a much bigger and very mysterious ring, which will
be introduced in the next section.
1.18 The ring of algebraic integers Z
Well now introduce a highly intricate ring, which controls a good deal of the modern number
theory.
Denition 1.19. a) A complex number z is called algebraic if it is root of some nonzero
polynomial with rational coecients.
b) A complex number z is called an algebraic integer if it is root of some nonzero
monic polynomial with integer coecients.
c) I will denote by Q (respectively Z) the set of algebraic numbers (resp. algebraic
integers).
The following result is absolutely not obvious at rst sight, but it is a rather easy conse-
quence of the theorem on symmetric polynomials, see the next section.
Theorem 1.20. Q is an algebraically closed eld and Z is a ring.
To see how amazing this theorem is, try to nd an explicit monic polynomial with integer
coecients killing
3
_
1 +
3
19 +
3
2009
7
+ 1. Or do the same with

2 +
3 +
5 +
6 +
7 +
11 (this is easier to handle, though very tricky).

6
Denition 1.21. If K is any subeld of C, denote by O
K
= KZ. By the previous theorem,
O
K
is a subring of K. We call it the ring of integers of K.
Although very easy, the following result is absolutely fundamental and I will use it a
lot. Note that it crucially uses the fundamental theorem of arithmetic (which will be hugely
generalized in the next lectures).
Proposition 1.22. We have O
Z
= Z. That is, an algebraic integer which is a rational
number is actually a rational integer.
Proof. Write z =
u
v
with relatively prime integers u, v. Suppose that z
n
+a
n1
z
n1
+...+a
0
=
0 for some integers a
i
. Thus u
n
+a
n1
u
n1
v+...+a
0
v
n
= 0 and so v divides u
n
. As (u, v) = 1,
Gauss lemma implies that v = 1 and so z Z.
1.23 The fundamental theorem of symmetric polynomials
The proof of the following result is quite elementary, but the result itself is incredibly powerful
and useful.
Theorem 1.24. (Fundamental theorem of symmetric polynomials.) Let R be any (commu-
tative) ring and let f R[X
1
, . . . , X
n
] be a symmetric polynomial (i.e. for any permutation
of 1, 2, ..., n we have f(X
1
, . . . , X
n
) = f(X
(1)
, . . . , X
(n)
). Then there is g R[X
1
, . . . , X
n
]
such that
f(X
1
, ..., X
n
) = g(X
1
+... +X
n
,
1i<jn
X
i
X
j
, . . . , X
1
X
2
X
n
).
Proof. We prove it by induction on n and inside the induction step by induction on deg(f).
For n = 1 its clear, so assume it holds for n 1. We now prove by induction on deg(f)
the assertion of the theorem with n variables. If deg(f) = 0 or 1, everything is clear. Now,
consider g(X
1
, ..., X
n1
) = f(X
1
, ..., X
n1
, 0), which is obviously still symmetric, so by (the
rst) induction it is a polynomial of the form h(X
1
+... +X
n1
, ..., X
1
...X
n1
) for some h
R[X
1
, ..., X
n1
]. There are two cases: If h = 0, then X
n
divides f and since f is symmetric we
get that X
1
...X
n
divides f. Now we apply induction (on degree!) to
f
X
1
...X
n
and we are done.
If h ,= 0, look at the dierence f(X
1
, ..., X
n
)h(X
1
+...+X
n
, ..., X
2
...X
n
+...+X
1
X
2
...X
n1
),
which vanishes when X
n
= 0 (by construction!). This new polynomial is obviously still
symmetric and a multiple of X
1
...X
n
(same argument as above). Apply induction to the
quotient between this polynomial and X
1
...X
n
and we are done again.
One very important consequence of the theorem of symmetric polynomials is the following
result.
Theorem 1.25. 1) Let f Q[X
1
, X
2
, ..., X
n
] be a symmetric polynomial and let g Q[X]
be a polynomial of degree n, with complex roots z
1
, z
2
, ..., z
n
. Then f(z
1
, z
2
, ..., z
n
) Q.
2) If f has integer coecients and if g is monic with integer coecients, then f(z
1
, z
2
, ..., z
n
)
is an integer.
Proof. Using the previous theorem, we can write
f(X
1
, ..., X
n
) = h(X
1
+... +X
n
,
i<j
X
i
X
j
, ..., X
1
...X
n
)
7
for some h Q[X
1
, ..., X
n
] (resp Z[X
1
, ..., X
n
]). The conclusion follows from the fact that
all symmetric sums in z
i
s are related to the coecients of g by Vietes relations.
We can now easily prove that Q is a ring (the argument for Z being identical). Suppose
that and are algebraic numbers, lets prove that is still an algebraic number. Choose
f, g Q[X] monic vanishing at , respectively and let
f(x) =
n
i=1
(x
i
), g(x) =
m
i=1
(x
i
) Q[X]
Consider the polynomial
n
i=1
n
j=1
(x
i
j
) Q[X]
and call it h. Denitely, h vanishes at and I claim that it has rational coecients. Note
that when we expand that huge product, all coecients of h are polynomial expressions in
1
, ...,
n
and
1
, ...,
m
, which are moreover symmetric in
1
, ...,
n
and in
1
, ...,
m
. Fix
a coecient of h and consider it as a polynomial expression in
1
, ...,
n
with coecients
in Q[
1
, ...,
m
]. Since it is symmetric in
j
, by the previous theorem it is a polynomial
with coecients in Q[
1
, ...,
m
] in the symmetric sums of
1
, ...,
n
. But these symmetric
sums are just (up to signs) coecients of f, which are rational. Therefore, we get that this
coecient is a polynomial expression with rational coecients in
1
, ...,
m
, symmetric in
j
.
Apply once more this argument to conclude that it is a rational number.
1.26 A very subtle irrationality criterion
Ive stolen this material from Iurie Boreico and Vesselin Dimitrov... I nd it extremely
elegant and it nicely illustrates the power of the symmetric polynomials theorem.
Theorem 1.27. Let k > 1 and consider positive rational numbers a
1
, . . . , a
n
, b
1
, . . . , b
n
such
that
a
1
k
_
b
1
+a
2
k
_
b
2
+ +a
n
k
_
b
n
Q.
Then
k
b
i
Q, i n.
Proof. (Following Vasselin Dimitrov and Iurie Boreico) We may assume that all a
i
s are
equal to 1 (exercise).
Let A
i
= roots of X
k
b
i
=
j k
b
i
[ 1 j < k where is a primitive root of order
k of 1, S =

n
i=1
k
b
i
and consider
P(X) =

x
2
A
2
,...,x
n
A
n
(S X x
2
x
n
).
The usual argument with symmetric polynomials shows that P Q[X]. Clearly P(
k
b
1
) = 0.
Let d be the least positive divisor of k for which
k
_
b
d
1
Q (it exists, as
k
_
b
k
1
Q). We
need d = 1, because then we know that
k
b
1
Q, then we can delete the rst term from the
sum and make induction on n. By denition, we can write
k
b
1
=
d
x with x Q
+
. A very
easy but crucial fact is the
Lemma 1.28. X
d
x is irreducible in Q[X].
8
Proof. Look at the roots and constant term of a factor of X
d
x and use the minimality
of d: if F is a monic polynomial with rational coecients of degree between 1 and d 1
that divides X
d
x, all roots of F have absolute value
d
x and so [F(0)[ = (
d
x)
deg(f)
is a
rational number, that is
k
_
b
deg(F)
1
Q, contradicting the minimality of d.
Now P(
d
x) = 0 and by the lemma X

d
x [ P in Q[X]. Take z a primitive root of
order d of 1. Then P(z
d
x) = 0 so there are (x
2
, . . . , x
n
) A
2
A
3
A
n
with
S z
d
k = x
2
+ +x
n
. Then
Re(S) = S = Re(z
d
x +x
2
+ +x
n
) Re(z
d
x) +
n
i=2
(x
i
)
which is equal to
Re(z
d
x) +
n
i=2
k
_
b
i
<
d
x +
n
i=2
k
_
b
i
= S,
a contradiction. So d = 1 and we are done.
1.29 First problem set

1. What are the units of Z[X]?
2. (important exercise) Let be the Mbius function, dened by (1) = 1, (n) = 0 if
n is not a product of distinct primes and (n) = (1)
k
if n is the product of k distinct
primes.
a) Show that

d|n
(d) =
_
1, if n = 1
0, otherwise
. What does this say in the ring of arith-
metic functions?
b) Deduce Mbius inversion formula: if f, g are arithmetic functions such that
g(n) =

d|n
f(d),
then
f(n) =

d|n
(
n
d
)g(d).
3. (Romanian, Iranian, Chinese TST) Let (a
n
)
n1
be a sequence of positive integers
satisfying (a
m
, a
n
) = a
(m,n)
for all m, n N
. Prove that there exists a sequence of

integers b
n
such that a
n
=

d|n
b
d
.
4. (important exercise) Let d be a squarefree integer, dierent from 1.
a) Show that Z[
d] = a +b
d[a, b Z and describe Q[
d].
b) Dene the map N : Q[
d] Q by
N(a +b
d) = (a +b
d)(a b
d) = a
2
db
2
.
Show that N(xy) = N(x)N(y) for x, y Q[
d].
c) Show that x = 0 i N(x) = 0 and that x is a unit of Z[
d] i N(x) 1, 1.
What are the units of Z[
d] when d < 0?
9
5. a) Show that any integer polynomial f Z[X] denes a map f : Z/nZ Z/nZ, by
setting f(n) = f(n).
b) Find all polynomials f Z[X] such that the map f : Z/nZ Z/nZ is bijective for
all n > 1.
6. (China TST 2000) Show that
_
1001
2
+ 1 +
_
1002
2
+ 1 + +
_
2000
2
+ 1 , Q.
7. a) (useful) If Q and cos() Q, then cos()
1
2
, 1, 0.
b) (classical) Suppose that a regular polygon in the plane has all coordinates integer
numbers. Show that it is a square.
8. (IMO Shortlist 1991) Let be a rational number with 0 < < 1 and cos(3) +
2 cos(2) = 0. Prove that =
2
3
.
9. Prove the following generalization of Fermats little theorem: let f Z[X] be a monic
polynomial with complex roots z
1
, z
2
, ..., z
n
(counted with multiplicities). Then for any
prime p we have
z
p
1
+z
p
2
+... +z
p
n
(z
1
+z
2
+... +z
n
)
p
(mod p).
10. (classical) Let a
1
= 0, a
2
= 2, a
3
= 3, a
n+1
= a
n1
+ a
n2
. Prove that for any prime
number p we have that p [ a
p
.
11. (Iran 2006) a) Let P, R be polynomials with rational coecients with P ,= 0. Prove
that there exists a non-zero polynomial Q Q[X] such that P(X)[Q(R(X))
b) Let P, R be polynomials with integer coecients and suppose that P is monic. Prove
that there exists a monic polynomial Q Z[X] such that P(X)[Q(R(X)).
12. (USAMO 2009) Let s
1
, s
2
, ... and t
1
, t
2
, ... be two innite nonconstant sequences of
rational numbers such that (s
i
s
j
)(t
i
t
j
) is an integer for all i, j 1. Prove that
there exists a rational number r such that (s
i
s
j
)r and
t
i
t
j
r
are integers for all i, j.
13. (Kroneckers theorem) Let f Z[X] be a monic polynomial, all of whose roots have
absolute value less than or equal to 1. Then all roots of f are either 0 or roots of unity.
14. Show that if a
1
, a
2
, ..., a
n
are rational numbers and p
1
, p
2
, ..., p
n
are pairwise distinct
primes such that
a
1
p
1
+a
2
p
2
+... +a
n
p
n
= 0,
then a
1
= a
2
= ... = a
n
= 0.
2 Lecture 3: Modular arithmetic via the abstract approach
Is all this abstract nonsense useful in number theory? The answer is undoubtedly yes, and
in this section Ill give you some "abstract proofs" of things that you already know. These
applications wont probably be considered impressive, but, believe me, by the end of the
course you will appreciate the power of the approach weve taken here.
10
2.1 Euler and Lagranges theorems
I guess you know Eulers theorem
gcd(a, n) = 1 a
(n)
1 (mod n).
This is a consequence of a much more general and incredibly useful theorem of Lagrange.
Theorem 2.2. (Lagrange) If G is a nite group, then for any g G one has g
|G|
= 1.
Proof. (almost...) Ill just prove it when G is commutative, since this will be the only case
were interested in. Observe that the map f : G G sending x to xg is bijective. Indeed,
its inverse is simply the map x xg
1
(check this!). But then, since G is commutative, we
can write

xG
x =

xG
(xg) =

xG
x g
|G|
.
Multiplying the previous equality by the inverse of

xG
, youre done.
Of course, Eulers theorem is simply a special case of Lagranges theorem, by taking
G = (Z/nZ)
, the group of units of Z/nZ.

2.3 The Chinese remainder theorem
Let me recall the classical statement of the Chinese remainder theorem.
Theorem 2.4. If m
1
, m
2
, ..., m
k
are pairwise relatively prime integers, then for any integers
a
1
, a
2
, ..., a
k
the system x = a
i
(mod m
i
) has integral solutions. Moreover, two integral
solutions dier by a multiple of m
1
m
2
...m
k
.
Let us reformulate this in a more algebraic way. Consider the map
Z/m
1
...m
k
Z Z/m
1
Z ... Z/m
k
Z
sending x to ( x, ..., x) is bijective Note that all these x are not the same thing: the rst one
is the class of x mod m
1
...m
k
, the second one is the class of x mod m
1
and so on. However,
it would have been too painful for me to invent special notations...
A few seconds of thought will show that the Chinese remainder theorem is saying nothing
else than the fact that the previous map is bijective. As the source and the target of the
map have the same number of elements, namely m
1
m
2
...m
k
, it is enough to prove that f is
injective. But if x and y are two elements of Z/m
1
...m
k
Z mapping to the same thing, then
by denition x = y in Z/m
j
Z for all j, hence m
j
divides x y for all j. Since the m
j
s are
relatively prime, it follows that m
1
...m
k
divides xy. This is another way to say that x = y
as elements of Z/m
1
...m
k
Z. This nishes the proof of the Chinese remainder theorem.
Let me end this section with another very important result. It is a simple application of
the CRT, but it is constantly used when studying polynomial congruences.
Theorem 2.5. Let f Z[X] and n = p
k
1
1
...p
k
s
s
. The equation f(x) = 0 (mod n) has
solutions if and only if each of the equations f(x) = 0 (mod p
k
i
i
) has solutions. In this case,
the number of solutions in Z/nZ of the rst equation is simply the product of the numbers
of solutions of each of the other equations in Z/p
k
j
j
Z.
11
Proof. Well, if f(x) = 0 (mod n), then certainly f(x) = 0 (mod p
k
i
i
), so that if A
d
is the set
of solutions of the equation f(x) = 0 (mod d), then we have a map A
n
A
p
k
1
1
... A
p
k
s
s
.
This simply sends x (taken mod n) to (x, ..., x) (taken mod p
k
i
i
...). As in the proof of CRT,
this map is injective. Lets prove surjectivity. If (x
1
, ..., x
k
) is a k-tuple with x
i
solution of
f(x) = 0 (mod p
k
i
i
), then by CRT there is x such that x = x
i
(mod p
k
i
i
). Then by the usual
argument f(x) = 0 (mod p
k
i
i
), so that f(x) = 0 (mod n) and we created a solution mod
n.
2.6 Order modulo n
The denitions and results of this section will be used all along the course, so please be sure
you digest them. Let G be a nite group. Recall that Lagranges theorem yields g
|G|
= 1 for
all g G. This shows that the following denition makes sense.
Denition 2.7. If G is a nite group and g G, ord(g) is the smallest positive integer k
such that g
k
= 1.
Applied to G = (Z/nZ)
, the units of Z/nZ, this yields the following denition:

Denition 2.8. If a is relatively prime to n, the order of a mod n is the order of a (Z/nZ)
.
It is also the smallest positive integer k such that g
k
= 1 (mod n).
I cannot emphasize enough the importance of the following result. We will use it con-
stanly.
Theorem 2.9. a) Let n, k be positive integers and let a be an integer prime to n. Then
a
k
= 1 (mod n) ord(a (mod n))[k.
b) The order of a mod n divides (n).
Proof. For a) simply use division with remainder: if a
k
= 1 (mod n), divide k = qd + r
(0 r < d), where d is the order of a mod n. By denition a
d
= 1 (mod n), so that a
dq
= 1
(mod n). But then a
r
= 1 (mod n). Since 0 r < d, the minimality of d forces r = 0, that
is d[k. The rest is obvious.
Denition 2.10. Say a is a primitive root mod n if its order mod n is (n). This is the
same as saying that the units of Z/nZ are exactly 1, a, a
2
, ..., a
(n)1
.
The purpose of the next sections is to prove the following beautiful and rather dicult
theorem.
Theorem 2.11. (Gauss) For any odd prime p and any n 1 there are primitive roots mod
p
n
.
The proof is rather long and tricky, but it contains many beautiful and useful ideas, so I
will try to explain it. The hardest part of the proof is the case n = 1.
12
2.12 The case n = 1
So, let us suppose rst that n = 1 and introduce G = (Z/pZ)
, a group with p 1 elements.

If d[p 1, let
A
d
= g G[ord(g) = d.
As the order of any element of G divides p 1, the sets A
d
form a partition of G, so
d|p1
[A
d
[ = [G[ = p 1.
Heres the rst crucial ingredient:
Lemma 2.13. For any d we have [A
d
[ (d).
Proof. If A
d
is empty, we are done, so assume the contrary and take any element a A
d
. So
a has order d and so a
d
= 1. In particular, the elements 1, a, ..., a
d1
are distinct solutions
of the equation x
d
= 1. Now, this equation has at most d solutions in G, because Z/pZ is a
eld and because the polynomial X
d
1 (seen as polynomial with coecients in this eld)
has at most d roots in Z/pZ. Thus, if x A
d
is arbitrary, then there is 0 i d 1 such
that x = a
i
(because x
d
= 1 and by the previous argument). But since x has order precisely
d, it is not dicult to check that (i, d) = 1. In particular, A
d
is a subset of a
i
[(i, d) = 1.
Since the last set has (d) elements, 1) of the lemma follows.
The second ingredient:

Lemma 2.14. (Gauss) For all n we have

d|n
(d) = n.
Proof. There are many proofs, but heres the shortest one: look at the numbers
1
k
, ...,
k
k
.
These are k distinct rational numbers. Imagine you wrote them in lowest terms, then for
every d[k there are (k) fractions whose denominator is d. By double-counting, we get the
conclusion.
These two lemmas nish the proof of the case n = 1: indeed, they imply that [A
d
[ = (d)
for any d[p1, in particular [A
p1
[ 1. But any element of A
p1
is (by denition) a primitive
root mod p.
2.15 The case n = 2
This follows from the following nice
Lemma 2.16. Let a Z be such that a (mod p) is a primitive root mod p. Then either a
or a +p is a primitive root mod p
2
.
Proof. Both a and a +p are primitive roots mod p (when reduced mod p they are the same
thing) and if b a, a + p and d is the order of d mod p
2
, then d divides p(p 1) and d
is a multiple of p 1 (because b
d
= 1 (mod p
2
), so b
d
= 1 (mod p) and so p 1 divides d,
because b is a primitive root mod p). So, if d is not p(p 1) for any of a, a +p, then we have
a
p1
= 1 (mod p
2
) and (a + p)
p1
= 1 (mod p
2
). Using the binomial formula for the last
one, it is easy to check that this cannot happen.
13
2.17 Lifting the exponent lemma
If n is a nonzero integer and p is a prime, we denote by v
p
(n) the largest nonnegative integer
k such that p
k
[n. So v
p
(n) = 0 i p does not divide n, v
p
(n) = 1 i p divides exactly
n, etc. By a natural convention, we set v
p
(0) = . It is easy to check that v
p
(a + b)
min(v
p
(a), v
p
(b)). On the other hand, if p does not divide a or b, then it does not divide ab
(this is classical; see the next lecture for much more general situations). We easily deduce
that v
p
(ab) = v
p
(a) +v
p
(b) for all a, b.
The next result is very useful in olympiad-type problems (and not only...). I strongly
advise you to understand the following proof, as it appears all the time in dierent forms.
Theorem 2.18. (Lifting the exponent lemma) Let p > 2 be an odd prime, a, b integers such
that (p, ab) = 1 and p[a b. For all n 1 we have
v
p
(a
n
b
n
) = v
p
(n) +v
p
(a b).
Proof. This is done in three steps. First, we check it when v
p
(n) = 0. In this case we need
to prove that p does not divide
a
n
b
n
ab
. This is clear, as by hypothesis
a
n
b
n
a b
= a
n1
+a
n2
b +... +b
n1
na
n1
(mod p)
and p does not divide na
n1
(by our hypotheses). Next, we prove it for n = p. Thus, we
need to check that p divides exactly once a
p1
+... +b
p1
. Write b = a+pk for some integer
k. Then by the binomial formula we have b
i
a
i
+ia
i1
pk (mod p
2
), so that
a
p
b
p
a b
=
p1
i=0
a
p1i
b
i
p1
i=0
(a
p1
+ipka
p2
) pa
p1
+p
2
k
p 1
2
a
p2
pa
p1
(mod p
2
).
Note that
p1
2
is an integer, as p > 2. This is why the hypothesis p > 2 is so important!
The previous congruence proves the claim.
Finally, to prove the general case v
p
(n) 1, use induction on v
p
(n): if its ok for v
p
(n) = l,
apply the case n = p to a
n/p
and b
n/p
(note that they still satisfy the hypotheses of the
problem). We get v
p
(a
n
b
n
) = 1 +v
p
(a
n/p
b
n/p
). Now apply the inductive hypothesis.
You might wonder what happens for p = 2. There is of course a version for p = 2, but it
is slightly more complicated to state (but much easier to prove).
Theorem 2.19. Let x, y be odd integers and let n be an even positive integer. Then
v
2
(x
n
y
n
) = v
2
_
x
2
y
2
2
_
+v
2
(n).
Proof. Write n = 2
k
a for some odd number a. Then
x
n
y
n
= (x
a
y
a
)(x
a
+y
a
)(x
2a
+y
2a
)...(x
2
k1
a
+y
2
k1
a
).
Now observe that if u, v are odd numbers, then u
2
+v
2
2 (mod 4). Thus
v
2
(x
n
y
n
) = v
2
(x
2a
y
2a
) +k 1.
Finally, since a, x, y are odd, it is easy to see that
x
2a
y
2a
x
2
y
2
is odd. The result follows.
14
Remark 2.20. 1) Every time you apply this result, be sure you check all hypotheses. Very
often one forgets to check them all and one gets stupid results at the end.
2) I strongly advise you to repeat the arguments for p = 2 every single time you have to
use it. On the one hand, they are almost completely trivial, on the other hand they avoid
problems concerning bad memory...
2.21 The case n > 2 in Gauss theorem
We are nally able to nish the proof of Gauss theorem, via the following
Proposition 2.22. If a is an integer such that a (mod p) and a (mod p
2
) are primitive
roots mod p and p
2
respectively, then a (mod p
n
) is a primitive root mod p
n
for any n.
Proof. Assume that n 3 and let d be the order of a mod p
n
. Then d divides p
n1
(p 1)
and d is a multiple of p 1 (as a is primitive mod p). But then d = (p 1)p
j
for some
0 j n 1. Since a
d
= 1 (mod p
n
), the lifting the exponent lemma yields
n v
p
(a
d
1) = v
p
(a
p
j
(p1)
1) = v
p
(a
p1
1) +j.
But v
p
(a
p1
1) = 1, since p
2
cannot divide a
p1
1 (because a is a primitive root mod p
2
).
So j n 1 and so j = n 1. Thus a has order p
n1
(p 1) mod p
n
and we are done.
2.23 Some other applications of the lifting lemma

Example 2.24. (Chinese TST 2004)
Let a be a xed positive integer. Prove that the equation n! = a
b
a
c
has a nite number
of solutions (n, b, c) in positive integers.
Proof. (simplied by Richard Stong)
Let p be an odd prime not dividing a. Then by the lifting exponent lemma we have
v
p
(a
n
1) v
p
((a
p1
)
n
1) = v
p
(a
p1
1) +v
p
(n).
Taking n = b c and noting that v
p
(n!) >
n
p
1 (since p, 2p, ..., [n/p]p all divide n!), we
conclude that
v
p
(b c) v
p
(n!) v
p
(a
p1
1)
n
p
K
for some constant K, independent of n. Letting = p
K
> 0, we conclude that bc p
n/p
.
Thus
n
n
> n! = a
b
a
c
> a
bc
a
p
n/p
.
Taking logarithms, we deduce that n is bounded in terms of a. Since c, b c < n!, the
conclusion follows.
Example 2.25. (Chinese TST 2009) Let n be a positive integer and let a > b > 1 be integers
such that b is odd and b
n
[a
n
1. Prove that a
b
>
3
n
n
.
15
Proof. Take any prime factor p of b. Since b is odd, we have p > 2. As in the previous
example, we have
n v
p
(b
n
) v
p
(a
n
1) v
p
(a
p1
1) +v
p
(n),
so that
a
b
> a
p1
1 p
v
p
(a
p1
1)
p
n
n

3
n
n
.
Example 2.26. (generalizes IMO 1990 and 1999) Find all primes p and all positive integers
n such that n
p1
divides (p 1)
n
+ 1.
Proof. Let p, n be as in the statement. Note that if p = 2, then n = 1 or n = 2. From now
on, we assume that p > 2. If n is even, then 4 cannot divide n
p1
(because 4 does not divide
(p 1)
n
+ 1) and so p = 2, a contradiction. So, n is odd. Let q be the smallest prime factor
of n. Since q divides (p 1)
2n
1 and (p 1)
q1
1 and since gcd(2n, q 1) = 2, it follows
that q divides (p 1)
2
1 = p(p 2).
Suppose rst that q divides p2. Then, by the lifting exponent lemma and the fact that
q does not divide (p 1)
n
1 (otherwise q divides 2, contradicting the fact that n is odd)
we have
(p 1)v
q
(n) = v
q
(n
p1
) v
q
((p 1)
2n
1) = v
q
((p 1)
2
1) +v
q
(n),
so that (p 2)v
q
(n) v
q
(p 2). In particular, p 2 q
p2
3
p2
. This easily implies that
p = 3, contradicting the fact that q divides p 2.
Next, assume that q = p, so that again by the lifting exponent lemma (using that n is
odd) we have
(p 1)v
p
(n) = v
p
(n
p1
) v
p
((p 1)
n
+ 1) = 1 +v
p
(n).
Thus (p 2)v
p
(n) 1. In particular, p = 3 and v
p
(n) = 1. Write n = 3a with gcd(a, 3) =
1 and observe that a
2
divides 8
a
+ 1. We claim that a = 1. Otherwise, let r be the
smallest prime factor of a, so that r divides 64
a
1 and 64
r1
1. Thus r divides 63, since
gcd(a, r 1) = 1. But then r = 3 or r = 7. Since 3 does not divide a, we must have r = 7
and 7 divides 8
a
+ 1. Since this is of course impossible, it follows that a = 1 and n = 3.
Remark 2.27. The trick of playing with the smallest prime factor is quite subtle and ecient.
Be sure it is part of your toolbox, as it appears very often in this kind of problems. Just for
training, here is an absolute classic: prove that n does not divide 2
n
1 or 3
n
2
n
if n > 1.
2.28 Problem set for lecture 2
1. (IMO Shortlist 1989) Show that for all n there are n consecutive positive integers none
of which is a power of a prime number.
2. a) Show that there are arbitrarily long arithmetic progressions all of whose terms are
perfect powers (i.e. squares or cubes or...).
b) Can we nd an innite such progression?
16
3. (Romania TST 1995) Let f(x) = lcm(1, 2, ..., x). Show that for any n 2 there is a
set A of n consecutive positive integers on which f is constant.
4. A lattice point is called visible (from the origin) if its coordinates are relatively prime
numbers. Is there any lattice point whose distance from each visible lattice point is at
least 2000?
5. (St. Petersburg) Show that n [ (a
n
1) for all n 1 and a Z.
6. (Bulgaria) Find all m, n 1 such that n[m
23
n
+m
3
n
+ 1.
7. Show that x
4
= 1 (mod p) has a solution i p = 1 (mod 8).
8. (Iran 2007) Let n be relatively prime to 2(2
1386
1) and let a
1
, a
2
, ..., a
k
be a reduced
system mod n. Show that n divides a
1386
1
+a
1386
2
+... +a
1386
k
.
9. Find the number of d-th powers in Z/pZ for p > 2 and d a positive integer (xed).
10. Easy applications of the lifting exponent lemma:
a) (Romania TST) Find all n for which 2
n
[3
n
1.
b) (AMM) Let a, b, c be positive integers such that c[a
c
b
c
. Prove that c[
a
c
b
c
ab
.
c) (Romania TST 2009) Let a, n 2 be integers such that n divides (a 1)
k
for some
k 1. Prove that n divides 1 +a +a
2
+... +a
n1
.
d) (Romania TST 1994) Prove that ((n1)
n
+1)
2
divides n(n1)
(n1)
n
+1
+n for all
odd n > 1.
11. Let f be a polynomial with integer coecients such that for some prime number p we
have f(i) = 0 (mod p) or f(i) = 1 (mod p) for any integer i. If f(0) = 0 and f(1) = 1,
prove that deg(f) p 1.
12. (Don Zagier) Somebody incorrectly remembered Fermats little theorem as saying that
the congruence a
n+1
a (mod n) holds for all a. Describe the set of integers n for
which this property is in fact true.
13. (Romania TST 2008) Compute the gcd of the numbers 2
n
2, 3
n
3, ..., n
n
n for
given n.
14. (Unesco Competition 1995) Let m, n be integers greater than 1. Prove that the re-
mainders of the numbers 1
n
, 2
n
, ..., m
n
modulo m are pairwise distinct if and only if m
is square-free and n is relatively prime to (m).
15. (IMO Shortlist 1989) Let m > 1 be odd. Find the smallest n for which 2
1989
divides
m
n
1.
16. A Carmichael number is a natural number n such that n[a
n
a for any integer a.
a) Prove that n is a Carmichael number if and only if n is squarefree and p 1 divides
n 1 for any prime p dividing n.
b) Find all Carmichael numbers of the form 3pq with p, q primes.
17. (Ljungren) Let p > 2. Show that for any integers a, b we have
_
pa
pb
_
=
_
a
b
_
(mod p
3
).
17
18. Let p be a prime number and m, n be integers greater than 1 such that n[m
p(n1)
1.
Prove that gcd(m
n1
1, n) > 1.
19. Trickier applications of the lifting exponent lemma:
a) (Balkan Math. Olympiad 1993) Let m > 1 be an integer and let p be a prime.
Suppose that the equation
x
p
+y
p
2
=
_
x +y
2
_
m
has integral solutions x, y > 1. Then m = p.
b) (IMO Shortlist 2000) Find all a, m, n positive integers such that a
m
+ 1 divides
(a + 1)
n
.
c) Find all positive integers m, n such that m
n
[n
m
1.
d) (Mathlinks Contest) Let a, b be distinct positive rational numbers such that a
n
b
n
Z for innitely many positive integers n. Show that a, b Z.

20. a) Find all primes p, q such that pq divides 2
p
+ 2
q
.
b) Find all primes p, q such that pq divides 5
p
+ 5
q
.
21. (IMO) Prove that for any prime p there is a prime q that does not divide any of the
numbers n
p
p, with n 1.
22. (Sierpinski) Show that there is k > 1 such that k 2
n
+ 1 is composite for all n 0.
23. (Erdos) Show that there is an innite arithmetic progression of odd numbers, none of
which can be written p + 2
k
with p a prime and k 0.
24. (Morleys congruence) Show that
(1)
p1
2
_
p 1
p1
2
_
4
p1
(mod p
3
)
for all prime numbers p with p 5.
25. (Bulgaria TST 2000). Let a, b > 1 be relatively prime. Show that for innitely many
primes p, v
p
(a
p1
b
p1
) is odd.
18
3 Lecture 4: Legendres formula and applications
The following theorem has a very simple proof, but one can emphasize enough its importance.
Hopefully the results to be proved in this lecture will show its power.
Theorem 3.1. (Legendre) One has
v
p
(n!) =

k1
_
n
p
k
_
=
n s
p
(n)
p 1
,
where s
p
(n) is the sum of digits of n when written in base p.
Proof. For the rst part: there are
_
n
p
j
_
_
n
p
j+1
_
integers 1 x n such that v
p
(x) = j, so
v
p
(n!) =
n
k=1
v
p
(k) =
j=1
v
p
(x)=j
j =
j=1
j
__
n
p
j
_
_
n
p
j+1
__
=

j1
_
n
p
j
_
(consider the last part as exercise). For the second part let n = a
k
p
k
+ + a
0
, a
i

0, 1, . . . , p 1 then
_
n
p
_
= a
k
p
k1
+ +a
1
,
_
n
p
2
_
= a
k
p
k2
+ +a
2
, . . .
so
j1
_
n
p
j
_
= a
k
(p
k1
+ +p + 1) +a
k1
(p
k2
+ + 1) +
= a
k
p
k
1
p 1
+a
k1
p
k1
1
p 1
+ +a
1
p 1
p 1
+a
0
p
0
1
p 1
=
n
a
i
p 1
=
n s
p
(n)
p 1
.
3.2 Some amazing applications (following Tchebyshev and Erdos)

If the results and proofs in this section dont convince you that number theory is wonderful,
you are a desperate case! Lets start with a simple, but a bit technical application of Legen-
dres formula. Well see that it yields some rather amazing things.
Crucial estimate For any n 2,
_
n
[
n
2
]
_
divides

pn
p
[log
p
n]
and is a multiple of
[
n+1
2
]<pn
p.
Proof. The second part follows immediately from the identity (note that n =
_
n
2
+
_
n+1
2
_
)
_
n
2
_
!
_
n
_
n
2
_
=

[
n+1
2
]<jn
j
19
and the fact that

[
n+1
2
]<pn
p divides the RHS and is relatively prime to
_
n
2
!. The rst
part follows from the previous theorem: one has
v
p
__
n
_
n
2
__
=

j1
__
n
p
j
_
_
[n/2]
p
j
_
_
[(n + 1)/2]
p
j
__
,
all terms in the sum are equal to 0 or 1 (as for all a, b R one has [a +b] [a] [b] 0, 1)
and all terms for j > log
p
n are equal to 0. Thus v
p
_
_
n
[
n
2
]
_
_
[log
p
n] and we are done.
This estimate yields two very nice and useful results.
Corollary 3.3. (Erdos) For n 2 we have

pn
< 4
n1
.
Proof. The proof is by induction. Ill leave you check that it holds for n = 2. Suppose its
o.k. for all numbers smaller than n and let us prove that

pn+1
< 4
n
. If n +1 is even, this
is clear, so suppose that n = 2k. By the crucial estimate we have

k+2p2k+1
p
_
2k+1
k
_
,
which combined with the induction hypothesis for k gives
pn+1
p =

pk+1
p
k+2p2k+1
p < 4
k
_
2k + 1
k
_
4
n
,
the last inequality being a consequence of
2 4
k
= (1 + 1)
2k+1
= bla +
_
2k + 1
k
_
+
_
2k + 1
k + 1
_
+ bla > 2
_
2k + 1
k
_
.
Let (n) =

pn
1 be the number of prime numbers smaller than or equal to n. The
famous (and deep) prime number theorem asserts that for n large enough (n) behaves like
n
log n
. The following result gives a uniform lower bound estimate. Of course, it is weaker
than the prime number theorem, but it is rather amazing that with so little tools it already
gives the "correct" lower bound.
Corollary 3.4. For all n 2 we have
(2n)
nln 2
ln(2n)
.
Proof. Using the crucial estimate for N =
_
2n
n
_
, we obtain
log N =

p2n
v
p
(N) log p
p2n
[log
p
(2n)] log p (2n) log(2n).
Next, N is the largest among the
_
2n
k
_
and

k
_
2n
k
_
= 4
n
, hence N
4
n
2n+1
. We even get the
stronger inequality
(2n)
log N
log(2n)

2nlog 2 log(2n + 1)
log 2n
.
20
Next, we give an upper bound for (n) using the same ideas:
Corollary 3.5. For n 2 we have
(n) <
6n
log
2
n
.
Proof. By the crucial estimate, we obtain
n
(2n)(n)
<
n<p2n
p
_
2n
n
_
4
n
.
Applying this to n = 2
k
yields
(2
k+1
) (2
k
)
2
k+1
k
.
Since (2
k+1
) 2
k
(this is obvious!), we obtain
(k + 1)(2
k+1
) k(2
k
) (2
k+1
) + 2
k+1
3 2
k
and by adding this we get
n(2
n
) 1 + 3(2 +... + 2
n1
) < 3 2
n
.
Finally, we have
(n) (2
1+[log
2
n]
) < 3
2
1+[log
2
n]
1 + [log
2
n]
<
6n
log
2
n
.
Theorem 3.6. (Bertrands postulate) For all n 2 there is a prime p (n, 2n 2].
Proof. I will assume that n > 625, for the remaining cases just do it by hand (if you are
smart, you just have to consider a few cases, not 624...). Assume that there is no prime
between n and 2n 2 and consider the possible prime factors of
_
2n
n
_
: we saw that for any
such prime p we have p
v
p
((
2n
n
))
2n. It is clear from Legendres formula that if p >
2n,
then v
p
(
_
2n
n
_
) 1. Erdoss key observation is that if p is between
2n
3
and n, then v
p
(
_
2n
n
_
) = 0.
This is immediate to check using Legendres formula. Putting everything together yields (the
rst factor 2n comes from the possible p = 2n 1 factor of
_
2n
n
_
).
4
n
2n + 1

_
2n
n
_
2n
2n<p
2n
3
p
2n
(2n).
Now, it is easy to see that for n 15 we have (n) n/2 1 (if n 15, note that
1, 9, 15, 2, 4, ..., 2[n/2] are not primes). As for n 625 we have [
2n] 14. We deduce that
2n
(2n) (2n)
n/21
. Using also Erdoss estimate

2np2n/3
< 4
2n/31
, we nally
obtain
4
n
2n + 1
< (2n)
n/2
4
2n
3
1
,
21
which implies that 4
n/3
< (2n)
1+
n/2
and so
n
3
log 4 < (1 +
n2) log 2n <

nlog 2n, the
last inequality being immediate. Thus

n
log 2n
<
3
log 4
. We claim that this does not hold for
n 625. A simple derivative computation shows that x
x
log 2x
is increasing for x > 600,
so it is enough to check that
25
log 1250
>
3
log 4
. This is equivalent to 2
50
> (1250)
3
and it is
clear, as for instance (1250)
3
< 2048
3
= 2
33
.
Let me mention a rather nice consequence. Unfortunately, I know no easier proof.

Corollary 3.7. For n > 1, n! is not a perfect power (i.e. perfect square or cube or fourth
power or...).
Proof. Let me assume that n > 3. By Bertrands postulate there is a prime between n/2
and n. Clearly v
p
(n!) = 1 and the result follows.
Remark 3.8. 1. There are some very deep theorems of Rosser and Schoenfeld which state
that if p
n
is the nth prime, then p
n
> nlog n and that
n
log n
1
2
< (n) <
n
log n
3
2
for n > 66. Of course, they are waaaaay beyond this course.
2. A deep generalization of Bertrands postulate is due to Sylvester: if n > k, then at
least one of the numbers n, n + 1, ..., n +k 1 has a prime factor greater than k.
Let me end this section with a rather delicate, but absolutely classical theorem of Mertens.
I will not give a proof of the second and third points, since this requires some pretty involved
computations with integrals.
Theorem 3.9. (Mertens)
1. There exists a constant c
1
such that for all n 1
pn
log p
p
log n
c
1
.
2. There exists constants c
2
, c
3
such that for all n > 2 we have
pn
1
p
c
2
log log n
c
3
log n
.
3. Let = lim
n
_
1 +
1
2
+... +
1
n
log n
_
. Then there exists a constant c
5
such that
pn
_
1
1
p
_
log n
c
5
log
2
n
.
22
Let me just prove the rst part, since it is elementary. We will use the prime factorization
of n!. Legendres formula yields
n
p 1

_
1 +
log n
log p
_
< v
p
(n!) <
n
p 1
.
Multiplying this by log p and summing over p n yields
log

pn
p (n) log n < log n! n
pn
log p
p 1
< 0.
Using Erdos inequality

pn
p < 4
n
, the previous estimates on (n), and the inequalities
nlog n > log n! > n(log n 1) (the rst one is obvious, the second one follows easily by
induction, using the inequality log
_
1 +
1
n
_
<
1
n
) yields
8 log 2 >
pn
log p
p 1
log n > 1.
The theorem follows from this estimate and the fact that the series

p
log p
p(p1)
converges
(since
log p
p(p1)
<
1
p
p
if p is large enough).
3.10 Problem set for lecture 4
1. Show that all
_
2
n
k
_
for 1 k < 2
n
are even and precisely one of them is not a multiple
of 4. Which one?
2. (classical stu) Show that for any n and any a, n! divides

n1
k=0
(a
n
a
k
).
3. (IMO Shortlist 2007) Suppose that b, n > 1 are such that for any k > 1 there is x with
x
n
= b (mod k). Show that b is a n-th power of an integer.
4. (Romania TST 2007) Solve in positive integers x
2007
y
2007
= x! y!.
5. (AMM) Prove the identity
(n + 1) lcm
__
n
0
_
,
_
n
1
_
, ...,
_
n
n
__
= lcm(1, 2, . . . , n + 1)
for any positive integer n.
6. Show that p does not divide any of the binomial coecients
_
n
1
_
,
_
n
2
_
, ...
_
n
n1
_
if and only
if there is 1 s 2 nd all n such that all
_
n
k
_
(1 k < n) are multiples of p.
8. a) (USA TST) For any positive integer n we have
_
n
0
_
1
+
_
n
1
_
1
+ +
_
n
n
_
1
=
n + 1
2
n+1
_
2
1
+
2
2
2
+ +
2
n+1
n + 1
_
.
b) (Kvant) Let x
n
be the exponent of 2 in the prime factorization of the numerator of
2
1
+
2
2
2
+ +
2
n
n
, when written in lowest terms. Prove that lim
n
x
n
= and that
x
2
n 2
n
n + 1
23
9. a) (Richard Stong) Prove that
v
2
__
4k
2k
_
(1)
k
_
2k
k
__
= s
2
(k) + 2 + 3v
2
(k),
where s
2
(k) is the sum of the digits in the base 2 expansion of k.
b)(IMO Shortlist 2007) Find v
2
(
_
2
n+1
2
n
_
_
2
n
2
n1
_
).
10. Using Mertens theorem, prove the following results:
a) If f , , then
1
x
nx
f(n) log log x has a nite limit as x .
b) (Turans theorem) There exists a constant c > 0 such that for all x we have
nx
((n) log log x)
2
cxlog log x.
c) (Hardy-Ramanujans theorem) , have normal order log log n, i.e. if f , ,
then for all > 0 we have
lim
x
1
x
_
n x[1 <
f(n)
log log x
< 1 +
_
= 1.
d) (Erdos) We have
lim
n
[a b[1 a, b n[
n
2
= 0.
11. Prove that (n) divides n for innitely many n.
4 Test week 1
You have 3 hours to solve some of the following problems. There are probably too many
exercises, so feel free to choose a (nonempty) subset of them and focus only on those. Please
write sentences, not only formulae, and explain what you are doing.
1. ("easy" ones) a) Let a be an integer relatively prime to 10. Show that the decimal
expansion of
1
a
is periodic with period equal to the order of 10 modulo a.
b) Show that
_
2n
n
_
divides lcm(1, 2, ..., 2n) for all n > 0.
c) Find the greatest common divisor of the numbers 2
25
2, 3
25
3, 4
25
4, ....
d) Let a, b, c be integers, not all 0 and such that max([a[, [b[, [c[) < 10
6
. Show that
[a +b
2 +c
3[ > 10
21
.
2. Let p > 2 be a prime. Show that the following statements are equivalent
Every quadratic non-residue mod p is a primitive root mod p.
There exists n such that p = 2
2
n
+ 1.
24
3. Dene a
1
= 2 and
a
n+1
= 2a
n
+
_
3(a
2
n
1)
for n 1. Show that a
n
is an integer for all n and that a
p
2 (mod p) for any odd
prime p.
4. (harder) Let k and a
1
, a
2
, ..., a
k
be xed integers, each of them being greater than 1.
Show that there are only nitely many k-tuples of prime numbers (p
1
, p
2
, ..., p
k
), with
the following property: there exists a positive integer m such that
(a
p
1
1
1)(a
p
2
2
1)...(a
p
k
k
1) = m!.
Bonus: same question, but without assuming that the n
i
s are primes.
5. (harder) Let x, y be distinct complex numbers such that
x
n
y
n
xy
is an integer for 4
consecutive positive integers n. Show that it is an integer for all n 1.
25
5 Unique factorization domains-the basics
The purpose of this lecture is to put the fundamental theorem of arithmetic (unique fac-
torization of integers) in a more general context. Again, it will be pretty dry at rst, but
well see the power of this approach pretty quickly. Basically all general denitions will be
inspired either by the statement or the proof of the fundamental theorem of arithmetic. In
order to do that, let me recall the basic steps of the proof of this theorem:
First, one checks by an immediate induction that any integer greater than 1 is a product
of primes.
Next, and this is the most subtle part, on proves that any prime p satises: p[ab p[a
or p[b. This requires a few steps: rst, using the division algorithm, one proves the existence
of gcd and Bezouts theorem. We easily deduce Gauss lemma: if a[bc and gcd(a, b) = 1,
then a[c. This immediately implies the crucial property of primes introduced above.
Things will get much nastier for general rings, and the purpose of this lecture is to isolate
a class of nice rings, for which arithmetic is exactly as in Z. Doing all this will require a few
preliminaries. We will need to dene divisibility, gcd, primes, etc...
5.1 Domains
Denition 5.2. An integral domain (or simply domain) is a ring R so that ab = 0
implies a = 0 or b = 0. Equivalently, it is a subring of a eld.
It is not really clear that the two denitions are equivalent. It is however clear that any
subring of a eld satises the rst condition. To prove the converse, one constructs the eld
of fractions of R. Its elements are of the form
a
b
, with a R and b ,= 0. Of course, we
decide that
a
b
=
c
d
i ad = bc and addition and multiplication are dened in the usual way.
Exercise 5.3. a) Show that Z/nZ is a domain i it is a eld i n is a prime number.
b) Is the ring of arithmetic functions a domain?
c) (very important) If R is a domain, then so is R[X] and we have deg(fg) = deg f +deg g
for all f, g R[X].
d) Show that Z
p
is a domain (use theorem 1.14) and that its eld of fractions Q
p
can
also be described as
Q
p
=
a
p
n
[a Z
p
, n 0.
We call Q
p
the eld of p-adic integers.
5.4 Divisibility, associate elements
Next, we generalize the divisibility relation and we introduce the important relation of being
associate. This will play a key role in the following.
Denition 5.5. Let R be a ring and let a, b R. We say that a divides b if we can nd
c R such that b = ac. We say that a and b are associate if one can nd a unit u of R
such that b = au.
Note that if a and b are associate, then a divides b and b divides a. The converse does
not hold in general, but it holds if R is a domain.
26
5.6 Irreducibles and primes
Let R be a domain.
Denition 5.7. a) We say that a R is irreducible if a is not a unit, but we cannot write
a as the product of two non-units.
b) We say that a R is prime if a[bc implies a[b or a[c (here b, c ,= 0).
Example 5.8. a) The irreducibles of Z are exactly p, with p a prime number. Also, the
primes of Z are p. Note the very unfortunate situation... This is due to the fact that Z
also has 1 as a unit.
b) Let F be a eld. The denition of irreducible in F[X] agrees with the usual denition
of irreducible polynomials. One can check (in the same way as for integers, but well see
below a much more general statement) that irreducible and prime is the same thing in F[X].
c) You can easily check that 2 is irreducible in Z[
3], but not a prime. On the other

hand, it is always true that any prime is irreducible (exercise).
Well constantly use the following easy:
Lemma 5.9. Let a, b R be irreducible. If a[b, then a is associate to b.
Proof. If b = ac, then c must be a unit, as b is irreducible.
5.10 Unique factorization domains-examples
Denition 5.11. A domain R is called a unique factorization domain or UFD if
any non-unit element is a product of irreducible elements of R and
Any irreducible is prime.
Before delving into the arithmetic of UFDs, a natural question is whether there are such
rings.
Example 5.12. a) The discussion in the beginning of this lecture shows that Z is a UFD.
Actually, the denition of a UFD was more or less modeled on the proof of the fundamental
theorem of arithmetic, so this example is not very surprising.
b) Obviously, all elds are UFDs, for the stupid reason that there are no irreducibles at
all...
c) It is a deep theorem of Gauss (well see the proof in the next section) that R[X] is a
UFD whenever R is a UFD. So F[X] is a UFD when F is a eld or F = Z. If F is a eld,
there is a much easier proof, following exactly the arguments for Z (see the next lecture for
other similar examples). But the fact that Z[X] is a UFD is already quite nontrivial.
d) It is a deep theorem that the ring of arithmetic functions is an UFD.
e) The ring Z
p
of p-adic integers is an UFD. Indeed, we saw that any nonzero element of
Z
p
can be written uniquely as p
k
u, for k 0 and u a unit. This shows that p is the unique
irreducible and prime element, up to units.
f) The ring Z of algebraic integers is not an UFD, actually it is as far as it can be from
being an UFD. There are no irreducible elements at all in this ring (nice exercise).
g) Well see in the next lecture that Z[
d] with d 2, 1, 2, 3 is UFD. However, for

d > 2, Z[
d] is not a UFD: it is easy to check that 2 is irreducible. It is however not a

prime. Indeed, there is x Z such that 2[x
2
+ d, so if 2 were prime, it would divide one of
x
d. This is obviously impossible.

27
h) Consider the quadratic imaginary eld K = Q(
d), with d > 0 squarefree. A very

deep theorem of Heegner, Baker and Stark shows that O
K
= K Z is UFD if and only if
d 1, 2, 3, 7, 11, 19, 43, 67, 163.
i) If d > 0 is squarefree and K = Q(
d), then one can prove that O

K
is UFD for
d 2, 3, 5, 5, 7, 11, 13, 17, 19, 21, 29, 33, 37, 41, 57, 73.
5.13 p-adic valuations, again
The following key proposition is a generalization of the fact that a nonzero integer has only
nitely many divisors.
Proposition 5.14. Let R be an UFD and let p be an irreducible of R. If x R0, then
there exists a largest nonnegative integer k such that p
k
[x in R.
Proof. If x is a unit, it is not a multiple of p and we are done. Otherwise, x is a product of
nitely many irreducibles. Now, among them some are associate to p, while the others are
not. Collecting those associate to x, we deduce that we can write x = p
k
y, for some k 0
and some y, which is a product of irreducibles, none associated to p. It is easy to see that p
does not divide y and we are done again.
We are now ready for a crucial result:

Proposition 5.15. Let R be an UFD and let p R be an irreducible element. There exists
a unique map v
p
: R 0 N such that
v
p
(p) = 1.
v
p
(x +y) min(v
p
(x), v
p
(y)) for all x, y such that x +y ,= 0.
v
p
(xy) = v
p
(x) +v
p
(y).
v
p
(x) = 0 if and only if p does not divide x.
Proof. Simply dene v
p
(x) to be the largest nonnegative k for which p
k
[x. The rst, second
and fourth properties are then clear. To prove the third one, write x = p
k
x
1
and y = p
l
y
1
,
with x
1
, y
1
not multiples of p. Then xy = p
k+l
(x
1
y
1
) and p does not divide x
1
y
1
, because p
is a prime. This proves the third relation. Uniqueness is clear.
5.16 The fundamental theorem of arithmetic

Consider all irreducible elements of an UFD R and partition them into classes, by putting
in a class all irreducibles that are associate. Next, select one element from each class (this
requires the axiom of choice, but Im one of those guys who prefer not to spend too much
time on this) and put them in a set T. The fundamental theorem of arithmetic becomes:
Theorem 5.17. (fundamental theorem of arithmetic in an UFD)
Any nonzero element x R can be uniquely written in the form
x = u
pP
p
n
p
,
for a unit u and some nonnegative integers n
p
, all but nitely many of which are zero.
28
Proof. First, we prove the existence of the decomposition. If x is a unit, we are done (take
u = x and all n
p
= 0). Otherwise, x is a product of irreducibles. Each such irreducible is
associate to some p T. Collecting all irreducibles associated to a given p yields the desired
expression for x.
Next, we prove uniqueness. It is enough to check that each n
p
is uniquely determined by
x. But we have
v
p
(x) = v
p
(u
qP
q
n
q
) = v
p
(u) +

qP
(q
n
q
).
It is clear that v
p
(u) = 0 and that v
p
(q
n
q
) = 0 if q ,= p (as then q is not associate to p and
so it does not divide p). Therefore n
p
= v
p
(x) and it is uniquely determined.
The following result is extremely useful:

Proposition 5.18. (local-global principle) Let R be an UFD and let x, y be nonzero elements
of R. Then x[y if and only if v
p
(x) v
p
(y) for all irreducibles p of R.
Proof. This is clear, since x is associate to

pP
p
v
p
(x)
and y is associate to

pP
p
v
p
(y)
, as
the proof of the fundamental theorem of arithmetic shows.
Note that we can extend the p-adic valuation to the whole eld of fractions of R, by
dening
v
p
_
a
b
_
= v
p
(a) v
p
(b).
This is well-dened, since if
a
b
=
c
d
, then ad = bc, so v
p
(a) +v
p
(d) = v
p
(b) +v
p
(c) and nally
v
p
(a) v
p
(b) = v
p
(c) v
p
(d).
5.19 Gcd
Denition 5.20. Let R be an integral domain and let a, b R. We say that d R is a gcd
of a and b if
d divides both a and b.
If e divides a and b, then d divides e.
Note that the gcd of two elements is not uniquely determined (for instance, we can
multiply it by a unit). In Z, there was a way to make it unique, by asking that it should
be positive. In other rings, this is impossible, so when speaking about gcds, one must recall
that they are not unique. On the other hand, any two gcds of a and b must be associate
(exercise).
In general, the gcd of a and b does not exist. On the other hand, we have:
Proposition 5.21. If R is a UFD, then any two elements have a gcd. Moreover, for each
prime p of R we have
v
p
(gcd(a, b)) = min(v
p
(a), v
p
(b)).
Proof. This is an easy exercise.
29
5.22 Residue rings
Let R be an UFD and let p R be a prime. For a R, we write a = a +pR for the residue
class of a modulo p. Let R/pR be the set whose elements are a, for a R. We turn it into
a ring, by dening addition and multiplication in the usual way (i.e. a +b = a +b, etc).
Proposition 5.23. R/pR is an integral domain.
Proof. If a b = 0, then p divides ab, so p divides a or b and we are done.
Corollary 5.24. If R/pR is nite, then it is a eld.

Proof. Let x R/pR be nonzero. There exist i < j such that x
i
= x
j
. By the previous
proposition we get x
ji
= 1 and we are done.
5.25 Reduction map R[X] (R/pR)[X]
The following construction is extremely useful in practice: let R be an UFD and let p R
be a prime. If f R[X] is given by f =

n0
a
n
X
n
, we write
f =

n0
a
n
X
n
(R/pR)[X].
Proposition 5.26. We have f +g = f +g and fg = f g.
Proof. This is clear.
This reduction map is a powerful tool when studying polynomials with integral coe-
cients. The idea is that Z[X] behaves like a surface, while (Z/pZ)[X] behaves like a nice
curve, so we can project this surface to the curve and analyze it in an easier way. You will
see this in a few years, in algebraic geometry. Here are two nice applications.
Example 5.27. (Romania TST 2004) Let P, Q Z[X] with all coecients 1 or 2002. If P [ Q,
then 1 + deg P [ 1 + deg Q.
Proof. Look at these polynomials in F
3
[X], then if a = deg(P) and b = deg(Q) we get
P = 1 + X + ... + X
a
and Q = 1 + X + ... + X
b
in F
3
[X]. Therefore, in F
3
[X] we have
X
a+1
1[X
b+1
1. Use division algorithm for b + 1 and a + 1 to get the conclusion.
Example 5.28. (Romania TST) Show that (X

2
+X)
2
n
+ 1 is irreducible in Z[X].
Proof. We will work mod 2. Note that
(X
2
+X)
2
n
+ 1
2
n
(X
2
+X + 1)
2
n
(mod 2)
and the latter polynomial is irreducible mod 2. Now take

f = g
h and write
g = (X
2
+X + 1)
i

h = (X
2
+X + 1)
2
n
i
where 0 i 2
n
.
The cases i = 0 and i = 2
n
are done as usual. So take 0 < i < 2
n
and write
g = g + 2g
1
h =

h + 2h
1
.
30
Now work with z C such that z
2
+z +1 = 0 (this is the key step!). We have g(z) = 2g
1
(z),
h(z) = 2h
1
(z) and f(z) = 2. Putting it together we get 2g
1
(z)h
1
(z) = 1 or 2F(z) = 1 for
some F Z[X]. But F(z) is always of the form az + b with a, b Z since higher powers
are linearly dependent (z
2
= z 1, z
3
= 1, z
4
= z and so on. . . ). But comparing real and
imaginary parts in 2F(z) = 1 yields contradiction.
5.29 A bonus problem
The following result turned out to be pretty useful in quite many situations, so let me mention
it.
Example 5.30. (Romania TST 2004) Let f Z[X] be monic and irreducible such that [a
0
[
is not a square. Then f(X
2
) is irreducible.
Proof. So take g Z[X] such that g [ f(X
2
) and g is irreducible. Then as f(X
2
) is even we
have
g(X)h(X) = f(X
2
) = g(X)h(X)
for some h Z[X]. Then also g(X) [ f(X
2
). Take G = gcd(g(X), g(X)), then G [ g but
as g is irreducible we have G = 1 or G = g.
If G = 1 we have g(X)g(X) [ f(X
2
) but the LHS is even and so g(X)g(X) = Q(X
2
)
for some Q Z[X]. Moreover Q(X
2
) [ f(X
2
) implies Q [ f. But f is irreducible so Q = 1
(but then g is constant) or Q = f but in this case we have g(X)g(X) = f(X
2
) which is
impossible as [a
0
[ is not a square.
If G = g we have g(X) [ g(X) and by symmetry g(X) [ g(X) so g(X) = g(X).
In case if g is odd we have that a 0 is a root, which would imply a
0
= 0 so this case is
impossible. And if g is even we may write g(X) = P(X
2
) and by the same argument as in
the case (i) show that either P = 1 or P = f and we are done!
5.31 Problem set

1. Show that 2 and 1
5 are irreducible in Z[
5]. Deduce that Z[
5] is not an UFD.
2. Show that a ring satisfying the fundamental theorem of arithmetic is necessarily UFD.
3. Let R be an UFD and let a, b, c R be nonzero. Show that
a) If c[ab and gcd(a, c) = 1, then c[b.
b) If a[c, b[c and gcd(a, b) = 1, then ab[c.
c) If ab = c
n
an gcd(a, b) = 1, then a and b are associate to nth powers in R.
4. (stupid) Show that a quadratic polynomial with odd coecients is irreducible in Q[X].
5. (classical) Show that for all p > 2, one of 1, 2, 2 is a square in F
p
. Deduce that
X
4
+ 1 is irreducible in Z[X], but its reduction mod p is reducible for all p.
1
, a
2
, ..., a
n
be pairwise distinct integers. Then the polynomials (X
a
1
)...(X a
n
) 1 and (X a
1
)
2
...(X a
n
)
2
+ 1 are irreducible in Z[X].
7. (China TST 2009) Let f Z[X] with deg f = n, all coecients are 1 and (X1)
2
k
[f.
Prove that n 2
k+1
1.
31
8. (China TST) Find for which a is f(X) = X
n
+aX
n1
+pq (n 2) reducible over the
rationals.
9. (IMO 1993) Prove that X
n
+ 5X
n1
+ 3 is irreducible over the rational numbers for
all n > 1.
10. If p 3 (mod 4) is a prime, prove that (X
2
+ 1)
n
+ p is irreducible in Z[X] for all
n 1.
11. (Romania TST 2006) For p > 3 nd the number of polynomials X
p
+ pX
k
+ pX
l
+ 1
with 1 l < k < p that are irreducible in Z[X].
12. Often, studying the roots of a polynomial is very helpful in order to prove its irre-
ducibility. Prove the following irreducibility criteria:
a) (Ostrowski) Let f(x) = a
n
X
n
+a
n1
X
n1
+ +a
0
Z[X] be such that
[a
0
[ > [a
1
[ +[a
2
[ + +[a
n
[
and [a
0
[ is a prime. Then f is irreducible in Z[X].
b) (hard, Perrons criterion) Let a
i
be integers such that gcd(a
0
, a
1
, ..., a
n
) = 1, a
0
,= 0
and [a
n1
[ > 1+[a
n2
[ + +[a
0
[. Then f(x) = X
n
+a
n1
X
n1
+a
0
is irreducible
in Z[X].
13. Some applications of Ostrowskis criterion:
a) Prove that for any d 1 there is a monic f Z[X] of degree d such that X
n
+f(X)
is irreducible for any n.
b) (MOP 2007) Show that for any f Z[X] nonconstant there are innitely many
integers n such that f +n is irreducible over the rationals.
c)(Romanian TST 1999) X
n
+ aX + p is irreducible over Z if n 1 and p is a prime
strictly greater than 1 +[a[.
d) (China TST 2006) Let k, n > 1 and let A
1
, ..., A
k
be a partition of the positive
integers. Show that there exists i and innitely many irreducible polynomials of degree
n with coecients in A
i
.
14. (Balkan 1989) Let p = a
0
+a
1
10 +... +a
n
10
n
be the decimal expansion of a prime
and suppose that a
n
> 1. Show that a
0
+a
1
X +... +a
n
X
n
is irreducible in Q[X].
15. (Romania TST 2010) Let p be a prime number, n
1
> n
2
> n
p
be positive integers
and d = gcd(n
1
, n
2
, . . . , n
p
). Prove that the polynomial:
P(X) =
X
n
1
+X
n
2
+ +X
n
p
p
X
d
1
16. (St. Petersburg 2003) Let n p, a
1
, , a
n
Z and dene f
0
= 1, f
k
=the number
of k-element subsets of a
1
, , a
n
that sum to a multiple of p. Prove that p[f
0
f
1
+
f
2
+ (1)
n
f
n
.
32
6 Gauss lemma and applications
In this lecture we will discuss a very beautiful result of Gauss and focus then on some of its
consequences.
6.1 Gauss lemma
If f = a
0
+a
1
X +... +a
n
X
n
R[X] is a nonzero polynomial, we denote by c(f) (and call it
the content of f) a gcd of a
0
, a
1
, ..., a
n
. Note that c(f) is not really well-dened (because
gcds are not unique), but any two contents of f are associate. Heres the key point which
will make everything work in the next section.
Proposition 6.2. (Gauss lemma) For any nonzero polynomials f, g R[X] we have
c(fg) = c(f)c(g) up to units.
Proof. By dividing f and g by their contents, we obtain polynomials with content associate
to 1. So we may assume that c(f) = c(g) = 1. Well prove that c(fg) is a unit, by proving
that no irreducible p can divide c(fg). Suppose that p divides c(fg), then it divides all
coecients of fg. Then f g = 0 in (R/pR)[X]. But since R/pR is an integral domain, we
obtain that f = 0 or g = 0. That is, p divides c(f) or c(g), obviously impossible.
6.3 Gauss theorem
Let R be a an UFD, with eld of fractions F. It is easy to check that F[X] is an UFD, using
the euclidean algorithm (see the next lecture). Wed like to deduce from this that R[X] itself
is an UFD, by comparing factorizations in R[X] and F[X]. It turns out that you can do
this, but this is fairly not obvious at rst sight.
This yields a characterization of the irreducible elements of R[X], when R is an UFD. It
is of crucial importance in practice:
Theorem 6.4. Let R be an UFD. An element f R[X] is irreducible if and only if
f is an irreducible element of R or
f is primitive (i.e. c(f) is a unit) and f is irreducible in F[X].
Proof. The fact that the elements above are indeed irreducibles of R[X] is immediate and
left to the reader. Well stick to the hard part, proving that these are all irreducibles of
R[X].
Let f be an irreducible of R[X], WLOG f nonconstant (otherwise f is an irreducible of
R and we are done). Then f is primitive: indeed, if a prime p divided c(f), then we could
write f = pg, for some nonconstant g R[X]. Then g is not a unit in R[X] and so f is not
irreducible, a contradiction.
Next (this is the hard part), well prove that f is irreducible in F[X], nishing the proof
of the theorem. So, assume that f = gh, with g, h F[X] nonconstant. We can write
g =
g
1
a
, h =
h
1
b
, for some g
1
, h
1
R[X] and some a, b R (nonzero). Then abf = g
1
h
1
.
Using Gauss lemma and the fact that f is primitive, we obtain ab = c(g
1
)c(h
1
) up to units
and so (again up to units)
f =
g
1
c(g
1
)
h
1
c(h
1
)
.
The previous equality implies that
g
1
c(g
1
)
or
h
1
c(h
1
)
is a unit in R[X], in particular constant.
But this contradicts the fact that g and h are nonconstant.
33
We are now in good shape for:

Theorem 6.5. (Gauss) If R is an UFD, then so is R[X].
Proof. First, well check that any irreducible is prime. Let f be an irreducible and suppose
that f divides gh in R[X]. Since f is irreducible, it is either a unit or an irreducible of F[X]
(by the previous theorem), so we may assume that f divides g in F[X]. So we can nd
a R 0 and F R[X] such that ag = fF. Gauss lemma yields ac(g) = c(F) up to
units (as f is irreducible, c(f) is a unit). But then, up to units
g = c(g)
F
c(F)
f
is a multiple of f in R[X] and we are done.
Next, well check the existence of prime factorization in R[X]. Let f R[X] be a nonzero
non-unit. As F[X] is an UFD, we can factor f into irreducibles in F[X]. Scaling them, we
obtain a R0 and g
i
R[X] such that g
i
is irreducible in F[X] and af =

i
g
i
. Gauss
lemma yields ac(f) =

i
c(g
i
) and so, up to units we have
f = c(f)
i
g
i
c(g
i
)
.
Each of
g
i
c(g
i
)
is primitive and irreducible in F[X], so irreducible in R[X]. It remains to factor
c(f) into irreducibles in R, which can be done as R is an UFD. This nishes the proof of the
theorem.
6.6 Eisensteins criterion

The following irreducibility criterion is rather useful, even though it is far from being uni-
versal.
Theorem 6.7. (Eisensteins criterion) Let R be an UFD, p a prime in R and f = a
0
+
a
1
X + ... + a
n
X
n
R[X], such that p divides a
0
, ..., a
n1
, p does not divide a
n
and p
2
does
not divide a
0
. Then f is irreducible in (Frac(R))[X].
Proof. By dividing f by its content, we obtain a polynomial with the same properties (note
that p does not divide the content). So, we may assume that f is primitive and then it
is enough to check that f is irreducible in R[X]. Suppose that f = gh, with g, h R[X]
not units. As f is primitive, we have deg(g), deg(h) > 0. Reducing everything modulo p,
we obtain a
n
X
n
= g h. That means that g = aX
i
and h = bX
ni
for some a, b R. If
0 < i < n, then p divides both g(0) and h(0) and so p
2
divides a
0
, a contradiction. Lets say
i = 0, then deg(h) n and so deg(h) n, a contradiction as g is nonconstant.
The following is an absolute classic:

Example 6.8. The polynomial f(X) = X
p1
+ +X + 1 is irreducible.
34
Proof. Note that f(X) is irreducible i f(X + a) is irreducible (a Z). Using this we sum
up the geometrical progression to get
f(X + 1) =
(X + 1)
p
1
X
= X
p1
+
_
p
1
_
X
p2
+ +
_
p
p 1
_
and we are done by Eisenstein as p [
_
p
a
_
for 0 a < p.
Let me mention the following very useful corollary, that is used a lot in counting problems:
Corollary 6.9. If a
0
, a
1
, ..., a
p1
are rational numbers such that a
0
+a
1
z +... +a
p1
z
p1
= 0
for some pth root of the unity z ,= 1, then a
0
= a
1
= ... = a
p1
.
6.10 An important application of Gauss lemma
Recall that Z is the ring of algebraic integers, i.e. complex numbers killed by some monic
polynomial with integer coecients. Also, Q is the eld of algebraic numbers, i.e. those
killed by a polynomial with rational (equivalently, integer) coecients.
Denition 6.11. If x Q, let
x
(the minimal polynomial of x) be the monic polyno-
mial of smallest degree such that
x
(x) = 0.
The following result is a simple application of the division algorithm, but it is absolutely
essential.
Proposition 6.12. Let x Q. Then
x
is irreducible in Q[X]. Moreover, for a polynomial
f Q[X], we have f(x) = 0 if and only if
x
divides f in Q[X].
Proof. Suppose that
x
= fg, for some nonconstant f, g Q[X], which may be taken monic.
Then one of f or g vanishes at z and has degree smaller than
x
, a contradiction. So
x
is
irreducible in Q[X]. The only nontrivial point that remains to be proved is that
x
divides
f whenever f Q[X] and f(x) = 0. Use the division algorithm to write f = q
x
+ r with
r = 0 or deg(r) < deg(
x
). Suppose that r ,= 0. Since f and
x
vanish at x, so does r.
By scaling r, we may assume that r is monic. Since deg(r) < deg(
x
), this contradicts the
denition of
x
.
Heres an important application of Gauss lemma.

Theorem 6.13. Let x Z. Then
x
has integer coecients. Hence
Z = x Q[
x
Z[X].
Proof. Take a nonzero polynomial f Z[X] killing x. By the previous proposition there
exists g Q[X] such that f =
x
g. Choose d
1
, d
2
N
with d
1
g, d
2
x
Z[X] and
write d
1
d
2
f = (d
1
g)(d
2
x
). Then d
1
d
2
= c(d
1
d
2
f) = c(d
1
g)c(d
2
x
) by Gauss lemma. Next,
c(d
1
, g) [ d
1
and c(d
2
x
) [ d
2
, since g,
x
are monic. Thus c(d
2
x
) = d
2
, hence
x
Z[X].
With this result in hand, it is easy to nd the algebraic integers in a quadratic eld:
35
Theorem 6.14. Let d ,= 0, 1 be a squarefree integer and let K = Q(
d). Then O
K
= Z[
d]
for d 2, 3 (mod 4) and O
K
= Z
_
1+
d
2
_
when d 1 (mod 4).
Proof. Let R = Z[
d] when d 2, 3 (mod 4) and R = Z

_
1+
d
2
_
when d 1 (mod 4). It is
easy to see that R O
K
(note that
1+
d
2
is a root of X
2
X +
1d
4
). We need to prove the
opposite inclusion.
Let x = a+b
d O
K
, with a, b Q. If b = 0, we are done, since we know that O
Z
= Z.
So, suppose that b ,= 0. Then
x
= (Xa)
2
b
2
d. Indeed, (Xa)
2
b
2
d vanishes at x and
no linear polynomial with rational coecients vanishes at x (as x / Q). Hence, the previous
theorem yields 2a Z and a
2
b
2
d Z. From here, it is very easy to conclude.
6.15 Problem set

The following problems are not related to the previous lecture, but they are nice...
1. a) (Iran TST) Let n 2 and let a
1
, a
2
, . . . , a
n
be positive integers, not all of them
equal. Prove that there are innitely many prime numbers p with the property: there
exists a positive integer k such that
p[a
k
1
+a
k
2
+ +a
k
n
b) (Iran TST 2009) Let a be a positive integer. Prove that the set of prime divisors of
2
2
n
+a for n = 1, 2, is innite.
2. Let f Z[X] such that p
k
divides f(x) for all x Z. If k p, prove that there are
polynomials g
0
, g
1
, ..., g
k
Z[X] such that
f(X) =
k
i=0
p
ki
(X
p
X)
i
g
i
(X).
3. (China TST 2007) Let n > 2 be an integer. Prove that n is a prime if and only if
the following property holds: any equiangular n-gon with rational sides is regular. An
equiangular polygon is by denition a convex polygon all of whose angles are equal.
4. (China TST 2004) Let a > 1 and n 1. Show that there is a polynomial f with
integral coecients, of degree n and such that f(0), f(1), ..., f(n) are distinct positive
integers, each of the form 2a
k
+ 3 for some integer k.
5. (USA TST 2009) Consider all polynomials f of degree n which send integers to integers
and all integers a, b for which f(a) ,= f(b). What is the least possible value of the
expression

f(a)f(b)
ab
?
6. (USA TST 2010) Let P be a polynomial with integer coecients such that P(0) = 0
and
gcd(P(0), P(1), P(2), . . .) = 1.
Show there are innitely many n such that
gcd(P(n) P(0), P(n + 1) P(1), P(n + 2) P(2), . . .) = n.
36
7. (IMO Shortlist 1996, hard) For a given even integer n, nd the least positive integer k
such that one can nd polynomials f, g with integer coecients such that
f(X)(X + 1)
n
+g(X)(X
n
+ 1) = k.
8. (China TST 2009, hard) Prove the existence of a constant c > 0 with the property: for
any prime p there are at most cp
2/3
numbers n for which p divides n! + 1.
9. (USA TST 2005) Say a polynomial with integral coecients f is special if for any k > 1
there are innitely many numbers relatively prime to k in the sequence f(1), f(2), f(3), ....
Choose randomly a monic polynomial of degree n with coecients 1, 2, ..., n! (each coef-
cient is one of these numbers). Prove that the probability that the chosen polynomial
is special is between 0.71 and 0.75.
10. (IMO Shortlist 2005, hard) Suppose that f is a polynomial of degree at least 2, with
positive leading coecient and integral coecients. Show that there is n such that
f(n!) is composite.
11. (generalization of USA TST 2008, hard) Suppose that n is a positive integer. Consider
all sequences (x
1
, x
2
, ..., x
n
) with x
i
Z/nZ. For how many of these can we nd a
polynomial f with integer coecients such that f(i) (mod n) = x
i
for all i?
7 The euclidean algorithm
The classical proof of the fact that Z is an UFD crucially uses the division algorithm. This
may seem rather elementary and natural, but it does not generalize very well and most of
the interesting rings do not have a division algorithm. The purpose of this lecture is to dene
euclidean rings, give some important examples and prove that they are UFD. Therefore in
such rings we will have the fundamental theorem of arithmetic and this will have some very
nice applications (see the next lecture).
Ok, now lets make again an abstract denition:
Denition 7.1. An integral domain R is called an euclidean domain if we can nd a
function deg : R 0 N such that:
for any a, b in R, with b ,= 0 we can write a = bq +r, with r = 0 or deg(r) < deg(b).
Tricky point: if R is euclidean, then we can choose such a function deg, which moreover
satises deg(ab) deg(a) for all a, b. Indeed, I will leave as a funny exercise to check that
a min
b=0
deg(ab) yields a new degree map, which satises all required properties. So,
from now on I will assume that deg(ab) deg(a) for all a, b.
For instance, Z is euclidean for deg(n) = [n[. Heres another important class of euclidean
rings.
Theorem 7.2. If F is a eld, then F[X] is euclidean for the usual degree map.
Proof. We need to prove that for any f, g F[X] with g ,= 0, we can write f = qg +r, with
r = 0 or deg(r) < deg(g). We do it by induction on deg f. If deg f < deg g then take q = 0
and r = f. Assume now deg f deg g. Let f = a
n
x
n
+ . . . + a
0
and g = b
m
x
m
+ . . . + b
0
,
n m. The polynomial f X
nm
a
n
b
1
m
g (as F is a eld, b
1
m
is dened) has degree at most
1 +deg f, so by the induction hypothesis, it equals q
g +r
, where r
= 0 or deg r
< deg g.
Then consider q = q
+X
nm
a
n
b
1
m
and r = r
to nish the proof.

37
The hypothesis that F should be a eld is crucial. For instance, Z[X] is not euclidean
for the usual degree map (and actually it is not euclidean for any degree map). Indeed, try
to divide X
2
+ 1 by 2X + 1 in Z[X]. On the other hand, we saw that Z[X] is an UFD. So
being UFD does not imply being euclidean. Well see on the other hand that all euclidean
rings are UFD. This is a very important theorem!
Example 7.3. a) Its a theorem of Motzkin that Z
_
1+
d
2
_
is an UFD (even a principal ideal
domain) for d 19, 43, 67, 163, but it is not euclidean.
b) Chatland, Davenport, Inkeri, Barns and Swinnerton-Dyer proved the following beau-
tiful theorem: if d ,= 0, 1 is a squarefree integer and K = Q(
d), then O
K
is euclidean for
its usual norm map if and only if
d 11, 7, 3, 2, 1, 2, 3, 5, 6, 7, 11, 13, 17, 19, 21, 29, 33, 37, 41, 57, 73.
c) Its only in 2004 that M.Harper proved that Z[
14] is euclidean (for some exotic

degree map). Also, it is a recent theorem of D.A.Clark that the ring of integers of Q(
69)
is euclidean (again, it is not euclidean for the standard norm map).
d) Another deep result of Montgomery and Masley is that there are precisely 30 integers
n such that Z[e
2i
n
] is euclidean. They are
1, 3, 4, 5, 7, 8, 9, 11, 12, 13, 15, 16, 17, 19, 20, 21, 24, 25, 27, 28, 32, 33, 35, 36, 40, 44, 45, 48, 60, 84.
e) Q(
3
m) is euclidean for the usual norm if and only if m 2, 3, 10 (Cioari).

Lets consider now a negative squarefree d and set K = Q(
d). Set deg(x) = [x x[ for

x K (here x is the complex conjugate of x). This is the absolute value of the usual norm
on K.
Theorem 7.4. O
K
is euclidean with respect to deg if and only if d 1, 2, 3, 7, 11.
Proof.
Lemma 7.5. O
K
is euclidean for deg is and only if for all z K one can nd q O
K
such
that deg(z q) < 1.
Proof. Suppose that O
K
is euclidean for deg. Let z =
a
b
K, with a, b O
K
. Write
a = bq +r, with r = 0 or deg(r) < deg(q). If r = 0, we have z O
K
and we can take q = z.
If not, we have
deg(z q) = deg(
r
b
) =
deg(r)
deg(b)
< 1
and we are done again.
Lets prove the converse. Let a, b O
K
, with b ,= 0 and let z =
a
b
K. Pick q O
K
such that deg(z q) < 1 and set r = a bq. Then, if r ,= 0, we have
deg(r) = deg(a bq) = deg(b) deg(z q) < deg(b)
and the result follows.
38
First, suppose that O
K
is euclidean. Lets consider rst the case d 2, 3 (mod 4), so that
O
K
= Z[
d]. By the lemma, we can nd q = a + b
d O
K
such that deg(
1+
d
2
q) < 1.
We deduce that
1 >
_
1
2
a
_
2
d
_
1
2
b
_
2
1 d
4
,
so d > 3. Similarly, if d 1 (mod 4), one chooses z =
1+
d
4
in the lemma and one obtains
d < 15. The result follows immediately.
Conversely, suppose that d 1, 2, 3, 7, 11 and let z = x + y
d K. If
d 1, 2, choose integers a, b such that [xa[, [y b[
1
2
. If d 3, 7, 11, choose
integers a, b such that [2y b[
1
2
and [x
b
2
a[
1
2
. By setting q = a +
b
2
(1 +
d), its
easy to check that deg(z q) < 1.
7.6 Euclidean UFD

In this section we will prove the following:
Theorem 7.7. Euclidean rings are UFD.
This will require a few preliminaries. Let R be an euclidean ring, for a degree map deg
such that deg(ab) deg(a) for all a, b. The rst key point is the following
Proposition 7.8. deg(ab) > deg(a) if b is not a unit.
Proof. Write a = qab +r, avec r = 0 ou deg(r) < deg(ab). We cannot have r = 0, otherwise
b would be a unit. So deg(ab) > deg(r) = deg(a(1 qb)) deg(a) and we are done.
We can now prove the easy half of the theorem:
Corollary 7.9. If R is euclidean, then each nonzero non-unit is a product of irreducible
elements.
Proof. Well prove by induction on deg(a) that a is a product of irreducibles (here a ,= 0 is
a non unit). If deg(a) = 0, then a is irreducible (by the previous proposition). Suppose that
the result holds when for elements of degree less than k and take a for which deg(a) = k. If
a is irreducible, we are done. Otherwise write a = bc, with b, c non units. Then deg(b) <
deg(a) = k and deg(c) < deg(a) = k, by the previous proposition. By induction, b, c are
each a product of irreducibles. But then a = bc is also such a product.
Heres the second key ingredient in the proof of the theorem: the existence of gcd, and a
Bezout theorem in R:
Proposition 7.10. Suppose that R is euclidean. If a, b R are nonzero, then they have a
gcd. Up to a unit, it is characterized by
aR +bR = gcd(a, b)R, where xR = xy[y R, A+B = a +b[a A, b B.
39
Proof. Let S = aR + bR and let d S 0 be such that deg(d) is minimal (it exists, as
deg takes nonnegative integer values). We claim that S = dR. It is clear that dR S. Let
s S 0 and write s = qd + r, with r = 0 or deg(r) < deg(d). If r = 0, we are done, as
then s dR. Otherwise, r = s qd is in S, nonzero and deg(r) < deg(d), contradicting the
choice of d. This proves the claim. The claim shows that d divides a and b. But since d is a
linear combination of a and b, any common divisor of a and b divides d. Hence d is a gcd of
a and b and we are done.
We are nally able to prove that each irreducible a of R is a prime, nishing the proof
of the theorem. Suppose that a divides bc. Let d be a gcd of a and b. As d divides a and a
is irreducible, d is either associate to a or a unit. If d is associate to a, then a divides b and
we are done. Otherwise, d is a unit and the previous proposition yields x, y R such that
ax +by = 1. Then c = acx +bcy is a multiple of a and we are done again.
7.11 Gaussian and Eisenstein integers
The ring Z[i] is called the ring of gaussian integers. It is an euclidean ring, by the previous
results. Its associated norm is N(a +ib) = a
2
+b
2
. It immediately follows that the units of
Z[i] are 1, i. The following result classies the irreducibles of Z[i].
Proposition 7.12. The following elements form a system of representatives for the irre-
ducible elements of Z[i]:
Rational primes of the form 4k + 3.
and , where is a prime p of the form 4k + 1.
1 +i.
Proof. It is easy to see that these elements are pairwise non associate. Let be an irreducible
in Z[i]. Then [N() and since is a prime, it follows that divides some rational prime p
dividing N(). So, we need to factor all rational primes into primes of Z[i].
If p 3 (mod 4) is a rational prime, then p is irreducible. Indeed, otherwise p = ab
for some non units a, b. Taking norms, we obtain p = N(a), which is impossible, as a sum
of two squares is not 3 modulo 4.
Let p be a prime of the form 4k + 1. Then 1 is a quadratic residue mod p, so we can
nd x Z such that p[x
2
+1. If p was a prime in Z[i], then p would divide one of xi, which
is certainly not the case. So p is not a prime. If is a prime divisor of p, then N() = p
and so p = .
Finally, 2 = i(1 +i)
2
and its easy to check that 1 +i is a prime (it has norm 2).
Heres a very nice application of this classication: consider the formal product
Q(i)
(s) =

1
1 N()
s
=

_
1 +
1
N()
s
+...
_
,
the product being taken over those in the previous proposition. Expanding the product
and using unique factorization, we obtain
Q(i)
(s) =

aZ[i],up to assoc.
1
N(a)
s
=

n1
f(n)
n
s
,
40
where f(n) is the number of a Z[i], up to units, such that N(a) = n. That is, f(n) is the
number of solutions of x
2
+y
2
= n, with x > 0 and y 0.
On the other hand, the previous proposition yields
Q(i)
(s) =
1
1 2
s
p1 (mod 4)
1
(1 p
s
)
2
q3 (mod 4)
1
1 q
s
=
=

p
1
1 p
s
p
1
1 (p)p
s
,
where (p) = 1 if p 1 (mod 4) and (p) = 1 if p 1 (mod 4) (with (2) = 0).
Extending to N by multiplicativity, we nally obtain
Q(i)
(s) =
_
_
n1
1
n
s
_
_
_
_
n1
(n)
n
s
_
_
.
Expanding and identifying coecients, we obtain the following beautiful
Theorem 7.13. We have f(n) =

d|n
(n) for all n. The number of solutions of the
equation x
2
+y
2
= n with x, y Z is 4
d|n
(d).
Since is multiplicative, so is f(n). It is then easy to compute the explicit value of
d|n
(d) and we obtain:
Corollary 7.14. The equation x
2
+ y
2
= n has integer solutions i v
p
(n) is even for all
primes p 3 (mod 4). In this case, it has 4
p1 (mod 4)
(1 +v
p
(n)) solutions.
Let =
1+
3
2
, so that the ring of integers in Q(
3) is Z[]. The associated norm

is then
N(a +b) = (a +b)(a +b) = a
2
ab +b
2
.
Proposition 7.15. a) The units of Z[] are 1, ,
2
.
b) A set of representatives for the primes of Z[] (up to being associate) is given by the
following list:
rational primes q 2 (mod 3).
Z[] such that = p for some prime p 1 (mod 3).
1 .
Proof. a) An element a +b is a unit i N(a +b) = 1, i.e. i (2a b)
2
+3b
2
= 4. The rest
is immediate.
b) Let be a prime, then [N(), so divides a rational prime p dividing N(). So, we
need to determine the prime factorization of rational primes.
Suppose that p 2 (mod 3). Then p is a prime in Z[]. Indeed, otherwise we can
write p = ab, with a, b Z[] non units. Passing to units, we see that p = N(a) = N(b).
But the congruence a
2
ab +b
2
2 (mod 3) is impossible.
Suppose that p 1 (mod 3). Then (Z/pZ)
has an element of order 3 (as it is a cyclic

group of order p 1) and so we easily get the existence of some x Z such that p divides
x
2
+x + 1. Then p divides (2x + 1)
2
+ 3. If p was a prime in Z[], then p would divide one
of 2x + 1
3, which is clearly not the case. So p is not irreducible, and since its norm is
p
2
, we must have p = for some prime .
Finally, we easily check that 3 =
2
(1 )
2
and that 1 is a prime (its norm is
3). The result follows.
41
7.16 Euclidean rings and diophantine equations
Theorem 7.17. (Fermat) The integer solutions of the equation y
2
= x
3
2 are (3, 5).
Proof. Well work in the UFD R = Z[
2] and write the equation as

x
3
= (y +
2)(y
2).
We claim that y +
2 and y
2 are relatively prime. If d is a prime of R which divides

y
2, then it divides 2
2 and x. So its norm divides 8 and also x

2
. But its easy to
see that x is odd, so d has norm 1, contradicting the fact that its a non unit.
We deduce that y +
2 is associate to a third power in R. However, the units of R are

1, and both are cubes in R. Hence we can nd integers a, b such that
y +
2 = (a +b
2)
3
.
Expanding, we obtain
y = a(a
2
6b
2
), 1 = b(3a
2
2b
2
).
From here, everything follows with no diculty.
Remark 7.18. A deep theorem of Mordell ensures that the equation y

2
= x
3
+k has nitely
many integer solutions, for each k ,= 0. However, it typically has innitely many rational
solutions. We deduce that for any N we can nd k ,= 0 such that the equation y
2
= x
3
+ k
has more than N integer solutions. For instance, y
2
= x
3
47 has integer solutions (6, 13),
(12, 41), (63, 500).
Theorem 7.19. The equation y
2
= x
3
1 has the only integer solution (1, 0).
Proof. Work in the UFD R = Z[i] and write the equation (y +i)(y i) = x
3
. If p is a prime
of R which divides y +i and y i, it also divides 2i = (1 +i)
2
i, so it divides 1 +i. Hence the
only prime divisor of y i is 1 + i. Using this and the fact that y must be even, we easily
deduce that y +i and y i are actually relatively prime. Again, all units of R are cubes, so
y +i = (a +ib)
3
for some integers a, b. We obtain y = a(a
2
3b
2
) and 1 = b(3a
2
b
2
), from
which the result follows easily.
It is much more challenging to solve in integers the equation y

2
= x
3
+ 1. Indeed, if we
try to follow the same approach as above, we obtain the equation a
3
2b
3
= 1, which is not
easy to solve. Another equation which requires quite a lot of work is:
Theorem 7.20. (Ramanujan-Nagell) The integer solutions of the equation x
2
+ 7 = 2
n
are
x = 1, 3, 5, 11, 181 and n = 3, 4, 5, 7, 15.
7.21 Problem set 1
1. Find the integer solutions of the equation x
2
+y
2
= z
n
, where n > 1 and gcd(x, y) = 1.
2. Solve in integers x
2
+ 8 = y
3
.
3. Let S = a
2
+ 2b
2
[a, b Z, b ,= 0 and let p be a prime such that p
2
S. Then p S.
42
4. a) Show that an odd prime p can be written in the form a
2
2b
2
for some integers a, b
i p 1 (mod 8).
b) Show that an odd prime p can be written in the form a
2
+ 2b
2
i p 1 (mod 8) or
p 3 (mod 8).
5. a) Find all z Z[i] for which one can nd n 1 such that z
n
R.
b) Show that the only rational values tan(k/n) can take (where k, n are integers) are
0, 1, 1.
6. Show that Z[
d] is euclidean for d 2, 3, 6.
7. Solve in integers the equation y
2
+ 1 = x
n
, where n > 1.
8. Let R be an UFD and let x, y, z, w be nonzero elements of R such that xy = zw. Show
that we can nd m, n, p, q R such that gcd(n, p) = 1 and
x = mn, y = pq, z = mp, w = nq.
9. a) Let a, b, c, d be positive integers such that a
2
+ b
2
= cd. Show that we can nd
integers x, y, z, w, t such that
a = t(xz yw), b = t(xw +yz), c = t(x
2
+y
2
), d = t(z
2
+w
2
).
b) Let a, b be integers such that a[b
2
+ 1. Show that a is a sum of two squares.
10. Let a > b > c > d be positive integers such that
a
2
ac +c
2
= b
2
+bd +d
2
.
Show that ab +cd is composite.
11. Solve in integers 13
x
+ 3 = y
2
.
8 Finite elds
Just as sometimes one needs to work with algebraic inters instead of rational integers (try
to solve the equation x
3
= y
2
1 by staying only in the ring of rational integers and youll
see what happens...), it is useful to work in nite eld extensions of F
p
= Z/pZ. These are
precisely those elds which have a nite number of elements and which contain F
p
. In this
chapter well try to work a bit with these elds, by insisting once more on their applications.
8.1 First construction of nite elds
We will x a prime number p and an algebraic closure F
p
of the eld F
p
= Z/pZ. Recall
that this means that F
p
is a eld such that
any x F
p
is a root of some nonzero polynomial f F
p
[X]
any f F
p
[X] has at least one root in F
p
(which actually implies that it splits into
linear factors over F
p
).
It is a rather nontrivial theorem of Steinitz that any eld has an algebraic closure and
any two algebraic closures are isomorphic.
Let us glorify the following easy result, which will be constantly used in this chapter:
43
Proposition 8.2. Let p be a prime and let A be a ring such that
1
pa = 0 for all a A.
Then for all powers q of p and for all a
1
, a
2
, ..., a
n
A we have
(a
1
+a
2
+... +a
n
)
q
= a
q
1
+a
q
2
+... +a
q
n
.
Proof. By induction on n, we may assume that n = 2. Then everything follows from the
usual binomial formula, the hypothesis on A and the fact that
_
q
i
_
0 (mod p) for any
1 i < q.
If q is a power of p, let
F
q
= x F
p
[x
q
= x.
We have the following easy, but crucial result:
Theorem 8.3. F
q
is the unique eld with q elements contained in F
p
.
Proof. First, let us check that F
q
is a eld. It is clearly stable by multiplication and stability
under addition follows from the previous proposition. F
q
has q elements since X
q
X splits
into linear factors over F
p
(because F
p
is algebraically closed) and all of these linear factors
are distinct (because X
q
X is prime to its derivative 1).
Let us consider now a subeld L of F
p
with q elements. As L
is a group with q 1
elements, Lagranges theorem yields x
q1
= 1 for all x L
. Thus x
q
= x for all x L and
so L F
q
. A cardinality argument nishes the proof.
Actually, one can prove that any nite eld has a cardinality which is a power of a prime
(basically by Cauchys theorem for groups or by basic linear algebra for those who know it).
So the previous theorem says that the converse is true: if I have a power of a prime, I can
construct a eld with that cardinality.
8.4 Second construction: nding an irreducible polynomial over F
p
The previous construction is very neat, but it doesnt say how to construct in practice a nite
eld. Another important construction of nite elds is as follows: suppose that f F
p
[X] is
irreducible, of degree n. The ring F
p
[X] is euclidean and an easy division algorithm argument
shows that F
p
[X]/f has p
n
elements (indeed, the division algorithm shows that a system of
representatives for the residue classes modulo f is given by polynomials of degree at most
n1). On the other hand, F
p
[X]/f is an integral domain, since f is irreducible and F
p
[X] is
an UFD. So F
p
[X]/f is a eld with p
n
elements (see a lemma in the rst lecture on UFDs).
Now, the hard point is proving that for any n one can nd an irreducible polynomial
of degree n over F
p
. This is much harder than the analogous statement over the rationals
(Eisensteins criterion shows that X
n
2 is irreducible over the rationals, but there is no
analogue of this over F
p
). Well actually prove the existence by a combinatorial argument,
without exhibiting any irreducible polynomial of degree n. Heres the main result:
Theorem 8.5. For all n 1, there exists an irreducible polynomial f F
p
[x], of degree n.
I need one more preliminary. The following theorem is proved is exactly the same way
as the existence of primitive roots mod p:
1
We say that A has characteristic p.
44
Theorem 8.6. If K is a nite eld, then K
is a cyclic group, that is there exists x K
of order [K[ 1.
Lets come back to the proof of the existence of irreducible polynomials of a given degree.
Well actually nd an explicit formula for their number!
Theorem 8.7. The product of the irreducible monic polynomials f F
q
[X], such that
deg(f)[n is X
q
n
X.
Proof. Let P be this product. Note that X
q
n
X is squarefree in F
q
[X], as it is relatively
prime to its derivative, which is 1. Thus, in order to prove that P = X
q
n
X, it is enough
to check that they have the same monic irreducible factors.
Let f be a monic irreducible factor of X
q
n
X, say deg(f) = d. We need to prove
that d[n. Then L = F
q
[X] is a eld with q
d
elements. We claim that x
q
n
= x for all x L.
Suppose we managed to prove this. Then, since L
is cyclic we can choose x L
of order
q
d
1, so that x
q
n
= x gives q
d
1[q
n
1, and nally d[n. To prove the claim, write
x = a
0
+a
1
X + +a
d1
X
d1
and use the rst proposition of the lecture to write
x
q
n
= (a
0
+a
1
X + +a
d1
X
d1
)
q
n
= a
q
n
0
+a
q
n
1
x
q
n
+ = a
0
+a
1
X
q
n
+ +a
d1
X
q
n
(d1)
= a
0
+a
1
X + +a
d1
X
d1
= x.
Let f F
q
[X] irreducible, monic, of degree d[n. We will prove that f[X
q
n
X. Again,
L = F
q
[X]/f is a nite eld with q
d
elements, so by Lagranges theorem we have

X
q
d
=

X.
Since d[n, it follows that

X
q
n
=

X, which is exactly what we needed.
Corollary 8.8. If N
n
is the number of irreducible polynomials in K[X] that are monic of
degree n, then
p
n
=

d|n
dN
d
.
Proof. Take the degrees in LHS and RHS of the previous theorem.
Mbius inversion formula immediately yields a formula for N

n
, and it is apparent on this
formula that N
n
> 0 for all n 2. This proves the existence of an irreducible polynomial of
degree n.
8.9 A proof using zeta functions
Let me give you another proof of the corollary, which is a very beautiful application of zeta
functions and unique factorization. As before, let N
n
be the number of irreducible monic
polynomials of degree n over F
p
. Consider the generating function
f =

fF
p
[X]
X
deg f
,
45
the sum being taken over monic polynomials f. As there are p
n
monic polynomials of degree
n, we have
f =

n0
p
n
X
n
=
1
1 pX
.
Using the unique factorization of monic polynomials into products of irreducible monic
polynomials, it is easy to see that
f =

h
(1 +X
deg h
+X
2 deg h
+...) =

h
1
1 X
deg h
,
the product being taken over the irreducible monic polynomials h. Thus
log
1
1 pX
=

h
log
1
1 X
deg h
=

n0
N
n
log
1
1 X
n
.
Using the formula
log
1
1 X
=

k1
X
k
k
,
the previous formula and identifying coecients we get again the identity p
n
=

d|n
dN
d
,
from where the result follows by Mobius inversion.
8.10 Computation of
_
2
p
_
using nite elds
Lets give a very neat way to compute the Legendre symbol using nite elds.
Theorem 8.11. For p > 2 we have
_
2
p
_
= (1)
p
2
1
8
.
Proof. Let us take in an algebraic closure of F
p
with
4
= 1. Dene x = +
1
, so
that x
2
= 2. In particular, we have
2
p1
2
= x
p1
=
x
p
x
=

p
+
p
+
1
.
So, we have
_
2
p
_
= 1 if and only if
p
+
p
= +
1
.
Since this is equivalent to (
p1
1)(
p+1
1) = 0 (easy computation) and since
k
= 1 is
equivalent to 8[k (weve chosen so that it has multiplicative order 8), we have
_
2
p
_
= 1 if
and only if p = 1 (mod 8). The conclusion follows.
46
8.12 Lucas-Lehmers test
Heres another very nice application (and pretty nontrivial) of nite elds. This is also by
far the most ecient way to test if 2
p
1 is a prime.
Theorem 8.13. (Lucas-Lehmer) Let a
0
= 4 and a
n+1
= a
2
n
2. If m is an odd integer,
then n = 2
m
1 is a prime if and only if n[a
m2
.
Proof. The rst step is to use the identity
(x + 1/x)
2
2 = x
2
+ 1/x
2
to get a closed form for the general term of the sequence. Namely, if x +1/x = a
0
, then the
previous formula and the recurrence relation yield a
n
= x
2
n
+x
2
n
for all n.
Suppose that n is a prime and m 3. Then 2 is a quadratic residue mod n, as n = 1
(mod 8) (see the previous section). Pick F
p
such that
2
= 3. Since n 2 (mod 3), 3 is
not a quadratic residue mod n and so is not in F
p
. But then F
p
[] = a +b[a, b F
p
is
easily seen to be a eld with p
2
elements, so it has to be F
p
2 and so F
p
2. We can dene
a map : Z[
3] = a + b
3[a, b Z F
n
2 mapping a + b
3 to a + b and it is easy to
check that is a ring morphism. Moreover, since is not in F
p
, we have (a +b
3) = 0 i
a +b = 0 i a = b = 0 in F
p
. We want to prove that (a
m2
) = 0, which is equivalent to
(x)
2
m2
+(x)
2
m2
= 0 (x)
2
m1
= 1 (x)
n+1
2
= 1 (2 +)
(n+1)/2
= 1.
Note that (1 +)
2
= 2(2 +), so
2
n+1
2
(2 +)
n+1
2
= (1 +)
n+1
= (1 +)(1 +
n
).
Using this, the fact that 2 is a quadratic residue mod n, that 3 is not a quadratic residue
and the fact that
n
= 3
n1
2
, it is easy to conclude.
Let us prove the converse now. Suppose that n[a
m2
, we need that n is a prime. This is
rather tricky: its enough to check that p[n we have [>

n. Now p[n p[a
m2
and again
F
p
2 we have (2 +)
n+1
2
= 1. Thus ord(2 +) = n + 1 in F
p
2
. So by Lagrange n + 1[p 2
or n + 1[p
2
1 p >

n and we are done.
8.14 Chevalley-Warning and Erdos-Ginzburg-Ziv theorems

Heres an amazingly beautiful result:
Theorem 8.15. (Chevalley-Warning) Let q be a power of p and f
1
, . . . , f
k
F
q
[x1, . . . , x
n
]
polynomials with
n >
k
i=1
deg(f
i
).
Then the number of solutions in F
n
q
of the system
_
_
f
1
(x
1
, . . . , x
n
) = 0
.
.
.
f
k
(x
1
, . . . , x
n
) = 0
is a multiple of p.
47
Corollary 8.16. If f
i
(0, . . . , 0) = 0 for all i (that is (0, . . . , 0) is a solution) then the system
has a solution with at least one nonzero component.
Proof. The rst key observation is that x = (x
1
, . . . , x
n
) F
n
q
is a solution i
(1 f
i
(x)
q1
) (1 f
k
(x)
q1
) = 1
in F
q
. This is an obvious consequence of Lagranges theorem. Letting F =
k
i=1
(1 f
q1
i
),
the theorem is a consequence of the following two claims:
If N is the number of solutions, then (by the rst paragraph)
N
xF
n
q
F(x) (mod p).
We have

xF
q
n
F(x) = 0. To prove this, note that
deg F (q 1)
k
i=1
deg(f
i
) < (q 1)n,
thus there are a
i
1
,...,i
n
F
q
with
F(X) =

i
1
++i
n
<(q1)n
a
i
1
,...,i
n
X
i
1
1
X
i
n
n
.
But then

xF
n
q
F(x) =

i
1
,...,i
n
<(q1)n
a
i
1
,...,i
n

xF
n
q
x
i
1
1
x
i
n
n
,
so its enough to see that

xF
n
q
x
i
1
1
x
i
n
n
= 0
if i
1
+ +i
n
< (q 1)n. But
xF
n
q
x
i
1
1
x
i
n
n
=
_
_

x
1
F
q
x
i
1
1
_
_

_
_

x
n
F
q
x
i
n
n
_
_
= 0
because there is j with i
j
< q 1 and (as F
q
is cyclic)
x
j
F
q
x
i
j
j
= 0.
Remark 8.17. : It is true, but extremely dicult that q[N (we even have much better bounds,
but this uses very deep algebraic geometry).
Let me give you a nice and standard application. You all know the trivial fact: if
a
1
, . . . , a
n
Z then I 1, . . . , n nonempty with n[
iI
a
i
(prove it if you havent seen it
yet!). The following is however much more dicult.
48
Theorem 8.18. (Erd os-Ginzburg-Ziv) Among any 2n1 integers there are n whose sum is
a multiple of n.
Proof. Step 1: if this is true for n
1
, n
2
then its also true for n
1
n
2
. This is an amusing
exercise in making groups of numbers, left to the reader.
Step 2: this is the hard part: n = p, a prime. Apply Chevalley-Warning to the system
with
f
1
(X) =
2p1
i=1
a
i
X
p1
i
, f
2
(X) =
2p1
i=1
X
p1
i
to get (x
1
, . . . , x
2p1
) F
2p1
p
(0, . . . , 0) with
f
1
(x
1
, . . . , x
2p1
) = f
2
(x
1
, . . . , x
2p1
) = 0.
Choose I = i[x
i
,= 0 then this works by Fermats little theorem.
8.19 Problem set
1. Let p be a prime and a a positive integer not divisible by p.Prove that x
p
x a is
irreducible over the rationals.
2. (USA TST 2009) Let p > 5, a, b, c Z with p (a b)(b c)(c a) and i, j, k 0 with
(p 1) [ i +j +k. If p divides (x a)(x b)(x c)[(x a)
i
(x b)
j
(x c)
k
1] for all
x Z, then p 1 divides i, j and k.
3. (IMO Shortlist 1989) An integer sequence a
n
n1
is given such that
2
n
=

d|n
a
d
for all n N. Show that a
n
is divisible by n for all n N.
4. (IMO 1993) Let n > 1 and let L
0
, L
1
, ..., L
n1
be lamps in a circle, each one being on
or o. We dene L
k
= L
k (mod n)
for all integers k. At step S
j
we change the state of
L
j
and do not touch the other lamps, according to the rules:
1) if L
j1
is on, change the state of L
j
(so if L
j
was on, now its o, and so on...).
2) if not, do not change the state of L
j
.
Knowing that initially all lamps were on, show that there is M(n) > 0 such that after
M(n) steps all lamps are again on. Also, if n = 2
k
then all lamps are on after n
2
1
steps and if n = 2
k
+ 1 then they are on after n
2
n + 1 steps.
5. (China TST 2008) The sequence x
n
is dened by x
1
= 2, x
2
= 12, and x
n+2
=
6x
n+1
x
n
. Let p be an odd prime and q be a prime divisor of x
p
. Prove that if
q ,= 2, 3, then q 2p 1.
6. Let p be a prime and let a
1
, a
2
, ..., a
2p1
be elements of Z/pZ. Prove that the number of
subsets I of 1, 2, ..., 2p1 with p elements such that

iI
a
i
= b in Z/pZ is congruent
to 0 or 1 modulo p, for all b Z/pZ.
7. (IMO Shortlist) Let a
0
= 2, a
n
= 2a
2
n1
1. If p > 2 and p [ a
n
, then 2
n+3
[ p
2
1.
49
8. (IMO Shortlist) Find the largest number of elements of a set A of positive integers
such that
1)[p [ p [ a for some a A[ = p 1
2)B A, B ,=
p
_
xB
x , Z.
9 Characters of nite elds and reciprocity laws
9.1 Fourier analysis on nite abelian groups
A character of a group (G, +) is a map : G C
, such that
(x +y) = (x) (y)
for all x, y G. The character is called trivial if (g) = 1 for all g G.
If G is highly non commutative, characters are not very interesting, but if G is commu-
tative (we also say that G is abelian), then the characters of G contain a huge amount
of information.
So, suppose that (G, +) is a nite abelian group with n elements and let

G be the set of
all characters of G (

G is called the dual group of G).
Proposition 9.2. For all

G and g G we have (g)
n
= 1, so [(g)[ = 1.
Proof. We have (g)
n
= (ng) = 1, because ng = 0 by Lagranges theorem. The rest is
clear.
Example 9.3. 1) Take n 2 and G = Z/nZ. If

G, then (1) is an nth root of the unity,
and is uniquely determined by (1), as G is generated by 1. Conversely, if z is an n-th
root of the unity, x z
x
denes a character of G (by z
x
we mean z
a
for any lifting a of x;
this does not depend on the choice of a, as z
n
= 1). Hence G has precisely n characters.
This is a general result, valid for any nite abelian group (but this is harder to prove).
2) Let N be an integer greater than 1 and let G = (Z/NZ)
be the abelian group of

invertible residue classes mod N. A character of G is called a Dirichlet character of
modulus N or simply a Dirichlet character mod N. These play a very important role in
number theory (for instance, they are crucial in the proof of Dirichlets theorem on primes
in arithmetic progressions).
Well constantly use the following important result. Its proof uses the classication of
nite abelian groups, but in practice well only apply it for cyclic groups, and in this case
the proof is completely elementary.
Theorem 9.4. If G is a nite abelian group, then we have the orthogonality relations:
for all g G and

G
1
[G[
xG
(x) = 1
=1
,
1
[G[
G
(g) = 1
g=1
.
Here 1
=1
is equal to 1 if is trivial, and to 0 otherwise.
50
Proof. We need to prove the following:
If

G is not trivial, then

gG
(g) = 0. This is very easy: if S =

gG
(g), then
for all h G we have
(h)S =

gG
(hg) = S,
as the map g gh is a permutation of G. Since we can nd h such that (h) ,= 1, we have
S = 0.
If x G 1, then

x
G
(x) = 0. This is the tricky part, and it follows as in the
previous paragraph if we manage to prove the following crucial thing: if x G1, then
there exists

G such that (x) ,= 1. This can be proved by using the fact that G is a
product of cyclic groups (this is a classical, but nontrivial theorem), and the fact that it is
obvious for cyclic groups (since we computed all characters).
9.5 Gauss and Jacobi sums

Gauss and Jacobi sums play a fundamental role in the theory of equations over nite elds
and in number theory, in general.
Denition 9.6. 1) If and are characters of F
q
, respectively F
q
, the associated Gauss
sum is
g(, ) =

xF
q
(x)(x).
2) If
1
and
2
are characters of F
q
, the associated Jacobi sum is
J(
1
,
2
) =

x,yF
q
,x+y=1
1
(x)
2
(y).
Theorem 9.7. If and are nontrivial, then [g(, )[ =

q.
Proof. The orthogonality relations yield (using also the substitution
x
y
= t)
[g(, )[
2
=

x,yF
q
(x/y)(x y) =

t,yF
q
(t)(y(t 1)) =
tF
q
(t)
_
_
yF
q
(y(t 1)) 1
_
_
=

tF
q
(t)(q 1
t=1
1) =
q 1
t=0,1
(t) = q
tF
q
(t) = q.
Corollary 9.8. If and are nontrivial, then g(, ) g(

1
, ) = (1)q.
Proof. This is just a long string of obvious computations, using the previous theorem and
the fact that g(, ()) = (1)g(, ) (which is immediate by denition and the fact that
x x is a permutation of F
q
). More precisely, we have
g(
1
, ) = g(, ) = g(, ) = g(, ()) = (1)g(, ) = (1)
q
g(, )
.
51
One has the following beautiful result which connects Gauss and Jacobi sums. Well use
it constantly.
Theorem 9.9. If
1
,
2
are nontrivial characters of F
q
such that
1

2
is nontrivial, then
for all nontrivial characters of F
q
we have
J(
1
,
2
) =
g(
1
, ) g(
2
, )
g(
1
2
, )
.
Proof. This is a rather tricky computation
J(
1
,
2
)g(
1
2
, ) =

xF
q
{0,1}
yF
1
(x)
1
(y)
2
(1 x)
2
(y)(y).
Using the substitution a = xy and b = y(1 x), this becomes
a,bF
q
,a+b=0
1
(a)
2
(b)(a +b) = g(
1
, )g(
2
, )
aF
1
(a)
2
(a).
As
1
2
is nontrivial, the orthogonality relations yield the desired result.
Here is a striking application. Assume that p 1 (mod 4) is a prime. As F
p
is cyclic of
order p 1, there exists a unique nontrivial character
1
of order 4 of F
p
. Let
2
(x) =
_
x
p
_
be Legendres symbol. The previous two theorems imply that [J(
1
,
2
)[
2
= p. On the other
hand, it is clear that
1
takes only the values 0, 1, i, thus J(
1
,
2
) Z[i]. In particular,
[J(
1
,
2
)[
2
is the sum of the squares of two integers. We recovered thus Fermats celebrated
theorem that any prime of the form 4k + 1 is the sum of the squares of two integers.
9.10 The Quadratic Reciprocity Law
The following result is absolutely fundamental and has a lot of proofs. I personally prefer
the following one. The technique might seem a bit exotic, but it is actually quite natural in
a broader context, that unfortunately I dont have the time to discuss.
Theorem 9.11. (Gauss quadratic reciprocity law) For p ,= q, odd primes
_
p
q
_
_
q
p
_
= (1)
p1
2
q1
2
.
Proof. Let = e
2i
p
and let
g =

aF
p
_
a
p
_
a
.
This is the Gauss sum associated to the characters a
_
a
p
_
and a
a
(the rst one is
multiplicative, the second one is additive). So the general theory gives g
2
=
_
1
p
_
p. It is
easy to see that
_
1
p
_
= (1)
p1
2
. To save notation, let me denote = (1)
p1
2

q1
2
. By
working in Z, we can write
g
q
= g (g
2
)
q1
2
= g p
q1
2
g
_
p
q
_
(mod q).
52
On the other hand, recalling that (z
1
+ ... + z
n
)
q
z
q
1
+ ... + z
q
n
(mod q) for z
i
Z, we
obtain
g
q
a
_
a
p
_
q
aq
=

a
_
a
p
_
aq
(mod q)
and so
_
q
p
_
g
q
a
_
aq
p
_
aq
= g (mod q).
Combining the previous two paragraphs yields
g
_
_
p
q
__
q
p
_
1
_
0 (mod q).
Since g divides p in Z, and since gcd(p, q) = 1, we deduce that

_
p
q
__
q
p
_
1
q
Z Q = Z and
the result follows (note that
_
p
q
_ _
q
p
_
1, 1 and q > 2).
9.12 The cubic reciprocity law

Recall that =
1+
3
2
, so that Z[] is the ring of integers of Q(
3). Let be a prime

of Z[] and suppose that N() ,= 3 (i.e. is not associate to 1 , the only prime dividing
3). Since N() = a
2
ab +b
2
for some integers a, b, it is clear that N() 1 (mod 3).
Proposition 9.13. If x Z[] is not a multiple of , then x
N()1
1 (mod ).
Proof. Suppose rst that = q, a rational prime of the form 3k +2. Then for x = a +b
Z[], we have
x
q
2
= (a +b)
q
2
a
q
2
+b
q
2
q
2
a +b (mod q),
using the binomial formula, Fermats little theorem and the equality
q
2
= (as q
2
(mod 3)). The result follows.

Suppose now that = p, a rational prime. With the same arguments, we have for
x = a +b
x
p
a
p
+b
p
p
(mod p).
It remains to see that a
p
a (mod p), b
p
b (mod p),
p
= and [p.
Remark 9.14. Actually, it is not dicult (but not really obvious) to prove that Z[]/ is
a nite eld with N() elements, so the proposition also follows from this and Lagranges
theorem.
If a Z[] is not a multiple of , then by the previous proposition
a[a
N()1
1 = (a
N()1
3
1)(a
N()1
3
)(a
N()1
3

2
).
Since does not divide 1 , the elements 1, ,
2
are pairwise distinct modulo , hence
there is a unique
_
a
_
3
1, ,
2
such that
a
N()1
3

_
a
_
3
(mod ).
53
Well dene
_
a
_
3
= 0 when [a.
This is the analogue of the classical Legendre symbol. The goal of the remaining part is
to generalize the quadratic reciprocity law to this setting. First, an easy exercise:
Proposition 9.15. a) The map a
_
a
_
3
is multiplicative and if a b (mod ), then
_
a
_
3
=
_
b
_
3
.
b) If does not divide a, then a is a cube modulo i
_
a
_
3
= 1.
Proof. This is proved in exactly the same way as the corresponding assertions for Legendres
symbol.
Proposition 9.16. If q is a rational prime of the form 3k+2, then
_
a
q
_
3
= 1 for all rational
integers a such that (a, q) = 1.
Proof. We need to check that x x
3
is surjective mod q. But it is trivially injective, as
q 2 (mod 3). The result follows.
Heres the generalization of the quadratic reciprocity law for the ring Z[]. It is called
the cubic reciprocity law. The proof is similar to that of the quadratic reciprocity law,
but the details are somewhat tricky.
Theorem 9.17. Let
1
,
2
be prime elements of Z[], each congruent to 2 modulo 3. Suppose
that their norms are dierent and dierent from 3. Then
_
2
_
3
=
_
1
_
3
.
Proof. Of course, if the statement works for
1
and
2
, then it works for any associates of
1
and
2
. By a previous proposition, the statement is clear when
1
,
2
are rational primes.
So, we need to consider two cases:
When
1
is a rational prime and
2
2
is a rational prime.
When both
j
j
are rational primes.
I will only prove the rst case, as the proof is more natural and already contains all
the key ideas. The second part uses the same arguments and 2 3 lines of tricky algebraic
manipulations.
Let 2 (mod 3) such that = p, a rational prime. Then Z[]/ is a eld with p
elements, so it is F
p
. We will identify them, so that we can see a
_
a
_
3
as a character of
F
p
. Let = e
2i
q
and let
g =

a
_
a
_
3
a
, J =

a
_
a
_
3
_
1 a
_
3
be the associated Gauss, respectively Jacobi sums.
Write for the character a
_
a
_
3
. Then
3
= 1, so that by the general theory of Gauss
and Jacobi sums we have
J =
g()
2
g(
2
)
=
g()
2
g()
=
g
3
p
.
g
3

a
(a)
3
3a
=

a
3a
= 1 (mod 3). Hence, since p 1 (mod 3), we have J 2
(mod 3).
Since [J[ =

p, we have JJ = p = . Since J, J, , are 2 mod 3, uniqueness of
prime factorization yields J , . Heres a key lemma:
54
Lemma 9.18. We have J = and so g
3
= p.
Proof. By denition we have
J =

a
_
a
_
3
_
1 a
_
3
a
a
p1
3
(1 a)
p1
3
(mod ).
But divides p and

a
a
p1
3
(1 a)
p1
3
0 (mod p), since

a
f(a) 0 (mod p) for any
polynomial f of degree less than p 1. Hence divides J and we are done.
We are now ready to prove the rst case of the cubic reciprocity law. Suppose that
1
= q, a rational prime and = p, a rational prime. Keep the previous notations. The
previous lemma yields
g
q
2
1
= (p)
q
2
1
3

_
p
q
_
3
=
_
p
q
_
3
q
_
3
=
_
q
_
3
(mod q).
On the other hand, we can write (using that q
2
1 (mod 3))
g
q
2
a
_
a
_
3
q
2
a
=
_
q
_
3
g.
We deduce that
_
q
_
3
g
_
q
_
3
g (mod q),
and we can simplify by g, as it is relatively prime to q (since it divides p). The result follows.
9.19 Problem set: characters

1. Let G be a nite abelian group and let f, g : G C be arbitrary maps. Dene
f, g) =
1
[G[
xG
f(x)g(x).
a) Prove Fouriers inversion formula: for any f we have f =

G
f, ).
b) Prove Plancherels identity: for all f
1
[G[
xG
[f(x)[
2
=

G
[f, )[
2
.
2. Let A be a nite set of integers and let f : A Z/pZ be a map. Then for any positive
integer k there exist at least
|A|
2k
p
(2k)-tuples (a
1
, ..., a
2k
) A
2k
such that
f(a
1
) +f(a
2
) +... +f(a
k
) f(a
k+1
) +f(a
k+2
) +... +f(a
2k
) (mod p).
3. (AMM) Let p be an odd prime. Prove that the 2
p1
2
numbers 1 2
p1
2
represent each nonzero residue class mod p the same number of times. Compute this
number.
55
4. (Bulgaria TST 2006) Let p > 2 be a prime. How many subsets of 1, 2, ..., p 1 have
the sum of their elements divisible by p?
5. Show that for all primes p there exists an integer x such that x
8
16 (mod p).
6. (primality criteria) a) (Taiwan 1996) Prove that k = 2
2
n
+ 1 is a prime i k[3
k1
2
+ 1.
b) Let p = 1 (mod 4). Show that 2p + 1 is a prime i 2p + 1[2
p
1.
7. (Turkey) Find all primes p such that p! +p is a perfect square.
8. Find the least prime factor of 12
2
15
+ 1.
9. (IMO Shortlist 1998) Find all n for which there is m such that 2
n
1 divides m
2
+ 9.
10. (Selfridge) Let a and b be positive integers such that a > 1 and a b (mod 2). Prove
that 2
a
1 is not a divisor of 3
b
1.
11. Let f Z[X] of degree 2 such that for all primes p, f has at least one root in F
p
. Then
f has rational roots.
12. (Mathlins Contest) Let a
1
, a
2
, ..., a
2009
be nonnegative integers such that a
n
1
+a
n
2
+... +
a
n
2009
is always a perfect square. Find the smallest k such that there are always at least
k numbers equal to 0 among them.
13. Let a, b, c be positive integers such that b
2
4ac is not a perfect square. Prove that
for any n > 1 there are n consecutive positive integers, none of which can be written
in the form (ax
2
+bxy +cy
2
)
z
for some integers x, y, z with z > 0.
14. Show that for all n, 2
3
n
+ 1 has at least n prime factors of the form 8k + 3.
15. (Bulgaria 1998) Suppose that m, n > 0 and
(m+3)
n
+1
3m
is an integer. Show that this
integer is odd.
16. (Taiwan 2000) Show that if m, n > 1 and (5
m
1) = 5
n
1, then gcd(m, n) > 1.
10 Counting points modulo p
The problem of nding the number of solutions of polynomial congruences is extremely deep
and of utmost importance in number theory. In this lecture Ill give some elementary tools
and examples. The basic technical ingredient is the theory of Gauss and Jacobi sums that
was developed in the previous lecture. We will focus especially on elliptic curves, since even
in this case the theory is fairly deep.
10.1 The key identity
Let q be a power of a prime p. It is convenient to extend the denition of a multiplicative
character of F
q
to F
q
, by dening (0) = 0 if is nontrivial and (0) = 1 if is trivial.
The following innocent-looking identity will play a crucial role in future arguments and is
constantly used when dealing with equations over nite elds:
56
Proposition 10.2. Let d be a divisor of q 1 and let x F
q
. The number of solutions of
the equation y
d
= x with y F
q
is
N(y
d
= x) =

d
=1
(x),
the sum being taken over all multiplicative characters whose order divides d.
Proof. If x = 0, this is clear, as both sides are equal to 1. Assume that x ,= 0. If the equation
y
d
= x has a solution in F
q
, then it has exactly d such solutions, as the equation y
d
= 1 has
precisely d solutions in F
q
(because d[q 1 and F
q
is cyclic of order q 1). On the other
hand, the dual group of F
q
is also cyclic of order q 1, so the equation
d
= 1 has d solutions
and for each of them (x) = (y
d
) = (y)
d
= 1, so both sides of the equality we want to
prove are equal to d and we are done. Finally, if the equation has no solution, the result is
a consequence of the orthogonality relations for the abelian group F
q
/x
d
[x F
q
, whose
dual group is precisely the subgroup of those multiplicative characters such that
d
= 1
(actually, this argument also covers the previous case...).
Lets start with a baby example:
Proposition 10.3. The number of solutions of the equation x
2
+y
2
= 1 with x, y F
p
is
N(x
2
+y
2
= 1) = p (1)
p1
2
.
Proof. Using the previous proposition, we can write
N(x
2
+y
2
= 1) =

a,bF
p
,a+b=1
N(x
2
= a)N(y
2
= b) =
a+b=1
_
1 +
_
a
p
___
1 +
_
b
p
__
= p +

a
_
a
p
_
+

b
_
b
p
_
+J(, ),
where J = J(, ) is the Jacobi sum associated to the character (a) =
_
a
p
_
.
Since is quadratic, we cannot use the formula expressing J in terms of Gauss sums.
But we can write
J =

a+b=1
(a)(b) =

a(1+t)=1
(a)
2
(t) =

t=1
(t) = (1).
Since (1) = (1)
p1
2
, we are done.
Lets give now a much more serious example:

Theorem 10.4. (Gauss) Let p be a prime of the form 3k + 1 an dene A by the equality
N(x
3
+y
3
= 1) = p 2 +A.
Then A 1 (mod 3) and we can nd B Z such that 4p = A
2
+ 27B
2
.
57
Proof. As in the previous proof, if is a nontrivial cubic character, then we can write
N(x
3
+y
3
= 1) =

a+b=1
N(x
3
= a)N(y
3
= b) =

a+b=1
(1 +(a) +
2
(a))(1 +(b) +
2
(b)).
Expanding the product, permuting the sums and using the orthogonality relations, we end
up with
N(x
3
+y
3
= 1) = p +J(, ) +J(,
2
) +J(
2
, ) +J(
2
,
2
).
As in the previous proof, we easily check that J(,
2
) = J(
2
, ) = 1 and since
2
= ,
we obtain
N(x
3
+y
3
= 1) = p 2 +J(, ) +J(, ),
so that A = 2ReJ(, ). Lets write J = J(, ).
Since is a cubic character, we can write J = a + b for some integers a, b (recall that
= e
2i
3
. Hence A = 2ab. Also, the general theory of Jacobi sums gives [J[ =

p, so that
p = N(J) = a
2
ab + b
2
and so 4p = (2a b)
2
+ 3b
2
= A
2
+ 3b
2
. Finally, when proving
the cubic reciprocity law, we proved that J 2 (mod 3), hence 3[b. Writing b = 3B, we are
done.
You might ask if there is an analogue of this theorem for p 2 (mod 3). Actually, this
case is trivial, as in this case the map x x
3
is a permutation of F
p
, so the equation
x
3
+y
3
= 1 has precisely p solutions in this case.
11 Cyclotomic polynomials and applications
11.1 Cyclotomic polynomials
For n 1 let
n
(X) =

ord()=n
(X ),
where ord() means that is a primitive nroot of unity. This
n
is called the nth cyclotomic
polynomial and is an absolutely fundamental object in mathematics. Note that deg
n
=
(n). Since any n-th root of the unity in C is primitive of order d for a unique d[n, we get
the:
Proposition 11.2. (Fundamental identity) We have
X
n
1 =

d|n
d
(X).
By comparing degrees in both terms, we deduce that n =

d|n
(d), which weve already
used (with a dierent proof) when proving the existence of primitive roots mod p. Let us
deduce some important corollaries from this identity:
Corollary 11.3. For n 1,
n
Z[X]. Thus, one can reduce
n
mod p, p.
58
Proof. Indeed, one can use strong induction:
n
(X)
d|n, d=n
d
(X) = X
n
1
and by induction we have that

d|n, d=n
d
(X) Z[X] is monic. Now, suppose that f, g
Z[X], h C[X] and f is monic, fh = g. I claim that h Z[X]. Just write fh = g in terms
of coecients of f, g, h and you will see why (alternative way: division algorithm).
11.4 Prime divisors of
n
(a) and weak Dirichlet
The following theorem is not trivial and will play a crucial role in many proofs concerning
cyclotomic polynomials. Well also see that a weak form of Dirichlets theorem follows very
easily from it.
Theorem 11.5. For all a Z and for all p [
n
(a) we have that ord(a (mod p)) = n (and
so p 1 mod n) or p [ n.
Proof. Let k = ord(a mod p). As a
n
1 =

d|n
d
(a) p [ a
n
1, so k [ n.
Let us suppose that k < n. Now p [ a
k
1 so (fundamental identity!) there is d [ k such that
p [
d
(a). Clearly d [ n and d < n. As X
n
1 =

d|n
d
(X) (rst of all in Z[X], so also in
F
p
[X] via reduction mod p) and as
d
(X) and
n
(X) have a as root in F
p
, we get that a is
a double root of X
n
1 in F
p
[X]. So the derivative vanishes at a, that is na
n1
= 0 in F
p
.
Therefore p [ n and we are done!
Corollary 11.6. (weak Dirichlet theorem) For all n there are innitely many primes p = 1
(mod n).
Proof. For k > n large enough we have
n
(k!) > 1 (why?) and so we can choose some
p
k
[
n
(k!). Now the last coecient of
n
(0) is 1 or 1 (Vieta!) and so
n
(k!) = 1, 1
(mod k)!, which obviously implies that (p
k
, k!) = 1. As k > n we get p
k
> k > n and by
previous corollary we deduce that p
k
= 1 (mod n) and since p
k
> k we are done.
Heres another funny application:
Example 11.7. (IMO Shortlist 2006.) Solve in Z
x
7
1
x 1
= y
5
1.
Proof. Clearly, y > 1 and if p [
x
7
1
x1
then by the theorem in the beginning we have that
p [ 7 or p 1 mod 7. So any prime divisor of y 1 has this shape, hence y 1 mod 7 or
y 2 mod 7. But the same should hold for y
4
+ y
3
+ y
2
+ y + 1, which cannot happen. So
there is no solution.
59
11.8 An amazing application
Just to see the power of these polynomials, let me solve a problem which really looks in-
tractable at a rst sight:
Example 11.9. (Komal) Show that n [ p
+
(2
n
1) < 2
n
2009
1 is innite. (Here p
+
(x) is
the largest prime factor of x.)
Proof. The point is to see that p we have p [ 2
n
1 d [ n, p [
d
(2) and to use this to
estimate p. As
d
(2) =

d
=1 primitive
(2 )
d
(2) 3
(d)
.
Hence p [ 2
n
1 p 3
(n)
. So it is enough to have 3
(n)
< 2
n
2009
which is equivalent to
(n) < cn with some constant c. Chose n = p
1
p
2
p
k
(product of a sequence of primes)
then
k
i=1
_
1
1
p
i
_
=
(n)
n
<
k
i=1
e
1
p
i
= e
k
i=1
1
p
i
and nally use that

i1
1
p
i
= (at some moment Ill add a proof...) to get that for all
large k, n = p
1
...p
k
is a solution.
11.10 A subtle irreducibility result
The proof of the following theorem is due to Artin and its fairly subtle, even though ele-
mentary.
Theorem 11.11. The nth cyclotomic polynomial
n
Proof. By Gauss lemma it is enough to do it with Z[X] instead of Q[X]. Let z be a primitive
nth root of unity, we want to prove that
z
=
n
. Weve seen that
z
Z[X]. Heres the
key idea: Claim For any prime p not dividing n, we have
z
=
z
p. Assume for a moment
that this holds. We deduce that
z
(z
p
) =
z
p(z
p
) = 0 and we immediately deduce from this
that
z
(x) = 0 for any primitive nth root of the unity x. Thus
z
is a multiple of
n
and
since it clearly divides
n
(because
n
(z) = 0), the conclusion follows.
Now, let us prove the claim. Suppose that
z
,=
z
p. As both are irreducible, they
must be relatively prime. As
z
p(z
p
) = 0, we must have
z
(X)[
z
p(X
p
) in Q[X] and so also
in Z[X] (they are both monic with integer coecients). Write
z
p(X
p
) =
z
(X)g(X) and
consider the reduction mod p. We obtain the equality
z
p(X)
p
=
z
(X) g(X) and so
z
divides
z
p in F
p
[X]. As
z
divides X
n
1 in Z[X],
z
divides X
n
1 in F
p
[X]. But we saw
in the previous lecture that X
n
1 is squarefree in F
p
[X] when p does not divide n. So
z
is
squarefree and since it divides
z
p
p
, it must divide
z
p. As
z

z
p divides X
n
1, it follows
that
z

z
p divides X
n
1, so
z
2
divides X
n
1, contradicting the fact that X
n
1 is
squarefree. The claim is proved.
11.12 Zsigmondys theorem

The proof of the next result is rather technical, but the result is important and very useful.
60
Theorem 11.13. (Zsigmondy). Let a, n > 1 be two integers. Then, with exactly 2 excep-
tions, there exists a prime p such that the order of a mod p is n. The two exceptions are
n = 2, a + 1 = 2
s
, s 2 and n = 6, a = 2.
Corollary 11.14. With the previous two exceptions, there always exists p [ a
n
1 such that
p = 1 (mod n) and does not divide (a 1)(a
2
1)(a
3
1) (a
n1
1.)
Proof. Suppose that we cannot nd a prime p for which the order of a mod p is n. Choose
a prime p[
n
(a) (it exists, as
n
(a) > 1). Let r be the order of a mod p, so by assumption
r < n.
Lemma 11.15. There is i 1 such that n = r p
i
.
Proof. Let q be a prime factor of
n
r
, so r divides
n
q
, and so p[a
n/q
1. On the other hand,
n
(X)[
X
n
1
X
n/q
1
in Z[X] (indeed,
n
and X
n/q
1 share no common root, so they are relatively
prime). Hence p[
a
n
1
a
n/q
1
and also p[a
n/q
1, which implies p[q and so p = q. This proves the
lemma.
Note that the lemma implies that p is the largest prime factor of n (note that r[p 1).
Lemma 11.16. If p > 2, then v
p
(
n
(a)) 1; the same holds for p = 2 if n > 2.
Proof. We saw in the proof of the previous lemma that p[
a
n
1
a
n/p
1
, so we can use the lifting
exponent lemma if p > 2. If p = 2, the previous lemma shows that n = 2
k
for some k and
its again easy to conclude.
In what follows I will assume that n > 2 (the other case is trivial). The previous two
lemmas imply that
n
(a) = p
+
(n). I claim that this implies n = 6 and a = 2. This is not
hard, but technical. If a > 2, it is trivial that this cannot happen, as
n
(a) (a 1)
(n)
2
p1
and we get p 2
p1
, which implies that n is a power of 2 and
n
(a) = 2, which readily
gives n = 2, no! So suppose that a = 2. Then
n
(a) =
p
i
r
(a) =

r
(a
p
i
)
r
(a
p
i1
)
=

r
=1 primitive
a
p
i
a
p
i1
>
_
a
p
i
1
a
p
i1
1
_
(r)
.
Now
x
p
1
x
2
1
x
p2
hence
a
p
i
1
a
p
i1
1
(a
p
i1
1)a
p
i1
(p2)
. So we get
p =
n
(a)
_
a
p
i
1
a
p
i1
1
_
(r)
_
(a
p
i1
1)a
p
i1
(p2)
_
(r)
a
p
i
1
a
p
i1
1
(a
p
i1
1)a
p
i1
(p2)
a
p2
.
Next, dont forget that a = 2 and so one plays around with these inequalities to get n = 6.
61
11.17 Problem set-cyclotomic polynomials
1. Show that
n
(0) = 1 if n > 1 and
n
(0) = p if n is a power of p and 1 otherwise.
2. Let n > 1 not a power of a prime, a
1
, . . . , a
k
be all integers in 1, 2, . . . , n that are
relatively prime to n. Show that
[
k
i=1
cos
_
a
i
n
_
[ =
1
2
(n)
.
3. Check that
n
(x
p
) =
np
(x) if p [ n and
n
(x)
np
(x) otherwise.
4. Show that
n
(2) > n if n > 6. Show that
n
(2) >
2
(n)
e
for n 1. Deduce a quicker
proof of Zsigmondys theorem if a = 2.
5. Let a > 1 be an integer. Show that for any N there is a p with ord(a (mod p)) <
p1
N
.
6. Suppose a 2, n 1 and
n
(a
m
) is a prime. Then either a = 2, n = 1 and m is a
prime or all prime factors of m divide n.
7. Let a, b 1 and suppose that
a
b
is not an integer power of a prime. Show that
a
(x)
and
b
(x) are relatively prime x Z. Deduce that p
1
, . . . , p
n
> 3 distinct primes,
2
p
1
p
n
+ 1 has at least 2
n1
pairwise relatively prime divisors.
8. (Shortlist 1997) Let b > 1, m ,= n positive integers. If b
m
1 and b
n
1 have the same
prime divisors, then b + 1 is a power of 2.
9. (Romania TST 2009) Prove that there exist innitely many pairs of distinct primes
p, q with p [ 2
q1
1, q [ 2
p1
1.
10. (Russian Olympiad) Prove that there exist innitely many composite numbers n with
n [ 3
n1
2
n1
.
11. (China TST) The equation n! = a
r
(a
s
1) has nitely many solutions (n, r, s) for a
xed a > 1.
12. (Iran TST) Let A Z be a nite set and a > 1. Show that
m 1 [ all prime factors of a
m
1 are in A
is nite.
13. Find n if 2
n
1 [ (n + 1)!.
11.18 And to end this in glory: a beautiful theorem of Nagell
Let me nish this lecture with a very beautiful theorem of Nagell that generalizes two things
we have already seen: the rst is the classical theorem of Schur saying that for f Z[X]
nonconstant there are innitely many p for which f has a root in F
p
and the second one
being the weak version of Dirichlets theorem (there are innitely many p = 1 (mod n) for
62
any given n). By the way, this is also stolen from a post of Vesselin Dimitrov on mathlinks...
You see, Im very original sometimes...
Before stating the main result, I need one black box on the primitive element theorem,
so lets start with some
Notations. If x
1
, . . . , x
n
Q, let Q(x
1
, . . . , x
n
) be the smallest subeld of C containing
x
1
, . . . , x
n
. It is not dicult to see that
Q(x
1
, . . . , x
n
) = f(x
1
, . . . , x
n
) [ f Q[x
1
, . . . , x
n
]
For instance, Q(
2 is precisely the set of numbers of the form a + b
2 with a, b rational
numbers. These objects Q(x
1
, . . . , x
n
) are among the most important things in number
theory and they are called number elds. The following theorem is surprising, in the same
way as the fact that algebraic numbers form a ring was very surprising at rst sight. For
instance, choose x
1
=
3
2 and x
2
=

2 +
3 and try to nd as in the following theorem.

You will see that this is not at all obvious!
Theorem 11.19. (Primitive element) x
1
, . . . , x
n
Q, Q with
Q(x
1
, . . . , x
n
) = Q().
In down to earth terms, this says the following: if I give you some algebraic numbers
x
1
, ..., x
n
, you can form a polynomial expression with rational coecients in x
1
, ..., x
n
, so
that all x
i
are in their turn polynomial expressions with rational coecients in ! So the
study of number elds reduces to the study of elds of the form Q() with an algebraic
number. Actually, if I really pick these algebraic numbers at random, then x
1
+... +x
n
will
work for (though this is far from being obvious). The proof of this theorem is not hard at
all, so I will postpone it to the problem set. Armed with this, we can attack the proof of the
beautiful:
Theorem 11.20. (Nagell) Let f
1
, . . . , f
n
Z[X] be nonconstant. Then there are innitely
many p such that each f
i
has at least a zero in F
p
.
The main point is the:
Lemma 11.21. There exists polynomials g
i
Q[X] such that
gcd(f
1
(g
1
(x)), f
2
(g
2
(x)), . . . , f
n
(g
n
(x))) ,= 1
in Q[X].
Proof. Choose x
i
C with f(x
i
) = 0 and z such that Q(x
1
, . . . , x
n
) = Q(z). By replacing
z by some Nz, we may assume without loss of generality z O
Q
. Now x
i
Q(z), so
x
i
= g
i
(z) for some g
i
Q[X]. Let us choose N such that h
i
= Ng
i
Z[X] and denote
F
i
(X) = N
deg(g
i
)
f
i
(g
i
(X)) Z[X]. We have
z
[ F
i
in Q[X] and
z
is monic, so
z
[ F
i
in
Z[X]. By a fact discussed in class there are innitely many p > N such that
z
has a root
n
p
(mod p), so F
i
too. Then its clear that all f
i
have at least a root in F
p
and the theorem
follows.
Corollary 11.22. f Z[X] nonconstant and k 1. Then the set
p 1 (mod k) [ f has at least a root in F
p
is innite.
Proof. Apply the theorem to f and
k
and use results of the previous lecture.
63
12 Introduction to p-adic numbers
12.1 The p-adic valuation revisited
We will give a more analytic avor to Q
p
, by endowing it with an absolute value, which plays
the same role as the usual absolute value on real numbers.
Denition 12.2. Let x Q
p
0 and write (according to theorem 1.14) x = p
k
u for
a unique unit u and a unique integer k. Call k = v
p
(x) the p-adic valuation of x and
[x[
p
= p
v
p
(x)
the p-adic absolute value of x. Dene [0[
p
= 0.
The following is an immediate consequence of the denition:
Proposition 12.3. For all x, y Q
p
we have [xy[
p
= [x[
p
[y[
p
and [x+y[
p
max([x[
p
, [y[
p
),
with equality if [x[
p
,= [y[
p
. Moreover, [ [ extends the p-adic absolute value on Q Q
p
.
Note that the inequality [x + y[
p
max([x[
p
, [y[
p
) satised by the p-adic absolute value
is stronger than the usual triangle inequality for real or complex numbers. This has a whole
variety of consequences, which make p-adic numbers a rather exotic object from a geometric
point of view. On the other hand, the simple existence of the p-adic valuation allows us to
copy many denitions from real analysis and thus do p-adic analysis.
Denition 12.4. Say a sequence of p-adic numbers x
n
converges to a p-adic number a if
[x
n
a[
p
converges to 0 in the usual sense, that is for all N > 1 there is n
0
such that
[x
n
a[
p
< 1/N for all n > n
0
.
Intuitively, the sequence x
n
converges to a if the dierence x
n
a is more and more
divisible by p when n is large, that is if v
p
(x
n
a) goes to innity as n . The following
result is absolutely fundamental:
Theorem 12.5. If x
n
Q
p
converges to 0 then the series

n0
x
n
converges in Q
p
, that is
the sequence whose general term is x
0
+x
1
+... +x
n
converges in Q
p
.
Note that this is NOT true for real numbers (think about the harmonic series!). Also,
note the following important consequence: a sequence x
n
Q
p
converges if and only if
x
n
x
n1
tends to 0 in Q
p
, a fact that will be used a lot in future sections.
Proof. Write s
n
= x
0
+x
1
+...+x
n
, so that s
n
s
n1
goes to 0. Note that we may assume that
all x
n
are p-adic integers: indeed, since x
n
goes to 0, x
n
is a p-adic integer for n large enough.
Multiplying all x
n
by the same large power of p so that the rst terms also become p-adic
integers does not aect the hypothesis or the conclusion. Next, write s
i
= ( s
i1
, s
i2
, ...) as a
compatible sequence. Thinking of these innite sequences as innite rows of some innite
matrix, the crucial fact is the following:
Lemma 12.6. For any n there exists k
n
such that s
in
= s
jn
for all i, j k
n
. That is, every
column of this innite matrix eventually becomes constant.
Proof. Indeed, note that for i > j we have
v
p
(s
i
s
j
) = v
p
(s
j+1
+... +s
i
) inf
kj+1
v
p
(s
k
)
and the last one goes to innity as j . Thus for i > j large enough we have v
p
(s
i
s
j
) >
n, which implies that s
in
= s
jn
.
64
This lemma gives us a candidate for the limit of the sequence s
n
: dene the sequence
a = ( a
1
, a
2
, ...), where a
n
is the common value of the elements s
in
for i large enough (using
the notations of the lemma we have a
n
= s
k
n
n
). It is then immediate to check that this
sequence is compatible and denes a p-adic integer which is the limit of the sequence s
n
.
Finally, let us give another fundamental property of p-adic integers, which shows that
they are basically "formal power series in p" or "innite base-p expansions".
Theorem 12.7. For any p-adic integer x there exists a unique sequence a
n
0, 1, ...p 1
such that
x =
n=0
a
n
p
n
.
By denition, the previous equality means that the sequence whose general term is a
0
+a
1
p+
... + a
n
p
n
converges to x. Moreover, if a
n
is the rst nonzero term of this sequence, then
v
p
(x) = n.
Proof. If x is a p-adic integer, there exists a unique a
0
0, 1, ..., p1 such that xa
0
pZ
p
.
Indeed, it is clear that a
0
has to be (the lifting to 0, 1, ..., p 1 of) the rst term of the
compatible sequence x. Using this remark, we deduce by induction that for any n there are
unique a
0
, a
1
, ..., a
n
0, 1, ..., p 1 such that
x (a
0
+a
1
p +... +a
n
p
n
) p
n+1
Z
p
.
But this implies that
x = lim
n
(a
0
+a
1
p +... +a
n
p
n
).
The rest is essentially immediate using lemma 1.15 and theorem 1.13.
So any p-adic number x can be uniquely written as a Laurent series x =

k>N
p
k
a
k
for some N and some a
k
0, 1, ..., p 1. Moreover, we have the following nice criterion to
establish when x Q. The proof is a bit tricky:
Proposition 12.8. The p-adic number x =

k>N
p
k
a
k
is a rational number if and only if
the sequence (a
k
)
k
becomes periodic from a certain point.
Proof. It is immediate to check that if (a
k
)
k
is eventually periodic, then x is rational (simply
because p
a
+p
2a
+... =
p
a
1p
a
in Q
p
for any a > 0). The amusing point is proving the converse.
By multiplying x by a power of p, we may assume that x Z
p
, say x =

k0
a
k
p
k
. Write
x =
u
v
for some relatively prime integers u, v and consider the sequence x
k
=

jk
a
j
p
jk
.
Then clearly x
k
= a
k
+ px
k+1
. As x
0
= x is rational, it is clear that all x
k
are rational.
But much more is true: we claim that we can nd y
k
Z such that [y
k
[ max([u[, [v[)
and x
k
=
y
k
v
. Indeed, if this holds for x
k
, then we can take y
k+1
=
y
k
va
k
p
(clearly [y
k+1
[
max([u[, [v[); to see that y
k+1
Z, note that x
k
a
k
pZ
p
, so that p must divide y
k
va
k
).
Now, the sequence (y
k
)
k
is a bounded sequence of integers, so we can nd i < j such that
y
i
= y
j
. Then x
i
= x
j
and by uniqueness (proved in the previous theorem) we must have
a
i+1
= a
j+1
, a
i+2
= a
j+2
, .... This nishes the proof.
65
The following is also absolutely crucial. It basically says that in many cases solving a
polynomial in p-adic numbers is the same as solving it mod p, since any solution mod p will
automatically lift to a compatible sequence of solutions mod p
n
.
Theorem 12.9. (Hensel lemma) Let f Z
p
[X] and let a Z
p
be such that [f(a)[
p
< 1 and
[f
(a)[
p
= 1. Then there exists unique b Z
p
such that f(b) = 0 and [b a[
p
< 1.
Proof. The idea is to prove by induction that one can nd a sequence of p-adic integers
a
n
with a
0
= a, a
n+1
= a
n
(mod p
n+1
) and v
p
(f(a
n
)) n + 1. By the previous theorem,
the sequence a
n
will converge to a p-adic integer b and since v
p
(f(a
n
)) n + 1 and f(a
n
)
converges to f(b), then f(b) = 0. To prove the existence of a sequence a
n
, assume we
constructed a
0
, ..., a
n
and search for a
n+1
= a
n
+p
n+1
b
n
for some p-adic integer b
n
. We need
to ensure that
f(a
n
+p
n+1
b
n
) = 0 (mod p
n+2
),
but using an obvious expansion we get
f(a
n
+p
n+1
b
n
) = f(a
n
) +p
n+1
b
n
f
(a
n
) (mod p
2n+2
)
and so we only need to take b
n
such that
f(a
n
) +p
n+1
b
n
f
(a
n
) = 0 (mod p
n+2
).
This is immediate, as f
(a
n
) is a unit.
12.10 Absolute values and their extensions

Q
p
is trivially not algebraically closed: the equation x
2
= p has no solution in Q
p
, since
if x Q
p
satises x
2
= p, then p
1
= [p[
p
= [x
2
[
p
= [x[
2
p
and [x[
p
is of the form p
a
for
an integer a, a contradiction. Thus, it is meaningful to study nite extensions of Q
p
, as
one is often interested in solving polynomial equations over Q
p
. It turns out that all nite
extensions of Q
p
also have natural absolute values that extend the absolute value of Q
p
,
though this is far from being trivial. It is thus better to abstract the situation, using the
following
Denition 12.11. 1) An absolute value on a eld K is a map [ [ : K R
+
such that
[x[ = 0 if and only if x = 0, [xy[ = [x[ [y[ and [x+y[ [x[ +[y[. The absolute value is called
non archimedean if [x +y[ max([x[, [y[).
2) A valuation on a eld K is a map v : K R such that v(x) = if and only
if x = 0, v(xy) = v(x) +v(y) and v(x +y) min(v(x), v(y)).
It is clear that any non archimedean absolute value is bounded by 1 on Z, but the nice
and somewhat tricky fact is that the converse holds. Indeed, if [n[ 1 for all n, then for all
x, y and all n we can write
[x +y[
n
= [(x +y)
n
[ =
k=0
_
n
k
_
x
nk
y
k
k=0
[x[
k
[y[
nk
(n + 1) max([x[, [y[)
n
.
Taking the nth root of this inequality and letting n yields [x + y[ max([x[, [y[),
proving the claim. With these remarks being made, we are ready to prove the following
beautiful result:
66
Theorem 12.12. (Ostrowski) Any nontrivial norm on Q is equivalent to the p-adic absolute
value for some prime p or to the usual absolute value.
Proof. Suppose rst that the absolute value [ [ is non archimedean. Note that m = x
Z[[x[ < 1 is then a nonzero prime ideal of Z, so it is of the form pZ for a unique prime p.
Then clearly [n[ = 1 if n is relatively prime to p and by multiplicativity, it follows that [ [
is equivalent to the p-adic absolute value.
The dicult case is when [ [ is archimedean. We saw that in this case there exists an
integer n > 1 such that [n[ > 1. Pick any such n and write for all x > 1 the number x in
base n, say
x = x
0
+x
1
n +... +x
k
n
k
.
Note that k log
n
x and that if C
n
= max
1jn1
[j[, then
[x[ [x
0
[ +[x
1
[[n[ +... +[x
k
[[n[
k
< C
n
[n[
k+1
[n[ 1
< Ax
log
n
|n|
for some constant A, independent of x. Applying this to x
N
for N large enough yields
[x[ x
log
n
|n|
.
Now, we claim that for any integer x > 1 we have [x[ > 1. Indeed, if [x[ 1, by writing
n
j
in base x and using the same argument as before, we deduce that
[n[
j
= [n
j
[ C(1 + log
x
n
j
).
As [n[ > 1, this is certainly not true for j large enough, proving the claim.
Combining the two previous paragraphs yields [x[ x
log
n
|n|
for all x > 1. But since
n > 1 was arbitrary such that [n[ > 1, we deduce by symmetry that the previous inequality
is in fact an equality. This implies that log
n
[n[ is a constant function of n > 1. Thus, there
is d such that [n[ = n
d
for all integers n > 1 and the conclusion is then immediate.
We will take for granted the following result, whose proof would take us too far aeld.
Theorem 12.13. Fix an algebraic closure Q
p
of Q
p
.
a) There is a unique extension of [ [
p
to a non archimedean absolute value on Q
p
.
b) There is an algebraically closed eld C
p
, endowed with a norm extending the p-adic
one, containing Q
p
as a dense subeld and with the following property: whenever a sequence
x
n
C
p
converges to 0, the series

n1
x
n
converges in C
p
.
Well leave the proof of the following result as an easy exercise:
Proposition 12.14. a) If a
n
converges to 0 in C
p
, then for any bijection : N N the
series

n0
a
(n)
converges and its sum is equal to

n0
a
n
.
b) If a
mn
is a double sequence in C
p
such that lim
max(m,n)
a
m,n
= 0, then
m
_
n
a
m,n
_
=

n
_
m
a
m,n
_
and all series converge.
67
12.15 p-adic analogues of classical functions
Recall that for any complex number x, the series

n0
x
n
n!
converges to a complex number
called e
x
and x e
x
is a surjective group morphism C C
. Let us study the p-adic

analogue of this construction: the problem is that v
p
(n!) is quite large, so we cannot expect
that the previous series converges for all x. Actually, by theorem 12.5 the previous series
converges for some x C
p
if and only if v
p
_
x
n
n!
_
. Using Legendres formula
v
p
(n!) =
n s
p
(n)
p 1
,
where s
p
(n) = O(log n) is the sum of digits of n when written in base p, we deduce that the
series converges i
lim
n
n
_
v
p
(x)
1
p 1
_
+
s
p
(n)
p 1
= ,
which happens if and only if v
p
(x) >
1
p1
, i.e. [x[ < p
1
p1
. Moreover, one can easily check
(using the remark on double sums made in the previous section) that if x, y satisfy these
conditions, then so does x +y and e
x
e
y
= e
x+y
.
It turns out that one can construct an inverse to the exponential map, which is however
dened on all C
p
. More precisely, we have the following nontrivial
Theorem 12.16. There exists a unique continuous homomorphism log
p
: C
p
C
p
such
that log
p
(p) = 0 and
log
p
(x) =

n1
(1)
n1
(x 1)
n
n
for [x 1[
p
< 1.
Proof. (sketch) The proof is pretty long, so we only give the main steps. The crucial point
is the following
Lemma 12.17. Any x C
p
can be uniquely written x = p
r
v for some r Q, a root
of unity of order prime to p and u C
p
such that [v 1[ < 1.
Proof. Let us prove the existence part. By construction, v
p
(C
p
) = Q, so that given any
x C
p
there is r Q and u C
p
such that x = p
r
u and v
p
(u) = 0. Consider the image of u
in the residue eld F
p
of C
p
. It is a nonzero element of some F
q
for some power q of p. Thus
v
p
(u
q1
1) > 0 and then easily u
(q1)q
n
1 as n . This implies that = lim
n
u
q
n
converges and clearly
q1
= 1 and v
p
(u ) > 0. So one can take v = u/.
For uniqueness, it is clear that r = v
p
(x) is uniquely determined. It is thus enough to
check that no root of unity of order prime to p satises [1 [ < 1. If has order n, it is
enough to check that p does not divide the norm (from Q
p
() to Q
p
) of 1 , which is left
to the reader.
Now, let us study log
p
. Let x C
p
and write x = p
r
v as in the lemma. Note that if
we admit that log
p
exists, then necessarily N log
p
() = log
p
(
N
) = 0 if
N
= 1, so necessarily
log
p
() = 0. As log
p
(p) = 0, we must have
log
p
x = log
p
(v) =

n1
(1)
n1
(v 1)
n
n
.
68
This shows that if log
p
exists, then it is unique.
It is harder to prove existence. First, by the previous paragraph we must dene
log
p
x = log
p
(v) =

n1
(1)
n1
(v 1)
n
n
if x = p
r
v. Note that the series converges, as
v
p
_
(v 1)
n
n
_
nv
p
(v 1) log
p
(n) .
Moreover, since the series converges uniformly, it is easy to see that v log
p
(v) is continuous
for [v 1[ < 1. From here it is not dicult to check that x log
p
(x) is continuous on C
p
.
It remains to check that it is additive. This immediately reduces to
log
p
(1 +u) + log
p
(1 +v) = log
p
(1 + (u +v +uv)
for [u[ < 1 and [v[ < 1. This is the tricky point. First, one checks that as formal series in
X, Y we have
log(1 +X) + log(1 +Y ) = log(1 + (X +Y +XY )),
for instance by dierentiating both sides in X, respectively Y . Next, the series dening
log
p
(1 + u), log
p
(1 + v) and log
p
(1 + u + v + uv) converge absolutely and one can permute
their terms as one wants, without changing the value of the series. This implies that we
can substitute X = u and Y = v in the formal series equality and nishes the proof of the
theorem.
The arguments used in the last paragraph of the proof of the previous theorem also yield
log
p
(e
x
) = x if [x[ 
1
p1
.
We end this section with another useful p-adic analogue, the binomial functions and
power functions. Dene, for x Q
p
and n 0
_
x
n
_
=
x(x 1)...(x n + 1)
n!
.
Proposition 12.18. 1) (Vandermondes identity) If x, y Q
p
, then
_
x +y
n
_
=
n
i=0
_
x
i
__
y
n i
_
.
2) If x Z
p
, then
_
x
n
_
Z
p
for all n.
3) If a C
p
satises [a[
p
< 1 and x Z
p
, dene
(1 +a)
x
=

n0
_
x
n
_
a
n
.
Then the series converges and x (1 +a)
x
is a continuous homomorphism from Z
p
to C
p
.
69
Proof. 1) If x, y are positive integers, simply compare coecients in (1 + T)
x+y
= (1 +
T)
x
(1 + T)
y
. The result then follows by density and continuity. The same argument
works for 2). The convergence of the series in 3) follows immediately from 2) and theorem
12.5. The continuity follows from the uniform convergence of the series, while the equality
(1 +a)
x
(1 +a)
y
= (1 +a)
x+y
follows either by a simple computation using 1) or from the
case x, y 1, 2, ... by continuity and density.
12.18.1 Some applications

We discuss here some rather immediate applications of the previous theoretical results. The
reader will probably appreciate better the power of these results, since none of the following
applications is easy to solve by other means.
Example 12.19. (Kiran Kedlaya, USA TST) Let p > 5 and
f
p
(x) =
p1
k=1
1
(px +k)
2
.
Prove that for any integers x, y, p
3
divides the numerator of f
p
(x) f
p
(y) when written in
lowest terms.
Proof. Using the tools previously introduced, this is very simple: working in Q
p
, we can
write
f
p
(x) =
p1
k=1
1
k
2
_
1 +
px
k
_
2
=
p1
k=1
1
k
2
j0
_
2
j
_
p
j
k
j
x
j
p1
k=1
1
k
2
_
1
2px
k
+ 3
p
2
x
2
k
2
_
=
p1
k=1
1
k
2
2px
p1
k=1
1
k
3
+p
2
x
2
p1
k=1
1
k
4
(mod p
3
).
It suces thus to show that
p
2
[
p1
k=1
1
k
3
and p [
p1
k=1
1
k
4
,
but these congruences have already been discussed in chapter ref.
Example 12.20. (how not to prove Fermats last theorem) Let p be a prime and let k, N 1.
There exist integers x, y, z, not all of them divisible by p and such that x
N
+ y
N
z
N
(mod p
k
).
Proof. It is enough to show the existence of x, z Z
p
such that x
N
+ 1 = z
N
, since then x
(mod p
k
), 1, z (mod p
k
) is a solution. Now, we would like to take z = (1 + x
N
)
1/N
. Using
the results of the previous section, we are tempted to take
z =

n0
_
1
N
n
_
x
nN
.
70
Unfortunately, N is not necessarily prime to p, so we cannot apply directly those results.
However,
v
p
__
1
N
n
_
x
nN
_
Nnv
p
(x)
n
p 1
nv
p
(N)
and this tends to as n if Nv
p
(x) >
1
p1
+v
p
(N). We thus choose such x and dene
z by the previous series. Then z Z
p
(by the previous estimate) and the usual argument
with formal series shows that z
N
= 1 +x
N
.
Example 12.21. Write
2
1
+
2
2
2
+... +
2
n
n
=
a
n
b
n
for relatively prime integers a
n
, b
n
. Then v
2
(a
n
) > n log
2
(n).
Proof. Let us work in Q
2
. The series

n
2
n
n
suggests considering log
2
(1). Indeed, the
series dening this is exactly
n
2
n
n
. On the other hand, since log
2
is additive and since
(1)
2
= 1 and log
2
(1) = 0, we must have log
2
(1) = 0, that is in Q
2
we have the equality
n1
2
n
n
= 0. But then
v
2
_
n
k=1
2
k
k
_
= v
2
_
_
k>n
2
k
k
_
_
inf
k>n
(k log
2
k) > n log
2
(n).
12.22 A geometric application

In this section we reward the reader with a mathematical gem, due to Paul Monsky. This
will use a version of the main result of the previous section: recall that we dispose of an
absolute value on C
p
extending the one on Q
p
. It is a nontrivial fact from eld theory that
C
p
is isomorphic as eld with C. The choice of an isomorphism allows us to transfer the
absolute value on C
p
to one on C, that still extends the p-adic absolute value on Q. The
reader who nds this construction very indirect will probably spend some time trying to
construct directly such an absolute value on C. Inevitable failure will probably convince him
of the power of the arguments in previous sections.
Theorem 12.23. (Monsky) One cannot dissect a square into an odd number of triangles of
the same area.
It is absolutely remarkable that no geometric proof is known for this pretty innocent-
looking problem. Monskys proof is a stunning combination of arithmetic and combinatorics.
We follow his article ref Paul Monsky, American Mathematical Monthly, Vol 77, No 2, Feb
1970, 161-164.
Proof. Consider the square with vertices (0, 0), (1, 0), (0, 1), (1, 1). Using the extension of the
2-adic valuation to R, color the point (x, y) R
2
in red if max([x[
2
, [y[
2
) < 1, in blue if
[x[
2
max(1, [y[
2
) and in green if [y[
2
> [x[
2
and [y[
2
1. We will repeatedly use the trivial
observation that translation by a red point is color-preserving.
Here is the crucial point:
71
Lemma 12.24. If T is a triangle whose vertices have three dierent colors, then [A(T)[
2
> 1,
where A(T) is the area of T.
Proof. By the remark on translations by red points, we may assume that one of the vertices
of T is (0, 0). Let b = (b
1
, b
2
) and c = (c
1
, c
2
) be the other vertices, say b is blue and c is
green. Then
[A(T)[
2
=
b
1
c
2
b
2
c
1
2
2
= 2[b
1
[
2
[c
2
[
2

1
c
1
c
2
b
2
b
1
2
> 1,
as [b
1
[
2
, [c
2
[
2
1 and

c
1
c
2

b
2
b
1
2
< 1.
Consider now a dissection of the square into n triangles of the same area, which is
necessarily 1/n. Color only the vertices of the triangles, as above. If we can prove that
there is a triangle with vertices of dierent colors, we deduce from the previous lemma that
[n[
2
< 1 and so n is even. The existence of such a triangle is a trivial consequence of Sperners
lemma, but it is perhaps useful to recall how things work in this easy two-dimensional case:
consider segments on the boundary of the square whose endpoints are red and blue (i.e.
one endpoint is red and the other one blue). It is very easy to see that such segments are
necessarily on the line connecting (0, 0) and (1, 0). As (0, 0) is red and (1, 0) is blue, there
must be an odd number of such segments. On the other hand, assume that no triangle has
vertices of dierent colors. It is easy (though a bit tedious) to check that all triangles have
an even number of sides whose endpoints are red and blue. As the triangles partition the
square, we deduce that the number of red-blue segments on the border of the square is even,
a contradiction. Thus, there must be a "colorful" triangle and the theorem is proved.
12.25 Mahler expansions
One of the miracles of p-adic analysis is that one has a fairly explicit description of all
continuous functions on Z
p
. Of course, this is far from being true in real or complex analysis,
so the following theorem is surprising to say the least. It is however absolutely crucial when
dealing with more delicate aspects of p-adic numbers and we will use it constantly in the
following sections.
Theorem 12.26. For any continuous function f : Z
p
Q
p
there is a unique sequence
(a
n
(f))
n0
of p-adic numbers such that lim
n
a
n
= 0 and
f(x) =

n0
a
n
(f)
_
x
n
_
for all x Z
p
. Moreover, we have
min
xZ
p
v
p
(f(x)) = min
n0
v
p
(a
n
(f)).
Proof. Note that if the equality
f(x) =

n0
a
n
(f)
_
x
n
_
72
holds for all x Z
p
, it also holds for all x 1, 2, ..., so that
f(n) =
n
k=0
a
k
(f)
_
n
k
_
for all n. Either by considering the exponential generating function of (f(n))
n
and (a
n
(f))
n
or by using the theory of nite dierences, we deduce that
a
n
(f) =
n
k=0
(1)
nk
_
n
k
_
f(k).
Assume for a moment that we proved that lim
n
a
n
(f) = 0, which is the dicult point
of the theorem. Then, since
_
x
n
_
Z
p
for x Z
p
, we deduce that g(x) =

n0
a
n
(f)
_
x
n
_
converges uniformly for x Z
p
and so g is a continuous function. Moreover, by construction
g(n) = f(n) for all n 1, so by density of 1, 2, ... in Z
p
we obtain f = g and the rst
part of the theorem follows. Finally, from the previous relations between the values of f at
positive integers and the a
n
(f) we obtain
v
p
(f(n)) min
0in
v
p
(a
i
(f)), v
p
(a
n
(f)) min
0in
v
p
(f(i)),
so another argument of density yields the equality
min
xZ
p
v
p
(f(x)) = min
n0
v
p
(a
n
(f)).
Note that those min exist, as v
p
(a
n
(f)) diverges to and since f is continuous on a compact
set Z
p
.
Now, it remains to prove that v
p
(a
n
(f)) . As f is bounded (because it is continuous
and Z
p
is compact), by multiplying f by some power of p we may assume that f(Z
p
) Z
p
.
As Z
p
is compact, f is uniformly continuous on Z
p
and so there is n
0
such that v
p
(f(x +
p
n
0
) f(x)) 1 for all x Z
p
. As p divides
_
p
n
0
k
_
for all 1 k < p
n
0
, it follows that
v
p
(
p
n
0
f(x)) 1 for all x Z
p
and so v
p
(
n
f(x)) 1 for all n p
n
0
and all x. Here
f(x) = f(x + 1) f(x), so that
n
f(x) =
n
k=0
(1)
nk
_
n
k
_
f(x +k)
and a
n
(f) =
n
f(0). Let g(x) =
1
p
p
n
0
(x), then g is continuous and g(Z
p
) Z
p
. Applying
the same argument to g, we nd n
1
such that v
p
(
p
n
1
g(x)) 1 for all x. Then v
p
(
n
f(x))
2 for all n p
n
0
+n
1
. Continuing like this, we nd integers n
i
such that v
p
(
n
f(x)) d for
all n p
n
0
+...+n
d1
and all x Z
p
. Taking x = 0 shows that v
p
(a
n
(f)) and nishes
the proof.
We call the numbers a

n
(f) the Mahler coecients of the function f.
73
12.27 The Skolem-Mahler-Lech theorem
Theorem 12.28. (Skolem-Mahler-Lech) A sequence (a
n
)
n
of integers satises
a
n+d
= x
1
a
n+d1
+x
2
a
n+d2
+... +x
d
a
n
for all n 0, where d 1 and x
1
, x
2
, ..., x
d
are integers. Then there exists a nite set S and
integers c
1
, c
2
, ..., c
N
, d
1
, d
2
, ..., d
N
such that
n 0[a
n
= 0 = S (c
1
+d
1
N) ... (c
N
+d
N
N).
The result holds for sequences with values in any eld of characteristic 0, as Lech proved.
The key point is that we have a p-adic version of the Lefschetz principle (the proof is not
easy, but elementary): if S is a nite subset of a eld K which is nitely generated over Q,
then for innitely many primes p there is an embedding of K into Q
p
sending all elements
of S to Z
p
. Applied to the roots of the characteristic polynomial of the recurrence relation,
this reduces the proof to the p-adic case, which has already been discussed. On the other
hand, the result does not hold for elds of positive characteristic. For instance, the sequence
a
n
= (1 + t)
n
1 t
n
is linearly recursive with values in F
p
((t)), but the reader can easily
check that it vanishes precisely at p
n
[n 0, which is not the union of a nite set and
nitely many arithmetic progressions.
Proof. We call a sequence of integers (b
n
)
n
p-nice if we can nd a sequence of integers c
n
such that b
n
=

n
k=0
_
n
k
_
p
k
c
k
for all n. The theorem follows from the following two lemmas:
Lemma 12.29. We can nd an odd prime p > 2 and a positive integer r such that for all
0 j < r, the sequence (a
nr+j
)
n0
is p-nice.
Proof. We may assume that x
d
,= 0. Consider the matrix M dened by m
ij
= 1
j=i+1
for
i < n and whose last row is x
d
, x
d1
, ..., x
1
. This is the companion matrix associated to
the characteristic polynomial X
d
x
1
X
d1
... x
d
of the recursive relation. Let V
n
be
the column vector whose coordinates are a
n
, a
n+1
, ..., a
n+d1
. Then the recursive relation
becomes V
n+1
= MV
n
, thus V
n
= M
n
V
0
. If e
1
is the column vector whose coordinates are
1, 0, 0, ..., 0 and if , ) is the standard inner product in R
d
, we deduce that a
n
= M
n
V
0
, e
1
).
It is easy to check that det M equals x
d
up to a sign. Pick a prime p > 2 + [x
d
[, so M is
invertible mod p. Using either Lagranges theorem or the pigeonhole principle, we can nd
r 1 such that M
r
I
d
(mod p). Thus we can write M
r
= I
d
+ pN for some matrix N
with integral coecients. But then for all 0 j < r,
a
nr+j
= (I
d
+pN)
n
M
j
V
0
, e
1
) =
n
k=0
_
n
k
_
p
k
b
k
,
where b
k
= N
k
M
j
V
0
, e
1
) is a sequence of integers.
Lemma 12.30. Let p > 2 be an odd prime and let b
n
be a p-nice sequence. If b
n
= 0 for
innitely many n, then b
n
= 0 for all n.
Proof. Say b
n
=

n
k=0
_
n
k
_
p
k
c
k
for some integers k and consider the following function
f(x) =

k0
p
k
c
k
_
x
k
_
,
74
dened on Z
p
and with values in Z
p
(the series converges for obvious reasons). By denition
we have f(n) = b
n
for all n. On the other hand, we will prove that f has a good analytic
behavior.
Let us write
_
x
k
_
=
1
k!
k
j=0
b
j,k
x
j
for some integers b
j,k
. Then we can write
f(x) =

k0
p
k
c
k
k!
_
_
k
j=0
b
j,k
x
j
_
_
=

j0
d
j
x
j
,
where d
j
=

kj
p
k
c
k
b
j,k
k!
. Note that the series dening d
j
converges, since
v
p
_
p
k
b
j,k
k!
_
k
p 2
p 1
tends to as k . The same estimate shows that
v
p
(d
j
) inf
kj
k
p 2
p 1
= j
p 2
p 1
.
Now, by hypothesis we know that f(n) = 0 for innitely many integers n. We will prove
that f = 0, which will be enough to conclude. There exists a Z
p
and an innite sequence
of integers n
j
such that f(n
j
) = 0 and n
j
converges p-adically to a (see the exercises). Now,
for all x Z
p
we can write
f(x) =

j0
d
j
((x a) +a)
j
=

j0
d
j
_
_
j
k=0
_
j
k
_
(x a)
k
a
jk
_
_
=

k0
_
_
jk
d
j
_
j
k
_
a
jk
_
_
(x a)
k
.
Again, the series dening e
k
=

jk
d
j
_
j
k
_
a
jk
converges because v
p
(d
j
) and we also
have
v
p
(e
k
) inf
jk
v
p
(d
j
) k
p 2
p 1
.
Recall that f(n
j
) = 0 for all j. On the other hand
v
p
_
_
k1
e
k
(n
j
a)
k
_
_
v
p
(n
j
a) ,
so that lim
j
f(n
j
) d
0
= 0. We deduce that d
0
= 0. Dividing the equality f(n
j
) = 0 by
a n
j
and repeating the argument yields d
1
= 0, then d
2
= 0 and so on. We deduce that all
d
j
s are zero and so f = 0. The result follows.
75
12.31 Problem set
1. (product formula) Prove that if x is a nonzero rational number, then [x[
p
[x[
p
= 1,
where the rst absolute value is the usual one.
2. If p > 2, then 16 is an 8-th power in p-adic numbers.
3. What are the squares in Q
p
?
4. a) Suppose that p > 2 and x 1 + pZ
p
satises ln
p
(x) = 0. Prove that x = 1. b)
Deduce that if p > 2 and x Q
p
satises x
p
n
= 1, then x = 1. More generally, what
are the roots of unity in the p-adic numbers?
5. a) Let x
n
be an arbitrary sequence of p-adic integers. Prove that one can nd n
1
<
n
2
< ... and a p-adic integer a such that the subsequence x
n
1
, x
n
2
, ... converges to a.
b) Prove that f Z[X] has a root in p-adic integers if and only the equation f(x) = 0
(mod p
k
) has solutions for any k 1.
6. (Putnam 2008) Let p be a prime number. Let h(x) be a polynomial with inte-
ger coecients such that h(0), h(1), . . . , h(p
2
1) are distinct modulo p
2
. Show that
h(0), h(1), . . . , h(p
3
3
.
7. (Japan) Prove that for any n one can nd an integer x for which v
3
(x
3
+ 17) = n.
8. (Iran) Let f be a polynomial with integral coecients and having no double complex
root. Prove that for any k 1 there is n such that in the prime factorization of f(n)
there are at least k primes with exponent 1.
9. Prove that for any p we have

n1
n
2
(n + 1)! = 2
and

n1
n
5
(n + 1)! = 26
in p-adic numbers.
10. Let p > 2 and a, b, c be integers such that a 2. Prove that there are only nitely
many n such that p
n
divides ba
n
+c.
11. (USA TST) Let p be a prime. We say that a sequence of integers z
n
n=0
is a p-pod
if for each e 0, there is an N 0 such that whenever m N, p
e
divides the sum
m
k=0
(1)
k
_
m
k
_
z
k
.
Prove that if both sequences x
n
n=0
and y
n
n=0
are p-pods, then the sequence
x
n
y
n
n=0
is a p-pod.
12. Let p > 5 be a prime. Prove that p
4
divides the numerator of the fraction
2
p1
k=1
1
k
+p
p1
k=1
1
k
2
when written in lowest terms.
76
13. (Math Reections) Let p be a prime and let n > s +1 be positive integers. Prove that
p
d
divides
0kn
p|k
(1)
k
k
s
_
n
k
_
,
where d =
_
ns1
p1
_
.
14. Prove the following theorem of Morita: if p > 2, then there is a unique continuous map
p
: Z
p
Q
p
such that for all n 2 we have
p
(n) = (1)
n
n1
j=1
gcd(p,j)=1
j.
We call it the p-adic Gamma function.
15. Let p > 2. Prove the following properties of the p-adic Gamma function:
1) For all positive integers n we have
p
(n + 1) = (1)
n+1
n!
_
n
p
_
! p
_
n
p
.
2)
p
(Z
p
) Z
p
.
3) If
p
(x) = x for x Z
p
and
p
(x) = 1 for x pZ
p
, then
p
(x + 1) =
p
(x)
p
(x).
4) If x Z
p
and r(x) 1, 2, .., p is the unique integer such that x r(x) pZ
p
, then
p
(x)
p
(1 x) = (1)
r(x)
.
16. Let p be a prime.
a) Show that for all n 0, there exists
lim
k
1
p
k
p
k
1
j=0
j
n
Q
p
.
We denote this limit B
n
and call it the nth Bernoulli number.
b) Show that B
0
= 1, B
1
=
1
2
, B
2
=
1
6
, that B
n
Q and we have the generating
function equality
n0
B
n
n!
X
n
=
X
e
X
1
.
c) Prove that for all positive integers n, k we have
1 + 2
n
+... + (k 1)
n
=
1
n + 1
n
i=0
_
n + 1
i
_
B
i
k
n+1i
.
d) Prove that pB
n
Z
p
for all primes p and all n 0.
77
e) Prove the following theorem of von Staudt-Clausen: for all n 1 we have
B
2n
+

p1|2n
1
p
Z.
17. (Iran TST, classical) Let A be the set of all sequences of integers and let f : A Z be
a map such that f(x +y) = f(x) +f(y) for all x, y A. Here addition in A is dened
componentwise. Let e
i
be the sequence whose i-th term is 1 and all other terms are 0.
a) Prove that if f vanishes at all e
i
, then f is zero.
b) Prove that f necessarily vanishes at all but nitely many of the e
i
s.
78
13 Solutions to some of the exercises
1. (important exercise) Let be the Mbius function, dened by (1) = 1, (n) = 0 if
n is not a product of distinct primes and (n) = (1)
k
if n is the product of k distinct
primes.
a) Show that

d|n
(d) =
_
1, if n = 1
0, otherwise
. What does this say in the ring of arith-
metic functions?
b) Deduce Mbius inversion formula: if f, g are arithmetic functions such that
g(n) =

d|n
f(d),
then
f(n) =

d|n
(
n
d
)g(d).
Proof. a) If n has k distinct prime factors p
1
, p
2
, ..., p
k
(eventually with multiplicities),
the only d for which (d) ,= 0 are p
1
, ..., p
k
, p
1
p
2
, ..., p
1
...p
k
. We deduce that, if n > 1,
then
d|n
(d) =
_
k
0
_
_
k
1
_
+
_
k
2
_
... = (1 1)
k
= 0.
In the ring of arithmetic functions, this identity becomes 1 = 1, where 1 is the
constant function sending everything to 1 and 1 is the unit element of the ring.
b) We have g = f 1 and we need to prove that f = g . But since is associative,
we can write using a)
g = (f 1) = f (1 ) = f 1 = f.
2. (Romanian, Iranian, Chinese TST) Let (a

n
)
n1
be a sequence of positive integers
satisfying (a
m
, a
n
) = a
(m,n)
for all m, n N
. Prove that there exists a sequence of

integers b
n
such that a
n
=

d|n
b
d
.
Proof. Using the obvious multiplicative analogue of Mobiuss inversion formula, it is
enough to prove that b
n
=

d|n
a
(n/d)
d
is an integer. Let p
1
, ..., p
k
be the prime
factors of n (without multiplicities) and let x
i
= a
n
p
i
. By hypothesis and an immediate
induction we obtain that
a
n
p
i
1
...p
i
s
= a
gcd
_
n
p
i
1
,...,
n
p
i
s
_
= gcd(a
n
p
i
1
, ..., a
n
p
i
s
)
for any distinct numbers i
1
, ..., i
s
. Therefore
d|n
a
(n/d)
d
= a
n

1
x
i
i<j
(x
i
, x
j
) ....
An easy inclusion-exclusion principle argument shows that the last expression is also
equal to
a
n
lcm(x
1
,...,x
k
)
. As the last is clearly an integer, we are done.
79
3. a) Show that any integer polynomial f Z[X] denes a map f : Z/nZ Z/nZ, by
setting f(a) = f(a).
b) Find all polynomials f Z[X] such that the map f : Z/nZ Z/nZ is bijective for
all n > 1.
Proof. a) One needs to check that if a = b, then f(a) = f(b). But a b divides
f(a) f(b), since f has integer coecients. It is then easy to conclude.
b) The injectivity of the map implies that whenever n divides f(a) f(b), n divides
a b. We easily get that f(a) f(b) divides a b, then that deg(f) 1 and Ill leave
the rest as an easy exercise.
4. (China TST 2000) Show that
_
1001
2
+ 1 +
_
1002
2
+ 1 + +
_
2000
2
+ 1 , Q.
Proof. Call x this number, then x is an algebraic integer and if it is rational, then
its an integer. However, it diers from the integer

2000
k=1001
k by less than 1 as 0 <
k
2
+ 1 k < 1/2k. This is of course impossible.
5. a) (useful) If Q and cos() Q, then cos()
1
2
, 1, 0.
b) (classical) Suppose that a regular polygon in the plane has all coordinates integer
numbers. Show that it is a square.
Proof. The point for a) is that 2 cos() is an algebraic integer, as you can easily check
by using the formula 2 cos x = e
ix
+ e
ix
. Next, use that algebraic integers which are
rational numbers are rational integers. Part b) follows easily from a) and the cosine
law applied in any triangle formed by three consecutive vertices of the polygon (by
noting that the squares of the lengths of sides of the polygon are integers).
6. (IMO Shortlist 1991) Let be a rational number with 0 < < 1 and cos(3) +
2 cos(2) = 0. Prove that =
2
3
.
Proof. Let x = cos and observe that the equation satised by can be written as
4x
3
+ 4x
2
3x 2 = 0 = (2x + 1)(2x
2
+x 2) = 0.
Of course, if x =
1
2
, we must have =
2
3
and we are done. Suppose that 2x
2
+x2 = 0,
so x =
1+
17
4
(because [x[ 1). We will then prove that cos(2
n
) takes innitely
many values as n runs over the positive integers. This will clearly contradict the
hypothesis that is rational. But since cos(2
n
) = 2 cos
2
(2
n1
) 1, it is easy to
prove that we can write
cos(2
n
) =
a
n
+b
n
17
4
, b
n+1
= a
n
b
n
, a
n+1
=
a
2
n
+ 17b
2
n
8
2
.
The previous relations allow us to prove by induction that a
n
, b
n
are odd integers and
that a
n+1
> a
n
. Thus cos(2
n
) takes innitely many values.
80
Remark 13.1. Here is another, more conceptual but also much more advanced, way
to prove the fact that we cannot have cos() =
1+
17
4
. In general, let us choose
relatively prime integers m, n with n > 1 and nd the degree of the algebraic number
x = cos
_
2m
n
_
. Dene z = e
2im
n
, a primitive n-th root of the unity. The irreducibility
of the cyclotomic polynomials (which is a very nontrivial theorem) implies that z has
degree (n) as algebraic number. On the other hand, we have
[Q(z) : Q] = [Q(z) : Q(x)] [Q(x) : Q]
and we have [Q(z) : Q(x)] = 2. Indeed, 2x = z + z
1
, which implies that z satises
a quadratic equation with coecients in Q(x), so [Q(z) : Q(x)] 2. On the other
hand, we cannot have Q(z) = Q(x), because z is not a real number. Putting these
observations together, we deduce that x has degree
(n)
2
. Using this, it is easy to solve
the problem.
7. Prove the following generalization of Fermats little theorem: let f Z[X] be a monic
polynomial with complex roots z
1
, z
2
, ..., z
n
(counted with multiplicities). Then for any
prime p we have
z
p
1
+z
p
2
+... +z
p
n
(z
1
+z
2
+... +z
n
)
p
(mod p).
Proof. Using the multinomial formula, one checks that
(z
1
+...+z
n
)
p
(z
p
1
+...+z
p
n
)
p
is a sym-
metric polynomial expression with integer coecients in the z
i
s. It is thus an integer.
1
= 0, a
2
= 2, a
3
= 3, a
n+1
= a
n1
+ a
n2
. Prove that for any prime
number p we have that p [ a
p
.
Proof. You can easily check by induction that a
n
= z
n
1
+z
n
2
+z
n
3
, where z
i
are the roots
of X
3
X 1. The result follows then from the previous exercise.
9. The rst condition that should be satised in order to have P(X)[Q(R(X)) is that for
each root z of P we have Q(R(z)) = 0. Therefore, if x
1
, x
2
, ..., x
n
are the roots of P
(some of the x
i
s may be equal), then we would like to have Q(R(x
i
)) = 0. The most
natural choice is to take
Q(X) =
n
i=1
(X R(x
i
)).
Note that it satises P(X)[Q(R(X)), because Xx
i
divides R(X) R(x
i
) for all i. It
remains to check that Q has rational (respectively integer, for the second part of the
problem) coecients. This follows from the corollary of the fundamental theorem of
symmetric polynomials (see lecture 1).
10. (USAMO 2009) Let s
1
, s
2
, ... and t
1
, t
2
, ... be two innite nonconstant sequences of
rational numbers such that (s
i
s
j
)(t
i
t
j
) is an integer for all i, j 1. Prove that
there exists a rational number r such that (s
i
s
j
)r and
t
i
t
j
r
are integers for all i, j.
81
Proof. First of all, by working with the sequences (s
i
s
1
)
i
and (t
i
t
1
)
i
, we may
assume that s
1
= t
1
= 0. Secondly, there is u such that s
u
,= 0 and, by working with
the sequences
_
s
n
s
u
_
n
and (s
u
t
n
)
n
, we may assume that s
u
= 1.
Now, by assumption s
n
t
n
is an integer for all n. But then
s
i
t
j
+s
j
t
i
= s
i
t
i
+s
j
t
j
(s
i
s
j
)(t
i
t
j
)
is also an integer for all i, j. Since s
i
t
j
+s
j
t
i
and (s
i
t
j
) (s
j
t
i
) = (s
i
t
i
)(s
j
t
j
) are integers,
s
i
t
j
and s
j
t
i
are algebraic integers. Since they are also rational numbers, they must be
rational integers. Thus s
i
t
j
is an integer for all i, j. For i = u, we obtain that all t
j
are
integers. Let d be their greatest common divisor. Then clearly
t
i
d
is an integer for all i.
We claim that ds
i
is also an integer for all i, which will solve the problem. But since
d is a linear combination with integer coecients of some t
j
s (by Bezouts theorem)
and since s
i
t
j
Z for all i, j, it is clear that ds
i
Z for all i. The conclusion follows.
11. (Kroneckers theorem) Let f Z[X] be a monic polynomial, all of whose roots have
absolute value less than or equal to 1. Then all roots of f are either 0 or roots of unity.
Proof. Let x
1
, ..., x
n
be all roots of f and consider the polynomials f
j
(X) = (X
x
j
1
)...(X x
j
n
). These polynomials have integral coecients (by the usual argument
with symmetric sums) and their coecients are bounded independently of j (triangular
inequality and the fact that x
j
have magnitude at most 1). Since there are only nitely
many polynomials of degree n, with integer coecients and with uniformly bounded
coecients, it follows that we can nd j
1
< j
2
such that f
j
1
= f
j
2
. Then x
j
1
1
, ..., x
j
1
n
is
a permutation of x
j
2
1
, ..., x
j
2
n
and then easily all x
i
s are roots of the unity or zero.
12. Let p
1
, ..., p
n
be distinct prime numbers. Show that their square roots are linearly
independent over the rational numbers that is if a
i
are rational numbers and a
1
p
1
+
... +a
n
p
n
= 0 then a
i
= 0 for all i.
Proof. We will prove a much stronger result by induction (as usual, the hardest point
is formulating the correct statement to be proved by induction). More precisely, we
will prove by induction on n the following statement: for any m 1 and any distinct
primes q
1
, q
2
, ..., q
m
, p
1
, p
2
, ..., p
n
we have
q
1
q
2
...q
m
/ Q(
p
1
,
p
2
, ...,
p
n
).
We recall that F(x
1
, x
2
, ..., x
n
) is the smallest eld containing x
1
, x
2
, ..., x
n
and the eld
F. Note that by denition F(x
1
, x
2
, ..., x
n
) = F(x
1
, x
2
, ..., x
n1
)(x
n
).
Let us prove the base case: assume that n = 1 and that

q
1
q
2
...q
m
= a + b
p
1
for
some rational numbers a, b. Squaring this relation and using that

p
1
is irrational, we
deduce that ab = 0. But then either q
1
q
2
...q
m
or q
1
q
2
...q
m
p
1
is a perfect square, which
is clearly not possible. Now, assume that the result holds for n and let us prove it for
82
n + 1. Let F = Q(
p
1
,
p
2
, ...,
p
n
) and assume that

q
1
q
2
...q
m
= a + b
p
n+1
for
some a, b F. Again, we square this relation to deduce that
2ab
p
n+1
= q
1
q
2
...q
m
a
2
p
n+1
b
2
F.
However, by the inductive hypothesis we have

p
n+1
/ F, so we must have ab = 0.
If a = 0, we obtain that

p
n+1
q
1
q
2
...q
m
F, contradicting the inductive hypothesis.
If b = 0, we get again a contradiction with the inductive hypothesis. In all cases, the
inductive step is proved and the conclusion follows.
13. (IMO Shortlist 1989) Show that for all n there are n consecutive positive integers none
of which is a power of a prime number.
Proof. Pick dierent primes p
1
, p
2
, ..., p
n
, q
1
, q
2
, ..., q
n
and pick an integer (using CRT)
x such that x +i = 0 (mod p
i
q
i
) for all i.
14. (Romania TST 1995) Let f(x) = lcm(1, 2, ..., x). Show that for any n 2 there is a
set A of n consecutive positive integers on which f is constant.
Proof. Immediate consequence of the previous problem.
15. a) Show that there are arbitrarily long arithmetic progressions all of whose terms are
perfect powers (i.e. squares or cubes or...).
b) Can we nd an innite such progression?
Proof. Let n be any positive integer. Fix any n distinct primes q
1
, q
2
, . . . , q
n
. We will
nd such integer d that kd is the perfect q
k
-th power for all k = 1, . . . , n. Dene d as
d = p
s
1
1
. . . p
s
m
m
where p
1
, . . . , p
m
are all distinct primes not exceeding n and s
1
, . . . , s
m
are going to be determined. Factor each k = p
t
k1
1
. . . p
t
km
m
and consider a system of
congruences
s
i
+t
ki
0 (mod q
k
), i = 1, . . . , m, k = 1, . . . , n.
This system has a solution (s
1
, . . . , s
m
) modulo q
1
. . . q
n
which gives us required d.
16. (St. Petersburg) Show that n [ (a

n
1) for all n 1 and a Z.
Proof. The order of a mod a
n
1 is obviously n. No comment after this...
17. (Bulgaria) Find all m, n 1 such that n[m
23
n
+m
3
n
+ 1.
Proof. By hypothesis n divides m
3
n+1
1 and so the order d of m modulo n divides 3
n+1
.
On the other hand, if d divides 3
n
, then n divides both m
3
n
1 and m
23
n
+m
3
n
+1, so
that n divides 3. This gives us the solutions (1, m) (for any m) and (3, m) with m = 1
(mod 3). For any other eventual solution we must thus have d = 3
n+1
. However, this is
impossible, as Eulers theorem shows that d divides (n), in particular d < n < 3
n+1
.
This shows that there are no other solutions.
83
18. Show that x
4
= 1 (mod p) has a solution i p = 1 (mod 8).
Proof. The condition that x
4
= 1 (mod p) is equivalent to the fact that x has order
8 mod p (indeed, the condition is equivalent to x
8
= 1, but x
4
,= 1). So we need to nd
those p such that (Z/pZ)
has an element of order 8. But (Z/pZ)
is a cyclic group of
order p 1, so this condition is equivalent to p = 1 (mod 8).
19. (Iran 2007) Let n be relatively prime to 2(2

1386
1) and let a
1
, a
2
, ..., a
k
be a reduced
system mod n. Show that n divides a
1386
1
+a
1386
2
+... +a
1386
k
.
Proof. As n is odd, the map x 2x is a permutation of (Z/nZ)
. By hypothesis
(Z/nZ)
= a
i
[1 i k. Thus
i
a
i
1386
=

x(Z/nZ)
x
1386
=

x(Z/nZ)
(2x)
1386
= 2
1386
i
a
i
1386
.
That is, n divides (2
1386
1)
_
a
1386
1
+.. +a
1386
k
_
. The conclusion follows.
20. Let f be a polynomial with integer coecients such that for some prime number p we
have f(i) = 0 (mod p) or f(i) = 1 (mod p) for any integer i. If f(0) = 0 and f(1) = 1,
prove that deg(f) p 1.
Proof. Assuming that deg(f) < p 1, the conclusion will follow from the fact that
g(0) +g(1) +... +g(p 1) = 0 (mod p)
for any polynomial g of degree smaller than p 1. Indeed, all terms in the sum
f(0) + f(1) + ... + f(p 1) are either 0 or 1 modulo p and we know that there is at
least one 0 and at least one 1. Then clearly the sum cannot be a multiple of p.
It remains to prove the claim concerning g. Writing g(X) = a
0
+a
1
X +... +a
p2
X
p2
for some integers a
i
(we do not impose a
p2
,= 0), we have
p1
i=0
g(i) =
p1
i=0
p2
j=0
a
j
i
j
=
p2
j=0
a
j

p1
i=0
i
j
,
so that it suces to prove that 1
j
+2
j
+... +(p1)
j
= 0 (mod p) for all 1 j p2.
This is standard: choose any primitive root mod p, say g and observe that modulo p
we have
1
j
+ 2
j
+... + (p 1)
j
= 1 +g
j
+g
2j
+... +g
(p2)j
=
1 g
(p1)j
1 g
j
= 0,
the last being a consequence of the fact that g
j
,= 0 (mod p) (as the order of g mod p
is p 1) and g
p1
= 1 (mod p). This establishes the claim and nishes the solution.
84
21. (Unesco Competition 1995) Let m, n be integers greater than 1. Prove that the re-
mainders of the numbers 1
n
, 2
n
, ..., m
n
modulo m are pairwise distinct if and only if m
is square-free and n is relatively prime to (m).
Proof. Suppose rst that the remainders of 1
n
, 2
n
, ..., m
n
are pairwise distinct. If m is
not squarefree, pick a prime p such that p
2
divides m and observe that m
n
and (m/p)
n
are both 0 modulo m. Thus m is squarefree, say m = p
1
...p
k
. We need to prove that n
is relatively prime to each p
i
1. But if for some i we have d
i
= gcd(p
i
1, n) > 1, then
there exists x such that x
n
= 1 (mod p
i
) and x ,= 1 (mod p
i
). Indeed, one can take
x = g
p
i
1
d
i
for some primitive root g modulo p
i
. Using the chinese remainder theorem
we then obtain y such thay y = 1 (mod p
j
) for all j ,= i and y = x (mod p
i
). But then
y
n
= 1 (mod m) and y ,= 1 (mod m), a contradiction. Thus, one direction is proved.
Next, assume that m = p
1
...p
k
is squarefree and gcd(n, (m)) = 1. Suppose that for
some 1 i < j m we have i
n
= j
n
(mod m). Then i
n
= j
n
(mod p
r
) for all r
and since p
r
1 and n are relatively prime, we deduce that i = j (mod p
r
). But then
i = j (mod m), which is impossible. This proves the opposite direction and nishes
the solution.
22. A Carmichael number is a natural number n such that n[a

n
a for any integer a.
a) Prove that n is a Carmichael number if and only if n is squarefree and p 1 divides
n 1 for any prime p dividing n.
b) Find all Carmichael numbers of the form 3pq with p, q primes.
Proof. a) n divides p
n
p for any prime p, thus v
p
(n) v
p
(p
n
p) = 1 for any p. Next,
if p[n, then p divides a
n1
1 for any a relatively prime to p. Taking for a a primitive
root mod p yields p 1[n 1. Since the converse is obvious, the result follows.
b) We deduce that 3, p, q are distinct and that p 1[3pq 1 and q 1[3pq 1. The
rst congruence implies that p1[3q 1, while the second yields q 1[3p1. We may
assume that p > q, so that 3q 1 < 3(p 1). Thus either p 1 = 3q 1 (impossible,
as p ,= 3) or 2(p 1) = 3q 1. So 2p = 3q + 1 and since q 1[3p + 1, we immediately
obtain that q 1[9q +1. This forces q 1[10 and we easily infer that q = 11 and p = 17.
Thus n = 561 is the only Carmichael number of the form 3pq.
23. Let p be a prime number and m, n be integers greater than 1 such that n[m
p(n1)
1.
Prove that gcd(m
n1
1, n) > 1.
Proof. Assume that gcd(m
n1
1, n) = 1 and let a = v
p
(n 1) and let q any prime
factor of n and d be the order of m mod q. Since q does not divide m
n1
1, d cannot
divide n 1. On the other hand, q divides n and hence m
p(n1)
1, thus d divides
p(n 1). We deduce that necessarily v
p
(d) > a. But since d divides q 1, we infer
that v
p
(q 1) a + 1. Since this happens for all primes dividing n, it follows that
n = 1 (mod p
a+1
), which contradicts the fact that v
p
(n 1) = a. This nishes the
solution.
85
24. a) Find all primes p, q such that pq divides 2
p
+ 2
q
.
b) Find all primes p, q such that pq divides 5
p
+ 5
q
.
Proof. a) Of course, if p = 2, then q divides 2
q
+ 4 and q divides 2
q
2, so that q
divides 6. This (and symmetry in p, q) gives us the solutions (2, 2), (2, 3), (3, 2). From
now on, assume that p, q > 2. Using Fermats little theorem we obtain p[2
q
+ 2 and
q[2
p
+ 2. So, 2
q1
= 1 (mod p) and 2
p1
= 1 (mod q). But then
2
pq1
= 2
p(q1)+p1
= (1)
p
= 1 (mod q)
and similarly 2
pq1
= 1 (mod q). Note that clearly p ,= q, so that pq must divide
2
pq1
+ 1. This cannot happen: we may assume that
a = min(v
2
(p 1), v
2
(q 1)) = v
2
(p 1),
so that pq = 1 (mod 2
a
). Write pq = 1 + 2
a
r and raise the congruence 2
2
a
r
= 1
(mod p) to the power
p1
2
a
(which is an odd number). Using Fermats little theorem
once more, we obtain 1 = 1 (mod p), a contradiction. This shows that there are no
solutions with p, q > 2 and so the only solutions are (2, 2), (2, 3), (3, 2).
b) There are some obvious solutions, for instance (5, 5). First, let us discuss the easy
case when 5 divides pq, say 5 = p and q ,= 5. Thus q[5
4
+ 5
q1
. Using Fermats little
theorem, this implies that q divides 626 and we nd two more solutions (5, 313) and
(5, 2). Finally, for some technical reasons, let us discuss rst the case p = 2. Then 2q
divides 25+5
q
and so by Fermats little theorem q divides 27 and so q = 3, which gives
the solution (2, 3).
Suppose now that pq is not a multiple of 5 or 2. Then the hypothesis combined with
Fermats little theorem shows that p divides 5
q1
+ 1 and q divides 5
p1
+ 1.
We have 5
q1
1( (mod p)) 5
2(q1)
1( (mod p)). Similarly, we also have
5
p1
1( (mod q)). Let 2
k
| ord
p
5. Then 2
k
| ord
p
5[p 1. Also, 2
k
[2(q 1), but
2
k
does not divide q 1 2
k1
| q 1. Therefore, we have that the maximum power
of 2 that divides p 1 is larger than the maximum power of 2 that divides q 1.
Doing the same process with 5
p1
1(modq), we get that the maximum power of
2 that divides q 1 is larger than the maximum power of 2 that divides p 1, which
contradicts our previous statement. Thus the solutions are (2, 3); (5, 5); (5, 2); (5, 313)
and permutations.
25. A lattice point is called visible (from the origin) if its coordinates are co-prime numbers.
Is there any lattice point whose distance from each visible lattice point is at least 2000?
Proof. Well prove that can nd an n n square of invisible lattice points for any n.
Pick n
2
primes p
1
, p
2
, . . . p
n
2. Using the Chinese remainder theorem, choose x, y so
that p
mn+k+1
[ x + k and p
mn+k+1
[ y + m for all 0 k, m n 1. Then the square
dened by opposite corners (x, y) and (x + n 1, y + n 1) has all invisible lattice
points, because (x +k, y +m) has p
mn+k+1
dividing both coordinates.
That solves the problem: just nd a 4001 4001 square and pick the point in the
center.
86
26. (Romania TST 2008) Compute the gcd of the numbers 2
n
2, 3
n
3, ..., n
n
n for
given n.
Proof. The answer is
gcd(2
n
2, . . . , n
n
n) =

p prime
p1|n1
p .
It is clear that RHS divides LHS. Take p a prime divisor of LHS and suppose that
p > n. Then X
n
X has solutions 0, 1, 2, ..., n in F
p
and they are all distinct, a
contradiction. So p n. So the LHS has all prime factors n and then its clear that
it must be squarefree (if p
k
divides LHS, then p
k
[p
n
p, so k = 1). Finally, if p n
divides LHS, we claim that p 1[n 1. This is clear taking a primitive root mod p.
27. (Ljungren) Let p > 2. Show that for any integers a, b we have
_
pa
pb
_
=
_
a
b
_
(mod p
3
).
Proof. By coming back to the denition of binomials we immediately get
_
pa
pb
_
=
_
a
b
_
b1
k=0
(k+1)p1
j=kp+1
pa j
j
,
so we need
b1
k=0
(k+1)p1
j=kp+1
(pa j)
j
1 (mod p
3
).
It is of course enough to show that for all k we have
(k+1)p1
j=kp+1
(pa j)
(k+1)p1
j=kp+1
j (mod p
3
).
See LHS as a polynomial in p and imagine expanding: its enough to show that the
coecients in p and p
2
are 0 mod p
2
and p respectively.
Case 1: coecient of p this coecient is
pa
_
_
(k+1)p1
i=kp+1
_
1
i
_
_
_
_
_
(k+1)p1
j=kp+1
(j)
_
_
.
However a small modication of the standard arguments shows that
(k+1)p1
i=kp+1
_
1
i
_
= 0 (mod p
2
)
and we are done.
Case 2: coecient of p
2
Here we have to work mod p. Here the coecient is
87
p
2
a
2

kp+1u<v(k+1)p1
_
1
uv
_
_
_
(k+1)p1
j=kp+1
(j)
_
_
.
Reduce everything which does not contain p
2
mod p and we need to prove that
1u<vp1
1
uv
0 (mod p),
but this is equal to
_
1
2
_
_
_
1 +
1
2
+. . . +
1
p 1
_
2
_
1 +
1
2
2
+. . . +
1
(p 1)
2
_
_
and everything follows from what weve seen in class.
28. (IMO) Prove that for any prime p there is a prime q that does not divide any of the
numbers n
p
p, with n 1.
Proof. The crucial idea is the following: assume that q divides n
p
p for some n 1.
Thus n
p
= p (mod q) and n
p
2
= p
p
(mod q). Now, in order to exploit the order of n
mod q in a convenient manner, we will try to impose the further condition that p
p
= 1
(mod q). Then n
p
2
= 1 (mod q), which shows that the order d of n mod q is 1, p or
p
2
. If d divided p, we would get n
p
= 1 (mod q), so that p = 1 (mod q). This cannot
happen if we choose q a prime factor of p
p1
+... +p+1 (which divides p
p
1). Indeed,
if q is such a prime, then the order of p mod q has to be p, forcing p to divide q 1.
Therefore, with such a choice of q we necessarily have d = p
2
and so p
2
divides q 1.
The previous arguments show that all we have to do is to prove the existence of a prime
factor q of p
p1
+ ... + p + 1 such that p
2
does not divide q. But this is clear, since if
such q didnt exist, we would have p
p1
+ ... + p + 1 = 1 (mod p
2
), which is certainly
absurd.
29. Easy applications of the lifting exponent lemma:
a) (Romania TST) Find all n for which 2
n
[3
n
1.
b) (AMM) Let a, b, c be positive integers such that c[a
c
b
c
. Prove that c[
a
c
b
c
ab
.
c) (Romania TST 2009) Let a, n 2 be integers such that n divides (a 1)
k
for some
k 1. Prove that n divides 1 +a +a
2
+... +a
n1
.
d) (Romania TST 1994) Prove that ((n1)
n
+1)
2
divides n(n1)
(n1)
n
+1
+n for all
odd n > 1.
Proof. a) Let n = 2
a
b, b odd, a 0. Then
3
n
1 = (3
b
)
2
a
1 = (3
b
1)(3
b
+ 1)(3
2b
+ 1) (3
2
a1
b
+ 1).
You can easily deduce from this that v
2
(3
n
1) = a+2. Thus, we must have a+2 b2
a
,
in particular a + 2 2
a
, so a 2. The rest is easy.
88
b) Let p be a prime dividing c. We will prove that
v
p
(c) v
p
_
a
c
b
c
a b
_
.
If p does not divide a b, this follows from our hypothesis that c divides a
c
b
c
. So,
we may assume that p divides a b. Now, we can forget about our hypothesis, since
the following holds: for any c 1 and any p dividing a b (for some integers a, b)
we have v
p
(a
c
b
c
) v
p
(c) + v
p
(a b). This is a special case of the lifting exponent
lemma if p > 2, but since it is rather easy to prove in all cases, Ill do it again: write
c = p
n
d, with d relatively prime to p and use the fact that a
p
n
b
p
n
divides a
c
b
c
to
reduce to the case d = 1 and c = p
n
. Then use induction on n: for n = 1, note that
a
p
b
p
ab
= a
p1
+ ... + b
p1
and all terms in the previous sum are congruent mod p to
a
p1
(and there are p terms in the sum). The induction step reduces to the case n = 1
applied to the numbers a
p
n
and b
p
n
.
c) Take a prime p dividing n. By hypothesis p divides a1. It is thus enough to prove
that v
p
_
a
n
1
a1
_
v
p
(n), which follows as in b).
d) Let x = (n1)
n
+1, an odd number divisible by n, as n is odd. Therefore, if p > 2
divides x, we can write
v
p
_
n(n 1)
(n1)
n
+1
+n
_
= v
p
(n) +v
p
((n 1)
x
+ 1) =
= v
p
(n) +v
p
_
((n 1)
n
)
x/n
(1)
x/n
_
= v
p
(n) +v
p
(x) +v
p
(x/n) = 2v
p
(x)
by the lifting exponent lemma. The conclusion follows.
30. Trickier applications of the lifting exponent lemma:
a) (Balkan Math. Olympiad 1993) Let m > 1 be an integer and let p be a prime.
Suppose that the equation
x
p
+y
p
2
=
_
x +y
2
_
m
has integral solutions x, y > 1. Then m = p.
b) (IMO Shortlist 2000) Find all a, m, n positive integers such that a
m
+ 1 divides
(a + 1)
n
.
c) Find all positive integers m, n such that m
n
[n
m
1.
d) (Mathlinks Contest) Let a, b be distinct positive rational numbers such that a
n
b
n
Z for innitely many positive integers n. Show that a, b Z.

Proof. a) There is a boring case that I leave to you, namely the case p = 2 (check
that in this case either x + y 4 or m 2 and then use brute force). So assume
from now on that p > 2. By convexity we have
x
p
+y
p
2

_
x+y
2
_
p
, so that m p. Let
x = du, y = dv, with gcd(u, v) = 1, so
d
mp
(u +v)
m
= 2
m1
(u
p
+v
p
).
89
Suppose that u + v has an odd prime factor q. Then passing to v
q
in the previous
equality yields
mv
q
(u +v) = v
q
(u
p
+v
p
) = v
q
(p) +v
q
(u +v) 1 +v
q
(u +v),
contradiction with m > 2. Thus u +v is a power of 2 and so v
2
(u
p
+v
p
) = v
2
(u +v).
But then mv
2
(u + v) v
2
(u + v) + m1, yielding u + v = 2, then u = v = 1 and so
x = y. Then clearly m = p.
b) Suppose for simplicity that a > 1, m > 1, n > 1. If m is even, then any p dividing
a
m
+ 1 divides a + 1 and so its 2. As 4 cannot divide x
2
+ 1 for any x, we get
a
m
+ 1 = 2, so a = 1. Thus m is odd. Choose p > 2 dividing m, then a
p
+ 1
divides (a +1)
n
, so any prime factor q of
a
p
+1
a+1
divides a +1 and so its p (as it divides
a + 1 and a
p1
a
p2
+ ... a + 1). So we get that a
p
+ 1 = p
k
(a + 1) for some k.
But v
p
(a
p
+ 1) = v
p
(a + 1) + v
p
(p), and so k = 1, that is a
p
+ 1 = p(a + 1). Then
a(a
p1
p) = p1 and LHS is at least 2(2
p1
p) which except for a few cases for p is
larger than p 1. So we reduce to a nite and very small cases for p and so also for a
and then its boring case-work that the student has to do (but surely not the teacher!).
c) Let p be the smallest prime factor of m. Then p divides n
gcd(m,p1)
1 = n 1.
Next, suppose that p > 2, then
nv
p
(m) v
p
(n
m
1) = v
p
(n 1) +v
p
(m),
from where n 1 v
p
(n 1), that is n 1 p
n1
3
n1
, impossible. So p = 2 and
n is odd. Then
nv
2
(m) v
2
(n
m
1) = v
2
(n
2
1) 1 +v
2
(m),
thus (n 1)v
2
(m) v
2
(n
2
1) 1. Its easy to see that this implies that n = 3 and
v
2
(m) = 1. Next, m
3
divides 3
m
1. Let q be the smallest prime factor of m/2, in
case m > 2. Then q is odd and q divides 9
gcd(q1,m/2)
1 = 8, a contradiction. Thus
n = 3 and m = 2.
d) I leave as an exercise to reduce the problem to the following statement: if a, b are
distinct positive integers and p
n
divides a
n
b
n
for innitely many n, then p divides a
and p divides b. To prove this, assume that p does not divide a, so it does not divide
b either. But then
v
p
(a
n
b
n
) v
p
(a
(p1)n
b
(p1)n
) v
p
(a
2(p1)
b
2(p1)
) +v
p
(n) c
1
+c
2
log n
for two constants c
1
, c
2
depending only on a, b, p. As the last quantity is smaller than
n for large enough n, the result follows.
31. (Bulgaria TST 2000). Let a, b > 1 be relatively prime. Show that for innitely many
primes p, v
p
(a
p1
b
p1
) is odd.
Proof. This problem is very hard. The crucial point is:
Claim: for any k > 1 there is a prime p
k
> 2 such that v
p
k
(m
2
k
+n
2
k
) is odd.
90
Proof: otherwise, m
2
k
+n
2
k
is either a square or twice a square. However, by classical
results of Euler, the equations x
4
+y
4
= z
2
or x
4
+y
4
= 2z
2
do not have solutions with
x, y > 1 relatively prime.
Now choose these p
k
and observe that they are pairwise distinct as the numbers
m
2
k
+ n
2
k
are pairwise relatively prime (standard argument seen in class). The usual
argument with order of p
k
mod 2 shows that 2
k+1
divides p
k
1. Clearly,
v
p
k
(m
2
k+1
n
2
k+1
) = v
p
k
(m
2
k
+n
2
k
)
and so is still odd. Finally, by the lifting exponent lemma
v
p
k
(m
p
k
1
n
p
k
1
) = v
p
k
(m
2
k+1
n
2
k+1
),
again odd. So we are done!
32. (Sierpinski) Show that there is k > 1 such that k 2

n
+ 1 is composite for all n 0.
Proof. If p is a prime dividing 2
2
k
+ 1, then 2 has order 2
k+1
mod p. This helps us
nding the following list:
We have primes p
1
= 3, p
2
= 5, p
3
= 17, p
4
= 257, p
5
= 65537, p
6
= 641, p
7
= 6700417
such that the order of 2 modulo those primes is 2
1
, 2
2
, 2
3
, 2
4
, 2
5
, 2
6
, 2
6
respectively.
We now can write N
0
as the union of arithmetic sequences A
1
, A
2
, ..., A
6
, A
7
with
dierences 2
1
, 2
2
, 2
3
, 2
4
, 2
5
, 2
6
, 2
6
(e.g.: the sequences of numbers 2
i1
mod 2
i
for i =
1, 2, .., 6 together with those 0 mod 2
6
) and call the starting terms a
1
, a
2
, ..., a
6
, a
7
and the dierences b
1
, b
2
, ..., b
7
respectively (so we could take a
i
= 2
i1
, b
i
= 2
i
for
i = 1, 2, ..., 6 and a
7
= 0, b
7
= 2
6
).
We then choose an integer k by the chinese remainder theorem such that k 2
a
i
1 mod p
i
. Then for each n N
0
, n is contained in one of the sequences A
i
, and
additionally 2
n
mod p
i
only depends on n mod b
i
, yielding k 2
n
+1 k 2
a
i
+1 0
mod p
i
. Thus if weve chosen k big enough, too (which we can), none of the numbersk
2
n
+1 is prime, each is divisible by one (and exactly one) of the primes listed above.
33. a) Show that all
_
2
n
k
_
for 1 k < 2
n
are even and precisely one of them is not a multiple
of 4. Which one?
b) For given p nd all n such that all
_
n
k
_
(1 k < n) are all multiples of p.
Proof. a) This is an immediate application of Legendres formula: we have
v
2
__
2
n
k
__
= s
2
(k) +s
2
(2
n
k) 1 1.
To have equality, we need to ensure that s
2
(k) = s
2
(2
n
k) = 1, which happens only
for k = 2
n1
(exercise).
b) The condition is equivalent to s
p
(k) +s
p
(n k) > s
p
(n) for all 1 k < n, which is
easily seen to be equivalent to n being a power of p: if n is a power of p then everything
is clear. On the other hand, if n = a p
j
is a solution with a > 1, pick k = p
j
to get a
contradiction.
91
34. (classical) Show that for any n and any a, n! divides

n1
k=0
(a
n
a
k
).
Proof. Pick a prime p and note that v
p
(n!)
n1
p1
by Legendre. If p divides a, then
clearly
v
p
(
n1
k=0
(a
n
a
k
)) n 1
n 1
p 1
and we are done. Otherwise, p divides a
k(p1)
1 for 1 k
n1
p1
by Fermats little
theorem and we are done again.
35. (AMM) Prove the identity

(n + 1) lcm
__
n
0
_
,
_
n
1
_
, ...,
_
n
n
__
= lcm(1, 2, . . . , n + 1)
for any positive integer n. Deduce that lcm(1, 2, ..., n) 2
n1
.
Proof. Pick a prime p. Let k be such that p
k
n + 1 < p
k+1
, then k is the p-adic
valuation of the RHS (easy). Note that (n + 1)
_
n
i
_
= (i + 1)
_
n+1
i+1
_
. Taking i = p
k
1,
we obtain that
v
p
_
(n + 1)
_
n
i
__
v
p
(i + 1) = k,
thus the p-adic valuation of the LHS is at least k. Let us prove now the opposite
inequality. Fix 0 i n and use Legendres formula to get
v
p
__
n + 1
i + 1
__
=

r1
x
r
, x
r
=
_
n + 1
p
r
_
_
i + 1
p
r
_
_
n i
p
r
_
.
Note that x
r
0, 1 for all r and x
r
= 0 if r > k (since in this case p
r
> n + 1).
The crucial point is to observe that for all r v
p
(i + 1) we also have x
r
= 0. Indeed,
writing i + 1 = p
r
u for some integer u, we have
x
r
=
_
n + 1
p
r
_
u
_
n + 1
p
r
u
_
= 0.
Putting these remarks together yields
r1
x
r
k v
p
(i + 1),
from where we get v
p
_
(i + 1)
_
n+1
i+1
_
_
k, establishing the opposite inequality. For the
second part, use the fact that
(n + 1) lcm
__
n
0
_
,
_
n
1
_
, ...,
_
n
n
__

n
j=0
_
n
j
_
= 2
n
.
92
36. (Sierpinski) Prove that if a
1
, ..., a
d
are arbitrary digits, there exists a prime number
whose rst digit is a
1
, second digit is a
2
, etc.
Proof. Let a be the number whose digits are a
1
, ..., a
d
. We need to nd k such that
(a 10
k
) < ((a + 1) 10
k
). Use the prime number theorem to prove this.
37. Prove that for all x > 2 we have
px
1
p
> log log x 1.
Proof. The key point is the FTA, which yields:
px
1
1
1
p
=

px
(1 + 1/p + 1/p
2
+...) >
kx
1/k.
Next use some classical estimates on harmonic numbers and the fact that
1
1
1
p
= 1 +
1
p 1
< e
1
p1
and nally estimate

p
1
(p1)p
...
38. a) Let d be a positive integer. Prove that there exists c > 0 such that whenever n is
suciently large, we have
lcm(n 1, n 2, ..., n d) > cn
d
.
b) (USAMO 1995) Let (a
n
)
n1
be an increasing sequence of positive integers such
that for some polynomial f Z[X] we have a
n
f(n) for all n. Suppose also that
mn[a
m
a
n
for all distinct positive integers m, n. Prove that there exists a polynomial
g Q[X] such that a
n
= g(n) for all n.
Proof. a) I claim that for any positive integers x
1
, x
2
, ..., x
n
, lcm(x
1
, x
2
, ..., x
n
) is a
multiple of
x
1
x
2
...x
n
1i<jn
gcd(x
i
,x
j
)
. It is enough to prove that for any prime p, the p-adic
valuation of lcm(x
1
, x
2
, ..., x
n
) is at least that of
x
1
x
2
...x
n
1i<jn
gcd(x
i
,x
j
)
. Writing y
i
= v
p
(x
i
),
this comes down to the inequality
max(y
i
)
y
i

i<j
min(y
i
, y
j
),
which is clear (simply order the y
i
s). Coming back to the problem, we infer that
lcm(n 1, n 2, ..., n (d + 1))
(n d 1)
d+1
1i<jd+1
gcd(n i, n j)
,
which is greater than C
1
n
d+1
for some constant C
1
> 0 and all large n (this is because
gcd(n i, n j) divides j i).
93
b) Let d be the degree of f and choose a polynomial P of degree d, with rational
coecients and such that P(i) = a
i
for 1 i d + 1. This is possible by Lagranges
interpolation formula. Choose (and x) N 1 such that h = NP has integral coe-
cients. Then h(i) = Na
i
and h has degree d. Fix any integer n > d+1 and observe that
mn divides Na
m
Na
n
and mn divides h(m)h(n). Thus, if m d+1, then mn
divides Na
n
h(n). Consequently, Na
n
h(n) is a multiple of lcm(n1, ..., n(d+1)).
Note that
[Na
n
h(n)[ Cn
d
for some constant C, because a
n
is bounded by f and because h has degree d. Using
a), we obtain that if n is large enough, then necessarily
lcm(n 1, n 2, ...n (d + 1)) > [Na
n
h(n)[.
Combining this with the result of the previous paragraph, we infer that there is n
0
such that for all n n
0
we have Na
n
= h(n).
Finally, pick any m 1 and observe that for all n n
0
we have m n[Na
m
Na
n
and mn[h(m) h(n). Since Na
n
= h(n), we deduce that mn divides Na
m
h(m)
for all n n
0
, forcing Na
m
= h(m). Thus, we proved the existence of a polynomial
g =
1
N
h, with rational coecients, such that a
n
= g(n) for all n.
39. Let f(x) be the number of squarefree numbers not exceeding x. Then there exists a
constant c such that [f(x)
6
2
x[ c
x. You may take for granted that

n1
1
n
2
=

2
6
,
then prove using this that

n1
(n)
n
2
=
6
2
.
Proof. Using the inclusion-exclusion principle, we obtain
x f(x) =

px
[x/p
2
]
p=qx
[x/p
2
q
2
] +... =

n
x
(n)[x/n
2
].
If we replace [x/n
2
] by x/n
2
, the total error we get is at most

x. Thus we have to
deal with

n
x
(n)
n
2
. This diers from

n1
(n)
n
2
by at most
n>
x
1
n
2
<
n>
x
1
n(n 1)
<
c
x
.
Thus it only remains to check that

n1
(n)
n
2
=
6
2
. Simply compute
n1
(n)
n
2

m1
1
m
2
=

m,n1
(n)
(mn)
2
=

n1
1
n
2
d|n
(d) = 1,
since

d|n
(d) = 0 for n > 1.
40. (Romania TST 2007) Solve in positive integers x

2007
y
2007
= x! y!.
94
Proof. We claim that there are only trivial solutions x = y. Suppose that x > y is a
solution of the problem. We will distinguish two cases.
In the rst case, assume that y 2007. If y = 1, then x
2007
= x! and trivially x = 1
(otherwise x 1 would divide x
2007
, so x 1 = 1, which is clearly not possible). Thus
y > 1 and we may choose a prime p[y. Then p divides y
2007
, x!, y!, so that p[x. But
then
2007 v
p
(x
2007
y
2007
) = v
p
(y!(x!/y! 1)) = v
p
(y!) < y,
a contradiction.
Now, assume that y > 2007. Then xy is a multiple of any prime p smaller than 2007
such that (2007, p 1) = 1. Indeed, if p is such a prime, then p divides x
2007
y
2007
=
x! y!. If p divides x, then clearly it also divides y and so it divides x y. If not,
since p divides x
p1
y
p1
and gcd(2007, p 1) = 1, it follows that p divides x y.
We deduce that x > y + 2007 in this case. But then
x! y! = y!(x!/y! 1) > 2007! x(x 1)...(x 2006) > x
2007
,
again a contradiction.
41. a) (Richard Stong) Prove that

v
2
__
4k
2k
_
(1)
k
_
2k
k
__
= s
2
(k) + 2 + 3v
2
(k),
where s
2
(k) is the sum of the digits in the base 2 expansion of k.
b)(IMO Shortlist 2007) Find v
2
(
_
2
n+1
2
n
_
_
2
n
2
n1
_
).
Proof. a) Consider the polynomial
F
k
(x) = (x 1)(x 3) (x + 1 2k) (1)(3) (1 2k).
Clearly F
k
is a polynomial with integer coecients, and we easily (and tediously)
compute the rst two terms as
F
k
(x) = k
2
x +
1
6
k(1 4k + 3k
2
)x
2
+. . . .
Hence
F
k
(4k) = 4k
3
+
8
3
k
3
(1 4k + 3k
2
) +. . . .
The rst term has v
2
(4k
3
) = 2 + 3v
2
(k), the next term has v
2
3 + 3v
2
(k), and the
omitted terms are all integer multiples of (4k)
3
. Thus we see that
v
2
(F
k
(4k)) = 2 + 3v
2
(k).
Now we are done by noticing that
_
4k
2k
_
(1)
k
_
2k
k
_
=
_
2k
k
_
F
k
(4k)
(2k 1)!!
95
and
v
2
__
2k
k
__
= s
2
(k),
the latter being a consequence of Legendres formula.
b) Using a), this is immediate.
42. Using Mertens theorems, prove the following results:

a) If f , , then
1
x
nx
f(n) log log x has a nite limit as x .
b) (Turans theorem) There exists a constant c > 0 such that for all x we have
nx
((n) log log x)
2
cxlog log x.
c) (Hardy-Ramanujans theorem) , have normal order log log n, i.e. if f , ,
then for all > 0 we have
lim
x
1
x
_
n x[1 <
f(n)
log log x
< 1 +
_
= 1.
d) (Erdos) We have
lim
n
[a b[1 a, b n[
n
2
= 0.
Proof. (sketch)
a) For , this follows from the fact that
px
1
p

(x)
x
<
1
x
nx
(n) =
=
1
x
nx
p|n
1 =
1
x
px
p|n
1 =
1
x
px
[x/p]
px
1
x
and from Mertens theorem combined with
(x)
x
0.
For (n), a similar argument gives
nx
(n) =

nx
(n) +

j2,p
j
x
[x/p
j
].
Observe that
j2,p
j
x
1
x
[log
p
x] log x
x
1
log p
<< log x (
x)
and the last quantity divided by x goes to 0 as x . Thus we can remove the oors
and we have to deal with
j2,p
j
x
1
p
j
.
96
Simply use the sum of a geometric series and obvious estimates...
b) Using a) and a small computation, it is enough to check that y = log log x, then
nx
(n)
2
cxy
2
.
Now, we have

nx
(n)
2
=

nx
p,q|n
1 =

nx
(n) +

p=q
nx,pq|n
1
=

nx
(n) +

p=q
[x/pq].
Use part a) to deal with the rst term and also observe that
p=q
[x/pq] x
p=q
1
pq
x
_
_
px
1
p
_
_
2
.
Finally, use Mertens theorem to conclude.
c) I will only do this for , for it is a little bit more technical, but nothing really
dicult. Let y = log log x and let A
x
be the set of those n x such that [
(n)
y
1[ .
Then by b) we have
cxy
nx
((n) y)
2
nA
x
2
y
2
= y
2
[A
x
[.
Thus [A
x
[
cx
y
and so
1
x
[A
x
[ goes to 0 as x .
d) Easy consequence of c).
43. Prove that (n) divides n for innitely many n.

Proof. This problem is extremely tricky. Let m be any positive integer and let k
be the largest positive integer such that
(mk)
mk

1
m
(it exists as
(x)
x
goes to 0 as
x ). I claim that
(mk)
mk
=
1
m
, which will solve the problem. If not, we have
(m(k + 1)) (mk) k + 1, contradicting the maximality of k.
44. a) (Iran TST) Let n 2 and let a

1
, a
2
, . . . , a
n
be positive integers, not all of them
equal. Prove that there are innitely many prime numbers p with the property: there
exists a positive integer k such that
p[a
k
1
+a
k
2
+ +a
k
n
b) (Iran TST 2009) Let a be a positive integer. Prove that the set of prime divisors of
2
2
n
+a for n = 1, 2, is innite.
97
Proof. a) By dividing all a
i
s by their greatest common divisor, we may assume that
they are relatively prime. Assume that there are nitely many primes p
1
, p
2
, ..., p
N
such
that all prime factors of a
k
1
+ a
k
2
+ ... + a
k
n
(where k varies over the positive integers)
are among p
1
, p
2
, ..., p
N
.
Assume that among a
1
, a
2
, ..., a
n
there are b
i
numbers not divisible by p
i
. Since
a
1
, a
2
, ..., a
n
are relatively prime, we have b
i
1. Consider
k = 2
N
i=1
_
p
1+v
p
i
(b
i
)
i
_
and note that by Eulers theorem (and the fact that k > 1 + v
p
(b
i
), so that p
1+v
p
i
(b
i
)
i
divides a
k
j
whenever p
i
divides a
j
) we have
a
k
1
+a
k
2
+... +a
k
n
b
i
(mod p
v
p
(b
i
)+1
i
).
This clearly implies that
v
p
i
(a
k
1
+a
k
2
+... +a
k
n
) = v
p
i
(b
i
)
for all i. Since all prime factors of a
k
1
+a
k
2
+... +a
k
n
are among p
1
, p
2
, ..., p
N
, we deduce
that
a
k
1
+a
k
2
+... +a
k
n
= p
v
p
1
(b
1
)
1
p
v
p
2
(b
2
)
2
...p
v
p
N
(b
N
)
N
.
Now, at least one of the a
i
s is greater than 1, thus
a
k
1
+a
k
2
+... +a
k
n
2
k
> k >
N
i=1
p
v
p
(b
i
)
i
.
The two relations are clearly contradictory and the problem is solved.
b) Assuming the contrary, let p
1
, p
2
, ..., p
N
be such that all prime factors of 2
2
n
+a are
among p
1
, p
2
, ..., p
N
for all n. Pick a large number r such that 2
r
> a
2
N+1
+ a and n
0
such that 2
2
n
0
+a > (p
1
p
2
...p
N
)
r
. Then for all n n
0
we have
(p
1
p
2
...p
N
)
r
< 2
2
n
+a =
N
i=1
p
v
p
i
(2
2
n
+a)
i
,
so that we can nd 1 i N with v
p
i
(2
2
n
+ a) > r. Now, of course this p
i
depends
on the choice of n, but if we consider n = n
0
+ 1, n
0
+ 2, ..., n
0
+ N + 1, among the
indices i associated to each of these numbers there will two identical ones. Thus we
can write p
r
i
[2
2
n
+ a and p
r
i
[2
2
n+m
+ a for some n n
0
, some 1 m N + 1 and
some 1 i N. But then 2
2
n
a (mod p
r
i
), so that 2
2
m+n
a
2
m
(mod p
r
i
) and so
p
r
i
[a
2
m
+a. In particular,
a
2
N+1
+a a
2
m
+a p
r
i
2
r
,
contradicting the choice of r. The conclusion follows.
45. (USA TST 2009) Let p > 5, a, b, c Z with p (a b)(b c)(c a) and i, j, k 0 with
(p 1) [ i +j +k. If p divides (x a)(x b)(x c)[(x a)
i
(x b)
j
(x c)
k
1] for all
x Z, then p 1 divides i, j and k.
98
Proof. First, note that we may assume that 0 i, j, k < p 1, as we can replace i, j, k
with their remainders mod p 1, without aecting the hypothesis or the conclusion
(use Fermats little theorem). We want to prove that i = j = k = 0, so assume the
contrary. By hypothesis, i +j +k = p 1 or 2(p 1). In the second case, replace each
x i, j, k with p 1 x. As this does not change the hypothesis or the conclusion,
we can assume from now on that i +j +k = p 1. Finally, we can clearly assume that
i is the largest among i, j, k.
Multiplying the congruence
(x a)(x b)(x c)[(x a)
i
(x b)
j
(x c)
k
1] 0 (mod p)
by (x a)
j+k
and using Fermats little theorem, we deduce that
f(x) = (x a)(x b)(x c)[(x b)
j
(x c)
k
(x a)
j+k
] 0 (mod p).
for all integers x. On the other hand, f has degree at most
3 +j +k 1 2 +
2(p 1)
3
< p
(for p 5) and at least p dierent roots mod p. Thus f vanishes in F
p
[X] and we
deduce the equality
(X b)
j
(X c)
k
= (X a)
j+k
in F
p
[X]. Note that j +k ,= 0, as i < p1 and i +j +k = p1. Thus (Xb)
j
(Xc)
k
vanishes at b or c. But this is impossible, as by hypothesis (X a)
j+k
does not vanish
at either b or c.
46. Let p be a prime and let a

1
, a
2
, ..., a
2p1
be elements of Z/pZ. Prove that the number of
subsets I of 1, 2, ..., 2p1 with p elements such that

iI
a
i
= b in Z/pZ is congruent
to 0 or 1 modulo p, for all b Z/pZ.
Proof. We will use Chevalley-Warnings theorem for the polynomials
f
1
(X) = X
p1
1
+... +X
p1
2p1
, f
2
(X) = a
1
X
p1
1
+... +a
2p1
X
p1
2p1
b.
Note that they satisfy the conditions of the cited theorem, thus the number of n-
tuples (x
1
, ..., x
2p1
) (Z/pZ)
2p1
such that f
1
(x) = f
2
(x) = 0 is a multiple of p.
Let N be this number and consider such x. If I = i[x
i
,= 0, then the condition
x
p1
1
+ ... + x
p1
2p1
= 0 is equivalent to the fact that [I[ is a multiple of p (as x
p1
i
= 1
for i I and 0 otherwise). Since [I[ 2p 1, this is also equivalent to [I[ = 0 or
[I[ = p. Similarly, the condition f
2
(x) = 0 is equivalent to

iI
a
i
= b. Note that we
can have [I[ = 0 if and only if b = 0, in which case there is a unique such x, namely
x = (0, 0, ..., 0). Moreover, for a given I with p elements such that

iI
a
i
= b, there
are precisely (p 1)
p
x such that f
1
(x) = f
2
(x) = 0 and such that I = i[x
i
,= 0.
Indeed, all x
i
with i / I have to be zero and all x
i
with i I are arbitrary elements
of Z/pZ 0. Since N is also the sum over all such I of (p 1)
p
(eventually adding
1 if b = 0) and since (p 1)
p
= 1 (mod p), the conclusion immediately follows from
N = 0 (mod p).
99
47. (IMO 1993) Let n > 1 and let L
0
, L
1
, ..., L
n1
be lamps in a circle, each one being on
or o. We dene L
k
= L
k (mod n)
for all integers k. At step S
j
we change the state of
L
j
and do not touch the other lamps, according to the rules:
1) if L
j1
is on, change the state of L
j
(so if L
j
was on, now its o, and so on...).
2) if not, do not change the state of L
j
.
Knowing that initially all lamps were on, show that there is M(n) > 0 such that after
M(n) steps all lamps are again on. Also, if n = 2
k
then all lamps are on after n
2
1
steps and if n = 2
k
+ 1 then they are on after n
2
n + 1 steps.
Proof. Well work in Z/2Z. Let f(i) = 1 denote the initial state of lamp L
i
for
0 i n 1, and f(i +kn) denote the state of lamp L
i
after it is modied k times.
Then S
j
, for j 0, gives us f(j +n) = f(j +n 1) +f(j) and thus
G(x) =
1
1 x x
n
=

r0
f(r)x
r
.
(We are working in Z
2
[x].)
(i) Considering n-tuples (f(t +1), f(t +2), . . . , f(t +n)), the periodicity is clear by the
fact that at most 2
n
such n-tuples can exist and a xed n-tuple uniquely determines
the entire sequence (f(x) = f(x 1) +f(x n) and f(x n) = f(x) f(x 1)).
(ii) If n = 2
k
, then its equivalent to show that
x
n
2
1
1
1 x x
n
= (x
n
2
1
1)G(x) = P(x)
for some polynomial P Z
2
[x]. But
x
n
2
+x = (x
n
)
n
+x (x + 1)
2
k
+x x
2
k
+ 1 +x 0 (mod x
n
+x + 1),
as desired (note that gcd(x, x
n
+x + 1) = 1).
(iii) If n = 2
k
+ 1, then its equivalent to show that
x
n
2
n+1
1
1 x x
n
= P(x)
for some polynomial P Z
2
[x]. But
x
n
2
n+1
+1 = (x
n
)
n1
x +1 (x +1)
2
k
x +1 (x
2
k
+1)x +1 0 (mod x
n
+x +1),
as desired.
48. (IMO Shortlist) Let a

0
= 2, a
n
= 2a
2
n1
1. If p > 2 and p [ a
n
, then 2
n+3
[ p
2
1.
100
Proof. The rst step is to use the identity
x
2
+x
2
2
= 2
_
x +x
1
2
_
2
1
to obtain a closed form for the sequence (a
n
)
n
. Setting a
n
=
x
n
+x
1
n
2
for a sequence
x
n
> 1 (which exists, as trivially a
n
> 1) yields the recursive formula x
n+1
= x
2
n
. Thus
x
n
= x
2
n
0
and we conclude (after easy work left to the reader) that
a
n
=
(2 +
3)
2
n
+ (2
3)
2
n
2
.
Let now p > 2 be a prime factor of a
n
. Pick some in an algebraic closure of the eld
with p elements such that
2
= 3. Note that is actually an element of F
p
2, the eld
with p
2
elements. We can dene a map f : Z[
3] F
p
2 by f(a+b
3) = a+
b, where
a = a (mod p) (seen as an element of F
p
2). Since
2
= 3, it is immediate to check
that this is a ring homomorphism. Trivially, f vanishes on pZ. Let x = f(2 +

3)
and y = f(2
3). Thus x, y F
p
2 and they are nonzero, since xy = f(1) = 1.
Moreover, since p[a
n
, we have x
2
n
+ y
2
n
= 0. Combined with xy = 1, this implies
that x
2
n+1
= 1. Thus, seen as element of the group F
p
2
, x has order 2
n+2
. Applying
Lagranges theorem, it follows that 2
n+2
divides the order of the group F
p
2
, which has
p
2
1 elements. Unfortunately, this is not enough, but we are close.
If x F
p
, everything is easy, since then Lagranges theorem for this subgroup yields
2
n+2
[p 1 and so trivially 2
n+3
[p
2
1. So, assume that x is not in F
p
. Then x, y are
roots of the irreducible polynomial X
2
4X+1 F
p
[X], so that we must have x
p
= y.
Indeed, since x
2
4x+1 = 0, we also have (by raising the previous equality to the p-th
power and by using the formula (x + y)
p
= x
p
+ y
p
, valid in elds of characteristic p)
x
2p
4x
p
+1 = 0, so that x
p
is also a root of X
2
4X+1, which cannot be x (because
otherwise x
p
= x and x F
p
). Thus x
p
= y and so x
p+1
= 1. But then 2
n+2
, which is
the order of x, must divide p + 1 and we are done again.
49. (IMO Shortlist) Find the largest number of elements of a set A of positive integers
such that
1)[p [ p [ a for some a A[ = p 1
2)B A, B ,=
p
_
xB
x , Z.
Proof. Let our primes be q
1
, q
2
, . . . , q
p1
. By considering the exponents of each prime,
our problem trivially reduces to nding the largest number of (not necessarily distinct)
p 1-tuples of elements in Z/pZ such that the sum of any set of elements in the set of
them is not (0, 0, . . . , 0) mod p.
I claim that k = (p 1)
2
. (p 1)
2
is clearly attainable, as the set
(1, 0, 0, . . . , 0)
. .
p1 times
, (, 1, 0, . . . , 0)
. .
p1 times
, . . . , (0, 0, 0, . . . , 1)
. .
p1 times
101
clearly works.
We will now show that with (p 1)
2
+ 1 tuples, we can nd a non-empty set of
them that sum to 0. Let the elements of our set be T
1
= (e
1,1
, e
2,1
, . . . , e
p1,1
), T
2
=
(e
1,2
, e
2,2
, . . . , e
p1,2
), . . . , T
(p1)
2
+1
= (e
(p1)
2
+1,1
, e
(p1)
2
+1,2
, . . . , e
(p1)
2
+1,p1
).
Consider the following system of equations in the (p1)
2
+1 variables a
1
, a
2
, . . . , a
(p1)
2
+1
:
a
p1
1
e
1,1
+a
p1
2
e
2,1
+ +a
p1
p1
e
p1,1
0 (mod p)
a
p1
1
e
1,2
+a
p1
2
e
2,2
+ +a
p1
p1
e
p1,2
0 (mod p)
...
a
p1
1
e
1,(p1)
2
+1
+a
p1
2
e
2,(p1)
2
+1
+ +a
p1
p1
e
p1,(p1)
2
+1
0 (mod p).
The sum of the degrees of this equation is (p 1)
2
< (p 1)
2
+ 1. This clearly has
the solution (a
1
, a
2
, . . . , a
p1
) = (0, 0, , 0). Therefore, we may apply Chevalleys
theorem to nd a solution (a
1
, a
2
, . . . , a
p1
) in which not each entry of the tuple is 0.
Let a
b
1
, a
b
2
, . . . , a
b
n
be the nonzero entries. Note that a
p1
i
0 (mod p) i i ,= b
j
for
any j, and it is 1 i i = b
j
for some j. Therefore, we have that
e
b
1
,1
+e
b
2
,1
+ +e
b
n
,1
0 (mod p)
e
b
1
,2
+e
b
2
,2
+ +e
b
n
,1
0 (mod p)
e
b
1
,(p1)
2
+1
+e
b
2
,(p1)
2
+1
+ +e
b
n
,(p1)
2
+1
0 (mod p).
It follows that the sum of the T
b
1
, T
b
2
, . . . , T
b
n
is (0, 0, . . . , 0) mod p, so our proof is
complete.
50. (Bulgaria 1998) Suppose that m, n > 0 and

(m+3)
n
+1
3m
is an integer. Show that this
integer is odd.
Proof. This problem is rather tricky. Assume that A is even, so that 6m divides
(m + 3)
n
+ 1. First, observe that m is even (otherwise (m + 3)
n
+ 1 is odd). But
then 4 divides 6m, so it divides (m + 3)
n
+ 1, forcing m = 0 (mod 4). Repeating the
argument, we have 8[6m[(m + 3)
n
+ 1. If 8 divides m, we would have 8[3
n
+ 1, which
is not possible for any n. Thus m = 4 (mod 8) and since 8 divides (m + 3)
n
+ 1, it
follows that n is odd. For m = 4 we can easily check everything by hand, so assume
that m > 4. Then there exists a prime p > 2 dividing m (as we proved that m = 4
(mod 8)). Then p divides 3
n
+1, thus 3 is a quadratic residue mod p (since n is odd).
Using the quadratic reciprocity law, this implies that p is a quadratic residue mod 3
and so p = 1 (mod 3). Since this happens for any p > 2 dividing m, it follows that we
can write m = 4k with k = 1 (mod 3) and k odd. But then m = 1 (mod 3), which
makes impossible the divisibility 3[(m+ 3)
n
+ 1. The conclusion follows.
51. (Selfridge) Let a and b be positive integers such that a > 1 and a b (mod 2). Prove
that 2
a
1 is not a divisor of 3
b
1.
102
Proof. Assume it is. Both a, b must be odd (otherwise 3[2
a
1). If p is a prime divisor
of 2
a
1, then both 2 and 3 must be quadratic residues modulo p, so p = 24k 1
whence 2
a
1 = 24k 1, which is never the case for a > 1.
52. (Taiwan 2000) Show that if m, n > 1 and (5
m
1) = 5
n
1, then gcd(m, n) > 1.
Proof. Assume that gcd(m, n) = 1. Then gcd(5
m
1, 5
n
1) = 4. Note that we cannot
nd an odd prime p such that p
2
divides 5
m
1. Indeed, if this happened we would
get p[(5
m
1) , so that p[5
n
1 and p[5
m
1. But then p = 2, a contradiction. Thus
we can write
5
m
1 = 2
a
p
1
...p
k
, 5
n
1 = 2
a1
(p
1
1)...(p
k
1)
for some a 2 and some distinct odd primes p
1
, ..., p
k
. Note that k 1, since otherwise
5
m
1 = 2
a
, 5
n
1 = 2
a1
and so a 1 = 2, which doesnt yield any solution. Thus,
v
2
(5
n
1) a and v
2
(5
m
1) = a. We deduce that a 2, as gcd(5
m
1, 5
n
1) = 4.
As a 2, it follows that a = 2. But then 8 does not divide 5
m
1, forcing m to be
odd. Combined with the fact that p
i
divides 5
m
1, this implies that 5 is a quadratic
residue mod p
i
and using the quadratic reciprocity law this implies that p
i
is a quadratic
residue mod 5. But then p
i
= 1 or p
i
= 1 modulo 5. Since p
i
1 divides 5
n
1, we
cannot have p
i
= 1 (mod 5), thus all p
i
are congruent to 1 modulo 5. But then the
equation 5
n
1 = 2(p
1
1)...(p
k
1) implies that 1 = 2(2)
k
(mod 5), while the
equation 5
m
1 = 4p
1
...p
k
gives 1 = (1)
k+1
(mod 5). It is immediate to see that
we cannot simultaneously have these two equations, nishing the solution.
53. Let a, b, c be positive integers such that b

2
4ac is not a perfect square. Prove that
for any n > 1 there are n consecutive positive integers, none of which can be written
in the form (ax
2
+bxy +cy
2
)
z
for some integers x, y, z with z > 0.
Proof. Let N be given. We will prove the existence of a number n such that no number
among n +1, ..., n +N can be written in the desired form. Since = b
2
4ac is not a
perfect square, for innitely many primes p we have
_
p
_
= 1. Choose such distinct
primes p
1
, ..., p
N
, large enough such that p
i
> 2[a[ +1 and take innitely many n such
that n + i = p
i
(mod p
2
i
) for 1 i N. This is possible, by the chinese remainder
theorem. We claim that such n works.
Indeed, assume that n+i = (ax
2
+bxy+cy
2
)
z
for some 1 i N and sime x, y, z with
z > 0. Then p
i
divides ax
2
+bxy +cy
2
, so it also divides (2ax+by)
2
y
2
. Since is
not a perfect square mod p
i
, we must have p
i
[2ax +by and p
i
[y. But then p
i
[2ax and
since p
i
> 2[a[, we deduce that p
i
divides x and y. Thus p
2
i
divides (ax
2
+bxy +cy
2
)
z
.
But this is impossible, since by construction p
2
i
does not divide p
i
.
54. Let f Z[X] of degree 2 such that for all primes p, f has at least one root in F
p
. Then
f has rational roots.
103
Proof. Work in F
p
[X], then the existence of a root in F
p
implies that b
2
4ac is a
perfect square in F
p
, where f(X) = aX
2
+ bX + c. We saw that this implies that
b
2
4ac is a perfect square in Z and the conclusion follows.
55. (Mathlins Contest) Let a
1
, a
2
, ..., a
2009
be nonnegative integers such that a
n
1
+a
n
2
+... +
a
n
2009
is always a perfect square. Find the smallest k such that there are always at least
k numbers equal to 0 among them.
Proof. Suppose that a
1
, a
2
, ..., a
s
are precisely the nonzero numbers. Choose n = p1,
where p > a
1
...a
s
+ 1 is a prime. You get that for suciently large p, s is a square
mod p. We saw in class that this implies that s is a perfect square. So the answer is
2009 s where s is the largest such that s
2
2009 (you achieve such an s by taking
all a
i
= 1 if i s and all the others equal to 0).
56. (classical) (Xa
1
)...(Xa
n
) 1, respectively (Xa
1
)
2
...(Xa
n
)
2
+1 if a
1
, a
2
, ..., a
n
are pairwise distinct integers.
Proof. Suppose that f = (Xa
1
)...(Xa
n
)1. Assume f = gh for some nonconstant
g, h Z[X]. Then we have g(a
i
)h(a
i
) = 1 for each 1 i n. Now take polynomial
F = g+h and note that F vanishes for each a
i
and as deg F max(deg g, deg h) n1
we have that F 0. So f = F
2
but polynomial with positive leading coecient
cannot take only non-positive values so we have a contradiction. Next, suppose that
f = (X a
1
)
2
...(X a
n
)
2
+ 1. As usual write f = gh for some g, h Z[X]. We
have 1 = f(a
i
) = g(a
i
)h(a
i
) for each 1 i n. If there were a, b Z such that
g(a) < 0 < g(b), then by continuity g would have a real root, but this is impossible
as f does not have one. So we either have g(a
i
) = h(a
i
) = 1 or g(a
i
) = h(a
i
) = 1
for each i. If any of g, h has degree less then n, it must be constant. So assume
deg g = deg h = n. As f is monic we may WLOG assume that g, h are also monic so
they must be of the form
(x a
1
)(x a
2
) . . . (x a
n
) 1
and we can nish the proof by equating coecients.
57. (Romania TST 2006) For p > 3 nd the number of polynomials X
p
+ pX
k
+ pX
l
+ 1
with 1 l < k < p that are irreducible in Z[X].
Proof. Write f = gh and work mod p (with usual notation). We have

f = X
p
+ 1 =
(X + 1)
p
so
h = (X + 1)
k
, g = (X + 1)
pk
for some 0 k p.
The cases k = 0 and k = p are done as usual and in the others we have (again by
usual argument) p [ g(1) and p [ h(1) so p
2
[ g(1)h(1) = f(1). Looking at
f(1) mod p
2
tells us that the polynomial is reducible i 1 is a root. This happens
i exactly one of k, l is odd.
104
58. (China TST 2009) Let f Z[X] with deg f = n, all coecients are 1 and (X1)
2
k
[f.
Prove that n 2
k+1
1.
Proof. Let us work in F
2
[X], so f = X
n
+X
n1
+ +X + 1. We have the following
equality in F
2
[X]
(X 1)
2
k
= X
2
k
+ (1)
2
k
= X
2
k
+ 1.
So there is g F
2
[X] such that
X
n
+X
n1
+ +X + 1 = (X
2
k
+ 1)g.
It suces to show that deg g 2
k
1. But if we assume the opposite and expand
(X
2
k
+ 1)(aX
2
k
2
+bX
2
k
3
+ ) = X
n
+X
n1
+ + 1,
the coecient of X
2
k
1
is 0 on the LHS, but 1 on the RHS.
59. If p 3 (mod 4) is a prime, prove that (X
2
+ 1)
n
+ p is irreducible in Z[X] for all
n 1.
Proof. Assume that we found a nontrivial factorization
f(X) = (X
2
+ 1)
n
+p = g(X)h(X)
for some monic, nonconstant polynomials g, h Z[X] (we may assume that they are
monic since f is monic). Working in F
p
[X], we obtain the equality
(X
2
+ 1)
n
=

f = g
h.
The crucial point is that X
2
+1 is irreducible in F
p
[X]. Indeed, it suces to show that
it has no root in F
p
and this is clear, since p = 1 (mod 4).
The previous paragraph shows that there exists 0 k n such that g = (X
2
+ 1)
k
and

h = (X
2
+ 1)
nk
. If k = 0 or k = n, then deg(
h) 2n and deg( g) 2n
respectively, contradicting the fact that deg(g) < 2n and deg(h) < 2n. Thus we must
have 1 k n 1. But then one can nd polynomials g
1
, h
1
Z[X] such that
g = pg
1
+ (X
2
+ 1)
k
, h = ph
1
+ (X
2
+ 1)
nk
.
Taking X = i C, we deduce that
p = f(i) = g(i)h(i) = p
2
g
1
h
1
(i),
which is certainly impossible, because g
1
h
1
(i) is of the form a + bi for some integers
a, b.
60. (IMO 1993) Prove that X

n
+ 5X
n1
+ 3 is irreducible over the rational numbers for
all n > 1.
105
Proof. Lets work in F
3
[X] (if we work mod 5 we are in big trouble: do you see why?).
Then f = X
n
X
n1
= X
n1
(X 1). If f = gh with g, h Z[X] (as we may assume
by Gauss lemma), we may assume that g, h are monic and so f = gn implies the
existence of i for which g = (X 1)X
i
, n = X
n1i
in F
3
[X]. If 1 i n 2, then
g(0) = 0, h(0) = 0, so 9[f(0) = 3, impossible. If i = 0, then deg h n1 deg g 1.
If i = n1, g = (X1)X
n1
and so deg h 0 contradiction. If deg g = 1, there g has
an integer root r. Its trivial to see that this is not the case.
61. (St. Petersburg 2003) Let n p, a
1
, , a
n
Z and dene f
0
= 1, f
k
=the number
of k-element subsets of a
1
, , a
n
that sum to a multiple of p. Prove that p[f
0
f
1
+
f
2
+ (1)
n
f
n
.
Proof. Adding to all of the a
i
s a suitable large multiple of p (which does not aect the
hypothesis or the conclusion), we may assume that the a
i
s are positive. The point is
to consider the polynomial f(X) =

n
i=1
(1 X
a
i
) and its expansion
(1 X
a
1
)(1 X
a
2
) (1 X
a
n
) = 1
X
a
i
+

i<j
X
a
i
+a
j
+
(1)
n
X
a
1
++a
n
=
n
k=0
(1)
k

BA
|B|=k
X
s(B)
.
Since X
N
X
M
(mod X
p
1) if N M (mod p), working in F
p
[X] modulo X
p
1,
we have that the remainder of f divided by X
p
1 is
f(X) =
n
k=0
(1)
k

BA
|B|=k
X
s(B)
(mod p).
The point is that this remainder is zero. Indeed, note that n p and the fact that
1 X divides 1 X
a
i
immediately implies that 1 X
p
= (1 X)
p
divides f(X).
Finally, note that f
0
f
1
+f
2
+(1)
n
f
n
is the constant term of f(X) and so has
to be zero.
62. (China TST) Find for which a is f(X) = X

n
+aX
n1
+pq (n 2) reducible over the
rationals.
Proof. First note that if p [ a then f is irreducible by Eisenstein. Now assume (a, p) = 1
and f = gh. Let

f = f (mod p) and similarly take g and

h. So we have

f = g
h and
f = x
n1
(x+ a). Remember that for polynomials over F
p
we have unique factorization
so we may write
g = (x + a)x
i

h = x
n1i
where 0 i n 1.
Now we consider three cases. If i = 0 we have deg h deg
h = n1 so in the interesting
case where g is nonconstant f has a linear factor i.e. a root. We check some cases and
106
nd that this root can only be 1 and we nd suitable values of a. In case i = n 1
we have similarly deg g deg g = n so h is constant.
The most interesting case is 0 < i < n 1. But then we have 0 g(0) (mod p) and
0 h(0) (mod p). Or in other words p [ g(0) and p [ h(0), but this would imply
p
2
[ g(0)h(0) = f(0) = pq which is of course impossible.
63. (Romania TST 2010) Let p be a prime number, n

1
> n
2
> n
p
be positive integers
and d = gcd(n
1
, n
2
, . . . , n
p
). Prove that the polynomial:
P(X) =
X
n
1
+X
n
2
+ +X
n
p
p
X
d
1
Proof. The key point is that the roots of this polynomial are outside the unit circle.
It is clear that if z is a root, then [z[ 1 (use the triangular inequality to get [z[
n
1
+
... + [z
p
[
n
p
p). If [z[ = 1, we must have equality in the triangular inequality, which
easily forces zn
j
= 1 for all j and then z
d
= 1. But its easy to see that no root of our
polynomial satises z
d
= 1. Thus for any root z of our polynomial we have [z[ > 1.
The irreducibility follows in the usual way, by looking at the constant term of a possible
divisor and using Vietes formulae.
64. (Balkan 1989) Let p = a

0
+a
1
10 +... +a
n
10
n
be the decimal expansion of a prime
and suppose that a
n
> 1. Show that a
0
+a
1
X +... +a
n
X
n
Proof. The dicult point is to prove that [z10[ > 1 if z is a root of f = a
0
+...+a
n
X
n
.
If we manage to prove this and if f = gh, then f(10) = g(10)h(10). But using the fact
that all roots of g and h are roots of f and the previous property of the roots of f,
we deduce that [g(10)[ > 1 and [h(10)[ > 1, contradicting the fact that f(10) is prime.
Now, to prove the rst thing, suppose that f(z) = 0 and [z 10[ 1. So [z[ 9, thus
[a
n2
z
n2
+ +a
1
z +a
0
[ 9
[z[
n1
1
[z[ 1

9
8
([z[
n1
1) <
9
8
[z[
n1
[z[
n
We also have
Re(1 +
a
n1
a
n
1
z
) = 1 +
a
n1
a
n
Re(z)
[z[
2
1
because
Re(z) = 10 + Re(z 10) 10 [z 10[ 9,
so that
[a
n
z
n
+a
n1
z
n1
[ = a
n
[z[
n
1 +
a
n1
a
n
1
z
a
n
[z[
n
Re(1 +
a
n1
a
n
1
z
) a
n
[z[
n
Putting together both inequalities above yields
[f(z)[ [a
n
z
n
+a
n1
z
n1
[ [a
n2
z
n2
+ +a
1
z +a
0
[ > a
n
[z[
n
[z[
n
0
107
65. Often, studying the roots of a polynomial is very helpful in order to prove its irre-
ducibility. Prove the following irreducibility criteria:
a) (Ostrowski) Let f(x) = a
n
X
n
+a
n1
X
n1
+ +a
0
Z[X] be such that
[a
0
[ > [a
1
[ +[a
2
[ + +[a
n
[
and [a
0
[ is a prime. Then f is irreducible in Z[X].
b) (hard, Perrons criterion) Let a
i
be integers such that gcd(a
0
, a
1
, ..., a
n
) = 1, a
0
,= 0
and [a
n1
[ > 1+[a
n2
[ + +[a
0
[. Then f(x) = X
n
+a
n1
X
n1
+a
0
is irreducible
in Z[X].
Proof. The proof of b) is rather technical an will not be given here. Lets prove a).
Note rst of all that the gcd of the coecients of f is 1, since it divides a
0
and [a
0
[ is
large. Next, suppose that f = gh, with g, h Z[X] nonconstant polynomials. Plugging
x = 0 we get a
0
= f(0) = g(0)h(0), but [a
0
[ is a prime so we may WLOG assume that
[h(0)[ = 1. But if we denote h
n
the leading coecient of h then
roots of h
x
i
h(0)
h
n
=
1
[h
n
[
1.
So there exists C, [[ 1 a root of h. Then it is also a root of f and we may use
the triangular inequality
[a
0
[ = [a
n
n
+ +a
1
[ [a
n
n
[ + +[a
1
[ [a
n
[ + +[a
1
[.
and we have contradiction.
66. Let p be a prime and k a positive integer not divisible by p. Prove that x
p
x k is
irreducible over the rationals.
Proof. Let a be the remainder of k mod p, seen as element of F
p
. Then

f = X
p
X+a.
Let x be a root of

f in some algebraic closure of

F
p
and observe that x + i is a root
of

f for any i 0, 1, ..., p 1. Since these roots are dierent, it follows that we can
factor
f(X) = (X x)(X x 1)...(X x p + 1)
in

F
p
[X]. Now, suppose that we have a nontrivial factorization f = gh in Z[X], with
g, h nonconstant and monic. Then

f = g
h. Since g divides

f, it follows that there
exists a nonempty subset A of F
p
such that
g(X) =

iA
(X x i).
Of course, A is not F
p
, because deg(g) < p. Since g has coecients in F
p
, it follows
that

iA
(x +i) F
p
,
108
which implies that [A[x F
p
. Since [A[ , = 0 (mod p), this implies that x F
p
. But
this is clearly impossible, since we would have x
p
= x and so a = 0, which is excluded
by the hypothesis.
67. (generalization of USA TST 2008) Suppose that n is a positive integer. Consider
all sequences (x
1
, x
2
, ..., x
n
) with x
i
Z/nZ. For how many of these can we nd a
polynomial f with integer coecients such that f(i) (mod n) = x
i
for all i?
Proof. Let A
n
be the additive group of those sequences (x
1
, x
2
, ..., x
n
) (Z/nZ)
n
associated to integer polynomials, as in the problem. We will show that the map
(a
0
, a
1
, ..., a
n1
) = (f(1), f(2), ..., f(n)),
where
f(X) = a
0
+
n1
i=1
a
i
i
j=1
(X j),
is an isomorphism of abelian groups :

n1
k=0
_
Z
_
n
gcd(n,k!)
Z
_
A
n
. First, note that
is well-dened: indeed, since a product of d consecutive integers is a multiple of d!, it
is clear that the sequence (f(i))
1in
does not depend on the choice of representatives
a
i
for a
i
.
Let us prove that is surjective. Repeated division algorithm shows that any polyno-
mial with integer coecients of degree at most d can be written in the form
f(X) = a
0
+
d
i=1
i
j=1
(X j)
for some integers a
i
. We may restrict to d < n since all a
k
with k n do not matter
when considering f(i) (mod n). This yields the surjectivity.
It is clear that is a group homomorphism. It remains to prove that is injective,
so suppose f satises f(i) 0 (mod n) for 1 i ,= n. We want to show that a
k
is
a multiple of
n
gcd(n,k!)
for 0 k < n. Assuming the contrary, there is some least k
for which this does not hold. Then we may assume a
j
= 0 for j < k (since replacing
them by 0 does not change the values of f mod n). But then plugging in X = k + 1
gives f(k + 1) = k!a
k
0 (mod n). and a
k
is a multiple of
n
gcd(n,k!)
, contrary to our
assumption.
Thus the number of polynomial sequences (x
1
, . . . , x
n
) is
N =
n1
k=0
n
gcd(n, k!)
.
68. (AMM) Let p be an odd prime. Prove that the 2

p1
2
numbers 1 2
p1
2
represent each nonzero residue class mod p the same number of times. Compute this
number.
109
Proof. Let z be a primitive root of order p of the unity, say z = e
2i
p
and write
S =

i
{1,1}
z
1
+2
2
+...+
p1
2

p1
2
= a
0
+a
1
z +... +a
p1
z
p1
for some integers a
i
. Since z
x
only depends on x (mod p), it is clear that a
i
is exactly
the number of ways residue x is represented by the numbers 1 2
p1
2
. Thus,
the problem asks us to prove that a
1
= a
2
= ... = a
p1
and to nd this common value.
The point is that S has a nice closed expression, since it obviously factors as
S =
p1
2
j=1
_
z
j
+
1
z
j
_
.
Note that
p1
j=1
(z
j
+z
j
) = S
p1
j=
p+1
2
(z
j
+z
j
) = S
p1
2
j=1
(z
pj
+z
jp
) = S
2
.
On the other hand we can easily compute
p1
j=1
(z
j
+z
j
) =
1
z
p(p1)
2
p1
j=1
(1 +z
2j
) =
p1
j=1
(1 +z
j
) = 1,
where we used the fact that x 2x is a bijection of the nonzero remainders modulo p
(as p is odd) and that

p1
j=1
(1 +z
j
) = 1, which is immediate from
p1
j=1
(X z
j
) =
X
p
1
X 1
by taking X = 1.
The previous computation shows that S
2
= 1, so that S = 1 is denitely an integer.
But then then relation
a
0
S +a
1
z +... +a
p1
z
p1
= 0
implies that a
0
S = a
1
= ... = a
p1
. In particular, a
1
= ... = a
p1
and the rst part
of problem is solved.
On the other hand, we clearly have
a
0
+a
1
+... +a
p1
= 2
p1
2
,
which combined with a
0
S = a
1
= ... = a
p1
and with S = 1 shows that
S 2
p1
2
(mod p) (1)
p
2
1
8
(mod p),
so that S = (1)
p
2
1
8
. We used here a standard result in quadratic residues, saying
that Legendres symbol
_
2
p
_
= (1)
p
2
1
8
.
110
69. (China TST 2007) Let n > 2 be an integer. Prove that n is a prime if and only if
the following property holds: any equiangular n-gon with rational sides is regular. An
equiangular polygon is by denition a convex polygon all of whose angles are equal.
Proof. Embed the polygon on the complex plane so that one of the sides is parallel to
the real axis. So we know that, if
i
for 0 i n 1 are the roots of unity, and q
i
for
0 i n1 are the lengths of the sides associated with
i
. We know that

n1
i=0

i
q
i
= 0
(this is because the polygon is closed: make sure you see why!). But we know the
minimal polynomial for
i
, if n is prime, so we know that all the q
i
are equal: otherwise,
we could use the division algorithm on the polynomial q
0
+q
1
x +q
2
x
2
+... +q
n1
x
n1
and x
n1
+ .... + 1 and get a polynomial of lesser degree, violating the minimality of
x
n1
+ x
n2
+ . . . + 1. Thus when p is prime, the equiangular polygon with rational
sides must be regular. For n not a prime, let prime q divide n. We consider a regular
polygon of side n, with side length 1, and then make every n
th
side of side length 2.
70. (MOSP) Let p be an odd prime. Find the number of 6-tuples (a, b, c, d, e, f) of integers
between 0 and p 1 such that
a
2
+b
2
+c
2
d
2
+e
2
+f
2
(mod p).
Proof. Let z be a primitive root of order p of unity. Since

p1
k=0
z
kx
= 0 if x is not a
multiple of p and equals p otherwise, the desired number of 6-tuples is
S =
1
p
a,b,c,d,e,fZ/pZ
p1
k=0
z
k(a
2
+b
2
+c
2
d
2
e
2
f
2
)
.
Note that
S =
1
p
p1
k=0
a,b,c,d,e,fZ/pZ
z
k(a
2
+b
2
+c
2
d
2
e
2
f
2
)
=
1
p
p1
k=0
_
_

aZ/pZ
z
ka
2
_
_
3
_
_

dZ/pZ
z
kd
2
_
_
3
.
In the previous sum, there is one obvious term: the one for k = 0, which gives us p
6
.
Also, for each 1 k p 1 we have, by basic properties of Gauss sums
_
_

aZ/pZ
z
ka
2
_
_
_
_

dZ/pZ
z
kd
2
_
_
= p.
Combining the previous paragraphs yields the answer to the problem, namely p
5
+(p
1)p
2
.
71. (Bulgaria TST 2006) Let p > 2 be a prime. How many subsets of 1, 2, ..., p 1 have
the sum of their elements divisible by p?
111
Proof. Let z be a primitive root of order p of unity and consider the sum
S =

A{1,2,...p1}
z
m(A)
,
where m(A) =

aA
a. If x
j
is the number of subsets A 1, 2, ..., p 1 such that
m(A) j (mod p), then clearly
S = x
0
+x
1
z +x
2
z
2
+... +x
p1
z
p1
.
On the other hand, we can explicitly compute S, since
S =
p1
i=1
(1 +z
i
) =

(1 +),
the product being taken over all roots of the polynomial
X
p
1
X1
= 1 +X +... +X
p1
.
We deduce that
(1 +) =
(1)
p
1
1 1
= 1.
So x
0
1 +x
1
z +... +x
p1
z
p1
= 0, which implies that x
0
1 = x
1
= ... = x
p1
= k
for some k. Since x
0
+x
1
+... +x
p1
is simply the number of subsets of 1, 2, ..., p1,
that is 2
p1
, we deduce that kp + 1 = 2
p1
and so k =
2
p1
1
p
. Since x
0
= 1 + k,
the problem is solved. Note that we included the empty set when counting x
0
(by
convention the sum of the elements of the empty set is zero).
72. (China TST) Prove the existence of a number c > 0 with the following property: for
any prime p, there are at most cp
2/3
positive integers n such that p divides n! + 1.
Proof. Of course, if p[n! + 1, then n p 1. Let p > 2 and let 1 < n
1
< n
2
<
... < n
m
 1
(otherwise everything is clear). The congruences n
i
! 1 (mod p) and n
i+1
! 1
(mod p) imply that
(n
i
+ 1)(n
i
+ 2) (n
i
+n
i+1
n
i
) 1 (mod p).
Letting k = n
i+1
n
i
, we see that x = n
i
is a solution to (x +1)(x +2) (x +k) 1
(mod p). Since the polynomial (x + 1)(x + 2) (x + k) 1 Z/pZ[x] has at most k
distinct roots modulo p, it follows that for each 1 < k < p there are at most k indices
i such that n
i+1
n
i
= k. We will prove that this is enough to force m < cp
2/3
.
Choose a positive integer j such that
(j + 1)(j + 2)
2
m
j(j + 1)
2
.
Since m
j(j+1)
2
=

j
i=1
j, when the dierences n
i+1
n
i
are written in ascending
order, the rst is at least 1, the next two are at least 2, and so on, each time the next
112
i dierences are at least i (this is because for a xed k, 1 k < p, n
i+1
n
i
has at
most k solutions). Thus
m1
i=1
(n
i+1
n
i
) 1
2
+ 2
2
+... +j
2
=
j(j + 1)(2j + 1)
6
.
We deduce that
p > n
m
n
1
>
j(j + 1)(2j + 1)
6
.
In particular, p >
j
3
3
and so j < (3p)
1/3
. Since m (j + 1)
2
, the result follows.
73. (IMO Shortlist) Let n be an even positive integer. Find the least positive integer k for
which one can nd polynomials with integer coecients f, g such that
f(X)(X + 1)
n
+g(X)(X
n
+ 1) = k.
Proof. Let us write n = 2
r
m for some odd integer m and assume that we have
f(X)(X + 1)
n
+g(X)(X
n
+ 1) = k
for some f, g Z[X] and some positive integer k. Taking for X a root z
i
of the
polynomial X
2
r
+1, we deduce that f(z
i
)(z
i
+1)
n
= k. Multiplying all these relations
and taking into account to

2
r
i=1
(1+z
i
) = 2, it follows that

2
r
i=1
f(z
i
) 2
n
= k
2
r
. Since
2
r
i=1
f(z
i
) is an integer (by theorem ??), 2
n
divides k
2
r
and so k must be a multiple
of 2
m
. In particular, k 2
m
.
We will prove now that k = 2
m
works. Let us see what happens when m = 1 rst. We
need to nd polynomials f, g with integer coecients such that
f(X)(X + 1)
2
r
+g(X)(X
2
r
+ 1) = 2.
The idea is to nd f such that f(z)(z+1)
2
r
= 2 for some root z of X
2
r
+1. Indeed, since
X
2
r
+ 1 is irreducible over the rational numbers ( because (X + 1)
2
r
+ 1 is Eisenstein
for the prime 2), this would imply that X
2
r
+ 1 divides f(X)(X + 1)
2
r
2, which
would give us g. The key point is to take z = e
i
2
r
, because all the other roots z
i
of z
are of the form z
j
, with odd j. Thus, if z
1
= z, ..., z
2
r are the roots of X
2
r
+ 1, then
we can write z
i
+ 1 = (z + 1)Q
i
(z) for some polynomials Q
i
with integer coecients.
And since

2
r
i=1
(1 +z
i
) = 2, it follows that (1 +z)
2
r
2
r
i=1
Q
i
(z) = 2 which gives us the
polynomial f and nishes the proof in the case m = 1.
Finally, it is rather formal to deduce the general case from the case m = 1. Namely,
pick polynomials with integer coecients f, g such that
f(X)(X + 1)
2
r
+g(X)(X
2
r
+ 1) = 2.
Then
f(X)
m
(X + 1)
n
= (2 g(X)(X
2
r
+ 1))
m
= 2
m
+ (X
2
r
+ 1)h(X)
113
for some h Z[X]. The last equality follows from the binomial formula. Now, replace
X by X
m
in the previous equality, to get
f(X
m
)
m
(X
m
+ 1)
n
= 2
m
+ (X
n
+ 1)h(X
m
)
and observe that (X
m
+ 1)
n
= (X + 1)
n
A(X) for some A Z[X] (because m is odd).
The conclusion is now clear.
74. (IMO Shortlist) Suppose that f is a polynomial of degree at least 2, with positive
leading coecient and integer coecients. Show that there are innitely many n such
that f(n!) is composite.
Proof. We will try rst to nd prime numbers p and positive integers n such that
p[f(n!). Then, we will ensure that n is large enough and nally we will have to get rid
of the cases f(n!) = 0, p, p. Write f(X) = a
d
X
d
+ a
d1
X
d1
+ ... + a
0
, with a
d
> 0
and d 2. Note that we may assume that a
0
,= 0, otherwise the problem is trivial.
First, let us consider the equation f(n!) 0 (mod p). Unless p divides a
0
, this forces
n < p. So, let us look for n = p k with k > 0. We have to compute rst (p k)!
(mod p), which is very easy by Wilsons theorem:
1 (p 1)! (p k)!(p k + 1)...(p 1)
(p k)!(1)
k1
(k 1)! (mod p).
Thus, we have f(n!) 0 (mod p) if and only if p[x
k
, where
x
k
= a
0
(k 1)!
d
+a
1
(k 1)!
d1
(1)
k
+... +a
d
(1)
kd
.
We will prove rst the existence of large prime factors of x
k
, more precisely such that
p k. This is the content of the following
Lemma 13.2. There exists k
0
such that for all k > k
0
, there exists a prime factor p
k
of x
k
such that p
k
k.
Proof. This is easy: choose k
1
such that v
p
((k
1
1)!) > v
p
(a
d
) for all primes p [a
d
[.
If all prime factors p of x
k
are less than k for some k k
1
, they divide (k 1)! and
x
k
, so they divide a
d
. But for such a prime p, since v
p
((k 1)!) > v
p
(a
d
), we must
have v
p
(x
k
) = v
p
(a
d
). We deduce that [x
k
[ [a
d
[. Now, choose k
0
> k
1
such that
[x
k
[ > [a
d
[ for all k k
1
, which is possible as a
0
,= 0.
Fix now k
0
and p
k
as in the lemma. Fix also a positive integer N and assume that none
of the numbers f(n!) with n N is composite. By increasing N, we may assume that
x f(x!)x is increasing on [N, ). By construction, p
k
divides f((p
k
k)!). Thus, if
p
k
k N, then we must have f((p
k
k)!) = p
k
and this will happen if we ensure that
k, k+1, ..., k+N1 are composite. To have this, we can choose k = k
a
= a(N+1)! +2
for a 1. Denoting x
a
= p
k
a
k
a
, we deduce that f(x
a
!) = x
a
+ a(N + 1)! + 2 for
114
all suciently large a (so that k
a
> k
0
). In particular, the last relation shows that
x
a
, because the map a x
a
is injective. In particular, for innitely many a we
have x
a+1
x
a
+ 1 and so
f(x
a
!) x
a
+ (N + 1)! = f(x
a+1
!) x
a+1
f((x
a
+ 1)!) (x
a
+ 1).
This implies that
f((x
a
+ 1)x
a
!) f(x
a
!) 1 + (N + 1)!,
which is certainly impossible because
f((x
a
+1)x
a
!)
f(x
a
!)
for a . Thus our assump-
tion was wrong and at least one of the numbers f(n!) with n N is composite. Since
N was arbitrary, the conclusion follows.
75. (Chinese TST) Let a > 1 be an integer and let n be a positive integer. Prove
that there exists a polynomial f of degree n, having integer coecients, such that
f(0), f(1), ..., f(n) are pairwise distinct positive integers, all of the form 2a
k
+ 3 for
some integer k.
Proof. Write n! = m q, where all prime factors of m are among those of a and where
gcd(q, a) = 1. Let b = a
(q)
1, so q divides b. Finally, dene
f(X) = 2a
m
n
i=0
_
X
i
_
b
i
+ 3.
It has integer coecients because i![n![a
m
b for all 0 i n. Moreover, for 1 k n
we have
P(i) = 2a
m
(b + 1)
i
+ 3 = 2a
m+(q)i
+ 3.
76. Let f Z[X] such that p

k
divides f(x) for all x Z. If k p, prove that there are
polynomials g
0
, g
1
, ..., g
k
Z[X] such that
f(X) =
k
i=0
p
ki
(X
p
X)
i
g
i
(X).
Proof. The proof is by induction on k. If k = 1, perform the division algorithm in
Z[X] for the polynomials f and X
p
X (which we can do, as X
p
X is monic) to nd
q, r Z[X] such that f(X) = (X
p
X)q(X)+r(X) and deg r < p. Then p divides r(x)
for all integers x (by Fermats little theorem and the hypothesis) and the result follows
from Lagranges theorem. Assume that the result holds for k and that k +1 p. Also,
suppose that p
k+1
divides f(x) for all x. By the inductive hypothesis, we can write
f(X) =

k
i=0
p
ki
(X
p
X)
i
g
i
(X) for some g
i
Z[X]. Pick any integers x and z and
write x
p
x = py for some integer y. Then (x +pz)
p
(x +pz) p(y z) (mod p
2
),
thus
f(x +pz)
k
i=0
p
k
(y z)
i
g
i
(x +pz) p
k
k
i=0
(y z)
i
g
i
(x) (mod p
k+1
).
115
Thus the hypothesis on f implies that p divides

k
i=0
z
i
g
i
(x) for all integers z. Using
the fact that k +1 p and Lagranges theorem, it follows that p divides g
i
(x) for all i
and all x. By the case k = 1 we can write g
i
(X) = (X
p
X)h
i
(X) +pr
i
(X) for some
h
i
, r
i
Z[X]. Replacing these expressions in f(X) =

k
i=0
p
ki
(X
p
X)
i
g
i
(X) yields
the desired result.
77. (USA TST) Let P be a polynomial with integer coecients such that P(0) = 0 and
gcd(P(0), P(1), P(2), . . . , ) = 1.
Show that there are innitely many n such that
gcd(P(n) P(0), P(n + 1) P(1), P(n + 2) P(2), . . .) = n.
Proof. Let us try to study rst
d
n
= gcd(P(n) P(0), P(n + 1) P(1), ...)
for any polynomial P with integer coecients. Let q be a prime factor of d
n
, so that
P(n + k) P(k) (mod q) for all k, i.e. P is n-periodic modulo q. But P is also q-
periodic modulo q. Thus, if gcd(q, n) = 1, then P is 1-periodic modulo q (by Bzouts
lemma) and so q divides P(n + 1) P(n) for all n. Then q divides P(n) P(0) for
all n, so if P(0) = 0, then q must divide gcd(P(0), P(1), ...). In particular, for our
polynomial we must have q[n for any prime factor q of d
n
.
The previous paragraph suggests taking for n a power of a prime, say n = p
N
. Then
we saw that d
n
is also a power of p. Note that d
n
is a multiple of n, since n divides
P(n +k) P(k) for all k. It remains to see if we can have p
N+1
[P(k +p
N
) P(k) for
all k. Since
P(k +p
N
) P(k) +p
N
P
(k) (mod p
N+1
),
this would imply that p divides P
(k) for all k. Now we see how to choose our numbers

n: pick and x once and for all a value k such that P
(k) ,= 0. For all suciently large

p, p does not divide P
(k). For any such p, the previous arguments show that d

n
= n
for all n = p
N
. The conclusion follows.
78. (product formula) Prove that if x is a nonzero rational number, then [x[
p
[x[
p
= 1,
where the rst absolute value is the usual one.
Proof. Simply write x =
p
p
n
p
for some integers n
p
, all but nitely many being 0.
Then [x[
p
= p
n
p
, so everything is clear.
79. If p > 2, then 16 is an 8-th power in p-adic numbers.

116
Proof. Notice that
X
8
16 = (X
4
4)(X
4
+ 4) = (X
2
2)(X
2
+ 2)((X 1)
2
+ 1)((X + 1)
2
+ 1)
and use the multiplicativity of Legendres symbol to check that one of 1, 2, 2 is a
quadratic residue mod p. So you get solutions mod p and they lift to solutions in Z
p
by Hensels lemma.
80. What are the squares in Q

p
?
Proof. If a Q
p
is a square, then clearly v
p
(a) is even, so we can write a = p
2k
b for
some integer k and some b Z
p
. Of course, a is a square i b is a square. Then b
(mod p) is a square. By Hensels lemma, the converse holds if p > 2, since any root
mod p of X
2
b lifts to a p-adic root. This is wrong for p = 2, since a
2
1 (mod 8)
when a is odd. So if b Z
p
is a square, then b 1 (mod 8). The converse holds,
because for instance the series dening (1 + 8a)
1
2
converges in Z
p
for all a Z
p
(there
are of course more elementary ways to see this).
81. a) Suppose that p > 2 and x 1 + pZ

p
satises ln
p
(x) = 0. Prove that x = 1. b)
Deduce that if p > 2 and x Q
p
satises x
p
n
= 1, then x = 1.
c) If p > 2, what are the roots of unity in Q
p
?
Proof. a) Write x = 1 +a, with a pZ
p
and suppose that a ,= 0. Then
1
a
2
+
a
2
3
... = 0,
which is not possible, since each of
a
2
,
a
2
3
, ... lives in pZ
p
.
b) If x
p
n
= 1, then p
n
v
p
(x) = 0, so that x Z
p
. If a = x (mod p), then a
p
n
= 1
(mod p) and Fermats little theorem yields a = 1 (mod p), that is x 1 + pZ
p
. Then
we can write p
n
ln
p
(x) = ln
p
(x
p
n
) = 0, so we can apply a).
c) Using b), it is enough to nd the roots of unity of order prime to p. We claim that
there are p 1 such roots, and they are the roots of X
p1
1. First, the polynomial
X
p1
1 splits modulo p into a product of distinct linear factors. Hensels lemma
allows us to lift these p 1 roots modulo p to p 1 roots in Z
p
, which are pairwise
incongruent mod p. So, we already have p 1 roots of unity. If a Q
p
is a root of
unity of order prime to p, then a coincides mod p with one of the constructed roots.
Using Hensels lemma again, we deduce that a equals this root and we are done.
82. a) Let x
n
be an arbitrary sequence of p-adic integers. Prove that one can nd n
1
<
n
2
< ... and a p-adic integer a such that the subsequence x
n
1
, x
n
2
, ... converges to a.
b) Prove that f Z[X] has a root in p-adic integers if and only the equation f(x) = 0
(mod p
k
) has solutions for any k 1.
117
Proof. a) Since the rst component of x
n
(seen as a compatible sequence) takes only
nitely many values, there exists a subsequence x
1
(n)
and an integer a
1
such that
x
1
(n)
a
1
(mod p) for all n. The same argument yields a subsequence x
1
(
2
(n))
and an integer a
2
such that x
1
(
2
(n))
a
2
(mod p
2
) for all n, etc. Considering
(n) =
1
(
2
(...
n
(n))...), we obtain a subsequence such that x
(n)
a
k
(mod p
k
)
for all n and all k. It follows that (a
k
(mod p
k
))
k
is a compatible sequence, dening a
p-adic integer a. By construction, we have lim
n
x
(n)
= a and the result follows.
b) On direction is obvious: if f(a) = 0 for some a Z
p
, then a (mod p
k
) is a solution
mod p
k
of the equation f(x) = 0. Conversely, suppose that we can nd y
k
Z such
that f(y
k
) 0 (mod p
k
). By a) there exists a sequence n
1
< n
2
< ... and some a Z
p
such that y
n
k
converges to a. Since p
n
k
divides f(y
n
k
), we have lim
k
f(y
n
k
) = 0.
On the other hand, we have lim
k
f(y
n
k
) = f(a), hence f(a) = 0.
83. (Putnam 2008) Let p be a prime number. Let h(x) be a polynomial with inte-
ger coecients such that h(0), h(1), . . . , h(p
2
2
. Show that
h(0), h(1), . . . , h(p
3
3
.
Proof. Assume h(m) h(n) (mod p
3
) for some m, n Z. Then also h(m) h(n)
(mod p
2
) and by hypothesis this means m n (mod p
2
). Lets write m = n +kp
2
for
some k Z and prove that p [ k. By Newton binomial formula we have
0 h(n +kp
2
) h(n) kp
2
h
(n) (mod p
3
).
So either p [ k or p [ h
(n). If the latter is true, then by similar argument we have

h(n +kp) h(n) kph
(n) 0 (mod p
2
).
By hypothesis this means n+kp n (mod p
2
) so in this case we also have p [ k which
completes the proof.
84. (Japan) Prove that for any n one can nd an integer x for which v
3
(x
3
+ 17) = n.
Proof. For n = 2 just take x
2
= 1 and now induct. Assume we have x
n1
Z such
that x
3
n1
+ 17 = k3
n1
where (k, 3) = 1. We will try to nd m Z such that for
x
n
= x
n1
+m3
n2
we have v
p
(x
3
n
+ 17) = n. So we have
x
3
n
+ 17 = (x
n1
+m3
n2
)
3
+ 17 x
3
n1
+ 3 x
2
n1
3
n2
m+ 17 =
= 3
n1
(k +x
2
n1
m) (mod 3
n+1
).
Now it remains to see that x
2
n1
is invertible mod 9 so there exists such m that k +
x
2
n1
m 3 (mod 9) and we are done.
85. (USA TST) Let p be a prime. We say that a sequence of integers z
n
n=0
is a p-pod
if for each e 0, there is an N 0 such that whenever m N, p
e
divides the sum
m
k=0
(1)
k
_
m
k
_
z
k
.
Prove that if both sequences x
n
n=0
and y
n
n=0
are p-pods, then the sequence
x
n
y
n
n=0
is a p-pod.
118
Proof. By Mahlers theorem on continuous p-adic functions, p-pod sequences are pre-
cisely those that extend to continuous functions on Z
p
. So the problem comes down
to: the product of two continuous functions is continuous, which is obvious.
86. Let p > 5 be a prime. Prove that p
4
divides the numerator of the fraction
2
p1
k=1
1
k
+p
p1
k=1
1
k
2
when written in lowest terms.
Proof. The rst step is to note that
2
p1
k=1
1
k
=
p1
k=1
_
1
k
+
1
p k
_
=
p1
k=1
p
k(p k)
.
Thus, it is enough to prove that
p1
k=1
_
1
k(p k)
+
1
k
2
_
0 (mod p
3
).
Now, the crucial remark is that in the eld of p-adic numbers we have the convergent
expansion
1
k(p k)
=
1
k
2
1
1
p
k
=
1
k
2
_
1 +
p
k
+
p
2
k
2
+...
_
.
By cutting at level p
3
we obtain the congruence
1
k(p k)

1
k
2

p
k
3

p
2
k
4
(mod p
3
).
Of course, one does not need p-adic numbers to check the previous congruence, since
checking it is a formal algebraic matter. However, the way in which such a congruence
is found is more important and comes from p-adic analysis.
Using the previous remark, it remains to prove that
p1
k=1
1
k
3
+p
p1
k=1
1
k
4
0 (mod p
2
).
We will actually prove that
p1
k=1
1
k
3
0 (mod p
2
),
p1
k=1
1
k
4
0 (mod p).
The same argument as in the preliminary discussion yields
p1
k=1
1
k
4

p1
k=1
k
4
0 (mod p),
119
the last congruence being established either by using the existence of primitive roots
mod p (which makes the corresponding sum the sum of a geometric progression with
ratio g
4
, where g is a primitive root mod p) or simply by using explicit formulae for
this kind of sums. In order to prove the other congruence, note that
1
k
3
+
1
(p k)
3
p
k
2
k(p k) + (p k)
2
k
3
(p k)
3
p
3
k
4
(mod p
2
),
so
2
p1
k=1
1
k
3
3p
p1
k=1
1
k
4
0 (mod p
2
).
The result follows.
87. (Math Reections) Let p be a prime and let n > s +1 be positive integers. Prove that
p
d
divides
0kn
p|k
(1)
k
k
s
_
n
k
_
,
where d =
_
ns1
p1
_
.
Proof. Fix a primitive root z of order p of unity. We will use the extension of the p-adic
valuation to Q
p
and so to Q Q
p
. We claim that v
p
(1 z) =
1
p1
. To prove this, it
is easy to see that whenever i is relatively prime to p, we have v
p
(1 z) = v
p
(1 z
i
).
Since we also have

p1
i=1
(1 z
i
) = p, the result follows.
Note that
1
p
p1
j=0
z
kj
= 0 if k is not a multiple of p and 1 otherwise. We deduce that
0kn
p|k
(1)
k
k
s
_
n
k
_
=
1
p
p1
j=0
n
k=0
(z
j
)
k
k
s
_
n
k
_
.
Now, let n s 1 = d(p 1) +r for some 0 r d
for all 0 j p 1. This will imply that
v
p
_
_
_
_
_
0kn
p|k
(1)
k
k
s
_
n
k
_
_
_
_
_
_
> d 1
and since this p-adic valuation is an integer, the result will follow.
Now, to prove the claim, we will use the following:
Lemma 13.3. The polynomial

n
k=0
k
s
_
n
k
_
X
k
is a multiple of (1+X)
ns
for all s < n.
120
Proof. This is very easy: for s = 0 it is clear and if
n
k=0
k
s
_
n
k
_
X
k
= (1 +X)
ns
f(X),
it is enough to dierentiate the previous relation and to multiply it by X to get the
inductive step.
Coming back to the proof, write
n
k=0
k
s
_
n
k
_
X
k
= (1 +X)
ns
f(X)
for some f Z[X] (note that we necessarily have f Z[X], as (1 + X)
ns
and
n
k=0
k
s
_
n
k
_
X
k
have integer coecients and (1 +X)
ns
is monic). Then for
2
1 j d.
Thus, the claim is proved and the result follows.
88. Prove the following theorem of Morita: if p > 2, then there is a unique continuous map
p
: Z
p
Q
p
such that for all n 2 we have
p
(n) = (1)
n
n1
j=1
gcd(p,j)=1
j.
We call it the p-adic Gamma function.
Proof. Dening
g(n) = (1)
n
n1
j=1
gcd(p,j)=1
j
for n 2, let us prove the following
Lemma 13.4. g(n +p
k
) g(n) (mod p
k
) for all n and all k 1.
2
Note that by taking X = 1 in the previous relation we obtain

n
k=0
(1)
k
k
s
_
n
k
_
= 0, so we only have
to deal with j 1.
121
Proof. We have
g(n) g(n +p
k
) = (1)
n
n1
j=1
gcd(j,p)=1
j
_
_
_
_
_
1 +
n+p
k
1
j=n
gcd(j,p)=1
j
_
_
_
_
_
,
so it is enough to check that
p
k
[1 +
n+p
k
1
j=n
gcd(j,p)=1
j.
But if : Z Z/p
k
Z is the natural reduction map, it is clear that
_
_
_
_
_
n+p
k
1
j=n
gcd(j,p)=1
j
_
_
_
_
_
=

gG
g,
where G =
_
Z/p
k
Z
_
. The elements g in the previous product come in pairs (g, g

1
),
but one has to pay attention to the fact that one might have g
2
= 1. However, as
p > 2, this appears precisely when g = 1 or g = 1. Thus, the product of all gs equals
1 and we are done.
The previous lemma easily implies that v
p
(g(m) g(n)) v
p
(m n) for all distinct
positive integers m and n. Choose any p-adic integer a and any sequence x
n
of positive
integers such that lim
n
x
n
= a in Z
p
. Since v
p
(g(x
i
) g(x
j
)) v
p
(x
i
x
j
), it
follows that the sequence (g(x
n
))
n
is a Cauchy sequence and so it converges to some
p-adic integer g(a). If y
n
is another sequence that converges to a, then applying the
result we have just obtained to the sequence x
1
, y
1
, x
2
, y
2
, ..., we deduce that g(y
n
)
converges to g(a), i.e. g(a) is independent of the choice of the sequence (x
n
)
n
. Thus,
we obtain a map
p
: Z
p
Z
p
which clearly extends g. Passing to the limit in the
inequality v
p
(g(m) g(n)) v
p
(mn), we deduce that v
p
(
p
(x)
p
(y)) v
p
(x y)
for all x, y Z
p
, showing that
p
is continuous. This proves the existence of
p
. The
uniqueness part is a trivial consequence of the density of N in Z
p
.
89. Let p > 2. Prove the following properties of the p-adic Gamma function:
1) For all positive integers n we have
p
(n + 1) = (1)
n+1
n!
_
n
p
_
! p
_
n
p
.
2)
p
(Z
p
) Z
p
.
3) If
p
(x) = x for x Z
p
and
p
(x) = 1 for x pZ
p
, then
p
(x + 1) =
p
(x)
p
(x).
4) If x Z
p
and r(x) 1, 2, .., p is the unique integer such that x r(x) pZ
p
, then
p
(x)
p
(1 x) = (1)
r(x)
.
122
Proof. 1) follows immediately by denition of the p-adic Gamma function.
2) By construction, v
p
(
p
(n)) = 0 for integers n 2. As these integers form a dense
subset of Z
p
and as v
p

p
is continuous, 2) follows.
3) This follows immediately from the denition if x is a positive integer. The general
case follows by density and continuity.
4) By density and continuity, it suces to prove that
p
(n)
p
(n + 1) = (1)
n+1[n/p]
for positive integers n. But multiplying the relations
p
(1 j) =
p
(j)
p
(j)
from 3) yields
1
p
(n)
=
n
j=1
p
(j) =

p|j
(1)

gcd(p,j)=1
j
= (1)
[n/p]
(1)
n+1
p
(n + 1)
and the result follows.
123

Gabriel Dospinescu - Teoria Numerelor

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Gabriel Dospinescu - Teoria Numerelor

Uploaded by

Copyright:

Available Formats

An introduction to number theory

Gabriel Dospinescu, A.M.S.P 2012

b = 1. The last is equivalent to ab = 1, that is ab = 1 (mod n). By Bezout,

C. There is a very nice and useful operation

1.16 The ring Z[]

11 (this is easier to handle, though very tricky).

x) = 0 and by the lemma X

1.29 First problem set

. Prove that there exists a sequence of

d[a, b Z and describe Q[

, the group of units of Z/nZ.

, the units of Z/nZ, this yields the following denition:

, a group with p 1 elements.

The second ingredient:

2.23 Some other applications of the lifting lemma

Z for innitely many positive integers n. Show that a, b Z.

3.2 Some amazing applications (following Tchebyshev and Erdos)

2n] 14. We deduce that

n2) log 2n <

Let me mention a rather nice consequence. Unfortunately, I know no easier proof.

3], but not a prime. On the other

d] with d 2, 1, 2, 3 is UFD. However, for

d] is not a UFD: it is easy to check that 2 is irreducible. It is however not a

d. This is obviously impossible.

d), with d > 0 squarefree. A very

d), then one can prove that O

We are now ready for a crucial result:

5.16 The fundamental theorem of arithmetic

The following result is extremely useful:

Corollary 5.24. If R/pR is nite, then it is a eld.

Example 5.28. (Romania TST) Show that (X

5.31 Problem set

5]. Deduce that Z[

We are now in good shape for:

6.6 Eisensteins criterion

The following is an absolute classic:

Heres an important application of Gauss lemma.

d] when d 2, 3 (mod 4) and R = Z

6.15 Problem set

to nish the proof.

14] is euclidean (for some exotic

m) is euclidean for the usual norm if and only if m 2, 3, 10 (Cioari).

d). Set deg(x) = [x x[ for

d]. By the lemma, we can nd q = a + b

7.6 Euclidean UFD

3) is Z[]. The associated norm

has an element of order 3 (as it is a cyclic

2] and write the equation as

2 are relatively prime. If d is a prime of R which divides

2 and x. So its norm divides 8 and also x

2 is associate to a third power in R. However, the units of R are

Remark 7.18. A deep theorem of Mordell ensures that the equation y

It is much more challenging to solve in integers the equation y

is a cyclic group, that is there exists x K

is cyclic we can choose x L

Mbius inversion formula immediately yields a formula for N

8.14 Chevalley-Warning and Erdos-Ginzburg-Ziv theorems

be the abelian group of

9.5 Gauss and Jacobi sums

Corollary 9.8. If and are nontrivial, then g(, ) g(

Here is a striking application. Assume that p 1 (mod 4) is a prime. As F

9.12 The cubic reciprocity law