KennethH. Rosen
AT&T Informotion
(formerly part of
Bell Laborotories)

Read ing, Massachusetts
Menlo Park, California
London Amsterdam
Don Mills, Ontario Sydney
Cover: The iteration of the transformation

\ n/2 if n is even
T(n) :
l Qn + l)/2 if n is odd

is depicted. The Collatz conjecture assertsthat with any

starting point, the iteration of ?"eventuallyreachesthe integer
o n e . ( S e eP r o b l e m 3 3 o f S e c t i o n l . 2 o f t h e t e x t . )

Number theory has long been a favorite subject for students and teachersof
mathematics. It is a classical subject and has a reputation for being the
"purest" part of mathematics, yet recent developments in cryptology and
computer science are based on elementary number theory. This book is the
first text to integrate these important applications of elementary number
theory with the traditional topics covered in an introductory number theory

This book is suitable as a text in an undergraduatenumber theory course at

any level. There are no formal prerequisitesneeded for most of the material
covered, so that even a bright high-school student could use this book. Also,
this book is designed to be a useful supplementarybook for computer science
courses,and as a number theory primer for computer scientistsinterested in
learning about the new developmentsin cryptography. Some of the important
topics that will interest both mathematics and computer sciencestudents are
recursion,algorithms and their computationai complexity, computer arithmetic
with large integers, binary and hexadecimal representations of integers,
primality testing, pseudoprimality,pseudo-randomnumbers, hashing functions,
and cryptology, including the recently-invented area of public-key
cryptography. Throughout the book various algorithms and their
computational complexitiesare discussed.A wide variety of primality tests are
developedin the text.

Use of the Book

The core material for a course in number theory is presentedin Chapters 1,

2, and 5, and in Sections 3.1-3.3 and 6.1. Section 3.4 contains some linear
algebra; this section is necessary background for Section 7.2; these two
sections can be omitted if desired. Sections 4.1, 4.2, and 4.3 present
traditional applications of number theory and Section 4.4 presents an
application to computer science; the instructor can decide which of these
sectionsto cover. Sections 6.2 and 6.3 discussarithmetic functions. Mersenne
primes, and perfect numbers; some of this material is used in Chapter 8.
Chapter 7 covers the applications of number theory to cryptology. Sections
7.1, 7.3, and 7.4, which contain discussionsof classical and public-key
cryptography,should be included in all courses.Chapter 8 deals with primitive

roots; Sections 8.1-8.4 should be covered if possible. Most instructors will
want to include Section 8.7 which deals with pseudo-randomnumbers.
Sections 9.1 and 9.2 are about quadratic residues and reciprocity, a
fundamental topic which should be covered if possible;Sections 9.3 and 9.4
deal with Jacobi symbols and Euler pseudoprimesand should interest most
readers. Section 10.1, which covers rational numbers and decimal fractions.
and Sections I 1.1 and I 1.2 which discussPythagoreantriples and Fermat's
last theorem are coveredin most number theory courses. Sections 10.2-10.4
and I 1.3 involve continued fractions; these sectionsare optional.

The Contents

The reader can determine which chapters to study based on the following
descriptionof their contents.
Chapter I introduces two importants tools in establishing results about the
integers, the well-ordering property and the principle of mathematical
induction. Recursive definitions and the binomial theorem are also developed.
The concept of divisibility of integers is introduced. Representations of
integers to different bases are described, as are algorithms for arithmetic
operations with integers and their computational complexity (using big-O
notation). Finally, prime numbers, their distribution, and conjectures about
primes are discussed.

Chapter 2 introduces the greatest common divisor of a set of integers. The

Euclidean algorithm, used to find greatest common divisors, and its
computational complexity, are discussed, as are algorithms to express the
greatest common divisor as a linear combination of the integers involved. The
Fibonacci numbers are introduced. Prime-factorizations, the fundamental
theorem of arithmetic, and factorization techniques are covered. Finally,
linear diophantine equationsare discussed.

Chapter 3 introduces congruences and develops their fundamental

properties. Linear congruencesin one unknown are discussed,as are systems
of linear congruences in one or more unknown. The Chinese remainder
theorem is developed,and its application to computer arithmetic with large
integers is described.
Chapter 4 developsapplicationsof.congruences. In particular, divisibility
tests, the perpetual calendar which provides the day of the week of any date,
round-robin tournaments,and computer hashing functions for data storage are
Chapter 5 developsFermat's little theorem and Euler's theorem which give

some important congruencesinvolving powers of integers. Also, Wilson's
theorem which gives a congruencefor factorials is discussed. Primality and
probabilistic primality tests based on these results are developed.
Pseudoprimes, strong pseudoprimes, and Carmichael numbers which
masquaradeas primes are introduced.
Chapter 6 is concernedwith multiplicative functions and their properties.
Special emphasisis devotedto the Euler phi-function, the sum of the divisors
function, and the number of divisors function and explicit formulae are
developed for these functions. Mersenne primes and perfect numbers are

Chapter 7 gives a thorough discussionof applicationsof number theory to

cryptology, starting with classical cryptology. Character ciphers based on
modular arithmetic are described,as is cryptanalysisof these ciphers. Block
ciphers based on modular arithmetic are also discussed. Exponentiation
ciphers and their applications are described, including an application to
electronic poker. The concept of a public-key cipher system is introduced and
the RSA cipher is describedin detail. Knapsackciphers are discussed,as are
applicationsof cryptographyto computer science.
Chapter 8 includes discussionsof the order of an integer and of primitive
roots. Indices, which are similar to logarithms, are introduced. Primality
testing basedon primitive roots is described. The minimal universalexponent
is studied. Pseudo-random numbers and means for generating them are
discussed.An applicationto the splicingof telephonecablesis also given.
Chapter 9 covers quadratic residues and the famous law of quadratic
reciprocity. The Legendreand Jacobi symbolsare introduced and algorithms
for evaluating them are developed. Euler pseudoprimesand a probabilistic
primality test are covered. An algorithm for electronically flipping coins is

Chapter l0 coversrational and irrational numbers,decimal representations

of real numbers,and finite simple continuedfractionsof rational and irrational
numbers. Special attention is paid to the continued fractions of the square
roots of po"itive integers.
Chapter 1l treats some nonlinear diophantine equations. Pythagorean
triples are described. Fermat's last theorem is discussed. Finallv. Pell's
equation is covered.
Problem Sets

After each sectionof the text there is a problem set containing exercisesof
various levelsof difficulty. Each set containsproblemsof a numerical nature;
these should be done to develop computational skills. The more theoretical
and challenging problems should be done by studentsafter they have mastered
the computationalskills. There are many more problemsin the text than can
be realistically done in a course. Answers are provided at the end of the book
for selectedexercises,mostly those having numerical answers.

Computer Projects

After each section of the text there is a selectionof computer projects that
involve concepts or algorithms discussedin that section. Students can write
their programs in any computer language they choose, using a home or
personal computer, or a minicomputer or mainframe. I encouragestudents to
use a structured programming languagesuch as C, PASCAL, or PL/ 1, to do
these projects. The projects can serve as good ways to motivate a student to
learn a new computer language, and can give those students with strong
computer science backgrounds interesting projects to tie together computer
scienceand mathematics.

Unsolved Problems

In the text and in the problem setsunsolvedquestionsin number theory are

mentioned. Most of these problems have eluded solution for centuries. The
reader is welcome to work on these questions,but should be forewarned that
attempts to settle such problems are often time-consuming and futile. Often
people think they have solved such problems,only to discover some subtle flaw
in their reasoning.


At the end of the text there is an extensive bibliography, split into a section for books and one for articles.

for books and one for articles. Further, each section of the bibliography is
subdivided by subject area. In the book section there are lists of number
theory texts and references, books which attempt to tie together computer
scienceand number theory, books on some of the aspectsof computer science
dealt with in the text, such as computer arithmetic and computer algorithms,
books on cryptography, and general references.In the articles section of the
bibliography, there are lists of pertinent expository and research papers in
number theory and in cryptography. These articles should be of interest to the
reader who would like to read the original sources of the material and who
wants more details about some of the topics coveredin the book.
A set of five tables is included in the appendix to help students with their computations and experimentation.

computations and experimentation. Students may want to compile tables
different than those found in the text and in the appendix; compiling such
tables would provide additional computer projects.

List of Symbols

A list of the svmbols used in the text and where they are defined is


I would like to thank Bell Laboratoriesand AT&T Information Systems

Laboratories for their support for this project, and for the opportunity to use
the UNIX system for text preparation. I would like to thank George Piranian
for helping me develop a lasting interest in mathematics and number theory.
Also I would like to thank Harold Stark for his encouragementand help,
starting with his role as my thesisadvisor. The studentsin my number theory
courses at the University of Maine have helped with this project, especially
Jason Goodfriend, John Blanchard, and John Chester. I am grateful to the
various mathematicians who have read and reviewed the book, including Ron
Evans, Bob Gold, Jeff Lagarias and Tom Shemanske. I thank Andrew
Odlyzko for his suggestions,Adrian Kester for his assistancein using the
UNIX system for computations, Jim Ackermann for his valuable comments,
and Marlene Rosen for her editing help.
I am particularly grateful to the staff of the Bell Laboratories/American
Bell/AT&T Information Services Word ProcessingCenter for their excellent
work and patience with this project. Special thanks go to Marge Paradis for
her help in coordinating the project, and to Diane Stevens, Margaret
Reynolds, Dot Swartz, and Bridgette Smith. Also, I wish to express my
thanks to Caroline Kennedy and Robin Parson who typed preliminary versions
of this book at the University of Maine.
Finally, I would like to thank the staff of Addison-Wesley for their help. I
offer special thanks to my editor, Wayne Yuhasz, for his encouragement,aid,
and enthusiasm.

Chapterl. The Integers

l.l The well-ordering 4

1.2 Divisibility l8
1.3 Representations of int;;;;;....-'.....-'-.'......... 24
t.4 Computer operationswith integers............ 33
1.5 Prime numbers... 45

Chapter2. Greatest Common Divisors and Prime Factorization

2.1 Greatest common divisors 53

2.2 The Euclideanalgorithm ........... 58
2.3 The fundamentaltheorem of arithmetic ............ 69
2, 4 Factorization of integers and the Fermat numbers 79
2.5 Linear diophantineequations............... 87

Chapter3. Congruences

3.1 Introduction to congruences 9l

3.2 Linearcongruences.............. 102
3.3 The Chinese remainder theorem 107
3.4 Systemsof linear congruences.............. I 16

Chapter4. Applications of Congruences

4.1 D i v i s i b i l i t yt e s t s . . . . . . . . . .. 129
4.2 T h e p e r p e t u a cl a l e n d a r . . . . . . . . . . . . . 134
4.3 R o u n d - r o b i nt o u r n a m e n t s . . . . . . . . . . .. 139
4. 4 Computer file storageand hashingfunctions............... l4l
Chapter 5. Some Special Congruences

5.1 Wilson's theorem and Fermat's little theorem 147

5.2 Pseudoprimes.............. .. 152
5.3 Euler's theorem 16l

Chapter6. MultiplicativeFunctions

6.1 E u l e r ' sp h i - f u n c t i o n. . . . . . . . . . . . . . . 166

6.2 T h e s u m a n d n u m b e ro f d i v i s o r s . . . . . . . . . . . . . . 174
6.3 Perfect numbersand Mersenneprimes 180

Chapter 7. Cryptology

7 .l Character ciphers 188

7 .2 Block ciphers 198
7.3 Exponentiationciphers............... .. 205
7.4 Public-keycryptography............. 212
7.5 Knapsack ciphers 219
7.6 Some applicationsto computer science 227

Chapter 8. Primitive Roots

8.1 The order of an integer and primitive roots 232

8.2 Primitive roots for primes 238
8.3 Existenceof primitive roots 243
8.4 Index arithmetic 252
8.5 Primality testing using primitive roots......... 263
8.6 Universal exponents. 268
8.7 Pseudo-random numbers............ .. 275
8.8 The splicingof telephonecables .. 280

Chapter 9. Quadratic Residuesand Reciprocity

9.I Quadratic residues 288

9.2 Quadratic reciprocity .. 304
9.3 The Jacobi symbol 314
9.4 Euler pseudoprimes............. 325
xtl Contents

Chapter 10. Decimal Fractions and Continued Fractions

10.1 Decimal fractions... 336

10.2 Finite continuedfractions 350
10.3 Infinite continued fractions 361
10.4 Periodic continued fractions 315

Chapter I l. Some Nonlinear Diophantine Equations

l.l Pythagoreantriples.... 391

t.2 F e r m a t ' sl a s t t h e o r e m. . . . . . . . . . . . . 397
1.3 Pell'sequations 401

Appendix.. 410
Answers to selected problems 426
Bibliography............. 438
List of symbols.... 445
Index 447

Number theory, in a general sense, is the study of numbers and their

p r o p e r t i e s .I n t h i s b o o k ,w e p r i m a r i l y d e a l w i t h t h e i n t e g e r s , 0 ,+ 1 , + 2 , . . . .
We will not axiomatically define the integers, or rigorously develop integer
arithmetic.l Instead, we discussthe interestingpropertiesof and relationships
between integers. In addition, we study the applicationsof number theory,
particularly thosedirected towardscomputer science.
As far back as 5000 years ago, ancient civilizations had developedways of
expressingand doing arithmetic with integers. Throughout history, different
methods have been used to denote integers. For instance, the ancient
Babyloniansused 60 as the base for their number system and the Mayans
used 20. Our method of expressing integers, the decimal system,was first
developed in India approximately six centuries ago. With the advent of
modern computers, the binary system came into widespreaduse. Number
theory has been used in many ways to devise algorithms for efficient computer
arithmetic and for computer operationswith large integers.
The ancient Greeks in the school of Pythagoras, 2500 years ago, made the
distinction betweenprimes and composites. A prime is a positive integer with
no positive factors other than one and the integer itself. In his writings,
Euclid, an ancient Greek mathematician, included a proof that there are
infinitely many primes. Mathematicians have long sought formulae that
generate primes. For instance, Pierre de Fermat, the great French number
theorist of the seventeenthcentury, thought that all integers of the form
22' + 1 are prime; that this is false was shown, a century after Fermat made
this claim, by the renowned Swiss mathematician Leonard Euler, who
demonstratedthat 641 is a factor of 22' + | .
The problem of distinguishing primes from compositeshas been extensively
studied. The ancient Greek scholarEratosthenesdeviseda method, now called

l. S u c h a n a x i o m a t i c d e v e l o p m e n to f t h e i n t e g e r sa n d t h e i r a r i t h m e t i c c a n b e f o u n d i n L a n d a u

the sieve of Eratosthenes, that finds all primes less than a specified
limit. It
is inefficient to use this sieve to determine whether a particular integer
prime. The problem of efficiently determining whether an integer is prirne
long challengedmathematicians.

Ancient Chinese mathematiciansthought that the primes were precisely

those positive integers n such that n divides 2' - 2. Fermat showed that if
is prime, then n does divide 2n - 2. However, by the early nineteenth
century, it was known that there are compositeintegersn such that n divides
2n - 2, such as n : 341 . These compositeintegers are called pseudoprimes
Becausemost compositeintegers are not pseudoprimes,it is possibleto develop
primality tests based on the original Chinese idea, together with extra
observations. It is now possibleto efficiently find primes; in fact, primes with
as many as 200 decimal digits can be found in minutes of computer time.

The fundamental theorem of arithmetic, known to the ancient Greeks,

says that every positive integer can be written uniquely as the product of
primes. This factorization can be found by trial division of the integer by
primes less than its square-root; unfortunately, this method is very time-
consuming. Fermat, Euler, and many other mathematicians have produced
imaginative factorization techniques. However, using the most efficient
technique yet devised, billions of years of computer time may be required to
factor an integer with 200 decimal digits.

The German mathematician Carl Friedrich Gauss, consideredto be one of

the greatest mathematicians of all time, developed the language of
congruences in the early nineteenth century. When doing certain
computations,integers may be replaced by their remainders when divided by a
specific integer, using the language of congruences. Many questions can be
phrased using the notion of a congruencethat can only be awkwardly stated
without this terminology. Congruenceshave diverse applications to computer
science,including applications to computer file storage, arithmetic with large
integers,and the generationof pseudo-randomnumbers.

One of the most important applications of number theory to computer

science is in the area of cryptography. Congruencescan be used to develop
various types of ciphers. Recently, a new type of cipher system, called a
public-key cipher system, has been devised. when a public-key cipher is
used, each individual has a public enciphering key and a private deciphering
key. Messagesare encipheredusing the public key of the receiver. Moreover,
only the receiver can decipher the message,since an overwhelming amount of
computer time is required to decipher when just the enciphering key is known.
The most widely used public-key cipher system relies on the disparity in
computer time required to find large primes and to factor large integers. In

particular, to produce an enciphering key requires that two large primes be

found and then multiplied; this can be done in minutes on a computer. When
these large primes are known, the decipheringkey can be quickly found. To
find the deciphering key from the enciphering key requires that a large
integer, namely the product of the large primes, be factored. This may take
billions of years.
In the following chapters,we discussthese and other topics of elementary
number theory and its applications.
The Integers

1.1 The Well-OrderingProperty

In this section,we discussseveral important tools that are useful for proving
theorems. We begin by stating an important axiom, the well-ordering

The Well-Ordering Property. Every nonempty set of positive integers has a

least element.
The principle of mathematical induction is a valuable tool for proving
results about the integers. We now state this principle, and show how to prove
it using the well-ordering property. Afterwards, we give an example to
demonstrate the use of the principle of mathematical induction. In our study
of number theory, we will use both the well-ordering property and the
principle of mathematical induction many times.

The Principle of Mathematical Induction. A set of positive integers that

contains the integer I and the integer n I I whenever it contains n must be
the set of all positive integers.

Proof. Let S be a set of positive integers containing the integer I and the
integer n * | whenever it contains n. Assume that S is not the set of all
positive integers. Therefore, there are some positive integers not contained in
.S. By the well-ordering property, since the set of positive integers not
contained in S is nonempty, there is a least positive integer n which is not in
. S . N o t e t h a t n 1 1 , s i n c el i s i n S . N o w s i n c en ) l , t h e i n t e g e r n - 1 i s
l.l The Well-Ordering ProPertY

a positive integer smaller than n, and hence must be in S. But since S

contains n - l, it must also contain (n-t) + | : n, which is a contradiction,
since n is supposedlythe smallest positive integer not in S. This shows that S
must be the set of all positive integers. tr
To prove theorems using the principle of mathematical induction, we must
show two things. We must show that the statement we are trying to prove is
true for l, the smallest positive integer. In addition, we must show that it is
true for the positive integer n * I if it is true for the positive integer n. By
the principle of mathematical induction, one concludes that the set S of all
positive integers for which the statement is true must be the set of all positive
integers. To illustrate this procedure, we will use the principle of
mathematical induction to establish a formula for the sum of the terms of a
geometric progression.

Definition. Given real numbers 4 and r. the real numbers

a , a r , e r 2 ,o t 3 r . . .

are said to form a geometric progression. Also, a is called the initial term
and r is called the common ratio.

Exa m ple. T he num b e rs 5 , -1 5 ,4 5 , -1 3 5 ,... fo rm a geometri c progressi on

with initial term 5 and common ratio -3.
In our discussion of sums, we will find summation notation useful. The
following notation representsthe sum of the real numberse1, o2,...,on.

2oo:er*az* lan

We note that the letter k, the index of summation, is a "dummy variable" and
can be replaced by any letter, so that

ak: 2 oi
j-t i-l

Example. We see that

The Integers


2 2i : 2 * 22+ 23+ 24+ 2s : 62 .

We also note that in summation notation, the index of summation may

range betweenany two integers,as long as the lower limit does not exceedthe
upper limit. If m and h are integers such that z ( n, then

b oo:am*a^a1* *an.

For instance.we have

> k 2 : 3 3+ 4 2+ 5 2 : 5 0 ,

> 3k:30 + 3t + 32: 13,




We now turn our attention to sums of terms of geometricprogressions.The

su m of t he t er m s e ) e r, o r2 ,...,a rn i s

2ori:e*ar*ar2+ *arn,

where the summation beginswith 7 : g. We have the following theorem.

Theorem l.l. If a and r ^re real numbersand r * l. then

1.1 The Well-OrderingProperty

(1.1) E ori
: a * ar i*a rar2
-t + r ' ' : T: T
r* a arn .

Proof. To prove that the formula for the sum of terms of a geometric
progressionis valid, we must first show that it holds for n : l. Then, we must
show that if the formula is valid for the positive integer n, it must also be true
for the positive integer n * l.
To s t ar t t hings o ff, l e t n : l . T h e n , th e l e ft si de of (t.t) i s a * ar, w hi l e
o n t he r ight s ideof (1 .1 ) w e h a v e
arL-a _ a?z-t) _ ab*l)(r-1) a(r*l) : a * ar
r-l r-l T:

So the formula is valid when n : l.

N ow we as s um eth a t (1 .1 ) h o l d s for the positive integer n. That is, we


0.2) alar+arz+ 'tar'-arn*l-Q


We must show that the formula also holds for the positive integer n * l.
What we must show is that

(t.:) or@+t)+t_o ar'+2-e

a*ar+ar2+ * arn * arn*l :
r-l r-l
To show that (1.3) is valid, we add orn*r to both sidesof (1.2), to obtain

(t.+) (a*ar*ar2+...+arn) * a r ' + r- + arr+t,

The left side of (t.+) is identical to that of (1.3). To show that the right sides
are equal, we note that
arn*l-a 1 arn+l-e , or'*l (r- I )
T A ^r - n r r _ T-
r- I r-l r-1
orn*l-a*ar'+Z arn*l


Since we have shownthat 0.2) i m p l i e s (t.:), w e can concl udethat (t.t)

The Integers

holds for all positive integers n. tr

Example. Let n be a positive integer. To find the sum

bro:r*2+22+ *2',

we use Theorem l.l with e : I and r : 2, to obtain

1n*l _ I
l+2+22+ . J- 1n : rn*l_r

Hence, the sum of consecutivenonnegative powers of 2 is one less than the

next largest power of 2.
A slight variant of the principle of mathematical induction is also sometimes
useful in proofs.

The Second Principle of Mathematical Induction. A set of positive integers

which contains the integer 1, and which has the property that if it contains all
th e pos it iv eint eg e rs1 ,2 ,..., k , th e n i t a l s o c ontai nsthe i nteger k + l , must
be the set of all positive integers.

Proof. Let T be a set of integers containing I and containing k + I if it

co nt ains 1, 2, . . . , k . L e t S b e th e s e t o f a l l p osi ti vei ntegersn such that al l
the positive integers less than or equal to n are in Z. Then I is in S, and by
the hypotheses,we see that if k is in S, then k + | is in S. Hence, by the
principle of mathematical induction, S must be the set of all positive integers,
so clearly T is also the set of all positive integers. tr

The principle of mathematical induction provides a method for defining the

values of functions at positive integers.

Definition. We say the function f is defined recursively if the value of f at I

is specifiedand if a rule is providedfor determiningf h*l) from f h) .

If a function is defined recursively, one can use the principle of

mathematical induction to show it is defined uniquely at each positive integer.
(See problem 12 at the end of this section.)

We now give an example of a function defined recursively. We define the

factorial function f fu) : nt . First, we specify that
1.1 The Well-Ordering ProPertY

f(r): I ,
and then we givethe rule for finding f h*1) from f fu), namely
f h+r) : (n+r)'ffu).
These two statementsuniquely define r!.
To find the value of f G) : 6! from the recursive definition of f h) : nl,
use the secondproperty successively,as follows
(2) :6's'4'3'2f0).
f 6) :6.f (5) : 6.5.f(4) : 6.s.4'f(3) : 6's'4'3'f
We now use the first statement of the definition to replacef 0) by its stated
value l. to concludethat
6 l : 6 ' 5 ' 4 ' 3 ' 2 ' :l 7 2 0 .

In general, by successivelyusing the recursive definition, we see that n! is the

product of the first n positive integers,i.e.

n! : l'2'3 n

For convenience,and future use, we specify that 0! : l.

We take this opportunity to define a notation for products, analogous to
summation notation. The product of the real numbers a1, a2,...,a, is denoted

ft o, : ere2 an
j -r

The letter 7 above is a "dummy variable", and can be replaced arbitrarily.

Example. To illustrate the notation for products we have

fI j:l'2'3'4'5:120.
I I 2 : 2 . 2 . 2 . 2 . 22: 5: 3 2 .
fI Zi : 2r5
l0 The Integers

We note that with this notation, n ! : fI .

j -r ,r
Factorials are used to define binomial cofficients.

Definition. Let m and k be nonnegativeintegers with k 4 m. The

cofficien,lT I isoenneo
(^ /
l*| mt
t r t : -

lk J kt(m_k)t

In computing we see that there is a good deal of cancellation,because
lO ,J,
l^) : - - m; t . 2 . 3. . . @ - k ) @ - k + t ) . . . t u - t ) m
lk ) kt@_k)l k! t.2.3 fu-k)
(m-k+r) ( m - r )m

Example.To evaluatethe binomialcoefficien,

we notethat
L, ,J,
1 7| : 7 t : 1 . 2 . 3 . 4 . s . 6 . 7s . 6 . 7
f3J 3t4t r23.r234:E:i)'
We now prove some simple propertiesof binomial coefficients.

Proposition 1.2. Let n and k be nonnegativeintegerswith k ( n . Then

r) r )
( i i ) l l l : -l ' . 1
fkj l,-t,)'
Proof. To see that (i) is true, note that
1.1 The Well-OrderingProperty 11

[;]:# :n'':l


To verify (ii), we seethat

t;] _n,._
n !0!

n; :-:l nt lr ,l
l- tr
| . kJ kth-k)t t u - k ) r ( n -h - k ) ) t ln-* )'
An important property of binomial coefficientsis the following identity.

Theorem 1.2. Let n and k be positive integers with n > k. Then

|',]*, I n I _ |,,*'l
loj [o-,J:I )
Proof. We perform the addition

[;]. lr:,
by using the c om m o nd e n o mi n a to rftl (n -k + t)!. Thi s gi ves

t. +
Uc lr\,
n th - k t l )
n tk
nl((n-k +r) +k)
k th - k + t ) t
kth-k +r)t
[l l nn + rI
f k )
t2 The Integers

Using Theorem 1.2, we can easily construct Pascal's triangle, which

displavsthe binomial coefficients. In this triangle, the binomial coefficient
rs t he ( k + t)ttr n u m b e r i n th e (n + l )th row . The fi rst ni ne row s of
Pascal'st r ianglea re d i s p l a y e di n F i g u re l .l .



Figure1.1. triangle.

We see that the exteriornumbersin the triangleare all l. To find an

interiornumber,we simplyadd the two numbersin the positionsabove,and to
either side,of the positionbeing filled. From Theorem1.2, this yieldsthe
occur in the expansions
Binomial coefficients of powersof sums. Exactly
how they occuris describedby the binomial theorem.

The BinomialTheorem. Let x and y be variablesand n a positiveinteger.


(x*y)n y'+
-2 2
[;]".. [T]".-',.
+ l,:r)*r.-,+ [,:,]'y n - +l:),'
or using summation notation,
1.1 The Well-Ordering ProPertY l3

^ (n]
G + y ) n: 2 l\ J; ll * " - t y t

We prove the binomial theorem by mathematical induction. In the proof we

make use of summation notation.

Proof. We use mathematical induction. When n : l, according to the

binomial theorem. the formula becomes

(x*y)r-frlfrl +
But because
lrlfrl s t a t e st h a t ( x + y ) r : x *y, w h i c hi s
lnl: lil:t,this
t"J \^/
obviously true.
We now assume the theorem is valid for the positive integer n, that is, we
^ fn)
G+ y ) n: 2 l , l r ' - i r i .
j-0 \r )

We must now verify that the correspondingformula holds with n replaced by

n * l, assumingthe result holds for n. Hence, we have
(x+y)n+r - (xty)"(x+y)
: l, |,,.l I
l a l\ri l)" - t ' l l ( x + r )
|.i:o J
, lnl , fr)
j-0 \r ) j:0 \J ./

We see that by removing terms from the sums and consequently shifting
t4 The Integers

2l;).'-'.',' : In+l +


3l:).'-'''*' * yn+t

:21'!'1"-'*' yj + yn*t

Hence, we find that

n I
( x *Y )' + r - xn+r +> lxn-i+tri I yn+t
j-r I

By Theorem 1.2, we have

so we conclude that
t;l+ [,1']: [';']

- ,,*, + bl':'fx,-i*,ri
k+y),,'+r * yn+r
I r ) i-t
n * t [ n + rI
- S I l*n+t-iri
t 1 ^l . j )
This establishesthe theorem. u
We now illustrate one use of the binomial theorem. If we let x : y : l. we
see from the binomial theorem that

^ lrl , rl lnl
2 n: ( t + t ) , : ) :
l\ r r )l t , - r l i j -)o LJ,l

This formula showsthat if we add all elementsof the fu+l)th row of Pascal's
triangle, we get 2n. For instance,for the fifth row, we find that
1.1 The Well-OrderingProPertY 15

. . . . :, +4+6+4+,:,6:24
[;] [l] [l] [l] [l]

l.l Problems

l. Find the values of the following sums

l0 l0
a) >2 c) 2j'
j-r j-r

l0 t0
u) 2i o) 22i.
j-l j-r

2. Find the values of the following products

i l j -rl r 2 c) r. j'
b) trj 0) il2i
j-t j-l

3 . Find n ! for n equal to each of the first ten positive integers.

fro)frolfrolfrol frol
lo,|'|.,.l'I r.l'I tJ'^na
|'qI fgI froI
5 . Find the binomial coefficients and o andverirvthat
l',l' loJ' I ,J'
fnl , fnl f,ol
lrj*loj: loJ
6 . Show that a nonempty set of negative integers has a largest element.
7 . Use mathematical induction to prove the following formulae.

a) >,i:t+2+3+ + ,:n(nlD.
j-l L

.t n (n+l) (2n+l)
U) 2i': 12+22+32+ + , a

j-l 6
t6 The Integers

| 12
c ) i . r ' : t ' + 2 3+ 3 3+ * n3: | 't'ftl I
8. Finda formula
rcrjft Zi.

9. Use the principle of mathematical induction to show that the value at each
positive integer of a function defined recursivelyis uniquely determined.

r0. what function f (n) is defined recursively by f 0) : 2 and f (n+D : 2f (n)

for n)l?

ll. I f g i s d e f i n e d r e c u r s i v e l yb y g ( l ) : 2 and g(n) :2sb-D for n 7 2,

what is S(02

t2. The second principle of mathematical induction can be used to define functions
recursively. We specify the value of the function at I and give a rule for finding
f h+l) from the values of f at the first n positive integers. Show that the
values of a function so defined are uniquely determined.

t3. We define a function recursively for all positive integers n bV (l) : l,

f (2):5, and for n 2 2, f h+t):f h) + 2f (n-t). Show that f (n) :
2^ + el)n, using the secondprinciple of mathematical induction.

14. a) Let n be a positive integer. By expanding (l+(-l))'with the binomial

theorem. show that

, fr)
) (-r)o : o.

b) usepart(a),andthefactthat > f;l :2' , to find

\'' J t-o

f,l* f,l* l,l *

loj IrJ loj

['J*l,J* I'J*
c) Findthesuml -2+22-23 + +2too.

15. Show by mathematical induction that if n is a positive integer, then

(2n)t < 22'(nl)z.
1.1 The Well-Ordering ProPertY t7

16. The binomial coefficients x is a variable, and n is a positive integer,


can be defined recursivelyby the equations : x and

[l ]

| .I ,_n [,1
In+tJ:R l;l
|.".l x! ,

S h o w t h a tl - l +
1.,, | :
l--*, l,whenevernisapositiveinteger.
l,?J lt?+rj ln,'t
t 7 . In this problem, we develop the principle of inclusion - exclusion. Suppose
that S is a set with n elements and let Pr, P2,.,., P, be t different properties
that an element of S may have. Show that the number of elements of S
possessingnone of the / properties is

n -ln(rr) + n(p) + + n@)l

) n ( P t , P r+)
+ l n ( P t , P z+ + n(P,-r,P,)l
- { n ( P r , P z , P t )* n ( P r P z , P q ) + * n(P,-2,P,4,P,)|
+ + (-l)'n (P1,P2,...,P,),

where n(Pi,,Pi,,..., P,,) is the number of elements of S possessingall of the

properties Pi,,P;,,...,P;,.The first expressionin brackets contains a term for each
property, the secondexpressionin brackets contains terms for all combinations of
two properties, the third expressioncontains terms for all combinations of three
properties,and so forth. (Hint: For each element of S determine the number of
times it is counted in the above expression. If an element has k of the

properties, t-
showit is counted
lrl + lpl- + (-l)ft
ltl ,i-.t. This
lrJ Itl lrJ
equals zeroby problem la(a).)

1 8 . The tower of Hanoi was a popular puzzle of the late nineteenth century. The
puzzle includes three pegs and eight rings of different sizes placed in order of
size, with the largest on the bottom, on one of the pegs. The goal of the puzzle is
to move all the rings, one at a time without ever placing a larger ring on top of a
smaller ring, from the first pbg to the second,using the third peg as an auxiliary
l8 The Integers

a) Use mathematicalinduction to show that the minimum number of movesto

transfer n rings, with the rules we have described,from one peg to another
is 2n - 1.

b) An ancient legend tells of the monks in a tower with 64 gold rings and 3
diamond pegs. They started moving the rings, one move per second, when
the world was created. When they finish transferring the rings to the second
peg, the world ends. How long will the world last?

19. Without multiplying all the terms, show that

il 6! 7!: l0! c) 16!: l4t 5t 2l

b) l0!:7! 5! 3! d ) 9 t - 7 13 ! 3 ! 2 ! .

20. Let an : (af a2l. ar-1!) - l, and on+t: af. a2t an_tl, where
or positiveintegers. Show that an*1!: al. a2t
o1,a2,...,etr-1 onl.
2 1 . F i n d a l l p o s i t i v ei n t e g e r sx , y , a n d z s u c h t h a t x t * y l : z!.

l.l Computer Projects

Write programs to do the following:

l. Find the sum of the terms of a geometric series.

2. Evaluate n !

3. Evaluate binomial coefficients.

4. Print out Pascal'striangle.

5. List the movesirr the Tower of Hanoi puzzle (see problem l8).

6. Expand (x*y)", where n is a positive integer, using the binomial theorem.

1.2 Divisibility
When an integer is divided by a secondnonzerointeger, the quotient may or
m ay not be an i n te g e r. F o r i n s ta n c e ,2 4 /8 : 3 i s an i nteger,w hi l e l 7/5:3.4
is not. This observationleads to the following definition.

Definition. If a and b are integers, we say that a divides b if there is an

integer c such that b : ac. lf a divides b, we also say that a is a divisor or
factor of b.
1.2 Divisibility t9

I f a d i v i d e sb w e w r i t e a l b , w h i l e i f a d o e s n o t d i v i d e b , w e w r i t e a t r U .

Example. The following examples illustrate the concept of divisibility of

i n t e g e r s1:3| 1 8 2-,5 | 9 0 ,t 7 l 2 8 g , e t r q q , l t r s o-,l | : 1 , a n d1 71 0 .

Example. The divisorsof 6 are +1, *2, +3, and +6. The divisorsof 17 are
tl and tI7. The divisors of 100 are +1, *2,+4, +5, +10,
+20, +25, +50, and + 100.

In subsequentsections,we will need some simple properties of divisibility.

We now state and prove these properties.

l b a n db l r , t h e n a l c .
1.3. If a,b,and c areintegerswitha

Proof. Since a I b and b I c, there are integers e and f with ae : b and

bf : ,. Hence, bf : be)f : aGf) : c, and we concludethat a I c. a

Exa mple. S inc e 1l | 6 6 a n d 6 6 | tl a , P ro p o s i ti on1.3 tel l s us that 11 | 198.

P r o p o s i t i o n1 . 4 . l f a , b , m , a n d n a r e i n t e g e r sa, n d i f c l a a n d c l D , t h e n
c | (ma+nb).

Proof. Since c I a and c | 6, there are integers e and / such that a : ce and
b : c f . Henc e, m a * n b : m c e * n c f : c (me + nf). C onsequentl y,
w e see
th a t c | f ua+ nb) . E

Exa mple. S inc e 3l2 l a n d : I l l , Pro p o s i ti o n1 .4 tel l s us that

3 | 6 - z l - 3 . 3 3:) l o 5 - 9 9 : 6 .

The following theorem states an important fact about division.

The Divisionl$f$* If a and b are integers such that b > 0, then there
are unique integers q and r such that a : bq * r with 0 ( r < b.
In the equation given in the division algorithm, we call q the quotient and r
the remainder.
We note that a is divisible by b if and only if the remainder in the division
algorithm is zero. Before we prove the division algorithm, consider the
following examples.
20 The Integers

Example. If a-.133 and b:21, then Q:6 and r:7, since

133:21'6+7. L i k e w i s ei,f a : - 5 0 a n d b : 8 , t h e n q - - 7 and r:6,
s i n c e- 5 0 : 8 ( - 7 ) + 6.
For the proof of the division algorithm and for subsequent numerical
computations,we need to define a new function.

Definition. Let x be a real number. The greatest integer in x, denoted by

[x ], is the largest integer lessthan or equal to x.

Example. We have the following values for the greatest integer in

: 2,131: 3, : -2.
x'. 12.21
The proposition below follows directly from the definition of the greatest
integer function.

Proposition 1.5. If x is a real number, then x-l < [x] ( x.

We can now prove the division algorithm. Note that in the proof we give
explicit formulae for the quotient and remainder in terms of the greatest
integer function.

Proof. Let q:la/bl a n d r : a - b l a / b l . C l e a r l ya : b q * r . T o s h o w

that the remainder r satisfies the appropriate inequality, note that from
Proposition1.5, it follows that

G/b)-l < ta/bl 4a/b.

We multiply this inequality by b, to obtain

a - b < btalbl 4 a.

Multiplying by -1, and reversingthe inequality,we find that


By adding e, we seethat

0 ( r - a - bla/bl < n.

To show that the quotient q and the remainder r are unique, assume that
w e h a v e t w o e q u a t i o n sa : b q r * r r a n d a : b q z * r r , w i t h 0 ( r r ( b a n d
0 ( rz < b. By subtracting the secondof these from the first, we find that
1.2 Divisibility 2l


Hence. we seethat
rz - rr: b(qt-qr).

Th i s tells us t hat D d i v i d e s rz - rr. Si n c e 0 ( rr I b and 0 ( rz ( b, w e

have -b < rz- rr 1b. This shows that b can divide rz- 11 only if
r z - 1 1 : 0 , o r , i n o t h e r w o r d s ,i f 1 1 : 1 2 . S i n c e b q t + r t : b Q z * 1 2 a n d
rt: 1 2 we als o s ee th a t Qr: Qz . T h i s s h o w s th at the quoti ent q and the
remainder r are unique. tr

E x a m p l e .L e t a : 1 0 2 8 a n d b : 3 4 . Then a:bq*r with 0(r <b,

w h e r e q : t t 0 2 8 / 3 4 1 : 3 0 a n d r : 1 0 2 8 - 1 1 0 2 8 / 3 4 1 . 3 4 : 1 0 2 8- 3 0 . 3 4 : 8 .
W i t h a : - 3 8 0 a n d b : 7 5 , w e h a v ea : b q * r w i t h 0 ( r < b , w h e r e
q : [-380/ 751 : - 6a n d r : -3 8 0 - t-3 8 0 /7 5 1 : -380 - (-6)75 : 70.
Given a positive integer d, we can classify integers according to their
remainders when divided by d. For example, with d : 2, we see from the
division algorithm that every integer when divided by 2leaves a remainder of
either 0 or l. If the remainder when n is divided by 2 is 0, then r : 2k for
some positive integer k, and we say n is even, while if the remainder when n
i s d i vi dedby 2 is l, th e n n :2 k * I fo r s o mei n tegerk,and w e say n i sodd.

Similarly, when d : 4, we see from the division algorithm that when an

integer n is divided by 4, the remainder is either 0,1,2, or 3. Hence, every
i n te g e r is of t he f orm 4 k ,4 k + l ,4 k * 2 , o r 4 k + 3, w here k i s a posi ti ve
We will pursue these matters further in Chapter 3.

1.2 Problems
l. S h o wt h a t3 l g g , s I t + S , 7 l 3 4 3 ,a n d8 8 8| 0 .
2. Decidewhich of the followingintegersare divisibleby 22
il0 d) r92s44
b) 444 e) -325r6
c) 1716 f) -195518.
22 The Integers

3. Find the quotient and remainder in the division algorithm with divisor 17 and

a) loo c) -44
b) 28e d) -100.

4. What can you conclude if a and b are nonzero integers such that a I b and

5. Show that if a, b, c, and d are integers with a and c nonzero such that a I b
and c I d, then ac I bd.

6 . A r e t h e r e i n t e g e ras, b , a n d c s u c h t h a t a l b c , b u t a I b anda I c).

7 . Show that if a, b,and c l0 a r e i n t e g e r s t, h e n a I t i f a n d o n l y i f a c I b c .
8 . Show that if a and b are positive integers and a I D, then a ( D.
9 . Give another proof of the division algorithm by using the well-ordering property.
(Hint: When dividing a by b, take as the remainder the least positive integer in
the set of integersa-qb.)

1 0 . Show that if a and b are odd positive integers, then there are integers s and ,
s u c ht h a t a : b s * / , w h e r eI i s o d d a n d l r l < n .
When the integer a is divided by the interger b where b > 0, the division
algorithm gives a quotient of q and a remainder of r. Show that if 6 ,f a, when
-a is divided by b, the division algorithm gives a quotient of -(q*l) and a
remainder of b - r, while if 6 | a, the quotient is -q and the remainder is zero.

1 2 . Show that if a, b, and c are integers with b ) 0 and c ) 0, such that when a
is divided by b the quotient is q and the remainder is r, and when q is divided
by c the quotient is / and the remainder is s, then when a is divided by bc, the
quotient is I and the remainder is bs * r.

1 3 . il Extend the division algorithm by allowing negative divisors. In particular,

show that whenever a and b # 0 are integers, there are integers q and r
such that a : bq * r, where 0 ( r < lAl .

b) Find the remainderwhen 17 is divided by -7.

1 4 . Show that if a and D are positive integers, then there are integers q,r and
e : ! . 1 s u c ht h a t a : bq * er where-b/2 <er4 b/2.

1 5 . S h o w t h a t i f a a n d b a r e r e a l n u m b e r s ,t h e n l a + b l 2 l a ] + [r].

1 6 . Show that if a and b are positive real numbers, then labl 2 Laltbl .
What is the corresponding inequality when both a and b are negative? When
one is negative and the other positive?
1.2 Divisibilitv 23

17. What is the value of [a ] + l-a I when a is a real number?

18. Show that if a is a real number then

a) -I-a I is the least integer greater than or equal to a.

b) la + %l is the integer nearest to a (when there are two integers equidistant
from a, it is the larger of the two).

19. Show that if n is an integer and x is a real number, then [x*n] : [xl + n .

20. Show that if m and n \ 0 are integers, then

(r r
I 1I1 | if m : kn - I for someintegerk.
| * + r 1 . J L J'
I n_ i : l l I
I I llyl*tif m:kn-lforsomeintegerk.
21. Show that the integer n is even if and only if n - 2ln /21 : 0.

22. Show that if a is a real number, then [a ] + Ia + %l : l2al .

23. a) Show that the number of positive integers less than or equal to x that are
divisible by the positive integer d is given by [x/dl.

b) Find the number of positive integers not exceeding 1000 that are divisible by
5 , b y 2 5 , b y 1 2 5 ,a n d b y 6 2 5 .

c) How many integers between 100 and 1000 are divisible by 7? by 49'l

24. To mail a letter in the U.S.A. it costs 20 cents for the first ounce and l8 cents
for each additional ounce or fraction thereof. Find a formula involving the
greatest integer function for the cost of mailing a letter. Could it possibly cost
S 1.08 or ,$I .28 to mail a letter?
25. Show that if a is an integer, then 3 divides a3-a

26. Show that the sum of two even or of two odd integers is even, while the sum of
an odd and an even integer is odd.

27. Show that the product of two odd integers is odd, while the product of two
integers is even if either of the integers is even.

28. Show that the product of two integers of the form 4ft * I is again of this form,
while the product of two integers of the form 4k * 3 is of the form 4ft * L

29. Show that the square of every odd integer is of the form 8k + l.
24 The Integers

30. Show that the fourth power of every odd integer is of the form l6k + l.

31. Show that the product of two integers of the form 6k * 5 is of the form 6k * L

32. Show that the product of any three consecutiveintegers is divisible by 6.

33. Let n be a positive integer. We define


ln/2 if n is even
T(n) :
1Qn*D/z if n is odd.

We then form the sequence obtained by iterating T:

n , T ( n ) , T ( T Q ) ) , f ( f ( f ( n ) ) ) , . . . . F o r i n s t a n c e ,s t a r t i n g w i t h n : 7 w e h a v e
7 , 1 1 , 1 7 , 2 6 , 1 3 , 2 0 , 1 0 , 5 , 8 , 4 , 2 , 1 , 2 , 1 , 2. , 1A
... well-known conjecture,sometimes
called the Collatz coniecture, assertsthat the sequenceobtained by iterating Z
always reachesthe integerI no matter which positive integer n begins the sequence.

a) Find the sequenceobtainedby iterating Z starting with n :29.

b) Show that the sequenceobtained by iterating Z starting with n: (2k-l)/3,

where k is an even positive integer, k > l, always reachesthe integer l.

1.2 Computer Projects

Write programs to do the following:

l Decide whether an integer is divisible by a given integer.

2. Find the quotient and remainder in the division algorithm.

3. Find the quotient, remainder, and sign in the modified division algorithm given in
problem 14.

4. I n v e s t i g a t et h e s e q u e n c en , T ( n ) , T ( T h ) ) , f (rQ ( n ) ) ) , . . . d e f i n e di n p r o b l e m

1.3 Representations
of Integers
The conventionalmanner of expressingnumbersis by decimal notation. We
write out numbers using digits to representmultiples of powers of ten. For
instance,when we write the integer 34765,we mea;r
3 . 1 0 4+ 4 . 1 0 3+ 7 . 1 0 2+ 6 . 1 0 1+ 5 . 1 0 0 .

There is no particular reasonfor the use of ten as the base of notation,other

than the fact that we have ten fingers. Other civilizations have used different
of Integers
1.3 Representations 25

bases,including the Babylonians,who used base sixty , and the Mayans, who
used base twenty Electronic computers use two as a base for internal
representationof integers,and either eight or sixteen for display purposes.
We now show that every positive integer greater than one may be used as a

Theorem 1.3. Let b be a positive integer with b > l. Then every positive
integer n can be written uniquely in the form
n : a k b k * a p - 1 b k - rt * a1b I oo,

w h e r e a; is an int eg e rw i th 0 ( o ; < b -l fo r,/ :0, 1,..., k and the i ni ti al

coefficientak I O.

Proof . We obtain an expressionof the desired type by successivelyapplying

the division algorithm in the following way. We first divide n by b to obtain
n:beo*oo, 0(ao<b-1.

Then we divide qoby b to find that

eo:bq1ta6 0(ar(6-t.

We continue this processto obtain

Qt: bq2t a2, 0 ( a2 ( b-1,

qr= bq3l a3, 0 ( ar ( b-1,

Q k - z: b q * - r * a k - r , 0 ( a 1 - 1 ( b - 1 ,
Qk-t: b.0 * ap, 0 ( a1 ( b-t.

The last step of the processoccurs when a quotient of 0 is obtained. This is

guaranteedto occur, becausethe sequenceof quotients satisfies

n ) qo) qr) qz> "'> 0,

and any decreasing sequence of nonnegative integers must eventually

terminate with a term equaling 0.
26 The Integers

From the first equation above we find that

n: beo* ao.

We next replace {6 using the secondequation, to obtain

n : b(bqfta1) + as : bzqrI a1b I as,

substituting for qr, Q2,..., Qk_r,we have

n: b 3 q z + a 2 b 2* a 1 b * o r ,

: =i: ri::,-'**"::,t{,-'..**olr'u**ol'
: a t b k + a 1 r - 1 b k -*r t aft * ao.

w her e 0 ( a; < b -l fo r 7 : 0 ,1 ,...,ka n d a * I 0, si nceek : 4r-r i s the l ast

nonzero quotient. Consequently,we have found an expansion of the desired
To see that the expansion is unique, assume that we have two such
expansionsequal to n, i.e.

n : e k b k + a 1 r - y b k - *t t a1b * ao
: c * b k * c 1 r-1 b k -r* * cft * ro,

where 0 ( ar (b and 0 ( c1(b (and if necessarywe add initial terms with

zero coefficients to have the number of terms agree). Subtracting one
expansionfrom the other, we have
(ar,-c)bk +(o,,-r-c1,-)bk-t * *(a;cr)b + (as-ca):0.

If the two expansionsare different, there is a smallest integer j, O ( < k,

such that ai # ci. Hence,
br + * (ai+rci+r)b * G1-c1)] : o,
so that

Gr,-c)bk-i + + (a1+rci+)b r (ai-c1) : O.

1.3 Representationsof Integers 27

Solving for ai-c; we obtain

aj- c j: (c rr-a r)b k -j + * (c 7+ r-ai + )b

: bl(c1,-a1)bk-j-t + * (c7+r-or*,)

Hence, we see that

bl G 1 -c 1 ).

But since 0 ( a; < b and 0 ( c; < b, we know that -b < ai-c1 I b.

Consequently, b I h1-c) implies that ej : cj. This contradicts the
assumptionthat the two expansionsare different. We concludethat our base
6 expansionof n is unique. !
For b - 2 . we see from Theorem 1.3 that the following corollary holds.

Corollary 1.1. Every positive integer may be represented as the sum of

distinct powersof two.

Proof. Let n be a positive integer. From Theorem 1.3 with b : 2, we know

t h a t n : a t r T k * a 1 r - 1 2 k - t* + a Q * a s w h e r e e a c h a ii s e i t h e r 0 o r 1 .
Hence, every positive integer is the sum of distinct powersof 2. tr
In the expansionsdescribedin Theorem 1.3, b is called the base or radix of
the expansion. We call base l0 notation, our conventionalway of writing
integers, decimal notation. Base 2 expansionsare called binary expansions,
base 8 expansionsare called octal expansions,and base 16 expansionsare
called hexadecimal, or hex for short, expansions. The coefficients ai are
called the digits of the expansion. Binary digits are called bits (binary
digils) in computer terminology.
To distinguish representationsof integers with different bases, we use a
special notation. We write (apapa...aps) 6 to represent the expansion
a*bklapabk-rl taft*ao.

Example. To illustrate base b notation, note that Q3Ot : 2.72+ 3.7 + 6

a n d ( 1 0 0 1 0 0 1 1 :) 2 1 . 2 7+ 1 . 2 4+ 1 . 2 r+ 1 .
Note that the proof of Theorem 1.3 gives us a method of finding the base b
expansion of a given positive integer. We simply perform the division
algorithm successively,replacing the dividend each time with the quotient, and
28 The Integers

stop when we come to a quotient which is zero. We then read up the list of
remaindersto find the base b expansion.

Example. To find the base 2 expansionof 1864, we use the division algorithm

1 8 6 4: 2 . 9 3 2 + 0 ,
932:2'466 +0,
466:2'233 +0
1 1 6: 2 ' 5 8 + 0 ,
58:2'29 +0,
29:2'14 +1,
14:2'7 +0,
7 : 2'3 + 1,
3 : 2'l + l,
| : 2'O + 1.

To obtain the base 2 expansionof 1984, we simply take the remaindersof

t h e s ed i v i s i o n s .T h i s s h o w st h a t ( 1 8 6 4 ) r o : ( 1 1 1 0 1 0 0 1 0 0 0 ) 2 .

Computers represent numbers internally by using a series of "switches"

which may be either "on" or "off". (This may be done mechanically using
magnetic tape, electrical switches, or by other means.) Hence, we have two
possiblestates for each switch. We can use "on" to represent the digit I and
"off" to representthe digit 0. This is why computers use binary expansionsto
representintegers internally.
Computers use base 8 or base 16 for display purposes. In base 16, or
hexadecimal, notation there are l6 digits, usually denoted by
7 9 ,A,8 ,,C ,D ,,Ea n d F . T h e l e tters A ,B ,C ,D ,E , and F are
0 ,1, 2, 3, 4, 5, 6,, 8,
used to representthe digits that correspondto 10,11,12,13,14 and l5 (written
in decimal notation). We give the following example to show how to convert
from hexadecimalnotation to decimal notation.

Example. To convert (A35B0F) 16we write

( e l s n o r ) r e : 1 0 . 1 6 s + 3 ' 1 6 4+ 5 ' 1 6 3+ l l ' r c z + 0 ' 1 6 + 1 5
: ( t o7o5 679)rc.
1.3 Representationsof Integers 29

A simple conversionis possible between binary and hexadecimal notation.

We can write each hex digit as a block of four binary digits according to the
correspondencegiven in T a b l e l . l .

Hex Binary Hex Binary

Digit Digits Digit Digits

0 0000 8 r000
I 0001 9 1001
2 0010 A 1010
3 0 0 1l B 1011
4 0100 C l 100
5 0101 D I l0l
6 0110 E 1110
7 0l l1 F llll

Table1.1. Conversion
from hex digits to blocksof binarydigits.

Example. An example of conversionfrom hex to binary is (zFBrrc:

(tOt t 1110110011)2 .E a c h h e x d i g i t i s c o n v e rt edto a bl ock of four bi nary
digits (the initial zeros in the initial block (OOIO)2correspondingto the digit
(2) rc are omitted).

To convert from binary to hex, consider(t t t tOl I I101001)2. We break this

into blocks of four starting from the right. The blocks are, from right to left,
1 0 0 1, 1110, 1101,an d 0 0 1 1 (w e a d d th e i n i ti a l z eros). Transl ati ngeach bl ock
to hex, we obtain GOng)ru.
We note that a conversionbetween two different basesis as easy as binary
hex conversion,wheneverone of the basesis a power of the other.

1.3 Problems
l. Convert (1999)1sfrom decimal to base 7 notation. Convert (6tOS)t from base 7
to decimal notation.

2. Convert (tOtOOtOOO),from binary to decimal notation and (tgg+),0 from

decimal to binary notation.
30 The Integers

3 . c o n v e r t ( 1 0 0 0 1 II l 0 l 0 l ) 2 a n d ( l I 1 0 1 0 0 1 1 1 0 ) 2f r o m b i n a r y t o h e x a d e c i m a l .
4 . convert (ABCDEF)rc, @nrecnD)to, and (9A08)rc from hexadecimal to

5 . Explain why we really are using base 1000 notation when we break large decimal
integers into blocks of three digits, separatedby commas.

6 . a) Show that if D is a negative integer less than -1, then every integer n can
be uniquer';:.])::'::;'

. * a 1 b* oo,

where a1, I 0 and O <a, < lb I for ./ : 0,1,2,...,k. We write

n : (apa1,-r...ata6)6,just as we do for positivebases.

b) Find the decimal representationof (tOtOOt)-2 and OZOTD-r.

c) Find the base-2 representations

of the decimal numbers-7,-17, and 61.
7 . Show that any weight not exceeding 2k-l may be measured using weights of
when all the weights are placed in one pan.

8 . Show that every integer can be uniquely representedin the form

ep3k*ep-.3k-t* *efiles

where i : -1,0, or I for ,/:0,1 ,2, ..., k. This expansion is called a

balanced ternary expansion.

9. Use problem 8 to show that any weight not exceeding $k -t) /Z may be
m e a s u r e du s i n g w e i g h t so f 1 , 3 , 3 ' , . . . , 3 f t - 1 , w h e n t h e w e i g h t sm a y b e p l a c e di n
either pan.

r0. Explain how to convert from base 3 to base 9 notation, and from base 9 to base 3

ll. Explain how to convert from base r to base rn notation, and from base rn
notation to base r notation, when r ) I and n are positive integers.

1 2 . Show that if r: ( a * a * - 1 . . . a p s ) 6 , t h e n t h e q u o t i e n t a n d r e m a i n d e rw h e n n i s
divided by bi are q : (apa1,-1...a)6and, : (aj-r...apo)t, respectively.

1 3 . If the base b expansion of n is n : (apa1,-1...aps)6,what is the base b

expansionof b^ n"l

14. A Cantor expansion of a positive integer n is a sum

fl:ommt * a^a(m-l)! + * a 2 2 l* a 1 l !
1.3 Representationsof Integers 3t

where each ai is an integer with 0 ( a; < i .

a) Find Cantor expansionsof 14, 56, and 384.

b) Show that every positive integer has a unique Cantor expansion.

15. The Chinese game of nim is played as follows. There are a number of piles of
matches, each containing an arbitrary number of matches at the start of the
game. A move consistsof a player removing one or more matches from one of
the piles. The players take turns, with the player removing the last match
winning the game.

A winning position is an arrangement of matches in piles so that if a player can

move to this position, then, no matter what the second player does, the first
player can continue to play in a way that will win the gom; An example is the
position where there are two piles each containing one match; this is a winning
position, becausethe second player must remove a match leaving the first player
the opportunity to win by removing the last match.

a) Show that the position where there are two piles, each with two matches, is
a winning position.

b) For each arrangement of matches into piles, write the number of matches in
each pile in binary notation, and then line up the digits of these numbers
into columns (adding initial zeroes if necessaryto some of the numbers).
Show that a position is a winning one if and only if the number of ones in
each column is even (Example: Three piles of 3, 4, and 7 give
where each column has exactly two ones).

16. Let a be an integer with a four-digit decimal expansion,with not all digits the
same. Let a' be the integer with a decimal expansion obtained by writing the
digits of a in descending order, and let a" be the integer with a decimal
expansion obtained by writing the digits of a in ascending order. Define
T ( a ) : a ' - a " . F o r i n s t a n c ef,( 2 3 1 8 ) 8731 1378 : 7358.
a) Show that the only integer with a four-digit decimal expansion with not all
d i g i t s t h e s a m es u c h t h a t T ( a ) : a i s a : 6 1 7 4 .

b) Show that if a is a positive integer with a four-digit decimal expansionwith

not all digits the same, then the sequence a, T (d, f (f G)) ,
T'QQ(a))),..., obtained by iterating T, eventually reaches the integer
6174. Becauseof this property, 6174 is called Kaprekar's constant.
32 The Integers

17. Let b be a positive integer and let a be an integer with a four-digit base b
expansion,with not all digits the same. Define TtG) : a'- a", where a'is the
integer with base D expansion obtained by writing the base 6 digits of a in
descending order, and let d " is the integer with base 6 expansion obtained by
writing the base b digits of a in ascendingorder.

il Let b : 5. Find the unique integer a6 with a four-digit base 5 expansion

such that TsGl : ao. Show that this integer aq is a Kaprekar constant for
t h e b a s e 5 , i . e . , a , T ( a ) , r ( f b ) ) , f ( f Q ( a ) ) ) , . . . e v e n t u a l l yr e a c h e s
40, whenever a is an integer which a four-digit base 5 expansionwith not all
digits the same.

b) Show that no Kaprekar constant exists for the base 6.

1.3 Computer Projects

Write programs to do the following:

l. Find the binary expansion of an integer from the decimal expansion of this
integer and vice versa.

2. Convert from base 61 notation to base b2 notation, where D1 and b2are arbitrary
positive integers greater than one.

3. Convert from binary notation to hexadecimal notation and vice versa.

4. Find the base (-2) notation of an integer from its decimal notation (see problem

5. Find the balanced ternary expansion of an integer from its decimal expansion
(see problem 8).

6. Find the Cantor expansionof an integer from its decimal expansion (see problem

7. Play a winning strategy in the game of nim (see problem l5).

8. F i n d t h e s e q u e n c ea , T ( a ) , T ( T f u ) ) , r ( r O Q ) ) ) , . . . definedin problem 16,

where a is a positive integer, to discoverhow many iterations are neededto reach

9. Let b be a positive integer. Find the Kaprekar constant to the base b, when it
exists (see problem 17).
of Integers
1.3 Representations 33

1.4 Computer Operationswith Integers

We have mentioned that computers internally representnumbers using bits,
or binary digits. Computers have a built-in limit on the size of integers that
can be used in machine arithmetic. This upper limit is called the word size,
which we denote by w. The word size is usually a power of 2, such as 235,
although sometimesthe word size is a power of 10.
To do arithmetic with integers larger than the word size, it is necessaryto
devote more than one word to each integer. To store an integer n ) l4/, we
expressn in base w notation, and for each digit of this_expansionwe use one
computer word. For instance, if the word size is 23s, using ten computer
words we can store integers as large u, 23s0-1, since integers less than 2350
have no more than ten digits in their base 235expansions. Also note that to
find the base 235expansionof an integer, we need only group together blocks
of 35 bits.

The first step in discussing computer arithmetic with large integers is to

describehow the basic arithmetic operationsare methodically performed.
We will describe the classical methods for performing the basic arithmetic
operations with integers in base r notation where r ) | is an integer. These
methodsare examplesof algorithms.

Definition. An algorithm is a specified set of rules for obtaining a desired

result from a set of input.
We will describe algorithms for performing addition, subtraction, and
multiplication of two n-digit integers a : (an4on-z...egi, and
b : (bn- 1br - z . . . br b o )r,w h e re i n i ti a l d i g i ts o f z e ro are added i f necessaryto
make both expansionsthe same length. The algorithms described are used
both for binary arithmetic with integers less than the word size of a computer,
and for multiple precision arithmetic with integers larger than the word size
w, using lr as the base.
We first discuss the algorithm for addition. When we add a and b, we
obtain the sum

a I b : 5 a i r t+ ' i u , r t : 5 G i + b 1 ) r i .
j-o j-0 j:o

To find the base r expansion of the a * b, first note that by the division
algorithm, there are integers Cs and ss such that
34 The Integers

ao* bs: Csr * r0,0 ( so 1 r.

Because as and bo are positive integers not exceeding r, we know that

0 ( ao * bo( 2 r - 2 , s o th a t c o :0 o r l ;h ere c6 i s the cany to the next
place. Next, we find that there are integersc1 and s1 such that

ar * br t Co: C{ t rr,0 ( s1 ( r.

Since0 ( art br * Co ( 2r - 1, we know that Cr:0or l. proceeding

i n d u c t i v e l y , w e f i n d i n t e g e r s Ca; n d s ; f o r 1 ( i ( n - I b y

ai * b; * Ci-r: Crr trr, 0 ( s; ( r,

wit h C; : 0 or 1 . F i n a l l y , w e l e t s r: C n ; , si nce the sum of tw o i ntegers

with n digits has n * I digits when there is a carry in the n th place. We
co nc ludet hat t he b a s er e x p a n s i o nfo r th e s u m i s a * b: (srsn_,
When performing base r addition by hand, we can use the same familiar
technique as is used in decimal addition.

E x a m p l e . T o a d d ( 1 1 0 1 ) 2a n d ( l 0 l l ) 2 w e w r i t e


where we have indicated carries by I's in italics written above the appropriate
column. We found the binary digits of the sum by noting that I * I :
l'2+ 0,0+0+ 1:0'2 * 1, I +0f 0: O'2+ l,and 1+ l:1.2 *0.
We now turn our attention to subtraction. We consider

a - b :'; airi -'i u,rt: 5 Gi - b)ri ,

j-o j-0 j-0

where we assumethat a ) b. Note that by the division algorithm, there are

integers ^Bsand ds such that

os- bo: 86r * dg, 0 ( do ( r,

and since as and bs are positive integers less than r, we have

1.4 Computer Operationswith Integers 35


W h e n a o - b o ) 0 , w e h a v e , 8 6 : 0 . O t h e r w i s ew, h e n a s - b o 1 0 , w e h a v e
Bo: - 1;Bo is the borrow from the next place of the baser expansionof a.
We use the division algorithm again to find integersB1 and d1 such that
a1-bt+ Bo: B{ * dr. 0 < d1 1 r.

From this equation, we see that the borrow B r : 0 as l o n g a s a 1 - b t + B o

- br * B o
> 0 , a n d B t : - l o t h e r w i s e ,s i n c e - r ( a r (r-l.We
proceedinductively to find integers B; and d;, such that
ai - btf Bi-r : Bir t di. 0 ( di 1 r

w i t h B ; : 0 o r - 1 , f o r I < t < n - 2. We seethat Bn4: 0, sincea ) b.

We can concludethat
a - b : (dnadn-2...d1ds),.

When performing base r subtraction by hand, we use the same familiar

technique as is used in decimal subtraction.

Example. To subtract ( t o t t o ) 2f r o m ( t t o t l ) 2 , w e h a v e

where the -l in italics above a column indicates a borrow. We found the

binary digits of the difference by noting that 1 - 0 : 0'2 * l,
1-l:0'2*0, 0-l:-1'2+1, l-0-l: 0'2+0, and 1-l:
0'2+ 0.
Before discussing multiplication, we describe shifting. To multiply
(on-r...aps)7 by r^ , we need only shift the expansion left m places,
appending the expansionwith m zero digits.

Example. To multiply (tOtt01)2 by 2s, we shift the digits to the left five
placesand appendthe expansionwith five zeros,obtaining (10110100000)2.
36 The Integers

To deal with multiplication, we first discussthe multiplication of an n-place

i n t eger by a on e -d i g i t i n te g e r. T o m u l ti p l y (an_1...ori ;, by (i l ,, w e fi rst
note that


a nd 0 ( qo ( r - l , s i n c e0 ( a o b ( (r-1 )2 . N ext, w e have

aft+Qo:Qf *pr,0(pt1t,

and 0 ( qt ( r-1 . In g e n e ra l ,w e h a v e
a;b * 7i-r: Qir I pi, 0 ( p; -< r

and 0 ( gr ( r - 1. Furthermore, we have pn: Qn_r. This yields

(o r - 1. . . ar , o), ( b ) , : (p n p n .o ),.

To perform a multiplication of two n-place integers we write

( n-t ) n-t
l i -r ) i -o

For each -/, we first multiply a by the digit b;, then shift to the left 7 places,
and finally add all of the n integers we have obtained to find the product.
When multiplying two integers with base r expansions,we use the familiar
method of multiplying decimal integers by hand.

Ex am ple. T o m u l ti p l y (l l 0 l )2 a n d (t t tO )2 w e w ri te

I l0l
l0ll01l 0

Note that we first multiplied (1101)2 by each digit of (t t 10)t, shifting each
time by the appropriate number of places, and then we added the appropriate
integers to find our product.
1.4 Computer Operations with Integers 31

We now discuss integer division. We wish to find the quotient q in the

division algorithm
a:bq + R, 0 < R < b.

If the base r expansionof q is q : (Qn-rQn-2...Q

1 4 o,) , then we have
( n-r
a-b l> eiril +R,0<R <b.

To determine the first digit Qrq of q, notice that

a - bqn-1vn-t
: uf'i qjri)+ R.
U-o )
The right-hand side of this equation is not only positive,but also it is less than
brn-t, since 2 qiri g rn-l-l. Therefore,we know that

0 ( a - bqn-(n-l < brn-t.

This tells us that O: Tt, -tn.'l

4v n n { . t " ' , Qn-r: la/brn-rl'

We can obtain Qn-r by successivelysubtracting br"-l from a until a negative

result is obtained, and then qn-1is one less than the number of subtractions.

To find the other digits of q,, we define the sequenceof partial remainders
Ri by

Ro: a


Ri:Ri-r - bqn-trn-i

f o r i : 1 , 2 , . . . ,n . B y mathematical induction, we show that

(n -i -t I
(r.s) Ri: qirtlb+R.
| >
lj-0 )

For i : 0, this is clearly correct, since R0 : a : qb + R. Now assumethat

38 The Integers



Rt+r : Rft - bqn-*-rrn-k-l

(n-k-t .
: qirilb+R-bqn-*-rvn-k-l
l. .r-o )
fn-(k+r)-r .l
:| > qi"lb+R'

e s t a b l i s h i n( 1g . 5 ) .
F r o m ( t . S ) , w e s e e t h a t 0 ( R i < r n - i b , f o r i : 1 , 2 , . . . ,f l , s i n c e
n-i -l

O ( Ri < rn-tb, we see that the digit qn-i is given by lRi-r/brn-il and can
be obtained by successivelysubtracting brn-t from Ri-1 until a negative result
is obtained,and then qn-; is one lessthan the number of subtractions. This is
how we find the digits of q.

E x a m p l e .T o d i v i d e( t t t O l ) 2 b y ( t t t ) 2 , w e l e t q : ( q r q r q i r . W e s u b t r a c t
Z2( t t l) z : ( t t t O O), o n c e fro m (t t tO t)z to obtai n (l )2, and once more to
o b t a i na n e g a t i v er e s u l t s, o t h a t Q 2 : l . N o w R l : ( t t t O l ) t - ( t t t 0 0 ) t :
(1)2. We find that ql:0, s i n c eR 1 - 2 ( 1 l l ) 2 i s l e s st h a n z e r o ,a n d l i k e w i s e
Qz : 0. Henc e t h e q u o ti e n t o f th e d i v i s i o ni s (1 00)2and the remai nderi s (l )2

We will be interested in discussinghow long it takes a computer to perform

calculations. We will measure the amount of time needed in terms of
bit operations. By a bit operation we mean the addition, subtraction, or
multiplication of two binary digits, the division of a two-bit integer by one-bit,
or the shifting of a binary integer one place. When we describethe number of
bit operations needed to perform an algorithm, we are describing the
computational complexity of this algorithm.
In describing the number of bit operations needed to perforrn calculations
we will use big-O notation.
1.4 ComputerOperationswith Integers 39

Definition. If f and g are functions taking positive values, defined for all x in
a set S, then we say f is OQ) if there is a positive constant K such that
f G) < K g( x ) f or a l l x i n th e s e t S .

Proposition 1.6. If / is OQ) and c is a positiveconstant,then cf is Ok).

Proof . If / is Ok), then there is a constantK such that f G) < Kg(x) for
all x under consideration. Hence cf G) < GK)gG). Therefore, y' is
oQ). n

P r o p o s i t i o1n. 7 .l f f t i s O ( g r ) a n d f 2 i s O k z ) , t h e n" f t + - f z i s O Q f t g 2 )

Proof . If / is OQr) and f2 is Okz), then there are constantsK1 and K2

su ch t hat - f , ( *) < ,< 1 g 1 (x ) a n d " f z (x ) 1 K2g2(x) for al l x under
consideration. Hence

f 1G) +f2G) ( Krsr(x) + x2g2k)

( Kkr(x) + sz?))

where K is the maximum of K1 and K2. Hencef r + -f zis Ok, + gz).


-f tk)f z(.x) ( Krsr G) K2s2G)

: (KrK2)kt?)g2(x)),

so th at " f f z is 0( 96 ). tr

C o rollar y 1. 2. I f / 1 a n d f 2 a re O G), th e n -f r + -f zi s Ok).

Proof . Proposition 1.7 tells us that

"f t + f z is O QS). But if
f t "fz ( K Q s ) , t h e nf t + ( (z x )g , s o th at -f r + .f zi s Ok). a
" fz
Using the big-O notation we can see that to add or subtract two r-bit
integers takes Ofu) bit operations,while to multiply two n-bit integers in the
conventionalway takes OGz) bit operations(see problems 16 and 17 at the
end of this section). Surprisingly, there are faster algorithms for multiplying
large integers. To develop one such algorithm, we first consider the
multiplication of two 2n-bit integers, say a : (a2n4a2n_2...eflo)z and
b : ( b 2 , 6 b , 2 n - 2 . . . b f t iW
2 .e w r i t e a : 2 n A t f 4 6 a n d b : 2 n B r t B s , w h e r e
40 The Integers

A t : ( a 2 r - 1 a 2 n * 2 . . . a 1 7 1 1 eA1o7: ) 2 (, a n - 1 a n - 2 . . . a p g ) 2B, t : ( b 2 n - f t 2 r - z . . . b n + t
br)2, and B0 : (br-t bn-z...brbiz. We will use the identity
(t.e) a b : ( 2 2 , + 2 , ) A r B r r 2 n( A r A i ( a o - n r ) + (2,+l)AoB0.

To find the product of a and 6 using (t.0), requires that we perform three
mu lt iplic at ions o f n -b i t i n te g e rs (n a me l y A r B r (A , - A d(B o- B r), and
AsBs), as well as a number of additions and shifts. If we let M(n) denote the
number of bit operations needed to multiply two n -bit integers, we find from
(t.0) t t r at

(r.z) M (2n) < ru h) + Cn.

where C is a constant, since each of the three multiplications of n -bit integers

takes M (n) bit operations,while the number of additions and shifts neededto
compute a'b via (t.0) does not depend on n, and each of these operations
takes O (n) bit operations.
From (t.Z), using mathematical induction, we can show that
(1.8) a(zk) ( c(3k -2k),

where c is the maximum of the quantities M Q) and C (the constant in

(t.Z)). To carry out the induction argument, we first note that with k: l,
we have MQ) ( c(3t -2t) : c, sincec is the maximum of M(2) and C.
As the induction hypothesis,we assumethat
MQk) ( c (3 ft - 2 k).

Then, us ing ( 1. 7), w e h a v e

M (z k + t) ( 3 u (z k ) + czk
( 3c (lt - 2k) + c2k
( c a k + t_ c . 3 . 2 k* c 2 k
( c ( 3 f t + l- zk+t).

This establishesthat (1.8) is valid for all positive integers ft.

Using inequality (t.8), we can prove the following theorem.

Theorem 1.4. Multiplication of two n-bit integers can be performed using

O(nto9'3) bit operations. (Note: log23 is approximately 1.585, which is
1.4 ComputerOperationswith Integers 4l

considerably less than the exponent 2 that occurs in the estimate of the
number of bit operations needed for the conventional multiplication

Proof . From (t.8) we have

M h) : M (ztos'n)( lzlttloerl+t;

< , (3ttot'nl+t_rltoe'nl+t;
( 3 c .rl l o g Irn( 3 c .3 l o sr,:3rnto93

(since 3lo8'n: ,'ot").

Hence, Mh) : glnroe'3l. tr

We now state, without proof, two pertinent theorems. Proofs may be found
in Knuth [50] or Kronsjii tSgl.

Theorem 1.5. Given a positive number e ) 0, there is an algorithm for

multiplication of two n-bit integersusing O(nr+') bit operations.

Note that Theorem 1.4 is a specialcaseof Theorem 1.5 with e : log23- l,

which is approximately0.585.

Theorem 1.6. There is an algorithm to multiply two n-bit integers using

O(n log2n log2log2n)bit operations.
Since log2n and log2log2nare much smaller than n' for large numbers n,
Theorem 1.6 is an improvement over Theorem 1.5. Although we know that
M h) : O (n log2n log2log2n), for simplicity we will use the obvious fact that
M fu) : O (n2) in our subsequentdiscussions.
The conventionalalgorithm described above performs a division of a 2n-bit
integer by an n-bit integer with O(n2) bit operations. However, the number
of bit operations needed for integer division can be related to the number of
bit operations needed for integer multiplication. We state the following
theorem, which is basedon an algorithm which is discussedin Knuth 1561.

Theorem 1.7. There is an algorithm to find the quotient q:Ia/bl, when

the 2n-bit integer a is divided by the integer b having no more than n bits,
using O(M Q)) bit operations, where M fu) is the number of
bit operationsneededto multiply two n-bit integers.
42 The Integers

1.4 Problems

l. Add (l0llll0ll)2 and(ttootll0ll)2.

2 . S u b t r a c t( t o t t l 0 l 0 l ) 2 f r o m ( 1 1 0 1 1 0 1 1 0 0 ) 2 .

3. Multiply (t t rOr), and (l10001)2.

4. F i n d t h e q u o t i e n ta n d r e m a i n d e rw h e n ( t t o t o o n l ) 2 i s d i v i d e db y ( 1 1 0 1 ) 2 .

5. A d d ( A B A B ) 1 6a n d ( B A B A ) r c .

6. Subtract (CAFE)16 from (rnno)ru.

7. Multiply (FACE) 16and (BAD)rc.

8. Find the quotient and remainder when Gneono),u is divided by (enn.n)ru.

9. Explain how to add, subtract, and multiply the integers 18235187and 22135674
on a computer with word size 1000.

10. Write algorithms for the basic operations with integers in base (-2) notation
(see problem 6 of Section 1.3).

11. Give an algorithm for adding and an algorithm for subtracting Cantor
expansions (see problem l4 of Section 1.3).

12. Show that if f 1 and f 2 are O(St) and O(g2), respectively,and c1 and c2 are
constants,then c;f1 * ,zf z is O(g1 * g).

13. Show that if f is O(g), then fr it OQk) for all positiveintegersk.

14. Show that a function f is O(log2n) if and only if f is O(log,n) wheneverr ) l.

(Hint: Recall that logon/log6n: logo6.)

15. Show that the base b expansionof a positive integer n has llog6nl+t digits.

16. Analyzing the algorithms for subtraction and addition, show that with n-bit
integers these operationsrequire O h) bit operations.

17. Show that to multiply an n-bit and an m-bit integer in the conventional manner
requires OQm) bit operations.

18. Estimate the number of bit operationsneededto find l+2+ * n

il by performing all the additions.

b) by using the identity l+2* I n: nh+l)/2, and multiplying and

1.4 Computer Operations with Integers 43

19. Give an estimate for the number of bit operationsneededto find

a) n'. b)

20. Give an estimate of the number of bit operations needed to find the binary
expansionof an integer from its decimal expansion'

21. il Show there is an identity analogousto (1.6) for decimal expansions.

b) Using part (a), multiply 73 and 87 performing only three multiplications of

one-digit integers,plus shifts and additions.

c) Using part (a), reduce the multiplication of 4216 and 2733 to three
multiplications of two-digit integers, plus shifts and additions, and then
using part (a) again, reduce each of the multiplications of two-digit
integers into three multiplications of one-digit integers, plus shifts and
additions. Complete the multiplication using only nine multiplications of
one-digit integers, and shifts and additions.

22. il lf A and B are nxn matrices, with entries aii and bii for I ( i ( n,
I ( f ( n, then AB is the nxn matrix with entries cii : 2 ai*b*j.

Show that n3 multiplications of integers are used to find AB dir:;;ly from

its definition.

b) Show it is possible to multiply two 2x2 matrices using only seven

multiplications of integers by using the identity

o,rf lb,, D'tl

l a z r o,,) lr,, t,,)
l"r r b r r* anbzt x I (a21
* a22)(bn-b,+
, )l

lx * (as-a2)(bzz-bn) -
a 2 2 ( br - b z r - b e * b 2 2 )
( a r r l a 1 2 - a 2 1 - a 2 2 )b 2 2

x * ( a n - a z t ) ( b r r - b r+r ) I
( a 2 1* a 2 ) ( b r z - b ' , - )

w h e r ex : a r r b r ,- ( a t t - c t 2 r - a 2 ) ( b n - bp* b2).

c) Using an inductive argument, and splitting 2nx2n matrices into four nxn
matrices, show that it is possibleto multiply two 2k x2k matrices using only
7ft multiplications, and less than 7ft+r additions.
The Integers

d) Conclude from part (c) that two nxn matrices can be multiplied using
O(nt"c7) bit operations when all entries of the matrices have less than c
bits, where c is a constant.
23. A dozen equals 12 and a gross equals 122. Using base 12, or duodecimal.
arithmetic answer the following questions.

il If 3 gross, 7 dozen, and 4 eggs are removed from a total of l l gross and 3
dozen eggs, how many eggs are left?

b) If 5 truckloads of 2 gross, 3 dozen, and 7 eggs each are delivered to the

supermarket, how many eggs were delivered?

c) If I I gross, I 0 dozen and 6 eggs are divided in 3 groups of equal size, how
many eggs are in each group?

24. A well-known rule used to find the square of an integer with decimal expansion
(an-1...apJro with final digit ao:5 is to find the decimal expansionof the
product (anan-1...a)rcl(* ll and append this with the digits
(25)ro. For instance, we see that the decimal expansion of (tOS)2 begins with
16'17 :272, so that (165)2 :27225. Show that the rule just describedis valid.

25. In this problem, we generalizethe rule given in problem 24 to find the squaresof
integers with final base 28 digit 8, where I is a positive integer. Show that the
base 28 expansion of the integer (ana,-1...afl0)z,astarts with the digits of the
base 28 expansionof the integer (anana...aflo)zn l(anan-1...ap0)zn* ll and
ends with the digits Bl2 and 0 when B is even, and the digits G-l)12 and.B
when I is odd.

1.4 Computer Projects

Write programs to do the following:

l. Perform addition with arbitrarily large integers.

2. Perform subtraction with arbitrarily large integers.

3. Multiply two arbitrarily large integers using the conventionalalgorithm.

4. Multiply two arbitrarily laige integers using the identity (1.6).

5. Divide arbitrarily large integers, finding the quotient and remainder.

6. Multiply two n xn matrices using the algorithm discussedin problem 22.

1.5 Prime Numbers 45

1.5 Prime Numbers

The positive integer I has just one positive divisor. Every other positive
integer has at least two positive divisors, becauseit is divisible by I and by
itself. Integers with exactly two positive divisors are of great importance in
number theory; they are called primes.

Definition. A prime is a positive integer greater than I that is divisible by no

positive integers other than I and itself.

Example. The integers2,3,5,13,101and 163 are primes.

Definition. A positive integer which is not prime, and which is not equal to l,
is called composite.

Example. The integers 4:2'2,8:4'2, 3 3 : 3 ' 1 1 ,1 l l : 3 ' 3 7 , a n d

l 0 0 l : 7' ll' 13 ar e co m p o s i te .

The primes are the building blocks of the integers. Later, we will show that
every positive integer can be written uniquely as the product of primes.
Here, we briefly discuss the distribution of primes and mention some
conjecturesabout primes. We start by showing that there are infinitely many
primes. The following lemma is needed.

Lemma 1.1. Every positive integer greater than one has a prime divisor.

Proof . We prove the lemma by contradiction; we assume that there is a

positive integer having no prime divisors. Then, since the set of positive
integers with no prime divisors is non-empty, the well-ordering property tells
us that there is a least positive integer n with no prime divisors. Since n has
no prime divisors and n divides n, we see that n is not prime. Hence, we can
write n:ab with I 1 a 1 n and | < b 1 n. Becausea 1 n. a must have
a prime divisor. By Proposition 1.3, any divisor of a is also a divisor of n, so
that n must have a prime divisor, contradicting the fact that n has no prime
divisors. We can conclude that every positive integer has at least one prime
divisor. tr
We now show that the number of primes is infinite.

Theorem 1.8. There are infinitely many primes.

46 The Integers

Proof . Consider the integer

Qn: nt t l, n 2 l.

Lemma 1.1. tells us that Q, has at least one prime divisor, which we denote
by gr. Thus, q, must be larger than n; for if 4, ( n, it would follow that
Qn I n!, and then, by Propositionl.!, Q, | (er-rr) : l, which is impossible.
Since we have found u priJ.''lur*r, tt* r, for every positive integer n,
there must be infinitely many primes. tr

Later on we will be interested in finding, and using, extremely large primes.

We will be concerned throughout this book with the problem of determining
whether a given integer is prime. We first deal with this question by showing
that by trial divisions of n by primes not exceeding the square root of n, we
can find out whether n is prime.

Thedrem 1.9. If n is a composite integer, then n has a prime factor not


Proof . Since n is composite, we can write n : ab, where a and b are

integers with | 1a ( D < n. we must have a 4 r/i, since otherwise
b 7 a > ,/; and ab > '/i.,/i : n. Now, by Lemma I.l, a must have a
prime divisor, which by Proposition 1.3 is also a divisor of a and which is
clearly less than or equal to ,/i . D
We can use Theorem 1.9 to find all the primes less than or equal to a given
positive integer n. This procedure is called the steve of Eratosthenes. We
illustrate its use in Figure 1.2 by finding all primes less than 100. We first
note that every composite integer less than 100 must have a prime factor less
than J00-: 10. Since the only primes lessthan l0 are 2,3,4, and 7, we only
need to check each integer less than 100 for divisibility by these primes. We
first cross out, below by a horizontal slash -, all multiples of 2. Next we
cross out with a slash / those integers remaining that are multiples of 3.
Then all multiples of 5 that remain are crossedout, below by a backslash\.
Finally, all multiples of 7 that are left are crossedout, below with a vertical
slash l. ntt remaining integers (other than l) must be prime.
1.5 Prime Numbers 41

t23+ 5 +7+,/-1-
ll ++ 13 l+- yr +#17+h19+
2{-*23+g-. X +/*2e-3o-
3l+2Ii+ 3? 37 +S- 2{ {'F
4r+43 1+ ,{ 1? 47 +F + {o-
+G -5S- 59 -6F
>{+*s3*r- \ .yr
61 4*tr# \ <G 67 +h t{ 1+
r -7G
-?& 7e -8-
y{ t.> 83 \ "Yr +h 89
tlt +> 2< + 9t 9j -9t- .y +OF

Figure1.2. Findingthe PrimesLessThan 100Usingthe Sieveof Eratosthenes.

Although the sieveof Eratosthenesproducesall primes lessthan or equal to
a fixed integer, to determine whether a particular integer n is prime in this
manner, it is necessaryto check n for divisibility by all primes not exceeding
G. This is quite inefficient;later on we will have better methodsfor deciding
whetheror not an integeris prime.
We know that there are infinitely many primes, but can we estimate how
many primes there are less than a positivereal number x't One of the most
famous theorems of number theory, and of all mathematics, is the
prime number theorem which answersthis question. To state this theorem,
we introducesomenotation.

Definition. The function r(x), where x is a positivereal number, denotesthe

number of primes not exceedingx.

Example. From our exampleillustrating the sieveof Eratosthenes,

we seethat
o ( t O ) : 4 a n d z r ( t O O:)2 5 .
We now state the prime number theorem.

The Prime Number Theorem. The ratio of zr'(x) to x/log x approachesone as

x grows without bound. (Here log x denotesthe natural logarithm of x. In
th e languageof lim i ts ,w e h a v e l i m z r(x )/+ : l ).
The Integers

The prime number theorem was conjectured by Gauss in 1793, but

it was
not proved until 1896, when a French mathematician J. Hadamard
and a
Belgian mathematician C. J. de la Vall6e-Poussin produced independent
proofs. We will not prove the prime number theorem here; the varioui proofs
known are either quite complicated or rely on advanced mathematics. In
Table I .l we give some numerical evidence to indicate the validitv of the

x rG) x /log x oG)/* ti G) r(x) /ti G)

log x

103 168 1 4 4 .8 1.160 1 7 8 0.9438202

104 t229 1085.7 1.132 -r 1246 0.9863563
105 9592 8 6 8 5 .9 l.104 9630 0.9960540
106 78498 72382.4 1.085 78628 0.9983466
107 664579 620420.7 1.071 664918 0.9998944
108 5761455 5428681.0 1.061 5762209 0.9998691
l0e 50847534 48254942.4 1.054 5084923s 0.9999665
l0l0 455052512 43429448r.9 1 .048 4 5 5 0 5 5 64 1 0.9999932
l 0 rI 4 r 1 8 0 5 4 8 1 3 3948131663.7 1 .043 4 1 1 8 1 6 5 4 0 1 0.999973r
l 0 l 2 3760791201836191206825.3 r.039 3760795028r 0.9999990
t 0 l 3 3460655 3 5 8 9t34072678387.r
8 1 . 0 3 6 34606564s8 10 0.9999997

Tablel.l. Approximations
to rG).
The prime number theorem tells us that x /log x is a good approximation to
rG) when x is large. It has been shown that an even better approximation is
given by

I' )':*4{
{-/d X/V614 -=1
ti G) :T O,
", log I

(whe-- T d, -^^-,
," J, representsthe areaunderthe curvey : lfiog t, and above
"* t :2 to / : x). In Table l.l, one seesevidencethat /i(x) is
the r-axis from
an excellent approximation of zr(x).

frtaft.1', nd -
r l'^- -L- =O\ J
v r ylr x4G ltlx
1.5 PrimeNumbers 49

We can now estimate the number of bit operations neededto show that an
',,6-. The
integer n is prime by trial divisionsof n by ail primes not exceeding
',/n number theorem tells us that there are approximately
fioeJ; : 2-/i /log n primes not exceeding-6. To divide n by an integer
m takes O(log2n.log2m) Uit operations. Therefore, the number of bit
operations needed to show that n is prime by this method is at least
Q,/i/togilG log2n) - r,/i (where we have ignored thelog2m term since it
is at least l, even though it sometimesis as large as (log2n)/D . This method
of showing that an integer n is prime is very inefficient, for not only is it
necessaryto know all the primes not larger than, but it is also necessaryto
do at least a constant multiple of ,/i bit operations. Later on we will have
more efficient methods of showing that an integer is prime.
We remark here that it is not necessaryto find all primes not exceedingx
in order to compute zr(x). One way that zr(x) can be evaluated without
finding all the primes less then x is to use a counting argument based on the
sieve of Eratosthenes (see problem l3). (Recently, very efficient ways of
finding r(x) using O (x3/s+c)bit operationshave been devisedby Lagarias and
Odlyzko t6ql.)
We have shown that there are infinitely many primes and we have discussed
the abundance of primes below a given bound x, but we have yet to discuss
how regularly primes are distributed throughout the positive integers. We first
give a result that shows that there are arbitrarily long runs of integers
containingno primes.

Proposition 1.8. For any positive integer n, there are at least n consecutive
compositepositive integers.

Proof. Consider the n consecutivepositive integers

h + l ) ! + 2 , ( n + 1 ) ! + 3 , . . . , h+ l ) ! + n t l .

When 2< j(n *l,weknowthatTl(n + l ) ! . B y P r o p o s i t i o1n. 4 , i t

follows that 7 | (, + t)! +;. Hence, these n consecutiveintegers are all
composite. tr

Example. The seven consecutiveintegers beginning with 8! + 2 : 40322 are

all composite. (However, these are much larger than the smallest seven
consecutivecomposites,90, 91, 92, 93, 94, 95, and 96.)
50 The Integers

Proposition1.8 showsthat the gap betweenconsecutiveprimes

is arbitrarily
long. On the other hand, primes may often be close iogether.
The only
consecutiveprimes are 2 and 3, because2 is the only even prime.
many pairs of primes differ by two; these pairs of pri-., are called
twin pr im es . E x a m p l e sa re th e p ri m e s 5 a n d 7,l l and 13, l 0l and
103, and
4967 and 4969. A famous unsettled conjecture assertsthat there are
many twin primes.

There are a multitude of conjecturesconcerningthe number of primes of

various forms. For instance,it is unknown whether there are infinitlly many
primes of the form n2 + | where n is a positiveinteger.
Questionssuch as this
may be easy to state, but are sometimesextremely difficult to resolve.
We conclude this section by discussing perhaps the most notorious
conjecture about primes.

Goldbach's Conjecture. Every even positive integer greater than two can be
written as the sum of two primes.
This conjecture was stated by Christian Goldbach in a letter to Euler in
1742. It has been verified for all even integersless than a million. One sees
by experimentation,as the following exampleillustrates,that usually there are
many sums of two primes equal to a particular integer, but a proof that there
always is at least one such sum has not yet been found.

Example. The integers 10,24, and 100 can be written as the sum of two
primes in the following ways:


1.5 Problems

l. Determinewhichof the followingintegersare primes

a) l0l c) l07 e) I 13
b) 103 d) lll f) tzt.
1.5 PrimeNumbers 51

2 . Use the sieveof Eratosthenesto find all primes lessthan 200'

3 . Find atl primes that are the difference of the fourth powers of two integers.
4 . Show that no integer of the form n3 * I is a prime, other than 2: 13 + l.

5 . Show that if a and n are positive integers such that an -l is prime, then a : 2
and n is prime. (Hint: Use the identity ake-l : Qk-D (aka-t\ +
a k Q - D+ + a k+ l ) .

6 . In this problem, another proof of the infinitude of primes is given. Assume there
are only finitely many primes p r,Pz,...,Pn Form the integer
... pn * l. Show that
Q: prpz Q h a s a p r i m e f a c t o r n o t i n t h e a b o v el i s t .
Conclude that there are infinitely many primes.

7. Let Qn : ptpz " ' pn t l where Pt,Pz, ..., Pn are the n smallest primes.
Determine the smallest prime factor of Q^ for n:1,2,3,4,5, and 6. Do you
think Q, is prime infinitely often? (tnis is an unresolvedquestion.)

8 . L e t p t , p 2 , . . . , p n b e t h e f i r s t n p r i m e sa n d l e t m b e a n i n t e g e rw i t h I 1 m
Let Q be the product of a set of z primes in the list and let R be the product of
the remaining primes. Show that Q + R is not divisible by any primes in the
list, and hence must have a prime factor not in the list. Conclude that there are
infinitely many primes.

9. Show that if the smallest prime factor p of the positive integer n exceedsd6
then n/p must be prime or 1.

1 0 . il Find the smallest five consecutivecomposite integers.

b) Find one million consecutivecompositeintegers.

I l. Show that there are no "prime triplets", i.e. primes p, p + 2, and p + 4, other
than 3,5, and 7.

12. Show that every integer greater than 11 is the sum of two compositeintegers.
( problem 17 of Section 1.1) to show that
13. Use the principle of inclusion-exclusion

o(n):(o(.6-)-r) l-l . +l-ll
tl* l p ,I l p ,l )

l*l .l*l . +lrnl

wherept,pz,...,p,are the primeslessthan or equal to ^6 (with r:zr<Jill.
(Hint: Let propertyPi,,...,i,be the propertythat an integeris divisibleby all of
52 The Integers

Pi,,...,pi,,and use problem 23 of Section 1.2.)

14. Use problem l3 to find zr(250).

15' il show that the polynomial x2 -

x * 4l is prime for all integers x with
0 ( I < 40. Show, however,that it is composite
for x : 4i.
b) Show that if f (x) : onxn + an-,x;-t +
* a1x r as where the
coefficientsare integers, then there is an integer y
such that f(y) is composite.
(Hint: Assume that
f(x) :p is prim., unJsho* p divides (x+kfl
f for ail
integers ft ' conclude from the faci that a polynomial
of degree z takes on each
value at most n times, that there is an integer y
suctr that f(y) is composite.)
16' The lucky numbers are generated by the following
sieving process. Start with
the positive integers. Begin the process by crossing
out every second integer in
the list' starting your count with the integer t. other
than I the smallestinteger
left is 3, so we continue by crossing out every third integer
left, starting the
count with the integer l. The next integer left is 7, so we cross
out every seventh
integer left. Continue this process,where at each stage we
cross out every kth
integer left where & is the smallest integer left other than
one. The integers that
remain are the lucky numbers.

a) Find all lucky numbers less than 100.

b) show that there are infinitery many rucky numbers.

17. Show that if p is prime and I ( t ( p, then the binomial coefficient ,,

divisibleby p. [;]

1.5 Computer Projects

Write programs to do the following:

l' Decide whether an integer is prime using trial division of the

integer by all
primes not exceedingits square root.

2. Use the sieve of Eratosthenesto find all primes less than 10000.

3' Find zr(n), the number of primes lessthan or equal to rz, using problem
4. verify Goldbach's conjecture for all even integers less than 10000.

5. Find all twin primes less than 10000.

6. Find the first 100 primes of the form n 2 + l.

7. Find the lucky numbers less than 10000 (see problem 16).
and Prime Factorization

2.1 GreatestCommonDivisors
If a and b are integers, that are not both zero, then the set of common
divisorsof a and 6 is a finite set of integers,alwayscontainingthe integers*l
and -1. We are interestedin the largest integer among the common divisors
of the two integers.

Definition. The greotest common divisor of two integers a and b, that are
not both zero, is the largest integer which divides both a and b.

The greatestcommondivisor of a and b is written as (a, b).

Example. The commondivisorsof 24 and 84 are t l, J.2, +3, 1.4, t6, and
+ 12. Hence Q+, g+) : 72. Similarly, looking at setsof commondivisors,we
f i n dt h a t ( 1 5 , 8 1 ): 3 , ( 1 0 0 , 5 ) : 5 , ( I 7 , 2 5 ) : l , ( 0 , 4 4 ): 4 4 , ( - 6 , - 1 5 ) : 3 ,
and (-17, 289) : 17.
We are particularly interested in pairs of integers sharing no common
divisorsgreaterthan l. Such pairs of integersare called relatively prime.

Definition. The integers a and b are called relatively prime if a and b have
greatestcommondivisor (a, b) : l.

Example. Since Q5,42) : 1,25 and 42 are relativelyprime.

54 GreatestCommonDivisorsand prime Factorization

Note that since the divisors of -c are the same as the divisors of a, it
follows that (a, b) : (lal, la ll (where lc I denotesthe absolute value of a
which equalsa if a )0 and equals -a if a <0). Hence, we can restrict our
attentionto greatestcommondivisorsof pairs of positiveintegers.
We now provesomepropertiesof greatestcommondivisors.

Proposition 2.1. Let a, b, and c be integerswith G, b) : d. Then

(;) b /d , b l d ) : I
(ii) (atcb, b) : (a, b).

Proof. (D Let a and b be integers with (a,b) : d. we will show that a /d

and b/d have no common positivedivisorsother than 1. Assume that e is a
positiveinteger such that e I Q/d) and e I Qtal. Then, there are integersk
and I with ald : ke and b/d :Qe, such that a : dek and b : de[. Hence.
de is a common divisor of a and b. Since d is the greatestcommon divisor of
o and b,e must be l . Consequently,G /d , b /d) : l.

(ii) Let a, b, and c be integers. We will show that the commondivisorsof a

and b are exactly the same as the common divisors of a t cb and b. This
will show that (a *cb , b) : G, b). Let e be a common divisor of a and b .
By Proposition1.4, we see that e I b*cb), so that e is a common divisor of
a * cb and 6. It,f is a commondivisor of a * cb and b, then by Proposition
1.4,we seethat/ dividesb+cb) - cb : a, so thatf is a commondivisorof
a and b. Hence G*cb, b) : (a, b'). a
We will show that the greatestcommon divisor of the integersa and b, that
are not both zero,can be written as a sum of multiplesof a and b. To phrase
this more succinctly,we use the following definition.

Definition. If a and b are integers,then a linear combination of a and b is a

sum of the form ma * nD, where both rn and,n are integers.
We can now state and prove the following theorem about greatest common

Theorem 2.1. The greatest common divisor of the integers a and b, that are
not both zero, is the least positive integer that is a linear combination of a and

Proof. Let d be the least positive integer which is a linear combination of a

and b. (There is a least such positive integer, using the well-ordering
property, since at least one of two linear combinations l'a t 0'b and
2,1 GreatestCommonDivisors 55

GDa + 0'b, wherea 10, is positive.)We write

rz.rlR==r* d:ma*nb,
w h e r em a n d n a r e p b f t @ i n t e g e r s .W e w i l l s h o w t h a t d l a a n d d l b .
By the divisionalgorithm,we have
a:dq*r, 0(r<d.

:' ;: ;';::,b) : e-qm)a - qnb

This shows that the integer r is a linear combination of a and D. Since

0 ( r 1d, and d is the least positive linear combination of a and b, we
concludethat r : 0, and henced I o. In a similar manner,we can show that
d I b.
We now demonstratethat d is the greatest commondivisor of a and b. To
show this, all we need to show is that any common divisor c of a and D must
d i v i d e d . S i n c ed : m a * n b , i f c l a a n d c l b , P r o p o s i t i o nl . 4 t e l l s u s t h a t
c I d. tr
We have shown that the greatestcommon divisor of the integersa and b,
that are not both zero. is a linear combinationof a and b. How to find a
particular linear combinationof a and D equal to G, D) will be discussedin
the next section.
We can also definethe greatestcommondivisor of more than two integers.

Definition. Let e1, e2,...,en be integers, that are not all zero. The
greatest common divisor of these integers is the largest integer which is a
divisor of all of the integers in the set. The greatest common divisor of
a t, a 2 , . . .c, , is denot e db y (a 1 ,a 2 ,,...,
a n ).

Example. We easilyseethat 02, 18, 30) :6 and (10, 15, 25) : 5.

To find the greatestcommon divisor of a set of more than two integers,we
can use the following lemma.

L,emma2.1. If a1, a2,...,an are integers, that are not all zero, then
(a1, a2,..., an-1, an) : (a1, a2r..., (on-r, a)).

Proof. Any common divisor of the n integers ar, e2,...,en_t, en is, in

particular, a divisor of ar-1 and an, and therefore, a divisor of (an_1,an).
56 GreatestCommonDivisorsand PrimeFactorization

Also, any commondivisor of the n-2 integers4 t, a2,...,on_2,and (an_1,an),

must be a commondivisor of all n integers,for if it divides (on-r, an), it must
divide both cr-1 and an Since the set of n integersand the set of the first
n-2 integers together with the greatest common divisor of the last two
integers have exactly the same divisors, their greatest common divisors are
equal. tr

Example. To find the greatest common divisor of the three integers

105,140,and 3 5 0 , w e u s e L e mma 2 .1 to see that (105, 140.350) :
( 1 0 5 ,( 1 4 0 , 3 5 0 ):) ( l 0 5 , 7 0 ) : 3 5 .

Definition. We say that the integers a1.e2,...,e1 are mutually relatively

prime if (a1, e2,...,an) : l. These integers 4re called pairwise relatively
prime if for each pair of integers4; and a; from the set, (ai, a1): l, that is,
if each pair of integersfrom the set is relatively prime.
It is easy to see that if integersare pairwise relatively prime, they must be
mutually relatively prime. However, the converseis false as the following

Example. Considerthe integers15, 21, and 35. Since

( 1 5 , 2 r , 3 5 ) (: t s ,( 2 t , 3 5 ) ) :( r 5 , 7 ) : r ,

we see that the three integersare mutually relatively prime. However, they
are not pairwise relatively prime, b e c a u s(et S . z l ) : 3 , ( 1 5 , 3 5 ): 5 , a n d

2.1 Problems

l. Find the greatestcommon divisor of each of the following pairs of integers

il 15,35 d) 99, 100

b) 0,lll e ) 1l , l 2 l
c) -12.t8 f) 100,102

Show that if a and b are integerswith (a, b) : l, then (a*b, a-b) : I or 2.

Show that if a and b are integers, that are not both zero, and c is a nonzero
i n t e g e r t, h e n ( c a, c b ) : l c l b , b \ .

4 . What is (a2+b2,a*b), where a and b are relatively prime integers,that are not
both zero?
2.1 GreatestCommonDivisors 57

5 . Periodicalcicadasare insectswith very long larval periodsand brief adult lives.

For each speciesof periodical cicada with larval period of 17 years, there is a
similar specieswith a larval period of 13 years. If both the l7-year and l3-year
speciesemerged in a particular location in 1900, when will they next both
emerge in that location?

6 . a) Show that if a and b are both even integers, that are not both zero, then
(a, b) : 2fu/2,b/2).

b) Show that if a is an even integer and b is an odd integer, then

G , b \ : G 1 2 b, ) .
7 . S h o w t h a t i f a , b , a n d c a r e i n t e g e r ss u c ht h a t G , b ) : I and c I G*b), then
8 . il Show that if a,b, and c a r e i n t e g e r sw i t h b , b ) : (a, c) : l, then
(a, bc) : L

b) Use mathematicalinductionto showthat if at, a2,...,anare integers,and b is

another integer such that (ar b) : (az, b) : : (on, b) - l, then
( a p 2 ' ' o n ,b ) : l .

9 . S h o wt h a t i f a , b , a n d c a r e i n t e g e r sw i t h c I a b , t h e n c | ( a , c ) ( b , c ) .
1 0 . a) Show that if a and b are positiveintegerswith (a , b) : l, then (an, bn) : I
for all positiveintegersn.

b) Use part (a) to prove that if a and b are integerssuch that a' I bn where n
is a positiveinteger,then c I b.

ll. Show that if a, b and c are mutually relatively prime nonzero integers, then
G, bd : (a,b)(a,c),
T2, Find a set of three integersthat are mutually relatively prime, but not relatively
prime pairwise. Do not use examplesfrom the text.

1 3 . Find four integersthat are mutually relatively prime, such that any two of these
integersare not relativelyprime.
1 4 . Find the greatestcommondivisor of each of the following setsof integers

a) 8, lo, 12 d) 6,15,21
b) 5,25,75 e) -7,28, -35
c ) 99,9999, 0 f) 0,0, l00l .

1 5 . Find three mutually relatively prime integers from among the integers
6 6 , 1 0 5 ,4 2 , 7 0 , a n d 1 6 5 .

1 6 . Show that ar, a2,...,an are integers that are not all zero and c is a positive
integer,then (cat, caz,...,can)- c(a6 a2...,an).
58 Greatest Common Divisors and Prime Factorization

t7. Show that the greatestcommon divisor of the integersat, o2,...,an, that are not
all zero,is the least positiveinteger that is a linear combinationof a t, at,..., an.

r 8 . Show that if k is an integer, then the six integers 6k-l, 6k +l ,

6k+2, 6k +3, 6k+5, are pairwiserelativelyprime.

r 9 . Show that if k is a positiveinteger,then 3k *2 and 5k +3 are relatively prime.

20. Show that every positive integer greater than six is the sum of two relativelv
prime integersgreater than I .

2t. a) Show that if a and b are relatively prime positive integers, then
(a'-b^)l(a-b).a-b) : I or n.

then ((an-b'\/G-b), a-b) :

b) Showthat if o and b arepositiveintegers,
( n ( a ,b ) r - t , a - b ) .

2.1 ComputerProjects
l. Write a programto find the greatest
commondivisorof two integers.

2.2The Euclidean
We are going to develop a systematicmethod, or algorithm, to find the
greatestcommon divisor of two positive integers. This method is called the
Euclidean algorithm. Before we discuss the algorithm in general, we
demonstrateits use with an example. We find the greatestcommon divisor of
30 and 72. F i rs t, w e u s eth e d i v i s i o na l g o ri t hmto w ri teT2:30' 2 + 12, and
w e u s e P r o p o s i t i o 2n . 1 t o n o t e t h a t $ 0 , 7 D : ( 3 0 ,7 2 - 2 . 3 0 ) : ( 1 0 , t 2 ) .
Another way to see that (J,0,7D: (30, 12) is to notice that any common
divisor of 30 and 72 must also divide 12 because12 : 72 - 30'2. and
conversely,any common divisor of 12 and 30 must also divide 72, since
72: 30' 2+ 12 . N o te w e h a v e re p l a c e d7 2 b y the smal l ernumber 12 i n our
computationssince 02,30): (30, l2). Next, we use the divisionalgorithm
again to write 30 : 2'12 + 6. Using the samereasoningas before,we seethat
( 30, 12) : ( 12 ,6 ). Be c a u s e 1 2 : 6 ' 2 * 0, we now see that
02, O : (6, 0) : 6. Consequently,we can conclude that (72,30) : 6,
without finding all the commondivisorsof 30 and 72.
We now set up the generalformat of the Euclideanalgorithm for computing
the greatestcommondivisor of two positiveinteger.

The EuclideanAlgorithm. Let rs : a and r r : b be nonnegativeintegerswith

b I 0. If the division algorithm is successively applied to obtain
r i : r i + t Q i * ,I r i + 2 w i t h 0 1 r i + 2 1 r i + t f o r 7 : 0 , 1 , 2 , . . . , n - 2 a n d r , : 0 ,

ot=bt *f^ O<rr<b

2 .2 Th e E uc lideanA l g o ri th m 59

then (a , b) -- r,-1, the last nonzeroremainder.

From this theorem,we see that the greatestcommon divisor of c and b is

the last nonzero remainder in the sequenceof equations generated by
successively using the division algorithm, where at each step, the dividend and
divisor are replacedby smaller numbers,namely the divisor and remainder.

To prove that the Euclidean algorithm producesgreatestcommon divisors,

the following lemma will be helpful.

Lemma 2.2. If c and d are integers and c : dq * r where c and d ate

i n te g er st,hen ( c , d) : (d , r).

Proof. If an integer e dividesboth c and d, then sincer : c-dq, Proposition

1 . 4 s h o w st h a t e l r . I f e l d a n d e l r , t h e n s i n c ec : d q l r , from
Proposition1.4, we seethat e I c. Since the common divisorsof c and d are
the sameas the commondivisorsof d and r, we seethat k, d) : (d, r). tr
We now prove that the Euclideanalgorithm works.

Proof. Let r0: e and rr : b be positive integers with a 7 b. By

applying the divisionalgorithm, we find that

fg : rtQt*rZ 0< r2
f y : r2Q2* rt 0< r3

tn-3 : fn-2Qn-Z * fn-t 0 ( rr-r

f n-2 : fn-lQn-t * fn 0 (r,
I n-l : lnQn

We can assumethat we eventuallyobtain a remainder of zero since the

se q u enc eof r em aind e rsa : ro l r1 > . 1 2 > . ) 0 cannot contain more
than c terms. Bv Lemma 2.2. we see that ( a , b ) : ( r s , r 1 ) : ( r l , r z ) :
(rr., r) (rn-r, fn-t) : (rr-r, rr) : (rr,0) : rn. H ence
( a , b ) : r-. the last nonzeroremainder. tr

We illustrate the useof the Euclideanalgorithm with the following example.

Example. To find (252, 198), we use the division algorithm successivelyto

60 Greatest Common Divisors and Prime Factorization

2 5 2 : l . 1 g g+ 5 4
198:3'54 +36
54:1'36 +18
36 : 2.18.

H e n c eQ S Z . 1 9 8 ) : 1 8 .
Later in this section, we give estimates for the maximum number of
divisions used by the Euclidean algorithm to find the greatest common divisor
of two positive integers. However, we first show that given any positive integer
n, there are integersa and b such that exactly n divisionsare required to find
G, b) using the Euclidean algorithm. First, we define a special sequenceof

Definition. The Fibonacci numbers ur, u2, u3,... are defined recursively by
t h e e q u a t i o nas t : u 2 : I a n d u n : u n - t * u n - 2 f o rn 2 3 .
Us ing t he de fi n i ti o n , w e s e e th a t u 3 : tt2 * yt: I t | : 2, u3l u2
: 2 * I : 3, and so forth. The Fibonacci sequencebegins with the integers
1 , 1 , 2 , 3 , 5 , 8 1 3 , 2 1 , 3 4 , 5 5 ,8 9 , I 4 4 , . . . . E a c h s u c c e e d i nt g
erm is obtained
by adding the two previousterms. This sequenceis named after the thirteenth
century ltalian mathematicianLeonardodi Pisa, also known as Fibonacci,who
used this sequenceto model the population growth of rabbits (see problem 16
at the end of this section).
In our subsequentanalysis of the Euclidean algorithm, we wil! need the
following lower bound for the nth Fibonacci number.

Theorem 2.2. Let n be a positive integer and let cu: ( l+-.8) /2. Then

Proof. We use the second principle of mathematical induction to prove the

desired inequality. We have a 1 2: u3, so that the theorem is true for
n :3.
Now assumethat for all integersk with k 4 n, the inequality
ok-2 1 ut


S i n c ea : ( l + r f r / 2 i s a s o l u t i o no f x 2 - x - I : 0 , w e h a v ea 2 : a * l .

otn-l : o2.on-3: (a*l).ar-3 : s1n-2 * an-3

2 .2 T he E uc lidean Al g o ri th m 61

By the induction hypothesis,we have the inequalities

an-2 < un, otn-31 un-t ,

Therefore, we conclude that

or'-l lun*un-l-un*l

This finishesthe proof of the theorem. tr

We now apply the Euclidean algorithm to the successiveFibonacci numbers
34 and 55 to find (34. 55). We have

2l: l3'l + 8
13:8'1 + 5
8 : 5'1 * 3
5:3'l * 2
3:2'l * I
2: l'2.

We observe that when the Euclidean algorithm is used to find the greatest
common divisor of the ninth and tenth Fibonacci numbers, 34 and 55, a total
of eight divisions are required. Furthermore, (34, 55) : 1. The following
theorem tells us how many divisions are needed to find the greatest common
divisor of successiveFibonacci numbers.

Theorem 2.3. Let unrr and unt2 be successive terms of the Fibonacci
sequence. Then the Euclidean algorithm takes exactly n divisions to show that
(u n * r , ur a2): l.

Proof. Applying the Euclidean algorithm, and using the defining relation for
the Fibonacci numbers ui : uj-r I ui-z in each step, we seethat

lln*2: Un*t'l t Un,

Un*l: Un'l + Un-1,

Lt4: u3'1* u2'

It3 : tt2'2.

Hence, the Euclidean algorithm takes exactly n divisions, to show that

( u n q 2 , t l n q r ): u z - l . E
62 Greatest Common Divisorsand Prime Factorization

We can now prove a theorem first proved by Gabriel Lame', a French

mathematician of the nineteenth century, which gives an estimate for the
number of divisions needed to find the greatest common divisor using the
Euclidean algorithm.

Lam6's Theorem. The number of divisions neededto find the greatest common
divisor of two positive integers using the Euclidean algorithm does not exceed
five times the number of digits in the smaller of the two integers.

Proof. When we apply the Euclidean algorithm to find the greatest common
divisor of a : re and b :r 1 with a ) b, we obtain the following sequenceof
fg : rtQt*rZ, 0(rz1rr,
f1 :rZ4Z*rt, 0(131rz,

fn-2 : fn-tQn-t * rr, 0 ( rn 1 rn-t,

fn-l : tnQn,

We have used n divisions. We note that each of the quotientsQt, Q2,...,Qn-l

is greater than or equal to l, and Qn 7 2, sincern 1rn-1. Therefore,
rn-t 2 2rn 2 2u2: u3,
rn-z 2 rn-t * rn 2 ut * u2: u4,
rn-l 2 rn-z * rn-t 2 uq * u3: tt5,

rz)13*14 7 unq * un-z: u*

b:'r2rz * rt 7 u n * u n-t : un+ l

Thus, for there to be n divisions used in the Euclidean algorithm, we must

have b 7 un+r. By Theorem 2.2, we know that unay ) qn-r for n ) 2 where
a: (l+.,8)/2. Hence, b ) an-r. Now, since loglsa > 1/5, we seethat
l o g rq b > h -l )l o g l s a > (C I-l ) /5.

2 .2 T he E uc lidean Al g o ri th m 63

Let b have k decimal {igits, so that b < 10ftand loglsb < k. Hence, we see
that n - I < 5k and since /c is an integer, we can conclude that n < 5k.
This establishesLam6's theorem. tr
The following result is a consequence
of Lam6's theorem.

Corollary 2.1. The number of bit operations needed to find the greatest
of twopositive
common integers
a and, yy
Proof. We know from Lam6's theorem that O Qogra) divisions, each taking
O(log2a)2) bit operations,are neededto find fu, b). Hence, by Proposition
1.7, (a, b) may be found using a total of O((log2a)3) bit operations. D
The Euclideanalgorithm can be used to expressthe greatestcommon divisor
of two integers as a linear combination of these integers. We illustrate this by
expressing(252, 198) : l8 as a linear combinationof 252and 198. Referring
to the stepsof the Euclideanalgorithm used to find (252, 198), from the next
to the last step, we seethat

From the secondto the last step, it follows that


which implies that

1 8: 5 4 - t . ( 1 9 8 - 3 . 5 4: ) 4 . 5 4 - 1 . 1 9 8 .

Likewise, from the first stepwe have

54:252 - l'198.

so that
l 8 - 4 ( 2 5 2 - 1 . 1 9 8- ) 1 . 1 9 8: 4 . 2 5 2 - 5 . 1 9 8 .

This last equationexhibits l8 : (252, 198) as a linear combinationof 252 and

l 98.
In general,to see how d : (a, b) may be expressedas a linear combination
of a and 6, refer to the series of equations that is generated by use of the
Euclideanalgorithm. From the penultimateequation,we have
rn: (a, b) : r n - 2 - r n - r Q n - .r

Th i s e x pr es s es
b, b) ' a s a l i n e a r c o mb i n a ti o no f rr-2e,fi drr-1. The secondto
64 GreatestCommonDivisorsand PrimeFactorization

the last equation can be used to expressr2-1 &S rn-3 -rn-zen-z . Using this
last equation to eliminate rn-1 in the previousexpressionfor (4,6), we find
ln: ln-3- fn-24n-2,

so that

b, b) : rn-2- (rn4-rn-zQn-z)en-r
-- (l + q rn Q n -z )rn - z-

which expressesb, b) as a linear combinationof rn-2 zfid r,4. We continue

working backwards through the steps of the Euclidean algorithm to express
G, b) as a linear combinationof each precedingpair of remaindersuntil we
havefound (a, b) as a linear combinationof to: a and 11- b. Specifically,
if we have found at a particular stagethat


then, since
ti: ti_2- ri_tQi_r,

we have

b,b) : s (ri-z*ri-g1-r) * tr1-r

: Q-sqt-)ri-r * sri-2.

This showshow to move up through the equationsthat are generatedby the

Euclidean algorithm so that, at each step, the greatestcommon divisor of a
and b may be expressedas a linear combination of a and b.

This method for expressingG, b) as a linear combinationof a and b is

somewhatinconvenientfor calculation, becauseit is necessaryto work out the
steps of the Euclidean algorithm, save all these steps, and then proceed
backwardsthrough the steps to write G,b) as a linear combinationof each
successivepair of remainders. There is another method for finding b,b)
which requires working through the steps of the Euclidean algorithm only
once. The following theoremgivesthis method.

Theorem 2.4. Let a and b be positive integers. Then


for n:0,1,2,..., where,sn andtn are the nth terms of the sequences
2.2 The Euclidean Algorithm 65

SO: l, /0:0,
sl :0, /l : l,

si : Si*z- ?i-tsi-t, tj : tj-z - Q1-zt1-t

for 7 :2,3, ..., fl, where the q;'s are the quotientsin the divisionsof the
Euclideanalgorithm when it is usedto find G,b).

Proof. We will prove that

Q.D ri : sia + tjb

for 7 : 0, I ,...,fl. Since G,b) : r, once we have established(2.2), we will

know that

We prove (2.2) using the secondprinciple of mathematicalinduction. For

l :0 , we hav e a : r0 : l ' a * 0 ' b : s s a* ts b . H ence, Q.D i s val i d for
j : 0 . L i k e w i s eb, : r r : 0 ' a + l ' b : s l c + t f t , s o t h a t Q . D i s v a l i d f o r
j : l.

Now, assumethat

for 7 : 1,2,..., k-1. Then, from the kth step of the Euclideanalgorithm,we
tk : rk-2 - r*_lQt-l .

Using the inductionhypothesis,we find that

r1 : (s1-2a*tp-2b) - (s1raa*t1r-1b) Q*-r
: (s 1 -2 -s * -tq * -)a * Q p 2 -t* -rq* -)b

This finishesthe proof. tr

The following example illustrates the use of this algorithm for expressing
(a,b) as a linear combinationof a and b.

Example. Let a :252 and D : 198. Then

66 GreatestCommonDivisorsand prime Factorization

so: l, lo:0,
sl :0, Ir : 1,
J2:S0-sql:l- 0'l:1, tZ:tO-ttQt:0- 1 . 1: - 1 ,
J 3 : S t - S Z Q z : 0- l ' 3 : - 3 , t 3 : t t - 1 Z Q Z :1 - ( - l ) 3 : 4 ,
s 4 : s 2- s t Q t : I - ( - l ) ' t : 4 , t q : t z - t t Q z : - l - 4 . 1: - 5 .

S i n c e1 4 : 1 8 : ( 2 5 2 , 1 9 8 )a n d 1 4 : s 4 o+ t 4 b , w e h a v e

1 8 - ( 2 5 2 ,1 9 8 ): 4 . 2 5 2- 5 . 1 9 8.

It should be noted that the greatestcommon divisor of two integersmay be

expressedin an infinite number of different ways as a linear combination of
theseintegers. To seethis, let d : (a,b) and let d : so I tb be one way to
write d as a linear combination of a and b, guaranteed to exist by the

d : (s - k(b/d))a + Q - kb/d))b

for all integersk.

Example. With a :252 and b : 198, lB: (252, 198) : (+ - t Ik)252 +

(-S - l4k)198 whcneverk is an integer.

2.2 Problems

l. Use the Euclidean algorithm to find the following greatest common divisors

il (45,75) c) (ooo,
b) 002,22D d) (2078S,44350).

2. For each pair of integers in problem l, expressthe greatest common divisor of

the integers as a linear combination of these integers.

3. For each of the following sets of integers, expresstheir greatest common divisor
as a linear combination of these integers

il 6, 10,l5

b) 7 0 , 9 8 ,1 0 5

c) 2 8 0 ,3 3 0 , 4 0 5 , 4 9 0 .

4. The greatest common divisor of two integers can be found using only
subtractions, parity checks, and shifts of binary expansions,without using any
divisions. The algorithm proceedsrecursively using the following reduction
2.2 The Euclidean Algorithm 67

I, if a:b

)2 k l L ,b/2 ) if a and 6 are even

G.b): if a is even and b is odd
-D,b) if a and b are odd.

a) Find (2106,8318) usingthis algorithm.

b) Show that this algorithm always produces the greatest common divisor of a
pair of positiveintegers.

5. In problem 14 of Section 1.2, a modified division algorithm is given which says

that if a and 6 > 0 are integers,then there exist unique integersq,r, and e
such that a : bq * er, where e - tl,r ) 0, and -blz < er { bl2. We can
set up an algorithm, analogous to the Euclidean algorithm, based on this
modified division algorithm, called the least-remainder algorithm. It works as
follows. Let rs: a and rr: b, where a ) b 7 0. Using the modified division
algorithm repeatedly,obtain the greatest common divisor of a and b as the last
nonzeroremainder rn in the sequenceof divisions

ro : rtQr * e2r2, -rtlz 1 e2r2 4 ,tlz

rn-Z : ln-tQn-t I enrn, -rn-tl2 I enrn 4, rn-tl2

fn-l : 7n4n'

a) Use the least-remainderalgorithm to find (384, 226).

b) Show that the least-remainder algorithm always produces the greatest

common divisorof two integers.

c) Show that the least-remainderalgorithm is always faster, or as fast, as the

Euclidean algorithm.

d) Find a sequenceof integers v6, V1,v2,... such that the least-remainder

algorithm takes exactly n divisionsto find (vn*,, vn+z).

e) Show that the number of divisions needed to find the greatest common
divisor of two positive integers using the least-remainderalgorithm is less
than 8/3 times the number of digits in the smaller of the two numbers,plus
6 . Let m and n be positive integers and let a be an integer greater than one. Show
that (a^-1, an-l) - a(^' n)- l.

7 . In this problem, we discuss the game of Euclid. Two players begin with a pair
of positive integers and take turns making movesof the following type. A player
can move from the pair of positiveintegers{x,y} with x 2 y, to any of the pairs
[x-ty,yl, where / is a positive integer and x-ty 2 0. A winning move
68 GreatestCommonDivisorsand PrimeFactorization

consistsof moving to a pair with one element equal to 0.

a) Show that every sequence of moves starting with the pair {a, bl must
eventuallyend with the pair {0, (a, b)}.

b) show that in a game beginning with the pair {a, b},1he first player may
play a winning strategy if a - 6 or if a 7 b0+ Jil/z; otherwisethe
second player mgr play a winning strategy. (Hint: First show that if
y < x ( y(t+VS)/Z then thge is a unique move from l*,Ol that goes to
a pair lt, r| with y > ze+Jil/z.)

In problems8 to 16, un refers to the nth Fibonaccinumber.

8. Show that if n is a positiveinteger,then rz1l u2 I I ttr: un+z- l.

9. Show that if n is a positiveinteger, then unapn-r - u] : GD'.
10. Show that if n is a pqsitive integer, then un: (c'n-0\/'..fs, where
o : (t+.,6) /2 andp : Q-'./-il/2.

ll. Show that if m and n arepositiveintegerssuch that m I n, then u^ | un.

12. Show that if m and n are positiveintegers,then (u^, un) : u(m,il.

13. Show that un is even if and only if 3 | n.

(t 'l
t4. Letu: li i,.
Irn*, Itn I
a) Show that Un : .
lu, u^_r)

b) Prove the result of problem 9 by consideringthe determinant of Un.

15. We define the generalized Fibonacci numbers recursively by the equations

gr- a, E2: b, and gn - gn-t* gr-zfor n 2 3. Showthat gn: oun-2* bun-1
for n )- 3.

16. The Fibonacci numbers originated in the solution of the following problem.
Supposethat on January I a pair of baby rabbits was left on an island. These
rabbits take two months to mature, and on March I they produce another pair of
rabbits. They continually produce a new pair of rabbits the first of every
succeeding month. Each newborn pair takes two months to mature, and
producesa new pair on the first day of the third month of its life, and on the first
day of every succeedingmonth. Show that the number of pairs of rabbits alive
after n months is precisely the Fibonacci number un, assuming that no rabbits
ever die.
17. Show that every positive integer can be written as the sum of distinct Fibonacci
2.3 The Fundamental Theorem of Arithmetic 69

2.2 Computer Projects

Write programs to do the following:

l. Find the greatestcommondivisor of two integersusing the Euclideanalgorithm.

2. Find the greatest common divisor of two integers using the modified Euclidean
algorithm given in problem 5.

3. Find the greatest common divisor of two integers using no divisions (see problem
4. Find the greatest common divisor of a set of more than two integers.

5. Express the greatest common divisor of two integers as a linear combination of


6. Express the greatest common divisor of a set of more than two integers as a
linear combination of these integers.

7. List the beginning terms of the Fibonacci sequence.

8. Play the game of Euclid describedin problem 7.

2.3 The FundamentalTheoremof Arithmetic

The fundamental theorem of arithmetic is an important result that shows
that the primes are the building blocks of the integers. Here is what the

The Fundamental Theorem of Arithmetic. Every positive integer can be

written uniquely as a product of primes,with the prime factors in the product
written in order of nondecreasingsize.

Example. The factorizationsof somepositive integersare given by

2 4 0: 2 . 2 . 2 . 2 . 3:. 5 2 4 . 3 . 5 , 2 8: 9 1 7 . 1 7: 1 i 2 . 1 0 0 1: 7 . 1 1 . 1 3

Note that it is convenient to combine all the factors of a particular prime

into a power of this prime, such as in the previous example. There, for the
factorization of 240, all the fdctors of 2 were combined to form 24.
Factorizationsof integers in which the factors of primes are combined to form
powersare called prime-power factorizations.

To prove the fundamental theorem of arithmetic, we need the following

lemma concerningdivisibility.

Lemma 2.3. lf a, b, and c are positive integers such that (a, b) : I and
70 GreatestCommonDivisorsand PrimeFactorization

a I bc , t hen a I c ,

Proof. Since G,b): 1, there are integersx and y such that ax * by : y.

Multiplying both sides of this equation by c, we have acx * bcy: c. By
Proposition1.4, a divides acx * 6cy, since this is a linear combinationof a
and bc, both of which are divisibleby a. Hencea I c. a
The following corollary of this lemma is useful.

Corollary 2.2. If p dividasap2 an wherep is a prime and c r, a2,...,on

are positive integers, then there is an integer i with I < t ( n such that p

Proof. We prove this result by induction. The case where n : I is trivial.

Assume that the result is true for n. Consider a product of n * t, integers,
ar az aral that is divisibleby the prime p. Sincep I ar az on*t:
(a1a2 an)ana1,we know from Lemma 2.3 that p I ar az en or
p I ar+r. Now, it p I ar az a' from the induction hypothesisthere is an
integer i with 1 < t ( n such Ihat p I ai. Consequentlyp I a; for some i
w i t h l < t < n * 1 . T h i s e s t a b l i s h e s t h e r e s ut rl t .
We begin the proof of the fundamental theorem of arithmetic. First, we
show that every positive integer can be written as the product of primes in at
least one way. We use proof by contradiction. Let us assume that some
positive integer cannot be written as the product of primes. Let n be the
smallest such integer (such an integer must exist from the well-ordering
property). lf n is prime, it is obviously the product of a set of primes, namely
t h e o n e p r i m e n .S o n m u s t b e c o m p o s i t Le e. t n : a b , w i t h | 1 a ( n a n d
| 1 b I n. But since a and b are smaller than n they must be the product
of primes. Then, since n : ab, we conclude that n is also a product of
primes. This contradictionshowsthat every positiveinteger can be written as
the product of primes.
We now finish the proof of the fundmental theorem of arithmetic by
showing that the factorization is unique.

Supposethat there is a positive interger that has more than one prime
factorization. Then, from the well-ordering property, we know there is a least
integer n that has at least two different factorizationsinto primes:
fl:PtPz Ps:QtQz Qt,

w h e r ep t , p 2 , . . . , p s , Q t , . . . , 4atr e a l l p r i m e s ,w i t h p r ( p z ( ( p, and
{r(42( (q'.
2.3 The Fundamental Theorem of Arithmetic 71

We will s how t ha t p t: Qr,p 2 : Q 2 ,...,a n d c o nti nueto show that each of

the successive p's and q's are equal, and that the number of prime factors in
the two factorizations must agree, that is s : /. To show that pr: Qr,
assumethat pr * qy Then, either pr ) 4r or pr 1 Qr By interchanging
the variables,if necessary, we can assumethat pr ( qr. Hence,pr 1q; for
i : 1, 2, . . . , ts inc e41 i s th e s m a l l e sot f th e q ' s . H e nce,pr tr qi for al l i . B ut,
from Corollary 2.2, we see that pr I qflz et : tt. This is a
contradiction. Hence, we can conclude that pr : Qr and
n /p r: pz pt p s : QzQ t Qt. S i n c e n l p l i s an i ntegersmal l erthan
n, and since n is the smallest positive integer with more than one prime
factorization,nfpl con be written as a product of primes in exactly one way.
Hence, each pi is equal to the correspondingq;, and s : /. This proves the
uniquenessof the prime factorization of positive integers. tr
The prime factorization of an integer is often useful. As an example, let us
find all the divisorsof an integer from its prime factorization.

Example. The positivedivisorsof 120 : 233'5 are thosepositiveintegerswith

prime power factorizationscontaining only the primes 2,3, and 5, to powers
lessthan or equal to 3, 1, and l, respectively.Thesedivisorsare
I 3 5 3'5:15
2 2 ' 3: 6 2 ' 5: 1 0 2 ' 3 ' 5: 3 0
22: 4 22.3: 12 22.5: 20 223.5: 6o
23:8 z3-3: 24 23.5: 40 23.3.s : l2o .

Another way in which we can use prime factorizations is to find greatest

common divisors. For instance,supposewe wish to find the greatest common
divisor of 720 : 2432'5and 2100 : 223'52'7. To be a commondivisor of both
720 and 2100, a positiveinteger can contain only the primes 2, 3, and 5 in its
prime-power factorization, and the power to which one of these primes appears
cannot be larger than either of the powersof that prime in the factorizations
of 720 and 2100. Consequently,to be a common divisor of 720 and 2100, a
positive integer can contain only the primes 2,3, and 5 to powers no larger
than2, l, and l, respectively.Therefore,the greatestcommon divisor of 720
a n d 2100is 22. 3. 5: 6 0 .
To describe, in general, how prime factorizations can be used to find
greatestcommondivsors,let min(a, D) denotethe smaller or minimum, of the
two numbers d and 6. Now let the prime factorizationsof a and b be

o : pi,pi2 .. . p:., b : p'r,plz.. . p:,,

where each exponent is a nonnegativeinteger and where all primes occurring

72 GreatestCommonDivisorsand PrimeFactorization

in the prime factorizationsof c and of b are included in both products,

perhapswith zero exponents. We note that

fu,b): pl'"k"0,)plinb,'b, p:'n(oro,) ,

sincefor eachprimepi, a and b shareexactlymin(a;,6;) factorsof p;.

Prime factorizationscan also be used to find the smallestinteger that is a
multiple of two positive integers. The problem of finding this integer arises
when fractions are added.

Definition. The least common multiple of two positive integersa and D is the
smallestpositiveinteger that is divisibleby a and b.

The leastcommonmultiple of a and b is denotedby Io, bl.

Example. We have the following least common multiples: ll5,2l l: 105,

lZ q, X l : 72, l Z , Z 0 l : 2 A ,a n d [7 , l l l : 7 7.
Once the prime factorizations of a and b are known, it is easy to find
I a, bl. I f a : p i ,p i , p l r. a n d ,b : p i ,pur2 .. . pun,w herept,pz,...,pn
are the primes occurring in the prime-powerfactorizationsof a and b, then
for an integer to be divisible by both c and D, it is necessarythat in the
factorization of the integer, eachp; occurs with a power at least as large as ai
and bi. Hence, [a,b], the smallestpositiveinteger divisible by both a and b
*Grb,) *Gru')
la,bl: pl Omaxb,'b,) pf

where max(x, /) denotesthe larger, or maximum, of x andy.

Finding the prime factorization of large integers is time-consuming.

Therefore, we would prefer a method for finding the least common multiple of
two integers without using the prime factorizations of these integers. We will
show that we can find the least common multiple of two positiveintegersonce
we know the greatest common divisor of these integers. The latter can be
found via the Euclideanalgorithm. First, we prove the following lemma.

Iemma 2,4. If x and y are real numbers, then max(x,y) + min(x,y)


P r o o f .I f x ) y , then min(x,y):y and max(x,!):x, so that

m a x ( x , y ) +m i n ( x , y ) : x * y . If x <y, then min(xy):x and
max(x,y): y, andagainwe findthat max(x,y)+ min(x,y) - x + y. tr
2.3 The Fundamental Theorem of Arithmetic 73

To find Ia, b l, once b, b) is known, we use the following theorem.

Theorem 2.5. lf a and b ate positive integers,then la,bl: ab/G,b),,

where Ia, b I and G, b) are the least common multiple and greatestcommon
divisor of c and b, respectively.

Proof. Let a and b have prime-power factorizations a : p\'pi' pl' and

t : pl'p!2 " ' p:', where the expnents are nonnegativeintegers and all
primes occurring in either factorization occur in both, perhaps with zero
exponents.Now let M1: max(c;, b;) and ffii -min(a1,b1). Then, we have

l a , b l b , i l : p Y ' p Y ' p { ' p T ' p T' ' 2

' pf'
: O{,+^,r{'*^' bY'*^'
: pl'+b'Oo'+b' p:'*o'
: p\'p;' pi'p"' po^'
: ab.

si n ceM i + f f ij: m ax (a y ,b j ) + m i n (a r' ,b ): a 1 * b 1 by Lemma2.4. tr

of the fundamentaltheoremof arithmetic will be

The following consequence

Lemma 2.5. Let m and n be relatively prime positive integers. Then, if d is

a positivedivisor of mn, there is a unique pair of positivedivisorsd 1 of m and
d2of n such that d : diz. Conversely,if dl and d2 are positivedivisor of z
andn, respectively, then d : dfl2is a positivedivisors of mn.

Proof. Let the prime-power factorizations of m and n be m : pT'pT'

p : ' and n: q i ' q i 2 " ' q i ' . Si n c e (m,n ) - l , the set of pri mes
p tPz,. . . , P s and t he s e t o f p ri me s Q t,4 2 ,...,4 th a ve no common el ements.
Therefore,the prime-powerfactorizationof mn is

mn: pT'pT' p!'qi'qi' q:' .

Hence,if d is a positivedivisor of mn, then

d:pi'piz "' pi'q{'qI' q{'

w h e r e0 ( e i (mi for i:1,2,...,s and 0(f (n; for 7:1,2,...,t.

Now let
74 GreatestCommonDivisorsand prime Factorization

dt : p't'ptz'


dr: q{'qI' q{' .

d : dfi2and(dr,d) : l. Thisis thedecomposition

Clearly of d wedesire.
Conversely,let dy and d2be positivedivisorsof m and n, respectively.Then

dr: p'r'ptr' p:'

wher e0 ( ei ( m i fo r i : 1 ,2 ,...,s , a n d

dr: q{'q[' q{'

where0 < /j ( n; for j : 1,2,...,t. The integer

d : dfi2: p'r'pi, . -. pi,q{,q[, q{'

is clearly a divisor of

mn: p?'pT' p!'qi'qi, ql,,

sincethe power of such prime occurring in the prime-powerfactorizationof d
is less than or equal to the power of that prime in the prime-power
factorization of mn. tr

A famous result of number theory deals with primes in arithmetic


Dirichlet's Theorem on Primes in Arithmetic Progressions. Let a and b be

relatively prime positive integers. Then the arithmetic progression
an * b, f l : 1,2 ,3 ,..., c o n ta i n si n fi n i te l ym a n y pri mes.
G. Lejeune Dirichlet, a German mathematician, proved this theorem in
1837. Since proofs of Dirichlet's Theorem are complicated and rely on
advanced techniques, we do not present a proof here. However, it is not
difficult to prove special cases of Dirichlet's theorem, as the following

Proposition 2.2. There are infinitely many primes of the form 4n * 3, where
n rs a positiveinteger.
2.3 The Fundamental Theorem of Arithmetic 75

Beforewe provethis result, we first prove a useful lemma.

Lemma 2.6. lf a and b are integers both of the form 4n * l, then the
product ab is also of this form.

Proof. Since a and b are both of the form 4n * l, there exist integers r and
s such that a : 4r * 1 and D : 4s * 1. Hence,

ab: ( + r + t ) ( 4 s + 1 ): 1 6 r s* 4 r * 4 s * l : 4 ( 4 r s + r * s ) * l,

which is again of the form 4n * 1. tr

We now provethe desiredresult.

Proof. Let us assume that there are only a finite number of primes of the
f o r m 4 n f 3 , s a yP o : 3 , P t , P 2 ,. . . ,P r . L e t

Q:4prpz P,*3.

Then, there is at least one prime in the factorizationof Q of the form 4n * 3.

Otherwise,all of these primes would be of the form 4n * 1, and by Lemma
2.6, this would imply that O would also be of this form, which is a
contradiction. However, none of the primes po, Pr,...,,Pndivides 0. The
prime 3 does not divide Q, for if 3 I Q, then I I (0-ll : 4pt pz p,,
which is a contradiction. Likewise, none of the primes p; can divide Q,
becausepj I Q impliespi | (Q-4pr pz p) :3 which is absurd. Hence,
there are infinitely many primes of the form 4n * 3. tr

If they sell 88137 worth of this camera and the discounteddollar price is an
integer, how many camerasdid they sell?

31. il show that if p isa prime and,a is a positiveintegerwithp I a2, then p I a.

b) Show that if p is a prime, c is an integer, and n is a positive integer such

t h a t p l a n , t h e np l a .

32. Show that if a and b are positive integers, then a2 | b2 implies that a I b.
3 3 . Show that if a,b, and c are positive integers with (a ,b) : I and ab : cn, then
there are positive integers d and,e such that a : dn and b : en.

34. Show that if aya2,...,an are pairwise relatively prime integers, then
l a 1 , c t 2 , . . . ,: a a
npl 2''' sn.

2.4 Factorization of Integersand the Fermat Numbers

From the fundamental theorem of arithmetic, we know that every positive
integer can be written uniquely as the product of primes. In this section,we
discussthe problem of determiningthis factorization. The most direct way to
find the factorization of the positive integer n is as follows. Recall from
Theorem 1.9 that n either is prime, or else has a prime factor not exceeding
6 . Consequently,when we divide n by the primes 2,3,5,...not exceeding
,/i,*" either find a prime factorpr of n or elsewe concludethat r is prime.
If we have located a prime factor p r of n, we next look for a prime factor of
nt: nlp1, beginningour searchwith the prime p1, since n I has no prime
factor lessthan p1, nnd any factor of n1 is also a factor of n. We continue,if
necessary,determining whether any of the primes not exceeding rlr r divide
n1. We continue in this manner, proceedingrecursively,to find the prime
factorizationof n.

Example. Let n : 42833. We note that n is not divisible by 2,3 and 5, but
that 7 | n. We have
4 2 8 3 3- 7 . 6 1 1 9 .

Trial divisions show that 6119 is not divisible by any of the primes
7,11,13,17,I9,and 23. However,we seethat

Since 29 > ,m, we know that 211 is prime. We conclude that the prime
factorizationof 42833is 42833 - 7 ' 29 ' 2ll.
Unfortunately,this method for finding the prime factorizationof an integer
is quite inefficient. To factor an integer N, it may be necessaryto perform as
many as r(JF) divisions, altogether requiring on the order of JF bit
operations,since from the prime number theorem zr(JF) is approximately
,N /tog..N : 2,N AogN, and from Theorem 1.7, thesedivisionstake at least
log N bit operations each. More efficient algorithms for factorization have
been developed, requiring fewer bit operations than the direct method of
factorization previously described. In general, these algorithms are
complicatedand rely on ideasthat we have not yet discussed.For information
about thesealgorithms we refer the reader to Guy [66] and Knuth [561. We
note that the quickest method yet devised can factor an integer N in
80 GreatestCommonDivisorsand PrimeFactorization



bit operations,where exp standsfor the exponentialfunction.

In Table 2.1, we give the time required to factor integersof various sizes
using the most efficient algorithm known, where the time for each bit
operation has been estimated as one microsecond(one microsecondis 10-6

Number of decimal digits Number of bit operations Time

50 l.4x10r0 3.9hours

75 9 . 0 xl 0 r 2 104days

100 2 . 3 xl 0 r 5 74 years

200 1.2x1023 3.8xl0e years

300 l.5xl02e years


500 l.3xl03e years

Table2.1. Time RequiredFor Factorization
of LargeIntegers.

Later on we will show that it is far easier to decide whether an integer is

prime, than it is to factor the integer. This difference is the basis of a
cyptographicsystemdiscussedin Chapter 7.
We now describea factorizationtechniquewhich is interesting,although it
is not always efficient. This technique is known as Fermat factorization and
is basedon the following lemma.

Lemma 2.7. lf n is an odd positive integer, then there is a one-to-one

correspondencebetween factorizations of n into two positive integers and
differencesof two squaresthat equal n.

Proof. Let n be an odd positive integer and let n : ab be a factorization of n

into two positive integers. Then n can be written as the differenceof two

, l o + u l ' - ll-ol - u l '
| 2 ,l t 2 )'
2.4 Factorizationof Integersand the FermatNumbers 81

where G+b)12 and b-b)/2 are both integerssincea and b are both odd.

Conversely,if n is the differenceof two squares,say n: s2 - /2, then we

can factor n by noting that n : (s-l)(s+t). tr

To carry out the method of Fermat factorization,we look for solutionsof

the equation,, : *2 - yz by searchingfor perfect squaresof the form xz - n.
Hence, to find factorizationsof n, we search for a square among the sequence
of integers

t2-n, Q+Dz-n, (t+2)2-n,...

where I is the smallest integer greater than ,/i . This procedureis guaranteed
to terminate,sincethe trivial factorizationn : n'l leadsto the equation

n: fn+rl' lr-rl'
I r l- |. , ,l
Example. We factor 6077 using the method of Fermat factorization. Since
77 < ffi1 < 78, we look for a perfect square in the sequence

7 8 2- 6 0 7 7: 7
7 9 2- 6 0 7 7: 1 6 4
8 0 2- 6 0 7 7:3 2 3
812- 6077:484:222.

Since 6077:812 - 222. we conclude that 6077: $l-2D(8t+zz) :

Unfortunately, Fermat factorization can be very inefficient. To factor n
using this technique, it may be necessary to check as many as
Q + D 12 - ,/n integers to determine whether they are perfect squares.
Fermat factorization works best when it is used to factor integers having two
factorsof similar size.
The integers Fn :22' + I are called the Fermat numbers. Fermat
conjectured that these integers are all primes. Indeed, the first few are
p r i m e s , n a m e l y F o : 3 , F 1 : 5 , F 2 : 1 7 ,F 3 : 2 5 7 , a n d F + : 6 5 5 3 7 .
Unfortunately,F5 :22'* 1 is compositeas we will now demonstrate.

Proposition 2,3. The Fermat number F5: 22'+ 1 is divisibleby 641.

Proof. We will prove that 641 | fr without actually performing the division.
Note that
82 GreatestCommonDivisorsand PrimeFactorization

6 4 1: 5 . 2 7 + l : 2 a + 54.

fil 'r'*'
Therefore,we seethat 64t I F's. tr
The followingresult is a valuableaid in the factorizationof Fermat

Proposition 2.4. Every prime divisor of the Fermat number F, :22' + | is

of the form2n+2k+ I.
The proof of Proposition2.4 is left until later. It is presentedas a problem
in Chapter 9. Here, we indicate how Proposition2.4 is useful in determining
the factorizationof Fermat numbers.

Example. From Proposition 2.4, we know that every prime divisor of

F 3: 22' + | :2 5 7 m u s t b e o f th e fo rm 2sk * l : 32.k + l . S i nce there
are no primes of this form less than or equal to ,/81, we can concludethat
Ft : 257 is prime.

Example. In attempting to factor F 6 : 22'+ l, we use Proposition2.4 to see

that all its prime factors are of the form 28k + l:256.k * l. Hence, we
need only perform trial divisionsof Foby those primes of the form 256'k + |
that do not exceed -,,/Fu. After considerablectmputation, one finds that a
pr im e div is o ri s o b ta i n e dw i th k : l 0 ? l ,i .e . Z74l i ' l : (256.10?l+ l ) I F6.

A great deal of effort has been devoted to the factorization of Fermat

numbers. As yet, no new Fermat primes have been found, and many people
believe that no additional Fermat primes exist. An interesting, but
impractical, primality test for Fermat numbers is given in Chapter 9.

It is possibleto prove that there are infinitely many primes using Fermat
numbers. We begin by showing that any two distinct Fermat numbers are
relativelyprime. The following lemma will be used.

Lemma 2.8. Let F1, :22' * I denote the kth Fermat number, where k is a
nonnegativeinteger. Then for all positiveintegersn , we have

FoFf z Fn-t: Fn - 2.
Proof. We will prove the lemma using mathematical induction. For n : 1,
the identity reads
2.4 Factorization of Integers and the Fermat Numbers 83

Fo : Fr - 2 '

This is obviouslytrue since F0 : 3 and Fr : 5. Now let us assumethat the

identity holds for the positiveinteger n, so that

FoFf z' ' ' Fn-r: F, - 2.

With this assumptionwe can easilyshow that the identity holds for the integer
n * I, since
FoFfz Fn-rFr: (FsFf2 "' Fr-)Fn
- ( F n - z ) F n : ( 2 2 '- D ( 2 2 ' + t )
- ( 2 2 ' 1 2- l - 2 2 ' * ' - 2 : F r a 1 -2. tr

This leadsto the following theorem.

Theorem 2.6. Let m and n be distinct nonnegative integers. Then the

Fermat numbersF^ and F, are relatively prime.

Proof. Let us assumethat m 1 n. From Lemma 2.8, we know that

Fffz''' F^' " F r - r: F n - 2 .

Assumethat d is a commondivisor of F* and Fo. Then, Proposition1.4 tells

u s th a t
d I G, - F s F .o
2 Fm F , -1) :2.

Hence, either d:l or d:2. However,since F, and Fn are odd, d cannot be

2. Consequently, d:l and (F^,F) : I. tr

Using Fermat numbers we can give another proof that there are infinitely
many primes. First, we note that from Lemma 1.1, every Fermat number Fn
has a prime divisor pr. Since (F*,F): l, we know that p^ # p, whenever
m # n. Hence,we can concludethat there are infinitely many primes.
The Fermat primes are also important in geometry. The proof of the
following famoustheoremmay be found in Ore [28].

Theorem 2.7. A regular polygon of n sidescan be constructedusing a ruler

a n d c om pas sif and o n l y i f n i s o f th e fo rm n :2 opl " ' pt w here p;,
i:1,2,...,t are distinct Fermat primes and a is a nonnegativeinteger.
84 GreatestCommonDivisorsand PrimeFactorization

2.5 LinearDiophantineEquations
Consider the following problem. A man wishes to purchase $510 of
travelers checks. The checks are available only in denominationsof $20 and
$50. How many of each denominationshould he buy? If we let x denotethe
number of $20 checks and y the number of $50 checks that he should buy,
then the equation 20x * 50y : 510 must be satisfied. To solvethis problem,
we need to find all solutions of this equation, where both x and y are
A related problem arises when a woman wishes to mail a package. The
postal clerk determinesthe cost of postageto be 83 cents but only 6-cent and
15-centstampsare available. Can some combinationof thesestampsbe used
to mail the package? To answer this, we first let x denote the number of 6-
cent stampsand y the number of l5-cent stamps to be used. Then we must
have 6x + I5y : 83, where both x and y are nonnegativeintegers.
When we require that solutionsof a particular equationcome from the set
of integers,we have a diophantine equation. Diophantineequationsget their
name from the ancient Greek mathematician Diophantus, who wrote
extensivelyon such equations. The type of diophantine equation ax * by : c,
where a, b, and c are integersis called a linear diophanttne equations in two
variables. We now develop the theory for solving such equations. The
following theorem tells us when such an equation has solutions,and when
there are solutions,explicitly describesthem.

Theorem 2.8. Let a and D be positiveintegerswith d : (a,b). The equation

ax*by:c h a s n o i n t e g r a ls o l u t i o n si f d l c . lf dlc, then thereare
infinitely many integral solutions. Moveover, if x : x0, | - lo is a particular
solutionof the equation,then all solutionsare given by
x : xo+ (b/d)n, ! : yo- fuld)n,
2.5 LinearDiophantine 87

where n is an integer.

Proof. Assumethat x and y are integerssuch that ax I by : g. Then, since

dlo andd lb,byPropositio1 n . 4 ,d l t a s w e l l . H e n c e , ' rdf t r c , t h e r e a r e
no integral solutionsof the equation.
Now assumethat d | ,. From Theorem2.1, there are integerss and t with
(2.3) d:as+bt.

Sinced l r, there is an integere with de : c. Multiplying both sidesof (2.3)

bv e. we have
c:de:(as+bt)e:a(se) + bQe).

Hence, one solution of the equation is given by @Io,.wlere

-x0-'Ftf11*}f =7. X * S rtacl I --te

To show that there are infinitely many solutions,let x:nfo+ $liln and
y:Y0 - G / d) n, wh e re n i s a n i n te g e r. W e s e e that thi s pai r (x,y) i s a
solution, since V rfi"v g rof14
ax t by : oxs* a(bld)n * byo- bGld)il: oxst bys: c.

We now show that every solutionof the equationax * by : c must be of the

form described in the theorern. Suppose that x and y are integers with
ax I bY : c. Since
a x s* b y o : , ,

by subtractionwe find that

G x * b y ) - ( a x s + b y s ): 0 ,

which impliesthat
a& - x/ + bU -.yd :0.


a(x - xo): bjo- y).

Dividingboth sidesof this last equalityby d, we seethat

G l d ) (x - x s ) : (b l d ) U t - y).

By Proposition
2.1, we know that bld,bld): l. Using Lemma 2.3, it
88 GreatestCommonDivisorsand prime Factorization

follows that Q/d) | 9o- y). Hence, there is an integer n with

G/d)n:lo-l; t h i s m e a n st h a t y - l o - G / i l n . N o w p u t t i n gt h i s v a l u e
of y int o th e e q u a ti o n a (x - x d : bOo- y), w e fi nd that
aG - x d : b b /d )n , w h i c h i mp l i e sth a t x : x0 + (bl d)n. D

We now demonstratehow Theorem 2.8 is used to find the solutions of

particular linear diophantineequationsin two variables.

Consider the problems of finding all the integral solutions of the two
diophantine equationsdescribedat the beginning of this section. We first
considerthe equation6x + I5y : 83. The greatestcommon divisor of 6 and
15 is (6,15) : 3. Since I / gl, we know that there are no integral solutions.
Hence,no combinationof 6- and l5-cent stampsgivesthe correct postage.

Next, consider the equation 20x t 50y :519. The greatest common
divisor of 20 and 50 is (20,50): 10, and since l0 | 510, there are infinitely
many integral solutions. Using the Euclidean algorithm, wo find that
20eD * 50 : 10. Multiplying both sides by 51, we obtain
20(-102) + 50(51) : 510. Hence, a particular solution is given by
x 0: - 102 an d ./o :5 1 . T h e o re m2 .8 te l l s u s that al l i ntegralsol uti onsare
of the form x : -102 * 5n and y : 5l - 2n. Since we want both x and y
to be nonnegative,we must have - I02 + 5n ) 0 and 5l - 2n ) 0; thus,
n ) 20 2/5 and n 4 25 l/2. Since n is an integer, it follows that
n : 2 1 , 2 2 , 2 3 , 2 4 , o r 2 5 . H e n c e ,w e h a v et h e f o l l o w i n g5 s o l u t i o n sG: y ) :
( 3 , 9 ) ,( 8 , 7 ) ,( 1 3 , 5 ) ,( 1 9 , 3 ) ,a n d ( 2 3 , t ) .

3.1 Introduction to Congruences

The special language of congruencesthat we introduce in this chapter is
extremely useful in number theory. This language of congruences was
developedat the beginning of the nineteenthcentury by Gauss.

Definition. lf a and b are integers, we say that a is congruent to b modulo

mif m l(a-b).
I f a i s c o n g r u e n t t o Dm o d u l om , w e w r i t e a = b ( m o d z ) . l f m I G - b ) ,
we write a # b (mod m), and say that a and b are incongruent modulo m.

Example. We have 22 = 4 (mod 9), since 9 | QZ-D : 18. Likewise

3 = -6 (mod 9) and 200 = 2 (mod 9).
Congruencesoften arise in everyday life. For instance, clocks work either
modulo 12 or 24 for hours, and modulo 60 for minutes and seconds.calendars
work modulo 7 for days of the week and modulo 12 for months. Utility
meters often operate modulo 1000, and odometers usually work modulo
In working with congruences, it is often useful to translate them into
equalities. To do this, the following proposition is needed.

Proposition 3.1. If a and b are integers,then a = b (mod m) if and only if

there is an integer k such that a : b * km.
92 Congruences

Proof. If a:- b (mod m), then m I b-b). This means that there is an
integer k with km : a - b, so that A : b * km.

Conversely,if there is an integer /< with a : b * km, then km : a - b.

Hence m I G-b), and consequently,a = b (mod rn ). tr

Example. We have 19 : -2 (mod 7) and 19 : -2 + 3'7.

The following proposition establishes some important properties of


Proposition 3.2. Let m be a positive integer. Congruencesmodulo rn satisfy

the following properties:
(i) Reflexive property. If a is an integer, then a = a (mod m).
(ii) Symmetric property. If a and b are integers such that
a = b (m o d m),th e n b = a (mo d rn ).
(iii) Transitive property. If e, b, and c are integers with
a = b (m o d m ) a n d b :- c (m o d m),then a 4 c (mod m ).

( i) W e s e e th a t a = a (mo d m ), s i n c em I G-a) :0.

(iil If a: b ( m o d m ) , t h e n m I Q - b ) . H e n c e ,t h e r ei s a n i n t e g e rf t
w i t h k m : a - b . T h i s s h o w st h a t ( - k ) m : b - a. so that
m | (b -d . C o n s e q u e n tl yD, = a (mod m).
(iii) If a = b (mod rz) and b =c (mod la), then m I G-b) and
m | (b -d . H e n c e , th e re a re i n te gersk and 0 w i th km: a - b
and Qm : b - c . T h e re fo re , e - c : (a-D ) + (b-c) :
k m * Qm : (k + D m. C o n s e quentl y, m I G-d and
a ? c (m o d z ). tr

From Proposition 3.2, we see that the set of integers is divided into m
different sets called congruenceclasses modulo m, each containing integers
which are mutually congruent modulo m.

Example. The four congruenceclassesmodulo 4 are given by

3.1 Introductionto Congruences 93

Let a be an integer. Given the positive integer m, m ) l, by the division

algorithm, we have a : bm * r where 0 ( r ( ru - 1. From the equation
a: bm f r, we see that a 3 r (mod z). Hence, every integer is congruent
modulo m to one of the integers of the set 0, 1,...,m - l, namely the
remainderwhen it is dividedby m. Since no two of the integers0, 1,...,m - |
are congruent modulo m, we have m integers such that every integer is
congruent to exactly one of these ln integers.

Definition. A complete system of residues modulo m is a set of integers

such that every integer is congruent modulo m to exactly one integer of the

Example. The division algorithm shows that the set of integers

0, 1,2,...,m- | is a completesystemof residues
modulorn. This is called the
set of least residues
nonnegative modulo m.

Example. Let m be an odd positive integer. Then the set of integers

_ m-l ,, r . . . tm -3 m-l

is a complete system of residues called the set of absolute least residues

modula m.
We will often do arithmetic with congruences. Congruenceshave many of
the same properties that equalities do. First, we show that an addition,
subtraction, or multiplication to both sides of a congruence preserves the

Theorem 3.1. If a, b, c, and m are integers with m ) 0 such that

a = b (mod m ). then
(il a*c=b+c(modm),
(iD e - c -- S - c (modz).
(iiD ac bc (mo d m ).

Proof. Sincea = b (mod m), we know that m I G-b). From the identity
G + d - ( b + d - a - b , w e s e em l l f u + d - $ + c ) 1 , s o t h a t ( i ) f o l l o w s .
Likewise,(ii) followsfrom the fact that fu-c) - (b-c): a - b. To show
that (iiD holds,note that ac - bc : cG-D. Sincem I Q-b), it follows
that m I cb-b), and hence,ac = bc (modm). tr

Example. Since l9 3 (mod 8), it follows from Theorem 3.1 that

94 C ongruences

26: 19+7 = 3 +7 : l0 (mod8), 15: 19 -4: 3- 4: -l (mod8),

and 38 : l9'2 = 3'2: 6 (mod8).

What happens when both sides of a congruenceare divided by an integer?

Consider the following example.

E x a m p l e .W e h a v e 1 4 : 7 . 2 : 4 . 2 : 8 ( m o d6 ) . B u t 7 * 4 ( m o d6 ) .

This example shows that it is not necessarily true that we preserve a

congruencewhen we divide both sides by an integer. However, the following
theorem gives a valid congruencewhen both sides of a congruenceare divided
by the same integer.

Theorem 3.2. If a, b, c and m are integers such that m > 0, d : (c,m),

and ac = bc (mod z), then a :- b (mod m/d).

Pro of . lf ac = bc (mo d m),w e k n o w th a t m I Gc-bc): c(a-b). H ence,

there is an integer k with cb-b): km. By dividing both sides by d, we
have G /il G-b) : k fu /d). Since (m /d ,c/d) : 1, from Proposition2.1 it
follows that m/d I Q-b). Hence, a :- b (mod m/il. a

Example. Since 50 = 20 (mod 15) and (10,5) : 5, we see that

5 0 /10 : 20/ 10 ( mo d l 5 /i l , o r 5 = 2 (m o d 3 ).
The following corollary, which is a special case of Theorem 3.2, is used

C o rollar y 3. 1. I f a ,b ,c , a n d m a re i n te g e rssuch that m 7 0, (c,m) : 1,

and ac = bc (mod la), then a = b (mod llz).

Example. Since 42 = 7 (mod 5) and (5,7) = 1, we can conclude that

4 2 /7 : 7/ 7 ( m od 5 ), o r th a t 6 : I (m o d 5 ).
The following theorem, which is more general than Theorem 3.1, is also

Theorem 3.3. If e, b, c, d, and m are integers such that m ) 0,

a = b (mod nc), and c = d (mod rn ), then
(i) a * c = b + d (modm),
( ii) a - c fi - d (mo d m),
( iii) ac ? b d (mo d m).

Proof. Since a = b (mod m) and c = d (mod m), weknow that m I G-U)

3.1 Introductionto Congruences 95

andmlk-d). H e n c e ,t h e r e a r e i n t e g e r sk a n d . 0 w i t h k m : a - b and
Qm: c - d.
T o p r o v e( i ) , n o t et h a t ( c + c ) - ( b + d ) : f u - b ) + k - d ) : km * Qm:
(k+Dm. Hence, m ll,(a+c) - ( U + a ) | . T h e r e f o r e , Q * c = b *
d ( m o d m).
- Qm :
To pr ov e ( ii) , not e th a t (a -c ) - O -d ) : b -b ) - k-d) : km
- - - ( m o d
&-Dm. H e n c e ,m l t G - c ) - $ - i l 1 , s ot h a t a c $ d m)'

To prove (iii), note that ac - bd :ac - bc* bc - bd :

cG-b) + OG-d): ckm t bQm: mkk+bD. Hence, m I Qc - bil.
Therefore,ac = bd (mod m). tr

Exa mp le. S inc e 13 = 8 (mo d 5 ) a n d 7 = 2 (mo d 5), usi ng Theorem 3.3 w e

:8+2:-0 (mod5), 6:13-7 -8-7=I
see that 2O-13+7
( m o d 5 ) , a n d 9 l : l 3 ' 7 : 8 ' 2 : 1 6 ( m o d5 ) .

Theorem 3.4. If r612,,...,r^is a completesystemof residuesmodulo m, and if

a is a fositive integer with (a ,fti) : 1, then
ar1 t b, ar2 * b,..., ar^ * b

is a completesystemof residuesmodulo z.

Proof. First, we show that no two of the integers

a r 1 * b , a r 2 * b , . . . ,a r ^ * b

are congruent mod ulo m. To see this, note that if

ari*b=arr *b (modz),

then, from (ii) of Theorem 3.1, we know that

ari = ar1, (mod m) '

Because(a,m) : 1, Corollary 3.1 showsthat

rj : rp (mod m) .

Since ,i # rp (mod m) if i # k, we concludethat i : k.

Since the set of integers in question consists of m incongruent integers
modulo m, theseintegers must be a complete system of residuesmodulo ru. tr
96 Congruences

The following theorem shows that a congruenceis preservedwhen both sides

are raised to the same positive integral power.

Theorem 3.5. rf a, b, k, and m are integers such that k 7 0, m ) 0, and

a = b (mod m), then ak = bk (mod m) .

Proof. Becausea = b (mod m), we have ml? - b). Since

ak - bk : (a-b) (ak-t+ak-zb+ . . . *abk-216k-11,

we see that G - DlGk - bk). Therefore, from Proposition1.2 it follows

that mlGk - Uk). Hence, ek : bk (mod m). tr

Example. Since 7 = 2 (mod 5), Theorem 3.5 tells us that 343 : 73

= 23 = 8 ( m od 5 ).

The following result shows how to combine congruencesof two numbers to

different moduli.

T h e o r e m3 . 6 . l f a : b ( m o d m y ) , a = b ( m o d f f i z ) , . . . a, = b ( m o d m 1 , )
where a,b,ml, frt2,...,t/t1, a;fointegerswith mt,frl2 ,...,t/r1positive,then
a = b (mod lmpm2,...,mpl),

where Lm1,m2,...,rup1
is the leastcommon multiple of mr,rrr2,...,t/tk.

P r o o f . S i n c ea = b ( m o d z l ) , a : - b ( m o df f i z ) , . . .a, = b ( m o dm t ) , w e
know that m, | ( o - D,mzl G - b ) , . . . ,m * I G - D . From problem20 of
Section2.3, we seethat

[ , m 1 , m 2 , . . . , m *Q] l - b ) .


a = b ( m o d L m 1 , m 2 , . . . , m * l )E.

An immediate and useful consequenceof this theorem is the following


C o r o l l a r y3 . 2 . l f a : D (modz1), a=b ( m o df f i z ) , . . . ,a = b (modz1)

where a and b are integers and ftt1,r/t2,...,,r,rt1,are relatively prinie positive

a = b (modn4rtltz." m).
3 .1 In t r oduc t ion t o C o n g ru e n c e s

zfa pairwise relatively prime, problem 34 of Section

Proof. Since ffi1,ftt2,...,t?11,
2.3 tells us that

l m 1 , m 2 , . . . , m k: l f t l i l l 2 ' ' ' mk

Hence,from Theorem 3.6 we know that

a :- b (m o d w tfl tz ' ' ' m). a

In our subsequentstudies, we will be working with congruencesinvolving

large powers of integers. For example,we will want to find the least positive
residue o1 26+amodulo 645. If we attempt to find this least positive residueby
first computing 2644,wewould have an integer with 194 decimal digits, a most
undesirable thought. Instead, to find 26aamodulo 645 we first express the
exponent644 in binary notation:
G4qro: (lolooooloo)2.

Next, we compute the least positive residues of 2,22,24,28 ,...,2tt' by

successively and reducing modulo 645. This gives us the congruences

2 2 (mod 645),
22 4 (mod645),
2+ 16 (mod649,
28 256 (mod 645),
216 391 (mod 645),
232 16 (mod 645),
264 256 (mod645),
2128 391 (mod 645),
22s6 l6 (mod649,
2srz 256 (mod 64il.

We can now compute 2644modulo 645 by multiplying the least positive

residuesof the appropriatepowersof 2. This gives
26aa- 2512+128+4
: 2512212824
= 256.391.16

We have just illustrated a general procedure for modular exponentiation,

that is, for computing 6N modulo m where b, ffi, and N are positive integers.
We first expressthe exponentN in binary notation, as l{ : (arar-t...apo)2.
We then find the least positive residues of b ,b2,b4,...,b2'modulo rn, by
successively squaring and reducing modulo rn. Finally, we multiply the least
positive residuesmodulo m of bv for those j with ai : l, reducing modulo rn
after each multiplication.
98 Congruences

In our subsequentdiscussions,we will need an estimate for the number of

bit operations needed for modular exponentiation. This is provided by the
following proposition.

Proposition 3.3. Let b,m, and ,A/ be positive integerswithD < m.

Then the least positive residue of bN modulo m can be computed using
O (0og2m)2log2N)bit operations.

Proof. To find the least positive residue of bN (mod rn), we can use the
algorithm just described. First, we find the least positive residues of
b,b2,b4,...,62'modulom, where 2k < N < 2k*t, by successively squaring and
reducing modulo ru. This requiresa total of O(0og2m)2log2N) bit operations,
becausewe perform [log2lf I squarings modulo m, each requiring o(Iogzm)2)
bit operations. Next, we multiply together the least positive residues of the
integers bl correspondingto the binary digits of N which are equal to one,
and we reduce modulo m after each multiplication. This also requires
O(Qog2m)2log2,n/) bit operations, because there are at most log2N
multiplications, each requiring O((log2m)2) Uit operations. Therefore, a total
of O((log2m)2log2lf) bit operationsare needed. tr

3.2 Linear Congruences

A congruenceof the form
ax = b (mod m)'

where x is an unknown integer, is called a linear congruencein one variable.

In this section we will see that the study of such congruencesis similar to the
study of linear diophantine equationsin two variables.
We first note that if x : xo is a solution of the congruence
ax 7 b (modm), and if x1 : r0 (mod m), then ax13 axs- b (modz),
so that x 1 is also a solution. Hence, if one member of a congruence class
modulo m is a solution, then all members of this class are solutions.
Therefore, we'may ask how many of the m congruenceclassesmodulo m give
solutions; this is exactly the same as asking how many incongruent solutions
there are modulo m. The following theorem tells us when a linear congruence
in one variable has solutions, and if it does, tells exactly how many
incongruent solutionsthere are modulo m.

Theorem 3.7. Let a, b, and m be integers with ru ) 0 and (a,m) : d. lf

d I b, then ax j D (mod rn ) has no solutions. If d I b, then
ax 7 b (mod rn ) has exactly d incongruent solutionsmodulo z .
3.2 LinearGongruences 103

Proof. From Proposition 3.1, the linear congruence ax 7 b (mod m) is

equivalent to the linear diophantine equation in two variables ax - m! : b.
The integer x is a solution of ax 7 b (mod m) if and only if there is an
integer y with ax - my : b. From Theorem 2.8, we know that if d tr b,
there are no solutions, while if d I b, ax - my : b has infinitely many
solutions,given by
x : ro * (m/d)t,l : lo+ b/d)t,

where x : xo and y : !0 is a particular solution of the equation. The values

of x given above,

are the solutionsof the linear congruence;there are infinitely many of these.

To determine how many incongruent solutions there are, we find the

condition that describeswhen two of the solutions xl : x0 + (m/d)tt and
x2: xo * (mld)tz are congruent modulo m. If these two solutions are
cbngruent, then
r o * fu /d )tr z x o * fu /d )t2 ( mod m).

Subtracting xo from both sidesof this congruence,we find that

fu/d)tr j @/d)t2 (modm).

Now (m,m/d) : m/d since@/d) | z, so that by tt ,ry*"seethat

t r z 1 2( m o d d ) . A=h
This shows that a complete set of incongruent solutions is obtained by taking
x: xo+ (m/d)t, where / ranges through a complete system of residues
modulo d. One such set is given by x : xo + @/d)t where
/ : 0,1,2,...,d l. n
We now illustrate the use of Theorem

Example. To find allsolutions of 9x = 12 (mod l5), we first note that since

(9,tS) :3 and I l{hnere are exactly three incongruent solutions. We can
find these solutions by first finding a particular solution and then adding the
appropriatemultiples of l5/3 : 5.
To find a particular solution, we consider the linear diophantine equation
9x - l5y : 12. The Euclidean algorithm showsthat
A C,q,
r "v
104 Congruences

1 5: 9 ' l + 6
9 :6'1 + 3
/' \ n 6:3'2,
0.t5)- ,))
s o t h a # s 9 : ' e . l : 9 - ( t S - q . D : 9 - 2 - 1 5 . H e n c e9 . 8 - 1 5 . 4 : 1 2 , a n d
a particular solutionof 9x - l5y : 12 is given by : 8 and lo : 4.
From the proof of Theorem 3.7, we see that a complete set of 3 incongruent
solutionsis given by t : x0 = 8 (mod l5), x : x0 + 5 = 13 (mod l5), and
x : x o + 5 ' 2 : 1 8 = 3 ( m o dl 5 ) .
We now consider congruencesof the special form ax ? I (mod la). From
Theorem 3.7, there is a solution to this congruenceif and only if (a,m): l,
and then all solutions are congruent modulo rn. Given an integer a with
(a,m) : l, a solution of ax 7 I (mod lz) is called an inverse of
a m odulo m . / \
73 )ly =\ lF ai= F7 r3 ?- 2.5.I i =7- L{a,-'}'f.?{ ti'L
Example. Since the solutionsof 7x = I (mod 31) satisfy x = 9 (mod 3l),9,
and all integers congruent to 9 modulo 31, are inverses of 7 modulo 31.
Analogously, since 9'7 = I (mod 3l) , 7 is an inverseof 9 modulo 31.

When we have an inverse of a modulo z, we can use it to solve any

congruenceof the form ax 2 b (mod m). To see this, let a be an inverse of
a modulo m , so that aa: I (mod rn ). Then, if ax = D (mod m), we can
multiply both sides of this congruence by a to find that
a Gx) : ab (mod rn ), so that x [[ (mod ln ) .

Exa m ple. T o f ind th e s o l u ti o n so f 7 x :2 2 (m o d 31), w e mul ti pl y both si des

of this congruence by 9,, an inverse of 7 modulo 31, to obtain
9 -7 x = 9- 22 ( m od 3 1 ). H e n c e ,x = 1 9 8 : 1 2 (mod 31).
We note here that if (a ,m) : l, then the linear congruence
ax j b (mod m) has a unique solution modulo rn.

Example. To find all solutions of 7x = 4 (mod l2), we note that since

0,t2): l, there is a unique solution modulo 12. To find this, we need only
obtain a solution of the linear diophantine equation 7x - l2y :4. The
Euclidean algorithm gives
12:7' l + 5
2 : 1 . 2.

Hence [ : 5 - 2 . 2 : 5 - 0 - 5 . 1 ) . 2: 5 . 3- 2 . 7 : ( 1 2 - 7 . 1 :) 3 - 2 . 7-
3 .2 Linear Congr u e n c e s 105

12.3 - 5.7. Therefore,a particular solution to the linear diophantineequation

is xs : -20 and ys : 12. Hence, all solutionsof the linear congruencesare
given by x = -20 = 4 (mod 12).

Later otr, we will want to know which integers are their own inverses
modulo p where p is prime. The following propositiontells us which integers
have this property.

Proposition 3.4. Let p be prime. The positive integer a is its own inverse
mo d ulop if and on l y i f a = | (m o d p ) o r e : -l (mod p).

Proof. lf a :l(modp) or a : -l(modp), then a2 = l(modp), so that a

is its own inversemodulo p.

C o n v e r s e l yi ,f a i s i t s o w n i n v e r s em o d u l op , t h e n a 2 : a ' o : I (modp).
Hence, p I Gz-t). Since a2 l: - ( a - l ) ( a + l ) , either p I G-l) or
p I G + t ) . T h e r e f o r ee, i t h e ra = I ( m o dp ) o r q : - - 1 ( m o d p ) . E

3.3 The ChineseRemainderTheorem

In this sectionand in the one following, we discusssystemsof simultaneous
congruences. We will study two types of such systems. In the first type, there
are two or more linear congruencesin one variable, with different moduli
(moduli is the plural of modulus). The secondtype consistsof more than one
simultaneouscongruencein more than one variable, where all congruences
have the same modulus.
First, we considersystemsof congruencesthat involveonly one variable, but
different moduli. Such systemsarose in ancient Chinese puzzlessuch as the
following: Find a number that leavesa remainder of I when divided by 3, a
remainder of 2 when divided by 5, and a remainder of 3 when divided by 7.
This puzzle leadsto the following systemof congruences:
I (m o d 3 ). x 2 (mod5), x 3 (mod 7)

We now give a method for finding all solutions of systems of simultaneous

congruencessuch as this. The theory behind the solution of systemsof this
type is provided by the following theorem, which derives its name from the
ancient Chineseheritageof the problem.

The Chinese Remainder Theorem. Let rlt1,r/t2,...,trtrbe pairwise relatively

prime positiveintegers. Then the systemof congruence
x a 1 ( m o dz 1 ) ,
x a2(mod,m2),


has a unique solution modulo M - tltfitz

108 Congruences

Proof. First, we construct a simultaneous solution to the system of

congruences. To do this, let Mk : M/mt : fttlll2. . . tytk_rntk+l . mr.
we know that (Mr, mt) : I from problem 8 of Section2.1, since
(mi, mp) : I wheneveri I k. Hence, from Theorem 3.'7, we can find an
inverse ./r of M1 modulo mp, so that Mt lr, = I (mod mt). We now form
the sum

x : atM01* a2M21,t2* * arMry,

The integer x is a simultaneous solution of the r congruences. To

demonstrate this, we must show that x ? ar, (mod m1) for k : 1,2,...,r.
since mt I Mi wheneverj * k, we have Mj :0 (mod nzp). Therefore, in
the sum for x, all terms except the kth term are congruent to 0 (mod m).
Hence, x ? etM*lr: ak (mod m*), sinceM*t = I (mod m).
We now show that any two solutions are congruent modulo M. Let xs and
x 1 both be simultaneoussolutions to the system of r congruences. Then, for
each k, x0 E xr E ar (mod m*), so that mr | (xo-x). Using Theorem 3.7,
we see that M l(xe-x1). Therefore,x0 E x1 (mod M). This shows that the
simultaneoussolution of the system of r congruencesis unique modulo M. tr
We illustrate the use of the Chinese remainder theorem by solving the
system that arises from the ancient Chinese puzzle.

Example. To solve the system

x = I (mod3)
x = 3 (mod 7),

w e h a v e M - 3 . 5 . 7: 1 0 5 , M r : 1 0 5 / 3 : 3 5 , M z : I A 5 / 5: 2 1 , a n d
Mt: 105/ 7 : 1 5 . T o d e te rm i n e !r, w e sol ve 35yr= I (mod 3), or
equiv alent ly , 2y r = I (m o d 3 ). T h i s y i e l d sj zr E 2 (mod 3). W e fi nd yzby
solving 2lyz: I (mod 5); this immediately gives lz = I (mod 5). Finally,
wef ind y t by s o l v i n g r5 y t= 1 (m o d 7 ). T h i sgi ves/r E I (mod 7). H ence,

x E l ' 3 5 ' 2+ 2 . 2 1 . +
1 3.15.1
157= 52 (mod105).

There is also an iterative method for solving simultaneous systems of

congruences. We illustrate this method with an example. Supposewe wish to
solve the system
3 .3 T he Chines e R e ma i n d e r T h e o re m

x=l(mod s)
x = 2 ( m o d6)
x = 3 ( m o d7 ) .

We use Proposition 3.1 to rewrite the first congruenceas an equality, namely

x : 5t * l, where / is an integer. Inserting this expressionfor x into the
second congruence, we find that

which can easily be solved to show that / : 5 (mod 6) Using Proposition

3.1 again, we write t : 6u * 5 where u is an integer. Hence,
x :5(6rz+5) * I : 30u 126. When we insert this expressionfor x into the
third congruence,we obtain
30u t 26 = 3 (mod 7).

When this congruenceis solved, we find that u : 6 (mod 7). Consequently,

Proposition3.1 tells us thatu -7v * 6, where v is an integer. Hence,
x : 3 0 (7 v + 6 ) + 2 6 :2 1 0 v + 206.

Translating this equality into a congruence,we find that

x : 2O6 (mod 210),

and this is the simultaneoussolution.

Note that the method we have just illustrated shows that a system of
simultaneous questions can be solved by successively solving linear
congruences. This can be done even when the moduli of the congruencesare
not relatively prime as long as congruencesare consistent. (See problems 7-10
at the end of this section.)
The Chinese remainder theorem provides a way to perform computer
arithmetic with large integers. To store very large integers and do arithmetic
with them requires special techniques. The Chinese remainder theorem tells
us that given pairwise relatively prime moduli r/t1,r/12,...,ffi,, a positive integer
n with n < M : rltiltz' ' ' mr is uniquely determined by its least positive
residuesmoduli mi for j : 1,2,...,r. Supposethat the word size of a computer
is only 100, but that we wish to do arithmetic with integers as large as 106.
First, we find pairwise relatively prime integers less than 100 with a product
exceeding 1 0 6 ; f o r i n s t a n c e w
, e c an take mt:99, r/t2:98, m3:97, and
mq: 95. We convert integers less than 106 into 4-tuples consistingof their
least positive residues modulo mt, ffi2, n43, a;fidfti4. (To convert integers as
110 Congruences

large as 106 into their list of least positive residues,we need to work with large
integers using multiprecision techniques. However, this is done only once for
each integer in the input and once for the output.) Then, for instance,to add
integers, we simply add their respective least positive residues modulo
tntt, t/t2, rn3, ?,fid ftr4, rrrzking use of the fact that if x = xi (mod m) and
: xi * y; (mod m). We then use the Chinese
! = li (mod m), then x * y
remainder theorem to convert the set of four least positive residuesfor the sum
back to an integer.

The following example illustrates this technique.

Example. We wish to add x : 123684 and y : 413456 on a computer of

word size 100. We have

x = 33 (mod99), y = 32 (mod99),
x?8(mod98), y = 92 (mod98),
x:9(mod97), y : 42 (mod97),
x = 89 (mod95). y = 1 6 ( m o d9 5 ) ,

so that

x + Y = 51 (mod 97)

We now use the Chinese remainder theorem to find x * y modulo

9 9 ' 9 8 ' 9 7 ' 9 5 .W e h a v e M : 9 9 ' 9 8 . 9 7 . 9 5 : 8 9 4 0 3 9 3 0 M
, r: M/99:903070,
Mz: Ml98:912288, Mt: Ml97:921690, and Mq: Ml95:941094.
We need to find the inverse of Mi (mod /i) for i : 1,2,3,4. To do this, we
solve the following congruences(using the Euclidean algorithm):
- (mod 99),
t = 9ly r
9O307Oy 1
912285y2: 3yz: I (mod98),
921690y3 : 93y3 = I (mod 97),
941094ya = 24yq = I (mod 95).

We find that yr:37 (mod 99), yz = 38 (mod 98), /r -- 24 (mod 97), and
!+= 4 ( m o d 95). Hence,

x * y = 65'903070'37+ 2'912285'33+51'921690'24+ l0'941094'4

: 3397886480
= 53 7 1 4 0(m o d 3 9 4 0 3 9 3 0 ).

Since 0 ( x * y < 89403930,we concludethat x + y : 537140.

3 .3 Th e Chines e Rem a i n d e r T h e o re m 111

On most computersthe word size is a large power of 2, with 235a common

value. Hence, to use modular arithmetic and the Chineseremainder theorem
to do computer arithmetic, we need integers less than 235 that are pairwise
relatively prime which multiply together to give a large integer. To find such
integers,we use numbers of the form 2m - l, where m is a positive integer.
Computer arithmetic with these numbersturns out to be relatively simple (see
Knuth t57l). To produce a set of pairwise relatively prime numbers of this
form, we first prove somelemmata.

Lemma 3.1. If a and b are positive integers,then the least positive residueof
Za - I modulo 2b - I is 2' - 1, where r is the least positive residue of a
mo d u l o b.

Proof. From the division algorithm, c : bq * r where r is the least pos'itive

residue of a modulo b. We have (2o-l) : 12b++r-1) :
(Zb_DebQ-t)+r a + 2b+,+2,)+ ( 2 , - l ) , w h i c h s h o w s that the
- I is divided by 2b - I is 2' - l; this is the least positive
remainderwhen 2a
residue of 2o - 1 modulo 26 - 1. D

We u s e Lem m a 3. 1 t o Pro v ethe following result.

Lemma 3.2. lf a and b are positive integers, then the greatest common
divisor of 2o - 1 and 2' - 1 is 2 k , b )- 1 .

Proof. When we perform the Euclidean algorithm with a : ro and b - we

f g : rtQt * rZ
f 1 : r2Q2-t r3

: ln-2Qn-2*

where the last remainder, is the greatestcommon divisor of a and b.

Using Lenrma 3.1. and the steps of the Euclidean algorithm with a : rs
and b : , r, when we perform the Euclidean algorithm on the pair
2 a - I : Ro and2b - I : R 1 , w o b ta i n
112 Congruences

Rs :RrQr*Rz R2 :2"-|
R1 :RzQz*R:
R3 :2"-\

Rn-r : Rn-zQn-z* --,'-r

Rn-l ^
Rn-t : 2r'-t-1
Rn-z: Rn-tQn-t.

Here the last non-zeroremainder,Rn-l : )r'-r - I : 2G'b)- l, is the greatest

common divisor of Ro and R1. tr

From Lemma 3.2, we have the following proposition.

Proposition 3.5. The positive integers 2a - 1 and 2b - I are relatively prime

if and only if a and b are relatively prime.

We can now use Proposition 3.5 to produce a set of pairwise relatively prime
integers, each of which is less than 235,with product greater than a specified
integer. Supposethat we wish to do arithmetic with integers as large as 2186.
We p:gk lfir:2t5 - I, tltz:zto - l, t/t3:233 - l, t7t4- ztt - l,
tns: 22e- l, and r/t6:22s - l. Since the exponentsof 2 in the expressions
for the mi are relatively prime, by Proposition 3.5 the M
i's are pairwise
relatively prime. Also, we have M : H!fl2nt3n4qrflsftio2 2t86. we can now
use modular arithmetic and the Chinese remainder theorem to perform
arithmetic with integersas large as 2186.
Although it is somewhat awkward to do computer operations with large
integers using modular arithmetic and the Chinese remainder theorem, there
are some definite advantages to this approach. First, on many high-speed
computers, operations can be performed simultaneously. So, reducing an
operation involving two large integers to a set of operations involving smaller
integers, namely the least positive residuesof the large integers with respectto
the various moduli, leads to simultaneous computations which may be
performed more rapidly than one operation with large integers. Second, even
without taking into account the advantages of simultaneous computations,
multiplication of large integers may be done faster using these ideas than with
many other multiprecision methods. The interested reader should consult
K nut h t 561.
3 .3 The Chines e Re ma i n d e r T h e o re m 113

3.4 Systemsof Linear Congruences

We will considersystemsof more than one congruenceinvolving the same
number of unknowns as congruences,where all congruenceshave the same
modulus. We begin our study with an example.

Suppose we wish to find all integers x and y such that both of the
3x * 4y :5 (mod13)
2x t 5y = 7 (mod 13)

are satisfied. To attempt to find the unknownsx and |, we multiply the first
congruenceby 5 and the secondby 4, to obtain

I 5x * 20y = 25 (mod 13)

8x * 20y :- 28 (mod 13).

We subtractthe first congruence

from the second,to find that

7x = -3 (mod l3).

Since 2 is an inverse of 7 (mod 13), we multiply both sides of the above

congruencesby 2. This gives

2'7 x : -2'3 (mod 13),

which tells us that

x = 7 (modl3).

Likewise, we can multiply the first congruenceby 2 and the secondby 3, to

3 .4 Sy s t em s of Line a r C o n g ru e n c e s 117

6x * 8y = l0 (mod 13)
6x * l5y 2l (modl3).

we obtain
from the second,
Whenwe subtractthe first congruence

7y = 11 (mod13).

To solve for y, we multiply both sidesof this congruenceby 2, an inverseof 7

modulo 13 . We get
Z"ly :2'll ( m o dl 3 ) ,
so that
v = 9 (mod l3).
What we have shown is that any solution (xy) must satisfy

x = 7 (mod l3), y = 9 (mod l3).

When we insert these congruencesfor x and y into the original system,we see
that thesepairs actually are solutions,since
3x * 4y : 3'7 + 4'9 : 57 =5 (mod l 3 )
2 x * 5 v = 2 ' 7 + 5 ' 9 : 5 9 : 7 ( m o dI 3 ) .

Hence, the solutions of this system of congruencesare all pairs G,y) with
x = 7 ( m od 13) and v = 9 (m o d l 3 ).
We now give a general result concerningcertain systernsof two congruences
in two unknowns.

Theorem3.8. Let a,b,c,d,,f , a n d m b e i n t e g e r sw i t h m ) 0 , s u c ht h a t

(L ,m) : l, wher eA : a d -b c . T h e n , th e s y s te mo f congruences


has a unique solution modulo m given by

= @e-bfl (mod ln)
"y = 4
L Gf -ce) (mod m),

where A ir un inverseof A modulo m.

Proof. We multiply the first congruenceof the system by d and the secondby
b . to o bt ain
118 C ongruences

adx * bdy = de (mod m)

bcx * bdy = bf (mod m) .

Then, we subtract the secondcongruencefrom the first, to find that

G d -b c ) x = d e -b f (mod m),

o r , s i n c eA : ad-bc,

Ax = de-bf (mod rn ).

Next, we multiply both sidesof this congruenceby A, an inverseof A modulo

m, to concludethat

x = A @e-bfl (mod la).

In a similar way, we multiply the first congruenceby c and the secondby a,

to obtain

acx * bcy = ce (mod m)

acx * ady = af (mod m).

We subtract the first congruencefrom the second,to find that

Gd-bc)y : of -ce (mod z)


Ly : af -ce (mod na).

Finally, we multiply both sidesof the abovecongruenceby r to seethat

y = I bf -cd (mod z).

We have shown that if (x,y) is a solution of the system of congruences,

x = A @ e -b f) (m o d z ) , y = L bf -ce) (mod z).
We can easily check that anX such pair G,y) is a solution. When
x=A @e-bfl (mod m) andy: ibf -tri (mod m), we have
3 .4 S y s t em s of Lin e a r C o n g ru e n c e s 119

ax*by gE @r-bn + bA Gf -ce)

-abf -bce)
L bde-abf
L, fud-bc) e
e (modm),

cx * dy : 4 tat-bn + dE Gf -ce)
:- L Gde-brf + adf-cde)
= a bd-bdf
= A'L,f
: ( m o dm ) .

This establishesthe theorem. tr

By similar methods, we may solve systemsof r congruencesinvolving n
unknowns. However, we will develop the theory of solving such systems,as
well as larger systems, by methods taken from linear algebra. Readers
unfamiliar with linear algebra may wish to skip the remainder of this section.
Systems of r linear congruencesinvolving n unknowns will arise in our
subsequentcryptographicstudies. To study these systemswhen r is large, it
is helpful to use the language of matrices. We will use some of the basic
notions of matrix arithmetic which are discussedin most linear algebra texts,
su ch as A nt on t 0O l .
We need to define congruencesof matrices before we proceed.

Definition. Let A and B be nxk matrices with integer entries, with (i,/)th
entries aii and br7 , respectively. We say that A is congruent to B modulo m
i f a i i - b i j ( m o dm ) f o r a l l p a i r s ( i , 7 ) w i t h I < t ( n a n d t ( , r < k . W e
write A B (mod m) if I is congruentto B modulo m.
The matrix congruence A = B (mod m) provides a succinct way of
expressing the nk congruences o,j = bi1 (mod m) for I ( i ( rz and
I ( 7 < /c.

Example. We easily seethat

f" 13l (q 3l
( m ordr ) '
L8 2) l: rJ
The following proposition be needed.
120 Gongruences

Proposition 3.6. lf A and B are nxk matriceswith A : B (mod m), C is

a n k x p m at r ix a n d D i s a p x n ma tri x , al l w i th i nteger entri es, then
AC = ^BC (mod m) and DA = DB (mod m).

Proof. Let the entries of A and B be a;i and b,7, respectively,for I ( i ( n

and l(7<k, a n d l e t t h e e n t r i e so f C b e c i i n f o r l < i <k and
1 ( 7 ( p. The (i,/)th entries of AC and BC are ) ai1c1iand 2 bi,c,j,
--B (mo d
re s pec t iv ely .S inc e A m ),w e k n o w thuto,,' --Lb;, (mod ,)j ' rc, utt
i and k. Hence, from Theorem 3.3 we see that b o,,r,j z
2 bnc,i (mod ne). Consequently,AC BC (mod la).

The proof that DA : DB (mod m) is similar and is omitted. tr

Now let us consider the system of congruences

--- (mod
QttXtl anxz* *er, xn b1 m)
A Z t X t * a Z ZX Z t *?r, x, 2 b2 (modm)

QnrXt * anZXZ * lann xn : bn (mod rn ).

Using matrix notation, we see that this system of /, congruencesis equivalent

to the matrix conqruenceAX = B (mod lz ).

Qtt an Qln X1 by
azt azz Q2n X2 bz
where A : ,X: ,andB:

Anl An2 Onn xn bn

Example. The system

3x*.4y :{ (mo d 13)

2xt5y (mo d l 3)

ca n be wr it t en as
3.4 Systemsof LinearCongruences 121

4l| f'l
| -
fsl ( m o d l 3 ) .
[ Ll
12 sJ lyj L7J
We now develop a method for solving congruences of- the form
AX = B (mod m). This method is based on finding a matrix I such that
7Z - 1 (mod m), where 1 is the identity matrix.

Definition. lf A and ,q are nxn matrices of integers and if

l l
t ol
tra -,qI:/ ( m o zd ) , w h e rIe: l o . . . i s t h ei d e n t i m
t ya t r iox f
100 t,l
order n, then 7 is said to be an inverse of A modulo m .
If A is an inverse of A and B : 7 (moO rn ), then ^B is also an inverse of
A. This follows from Proposition3.6, sinceBA = AA = I (mod m).

sf A,then Br= 82(modm). To

C o n v e r s e l yi f, 8 1 a n d 8 2 a r e b o t h i n v e r s e o
seethis, using Proposition3.6 and the congruenceB1A = BzA = I (modm),
w e h a v eB A B I : B 2 A B r ( m o d l c l ) . S i n c eA B t : 1 ( m o dm ) , w e c o n c l u d e
that Bt Z Bz (mod ln).

Example. Since

= (m.d
:;l [t:): [t,[] [; ?] 5,

1,r4l Ir 3.l: f" xl : |,rol (mod5),

|.12) l.24) 15il,l l0rJ
ol [r l]
- ^ + r i v[ '
w e s e et h a t t h e 1natrix ,is
. an
^ inverse
of o)modulo5.
l, r,J l,
The followingpropositiongivesan easymethodfor finding inversesfor 2x2

Proposition3.7. Let A - be a matrix of integers, such that

A : det A : ad-bc ts relativelyprime to the positiveintegerm . Then, the
122 C ongruences

mat r ix

r : o=fl -o-ul
. o)'
wher ea is t he in v e rs eo f A m o d u l o m,i s a n i n verseof I modul o m.

Proof. To verify that tbg matrix 7 ir an inverse of A modulo ra, we need

only verify that AA = AA =I (mod z).

To see this, note that

f" u ) - l a - oll: n -l f a d - b c o l
AA: | ,l4l
oJ--l - b c + a.dl )
-faol faao I frol
= ^|-ooj=l
o ooj=lo',l: 1 (mod

-f a -n) (" ol - fad-bc o I

A A = -L -I f - . | | -t: aA l 0I I

: A [aol: faaol = l,rol : I (mod

fooJ I o lo,l [o',l
where f ir un inverseof A (mod m), which existsbecause(a,.d : l. tr

ir +l
Example.Let A : Since2 is an inversedetA:7 modulo13, we
lr r,J.

tr_2 1.s = |'rosl(moar).
l-23) l-46) l.e6J
To provide a formula for an inverse of an nxn matrix where n is a positive
integer, we need a result from linear algebra. This result may be found in
Anton [60; page 791. It involvesthe notion of the adjoint of a matrix, which
is defined as follows.

Definition. The adjoint of an nxn malrix A is the n\n matrix with (i,;)th
entry Cyi, where Cii is (-l)t+i times the determinant of the matrix obtained
by deleting the ith row and 7th column from A. Thg adjoint of I is denoted
3 .4 S y s t em s of Lin e a r C o n g ru e n c e s 123

by adj(l).

Theorem 3.9. If A is an nxn matrix with det A* 0, then

A GdjA) : (det A) I , where adj A is the adjoint of A.
Using this theorem,the following propositionfollows readily.

Proposition 3.8. If A is an n\n matrix with integer entries and rn is a

p o si tiv eint eger s uc h th a t (d e t ' q ,U ) :1 , th e n th e matri x A : A (adj A ) i s
an inverseof I modulo m, where A is an inverseof A : det A modulo m.

Proof. If (det A,m) : l, then we know that det A * 0. Hence, from

Theorem 3.9. we have


Since (det Z,nl) : l, there is an inverseA of A : det I modulo z. Hence,

A (A adj A) = A ' {.zLdj

nE - afl = I (mod m),

e tuolilA - [ (uojA ' A) - aar : 1 (modrn).

This showsthat 7 :^ ' (adj l) is an inverseof I modulo ru. tr

Example. Let A :
2 | . . T h e n d e tA : - 5 . S i n c e( d e t A , 7 ) : 1 , and an
u 23J
inverseof det A : -5 is 4 (mod 7), we find that

-2-3 sl l-a-tz2ol fezel

I:4(.:,djA):4 -s o tol: o o o l -
l-ro ltosl(modi),
4 r-r0J t 0 4-40) 1242)
We can use an inverseof I modulo m to solvethe system

AX : B (m o d m),

where (det A,m) : l. By Proposition3.6, when we multiply both sidesof this

congruenceby an inverseA of A, we obtain
124 Congruences

A Ux): LB (modm)
(,q,4x - 4B (modm)
X : A B (modn).

Hence, we find the solutionX by forming A B (mod m ).

Note that this method providesanother proof of Theorem 3.8. To seethis,

ret AX: B, whereA : x : and B - If

l:'), t;] [;]
A : det A : ad - bc is relativelyprime to ln, then

f"l - 1 ' - 1 ' " -B- l--A-f a -t)| |f,l| - ^ ,-, _fa,
. i_,
- nrl
),1(m odm).
l . .l : X = A ..r
lyj ")lf)-ulo,
This demonstratesthat (x,y) is a solutionif and only if

x = A,(de-bfl (mod z), y = I bf -ce) (mod lz).

Next, we give an example of the solution of a system of three congruences

in three unknownsusing matrices.

Example. We consider the system of three congruences

2 x 1 * 5 x 2t 6 x t : 3 ( m o d7 )
2x1 * xt j 4 (mod 7)
xr * 2x2* 3x:: I ( m o d7 ) .

This is equivalentto the matrix congruence

I [",] f
- lalr.noo
12z I l"'l = '^'^"-
lr r,l l",j I'J

we have previouslyshownthat the matrix ll 3 : is an inverse of

z) Hence'
tmoo wehave
l?: lJ
3.4 Systems of Linear Congruences 125

[*,1 fozellrl [r'l lol

l",l lrosll.l : ltl:
l-l:l^.^lll:l-.1: I'l(mod7)
l',J lz+zjL'J lro) lrj

Before leaving this subject,we should mention that many methodsused for
solving systems of linear equations may be adapted to solve systems of
congruences. For instance, Gaussian elimination may be adapted to solve
systemsof congruenceswhere division is always replacedby multiplication by
inversesmodulo ru. Also, there is a method for solvingsystemsof congruences
analagousto Cramer's rule. We leave the developmentof these methods as
problemsfor thosereadersfamiliar with linear algebra.

Applicationsof Gongruences

4.1 Divisibility Tests

Using congruences,we can develop divisibility tests for integers based on
their expansionswith respectto different bases'
We begin with tests which use decimal notation. In the following discussion
letn: (oooo-r...apo)rc. Thenfl:QklOft + arr-J0t-l+ * 4 1 1 0* o o ,
with 0 ( o.r ( 9 for,t:0,1, 2,...,k.
First, we develop tests for divisibility. by powers.. of 2. Since
l0 = 0 (mod 2), Theorem 3.5 tells us that 10/ :0 (mod 2r) for all positive
integers7. Hence,
n = (a) 1s (mod 2),
n = ( a r a o ) r o( m o d 2 2 ) ,
n 3 (a z a ra o )ro(mo d 2 3 ),

n: ( a i - f i i - 2 . . . a z a r a ot)o ( m o d 2 / )

These congruencestell us that to determine whether an integer n is divisible

by 2, we only need to examine its last digit for divisibility by 2. Similarly, to
determine whether n is divisible by 4, we only need to check the integer made
up of the last two digits of n for divisibility by 4. In general, to test n for
divisibility by 2i, we only need to check the integer made up of the last 7
digits of n for divisibility by 2i .

130 A ppl i cati ons of C ongruences

E x a m p l e .L e t n : 3 2 6 8 8 0 4 8 . w e s e e t h a t 2 l n s i n c e z l g , a l , since
4 | 4 9 , 8 l , s i n c es | + a , 1 6 | n s i n c e t 6 | g 0 4 g ,b u t 3 2
/ r s i n c e ' l zi g s o + g . -
To develop tests for divisibility by powers of 5, first note that since
l 0 = 0 ( m od 5), w e h a v e l Y :0 (mo d 5 /). H ence, di vi si bi l i ty tests for
powers of 5 are analogousto those for powers of 2. We only need to check the
integer made up of the last 7 digits of n to determinewhether n is divisiblebv

E x a m p l e . L e t n : 1 5 5 3 5 3 7 5 .S i n c e s I s , 5 | n , s i n c e z s
lls,25 | n, since
1 2 5 | 3 7 5 , 1 2 5 | n , b u t s i n c e 6 2 5| s l l s , 6 2 5 I n .

Next, we develop tests for divisibility by 3 and by 9. Note that both the
congruences l0 : I (mod 3) and l0 = I (mod 9) hold. Hence,
10e : I (mod 3) and (mod 9). This givesus the useful congruences
( a p a 1 r - 1 . . . a p s: ) e k l 0 & + a * _ t l 0 k - l + * alO * a6
: ek * ap4 *' . . + ar *as (mod
3 ) a n d ( m o d9 ) .

Hence, we only need to check whether the sum of the digits of n is divisible by
3, or by 9, to seewhether n is divisibleby 3, or by 9.

Example. Let n : 412783s. Then, the sum of the digits of n is

4 + | + 2 + 7 + 8 + 3 + 5 : 3 0 . S i n c Ie l r o b u t 9 l t } , 3 l n b u t gl n .
A rather simple test can be found for divisibility by IL Since
l0 : -l (mod I l), we have

( a 1 r a 1 r - 1 . . . a p s ) t 0a:k l O k + a 1 r - 1 1 0 k *- r * alO * as
: ak(-l)ft * a*-r(-t)t-t + -at * as (modI l).

This shows that (apap-1....aps) rc is divisible by I l, if and only if

o s - at * o2- + (-I)k a p , th e i n te g e r formed by al ternatel y addi ng
and subtracting the digits, is divisible by I l.

Example. We see that 723160823is divisible by 11, since alternately adding

a n d s u b t r a c t i n gi t s d i g i t s y i e l d s i - z + g - 0 + 6 - l + 3 - z * 7 : 2 2
which is divisible ll. On the other hand, 33678924is not divisible bv 11.
s i n c e4 - 2 + 9 - 8 + 7 - 6 + 3 - 3 : 4 i s n o t d i v i s i b l eb y l l .
Next, we develop a test to simultaneouslytest for divisibility by the primes
7 , l l , a n d 1 3 . N o t e t h a t 7 ' l l ' 1 3 : l 0 0 l a n d 1 0 3 : 1 0 0 0: - l ( m o d l 0 0 l ) .
4 .1 D iv is ibilit y T es ts 131

( a 1 , a 1 r - r . . . a d r oa :k l O k + a * - J O f t - l + * alO * c6
: ( a o * l 0 a r * 1 0 0 a ) + 1 0 0 0 ( a r* 1 } a a * 1 0 0 4 5 )*
(tOOO)'(ou + l 0 a 7 t 1 0 0 a 6 )r
= (100a2* 10cr+ a0)- (l00ar * l}aa* a) *
(t00ar * l0a7+ a) -
= ( a2 a ,a s ),. - (o 5 a a a 3 ),s * (a s a 7a6)rc- (mod 1001).

This congruencetells us that an integer is congruent modulo l00l to the

integer formed by successivelyadding and subtracting the three-digit integers
with decimal expansionsformed from successiveblocks of three decimal digits
of the original number, where digits are grouped starting with the rightmost
digit. As a consequence, since 7,11, and l3 are divisorsof 1001,to determine
whetheran integeris divisibleby 7,11, or 13,we only needto checkwhetherthis
a l te rn at ings um and d i ffe re n c eo f b l o c k so f th re e d i gi ts i s di vi si bl eby 7,11, or

Example. Let n - 59358208. Since the alternating sum and difference of the
- -91, is
integers formed from blocks of three digits, 208 358 + 59 :
divisible by 7 and 13, but not by 11, we seethat r is divisibleby 7 and 13, but
of theTvisibility tests we have developedthus far are based on decimal
representations. We now develop divisibility tests using base b
representations,where b is a positive integer.

Divisibility Test 1. If d I b and 7 and k are positive integers with i < k,

th e n ( a1. . . aps ) 6 is d i v i s i b l e b y d i i f a n d o n l y i f (a1-r...apo)ui s di vi si bl eby

Proof. Since b = 0 (mod d), Theorem 3.5 tells us t h a t b j : 0 ( m o dd / ) .

( a p a 1 r - 1 . . . a p s ) 6a: r r b k* " ' + a l b l + a i - f t i - l + "'+aft*as
: (a i -t...a P s )6 (m o d d /).

i f a n d o n l y i f d I G1-t...aps)6. -
Co n se quent lyd, I Q 1 ,a 1 r-1 ...a p s )6

Di vi sibilit yT es t 2. lf d | (b -t), th e n n : (a p ...a ps)6 i s di vi si bl eby d i f and

o n l y i f a p t ' ' ' + a r t a s i s d i v i s i b l eb y d .

Proof. Since d | $-l), we have b = I (mod d), so that by Theorem 3.5 we

kn o w t hat bj - I ( m o d d ) fo r a l l p o s i ti v ei n te g e rsb. H ence, ( o)r:
132 Oppl i cati ons of C ongruences

a l r b kI t aft I aoz at * * a 1 t a 6 ( m o d d ) . T h i s s h o w st h a t
dlnifandonlyifdl(a*+ * a1t as). tr

Divisibility Test.3. lf d | (b + l), then n : (ap...aps)6 is divisible by d if

a nd only if ( - I ) k a p * -a r * a 6 i s d i v i s i bl eby d.

Pr oof . S inc e d I ft + 1 ), w e h a v e g : -l (mod d). H ence, bi = (-l )/

(mod d) , and c o n s e q u e n tl yn, : (a 1 , ...a p s ) b : (-t)k a1, + - o1
* ao ( m od d) . H e n c e , d I n i f a n d o n l y i f d | ((-l )o oo + -a1
* as). n

Example.Let n: (7F28A6)16(in hex notation).Then, sincezl te, from

DivisibilityTest l, we know that 2 | n, sincezl e. Likewise,since4 | 16,we
s e e t h a t a l n , s i n c e4 t r 6 . B y D i v i s i b i l i t T
y e s t Z , s i n c e3 l ( f 6 - l ) ,
5 l ( t 6 - 1 ) , a n d 1 5l ( 1 6 - t ) , a n d 7 + F + 2 + 8 +A *6:(30),u, we
knowthat 3 | n, sinceI | (:O)16, while 5 tr, and I 5 I n, since5 / (30)roand
ts / (30)ro. Furthermore,by Divisibility Test 3, since 17 | (16 + l) and
n =6- A +8 -2* F -7: ( , q ) r u( m o dl 7 ) , w e c o n c l u dt h e a tl 7 t r r ,
since17 I (D rc.

Example.Let n : (1001001 I ll)2. Then, using Divisibility Test 3, we see

t h a t 3 l r , s i n c en = | - 1 + 1 - I + 0 - 0 + 1 - 0+0-l:0(mod3)
a n d3 l ( z + t ) .

4.2 The PerpetualCalendar

In this section,we derive a formula that gives us the day of the week of any
day of any year. Since the days of the week form a cycle of length seven,we
use a congruencemodulo 7. We denote each day of the week by a number in
t h e s e t 0 , I , 2 , , 3 , 4 , 5 , 6 , s e t t i n gS u n d a y : 0 , M o n d a y : l , T u e s d a y: 2 ,
Wednesda! : 3, Thursday : 4, Fridey :5, and Saturday : $.
Julius Caesarchangedthe Egyptian calendar,which was basedon a year of
exactly 365 days, to a new calendar with a year of averagelength 365 V4days,
with leap years every fourth year, to better reflect the true length of the year.
However, more recent calculations have shown that the true length of the year
is approximately 365.2422days. As the centuries passed,the discrepanciesof
0.0078 days per year added up, so that by the year 1582 approximately l0
extra days had been added unnecessarilyas leap years. To remedy this, in
4 .2 T he P er pet ua l C a l e n d a r 13s

1582 Pope Gregory set up a new calendar. First, l0 days were added to the
d a te, s o t hat O c t ob e r 5 , 1 5 8 2 ,b e c a meOc to b e r 1 5, 1582 (and the 6th through
the l4th of October were skipped). It was decided that leap years would be
preciselythe years divisible by 4, except those exactly divisible by 100, i.e.,
the years that mark centuries,would be leap years only when divisible by 400.
As an example,the years 1700, 1800, 1900, and 2100 are not leap years but
1600 and 2000 are. With this arrangement, the average length of a calendar
year is 365.2425days, rather close to the true year of 365.2422 days. An
error of 0.0003 days per year remains, which is 3 days per 10000 years. In
the future, this discrepancy will have to be accounted for, and various
possibilitieshave been suggestedto correct for this error.

In dealing with calendar dates for various parts of the world, we must also
take into account the fact that the Gregorian calendar was not adopted
everywherein 1582. In Britain, the Gregorian calendar was adopted only in
1752,and by then, it was necessaryto add I I days. Japan changedover 1873,
the Soviet Union and nearby countries in 1917. while Greece held out until
We now set up our procedure for finding the duy of the week in the
Gregorian calendar for a given date. We first nrust make some adjustments,
becausethe extra day in a leap year colmesat the end of February. We take
care of this by renumbering the months, starting each year in March, and
consideringthe months of January and February part of the precedingyear.
For instance,February 1984, is consideredthe 12th month of 1983, and May
1984, is consideredthe 3rd month of 1984. With this convention,for the day
of interest, let k : day of the month, z : month, and N : year, with
N : 100C + IZ, where C : century and Y : particular year of the century.
F o r e x a m p l e J, u n e 1 2 , 1 9 5 4 ,h a s k : 1 2 , f r 7 : 4 , N : 1 9 5 4 , C : 1 9 , and
Y :54.
We use March 1, of each year as our basis. Letdy representthe day of the
week of March 1, in year I{. We start with the year 1600 and compute the
day of the week March l, falls on in any given year. Note that between
March I of year l/ - I and March I of year ly', if year N is not a leap year,
365 days have passed,and since 365 : I (mod 7), we seethat du : dN_,
* I (mod 7), while if year l/ is a leap year, since there is an extra day
between the consecutivefirsts of March, we see that dy = dx_r + 2 (mod 7).
Hence, to find dys from drooo,we must find out how many leap years have
occurred between the year 1600 and the year N (not including 1600, but
including N). To compute this, we first note that there are [(nrr - 160c)/41
years divisible by 4 between 1600 and N, there are [Or-t600)/1001 years
divisible by 100 between 1600 and N, and there are ICnr - 1600)/4001years
divisible by 400 between 1600 and N. Hence, the number of leap years
136 Applicationsof Congruences

between1600 and N is

t0,r - rc00D/41-tor - 1600)/1001 + tcnr- 1600)/4001

: lN /41- 400- lX /t001+ t6 + Ir{/4001- 4
: lN /41- lw /tool + It//4ool - 388.

(We have used Proposition1.5 to simplify this expression). Now putting this
in terms of C and Y , we see that the number of leap years between 1600 and
l/ is

lzsc+ v/Dl - tc + v/r0o)l+ 1,rc/0+ v/400)l- ras

: 2 5 C + I Y / 4 1- C + t C/ 4 1 - 3 8 8
= 3 C + l C / 4 1+ l Y / 4 1 - 3 ( m o d7 ) .

Here we haveagainusedProposition1.5,the inequalityY/100 ( 1, and the

equation |,rc /4 + V /4001 : lc /+l (which follows from problem 20 of
Section1.2,sinceY/400 < llq.
We can now compute d1y from drcooby shifting drcooby one day for every
year that has passed,plus an extra day for each leap year between 1600 and
N. This gives the following formula:
dx=drcoo+100c+Y-1600+ 3 C + I C / 4 1+ l Y l 4 l - 3 ( m o d7 ) .

Simplifying, we have

dx : drcoo
- 2c + y + tc/41 + ly/41 (mod7).

Now that we have a formula relating the day of the week for March l, of any
year, with the day of the week of March 1, 1600, we can use the fact that
March |, 1982, is a Monday to find the day of the week of March I , 1600.
F o r 1 9 8 2 ,s i n c e . l y ' : 1 9 8 2 , w eh a v eC : 1 9 , a n d Y : 8 2 , a n d s i n c ed p t z : l ,
it follows that
| = drcoo- 38 + 82 + [19/41 + ts2/41 :- drcoo- 2 (mod 7).

H enc e, dr c oo: 3, s o th a t M a rc h 1 , 1 6 0 0 ,w a s a W ednesday. W hen w e i nsert

the value of d16ss,the formula for d1,,becomes
du : 3 - 2 C + Y + l C /4 1 + IY l 4l (mod 7).

We now use this formula to compute the day of the week of the first day of
each month of year l{. To do this, we have to use the number of days of the
week that the first of the month of a particular month is shifted from the first
of the month of the preceding month. The months with 30 days shift the first
of the following month up 2 days, because30 : 2 (mod 7), and thosewith 31
4 .2 Th e P er pet ual C a l e n d a r 137

: 3 (mod 7) '
days shift the first of the following month up 3 days, because31
Therefore, we must add the following amounts:

from March l, to APril l: 3 daYs

from April l, to May I : 2 daYs
from May l, to June l: 3 daYs
from June l, to July I : 2 daYs
from July 1, to August 1: 3 daYs
from August 1, to Septemberl: 3 daYs
from September 1, to October I : 2 daYs
from October l, to November l: 3 days
from November 1, to December 1: 2 days
from December l, to January l: 3 daYs
from January 1, to February 1: 3 daYs.

We need a formula that gives us the same increments. Notice that we have
1l incrementstotaling 29 days, so that each increment averages2.6 days. By
inspection, we find that the function lZ.6m - 0.21- 2 has exactly the same
increments as rn goes from I to I l, and is zero when m : l. Hence, the day
of the week of the first day of month m of year N is given by by the least
positiveresidueof dy + [2.6m - 0.21 - 2 modulo 7.

To find W, the day of the week of day k of month m of', we simply

add k-l to the formula we have devised for the day of the week of the first
day of the same month. We obtain the formula:
w - k + 12.6m
- o.2l- 2C + Y + IYl4l + lcl4l (mod7).

We can use this formula to find the day of the week of any date of any year
in the Gregorian calendar.

Example. To find the duy of the week of January 1, 1900, we have

c : 1 8 , I r : 9 9 , m : l l , a n d k : | ( s i n c e w e c o n s i d e rJ a n u a r y a s t h e
eleventh month of the preceding year). Hence, we have
w I + 28 - 36 + 99 + 4 + 24 :- I (mod 7), so that the first day of the
twentieth century was a Monday.

4.3 Round-RobinTournaments 139

4.3 Round-RobinTournaments
Congruences can be used to schedule round-robin tournaments. In this
section, we show how to schedulea tournament for I/ different teams, so that
each team plays every other team exactly once. The method we describe was
developedby Freund t65].

First note that if N is odd. not all teams can be scheduled in each round,
since when teams are paired, the total number of teams playing is even. So, if
N is odd, we add a dummy team, and if a team is paired with the dummy
team during a particular round, it draws a bye in that round and does not
play. Hence, we can assume that we always have an even number of teams,
with the addition of a dummy team if necessary.

No w label t he N t e a ms w i th th e i n te g e rs1 ,2 ,3 ,...,If-1, N . W e construct

a schedule,pairing teams in the following way. We have team i, with i * N,
play team j, with j I N and j # i, in the kth round if
i + j: k (mod /V-l). This schedulesgames for all teams in round k,
except for team N and the one team i for which 2i : k (mod li-l). There
is one such team because Theorem 3.7 tells us that the congruence
2x :- k (mod /V-l) has exactly one solution with I ( x < .A/-1, since
(2, N-l) : 1. We match this team i with team ^A{in the kth round.

We must now show that each team plays every other team exactly once.
We consider the first tr/-l teams. Note that team i, where I < t <,Af-l,
plays team l/ in round k where 2i : k (mod lf-l), and this happensexactly
once. In the other rounds, team i does not play the same team twice, for if
team i played team 7 in both rounds k and k', then i + j = k (mod l/-l),
and i + j = k' (mod N-l) which is an obvious contradiction because
k # k'(mod N-l). Hence, since each of the first lf-l teams plays .Af-l
games, and does not play any team more than once, it plays every team
exactly once. Also, team I{ plays N-l games, and since every other team
plays team N exactly once, team N plays every other team exactly once.

Example. To schedule a round-robin tournament with 5 teams, labeled

I,2 ,3 ,4 , and 5, we i n c l u d e a d u m m y te a m l a b e l ed6. In round one, team I
p l a y st e a m T w h e r e| + j = l ( m o d 5 ) . T h i s i s t h e t e a m j : 5 sothat teamI
plays team 5. Team 2 is scheduled in round one with team 4, since the
s o l u t i o no f 2 + j = l ( m o d 5 ) i s 7 : 4 . S i n c ei : 3 i s t h e s o l u t i o no f t h e
congruence2i = 1 (mod 5), team 3 is paired with the dummy team 6, and
hence,draws a bye in the first round. If we continue this procedureand finish
schedulingthe other rounds,we end up with the pairings shown in Figure 4.1,
where the opponent of team i in round k is given in the kth row and i th
140 Applicationsof Congruences

I 2 3 4 5

I 5 4 bye 2 I

2 bye 5 4 3 2

3 2 I 5 bye 3

4 3 bye I 5 4

5 4 3 2 I bye

Figure 4.1. Round-Robin Schedule for Five Teams.

4.4 ComputerFile Storage And Hashing Functions

A university wishes to store a file for each of its students in its computer.
The identifying number or key for each file is the social security number of
the student enrolled. The social security number is a nine-digit integer, so it is
extremely unfeasible to reserve a memory location for each possible social
security number. Instead, a systematic way to arrange the files in memory,
using a reasonableamount of memory locations, should be used so that each
file can be easily accessed. Systematic methods of arranging files have been
developedbased on hashtng functions . A hashing function assignsto the key
of each file a particular memory location. Various types of hashing functions
have been suggested, but the type most commonly used involves modular
arithmetic. We discuss this type of hashing function here. For a general
discussionof hashingfunctionsseeKnuth [52] or Kronsjii t581.
Let k be the key of the file to be stored; in our example, k is the social
security number of a student. Let m be a positive integer. We define the
hashingfunction h (k) by
h(k) =k (mod,m),

where 0 < ft(k) < m,so that h(k) is the least positiveresidueof k modulo
m. We wish to pick n intelligently, so that the files are distributed in a
reasonableway throughout the z different memory locations0, 1,2,..., m-|.

The first thing to keep in mind is that z should not be a power of the base
b which is used to representthe keys. For instance,when using social security
numbers as keys, ra should not be a power of 10, such as 103, becausethe
value of the hashing function would simply be the last several digits of the
k"y; this may not distribute the keys uniformly throughout the memory
locations. For instance, the last three digits of early issued social security
numbers may often be between 000 and 099, but seldom between 900 and
ggg. Likewise, it is unwise to use a number dividing 6t * a where k and a
are small integers for the modulus rn. In such a case, h (k) would depend too
strongly on the particular digits of the key, and different keys with similar, but
rearranged, digits may be sent to the same memory location, For instance, if
m : l l l , t h e n , s i n c el l l | ( t O 3- l ) : 9 9 9 , w e h a v e 1 0 3= 1 ( m o d 1 1 1 ) , s o
that the social security numbers 064212 848 and 064 848 212 are sent to the
same memory location, since
142 Applicationsof Congruences

h@64 2r2 S4$ = 064 2r2 848= 064 + 2r2+ 848 = ll24 : 14 (mod111),

= 0 6 48 4 82 r 2 : 0 6 4 + 8 4 8+ 2 r 2 = r r 2 4 : 1 4( m o dl l l ) .

To avoid such difficulties, z should be a prime approximating the number

of available memory locations devoted to file storage. For instance, if there
are 5000 memory locations available for storage of 2000 student files we could
pick m to be equal to the prime 49G9.

We have avoided mentioning the problem that arises when the hashing
function assignsthe same memory location to two different files. When this
occurs, we say the there is a collision. We need a method to resolvecollisions,
so that files are assignedto different memory locations. There are two kinds
of collision resolution policies. In the first kind, when a collision occurs. extra
memory locations are linked together to the first memory location. When one
wishes to accessa file where this collision resolution policy has been used, it is
necessaryto first evaluate the hashing function for the particular key involved.
Then the list linked to this memory location is searched.

The secondkind of collision resolution policy is to look for an open memory

location when an occupied location is assignedto a file. Various suggestions,
such as the following technique have been made for accomplishingthis.
Starting with our original hashing function ho(k): h(k), we define a
sequenceof memory locationsft1(ft),h2(k),... . We first attempt to place the
file with key ft at location hs(k). If this location is occupied, we move to
l o c at ionht ( k ) . If th i s i s o c c u p i e d w
, e m o v e to l ocati onh2& ), etc.
We can choose the sequence of functions hj(k) in various ways. The
simplestway is to let

h j ( k ) = h ( k ) * 7 ( m o d m ) , 0 ( f t ;( k ) < m .

This placesthe file with key ft as near as possiblepast location h &). Note
that with this choice of h1(k), all memory locationsare checked,so if there is
an open location, it will be found. Unfortunately, this simple choice of h1(k)
leads to difficulties; files tend to cluster. We see that if kt * k2 and
hi(k): h1(k) for nonnegative i n t e g e r si a n d 7 , t h e n h ; q , ( k ) : hi+1,(k2)
for k : 1,2,3,...,so that exactly the same sequenceof locationsare traced out
once there is a collision. This lowers the efficiencyof the search for files in the
table. We would like to avoid this problem of clustering, so we choose the
function h1(k) in a different way.
4.4 ComputerFile Storageand HashingFunctions 143

To avoid clustering, we use a technique called double hashtng. We choose,

as before,
h(k) =k (modm),

with 0 < ft (/c) < m, where m is prime, as the hashing function. We take a
secondhashing function
g(k): k + I ( m o dm - 2 ) ,

where 0 < g(k) < m - l, so that G(k), m) : l. We take as a

probing sequence
hj(k) - h ( k ) + i s ( k ) ( m o dz ) ,

w h e re 0 ( f t ; ( k ) < m. Si n c e Q (k ), tn ) : l , a s 7 runs through the i ntegers

0 , 1 ,2, . . . , m - 1, al l me mo ry l o c a ti o n sa re tra c ed out. The i deal si tuati on
would be for m-2 to also be prime, so that the valuesg(ft) are distributed in
a reasonableway. Hence, we would like m-2 and m to be twin primes.

Example. In our example using social security numbers, both m : 4969, and
m-2 : 4967 are prime. Our probing sequenceis
h j (k ) - h (k ) + i s (k ) (mo d 4e6e),

where0< hj (k)<4969, h(k)=k ( m o d 4 9 6 9 ) ,a n d s ( k ) = k + l

(mod 4967).

Supposewe wish to assign memory locations to files for students with social
securitv numbers:

k t : 3 4 44 0 16 5 9 k6 : 3 J 25 0 0 1 9 1
k z : 3 2 5 5 1 07 7 8 k7 : 0 3 43 6 79 8 0
kt:2t2 228844 ks : 546332 t90
kq: 329938 t57 ks : 509 496993
k s : 0 4 7 9 0 0l 5 l krc: 1 3 24 8 99 7 3 .

Sincekt = 269,kz = 1526,and k3 : 2854(mod 496r, we assignthe first

three files to locations 269, 1526, and 2854, respectively. Since kq =
1526(mod 4969),but location1526is taken,we computeh1 (k) = h(k) +
S(k) : 1526+ 216: 1742(mod 4969, since : I + kq =
216 (mod496D. Sincelocation1742is free,we assignthe fourth file to this
location. The fifth, six, seventh,and eighthfilesgo into the availablelocations
3960,4075,2376, and 578, respectively,becauseks = 3960,ko = 4075,
k.t = 2376,and frs - 578 (mod 4969). We find that ks = 578 (mod 496il:
144 Applicationsof Congruences

b e c a u s el o c a t i o n5 7 8 i s o c c u p i e dw
, e c o m p u t eh 1 ( k q ) + s & ) : 5 7 g + 2002
: 2580 (mod 4969), where
S(k) : I * ks = 2002 (mod 4g6D. Hence, we
assign the ninth file to the free location 2580. Finally, we find that kro E
1 5 26 ( m od 4967 ),b u t l o c a ti o n1 5 2 6 i s ta k e n . w e computehr (krd = h(Lrc)
+ g ( k , o ) : 1 5 2 6+ 2 1 6 : 1 7 4 2 ( m o d 4 9 6 r , b e c a u s e
S : ( / c r o :)' k r c : 216
(mod 4967), but location 1742 is taken. Hence, we continue
by finding
h2(krc)_ h(krc) + 2g(kd: l 9 5 g ( m o d 4 9 6 q i )a n d i n t h i s a v a i l a b l e
location,we place the tenth file.

Table 4.1 lists the assignmentsfor the files of students by their social
security numbers. [n the table, the file locationsare shown in boldface.

Social Security
h1(k) h2(k)

344 40r 659 269

325 510778 r526
2r2 228 844 2854
329 938 ts7 1526 1742
0 4 79 0 0 l 5 l 3960
3 7 25 0 0l 9 l 4075
0 3 4 3 6 79 8 0 2376
546 332 r90 s78
509 496 993 578 2580
t32 489973 r526 t 74 2 1958

Table 4.1. Hashing Function for Student Files.

We wish to find conditions where double hashing leads to clustering.

Hence, we find conditionswhen
(4.1) hi(k) : h1(k2)

a nd
(4. 2) hi+t(k1): hi+r(k),

so that the two consecutiveterms of two probe sequencesagree. If both (+.t)

and @.D occur, then

h(k) + ig(k1) = h(k) + j g ( k 2 ) ( m o dz )

4.4 C om put er F ile Sto ra g e a n d H a s h i n g F u n c ti o ns 145

h(k)+(t+l)g(kr) = h&) + (j + r)g(k) ( m o dz ) .

Subtracting the first of thesetwo congruencesfrom the second,we obtain

g ( k ) : g (k 2 ) (m o d rn),

so that
kr = kz (modm-2)'

Since S(k) : g(k), we can substitutethis into the first congruenceto obtain
h(k) : h ( k z ) ( m o d r n) ,

which showsthat
k r = k 2 ( m o dm ) .

Consequently,since (m-2, m) : 1, Theorem 3.6 tells us that

k t = k 2 ( m o dm ( m - D ) .

Therefore, the only way that two probing sequencescan agree for two
consecutiveterms is if the two keys involved,k1 and k2,lre congruentmodulo
m(m-Z). Hence, clustering is extremely rare. Indeed, rf m(m-z) > k for
all keys k, clusteringwill never occur.

Some Special Congruences

5.1 Wilson's Theoremand Fermat's Little Theorem

In this section,we discusstwo important congruencesthat are often useful
in number theory. We first discussa congruencefor factorialscalled Wilson's

Wilson's Theorem. If p is prime, then (p-t)t = -t (mod p).

The first proof of Wilson's Theorem was given by the French mathematician
Joseph Lagrange in 1770. The mathematician after whom the theorem is
named, John Wilson, conjectured, but did not prove it. Before proving
Wilson's theorem,we use an exampleto illustrate the idea behind the proof.

Example. Let p:7. We have (7-l)! :6! : l'2'3'4'5'6. We will rearrange

the factors in the product, grouping together pairs of inversesmodulo 7. We
- (mod 7) (mod 7).
note that 2'4 I and 3'5 = I Hence,
6! : 1.O.4.(g.S).6= 1.6= - l ( m o d 7 ) . T h u s , w e h a v e v e r i f i e da s p e c i a l
caseof Wilson's theorem.
We now use the technique illustrated in the example to prove Wilson's

Pro o f. W hen p: 2, w e h a v e Q-l )t = t : -l (mod 2). H ence,the theorem

is true for p:2. Now, let p be a prime greater than 2. Using Theorem 3.7,
f o r e a c h i n t e g e ra w i t h I ( a { p - I , t h e r e i s a n i n v e r s et , I < a 4 p - 1 ,
wi th aa: 1 ( m odp) . F ro m Pro p o s i ti o n3 .4 , th e onl y posi ti vei ntegersl ess
than p that are their own inversesare I and p-1. Therefore,we can group
148 S ome S peci al C ongruences

the integersfrom 2 to p-2 into Q4)/2 pairs of integers,with the product of

each pair congruentto I modulop. Hence, we have

2.3 Q-).Q-D = r ( m o dp ) .

We concludethe proof by multiplying both sidesof the abovecongruenceby I

and p-l to obtain

b-1)! :1.2.3' .Q-3)b-Db-l) = t . ( p - r ) = - r ( m o d p ) .t r

An interestingobservationis that the converseof Wilson's theorem is also

true, as the following theorem shows.

Theor em 5. 1. I f n i s a p o s i ti v ei n te g e rs u c h th at h-l )t = -l (mod n), then

n is prime.

Proof. Assume that n is a compositeinteger and that (n-l)! = -l (mod n).

since n is composite,we have n:ob, where | 1 a I n and | < b 1 n.
Sinc e a 1n, we k n o w th a t a I h -l )!, b e c a usea i s one of the n-l numbers
m ult iplied t ogeth e r to fo rm (n -l )!. S i n c e h -l )t = -l (mod n), i t fol l ow s
th at n I t ( r - l) ! + l l . T h i s m e a n s ,b y th e u se of P roposi ti on1.3, that a al so
d i v ides h- l) t + t. F ro m P ro p o s i ti o n 1.4, si nce a | (n-D l and
al[h-l)! + l l , w e c o n c l u d et h a t a l t ( : n - l ) ! + I ] - ( n - l ) ! : l . T h i s i s
an obviouscontradiction,sincea ) l. tr

We illustrate the use of this result with an example.

Example. Since (6-l)! : 5! : 120 = 0 (mod 6) , Theorem 5.1 verifies the

obviousfact that 6 is not prime.

As we can see, the converseof Wilson's theorem gives us a primality test.

To decide whether an integer n is prime, we determine whether
h - l) ! : - 1 ( mo d n ). U n fo rtu n a te l y , th i s i s an impractical test because
n - 1 multiplications modulo n are needed to find (rr'-l)|, requiring
O h (log2n)z) bit operations.
When working with congruencesinvolving exponents,the following theorem
is of great importance.
Fermat's Little Theorem. If p is prime and a is a positive integer with p I a,
then aP-t = I (mod p).
C , ( P S 6 ' " , " 1, )
Proof. Con'sider'the p - | i n te g e rsa ,2 a , ..., ( p-l )a. N one of these i ntegers
are divisible by p, for if p I i a , th e n b y L e m m a 2.3, p I j , si ncep tr a. Thi s
5 .1 W ils on' s T heor e m a n d F e rma t' s L i ttl e T h e orem 149

is impossible because I ( 7 ( p-1. Furthermore, no two of the integers

a, 2a, ..., ( p- Da a re c o n g ru e n t mo d u l o p . To S ee thi s, assume that
ja = ka (mod fl. Then, from Corollary 3.1, since (a,p) : l, we have
j = k (modp). This is impossible,since 7 and k are positive integers less
thanp - I .
Si n ce t he int ege rs a , 2 a , ..., (p -l )a a re a set of p-l i ntegers al l
incongruent to zero, and no two congruent modulo p, we know that the least
positive residues of c, 2e,..., (p-l)a, taken in some order, must be the
i n te g er s 1, 2, . . . ,p- 1 . , e product of the i ntegers
A s a c o n s e q u e n c eth
a ,2 a ,.. . , ( p- l) a is c o n g ru e n t mo d u l o p to th e product of the fi rst p-l
positiveintegers. Hence,

a'2a : l'2 ( p - r ) ( m o dp ) .

aP-t(p-l)! : (p-l)! (modp) .

S i n c e( p - l ) ! , p) : l , u s i n g C o ro l l a ry3 .1 , w e c a ncelQ-l )! to obtai n

a P-t = I (mo d p ). tr

We illustrate the ideasof the proof with an example.

Exa m ple. Let p: 7 a n d a :3 . T h e n , l ' 3 = 3 (mod 7), 2' 3 = 6 (mod 7),

3 .3 = 2 ( m od 7) , 4' 3 = 5 (m o d 7 ), 5 ' 3 = I (mod 7), and 6' 3 = 4 (mod 7).
( t . l ) .Q . r . ( r . r ) . ( + . 1 ) . ( 5 . 3 ) . (=6 .33.)6 . 2 . s . 1( m
. 4o d7 ) ,

s o t h a t 3 6 . 1 . 2 . 3 . 4 . 5=. 6 3 . 6 . 2 ' 5 ' l ' 4( m o d 7 ) . H e n c e ,3 6 ' 6 != 6! (mod 7), and

therefore.36 = I (mod 7).
On occasion, we would like to have a congruence like Fermat's little
theorem that holds for all integersa, given the prime p. This is suppliedby
the following result.

Theorem 5.2. If p is prime and a is a positive integer, then

eP: a (modp).

Pro o f. lf p I a, by F e rm a t' sl i ttl e th e o re mw e k now that ap-t: I (modp).

Multiplying both sidesof this congruenceby a, we find that ap = a (mod p).
l f p l a , t h e n p l a p a s w e l l , s o t h a ta P = a = O (modp). Thisfinishesthe
proof, sinceaP = a (mod p) it p I a and if pla. tr
150 Some SpecialCongruences

Fermat's little theorem is useful in finding the least positive residuesof


Example. We can find the least positive residue of 3201modulo I I with the
h e lp of F er m at ' s l i ttl e th e o re m . W e k n o w th at 310: I (mod l l ). H ence.
3 2 o r: ( 3 r o ) 2 03. = 3 ( m o d l l ) .

A useful application of Fermat's little theorem is provided by the following


Theorem 5.3. If p is prime and a is an integer with p I a, then aP-2 is an

inverseof c modulop.

Proof. If p tr a, then Fermat's little theorem tells us that

a 'aP - 2 : s P - t = I (m o d p ). H e n c e ,a P-2 is an inverseof a modulo p.

Example. From Theorem 5.3, we know t h a t 2 e : 5 1 2 = 6 ( m o d l l ) is an

inverseof 2 modulo I 1.
Theorem 5.3 gives us another way to solve linear congruenceswith respect
to pr im e m oduli.

Corollary 5.1. lf a and b are positive integers and p is prime with p I a,

then the solutionsof the linear congruenceax = 6 (mod p) are the integers
x s uc h t hat x = a P-2 b (mo d p ).

Proof. Suppose that ax = b (mod p). Since p I a, we know from Theorem

5 .2 t hat aP - 2 is a n i n v e rs e o f c (mo d i l . Mul ti pl yi ng both si des of the
original congruenceby sP-z, we have

aP-2ax = aP-2b(mod p).


x 7 aP-2b (mod p). tr

5.1 Problems

l. U s i n g W i l s o n ' s theorem, find the least positive r e s i d u e o f 8 ' 9 ' 1 0I. l . 1 2 .I 3

modulo 7.

2. Using Fermat's little theorem, find the least positive residue oP 2toooooo
5 .1 W ils on' s T heore m a n d F e rma t' s L i ttl e T h e o rem 151

?, S h o w t h a t 3 1 s: I (mod I l2).

4 . Using Fermat's little theorem,find the last digit of the base7 expansionof 3r00.
5 . Using Fermat's little theorem,find the solutionsof the linear congruences
a) 7x = 12 (mod 17) b) 4x=ll(modl9).

6. S h o w t h a t i f n i s a c o m p o s i t ei n t e g e r w i t h n * 4 , t h e n h - \ ) t = O ( m o d n ) .

7 . S h o w t h a t i f p i s a n o d d p r i m e ,t h e n 2 Q - 3 ) ! : -l (modp).

8. Show that if n is odd and 3 /n, then n2 = | (mod 24).

9. Show that 42 | h' - n) for all positive integers n.

1 0 . S h o w t h a t i f p a n d q a r e d i s t i n c tp r i m e s ,t h e n p e - t * q P - r : I (modpq).

I l. Show that p is prime and a and b are integerssuch that ap = bP (mod p), then
aP = bP (modp2).

12. Show that if p is an odd prime, then 1232 (p-42(p-2)2 =

1-11b+t)/z(mod p).
13. Showthatifp isprimeandp =3 ( m o d 4 ) , t h e n{ ( p - t \ l Z l l = * I (modp).

14. a) Let p be prime and supposethat r is a positive integer less then p such that
( - l ) ' r ! _ - l ( m o dp ) . S h o wt h a t Q - r * l ) ! : - l ( m o dp ) .

b ) U s i n g p a r t ( a ) , s h o wt h a t 6 l ! = 6 3 ! = - l (mod 71).

15. Using Wilson's theorem,show that if p is a prime and p = I (mod 4), then the
- -l (mod
congruence x2 p) has two incongruent solutions given by
x E t l(p-)/zll (modp).

16. Show that if p is a prime and O1k<-p, then Q-k)!(k-l)!

= ( - l ) e ( m o dp ) .

1 7 . S h o w t h a t i f p i s p r i m e a n d a i s a n i n t e g e r t, h e n p l l a p + Q-l)! al.

18. For which positiveintegersn is na * 4n prime?

19. Show that the pair of positiveintegersn and n * 2 are twin primes if and only if
4 l ( n - l ) l + t l + n = 0 ( m o d n ( n * 2 ) ) , w h e r en I l .

2 0 . S h o w t h a t t h e p o s i t i v e i n t e g e r s an n d n * k , w h e r e n ) k a n d k i s a n e v e n
positive integer, are both prime if and only if (k!)'z[(n-t)t + t]
+ n ( k ! - l ) ( k - l ) ! = 0 ( m o dn ( n + k ) ) .

2 1 . S h o w t h a t i f p i s p r i m e ,t h e n l l | = 2 ( m o d p ) .
lp )

22. a) In problem 17 of Section 1.5, we showed that the binomial coefficient

where I < k ( p - l, is divisibleby p when p is prime. Use this fact and the
binomial theorem to show that if a and b are integers, then
152 S ome S peci al C ongruences

( a + b ) p = a p * 6 z ( m o dp ) .

b) Use part (a) to prove Fermat's little theorem by mathematical induction.

(Hint: In the induction step, use part (a) to obtain a congruencefor
fu + l)p.)
23. Using problem 16 of Section 3.3, prove Gauss' generaltzation of Wilson's
theorem, namely that the product of all the positive integers less than m that are
relatively prime to rn is congruent to I (mod z), unless ffi : 4,p,, or 2p, where
p is an odd prime and I is a positive integer, in which case, it is congruent to
-l (mod rn ).

24. A deck of cards is shuffied by cutting the deck into two piles of 26 cards. Then,
the new deck is formed by alternating cards from the two piles, starting with the
bottom pile.

a) Show that if a card begins in the cth position in the deck, it will be in the
Dth positionin the new deck where b = 2c (mod 53) and I < 6 <52.

b) Determine the number of shuffies of the type described above that are
needed to return the deck of cards to its original order.

25. Let p be prime and let a be a positive integer not divisibleby p. We define the
Fermat quotient qob) by qp(a): (ap-t-l)/p. Show that if a and, b are
positive integers not divisible by the prime p, then
q G b ) : e r ( a ) + q o $ ) ( m o dp ) .
26. Let p be prime and let a1,a2,...,ap
and b ,,b2,...,b,be completesystemsof residues
modulo p Show that a1bya2b2,...,aobois not a complete system of residues
modulo p.

5.1 Computer Projects

Write programs to do the following:

l. Find all Wilson primes less than 10000. A Wilson prime is a prime p for which
( p - l ) ! : - l ( m o dp 2 ) .

2. Find the primesp lessthan 10000 for which Zp-t = I (mod p2).

3. Solve linear congruenceswith prime moduli via Fermat's little theorem.

5.2 Pseudoprimes
Fermat's little theorem tells us that if n is prime and b is any integer, then
bn = b (mod n). Consequently, if we can find an integer b such that
b' + b (mod n ), then we know that n is composite.

Example. We can show 63 is not prime by observingthat

5 .2 P s eudopr im es 153

-__ = g
263:2eo.2t : (26)ro.23:64to23 23 + 2 (mod 63).

Using Fermat's little theorem,we can show that an integer is composite. It

would be even more useful if it also provided a way to show that an integer is
prime. The ancient Chinesebelievedthat if 2'= 2 (mod n ), then n must be
prime. Unfortunately, the converseof Fermat's little theorem is not true, as
the following example shows.

Exa m ple. Let n - 3 4 1 : 1 1 .3 1 . By F e rma t' s l i t tl e theorem,w e see that 210

= I ( m od l1) , s o th a t 2 3 a o : (2 t0 ;3 + t (mo d l 1). A l so 23a0: (25)68=
(3 2 )6 s= t ( m od 3l ). H e n c e ,b y T h e o re m 3 .1 , we have 2340: I (mod 341).
By multiplying both sides of this congruence by 2, we have
2341 2 (mod 341), even though 341 is not prime.
Examples such as this lead to the following definition.

Definition. Let b be a positive integer. If n is a composite positive integer

and b' = b (mod n), then n is called a pseudoprime to the base b.
Not e t hat if ( b, n ): 1 , th e n th e c o n g ru e n c eb n = b (mod n) i s equi val ent
to the c ongr uenc eb n -t: I (mo d n ). T o s e eth is, note that by C orol l ary 3.1
we can divide both sides of the first congruenceby b, since (b,n) : l, to
obtain the secondcongruence. By Theorem 3.1, we can multiply both sidesof
the second congruencs by b to obtain the first. We will often use this

Exa m ple. T he inte g e rs 3 4 1 : I l ' 3 1 , 5 6 1 : 3 ' l 1' 17 and 645 : 3' 5' 43 are
pseudoprimesto the base 2, since it is easily verified that 2340: I (mod 341),
256o I (mod 561). and 26aa= I (mod 645).
If there are relatively few pseudoprimesto the base b, then checking to see
whether the congruence b' = D (mod n) holds is an effective test; only a
small fraction of composite numbers pass this test. In fact, the pseudoprimes
to the base b have been shown to be much rarer than prime numbers. In
particular, there are 455052512 primes, but only 14884 pseudoprimesto the
base 2, less than 1010. Although pseudoprimesto any given base are rare,
there are, nevertheless,infinitely many pseudoprimesto any given base. We
will prove this for the base 2. The following lemma is useful in the proof.

Lemma 5.1. lf d and n are positive integers such that d divides rz, then
2d - 1 divides 2n - l.

Proof. Since d I n, there is a positive integer / with dt : n. By setting

x:2d i n t h e i d e n t i t vx t - I - ( x - 1 ) ( x t - l + x t - z + + l), we find
154 S ome S peci al C ongruences

that 2n-t:(2d-l) 12dQ-r+

) 2do-Da +2d +l). Consequently,
Od - t) | Q' - D. tr
We can now prove that there are infinitely many pseudoprimesto the base

Theorem 5.4. There are infinitely many pseudoprimesto the base 2.

Proof. We will show that if r is an odd pseudoprimeto the base 2, then

m : 2' - I is also an odd pseudoprimeto the base 2. Since we have at least
o n e odd ps eudo p ri meto th e b a s e 2 , n a m e l y fl s:341, w e w i l l be abl e to
construct infinitely many odd pseudoprimesto the base 2 by taking ns: 341
a n d n 1 r a :12 n ' - I f o r k : 0 , 1 , 2 , 3 , . . . . T h e s eo d d i n t e g e r sa r e a l l d i f f e r e n t ,
s i n c en o I n t 1 n z 1 . ' . 1 n * ( n 1 1 1(

To continue the proof, let n be an odd pseudoprime,so that n is composite

and 2n-t = I (mod n). Since n is composite, w have n : dt with
11d1n and l</1n. we will show that m:2n-r is also
pseudoprimeby first showing that it is composite,and then by showing that
2^-t = I (modz).
To see that m is composite, w use Lemma 5.1 to note that
Qd - t) | (Z' - l): m. To show that 2^-t: I (modre), we first note
t h a t s i n c e2 n : 2 ( m o d n ) , t h e r e i s a n i n t e g e rk w i t h 2 n - 2 : k n . H e n c e ,
2 ^ - t : 22' - 2: 2k n . By Lemma 5.1, we know that
m : ( 2 n - l ) | ( 2 k n- l ) : 2 ^ - l - l . H e n c e , 2 m - t - I : 0 ( m o d z ) , s o
that 2^-t = I (mod re). We conclude that z is also a pseudoprimeto the
base 2. rl

If we want to know whether an integer n is prime, and we find that

2n-t : I (mod n), we know that n is either prime or n is a pseudoprimeto
the base 2. One follow-up approachis to test n with other bases. That is, we
check to see whether bn-r : I (mod n) for various positiveintegers6. If we
fi n d any v alues o f b w i th (b ,n ): I a n d b n -r # | (mod n), then w e know
that n is composite.

Example. We have seenthat 341 is a pseudoprimeto the base 2. Since

7 3 : 3 4 3 = 2 ( m o d3 4 1 )


zto: 1024: I (mod341) .

5.2 Pseudoprimes 155

we have

7 3 a 0- 0 3 ) t t 3 l = 2 t 1 3 7: ( 2 1 0 ) 1 t . 2 3 . 7
: 8.7 = 56 # I (mod 341).

He n c e,we s eet hat 3 4 1 i s c o m p o s i tes, i n c eT z to1 l (mod 341).

Unfortunately, there are compositeintegers r? that cannot be shown to be

composite using the above approach, becausethere are integers which are
pseudoprimesto every base, that is, there are compositeintegersn such that
b'-t = I (modn), for all b with (b,n): l. This leadsto the following

Definition. A composite integer which satisfies bn-t : I (mod n) for all

positiveintegersb with (b,il : I is called a Carmichael number.

E x a m p l e . T h e i n t e g e r 5 6 1 : 3 ' 1 1 ' 1 7 i s a C a r m i c h a e ln u m b e r . T o s e e t h i s ,
n o t e t h a t i f ( b , 5 6 1 ) : l , t h e n ( b , 3 ) : ( b , l l ) : ( b , 1 7 ) : l . H e n c e ,f r o m
Fermat's little theorem, we have b2 = I (mod 3), 610: I (mod I l), and
6 1 6 I ( m o d 1 7 ) . C o n s e q u e n t l yb,5 6 0 : ( b 2 ) 2 8 0 : I ( m o d 3 ) , b s 6 0 : ( b 1 0 ) 5 6
= I ( m o d l l ) , a n d 6 5 6 0 : ( b l 6 ) 3 5= I ( m o d l 7 ) . T h e r e f o r e ,b y T h e o r e m
3 . 1 , b 5 6 0= I ( m o d 5 6 1 ) f o r a l l b w i t h ( b , n ) : L

It has been conjecturedthat there are infinitely many Carmichael numbers,

but so far this has not been demonstrated. We can prove the following
thecrem,which providesconditionswhich produceCarmichael numbers.

Th e o r em 5. 5. I f n: Qt Qz q 1 , w h e re th e q i ' s are di sti nct pri mes that

satisfy Qi - 1) | (,4 - j,
l) for all then n is a Carmichael number.

Pro o f . Let b be a p o s i ti v e i n te g e r w i th (b ,n ) : l . Then (b,q1): I for

j :1,2,...,k, a n d h e n c e ,b y F e r m a t ' sl i t t l e t h e o r e m ,b Q t - r I ( m o d Q ) f o r
j : 1 , 2 , . . . , k . S i n c e Q i - l ) | ( n - l ) f o r e a c h i n t e g e rj : 1 , 2 , . . . , k ,
th e re ar e int eger s/.; w i th r;(q , - l ) : n - L H ence, for each /, w e know
th a t b ' - t : 6\ Q ' - r ) tt' -t t-o O q rl . T h e re fo re ,b y C orol l ary 3.2, w e see that
bn-t : I (mod n), and we concludethat n is a Carmichael number. D

Exa mple. T heor em 5 .5 s h o w sth a t 6 6 0 1 :7 ' 2 3 ' 4 1 i s a Carmichael number,

b e ca us e J , 23, a n d 4 I a re a l l p ri m e , 6 : Q - t ) | o o o o2, 2 :
Ql - t) | oooo,
and4o: (+t - t) | oooo.
The converseof Theorem 5.5 is also true, that is, all C armi chaelnumbers
are of the form Qflz Q* where the Qj's are distinct primes and
Qi -l ) | t r - l) f or a l l j . We p ro v eth i s fa c t i n Chapter 8 .
156 S ome S peci al C ongruences

Once the congruencebn-r : I (mod n ) has been verified, another possible

approach is to consider the least positive residue oS 6h-D/2 modulo r. We
n o t e t hat if x : 6 (,-t)/2 , th e n x 2 : b n -t: I (mod r). rf n i s pri me, by
Proposition 3.4, we know that either x = I or x = -l (mod n).
Consequently,once we have found that b"-t: I (mod n), we can check to
see wheth", 6tu-t)/2 = + I (mod n). If this congruencedoes not hold. then
we know that n is composite.

Example. Let b:5 and let n:561, the smallesC t a r m i c h a e ln u m b e r . w e

0 6 7 (mo d 5 6 1 ). H e nce,56l i s composi te.
fi nd t hat 5( 561- t )/2 :5 2 8 =

We continuedevelopingprimality testswith the following definitions.

Definition. Let n be a positive integer with n-l : 2't, where s is a

nonnegative integer and / is an odd positive integer. We say that n passes
Miller's test for the base b if either bt = I (mod n) or b/' : -l (mod n)
We now show that if n is prime, then /, passesMiller's test for all basesD
with n I b.

Theorem 5.6. lf n is prime and b is a positive integer with n I b, then n

passesMiller's test for the baseD.

Proof. Let n-l :2"/, where s is a nonnegativeinteger and I is an odd

positive i n t e g e r .L e t x 1 r : 6 { J . - t ) / z ' - 6 ? : - ' t , f o rk : 0 , l,2,...,s.Since n is
p rim e, F er m at ' s l i ttl e th e o re m te l l s u s th a t x0: bn-t :1 (mod n). B y
Proposition 3.4,, since x? : 16{n-r)/z1z: xo E I (mod n ), either
xt i - l ( m o d n) or rr E I (modn). If rr E I (modn), since
x ? , : x r E I ( m o d n ) , e i t h e r x z ? - l ( m o dn ) o r x z 7 1 ( m o d r u ) . I n
g e n er al, if we ha v e fo u n d th a t x s : x l : x 27 : xk = I (mod n),
with k ( s, then, since x?+t : x* 3 I (mod n), we know that either
x* + r 7 - l ( m od n ) o r x r+ r t 1 (mo d n ).
Continuing this procedure for k : l, 2,...,s, we find that either
x * ? I ( m o d n ) , f o r k : 0 , 1 , . . . , s , o r x t 7 - l ( m o d n ) f o r s o m ei n t e g e r/ c .
Hence, n passesMiller's test for the baseb. n
If the positive integer n passes Miller's test for the base 6, then either
b t = I ( m od n) o r b v t : -l (m o d n ) fo r s o m e7 w i th 0 < j ( s -1, w here
n - | :2't and r is odd.
In either case, we have bn-t = I (mod n ), since bn-\ - 162tt12'-tfor
J:0, 1 , 2 , . . . , s , s o t h a t a n i n t e g e rn t h a t p a s s e sM i l l e r ' s t e s t f o r t h e b a s eb
is automatically a pseudoprimeto the base b. With this observation,we are
5.2 Pseudoprimes 157

led to the following definition.

Definition. lf n is compositeand passesMiller's test for the base 6, then we

say n is a strong pseudoprime to the base b.

Example. Let n :2047 :23'89. Then 220a6 : ' ( 2 1 r ) 1 8 6 : ( Z O + A ) 1 8: 6 1

(mod 204D, so that 2047 is a pseudoprime to the base 2. Since 22046/2 :
2to23 : (2t l)e3 : (zo+g)e3 : I (mod 2047), 2047 passes Miller's test for
the base 2. Hence, 2047 is a strong pseudoprimeto the base 2.
Although strong pseudoprimesare exceedinglyrare, there are still infinitely
many of them. We demonstrate this for the base 2 with the following

Theorem 5.7. There are infinitely many strong pseudoprimesto the base 2.

Proof. We shall show that if n is a pseudoprime to the base 2, then

N :2 ' - l is a s t r on g p s e u d o p ri meto th e b a s e2 .
Let n be an odd integer which is a pseudoprimeto the base 2. Hence, n is
composite, and Zn-r : I (mod n). From this congruence, we see that
2'-r -l : nk for some integer k; furthermore,k must be odd. We have

,A f- I : 2 n -2 : 2 (2 n -r-l ) : Ztnk;

this is the factorizationof /V-l into an odd integer and a power of 2.

We now note that

2?v-r)/2:2nk : (Zn)k = I (mod /V)

b e c a u s 2e n : ( z n - t ) + t:I{* I = I ( m o d , n { ) .T h i s d e m o n s t r a t e s t h a t N
passesMiller's test.
In the proof of Theorem 5.4, we showed that if n is composite, then
N : 2'-l also is composite. Hence, N passes Miller's Test and is
composite, so that N is a strong pseudoprime to the base 2. Since every
pseudoprimen to the base 2 yields a strong pseudoprime2n-1 to the base 2
and since there are infinitely many pseudoprimesto the base 2, we conclude
that there are infinitely many strong pseudoprimesto the base 2. tr
The following observationsare useful in combination with Miller's test for
checking the primality of relatively small integers. The smallest odd strong
pseudoprimeto the base 2 is 2047, so that if n 1 2047, r is odd, and n passes
Miller's test to the base 2, then n is prime. Likewise, 1373653is the smallest
158 S ome S peci al C ongruences

odd strong pseudoprimeto both the bases2 and 3, giving us a primality test
for integers less than 1373653. The smallest odd strong pseudoprimeto the
bases2,3, and 5 is 25326001,and the smallestodd strong pseudoprimeto all
t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 1 5 0 3 1 7 5 1 .A l s o , l e s st h a n 2 5 . 1 0 e t, h e o n l y o d d
i n t e g e rw h i c h i s a p s e u d o p r i m teo a l l t h e b a s e s2 , 3 , 5 , a n d 7 i s 3 2 5 1 0 3 1 7 5 1 .
This leads us to a primality test for integersless than 25.10e. An odd integer
n is pr im e if n < 2 5 ' 1 0 e ,n p a s s e sMi l l e r' s te st for the bases2,3,5, and 7,
a n dn I 3 2 1 5 0 3 1 7 5 1 .
There is no analogy of a Carmichael number for strong pseudoprimes.This
is a consequenceof the following theorem.

Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's

te s t f or at m os t Q -l )/4 b a s e sb w i th I < b ( n - l .

We prove Theorem 5.8 in Chapter 8. Note that Theorem 5.8 tells us that if
t? passesMiller's tests for more than (n-l)/4 basesless than n, then n must
be prime. However, this is a rather lengthy way, worse than performing trial
divisions,to show that a positiveinteger n is prime. Miller's test does give an
interestingand quick way of showingan integer n is "probablyprime". To see
this, take at random an integer b with I < D ( n - I (we will see how to
make this "random"choice in Chapter 8). From Theorem 5.8, we seethat if n
is composite the probability that r? passesMiller's test for the base b is less
than I/4. If we pick k different basesless than n and perform Miller's tests
for each of thesebaseswe are led to the following result.

Rabin's Probabilistic Primality Test. Let n be a positive integer. Pick k

different positive integers less than n and perform Miller's test on n for each
of these bases. If n is composite the probability that n passesall k tests is
l e s st h a n 0 / 4 k .

Let n be a compositepositiveinteger. Using Rabin's probabilisticprimality

test, if we pick 100 different integers at random between I and n and,perform
Miller's test for each of these 100 bases,then the probability than n passesall
the tests is less than 10-60,an extremely small number. In fact, it may be
more likely that a computer error was made than that a compositeinteger
passesall the 100 tests. Using Rabin's primality test does not definitely prove
that an integer n that passesall 100 tests is prime, but does give extremely
strong,indeedalmost overwhelming,evidencethat the integer is prime.
There is a famous conjecture in analytic number theory called the
generalized Riemann hypothesis. A consequenceof this hypothesis is the
following conjecture.
5.2 Pseudoprimes 1s9

Conjecture 5.1. For every compositepositiveinteger n, there is a base b with

b < 70 (log2n)2,such that n fails Miller's test for the base b.
If this conjecture is true, as many number theorists believe,the following
result providesa rapid primality test.

Proposition 5.1. If the generalizedRiemann hypothesisis valid, then there is

an algorithm to determine whether a positive integer n is prime using
O ((log2n)5)Uit operations.

Proof. Let b be a positive integer less than n. To perform Miller's test for
the base b on n takes O (logzn)3) bit operations,becausethis test requires
that we perform no more than log2n modular exponentiations,each using
O(logzb)2) Ult operations. Assume that the generalizedRiemann hypothesis
is true. lf n is composite,then by Conjective 5.1, there is a base 6 with
| < b < 70 (log2n)2such that n fails Miller's test for b. To discoverthis b
requires less than O(log2n)3)'O((togzn)z) : O((log2n)5) Uit operations,by
Proposition 1.7. Hence, after performing O((log2n)s) bit operations,we can
determinewhether n is compositeor prime. I

The important point about Rabin's probabilistic primality test and

Proposition 5.1 is that both results indicate that it is possibleto check an
i n te g er n f or pr im a l i ty u s i n g o n l y O((l o g 2 n )ft) bi t operati ons,w here k i s a
positive integer. This contrasts strongly with the problem of factoring. We
have seen that the best algorithm known for factoring an integer requires a
number of bit operationsexponentialin the squareroot of the logarithm of the
number of bits in the integer being factored, while primality testing seemsto
require only a number of bit operationsless than a polynomial in the number
bits of the integer tested. We capitalize on this difference by presentinga
recently inventedcipher systemin Chapter 7.

5.2 Problems

l . Show that 9l is a pseudoprimeto the base 3.

2 . Show that 45 is a pseudoprimeto the bases17 and 19.
3 . Show that the even integer n : 161038:2'73' l 103 satisfiesthe congruence
2n = 2 (mod n). The integer 161038 is the smallest even pseudoprimeto the
base 2.

4 . Show that every odd composite integer is a pseudoprimeto both the base I and
t h e b a s e- 1 .

5 . Show that if n is an odd compositeinteger and n is a pseudoprimeto the base a,

then n is a pseudoprimeto the base n - a.
160 Some SpecialCongruences

6 , S h o w t h a t i f n : ( a z p - - l ) / G 2 - l ) , w h e r e a i s a n i n t e g e ra, ) l , a n d p i s a n
odd prime not dividing a(a2 - l), then n is a pseudoprimeto the base a.
Conclude that there are infinitely many pseudoprimesto any base a. (Hint: To
establish that ao-t = I (mod n), show that 2p | (, - 1), and demonstrate that
a 2 P: 2 ( m o d n ) . )

7. Show that every composite Fermat number F^ : 22' + I is a pseudoprimeto the

base 2.

8. Show that if p is prime and the Mersenne number Mo : 2P - I is composite,

then Mo is a pseudoprime to the base 2.

9 . Show that if z is a pseudoprime to the bases a and b, then n is also a

pseudoprimeto the base aD.

1 0 . Show that if n is a pseudoprimeto the base a, then n is a pseudoprimeto the

base a-, where d' is an inverseof a modulo n.

l l . a) Show that if n is a pseudoprimeto the base c, but not a pseudoprimeto the

base 6, then n is not a pseudoprimeto the base aD.

b) Show that if there is an integer b with (b,n) : I such that n is not a

pseudoprimeto the base D, then n is a pseudoprimeto lessthan or equal 6 Ah)
different basesa with I ( a ( n. (Hint: Show that the sets c t, o2,..., a, and
ba, have no common elements,where ot, o2, ..., ar are the basesless
than n to which n is a pseudoprime.)

12. Show that 25 is a strong pseudoprimeto the base 7.

13. Show that 1387 is a pseudoprime,but not a strong pseudoprimeto the base 2.

14. Show that 1373653 is a strong pseudoprimeto both bases2 and,3.

15. Show that25326001 is a strong pseudoprimeto bases2,3, and 5.

1 6 . Showthat the followingintegersare Carmichaelnumbers

il 2 8 2 1: 7 ' 1 3 ' 3 1
b) 1 0 5 8 5: 5 . 2 9 ' 7 3
c) 29341: l 3 ' 3 7 ' 6 1
d ) 3 1 4 8 2 1: 1 3 . 6 r . 3 9 7
e) 27845: 5'17'29.113
f) 1 7 2 0 8:17 - 1 3 . 3 1 . 6 1
g) : 43.3361.3907.
1 7 . Find a Carmichaelnumberof the form7.23.qwhereg is an odd prime.
1 8 . a) S howt ha t e v e ryi n te g e o r f th e fo rm (6 m +l )(l 2m+ l )(tg,n + t), w herem i sa
pos it iv eint e g e rs u c h th a t 6 m* l ,l 2 ml l , and l 8m* l are al l pri mes,i s a
5.2 Pseudoprimes 161

b) Conclude from part (a) th a t 1 7 2 9- 7 ' 1 3 ' 9 l , 2 9 4409: 37' 73' 109,55164051
. 8 9 0 1 5 2 1 2 7 1 ' 5 4 1 ' 8 1al .n d 7 2 9 4 7 5 2 -9 3 0 7 ' 6 1 3 ' 9 1a9r e
: 2 t 1 . 4 2 1 . 6 3 1I 1 :
Carmichael numbers.

19. Show that if n is a positive with n = 3 (mod 4), then Miller's test takes
O ((logzn)2) bit operations.

5.2 Computer Projects

Write programs to do the following:

I. Given a positive integer n, determine whether n satisfies the congruence

bn-t = I (mod n) where b is a positive integer less than n; if it does, then n is
either a prime or a pseudoprimeto the base D.

2. Given a positive integer integer n, determine whether n passesMiller's test to the

base b; if it does then n is either prime or a strong pseudoprimeto the base b.

3. Perform a primality test for integers less than 25'l0e based on Miller's tests for
the bases2,3,5, and 7. (Use the remarks that follow Theorem 5.7.)

4. Perform Rabin's probabilistic primality test.

5. Find Carmichael numbers.

5.3 Euler's Theorem

Fermat's little theorem tells us how to work with certain congruences
involving exponentswhen the modulus is a prime. How do we work with the
correspondingcongruencesmodulo a compositeinteger? For this purpose,we
first define a specialcounting function.

Definition. Let n be a positive integer. The Euler phi-function Qh) is

defined to be the number of positive integers not exceeding n which are
relatively prime to n.
In T abt e 5. 1 we dis p l a yth e v a l u e so f @ (n ) fo r I ( r ( 12. The val uesof
d(,n) for I ( n < 100 are given in Table 2 of the Appendix.

n 2 3 4 5 6 7 8 9 l0 il I2

6h) I 2 2 4 2 6 4 6 4 l0 4

Table 5.1. The Valuesof Euler's Phi-functionfor I ( n < 12.

162 S ome S peci al C ongruences

In Chapt er 6, w e s tu d y th e E u l e r p h i -fu n c t i onfurther. In thi s secti on,w e

use the phi-function to give an analogue of Fermat's little theorem for
compositemoduli. To do this, we need to lay somegroundwork.

Definition. A reduced residue system modulo n is a set of Ofu) integers

such that each elementof the set is relatively prime to n, and no two different
elementsof the set are congruentmodulo n.

E x a m p l e . T h e s e t 1 , 3 , 5 , 7 i s a r e d u c e dr e s i d u es y s t e mm o d u l o 8 . T h e s e t
- 3 , - 1 , l , 3 i s a l s os u c ha s e t .

we will need the following theorem about reducedresiduesystems.

Theor em 5. 9. lf r1 ,r2 ,...,t6 G) i s a re d u c e dresi duesystemmodul o n, and i f

a i s a pos it iv eint e g e rw i th (a ,fl ) : l , th e n th e set et1, et2, ..., ot6h) i s al so a
reducedresiduesystemmodulo r.

Proof. To show that each integer ari is relatively prime to n, we assumethat

(a r1, n) ) l. T he n , th e re i s a p ri m e d i v i s o r p of (ari ,n). H ence, ei ther
p I a or p I 11. T h u s , w e e i th e r h a v e p I a a nd p I n,' o, p I ri and p I n.
However, we cannot have both p I r; and p I n, since r; is a member of a
reduced residue modulo n, and both p I a and p I n cannot hold since
(a,n): l. Hence, we can conclude that ar1 and n are relatively prime for
j : l , 2 , . . ' ,Q h ) .

To demonstratethat no two ari's are congruent modulo n, we assumethat

arj = ar1, (mod n), where j and k are distinct positive integers with
1 < j ( d ( n ) a n d I < k ( d ( n ) . S i n c e( a , n ) : l , b y C o r o l l a r y 3 . l w e s e e
that r; : rk (mod n). This is a contradiction, since r7 and r,1 coffie from the
original set of reducedresiduesmodulo r?,so that ri # rr (mod n). tr
We illustrate the use of Theorem 5.9 by the following example.

Exam ple. T he se t 1 ,3 ,5 ,7 i s a re d u c e d re si duesystem modul o 8. S i nce

( 3 , 8 ): l , f r o m T h e o r e m5 . 9 , t h e s e t 3 ' l : 3 , 3 ' 3 : 9 , 3 . 5 : 1 5 , 3 ' 7 : 2 1 i s
also a reducedresiduesystemmodulo 8.
We now state E,uler'stheorem.

Euler's Theorem. If m is a positive integer and a is an integer with

(a ,m ) : l, t hen so tu ) = I (mo d rn ).

Before we prove Euler's theorem, we illustrate the idea behind the proof
w i th an ex am ple.
5 .3 Euler ' s T heor em 163

Example. We know that both t h e s e t s l , 3 , 5 , 7 a n d 3 ' 1 , 3 ' 3 , 3 ' 5 , 3 ' 7 a r e

reduced residuesystemsmodulo 8. Hence, they have the same least positive
residuesmodulo 8. Therefore,
( 3 .l ) . ( 3 . 3 )(.3 . s )(.3 . 7 ): l ' 3 ' 5 ' 7( m o d8 ) ,

3 4 ' l ' 3 ' 5 ' 7= l'3'5'7 (mod8).

8) : l , w e c o n c l u d eth a t

3 + _ 3 d (a ): I (m o d g ) .

We now use the ideas illustrated by this exampleto prove Euler's theorem.

Proof. Let rr,rZ, ..., ro(^) denote the reduced residuesystem made up of the
positiveintegersnot exceedingm that are relatively prime to m. By Theorem
5 . 9 , s i n c e ( a , m ) : l , t h e s e t Q t 1 ,a t y , . . . , a r 6 ( m ) i s a l s o a r e d u c e dr e s i d u e
syste m m odulo lz . H e n c e , th e l e a s t p o s i ti v e re si duesof ar1, Qr2,...,or6(m)
mu st be t he int ege rs 1 1 ,1 2 ,..., r6 (m ) i n s o me o rder. C onsequentl y,i f w e
multiply togetherall terms in each of thesereducedresiduesystems,we obtain
ar pr 2 aryfu't -- r| rz 16(^) (mod la) .

a 6 ( ^ )r { z ' r 6 ( m )j r(z r o(m) (mod z ) .

Si n ce ( r g2 r a( ^ ), m ) : l , fro m C o ro l l a ry 3.1, w e can concl ude that

o o ( m )= I ( m o d m). D

We can use Euler's Theorem to find inversesmodulo m. lf a and m are

relatively prime, we know that
s ' t6 (m)-t : 4 4 (m) 1 (mo d rn).

H e n c e,o6( m ) - tis an i n v e rs eo f a m o d u l om.

Example. We know that 20@-t - 26-t : 25 : 32:5 (mod 9) is an inverse

of 2 modulo 9.
We can solve linear congruences using this observation. To solve
a x j D ( m od z ) , w h e re (a ,m) : I , w e mu l ti pl y both si des of thi s
164 S ome S peci al C ongruences

co ngr uenc eby aa h )-l to o b ta i n

o o (m)-to * - : q Q ( m ) - t b( m o d m ) .

Therefore, the Solutions are those integers such that

y : of(m)-tb (modm).

Example. The solutions o f 3 x = 7 (mod l 0) are given by

x = 3d( 10) - 1. 7 3 3 .J:9 (mo d l 0 ) , s i n c ed ( I 0 ) : 4 .

5.3 Problems
l. Find a reducedresiduesystemmodulo

a)6 d) t4
b)e e) 16
c) lo f) 17.

2. Find a reduced residue system modulo 2^ , where m is a positive integer.

3 . Show if c t, c2, ..., c6(m) is a reduced residue system modulo m , then
c1* c2* * ,oh): 0 ( m o dl n ) .
4 . Show that if m is a positive integer and a is an integer relatively prime to m,
then I I a * a2 * I ofh)-t = 0 (mod m).
5 . Use Euler's theorem to find the least positive residueo1 3100000
modulo 35.
6 . Show that if a is an integer, then a7 = a (mod 63).
7 . Show that if a is an integer relatively prime to 32760, then

8 . Show that cd(b) I 6ab) : I (mod ab), if a and b are relatively prime positive

9 . Solve the following linear congruencesusing Euler's theorem

il 5x = 3 (mod 14)

b) 4x = 7 (mod 15)

c) 3x = 5 (mod 16).
1 0 . Show that the solutions to the simultaneoussystem of congruences
5 .3 E uler ' s T heor e m 165

x i ar (mod rn r)
* o, (mod mz)

x ? a, (mod m),

where the mi are pairwise relatively prime, are given by

x j a,ul'^) + a2M!@) a + a,M!t^') (mod u)'

w h e r eM : m 1 m 2 m , a n dM j : M/mi forT: 1,2,...,r.

I l. Using Euler's theorem,find

a) the last digit in the decimal expansiono1 7t000

b) the last digit in the hexadecimalexpansionoP 51100$000.

1 2 . F i n d @ ( n ) f o r t h e i n t e g e r sn w i t h 1 3 ( n < 2 0 .

13. a) Show every positive integer relatively prime to l0 divides infinitely many
repunits (see problem 5 of Section 4.1). (Hint: Note that the n -digit repunit
lil ... ll : (to'-t)/q.)

b) Show every positiveinteger relatively prime to b divides infinitely many base

b repunits (seeproblem 6 of Section4.1).

14. Show that if m isa positiveinteger,m ) 1, then o^ = am-6(m)(mod rn ) for all


5.3 Computer Projects

Write programsto do the following:

l. Solve linear congruencesusing Euler's theorem.

2. Find the solutionsof a system of linear congruencesusing Euler's theorem and

the Chineseremaindertheorem (seeproblem l0).

6.1 The Euler Phi-function

In this chapter we study the Euler phi-function and other functions with
similar properties. First, we presentsomedefinitions.

Definition. An arithmetic function is a function that is defined for all positive

Throughoutthis chapter,we are interestedin arithmetic functionsthat have
a specialproperty.

Definition. An arithmetic function f is called multiplicative if

f fun) : f (m)f fu) wheneverm and n are relatively prime positiveintegers.

Example. The function f h) : I for all n is multiplicative because

f(mn):1, f(m):1, and f(n):1, so that fhn):f(m)fh).
Similarly, the function g(n) : n is multiplicative, since
g(mn) :mn : g(m)efu). Notice that ffun) :1(m)fh) and
g( m n) : g( m ) S h ) fo r a l l p a i rs o f i n te g ersm and n, w hether or not
(m,n) : l. Multiplicative functions with this property are called completely
mult ip licative functions.
If / is a multiplicativefunction, then we can find a simple formula for f fu)
given the prime-powerfactorizationof n.

T heor em6. 1. I f / i s a m u l ti p l i c a ti v efu n c ti onand i f n: pi ' pi , ... pi ' i t

6.1 The EulerPhi'function 167

the prime-power factorization of the positive integer n, then

f tu): f Qi)f Qi) " "fQi).

Proof. Since f is multiplicativeand Qi',pi' ' ' ' p!) : l, we see that
f t u ): f b i ' p i '" ' p : ) : f Q i ' ' Q ? " ' p i ) ) : f i ' p \"' ' p : ' ) .
f Qi)-Q
S i n c eb i ' , p \ ' " ' p ! ' ) : 1 , w e k n o wt h a ft b i ' p \ ' " ' p ! ' ) : f b i ' )
-f Qi'... pl'), ro thatf(n): -f Qi') f Qi) f Qi' p:). continuing
in thisway,we findthatf h) : f Qi) f bi) .f (p\') f Q?) a
We now return to the Euler phi'function. First, we considerits values at
primesandthenat primepowers.

Theorem 6.2. If p is prime. then 0b) : p - l. Conversely, if p is a

positiveintegerwith d(p) - p - l, thenp is prime.

Proof. If p is prime then every positiveinteger lessthan p is relatively prime

to p. Sincethere arep - I suchintegers,we haveQQ) : p - l.
Co n v er s ely , ifp is c o mp o s i teth , e n p h a s a d i v i s ord w i th | < d 1p,and,
of course,p and d are not relatively prime. Since we know that at least one
of the p - | integers| ,2, ...,p - l, namely d, is not relativelyprime to p,
- l , t h e n p m u s t b e p r i m e t. r
d0) ( p-2. H e n c e , i 0f Q ) : p

We now find the value of the phi-functionat prime powers.

Theorem 6.3. Let p be a prime and a a positive integer. Then

6e\:po-po-t. = f o-'fp_D
' zZ\
Proof. The positive integers'less-thanpo that are not relatively prime to p are
thoseintegersnot exceedingpo that are divisibleby p. There are exactlypo-l
such integers,so there are po - po-r integersless than po that are relatively
p ri me t o po. Henc e ,6 b " ) : p o - P o -r. n

Example. Using Theorem6.3, we find that d(53) : 53 - 52 : 100,

O ( z t } ): 2 t 0 - 2 e: 5 1 2 , a n dd ( t t 2 ) : 1 1 2- 1 1 : 1 1 0 .
To find a formula for @(n), given the prime factorization of n, we must
show that d is multiplicative. We illustrate the idea behind the proof with the
following example.

E x a m p l e .L e t m : 4 a n d n : 9 , s o t h a t m n : 3 6 . W e l i s t t h e i n t e g e r sf r o m
I to 36 in a rectangularchart, as shownin Figure 6.1.
168 MultiplicativeFunctions

l0 t4 18 22 34

t2 l6 20 24 28 32 36


Neither the second nor fourth row contains integers relatively prime to 36,
since each element in these rows is not relatively prime to 4, and hence not
relatively prime to 36, We enclosethe other two rows; each element of these
rows is relatively prime to 4. Within each of theserows, there arc 6 integers
relatively prime to 9. We circle these; they are the 12 integers in the list
relativelyprime to 36. HenceOGO : 2.6 - OU)O(il.
We now state and prove the theorem that showsthat @is multiplicative.

Theorem 6.4. Let m and n be relatively prime positive integers. Then

Q f u n ): Q ( m ) t h ) .

Proof. We display the positive integers not exceeding mn in the following


I m*l 2m*l ... 6-l)m*l

2 m*2 2m*2 h-l)m*2

3 m*3 2m*3 h-I)m*3

2m 3m

Now suppose r l s a posltlve lnteger not exceeding m. Suppose

(m,r):d)1. Then no number in the rth row is relatively prime to mn,
since anv element of this row is of the form km * r, where k is an integer
6.1 The EulerPhFfunction 169

with I < t < n - l, and d | &m*r), sinced | * and d I r.

Consequently,to find those integers in the display that are relatively prime
to mn, we need to look at the rth row only if (m,r) : l. If fuI) :1 and
I ( r ( m, we must determinehow many integersin this row are relatively
prime to mn. The elements in this row are r , m * r ,
2m * r,..., h-l)m * r. Since (r,m) : l, each of these integers is
relatively prime to m. By Theorem 3.4, the n integersin the rth row form a
completesystemof residuesmodulo r. Hence, exactly Qh) of these integers
are relatively prime to n. Since these d(n) integersare also relatively prime
to m, they are relativelyprime to mn.
Since there are S(m) rows, each containing d(n) integersrelatively prime
to mn, we can concludethal Q(mn) : O(m)efu). tr
CombiningTheorems6.3 and 6.4, we derive the following formula for 0Q).

Theorem 6.5. Let n : por'pi' . . . pir' be the prime-power factorization of

the positive integer n. Then
6h):n0-lttr- tr-.!l .
Pr Pz Pt

Proof. Since @is multiplicative, Theorem 6.1 tells us that if the prime-power
factorization of n is n : pl,pl, pf,,, th"n

0h) : o?i)obi,) oht').

In addition, from Theorem 6.3 we know that

Obi')- pf'- p?-t: p;,(l- +)


forT : 1,2,...,k.Hence,

Qh): pi'T - L)ri,(l - I) pi,'o- t )

Pr Pz P*
pi:o- Lt (r-!)
ftt- P*
: n ( L- I l ( l - !) (l-I).
Pr Pz Pr,
This is the desiredformula for d(n). D
170 Multiplicative Functions

we illustrate the use of rheorem 6.5 with the following example.

Example. Using Theorem6.5, we note that

: o(22s2):
d(roo) loo(l- - :
il(l +) 4o.

0020: o(2432s)
: t2oe- - - l.

ilrr |l tr =)-192.
We now introduce a type of summation notation which is usefulin working
with multiplicativefunctions.

Let f be an arithmetic function. Then

2,f (d)

representsthe sum of the valuesof f at all the positivedivisorsof n.

Example. If / is an arithmetic function, then

> f U) : f (r)+ f Q)+ f 0) + f U) + f (O+ f 0D .


For instance.

> d 2 : 1 2+ 2 2 + 3 2 + 4 2 + 6 2 + 1 2 2
:l* 4+g+16+36+ 144:ZlO.

The following result, which states that n is the sum of the values of the
phi-functionat all the positivedivisorsof n, will also be useful in the sequel.

Theorem 6.6. Let n be a positive integer. Then


Proof. We split the set of integersfrom I to n into classes. Put the integer m
into the classCa if the greatestcommondivisor of m and n is d. We seethat
m is in C4, i. e . (m ,n ) : d ,i f a n d o n l y i f fu /d ,n/d) : l . H ence,the number
of integersin Ca is the number of positiveintegersnot exceedingn/d that are
relatively prime to the integer n/d. From this observation,we see that there
6.1 The Euler Phi'function 171

are gh/d) integersin C1. Since we divided the integers I to n into disjoint
classesand each integer is in exactly one class,n is the sum of the numbersof
elementsin the different classes.Consequently,we seethat

n : > Qhld)

As d runs through the positiveintegersthat divide n, nfd also runs through

thesedivisors,so that

dln dl,

This provesthe

Example.We illustratethe proofof Theorem6.6 whenn : 18. The integers

C4 whered I 18 suchthat the classC7
from I to 18 can be split into classes
containsthoseintegersm with (m,18) : d . We have

c 1 : { 1 ,5 , 7 , l l , 1 3 ,1 7 } C 6 : { 6 ,1 2 }
c 2 : { 2 , 4 ,8 , 1 0 ,1 4 ,1 6 } C g : { g }
C 3 : { 3 ,1 5 } C r r : { t g }.

We see that the classCa contains0081d) integers,as the six classes

c o n t a i nd ( 1 8 ): 6 , O ( 9 ): 6 , 0 ( 6 ) : 2 , O ( 3 ): 2 , 0 ( 2 ) : l , a n d d ( 1 ) : I
integers, respectively. We notethat 18: d(18) + O(g)+ ,O(0)+ ,0(3)+

6.1 Problems

l. Find the value of the Euler phi-function for each of the following integers

a) 100 d)'rr.13
b) 2s6 e) lo!
c) l00l f) 20t .

2. Find all positiveintegersn such that d(n) has the value

ill d)6
b)2 e) 14
c)3 f) 24.
172 Multiplicative Functions

3. For which positiveintegersn is 6fu)

a) odd
b) divisible by 4
c) equal to n/2 ?

4. Show that if n is a positive integer, then

fa@ if n is odd
QQn): if n is even.
5' Show that if z is a
.positive integer having k distinct odd prime divisors, then
d(n) is divisibleby 2k.
6. For which positive integers n is Qh) a power of 2?

7. Show that if n and k are positiveintegers,then Q(mk) : mk-16(m) .

8. For which positive integers lz doesQfu) divide m ?

9. Show that if a and b are positive integers,then

Qbb) : (a,b)6G)O$)lOKa,il)

10. Show that if m and,n are positiveintegerswith nr I n, then

Qfu) | oh).
11. Prove Theorem6.5, using the principle of inclusion-exclusion(seeproblem lZ of
Section 1 l).

12. show that a positive integer n is compositeif and only if ( n - .,,6-.

13. Let n be a positive integer. Define the sequenceof positive integers fl1,n2,13,...
recursivelyby nr: Qh) and n1.,1: 6(n*') for ft : r,2,3,... . show that there is
a positive integer r such that n, - 1.

14. Two arithmetic functions/ and I may be multiplied using the Dirichlet product
which is defined bv

V*s)(n): 2f @)shlil .

a) Showthat f*g : g*.f .

b) Showthat (/*g) *h : f* Q*h) .
c) Showthat if r is the multiplicativefunctiondefinedby

|,r if n: l
,{n): i fn ) l ,
then rf - f*t : f for all arithmetic functions/.
6.1 The Euler Phi-function 173

d) The arithmetic function g is said to be the inverse of the arithmetic functton

: ,. Show that the arithmetic function / has an inverse if
.f it f*S : g*-f
and only if f 0) I 0. Show that if / has an inverse it is unique. (Hint:
When f 0) # 0, find the inverse.f-t of/ by calculating/(n) recursively,
using the fact that '(n) - > f U)f-tfuld).)

1 5 . Show that if f and g arc multiplicative functions, then the Dirichlet product /*g
is also multiplicative.

t6. Show that the Miibius function defined by

t if n - I
l(-t)' if z is square-freewith primefactorization

lO if n has squarefactor larger than I


is multiplicative.

1 7 . Showthat if n is a positiveintegergreaterthanone,then ) p@) :0.


1 8 . Let f be an arithmetic function. Show that if F is the arithmetic function

defined by

F ( n ): > f @ ),
' dln


f h):2p@)Fhld).

This result is called the Miibius inversion formula.

1 9 . Use the Mobius inversion formula to show that if f is an arithmetic function and
F is the arithmetic function defined by

F ( n ): > f @ ),

then if F is multiplicative,so is /.

20. Usingthe Mobius inversionformulaand the fact that n - > 0h /il , provethat

a) Q(p') : p' - p'-',wherep is a primeandt is . *rr;:, integer.

174 MultiplicativeFunctions

b) d(n ) is multiplicative.
21. Show that the function f (n):ne is completely multiplicative for every real
number k.

22. a) we define Liouville's function r(n) by I(r) : l and for n ) | by

\(n) : (-l)4'|+4r+"'+a', if the prime-power factorization of n is
n: pi'pi' .'. p:'. Show that tr(n) is completelymultiplicative.

b) Show that if n is a positive integer then ) tr(n) equals 0 if z is not a

perfect square,and equals I if n is a perfect square.

23. a) Show that it f and g are multiplicative functions then fg is also


b) Show that if f and g arc completely multiplicative functions then /g is also

completely multiplicative.

24. Show that tf f is completely multiplicative, then f (il : f @r)",.f(pr)o,

' (p^)"' when the prime-power factorization of n is n : pi'pi' . . . p:"..
25. A function f that satisfiesthe equationf (mn) :7(m) + "f (n ) for all relatively
prime positive integers m and n is called additive, and if the above equation
holds for all positive integers m and n, f is called completely additive.

a) Show that the function -f (n) : log n is completely additive.

b) Show that if <^r(n)is the function that denotesthe number of distinct prime
factors of n, then <^ris additive, but not completely additive.

c) Show that if / is an additive function and if g(n):zfb), then g is


6.1 Computer Projects

Write programsto do the following:

l. Find valuesof the Euler phi-function.

2. Find the integerr in problem 13.

6.2 The Sum and Number of Divisors

We will also study two other arithmetic functions in some detail. One of
theseis the sum of the divisorsfunction.

Definition. The sum of the divisors function, denoted by o, is defined by

settingo(n ) equal to the sum of all the positivedivisorsof n.
6 .2 Th e S um and Nu mb e r o f D i v i s o rs 175

In Table6. 1 we giv e o h ) fo r 1 ( n < 1 2 The val ues of o(n) for

I ( n < 100 are given in Table 2 of the Appendix'

n I 2 3 4 5 6 7 8 9 r0 ll t2

oQ) I
J 4 7 6 t2 8 l 5 l 3 1 8 t2 2 8

Table6.1. The Sumof the Divisorsfor I ( n ( 12 .

The other function which we will study is the number of divisors.

Definition. The number of divisorsfunction, denotedby r, is definedby setting

r(n) equal to the number of positivedivisorsof n.
In Table6.2 we give ,h) for I ( n ( tZ. The values of ,Q) for
1 ( n < 100 are givenin Table 2 of the Appendix.

n I 2 3 4 5 6 7 8 9 10 ll t2

rh) I 2 2 3 2 4 2 4 3 4 2 6

Table6.2. The Number of Divisorsfor I ( n ( 12 '

Note that we can expresso(n) and z(n) in termsof summationnotation. It

is simple to seethat




To provethat o and r are multiplicative,we use the following theorem.

Theorem 6.7. If / is a multiplicative function, then the arithmetic function

F (n)

Beforewe prove the theorem,we illustrate the idea behind its proof with the
following example. Let "f be a multiplicative function, and let
176 MultiplicativeFunctions

r(60) : r(4)F(15). Each of the divisors of 60 may be written as the

pr oduc tof a d i v i s o ro f 4 a n d a d i v i s o ro f 15 i n the fol l ow i ngw ay: l :1.1,
2 : 2 ' 1 , 3 : 1 . 3 , 4 : 4 . 1 , 5 - 1 . 5 ,6 : 2 . 3 , I 0 : 2 . 5 , 1 2 - 4 . 3 , 1 5 : 1 . 1 5 .
20 :4'5, 30 : 2'15, 60 : 4-15 (in each product, the first factor is the divisor
of 4 , and the secondis the divisor of I 5). Hence,

F ( 6 0:) f ( r ) + / o + f $ ) + f ( q ) + f $ ) + f 6 ) + / ( 1 0 )+ f 0 2 )
+ f (rs)+/(zo) + f Q0 +/(60)
: . f ( r ' 1 )+ f Q . D+ f 0 . 3 )+ f u . D + f 0 . 5 )+ o . 3 )
+ f Q . i l + f ( 4 . , + f ( r . l s ) + f ( 4 . i l + f Q . l 5 )+ f Q . r s )
:f (t)f(l) + f Q)f(r) + f (l)7(:)+ f @)f(r)+ (fDj6)
+f Q)f(r)+ f Ql|(s) + f (Df(g)+ f ol7(rs)+ f @f 6)
+ f Q)f (rs)+ f Q)f 0s)
: ( / ( t ) + f Q ) + 7 Q ) ) ( / ( r l+ f G ) + f $ ) + / ( l s ) )
: F(4)F(rS).

we nowproveTheorem6.7 usingthe ideaillustratedby the example.

Proof. To showthat F is a multiplicativefunction,we must show that if m

thenF (md : F (m)r 0). So let
andn are relativelyprimepositiveintegers,
us assumethat (m,n) : l. We have

F (mn) : u) '

By Lemma2.5,since(m,n): l , eachdivisorof mn canbe writtenuniquely

as the productof relatively
dlof m andd2of n, andeachpair
of divisorsd1 of m and d2 of n corresponds to a divisord - dfi2 of mn.
Hence,we canwrite

F(mn) : > f Utd2)


Since/ is multiplicativeand since(dbd): l, we seethat

6.2 The Sum and Numberof Divisors 177

F (m n ) : 2 f Q)f @z)

drl^ drl,


Now that we know o and r are multiplicative, we can derive formulae for
their values based on prime factorizations. First, we find formulae for o(r)
and rh) when n is the power of a prime.

Lemma 6.1. Let p be prime and a a positive integer. Then

o ( p o ): ( t + p + p 2 + *po) :


po has
Proof. The divisors of po are l, p, p' ,...,po-t, po. Consequently,
e xa ctl y a*l div is o rs , so that r(po) : a * l. Also, we note that

o(po):1*p+pz+ * pa-t * po : where we have used

Theorem1.1. tr

Example. When we apply L e mma 6 .1 w i th p :5 a nd a: 3, w e fi nd that

s4- I
The above lemma and the fact that o and r ate multiplicative lead to the
following formulae.

Theorem 6.8. Let the positive integer n have prime factorization

n:pi'pi2... p:'. Then

p!'*'-l : pl'*'-l
o(n):ry p Pz-l
Pt-r P,-l
j -r P i -l
178 MultiplicativeFunctions

r(n) : (c1+l)(az+D (c,*t) : G1+D.

Proof. Since both o and r are multiplicative, we see that o(n) :
o(pi'p3' pi) : obi)obi) o(pi) and r(n) : ,ei,pi,
' ' ' p:') : ,(p1') ,Qi') ,Qi'). Inserting the values for oe!,) and
,Qi) found in Lemma 6.1, we obtain the desiredformulae. D
we illustrate how to use Theorem6.8 with the following example.

Example. Using Theorem 6.8, we find that

: r!-,,
o(200): o(2352) g : 15.31
: 465
2-t 5-l

r(2 o o ) : (3 + t ) Q+ D : 12.
" (2 3 5 2 ):

32-l . 52-l :31.

o ( l z 0 : o ( 2 a . 3 2 . s: ) T - , 1 . 13.6:241g
2-l 3-l 5-l


r ( 2 4 . 3 2 . i l(:4 + l ) ( z + t ) ( t + t:) 3 o.

6.2 Problems
l. Find the sumof the positiveintegerdivisorsof
a) 35 e) 2'3'5'7'll
b) te6 f) 2s345372t1
c) looo g) lo!
d) 2r0o h) 201.

2. Find the number of positive integer divisors of

il 36 d) 2.3.s.
b) 99 e) 2i2.s3.
c) r44 f) 20t.

3. Which positive integers have an odd number of positive divisors?

6.2 The Sum and Numberof Divisors 179

4. For which positive integers n is the sum of divisors of n odd?

5. Find all positiveintegersn with a(n) equal to

a) 12 d) 48
b) l8 e) 52
c) 24 f) 84

6. Find the smallestpositiveinteger n with r(n) equal to

a)l d)6
b)2 dt4
c) 3 f) 100.

7. Show that if k > | is an integer,then the equationrh) : ft has infinitely many


8. Which positive integers have exactly

a) two positive divisors

b) three positive divisors

c) four positive divisors?

g. What is the product of the positive divisors of a positive integer n ?

10. Let o1,h) denote the sum of the kth powers of the divisors of n, so that
o1,h) : 2 dk. Note that o1h) : sfu).

a) Find or(4), or(6) and o{12).

b) Give a formula for o1(p), wherep is prime'

c) Give a formula for o1(po), wherep is prime, and a is a positiveinteger.

d) Show that the function op is multiplicative'

e) Using parts (c) and (d), find a formula for o;(n), where n has prime-power
factorizationn : pi'pi' . . . p:;.

11. Find all positiveintegersn such that d(n) + oQ):2n.

12. Show that no two positive integers have the same product of divisors.

13. Show that the number of pairs of positiveintegerswith least common multiple
equal to the positive integer n is r(nz).

14. Let n be a positive integer. Define the sequence of integers fl1,tr2,rt3,...b!

n 1 : r ( n ) a n d n 1 . , 1: r ( n * ) f o r f t : 1 , 2 , 3 , . . . . S h o w t h a t t h e r e i s a p o s i t i v e
integer r such that 2 : f,r : flr1t : rlr+2:

15. Show that a positiveinteger n is compositeif and only if o(n) > n + ,/i.
180 MultiplicativeFunctions

16. Show that if n is a positiveinteger then r(n)z :


6.2 Computer Projects

Write programs to do the following:

l. Find the number of divisorsof a positive integer.

2. Find the sum of the divisors of a positive integer.

3. Find the integer r defined in problem 14.

6.3 Perfect Numbersand MersennePrimes

Becauseof certain mystical beliefs, the ancient Greeks were interested in
those integers that are equal to the sum of all their proper positive divisors.
Theseintegersare called perfect numbers.

Definition. If n is a positive integer and o(n) : 2n, then n is called a perfect


E x a m p l e . S i n c eo ( 6 ) : l + 2 + 3 + 6 : 1 2 , w e s e et h a t 6 i s p e r f e c t . w e
a l s on o t et h a t o ( 2 8 ) : 1 + 2 + 4 + 7 +14*28:56. sothat28 is another
perfect number.

The ancient Greeks knew how to find all even perfect numbers. The
following theorem tells us which even positive integersare perfect.

Theorem 6.9. The positiveinteger n is an even perfect number if and only if

n :2m-r(2^-l)

where m is a positiveinteger such that 2^-l is prime.

Proof. First, we show that if n:2m-r(2^-l) where 2^-l is prime, then n

is perfect. We note that sincezn-l is odd, we have (2m-r,2m-l) : 1. Since
o is a multiplicative function, we seethat

o (n ) - o (2 ^ -t)o (2 ^-l ) .

L e m m a 6 . 1 t e l l su s t h a t o ( 2 ^ - r ) : 2 ^ - l and o(2^-l):2^, s i n c ew e a r e
assumingthat 2m-l is prime. Consequently,
6.3 PerfectNumbersand MersennePrimes 181

o(n) : Q^-l)2^ :2n ,

demonstratingthat n is a perfect number.

To show that the converseis truen let n be an even perfect number. Write
: 1, we
n :2'l wheres and t arepositiveintegersand f is odd. Since (2t,t)
seefrom Lemma 6.1 that
(6.1) o(n) : o(2':) : o(2')o(t) : (2'+t-t)o(l)

Since n is perfect, we have

G'D o (n ) : 2 n : 2 s + r1

Combining (6.1) and (6.2) showsthat

(6 .3 ) (2 ' + r-1 )o(i : 2 s + t1

Si n ce( 2s + r , 2s + t - l) : l , fro m L e mma 2 .3 w e s e eth a t 2' + 1 l o(r). Therefore,

there is an integerq such that o(t) - 2'+rQ. Inserting this expressionfor o(t)
into (6.3) tells us that
(2 s + r_ l )2 s * rq- 2 ' * rt ,

and, therefore,
(6.4) (2'+t-l)q : 1.

Hence,q I t and q # t.
When we replace / by the expressionon the left-hand side of (6.4), we find
(6.5) t +q: ( 2 s + t - t ) q+ q : 2 ' + r q : o Q ) .

We will show that q : 1. Note that if q * l, then there are at least three
distinct positive divisors of t , namely 1, q, and t . This implies that
oQ) 2 t + q -| 1, which contradicts(6.5). Hence,4: I and, from (6.4), we
concludethat / :2s+l-1. Also, from (6.5), we seethat oQ): t + l, so that
t must be prime, since its only positive divisors are I and t. Therefore,
n :2 t ( 2r + l- 1) , where2 s + l -1 i s p ri me . tr

From Theorem 6.9 we see that to find even perfect numbers, we must find
primes of the form 2t-1. In our searchfor primes of this form, we first show
that the exponentru must be Prime.

Theorem 6.10. If la is a positiveinteger and2^-l is prime, then m must be

182 MultiplicativeFunctions


Proof. Assume that m is not prime, so that m : ab where | 1 a 1 m and,

| < b 1m. Then

2m-l : 2ab-, - (Zo-l) 12a(b-D

a2a(b-Dq...q1o+l) .

Since both factors on the right side of the equationare greater than I, we see
that 2m-l is compositeif m is not prime. Therefore,if 2^-l is prime, then
nr must also be prime. tr

From Theorem6.10 we seethat to searchfor primes of the form 2^-1, we

need to consideronly integersm that are prime. Integers of the form 2m-l
have been studied in great depth; these integers are named after a French
monk of the seventeenthcentury, Mersenne,who studiedtheseintegers.

Definition. If m is a positiveinteger, then M^:2^-I is called the mth

Mersennenumber, and, if p is prime and Mp:2p-l is also prime, then M,
is called a Mersenneprime.

Example. The Mersennenumber M7:27-I is prime, whereasthe Mersenne

num berM n: 2rr-I :2 0 4 7 : 2 3 .8 9i s c o m posi te.

It is possibleto prove various theoremsthat help decide whether Mersenne

numbers are prime. One such theorem will now be given. Related results are
found in the problemsof Chapter 9.

Theorem 6.11. rf p is an odd prime, then any divisor of the Mersenne

number Mp :2p-l is of the form 2kp + I where k is a positiveinteger.

Proof. Let q be a prime - 2p - I. From Fermat's little

-dividing Mp
theorem,we know thatql(ze-t-t). Also, from Lemma 1.2 we know that
(6.6) (T -t, 2c-t-t) : 2$t-D - f.

Since q is a common divisor of zp-l and zc-t-L we know that

Q p- t , 24- t - l) > l . H e n c e , (p ,q -l ): p , si ncethe onl y other possi bi l i ty,
namely (p,q-l) : I, would imply from (6.6) that (Zp-t,2Q-t-l) : l.
Hence p | (q-t), and, therefore, there is a positive integer m with
q - | : mp. Since q is odd we see that m must be even, so that m : Zk.
w h e r e k i s a p o s i t i v e i n t e g e rH , :mp * I - 2kp+1 . tr
. e n c eq
We can use Theorem6.1I to help decide whether Mersenne numbers are
prime. We illustrate this with the following examples.
6.3 PerfectNumbersand MersennePrimes 183

Example. To decidewhetherMB:2r3-l: 8191 is prime, we only needlook

for a prime factor not exceeding lml : 90.504.... Furthermore, from
Theorem6.11, any such prime divisor must be of the form 26k + L The only
candidatesfor primesdividinB Mnless than or equal to1fTp are 53 and79.
Trial divisioneasilyrules out thesecases,so that M s is prime.

Exa m ple. T o dec idew h e th e rM z t:2 2 3 -r:8 3 8 8 6 0 7 i s pri me,w e onl y need
to determine whether M zt is divisible by a prime less than or equal to
ffi: 2896.309...of the form 46k + l. The first prime of this form is 47.
A trial divisionshowsthat 8388607:47'178481, so that M4is composite.
Becausethere are specialprimality tests for Mersennenumbers,it has been
possibleto determine whether extremely large Mersennenumbers are prime.
Following is one such primality test. This test has been used to find the
largest known Mersenne primes, which are the largest known primes. The
proof of this test may be found in Lenstra [7t] and Sierpifiski[351.

The Lucas-LehmerTest. Let p be a prime and let Mo : 2! -l denote the pth

Mersennenumber. Define a sequenceof integersrecursivelyby setting tr:4,
r * ? rtq -2 (m o d M), 0 ( rr I Mo .

Then, M, is prime if and only if rp-1 - 0 (mod M) .

We use an exampleto illustrate an applicationof the Lucas-Lehmertest.

Exa mple. c ons idert h e Me rs e n n en u m b e rM5 :2 5 - I - 3l ' Then r,: 4,

rzz42-2:14 ( m o d 3 l ) , rt4 A2 - 2 - 8 ( m o d 3 1 ) , a n d r + 2
8 2- 2 : 0 ( m o d3 1 ) . S i n c e r t t 0 ( m o d 3 1 ) , w e c o n c l u d et h a t M 5 : 3 1 i s

The Lucas-Lehmer test can be performed quite rapidly as the following

corollary states.

Corollary 6.1. Let p be prime and let Mp : 2p - | denotethe pth Mersenne

number. It is possibleto determine whether Mo is prime using OQ3) bit

Proof. To determine whether Mp is prime using the Lucas-Lehmer test

requiresp - | squaringsmodulo iV* each requiring O((log M)2): O(p2)
bit operations. Hence, the Lucas-Lehmer test requires O Q3) bit
184 Multiplicative Functions

Much activity has been directed toward the discoveryof Mersenneprimes,

especiallysince each new Mersenne prime discoveredhas become the largest
prime known, and for each ngw Mersenne prime, there is a new perfect
number. At the presenttime, a total of 29 Mersenneprimes are known and
these include all Mersenne primes Me with p ( 62981 and with
75000 < p < 100000. The known Mersenneprimes are listed in Table 6.3.

p Number of decimal Date of Discovery

digits in M o

2 I anclenttrmes
I 3 I ancienttimes
2 5 2 ancienttimes
2 7 3 ancienttimes
6 l3 4 Mid 15thcentury
+ I1 6 1603
2 t9 6 1603
1'2 3 l 10 1772
'zz 68 9l 19
18 8 3
I l91l
ig 107 33 l9l4
q + t27 39 t876
52r 157 t952
8 t ) 607 I 183 t952
(, 72 r279 386 1952
? 2^ lh 2203 664 1956
2281 687 1952
3 b 32r7 969 t957
4253 1281 1961
L t332 1961
5z Lbb 9689 29r7 I 963
994r 2993 I 963
I 1213 3376 1963
r9937 6002 t97|
2r701 6533 I 978
23209 6987 r979
44497 I 3395 1979
86243 25962 1983
r32049 3975I I983
9l 5050 f9t
Table 6. re Known Mersenne Primes.
6.3 PerfectNumbersand MersennePrimes 185

Computers were used to find the 17 largest Mersenne primes known. The
discovery by high school students of the 25th and 26th Mersenne prime
received much publicity, including coverageon the nightly news of a major
television network. An interesting account of the search for the 27th
Mersenne prime and related historical and computational information may be
found in [77]. A report of the discoveryof the 28th Mersenne prime is given
in [64]. It has been conjectured but has not been proved, that there are
infinitely many Mersenneprimes.
We have reduced the study of even perfect numbers to the study of
Mersenne primes. We may ask whether there are odd perfect numbers. The
answer is still unknown. It is possibleto demonstratethat if they exist, odd
perfect numbers must have certain properties (see problems 1l-14, for
example). Furthermore, it is known that there are no odd perfect numbers
less than 10200,and it has been shown that any odd perfect number must have
at least eight different prime factors. A discussionof odd perfect numbers
may be found in Guy [17], and information concerningrecent results about
odd perfect numbersis given by Hagis [681.

6.3 Problems

l. Find the six smallesteven perfect numbers.

2 . Show that if n is a positive integer greater than l, then the Mersenne number
Mn cannot be the power of a positive integer.

3 . If n is a positive integer, then we say that n is deficient if ofu) 1 2n , and we

say that n is abundant if oh) ) 2n. Every integer is either deficient, perfect,
or abundant.

a) Find the six smallestabundant positive integers.

b) Find the smallestodd abundant positive integer.

c) Show that every prime power is deficient.

d) Show that any divisor of a deficient or perfect number is deficient.

e) Show that any multiple of an abundant or perfect number is abundant.

f) Show that if n -2m-t(2^-l) , where ra is a positive integer such that

2 -l is composite, then n is abundant.

4. Two positive integers m and n are called an amicable pair if

o(m\ : o(n) : m * n. Show that each of the following pairs of integers are
amicable pairs
186 MultiplicativeFunctions

a) 220,294
b) 1 1 8 4l ,2 1 0
c) 7975A,98730.

5. a) Showthat if n is a positiveintegerwith n ) 2, suchthat3.2n-t-1,3.2n-1,

and32'22n-r-1 are all prime,then2n(3'2'-t-DQ.2'-l) and2n(32.22n't-l)
form an amicablepair.

b) Find three amicablepairs using part (a).

6 . An integer n is called k-perfect if o(il: kn. Note that a perfect number is


a) Show that 120 : 23.3.5is 3-perfect.

b) Show that 30240 : 2s32.5., is 4-perfect.

c) -
Show that 14182439040 is 5-perfect.
d) Find all 3-perfectnumbersof the form n -2k.3.p, where p is an odd

e) Show that if n is 3-perfectand 3 I n, then 3n is 4-perfect.

7 . A positiveinteger n is called superperfectif oGh)) : Zn.

a) Show that 16 is superperfect.

b) Show that if n : 2e where 2q+t-l is prime, then n is superperfect.

c) Show that every even superperfect number is of the form n : 2q where

zq+t-l is prime.

d) Show that if n : p2 wherep is an odd prime,'then n is not superperfect.

8 . Use Theorem6.ll to determine whether the following Mersenne numbers are

a) M7 c) Mn
b) Mn d) Mzs.

9' Use the Lucas-Lehmer test to determine whether the following Mersenne
numbersare prime

a) M3 c) Mn
b) M7. d Mn.

10. a) Show that if n is a positive integer and 2n i L is prime, then either

Qn+l) | M^ or Qn+D | (a,+D. (Hint: Use Fermat's little theorem to
showthat Mn(Mn+z) = O (mod 2z+l).)

b) Use part (a) to show that Ms and My are composite.

6.3 Perfect Numbers and Mersenne Primes 187

a) Show that if n is an odd perfect number, then n : po m2 wherep is an odd
p r i m e a n d p7 a z I (mod4).

b) Use part (a) to show that if n is an odd perfect number, then


t2. Show that if n - po m2 is an odd perfect number where p is prime, then


13. that if n is an odd perfect number, then 3, 5, and 7 are not all divisors of

1 4 . Show that if n is an odd perfect number then n has

a) at least three different prime divisors.

b) at least four different prime divisors.

1 5 . Find all positive integers n such that the product of all divisors of n other than n
is exactly n 2. (These integers are multiplicative analoguesof perfect numbers.)
recursively by
1 6 . Let n be a positive integer. Define the sequenca fl1,tt2,rt3,...,
n 1 : o ( n ) - n a n df l k + r : o Q ) - np fot k - 1,2,3,...

a) Show that if n is perfect,then n : nt : fi2: tt3 :

b) Show that if n and m are an amicablepair, then n1 : ftt, ttz- tt, tt3: t/t,
is periodicwith period 2.
n4: n,... and so on, f.e.,the sequencefl1,tt2,t13,...

c) of integersgeneratedif n :12496:24'll'71.
Find the sequence

It has been conjecturedthat for all n, the sequence of integers

is pefiodic.
n 1,n2,n3,...

6.3 ComputerProjects
Write programsto do the following:
l. Classifypositiveintegersaccordingto whether they are deficient, perfect, or
2. Use Theorem6.ll to look for factorsof Mersennenumbers.

3. Determine whether Mersenne numbers are prime using the Lucas-Lehmer test.

4. Given a positive integer n, determine if the sequencedefined in problem 16


5. Find amicablepairs.

7.1 CharacterCiphers
From ancient times to the present, secret messages have been sent.
Classically, the need for secret communication has occurred in diplomacy and
in military affairs. Now, with electronic communication coming into
widespread use, secrecy has become an important issue. Just recently, with
the advent of electronic banking, secrecy has become necessary even for
financial transactions. Hence, there is a great deal of interest in the
techniquesof making messagesunintelligible to everyoneexcept the intended

Before discussing specific secrecy systems, we present some terminology.

The discipline devoted to secrecy systems is called cryptology. Cryptography
is the part of cryptology that deals with the design and implementation of
secrecy systems, while cryptanalysis is aimed at breaking these systems. A
messagethat is to be altered into a secret form is called plaintext. A cipher is
a method for altering a plaintext message into ciphertext by changing the
letters of the plaintext using a transformation. The key determines the
particular transformation from a set of possibletransformations that is to be
used. The processof changing plaintext into ciphertext is called encryption or
enciphering, while the reverse process of changing the ciphertext back to the
plaintext by the intended receiver, possessingknowledge of the method for
doing this, is called decryption or deciphering. This, of course, is different
from the process someone other than the intended receiver uses to make the
messageintelligible through cryptanalysis.

7.1 Character Ciphers 189

In this chapter, we present secrecy systems based on modular arithmetic.

The first of these had its origin with Julius Caesar. The newest secrecy
system we will discusswas invented in the late 1970's. In all thesesystemswe
start by translating letters into numbers. We take as our standard alphabet
the letters of English and translate them into the integers from 0 to 25, as
sh o w nin T able 7. 1.

letter A B C D E F G H I J K L M N o P a R S T I I
V w X Y Z

0 I 2 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

Table7.1. The NumericalEquivalents

of Letters.

Of course, if we were sending messagesin Russian, Greek, Hebrew or any

other languagewe would use the appropriate alphabet range of integers. Also,
we may want to include punctuation marks, a symbol to indicate blanks, and
perhaps the digits for representingnumbers as part of the message. However,
for the sake of simplicity, we restrict ourselvesto the letters of the English
First, we discuss secrecy systems based on transforming each letter of the
plaintext message into a different letter to produce the ciphertext. Such
ciphers are called character or monographic ciphers, since each letter is
changed individually to another letter by a substitution. Altogether, there are
26! possibleways to produce a monographic transformation. We will discuss
a set that is basedon modular arithmetic.

A cipher, that was used by Julius Caesar, is based on the substitution in

which each letter is replaced by the letter three further down the alphabet,
with the last three letters shifted to the first three letters of the alphabet. To
describe this cipher using modular arithmetic, let P be the numerical
equivalent of a letter in the plaintext and C the numerical equivalent of the
correspondingciphertext letter. Then

C:P+3(mod26), 0<C<25.
The correspondencebetweenplaintext and ciphertext is given in Table 7.2.
190 Cryptology

A B c D E F G H I J K L M N o P a R S T U V w X Y Z
plaintext 0 I 2 3 4 5 6 8 9 l 0 l l t 2 l 3 l 4 l 5 l 6 t 7 l 8 t 9 20 21 22 23 24 25

3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 1 8 l 9 20 2 l 22 23 24 25 0 I 2
ciphertextD E F G H I J K L M N o P R S T U V w X Y z A B c

Table 7.2. The Correspondence

of Letters for the CaesarCipher.

To encipher a messageusing this transformation, we first change it to its

numerical equivalent, grouping letters in blocks of five. Then we transform
each number. The grouping of letters into blocks helps to prevent successful
cryptanalysis based on recognizing particular words. We illustrate this
procedure by enciphering the message


Broken into groups of five letters, the messageis


Converting the letters into their numerical equivalents,we obtain

19 7 81812 4 l8 1806 4 8181914

15 l8 4 3 17 4 19.

Using the Caesar transformation Q P*3 (mod 26), this becomes

22 l0 11 2t 15 721 2t 3 9 7 11 21 22 17
18 2t 7 620722

Translating back to letters, we have


This is the messagewe send.

The receiver deciphers it in the following manner. First, the letters are
converted to numbers. Then, the relationship P = C-3 (mod 26),
0 < P ( 25, is used to change the ciphertext back to the numerical version
of the plaintext, and finally the messageis convertedto letters.
We illustrate the deciphering procedure with the following message
encipheredby the Ceasar cipher:
7.1 CharacterCiPhers


First, we change these letters into their numerical equivalents,to obtain


: C-3 (mod 20 to change this to

Next, we perform the transformation P
plaintext, and we obtain

1978188 187142222 43428 157417.

We translate this back to letters and recoverthe plaintext message


By combining the appropriate letters into words, we find that the message


The Caesar cipher is one of a family of similar ciphers described by u

shft transformation

C:P+k (mod26),0<C<25,

where k is the key representingthe size of the shift of letters in the alphabet.
There are 26 different transformations of this type, including the case of
k = 0 (mod 26), where letters are not altered, since in this case
C P (mod 26).

More generally, we will considertransformationsof the type

(z.t) C-aP*b (mod26), 0<C<25,

where a and b are integers with (a,26) : l. These are called

ffine transformations. Shift transformations are affine transformations
a:1. We require that G,26): 1, so that as P runs through a complete
system of residuesmodulo 26, C also does. There are O(2O : 12 choices for
a, and 26 choices for b, giving a total of 12'26:312 transformations of this
type (one of these is C = P (mod 26) obtained when a:l and D-0). If the
rliationship between plaintext and ciphertext is described by (7.1), then the
inverse relationship is given bY
192 Cryptology

P = arc-b) (mod26), 0 < P < 25.

where a is an inverseof a (modZO.

As an example of such a cipher, let a:7 and b:r}, so that

c = 7P + l0 ( mo d 2 6 ). H e n c e , p = l 5 (c -1 0) = l 5c+ 6 (mod 26). si nce
15 is an inverse of 7 modulo 26. The correspondencebetween letters is given
in Table 7.3.

A B C D E F G H I J K L M N o P a R S T U V w X Y Z

0 2 3 4 5 6 I 8 9 l 0 l l t 2 l 3 1 4 1 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

r0 t 7 24 5 t2 l 9 0 7 T4 2 l 2 9 l 6 23 4 l l l 8 25 6 l 3 20 8 l 5 22 3

K R Y F M T A H o V c J a X E L S z G N v B I P w D

Tabfe7.3. TheCorrespondence
of Lettersfor theCipherwith C = 7p+10 (mod 26).

To illustratehow we obtainedthis correspondence,

note that the plaintext
letter L with numericalequivalent1l corresponds
to the ciphertextletter J,
since7'll + l0:87 = 9 (mod 26) and9 is the numericalequivalent of J.
To illustrate how to encipher,note that


is transformedto


Also notethat the ciphertext


to the plaintext


or combiningthe appropriateletters
7.1 GharacterCiPhers


We now discusssome of the techniquesdirected at the cryptanalysis
to break a
ciphers based on affine transformations. In attempting
is compared
monographiccipher, the frequencyof letters in the ciphertext
letters i; ordinary text. This gives information
with the frequency of
between letters. In various frequency countsof
concerningthe .orr"rpondence
Englishtext, one findi the percentageslisted in Table 7.4 fot the occurrenceof
tne Ze lettersof the alphabet. Countsof letter frequenciesin other
may be foundin [48] and [52].

letter A B c D E F G H I J K L M N o P a R S T U V w X Y z

7 I 3 4 l3 3 2 3 8 <l <l 4 3 8
3 <l 8 6 9 3 I <1 z <l
(in Vo)

Table 7.4. The Frequencies of Occurrence of the Letters of the Alphabet.

From this information, we see that the most frequentlyoccurring letters
E,T,N,O, and A, in that order. We can use this information to determine
which cipher basedon an affine transformationhas been used to enciphera
First, supposethat we know in advance that a shift cipher has been
employed io encipher a message;each letter- of the messagehas been
- P+k (mod 26),0 < C < 25. To
transformed by ; C
cryptanalyze the ciPhertext



of eachletter in the ciphertext. This

we first count the numberof occurrences
is displayedin Table ?.5.

letter A B C D E F G H I J K L M N o P aR S T U V w X Y Z
number of
I 0 4 5 I 3 0 0 0 0 I 0 2 2
J 0 0 I I 3 2

Table7.5. The Numberof Occurrences

of Lettersin a Ciphertext.

We notice that the most frequently occurring letter in the ciphertext p

is with
the letters c,D,F,T, and y occurring with relatively high
frequency. our
initial guess would be that P represents E, since E is the
-ort frequently
o cc ur r ing let t er i n E n g l i s h te x t. If th i s i s s o , then 15:4fk (mod i 6), s;
that ft = I I (mod 26) Consequently,we would have C = p+11 (mod 26)
and P : c-l1 (mod 26). This correspondence is given in Table 7.6.

A B C D E F G H o
I J K L M N P a R S T U V w X Y Z

0 I 2 3 4 ) 6 7 8 9 l 0 l l l 2 l 3 t 4 l 5 l 6 1 1 l 8 t 9 20 21 22 23 24 25

l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 0 I 2 3 4 5 6 I 8 9 l 0 il t2 l 3 t 4

P a R S T U V w Z Y z A B C D E F G H J K L M N o

Table 7.6. correspondenceof Letters for the Sample ciphertext.

Using this correspondence, we attempt to decipher the message.

we obtain



This can easily be read as



Consequently,we made the correct guess. If we had tried this transformation,

and instead of the plaintext, it had produced garbled text, we would have
another likely transformation based on the frequency count of letters in
7.1 CharaeterCiPhers

the form
Now, supposewe know that an affine transformationof
for enciphering' For
C : a p+i (mod 26), 0 < C < 25, has been used
we wish to cryptanalyzethe enciphered



The first thing to do is to count the occurrencesof each letter; this count is
displayed in Table7.7

letter A B c D E F G H I J K L M N o P a R S T U vw X Y z

number of 0 I 4 2 t2 5 8 l6 I 3 l0 2
2 2 4 4 5 3 6 0 l 0 3 22 I J

Table 7.7. The Number of Occurrencesof Letters in a Ciphertext.

With this information, we guessthat the letter L, which is the most frequently
occurring letter in the ciphertext, corresponds to E, while the letter U, which
occurs with the second highest frequency, correspondsto T. This implies, if
the transformation is of the form C aP*b (mod 26), the pair of
4a*b 11 (mod 26)
l9a+b : 20 (mod 26).

By Theorem 3.8, we see that the solution of this system is a E 11 (mod 26)
and b : 19 (mod 26).

If this is the correct enciphering transformation, then using the fact that 19 is
an inverse of I I modulo 26, the deciphering transformation is
p - - _19 ( C- 19 ) : t9 C -3 6 1 = 1 9 C + 3 (mod 26), 0 < P < 25.

This gives the correspondencefound in Table 7.8.


A B C D E F G H I o
J K L M N P a R S T U V w X Y z

0 I 2 3 4 5 6 ,7 8 9 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 r8 l9 20 21 22 23 24 25

3 22 l 5 8 I 20 l 3 6 25 l 9 l l 4 23 t6 9 2 2 l r4 0 t 9 t2 5 24 t 1 t 0

D w P I B U N G z S L E X a J C V o H A T M P Y R K

Table 7.8. The correspondence of Letters for the Sample


With this correspondence,

we try to read the ciphertext. The ciphertext



We leave it to the reader to combine the appropriate letters into words

to see
that the messageis intelligible.

7.1 Problems
1 . using the caesar cipher, encipher the messageATTACK AT DAWN.
2 . Decipher the ciphertext message LFDpH LVDZL FRerx HUHG that has
been enciphered using the Caesar cipher.

3 . Encipher the message SURRENDER IMMEDIATELY using the affine

transformationC = llp+18 (mod 26).
4 . Decipher the message RToLK TOIK, which was enciphered using the affine
transformation C = 3p+24 (mod 26).

5 . If the most common letter in a long ciphertext, enciphered by a shift

transformation C = P+k (mod 26) is
Q, then what is the most likely value of
7.1 CharacterCiPhers

6 . If the two most common letters in a long ciphertext, enciphered by an affine

transformation C = aP*b (mod 26) are W and B, respectively, then what are
the most likely values for a and b?

7 . Given two ciphers, plaintext may be enciphered by using one of the ciphers, and
by then using the other cipher. This procedure produces a product cipher '
: 5P +13
a) Find the product cipher obtained by using the transformation C
(mod 26) followed by the transformation c = l7P+3 (mod 26).
: aP+b
b) Find the product cipher obtained by using the transformation C
(mod 26) followed by the transformation C = cP*d (mod 26), where
8. A Vignbre cipher operates in the following way. A sequence of letters
Qr!r,...,0r, with numerical equivalents k1,k2,...,kn, servesas the key. Plaintext
messages are split into blocks of length n. To encipher a plaintext block of
letters with numerical equivalents PbPz,..., P, to obtain a ciphertext block of
letters with numerical equivalentscr,cz,...,cn, we use a sequenceof shift ciphers

ci 7 pi * k; (mod 26), 0 ( ci ( 25,

for i : 1,2,...,n. In this problem, we use the word SECRET as the key for
a Vigndre cipher.

a) Using this Vigndre cipher, encipher the message


b) Decipher the following message which was enciphered using this

Vigndre cipher:


c) Describe how cryptanalysis of ciphertext, which was enciphered

using a Vigndre cipher, can be carried out.

7.1 Computer Projects

Write programs to do the following:

l. Encipher messagesusing the Caesar cipher.

2. Encipher messagesusing the transformation C : P+k (mod 26), where k
is a given integer.
3. Encipher messagesusing the transformation C = aP+6 (mod 26), where
a and b are integers with (a ,26) : I.

Decipher messagesthat have been encipheredusing the caesar

Decipher messagesthat have been enciphered using the transformation
C = P+k (mod 26), where ft is a given integer.
Decipher messagesthat have been enciphered using the transformation
c = aP+6 (mod 26), where a and b are integers with (a,26) : r.
Cryptanalyze, using frequency counts, ciphertext that was enciphered
using a transformation of the form c = p+k (mod26) where k is an
unknown integer.

cryptanalyze, using frequency counts, ciphertext that was enciphered

using a transformation of the form c = ap*D (mod26) where a and b
are unknown integers with (a,26) - l.
Encipher messagesusing vigndre ciphers (see problem g).

Decipher messagesthat have been encipheredusing vigndre ciphers.

7.2 Block Ciphers

We have seen that monographic ciphers basedon substitution are vulnerable
to cryptanalysis based on the frequency of occurrence of letters in the
ciphertext. To avoid this weakness, cipher systems were developed that
substitute for each block of plaintext letters of a specified length, a block of
ciphertext letters of the same length. Ciphers of this sort are called block or
polygraphic ciphers. In this section, we will discuss some polygraphic ciphers
basedon modular arithmetic; these werOdevelopedby Hill [87] around 1930.
First, we consider digraphic ciphers; in these ciphers each block of two
letters of plaintext is replaced by a block of two letters of ciphertext. We
illustrate this processwith an example.
The first step is to split the message into blocks of two letters (adding a
dummy letter, say X, at the end of the message,if necessary,so that the final
block has two letters). For instance,the message


is split up as
7.2 Block Giphers

Next, these letters are translated into their numerical equivalents
previouslydone) to obtain
19 7 4 6 14 11 38 l8r 20t7 84 38
13 14 17 14 13 14.

Each block of two plaintext numbers P,Pz is converted into a block of two
ciphertextnumbers C 1C2:
C r = 5 Pr + l T P z (mo d 2 6 )
C z = 4 P t + l S P z ( m o d2 6 ) .

For instance,the first block l9 7 is convertedto.6 25, because

Cr = 5'19+ l7'7 : 6 (mod26)
C z = 4 ' 1 9 + 1 5 ' 7 : 2 5 ( m o d2 6 ) .

After performing this operation on the entire message,the following ciphertext

is obtained:
625 t82 23 13 21 2 3 9 2523 4 r42r 217 2 1l l8 l7 2.

When these blocks are translated into letters, we have the ciphertext message

The deciphering procedure for this cipher system is obtained by using

Theorem 3.8. To find the plaintext block Pfz correspondingto the ciphertext
block CrCz, we use the relationship
P r = l T C t t 5 C z (m o d 26)
P z = l 8 C r * 2 3 C z (m o d 26).

The digraphic cipher system we have presented here is conveniently

describedusing matrices. For this cipher system,we have
/ 'r / )r )
l c , l l s 1 7 l l Pl,
I l=t tl l(mod26).
lc,) L4 tsj lP,j
In 5'l
From Proposition 3.7, we see that the matrix | | is an inverse of
lts n)
6 r7'|
| | modulo 26. Hence, Proposition 3.6 tells us that deciphering can be
l+ lsJ
done using the relationship

= (mod 26).
[;;] ;]
[: [:;]
ln general, a Hill cipher system may be obtained by splitting plaintext into
blocks of n letters, translating the letters into their numerical equivalents,and
forming ciphertext using the relationship
Q AP (mod20.

C1 P1
C2 P2

where A is an nxn matrix with (det A,26) : I, C : and P:

cn Pn

and where C1C2...C, is the ciphertext block that correspondsto the plaintext
block P1P2...Pn Finally, the ciphertext numbers are translated back to letters.
For deciphering, we use the matrix A, an inverse of A modulo 26, which may
be obtained using Proposition 3.8. Since AA : / (mod 26), we have

Zc = Z<,qn = (2,4p -p (mod26).

Hence, to obtain plaintext from ciphertext, we use the relationship

P : ZC (JrrlOd2f.).

We illustratethis procedureusin g n : 3 and the encipheringmatrix

A: 2 3 25
lro 7 I

Since det A = 5 (mod 26), we have (det A,26) : l. To encipher a plaintext

block of length three, we use the relationship
7.2 Block CiPhers

lcrl = e lP'l (mod

[',1 [",J
To encipher the message STOP PAYMENT, we first split the message into
blocks of tht"" letters, adding a final dummy letter X to fill out the last block.
We have plaintext blocks


We translatetheselettersinto their numericalequivalents

181914 15150 24124 131923.

We obtain the first block of ciphertextin the followingway:

[.'l [" z 'nl ["] [ ']

tllll.ll.l n rtl |tnl-ltnl (mod26).
[.,j [ro 7 t J |.toj U3,;
Encipheringthe entire plaintext messagein the same manner,we obtain the

81913 13415 0222 20110.

into letters,we haveour ciphertextmessage

Translatingthis message


The deciphering process for this polygraphic cipher system takes a

ciphertext block and obtains a plaintext block using the transformation

tt_tl [.'l
lprl = 7 lrrl (mod
L",J lt'j

6 -5 ll

Z: -l -10

is an inverse of I modulo 26, which may be obtained using proposition 3.g.

Becausepolygraphic ciphers operate with blocks, rather than with
letters, they are not vulnerable to cryptanalysis based on
letter frequency.
However, polygraphic ciphers operating with blocks of sizen are vulnerable
cryptanalysis based on frequencies of blocks of size n. For instance,
with a
digraphic cipher system, there are 262: 676 digraphs, blocks of length
Studies have been done to compile the relative fiequencies of digraphs in
typical English text. By comparing the frequenciis of digraphs in the
ciphertext with the average frequencies of digraphs, it is ofGn possible to
successfullyattack digraphic ciphers. For example, according to some counts,
the most common digraph in English is TH, followed closely by HE. If a Hill
digraphic cipher system has been employed and the most common digraph is
KX, followed by YZ, we may guess that the ciphertext digraphs KX and vZ
correspond to TH and HE, respectively. This would mean that the blocks
19 7 andT 4 are sent to 1023 and21 25, respectively. If A is the enciphering
matrix, this implies that

?l_ l0 2l
t ,lrn
a : (mod 26).
Iz 4) 23 25

is an inverse (mod 26)

, wefindthat
"t [? l)
: lzt (mod
ltt 2)
whichrgives possiblekey. After attemptingto decipherthe ciphertextusing
A- to transform the ciphertext, we would know if our guesswas
[s 23
In general, if we know n correspondencesbetween plaintext blocks of size n
and ciphertext blocks of size n, for instance if we know that the ciphertext
blocks C1iC2i...Cni,j : 1,2,...,n, correspond to the plaintext blocks
P r y P 2 i . . . P n ji , : 1 , 2 , . . . , nrespectively,
, then we have
7.2 Bl oc k Cipher s

,[:]il (mod26),

fo r 7 - 1, 2 , . . . ,f l.

These n congruencescan be succinctly expressedusing the matrix congruence

AP=C (mod26),

where P and C arc nxn matrices with ryth entries Pl; and Cii, respectively.
If (det p,26): l, then we can find the enciphering matrix A via
A = CF (mod 26),

where P is an inverseof P modulo 26.

Cryptanalysis using frequenciesof polygraphs is only worthwhile for small

valuesof n, where n is the size of the polygraphs. When n:10, for example,
there are 26t0, which is approximately l.4x10la, polygraphs of this length.
Any analysis of the relative frequencies of these polygraphs is extremely

7.2 Problems

l. Using the digraphic cipher that sends the plaintext block Pf2to the ciphertext
block CrCz with

Cr = 3Pt + I0P2 (mod 26)

Cz = 9Pt + 7P2 (mod 26),

encipher the messageBEWARE OF THE MESSENGER.

2. Decipher the ciphertext message UW DM NK QB EK, which was enciphered

using the digraphic cipher which sends the plaintext block Pfz into the
ciphertext block CrCz with

Cr = 23Pt + 3Pz (mod 26)

Cz = IOP | + 25P2 (mod 26).

3. A cryptanalyst has determined that the two most common digraphs in a

ciphertext messageare RH and NI and guessesthat these ciphertext digraphs
correspond to the two most common diagraphs in English text, TH and HE. If

the plaintext was encipheredusing a Hill digraphic cipher

Cr = aP1* bP2 (mod 26)
Cz = cP1 * dP2 (mod 26).

what are a,b,c, and,d2

4. How many pairs of letters remain unchanged when encryption performed

is using
the following digraphic ciphers

il Cr E 4pt + 5p2 (mod 26)

Cz = 3Pt + P2 (mod 26)
b) Cr = lpt + I7p2 (mod26)
Cz = Pt + 6Pz (mod 26)
c) Cr = 3Pt + 5Pz (mod26)
Cz = 6Pt + 3P2 (mod26)?
5. Show that if the^enciphering matrix A in the Hill cipher systemis involutory
modulo 26, i.e, 42 = 1 (mod 26), then A alsoservesas a decipheringmatrix for
this cipher system.
6. A cryptanalysthas determinedthat the three most commontrigraphs (blocksof
length three) in a ciphertextare, LME, wRI and zyC and gu"rr", that these
ciphertext trigraphs correspondto the three most commontrigraphs in English
text, THE, AND, and THA. If the plaintext was encipheredusing a Hill
trigraphic cipher describedby C = AP (mod 26), what are the entries of the
3x3 encipheringmatrixA?
7 . Find the product cip^her.obtained by using the digraphic Hill cipher with
encipherinsmatrix followedby using the digraphicHill cipher with
.[f lij
[r5, \)
8 . Show that the productcipher obtainedfrom two digraphicHill ciphersis again a
digraphicHill cipher.
9 . Show that the product cipher obtainedby encipheringfirst using a Hill cipher
with blocksof size m and then using a Hill cipher with blocksof sizen is again
a Hill cipherusingblocksof sizelm,nl.
1 0 . Find the 6x6 encipheringmatrix corresponding to the productcipher obtainedby
first usingthe Hill cipherwith encipheringmatrix rotto*"d by usingthe
t} | J,
fl A ?l
[0 I lJ
1 1 . A transposition cipher is a cipher where blocks of a specified size are enciphered
by permuting their characters in a specified manner. For instance, plaintext
blocks of length five, P1P2P3PaP5, may be sent to ciphertext blocks
c1c2c3cac5: P4PIPIPP3. Show that every such transposition cipher is a
7.3 ExPonentiationCiphers 205

Hill cipher with an enciphering matrix that contains only 0's and I's as entries
with the property that each row and each column contains exactly one 1.

7.2 Computer Proiects

Write programs to do the following:

l. Encipher messagesusing a Hill cipher.

2. Decipher messagesthat were encipheredusing a Hill cipher.

3. Cryptanalyze messagesthat were enciphered using a digraphic Hill cipher, by

analyzing the frequency of digraphs in the ciphertext.

7.3 ExponentiationCiphers
In this section, we discuss a cipher, based on modular exponentiation,that
was invented in 1978 by Pohlig and Hellman [9t1. We will see that ciphers
produced by this system are resistant to cryptanalysis.

Let p be an odd prime and let e, the enciphering key, be a positive integer
with (e,p-l) : l. To encipher a message,we first translate the letters of the
message into numerical equivalents (retaining initial zeros in the two-digit
numerical equivalentsof letters). We use the same relationship we have used
before. as shown in Table 7.9.

letter A B c D E F G H I J K L M N o P a R S T U V w X Y z

00 0r 02 03 04 05 06 0'l 08 09 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25

Table 7.9. Two-digit Numerical Equivalentsof Letters.

Next, we group the resulting numbers into blocks of 2m decimal digits,

where 2m is the largest positive even integer such that all blocks of numerical
equivalents corresponding to m letters (viewed as a single integer with 2m
d e c i m a l d i g i t sa) r e l e s s t h a n p , e . g .i f 2 5 2 5 < p < 2 5 2 5 2 5 , t h e n m : 2 .

For each plaintext block P, which is an integer with 2m decimal digits, we

form a ciphertext block C using the relationship
C=Pe (modp),0(C<p.

The ciphertext messageconsistsof these ciphertext blocks which are integers


less than p. we illustrate the encipheringtechniquewith the following


Example' Let the prime to be used as the modulus in

the enciphering
procedurebe p : 2633and let the encipheringkey to be
usedas the .*ponrni
in the modularexponentiationbe e :29, so thai (r,p-l) - (2g,2$;): l.
To encipherthe plaintextmessage,


we first convertthe lettersof the message

into their numericalequivalents,
then form blocksof length four from thesedigits, to obtain
1907 0818 0818 0013 0423
0012 l5l I 0414 0500 1304
2315 l4l3 0413 1908 0019
0814 1302 081s 07a4 nn .

Note that we haveaddedthe two digits 23, corresponding to the letter X, at

the end of the message
to fill out the final blockof fbur digits.
We next translateeach plaintext block P into a ciphertextblock C using
the relationship
C=pzs (mod263r,0< C <2633.

For instance,to obtain the first ciphertextblock from the first plaintextblock
we compute
C : = 2199 (mod 263i.

To efficientlycarry out the modular exponentiation,

we use the algorithm
givenin Section3.1. When we encipherthe blocksin this way, we find that
the ciphertextmessageis
2199 t745 1745 r206 2437
2425 t729 1619 0935 0960
to72 l54l 1701 I 553 0735
2064 l35l t704 1841 r459

To decipher a ciphertext block c, we need to know a deciphering key,

namely an integer d such that de = | (mod p-l), so that d is an inverse of
e (mod p-l), which exists since (e,p-l): l. If we raise the ciphertext
block C to the dth power modulo p,wa recover our plaintext block p, since
7.3 ExponentiationGiphers

Cd = ( p" ) d : p e d = p k Q-t)+ t = (p p -t)k p = P (mod p),

(mod p-l)'
where de : ki-l) + l, for some integer k, since de = I
(Note that we have used Fermat's little theorem to see that
pn-t - I (modp).)

the prime
Example. To decipher the ciphertext blocks generated using
: 2633 and the enciphering key e : 29, we need an inverse of e
moduius p
j-t : 2632. An easy computation, as done in Section-3.2, shows that
: 2269 is such an inverse. To decipher the ciphertext block C in order to
find the corresponding plaintext block P, we use the relationship

P : 9226e (mod 263i.

For instance,to decipher the ciphertext block 2199, we have

P = 2lgg226e: 1907 (mod 263r.

Again, the modular exponentiationis carried out using the algorithm given in
(mod p), we
For each plaintext block P that we encipher by computing P'
use only O(tog2il3) bit operations, as Proposition 3.3 demonstrates. Before
we decipher we need to find an inverse d of e modulo p-1. This can be done
using O(log il bit operations (see problem ll of Section 3.2), and, this needs
to be done only once. Then, to recover the plaintext block P from a ciphertext
block C, we simply need to compute the leait positive residueof Cd modulop;
we can do this using OKlog2p)3) bit operations. Consequently, the processos
of enciphering and deciphering using modular exponentiation can be done
On the other hand, cryptanalysis of messagesenciphered using modular
exponentiation generally cannot be done rapidly. To see this, suppose we
know the prime p used as the modulus, and moreover, suppose we know the
plaintext block P correspondingto a ciphertext block C, so that

0.2) C = P' ( m o dp ) .

For successfulcryptanalysis, we need to find the enciphering key e. When the

relationship Q.D holds, we say that e is the logarithm of C to the base
p modulo p. There are various algorithms for finding logarithms to a given
base modulo a prime. The fastest such algorithm requires approximately
.*p(.,,6Ep log-mgp) bit operations(see [81]). To find logarithms modulo a
prime with n decimal digits using the fastest known algorithm requires
approximately the same number of bit operations as factoring integers with

the same number of decimal digits, when the

fastest known factoring
algorithm is used. Consulting Table 2.1, we see that
finding logarithms
modulo a prime p requires an extremely long time. For
instance, when p has
100 decimal digits, finding logarithmr rnodulo p requires
74yearc, whereas when p has 200 decimal digiis, approxim"i"ry
years are required.

we should mention that for primes p where p-l has only smalr prime
factors, it is possible to use special techniques to find logarithms
modulo p
using o (logzp) bit operations. Clearly, this sort of prime
should not be used
as a modulus in this cipher system. Taking a prime p :
2q * l, where q is
also prime, obviates this difficulty.

Modular exponentiation is useful for establishing common

- keys to be used
by two or more individuals. These common keys may, for instance,
be used as
keys in a cipher system for sessionsof data communication, and
should be
constructed so that unauthorized individuals cannot discover them in
a feasible
amount of computer time.

Let p be a large prime and let a be an integer relatively prime to p.

individual in the network picks a key k that is an integei relatively prime
p-l ' When two individuals with keys
&1 and k2 wisi to exchange a key, the
first individual sends the second the inieger-71, where

./r E at'(modp), 0 < yr ( p,

and the second individual finds the common key K by computing

K: yf'=a&'&'(-odp), o <K <p.

similarly, the secondindividualsendsthe first the integery2 where

l z = a k ' ( m o dp ) , o 1 yz 1 p,

and the first individualfinds the commonkey K by computing

K : yl' =o&'&'(*od p), o < K < p.

We note that other individualsin the networkcannotfind this commonkey

K in a feasibleamountof computertime, sincethey must computelogarithmi
modulop to find K.
In a similar manner,a commonkey can be sharedby any group of z
individuals. If theseindividualshave keys k t,k2, ..., kn, ihey can sharethe
7.3 ExponentiationCiPhers

K - ak'k""4 (mod P)'

common key
We leave an explicit description of a method used to produce this
K as a problem for the reader.
An amusing application of exponentiation ciphers has been described
Shamir, Rivest, una [961. They show that by using exponentiation
ciphers, a fair game of poker may be played by two players communicating
they jointly
computers. Suppose Alex and Betty wish to play poker. First,
chooie a large pii-" p. Next, they individually choosesecret keys e1aJrd 2'
to be used as exponents in modular exponentiation. Let Er, and Er, represent
the corresponding enciphering transformations, so that
8",(M) = M" (mod p)
Er,(M) = M" (mod p),

where M is a plaintext message. Let dl and d2be the inversesof el and e2

modulo p respectively, and let Dr, and D", be the corresponding deciphering
transformations, so that
D",(C) = cd.' (mod p)
D ,:,(c ) = c d ' (m o d p ),

where C is a ciphertext message.

Note that enciphering transformations commute, that is
E r,(E : E r,(Er,(M)),
" ,(M))

(M")', :_ (M',)', (modp).

To play electronic poker, the deck of cards is representedby the 52



When Alex and Betty wish to play poker electronically, they use the
following sequenceof steps. We supposeBetty is the dealer.

Betty uses her enciphering transformation to encipher

the 52 messages
for the cards. She obtains Er,(M
1), Er,(Mr),...,er, (arl.-- Betty
shuffies the d".,k, by randomly riordering the enciphered
Then she sends the 52 shuffied encipheredmessagesto
ll. Alex selects,at random, five of the enciphered messagesthat
Betty has
sent him. He returns these five messagesto Betty and
she deciphers
them to find her hand, using her deciphering transformation
Drr, since
D,,(E",(M)) : M for all messagesM. Alex cannot determine
cards Betty has, since he cannot decipher the enciphered
Er,(M), j : 1,2,...,52.

lll. Alex selects five other enciphered messages at random. Let these
messagesbe C1, Cz, Cl, Ca, and C5, where

Cj : Err(Mi,),

i : r,2,3,4,5. Alex enciphers these five previously enciphered messages

using his enciphering transformation. He obtains the fivi messages

Cjr : E r,(C) : E r,(Er,(1,t,,))

i : 1,2,3,4,5. Alex sends these five messagesthat have been enciphered

twice (first by Betty and afterwards by Alex) to Betty.
lv. Betty uses her deciphering transformation D", to find

D",(C;*): D",(E
: Drr(Er,(Er,(M,,)))
- Eer(Mi,),

since Er,(Er,(M)) :8",(Er,(M)) and Dr.(Er,(M)) - M for all

messagesM. Betty sendsthe fives messageE",(Mi) back to Alex.

v. Alex useshis deciphering transformation Dr, to obtain his hand, since

D",(E",(M;,)) : M;,.

When a game is played where it is necessaryto deal additional cards,

such as draw poker, the same steps are followed to deal additional cards
from the remaining deck. Note that using the procedure we have
described, neither player knows the cards in the hand of the other
player, and all hands are equally likely for each player. To guarantee
that no cheating has occurred, at the end of the game both players
reveal their keys, so that each player can verify that the other player was
7.3 ExponentiationCiPhers

actually dealt the cards claimed.

A description of a possible weaknessin this scheme, and how it
be overcome,may be found in problem 38 of Section 9.1.

7.3 Problems
: 3, encipher the message
l. Using the prime p - l0l and enciphering key e
GOOD MORNING using modular exponentiation'

2 . What is the plaintext message that corresponds to the ciphertext

l2t3Og02053g 120g 1234 1103 1374 produced using modular exponentiation
: 13 2
with modulus p : 2591 and enciphering key e
3. Show that the enciphering and deciphering procedures are identical
exponentiation with modulus P - 3l and
enciphering is done using modular
enciphering key e : ll

4. With modulus p - 29 and unknown enciphering key e, modular exponentiation

produces the ciphertext 04 19 19 ll 04 24 09 15 15. Cryptanalyze the
ubou" cipher, if it is also known that the ciphertext block 24 corresponds to the
plaintexi letter U (with numerical equivalent 20). (Hint: First find the
iogarithm of 24 to the base 20 modulo 29 using some guesswork.)

5 . Using the method described in the text for exchanging common keys, what is the
key that can be used by individuals with keys kt:27 and kr:31
when the modulus is p : l0l and the base is a : 51'

6. What is the group key K that can be shared by four individuals with keys
* 1 0 0 9 a n d base
k1 : ll, k2:12, k3:17, kc:19 using the modulusP

7. Describe a procedure to allow n individuals to share the comrnon key described

in the text.

7.3 Computer Proiects

Write programs to do the following:

l. Encipher messagesusing modular exponentiation.

2. Decipher messagesthat have been enciphered using modular exponentiation.

3. Cryptanalyze ciphertext that has been enciphered using modular exponentiation

when a correspondencebetween a plaintext block P and a ciphertext block C is

4. Produce common keys for individuals in a network.


5. Play electronic poker using encryption via modular


7.4 Public-KeyCryptography
If one of the cipher systems previously described in this
chapter is used to
establish secure communications within a network,
then each pair of
communicants must employ an enciphering key that
is kept secret from the
other individuals in the network, sincl once the enciphering
key in one of those
cipher systems is known, the deciphering key can be fiund
using a small
amount of computer time. Consequently,to maintain secrecy
the enciphering
keys must themselvesbe transmitted ovei a channel of securecommunications.

To avoid assigninga key to each pair of individuals that must

be kept secret
from the rest of the network, a new type of cipher system,
called a
public-key cipher system, has been recentiy introduced.
In ttris type of
cipher system, enciphering keys can be made-public, since an
large amount of computer time is required to find
a deciphering
transformation from an enciphering transformation. To use
a public-key
cipher system to establish secret communications in a network
of n
individuals, each individual produces a key of the type specified by the
system, retaining certain private information that went into the construction
the enciphering transformation E (D, obtained from the key ft according
to a
specifiedrule. Then a directory of the n keys k1, k2,...,k, is published. wtrn
individual i wishes to send a message to individual
], the letters of the
message are translated into their numerical equivalents and combined
blocks of specified size. Then, for each plaintlxt block p a corresponding
ciphertext block c - E1,, (p) is computed using the enciphering
transformation Ekt. To decipher the message, individual
7 applies the
deciphering transformation D1r,to each ciphertext block C to find p, i.e.

Dk,(C) - Pkt(Eo,(r)) : f.

Since the deciphering transformation Do, cannot be found in a realistic

amount of time by anyone other than individual
-/, no unauthorized individuals
can decipher the message,even though they know the key k;. Furthermore,
cryptanalysis of the ciphertext message, even with knowiedge of ki, is
extremely infeasible due to the large amount of computer time needed.

The Rfl cipher system, recently invented by Rivest, Shamir, and

tgl? Adleman lgl], is a puitic-key cipher system based on modular exponentiation
where the keys are pairs (e,n), consisting of an exponent e and a modulus n
that is the product of two large primes, i.e. n: pq, where p and.q are large
{ ,n+t -,,"lulus, P '^ 1 q',te
p ubi,c L L e^qvh7
7.4 Public-KeYCrYPtograPhY 21s
Secm{: C do cryrily
primes, so that G,Q(il): l. To encipher a message,we first translate the
ietters into their numerical equivalents and then form blocks of the largest
possible size (with an even number of digits). To encipher a plaintext block
P, we form a ciphertext block C bY
E@) :C zP' (modn), 0 1 C 1 n.

The deciphering procedure requires knowledge of an inverse d of e modulo

Qh), which existssince G,Qh)) : l. To decipherthe ciphertext block C, we
find e"l- | - ri 4{")
D ( O = C d : (P ' )d : P e d : P k dh)
_ (p o ft);k p = p (m o d
n ),

where ed: kth) * I for some integer k, since ed = I (mod Ob)), and by
Euler's theorem, we have pa(fi) 1 (mod n), when (P, n) : | (the
probability that P and n are not relatively prime is extremely small; see
problem 2 at the end of this section ) . The pair (d, n) is a deciphering key.

To illustrate how the RSA cipher system works, we present an example

where the enciphering modulus is the product of the two primes 43 and 59
(which are smaller than the large primes that would actually be used). We
have n : 43 ' 59 : 2537 as the modulus and e - 13 as the exponent for the
RSA cipher. Note that we have (e, Qh)) : (13, 42' 58) : l. To encipher
the message


wq first translate the letters into their numerical equivalents,and then group
these numbers together into blocks of four. We obtain

1520 0 1I l 0802 1 004

2402 1724 l5l9 1406
1700 1507 2423,

where we have added the dummy letter X : 23 at the end-of the passageto
fill out the final block.
We encipher each plaintext block into a ciphertext block, using the

C = Prt (mod 2537)

For instance, when we encipher the first plaintext block 1520, we obtain the
ciphertext block

C = (1 5 2 0 )1 3= 9 5 (m od 253D .

Enciphering all the plaintext blocks, we obtain the ciphertext


0095 1648 l4l0 t299

081I 2333 2132 0370
I 185 1457 1084.

In order to decipher messagesthat were enciphered using the RSA cipher,

we must find an inverse of e : 13 modulo : o(43. 5i) :
42' 58 : 2436- A short computation using the Euclidean algorithm, as done
in section 3.2, shows that d :937 is an inverse of 13 modulo 2436.
Consequently,to decipher the cipher text block C, we use the relationship
- g e 3 7 (m o d
P 2 5 3 D ,0 < p < 2532,

which is valid because

ge37 : (pr3)e37- (p2az6)sp= p (mod 2537):

note that we have used Euler's theorem to see that

pQQs37)- p2436- t (mod 2537),

when (P, 2537) : | (which is true for all of the plaintext blocks in our
To understand how the RSA cipher system fulfills the requirements of a
public-key cipher system, first note that each individual can find two large
primes p and q, with 100 decimal digits, in just a few minutes of computer
time. These primes can be found by picking odd integers with 100 digits at
random; by the prime number theorem, the probability that such an integer is
prime is approximately 2tog 10100. Hence, we expect to find a prime after
examining an average of l/OAog 10100),or approximately ll5, such integers.
To test these randomly chosen odd integers for primality, we use Rabin's
probabilistic primality test discussedin Section 5.2. For each of these 100-
digit odd integers we perform Miller's test for 100 basesless than the integer;
the probability that a compositeinteger passesall these tests is less than 10-60.
The procedure we have just outlined requires only a few minutes of computer
time to find a 1OO-digitprime, and each individual need do it only twice.

Once the primes p and q have been found, an enciphering exponent e

should be chosen with (e,e(pq)) : l. One suggestion for choosing e is to
take any prime greater than both p and q. No matter how e is found, it
should be true that 2' > fl : pQ, so that it is impossible to recover the
7.4 Pu blic - K eYCr Y P to g ra Ph Y

eth root of the integer C

plaintext block P, P # O or 1, just by taking the
followed by u reduction
than p : 0 and l, is enciphered by exponentiation
modulo n.
enciphering messages
We note that the modular exponentiation needed for
a few seconds of
using the RSA cipher system can be done using only
base in the modular
computer time when th; modulus, exponent, and
the Euclidean
exponentiationhave as many as 200 decimal digits' Also, using
exponent e
algorithm, we can rapidly find an inverse d of the enciphering
rnldulo 6(r) when the primes p and q are known' so that
: (P-l)(q-l) is known'
0h) :6(Pq)
(e, n) does not easily lead to
To see why knowledge of the enciphering key
the deciphering key (d] n), note that to find d, an inverse of e modulo 6h),
( p - l ) ( q -l)' Note that finding
r e q u i r e st h a t w e f i r s t f i n d Q h ) : O Q q ) :
. To se7-y!5 no.!1 that
Q0) is not easier than factoring the JIlSgg-t? :!Q+d'-4n'
- :'/mq so
i i n : n - o 0 ) + l a n dp q :
i f,u , p : t / 2lQ + Q + Q -i l \ and q V z l | + q ) + (p-q)| , and consequentl y
fo u n d w h e n n : p q a n d 6h) : b-l )Q-l ) are
p a n d q c an eas ily U "
p and q both have around 100 decimal digits,
known. Note that when
n - pq has around 200 decimal digits. From Table 2.1, we seethat using the
fastest factorization algorithm known, 3.8xlOe years of computer time are
required to factor an inleger of this size. Also, if the integer d is known, but
- I is a multiple of
o(n) is not, then n may also be factored easily, since ed
an integer n using any
eh) and there are special algorithms for factoring
multiple of 6h) (see Mill.r t72D. It has not been proven that it is impossible
to decipher messages enciphered using the RSA cipher system without
factoring n, but so far no such method has been discovered' As yet,all
decipherlng methods suggested that work in general are equivalent to factoring
n, and as we have remarked, factoring large integers Seems to be an
intractable problem, requiring tremendous amounts of computer time.

A few extra precautionsshould be taken in choosingthe primes p and q to

be used in the RSA cipher system to prevent the use of special rapid
- | and q - I should have
techniquesto factor n : pq. For example, both p
large pri-. factors, (p - l, q - l) should be small, and p and q should have
decimal expansionsdiffering in length by a few digits'
For the RSA cipher system, once the modulus n has been factored, it is
easy to find the deciphering transformation from the enciphering
transformation. It may be possible to somehow find the deciphering
transformation from the enciphering transformation without factoring n,
although this seemsunlikely. Rabin [92] has discovereda variant of the RSA

cipher system for which factorization of

the modulus n has almost the same
computational complexity as obtaining the
deciphering transformation from
the enciphering transformation. To describe
Rabin,s cipher system, ret
n : pq, where p and q are odd primes,
and let b be an integer with
0 < 6 1 n. To encipher the plaintexi messagep,
we form
e : p@+b) (modn).

We will not discussthe deciphering procedure for Rabin

ciphers here, because
it relies on some concepts we havi not yet developed (see
problem 36 in
Section 9'l). However, we remark that there are foui possible
ualue, of p for
each ciphertext c such that e - p(p+b) (mod n),
an ambiguity which
complicates the deciphering process. when p and q
are known, the
deciphering procedure for a Rabin cipher can be carriei
out rapidly since
O(log n ) bit operationsare needed.

Rabin has shown that if there is an algorithm for deciphering in

this cipher
system, without knowledge of the primes p and q, that ."qui.",
f hf ait
operations, then there is an algorithm for the factorization of n requiiing
2$ (n) * log n ) bit operations. Hence the process of deciphering messages
encipheredwith a Rabin cipher without knowledgeof p and-q is a problern
computational complexity similar to that of factori zation.

Public-key cipher systemscan also be used to send signed messages.

signaturesare used, the recipient of a messageis sure that the message
from the sender, and can convince an impartial judge that only the sender
could be the source of the message. This authentication is needed for
electronic mail, electronic banking, and electronic stock market transactions.
To see how the RSA cipher system can be used to send signed messages,
supposethat individual i wishes to send a signed messageto individ ual j. itr.
first thing that individual i does to a plaintext block p is to compute

S - Do,(P) = pd' (mod n;),

where (di, n) is the deciphering key for individual f which only individual
, i
knows. Then, if ni t n1, where (ei, n) is the enciphering key ior individual
7, individual i enciphersS by forming
,:Ekt(S)=S', (modn;), 0<C 1nj.

wh..l ni I n; individual i sprits ,s into blocks of size less than nj and

enciphers each block using the enciphering transformation 81r,.

For deciphering, individual 7 first uses the private deciphering

transformation Dp, to recover S, since
7.4 Public-Key CrYPtograPhY 217

D1,,(C) - PktGp, (S)) : s.

To find the plaintext message P , supposedly sent by individual i, individual 7

next uses the pubtic enciphering transformation Eq, since
81,(s) - fi,kt(Dr,(P)) : P.

Here, we have used the identity Ep,(Dp,(P)) : P, which follows from the fact
th a t
= (P d ' )" - Pd ' e ': P (mod n;)'
E p, (D p ,(P))

diei :- I (mod Oh)).

The combination of the plaintext block P and the signed version S convinces
individual 7 that the message actually came from individual i. Also,
individual i cannot deny sending the message, since no one other than
individual f could have produced the signed message S from the original

The RSA cipher system relies on the difference in the computer time needed
to find primes and the computer time needed to factor. In Chapter 9, we will
use this same difference to develop a technique to "flip coins" electronically.

7.4 Problems
l. Find the primesp andq if n : PQ - 4386607and d(n) : 4382136.
2. Supposea cryptanalystdiscoversa messageP that is not relativelyprime to the
encipheringmodulusn : pq usedin a RSA cipher.
a) Showthat the cryptanalystcan factorn. fP," ) . p or 1
b) Show that it is extremelyunlikely that sucha messagecan be discoveredby
demonstratingthat the probability that a messageP is not relativelyprime
to n i, !+ a n d i f p a n d q a r e b o t h l a r g e rt h a n l 0 r m , t h i s
probabilityis leis thin 10-s.
3 . What is the ciphertext that is produced when the RSA cipher with key
(e,n) : G,266il is usedto encipherthe messageBEST WISHES?
4 . If the ciphertext message produced by the RSA cipher with key
(e,n) : (s,zggt) is 0504 1874034705152088235607360468, what is the

plaintext message?

5. Harold and Audrey have as their RSA keys (3,23.4D (7,31.59),


a) Using the method in the text, what is the signed ciphertext sent by Harold
to Audrey, when the plaintext messageis cHEERs tranorot

Using the method in the text, what is the signed ciphertext sent by Audrey
to Harold when the plaintext messageis SINCERELY AUDREY?

In problems 6 and '7, we present two methods for sending signed messagesusing the
RSA cipher system, avoiding possible changes in block sizes.

6. Let H be a fixed integer. Let each individual have two pairs of enciphering keys:
k - (e,n) and k* - (e,n*) with n < H <n*, where n and n* are both the
product of two primes. Using the RSA cipher system, individual f can send a
signed messageP to individual T by sending E*.(D1,,(p)).

il Show that is is not necessaryto change block sizes when the transformation
Eor. is applied after Dp, has been applied.

b) Explain how individual 7 can recover the plaintext message P, and why no
one other than individual l' could have sent the message.

c) Let individual f have enciphering keys (3,11.71) and Q2}.4D so that

781 : 1l'71 < 1000 < ll89 - 29'41, and let individual j have enciphering
k e y s ( 7 , 1 9 . 4 7 )a n d ,( 7 , 3 1 . 3 D ,s o t h a t g 9 3 : l g . 4 j < 1 0 0 0 < I I 4 7 : 3 1 . 3 7 .
What ciphertext message does individual f send to individual
7 using the
method given in this problem when the signed plaintext messageis HELLO
ADAM? What ciphertext message does individual j send to individual f
when the signed plaintext messageis GOODBYE ALICE?

7 . il Show that if individuals f and y have enciphering keys k; - (ei,n) and

ki : (ei,n), respectively, where both n; and ni are products of two distinct
primes, then individual i can send a signed message P to individual
7 without
needing to change the size of blocks by sending

Er,(Dr,(P)) if n, < n,
Dp,(Ep,@)) if ni ) ni .

b) How can individual T recover p?

c) How can individual j/ guarantee that a messagecame from individual i ?

d) Let ki - (11,47.61) and ki - (13,43.59). Using the method described in part

(a), what does individual f send to individual
7 if the message is REGARDS
FRED, and what does individual 7 send to individual i if the message is
1.5 Knapsack CiPhers

SELL NOW using the Rabin ciPher

8. Encipher the message
C = P(r+s) (mod2573).

?.4 Computer Projects

Write programs to do the following:

1. Encipher messageswith an RSA cipher'

2. Decipher messagesthat were enciphered using an RSA cipher.

in the text'
3. Send signed messagesusing an RSA cipher and the method described
problem 6'
4. Send signed messagesusing an RSA cipher and the method in
problem 7'
5. Send signal messagesusing an RSA cipher and the method in

6. Encipher messagesusing a Rabin cipher'

7.5 KnapsackCiphers
In this section, we discuss cipher systems based on the knapsack problem.
Given a set of positive integers Qr,a2,..., an and a Sum S of a subset of these
integers, the knapsack problem asks which of these integers add together to
give S. Another way to phrase the knapsack problem is to ask for the values
of xyx2,..., xn, each either 0 or 1, such that
(7.3) S:arxr*a2x2* larxn'

We use an example to illustrate the knapsack problem.

Example. Let (a1,o2,o3,aa,a5) : (2,'7,8,11,12). By inspection, w see that

there are two subsets of these five integers that add together to give 21,
namely 2l -- 2+8+l | : 2*7*12. Equivalently, there are exactly two
s o l u t i o n st o t h e e q u a t i o n2 x 1 * 7 x 2 * 8x3 * llxa * l2x5:21, with Ii :0
or I for i : 1,2,3,4,5,namely r : x3: x4: l, x2: 15 : 0, and
Xl: XZ: X5: l, X3: I+ : 0.
To verify that equation (7.3) holds, where each.x, is either 0 or 1, requires
that we perform at most n additions. On the other hand, to search by trial
and error for solutions of (2.3), may require that we check all 2n possibilities
for (x1, x2,..., rn). The best method known for finding a solution of the
knapsack problem requires O(2n/2) bit operations, which makes a computer
solution of a general knapsack problem extremely infeasible even when
n : 100.

certain values of the integers e1, a2,...,en make

the solution of the
knapsack problem much easier than the- solutlon
in the general case. For
instance, if ai : )i-1, to find the solution of
S - Ar xr * a2x2-l ": I an xr, where ri:0 or I for i: 1,2,...,ft,
simply requires that we find the binary expansionof S. We
can also produce
easy knapsackproblemsby choosingthe integersd1, oz,...,cn so
that the sum
of the first 7-l of these integers is alwayrl.r, than the
Tiir int"ger, i.e. so
2o,{oi, j : 2 , 3 ,. . . , n .

If a sequenceof integers d1, e2,...,an satisfiesthis inequality,we call the

sequencesuper -increasing.

Example. The sequence 2, 3,7, 14, 27 is super-increasing because

3 > 2,7 > 3+2,14 > 7+3+2,and27 > l4+i+3+2.
To see that knapsack problems involving super-increasingsequencesare easy
to solve,we first consideran example.

Example. Let us find the integersfrom the set 2,3,7,14,27 that have 37 as
their sum. First, we note that since 2+ 3 + 7 + 14 < 27, a sum of integers
from this set can only be greater than 27 if the sum contains the integer 27.
H e n c e ,i f 2 x 1 * 3 x 2 * 7 x 3 * l 4 x a * 2 7 x 5- 3 7 w i t h e a c h . x ; : 0 o r l , w e
must have 15 : I and 2x1* 3x2* 7x3| l4xa: 19. Since 14 > 10, x4
m us t be 0 and w e h a v e 2 x 1 * 3 x 2 * 7 x 3 : 10. S i nce 2 + 3 ( 7, w e must
h a v e x , : 1 and th e re fo re 2 x 1 l 3 x 2 :3 . O bvi ousl y,w e hava x2: I and
rr - 0. The solutionis 37 - 3 + 7 + 27.

In general, to solve knapsack problems for a super-increasingseeuolco 41,

a 2, . . . ,an, i. e. t o fi n d th e v a l u e s o f x t, x 2 , ..., xn w i th ,S : atxl * a2x2*
* enxnand x;:0 o r I f o r i : 1 , 2 , . . . , n w h e n . S i s g i v e n ,w e u s e t h e
following algorithm. First, we find x, by noting that

[r ir S Z an
r,:toif S(an.

Then, we find xn-r, xn-2,...,x1, in succession,using the equations

7.5 KnapsackCiphers 221

if s-
xj- n

for7 : n-l,n-2,...,1.
To seethat this,algorirhmworks, first note that if xn :0 when S 7 an,
then)orrr( 2 o , l e n < S , c o n t r a d i c t i n the
g condition ! o1*i : S
i-l i-l j-'
, j-r
Similarly, if xy : 0 when S - 7 oj, then ) a;x; ( 2 *, +
;-j+l i-l t-l
i-j+1 r-i+l

Using this algorithm, knapsack problems based on super-increasing

sequencescan be solved extremely quickly. We now discuss a cipher system
based on this observation. This cipher system was invented by Merkle and
Hellman [90], and was considered a good choice for a public-key cipher
system until recently. we will comment more about this later.

The ciphers that we describe here are based on transformed super-increasing

sequences.To be specific,let or, a2,...,an be super-increasingand let m be a
positive integer with lz ) 2ao. Let w be an integer relatively prime to m
with inverse w modulo m. We form the sequence b1, b2,...,b, where
bj : wai (mod m) and 0 < bi 1 m. we cannot use a special technique to
solve a knapsack problem of the type ^g :
b b,", where ,S is a positive
integer, since the sequence is not super-increasing. However,
when fr is known. we can find

(7.4) wT : i fr|,r, : h o,r, (modlz)

j-l i-l

since fibi =ai (mod m). From (7.0 we see that

So: Zo,r,

where Ss is the least positiveresidueof frS modulo z. We can easilv solve

the equation

So : D o,r,,

since er, e2,...,an is super-increasing.This solvesthe knapsack problem

s : !, b,r,,

since bi = wa; (mod m) and 0 ( D; I m. We illustrate this procedure with

an example.

Example. The super-increasingsequence (oya2,a3,a4,a5):(3,5,9,20,44) can

be transformed into the sequence(b3 b2, by bq, b5): (23,6g,69,5,11)by
taking bi = 67a1 (mod 89), for 7 : 1,2,3,4,5. To solve the knapsack problem
2 3 x 1 + 6 8 x z * 6 9 x 3 * S x a* l l x 5 : 8 4 , w e c a n m u l t i p l y b o t h s i d e so f t h i s
equation by 4 , an inverse of 67 modulo 89 , and reduce modulo 89, to obtain
the congruence 3x1 * 5x2 * 9x3 * 20xa * 44x5 = 336 = 69 (mod g9).
since 89>3+5+9+20+44, w e c a n c o n c l u d et h a t 3 x 1 * 5 x 2 *
9x3 * 20xa * 44x5: 69. The solution of this easy knapsack problem is
xs : x4: x2: I and x3 : rr : 0. Hence, the original knapsack problem
has as its solution 68 * 5 + 1l : 84.
The cipher system based on the knapsack problem works as follows. Each
individual chooses a super-increasing sequence of positive integers of a
specified length, say N, e.g. ar, a2,..., aN, as well as a modulus m with
m ) 2ay and a multiplier w with (m,w) :1. The transformed sequence
, , whe re b i = w a i (m o d m ), 0 < bi 1 m, for j - 1,2,...,N , i s
b 1, b2, . . . by
made public. When someonewishes to send a messageP to this individual,
the messageis first translated into a string of 0's and I's using the binary
equivalentsof letters, as shown in Table 7.10. This string of zeros and ones is
next split into segmentsof length N (for simplicity we supposethat the length
of the string is divisible by N; if not, we can simply fill out the last block with
all l's). For each block, a sum is computed using the sequencebvbz,...,bxi
fo r ins t anc e, t he b l o c k x 1 x 2 ...x 1 1g i v e s S: D rxr * b2x2* * byxy.
Finally, the sums generatedby each block form the ciphertext message.
We note that to decipher ciphertext generated by the knapsack cipher,
without knowledge of m and w, requires that a group of hard knapsack
problems of the form
(7.s) S : brxr f b2x2* * byxy

be solved. on the other hand, when m and w are known, the knapsack
problem (z.s) can be transformed into an easy knapsack problem, since
7.5 KnapsackCiphers

binary binary
letter equivalent letter equivalent

A 00000 N 01101
B 00001 o 0lll0
C 00010 P 0llll
D 0001I a 10000
E 00100 R 10001
F 00101 S 10010
G 001r0 T l00l I
H 00111 U 10100
I 01000 V l0l0l
J 0100r w 10110
K 01010 X l0l l1
L 01011 Y l 1000
M 0l100 Z 11001

Table 7.10. The Binary Equivalents of Letters.

wIS: frbp1 * frb2x2I ' * wbyx7,1

z atxl * a2x2* * ayxy (mod m ),

where frbj: a; (mod 22), where w- is an inverseof w modulo m, so that

(7.6) So - afi1 * a2x2l * a1vx1v,

where Ss is the least positive residue of wlS modulo rn. We have equality in
(7.6), since both sides of the equation are positive integers less than m which
are congruent modulo ltt.
We illustrate the enciphering and deciphering proceduresof the knapsack
cipher with an example. We start with the super-increasing sequence
: (2,1I '14'29'58'lI9'24I'480'959'1917)' We
: l00l
take m: 383? as the encipheringmodulus,so that m ) 2a1s,?fld w
as the multiplier, so that (m,w):1, to transform the super-increasing
sequenceinto the sequence(2002,3337,2503,2170,503,172,3347,855,709,417).
To encipher the message


we first translate the letters of the message

into their five digit binary
equivalents,as shown in Table 7.10,,and thenlroup
these digits into blocks of
ten, to obtain

1000100100 0llltOl0ll 1100001000

0110001100 0010000011 0100000000
1001100100 0101I11000.

For each block of ten binary digits, we form a sum

by adding together the
appropriate terms of the sequence(2002, 3337, 2503,
2170, sd:, t 72, 3347,
855,709, 417) in the slots correspondingto positionsof the
block containing a
digit equal to l. This gives us

3360 12986 8686 10042 3629 3337 5530 s72s.

For instance,we compute the first sum, 3360, by adding 2002,503, and g55.
To decipher, we find the least positive residue modulo 3837 of 23 times each
sum' since 23 is an inverse of 1001 modulo 3837, and then we solve the
corresponding easy knapsack problem with respect to the original super-
increasing sequence (2,11,14,29,59,119,241,4g0,959,lglT). For example, to
decipher the first block, we find that 3360.23:540(mod 3837), and then note
that 540 : 480 + 58 + 2. This tells us that the first block of plaintext binary
digit s is 10001 0 0 1 0 0 .
Recently, Shamir [g+] tras shown that knapsack ciphers are not satisfactory
for public-key cryptography. The reason is that there is an efficient algorithm
for solving knapsack problems involving sequences b1, b2,...,b, with
bi: wai (modm), where w and m are relatively prime poritiue integers and
ar, o2,...,an is a super-increasingsequence. The algorithm found by Shamir
can solve these knapsack problems using only O @ hD bit operations, where
P is a polynomial, instead of requiring exponential time, ir required for
general knapsack problems, involving sequencesof a general "r
There are several possibilities for altering this cipher system to avoid the
weakness found by Shamir. One such possibility is to choose a sequence of
pairs of relatively prime integers (w1,m1),,(w2,m2),..., (w,mr), and then
form the series of sequences
7.5 Knapsack GiPhers 22s

b9) 7 w 1 a i ( m o d z r )
;;,, :rrijt' (mod m z)

bj') =w,b j'-rt (mod z"),

for j : l, 2, ..., n. We then use the final sequenceb[') , b$'),..., bl') as the
encipheringsequence.As of mid-1983,no efficientalgorithmhad beenfound
for solving knapsack problems involving sequencesobtained by iterating
modular multiplications with different moduli (although there are several
promisingmethodsfor the productionof suchalgorithms).

7.5 Problems
l. is super-increasing
Decidewhethereachof the followingsequences
a) (3,5,9,19,40) c) (3 ,7 ,1 7 ,3 0 ,5 9 )
b) ( 2, 6, 10, 15 ,3 6 ) d (l l,2l,4l,8l,l5l).

sequence,then c; 2 A-r for

2 . Show that if 41, a2,...,dn is a super-increasing
j - 1 , 2 ,. " , f , '
3 . Show that the sequencea1, a2,...,a21is super-increasingif ai+r ) 2ai for
j - 1, 2,. . . ,f l- l' .
of the integers2,3,4,7, 11, 13, 16 that have18 as their sum.
4 . Find all subsets
5 . Find the sequence obtained from the super-increasing sequence
when modular multiplication is applied with multiplier
w : 17 and modulvsm : 162.
6 . Encipher the messageBUY NOW using the knapsackcipher based on the
sequenceobtained from the super-increasing by
performing modular multiplication with multiplier w :29 and modulus
m :331.
7 . Decipherthe ciphertext402 105 150 325 that was encipheredby the knapsack
cipher basedon the sequence(306,374,233,L9,259). This sequenceis obtained
by using-modularmultiplicationwith multiplier w : 17 and modulusm : 464,
to transformthe super-increasing
8 . Find the sequenceobtainedby applyingsuccessivelythe modularmultiplications
with multipliersand moduli (7,92), (11,95),and (6,101),respectively,
on the
super-increasing (3,4,8,I7,33,67)
sequence .
226 Cryptology

9 . What process can be employed to decipher messagesthat have been enciphered

using knapsack ciphers that involve sequences arising from iterating modular
multiplications with different moduli?

1 0 . A multiplicative knapsack problem is a problem of the following type: Given

positive integers aya2,...,an and a positive integer P, find the subset, or subsets,
of these integers with product P, or equivalently, find all solutions of

P - ai'ai'." oi'

where xj - 0 or I for j : 1,2,...,n.

il Find all products of subsetsof the integers 2,3,5,6,and l0 equal to 60.

b) Find all products of subsetsof the integers 8,13,17,21,95,121equal to 15960.

c) Show that if the integets a1,a2,...,anare mutually relatively prime, then the
multiplicative knapsack problem P:ai'ai'"'oI', rj-0 or I for
j : I,2,...,n, is easily solved from the prime factorizations of the integers
P,ayo2,...,an, and show that if there is a solution, then it is unique.

d) Show that by taking logarithms to the base b modulo m,where (b,m): I

and 0 < b < m, the multiplicative knapsack problem


is converted into an additive knapsack problem

S - a1x1 * a2x2 * * anxn

where S, @1,e20...;dn ate the logarithms of to the base 6

modulo m, respectively.

e) Explain how parts (c) and (d) can be used to produce ciphers where
messagesare easily deciphered when the mutually relatively prime integers
a1, a2t...; an are known, but cannot be deciphered quickly when the integers
d\, dzr...,an Are knOwn.

7.5 ComputerProjects
Write programsto do the following:
1. Solveknapsackproblemsby trial and error.
2 . Solve knapsack problems involving super-increasing sequences.
3 . Encipher messagesusing knapsack ciphers.
Decipher messagesthat were enciphered using knapsack ciphers.

Encipher and decipher messages using knapsack ciphers involving sequences

arising from iterating modular multiplications with different moduli.
7.6 Some Applicationsto ComputerScience

mutually relatively
6. Solve multiplicative knapsack problems involving sequencesof
prime integers (see Problem 10).

7.6 Some Applications to Computer Science

In this section we describe two applications of cryptography to computer
science. The Chinese remainder theorem is used in both applications.
The first application involves the enciphering of a database. A database is
a collection of computer files or records. Here we will show how to encipher
an entire databasi so that individual files may be deciphered without
jeopardizing the security of other files in the database'

Supposethat a databaseB contains the n files Fv Fz,,-.-,Fn' Since each

file is a string of 0's and I's, we can consider each file to be a binary integer.
We first choose n distinct primes rltr, t7r2,...1r/tn with m1 ) F1 for
j :1 ,2 , . . . , f r . A s t h e c i p h e rte x tw e u s e a n i n te g erC that i s congruentto F;_
mo d u l o m i f or j : 1, 2 ,...,n ; th e e x i s te n c eo f s u c h an i nteger i s guaranteed
- fttr trtz mn and
by the ihin.t" remainder theorem. We let M
fui: M/ry forT : 1 , 2 , . . . , n . Furthermore, l e t , i - w h e r e y; is an
inverse of Ml modulo rz;. For the ciphertext, we take the integer C with

C:br,r,(modM), 0<C <M.


The integers e r, 2, ..., n serve as the write subkeys of the cipher.

To retrieve the 7th file F; from the ciphertext C, we simply note that

We call the moduli my r/121...r mn the read subkeys of the cipher. Note that
knowledgeof mi permits accessonly to file7; for accessto the other files, it is
necessaryto know the moduli other than mi.
We illustrate the enciphering and deciphering proceduresfor databaseswith
the following examPle.

Example. Suppose our database contains four files Fr, Fz, F3,lfid Fa,
re p res ent edby ih" b i n u .y i n te g e rs(0 1 I l )2 , (1 0 0 1 )r, (t t00)2, i ID d (t t t t)2, or
in decimal notationFr:7, Fz:9, Ft: 12 and Fq: 15' We pick four
p r i m e s , f i l r : 1 1 ,m 2 : 1 3 , t r l 3 : 1 7 , a n d t r l 4 : 1 9 , g r e a t e r t h a n t h e
corresponding integers representing the files. To encipher this database, we

use the chinese remaindertheorem to find the ciphertext

c which is the
p o s i t i vien t e g ew r ith C=7(modlt), C=9(moit3),
C= 12(modl7),
a n d c = 1 5 ( m o dl 9 ) , l e s st h a nM : l l . l 3 . l 7 . l 9 : 4 6 1 g 9 .
T o c o m p u t ec
we first find M r - . 1 3 . 1 7 . 1: 9 4 1 9 9 , M z : 1 l . l 7 . l g : 3 5 5 3 ,
M t : l 1 ' 1 3 ' 1 9 : 2 7 1 7 ,a n d M t - l l . l 3 . 1 7 : 2 4 3 1 .
W . e a s i l yf i n d t h a t
lr-7,y2: l 0 , . p r : l l a n d / + : l g a r e i n v e r s eosf M i m o d u l o
j:1,2,3,4. mj for
H e n c e t, h e w r i t e s u b k e y sa r t ae 1 : 4 1 9 9 . i : 2 9 3 9 3e, 2 :
3 5 5 3 ' 1 0 : 3 5 5 3 0 e, 3- 2 7 l 7 . l l : 2 g g g 7 a , n de, o : 2 4 3 l . l g : 4 3 7 5 g .T o
constructthe ciphertext,we note that
Q : e1F1l e 2 F 2 * e 3 F 3* e q F c
= 2 9 3 9 3 .7+ 3 5 5 3 0 .9+ 2 9 887.12+ 43758.15
= 1540535
= 1 6 2 9 8 (m o d 4 6 1 8 9 ),

so that c:16298. The read subkeys are the integers mi, j - 1,2,3,4. To
recover the file F7 from C, we simply find the least positive residue
of C
modulo rn7. For instance,we find F1 by noting that


We now discuss another application of cryptography, namely a method

sharing secrets. Suppose that in a communications network,- there
is some
vital, but extremely sensitiveinformation. If this information is distributed
several individuals, it becomesmuch more vulnerable to exposure; on the other
hand, if this information is lost, there are serious consequences.An example
of such information is the master key K used for accessto the password file
in a computer system.
In order to protect this master key K from both loss and exposure, we
construct shadows kv kz, ..., k, which are given to r different individuals.
We will show that the key K can be produced easily from any s of these
shadows, where s is a positive integer less than r, whereas the knowledge of
less than s of these shadows does not permit the key K to be found. Because
at least s different individuals are needed to find K, the key is not vulnerable
to exposure. In addition, the key K is not vulnerable to loss, since any .t
individuals from the r individuals with shadows can produce K. Schemeswith
the propertieswe have just describedare called (s,r) threshold schemes.
To develop a system that can be used to generate shadows with these
properties, we use the chinese remainder theorem. we choose a prime p
greater than the key K and a sequence of pairwise relatively prime integeis
rTtb ftiz, ..., ffir that are not divisible by p, such that
7.6 Some Applications to Computer Science

mt1mz1 1lttr,

) frlFs*z
0.7) tTlt lllz ffi, Pffirffir-t

of the
Note that the inequality (7.7) states that the product of the s smallest
product of p and the s-l largest of, the
integers n; is g."utr.- than the
if M - tttttTtz n' then A/p is
intelgersm'1. nt-om Q.l), we see ttrat
greater than the product of any set of s-l of the intege$ mi.

Now let I be a nonnegativeinteger less than M /p that is chosenat random.

Ko: K * tP'

sothat0( Ko( M-l (since0( Ko:K*tp< p+tp:(l+l)p(

(M/p)p: M).

To producethe shadowskr kz, ..., kr, we let k1 be the integer with

ki = Ks (mod rn;), 0 ( k; I mi,

for 7 : 1,2,...,r. To see that the master key K can be found by any s
individuals possessingshadows,from the total of r individuals with shadows,
supposethat the s shadows ki,,ki,,..., ki, are available. Using the Chinese
remainder theorem, we can easily find the least positive residue of Ks modulo
Mi where Mi: Hj,ffij, ftri,. Since we know that 0 ( Ko < M 4 Mi,
- tp.
we can determine Ks, and then find K : Ko
On the other hand, suppose that we know only the s 1 shadows
kr,, k,r, ..., k,,-r. By the Chinese remainder theorem' we can determine the
: ffii,ffii, Hi,-,' With
least positive residue a of Ks modulo M; where Mi
these shadows, the only information we have about Ks is that a is the least
positive residue of Kq modulo Mi and 0 ( Ko < M - Consequently, we only
know that

where 0 ( x < M/Mt From 0.1), we can conclude that M /Mi ) p, so

that as .r ranges through the positive integers less than M lM, o x takes every
: 1,2, ...,s ,
va l u e i n a f ull s et of r e s i d u e smo d u l op . Si n c e (m 1 ,P ): I for i
we know that (Mi,p) : l, and consequently,a * xMi runs through a full set
of residues modulo p as x does. Hence, we see that the knowledge of s-l
shadows is insufficient to determine Ko, as Ks could be in any of the p

congruenceclassesmodulo p.

we use an example to illustrate this threshold scheme.

Example. Let K :4 be the master key. we will (2,3) threshold

use a
s c h e m e o f t h e k i n d j u s t d e s c r i b e dw i t i r p - 7 , r 1 1 :
ll, ftr2:12, and
trt3:17, so thatM : Dtirt2:132 ) pmt: ll9. :iqrandomly
We pickt
from among the positive integers less than M
/p : 132/7. This gives us
Ko: K i tp :4 * 1 4 . 7: 1 0 2 .

The three shadows kvkz, and ft3 are the least positive residues
of Ks modulo
l7lt, f/12,and m3, i.e.

kr = 102= 3 ( m o dl l )
kz = 102 = 6 (mod 12)
kt = 102 = 0 (modl7),

so that the three shadowsare kl : 3, kz:6, and kr : 0.

We can recover the master key K from any two of the three shadows.
Suppose we know that kr: 3 and kr : 0. Using the Chinese remainder
theorem, we can determine Ks modulo n7t/tt: ll.lj - lg7, i.e. since
Ko = 3 (mod ll) and Ko = 0 (mod 17) we have ko = 102 (mod 1g7).
S inc e 0 ( K o < M :1 3 2 < 1 8 7 , w e k n o w t hat K 6 :102, and consequentl y
the master key is K : Ks - tp : lO2 - 14.7 : 4.

We will develop another threshold scheme in problem 12 of Section g.2.

The interested reader should also consult Denning [47] for related topics in

7.6 Problems

l. Supposethat the databaseI contains four files, F1 :4, Fz- 6, Ft: 10, and
F + : 1 3 . L e t m l : 5 , n t z : 7 , f t i 3 - l l , a n d m a - 1 6 b e t h e r e a d s u b k e v so f t h e
cipher used to encipher the database.

il What are the write subkeysof the cipher?

b) what is the ciphertext c corresponding to the database?
2. When the database I with three files Fr Fz, and ^F3is enciphered using the
method described in the text, with read subkeys ft:1 : 14, fir2: 15, and
nt3:19, the correspondingciphertext is c:619. If file F3 is changed from
Fr - ll to F3 : 12, what is the updated value of the ciphertext c?
7.6 So m e A pplic at ion s to C o m p u te r Sc i e n c e

a (2'3) threshold
3. Decompose the master key K : 3 into three shadows using
- 5' mr : 8' t/tz: 9' m3 : ll
schemeof the type describedin the text with p
and with t -- 13.
three pairs of shadows
4. Show how to recover the master key K from each of the
found in Problem 3.

7.6 Computer Projects

Write programs to do the following:
files from
l. Using the system describedin the text, encipher databasesand recover
the ciphertext version of databases'
(see problem 2)'
2. Update files in the ciphertext version of databases

3. Find the shadowsin a threshold schemeof the type describedin the text.

4. Recover the master key from a set of shadows'

Primitive Roots

8.1 The Order of an Integer and primitive Roots

From Euler's theorem, if m is a positive integer and if a is an integer
relatively prime to m, then s6(m) = | (mod m). Therefore, at least one
positive integer x satisfiesthe congrueneea* = 1 (mod rz). Consequently,by
the well-ordering property, there is a least positive integer x satiifying this

Definition. Let a and m be relatively prime positive integers. Then, the least
positive integer x such that e* = I (mod z) is called the order of a
modulo m.
We denote the order of a modulo m by ord_a.

Example. To find the order of 2 modulo 7, we compute the least positive

residuesmodulo 7 of powers of 2. We find that

2t = 2 (mod7), 22 4 (mod 7), 23 I (mod 7).

Therefore, ord,72: 3 .
Similarly, to find the order of 3 modulo 7 we compute

3t 3 (mod 7), 32 : 2 (mod 7), 33 = 6 (mod 7)

3e 4 (mod 7) , 3s = 5 (mod 7) , 36 = I (mod 7).

We see that ord73 : 6.

8.1 The Order of an Integer and PrimitiveRoots

a* = I (mod m), we need

In order to find all solutionsof the congruence
the followingtheorem.
> 0, then the
Theorem 8.1. lf a and n ate relatively prime integerswith n
a' = I (mod n) if and only
positiveintegerx is a solutionof the congruence
if ord,a I x.

Proof. If ordra I x, then x : k'ordnc wherek is a positiveinteger' Hence,

a* -ok'ord'a:(ao'd'o)k =l (modn).

Conversely,if a* = I (mod n ), wo first use the division algorithm to
x : q'ordna * r, 0 ( r ( ordra.

From this equation, we see that

(aord,o)e gr - (mod n).
a, : oa'ord.a*r - a,

(mod n). From the inequality

Since a' = I (mod n), we know that a' = I
: ordna is the
0 ( r ( ord, Q, we conclude that r:0, since, by definition, y
least positive integer such that.av = I (mod n). Because f :0, we have
x : a'ordna. Therefore,ordna I x. D
This theorem leads to the following corollary'

Corollary 8.1. lf a and n are relatively prime integers with n ) 0, then

I Ofu).

Proof. Since (a,n) : 1, Euler's theorem tells us that

qb('\: l (modn).

Using Theorem 8.1, we concludethat ordra I O(n)' n

We can use Corollary 8.1 as a shortcut when we compute orders. The
following example illustrates the procedure.
: 16.
Example. To find the order of 5 modulo 17, we first note that 0(ll7)
sinceihe onty positivedivisorsof 16 are 1,2,4,8, and 16, from corollary 8.1
these are the only possiblevalues of ord175. Since
5r = 5 (mod l7),52 = 8 (mod l7),54:13 (modl7),
58 = 16 ( mo d 1 7 ), 5 1 6= I (mo d l 7 ),

we conclude that ord175- 16.

234 Primitive Roots

The following theorem will be useful in our subsequentdiscussions.

Theorem 8.2. rf a and n are relatively prime integers with n ) 0, then

ai = aj , (mod n) where r and 7 are nonnegative integers, if and only if
i = j (mod ordna).

Proof. Supposethat i = j (mod ordna), and 0 < j < t. Then, we have

i : j * k'ordra, wherek is a positiveinteger. Hence,
ai : ojrk'ord'a : aj(ao'd.o)o = a/ (mod n ).

, s u meth a t a i = a r (mo d n ) w i th i > j . S i nce (a,n):
Conv er s elyas l, we
know that (ai,n) : 1. Hence, using Corollary 3.1, the congruence

ai = ai ai-i = ai (mod n)

implies, by cancellationof a/, that

ai-j: I (modn).

From Theorem 8.1, it follows that ordra divides i - j, or equivalently,

i = j (mod ord,a). tr

Given an integer n, we are interested in integers a with order modulo n

equal to Qfu). This is the largest possibleorder modulo r.

Definition. If r and n are relatively prime integers with n ) 0 and if

ordrr :6h), then r is called a primitive root modulo n.

Example. We have previously shown that ord73 : 6 : 00). Consequently,3

is a primitive root modulo 7. Likewise, since ord75 : 6, as can easily be
verified, 5 is also a primitive root modulo 7.

Not all integers have primitive roots. For instance, there are no primitive
roots modulo 8. To see this, note that only integers less than 8 and relatively
p r i m e t o 8 a r e 1 , 3 , 5 , a n d 7 , a n d o r d 3 l : l , w h i l eo r d s 3 : o r d s 5 : o r d s 7 : 2 .
Since d(8) : 4, there are no primitive roots modulo 8. In our subsequent
discussions,we will find all integers possessingprimitive roots.
To indicate one way in which primitive roots are useful, wo the
following theorem.

Theorem 8.3. lf r and n are relatively prime positive integers with n ) 0

and if r is a primitive root modulo n, then the integers
8 .1 Th e O r der of an I n te g e r a n d P ri mi ti v e R o o ts

tl , f2' "'' '6b)

form a reduced residue set modulo n.

root r form
Proof. To demonstratethat the first @(r) powers of the primitive
they are all
a reduced residue set modulo n, we only need to show that
relatively prime to n, and that no two are congruent modulo n.
Since G,n):1, i t f o l l o w sf r o m p r o b l e m8 o f S e c t i o n2 ' 1 t h a t
all relatively prime to n '
for any positive integer k. Hence, these powers are
To show that no two of these powers are congruent modulo n, assume
ri = r/ (mod n ) .

From Theorem 8.2, we see that i = i

(mod Qfu))' However' for
i = (mod d(n)) implies
I < t ( O(n) and 1 < j < 0h), the congruence /
powers are congruent modulo n. This
that i : j . Hence, no i*o of these
showsthat we do have a reduced residue system modulo r. D

Example. Note that 2 is a primitive root modulo 9, since

22 = 4,2t = g, and 26 = I (mod 9). From Theorem 8.3, we see that the
:6 powers of 2 form a reduced residue system modulo 9. These are
OO) (mod
(mod = 4 (mod 9), 23 = 8 (mod 9), 24 = 7 9),
Zt = 2 9), 22
2s = 5 (mod 9), and 26 = 1 (mod 9).

When an integer possesses a primitive root, it usually has many primitive

roots. To demonstratethis, we first prove the following theorem'

Theorem 8.4. If ord-a : / and if r,l is a positive integer, then

o rd - (a " ) : t l Q ,D .

Proof. Let J:ord-(a"), v:(t,u), t:tvv, and u:tltv' From

Proposition2.1, we know that (r yu1) : l.

Note that
(a")t': ( a r ' , ) Q l v ): ( a t ) u ' : I ( m o d r n) ,

since ord.^a : t. Hence, Theorem 8.1 tells us that s I tr'

On the other hand, since
(a \t : e u s = I (mo d rn ),

we know that I I zs. Hence, tp I u1vs, slld consequently,tt | ,tt. Since

236 Primitive Roots

Q6u): l , u s i n gL e m m a 2 . 3 , w e s e et h a t / , |
N o w , s i n c es I t r a n d t , I r , w e c o n c l u d et h a t , s : I
t: t/v : t/(t,u). This
proves the result. tr

We have the following corollary of Theorem g.4.

Corollary 8.2. I et r be a primitive root modulo z where

m is an integer,
m 2 r. Then r' is a primitive root modulo m if and,only if (u,o(d
) : l:

Proof. From Theorem 8.4, we know that

ord,^r' : ord^rf (u,ord*r)

: Q ( m ) / f u , 0 @. D
consequently, ord- ru : efu), and ru is a primitive root modulo m, if and
onlyif (u,Q(m)) : t. D
This leads immediately to the following theorem.

Theorem 8.5' If the positive integer m has a primitive root, then

it has a
total of Q@fu)) incongruent primitive roots.

Proof. Let r be a primitive root modulo rn. Then Theorem 8.3

tells us that
the integers r, 12,...,vbh) form a reduced residue system modulo ,,.
Corollary 8.2, we know that r" is a primitive root modulo rn if
and only if
(u , a( *) ) : l. s i n c e th e re u t" r* " " i l y o @ @)) such i ntegersa, there are
exactly 0@@)) primitive roots modulo ru. tr

Example. Let m: 11. A little computationtells us that 2is a primitive

m odulo 11. s inc e l l h a s a p ri mi ti v e ro o t, w e know that 11 has
a@ ol )) :4
incongruent primitive roots. It is easiry seen that 2, 6,7, and g are
incongruent primitive roots modulo I l.

8.1 Problems

1. Determine the

a) order of 2 modulo 5 c) order of l0 modulo 13

b) order of 3 modulo l0 d) order of 7 modulo 19.
8.1 The Order of an Integer and Primitive Roots 237

2. Find a primitive root modulo

il4 d) 13
b)5 e) 14
c) l0 f) 1 8 .

3. Show that the integer 12 has no primitive roots'

4. How many incongruent primitive roots does 13 have? Find a set of this many
incongruent primitive roots modulo 13.

5. Show that if dis an inverseof c modulo n, then ordna: ordnd.

6. Show that if n is a positive integer and a and 6 are integers relatively prime to n
: ordna'ordnb'
such that (ordna, ordnD) : l, then ord'(ab)
7. Find a formula for ordn Gil if a and b are integers relatively prime to n
ordna and ordrb are not necessarily relatively prime'
g. Decide whether it is true that if n is a positive integer and d is a divisor of Qh),
then there is an integer a with ordna : d.
g. Show that if a is an integer relatively prime to the positive integer m and
ord^a : s/, then ord^at : s .

10. Show that if m is a positive integer and a is an integer relatively prime to z

such that ord^a - tlt - 1, then rr is prime.

I 1. Show that r is a primitive root modulo the odd prime p if and only if
,e_D/e * I (modp)

for all prime divisors q of P-1.

12. Show that if r is a primitive root modulo the positive integer m, then i is also a
primitive root modulo m, if i is an inverse of r modulo m '

1 3 . Show that ordp 2 ( 2'*1, where Fn : 2T * I is the nth Fermat number.

1 4 . Let p be a prime divisor of the Fermat number Fn:2v * l'

a) Show that ordo2 :Zn*r.

b) From part (a), conclude that 2n+r | (p-1), so that p must be of the form
z"+rk + l.
: n and
15. Let m: an - 1, where a andn are positiveintegers. Show that ordra
conclude that n I O@).
16. a) Show that if p and q are distinct odd primes, then pq is a pseudoprime to
the base 2 if and only if ordo2 | 0-t) and ordo2 | Q-D.

b) Use part (a) to decide which of the following integers are pseudoprimes to
the base 2: 13'67, 19'73,23'89,29'97.

1 7 . Show that if p and q are distinct odd primes,

then pq is a pseudoprime to the
base 2 if and only if MoMo: (2p-r)ei-D ir" prrriJoprime to the base 2.
1 8 . There is a method for deciphering messagesthat
were enciphered by an RSA
cipher, without knowledge of the deciphering key.
This method is based on
iteration. Suppose that the public key ie,il ir"o
ro. enciphering is known, but
the deciphering key (d,il is not. To decipher a ciphertext
block C, we form a
s e q u e n cCet , C z , C 3 , . . . s e t t i n g C r = C " ( m o d n ) , 0
< C 1 1 n a n d C ; + 1E
C7Y(mod n), 0 < Ci+t 1 n for j - 1,2,3,....

a) Show that C1 = Cd (mod n), 0 1 C1 1 n.

b) Show that there is an index such that C1: C

7 and Cj_t : p, where p is
the original plaintext message. Show that this
indei 7' is a divisor of

c) Let n:47'59 and e :17. Using iteration, find the plaintext corresponding
to the ciphertext 1504.
(Note: This iterative method for
attacking RSA ciphers is seldom successfulin a
reasonable amount of time. Moreover, the primes p
and q may be chosen so
that this attack is almost always futile. See pioblem l3
of Section g.2.)

8.1 Computer Projects

Write projects to do the following:

l. Find the order of c modulo rn, when a and m are

2 . Find primitive roots when they exist.
3 . Attempt to decipher RSA ciphers by iteration (see problem g).

8.2 PrimitiveRootsfor primes

In this section and in the one following, our objective
is to determine which
integers have primitive roots. In this ,..tion, we show
that every prime has a
primitive root. To do this, we first need to study porynomial
Let f (x) be a polynomial with integer coefficients. We say that an integer
c is a root of f (x) modulo m it f(c) = 0 (mod z). It i, *ryio
rr. that if
c is a root of f (x) modulo m, then every integer congruent to c
modulo m is
also a root.

Example. The polynomial f (i : x2 * x * t has exactly

two incongruent
roots modulo T,namely x = 2 (mod 7) andx = 4 (mod 7).
8.2 PrimitiveRoots for Primes 239

Example. The polynomial gG) : x7 * 2 has no roots modulo 5.

Example. Fermat's little theorem tells us that if p is prime, then the

polynomial hQ) - rP-t - t has exactly p-l incongruent roots modulo p,
n a m e l yx = I , 2 , 3 , . . . ,P - l ( m o dP ) .
We will need the following important theorem concerning roots of
polynomials modulo p where p is a prime.

Lagrange'sTheorem. Let f (x) : arxn + an4xn-r * + afi * cs be a

potyno.nial of degree n with integer coefficients and with leading coefficient an
roots modulo p.
noi Oiuirible by p. Then f k) has at most n incongruent

rt : l'
Proof. To prove the theorem, we use mathematical induction' When
atx I aowithp f c1. A root /G) o f m o d u l op r s a s olution
* e h a u ef ( ; :
2 -as (mod p). By Theorem 3'7, since
of the linear congruence a 1x
(a1,p): l, this linear congruencehas exactly one solution, so that there is
theorem is true for n : l '
exactly one root modulo p of f G). Clearly, the
- l' and
Now supposethat the theorem is true for polynomials of degree n
let fk) U" a polynomial of degree n with leading coefficient not divisible
ihe polynomial G) has n f I incongruent roots modulo p'
p. Assume that f
:0 ,1,,...,,fl . W e have
s? r!cs , c r , , . . , c sn,o t hat f k ) = 0 (mo d p ) fo r k

rG)- rGo) ]] i .,a_ii',[.,,",

ar)y(x-cs) (xn-z * x'-3cg* + xcfi-3 + c6-2')
+ * a1(x-cs)
: ( x -c s )g (x ),

- | with leading coefficient a,. we

where g(x) is a polynomial of degree n
are all roots of
now show that c r,cz,....,cn g(x) modulop. Letk be an integer,
: (c) : 0 (mod p), we have
1 < k ( r. Sincef G) f
- : (ct -co)skt) = 0 (mod P) '
f Gr,) f (rr)

know that gk) : 0 (mod p), since

From Corollary 2.2, we
c1,- co# 0 (modp). Hence, c1 is a root of g(x) modulo p' This shows
- | and has a leading
that the polynomial g(x), which is of degree n
coefficient not divisible by P, has n incongruent roots modulo p' This
contradicts the induction hypothesis. Hence, f G) must have no more than n
incongruent roots modulo p. The induction argument is complete' tr
We use Lagrange's theorem to prove the following result.
240 PrimitiveRoots

Theorem 8.6. Let p be prime and let d be a divisor of p-1. Then the
polynomial xd - I has exactly d incongruent roots modulo p.

Proof. Let p-l : de. Then

xP-r- | : (xd-1;1"d(e-t) a rdG-D I * x, * l)

: (xd-l)g(x) .

From Fermat's little theorem, we see that xP-r - I hasp-l incongruent roots
modulo p. Furthermore, from Corollary 2.2, we know that any root of
xP-t - I modulo p is either a root of x7 - I modulo p or u rooi of g(x)
modulo p.

Lagr ange' st h e o re m te l l s u s th a t g (x ) h as at most dG-l ): p - d - |

roots modulo p. Since every root of xP-r - I modulo p that is not a root of
g(x) modulo - I modulo p, we know that the
.p must be a root of xd
poly nom ial x d - | h a s a t l e a s t Q -D - d i ncongruent roots
modulo p. On the other hand, Lagrange's theorem tells us that it has at most
d incongruent roots modulo p. Consequently, xd - I has precisely d
incongruent roots modulo p. tr

Theorem 8.6 can be used to prove the following result which tells us how
many incongruent integers have a given order modulo p.

Theorem 8.7. Let p be a prime ancl let d be a positive divisor of p-1. Then
the number of incongruent integers of order d modulo p is equat to

Proof. For each positive integer d dividing p-1, let F@) denote the number
of positive integers of order d modulo p that are less than p. Since the order
modulop of an integer not divisiblebyp dividesp-1, it follows that

p-l :
d lp-l

From Theorem6.6,we knowthat

p-l :

We will showthat F(d) < O@) when d I e-D. This inequality,together

with the equality

dlp-r dlp-r
8.2 Primitive Roots for Primes 241

implies that F (d) : O@) for each positive divisor d of p-1.

L e t d l b-l). If F(d) :0, it is clear that F(d) < O@). Otherwise,
there is an integera of orderd modulop. Sinceotdra : d, the integers
a, a2t .", Qd

are incongruent modulo p. Furthermore, each of these powers of a is a root

- (ad)k = | (modp) for all positive
of *d -1 modulo p, since bk)d
- I has exactly d
integers k. From Theorem 8.6, we know that xd
incongruent roots modulo P, So every root modulo p is congruent to one of
these powers of a. However, from Theorem 8.4, we know that the powers of
a with order d are those of the form a& with (kd): l' There are exactly
d, and consequently,if there is one
O@) such integers k with I < k <
element of order d modulo p, there must be exactly 0U) such positive
integerslessthan d. Hence, FU) < 'd(d).

Therefore, we can conclude that F (d) : OU), which tells us that there are
precisely O@) incongruent integers of order d modulo p ' D

The following corollary is derived immediately from Theorem 8'7'

Corollary 8.3. Every prime has a primitive root'

Proof. Let p be a prime. By Theorem 8.7, we know that there ate |Q-l)
incongruent integers of order p-l modulo p. Since each of these is, by
definition, a primitive root, p has 6Q-l) primitive roots.

The smallest positive primitive root of each prime less than 1000 is given in
Table 3 of the APPendix.

8.2 Problems
1. Find the numberof primitive rootsof the followingprimes:
a) 7 d) 19
b) l3 e) 29
c) t7 f) 47.

2. Let r be a primitive root of the prime p with p = | (mod 4)' Show that is
also a primitive root.
: I (mod 4), there is an integer x such that
3. Show that if p is a prime and p
x2 = -l (modp). (Hint: Use Theorem 8.7 to show that there is an integer x
of order 4 modulo P.)
242 PrimitiveRoots

4 . a) Find the number of incongruent roots modulo 6 of the polynomialx2 - x.

b) Explain why the answer to part (a) does not contradict Lagrange's theorem.

5 . il Use Lagrange's theorem to show that if p is a prime and is a

polynomial of degree n with integer coefficients and more than n roots
modulo p, then p divides every coefficientof /(x).

b) Let p be prime. Using part (a), show that every coefficient of the
p o l y n o m i afl ( x ) : ( x - l ) ( x - D . . . ( * - p + l ) - x p - t + I i s d i v i s i b t e b yp .

c) Using part (b), give a proof of Wilson's theorem. (Hint: Consider the
constant term of f (x).)

6. Find the least positive residue of the product of a set of incongruent

primitive roots modulo a prime p.

7 . A systematic method for constructing a primitive root modulo a prime p is

outlined in this problem. Let the prime factorization of : p-l be
p-l : q\'q'; q',, whereQr, ez, ..., qt areprime.
a) Use Theorem 8.7 to show that there are integers d1, a2,...,a, such that
o r d r a t : q ' i , o r d r a 2 : q | , . . . , o r d o a ,: q : , .

b) Use problem 6 of section 8.1 to show that a : aflz-.. a, is a primitive root

modulo p.

c) Follow the procedure outlined in parts (a) and (b) to find a primitive root
modulo 29.

8 . Let the positive integer n have prime-power factorization n:pl,pi,...p?.

Show that the number of,incongruent bases modulo n for *
n is a
pseudoprimeto that base is I (n -1, pi-D .

9 . Use problem 8 to show that every odd composite integer that is not a power of 3
is a pseudoprimeto at least two basesother than i l.

1 0 . Show that if p is prime and p :2q

! l, where q is prime and a is a positive
integer with I 1 a I p-1, then p -a2 is a primitive root modulo p.

I l. il Suppose that /(x) is a polynomial with integer coefficientsof degree n-1.

Let x1,x2,...,xn be n incongruent integers modulo p. Show that for all
integers x, the congruence

.f k)

t^rold^s' is an inverse of xj-xi (mod n ). This technique

-.*h"1". F
for finding f (x) modulo p is called Lagrange interpolation.
8 .3 Th e E x is t enc e o f P ri mi ti v e R o o ts 243

b) Find the least positive residue of /(5) modulo 1l if /(x) is a polynomial of

d e g r e e3 w i t h f 0 ) S,f Q) = 2,andf G) = 4 (mod l1).

12. In this problem, we develop a threshold scheme for protection of master keys in a
computer system, different than the scheme discussed in Section 7.6. Let f (x)
be a randomly chosen polynomial of degree r-1, with the condition that K, the
master key, is the constant term of the polynomial. Let p be a prime, such that
p > K and p ) s. The s shadows krkz, ..., k, are computed by finding the
least positiveresidueof f G) modulo p for i :1,2,..., s where xt,xz,...,.xr are
randomly chosenintegers incongruent modulo p, i.e.,

ki = f(x;) (modp), o ( k; ( p,

for; -

a) Use Lagrange interpolation, described in problem I l, to show that the

master key K can be determined from any r shadows.

b) Show that the master key K cannot be determined from less than r

c) Let K:33, p:47, t:4, and s:7. Let fG): 4x3+xz+

3lx + 33. Find the seven shadows correspondingto the values of /(x) at
1 , 2 , 3 , 4 , 5 , 6a,n d 7 .

d) Show how to find the f 0), f Q), f Q),

key from the four shadows
and / (4) .

13. Show that an RSA cipher with enciphering modulus n: pq is resistant to attack
b y i t e r a t i o n ( s e e p r o b l e m 1 8 o f S e c t i o n8 . 1 ) i f p : 2 p ' + I and q:2q'* l,
where p' and q' are primes.

8.2 Computer Projects

Write programs to do the following:

1. Find a primitive root of a prime using problem 7.

2. Implement the threshold schemegiven in problem 12.

8.3 The Existenceof Primitive Roots

In the previous section,we showed that every prime has a primitive root. In
this section, we will find all positive integers having primitive roots. First, we
will show that every power of an odd prime possessesa primitive root. We
begin by consideringsquaresof primes.

Theorem 8.8. If p is an odd prime with primitive root r, then either r or

244 PrimitiveRoots

r * p is a primitive root modulo p2.

Proof. Since r is a primitive root modulo p, we know that


Let n : ordozr,so that

r'= I (modp2).

since a congruencemodulo p'obviously holds modulo p, wa have

rn = I (modp).

From Theorem 8.1, it follows that

p-l: ordrrl n.

On the other hand, Corollary g.l tells us that


Since n I p(p-t) and p-l I n,, either n : p-l o r n : p ( p - l ) .

n : p (p-l), then r is a primitive root modulop2, since
ordrrr : Q(pz).
Otherwise, we haven : p-1, so that
(s.1) rP-t=1(modp2).

Let s : r+p. Then, sinces E r (mod p), s is also a primitive

root modulo
p. Hence, ordo"r equals either p-l or p (p-l). we will show that
ordo,r * p-1. The binomial theorem tells us that

. r p- r : ( r t p) o -r : 7 p -t + * 1p;I)rr_rp, +
Q _ D ro -rp
z v 4 -t + (p -D p .rP-2 (mod p2).

Hence, using (S.t), we seethat

sP-r = I + (p-l)p.70-2: l - prp-z (modp2).

From this last congruence,we can conclude that

sp-t# l (modp2).

To see this, note that if 5P-l : l^(mod p2), then prp-z = 0 (modp2).
last congruence implies that rp-2 = 0 (mod p), which is impossible,
8 .3 Th e E x is t enc e o f Pri m i ti v e R o o ts 245

p tr , (remember r is a primitive root of p). Hence, ordrus

: p (p -l) :

Consequently,s : r*p is a primitive root of p' ' a

O $\.

Example. The prime p :7 has r : 3 as a primitive root. From the proof of

:49' si nce
Th e o rem8. 8, we s eet h a t r : 3 i s a l s o a p ri mi ti v e ro ot modul op2
rP-t - 36 + I (mod 49) '

We note that it is extremelyrare for the congruence

rP-t = I (modp2)

to hold when r is a primitive root modulo the prime p. Consequently,it is

very seldom that a primitive root r modulo the prime p is not also a primitive
root modulo p'. The smallestprime p for which there is a primitive root that
is not also a primitive root modulo p2 is p : 497. For the primitive root l0
mo d u l o 487, we hav e
10486: 1 (mod 4872).

Hence, l0 is not a primitive root modulo 4872,but by Theorem 8.8, we know

that 497: 10 + 487 is a primitive root modulo 4872.
We now turn our attention to arbitrary powersof primes.

Theorem 8.9. Let p be an odd prim e, then pk has a primitive root for all
positive integers ft . Moreover, if r is a primitive root modulo p2, then r is a
primitive root modulo po, for all positiveintegersk.

Proof. From Theorem 8.8, we know that p has a primitive root r that is also
a primitive root modulo P2, so that
(8.2) rp-t # 1 (modp2).

Using mathematicalinduction,we will prove that for this primitive root r,

(8.3) yn'-'$-t) 1 I (m o d p ft)

for all positive integersk. Once we have establishedthis congruence,we can

show that r is also a primitive root modulo pk by the following reasoning. Let
n : ord6r.

From Theorem 6.8, we know that n I OQ\: O*-r(p-l). On the other

h a n d , s inc e
246 PrimitiveRoots

7n - I (modpk),

we also know that

rn = I (modp).

Fr om T heor em 8 .1 , w e s e e th a t p -l : 6 e )
| n. B ecausee-D l r, and
n I o*-rQ-I), we know that n:'p'(p-l), w h ' e r el i s a n i n t e g e rs u c h t h a t
0 ( r ( k-t. If n: p'(p-l) with/ < k-2, then

7p'-2(p-t): (7p'@-t)1r'-rn: l (mod pk),

whic h would c o n tra d i c t (8 .3 ). H e n c e , ordotr : pk-t : oeo).

Consequently,r is also a prirnitive root modulo pk.
All that remains is to prove (8.3) using mathematical induction. The case
of k:2 follows from (8.2). Let us assumethe assertionis true for the positive

7 n t-t(t_ t)# l (mo dpk).

since G,p) : l, we know that (r,pk-t) : 1. consequently, from Euler's

theorem,we know that

vPL-2(o-D : ,Q(Pk-tt

Therefore,there an integer d such that

y o ' -' Q -t): I * d p k-t,

wherep trd, sinceby hypothesisyP'-'(P-t)* t (moApk). W e take the pth

powerof both sidesof the aboveequation,to obtain, via the binomial theorem,
0 + dp*-t1o
| + p@pt-r, * (|)o'Urk-t)2 + * (dpk-t1n
| * dpk (modpo*').

Sincep I d, we can conclude

# I (mod po*t).

completesthe proof by induction. tr

Example. From a previous example, we know that r : 3 is a primitive root

8.3 The Existenceof PrimitiveRoots 247

: 3 is also a primitive
modulo 7 and 72. Hence, Theorem 8.9 tells us that r
root modulo 7k for all positive integers k.
It is now time to discusswhether there are primitive roots modulo powers of
Z. We first note that both 2 and 22: 4 have primitive roots, narnely 1 and 3,
respectively. For higher powers of 2, the situation is different, as the following
theorem shows;there are no primitive roots modulo these powers of 2.

Theorem 8.10. If a is an odd integer, and if k is an integer, k ) 3, then

: e 2 ' -' :
a O QL )/2 1 (mo d 2 k).

proof. We prove this result using mathematical induction. If a is an odd

integer, then a : 2b t 1, where b is an integer. Hence,
a 2 : ( 2 b + 1 ) 2: 4 b 2+ 4 b * I : 4 b $ + 1 ) + 1 .

Since either b or b * 1 is even, we see that 8 | 4b (b + l), so that

a2 :- I (mod 8).

This is the congruenceof interestwhen k :3.

Now to complete the induction argument, let us assumethat

a2'-' = I (mod 2k) .

Then there is an integer d such that

e2'-': l+d'zk.

Squaring both sides of the above equality, we obtain

e 2 ' -' : | + d 2 k + r q 4 2 2 zk.

This yields
e2'-'= 1 (modzk+r),

which completes the induction argument. n

Theorem 8.10 tells us that no power of 2, other than 2 and 4, has a

primitive root, since when a is an odd integer, ord2ta # OQk) , since
a6Q')lz : 1 (mod 2k) .

Even though there are no primitive roots modulo 2k for k > 3, there always
is an element of largest possible order, namely OQ\ I 2, as the following
theorem shows.
248 PrimitiveRoots

Theorem 8.11. Let k 7 3be an integer. Then

o r d 2 . 5: O ( Z k ) D : 2 k - 2 .

Proof. Theorem 8.10 tells us that

52'-' = I (mod 2k).

for k 2 3. From Theorem 8.1, we see that ordr.S I Z*-2. Therefore, if we

show that ordr.5 | 2l"-t , we can conclude that

ord2.5- 2k-2.

To show that ordr,S tr 2k-3, we will prove by mathematical induction that


52,-'= | + 2k_t * I (mod 2k).

For k : 3. we have


Now assumethat
52'-': l+zk-I (mod2ft).

This meansthat thereis a positiveintegerd suchthat

S 2 ' - ' _ ( 1+ 2 k - r ) + d Z k .

Squaringboth sides,we find that

52'-': (l + 2k-t)2 + 20 + zk-t)dZk + (dzk)z

so that
52,-,= 0 + 2k-r)2 : | + 2k + 22k-2 : I + 2t (mod Zk+\ .

This completesthe induction argument and showsthat

ordr'5 : O(2k)/2' tr

We have now demonstratedthat all powers of odd primes possessprimitive

roots, while the only powers of 2 having primitive roots are 2 and 4. Next, we
determine which integers not powers of primes, i.e. those integers divisible by
two or more primes, have primitive roots. We will demonstrate that the only
positive integers not powers of primes possessingprimitive roots are twice
8.3 The Existenceof PrimitiveRoots

powers of odd primes.

We first narrow down the set of positive integers we need consider with the
following result.

Theorem 8.12. If r is a positive integer that is not a prime power or twice a

prime power, then n does not have a primitive root.

Proof. Let n be a positive integer with prime-power factorization


Let us assume that the integer n has a primitive root r. This means that
(r,n ) : I and or dn r :6 h ). Si n c e (r,n ) : l , w e know that (r,p' ) : l ,
wheneverpt is one of the prime powers occurring in the factorization of r. By
Euler's theorem, we know that
ro@') : I (mod P) .

Now let U be the least common multiple of Q(p'r), OQ'il,..-,0(p';), i-e.

u : [oQ\'),aQ'il,...,0b'il1.

SinceObh I U, we know that

ru = t (modP,l')

for i : l, 2 ,...,m . From this last congruence,

we seethat

From Theorem6.4, since@is multiplicative,we have

Qh) : oi\'p?''' p';): 6(p't')o7'il ob';l'

This formulafor d(n ) and the inequality$fu) < U imply that

oQ\')o,'il''' oa'il ( td(p'r'),oQ';)'...,

Since the product of a set of integers is less than or equal to their least
common multiple only if the integers are pairwise relatively prime (and then
the less than or equal to relation is really just an equality), the integers
Q(p'r'),0$';),..., OQ';) must be pairwise relatively prime'
250 Primitive Roots

We notethat e(pt) : rt-r(p-l), so that ee,) is evenif p is odd,or if

p : 2 and t > Z. Hence,the numberse(p'r'),Oe'il,...,
Oe,;\ are not
p air wis er elat iv e l yp ri m e u n l e s sm: I a n d n i s a pri mspow er o,
* :2 and
the factorization of n is n : 2p', where p is an odd prime and / is a positive
integer. tr

We have now limited considerationto integers of the form n : 2p,, where

p is an odd prime and r is a positive integer. We now show that
all such
integers have primitive roots.

Theorem 8.13. rf p is an odd prime and r is a positive integer, then 2pt

possesses a primitive root. In fact, if r is a primitive root modulopt, then if r
is odd it is also a primitive root modulo 2pt, while if r is even, r * pt is
primitive root modulo 2pt.

Proof. If r is a primitive root modulo pt , then

rob') = I (modp,),

and no positive exponent smaller than 6(pt) has this property. From Theorem
6.4, we note that O(zp') : --
0Q) 66t7 : e(p,), so that ,6(2n')
1 (mod p') .

If r is odd, then

,o(zp')= I (mod 2).

Thus, by corollary 3.2, we see that rQQp';: I (mod 2p,). since no smaller
power of r is congruent to I modulo 2pt , we conclude that r is a primitive
root modulo 2pt .

On the other hand, if r is even, then r * p ' Hence,

(r + P'10{zP') I (mod 2)

Since r * p' = r (mod p'), we see that

G * pt )QQP') I (mod p' )

Therefore, (r + ot1oQfl: I (mod 2p'), and as no smaller power of r *pr is

congruent to 1 modulo 2pt , we conclude that r * p' is a primitive root modulo
2p'. rt

Example. Earlier this section we showed that 3 a primitive root modulo

8.3 The Existenceof PrimitiveRoots

7t for all positive integers /. Hence, since 3 is odd, Theorem 8.13 tells us that
3 is also a primitive root modulo 2'7t for all positive integers /. For instance,
3 is a primitive root modulo 14.
Similarly, we know that 2 is a primitive root modulo 5' for all
* 5t is a
integers/. Hence, since 2 + 5t is odd, Theorem 8.13 tells us that 2
primitive root modulo 2.5t for all positive integers f. For instance,2T is a
primitive root modulo 50.

Combining Corollary 8.3 and Theorems8.9, 8.12,8.13, we can now describe

which positive integers have a primitive root.

Theorem 8.14. The positive integer n possessesa primitive root if and only if

fr :2,4, p', or 2pt,

where p is an odd prime and / is a positive integer.

8.3 Problems

l. Which of the integers 4,10,16,22and 28 have a primitive root?

2. Find a primitive root modulo

a) lf c) r72
b) B2 d) D2.

3. Find a primitive root, for all positive integers k, modulo

a) 3k c) l3k
b) lle d) nk.

4. Find a primitive root modulo

b) 18 e) 338.

5. Find all the primitive roots modulo 22.

6. Show that there are the same number of primitive roots modulo 2pt as there are
of p' , where p is an odd prime and r is a positive integer.

7. Show that if rn has a primitive root, then the only solutions of the congruence
x2 = I (mod m) are x E t I (mod z).
252 PrimitiveRoots

8. Let n be a positive integer possessinga primitive root. Using this primitive root,
prove that the product of all positive integers less than n and relatively prime to
n is congruent to -l modulo n. (When n is prime, this result is Wilson's

9. Show that although there are no primitive roots modulo 2& where k is an integer,
k > 3, every odd integer is congruent to exactly one of the integers (-1)"50,
where a:0 or I and B is an integer satisfying0 < B ( 2ft-2-1.

8.3 Computer Projects

Write computer programs to do the following:

l. Find primitive roots modulo powers of odd primes.

2. Find primitive roots modulo twice powers of odd primes.

8.4 Index Arithmetic

In this section we demonstrate how primitive roots may be used to do
modular arithmetic. Let r be a primitive root modulo the positive integer m
(so that m is of the form describedin Theorem 8.14). From Theorem 8.3, we
know that the integers

r, 12, 13

form a reduced system of residuesmodulo nr. From this fact, we see that if a
is an integer relatively prime to m, then there is a unique integer x with

r' a (modm).

This leads to the following definition.

Definition. Let m be a positive integer with primitive root r. If a is a positive

i n t eger wit h ( a, m): l , th e n th e u n i q u e i n t eger x w i th I (x(d(z) and
r* = a (mod m) is called the index of a to the base r modulo m. With
this definition, we have a - ,ind'a (mod m ).
If x is' the index of a to the base r modulo m, rhen we write x : indra,
where we do not indicate the modulus m in the notation, since it is assumed"to
be fixed. From the definition, we know that if a and b are integers relatively
prime lo m and a = b (mod m), then ind,a : indrb.

Example. Let m : 7. We have seen that 3 is a primitive root modulo 7 and

8 .4 l n dex A r it hm eti c 253

that 3 r = 3 ( m o d 7 ) , 3 2 = 2 ( m o d 7 ) , 3 3= 6 ( m o d 7 ) , 3 4 = 4
35= 5 ( m od 5) . and 3 6 = I (mo d 7 ).

Hence, modulo 7 we have

i n d 3 l : 6 , i n d t2 : 2 , i n d l 3 : 1,
i n d 3 4: 4 , i n d r5 : 5 , i n d r6 : 3.

With a different primitive root modulo 7, we obtain a different set of indices.

For instance,calculationsshow that with respectto the primitive root 5,
i n d 5 l : 6 , i n d s 2: 4 , i n d s 3: 5,
ind54 : 2, ind.55: l, inds6 : 3.

We now develop some properties of indices. These properties are somewhat

similar to those of logarithms, but instead of equalities, we have congruences
mo d ulo6@) .

Theorem 8.15. Let m be a positive integer with primitive root r, and let a
and b be integersrelativelyprime to m. Then
( i) ind, l = 0 (mo d Q fu )).
(ii) ind,Gb) = ind,a * ind,b (mod O@))
(iii) ind,ak la. ind,a (mod 6h)) if k is a positive integer.

Proof of G). From Euler's theorem, we know that ,6(m): I (mod z).
Since r is a primitive root modulo m, no smaller positive power of r is
congruentto 1 modulo rn. Hence, ind,l : 6(m) = O (mod Qfu)) .

Proof of (ii). To prove this congruence, note that from the definition of
,ind'Qil : ab (mod ,,, )

,ind,a*ind,b- ,ind,o ,ind,b = Ab (mOd ,, ).

* ind,D
,ind,Gb) = 7ind,a (mod rn ).

Using Theorem 8.2, we concludethat

in d ,(a b ) : i n d ,a * i n d ,b (m o d 6@ )).
254 PrimitiveRoots

Proof of Gii). To prove the congruence of interest, first note that, by

definition, we have
,ind',ar ak (mod m )


,k'ind'a = (rind'o)P : ak (mod rn).

,ind,aL = rk' (mod rn ).

Using Theorem 8.2, this leads us immediately to the congruence we want,

ind,ak ft. ind,a (mod 6fuD, a

Example. From the previous examples,we see that modulo 7, ind52: 4 and
i n d 5 3 : 5 . S i n c eA Q ) : 6 , p a r t ( i i ) o f T h e o r e m8 . 1 5 t e l l su s t h a t

i n d 5 6- i n d s 2 . 3 : i n d s 2t i n d 5 3: 4 t 5:9 = 3 ( m o d6 ) .

Note that this agreeswith the value previously found for ind56.

From part (iii) of Theorem 8.15, we seethat

ind53a= 4'inds3 = 4.5 : 20 = 2 (mod 6).

Note that direct computation gives the same result, since

i n d 5 3 a- i n d s Sl - i n d s4 : 2.

Indices are helpful in the solution of certain types of congruences. Consider

the following examples.

Example. We will use indices to solve the congruence 6xr2 : I 1 (mod 17).
We find that 3 is a primitive root of 17 (since 38 = -l (mod l7)). The
indicesof integersto the base 3 modulo l7 are given in Table 8.1.

a I 2 3 4 5 6 7 8 9 10 1l t2 13 l4 t5 16
ind3a 16 14 I r2 5 l 5 ll l0 2 3 7 l3 4 9 6 8

Table8.1. Indicesto the Base3 Modulo 17.

Taking the index of each side of the congruenceto the base 3 modulo 17,
we obtain a congruencemodulo d(t7) : 16, namely
8.4 Index Arithmetic

in d 3 (6 x r2 )= i n d 3 l| :' l (m o d 16).

Using (ii) and (iii) of Theorem 8.15, we obtain

:, (mod 16).
ind3( 6x r 2)- i n d 3 6* i n d 3 (x 1 2 ) 1 5 + 1 2 ' i nd3x



Using Corollary 3.1, upon division by 4 we find that

ind3x : 2 (mod 4).


ind3x : 2 , 6 , 1 0 ,o r 1 4 ( m o d 1 6 ) .

consequently, from the definition of indices,we find that

x 2 3 2 , 3 6 ,3 t o o r 3 l a ( m o d 1 7 ) ,

(note that this congruence holds modulo 17)' Since

- ( m o d
32:- 9,36 : 15,310 8, and 314: 2 l 7 ) , w e c o n c l u d t
e hat

x 3 9 , 1 5 , 8 , o r 2 ( m o d1 7 ) .

Since each step in the computations is reversible, there are four incongruent
solutions of the original congruencemodulo l7'

(mod 17).
Example. We wish to find all solutionsof the congruence7'= 6
When we take indices to the base 3 modulo 17 of both sides of this
congruence,we find that
i n d 3 (7 ' ) : i n d 3 6: 1 5 (m o d 16).

From part (iii) of Theorem 8.15, we obtain

i n d 3 ( 7 ' ) : x ' i n d 3 7: l l x (mod 16).


llx : 15 (mod16).

Since 3 is an inverseof I I modulo 16, we multiply both

sides of the linear
congruence aboveby 3, to find that
x = 3 . 1 5: 4 5 : 1 3 ( mod 16).

All stepsin this computationare reversible.Therefore, the

7* = 6 (mod 1 7 )

are given by

x = t3 (mod 16).

Next, we discusscongruencesof the form xk = a (mod

m), where m is a
positive integer with a primitive root and (a,m) :
l. First, we present a

Definition' lf m and k are positive integers and a is an integer

prime to ffi, then
.we say that a is a kth power residue if * if the
congruencexk = a (mod,m) has a solution.

When z is an integer possessinga primitive root, the following

gives a useful criterion for an integer a relatively prime
to m to be a kth
power residue of m.

Theorem 8.16. Let m be a positive integer with a primitive root.

If k is a
positive integer a1d o is an integer relatively prime to
m, then the congruence
xk = a (mod m) has a solutioriif and only-ii


where d : (k,6(m)). Furthermore, if there are solutions of

xk : a (mod m)' then there are exactly d incongruentsolutionsmodulo

Proof. Let r be a primitive root modulo the positive integer 17.

We note that
the congruence

xk (mod z)

holds if and only

( 8 .1 ) k ' i n d ,x i n d ,a (m o d 6@ )).

Now let d: ( k ,e (m)) a n d y : i n d ,x , s o that x (mod z ). From

8 .4 In d ex A r it hm et ic

Theorem 3.?, we note that it d tr indra, then the linear congruence

(8 .2 ) k y : i n d " o (m o d Q fu ))

has no solutions, and hence, there are no integers x satisfying l). If
d lind'a, then there are exactly d integersy incongruentmodulo d(z) such
that (8.2) holds, and hence,exactly d integersx incongruentmodulo z such
rhat (8.1) holds. Since d I ind,a if and only if
@@)/ilind,a = o (mod Q(m)),

and this congruenceholds if and only if


the theorem is true. tr

We note that Theorem 8.16 tells us that if p is a prime, k is a positive
integer, and a is an integer relatively prime to p, then a is a kth power
residue of p if and only if
oQ-D/d: 1 (modp),

where d : (k,p-l). We illustrate this observationwith an example.

Example. To determine whether 5 is a sixth power residue of 17, i.e. whether

the congruence
x 6 = 5 (mo d 1 7 )

has a solution, we determine that

5 t6 /(6 ,1:6 ) 5 8 = -l (m o d l 7).

Hence, 5 is not a sixth power residueof 17.

A table of indices with respectto the least primitive root modulo each prime
lessthan 100 is given in Table 4 of the Appendix.
We now present the proof of Theorem 5.8. We state this theorem again for

Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's

te st for at m os t f u- l) / 4 b a s e sb w i th I < , 1 n -1 .

We need the following lemma in the proof of Theorem 5.8.


Lemma 8.1. Let p be an odd prime and let e and q be positive

Then the number of incongruent solutions of
the congruence
x e - t = I ( m o dp r ) i s ( q , p r - r e - D .

Proof' Let r be a primitive root of p' . By taking indiceswith

respectto r,
we see that x4: I (modp,) if and only if qy = 0 (mod
6e,D where
y : ind'x . using Theorem3.j, we see that there are
exactli e,6er))
incongruentsolutionsof gy :0 (mod|e"D. consequently,there are
Q,6Q")) : (q,p'-tb-l)) incongruent solutions
of xe = 1 {-oAp'). tr
We now proceedwith a proof of Theorem5.g.

Proof. Let n-l : 2't, wheres is a positiveinteger and,t is an odd positive

integer. For n to be a strongpseudoprime
to the baseD, either
bt : I (mod n )

b2tt : -1 (mod n)

f o r s o m e i n t e g e r T w i t h 0( 7 ( s - l. Ineithercase,wehave
bn-t= I (modn).

Let the prime-powerfactorizationof n be n : pi,pi, . . . p',,. From Lemma

8.1, we know that there are (n-r, p'/Qi-l)) : h-l,pi-l) incongruent
solutionsof xn-r: I (modp7) , j :1,2,...,r. Consequently, the Chinese
remaindertheoremtells us that thereare exactlv h-\,p1-l) incongruent
solutionsof x'-l = I (mod n ).
To prove the theorem, we first consider the case where the prime-power
flactorizationof n contains a prime power p[. with exponente* 2 2. Since

bo-D /pt : t/p't-t - t/p't < z/g

(the largest possiblevalue occurswhen pj :3 and ei :2), we seethat
8.4 Index Arithmetic

fI tu-r,pj-r)< fI Q;t)
;:l j -r

?"*f 0n-l) for n > 9 , we seethat
u (n-l ,p,-l) (
(r -r)14.

Consequently,there are at most Q-Dla integersb, I < 6 ( n , for which n

is a strong pseudoprimeto the base b.
T h e o t h e r c a s et o c o n s i d e ri s w h e n n : PPz"'P. w h e r eP t , P z , . - . , Par r e
distinct odd primes. Let
p t - | : 2 t' tr, i : 1 ,2 ,.. .,r,

where s; is a positive integer and /; is an odd positive integer. We reorder the

primespr,p2,...,p,,(if necessary)so thatsr ( sz ( ( s, ' We note that

h-l,pi-l) : 2*ink') (t,t,).

: (t,t;). From
The number of incongruentsolutionsof x' = I (mod pi) is T
problem 15 at the end of this section, there are 2il; incongruent solutions of
* y''= - l ( m odp; ) w h e n O ( f ( s i -I, a n d n o sol uti onsotherw i se. H ence,
u si n g t he Chines e r e ma i n d e r th e o re m , th e re a r e TrTz" ' 7, i ncongruent
solutions of xt : I (mod n), and 2i' TrTz"'7, incongruent solutions of
x/, = - 1 ( m od n) w h e n 0 ( 7 ( s 1 -1 . T h e re fo re,there area total of
[ ,,-' I I Z"'-t I
TrTz"' T, lt* > 2t'l- TrTz"' T,lt + .;; I

integers b with 1< D ( n-1, for which n is a strong pseudoprimeto the

Uasetr. (We have used Theorem l.l to evaluatethe sum in the last formula.)
Now note that
260 PrimitiveRoots

6h) : (pr-l) (pz-l) (pr-l) : tiz tr1t'*s'*

"' *s,

We will showthat

rrrz'" r,[,*ro] *,,r,ro,

| 2 ' ,-t )

which provesthe desired result. Because TrTz. . . 7, ( r1r,

tr, we can
achieveour goal by showing that

(8.3) *r,< r/4.

| z',-t lrr',*',*''
Since sr ( sz ( ( s, , we seethat

* Uf ' as,
,r',*',* ( f^,* ''.'-t
| 2 ' - t )' l . 2 ,- l
-- I 2"r-l
2", 2"r(2, -l)
2"t 2,-l 2rtr(2, -l)
| I-
2'-l 2"'(2'-l)
- -< l

From this inequality,we concludethat (s.r) is valid when r ( 3.

When r:2, w e h a v en : p p 2 w i t h p r | : 2 t r t 1 and pz-l:2trtz, with
rr ( sz. If s1 ( s2, then (S.f) is againvalid, since
( ''"
I rt',-, I -L. I r ^ )
[t. ?)/2',*',: . +]/lz",z',-',)
W h e n s r : J 2 , w e h a v e( n - l , p r l ) : 2 ' T r and(n-l,pz-l):2tTz. Let
us assume that pr ) pz. Note that T1 * t1, for if Tr: tr, then
8.4 Index Arithmetic

( p t - l ) I ( n - l ) , s ot h a t
n : p r p z Z p z = 1 ( m o dp r - l ) ,

which impliesthat P2 ) Pr, a c o n tra d i c ti o n . S i n c e T1# t' 1 , we know that

T r ( t r / 3 . S i m i l a r l v , l f t 1 pz then T2 # tr, so that 7"2( t2l3 . Hence,
7 ^2s, , I
2 '":t
T r T z4 t 1 2 / 3 , a n ds i n c el r * l/r"'* , w eh a v e
t 3) ;
| -,2 r, , l
TtTzlr+ f : 6h)16,
| < r t222"16

which proves the theorem for this final case' since

oh) /6 ( (n -r) /6 < (/,-r) /4. tr
By analyzing the inequalities in the proof of Theorem 5.8, we can see that
the probability that n is a strong pseudoprimeto the randomly chosenbase D,
1 < b ( n-1, is close to ll4 only for integers n with prime factorizations of
t h e f o r m n : p r p 2 w i t hP r : | + 2 q 1a n d P z : I t 4 q 2 , w h e r e{ 1 a n d Q 2 a r e
o d d p r i m e s , o r n : q f l z Q t w i t h P r : | + 2 q r ,P 2 : | * 2 q 2 , a n d
pz: I t 2q3, wher e Q r,e z ,a n dq 3 a re d i s ti n c to d d pri mes (seeprobl em 16).

8.4 Problems

l. Write out a table of indices modulo 23 with respectto the primitive root 5.

2. Find all the solutions of the congruences

a) 3xs = I (mod 23) b) 3xta = 2 (mod 23).

3. Find all the solutionsof the congruences

il 3' :- 2 (mod 23) b) 13" = 5 (mod 23)'

4. For which positive integers a is the congruence axa = 2 (mod 13) solvable?

5. For which positive integers 6 is the congruence 8x7 : b (mod 29) solvable?

6. Find the solutionsof 2x = x (mod 13), using indices to the base 2 modulo 13.

7. Find all the solutionsof x' : x (mod 23).

8. Show that if p is an odd prime and r is a primitive root of p, then ind,(p-|) :

(p-r) /2.
Primitive Roots

9. Let p be an odd prime. Show that the congruence x4 = _l(modp) has a

solution if and only if p is of the form gfr + l.

1 0 . Prove that there are infinitely many primes of the form 8ft*1. (Hint: Assume
that p6p2,...,pn are the only primes of this form. Let - (ppz. . . p)a+l .
Show that Q must lave an odd prime factor different than j1p2,...,pn,
and by
problem 9, necessarilyof the form 8k+l .)

ll. From problem 9 of Section 8.3, we know that if a is a positive integer, then
are unique integers a and B with a : 0 or I and 0 <
B ( Z*-i-t such that
a = (-l)" 5p (mod 2ft). Define the index system of a modulo 2k to be equal
to the pair (a,B).

a) Find the index systemsof 7 and 9 modulo 16.

b) Develop rules for the index systems modulo 2& of products and powers
analogousto the rules for indices.

c) Use the index system modulo 32 to find all solutions of j xs = I I (mod 32)
and 3' = 17 (mod 32).

12. Let n : 2"p\'pj ' ' ' ph be the prime-power factorization of n. Let a be an
integer relatively prime to n. Let r1,r2,...,r^ be primitive roots of pti,p'i,..., p';,
respectively, and let 71 : ind", a (mod p'1), 72 : ind", a (mod ptl),
...,1m:ind,.a (mod p'il. rc /o ( 2, let rs be a primitive root of 2t,,and let
7e : ind,. a (mod 2t). If ls 2 3,let (a,p) be the index systemof c modulo 2k,
so that a = (-l)'5P (mod 2t). Define the index system of a modulo n to be
( 1 o , 1 r , 7 2 , . . . , y ) i f t o ( 2 a n d ( a , 8 , 7 t , ^ 1 2 , . . . , 1i ^f )t o
Z 3.
a) Show that if n is a positive integer, then every integer has a unique index
system modulo n.

b) Find the index systemsof 17 and 4l (mod lZ0) (in your computations, use
2 as a primitive root of the prime factor 5 of 120).

c) Develop rules for the index systems modulo n of products and powers
analogousto those for indices.

d) Use an index system modulo 60 to find the solutions of

I lx7 : 43 (mod 60).

Let p be a prime, p ) 3. Show that if p =2 (mod 3) then every integer not

divisible by 3 is a third-power, or cubic , residue of p, while if p : I (mod 3), an
integer a isa cubic residueof p if and only i1 o@-t)/3: I (modp).

Let e be a positive integer with e 7 2.

il Show that if ft is a positive integer, then every odd integer a is a kth power
residue of 2" .

b) Show that if /c is even, then an integer a isa /<th power residue of 2" if and
only if a ? | (mod (4k ,2')).
8.5 PrimalityTests Using PrimitiveRoots

c) Show that if /< is a positive integer, then the number of incongruent
power residues of 2" is
b.2) h,2"-2)

(Hint: Use problem I 1.)

1 5 . Let N - 2ju be a positive integer with 7 a nonnegative integer and a an odd

positive integer and let p-l:2"/, where s and t are positive integers with I
- -l (modp) if
odd. Show that there aie 2j (t,u) incongruent solutions of xN
0 ( ,l ( s-1, and no solutionsotherwise'
1 6 . a) Show that the probability that n is a strong pseudoprime for a base
randomly chosen with I < 6 < n-l is near (n-l)/4 only when n has a
prime factorization of the form n : ptPz where Pr: | * Zqr and
pz: | * 4qz with q1 and q, prime or n: PPtPt where Pt: | * Zqr,
pz: | * 2qz,pt : | * 2q3with q r,Tz,Qtdistinct odd primes.

b) Find the probability that n : 49939'99877 is a strong pseudoprime to the

- l'
base b randomly chosen with 1 < b < n

8.4 Computer Projects

Write programs to do the following:

l. Construct a table of indices modulo a particular primitive root of an integer.

(mod nr) where
Z. Using indices, solve congruences of the form axb = c
a,b,c,andm are integers with c ) 0, m ) 0, and where z has a primitive

3. Find kth power residues of a positive integer m having a primitive root, where k
is a positive integer.

4. Find index systemsmodulo powers of 2 (see problem l1)'

5. Find index systemsmodulo arbitrary positive integers (see problem l2).

8.5 Primality TestsUsing PrimitiveRoots

From the conceptsof orders of integers and primitive roots, we can produce
useful primality tests. The following theorem presentssuch a test.

Theorem 8.f 7. If n is a positive integer and if an integer x exists such that

xn-t = I (mod n)



for all prime divisors q of n - 1, then n is prime.

Proof. Since xn-r: I (mod n), Theorem g.l tells us that ord,x
| (n -l).
we will show that ordrx : n - r. Suppose that ord,,x # n - l.
ordrx | (n -t), there is an integer k with n - | : k.ordrx and
ordrx ln- l , w e k n o w t h a t k > l . L e t q b e a p r i m e d i v i s o r o fk . T h e n

*h-r)h : *klqord,r: (xord.xS&/d= I (mod n).

However, this contradicts the hypothesesof the theorem, so we must have

ordnx : n - l. Now, since ordnx ( O(n) and 6h) ( n _ l, it follows that
Qh) : n - l. Recalling Theorem 6.2,we know that n must be prime. tr
Note that Theorem 8.17 is equivalent to the fact that if there is an integer
with order modulo n equal to n-\ , then n must be prime. We illustrate the
use of Theorem 8.17 with an example.

Ex am ple. Let n :1 0 0 9 . T h e n l l r0 0 8 : I (mod 1009). The pri me di vi sors

o f 1008 ar e 2 ,3 , a n d 7 . w e s e e th a t rl t008/2:11504- -i (mod 1009),
1 1 1 0 0 8 /: 3 1 1 3 3 =
6 3 : 4 ( m o d 1 0 0 9 ) , a n d 1 1 l 0 0 t f: 1 1 1 4 _
4 934 (mod l00g).
Hence, by Theorem 8.17 we know that 1009 is prime.

The following corollary of Theorem 8.17 gives a slightly more efficient

primality test.

Corollary 8.4. If n is an odd positive integer and if x is a positive integer

such that
--l (modru)



for all odd prime divisors q of n - l, then n is prime.

Proof. Since *b-r)/2: - I (mod n), we see that

x r-r : 1 * b -D /2 1 2= (-l )2 = | (mod n).

Since the hypothesesof Theorem 8.17 are met, we know that n is prime. D

E x am ple. Let n :2 0 0 3 . T h e o d d p ri m e d i vi sorsof n-l :2002 are 7,l l ,

8.5 Primality Tests Using Primitive Roots

an d 13. 1 -1 (m o d 2 0 03), 52002/t
S inc e 5 2 0 0 2 /25: 1 0 0 = = .5T
- : 5154
(mo d 2 003) , lz ooz ,tr- 5 1 8 3 8 8 6 (m o d 2 0 0 3 ), and 52oo2/13
: 633 (mod 2003), we seefrom Corollary 8.4 that 2003 is prime.

To determine whether an integer n is prime using either Theorem 8.17 or

- l' As we
Corollary 8.4, it is necessaryto know the prime factorizationof n
have remarked before, finding the prime factorization of an integer is a time-
consuming process. Only when we have some a priori information about the
factorization of n - | are the primality tests given by these results practical.
Indeed, with such information these tests can be useful. Such a situation
occurs with the Fermat numbers; in Chapter 9 we give a primality test for
these numbers based on the ideas of this section.
It is of interest to ask how quickly a computer can verify primality or
compositeness.We answer these questionsas follows.

Theorem 8.18. If n is composite, this can be proved with O(logzilz) bit


Proof. If n is composite, there are integers a and b with | 1 a 1 fi,

| < b 1 n, and n - ab. Hence, given the two integers a and b, we multiply
a and,b and verify that n : ab. This takes O (logzn)2) bit operations and
proves that n is comPosite. tr
We can use Theorem 8.17 to estimatethe number of bit operationsneeded
to prove primality when the appropriate information is known.

Theorem 8.19. If n is prime, this can be proven using O((logzn)a) bit


Proof. We use the secondprinciple of mathematical induction. The induction

hypothesis is an estimate for f h), where f h) is the total number of
multiplications and modular exponentiationsneeded to verify that the integer
n is prime.
We demonstratethat
f b) ( 3 (lognltosD 2.

First, we note that / (2) : l. We assume that for all primes Q, with
q < n , t he inequalit y

f ( q ) ( 3 ( l o eq l t o s D- 2


To prove that n is prime, we use Corollary 8.4. Once we have

the numbers
2o, qr,..., Qt, and x that supposedlysatisfy
(i) n-l:2oqfl2.. Qt,
(ii) q; is prime for i : L, 2,..., t,
(iii) *G-t)/2--l (modn),

(iv) r(/.-t)/L = I (mod n), for i : l, 2,... t,

we need to do I multiplications to check (i), t * 1 modular exponentlatrons

check (iii) and (iv), and -f (q) multiplications and modular exponentiationsto
check (ii), that q; is prime for i : I ,2,..., t. Hence.

( 2l + I + ((l togq;fiogD - 2)

: Gflog2)log2qflz...q) - 2

( (3/og z)log(Z'qfl2. . . q) - 2

: 3(log ntog D - 2 .

Now each multiplication requires O ((logzil2) bit operationsand each

modular exponentiationrequiresO(logzd3) bit operations.Since the total
number of multiplications and modular exponentiationsneeded is
f h) : o (log2n), the total number of bit operations needed is
oKlogzn)(log2n)3): o((logzn)a). n
Theorem8.19 was discoveredby Pratt. He interpreted the result as
showingthat everyprime has a "succinctcertificationof primality." It should
be noted that Theorem8.19 cannot be used to find this short proof of
primality, for the factorizationof n - | and the primitive root x of n are
required. More informationon this subjectmay be foundin Lenstra[Zt].
Recently, an extremely efficient primality test has been developedby
Adleman, Pomerance,and Rumely. We will not describethe test here
becauseit relies on conceptsnot developedin this book. We note, that to
8.5 Primality Tests Using Primitive Roots

less than
determine whether an integer is prime using this test requires
log,logrlog,n instance, to
(log2n;c bit operations, where c is a constant. For
just 40 seconds and to
determine whether a too-digit integer is prime requires
just l0 minutes' Even
determinewhether a 200-digit integer is prime requires
may be checked for primality in a reasonable amount of
a 1000-digit integer
time, one week. Fo, more information about this test see [63] and [74].

8.5 Problems
l. Show that l 0 l i s p r i m e u s i n gT h e o r e m8 . 1 7 w i t h x
: 3'
2 . Show that 257 rs prime using Corollary 8.4 with x
J . Show that if an integer x exists such that

x2r:1 (mod F")


*'r-l* I (mod F,),

then the Fermat number Fn :2Y * I is prime.

- |
4. Let n be a positive integer. Show that if the prime-power factorization of n
is n - l: pi'pi'..' p i ' a n d f o r 7 : 1 , 2 , . . . , / , t h e r e e x i s t sa n i n t e g e rx y s u c h

*|n-'t', * 1(modn)


xi-t= I (modn),

then n is prime.

5. Let n be a positive integer such that

n - l : m i r nj -ir'

w h e r e m i s a p o s i t i v e i n t e g e r , o t , a 2 , . . . , a r A r e p o S i t i v e i n t e g e r S , a n d q t , Q 2 , . . . ,Q r
are relatively prime integers greater than one. Furthermore, let br, b2,"', b, be
positive integers such that there exist integers xt, xz,"', x, with
x,!-r I (mod n )

Primitive Roots

6'!'-t)/e'-l,n) : I

for;: 1 , 2 , . . . , r , w h e r e e v e r y p r i m e f a c t o r o f q ; i s g r e a t e r than or equal

to b;
f o r ; : 1 , 2 , . . . ,r , a n d

< ( r +jf- 1i u ? 1 , .
Show that n is prime.

8.5 ComputerProjects
write programsto showthat a positiveintegern is prime using
l. T heor em8 .1 7 .
2. Corollary8.4.
3. Problem4.
4. Problem5.

8.6 Universal Exponents

Let n be a positive integer with prime-power factori zation

, : p\,p,i p,; .
If a is an integerrelatively
primeto n, thenEuler'stheorem
a A Q ' )= I ( m o d p t )

whenever pt is one of the prime powers occurring in the factorizatron of n

As in the proof of Theorem 8.12, let

u : l6Qi'),07,il,...,ob,;)l,
the leastcommonmultipleof the integers
OQ! ), i : 1,2,...,m. Since

f or i : 1, 2, . . . , n , u s i n g T h e o re m8 .1 w e s e ethat

a u = t(m o d p ,1' )

for i : 1,2, ..., m. Hence,from Corollary 3.2, it follows that

8.6 UniversalExPonents

aU = I (modn).

This leads to the following definition.

Definition. A universal exponent of the positive integern is a Positiveinteger

U such that
a u = I (mo d n ),

for all integers a relatively prime to n.

Example. Since the Prime Powerfactorization of 600 is 23'3'52, it follows

t h a t u : l O Q 3 ) ,O ( : ) , d ( 5 2 ) l : 12,2,201 : 20 is a universal exponent of
From Euler's theorem, we know that d(n) is a universal exponent. As we
have already demonstrated,the integer (J - IAQ\),,0|'il,...,ybh)l is also a

universal exponent of n: p'ip'; p';. We are interested in finding the

smallest positive universal exponent of n.

Definition. The least universal exponent of the positive integer n is called the
minimal universal exponent of n, and is denoted by I(n)'
We now find a formula for the minimal universal exponent l,(n), based on
the prime-power factorization of n.
First, note that if n has a primitive root, then tr(n) - 6fu). Since powers
of odd primes possessprimitive roots, we know that
I(p') : 6(p'),

whenever p is an odd prime and / is a positive integer. Similarly, we have

tr(2): b(2): I and tr(4): O(4):2, sinceboth 2 and 4 have primitive
roots. On the other hand, if t 2 3, then we know from Theorem 8.10 that
a2'-' : 1(mod 2t)

and ord, a : 2'-2, so that we can conclude that X(2t) : zt-z 1f t > 3.
We have found tr(r) when n is a power of a prime. Next, we turn our
attention to arbitrary positive integers n '

Theorem 8.20. Let n be a positive integer with prime-power factorization

P ri mi ti ve R oots

, : 2'"p\'p'i


Then \(n ), the minimal universarexponentof n, is given by

tr(n) : h(2'.), eb'r,),...,

Moreover, there exists an integer a such that ord,na: ), (r),
the largest
possibleorder of an integer modulo n.

Proof. Let a be an integer with (a , n) : l. For convenience,let

M - tr(zt), o(p'i),o7'il,...,
Qbill .
S inc e M is d i v i s i b l e b y a l l o f th e i ntegers X (2/g
, e(p' r,) : x(pl ,),
6Q';l : ^(p';),..., QQil : xb'il, and since oxb') : t (moo p,) for all
prime-powersin the factorization of n, we see that

aM = l (modp,),

wheneverp' is a prime-power occurring in the factorizationof n.

Consequently,from Corollary 3.2, we can concludethat

a M = I ( m o dn ) .

The last congruenceestablishesthe fact that M is a universal exponent.

We must now show that M is the least universal exponent. To do this, we
find an integer a such that no positivepower smaller than the Mth powerof a
is congruent to I modulo n. With this in mind, let r; be a primitive root of

We considerthe systemof simultaneouscongruences

x j11 (modpl')
x : 12 (moa p';)

r- (mod p';).

By the Chineseremainder theorem, there is a simultaneoussolution a of this

system which is unique modulo n : 2'"p'ip'i p';: we will show that
8.6 UniversalExPonents

ordn a - M. To prove this claim, assume that .l{ is a positive integer
aN = I (modn).

Then, if pt is a prime-powerdivisor of n, we have

aN = 1(modp'),

so that
ordo,c | .lf.

we have
But, since a satisfieseach of lhe m * I congruencesof the system,
o rd o ,a: X(p t),

we have
for each prime power in the factorization. Hence, from Theorem 8'1,
\b,) | r{
for all prime powers p' in the factorization of n. Therefore, from Corollary
3.2.weknowthatM: x(pti),...,xb';)l | /{'
Since aM = I (modn) and MIN w h e n e v e ra N = 1 ( m o d n ) , w e c a n
conclude that
ordna : M.

This shows that M - \(n) and simultaneously produces a positive integer a

with ord, a : )r(n). tr

Example. Since the prime-power factorization of 180 is 2232'5, from Theorem

8.20 it follows that
x ( 18 0 ) : Io (2 2 ), o (3 2 ), d (5 ) | : 1 . 2,6, 4l : 12.

To find an integer a with ordlsga : 12, first we find primitive roots modulo 32
and 5. For instance, we take 2 and 3 as primitive roots modulo 32 and
respectively. Then, using the Chinese remainder theorem, we find a solution
of the system of congruences

Primitive Roots

obtaining a = 83 (mod 180). From the proof of Theorem g.20,

we see that
ord1ss83- 12.

Ex am ple. Let n :2 6 3 2 5 .7 .1 3 .1 7 .1 9 -3 7 .7 3T.h en. w e have

\(n ) : [x(26),
oOD, d(I9), o(37),o(7rl
: [,24,2.3, 22, 24, 2.32, 2232,23321
: 144.

Hence, whenever a is a positive integer relatively prime to

2 6' 32' 5' 17' 17' rg ' 3 7 .7w3e k n o w th a t a t4 4: r ( moo

We now return to the Carmichael numbers that we discussed

in Section 5.2.
Recall that a Carmichael number is a composite integer
that satisfies
bn-r : I (mod n) for all positive integers D with (b, n) : r-.
we proved that
if rt : Q.r4z 4k, where Qv Q2,...,e* are distinct primes satisfying
@i - 1) | tn-l) for i : r,2,...,,k, ih.n i it u carmichaer number. Here, we
prove the converseof this result.

Theorem 8.21. rf n ) 2 is a carmichael number, then n :

Qtez Qk,
yh.r-. ^the - q;'s are distinct primes such that (qi - r)'l'(n-rl i;;
j : 1 , 2 , . . .k, .

Proof. If n is a Carmichael number, then

br-t : I (mod n )

for all positiveintegers6 with (b,n): l. Theorem 8.20 tells us that there is
an integer a with ordna : X(n), where I(n) is the minimal universal
exponent,and sincean-r = I (mod re), Theorem g.l tells us that

Now n must be odd, for if n was even, then n-l would be odd, but
tr(n ) is
even (sincen ) 2), contradictingthe fact that ),(n) (r-l).
We now show that n must be the product of distinct primes. Suppose has
a prime-powerfactor pt with t>2. Then

rQ') :0(p') : pt-t (p-l) | x(n) : n-t.

This implies that p | (n-l), which is impossiblesincep n.Consequently,

I n
must be the product of distinct odd primes, say
8.6 UniversalExPonents

tt : QtQz Qtc'

We conclude the proof by noting that

\(qi) : O(q) : (qi-D I r(n) : n-l' E

We can easily prove more about the prime factorizations of

different odd
Theorem 8.22. A Carmichael number must have at least three
prime factors.

just one prime

proof. Let n be a carmichael number. Then n cannot have
primes. So assume
factor, since it is composite, and is the product of distinct
that n : pq, where p and q are odd primes with p>q' Then

n-l: pq-l: (p-Dq + Q-1) = q-l + 0 (modp-l)'

which shows that (p-l) I (n -l) Hence, n cannot be a Carmichael number

if it has just two different prime factors. E

8.6 Problems
l. Find tr(n). the minimal universal exponent of n, for the following values of

il 100 e) 2n3t'52'7
b) r44 f ) 2 s 3 2 ' 5 2 ' 7 3l'2l ' 1 3 '1 7 ' 1 9
c) 222 e) 1o!
d) 884 h) 20!.

2. Find all positiveintegersn suchthat tr(n) is equalto

a)l d)4
02 e)5
c)3 CI6.

3. Find the largestintegern with tr(z) : 12.

4. Find an integerwith the largestpossibleorder modulo

a) 12 d) 36
b) ls e) 40
c) 20 f) 63.
Primitive Roots

5 . Show that if m is a positive integer, then tr(rr) divides

6fu) .
6. show that if m and n are rerativery prime positive
integers, then
|r(mn) : [tr(re), tr(n)].

7. Let n be the largest positive integer satisfying the equation

),(n ) : a, where c is
a fixed positive integer. Show that if la is another solution
of tr(z) : a,then m

8 . Show that if n is a positive integer, then there are exactly

d(I(n)) incongruent
integers with maximal order modulo z.

9 . Show that if a and m are relatively prime positive integers, then

the solutions of
the congruence ax = b(mod m) are the integers x such that
x = at'(m)-tb (mod m ).

1 0 . show that if c is a positive integer greater than one,

then the integers
l' ,2' ,-.-, (m-l)' form_a complete system of residuesmodulo m if and,only if
is square-freeand (c,tr(m )) : l.

ll. a) Show that if c and m are positive integers then the

x" = r (mod m) has exactly

fI (l + (c-t , Obi))

incongruent solutions, where m has prime-power factorization

m : pi'pi, . .. p:..
b) Show that x' = x(mod z) has exactly 3, solutions if and only if
(c-1, 6(m)) :2.

12. Use problem l1 to show that there are always at least 9 plaintext messages
are not changed when encipheredusing an RSA cipher.
1 3 . Show that there are no carmichael numbers of the form 3pq where p and q

t 4 . Find all carmichael numbers of the form 5pq where p and q are primes.
1 5 . Show that there are only a finite number of carmichael numbers of the form
fl : pqr, where p is a fixed prime, and q and r are also primes.

1 6 . Show that the deciphering exponent d for an RSA cipher with enciphering
(e,n) can be taken to be an inverseof e modulo ),(n)

8.6 Computer Projects

Write programs to do the following:

l. Find the minimal universal exponent of a positive integer.

8.7 Pseudo'RandomNumbers

exponent of
2. integer with order modulo n equal to the minimal universal

3. Given a positive integer M, find all positive integers n with minimal universal
exponent equal to M.

4. Solve linear congruencesusing the method of problem 9'

8.7 Pseudo-RandomNumbers
Numbers chosen randomly are often useful in computer simulation
perform simulations, some method for generating
complicated phenomena. To
means for
random numbers is needed. There are various mechanical
but these are ineffficient for computer use'
generating random numbers,
computer arithmetic is preferable' One
Instead, a systematic method using
by Von
such method, called the middte ' square method, introduced
To generate four-digit random numbers, we start
Neumann, works as follows.
number, say 6139. We square this number to
with an arbitrary four-digit
*. tuk. the middle four digits 6873 as the second
obtain 37687321',and
of random
random number. We iterate this procedure to obtain a sequence
and removing the middle four-digits to obtain a new
numbers, always squaring
the preceding one. (ttre square of a four-digit number
random number from
has eight or fewer digits. Those with fewer than eight digits are
eigtrt-digit numbers by adding initial digits of 0')
Sequences produced by the middle-square method are' in reality,
number is known, the entire
randomly chosen. When the initial four-digit
,"qu.n.. is determined. However, the sequenceof numbers produced
useful for computer simulations.
to be random, and the numbers produced are
The integers in sequencesthat have been chosen in some methodical manner,
but appear to be random, are called pseudo-random numbers.
It turns out that the nriddle-square method has some unfortunate
weaknesses. The most undesirable feature of this method is that, for many
choices of the initial integer, the method produces the same small set of
numbers over and over. For instance,starting with the four-digit integer 4100
and using the middle-square method, we obtain the sequence
8 1 0 0, 6100, 2100,41 0 0 , 8 1 0 0 , 6 1 0 0 , 2 1 0 0 ,... w h i ch onl y gi ves four di fferent
numbers before rePeating.
The most commonly used method for generating pseudo-randomnumbers is
called the linear congruential method which works as follows. A set of
integerst/t, e, c, and xs is chosenso that m ) 0, 2 < a 4' m, 0 < c 4 m'
and 0 ( xo ( z. The sequence of pseudo-random numbers is defined
Primitive Roots

xn+r 3 axn * c (mod m), 0 ( xr+r 1 r/t,

fo r f t : 0, 1, 2, 3 ,... . We c a l l m th e mo dul us,

a the mul ti pl i er, c the
increment, and xs the seed of the pseudo-random
number generator. The
following examplesillustrate the lineai congruential

Example. With m:12, a-3, c:4, and r0:5, we obtain

xt E 3'5 + 4=7 (mod12),so that xr: j. Similarly,
we find that x2: 1,
s i n c ex z = 3 . 7 + 4 : I ( m o d I 2 ) , x 3 : 7 , s i n c e x : E
3 . 1+ 4 = 7 ( m o d l 2 ) ,
and so on' Hence, the generator producesjust three
different integers before
repeating. The sequence of pseudo-iandom numbers
obtained is

With frt : 9, e : '1, c : 4, and x0 : 3, we obtain

the sequence
3, 7, 8, 6, l, 2, 0, 4, 5,3,... . This sequence contains g
different numbers
before repeating.

The following theorem tells us how to find the terms

of a sequence of
pseudo-randomnumbers generated by the linear
congruential method directly
from the multiplier, the increment, and the seed.

Theorem 8.24. The terms of the sequence generated

by the linear
congruential method previously describedare given by

X1, akxo+ c(ak-l) /(a-l) ( m o dl a ) , 0 ( x r 1 m .

Proof. We prove this result using mathematical induction.

For k : l, the
formula is obviously true, since rr E axs* c (mod
m),0 ( xr 1m.
Assume that the formula is valid for the ftth term. so that

x* z akxo + c(ak-l)/b_l) (modt?t), 0 ( xr I m.

xk+t *c (modz), 0(xr+r 1t/t,

we have

xr+r s a(akxs+ c(ak-l)/fu-l)) + c

= a k + t x o* c ( a G k - l ) / G - t ) + t
= a k + l x o* c ( a k + r - D / G - D ( m o dz ) ,

which is the correct formula for the (k+t)ttr term. This demonstrates
the formula is correct for all positive integers k. tr
8.7 Pseudo-Random 277

The period length of a linear-congruential pseudo-random number generator

is the maximum length of the sequenceobtained without repetition. We note
that the longest possible period length for a linear congruential generator is
the modulus m. The following theorem tells us when this maximum length is

Theorem 8.25. The linear congruential generator produces a sequence of

period length m if and only if (c, m) : l, a = 1 (mod p) for all primes p
dividing m, and a = | (mod 4) if a | ^.
Because the proof of Theorem 8.25 is complicated and quite lengthy we
omit it. For the proof, the reader is referred to Knuth t561.
The case of the linear congruential generator with c : 0 is of special
interest becauseof its simplicity. In this case, the method is called the pure
multiplicative congruential method. We specify the modulus la, multiplier a,
and seed xs. The sequenceof pseudo-randomnumbers is defined recursively
xnal - axo (mod m), 0 1 xn+t 1 m.

In general, we can expressthe pseudo-randomnumbers generatedin terms of

the multiplier and seed:
xn a'xo (mod m), 0 1 xn+t 1 m.

If { is the period length of the sequenceobtained using this pure multiplicative

generator,then f is the smallest positive integer such that
x s :- a [x s (m o d l a ).

If (xo, m) : l, using Corollary 3.1, we have

oI=1 (modz).

From this congruence,we know that the largest possibleperiod length is tr(lrr),
where X(rz) is the minimal universal exponentmodulo z.
For many applications, the pure multiplicative generator is used with the
modulus m equal to the Mersenne prime M3r:23r - l. When the modulus
m is a prime, the maximum period length is rn -1, and this is obtained when
a is a primitive root of rn. To find a primitive root of M 31 that can be used
with good results, we frrst demonstratethat 7 is a primitive root of M t.

Proposition 8.1. The integer 7 is a primitive root of M31:23r-1.

278 PrimitiveRoots

Proof. To show that 7 is a primitive root of M31- )31 it is sufficientto


,wt'-Dh 1y ( m o dM t )

for all prime divisors q of Mt-r. with this information, we can conclude
that ord2r,,7 : My-|. To find the factorizationof M31_1, we note that

My-l : 2 3 1- 2 : 2(230-l) : 2(215-t)(Zl5+t)

: z(zs-t)(2to+2s+t) (zs+t) (210-zs+t)
: 2.32-71. 1
3l . I 5 1 . 313.
If we show that
,(Mrr_t)/q q-
I (mod M y)

f o r q : 2 , 3 , 7 , I l , 3 1 , l 5 l , a n d 3 3 1 ,then we know that 7

is a primitive root
of M31 - 214748364j. Since

7{Mil-t)/2 2147483646
+ I (mod M y)
7(Mrrt)13 rsr347773s
+ 1(mod M t)
7(M\-Dn 12053628s
+ 1(mod M t)
7(Mr 1969212174
+ I (mod M y)
7(Mrfr)/3r s t 2+ I (mod M y)
7(M,t-r) /rsl s35044134 + 1(mod M z)
7(Mrft)/33r 1 7 6 1 8 8 s 0+8 3 I (mod M y)

we see that 7 is a primitive root of M31. E

In practice' we do not want to use the primitive root 7

as the generator,
since the first few integers generated are imall. Instead,
we find a larger
primitive root using Corollary 8.2. We take a power
of 7 where the exponent
i s r elat iv elypr im e _to M 3 ;r. F o r i n s ta n c e ,s ince (s, Mrr-1): l , corol l ary
8 . 2 t e l l s u s t h a t 7 5 : 1 6 8 0 7 i s a l s o a p r i m i t i v er o o t . s i n c e ( l 3 , M r r -
l) : l,
another possibility is to use 7t3 : 2s22462g2 (mod Mt) as
the multiplier.
We havely touched briefly on the important subject of pseudo-random
numbers' For a thorough discussion of the generation
and statistical
propertiesof pseudo-randomnumbers see Knuth tse

8.7 Problems

l Find the sequence of two-digit pseudo-random numbers generated

using the
middle-squaremethod, taking 69 as the seed.
8 .7 Ps eudo- Random N u mb e rs

2. Find the first ten terms of the sequenceof pseudo-random numbers generated
the linear congruential method with x0
: 6 and xn+r z 5x, * 2 (mod 19)'
What is the period length of this generator?
generated by
3 . Find the period length of the sequenceof pseudo-random numbers
the linear congruential method with x6
:2 and xn+t 7 4xn * 7 (mod 25)'
4 . Show that if either a : 0 or a - I is used for the multiplier in the generation
pseudo-random numbers by the linear congruential method, the resulting
."qu.n"" would not be a good choice for a sequenceof pseudo-random
length .m, where
5 . Using Theorem 8.25, find those integers a which give period
(r, i) : l, for the linear congruential generator xnal I c (mod m),

a) m:1000 c) m : 106-l
b) nr - 30030 d) m :225-1.

6. Show that every linear congruential pseudo-random number generator can
simply expressed in terms of a linear congruential generator with increment
c : 1 and seed 0, by showing that the terms generated by the linear congruential
generator xn+r7 axn * c (mod lrt), with seed xe, can be expressedas xn
( m o d b : - ( a - 1 ) x o * c ( m o d m ) , y o : 0 ' a n d l n + t ?
6 y, + xo m), where
aln* I (modln).

7 . Find the period length of the pure multiplicative pseudo-random number

generator xn Z cxn-r (mod 231-l) when the multiplier c is equal to

a)z c) 4 e) 13.
b)3 d)s

8 . Show that the maximal possibleperiod length for a pure multiplicative generator
of the form xnal QXn (mod 2"), e 2 3, is 2'-2. Show that this is obtained
-: (mod 8).
when a t3

9 . Another way to generate pseudo-random numbers is to use the

Fibonacci generator. Let m be a positive integer. Two initial integers x6 and x1
less than m are specified and the rest of the sequenceis generated recursively by
the congruolce.r2al :- xn * xn-1 (mod rn), 0 ( xn+r 1 m'

Find the first eight pseudo-random numbers generated by the Fibonacci

g e n e r a t o rw i t h m o d u l u sn : 3 l a n d i n i t i a l v a l u e sx 0 : I a n d x t : 2 4 .

1 0 . Find a good choice for the multiplier a in the pure multiplicative pseudo-random
number generator xn+rZ axn (mod l0l). (Hint: Find a primitive root of 101
that is not too small.)

ll. Find a good choice for the multiplier c in the pure multiplicative pseudo-random
number generator xn i axn-r (mod 22s-1). (Hint: Find a primitive root of
280 PrimitiveRoots

225-l and then take an appropriate power of this root.)

12. Find the multiplier a and increment c of the linear congruential pseudo-random
number generator xn+rt axn * c (mod 1003), 0 ( xn+r < 1003, if xs: l,
x 2 : 4 O 2 , a n dx 3 : 3 6 1 .

13. Find the multiplier a of the pure multiplicative pseudo-random number

generator xnal- QXn (mod 1'000), 0 ( xn11 < 1000, if 313 and 145 are
consecutive terms generated.

8.7 Computer Projects

Write programs to generate pseudo-randomnumbers using the following generators:

l. The middle-sequencegenerator.

2. The linear congruential generator.

3. The pure multiplicative generator.

4. The Fibonacci generator (see problem 9).

8.8 An Application to the Splicing of TelephoneCables

An interesting application of the preceding material involves the splicing of
telephonecables. We base our discussionon the exposition of Ore [28], who
relates the contents of an original article by Lawther [70], reporting on work
done for the SouthwesternBell TelephoneCompany.

To develop the application, we first make the following definition.

Definition. Let m be a positive integer and let a be an integer relatively prime

to m. The + I - exponent of a modulo ru is the smallest positive integer x
such that

et + I (mod rn ).

We are interested in determining the largest possible + 1 - exponent of an

integer modulo m; we denote this by },s(rn). The following two theorems
relate the value of the maximal + I - exponent trs(z) to }.(m ), the minimal
universal exponentmodulo rz.
First, we consider positive integers that possessprimitive roots.

Theorem 8.26. lf m isa positiveinteger,m ) 2, with aprimitive root, then

the maximal *l - exponenttrs(rn) equals0@) / 2: )r@) / 2.
8.8 An Applicationto the Splicingof TelephoneCables 281

Proof. We first note that if m has a primitive root, then \(z) : 6(m).
From problem 5 of Section 6.1, we know that g(m) is even, so that 0@) I Z
is an integer, if m ) 2. Euler's Theorem tells us that
o o tu ) :1 o a tu ) l z l z I (mo d l z),

for all integersa with (a,m) : 1. From problem 7 of Section8.3, we know

that when m has a primitive root, the only solutions of x2 = I (mod m) are
x=-tl (modru). Hence,

sfh) l2: t | ( m o dz ) .

This implies that


Now let r be a primitive root of modulo m with f I - exponent e. Then

re = t | (m o d l a ),

so that
r2'= 1 (modz).

Since ord^r : 6(m), Theorem 8.1 tells us that 6fu) | 2e, or equivalently,
that (6(m) /D I e. Hence, the maximum +l - exponentL6(z) is at least
Q@) / Z. However, we know that l(rn ) 4 6fu) /2. Consequently,
l , s ( r z r ) :6 f u ) / 2 : \ f u ) /2. tr
We now will find the maximal + I - exponent of integers without primitive

Theorem 8.27. lf m is a positive integer withciut a primitive root, then the

maximal +1 - exponent \6(rn) equals I(m), the minimal universal exponent
of m.

Proof. We first show that if a is an integer of order )t(m) modulo z with + I

- exponente such that

ottu)/2# _t (mod z),

then e : X(z). Consequently,once we have found such an integer a, we will

have shown that ),q(tn) : tr(lz).
Assume that a is an integer of order xfu) modulo m with + I - exponent e
such that
282 PrimitiveRoots

o)'tu)/2 # -r (mod ru).

Since o" = + I (mod rn ), it follows that az, = I (mod

z). From
T h e o r e m8 . 1 , w e k n o w t h a t > r f u ) l 2 e . s i n c e x @ )
l2e a n d e ( \(z),
either e:t(m)/2 or e:x(m). To see that er\,(m)/2, note that
a e : - + 1 ( m od ln ), b u t o ),@ )/2* I (m o d rn), si nce ord^o:\(m),
o>'(-)/z # -t (mod z) , by hypothesis. Therefore, we can conclude
that if
o rd. a : ) r ( m ) , a h a s + l - e x p o n e n t e , and a, = _l (mod
z), then
e : h,(m).

We now find an integer a with the desired properties. Let the prime-power
factorization of m be m - 2'op'r' p'; . . . p'r'. we consider several
We first consider those rn with at least two different odd prime
Among the prime-powers p!' diriding ffi,, let pl be one with the
smallest power
of 2 dividi"g Obh. Let ri be a primitive root of p',, for i: 1,2,...,s. Let a
be an integer satisfying the simultaneouscongruences

Q:5 (mod 2')

alri (mod pj') for all i with i # j
o-ri ) (moap!).
Such an integer a is guaranteed to exist by the remainder theorem.
Note that

ord.a: [I(2tg, Ob','),...,

Oe!) / 2 , . . . , 6 Q b 1 ,
and, by our choice or^ pl, we know that this least common multiple
\,(m). ) (mod
e:rj- p!), we know that otb/) /' =
- (modp!).
',!(P'j' I Because
Oeh / z I x@) / z,weknowthat
It(d /2 - t (modp!),
so that

otr(*)/' * -t (mod rn ).

Consequently,the + I - exponentof a is I(z).

The next case we consider deals with integers of the form rn - 2toott
p is an odd prime,tr2l a n d t o ) 2 , s i n c em h a sn o p r i m i t i v er o o t s . When
to: 2 or 3, we have
8.8 An Application to the splicing of Telephone Gables

x ( , n :)1 2 ,e Q \ ' ):l d Q i ' ) .

Let. a be a solution of the simultaneouscongruences
a=l (mod4)
a t r (mod p'i),

: lr(m) ' Because

where r is a primitive root of p'1'. We seethat ord- a
o x @ )/2 1 (mo d 4 ),

we know that
o x (n )/2 + _ l (m o d ru ).

Consequently,the +1 - exponentof a is f
When ts 2 ,,let a be a solutionof the simultaneouscongruences
a=3 (mod2t')
-: (mod p'il;
a r

We see
the Chinese remainder theorem tells us that such an integer exists.
: ',::';, ""n"'
" ^::,:;,:':',i :i:':';:,*ll;:'l

/2 + _t
ox('.'.) (mod rc),

so that the 1l - exponent

of a is tr(rn).
F i n a l l y ,w h e n m : 2 ' o we know that
with ts2 3, from Theorem
ord-5 : X(na),but
/4 - 1 (mod8).
/2 = 152)0(m)

Therefore,we seethat
) / , + _ 1 ( m o dr u ) ;

we concludethat the +1 - exponentof 5 is l(lz)'

This finishes the argument since we have dealt with all caseswhere m
not have a primitive root. tr
284 PrimitiveRoots

We now develop a system for splicing telephone cables. Telephone cables

are made up of concentric layers of insulated copper wire, as illustrated in
Figure 8.1, and are produced in sectionsof specifiedlength.

Figure8.1. A cross-section
of one layer of a telephonecable.

Telephone lines are constructed by splicing together sectionsof cable. When

two wires are adjacent in the same layer in multiple sections of the cable,
there are often problems with interference and crosstalk. Consequently,two
wires adjacent in the same layer in one section should not be adjacent in the
same layer in any nearby sections. For practical purpose,the splicing system
should be simple. We use the following rules to describethe system. Wires in
concentric layers are spliced to wires in the corresponding layers of the next
section, following identical splicing direction at each connection. In a layer
with m wires, we connect the wire in position j in one section, where
I < i ( rn to the wire in position S(j) in the next section,where S(i) is the
least positive residue of I + (j-l)s modulo m. Here, s is called the spread
of the splicing system. We see that when a wire in one section is spliced to a
wire in the next section, the adjacent wire in the first section is spliced to the
wire in the next section in the position obtained by counting forward s modulo
m from the position of the last wire spliced in this section. To have a one-to-
one correspondencebetween wires of adjacent sections, we require that the
spread s be relatively prime to the number of wires z. This shows that if
wires in positions j and k are sent to the same wire in the next section, then
.S(j) : S (k) and
8.8 An Applicationto the Splicingof TelephoneCables 285

I + (j-l)s : I + (k-l)s ( m o dz ) ,

so that js = ks (mod m ). Since (m, s) : l, from Corollary 3.1 we seethat

j = k (mod z ), which is imPossible.

Example. Let us connect 9 wires with a spread of 2. We have the

I *l 2-3 3*5
4-7 5*9 6-2
7 -4 8*6 9-8.

This is illustratedin figure8.2.

Figure8.2. Splicingof 9 wireswith spreadof 2.

The following proposition tells us the correspondenceof wires in the first

section of cable to the wires in the n th section.

Proposition 8.2. Let S'(7) denote the position of the wire in the nth section
spliced to the 7th wire of the first section. Then
.S'(j) = I + (7-l)s'-r (modz).

Proof. For n : 2, by the rules for the splicing system, we have

s 2 (j ) : I + (r-l )s (mo d rn ),

so the proposition is true for n : 2. Now assumethat

S'(j) : I + (7-1)sn-r (modla).

Then, the next section, we have the wire in position S'(7) spliced to the

wire in position
gn+r(r) = I + (,Sr(,r)-t),

=li f1;i)',*dm)
This shows that the proposition is true. D

In a splicing system, we want to have wires adjacent

in one section
separated as long as possible in the following sections.
After n splices,
Proposition8.2 tells us that the adjacentwires in the
7th and j+l th positions
are connected to wires in positions Sr(j) = I + (7_l)s, (mod rn ) and
,s'(j+l): I t jsn (mod m), respectively.These wiies are adjacent
in the
n th section if, and only if,

.S' (i ) - S ' i n (i + t) : r | (mod m).

or equivalently,
(t + (j-l)s') - (l+7sn) = + I (modln),

which holds if and onlv if

sn: tl (modm).

We can now apply the material at the beginning of

this section. To keep
adjacent wires in the first section separatedas long as possible,
we should pick
for the spreads an integer with maiimar + l - .^ponrnt

Example. with 100 wires, we should choose a spread

s so that the f I
exponentof s is ro(too) : ^,(100) : 20. The appropriate
that s : 3 is such a spread.

8.8 Problems

l. Find the maximal t I - exponent of

a) t7 d) 36
b) 22 e) 99
c) 24 f) 100.

2. Find an integer with maximal * I - exponent modulo

il 13 il2s
8.8 An Application to the Splicing of Telephone Cables 287

b) 14 e) 3 6
c) t5 f) 6 0 .

3. Devise a splicing scheme for telephonecables containing

a) 50 wires b) 76 wires c) 125 wires.

4. Show that using any splicing system of telephone cables with ln wires arranged
in a concentric layer, adjacent wires in one section can be kept separated in at
most [ @-l) / 2] successivesectionsof cable. Show that when lz is prime this
upper limit is achievedusing the system developedin this section.

8.8 Computer Projects

Write programs to do the following:

1. Findmaximal tl -exPonents.

2. Develop a scheme for splicing telephonecables as describedin this section.

Quadratic Residues

9.1 Quadratic Residues

Let p be an odd prime and a an integer relatively prime
to p. In this
chapter, we devote our attention to the question: Is a
a perfect square modulo
p? We begin with a definition.

Definition. If m is a positive integer, we say that

the integer a is a
quadratic residue of m if (a,/k) : I and the
ctngruence ,, = a (mod m)
has a solution. If the congruence x2 = a (moa
d has no solution, we say
that a is a quadratic nonresidue of m.

Example. To determine which integers are quadratic

residues of I l, we
co m put e t he s q u a re s o f th e i n te g e rs r ,2, 3,...,r0.
^ ' w e fi nd that
1 2 : 1 0 2 : t ( m o dt t ) , 2 2= 9 2 : i t , n o O - i i i , 3 2 : g 2-
9 ( m o dl l ) ,
42: '12:5 (modll), and 52: 62= t frnoJrrl. Hence,
the quadratic
re s iduesof I I a re I, 3 , 4 , 5 , a n d 9 ; th e i ntegers
2, 6,7, g, and 10 are
quadratic nonresiduesof I l.

Note that the quadratic residuesof the positive integer

m arejust the ftth
power residuesof m with /<:2, as defined in Section
8.4. We will show that if
p is an odd prime, then there are exactly as many
quadratic residues as
quadratic nonresiduesof p among the integlrs r,2,...,p -
r. To demonstrate
this fact, we use the following lemma.

Lemma 9.1. Let p be an odd prime and a an integer

not divisible by p.
Then, the congruence

9.1 QuadraticResidues 289

x2= a (modp)

has either no solutionsor exactly two incongruent solutionsmodulo p.

Proof. lf x2 : c (mod p) has a solution, say x : xo, then we can easily

demonstrate that x : -r0 is a second incongruent solution. Since
(-xo )': *& = c ( m o d p ), w e s e e th a t -x s i s a sol uti on. W e note that
xo # -x s ( m od p) , fo r if x o E -xs (mod p), then we have
2 xo :0 ( m od p) . T h i s i s i m Po s s i b l esince p is odd and p tr xo (since
x & = a ( m o d p )a n dp t r a ) .
To show that there are no more than two incongruent solutions,assumethat
x : xo and x : xt are both solutions of x2 = a (mod p). Then, we have
x & = x ? = a ( m a d p ) , s o t h a t x & - x ? : (xo*x r) (xo-x r) = 0 (mod p).
Hence, pl(xs+x1) or pl(xo-xr), so that x | :- -xe (mod P) or
xr E xe (mod p). Therefore,if there is a solution of x2 = a (mod p), there
are exactly two incongruent solutions. tr
This leads us to the following theorem.

Theorem 9.1. If p is an odd prime, then there are exactly Q-l)12 quadratic
residues of p and Q-l) /2 quadratic nonresiduesof p among the integers
1 , 2 , ' . ' , p- l '

Proof. To find all the quadratic residuesof p among the integers 1,2,...,p-l
we compute the least positive residuesmodulo p of the squaresof the integers
1,2,...,p - l. Since there are p - | squares to consider and since each
congruencex2: c (mod p) has either zero or two solutions,there must be
exactly Q-D/2 quadraticresiduesof p among the integers 1,2,...,p-1. The
remaining p-l - (p-l)/z- Q-l)lZ positive integers less than p-l are
quadratic nonresiduesof p. tr

The special notation associatedwith quadratic residues is described in the

following definition.

Definition. Let p b e a n odd prime and a an integer not divisible by p. The

Legendre symbol
frl is defined by
f,l _ { I if a is a quadratic residue of p

IrJ l. -l if a is a quadratic nonresidueof p.

I o I
Example. The previousexampleshowsthat the Legendresymt' o r s
Itt ,J'

Q: l, 2,...,10,have the following values:

lrl :lrl :fol-

[",l-[,,l:[,J: :
lal :fgl :f'l-f'l-f'ol ,
[,' ,l- [u ,J:[" ,l: l" ,J:l" ,l:-r
we now present a criterion for deciding whether
an integer is a quadratic
residueof a prime. This criterion is useful
in demonstratingpropertiesof the

Euler's criterion' Let p be an odd prime and

let a be a positive integer not
d iv is ibleby p. T h e n
r I
lgl= ob-D/27^odp).
lp )

Proof. First, assume that : t Then,thecongruence
x2 : a (modp)
l* |
lp )
has a solution,say x : ro. Using Fermat'slittle
theorem,we seethat
ob-r)/2 - G l 1 < n - r t t ' :* B - t = t ( m o d p ) .

Hence, if know that -

o b -t)/2(modp).

Now consider the case where : - t

l* I Then, the congruence
x.2= a (modp) hasno solutions.o-i?{.orem 3.7,for eachintegeri such
that I t < p-1, thereis a uniqueinteger with I
S 7 < j ( p_1, suchthat
ii - c(mod p). Furthermore,sin-cethe ioniruence L
*i otiroo pl has no
solutions, we know that i * j. Thus,*.."i groupthe integersr,Z,...,p-l
i.nto(r -l) /2 pairs eachwith productc. Multipiying
thesepairs together,we
find that
(p-l)t = ah-t)/21-odp).

W ils on' st he o re mte l l s u s th a t (p -l )t = _l (modp), w e seethat

-l = o b -t)/2 (mo dp).
9 .1 Q uadr at ic Res i d u e s 291

- D
In this case,we also have |,"] o$-t)/2(modp).
l . pJ
Exa m ple. Lel p : 23 a n d c :5 . Since5ll : -l (mod 23), E ul er' scri teri on
rs'l : -1 .
re l l s u s t hat H e n c e ,5 i s a q u a d ra ti cnonresi dueof 23.
l; l
We now prove some propertiesof the Legendre symbol.

Theorem 9.2. ilet p be an odd prime and a and b integers not divisible by p .

( i ) i r a = D ( m o pd ) , t h e n :
[;] t;]

(ii) ["] fbI-f4)

lp)lp) Lp )

(iii) f4l :,
Ip )

Pro o f of 0. lf a = D (m o d p ), th e n x 2 = a (m odp) sol uti on i f and

l tut.,u
Hence,l* I : l+ |
onlyif x2 = b (modp) hasa solution.
lp ) lp )
Proof of (iil. By Euler's criterion, we know that

f al = o(o-r)/z
(mod (mod
r l ' Iql = 6b-D/z
\ ' ^ ! v sp), p),
l.pJ-- V)-"


[ a ) = G D e - t ) / 2( m o dp ) .
Ip )


- o$-t)/z6b-r)/z : ltl
: (ab1e-t)/z (modp).
lp )

Since the only possiblevaluesof a Legendresymbol are * I, we concludethat


Proofof Gii).sincef:l : *r , frompart(ii) it follows
lp )
lor) r-lr )
l,): tflt?):,tr
Part (ii) of Theorem 9.2 has the following interesting
product of two quadratic residues,or of two quadratic
nonresidues,of a prime
is a quadratic residue of that prime, whereas the
product of a quadratic
residue and a quadratic nonresidueis a quadratic
using Euler's criterion, we can classify those primes
having _ l as a
quadratic residue.

Theorem 9.3. If p is an odd prime, then

l - , :
J r i f p :- - l l ( m o d 4 )

f p J t-r if p (mod4).

Proof. By Euler'scriterion,we know that

[ -'' ]
I | = (-1)(r-t)/21-odp).
[r )
If p : I (mod 4), then p :4k * I for some integer ft. Thus,
(1){o-Dtz: (_l)2k : l,

s ot h a t l + f : r . r f p = 3 ( m o d 4 )t,h e np : 4 k * 3
f o rs o m e
i n t e g ef r .
lp )
1-9{o-D/t: (-l)zk+t - -1.

( - ,^ l
sothat | | =-t. tr
Lp )
The following elegant result of Gauss provides
another criterion to
determine whether an integer a relatively prime to the prime
p is a quadratic
residueof p.
9 ,1 Qu adr at ic Res id u e s 293

(a ,p) : l. Ii s
Gauss' Lemma. LeI p be an odd prime and a an integer with
is the number of least positive residues modulo p of the integers
Q , 2 A , 3e,...,((p-D/Da that are greater than p/2, then the Legendresymbol

l-l= = (-l)'.
lp )
proof. Let u1, u2,...,1tsrepresent the least positive residues of the integers
a , 2 a , 3 o, . . . , ( ( p- D / D a th a t a re g re a te rth a n p /2 , and l et v 1, v2,...,v;be the
least positive residues of these integers that are less than p 12. Since
(,r ( b-l)/2, allof theseleastpositiveresidues
Qa,p): I forall 7 with t
arein theset 1,2,...,P l. -

W e w i l l s h o w t h a t p - u t , P - u 2 , . . . , P - u r , v 1 , v 2 , . ' . , vc1o m p r i s et h e s e t o f
integers 1,2,...,(p-D/2, in some order. To demonstratethis, it sufficesto
show that no two of these integers are congruent modulo p, since there are
exactly Q-l)/2 numbers in the set, and all are positiveintegersnot exceeding
It is clear that no two of the ai's are congruent modulo p and that no two
of the v;'s are congruentmodulo p;if a congruenceof either of thesetwo sorts
held, wb would have ma z na (mod p) where m and n are both positive
integers not exceeding Q-D12. Since p tr a, this implies that
7n - n (mod p) which is impossible.

In addition, one of the integers P - 4 cannot be congruent to a, vit

for if
such a congruence held, we would have ma 3 p --na (modp), so that
-n (modp) . This
ma t -na (modil. Sincep tr a, this impliesthat m
both m andn arein the set l, 2,...,(p-l)/2.
is impossible
Now that we know that p - U l , P - 1 1 2 , . . . ' P- U r , V l , V 2 , ,. . . , V t afe the

i n te g e r sl, 2, . . . , ( p- l) 1 2 , i n some order. we conclude that

(P-')(P-uz) ' ' (p-u)v 1v2 vt :-

t+l (mod p ),

which implies that

( e . )l (-t)'ultz' urv1v2 vt [n:i,

(mod p ).
f )
BUt, s i n C e l l 1 , l l 2 , . . . r l l s ,v l , V Z , . . . r v t a r e the least positive residues of
a,2a,...,((p-t)/Da, we also know that

@.2) utuz' L t , v t v 2 - . . vzt a . 2 a . . . 1 + 1 "

lz )
p-r( )
: oT l+lr (moo
l.- )
Henc e,f r om ( 9.1 ) a n d (9 .2 ), w e s e eth a t
p-t( I r l
(-r)'a' lf lr= ll+lr(moap).
lL j t )

Because(p,((p-D/DD: l, this congruence


(-t),a+:l (modp).
By multiplying both sidesby (-l)', we obtain
a 2 : (-t)'(modp).

Since Euler's criterion tells u s t h a t a 2 :
l i l ( m o dp ) , i t f o l l o w s t h a r
lp )
l * | = ( - l ) ' ( m o pd ) ,
tp )
Gauss tr

Exampte.Let o:5 andp:

To find ll. by Gauss.
t+l lemma,we
the leastpositive
of r.5,2.5: llslo s,and5.5. Theseare
5, 10, 4,9, and 3, respectively. Since.,exactlytwo
of these are greater than
t eal l su sr h a t : (-l)2: l.
l+ |
l rr J
Using Gauss' lemma, we can characterize
all primes that have 2 as a
quadratic residue.

Theorem 9.4. If p is an odd prime, then

[p J
9 .1 Qu adr at ic Res id u e s 29s

Hence, 2 is a quadratic residue of all primes p : + I (mod 8) and a

quadratic nonresidueof all primes p + 3 (mo d 8 ) .

Proaf. From Gauss'lemma,we know that if s is the numberof leastpositive

residuesof the integers
1.2, 3.2,
2.2, ...,l+1.'
\- )
thataregreaterthanpl2,then l+ | : (-l)'. Sinceall theseintegers
lp )
than p, we only need to count those greater than p /2 to find how many have
least positive residue greater than p /2.
Th e int eger 2j, wh e re I ( 7 ( b -l )/z , i s l e ss than pl 2w hen i 4 pl a.
Hence, there are Ip /41 integers in the set less than p /2. Consequently,there
are s


: (-D+-tP/al

To prove the theorem, we must show that

+ 2 - el
' 4 - = {p'-1)/8(mod

To establish this, we need to consider the congruence class of p modulo 8,

since, as we will see, both sides of the above congruencedepend only on the
congruenceclass of p modulo 8.
W e f i r s t c o n s i d e rb ' - l ) / 5 . I f p = + l ( m o d 8 ) , t h e np : 8 k + l w h e r ef t
is an integer,so that
(p'-l)/8 - ((sk+t)2-t)/8: G+k2+r6k)/8:8k2+ 2k:0 ( m o d2 ) .

If p : + 3 (mod 8), then P : 8k + 3 where k is an integer,so that

(p'-l)/8 : ((st + iz-D/s: (64k2+ 48k + 8)/8 :8k2 + 6k + l
: I (mod 2).

+ - b /ql. rf p I ( m o d8 ) , t h e np : 8 k + | for some

integer k and

d - - t p / + l : 4 k - l z t c + t / 4 1: 2 k = ( m o d
2 0 2);

if p :3 ( m od 8 ), th e n p : g k * 3 fo r
s o mei ntegerk, and
- b / q l : 4 k + I - t 2 * + 3 / 4 :1 2 k + l = ( m o d
+ I 2);
l f p = 5 (mod 8), then p : Bk f 5 for some integer
k, and
-tp/ql : 4k + 2 - [ztc+ S/4]:
T 2k +l = I (mod2);

i f p = 7 (mod 8), then p : Bk * 7 for some integer k,

- lp/ql:4k + 3 - Izn + 7/41:2k
T + 2 = 0 (mod2).

Comparing the congruence classesmodulo Z of - Ip /41 and (pz-D

* /A
for the four possiblecongruenceclassesof the odd g,
irime p modulo we see
that we alwavs nar" - = {pr-1)/8 (mod 2).
* b/ql

Hence,(Z) : 1-1y(r,-r)/8.
From the computations
of the congruence
classof (pz_l) /g 2), w e see
l?): if
that l3l:l if p:+l(mod8), while
lp )
p = r 3 (mod8). tr

Example. From Theorem9.4,we seethat

: [+]-[*):[+]
[+] :,

[3J [sJ It'.l

f+l:f+l:fal :fzl : [+] Ir,l-
( "L. l

We now present an example to show how to evaluateLegendre


Exampte.To evaluatef+1, we usepart (i) of Theorem 9.2 to obtain

Iu )'
9 .1 Quadr at ic Res id u e s 297

lvt : lg = | 3 | : t . s i n c e3 1 7= 9 ( m o d1 l ) .
|." L' lilJ
To evaluate
Iesl since 8e: -2 (mod13)' we have
lii l,
t3 = I (mod4), Theorem
t1l [U l. Because e.3
1 3 t
. L , lI J3
: t. Since 13 = -3 (mod 8), we see from Theorem 9.4
., fql :_1.
[ ,, t
In the next section, we state and prove a theorem of fundamental
importance for the evaluation of Legendre symbols. This theorem is called
the law of quadratic reciProcitY.
The difference in the length of time needed to find primes and to factor is
the basis of the RSA cipher discussedin Chapter 7. This differenceis also the
basis of a method to "flip coins" electronically that was invented by Blum [821.
Results about quadratic residuesare used to developthis method.
Suppose Ihat n : pq, where p and q are distinct odd primes and suppose
t h a t t h e c o n g r u e n c ex 2 = a ( m o d n ) , O 1 a 1 t t , h a s a s o l u t i o nx : x 0 .
We show that there are exactly four incongruent solutions modulo n. To see
this, let xoExl(modp), 0(xt 1p, and let xoEx2(modq),
0 ( x2 < q. Then the congruence x2 = a (mod p) has exactly two
' and
i n co n gr uent s olut ion s , n a m e l y x z x ' (mo d p ) x = P -x1 (modp).
Similarly the congruence x2 : c (mod g) has exactly two incongruent
solutions,namely x 2 xz (mod q) and x = Q - x2 (mod g).

From the Chinese remainder theorem, there are exactly four incongruent
solutions of the congruencex2 = a (mod n) ; these four incongruent solutions
are the unique solutions modulo pq of the four sets of simultaneous

x (mod p) (iii) x = p - x 1 ( m o dp )
x (mod q) x z x z (mod q)

(ii) x x 1 (m o d p ) (iv) x - x1 (mod p)

- - x2 (modq).
x Q x z (mo d q ) x

We denote solutions of (i) and (ii) by x and y, respectively.Solutionsof (iii)

and (iv) are easily seento be n-y and n-x, respectively.

We also note that when p = q =

3 (mod 4), the solutions of
x2: a ( m odp ) a n d o f x 2 : a (mo d q )
ur" , - ;' o< i * r\to (modp) and
x = t oQ+1)/4(mod g), respectively. ny
eut.r,, criterion, we know that
oQ-D/2- l:l: I (mod
r ) a n d o e - D / z -l + l : l ^ \ r(rm
r vo
u Yd/ q )( r e c atl h
l at
lp) lq)
we are assuming that x2 : a (mod pq)
hur' solution, so that a is a
quadratic residueof both p and q) . "
1 o V + r ) / t 7:2 e Q + D / 2- o b - D / z . a = a ( m o dp )

a nd

1 o Q + t ) / t 1:2 e Q + o / z: o e - D l z . a = a (modq).

Using the chinese remainder theorem, together

with the explicit solutions
just constructed' we can
easily find the four incongruent solutions
x2 = a (mod n) . The following example illustrates of
this procedure.

Example' Supposewe know a priori that the

x2 = 860 (mod I l02t)

h as a s olut ion's i n c e 1 1 0 2 1:1 0 3 ' 1 0 7 ,

to fi nd the four i ncongruentsol uti ons
we solve the congruences

x2 :860 = 36 (mod103)



The solutionsof these congruencesare

; : + 3 6 ( r o : + D / q - + 3 6 2 6 = + 6 (mod

r = + 4Qo7+D/a
= t 427: * 2 (mod 107),

respectively. Using the chinese remainder

theorem, we obtain x 4 *. 2r2,
* 109 (mod ll02l) as the solutions of the
four systems of congruences
described by the four possible choices of signs
in the system of congruences
x = + 6 ( m od 1 0 3 ),x = + 2 (mo d 1 0 7 ).
we can now describe a method for electronicaily
flipping coins. suppose
that Bob and Alice are communicating electronically.
etice !i.t, two distinct
9.1 QuadraticResidues 299

large primes p and q, with p = q = 3 (mod 4). Alice sendsBob the integer
n : pq. Bob picks, at random, a positive integer x less than n and sends to
Al i ce the int eger a w i th x 2 : a (m o d n ),0 ( a I n. A l i ce fi nds the four
so l u ti onsof x 2 = a ( mo d n ), n a me l yx , !, fr-x , a nd n-y. A l i ce pi cksone of
: 2* #
these four solutions and sends it to Bob. Note that since x + y t
0 ( m o d p ) a n d x + y = 0 ( m o d q ) , w e h a v e G + y , n ) : q , a n d s i m i larly
G+h -y) , n) : p. Th u s , i f B o b re c e i v e se i th e r y or n-y, he can rapi dl y
factor n by using the Euclidean algorithm to find one of the two prime factors
of n. On the other hand, if Bob receiveseither x or n-x, he has no way to
factor n in a reasonablelength of time.

Consequently,Bob wins the coin flip if he can factor n, whereas Alice wins
if Bob cannot factor n. From previous comments, we know that there is an
equal chance for Bob to receive a solution of x2 = a (mod n) that helps him
rapidly factor n, or a solution of x2 = a (mod r) that does not help him
factor n. Hence, the coin flip is fair.

9.1 Problems

l. Find all the quadratic residuesof

a) 3 c)13

b)s d) te.
2 . Findt he v alueof t h e L e g e n d re : 1,2,3,4,5,and
l + I,fo r7

3. Evaluate the Legendre symbol

il using Euler's criterion.

b) u s i n gG a u s s ' l e m m a .

4. Let a and b be integers not divisible by the prime p. Show that there is either
one or three quadratic residuesamong the integers a, b , and ab .

5. Show that if p is an odd prime, then

ll ifp I or 3 (mod 8)
l-r itp -l or -3 (mod 8).

6. Show that if the prime-power factorization of n is

pl"*t ' " pi"*tpili'
n : p?"*t Pn

and q is a prime not dividing n, then


7 . S h o w t h a t i f p i s p r i m e a n dp - 3 ( m o d 4 ) , t h e n
= (_t), (modp),
where I is the number of positive integers less
than p /2 that are quadratic
residuesof p.

8 . show that if b is a positive integer not divisibre by the prime

p, then

i*l . l p ) i+l.
l p ) l+1.
p ) "
9 . Let p be prime and a a quadratic residue of p.
Show that if p = | (mod 4),
then -a is also a quadratic residue of p, whili it p = 3 (mod
i), th"n _a is a
quadratic nonresidueof p.

1 0 . Consider the quadratic congruence ax2 * bx * c =

0 (modp), where p is
prime and a,b, and c are integers with p a.
il Let' p :2. Determine which quadratic congruences(mod 2)
b) Let p be an odd prime and let d : b2 - 4ac.
show that the congruence
axz + bx * r 0 (mod p) is equivarent to the congruence
y2 = d (modp), where y :2ax t b.
Concludethat if d =0 (modp),
then there is exactly one solution x modulo p, if
d is a quadratic residue of
p, then there are two incongruent solutions,
while if d is a quadratic
nonresidueof p, then there are no solutions.
Find all solutionsof the quadratic congruences

a) x2+ x*l=0(mod7)
b) x2+5x+l:0(mod7)
c) x2+3x+l=0(mod7).

12. Show that if p is prime and p 2 7, then

a) there are always two consecutivequadratic residues p (Hint: First show
that at least one of 2,5,and r0 is a quadratic residu.
b) there are always two quadratic residuesof p that differ
by 2.
c) there are always two quadratic residuesof p that differ
by 3.
1 3 . Show that if a is a quadratic residue of the p, then the solutions of
x2 = a (mod p) are

il x E - F a n + l ( m o dp ) , i f p : 4 n * 3.
b) x E * 2 2 n + r o n +(rm o d p ) , i f p : g n * 5.
9.1 Ouadratic Residues 301

then the solutionsof x2 = I 2 (mod p) are given by

x E t (r1n t r ' ) ( m o dp ) ,

where the * sign in the first congruencecorrespondsto the + sign inside the
parenthesesin the secondcongruence.

15. Find all solutionsof the congruencex2 = I (mod l5).

16. Let p be an odd prime, e a positive integer, and a an integer relatively prime to

a) Show that the congruencex2: a (modp"), has either no solutions or

exactly two incongruent solutionsmodulo p".

b) Show that there is a solution to the congruence x2 = a (mod p'*') if and

only if there is a solution to the congruencex2 = a(mod p"). Conclude
that the congruencex2 = c(modp") has no solutionsif a is a quadratic
nonresidueof p, and exactly two incongruent solutions modulo p if a is a
quadratic residueof p.

c) Let n be an odd integer. Find the number of incongruent solutions modulo

n of the congruencex2 = a(mod n), where n has prime-powerfactorization
| !-l lgl
n : p'ipti ' . ' p';, in terms of the Legendre
' a - - - symbols
J l-
[p, j""', lo. )'
t 7 . Find the number of incongruent solutionsof
il x2 : 3l (mod 75)
b) x2 : 16 (mod 105)
c) x2 : 46 (mod 231)
d) x2 = l156 (mod 32537stt6).

1 8 . Show that the congruencex2 = a(mod 2"), where e is an integer, e 2 3, has

either no solutionsor exactly four incongruent solutions. (Hint: Use the fact that
( * x ) 2 : ( 2 e - t* x ) 2 ( m o d 2 " ) . )

Show that there are infinitely many primes of the form 4k * l. (Hint: Assume
t h a t p t , p 2 , . . . , p na r e t h e o n l y s u c h p r i m e s . F o r m N : 4 ( p p z " ' P ) 2 * l, and
show, using Theorem 9.3, that N has a prime factor of the form 4k * I that is
not one of p1,p2,...,pn.)

20. Show that there are infinitely many primes of the form
a) 8k-l b) 8&+r c) 8fr+5.

(Hint: For each part, assumethat there are only finitely many primes Pr,P2,...,Pn
of the particular form. For part (a) look at @ppz"'P)2 - 2, for part (b),
l o o ka t ( p r p r " ' p ) 2 * 2, and for part ( c ) , l o o ka t ( p p z " ' p , ) z + 4. In each
Quadratic Residues

part' show that there is a prime factor

of this integer of the required form not
among the primes pr,p2,...,pn use Theorems
9.3 and 9.4.)
21. Show that if p is an odd prime,.then
the congruencex2 = a (modpn) has a
solution for all positive integers n if and only
if a" is a quadratic residue of p.
22' show that if p is an odd prime with primitive
root r , and a is a positive integer
not divisibleby p, then a is a quadratic
residue of p if and onty irino"a is even.
23' Show that every primitive root of an
odd primep is a quadratic nonresidueof p.
24. Let p be an odd prime. Show that
there are (p-D/z _ 6e_D quadratic
nonresiduesof p that are not primitive roots
of p.
25' Let p and' q :2p * I both be odd primes.
Show that the p-l primitive roots
of q are the quadratic residuesof g, other
than the nonresidue2p of q .
26' show that i! p and' q - 4p I are both primes and if a is a quadratic
nonresidueof q with ordoa * 4,thena is a primitive root of q.
27' Show that a prime p is a Fermat prime if
and only
J --
if every
- '-'J quadratic
1-*uras1 nonresidue
of p is also a primitive root of p. .
28. Show that a prime divisor p of the Fermat
number Fn : 22.* I must be of the
form 2n+2k+ r. (Hint, show that irioz - 2n+1. Then show that
2$-tttz = I (mod p) using Theorem 9.4.
conclude that 2n+tle-D/2)
29. a) Show that if p isa primeof the form4ft *
3 and q :Zp * I is prime, then
q dividesthe Mersenne number Mo :
2p-L (Hint: Consider thl Legendre
s y m b o ll : 1 . )
b) Frompart (a), showthat nl Mr,47l M23,and
5031 Mrr.
3 0 . S how t hat if n i s a p o s i ti v ei n te g e ra n d
2n* r i s pri me,and i f n s0 or
3( m od4) , t h e n 2 n * | d i v i d e sth e M e rs enne
j l numberMo:2n_1, w hi te i f
n o r 2 ( m o d 4 ) , t h e n * I d i v i d eMs n * 2 : 2 n t L ( H i n t :C o n s i d e r t h e
Legendresymbol useTheorem9.4.)
l+ |
l z n + r ) "na
Showthat if p is an odd prime,then

'p >
-2 (.'. -' l
l / ( i + l ) l : _ , .'
t-"- [ p )

thar : *n".r7-is
f+l [+l - " aninverse
of 7 modulo
I P J t P )
32' Let p be an odd prime. Among pairs of consecutive
positive integers less than p,
let (RR), (RN), (NR), ano (Nu) denote the number
of pairs of two quadratic
9 .1 Q uadr at ic Res id u e s 303

residues, of a quadratic residue followed by a quadratic nonresidue, of a

quadratic nonresidue followed by a quadratic residue, and of two quadratic

il Show that

(RR) + (RN) :
(NR) + (NN) : -'*t-11{r-D/21
(RD + (NR) :
(RN) + (NN) :
b) Using problem 30, show that
,il^ ( t(t+l)
l - + (NN)- (RN)- (NR): -r.
| : (no
t:' I P )
c) From parts (a) and (b), find (RD, (RN), (NR), and (NN).

3 3 . Use Theorem 8.15 to prove Theorem 9.1.

3 4 . Let p and q be odd primes. Show that
a) 2 is a primitive root of q, if q : 4p * 1.

b) 2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 / < * I a n d Q : 2 p * l.

c) - 2 i s a p r i m i t i v er o o t o f q , i f p i s o f t h e f o r m 4 k - I a n d Q : 2 p * l.

d) -4 is a primitive root of q, if q : 2p * | '

35. Find the solutionsof x2 = 482 (mod 2773) (note that 2773:41'59).

36. In this problem, we develop a method for deciphering messagesencipheredusing

a Rabin cipher. Recall that the relationship between a ciphertext block C and
the corresponding plaintext block P in a Rabin cipher is
C = P Q+O) (mod n), where n: pq, p and q are distinct odd primes, and b
is a positive integer less than n.

a) Show that C *a 3 (f+6)2(modn), wherea =(lD2 (modn), and 2 is

an inverseof 2 modulo n.

b) Using the algorithm in the text for solving congruences of the type
x2 = a (mod n), together with part (a), show how to find a plaintext block
P from the correspondingciphertext block C. Explain why there are four
possible plaintext messages. (This ambiguity is a disadvantage of Rabin

c) Using problem 35, decipher the ciphertext message 1819 0459 0803 that
w a s e n c i p h e r e du s i n g t h e R a b i n c i p h e r w i t h D - 3 a n d n : 4 7 ' 5 9 : 2 7 7 3 .

37' Let p be an odd prime and let c be the ciphertext

obtained by modular
exponentiation, with exponent e and modulus p,
from the plaintext p, Le.,
c = p' (modp),0 < c ( n, where(e,p-l) :1.
show tnalc is a quadratic
residue of p if and only if p is a quadratic residue p
of .
38' a) Show that the second player in a game of electronic poker (see
Section 7.3)
can obtain an advantage by noting which cards have
numerical equivalents
that are quadratic residuesmodulo p . (Hint: Use proble
m 37.)
b) Show that the advantage of the second player noted
in part (a) can be
eliminated if the numerical equivalents of cards
thai are quadratic
nonresiduesare all multiplied by a fixed quadratic nonresidue.
39' Show that if.the probing sequencefor resolving collisions
in a hashing scheme is
h1(K) = h(K) + ai * biz (modn), wherJ n<x>
i r u 6 u r t i n g *f u n c t i o n ,z i s
a positive integer, and a and 6 are integers with (b
,m) : l, thJn only half the
possible file locations are probed. This is called
the quadratic search.

9.1 Computer Projects

Write programs to do the following:

l. Evaluate Legendre symbols using Euler's criterion.

2. Evaluate Legendre symbols using Gauss' lemma.

3' Flip coins electronically using the proceduredescribed

in this section.
4' Decipher messagesthat were encipheredusing a Rabin
cipher (see problem 35).

9.2 The Law of QuadraticReciprocity

Ol elegrant., theorem of Gauss relates the two Legendre symbols
| 9 I "'o | * I, wherep and,q are both odd This theorem, called
lq) lp)
the law of quadratic reciprocity, tells us whether
the congruence
x2 : p (mod q) has solutions, once we know whether
there are solutions of
the congruencex2 = p(mod q), where the roles of p and q
are switched.
We now state this famous theorem.

The Law of Quadratic Reciprocity. Let p and q be odd prirnes.

f )f
,l ^, p-t.q-l

lzlle_l_ eD-, .
tq ) lp )
9.2 The Law of Quadratic Reciprocity 305

and its use. We

Before we prove this result, we will discussits consequences
first note that the quantity Q-D/2 is even when p =-l(mod 4) and odd
we see that
when p = i(mod 4). Consequently, is even if
+ +
p =t (mod4) or q = | (mod4), while + is odd if
p = q = 3 (mod 4). Hence, we have
folInl Jr rf p:l(mod4)orq=t(mod4)
|.;l F)--l-t irP:q=3(mod4)'
values l+'l uno [+
Sincetheonlypossible t l, weseethat
" lq) l p ) "r.
{r )

I l"l t t p = t ( m o d 4 ) o r q = t ( m o d 4 ) ( o rb o t h )
lq,| l-["I uo =q=3(mod4).
I tp J

Thismeansthat if p andq areodd then [+l : [*'l

primes, both
l q , ) . , l P J ,""
p andq arecongruent 4,andinthat.ur.,
to 3 modulo : -[;]

Example. Let p: 13 and q:17. Since =rq = | (mod4), the law of

quadratic reciprocity tellsusthat : Frompart(i) of rheorem
| # 'I I\ i+ 'l.'

e . 2 , w e k n o w t. l I t t ' l
lq \

r ;:il ;:.'il.":'_.
/\\ l",J: |.,, j:
t h a tl * l : t
I I/ J

Example. Let P : 7 and Q : 19- Sincerp = q = 3r(mod 4) , from the law of

quadratic reciprocity, we know that :- I 12 l. From Dart (i) of
lil L7 )
9.2,weseethat t+
Theorem I: Again'
using the iaw of quadratic
l./ ) l+l
Quadratic Residues

reciprocity,since5 = l(mod 4) and 7 = j(mod

part ., (i) of Theorem

4), we have : [+]
f-T 2.2 and Theorem 9.4, we know that
l+l - l?l : -' Hence
[+l : ,
r' rrv','lvutrl
we can use the law of quadratic reciprocity
and Theorems 9.2 and 9.4 to
evaluate Legendre symbols. Unfortunately, "pii..
factorizations must be
computed to evaluate Legendre symbols in
this wav.

Example.We will calculate

l:rt I
, wefactor
73: 233"";;,;,"_ ,"Jm,::""::1,:'j:;:"'"""
[+l :[+l :l-,' lfg-l
IrooeJtroorJ- [t*n,Ji,*r,J
To evaluate the two l-sgsndre symbors
on the right side of this equarity, we
use the law of quadratic reciprocity. Since
tOoq i I (mod 4), ;. see that

Izt ] frooeIIr' l:[1ql

Irooej:tr ,|'lrootj l3r )
Using Theorem 9.2, paft (i), we have

Irooql lzol
lx ,l:t",l :[+]
By parts (ii) and (iii) of Theorem9.2.

lpl :lzri :l
123) [zr )- t
The law of quadratic reciprocity, part
and Theorem 9.4
tell us that

[' l-
IzrJ- ITj
(rtl : :t+] : -1
9 .2 T he Law of Q u a d ra ti c R e c i p ro c i ty 307

Likewise, using the law of quadratic reciprocity, Theorem 9.2, and Theorem

[+]: [+][+]-[+]: [+]: [+]

9.4, we find that

lul -: fll ::
|.r' ,| |.tt .|
l3 J
consequently, :
(- \
l# I : t-r)(-l) : t
[,009 )
We now present one of the many possibleapproachesfor proving the law of
quadratic reciprocity. Gauss, who first proved this result, found eight different
what was facetiously
iroofs, and an article published a few years ago offered
ialled the l52nd proof of the law of quadratic reciprocity. Before presenting
the proof, we give a somewhat technical lemma, which we use in the proof of
this important law.

Lemma rfp an odd prime and a is an odd integer not divisible by p,

lgl: 1-11rb'il,

(P-r) /2
j -r

Proof. Consider the least positive residues of the integers

It, be those
a , 2 a , . . . , ( ( p - l )l D a ; l e t u1, 112,..., greater than /2 and let
v t, v2,...,v, be those less than p /2. The division algorithm tells us that

ja : pljo lpl + remainder,

where the remainder is one of the uj's or vj's. By adding the Q-l)/Z
equationsof this sort, we obtain

@-D lz b-D /2 r
(e.3) ,
.Z ia:
a p f , i a / p* ilju: l i + i v 1j : l.

As we showedin the proof of Gauss'lemma,the

integersp _ ur,...,p _ us,
vt,...,vt are precis.ely
the integers1,2,...,b-l)/2, ii someo.j... Hence,
summingall theseintegers,we obtain
b-r)/2 s 1
(e.4) i: \ Q-u)+ ) vi:ps- i q+
j :Z
r j:r j_r
j:l t*l

Subtracting (9.4) from (9.3), we find that

g_r)/z (p_D/2 (p_D/2 r
j:t j-t j_t j _l

or equivalently,
sinceT(a,p) :t')'' Ija/pl,
. (p-t) /2
j: I j:r

Reducing this last equation modulo 2, since

a and,p are odd, yields
o = T(a,p) - s (modD.


T(a,p) =s (mod2).

To finish the proof, we note that from Gauss, lemma

|,) (-t)'.
tp )
Consequently, (-t)" : (-1)r6,e), it follows that
lgl:1-1;r(a,r). g
lp )
Although Lemma 9.2 is usedprimarily as a tool in
the proof of the law of
quadraticreciprocity,it can alsobe usedto evaruate

Example.To find
|'+ I , usingLemma9.2, weevaluate
the sum
l'^ J
The Law of OuadraticReciprocity 309

1 7j / r r l : I 7l u l + t r 4 / r t l + I 2 r l t l l + [ 2 8 / l l ] + t 3 s / l 1 l
:0+ I + I +2+3:7.

H e n cle+,l : ( - l ) 7 : - 1 .
L" J
r )
to find I + t, wenotethat
l./ )
: lrrl7l + t22l7l+ l33l7l: 1 * 3 * 4 - 8,
) tr rilll

s ot h a rt + | : ( - l ) 8 : l .
L/ )
Beforewe presenta proof of the law of quadraticreciprocitY,we use an
exampleto illustratethe methodof proof.
Let p : 7 and Q : ll. We consider pairs of integers k ,y) with
7-l :3 llll : 5 . T h e r ea r e 1 5 s u c hp a i r s ' W e
l(x<;:3andl(Y '- andI ( v < 2
note that no-n.of thesepairs satisfyllx : 7y, sincethe equalityllx
i.pfi"r that 1t l1y, so tirat eitherit I Z, whichis absurd,or 11 ly, whichis
impossiblebecauset ( y ( 5.
We dividethese15 pairs into two groups,dependingon the relativesizesof
llx and7y.
The pairs of integersG,y) with I ( x < 3, I ( y { 5, and llx > 7y
urc pr..isely thosepairs satisfyingI ( x ( 3 and 1 ( y ( 11xl7. For a
fixed integerx with 1 ( x ( 3, there are lttx/ll allowablevaluesof y.
Hence, the total number of pairs satisfying I ( x < 3, 1 ( / ( 5, and
llx ) 1y is
+ I33l7l: I * 3 + 4 : 8;
2 tt tlTl : ttt/tl + 122/71

th e s eeight pair s ar e (l ,l ), (2 ,D , (2 ,2 ), (2 ,3 ), (3 ,1), (3,2), (3,3) and
The pairs of integers G,y) with I ( x < 3, I ( y ( 5, and llx 1 7y
*r. pr..isely those pairs satisfying I ( y ( 5 and 1 ( x 4 7y /tt. For a
fixed integer y with I ( y ( 5, there are lly/ttl allowable values of x.
Hence, the total number of pairs satisfying I ( x < 3, I ( y ( 5, and
llx ( 7y is
310 Quadratic Residues

ltj /ttl : Ij lrrl + [ t L l t r ] + [ 2 r / r t l+ I 2 8 l n] + [ 3 s l l1 ]
:0*l + 1+ 2*3:7.
Thesesevenpairs are (l,2) , ( 1 , 3 ) ,( 1 , 4 ) ,( 1 , 5 ) ,( 2 , 4 ) ,( 2 , 5 ) ,a n d ( 3 , 5 )

Consequently,we seethat
1l-1 35
1 5: ) t r r j l l l + > l t j l t l l : 8 * 7 .
T;:5'3: j-r j-r

rr-l .7-l i,rrrr,r,* i, rtinl
(_t) 2 2:(_l);*' i-l

2lni/tl )Iti/rrl
(- I )i-' (- I )r-'

Since Lemma g.2 t e l l s rrs
.^ + L^+ | rr I
that : (-1;r-t and
17 |
'l 5t/
: ( -.1. )I it-ttr,rw"et s e e t h a t lI t ll fl r r" l | : ( - t ) 2 2
r,'J [11J|.7 )
This establishesthe special case of the law of quadratic reciprocity when

We now prove the law of quadratic reciprocity, using the idea illustrated in
the example.

Proof. We consider pairs of integers (x,y) with I ( x ( Q -l) /2 and

o -l
I ( y ( ( q - D/ 2. T h e re u r" 2 -l such pairs. We divide t-hesepairs
; T
into two groups, dependingon the relative sizesof qx and py.
First, we note that qx I py for all of these pairs. For if qx : py, then
q l p y , w h i c h i m p l i e st h a t q l p o r q l y . H o w e v e r ,s i n c e q a n d p a r e
d i s t inc t pr im es ,w e k n o w th a t q l p ,a n d s i n ce I ( y ( (q-i 12, w e know
that q I y.
To enum er at e th e p a i rs o f i n te g e rs (x y) w i th I ( x ( Q-I)/z,
1 ( y ( (q -l) /2, and qx > py, we note that these pairs are precisely those
where I ( x ( (p-l)/2and I (y 4qx/n. For each fixed value of the
integer x, with 1 ( x 4 b-1012, there are Iqx/pl integers satisfying
I ( y 4 qx /n. Consequently, the total number of pairs of integers G,y)
9.2 The Law of Quadratic Reciprocity 311

withl (x ( Q-D/2,t (v ( Q-D/2,andqx> Pvis Iqilpl'
-l) 12,
We now considerthe pairs of integersG,il with 1 ( x ( b
1 ( y ( (q-D 12,and qx < py . These pairs are preciselythe pairs of
i n t e g l r sG , i l w i t h 1 ( y ( ( q - D / Z a n d 1 ( x 4 p y l q . H e n c e , f o r e a c h
-1) 12, there are exactly
fixed value of the integer y, where I ( y ( (q
lpy lql integers x satisfying I ( x 4 py lq. This shows that the total
nurnu..of pairselil/r.g"rt (i,y) with I ( x ( b-D/2,1 (y (
andqx < py is
j- r
Adding the numbers of pairs in these classes,and recalling that the total
' = rt ' + ,w e
n u mb er of s uc h pair s ,, s e eth a t

')'' ,
hilpt*'ni'' ,r,,d:+'+

or using the notation of Lemma 9.2,

p-l .q-l
T(q,p) + TQ,q) -

p-l .q-r
1-11r{n'c): (-t)
,-t1rQ'il+r@,q): (- 11r(e'n)

Lemma 9.2 tellsus that 1-1yr(a,r): ["'l ."0 1-gr{o.o): [" .| H ence
lp J lq)
f lf \ P-t.q-l
lzll4l:(-t) 2 2
l . qJ l . pJ
This concludesthe proof of the law of quadratic reciprocity. n
The law of quadratic reciprocity has many applications. One use is to prove
the validity of the following primality test for Fermat numbers.

Pepin's Test. The Fermat number F^ : 22' + I is prime if and only if

3 G ' -r)1 2 : -l (m o d F - ).

proof. We will first show that F* is prime if the congruencein the statement
of the theorem holds. Assume that
312 QuadraticResidues

3G^-r)/2: -l (mod F*).

Then, by squaring both sides,we obtain

3F.-1 = I (mod F*).

From this congruence,we seethat if p is a prime dividing F*,then

3F.-l = I (modp),

and hence,

ordo3 | {f ^-I) : 22'.

Consequently,ordr3 must be a power of 2. However,

ordo3tr2''-': (F^-D/2,
since 3G^-t)/2 - -l (mod F*) . Hence, the only possibility is that
o 1do3: 22^ : F ^ - l . Si n c e o rd o 3 : F m-t ( p - I and p F*, we see
that p : F^, and consequently,F^ must be prime.

C o n v e r s e l y , i fF r : 2 2 ' * I is prime for m ) l , t h e n the law of quadratic

reciprocity tells us that

since F^ = | (mod 4) and F^ = 2 (m o d 3 ).
Now, using Euler's criterion, we know that

t*l 3 G' -t)/' (-o d F-).

From the two equationsinvolving I I I (9.5)and (s.e),we conclude that

[". j'
_ _1 (mod
3(J'._r)/2 F).

This finishesthe proof. tr

E x a m p l e .L e t m : 2 . Then F2: 2 2 ' + l : 1 7 a n d

aFr-t)lz _ 3 8 : -1 (mod l7).
9.2 The Law of QuadraticReciprocity

By Pepin'stest, we seethat F2 : l7 is prime'

: 4 2 9 4 9 6 7 2 9 7W
- e n o t et h a t
Let m :5. Then Fs:22' + l:232 t I
- -l (mod 4294967297).
3G,-D/2: 12": 32t4148364810324303 *

Hence, by Pepin'stest, we seethat F5 is composite'

9.2 Problems

l. Evaluate the following Legendre symbols

a, d) [-u]
[*] [ 6 4 r. J

u,[+l e) f:ul
l e e rJ

c,t*l Iros]
prime, then
2. Using the law of quadratic reciprocity, show that if p is an odd

p = tl (mod 12)

{lii p = t 5 ( m o d 12 ) .

3. Show that if p is an odd Prime, then

[-r I : ifp=t(mod6)

[7J {l if p = -l (mod 6).

4 . Find a congruencedescribing all primes for which 5 is a quadratic residue'

5 . Find a congruencedescribing all primes for which 7 is a quadratic residue.
(Hint: Let n be
6 . Show that there are infinitely many primes of the form 5Ic * 4'
a positive integer and form Q : 5(tnr'\2+ 4' Show that Q has a prime divisor
the form 5k + 4 greater than n. To do this, use the law of quadratic reciprocity

- t I
to show that if a primep dividesQ, then | ? |
314 Quadrati c R esi dues

7 . Use Pepin'stest to show that the following Ferntat numbersare primes

a) Fr : 5 b) F3 - z5i c) F4: 65537.

8. From Pepin'stest, concludethat 3 is a primitive root of every Fermat prime.

9. In this problem, we give another proof of the law of quadratic reciprocity. Let p
and q be distinct odd primcs. Let R be the interior of the rectanglewith vertices
o: ( o , o )A, : b / 2 , 0 , B : Q / 2 , 0 ,a n dC : b / 2 , q / D .
a) Show that the number of lattice points (points with integer coordinates)in
R i, P-l .q-l
b) Show that there are no lattice points on the diagonalconnectingO and C.

c) Show that the number of lattice points in the triangle with verticesO, A, C

d) Show that the number of lattice points in the triangle with verticesO, B,
and C is

e) Concludefrom parts (a), (b), (c), and ( d ) t h a t

Q-t)/2 Q-D/2

j-t j-l

Derive the law of quadratic reciprocityusing this equationand Lemma

9.2 Computer Projects

Write programsto do the following:

l. Evaluate Legendresymbols,using the law of quadratic reciprocity.

2. Determine whether Fermat numbersare prime using Pepin'stest.

9.3 The Jacobi symbol

I n t his s ec t ion ,w e d e fi n eth e J a c o b is y m b o l . Thi s symboli s a general i zati on
of the Legendresymbol studied in the previoustwo sections. Jacobi symbols
a r e us ef ul in t he e v a l u a ti o no f L e g e n d res y m bol sand i n the defi ni ti onof a
type of ps eudop ri me .

Definition. Let n be a positive integer with prime factorization

n : p' ipt i ' p; a n d l e t a b e a p o s i ti v ei n te ger rel ati vel ypri me to n. Then,
9 .3 The J ac obi s Y mb o l

the Jacobi symbol

; I
t' denned

l, ,|
Ip\'p'; " ' p'; l:[*]'t;l lh)'Legendre
S on the right-hand side of the equality are
where the symbol

Example. From the definition of the Jacobi symbol, we see that

: lz)'let:(-r)2(-r):-r'
['l: lzl :lil
l45,11."ij l;l


: : '-D2
When r is prime,the Jacobisymbolis the sameas the Legendresymbol'
the valueof the Jacobisymbol
However,whenn is composite, ' lq I Oott nor
tell us whether the congruencex2 = a (mod n) has solutions..,*. do know
- t To see
that if the congruencex2 = a (mod n) has solutions,then l* |
(modn) has
th i s, not e t hat if p i s a p ri me d i v i s o r o f n and i f x2 = a
solutions, then the congruencex2 = a (mod p) also has solutions. Thus,
r I f -l m ( ^ )t
: : l. To seethat it is possible
Ii | : t Consequently,
' | + I II | * I
lp).. ln) i-1lPi)
g : a (mod n), let a : 2 and
that I | : 1 when there are no solutions to xz
ln )
n: t5.Nore
that[+l : : (-r)(-1): r. However,
t ^- r
t J
l.) ,l
no solutionsto x2 i 2 (mod i S), rin* the congruencesx2 = 2 (mod 3) and
x2 = 2 (mod 5) have no solutions.
We now show that the Jacobi symbol enjoys some propertiessimilar to those
of the Legendresymbol.

Theorem 9.5. Let n be an odd positive integer and let

a and b be integers
relativelyprime to n. Then

(i) if a: D (modn),then
ll: l*)
(ii) lol: l["]
I n )
n ) ln )
r )- t
(iii) | | : t _ 1 1 h - D / z'
f tr )
(iv) I Ll :1-1) (n':-r)/a
ln )
Proof- In the proof of all four parts of this theorem we use the prime
factorizationn : p\,p'i . . p';.

Proof of (i). we knowthat if p is a rrime.,dividinqn,then a =b (modp).

Hence,from Theoremg.z G\ we have :
l* | l+ | consequentry, we see
IDJ lp)

i*l : f*l"l+J" [-tL'- lo)"lol" I ol'': fal

f,,J lo,Jlp,) lo^,| lo,t lp^):l;j

Proof of (i). From

r v " ' Theorem 7t ' L (ii),
r r r v v r w t t9.2 \ I r ' f ' we
w s know
K l l u w that fq) : | , I i a I
lo, ,l ltl F)'

[+):l*)"[#]" l*)'-
: [;]"l*)"
{t)" "
[*] l*)'-
[;] [*]
9 .3 The J ac obi s Y m b o l

Theorem 9.3 tells us that if p is prime' then

Proof of Gril.

t+l - (-11 Q-r)/2.ConsequentlY,

f-r I l'-rl"l-r
. [-' ]"
l-l: ll_ l"'rll
ln,| LP,)lPrJ tP^)
t'(p'-t)/Z + '" + t^(p^-r)/2
: (- ,1tJn;t\/2+

From the prime factorization of n, we have

n- (r + Qr-l))"(l + bz-l))"''' (t * (p^-l))''

Si n ce Q i- l) is even. it follows that

(t + (pi-l))" = | + tib,-t) (mod4)

I + tiQl-t) + tibi-l) ( m o d4 ) .
(l + r,(pi-l))(r + r, Qi-D):

n = 1+ tlpr-t) + t2(p2-i + '''+ t^(p^-l) ( m o d4 ) '

Th i s i m pliest hat
Q-D/2 = tJprD12 * tz(pz-D12 + t^(p*-D12 (mod2) .

for (n-1) lZ wittttheexpression
this congruence
r' 'no*t
that | | : (-l)
l,r )
Proofof ( i i l .If p i s p r i m e t
, h e n : ( - 1 ; ( r ' l - r ) /'8H e n c e '
Izl : Il" [z] t+'lt : (_l),,bi_t,tts+t,gt-r)/8+
L,J lp'J lp,) lp^)
As in the proof of (iii), we note that
n 2: ( r + ( p ? - r ) 0" + @ ? - l ) ) "" ' ( t + b T - l ) ) " .

Sincepl-I = 0 (mod8), weseethat

0 + Q?-l))', = | + tie?-l) (mod64)
( l + r , b ? - l ) ) ( l+
4 e l - t ) ) = | * t ; e ? _ D+ t , A ? t ) ( m o d

n2:t+tJp?-D+tze?-D+ + t ^ ( p T - l ) ( m o d6 4 ) .
This implies that
( n 2 - t ) / 8 : t J p ? - D / B+ t z e ? - D / s + . . . +
t * ( p 3 , _ l ) / (8m o ds ) .

combiningthis congruence for (n2- l)/g with the expression

for [el teils
f ln )
u s t h a t l L"l' l : 1 - 1 ; ( n ' - t ) / 8 . D
ln )
We now demonstratethat the reciprocity law holds for the
Jacobi symbol as
well as the Legendre symbol.

Theorem 9.6. Let n and m be relatively prime odd positive integers.

f lf I m-t n-l
l r l -| l L l : ( _t ) , , .
lm )l n )
Proof. Let the prime factorizations of rn and n be m : pl,pl, . " p!' and
n : ql' q! , . . . qo r,.w e s e eth a t

tt)':,q,s w)'"'
l*): t
j-t I'J
( n l4/

I )

i-t It)"''
9.3 The Jacobi symbol

,sti*lt q'l 10tu'
h) l
From the law of quadratic reciProcity, we know th at
[ o , - ,f n,-,
1 I

t*ltr) :(-rllrj lr

|^) [ , I r
f| ff(-l)
( ' r \ "): (-l)'-'l-' \ /
[7Jl;): t-l j-l

We note that

t,p, :z",1+]
',[+] ,.a''t+]
As we demonstratedin the proof of Theorem 9.5 (iii),

Doif+] =* (mod2)


5u,[+]= n-l
(m od 2).

r s
(e.8) ^fr,-tl ^[Qr-tl =.-l +(mod2).
i-t i-r J \

Therefore,from (g.Z) and (9.8), we can concludethat

f )f ) m-l n-l

l Lnl l a l : ( _ r ) 2 2 tr
I )lm )

We now develop an efficient algorithm for evaluating Jacobi symbols. Let a

and b be relatively prime positive integers with a < b. Let Ro Q and
R r : D Using the division algorithm and factoring out the highest power of
two dividing the remainder, we obtain
Quadratic Residues

Ro: Rflr+2t'R2,,

where s1 is a nonnegativeinteger and R2 is an odd positive

integer less than
R I ' When we successivelyuse the division algorithm, and
factor out the
highest power of two dividing remainders,we obtain

Rr: Rzez+2"'R3
*r: Rflt+2"Ra

Rr-r : Rn_2Qn_2 * 2t.-rRn_1

R n -z : R n -tQ r-, + 2 t .-t. I ,

where s; is a nonnegativeinteger and R; is an odd positive integer

less than
: 2,3,...,n-l
&-r for i Note that the number of division, ,"qu-ir"d to reach
the final equation does not exceed the number of divisions requiied to find
greatestcommon divisor of a and b using the Euclidean algorithm.

we illustrate this sequenceof equationswith the following example.

E x a m p l e .L e t a : 4 0 1 andb: lll. Then

4 0 1: 1 1 1 . 3 + 2 2 . n
lll- 17.6+20.9

Using the sequence of equations we have described, together with the

properties of the Jacobi symbol, we prove the following theorem, which
an algorithm for evaluating Jacobi symbols.

Theorem 9.7. Let a and b be positive integers with a > b . Then

f ^'l ni-r R,-r

+ " ' + s ' - r&
- !a!**f, +...+R"_,-tR._r_r
l+l:(-l)'' t 8 - r z 2 2 2
lb )

where the integersR; and s;,,t :1,2,...,n-l , are as previouslydescribed.

Proof. From the first equation and (i), (ii) and (iv) of Theorem 9.5. we have

fgl- : (-1)
9 .3 The J ac obi s y m b o l

we have
using Theorem9.6,the reciprocitylaw for Jacobisymbols,

t*l +
:'-')+ t#l
so that
R,-l R,-l ni-t-
f ^ I [ n, I

Similarly, using the subsequentdivisions,we find that

'/ ry*n#i+l
[ ,| 1R;+rJ

fo rT :2, 3, . . . , n- t \ * n e n w e c o m b i n ea l l th e e q u al i ti es,w e obtai n the desi red

for l+ I tr
[b ,l
The followingexampleillustratesthe useof Theorem9.7.

Example. To evaluate we use the sequenceof divisionsin the

previousexampleand Theorem9.7. This tells us that
n't'.ttr!:r +:r.
[+orl:,-,lt F*o'"lt*' +*!+
The following corollary describes the computational complexity of the
algorithm for evaluating Jacobi symbols given in Theorem 9.7.

Corollary 9.1. Let a and D relatively prime positive integers with a > b '
O(loezb)3) bit
Then the Jacobi symbol
" l+ | can be evaluated using

of O1ogzb)
a sequence
Proof. To find lf I uting Theorem9.7,we perform
t . DJ
divisions. To see this, note that the number of divisions does not exceed the
number of divisions needed to find G,b) using the Euclidean algorithm.
Thus, by Lam6's theorem we know that O (log2b) divisions are needed. Each

divisioncan be doneusing o ((lo^gzD2) operations.

Each pair of integers
si can be found using o(logzb).bit
bit operationson"" ih" appropriate
consequently,o((log2D)3)bit operationsare required
to find the integers
R;,s7,i :1,2,"',n-t a andb. Finaily,to evaluate
the exponent of -l
in the expression for
l+l in Theorem9.7, we usethe last threebits in the
lD )
binary expansion:of Ri,i : r,2,...,,n-r and the last
bit in the binary
expansions of sy,,r: r,,2,...,n-r. Therefore,we use 0(lo926) additional
operationsto find I+l Sinceo((log2D)3)+ ooog2b): o(tog2,D2) the
lD )
corollarvholds. tr

9.3 Problems
I. Evaluatethe followingJacobisymbols

a, t+] b, [*]
b, [*] , lx)
c,[*] 'tml
2 . For which positive integers n that are relatively to 15 does the Jacobi
symbor equar
3 . For which positive integers n that are relatively to 30 does the Jacobi
symbor equar
4 . Let a and b be relatively prime integers such that b is odd and positive
a : (-l)'2'q where q is odd. Show that

b-l br-l
: (-l)--'r l-''
lb )
5. Let n be an odd square-free.,
positive integer. Show that there is an integer a

that(a,n): I and
such : -t
9 .3 Th e J ac obi s Y m b o l

6. Let n be an odd square-freepositive integer'

a ) S h o wt h a t ) l + l : 0 , w h e r et h e s u m i s t a k e n o v e r a l l k i n a r e d u c e ds e t
ln )
of residuesmodulon. (Hint: Use problem5')
b) From part (a), show ,n. numberof integersin a reduc?O"ti'ofresidues
O : -t.
- r - - to the number*itn l* I
modulon suchttut I | : I" -is- equal
lrj l'J
7 . Let a and b:ro be relatively prime odd positive integers such that
A : lOQt * e1r1

tO: rlQ2 I e2r2

fn-l: fn-tQn-t* enfn

where q; is a nonnegative even integol, ; : t l, r; iS a positive integer
ri 1 ri t, for t : 1,2,...,frj , and rn : l. These equations are obtained by
successivelyusing the modified division algorithm given in problem l0 of Section
a) Show that the Jacobi symbol
- |* I i, given by
l . DJ

f"l :(-l)[
t 2 2 2
2 2 )

b) Showthat the Jacobisymbol [+.| t, givenbv
lD )
l+ | : (-r)r'
w h e r e T i s t h e n u m b e r o f i n t e g e r si , I < , ( n, with ri-r 7 ciri = 3
(mod 4).

8. Show that if a and b are odd integers and (a,b): l, then the following
reciprocity law holds for the Jacobi symbol:

I a-t b-t
( b l -:l - ( - r ) ; - ;
" lt a-'b-'
' ) \ll;l-J
lr;l-l '--'J l,_ 2 otherwise.

In problems9-15 we dealwith the Kronecker symbol which

is definedas follows. Let
u positiveintegerthat is not a perfect,quu." such that a E0
1 P" or I (mod4). We

\l i' ifa=l(mod8)

L e g e n d r es y m b o ' if p is an odd prime such that p/a

[;):the [;]

:,q[f]" i r ( o " t ) : I a n d:nIIpi is the prime factorizationof n.

[;] ./- I

9. Evaluate the following Kronecker symbols

a, b, c,
[*] [*] [*]

For problems 10-15 let a be a positive integer that is not a perfect

square such that
a= 0 or I (mod 4).

l0' Showthat
("1: ( z l "
it zla, wherethe svmbolon the right is a Jacobi
[;] tftl

Show that if n1and,n2t,re positiveintegersand if (app2) :


Show that if n is a positive integer relatively prime to a and if a is

rl r ) odd, then
I L I :: I n I w h i l ei f a i s e v e na, n da :2 ' t w heret i s odd,then
f ;J [ l] J '
['l (_r)2 2
r-l.z-l f )

l;J tTrll
1 3 . Show that if tt1 and ,? uti positive.,integers relatively prime to a and
flt 7 nz (mod I a l ) , t h e n lsl: lLl.
f't ,J lnz)
Show that if alo, then there exists a positive integer n with ,l
9 .4 Euler P s eudopr i me s

15. Show that if a 10. then

al : Jrr ii ff aa >< 00.
IFJ [-
9.3 Computer Projects
Write programs to do the following:

l. EvaluateJacobi symbolsusing the method of Theorem 9.7.

2. Evaluate Jacobi symbols using problems 4 and 7.

3. Evaluate Kronecker symbols (defined in the problem set).

9.4 Euler Pseudoprimes

Let p be an odd prime number and let b be an integer not divisible by p.
By Euler's criterion, we know that

6b-t)lz _ l4l(modp).
lp )
Hence, if we wish to test the positive integer n for primality, we can take an
integer b, with (b , il : l, and determinewhether
6 h - D / 2: l g I ( m o dn ) ,
ln )

where the symbolon the right-handside of the congruence is the Jacobi

fails,thenr is composite.
symbol. If we find that this congruence

Example. Let n :341 and b :2. We calculatethat 2r7o= 1 (mod 341).

(t I
Since341: -3 (mod8), usingTheorem9.5 (iv), w e s e et h a t | - . I : -1.
l . 3 4 r. l
ntly, 2t7o
Conseque (mod 341). This demonstratesthat 341 is not
Thus, we can define a type of pseudoprimebased on Euler's criterion.

Definition. An odd, composite,positive integer n that satisfiesthe congruence


__ ql ,_"d n),
l" )
where 6 is a positive integer is called an Euler pseudoprime
to the baseb.
An Euler pseudoprime to the base b is a composite
integer that
masqueradesas a prime by satisfying the congruencegiven in
the definition.

E x a m p l e .L e t n : 1 1 0 5 andb:2. w e c a l c u l a t e t h a t 2 s . s 2 -I ( m o dl l 0 5 ) .
Since '1105= I (mod8), we see that : t.
- Hence,
r I l l l o s )
2552 I +1105| (-oa l 105). BecauseI r05 is composite, it is an Euler
l- ,l
pseudoprime to the base2.

The following proposition shows that everv Euler pseudoprime

to the baseD
is a pseudoprimeto this base.

Proposition 9.1. If n is an Euler pseudoprime to the base b, then n is

pseudoprimeto the baseD.

Proof. If n is an Euler pseudoprime

to the base6, then

- al (mod
6G-t)/2 n).
ln )
Hence, by squaring both sidesof this congruence,we find that
( \2
1 6 b - D / 2 1 2l -q l (modz).
(. )
S i n c el g l : t l , w e s e et h a t = I (mod n ). This means that n
l, )
to the baseD. tr
Not every pseudoprimeis an Euler pseudoprime. For example, the integer
341 is not an Euler pseudoprime to the base 2, as we have shown. but is a
pseudoprimeto this base.

we know that every Euler pseudoprime is a pseudoprime. Next, we show

that the converse is true, namely that every strong pseudoprime is an Euler
9.4 EulerPseudoPrimes

b, then n is an Euler
Theorem 9.8. lf n is a strong pseudoprimeto the base
pseudoprimeto this base .

if n - | : 2't '
Proof. Let n be a strong pseudoprime to the base b. Then
: = -1 (mod n) where
where / is odd, eithe-r bt I (mod n) or b2"
of n '
0 ( r ( s - 1. Let n: fI p i ' b e th e p ri m e -p o w e rf actori zati on

prime divisor of
First, consider the case where b' = I (mod n)' Let p be a
i s odd, w e see
n . Si nc e b, = l( m od p ), w e k n o w th a t o rd o 6 l r. B ecauser
an odd divisor
that ordob is also odd. Hence, ordrb I b-l)12,since ordob is
of the even integer 6Q) - p Therefore,

6 Q - r ) / 2= I ( m o d P ) '

fal : t
by Euler'scriterion, we have

To computethe Jacobisymbol I + I' we notethat for all primes
ln )
p dividingn. Hence,

lnl -ft Illo':r.
Inr l+] =tI P ' J
: (b')2' = I (mod n). Therefore,
Since bt =1 (mod n), we know that b'-r
we have
ln )
We conclude that n is an Euler pseudoprimeto the base b.
Next. consider the casewhere
6rt : -l (modn)

for some r with 0 ( r ( s - 1. If p is a prime divisor of n, then

b2't= -l (modp).

Squaring both sidesof this congruence'we obtain

Quadrati c R esi dues

b2"', = l (modp).

This implies that ordob | 2'+rv, but that ordob z,t.

I Hence,
o rd rb : 2 ' * rc,

where c is an odd integer. Since ordobl(p-l) and 2,+tlordrb, it follows that

2' + t l( p- l) .

Therefore, we h a v e p :2 r+ rd * l , w h e red i s an i nteger. S i nce

- -l (mod
6(ord,b)/2 p),

we have
I A | = 6Q-D/z : 66rd,b/z)((p-D/ord,b)
lp )
- (- r!Q-l)/otd,u : (-11Q-r)/2*', (mod p).

Becausec is odd, we knowthat (-t)' : -1. Hence,

l+ | : (-1)rr-r)rz'*'
: (-l)d,
r e c a l l i n g t h a t d : ( p -I) /2'+t. Since each prime p; divid ing n
is of the form
pr : 2'rrdi + l, it follows that
n : fI pj'.
fI (2'+td, + l)o,
fI (l + 2'+raid;)
= I + 2'+t
> aidi (mod 22r+2).

t2'-t : h-D/2 ) r s Z/ a ; d i ( m o d 2 ' + t ) .
9.4 EulerPseudoprimes

This congruenceimPlies that

12s-t-r = i aidi (mod 2)



2 o'd'
66-r\/2 : (6rt7z:-'- :
(9.10) (-t)'.* : (-1)t-t (mod n).

On the other hand, from (9.9), we have

lnl : ft [+.|. : fr ((-r)d,).,

m ^)
: fI el)"'"' :
I n J , . : r| . p , J i _ r t-l

Therefore, combining the previousequation w i th (9 .10),w e seethat

- [ql
6(n-t)/z (m o d n ).
Consequently,n is an Euler pseudoprimeto the base D' tr

Although every strong pseutloprimeto the base D is an Euler pseudoprime

to this base, note that not every Euler pseudoprimeto the base b is a strong
pseudoprime to the base b, as the following example shows.

Example. We have previously shown that the integer 1105 is an Euler

pseudoprimeto the base 2. However, 1105 is not a strong pseudoprimeto the
base 2 since
2(llos-l)/2 I (mod 1105),

2 0 t 0 s - r ) / 2: 222 7 6 : 7gl + t 1 (mod ll05).

Although an Euler pseudoprime to the base b is not always a strong

pseudoprime to this base, when certain extra conditions are met, an Euler
pseudoprimeto the base D is, in fact, a strong pseudoprimeto this base. The
following two theoremsgive results of this kind.

Theorem 9.9. If n : 3 (mod 4) and n is an Euler pseudoprime to the base

b, then n is a strong pseudoprimeto the baseb.
Quadratic Residues

Proof. From the congruence n = 3 (mod 4), we know

that n-l : 22.t where
t : (n-l)/z is odd' Since n is an Euler pseudoprime
to the base b, it follows

- ql (mod
bt : 6..'-t)/2 f n).
ln )
tbl :
Drnce l- | +1, we know that either bt = l (mod
n) or
ln )
b' = -l (modn). Hence,oneof the congruences
in the definitionof a strong
pseudoprimeto the base b must hold. consequently,
n is a strong
pseudoprimeto the baseb. tr

Theorem9.10. If n is an Euler pseudoprime

to the base6 and lal : -r.
l\ n l '/
then n is a strong pseudoprimeto the base b.

Proaf. We write n-l : 2't , where / is odd and s is a positive

integer. Since
n is an Euler pseudoprimeto the base b, we have

br-,t: 6,.'-r)/2 fa l (modn).
B u t s i n c el 4 I : - t , w e s e et h a t
b ' r-' = -l (m o d r).

This is one of the congruencesin the definition of a strong pseudoprime

to the
base b. Since n is composite,it is a strong pseudoprimeto ihe base ,. tr

Using the concept of Euler pseudoprimality, we will develop a probabilistic

primality test. This test was first suggestedby Solovay and Stiassen
Before presentingthe test, we give some helpful lemmata.

Lemma 9.3. If n is an odd positive integer that is not a perfect sguare,then

there is at least one integer b with | < b I ft,(b ,n) : r , a n dl 4 | : - , ,

ln )
where is the Jacobi symbol.
9 .4 E uler P s eudop ri me s 331

Proof. If n is prime, the existence of such an integer b is guaranteed by

Theorem 9.1. If n is composite,since n is not a perfect square,we can write
n : rs wher e ( r , s ) : I a n d r: p ' , w i th p a n odd pri me and e an odd
positive integer.

Now let / be a quadratic nonresidue of the prime p; such a / exists by

Theorem 9.1. We use the Chinese remainder theorem to find an integer b
with 1 < b 1 n, (b ,n) : 1, and such that b satisfiesthe two congruences
b = t (mod r)
b = | (mods).


fal : (ul |,bl"-(_r),-_r,

f;J l7): tp)
and : , Since : that : -' r
[*] [*] ii] t1],', [*]
Lemma 9.4. Let n be an odd compositeinteger. Then there is at least one
integerD with | < b I n, (b,n) : 1, and
6 6 - D / z1 l 4 | ( m o dn ) .

Proof. Assume that for positiveintegers not exceeding n and relatively

primeto n, that
( e . 1l ) 6h-t)/2 : l4 | (mon
Squaring both sides of this congruence tells us that
r t2
b,-t : l 3 I = ( + l ) z : I ( m o dn ) ,
ln )

if (b,n) : I Hence, n must be a Carmichael number. Therefore, from

T h e o r e m8 . 2 1 , w e k n o w t h a t n : Q t 4 z " ' e , , whereQt,Qz,...,Q
a rr e d i s t i n c t
odd primes.
We will now show that

6 h - t ) / 2= 1 ( m o d n )

for all integers b with I ( b ( n and (b,n) :1.

Suppose that b is an
integer such that

6 h -r)/2 : -l (mod n).

we use the chinese remainder theorem to

find an integer a with
| 1 a { fl, (a,n): l. and

a : - | ( m o d Q z Q s .. . q , ) .

Then, we observethat

o.r2) o G - 1 ) / 2- 6b-D/z: _ l ( m o dq 1 ) ,

(e.13) = I (mod ezQt...Q,).

From congruences O . l D a n d ( 9 . 1 3 ) ,w e s e et h a t

o h _ t ) / 2* + 1(modn),

contradictingcongruence( Hence, we must have

6 (,-t)/2= I (m o d n),

for all D with I < , ( n and (b,n) - r. Consequentry,

from the definition
of an Euler pseudoprime,we know that

6".-t)/2:|,aj : I (modn)
l, )
for all D with I < b ( n and (b,n) : r. However, Lemma
9.3 tells us that
this is impossible. Hence, the original assumption is false. There
must be at
l e as tone int eger6 w i th | < b 1 fl , (b ,,D : l , and
6G-D/z1 l4 | (modn). tr
ln )
We can now state and prove the theorem that the basis of the
probabilistic primality test.
9.4 Euler Pseudoprimes 333

Theorem 9.11. Let n be an odd composite integer. Then, the number of

positive integers less then n, relatively prime to n , that are basesto which n is
an Euler pseudoprime,is less than 6fu) /2.

Proof. From Lemma 9.4, we know that there is an integer b with

I < b 1 n, (b,n): l, and

(s.rq ql (mod
l f
Now, let e1,e2,...,e^denote the positive integers less than n satisfying
1 ( a ; ( n, ( ai, n) : l , a n d
( -
afn-rtrzlLl (mod
In )
for; : 1,2,...,m.
Let rr{2,...,rm be the least positive residuesof the integers bayba2,...,ba^
modulo n. We note that the integers rj are distinct and (ri,n): I for
j : 1,Z,...,frt.Furthermore,

(e.16) , ( n - , ) t 2 1 ( m ond) .
For, if it were true that

,e-,)/2- (mod
then we would have

l+l r-"0,r
This would imply that,

: t+l
I r 1J [+] (mod n ),

and since (9.14) holds.we would have


_ fqI
l, )'
c ont r adic t ing( 9 .1 4 ).

S inc e aj, j :1 ,2 ,...,m , s a ti s fi e s th e congruence (9.15) w hi l e

r j, j : 1, 2, . . . , n, d o e sn o t, a s (g .to ) s h o w s ,w e know
thesetw o setsof i ntegers
share no common elements. Hence, looking at the two
sets together, we have
a total of 2m distinct positive integers less than n and,
relativ-elyprime to n.
Since there are Qh) integers less than n that are relatively
prime to /r, we
can conclude that 2m < qfu), so that m <
eh)/2. proves the
theorem. tr

From Theorem 9.1l, we see that if n is an odd composite

integer, when an
integer b is selectedat random from the integers 1,2,,....,n-1,
th; probability
that n is an Euler pseudoprimeto the base 6 is less than
I/2. This leads to
the following probabilistic primality test.

The Solovay-StrassenProbabilistic Primality Test. Let n be a positive

Select, at random, ft integers bpb2,...,boLorr the integers i,2,...,r-r.
each of theseintegersbj,j : 1,2,...,k,determinewhether

6Q-t)/2 (modn)
If any of these congruencesfails, then n is composite. If n
is prime then all
these congruences hold. If n is composite, the probability
that all k
congruenceshold is less than l/2k. Therefore, if n passesthis test
n is ,,almost
certainly prime."
Since every strong pseudoprime to the base b is an Euler pseudoprime
this base, more composite integers pass the Solovay-Strassenprobabilistic
primality test than the Rabin probabilistic primality test,
altirough both
require O(kQag2n)3) bit operations.

9.4 Problems

l. Show that the integer 561 is an Euler pseudoprimeto the base 2.

2. Show that the integer 15841 is an Euler pseudoprime to the base

2, a strong
pseudoprimeto the base 2 and a Carmichael number.

3. Show that if n is an Euler pseudoprimeto the basesa and 6. then

n is an Euler
pseudoprimeto the base a6.
9.4 EulerPseudoprimes 335

4. Show that if n is an Euler pseudoprimeto the base b, then n is also an Euler

pseudoprimeto the basen-b.

5 . Show that if n= 5 (mod 8) and n is an Euler pseudoprimeto the base 2, then r

is a strong pseudoprimeto the base 2.

6. Show that if n = 5 (mod 12) and n is an Euler pseudoprimeto the base 3, then
n is a strong pseudoprimeto the base 3.

7. Find a congruencecondition that guaranteesthat an Euler pseudoprimeto the

base 5 satisfying this congruencecondition is a strong pseudoprimeto the base 5.

8. Let the composite positive integer n have prime-power factorization

, : pl,pi, . . . ph, where pi : | * zfqi for i:1,2,...,ffi, where
kr ( kz ( < k-, and where n: | * 2kq. Show that n is an Euler
pseudoprimeto exactly

6" II ((n-l)/2, p1-t)


different basesb with l < b ( n , w h e r e

if kr: 1,
D r : 1 1/Z if kj < k and a; is odd for some j
It otherwise.

9.4 ComputerProjects
Write programsto do the following:
Determine if an integer passesthe test for Euler pseudoprimesto the base b.

Perform the Solovay-Strassenprobabilistic primality test.

Decimal Fractions and

10.1 DecimalFractions
In this chapter, we will discuss rational and irrational numbers
and their
representationsas decimal fractions and continued fractions.
we begin with

Definition. The real number a is called rational a - a /b, where a and b

are integers with b * 0. If a is not rational. then say that u is irrational.
If a is a rational number then we may write a as the quotient
of two
integers in infinitely many ways, for if ot : a b, where o
f uni b are integers
with b ;t' 0, then a : ka f kD whenever fr is a nonzero integer.
It is easy to
see that a positive rational number may be written uniquely as
the quotient of
two relatively prime positive integers; when this is done we
say that the
rational number is in lowest terms.

Example. We note that the rational number ll/Zl is in lowest terms. We

also see that
-tt/-21 - tt/2r : 22/42: 33/63:

The following theorem tells us that the sum, difference, product,

quotient (when the divisor is not zero) of two rational number
is again
1O.1 DecimalFractions

Then a + 0, a - 0' a9'

Theorem 10.1. Let a and B be rational numbers.
and a/0 (when P+0 are rational'
: alb and B : cld' where
Proof. Since a and p are rational, it follows that a
* O' Then' each of the
e, b, c, and d are integers with b * 0 and d
a * B : a /b + c l d : (a d * b c)/bd'
a - 0: a/b - c/d : (ad-bc)lbd'
a/0 : b /b) lG ld) : ad lbc @*0 '

denominatcr different
is rational, since it is the quotient of two integers with
from zeto. D
We start by
The next two results show that certain numbers are irrational'
considering ,/T

Proposition 10.1. The number '/T is irrational'

prime integers
Proof. Suppose that .,,6 : a lb, where c and b are relatively
with b I 0. Then, we have
2: a2lb2,

so that
2b2 : a2.

Since 2lor,problem 3l of Section2.3 tells us that2la. Let q :2c, so that


6. H ow ever,
He n c e, 21b, , and b y p ro b l e m 3 l o f Se c ti o n2 .3 ,2 al so di vi des
since G,b)':1, we^know that 2 c a n n o t d i v i d e b o t h a a nd b' This
contradiction shows that .6 is irrational' B
We can also use the following more general result to show that .6

* cnlxn-t *
Theorem 10.2. Let o( be a root of the polynomial x'
* cp * cs where the coefficientsca, ct,...,cn-r,are integerswith cs * 0.
Then a is either an integer or an irrational number'

and b
Proof. Supposethat a is rational. Then we can write ot: alb whete a
338 DecimafFractionsand ContinuedFractions

are relatively prime integers with b -

o. Since ot is a root of
x' + c r - 1x n- l * * c p * ,0 , w e h a v e
b/b), rc,_tG/6y,-t * +cJa/D *ca:0.

Multiplying by bn, we find that

an + cn_pn-tb + * c p b o - r + c s b n: 0 .


' '!n',*n',
x,'-::'il^:,,;;'i-. ,,n*'u* * , u'^o!,',
Since p I b and b I an , we know that p
I a, Hence, by problem 3l of
Sec t ion 2. 3, w: s e e th a t p l a . H o w i v e r, si nce (a, b) : l , thi s i s a
contradiction which shows that b : t 1. Consequently,
if a is rational then
d : * o, so that a must be an integer. tr

we illustrate the use of Theorem 10.2 with the following


Example' Let a be a positive integer that is not the

mth power of an integer,
so that "\/i it not an integer. ThJn x/i i, irrationat
by Theorem 10.1, since
"</7 it a root of xm - a. consequently,
such ur'^.,8,-18,-r:g'fr:";;
are irrational. ";;.^
The numbers zr and e are both irrational. We will not prove
that either of
thesenumbersare irrational here; the reader can find proofs
in Itg].
We now consider base 6 expansionsof real numbers, where
b is a positive
i n teger ,b > l. L e t a b e a re a l n u mb e r, a n d ret a:Ial
be the i ntegerpart
of a, so that r:o--[a] i s t h e f r a c t i o n a lp a r t o f a a n d o t : a * 7 w i t h
0 < 7 < I' From Theorem 1.3, the integer a has a unique
baseb expansion.
We now show that the fractional part ^yalso has a unique
base 6 expansion.

Theorem 10.3. Let 7 be a real number with 0 ( y ( l,

and let b be a
positive integer, b > | . Then can be uniquely written
T as

r: ; ci/bi

where the coefficientsc; are integers with 0 ( c;

< 6-l for j : 1,2,..w ., ith
the restriction that for every positive integer l/ there is an integer
n with
n2Nandc, lb-1.
1 O,1 D ec im al F r ac t i o n s

series' We will use the

In the proof of Theorem 10.3, we deal with infinite
geometric series'
following formula for the sum of the terms of an infinite

< t. Then
Theorem 10.4. Lets and r be real nurnberswith lr[

V o r i: a / 0 - ' ) .

(Most calculusbookscontain a proof')

For a proof of Theorem 10.4,see [62].
We can now ProveTheorem 10'3'

Proof. We first let

c1: IbTl ,

l et
so th a t 0 ( c r ( b_ 1 , s i n c e0 < b 7 < b . In a d di ti on,
^ fr : b l - c r : b ^ Y- l b l l '

c1 , 7l
^Y: 1 '
b b

^yg for k : 2,3,..., bY

We recursivelYdefine c1 and
ck : [bfr-r]


(b-t, s i n c e0 ( b z t - r 1 b , and 0(rt < I' Then'
so that 0(cr
follows that
C1 C"t Cn
7:T* * +^Y,
Ur* n, b,

Si n ce 0 ( ln ( l, w e s e eth a t a 4 l r/b n < l /b n . consequentl y,


Therefore. we can conclude that

340 DecimalFractionsand ContinuedFractions

7: lim

: r,
.{,t "J

To show that this expansionis unique, assume


r:; c1/bi:; dj/bi,

j -l j:l

whereo r, < b-l and 0 ( d, < b-1, and, for everypositive

5 integer.v,
thereare integersn and m with i, * D-l and d* r
b-1. Assumethat k is
the smallestindex-for which cr, * d1r, and assume
that c1,7 dr, (the case
cr 4 dp is handledby switchingthe roresof the two expansions).
o: ; k1-d1) lbi : (c*-d) /bk * ki-d) /bj ,
j ,i',

so that

(10.1) G1,-d1)/bk : ; e1-c1) /bi


Since c; ) d*, we have

b*-d) /bo > , /uo.

j:k+t j-k+l
l lLK+l
:(b-l) "u ,
| _ t/b
: l / b k,

where we have used Theorem 10.4 to evaluatethe sum

on the right-hand side
of the inequality. Note that equality holds in (10.3)
if and only if
d j - c . i: b- l f o r a l ! i w i th
7 ) t 1 t, a nd thi s occurs i f and onl y i f
d j : . b- l- and c i:0 fo r i 2 k + t. H o w e v e r,such an i nstancei s excl uded
the hypothesesof the theorem. Hence, the inequality in (tO.:)
is strict, and
therefore, (to.z) and (10.3) contradict (to.t). ttris shows
that the baseb
expansionof a is unique. tr \
1 O.1 Dec im al F r ac ti o n s 341

The unique expansion of a real number in the form ). c1/bi is called the
base b expansionof this number and is denotedby kp2ca..)6.
To find the base b expansion(.cp2ca..)6 of a real number 7, wo can use
the recursive formula for the digits given in the proof of Theorem 10.3,
ck : lbt*-J , ^ fk : b y * -t - l bl t -J ,

where ^Yo: ^Y,for k : 1,2,3,...

Example. Let ( . c p2 c a ..)6 b e th e b a s e8 e x p a n s ionof l /6. Then

- t-
c 1: [ 8 ' ; l : 1,, ^yt:8 -l : I
o + T,
^y2:s -2: 2
J + t'
_ )_ ^y3:B -5 - I
J + T'
74:8 + -2 - T'
_ t- 2

cs:[8'?t:t, ^ys-s I
+-s: T,
and so on. We see that the expansionrepeatsand hence,
t/6 : (1 2 5 2 5 2 5 ..)8.

We will now discussbase b expansionsof rational numbers. We will show

that a number is rational if and only if its base D expansion is periodic or

Definition. A base D expansion (.cp2ct..)r is said to terminate if there is a

positiveinteger n such that c, - cn*l - cn+z: : 0.

Example. The decimal expansionof l/8, (.125000...)ro: (.125)ro,terminates.

Also, the base 6 expansionof 419, (.24000...)o- (24)6, terminates.
To describethose real numbers with terminating base b expansion,we prove
the following theorem.
342 DecimalFractionsand ContinuedFractions

Theorem 10.5. The real number a, 0 < q I 1, has

a terminating base D
if and only if a is rationaland a : r/s, where 0 ( r ( s
and every
prime factor of s also divides D.

Proof. First, supposethat a has a terminating base 6 expansion,

d: (c 1c2...c)6 .




so that a is rational, and can be written with a denominator

divisible only by
primes dividing b.

Conversely,supposethat 0 ( a ( l, and

a: rfs .

where each prime dividing s also divides 6. Hence, there is power

a of D, say
bN, that is divisible by s (for instance, take N to be the largest
exponent in
the prime-power factorization of s). Then


where sa : bN ,, and a is a positive integer since slbr.

Now let
(a*a^-1...aps)6 be the baseb expansionof
or. ln"n
a^b^*o^-tb^-r + . . . * atb*ag
a: ar/bN :
: d*b--N + am_tbm-l-fl + *a1b|-tr+ aob-N

: (.00...a
m o m - t . . . a , a s )y .

Hence, a has a terminating base6 expansion. D

Note that every terminating base b expansion can be written
as a
nonterminatingbase6 expansionwith a tail-end consistingentirely of the digit
b-1, since (.cp2... c^)r- (cp2... cm-lb-lb- pir
i n stanc e,( 12) t o: (.ttl l l ...)ro . T h i s i s w h y w e requi re i n Theorem
that for every integer N there is an integer n, such that n ) N and
1 O.1 Dec im al F r ac ti o n s

cn# b-l; without this restrictionbaseb expansionswould not be unique.

A base b expansionthat does not terminate may be periodic, for
I 1 3 : ( . 3 3 3 . . .1)s'
| / 6 : ( . 16 6 6 . ' . t) o '

| /7 : (.t+ztst 142857142857..) rc'

if there are
Definition. A base b expansion (.cp2ca..)6 is called periodic
: cn for n 7 N '
positive integers N and k such that cn11
Wedenoteby(cp2...cv1-,']]-"*1-')6theperiodicbaseb expanslon
(.cp 2...c7,1- "') a' For instance'we have
t -( t t...cN+t-rc.nv
r/3 : (.J)_.,0 ,
7 1 6: ( . 1 6r)o,

ll7 : (.taxsz)ro.
Note that the periodic parts of the decimal expansionsof 1/3 and l/7
proceeds the
immediately, while in the decimal expansion of l/6 the digit I
periodic base b
periodic pirt of the expansion. We call the part of a
periodic part
L*punsion preceding the periodic part the pre-period, and the
thi period, where we take the period to have minimal possiblelength'

Example. The base 3 expansionof 2/45 is

(.ootorzr)r. The pre-period is
(0 0 1) 3and t he per io di s (O t2 l )3 .

The next theorem tells us that the rational numbers are those real numbers
with periodic or terminating base b expansions. Moreover, the theorem
the lengths of the pre-period and periods of base b expansions of rational

Theorem 10.6. Let b be a positive integer. Then a periodic base b expansion

representsa rational number. Conversely,the base b expansionof a rational
( 1, a: rfs,
number either terminates or is periodic. Furthero if 0 < a
: T(J where every
where r and J are relatively prime positive integers, and s
prime factor af T divides 6 and (U ,b) : 1, then the period length of the base
b of a is ordy b, and the pre-period length is .l/, where N is the
smaliestpositiveinteger such that TlbN.
344 DecimalFractionsand ContinuedFractions

Proof. First, suppose

that the baseD expansion
of a is periodic,so that
a: (.crrr...r*ffi)o
c1 ct


C1 C';


where we have used Theorem 10.4 to see that

s^_ 6tc
t"^ ojo ,r - . _ I bk-l

Since a is the sum of rational numbers, Theorem l0.l tells us that a is


Conversely,supposethat 0 ( a ( l, a : r /s, where r and s

are relatively
prime positive integers, s : T(J , where every prime factor
of T divides b,
Ql,b): 1, and I/ is the smallestinteger such-that Tlb*
Since Tlb*, we have aT: bN, where c is a positiveinteger. Hence
(10.4) L- or

Furthermore,we can write

(r0.5) ar c
where A and C are integers with

0 < I < 6N, 0 < c < u.

and (c,u): l. (the inequalityfor A followssince0 ( bNa: + < bN.

which results from the inequality 0 ( a ( I when both sides are multiplied
by bN) . The fact that (C,tl): I follows easily from the condition (r,s) : l.
Fr om T heor em 1 .3 ,A h a s a b a s eb e x p a n s i o nA : (anan_t...epo)u.

lf U : l, then the base b expansion of a terminates as shown above.

Otherwise, Iet v : ord,ub. Then,
1O.1 DecimalFractions

(10.6) b'#: Q u+ t )c
where/ is an integer, since b' = | (mod U). However, we also have

+ c' * al.
(- (t
(10.7) b'+:b'l]+ -C+j
U LA 62 b'b')

where(cp2ca...)6is the baseb expansion that
c k : l b l t -J , ^ y k- b ' y t -r - l bl * -J

C : 1 , 2 , 3 , . . . . F r o m ( 1 0 . 7 )w e s e et h a t
where To :
T, f o r k
(10.8) b' *: l r , b u - t+ c 2 b ' - z+ * r"] t ru.

( T, ( l,
Equatingthe fractionalparts of (10.6) and (tO.S),notingthat 0
we find that
C 4 t : -

ConsequentlY,we seethat
": t'
so that from the recursivedefinition of c1,c2,...we can concludeIhzt cpau: c1,
for k : 1,2,3,.,.. Hence nuta periodic baseb expansion
c - (n-rcr-Q6.

Combining (tO.+) and (10.5), and inserting the base b expansionsof A and
9. *. huu,
(ro.s) bNa : ( a n a n - 1 . . . a t a o. c p 2 . . . c v 6) .

Dividing both sidesof (10.9) by bN, we obtain

a : ( . 0 0... a n a n - r . . . o p o f f i ) u,

(where we have shifted the decimal point in the base b expansion of brya N
346 D e c i ma l F ra c ti ons and C onti nued Fracti ons

spaces to the left to obtain the base b expansion

of a). In this base D
expansionof a, the pre-period (.00...a,an-t...ipo)a is
of length N, beginning
with.A/ - h*1) zeros,and the period f.ngit, ir r.

We have shown that there is a base b expansionof

a with a pre-period of
length r/ and a period of length v. To finish the proof,
we must ,t o* that we
cannot regroup the base b expansion of a, so that either
the pre-period has
length less than ry', or the period has length less than v.
To do this, suppose
q: (.crrr...trffi)u


*#*(*)la. , cM+k
k f t M - t + c2 b M - 2 q +cM)(bk-t) + Gyar6k-t+ f cTaap)
bM (bk -t)

S i n c eq . : r f s , w i t h ( r , s ) : l , w e s e et h a t s l b M $ k _ D . C o n s e q u e n t l y ,
uTd ul(tk-o. H e n c e , M > N , a n d v l k ( f r o m T h e o r e mg . l , s i n c e
bk = I (mod tD and v : ord,ub). Therefore,'the pre-period
length cannot be
less than ,^/ and the period length cannot be less than v. D

We can use Theorem 10.6 to determine the lengths of the pre-period

p e r iod of dec im a l e x p a n s i o n s . L e t a : r/s , 0 < a (
l , and , :2" , 5r,, ,
where (1,10) : l. Then, from Theorem 10.6 the pre-period
has length
max (s1,s2)and the period has length ord,l0.

Example. Let ot:5/28. since 2g - 22.7,,Theorem10.6 tells us

that the pre-
has length 2 and the period has length ord710 : 6.
rylt:d: Since
5/28 (fiasll4z), we seethat theselengthsare correct.
Note that the pre-period and period lengths of a rational numb
er r f s, in
lowestterms, dependsonly on the denominators, and not on the
numerator /.
we observe that from Theorem r 0.6, a base b expansion
that is not
terminating and is not periodic representsan irrational number.

Example. The number with decimal expansion

o r: . 1 0 1 0 0 1 0 0 0 1 0 0 0 0 . . . ,

consisting of a one followed by a zero, a one followed by two zeros,

a one
followed by three zeroes, and so on, is irrational because this
expansiondoes not terminate, and is not periodic.
1O.1 DecimalFractions

so that its decimal

The number d in the above example is concocted
occurring numbers
expansion is clearly not periodic. To show that naturally
Theorem 10.6, becausewe do
such as e and 7( are irrational, we cannot use
of these numbers' No matter
not have explicit formulae for the decimal digits
we compute, we still cannot
how many decimal digits of their expansions
because the period could
conclude that they are irrational from ihis evidence,
be longer than the number of digits we have computed'

10.1 Problems

l. Show that dE is irrational

a) by an argument similar to that given in Propositionl0'l'

b) using Theorem 10.2.

2. Show that :/i + ..6 is irrational.

3. Show that

a) log23 is irrational.
b) logob is irrational, where p is a prime and b is a positive integer
is not a Power of P -
rational or
4 . show that the sum of two irrational numbers can be either
either rational or
5. Show that the product of two irrational numbers can be

6. Find the decimal expansionsof the following numbers

a) 2/5 d) 8lrs
b) slt2 e) lllll
c) r2113 f) 1/1001.

7. Find the base 8 expansionsof the following numbers

a) rl3 d) r16
b) rl4 e) rlrz
c) rls f) r122.

8. Find the fraction, in lowest terms, representedby the following expansions

a) .rz b) .i c) n.
348 D e c i ma l F ra c t i ons and C onti nued Fracti ons

9' Find the fraction, in lowest terms, representedby

the following expansions
a) (.rzi, c) (.iT),,
b) (.oar6 d) (M),6.
l0' For which positive integers D does the base 6 expansion
of l r/zro terminate?
Il' Find the pre'period and period lengths of the decimal
expansions of the
following rational numbers

il 7/t2 d) rc/23
b) tt/30 e) B/s6
c) t/7s f) t/6t.
12' Find the pre'period and period lengths of the
base 12 expansions of the
following rational numbers

a) t/+ d) s/24
b) r/B e) 17h32
c) 7/ro f) 7860.
13' Let b be a positiveinteger.Showthat the period
lengthof the base6
of l/m is m - I if andonlyif z is piimeand, i, primitiveroot
of m. "
14. For which primesp doesthe decimalexpansion
of l/p haveperiodlengthof

a)l d)4
b)2 e)5
c)3 f) 6?

15. Find the baseb expansions


a) r/(b-r) b) r/6+D .
16. Showthat the baseD expansion of t/G-1)z;, 1.9ffirJp1;u.
17. Showthat the real numberwith base6 expansion

(otzt.,.o-tlol rr2..)t,

constructed by successivelylisting the base b expansions

of the integers, is

18. Show that

1 O.1 Dec im al F r ac t i o n s

is irrational, whenever D is a positive integer larger than
integers greater than one'
r9. Let byb2,fur... !s an infinite sequence of positive
Show that every real number can be represented as

( ct ( bp for k : I'2'3'""
where cs,c1,cz,c!,...are integers such that 0

20. a) Show that every real number has an expansion

to+l! *
zl* 3!
are integers and 0 ( ct ( k for k
where cs,c1,c2,c!,-.-

of the type
b) show that every rational number has a terminating expansion
describedin Part (a).
llp is ('t,tr'-oJ"
Zl. Supposethat p is a prime and the base b expansionof
base b expansion of llp is p - l. show that
so that the period length of the
( p, then.
if z is a positive integer with I ( ln

m /p : (.cya1...coac
( 2...c1sacP)

where k : indtm modulo P.

2 2. Show that if p is prime and l/p - ('ffi)6 has an even period length'
k :2t, thenci * ci+t: b-l f o r . , ;:r 1 , 2 , " ' , t
whete h and' k
2 3 . The Farey series Fn of order n is the set of fractions hlk
are integers,0 ( ft < k ( n, and
(h,k): 1, in ascendingorder' Here, we

include 0 and I in the forms i and I respectively' For instance, the Farey
seriesof order 4 is
0l112 3l
T ' T , T ' T ' 7 , 7 ,T
a) Find the Farey series of order 7.

b) Show that if a/b and c/d are successiveterms of a Farey series' then
bd - ac :1.

c) Show that if a/b, c/d, and e/f are successiveterms of a Farey series,
c a*e
7- E7'
3so DecimalFractions and ContinuedFractions

d) Show that if a/b and, c/d are successiveterms of the Farey series of
ordern, then b*d ) n.

24. Let n be a positiveinteger,n ) l. Show that I

not an integer.

l0.l ComputerProjects
Write computerprogramsto do the following:
I' Find the base 6 expansionof a rational number, where
b is a positive integer.
2' Find the numerator and denominator of a rational
number in lowesr rerms
from its base b expansion.

3' Find the pre-period and period lengths of the base

D expansion of a rational
number, where b is a positive integer.

4' List the terms of the Farey series of order n where n

is a positive integer (see
problem 23).

10.2 Finite Continued Fractions

Using the Euclidean algorithm we can express rational
numbers as
continued fractions. For instance, the Euclidean algorithm produces
following sequenceof equations:

62:2.23 + lG
2 3 : l . 1 6+ 7
1 6: 2 - 7 + 2
7:3-2 + l.

When we divideboth sidesof eachequationby the divisorof that

62:r*16:,)r I
23 23 nlr6
?3-:t+L:t* I
16 16 16/7
16 : I Z : r + I
7 7 7/2
+ !.
By combiningtheseequations,
we find that
1 O.2 F init e Cont inu e d F ra c ti o n s

62 :2+ 1
23 23116
:2+ t
r '- L :

The final expressionin the abovestring of equationsis a continuedfraction

expansion of 62123.
We now definecontinuedfunctions'

of the form
. A finite continuedfraction is an expression
ctz *

a n - rt L
where Qg,a1,a2,...,anale real numbers with Q1,Q2,Q3',"'' an positive' The real
numbers ej,a2,...,Q'nare called lhe partial quotients of the continued fraction'
The continued fraction is called simple if the real numbers as,c r,..., an are all
we use the
Because it is cumbersome to fully write out continued fractions,
to represent the continued fraction in the above
notation Lso;a1,e2,...,Ctn|
We will now show that every finite simple continued fraction represents
we will demonstrate that every rational number can
rational number. Later
be expressedas a finite simple continued fraction'
352 DecimalFractions and ContinuedFractions

Theorem l0'7 ' Every finite simple continued

fraction represents a rational

Proof' we will prove the theorem using mathematical

induction. For n : 1
we have

I *aoar*l
al og

which is rational. Now assume.that for the positive

integer k the simple
continuedfraction [ag;at,e2,...,eklis rational whlnevst
as,or,...,okare integers
with a r,...,ak positive. Let as,at,...,ek+tbe integers
with er,...,ek+t positive.
Note that

[ a g . a 1 , . . . , a k +: t la g +
Ia;a2,..., a1r.a1ra1l

By the induction hypothesis,[a

ria2,...,ek,ek+r] is rational; hence, there are
integers r and s, with s*0, such that this continued
fraction equals r/s.

l a o ; a 1 , . . . ,a k , o k + t l : a g +
I agr*S

which is again a rational number. tr

We now show, using the Euclidean algorithm, that

every rational number
can be written as a finite simple continued fraction.

Theorem 10.8. Every rational number can be expressed

by u finite simple
continued fraction.

Proof. Letx:a/b w h e r ea a n d b a r e i n t e g e r s w i t h b > 0 . L e t r s - a and

r't : b. Then the Euclidean algorithm prodr.", the
following sequenceof
1O.2 Finite ContinuedFractions

rO : r1Q1* 12 Q 1r2 ( tt,

r| : r2Q2* 13 0(131rr,
12: r3Qtl 14 0(ra113,

ln-3 : fn'ZQn-Z* fr-t 0(rn-11tn-z,
fn-Z: fn-1Qn-1*fn 0(rnlrn-t
fn-l : tnQn

Writing these
In the above equations 4z,Qt,.",Qn are positive integers.
equations in fractional form we have
lo tt I
L: : Qr*;:qt+
b /1 6
tt: . 13 I
rZ: ta, I
nr*;:et* rrt^

ln-3 tn-l -L - I
: : -t
rn-2 tn-2 rn-2/rn-t
ln-2: ,n
- L : - nq- -n.-+l 4- , n - r , / r ,
Qn-l t
rn-l' ;
: ,QN

first equation'
Substitutingthe value of r1/r2from the secondequation into the
we obtain
(l 0.10)
T:4tt , t
4z r

into (10.10)
Similarly, substituting the value of r2fr3 from the third equation
we obtain
3 54 DecimalFractionsand ContinuedFractions

Q t *+rilrt
Continuing in this manner, we find that

q ' t+ I

* Qn-t
Hence q n l . T h i s s h o w s t h a t e v e r yrational number can
t:rnriQz,..., be
written as a finite simple continuedfraction. !

We note that continued fractions for rational numbers

are not unique.
From the identity

an : Gn-l) +

we seethat

[ a g ; a1 , e 2 , . .e. ,n _ t , o n l: I a g ; a 1 , c t 2 ,e. .n. ,_ t , e n

whenevera, ) L

Example. We have
: [ o ;I , l , l , 3 1: [ o ; l, l , l , 2 ,I ] .
#I I

In fact, it can be shown that every rational number can

be written as a
finite simple continued fraction in exactly two ways, one
with an odd number
of terms, the other with an even number (see problem
8 at the end of this
se c t ion) .
Next, we will discussthe numbers obtained from a finite continued
by cutting off the expressionat variousstages.

Definition. The continued fractions [as;a1,o2,...,

a1l, where ft is a nonnegative
integer less than n, is called the kth convergenr of the continued
1O.2 Finite ContinuedFractions

by Ct '
[ao;a1,e2,...,Qnl The kth convergentis denoted
the convergentsof
In our subsequentwork, we will need some properties of
these properties, starting with a
a continued fraction. We now develop
formula for the convergents.

Theorem 10.9. Lel ag,a1,e2,...,an be real numbers,with a 1;a/;...,a, positive'

Pn and qs,qt,"', Qn be defined
Let the sequencesP0,Pt,...,

Po: aO Qo: I
Pt : a s o l * l q1: ar

apQt-t t q*-z
P * : o k P k - t t P*-z Qk:

t k : I' ao;at,.' .,okl i s gi ven by

fo r /c : 2, 3, . . . ,n . Then the k th c o n v e rg e n C
Cp -- P*lqr'

: 0
proof. we will prove this theorem using mathematical induction. For k
we have
Co: lael : asll : Polqo.

For k : l, we seethat
Cr : l a o ;a 1 l : a s + ! :
a1 a1 Qt

Hence. the theorem is valid for k : 0 a n d k : l

Now assume that the theorem is true for the positive integer k
2<k 1n Thismeansthat
(10.11) C k : [ ' a o ; a r , .Q
. . k, l :
Q* t * qtr-z'
a trQ-t

Becauseof the way in which the p;'s and 4y's are defined, we see that the
numbers p*-r,p*-z,Qk-1, and Q*-z depend only on the partial
e0,er,...,ak-r . Conr"quently, we can replace the real number ap
a* * lla*+t in (t0'l I), to obtain
3s6 D e c i ma l F ra c ti ons and C onti nued Fracti ons

C t + r : [ a g ; a t , . . . , o k , o k +: r l
I a o : a 1 , . .(. t, k _ t , o k+ ! l

+l P*-r t p*-z

l"r *)nr-,*q*-z

a*n(arp*-r * p*-z) * p1,-1

apal(alrQrr-t * Qt_) * qt_t

_ o * + Pt * P * -r
a * + fi * * q* -r

_ P*+t

This finishesthe proof by induction. D

we illustrate how to use Theorem 10.9 with the following


E x am ple. we h a v e 1 7 3 /5 5 : [3 ;6 ,r,7 1. w e computethe sequences

p1 andq,
f o rj : 0 , 1 , 2 , 3 , b y

Po: 3 Qo: I
Pt:3'6+l: 19 Ql:6
Pz: l'19+3:22 Qz: l'6*l : 7
P t : 7 ' 2 2 + 1 9: 1 7 3 4 3- 7 ' 7 + 6 : 5 5 .
Hence, the convergentsof the abovecontinuedfraction are

Co : po/qo: 3/l : 3
C z : p z /q z : 2 2 /7
Ct: pJqt: 173/55.

We now state and prove another important property of the convergents

of a
continued fraction.

Theorem 10.10. Let k be a positiveinteger, k 2 | Let the /cth convergent

of the continuedfraction las;ar,...,onlbe c1 : p*/qt, where pt< and,q1,
ai as
'1O.2Finite ContinuedFractions 357

definedin Theorem 10.9. Then

: (-l)k-l'
PrrT*-r' P*-t4t'

For k : I we
Proof. We use mathematical induction to prove the theorem'
(asal+l)'l - asat: l'

Assume the theorem is true for an integer k where I < ft I tt , so that

- : (-l)t-l'
PtQ*-r P*-rQt

Then, we have
- (a rr+ rp t* p r-)q r, - P* (arrttQ* * Qr-)
Pt+rQt P * Q t+ t
- - (-l)k-t: (-1)k'
Pt-tQt Ptq*-t:

so that the theorem is true for k + l. This finishesthe proof by induction. tr

we illustrate this theorem with the example we used to illustrate Theorem


Example. For the continuedfraction [3;6,1,71we have

- - : -l
PoQt PrQo: 3'6 19'l
: - :
PrQz- PzQl 19'7 22'6 I
- - : -1'
PzQt PtQz: 22'55 173'7

As a consequenceof Theorem 10.10, we see that the convergentspt lqx for

thi s.
k:1 ,2, . . . ar e in low e s tte rm s . C o ro l l a ry 1 0 .1d e monstrates

Corollary 10.1. Let C*: p*lqr, be the kth convergent of the simple
where the integersPt and qp are as definedin
continuedfraction las;ar,...,8211,
Theorem 10.9. Then the integersPr, and qy are relatively prime.

Proof. Let d : (p*,q*). From Theorem 10.10,we know that

P*Q*-r Q*P*-r: (-l)k-l'

Hence, from ProPosition1-2 we have

d I el)k-r.

Therefore,d : l. B
3s8 D e c i m a l F ra cti ons and C onti nued Fracti ons

we als o hav e th e fo i l o w i n gu s e fu rc o ro i l a ry
of Theorem r0.10.

corollary 10.2- L?t ck : pr/qp be the

kth convergent of t h e s i m p l e
c ont inuedf r ac t i o nl a o :a 1 ,e 2 ,...,
e11l Then
{- ) * - r
C1,- Cr-r :
for all inregers
k with I < ft n Also,

^ alrG)k
Cp- -x-2:

for all int eger sk w i th 2 < k ( n .

Pr oof . F r om T h e o re m 1 0 .1 0w e k n o w th a t p l r Q* _t-
Q* pr_r: (_l )k-l
W e obt ain t he f i rs t i d e n ti tv .

''n pr_r (_t)k-l
Ck - Cft-r : -
Qr Qt-r QtQ*_r

b y div iding bot h s i d e sb y q rQ* _ r .

To obtain the secondidentity, note that

r .t - r- L k - z : -
L -Pt' Pt'-z:- P*Qr-z-P*-zQ*
Q* Q*-z Q*Q *-z

sinc e P k : at p*- r * p * -z a n d q 2 : o k e k -r * q * -2, w e seethat

the numerator
of the fraction on the right is

P *Q *- z - p rr-z Q*: (a * p * _ t * p * _ z )q k _2- p* _z(arQr,_r* Qr_z)

- a t(P tr-tQ tt-z- p * -z Q * -)
: a rr(-l )k - 2 ,

where we have used Theorem 10.r0 that

Pr - t Q t , - z- P t - z Q* -r : (- D k -z .

Therefore,we find that

Cp - Ck-z:
Q*4 tr-z

is the second identity of the corollary. tr

1 O.2 Finit e Cont inue d F ra c ti o n s

theorem w hi ch i s useful
Usi n g c or ollar y 10 .2 w e c a n p ro v e th e fo l l o w i ng
when developinginfinite continued fractions'

o f t he fi ni te si mpl econti nued

Th e o rem l0. ll. Let c1 b e th e k th c o n v e rg e n t
., l . T h e n
fra cti o n lag: at , Q 2, . . Qn
Cr)Cl)Cs) '
Co ( Cz 1 Cq 1 '

:0 ' l ' 2 " " i s greater than every

a n d e ver y odd- num be rc dc o n v e rg e n tC ri * r ' i
e ve n num ber edc onve rg e n tC z i ,-l 0 ,1 .2 ," '
: /'3' " ' ' rt'
Pro o f. S inc eCor olla ry 1 0 .2 te l l s u s th a t, fo r k


we know that
Cp 1 C*-z

wh e n k is odd, and
C* ) C*-z

wh e n k is ev en. Hen c e
Ct 7 Ct ) Cs

Co ( Cz 1 Cq 1

To show that every odd-numbered convergent is greater than every even'

numberedconvergent,note that from Corollary 10.2 we have
C z ^ - C z r n - l' --

so th at Cz ^- t 7 Cz ^ . T o c o m p a reC 2 1 ,a n d C ri -r , w e seethat
Czj-r) Crj*z*-l > Crj*ro ) Cz*'

so that every odd-numberedconvergentis greater than every even
convergent. tr
360 D e c i ma l F ra c ti ons and C onti nued Fracti ons

Example. Consider the finite simple continued

fraction 12:3,1,1,2,41.
Then the

Co- 2/l-2
C1 - 7/3:2.3333...
Cz- 9/4:2.25
C: : 16/7:2.2857...
C+: 4l/lS:2.2777...
Cs : ftA /7 9 : 2 . 2784....

We seethat

Co : 2 1 Cz: 2.25I Ca : 2.2777...

( Cs :2.2784... ( Cr :2.2957... ( Cr :2.3333...

10.2 Problems

l' Find the rational number, expressedin lowest terms, representedby each
of the
following simple continued fractions

a) IZ;ll e) [ r ;r ]
b) [t;z,z] f) [ l ;l , l ]
c) [0;5,0] e) [ I ; t , l, l ]
d) 5 , 1]
[3;7,1 h) [ l; I ,l ,l,l ].

2' Find the simple continued fraction expansion not terminating with the partial
quotient one, of each of the following rational numbers

il 6/s d) slsss
b) 22t7 e) -4311001
c) t9/29 f) 873/4867.

Find the convergentsof each of the continued fractions found in problem 2 .

Let up denote the kth Fibonaccci number. Find the simple continued fraction,
terminating with the partial quotient of one, of u1,-,1fup,where ft is a positive

5. Show that if the simple continued fraction expressionof the rational number
a , a . ) 1 , i s [ a 6 ; a t , . . . , a kthen
l, the simple continued fraction expressionof l/a is
l};a o,ar,...,a k'l.
6. S h o w t h a t i f a e * 0, then
1O.3 InfiniteContinuedFractions

: I o o i a * - t ., - . , a 1 , a s l

q* / q tr-r: I'au:ar-r,"',a2,a11,

where Ck-r: p*-t/qrr-r and C* : pt lq*,k ) l,are successive convergentsof the

(Hint: Use the relation : a*P*-1 * pp-2 to
continued fraction la6;a1,...,an1 P*
s h o wt h a t p t / p * - r : a r * I / ( p x - t / p * - ) .
of the
7 . Show that q1,) u1, for k:1,2,... where c*: p*lqr is the kth convergent
simple continued fraction las;a1,...,an1 and all denotesthe kth Fibonacci number'

8 . Show that every rational number has exactly two finite simple continued fraction
be the simple continued fraction expansion of rls where
9 . Let lao;ar,a2,...,a211
(r,s): I and r)l Show that this continued fraction is symmetric, i'e.
o s : a 2 1 t a t a n - t d 2 : a n - 2 , . .i.f, a n d o n l y i f s l ( r 2 + t ) i f n i s o d d a n d s l ( r 2 - t ) i f
n is even. (Hint: Use problem 6 and Theorem 10.10).

10. Explain how finite continued fractions for rational numbers, with both plus and
minus signs allowed, can be generated from the division algorithm given in
problem 14 of section1.2'

ll. Let as,ar,a2,...,ak be real numbers with a r,o2,...positiveand let x be a positive

real number. Show that Ias;a1,.'.,ar,l1 lao;a6--.,a1,*xl if k is odd and
I a s ; a 1 , . . . , a t>1 [ a o ; a 1 , . ' . , o 1 r * xi f] t i s e v e n .

10.2 Computer Projects

Write programs to do the following:

l. Find the simple continued fraction expansionof a rational number

2. Find the convergentsof a finite simple continued fraction.

10.3 InfiniteContinuedFractions
Supposethat we have an infinite sequenceof positive integersQo,Qt,ay,...
How can we define the infinite continued fraction Las,at,a2,...l? To make
sense of infinite continued fractions, we need a result from mathematical
analysis. We state the result below, and refer the reader to a mathematical
analysisbook, such as Rudin lezl, for a proof.

Theorem ll.l2. Let xs,x r,x2,... be a Sequenceof real numbers Such that
xo ( x r ( x z ( . . . a n d x 7 , < u fo r k : 0 ,1 ,2 ,... for somereal number u, or
x o 2 x r 2 x z 7 . . . a n d x t 2 L f o r k : 0 , 1 , 2 , . . . f o r s o m er e a l n u m b e rl .
362 D e c i ma l F ra cti ons and C onti nued Fracti ons

Then the terms of the sequencexu,xr,x2,...

tend to a limit x, i.e. there exists
a real number x such that

Theorem 10'12 tells us that the terms of an infinite
sequencetend to a limit
in two specialsituations,when the terms of the sequence
are increasingand all
less than an upper bound, and when the terms of the
sequenceare decreasing
and all are greater than a lower bound.

We can now define infinite continued fractions as limits

of finite continued
fractions, as the following theorem shows.

Theorem 10.13. Let as,e1,ct2, an infinite sequenceof integers

ar,Qz,... positive, and let ck : lag;a1,a2,...,e1a1Then the convergents
tend to a limit ot.i.e

Before proving Theorem l0.l 3 we note that the limit a described in
statement of the theorem is called the value of the infinite simple continued
fraction [as;at,o2,...1.
To prove Theorem 10.13, we will show that the infinite sequenceof even-
numbered convergents is increasing and has an upper bound and that the
infinite sequenceof odd-numbered convergentsis decreasingand has a lower
bound. We then show that the limits of these two sequences,guaranteedto
exist by Theorem 10.12,are in fact equal.

W e now will p ro v eT h e o re m 1 0 .1 3 .

Proof. Let m be an even positive integer. From Theorem 10.1l, we seethat

cr ) ct) cs ) ) C^-t
ca1cz1cq1 1C^,

and C2i 7 Czn+t whenever 2j 4 m and 2k + | <. m . By considering all

possiblevaluesof m, we seethat

Cr ) Ct>. Cs) ) C z n - t ) C zn+ ,

co(czlc+( 1 Czn-z 1 C2n I

and czi ) Cz**t for all positive integers j and k. we see that the
hypothesesof Theorem rc.12 are satisfied for each of the two sequences
C 1, C3, C2, . . and
. C s ,C z ,C 4 ,.... H e n c e , th e sequenceC 1,C 3,C 5,...tends to a
1O.3 lnfinite Continued Fractions

a2 ' i'e'
limit d1 and the sequenceCs,C2,C4,"' tends to a limit
: dr

: o(2'

Our goal is to show that these two limits a1 and oQ are equal'
Corollary 10.2 we have
C z n +-r C
* zt n
: lzn*t - Pzn -
Qzn+t Qzn Qzn+lQz, Qzn+lQzn

Since e* 2 k for all positive integers /c (see problem 7 of Section 10.2), we

know that
ezn+rQzn ( z n + l )Qn)

and hence

Czn*t - Cz,

tends to zero, i.e.

(C z ra 1- C 2 n ) : 0 .

s 1,C 3 ,C s ,...a n d C g ,C 2 ,C 4 ,...have the S amel i mi t, si nce

H e n c e,t he s equenc eC

j* (cr,*t - cz) : Czn*t- cz, : o.

,lg ,lg

Therefore ayr: aq, z11dwe conclude that all the convergentstend to the limit
d : (rr : dz. This finishesthe proof of the theorem' D
Previously, we showed that rational numbers have finite simple continued
fractions. Next, we will show that the value of any infinite simple continued
fraction is irrational.

Th e o r em 10. 14. Le t o s ,,o 1 ,e 2 ,...b e i n te g e rs w i th a1,Q2,...posi ti ve. Then

Ia o ;ar , , a2, . . . 1is ir r ati o n a l .

Proof. Let a : las;at,ctz, let

364 DecimalFractionsand ContinuedFractions

Cr : pr/qp : [ a o ; at , . . . , a k l

denote the /cth c o n v e r g e n t o af . W h e n n is positive

a integer,Theorem 10.I I
shows that C2, ( a ( C z r + t , s o t h a t

0 ( a - Czn I Czn*t - Czo .

However, from Corollary 10.2, we know th a t

Czn*t - C2n : '

this meansthat

0(a-Czn:a- Pzn
4zn Qzn+ tQzn

and therefore, we have

0 1 a q 2 , - p z n 1 l / qzr+ t .

Assume that a is rational, so that ot : e /b where a and b are integerswith

b + A. Then

-pzn< I
oaoQr" ,
b Qzr+t

and by multiplying this inequality by b we seethat

Qz n + t

Note that aq2, - bpzn is an integer for all positive integersn. However, since
Qz r + r ) 2n*I , th e re i s a n i n te g e r n s u ch that Qzn+ t> b, so that
b/Qzr+t < I . This is a contradiction,sincethe integer aQzn- bprn cannot be
between0 and I . We concludethat a is irrational. n

We have demonstrated that every infinite simple continued fraction

representsan irrational number. We will now show that every irrational
number can be uniquely expressedby an infinite simple continuedfraction, by
first constructing such a continued fraction, and then by showing that it is
1O.3 Infinite Continued Fractions

and define the sequence

Theorem f0.15. Let a: cvObe an irrational number
Q0 ,Qt, Q 2, ' . . r eCuf s iv e l bYY

Qk : lapl, c r k + :l I / b t - a )

fo r k : 0, l, 2, . . . . Th e n a i s the value of the infinite, simple
fra cti o n Lag;ar , az , - ..1 .

is an integer
Proof. From the recursivedefinition given above, we see that ap
we can easily show using mathematical induction that
for every k. Further,
for every k. We first note that d0 : a is irrational' Next, if
a7, is irrational
is also
we assume that a1, is irrational, then we can easily see that a,p1'
irrational, sincethe relation

(10.12) otk:A**Ls

and if d;611were rational, then by Theorem10.1,a7. would also be rational'

Now, since a7, is irrational andap is an integer,we know that 47, I at, and

so that

a(k+t: 1l@* - ap) ) l,

and consequently,
ak+r: [ar+rl ) 1

fsr k : 0, I , 2, ... . This meansthat all the integers

Note that by repeatedlyusing (tO.t2) we seethat
366 DecimalFractionsand ContinuedFractions

Q: d0: ao* I : [as;al
ao* : Ia 6 ;a 1 ,a 2 l

: Qo* : I a g ; al , o z , . . . , c t k , a t r + l l .
at i
az -f


what we m ust n o w s h o w i s th a t th e v a l u e of l as;at,o2,...,ek,c,k+tends

1] to a
as ft tends to infinity, i.e., as k grows without bound. From Theorem 10.9,we

a*+tP* * pt+t
a : f a g ; a r , . . . , o k , a k + l l:
at+rT* * q*-r

where Cj : pi/qi is the 7th convergentof las;afl2,...1. Hence

a * + rP r * p * -t pt
a-Cp :
dtc+tQ* * q*-t Q*
-(Prqrr-t -
(ar+gr, * q*-)q*
(a r+ g * * q * r)qt '

where we have used Theorem 10.10 to simplify the numerator on the right-
hand side of the secondequality. Since

a * + rQ * * q t-r ) a t+ fl t * q* -r : Qk+|,

we seethat
1O.3 Infinite Continued Fractions

l o - c * L' * QtrQx+t

note that l l q* qn* t tends

Si n ce Q r , 2 k ( f r om p ro b l e m7 o f Se c ti o n 1 0 .2 ),w e
k tends to infinity' or
to zero as k tends to infinity. Hence, Cp tends to a as
phrased differently, the value of the infinite simple continued
l a s ; a 1 , a 2 , . . . 1ai.s t r
To show that the infinite simple continued fraction that
irrational number is unique, we prove the following theorem.

Theorem 10.16. If the two infinite simple continued fractions las;at,a2,...1

bx for
and lbo;br,bz,...l representsthe same irrational number, then ar:
k :0,1,2,...

Proof. Suppose that a: lag;at,a2,...1. Then, since Co : 4o and

C t : a o * l / a t , T h e o r e m1 0 . 1 1t e l l su s t h a t
ao 1a 1ag* Ifa1,

so that ao: lc-l. Further, we note that

[ a g ; a 1 , a 2 , .:" 1a o

a : l a s ;ar,a2 ,...1: 1 ,a2 , ...,apl
o l g l [a o i a
:lim(ao+, ,)
/ <- - l q 1 i a 2 , Q3 , . . . , a pI

: do*
lim Ia1,o2,...,apl
/< --

: aol --.
l O 1 i O2 , O3 , .. . I

: l b o i br , b2 , . . . 1 .
l a s ; a1 , a2 , . . . 1

Our remarks show that

aO: bO: lol
368 DecimalFractionsand ContinuedFractions

and that

a o *+ : b o " '
Io 1;a2,...1 Ib ,.bz,...l

so that

I a ; a 2 , . . . !: [ b t i b z , . . ..l

N o w a s s u m et h a t a 1 r : b k , a n d t h a t l a p t l ; a 1 r a 2 , .:.[.b1n * r ; b t + 2 , . . . 1 .
U s i n gt h e
same argument, we see that apal : bpa1,o.1d,

a*+rl +- : bk-t+ ' I

Lapa2io1ra3,...l '

which implies that

] : lb 1ra2;b
['a p,z;a1ra3,... I .

Hence, by mathematicalinduction we see that a2 : b1, for k :0,1,2,... . D

To find the simple continued fraction expansion of a real number, we use

the algorithm given in Theorem 10.15. We illustrate this procedurewith the
following example.

Example. Let a : G. We find that

ao:lrfil:2, ant,:G5:T

Qt:r*r:2, I : J6+2

'2' )-z

e z : [ J o + z l: q I {e+z _
- E ........:-:
Qo+D-4 2

Since d3 : w e S e et h a t a 3 : ot, a4: e 2 , . . . , a n d s OOn Hence

^f6 : 12;2,4,2,4,2,4,...1.

The simple continued fraction of -,.6' is periodic. We will discuss

simple continued fractions in the next section.
The convergents of the infinite simple continued fraction of an irrational
number are good approximations to a. In fact, if p*/qt, is the
7th convergenr
of this continued fraction, then, from the proof of Theorem 10.15, we know
1O.3 InfiniteContinuedFractions

l"-polqol < llq*qx+t

so that
lo - polqxl< tlq? ,

si n ceQt I Q *+ r .
of the simple
The next theorem and corollary show that the convergents
to a, in the sense
continued fraction of a are the best rational approximations
with a denominator
that prrlql is closer to a than any other rational number
l e ssth an q1.
:1,2,"', be
Theorem 10.17. Let a be an irrationalnumberand let n1le1,i
of a' If r and s are
the convergentsof the infinite simplecontinuedfraction
integers with s ) 0 such that
lso-rl < lqo"-pol

thens 7 qr*t.

( s I q*+r. We
proof. Assume that lso-r | < lqr,o-pnl, but that 1
considerthe simultaneousequations


By multiplying the first equation by Q* and the second by px, and
subtracting the secondfrom the first' we find that
(Pt +rqr-PxQt +)Y - tQk - sP* '

- : (-l)fr, so that
From Theorem 10.10,we know thar ppag* Pt Qt+l
y : (-l)k (rq1,-sP).

ppal and
Similarly, multiplying the first equation by Qlray and the second by
then subtracting the first from the second,we find that

x : (-l)k(sppa;rQ*+).

Wenotethat x#O and y#Q. If x:0thensPt+t:r4k+t'Since

(px*t,qrr*) : l, Lemma 2.3 tells us that q*+tls, which implies that
:0 , then r : pkx and s : Qkx'
Qt+t ) s , c ont r ar y to o u r a s s u mp ti o n .If y
so that
370 D e c i ma l F ra c ti ons and C onti nued
Fracti ons

lso-rl : l" llqp-pr,l ) lqro-p*l,

sinceIrl > l, contraryto our assumption.
we will now showthat x and y haveopposite
signs. First, supposethat
y < 0 . S i n c eQ k x : s - Q t < + t l , w e k n o w t h a t x
) 0 , b e c a u s e { 1)x 0 and
Q* ) 0. When / ) 0, since Qtc+r!2 q1ra1 ) s, we see that
Qkx: s - Q*+r! ( 0,sothatx ( 0.
F r om T heor em l 0 .l l , w e k n o w th a t e i th e r
P t/qt ( a ( p* + r/qx+ t or that
Pt+t/q*+r ( a ( Pr/q1r. In either case. we easily see that
Qtea- pt, and
Qr+p - p*+r have oppositesigns.
From the simultaneous equations
we startedwith, we seethat
lso-r | : lQorIql,lp)a - (po*+p**t)l
: lx(qp-pr) + yQ1,ap-p;-;it

combining the conclusionsof the previoustwo paragraphs,

we see that
x(qpa-pr) and!(Q*+p-p,t*r) havethe samesign,so that

lso-rl : l{ llqoo-pol+ lyllq**p-pr,+rl

2 lxllqoo-pnl
) lqto-pr,l,
sincel*l>t. This contradicts
our assumption.
We haveshownthat our assumptionis false,and consequently,
the proof is

Corollary 10.3. Let q b e a n i r r a t i o n a ln u m b e r a n d l e t p i / q i , j : 1 , 2 , . . .

the convergentsof the infinite simple continued fraction-of
*. lf r/s is a
rational number, where r and .r are integerswith s ) 0, such
lo-r/tl < l"-p*/qol ,
th e n s ) q*.

Proof. Suppose that s ( qt and that

lo-r/sl < l"-pr,lqr,l.

1 O.3 Inf init e Cont in u e d F ra c ti o n s

By multiplying thesetwo inequalities,we find
sla-r lsl < qol"-Polqol

so that
lsa-tl < lqod-Pxl ,

violating the conclusionof Theorem l0'17' tr

simple continued fraction of 7( is

Example. The
i s n o d i s c e r n i b l p
e a t t e r n i n
o : l i ; j , 1 5 , 1 , 2 9 2 , 1 , 1 , 1 , 2 , 1 , j , . . . 1 .N o t e t h a t t h e r e
of this continued fraction
the sequenceof partial quotients. The convergents
22/7' 3331106'
are the best rational approximationsto r. The first five are 3,
C orol l ary 10.3 that 2217 i s
3 3 5 1 113,and 1039 9 3 /3 3 1 0 2 .We c o n c l u d efro m
less than 106, that
the best rational approximation of t with denominator
zr with denominator less than
31.5lll3 is the besi rational approximation of
3 3 1 0 2 .a n d s o o n .
Fi n ally , we conclude this section with a result that shows that any
be a
sufficiently close rational approximation to an irrational number must
the infinite simple continuedfraction expansionof this number.

Theorem 10.18. lf a is an irrational number and if r ls is a rational number

in lowestterms, where r and s are integerswith s ) 0, such that
lo-r/sl < t/2s2,

then r/s is a convergentof the simple continued fraction expansionof a.

proof. Assume that r/s is not a convergent of the simple continued fraction
expansion of a. Then, there are successiveconvergentspxlqx and ppallqp*t
su ch t hat Q n 4 s I Qrr+ t F ro m T h e o re m 1 0 .1 7,w e seethat
lqoo-pol< It ".-rl: slq-r/sl < t/zs'

Dividing by qr we obtain

l o -p o l q o l < 1l 2 s q * .

Since we know that \tpo-rqol > t (we know that sP*-rQr is a nonzero
integer sincer ls #pplqr), it follows that
372 DecimalFractionsand Continued

| - lspt-rq*l
sQ* '-, sQ*

: lor tl


I qrl
2tq* 2s2

(where we have used the triangle

inequality to obtain the second inequality
above). Hence, we seeth a t

t/2sqp I t/2s2


Zsqp ) 2s2,

which implies that q1, ) s, contradicting the assumption. tr

10.3 Problems

L Find the simple continued fractions of the following real numbers

a) ,rf2 c) -,/i
b) ^f3 d) r+.6

2' Find the first five partial quotients of the simple continued fractions
of the
following real numbers

a) 1/, c) (e-l)/(e+l)
b) 2r d) (e 2 -t)/(e 2 + D .

Find the best rational approximation to zr with a denominator less than

The infinite simple continued fraction expansionof the number e is

e : l 2 ; 1 , 2 , 1 , 1l , 1
4 , 61, ,1 , g , . . . 1 .

a) the first eight convergents

of the continuedfractionof e
1 O.3 I nf init e Cont in u e d F ra c ti o n s

less than
b) Find the best rational approximation to e having a denominator
5 . Let d be an irrational number with simple continued fraction -ot
Show that the simple continued fraction of is
o : loo;ot,a2,...f
a 1 2 I a n d [ - a s - l ; a 2 l l d v " ' l i f at: 1'
6 . Show that if p*lqx and,p1,a/q1a1 2f consecutive convergents of the
continued fraction of an irrational number a, then

l o - p r/q rl < tl z q o '

l o - p o * r/q o * ,1
( l /2 q l a.

( Hint : F ir s t s h o wth a t l o - p r* r/q * * ,1+ l o - pol qol- l po* r/q& +- r pr,/qtl :

l/q*q**t using CorollarY 10.2.)

7. Let a be an irrational number , a ) I . Show that the kth convergent of the

simple continued fraction of l/a is the reciprocal of the (k-t)th convergent of
the simple continued fraction of a .

8 . Let a be an igational number, and let pllei denote the jth convergent of the
simple continued fraction expansion of a. Show that at least one of any three
consecutiveconvergentssatisfiesthe inequality

la- pileil < t/G/-sqil.

Conclude that there are infinitely many rational numbers plq, where p and q
are integers with q # O, such that

l''- plql<rlG6q\.

9 . Show that if a - (l +lf9/2, then there are only a finite number of rational
numbers plq , where p and q are integers,q # 0, such that


(Hint: Consider the convergents of the simple continued fraction expansion

10. If a and B are two real numbers, we say that p is equivalent to a if there are
integersa,b,c, andd ,such that ad - bc : il and 0 :

a) Show that a real number a is equivalent to itself.

b) Show that if a and p are real numbers with p equivalent to a , then a is

equivalent to B Hence, we can say that two numbers a and B are
3 74 Decimal Fractions and Continued Fractions

c) Show that if a,S, and l, are real numbers such

that a and B are equivalent
and B and l, are equivalent, then a and l, are equivalent.
d) Show that any two rational numbers are equivalent.

e) Show that two irrational numbers a and p are equivalent

if and only if the
tails of their simple continued fractions agree, i.e.
a : I a g ; a 1 , a 2 , . . . , a i , c 1 , c 2 , c 3a, n
. .d. 1 g : [ b o : b 1 , b 2 , . . . , b 1 r , c 1 , c 2 , c a , . . . 1 .
ai,t:0,1,2,...j, b1,i:0,1,2,...,k and c;, j : 1,2,3,...are intejers,
all positive
except perhaps as and bs .
II' Let a be an irrational number, and let the simple continued
fraction expansion of
a be a : Ias;aba2,.-.1. Let p*/q* denote, as usual, the &th convergent
of this
continued fraction. We define the pseudoconvergnts of this continued fraction

P*t/q*., : (tP*-r + pr-)/QQ*t * Q*-z),

where k is a positive integer, k > 2, and t is an integer with 0 < r I at, .

a) Show that each pseudoconvergentis in lowest terms

b) Show that the sequenceof rational numbers pt pk,o,-,/Qk,a,_,,

is increasing if k is even, and decreasingif ft is odd

c) Show that if r and r are integers with s ) 0 such that

lo-rlsl ( l" -p*.,/q*.,|

w h e r e k i s a p o s i t i v ei n t e g e r a n d 0 < r 1ak, then slqt ,, or

rfs : p*_t/q*_r.

d) Find the pseudoconvergents

of the simple continued fraction of zr for
k -2.

10.3 Computer Projects

Write programs to do the following:
l. Find the simple continued fraction of a real number.
2. the best rational approximationsto an irrational number.

10.4 Periodic Continued Fractions

We call the infinite simple continued fraction [as;at,az,...lperiodic if there
are positive integers N and k such that an : ara1, for all positive integers n
with n > N. We use the notation
1O.4 PeriodicContinuedFractions


to expressthe periodicinfinitesimplecontinuedfraction
I a o : a l , a 2 , . . . , QN - l , a N r QN + 1 ," ' , a N + k - 1 ' 4 1 y ' 4 1 y1 1 '" ' l '

For instance, tt;Z,lAl denotes the infinite simple continued fraction

I I ;2,3,4,3,4,3,4,...1.
In Section 10.1, we showed that the base b expansion of a number is
periodic if and only if the number is rational. To characterizethose irrational
numbers with periodic infinite simple continued fractions, we need the
following definition.

Definition. The real number a is said to be a quadratic irrational if a is

irrational and if a is a root of a quadratic polynomial with integer coefficients,
i .e .

where A,B, and C are integers.

Example. Let a :2 * ,/7. Then a is irrational, for if a were rational, then

b y Th eor em 10. 1,a -2 - .,,6 w o u l d b e ra ti o n a l ,contradi cti ngTheorem 10.2.
Next, note that
a2 - 4a t | : (7+4,fi - 4Q+,/t * I : o.

Hence a is a quadratic irrational.

We will show that the infinite simple continued fraction of an irrational
number is periodic if and only if this number is a quadratic irrational. Before
we do this, we first developsome useful results about quadratic irrationals.

Lemma 10.f . The real number a is a quadratic irrational if and only if there
are integers a,b, and c with , > 0 and c 10, such t"hatb is not a perfect
square and
: : (a+Jt) lc.

Proof. If a is a quadratic irrational, then a is irrational, and there are

i n te g er s A , B , and C s u c h th a t A a z + Ba t C :0. From the quadrati c
formula. we know that
376 DecimafFractionsand ContinuedFractions


Since a is a real number, we have 82 - 4AC )

0, and since a is irrational,
82 - 4AC is a perfect square and A r^0.
-not By either
-r^: taking
e: -B,b: 82 - 4AC, c :24 o, o: b, b : g2 _ 4;t, _ZU, wO
have our desired representationof a.


wherea,b, andc areinte*.r-,;; ,ti"i:O, and6 nota perrect
then by Theorems 10.1 and 10.2, we can easily see that a is irrational.
Further, we note that


so that c is a quadratic irrational. tr

The following lemma will be used when we show that periodic simple
continued fractions representquadratic irrationals.

Lemma 10.2. If a is a quadratic irrational and if r,s ,t, and u are integers,
then (ra*s)/(to*u) is either rational or a quadratic irrational.

Proof. From Lemma 10.1, there are integersa,b, and,c with b > 0. c # 0.
and b not a perfect square such that

a: (a+Jb)/c.

(at rcu) +t Jt
I Gr + cil + r JF lI ht + cil -t.'.6 |
IGt *cu) +t .,/blt(at +cu)-t ./n I
lGr *cs\ (at*cu) -rtblt[r (attcD -t Gr *cl)l../T
(at *cu)2-t2b
1 O.4 P er iodic Cont i n u e d F ra c ti o n s

H e n ce ,f r om Lem m a l 0 .l (ra * s )/Qa + d i s a q u a drati ci rrati onal ' unl essthe

rational' tr
;;;d;i";, G is zero, which would imply that this number is
fractions of quadratic
In our subsequentdiscussionsof simple continued
quadratic irrational'
irrationals we *iil use the notion of the conjugateof a

-- (a+JD lc be a quadratic irrational' Then the coniugate

Definition. Let a
: (a -J b )l c '
o f a , denot edby o' , i s d e fi n e db y a '

the polynomial
Lemma 10.3. If the quadratic irrational d. is a root of
is a', the conjugate
Axz + Bx * C : 0, then the other root of this polynomial
of a.

the two roots of

Proof. From the quadratic formula, we see that

If a is one of these roots, then a' is the other root, because the sign
tr4AC is reversedto obtain a' from a. tr

The following lemma tells us how to find the conjugates of arithmetic

expressionsinvolvingquadratic irrationals'

L e mma 10. 4. I f a' : (a ftb ffd )/c 1 a n d ,,2 : (a2* bzJd)f cz are quadrati c
(i) (a1+a2)' -- al t a'2
(ii) (a;c.2)' : o| - d'2

(iii) (ap)' : d'td2

(iv) (c"rlc.)': a't/o.z.

parts are easier.

The proof of (iv) will be given here; the proofs of the other
These appear at the end of this section as problems for the reader'

Proof of (iv). Note that

378 D e c i m a l F ra cti ons and C onti nued Fracti ons

t G ftbr.'./Z)
v l l q )


_ cr(a ,+b r/7) G,/T)

: lb2)''/7


, G;brE)/cz
- t--,
" " (or-brrE) /cz
c {a 2- b 2,/7 ) (a z+ b 2,/7 )

_ k z a p z -c z b ftz d ) - (czazbrczaft)fi

Hence (at/a)' : or'r/a'2. D

The fundamental result about periodic simple continued fractions

Lagrange's Theorem. (Note that this theorem is different than Lagrange,s
theorem on polynomial congruncesdiscussedin Chapter 8. In this chapter we
do not refer to that result.)

Lagrange'sTheorem. The infinite simple continued fraction of an irrational

number is periodic if and only if this number is a quadratic irrational.

We first prove that a periodic continued fraction represents a quadratic

irrational. The converse,that the simple continued fraition of a quadratic
irrational is periodic, will be proved after a special algorithm for obtaining
continued fraction of a quadratic irrational is developed.

Proof. Let the simple continued fraction of a be periodic, so that

a : la g;at,,e2,..,,a
N -r,ffi|

Now let

0 : la1s;aN+r,...,41r+ft

1 O.4 P er iodic G on ti n u e d F ra c ti o n s

g : lal;aN*I,...,4N

and from Theorem 10.9,it follows that

^ 1 P * tP* -t
(10.13) t) -

Since the
where p*lq* and p1r-r/Q1r-1ata convergentsof Ia11;av"1'"''oru+kl'
and from (tO't3) we
simple continued f.u.tlon of p is infinite, B is irrational,
qr,02t Qr,-r-P)0 - P*-r : a'

so that p is a quadratic irrational. Now note that

a : l a g ;a1 ,Q 2 ,...,Q
N -r, 01,

so that from Theorem 10'9 we have

'a;;:fr; '

Since B
where pN-t/qN-1 and pr,t-zlqN-2uteconvergentsof [ao;a t.a2'"''o7'1-11'
Lemma 10.2 tells us that a is also a quadratic
is a q*Oruii. irrational,
irrational (we know that at is irrational because it has an infinite simple
continuedfraction exPansion). D
To develop an algorithm for finding the simple continued fraction of a
quadratic irrational, we need the following lemma'

Lemma 10.5. If a is a quadratic irrational, then d. can be written as

: @+,/V)/Q,

w h e r eP , Q , a n d d a r e i n t e g e f s , Q* O , d > O , d i s n o t a p e r f e c ts q u a r ea, n d
QIQ-P2) .

Proof. Since a is a quadratic irrational, Lemma 10.1 tells us that

, : (a+Jb)lc,

where a,b, and c are integers, b > 0 , and c # 0 . We multiply both the
numerator and denominator of this expressionfor q by Itl to obtain
380 DecimalFractionsand Continued


(wherewe haveusedthe fact

that lrl: -,tr\. Now let p : alcl,
a n dd : b c 2 . e: clcl,
T h e np , e , a n dd a r e i n t e g e r s , l 0
(since6 > 0), d is not iperfect e s i n c e, 7 0 , d >O
sinceb is not a perfectsquare,and
f i n a l l ye l @ - p \ s i n c ed - p 2 : 6 r z 'lQuare
oirz :;rbjoif:;T'(ilorl. n
We now presentan algorithmfor findingthe sample

Theorem 10.19. Let a be a quadratic irrational, so

that by Lemma 10.5there
are integers Ps,Qs, and d such that

@o+,/7)/Qo ,
whereQ0*0,d > 0, d is not a perfectsquare,
and eel @-p&). Recursively
C tk: [a 1 ],
Q**r : (d-roL*t)/Q*,

for k : 0,1,2,... Thena : fag;at,a2,...1.

Proof. using mathematical induction, we will show that pk

and e* are
i n t e g e r sw i t h Q 1 ,* 0 a n d e * l @ - r p , for k:0,r,2,.... F i r s t ,n o t e t h a t t h i s
assertion is true for k : 0 from the hypothesesof the theorem. Now
that P1 and Qp are integerswith
e* * 0 and e*l@_p?i. Then
Pk+r: a*Qt - Pp

is also an integer. Further,

Q*+r: @-rf *r11qo

: [d-(o*Q,,-pr)2]/e*
: @-rfi/Qo + (2a1,P1,-a?er).

Since Qrl@-pil, by the induction hyporhesis,we see that

Qpal is an integer,
and since d is not a perfect square, we see that d I Pi, so
Q*+t : @-rf*;/Qo t o . Since

Q* : U-rf*1/Qo*t
1O.4 PeriodicContinuedFractions 381

we can concludethat Q1,ql@-pt*t) . This finishesthe inductive argument.

To demonstratethat the integerses,a1,a2,...are the partial quotientsof the

simple continuedfraction of a', we use Theorem 10.15. If we can show that
o ( k + t: llbr-ap),

fork: t he n w e k n o w th a t a : fa s ;a 1 ,a 2,...1.N ote that

Pk + ,/7
ap-ak: -ap
: l^/7 - G*Qr,- P)llQ*

: G/7 - pt +) lQ*

: G/V- P**')(JV+ P*+)/er,G/T+ P**r)

: @-rl*)/Q*QI + Pr*r)

: Q*Qr,n/Qr,G/7+ Pt*,)

: Q**r/('/i + Pr,*)

: lla*+r ,

where we have used the definingrelation for Qp* to replaced-Ppzar with

QtQ**r. Hence,we canconclude that a : las;a1,e2,...f
. D
We illustratethe use of the algorithmgiven in Theorem10.19with the

Example. Let a : Q+J1)/2 . Using Lemma 10.5,we write

: G+.,/N)/4

wh e r e we s et P o : 6 , Q.o : 4 , a n d d : 2 8 . H e n ceoo: [a] : 2, and

Pr : 2'4-6:2, a1 Q + ..E)/e,
Qr : (28-22)/4:6, O1 IQ+,/z$/61 : r,

P2 : l'6-2:4, ot2 G+,,/Tg/2,

Qz : Og-+2)/o:2, A2 t
382 Decimal Fractions and Continued Fractions

P3 - 4'2-!:4, d3 : e+.,m)/6,
Qt : Qg-+2)/2:6 o3 : tG+6>Jil:r,
P4 : l'6-4:2, :
d4 e+rFZ$/q,
Qq - (28-22)/6:4, :
a4 t7+.'-z$/il: t,
Ps - l'4-2:2, a5 : e+r/-Z$/6,
Qs - Q8-22)/4:6, a5 : t ( z + , , / N ) / 6 :1 l ,

andso,with repetition,
sincepr: p5 and
er: es. Hence,we seethat
G + . n ) / 2 I 2 ; 1 , 4 , 1 , 1 , r , 41,,r. ,.I .
: I2;1,4,1,11.

We now finish the proof of Lagrange'sTheoremby showingthat

the simple
continuedfractionexpansion of a quadraticirrationalis periodic.

Proof (continued). Let a be a quadraticirrational,so that by Lemma

we can write a as

o : (po + .,8) /eo .

by Theorem10.19we haveo: lao;ar,ez,...l
dk : (r1, + ,,/7)/Q* ,
ap : [apl,
Pwr : atQ*-Pk*t,
Q*r : Q -rf *1 /Qo*r,


Since a : Ias;a'
"")'lrl,o; that

]:ffi _ll;l
Ijl "_ * q*-).

Taking conjugates of both sides of this equation, and using Lemma 10.4,
see that
(ro.r+) o' : (pr,-p'* * p*-) /(qt,-p'n * q * - ) .

When we solve (tO.t4) for ol1,, ws find that

1O.4 Periodic Continued Fractions

( - P*-zI
, -ex-,l" tr- |
dk: p*t t
qk^ t ,
,*t l
to a as k tends to
Note that the convergents p*-z/Q1r-2 and p*-rlqrr-t tend
infinity, so that
| , - P*-z
la. t fr' -
I Q*-z I Q*-t

tends to 1. Hence, there is an integer N such that a ' * 1 0 f o r k > N .

o ' t > - 0 for k > l, we have

Pp + Jd Po-Jd Zfi r0.

otk-Otk :
Q* Q* Qr

sothatQ*> 0fork>N.
SinceQ*Qrr*,- d - P?*r, we seethat for k 2 ly',
0t ( Q*Q**r-- d P?*t < d .

Pl*, (d: Pl*t-Q*Qx*r,

- ,/7 I P*+r < -,/7.

- -,[d < P*+r <-r/7, that hold for

From the inequalities 0 ( 0r ( d and
k > N , we see that there are only a finite number of possiblevalues for the
pair of integers Px,Qx for k > N . Since there are infinitely many integers k
with k > N,therearetwointegersi andT suchthatPi:Pi andQi:Qi
with i < j . Hence, from the defining relation for cu;., we see that o(i di
conseque Hence
"t'*:;:;,";:"',i: ,-,,i:"',oi,*,'lo,ol,.;:,,':,.:,:
: I a g ; al , o 2 , . . . , a i - 1 , Q i i,+o 1 , . . . ,ia- t l .

This shows that a has a periodic simple continued fraction. D

384 DecimalFractionsand ContinuedFractions

Next, we investigate those periodic simple

continued fractions that are
purely periodic, i.e. those without a pre_period.

Definition. The continued fraction

[as;at,ez,...f is called purely periodic if
t h e r ei s a n i n t e g e rn s u c h t h a t a 1 r : e n t k ,
f o r k : 0 , 1 , 2 , . . . , s ot h a t
Example' The continued fraction tl;jl: (t+.1:) /2 is purely periodic while
[2;2,41: JA is not.

The next definition and theorem describe those quadratic

irrationals with
purely periodic simple continued fractions.

Definition. A quadratic irrational at if called reduced

-l ( a' ( 0, w h e rea ' i s if a ) I and
th e c o n j u g a teo f a .

Theorem 10.20. The simple continuedfraction of the quadratic irrational

a is
purely periodic iI-and only if a is reduced. Further, if
a is reduced and
a: l,as;at,e2,...,enl
then the continuedfraction of - l/oi i, to;o,,_ffi

Proof. First, assume that a is a reduced quadratic irrational.

Recall from
Theorem 10.15 that the partial fractions of the simple continuedfraction
of a
are given by

ek : lapl, otk+t : l/@tr-o*),

fork: where ato: d We see that


and taking conjugates,using Lemma 10.4, we see that

rs) l/a'*+t: c , ' k- a 1 r .

we can prove, by mathematical induction, that - I ( a1 (

0 for
k:0,1,2,.... F i r s t , n o t e t h a t s i n c e c . 0 : a i s r e d u c e d ,- l l a o < 0 . N o w
a ssum et hat - r 1 a ' 1 ,< 0 . T h e n , s i n c ea * 2 1 for k :0,1,2,-... (note that
a o 2 I s i n c ea > 1 ) , w e s e ef r o m ( t O . t 5 ) t h a t

l / o t t+ r < - 1 ,

so that -l 1 a'k+t < 0 . Hence, -l < a) 10 for /c :

1 O.4 P er iodic Conti n u e d F ra c ti o n s

Next. note that from ( t o . t 5 ) w e h a v e

d'k:a**lla'*+t t

and since -l 1 a'* < 0 , it follows that

-l 1a**lfa'1ra1 <0.

-l - l / a ' * + t 1 ax 1 -lf a'rr+r,,

so that
ek: [ - 1 / o r * r ].

Since a is a quadratic irrational, the proof of Lagrange's Theorem shows that

there u.. nonn.gative integers i and i' i,< 7, such that ai 7-oi, and hence
with - 1 / u ' ; : - l / a j . Since ai-t:l-t/ai i l a n O oji--l t : I - t / a , | j t ,, w e s e e t h a t
: ai-t I llai and , dj-: : oj-t + llai
oi-l ej-'.. Furthermore, since oti-t:
we a l s o s e e t h a t a i - 1 : o i-rContinuingthisargument'wseethat
di-z : o(j-z)ai-3: aj-30..', and finally, that ag : aj-i ' Since

d0 : a : Iag;a1,...,oi-i-t,ai-il
: la o;a 1,...,ei -i -1,041,Gl,

we see that the simple continued fraction of a is purely periodic.

To prove the converse,assumethat a is a quadratic irrational with a purely

Theorem 10.9 tells that
aP* * P*-t
( 10 . 16 ) a:ffi,

where pr,_tlq*_r and p1rlq1, 3;fe the (k-l)th and kth convergentsof the
continued fraction expansion of a . From (tO.t6), we seethat
(1 0 .17) e r,a 2* (q * -rP )o Pt-r : 0.

Now, let p be the quadratic irrational such t h a t g : l a t i a t c - l , . . . , a t , a o ,l i . e .

with the period of the simple continued fraction for a reversed. Then
0 : lo*iek - r , . . . , at,a o ,Al ,s o th a t b y T h e o re m 10.9, it follows
386 DecimalFractionsand ContinuedFractions

( D opi + pi-,

Fqr * q*-r
where pi-t/qL and pr,/q* are the (ft-l)th and kth convergents of the
continued fraction expansionof . Note, however,
B from probremi of section
1 0. 2.t hat

Pt /p1r-1: lanian-1,...,et,eol: pi/qi

a nd

Qt/q2-1 : farion-r,...,a2,e
l! : pL /qi_t.

Since pi-t /qi-, pi/qi are convergents,we know that they are in lowest
terms' Also, P*/pp-, and qp/q1-1 ilre in lowest terms, since
Theorem 10.10
tells us that ppqp-r - p*-rQk : (-t)e-t . Hence,

pi - p*, Qt : pk-r


Pk -t - 4 t< ,Q t< -t: ek-t.

Inserting thesevaluesinto (l0.lg). we see that

p,: 0p* * qr
1p*-r * qrt
Therefore, we know that


This impliesthat
(ro.rq) er,Gt/ilz * (q*-r- pt) Gtlp) - pk_t:
From( (1 0 .1 9 ),w e s e eth a t th e tw o r ootsof the quadratic equation
4 * x 2 * (q * -r - p )x - p* -t : 0

are a and -1/0, so that by the quadratic equation, we have a : -t/8. Since
0 : l a n i a n - t , . . . , a t , a o lw, e s e e t h a t p > I , s o t h a t - l < s 7 ' : - l / p < 0 .
Hence, a is a reduced quadratic irrational.
Furthermore, note that since fi : -l/ot,. it follows that
10.4 PeriodicContinuedFractions

-l/o':ffiol' tr
fraction of '/D ,
We now find the form of the periodic simple continued
Although \6 is not
where D is a positive integer that is not a perfect square'
-,/D is not between -l and 0, the quadratic
reduced, since its conjug-ate
r.*,o*r"i6-t; .6-ii l,/Dl - '[5 ' doeslie
r.duced,sinceits conjugate,
that the
between-1 and 0. Therefore,from Theorem 10.20, we know
the initialpartial
continuedfractionor [.lill +.,/D is purely periodic. Since
quotient of the simple continued fraction of tJD | + "/D is
if faf + ,/Dl:21,/Dl:2a0, w h e r ea o : I . . / D l ' w e c a nw r i t e
: I 2 ao ; at , Q2 , . . . ,na, 2 Qg , al , . . . , Q

Subtracting ao : ,/6 from both sidesof this equality, we find that

./ D : l a g ;a3 a 2 ,...,2 a g 1 0,...1
,a2 ,...2a

To obtain even more information about the partial quotients of the

continued fraction of ,/D, we note that from Theorem 10.20, the simple
continued fraction expansionof -l /$'IDl "/D) can
be obtained from that
for t.,6l + ..lD , by reversing the period, so that

But also note that
6 -t-6-l:lo;orprGol,

so that by taking reciprocals,we find that

| / G/D - t.D-l) - tor;orGrl -
for the simple continued
Therefore,when we equatethese two expressions
fractionof llG/D - t.D]) , we obtain
Al: QnrQ2: Cln-ys...;On: Ol,

so that the periodic part of the continued fraction for ..lD is symmetricfrom
the first to the penultimate term.
In conclusion, we see that the simple continued fraction of 16 has the form

388 Decimal Fractions and Continued Fractions

We illustrate this with some examples.

Example. Note that

8- [ 4 ; l, 3 , 1, 8 ]
.16l ts,ffii.rol
,Fqe - 1 6 ;,l 2 , 1, 1 , 2 , 6 , 2, l, ,12 , 1, l 2 l
,,/Te : [ 8 ; 1 , 2l ,,I , 5 , 4 , 1
5 , 1 , 2 ,I16 ,l

-,/ri: tq;ml,
where each continued fraction has a pre-period
of rength l and a period
ending with twice the first partial quotient which is symmetric
from the first to
the next to the last term.

The simple continued fraction expansionsof ,E fo, positive integers

d such
that d is not a perfect square and d < 100 can be found in Table
5 of the

10.4 Problems
l. Find the simplecontinuedfractionsof

a) Jt d) ,/41
b) Jr r e) 6
c) Jzt r) ,/-gq.
2 . Find the simple continued fractions of
il o+,fi /z
b) Qq+,81)lt
c) (tt-.E)t.
3 . Find the quadratic irrational with simple continued fraction expansion
il [z;t,5]
b) tz;rSI
c) t2JJI.
4. il Letd beapositive Show that the simple continued fraction of
,,/N isla:Tdl.
1 O.4 P er iodic Cont i n u e d F ra c ti o n s

fractionsoi tffit't'fZgg' and

b) Uggrrt (a) to find the simplecontinued
5. Let d be a integer,d 2 2'
Show that the simple continued fraction of ,/F is [d-l ;@l'

b) show that the simple continued fraction of JFd is [d- t;zla-zl.

c) Ugparts (a) and (b) to find the simple continued fractions of rfg9' tffg'
,lnz. and..G60'
6. a) Shory lhat if d ,l un int"g.t, d > 3 , then the simple continued fraction
,tm i s[ d - 1 ' l H , l 2 d - 2 1 .
b) Show that if d is a positive integer, then the simple continued fraction
'/fu. rsld;c$71.
c) Find the simple continued fraction expansionsof ,/6,.6f , anO

7. Let d be an odd positive integer'

a) Show that the simple continued fraction of JF+ is

b) Show that thr __qgple continued fraction of J d2-q
la-lM,zd-zi,\f d>3.
8 . Show that the simple continued fraction of Ji , where d is a positive integer,
has period length one if and only if d : a2+l *here a is a nonnegativeinteger.

9 . Show that the simple continued fraction of Jd , where d is a positive integer,

has period length two if and only if d : a2 + b where a and b are integers,
b > l , a n d b l \ a .

10. prove that if 6,1: (ar+brJrl)lct and a2-- (a2*urJd)/c, ^re quadratic
irrationals, then

a) (a1*42)' : c , ' t* o''2

b) (a1-a2)' : d'r - d2

c) (c''c.z)' : ot't'or2.

1 1 . Which of the following quadratic irrationals have purely periodic continued


a) l+.6 c) (tt - ,/-toltg

b) 2 + ,/-B d) e + ,f?l)/z
c) 4+',m e) (tz + -'.ft-g)l:t

12. Supposethat a : G+JF)/c, where 4,b, and c are integers,b ) 0, and b is

noi u perfecl square. Show that is a reduced quatratic irrational if and only if
ola <JU andJb-a 1c 1'Jb *a 12Jb
390 DecimalFractionsand ContinuedFractions

13. Show that if ir-u reduced quadratic jrrational, then _ l/a,

1 is also a reduced
quadratic irrational.

14' Let k be a positive integer. Show that there

are infinitely mgy positive integers
D, such that the simple continued fraction
expansion of ,/6 h., , period of
length k. (Hint: Let at:2, e2:5, and for k > 3 let a1,:2ak_t I a*_z
Show that if p : (tar + l)2 * 2a1,-1* r, where
/ is a nonnegativeinteger,
then rD has a period of length k + l.)

15' Let k be a iF:r. Let Dk - (3k+t)2 + 3

lgsitiu: Show that the simple
continued fraction of JOp has a period of length 6ft.

10.4 Computer Projects

Write computer programs to do the following:

1' Find the quadratic irrational that is the value of a periodic

simple continued

2' Find the periodic simple continued fraction expansionof a quadratic

some NonlinearDiophantine

11.1 PythagoreanTriPles
The Pythagoreantheorem tells us that the sum of the squaresof the lengths
of the legs of a right triangle equals the square of the length of the
hypothenrur.. Conversely, any triangle for which the sum of the squares of
the lengths of the two shortest sides equals the square of the third side is a
right triangle. Consequently,to find all right triangles with integral side
lengths, we need to find all triples of positive integ ers x ,y ,z satisfying the
diophantine equation
(rr.t) x2+!2:22

Triples of positive integers satisfying this equation are called

Pythagorean triPles.

Example. The triples 3,4,5; 6,8,10; and 5,12,,13are Pythagorean triples

b e ca us e32 + 42 : 5 ' .6 2 + 8 2 : 1 0 2 ,a n d 5 2 + 1 22: 132.
Unlike most nonlinear diophantine equations, it is possible to explicitly
describe all the integral solutions of (ll.l). Before developing the result
describingall Pythagorean triples, we need a definition.

: l.
Definition. A Pythagoreantriple x,!,2 is calledprimitive if (x,y,z)

Example. The Pythagoreantriptes 3,4,5 and 5,I2,I3 are primitive' whereas

392 S o m e N onl i near D i ophanti ne E quati ons

the Pythagoreantriple 6,g,10 is not.

Let x,!,2 be a pythagorean triple with (x,y,z) :

d . Then, there are
" i -r' r,,r1,21):
int eger s x r , t,z r w i th x : d x i ,y :
d yt,, J i r, l.
Furthermore, because ""A


we have


s o t hat

Hence, xt,!t,21 is a primitive pythagoreantriple, and the original
triple x,!,2
is simply an integral multiple of this primitive pytgagoreantriple.

Also, note that any integral multiple of a primitive (or for that matter
Pythagoreantriple is again a pythagorean triple. If x1
])t,zt is a primitive
Pythagoreantriple, then we have

x?+ y?: r?,,

and hence.


so that dx 1,dy1,dz1 is a Pythagoreantriple.

Consequently, all Pythagorean triples can be found by forming integral

multiples of primitive Pythagorean triples. To find all primitive pythago*un
triples, we need some lemmata. The first lemma tells us that any two integers
of a primitive Pythagoreantriple are relatively prime.

Lemma 11.1. If x,!,z is a primitive Pythagorean triple, then

G,y) : (x ,z) : (y,z) : l.

Proof. suppose x ,! ,z is a primitive pythagorean triple and (x

,y) > l. Then,
ther e is a pr im e p s u c h th a ,tp ^ l (x y ), s o th at p I x andp y. S i ncep x
a n d p l . - y ,* . k n o w t h a t p | ( r ' + y ' ) : 2 2 . B e c a u s p
e l;r,'*..un conclude
that p I z (using problem 32 of Section 3.2). This is a contradiction since
(x ,y ,z) : l. Therefore, (x g) : l. In a similar manner
we can easilv show
that ( x , z ) : ( y ,z ) : l . D
1 1 .1 P y t hagor ean T ri Pl e s

integers of a primitive
Next, we establish a lemma about the parity of the

then x is even and y

Lemma 11.2. If x,y,z is a primitive Pythagoreantriple,
is odd or x is odd and Y is even'

1l '1, we know
Proof. Let x ,!,z be a Primitive Pythagoreantriple. By Lemma
x and y cannot
that (x ,y\ : 1, so that x and y cannot both be even. Also
both be odd. If x and Y were both odd, then
(from problem of Section 2'1)
we would have
x - = v z = I (mo d 4 ),

so that
22:x2*y2 = 2(mod4).

x is even
This is impossible (again from problem 2 of Section2.1). Therefore,
and y is odd, or vice versa. E
The final lemma that we need is a consequenceof the fundamental theorem
of arithmetic. It tells us that two relatively prime integers that multiply
together to give a square must both be squares'

(r,s) : I and
Lemma 11.3. If r,s, and t are positive integers such that
: m2 and s : n2.
; : t2, then there are integersz and n such that r

Proof. If r :1 or s : l, then the lemma is obviously true, so we may

,upptr. that r ) I and s ) 1. Let the prime-power factorizationsof r,,s, and

,:p1,pi2... p:",
s : p:,i\ p:,it p:"


t : ql' ql' quo'.

Since (r,s ) : l, the primes occurring in the factorizations of r and s are

distinct. Since rs : t2, we have

pi'pi' pi"pi,+ipi,n pl,': q?"q'ru' qiur'

From the fundamental theorem of arithmetic, the prime-powers occurring on

394 S o m e N onl i near D i ophanti ne E quati ons

the two sides of the above equation are the

same. Hence, eachpi must be
equal to Qi for some j with matching exponents, so that a; :
consequently,every exponenta; is even,and therefore
ai/2 is an integer. we
seethat r - m2 and , : 12, where m and n arethe
a./2 a-/z a/2
m : pt' P2' Pu"

a nd

n : pi,r('pi,C' a/2
Pr" !

We can now prove the desired result that describes all primitive

Theorem ll.l. The positive integers x,l,z form a primitive pythagorean

triple, with y even,if and only if there are relatively prime positiveintegers
and n, |/t ) n, with m odd and n even or m even and,n odd, such that

x : m2-n2
Prot{. Let x ,y ,z be a primitive Pythagoreantriple. Lemma I 1.2 tells us that
x is odd and y is even, or vice versa. Since we have assumed that y is even,
x and z are both odd. Hence, z*x and z-x are both even,so that there are
p os it iv eint eger sr a n d s w i th r : (z + i /2 a n d s : (z-i l /2.

S i n c ex 2 + y 2 : 2 2 , w e h a v ey 2 : z2-x2: (z*x)G-x). Hence.

Ir)' lz+x] f ,-"1

lr): I , .lt ' J:"
w e n o t et h a t ( r , s ) : 1 . T o s e et h i s , l e t ( r , s ) : d . S i n c ed l , a n d d l s ,
dlG+s)- z and,dl(r-s):x. T h i s m e a n st h a t d l ( * , r ) : 1 , sothat
d :1.

Using Lemma I 1.3, we see that there are integers la and n such that
r : m 2 and,s : n 2 . W ri ti n g x ,y ,a n d z i n te r msof m andn w e have

1 1 . 1 PY t hagor ean Tri P l e s


and n must also

we see - xalso that (m ,n) : 1, since any common divisor of m
: w e know that (x,y,z) : l '
Oi "i O" : m 2- n2' ,y :2 m n , a n d z * ' + r' , a n d
if they were' then x y '
We also note that rn and n cannot both be odd, for
(x,y : l ' Since
and z would all be even, contradicting the condition ,z)
(m,n) : I and m and n cannot both be odd, we seem is even and n is odd,
triple has the
or vice versa. This shows that every primitive Pythagorean
appropriate form.
To seethat everYtriPle
x : m2-n2

: 1,
where m and n are positive integers, m ) n, (m,n) and
m * n (mod 2), forms a primitive Pythagoreantriple, first note that

x 2 + y 2 : ( m 2 - n 2 ) 2+ ( 2 m n ) 2
: (ma -2 m2 n 2 + n 4 )* 4m2n2
: ^ 4 * 2 m 2 n 2t n a
: (m2+n2)2
: 22.

To see that these values of x,y, and z are mutually relatively .prime, assume
t h a t ( x , y , z ) : d ) ! . T h e n , t h e r e i s a p r i m e p - s u c h t h a t p l ^ ( x , y , z ) ^ .W e
note that p * 2, since x is odd (becausex: m2-n2 where mz and n2 have
o fp o rit " par it y ) . A l s o , n o te th a t b e c a u s ep I,x and p l t, p I G+ i :2m2
a n ' dp l i t - ; : 2 n 2 . H e n c e p I m a n d p I n , c o n t r a d i c t i n gt h e f a c t t h a t
(* ,i ) : 1. T her efo re , (r,y ,z ) : l , a n d x o y ,z i s a pri mi ti ve P ythagorean
triple. This concludesthe proof. D
The following example illustrates the use of Theorem I I .l to produce

Example. Let m:5 and n:2, so that (m,n): I , f f i * n ( m o d2 ) , a n d

m ) n. Hence, Theorem 1 I .1 tells us that


is a primitive Pythagoreantriple.
396 S o m e N o nl i near D i ophanti ne E quati ons

We list the primitive pythagorean triples generated

using Theorem I l.l with
rn : < 6 in T abl e I l .l .

m n x : m2-n2 y:2mn t : m2+n2

2 I 3 4 5
3 2 5 t2 l3
4 I 15 8 l7
4 3 7 24 25
5 2 2l 20 29
5 4 9 40 4l
6 I 35 r2 37
6 5 1l 60 6t

Table 11.1. Some Primitive pythagoreanTriples.

I l.l Problems

l. Find all

il primitive Pythagoreantriples x,l,z with z < 40.

b) Pythagoreantriples x,!,2 with z < 40.
2 . Show that if x,!,2 is a primitive pythagorean triple, then either x or y is
divisibleby 3.

3 . Show that if x ,!,z is a Pythagorean triple, then exactly one of x,y and,z is
divisibleby 5.

4 . Show that if x,l,z is a Pythagorean triple, then at least one of x,y, and z is
divisible by 4.

5 . Show that every positive integer greater than three is part of at least one

6 . L e t x l - 3 ,l t : 4,zt: 5, and let for n :2,3,4, ..., be defined

recursivelv bv
11.2 Fermat'sLast Theorem

xntl- 3xn*Zzn*l

Show that xnln,zn is a Pythagoreantriple'

7. S h o w t h a t i f x , ! , 2 i s a P y t h a g o r e a tnr i p l e w i t h y : x + l, thenx,l,Z isoneof

the Pythagorean triples given in problem 6'
g. Find all solutions in positive integers of the diophantine equation x2 I 2y2 t2'
g. Find all solutions in positive integers of the diophantine equation x2 * 3y2: t2-

10. Find all solutions in positive integers of the diophantine equation


I l. Find all Pythagorean triples containing the integer 12.

1 2 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y*l
1 3 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y * 2'
1 4 . Show that the number of Pythagorean triples x,-y,z (with x2 + y2 : z2) with a
fixed integer x is (rk2)-l)/2if x is odd, and (r!2l4-1)/2 if x is even.

1 5 . Find all solutions in positive integers of the diophantine equation *' * py' : 22,
wherep isaprime.

11.1 Computer Projects

Write programs to do the following:

l. Find all Pythagoreantriples xJ,z with xy,and z lessthan a given bound.

2. Find all Pythagorean triples containing a given integer'

ll.2 Fermat's Last Theorem

In the previous section, we showed that the diophantine equation
x2 + y2 : z2 has infinitely many solutionsin nonzerointegersx, !, z . What
happens when we replace the exponent two in this equation with an integer
grrut.. than two? Next to the discussionof the equation xz + y2 : z2 in his
copy of the works of Diophantus, Fermat wrote in the margin:
"However, it is impossibleto write a cube as the sum of two cubes, a fourth
power as the sum of two fourth powers and in general any power the sum of
two similar powers. For this I have discovereda truly wonderful proof, but
the margin is too small to contain it."
398 So me N onl i near D i ophanti ne E quati ons

Since Fermat made this statement many people

have searchedfor a proof of
this assertion without success. Even trrouitr
no ,or...t proof has yet been
discovered,the foilowing conjecture is knowi
as Fermat,s rasttheorem.

Fermat's Last Theorem. The diophantine equation


has no solutionsin nonzerointegersx,

r, z when n is an integer with n D 3.

Currently' we know that Fermat's last theorem is true

for all positive integers
n wit h 3 ( n < 1 2 5 0 0 0 . In th i s s e c ti o n ,w e wi l l show
that the speci alcaseof
Fermat's last theorem with n: 4 is true. That is, we
will ,ho* that the


has no solutionsin nonzerointegersx,

!, z. Note that if we could also show
that the diophantineequations

xP + YP:7P

has no solutionsin nonzero integersx,!,2 wheneverp is an odd prime,

we would know that Fermat's last theorem is true (seeproblem 2 at
the end of
this section).
The proof we will give of the special case of n - 4 uses
method of infnite descent devised by Fermat. This method is an offshoot
the well-ordering property, and shows that a diophantine equation has
solutions by showing that for every solution there is a "smaller', solution.
contradicting the well-ordering property.

Using the method of infinite descent we will show that the diophantine
equationxa + !4 : 22. has no solutionsin nonzerointegersx,
!, and z. This
is strongerthan showingthat Fermat's last theorem is true for n: 4, because
a n y s o l u t i o no f x a + y 4 : t a : ( 2 2 ) 2g i v e sa s o l u t i o no f x a * v a : 2 2 .

Theorem 11.2. The diophantine equation

in nonzer"

Proof. Assume that the above equation has a solution in nonzero integers
x,l,z. Since we may replaceany number of the variableswith their negatives
1 1 .2 F er m at ' s Las t T h e o re m

we may assumethat x,Y,z are

without changing the validity of the equation'
: 1' To see this, let (x,Y) : d. Then
We may also supposethat (x,y)
(x v Yt) : 1 ' w h e re x 1 and y 1 itro Positiveintegers'
x : dx 1 and y = dY ,, w i th
since xa + Y4 : '2 ' vte have

so that
d a ( x f + Y f ): ' 2 '
2'2' we know t h a t d ' I t .
Hence do | ,', and, by problem 32 of Section
positiveinteger' Thus'
Therefore, z : d'r r, where z 1is a
da(xf + yf): (d2tr)': dor?,

so that
: l r' z : zr
Th i s giv esa s olut io no f x a + y a : ' 2 i n p o s i ti v ei n tegersx : xt' !
with (xr,yr) : 1.
So, suppose t h a t x : x , , l : 1 0 , z : z . ' i s a . s o l u t i o no f x a + y 4 :
(xe,-/o): 1 ' We will show that there
xo, lo, andzsare positiveintegerswith : 1'
: : zt w i th (xr' yl )
i s a not hers olut ioni n p o s i ti v ei n te g e rsx x r,! l t, z:
su ch t hat 21 1 z s .
S i n c ex d + y t : z l , w e h a v e
G i l z + ( y & ) 2 :z E ,
we have
so that x&, y&, ,o is a Pythagoreantriple. Furthermore,
and p y&' then p I xs
l-fi, r&> - i, ro. if p is a prime suchthat p I x3 I
contradicting the fact that (xq,lrq): l. Hence, *3,yE, zs is a
11.1, we know that there afe
prim-itiveiythagoreantriple, and by Theorem-
positiveintegersz andn with (z ,n), m # rl (mod 2) ' and
x& : m2-n2
!& : Zmn
zo: m2+n2,

yfr the even

where we have interchangedx62 andyfr, if necessary'to make
integerof this Pair.
So me N onl i near D i ophanti ne E quati ons

From the equationfor xfr, we seethat


Since (m,n) : l, it foilows that x,s,n,m

is a primitive pythagorean tripre.
Again using Theorem I I .1, we seethat
there are fositive integersr and s with
(r,s) : l, r # s (mod
2). and

ro : ,2-s2
m - r2+s2.

Si nc e m is odd a n d (m,n ) : l , w e k n o w
that (m,2d : l . W e note that
b e c aus ey & : ( 2 d m, L e mma l l .3 te l l s u s
th at there are posi ti vei ntegersz1
andw with m:t? a n d 2 n : w 2 . S i n c ew i s e v e n ,w : 2 v w h e r ev i s a
positiveinteger,so that

v2: n/2: rs.

si nc e ( r , s ) : I , L e m m a 1 1 .3 te l l s u s th a t th ere
are posi ti vei ntegersx1 erd
y1 s uc h t hat r : x l a n d s : y ? . N o te th a t
si nce (r,s) : l , i t easi ryfol ow s
th at ( x l, - y r ) : l. H e n c e .

x{+yf: -2

where x t,! t,z 1 ?re positive integers with (r

r,y1) : l. Moreover, we have
zt I 26, because


To complete the proof, assumethat xa * y4 : z2

has at least one integral
solution' By the well-orderingproperty, we know that
among the solutionsin
positiveintegers,there is a solution with the
smallestvalue is of the variable
z However, we have shown that from this solution
we can find another
solution with a smaller value of the variable z,
leading to a contradiction.
This completesthe proof by the method of infinite descent.
Readers interested in the history of Fermat's
last theorem and how
investigationsrelating to this conjecture led to
the genesisof the theory of
algebraicnumbers are encouragedto consult the books
of Edwards Il4l and
Ribenboim Irt]. A great deal of researchrelating
to Fermat's last theoremis
underway. Recently, the German mathematicianFaltings
establisheda result
that showsthat for a fixed positiveinteger n, n
> 3, the diophantineequation
xn + yn : z' has at most a finite number of solutions
where x g, and,z are
integersand (x,-y) : l.
1 1.3 Pell's Equation

ll.2 Problems
n is an integer n ) 2' then
l. show that if x,! ,z is a Pythagorean triple and
of Theorem I l '2' and the
2.. Show that Fermat's last theorem is a consequence
: zP has no solutions in nonzero integers when p is an
assertion that xP * yp
odd prime.
prime and
3. Using Fermat's little theorem, show that if p is

a) if xp-l * yn-t : zP-r, then p | *yt .

b) if xP + lP : zP, then p | (x+Y-z).

4. Show that the diophantine equation xo-yo: z2 has no solutions in nonzero

integers using the method of infinite descent'
with integer sides is
never a Perfect square.
- in nonzero
6. Show that the diophantine equation xa + 4ya z2 has no solutions
- 8y4 : z2 has no solutions in nonzero
i. Show that the diophantine equation x'
: many solutions'
8 . Show that the diophantine equation xa + 3ya z4 has infinitely
9 . Show that in a Pythagorean triple there is at most one perfect
many integer
1 0 . Show that the diophantine equation xz + y2: z3 has infinitely
k the integers
solutions by showing that for each positive integer
x : 3k2-1, | - k(k2-3), z : k2 * I form a solution.

tt.2 Computer Proiects

l. Write a computer program to search for solutions of diophantine equations
asxn *Yn:zn.

11.3 Pell's Equation

In this section,we study diophantine equationsof the form
( 11 . 2 ) x2-dy',:r,

(0, there are no

where d and n are fixed integers. When d <0 and n
most a finite
solutionsof (11.2). When d < 0 and n ) 0, there can be at
Some Nonlinear Diophantine Equations

numberof solutions,
sincethe equationx2 - dyr: n impliesthat
lrl < JM. l"l < fi
Also, note that when d is a perfect,quur.,
il* sayd : D2,

x2 - dy': x2 - Dry : G+Dfl(x-Dy) - n

Hence,any solutionof Qt.D, when d is a perfect

to a
solutionof the equations

where a and b are integers such that n : ab.
In this case, there are only a
finite number of solutions, since there is at most
one solution in integers of
these two equationsfor each factorization n : ab
For the rest of this section,we are interestedin the
diophantine equation
x2 - dy':n, where d and n are integers and d is a positiveinteger which
not a perfect square. As the following theorem shows,
the simpL continued
fraction of -,/v is very useful for the study of this equation.

Theorem 11.3. Let d and n be integers such that d >

0, d is not a perfect
square, and lrl < r/7. .lf x2 - dyI: n, then xfy is
a convergentof the
simple continued fraction of ^/7.

Proof. First considerthe casewhere n ) A. Since x2 _ dyr:

n,wesee that
( tr . : ) G +y./7) G -y,/V) : n
From (tt.:), we seethat x - y.,/7 ) 0, so that x > yrT.
* _,/7>0,
and since 0 1 n < ,8, we see that

G -,/7v)
: x 2 -d Y2
y G + y,/7)
1 1 .3 P ell' s E quat io n

\- f r
\ q I 1

L! rr2

Since 0 <
x_ .,17 < +, Theorem10.18 tells us that x ly must be a
v 2v'
convergentof the slmple contlnueo1 fractionof JL
- dy' : n by -d, to obtain
When n ( 0. we divide both sidesof x2

v2- ,fr*': -3
we see that y /x is a
By a similar argument to that given when n ) 0 o
of ll.r/7' Therefore'
convergent of the simple continuid fraction expansion
must be a
from problem 7 of Slction 10'3, we know tB *l!,:1l,j.,/x)
: l/(l/{cl ) ' u
converyentof the simple continuedfraction of './d
x2 - dy': n,
have shown that solutions of the diophantine equation
we ^1"1
*h;; . .n, are gifn by the convergents of the simple continued
fraction expansion of fi. The next theorem will help us use these
convefgentsto find solutionsof this diophantine equation'

^ perfect square'
Theorem 11.4. Let d be a positive integer that is not --!*Q! - 'o''
: (io + ',/hlQr, oo: [47.1, P*+r and
il; dk
O;';- r : ( ; " -
pt *' J l Q * , t* L :0 ,1 ,2 ,... w h ere ao: Jd ' Furthermore'Iet
;J;r denote tie kth convergentof the simple continued fraction
Jd. Then

Before we prove Theorem 1 1.4, we prove a useful lemma.

L e m m a 1 1 . 4 .L e t r * s r / V : t + r t / l w h e r er , s , t , a n d u ^ t e r a t i o n a l
numbers and d is a positive integer that is not a perfect square. Then r : t

proof. Since r * s,/7 : t * u,/7, *"see that if s # u then

,/7 -
So me N onti near D i ophanti ne E quati ons

B y T heor em 10 .1 , (r-t)/(u -s ) i s ra ti o n a l , and by Theorem r0.2 Jv

irrational. Hence,s : u, and consequently : i,
r t. A
We can now prove Theorem I 1.4.

Proof. Since ^E : o,0: Ias;ar, e2,...,ek,otk+tL,

Theorem 10.9 tells us that

- vtjs ott+tp* I p*_t

, r t " r r q k+ q r r '

Since dk+t : (pt *, + ,/7)/er+r we have

(P**t + ,8)p* * e*+pr,_t
JV: (P**, + ,/V)qr *
et +rQ*_t
Therefore, we see that

dqt t (Pt+flt, I Qt +rQtr-r)fi : (pr,+tpr,*

e*+rpt,-r) + p*fi.
From Lemma 11.4, we find that dqr, : P*+tPt, *
Pt+ f l* f Q t + r Q n -t: p k W h e n w e mu l ti p l y t t. Q*+et -r and
first of these two equations
by qt and the second by pt, subtract the first
from the second, and then
simplify, we obtain

pt - dqi : (ptqt -t - pr-tQ*)eo*,: (- l)o-teo*r,

where we have used rheorem 10.10to completethe proof.

The special case of the diophantine equation x2 _
dy, : , with n : I is
called Pell's equation. we will use Theorems ll.3
and rr.4 to find all
solutionsof Pell's equationand the related equationx2 -
dy, : -t.

Theorem 1l'5' Let d be a positive integer that is not

a perfect square. Let
px/qt denote the kth convergent of the simple
continued fraction of .8,
k : 1,2,3,"' and let n be the period length of this continued
fraction. Then,
y.!"n ,r, even, the positive solutions of the diophantine
x- - ay" : I are : t , : Q i r - t , j : 1 , 2 , 3 , . . .a, n d
! t h e d i o phantine
equation x2 - dy'r *: - ll i n has -
no solutions. when n is odd, the positive
s o l u t i o n so f x 2 - d ! ' : 1 a r e x : p 2 j n - r , ! : Q z i n _ r j, : 1 , 2 , 3 , . . . a n d t h e
s o l u t i o n so f x z - d y ' : - l a r ex : p e i _ D n _ r , l :
Q e i _ r ) n _ rj, - 1 , 2 , 3 , . . . .
Pyoof. Theorem 1r.3 tells us that if xo,ro is a positive
solution of
x2 - dy': tl, then x0: p*2!o:
Q * w h e r e p * / q 1 , i s a c o n v e r g e n ot f t h e
simple continued fraction of ,/7 . On the other hand, from
Theorem I 1.4 we
know that
1 1 .3 P ell' s E quat io n


is n, we know that
Becausethe period cf the continued expansion oL"/j
: ('int" J'l : ' Hence'
Qjn: Qo:I for7 1,2,3,"', "tf
pk-, - d q?^-t: (- l)i'Qni : (- I )/n'
a solution of
This equation shows that when n is even Pin-t, Qin-t is
x2-dyz:l f o r 7 : 1 , 2 , 3 , . . . , a n d w h e n n i s o d d , P z i n - t , 4 2 1 n - it s - a s o l u t i o n
- -l for
o f x 2 - d y ' : I an d Pz (j -D r-r,Q z (i -D n -, i s a s ol uti on of x2 dy' :
j : 1,2,3,...
- :1 and x2 - dy2: -1
To show that the diophantine equations x 2 d y '
have no solutions other than those already found, we will show that Qpal:
# -l for : 1 . 2 . 3 . . .
implies that n lk and that Q1 7

We f ir s t not e t ha t i f Q t* t: l , th e n
* 'ftr'
c,k+l: P1ra1

Since ok+l : la1ra,.a1r1z,...l, the continuedfraction expansiOnof a1a1 is purely

-1 1 a*+r: Pk+r- ''17 < O'
periodic. Hence, Theoiem !0.20 tells us that
Th i s im pliest hat P k + t:l r/7 1 , s o th a t d k : c " o a
, nd nl k'

T o s e e t h a t Q l-'Sin""
dj : -pi -G. ct; has a purely periodic simple continued fraction
expansion,we know that
-l < ei:-Pi+^ftt <0


-r/7 and, from the

From the first of these inequalities, we see that Pi >
-l -fi. Since these two inequalities for p1 are
second, we see that Pi <
contradictory,we seethat Qt #
-1, where
Since we have found all solutionsof x2-dy2: I and x2-dy2:
x and y arc positive integers,we have completed the proof. n

We illustrate the use of Theorem 11.5 with the following examples'

Example. Since the simple continued fraction of .,8 is tl;f ,f 'f ,f ,el the
So me N onl i near D i ophanti ne E quati ons

pos it iv es olut io n so f th e d i o p h a n ti n e
x2 e q u a ti o n
I are pni _t,et.' j _t,
i : l'2'3"" *T]: p1_o1/e.roi-r . .l 3yr:
is the (roi-l)th ctnvergentor ,r," simple
continued fraction expansion of .,m.
The least po-ritiu" sorution is
pe: 649, { e : 1 8 0 . T h e p o s i ti v e s o l u ti o n s
of the di ophanti ne equati on
x 2- 13y 2 : - I a re Prc i -o ,Qto i -o i : 1 ,2 ,3 ,. ..;
the l east posi ti ve sol uti on i s
P q : 1 8 , q a: 5 .

Example. Since the continued fraction of -,.fr

is t3;Wl, the positive
solut ionsof x 2 - t4 y 2 _ : I a re p a i -1 ,e 4 j -r,j : r,.2,3,...
w here p+ i -tbqi -r i s
the 7th convergentof the simple continued fraction
expansionof Vl4. The
l eas t pos it iv e s o h l ti o n i s p t: 1 5 , Qt: 4. The di ophanti ne equati on
xz - l4y2 : -1 has no rotuiionr, since the period
length of the simple
continued fraction expansionaf ,/la is even.

We conclude this section with the following theorem that

shows how to find
all the positive solutionsof pell's equation x2-- dyt : I from
the least positive
solution, without finding subsequentconvergentsof the continued
expansionof ,/7.

Theorem 11.6. L9t xg1 be the least positive solution of

the diophantine
equation x2 - dyL : l, where d is a positive integer that is not
a perfect
square. Then all positive solutionsxk,lk are given by


fork: (Note that xp andy1,are determinedby the use

of Lemma
I 1.4).

Proof. We need to show that x1r,y1,is a solution for k :

and that
every solution is of this form.
To show that x1,/r
-.!! a solution, tst note that by taking conjugates, it
follows that x1, - ytrfi: (x r- lr,,/T)k, because from Lemma 10.4,
conjugate of a power is the power of the conjugate. Now, note that

xt - dyt : (xp+ yr,fi)G,, - yr,fi)

: ( xr t y 1 6 ) o ( " , - y r E ) k
: (x?- ayilo
: 1.

Hence xk,lt is a solution for fr :

To show that every positive solution is equal to x*,lt< for some positive
integer ft, assume that X,y is a positive solution different from x*,lk for
k : 1, 2, 3, . . . . T h e n th e re i s a n i n te g e rr s u c h t hat
1 1 .3 P ell' s E quat io n

(xl + yJ7)" < x + Y./7 ( (xt * v]/a)n*t'

(x t * y rfi)-"' we obtain
When we multiply this inequality by
I < ( xr - r r f i ) n ( x + Y J d ) ( x t + Y I I A '

thatx t - !t,[i : (x1* yt,[d)-t.

x? - dy? :1 implies
Now let
s * /./7 :(r, - yrfi)'(x + YJI),

and note that

s2-dtz:(s - t J a ) ( s+ t , / D
: (xt+ yf/7)'8 - Y,l7)Gt - y r f i ) n ( X + Y J A )
: (*?- dy?)'8' - dYz)
-- l

We see that s,/ is a solution of x2 dy': l, and furthermore,we know that
i .; ,fr'.'"*;;';r",lV.--Mor.oner, sincewe knowthat s + t-,/7>
weseethat0 < (s + tJa)-r < 1. Hence
r : +t(s t r,/7>+(s - r.'.ff)l> o



, : 1[(s + t-./7)- (s - t',17)]> o.


t' 2 y1, by the

Th i s m eanst hat s,/ i s a p o s i ti v es o l u ti o n ,s o th a t s 2 x1,and
But this contradicts the
choice of x1,y1 as the smallest-positivesolution'
X,I' must be xpy1, for some
inequality s * f ../7 < xr * ytfi. Therefore
choice of /c. tr
To illustrate the use of Theorem I1.6, we have the following example'

positive solution of
Example. From a previous example we know that the least
t h e d i o p h a n t i n ee q u a t i o nx 2
- l3y': I is xt:649, -Pr: 180' Hence' all
positive solutions are given by xt, yp where
x* * yr,./n : (649+ tgo\[Lte .

For instance,we have

408 Some NonlinearDiophantineEquations

x z * y 2,8 : 842361+ 233640.,/l

H e n c e x 2 : 8 4 2 3 6 1 , y 2 : 233640 is the
least positive solution of
x 2 - l 3 y 2 : l , o t h e rt h a n X 1 - 6 4 9 ,y ' : 1 8 0 .

ll.3 Problems

l' Find all the solutionsof each of the foilowing

diophantine equations
a) x2+ 3y2:4

b) x 2 + 5 y 2: 7

c) 2 x 2+ 7 y 2 : 3 0 .
2' Find all the solutionsof each of the following
diophantine equations
a) x'-y':B
b) x2 - 4y2: 40

c) 4xz - 9/2 : loo.

3' For which of the following values of n does the diophantine equation
x2 - 3ly' : n havea solution

a)l d ) -3
b) - 1 d4
c)2 f) -s ?

4. Find the least positive solution of the diophantine


a) x2 - 29y2: -1
b) x2 - 29yz: 1.

5. Find the three smallest positive solutions of

the diophantine equation

6. For each of the following values of d determine

whether the diophantine
equationx2 - drz : -l has solutions

il2 e) tj
b)3 f) 3l
c)6 e) 4r
d) 13 h) s0.
7. The least positive solution of the diophantine equation
xz - 6lyz : 1 is
xt:1766319049, lt- 2261i398A. Find the least positive solution other than
x t,l t.
1 1 .3 P ell' s E quat i o n 409

8. S!g* that if pr/qt is a converggntof the simple continued fraction expansionof

Jd thenlp?- dq?l < | + zJd.
9. Show that if d is a positive integer divisible by a prime of the form 4ft * 3, then
the diophantineequationx2 - dy': -l has no solutions.

Let d and n be positive integers.

il Show that if r,s is a solution of the diophantine equation x2 - dyz : I and

X,Y is a solution of the diophantine equation x2 - dy' : , then
Xr + dYs, Xs t Yr is alsoa solutionof x2 - dy': r.

b) Show that the diophantine equation x2 - dyz: n either has no solutions,or

infinitelv many solutions.

I l. Find those right triangles having legs with lengths that are consecutiveintegers.
(Hint: use Theorem 11.1 to write the lengths of the legs as x -.r2 - 12 and
y :2st, where s and t are positiveintegerssuch that (s,t) : l, s ) / and s
and t have opposite parity. Then x-y:il implies that
(s - r)2- 2t2: +1.)

12. Show that each of the following diophantine equationshas no solutions

a) xa-2ya:1 b) x4-2y2--1.

11.3 Computer Projects

Write programs to do the following:

1. Find those integers n with lrl < Ji such that the diophantine equation
x2 - dyz: rz has no solutions.

2. Find the least positive solutions of the diophantine equations x2 - dy': I and
x 2 - d y 2- - 1 .

3. Find the solutionsof Pell's equation from the least positive solution (see Theorem
I 1.6).

Tabfe 1. FactorTable.

The leastprimefac1o1,of .::h.odd positiveintegerlessthan 10000and not

five is givenin the table. ThJinitial digits divisibleby
of tile integeiare listedto the sideand the
lastdigit is at the top of the column. primes
are indicatedwith a dash..

1379 1379 1379 1379

0 3 4A -1311- 80 3 ll 3 - t20 317 3
I 4l 3 7 3- 8l 319 3 t2l 7 --23
2 3- 3- 42 373 82 r22 3- 3-
3 3- 3 43 19_ 83 3 7 3- 123 3- 3
4 7 44 3- 3- 84 29373 t24 17fi29_
) 3- 3- 45 lt 3- 3 85 23-- 125 3 7 3-
6 3- 3 46 7 86 3 - 3 lr r26 13373
7 7^ 47 3 ll 3 - 87 13 3- 3 t27 3 11 9
8 3- 3- 48 13 3- 3 88 7 128 3- 3-
9 7 3- 3 49 -r7 7_ 89 3 19 329 t29 3- 3
t0 50 3- 3- 90 t7 3- 3 130 7
n 3- 3 7 51 7 3lI 3 9r - ll 7 - 131 3 13 3 -
t2 ll 3- 3 52 1 72 3 92 313 3- r32 3- 3
13 7-- 53 313 3 7 93 7 3- 3 r33 rr 31 7 13
14 3 ll 3 - 54 3- 3 94 -23 - 13 134 317 319
15 3- 3 55 19 7-13 95 3 8 37 135 7 323 3
l6 7--13 56 3- 3- 96 3t 3- -29-37
3 136
t7 3- 3- 57 3- 3 97 7 -tl r37 3- 3 7
l8 3 11 3 58 7ll-19 98 3- 323 r38 319 3
l9 59 3- 3- 99 3- 3 139 13 7tt-
20 3 7 3 ll 60 3- 3 100 7t719- 140 323 3-
2l 373 6l 13- l0l 3- 3- t4l 17 313 3
22 1 3 - 62 3 7 3t7 t02 313 3 r42 7---
23 3- 3- 63 373 103 t7- r43 3- 3-
24 313 3 64 _ ll rc4 3 7 3- 144 ll 3- 3
25 - l l - 7 65 3- 3- 105 37 3 145 3 1-
26 3- 3- 66 3 2 3 3 106 1t - t46 3 7 313
27 3- 3 67 l l - - 7 107 329 313 147 37 3
28 717 68 3 - 3 r 3 r0 8 23 3- 3 148
29 3- 3 13 69 3 1 7 3 109 7 r49 3- 3-
30 7 3- 3 70 -19 7- ll0 3- 3- 150 1 9 3 1 1 3
3l - ll 7l 323 3- lll lt 3- 3 r5l -1737 7
32 3t7 3 7 72 7 3- 3 lt2 19- 7- rs2 3 - 3 1 1
33 3- 3 73 t7 - 1l - ll3 3 ll 3 t7 153 329 3
34 l l 7 - - 74 3- 3 7 rt4 7 331 3 r54 2 3 - 7 -
35 3- 3- 75 3- 3 ll5 1 31 9 t55 3 - 3 -
Appendix 413

Table 1. (Continued).

r379 1379 1379 1379

36 19 3- 3 76 7t3- ll6 3- 3 7 156 7 3- 3

37 7-t3- 77 3- 3r9 rt7 3 lt 3 t57 - 1 1t 9 -
38 3- 3- 78 ll 3- 3 118 7 -29 158 3- 3 7
39 t7 3- 3 79 713-17 ll9 3 - 3 ll 159 37 3- 3
160 7-- 2m 3- 3 7 240 7 329 3 280 753
r6l 3- 3- 201 3- 3 241 - 1 9 - 4 1 281 329 3-
t62 3- 3 202 43 7 -- 242 3- 3 7 282 7 3rt 3
r63 723-ll 203 3r9 3- 243 l l 3 - 3 283 19--17
t64 331 317 204 13 323 3 244 7 -31 284 3- 3 7
r65 t3 3- 3 205 7-tl29 245 3 ll 3 - 285 3- 3
r66 ll - 206 3- 3- 246 2 3 3 - 3 286 747t9
r67 3 7 323 207 t9 33t 3 247 7 --37 287 313 3-
r6 841 373 208 248 313 319 288 43 3- 3
r69 19- 209 3 7 3- 249 4 7 3 l l 3 289 7rl-13
170 313 3- 210 u373 250 4 t - 2 3 1 3 290 3- 3-
17l 29 3r7 3 2tl 2 9 t3 251 3 7 3 ll 291 4t 3- 3
172 - - ll 7 2t2 3 ll 3 - 252 37 3 292 2 3 3 7- 2 9
173 3- 337 2r3 3- 3 253 - t 7 4 3 - 293 3 7 3-
174 3- 3 2t4 --19 7 254 3- 3- 294 l7 37 3
175 r7- 7- 2t5 3- 3t7 ?5S 3- 3 29s t 3 - - l l
176 341 329 2r6 3 ll 3 256 t 3 l t 1 7 7 296 3- 3-
177 7 3- 3 217 l34t 7 - 257 331 3- 297 313 3
178 13- 2t8 337 3rl 2s8 2 9 3 1 3 3 298 t t t 9 2 9 7
179 3ll 3 7 2r9 7 313 3 259 723 299 341 3-
180 313 3 220 3r--47 260 3r9 3- 300 331 3
l8l 723t7 22r 3- 3 7 26r 7 3- 3 301 - 2 3 7 -
r82 3 - 3 3 1 222 317 3 262 - 4 3 3 7 r 1 302 3- 3 13
r83 3 ll 3 223 23 7-- 263 3- 3 7 303 7 3- 3
184 7 1 9 - 4 3 224 3- 3r3 264 1 9 3 - 3 304 - t 7 1 1-
185 3 1 7 3 l r 225 337 3 265 l l 7 - - 305 343 3 7
186 3- 3 226 731-- 266 3- 3t7 306 3- 3
t87 227 3- 343 267 3- 3 307 3 7 7 1 7 -
188 3 7 3- 228 3- 3 268 7--- 308 3- 3-
189 3 1 3 7 3 229 29--ll 269 3- 3- 309 1 1 3 1 9 3
r90 - l t - 2 3 230 3 7 3- 270 3 7 3 - 3 3r0 72913-
l9l 3- 3r9 231 37 3 27r ll - 3ll 3 l1 3 -
Table 1. (Continued).

l3 7 9 1379 1379 1379

192 t7 341 3 232 n23t3t7 272 3 7 3-
--13 3t2 353 3
r93 7 233 3- 3- 273 37 3 3r3 ; 13-43
r94 329 3- 234 3- 3 274 - 1 34 t -
3r4 3 7 347
319 3 235 -13- 7 275 3- 3 3l 3 1 5 23 3 7 3
r96 3713 7tl 236 3r7 323 276 l l 3 - 3 316 2 9 -
r97 3- 3- 237 3- 3 277 1 7 4 7 - 7 317 3 19 3 ll
198 7 3- 3 238 7- 278 3 11 3 - 318 3- 3
r99 1 1- 239 3- 3- 279 3- 3 3le- * 3 r z 37
320 3- 3- :oo 13 3- 3 400 _19 440 3 7 3-
321 13 3- 3 361 23-- 7 40r 3- 3- 44r lr 3 7 3
322 - l1 7 - 362 3- 319 402 3- 3 442 1943
323 353 34r 363 3- 3 403 2 9 3 7t t 7 443 3ll 323
324 7 317 3 364 ll - 7 4l 404 313 3- 444 3- 3
325 365 313 3- 405 3- 3 -6t-
445 7
326 313 3 7 366 7 319 3 406 3 t t 7 7 1 3 446 3- 34r
327 329 3 367 -13 40'7 3 - 3- 447 17 3 11 3
328 r 7 7 1 9l l 368 329 3 7 408 7 361 3 448 767
329 337 3- 369 3- 3 409 l7- 449 3- 3 ll
330 3- 3 370 7tt_ 4r0 3ll 3 7 450 7 3- 3
331 7-3r- 37r 347 3- 4tr 323 3 451 13-
332 3- 3- 372 61 3- 3 412 t 3 7 - - 452 3- 3 7
333 347 3 373 7-37- 413 3- 3- 453 23 313 3
334 13-_-17 374 319 323 414 4 1 3 1 l 3 454 19 7*-
335 3 7 3- 375 ll 313 3 4t5 7--- 455 329 347
336 37 3 376 -53 416 323 311 456 3- 3
337 - - ll 3l 377 3 7 3- 4t7 4 3 3 - 3 457 71723t9
338 3r7 3- 378 19373 4 1 8 37 47 53 59 458 3 - 3 13
339 343 3 379 t7--29 419 3 7 313 4s9 3- 3
340 l94r- 7 380 3- 331 420 37 3 460 43-t7lI
341 3- 313 381 37 3ll 3 421 - l t 461 3 7 331
342 ll 323 3 382 --43 7 422 341 3- 462 373
343 47- 719 383 3- 311 423 319 3 463 tt4t--
344 3 ll 3 - 384 23 3- 3 424 - - 3 1 7 464 3- 3-
345 7 3- 3 385 717 42s 3- 3- 465 3- 3
346 386 3- 353 426 3t7 3 466 59-13 7
347 323 3 7 387 7 3- 3 427 7tl 467 3- 3-

Table 1. (Continued).

-1113- 428 3- 3- 468 3 1 3 4 3 3

348 5 9 3 1 l 3 3 8 8 469 - 1 3 7 3 7
389 3r7 3 7 429 7 3 - 3
349 713- 317
3 430 1 11 35 9 3 l 470 3-
350 3 31 3 ll 390 4 7 3 - 't 353 3
7 -- 431 319 3 ' , l 471
351 3- 3 39r 29-
392 3 - 3 - 432 29 3- 3 4',72
352 7 1 3 - - 3',l
33r 3 433 6 1 7 - - 473 3 -
3s3 3- 3- 393
343 3- 474 1 1 3 4 7 3
354 3- 3 394 7 --rl 434
3 - 3 475 7 6 7 -
355 5 31 1 39s 3 5 9 3 3 7 435 1 9
3 436 7 - l r 1 7 476 3 1 1 3 1 9
3 5 6 3 7 3 4 3 396 t 7 3 - 477 1 3 3 1 7 3
4 1 2 3 437 3 - 3 2 9
357 3 7 3 397 t r 2 9 ---
358 1 73 7 398 3 7 3- 4 3 8 1 3 3 4 1 3 478 7
439 - 2 3 - 5 3 479_ 3 - 3- _
359 3- 3 5 9 399 -Tt1 13373
qt*- :-Tl r 7t 600 1 7 3 - 3
480 :tn- 3- 5zo 560
- 3 1 7 5 6 1 3 1 3 4 1 3 601
481 t7 - 6 1 521 313
3r9 3-
3 562 7-1713 602
482 3 7 3 1 1 522 2 3 3 - 3
- 1 3 563 3 4 3 3 - 603 3 7 3-
483 3 7 3 523 --23
564 3 - 3 604 7
484 47 29 37 13 524 3 7 329
565 605 3- 373
485 3 2 3 3 4 3 525 5 9 3 7 3 1 1 3 - 3
3 3 1 3 526 - 1 9 2 3 r r 566 3 7 3 - 606
3- 3- s67 5 3 3 7 3 607 1 3 - 5 9 -
487 - 1 l - 7 527
488 319 3- s28 3 1 7 3 568 1 3- 1 1- 608 3 7 3-
- 7 s69 3- 3 4 1 609 37 3
489 6 7 3 5 9 3 s29 1 1 6 7 - r 7 3141
530 3- 3- 570 313 3 6 1 0
490 1 3 - 7 - 329
531 47 313 3 571 - 2 9 - 7 6 1 1 3 -
491 317 3-
-r t 7 - 7 7 3 572 3 5 9 3 t 7 612 3 11 3
492 3 1 3 3 532 1'1 '7

493 - 1 l 533 3- 3 1 9 573 1 1 3 - ' t - 3 6 1 3 I

614 3 - 3 l1
494 3- 3 7 534 7 3- 3 5',74
- 5 3 1 1 2 3 ) t ) 3 1 1 3 1 3 6 1 5 3 4 7 3
495 3- 3 535
- - 3 3 1 3 7 576 7 3 7 3 3 6r6 6 r - 731
496 1 1 7 s36
617 3- 337
497 3- 3 1 3 537 4 1 3 1 9 3 5',77 2 9 2 3 s 3 - '7
7 - 1 7 578 3 - 3 7 6 1 8 323 3
498 1 7 3 - 3 538
s39 3- 3 - 579 3 1 1 3 6 1 9 4 1 1 1
499 7-19-
3 580 | -
4 ^ -
620 3- 3 7
s00 3- 3- 540 1 1 3 - JI

7--- 581 3 - 3 1 1 621 3 - 3

5 01 3 2 9 3 54r ' 71 3 -
l l 4 7 542 311 361 582 5 -
^ a
J 622
543 3- 3 583 71913- 623 323 3r7
503 3 7 3-

Table 1. (Continued).

504 7 r 3 7 3 544 13_ 584 3- 3- 624 7 9 3 - 3

505 - 3 1 1 3 _ 545 3 7 3 5 3 585
3 _ 3 625 713-tr
3 6 1 3 3 7 546 4 3 3 7 3 586 - l l
507 I r 3 - 626 3- 3-
3 547 - 1 3 587 3 7 3-
508 - 1 3 - 627 3 - 3
7 548 3- 3 ll 588 373
509 628 l l 6 l - 1 9
3 lt 3 _ 549 1 7 3 2 3 3 589 4 3 7 1- 1 7
510 629 3 7 3-
3- 3 550 7 590 3- 3 1 9 630 373
5ll 19- 7- 551 337 3- 591 2 3 3 6 1 3 6 3 1 - 5 9 - t l
512 3 4 7 3 2 3 552 3- 3 592 3 t - - 7 632
5 1 3 7 3 l l 3 553 - l l 7 2 9 3- 3-
593 317 3_ 633 1 3 3- 3
514 5 3 3 7 - 1 9 s54 3 2 3 3 3 1 594 1 3 3 1 9 3 634 t 7 - t t
515 3- 3 7 555 7
7 3- 3 595 1 1- 7 s 9 635
516 1 3 3 - 3- 3-
3 556 6 7 - 1 9 - 596 3 6 7 3 4 7 636
517 731_ 3- 3
s57 3- 3 7 597 7 3 4 3 3 637 2 3 - 7 -
518 37r 3- s58 3 3 7 3 598 - 3 1 - 5 3
519 29 3- 638 313 3_
3 559 729tl 599 3 1 3 3 7 639
640 3 7 1 94 3 t 3 680 7 3- 3
3- 3 1 l 720 1 9 3 - 3 760 l l - -
64r 3 1 l 3 7 6 8 1 7 3 t 7 3 721 7
7- 761 323 319
642 3- 3 682 t 9 - 722 3 31 3 - 762 329 3
643 s 9 7 4 1 4 7 683 3- 3 7 723 7 3- 3 763 1 3 1 7 7 -
644 317 3- 684 3 4 r 3 724 1 3 - - l l 764 3- 3-
645 3 l l 3 685 1 3 7 - 1 9 725 3- 3 7 765 7 3 t 3 3
646 7 2 3 2 9 - _ 686 3- 3- 726 5 3 3 1 3 3 766 4 7 7 9 1 1 -
647 3 - 3 ll 687 3 1 3 3 727 il 7 1929 767
648 3- 3 7
3 1 3 3 688 7 -7t83 728 3- 3 3 7 768 3- 3
649 - 4 3 7 3 6 7 689 361 3- 129 2 3 3 - 3 769 7 4 3 _
650 3 7 3 2 3 690 5 7 3 - 3 730 767-- 770 3- 3 13
651 1 7 3 7 3 69r - 3 1 - l t 73r 3 7 t 3 1 3 771 l l 3 - 3
652 - l l 6 l _ 692 3 7 3 1 3 732 3 t 7 3 772 7--59
6s3 3 4 7 3 1 3 693 2 9 3 7 3 733 - - l t 4 l 773 311 371
654 3 1 3 - 3 694 l l 5 3 734 3 7 3- 774 361 3
655 - - 7 9 7 695 317 3- 735 3 7 3 775 2 3 -
656 3- 3- 696 3- 3 736 1 7 3 7 5 3 - 776 3 7 317
657 3- 3 697 - 1 9 - 7 737 3 7 3 3 4 7 777 t 9 3 7 3
658 - 2 9 7 1 1 698 3- 3 2 9 738 1 l 3 8 3 3 778 3 1 4 3 1 3 -
659 319 3- 699 3- 3 739 1 9 - 1 3 7 779 3 - 3 1l
Ap p e ndix

Table 1. (Continued)'

1379 1379 1379


660 7 3- 3 700 - 4 7 7 4 3 '740 3 1 1 3 3 1 780 29 331 3

701 3- 3- 741 3- 3 781 7313- 7
661 111713-
'702 7 3- 3 742 4 1 1 3 1 1 7 782 3- 3-
662 337 3 7
703 7 9 1 3 3 1 - 743 3- 343 783 41 3t7 3
663 19 3- 3
7 3ll 3 784 - 11 7 47
664 29 71761 704 3- 3 7 744
705 1 l 3 - 3 745 - 2 9 785 3- 329
665 3- 3-
706 2 3 7 3 7 - 746 3r7 3 7 786 7 3- 3
666 359 3
7-lr- 707 3 11 3 - 747 3 1 3 - 3 787
708 7 3 3 1 9 3 748 7-- 788 3- 3 7
668 341 3-
709 7 4 1 4 7 3 r 749 359 3- 789 13 353 3
669 337 3
7r0 3 - 3 - 750 1 3 3 - 3 790 7 -rl
670 19-
671 3 7 3- 7tl 13 3 11 3 751 7 rl -73 791 341 3*
7t2 752 3- 3- 792 89 3- 3
672 ll 3 7 3
713 3 7 3 1 1 753 t 7 3 - 3 793 7 --r7
673 53--23
674 3 ll 317 7t4 3 7 3 7 3 754 - 1 9 794 3r3 3*
675 43 329 3 715 - 2 3 1 7 - 755 3 7 3 - 795 373 3
--67 77t6 3 1 3 3 6 7 756 37 3 796 19-3113
677 313 3- 717 7 r 3 - 3 757 6 7 - - 1 l 797 3 7 379
3 1l 3 7 1 8 4 3 r r - 7 758 3- 3- 798 23373
713 7t9 3- 3 2 3 759 371 3 799 6l-1119
840 3 1 3 7 3 880 1 3 - - 2 3 920 3- 3-
800 353 3-
3- 3 841 t 3 4 7 1 9 - 881 3 7 3 - 92r 61 3r3 3
801 -23 - l1
1371237 842
a a
882 37 3 922
802 5-

329 3- 843 3 l l 3 883 - l l 923 3 7 3-

844 2 3 - - 7 884 3 3 7 3 - 924 37 3
804 1l 3 13 3
83- 7- 845 3 7 9 3 l l 885 5 3 3 1 7 3 925 i l 1 9- 4 7
3 ll 3 - 846 3 - 3 886 7 926 3s9 313
847 4 3 3 7 7 6 r 887 319 313 927 73 3- 3
807 7 341 3
928 --37 7
808 -59 848 3 r 7 3 1 3 888 8 3 3 - 3
3 7 849 7 3 2 9 3 889 t 7 - 7 l l 929 3- 3r7
809 3-
3 ll 3 8 5 0 - 1 1 4 7 6 7 890 329 3s9 930 71 34r 3
7 7 337 3 931 -67 7 -
811 7 -23 851 3- 3 8 9 1
812 3 - 3 1l 852 3 - 3 892 1 1- 7 9 - 932 3- 319
8s3 1 9 7 - - 893 3- 3 7 933 7 3- 3
813 47 379 3
7 r7-29 854 3 - 3 8 3 894 323 3 934 13-
3 3 1 3 4 r 8 5 5 r 7 3 4 3 3 895 71317 935 347 3 7
Table 1. (Continued).

1379 1379 1379 1379

816 3- 3 856 7-1311 896 3- 3- 936 l l 3 1 7 3
817 -1113- 857 3- 323 897 3 4 7 3 937 7 _83
818 3 7 319 858 331 3 898 7 1 3 1 1 8 9 938 3ll 341
819 373 859 l l 1 3 899 317 3- 939 3- 3
820 5 9 1 3 2 9 _ 860 3 7 3- 900 3- 3 940 7 -2397
821 343 3_ 86r 7 9 3 7 3 901 7l 29 94r 3- 3-
822 319 3 862 3 7 - - 902 3 7 3- 942 3 ll 3
823 7 863 389 353 903 l r 3 7 3 943
824 3- 373 864 3- 3 904 83- 944 3 7 3 ll
825 3 7 3 2 3 3 865 4 t t 7 t t 7 905 3 ll 3 - 945 t 3 3 7 3
826 l 1 - 7- 866 3- 3- 906 13 3- 3 946 -17
827 3- 3r7 867 1 3 3 - 3 907 4 7 4 3 2 9 7 947 3- 3-
828 7 3- 3 868 - 1 9 7 - 908 3 3 1 3 6 1 948 1 9 3 5 3 3
829 _43 869 3- 3- 909 3 l l 3 949 - l l - 7
830 319 3 7 870 7 3- 3 910 19- 7- 950 3 13 337
831 3- 3 871 3 1 - 2 3 - 9 tl 3 3 1 3 1 l 951 3 31 3
832 5 3 7 t t - 872 311 3 7 912 7 3- 3 952 - 8 9 7 t 3
833 3 13 3 31 873 3- 3 913 2 3 - - 1 3 953 3- 3-
834 t 9 3 1 7 3 874 7-13 9r4 3 4 t 3 7 954 7 3- 3
835 7-6r13 875 3- 319 915 3- 3 955 - 4 1 1 9 l 1
836 3- 3- 876 3 ll 3 916 7 8 9 s 3 956 373 3 7
837 i l 3 - 3 877 73167- 917 3- 3 6 7 957 t 7 3 6 1 3
838 1 78 3 878 3- 3 1l 9r8 3- 3 958 1 1 7 - 4 3
839 3 7 3 3 7 879 5 9 3 1 9 3 919 72917- 959 353 329
960 3 13 3 970 8 9 3 11 8 7 980 3- 3 1 7 990 3- 3
961 7-59- 971 3 ll 3 - 981 3- 3 991 r r 2 3 4 7 7
962 3- 3- 972 37t 3 982 7tt3r- 992 3- 3-
963 323 3 973 a n 4
t- 983 3- 3- 993 319 3
964 3 l - l l - 974 3- 3- 984 1 3 3 4 3 3 994 - 6 1 7 -
965 3 7 313 975 7 3rt 3 985 -59 99s 337 323
966 37 3 976 4 3 t 3 986 3 7 3 7 r 996 7 3- 3
967 t 9 t 7 977 329 3 7 987 373 997 1 3 - u t 7
968 323 3 - 978 3- 3 988 4t - - ll 998 367 3 7
969 l 1 3 - 3 979 19741 989 3 1 3 3 1 9 999 9 7 3 1 3 3

Reprinted with permission from u. Dudley, Elementary Number

Theory, Second
Edition, copyrighto 1969 and l97g by w. H. Freeman and
company. All rights

Table 2. Values of Some Arithmetic Functions'

I 2 3
2 2 4
4 2 J

4 2 6
2 4 t2
'l 6 2 I
4 4 l5
6 3 l3
4 4 l8
l0 2 t2
4 6 28
t2 2 t4
6 4 24
I 4 24
8 5 3l
l6 2 l8
6 6 39
l9 l8 2 20
2A 8 6 42
2l t2 4 32
22 l0 4 36
23 22 2 24
24 8 8 60
25 20 3 3l
26 t2 4 42
2'I l8 4 40
28 t2 6 56
29 28 2 30
30 I 8 72
3l 30 2 32
32 l6 6 63
20 4 48
34 l6 4 54
24 4 48
t2 9 9l
5I 36 2 38
38 l8 4 60
39 24 4 56
40 l6 8 90
4l 40 2 42
42 t2 8 96
43 42 2 44
44 20 6 84
45 24 6 78
46 22 4 72
4"1 46 2 48
48 l6 l0 124
49 42 3 57
A ppendi x

Table 2. (Continued).

50 20 6 93
5l 32 4 72
52 24 6 98
53 52 2 54
54 l8 8 120
55 40 4 72
56 24 8 120
57 36 4 80
58 28 4 90
59 58 2 60
60 l6 t2 168
6r 60 2 62
62 30 4 96
63 36 6 104
64 32 7 127
65 48 4 84
66 20 8 144
67 66 2 68
68 32 6 r26
69 44 4 96
7A 24 8 t44
7l 70 2 72
72 24 t2 r95
73 72 2 74
74 36 4
40 6 t24
76 36 6
60 4 96
78 24 8 168
79 78 2 80
80 32 t0 186
8l 54 5 t2r
82 40 4 r26
83 82 2 84
84 24 t2 224
85 64 4 108
86 42 4 t32
87 56 4 120
88 40 8 180
89 88 2 90
90 24 t2 234
9l 72 4 n2
92 44 6 r68
93 60 4 128
94 46 4 t44
95 72 4 t20
96 32 t2 252
9',| 96 2 98
98 42 6 t7l
99 60 6 r56
100 40 9 217

Table 3. PrimitiveRootsModulo Primes

prime p, p < 1000is givenin the table'

The leastprimitive root r modulop for each

439 r5 709 2
2 1 l9l l9
443 2 719 ll
3 2 193 5
449 3 727 5
5 2 r97 2
457 l3 733 6
7 3 199 t
46r 2 739 3
1l 2 2tl 2
463 743 5
l3 2 223 3 J

467 2 75r 3
t7 3 227 2
479 13 751 2
l9 2 229 6
76r 6
23 5 233 3 J

49r 2 769 ll
29 2 239 7
499 1 773 2
31 3 241 7
s03 ) 787 2
3',1 2 251 6
s09 2 797 2
4l 6 257 3
521 3 809 3
43 3 263 5
523 2 811 3
47 5 269 2
541 2 82r 2
53 2 271 6
5 547 2 823 J

59 2 277
2 827 2
6l 2 28r 3 5)/
3 563 2 829
67 2 283
569 3 839 ll
7I 7 293 2
57r 3 853 2
73 5 307 5
577 5 857 3
79 3 311 T7 I
l0 587 2 859
83 2 313
593 3 863 5
89 3 317 2
599 7 877 2
97 5 331 3
601 7 881 3
l0l 2 33',1 10
2 607 3 883 2
103 5 347
2 613 2 887 5
107 2 349
617 3 907 2
109 6 3s3 3
359 7 6r9 2 9ll
113 3 7
367 6 63r 3 919
127 3 3
2 641 3 929
131 2 373
2 643 ll 937 5
r37 3 379
647 5 94r 2
139 2 383 5
653 2 947 2
t49 2 389 2
659 2 953 3
l5l 6 397 5
157 5 401 3 601 z 967 5
6 73 5 97r 6
163 2 409 21
2 677 2 977 3
r67 5 419
2 683 5 983 5
r73 2 421
7 691 3 991 6
179 2 43r
5 701 2 997 7
l8l 2 433

Table 4. Indices

p Numbers

l: lt2
I r(
l! l8
I to
)1 22
29 28
3 r 30
3 i 36
4l 40
43 42
47 46
53 52
59 58
6l 60
67 66
7l 70


79 78

96 trlfr|JIl,li Numbers
t 7 1 8 l 1 9 20 2 l 22 23 24 25 26 27 28 29 30 3 l
32 33
l9 l0 el I
23 7 r z lr s 5 Indices
l3 lt tl
29 2l l l I e 24 t7 26 20 8 l6 l9 r s lr + l
3l 7 z6i 4 8 29 t7 27 l3 l0 5 rlrol I l5
37 7 1 7 1 3 5 25 22 3l l5 29 l0 t2 6l34l2l t4 9 5 20
4l 33 1 6I e 34 t4 29 36 l3 4 l7 s rr j 23
3 Il s Il 4 r
28 l0 l8
43 38 z s l r c 37 36 t5 t6 40 8 l7 ll 34 9 3l
47 t6 1 2 l 4 s 37 6 25 5 28 2 29 t 4 l 2 2 l 3 s 39 3 44 27
53 l0 3 s l ' 3 7 49 3l 7 39 20 42 25 sl116146 l3 33 f 23
59 40 43138 8 t0 26 l5 53 t2 46 3 4 1 2 0 1 2 857 49 5 t7
6l 47 t 3 l i 2 6 24 55 l6 57 9 44 4l nlsrlrs 29 59 5 2l
67 64 1 3 ll 0 17 62 60 28 42 30 20 s t l 2 s l 4 4 55 47 5 32
7l 49 5 8 11 6 40 27 37 l5 44 56 45 aI rr I oa 60 ll 30 57
73 2l 2 0 1 6 2 17 39 63 46 30 2 67 18l4el35 l5 ll 40 6 l
79 2l 6 1 3 2 70 54 72 26 l3 I 46 38 3l6llll 67 56 20 69
83 56 6 3 1 4 7 29 80 25 60 75 54 78 s2lt0l12 l8 38 5 t4
89 6 r 8 1 3 5 t4 82 t2 57 49 52 39 3 l 2 s l s e 87 3l 80 85
97 89 7 8 1 8 1 69 5 24 77 76 2 59 l8l 3l13 9 46 74 60

Reprintedwith permissionfrom J. V. Uspenskyand M. A. Heaslet,Elementary

Number Theory,
McGraw-Hill Book Company.Copyright O 1939.

Table 4. (Continued).


3'l I l9 t8
4l r9 2l 2 32 35 6 20 I n dices
43 23 l8 l4 4 33 22
6 l2l I
t s l 2 4 1 3 | 4314 l
I 23
47 34 33 30 42 l 7 3l '))
s3 l l 9 36 30 3 8 4l 50 4s132 | 8 l 29 40 44 2l 23
59 4 l 24 44 55 39 3'l 9 1 4 l l l 33I 27148 16 23 54 36
6 l 48 ll l4 39 27 46 2s 5 4 1 5 6 431r i I 34 58 20 l0 38
67 65 38 l4 22 l l 58 l 8 s 3 1 6 3 e l 6 r l 27 29 50 43 46
7 l 55 29 64 2A 22 65 46 2 5 1 3 3 481431 l 0 2l 9 50 2
7 8 29 34 28 64 70 65 25 t l + t 5 r I 7 r I l 3 54 3l 38 66
79 25 37 l0 t 9 36 35 74 7 5 1 5 8 4 e l76164 30 59 l7 28
20 48 67 30 4 0 1 8 1 7 t l 26 1 7 6l 23 76 l6
83 5 7 35 64
89 22 63 34 ll 5l 24 30 2 l l l 0 2 e l28172 73 54 65 74
32 t6 9l l9 95 8 5 1 3 9 4 l 5 8 1 45 l5 84 l4 62
97 27
52 53 54 )) 56 )t 5 8 5 9 60 6l 62 63 64 65
50 5 l

53 43 27 76 IncLices
59 r3 32 47 22 3l
35 2l 30 29
6l 45 5 3 42 33 37
t9 52 32 36 3 l 30
67 3l 5t 2l 57 8
52 26 49 45 36 56 48 3 5 6 34
7l 62 5 5l 23 59
l4 t9 42 4 J 66 69 I 1 7 5 3 36 67
'73 l 0 27 3 53 56
26 57 68 43 5 23 58 l l e 45 48 60
'7'7 52 65 33 t5 3l 7l 45 1 6 0 5 5 24 1 8
79 50 22 42
83 5 5 46 79 59 5 3 5 l ll 37 13 34 l 9 66 l 3 e 70 6 22
89 68 7 55 78 l 9 66 4l 36 75 43 l 5 69 1 4 7 83 8 5
97 36 63 93 l 0 \) 8 7 37 55 47 67 43 64 t 8 0 75 t 2 26

't0 'tl 't6 7 8 79 80 8l
66 67 68 69 7 2 7 3 74 7 5 II

67 33
7l 63 47 6l 4l 35 Inclices
78 69 50 52 42 44 36

29 2'7
5 8 50
23 4'l
z l 44
43 39 I
32 68 1 4 3 3 l 42
89 13 56 38 58 79 62 50 20 27 5 3 67 77 40 1 4 2 46 4
97 94 57 6l 5l 66 lt 50 28 29 72 53 2 l J J t 3 0 4 l 88

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96

83 4 l I n d lces
89 3 7 6l 26 76 45 60 44
97 23 t7
90 38 83 92 s 4 l ' 7 e 1 5 61 4 9 20122 82 48
Table 4. (Continued).

p Indices
I 2 3 4 5 6 7 8 e{t0llt l2 l3 t4 l5 t6
2l rl | | |
21 41 3l rl
3l 21 6l 41 5l I
I ll
lI l 2l 4l8l slrol I 7l3l6l 'l
2l 4l 8l 3l aln I
I rl ' ul el slrol zl I
3l elrolnl slrs trlrolr+l al tl 4 t2 2l
l! 21 4l sl rol rgl 7) t4l elrs;rzlrslrrl l al r
2. 5 l 2 l t o l + l z o l r l 1 7 l1 6 ll l I t l z z l r s l zrrl o l r z l s
2l 21 4l altol :l 6l rz z+ rs I rs t vl I n l lsl I
3l 3 l e l 2 7 1 r o l z e l r c lt 7 2 0 2 e z s n a l z + l r o lz t I z s
1 ! ! I I I z a
3'' 2 1 4 l a l r o l t z l z t l t 7 | 3 4I I I n I I : o I z sI
41 o l r e l r r l z s l z t l : B l z eIl t ol 3 t l 2 s I I z+el zlr + sI : o I z : I s I
lztl glrsl
43 3 l s l z t l l s l z e l + r l 3 7 l rrez l 3r 2 o
r o + l
4'l s l z sI r r I r +l z z l u l n |l 28s|; 4 0Il r zII r : |I r e| + l Il zr ct ll +z zt ll nz t Il
r z
53 2 l 4 l 8 l t 6 l : z l r r l z 2 l 4 4 lr s r z : + r s
59 z l + l s l r o l r z l s i t0 z0 40I 2t | +z | I m I t I Al zal
6l z l 4 l a l r e l : z l : l 6 l t 2 1z + l+ t I t s I zs
| | | | ! I soI +r I zt I +eI
q I r sI : o I r t I z z l
67 2 l 4 l s l r o l t z l e q lr 5 s l + r l u l r s l o l r s l : o l s l r o i
7l T l 4 e l s q l s r l s r l z l 1 4I 1 2 1+ 2 1+ s : r + l z t l
73 s l z s l s z l + r l s t l s l r i l 2 l1l o l s o|l: r | e l + s l so+lIszo: Il ras II
79 3 l e l z t l z l e l r s l , 1 1+ l r z l x l z t I s l z + l z zlsslrol
83 z l 4 l s l r o l t z l o a l 15| t I t+ | zaI seII zqI ssI t: I ee| +qI
89 3 l e l 2 7l s r l o s l r z l i t l 6 4 l t + l + z l y l z z I e oI z oI o oI z l
97 sl2sl28l43l2tl s l o l o l l o l s : I z r I u l z g l+ s| + e l: e I

p Indices

t7 l8 t 9 20 2 l 22 23 24 25 26 27 28 29 30 3r 32 33
1 9 l0 I
23 l 5 6 t2 l4 I I Numbers
29 2 l
3 l 22
l3 26 23 t7 ) l0 20 l l 22 I r sI r I
lr:l tlzr
4 l2 5 l5 t4 II 2 6 l8 I
37 l 8 36 35 33 29 21 ) l0 20 3 | 6 l t 2 l 2 4 l l 22 1
4 1 26 I

33 34 40 35 5 30 t6 t4 2
43 26 35 l9 l4 42 40 34 t6
Irzltrlzz 9
) l5 | 2l 6l18 II
l 3 37 t'l
33 I 3 39
47 3 8 2 l0 3 l5 28 46 22 1 6 3 3 1 2 4 1 2 36
42 6 39 35
53 J 6 t2 24 48 43 33 l3 26 52 s l l 4 e l 4 s 3 7
59 3 3 t4
2 1 42 3r
28 56 53 47 35 l l 22 4 4 l 2 e l s 8 57 5l
)5 43
6 l 44 27 54 47 33 5 l0 20 40 l 9 3 8 l 1 5 l 3 0 60l 59 5 7 53
67 20 40 t3 26 s2 37 7 l4 28 56 4 s l 2 3 l 4 6 25 l 50 3 3 66
7 l 62 8 56 37 46

38 53 t6 4l 3 2 t l 5 1 3 5 1 32 ll 6 42
7 3 20 27 62 l8 t7 t2 60 8 40 54 srl:el:+l 24 47 1 6
79 48 65 37 32 t7 5l 74 64 34 23 6 e l 4 e l 6 8 l 46 59 t 9 57
83 l 5 30 22 44 s | 'o I zoI 40
60 37 74 65 47 ll 80 't7 7l
89 6 t8 54 73 4l 34 I3 39 28 84 t + 1 + + l + t l40 3l 4 t2
9? 83 2t 38 93 77 94 82 22 t 3 65 z + l t s l u l 79 35 78
Ap p e n dix

Table 4. (Continued).

3 5 1 3 6 37 3 8 39 40 4 l 42 4t 4 4 i | 4 5 i . 4 64',1 48 49

17 28 19 I I
4 l 20 3 8 23 15 8 I I Numbers
43 3 l t zl 20 17 8 24
37 M
32llel I
47 34 29 4 20 6 30
53 9 l 8 36 l9 38 23 46 39 25 50 4 7 l 4 r l 2 e 5 l 0 20
5 9 27 54 49 39 l9 38 l7 34 9 l8 3 6 1 1 3 1 2 652 45 3 t
6 l 45 29 5 8 55 49 37 l3 26 52 43 2 5 l 5 0 l 3 e t'l 34 1

6',1 65 63 59 5l 35 3 6 t2 24 48 2 e l 5 8 l 4 e 3 l 1 6 2l 5 i
7l l0 70 & 22 t2 l3 20 69 57 44 2 4 l | 2 6 1 4 067 1 4 3I 1 7
73 35 29 72 68 48 2l 32 l4 70 58 7 1 1 6 3 1 2 342 1 6 41 2 8
79 l 3 39 3 8 35 26 78 76 70 52 77 ? 3 l 6 r l 2 s t) :l611 4 3
83 59 3 5 70 57 3l 62 4l 82 8l 79 ? 5 1 6 7 1 5 1l 9 1 3 8| t 1 6
89 36 l 9 57 82 68 26 78 56 79 59 8 8 1 8 6 1 8 062 l 8 1 2 4
97 2 l 0 50 56 86 42 l6 80 12 60 e l 4 5 l 3 1 58 t 9 6 1 9 2

5 3 40 27 I
l5 30 I
N mbers
59 3 6 t2 24 48 37
4l 2l 42 23 46 3l I I
6r l4 28 56 5l
M 21l|42 17 34
27 54 4l t5 30 60 53 39 1l 22
67 47 39
'll 48 52 9 63 l5 34 25 33 18 55 30 68 50166 36
46 ll )) 56 6l l3 65 33 rel22 37 39
1 3 61 43 69 53
zl 63 31 t4 42 47 62 28 5t15 45 56
19 50 7l 55 I

8 3 69 55 27 54 25 50 l 7 34 68 53 23 46 rlrs 36 72
<) 6',7 23 69 29 87 83 7 1 1 3 5 l6 48
89 72 38 25 7 5 47
76 89 5 7 9 l 67 44 26 33 68 4 9 1 5 1 6l t4
97 72 69 54
p .,'riiiiii

o o el tl o al o sl i o l u r l n l t t l r a l r s l t t l t t l z t l r e 1 8 0| 8 t
67 I
7l 60 65 29 6 l I {umbt
73 49 26 5 7 66 3 8 44 I I
19 10 30 l l 3 3 20 60 22 66 40
3 6 l2
44 5 3 t
48 l 3 2(' l s 2 l 2 r 42
83 6l 39 7 8 7 3 63 43
89 55 76 50 6 l 5 l 5 45 46 49 58 85 7',| ) i ' 1 7 01 3 2
97 70 59 4 20 3 1 5 75 84 32 63 24 23 I ti l 9 0 1 6 2 l 9

94 95 96
82 83184 85186187188 89190 9t192193

83 I
N umbrlrs
89 2r 63I ll 3 3 l l o l 3 0 I
1 7 1 8 5 37 88 52 66 l r s
97 95 87147 4l I ll I 55 8l
Table 5. Simple Continued Fractions
for Square Roots of positive lntegers

d J7 d J7
| , I r,,ll i 53 I t-
l: lrr:1-l I 54 I t z ; z r e ; J . r + t
is ltz,ql I 5 5 tt,T,zl,tqi
lolt2:2+t I 5 6 II t't;zr+l
lt lrz;r,TJ'+t l 57 I t7;l,t,4,l.l.l4l
t -

l sl 0 ) r 2 ; y e t I 58 I I 7 : l , l , l , l . l . l . t 4 l
t -

I | [3:6] | 59
Itt I l:;:,ot I 60 |I t[tl;:nl, dz ,. tt ,qt t+ 1
I tz I t:;Nl I 6 l tz;r,q3JJtr,raJJat
InItl,r.r,T,l,ol I 6 2 II t 7 ; 1 , |6, ,l 4 l
| 'o I f3:LAGt I 63 I t z ; 1 r + t
i t5 I [3;t,6] | 65 I [ a ; t o ]
ln|t+:st I 66 I t s ; s T ' t
Jt s J l + ; + , a l I 6 1 l E -; 5 2 1 . 1 , 7 , 1 . t . 2 , 5 , t 6 1
I ,n I r+;1i;l)"rl I I
6 8 | [s:+. ro]
I 20 I I a :2 ,8 1 i 6 9 t-8-: 3 , 3,,41. .13 . 3 . 1 6 1
I zt I t4;iJJJJst I 70 ts;zT;, rJ,lot
|,z I t+rr,xJ.r"sl --
I 7 l l8;22,-l ,1.t ,z,z,tol
I 2 3| [ + : t . l , r , s ] | 72 [8;2,16J
I z q I t 4 ;,l 8 1 | 73 [ 8 ; 1 . 1 , 5 , 5 , 1 . 1 . 1 6 1
I zeI ts;rol I
I 11I
t g ;l , r J , l , G t
I ,, I rs:s,
j 2 8 j t s ; 3 , 2 ,r :o, l
/ ) | [ 8 -;l , r , l , l 6 ]
I 76 I E 1; , 2l , 1 , 5 , 4 ,t 5, t., Z t, , t
I 2 eI t s : t t J ; J o t I 77 11 [ 8 : 1 , 3 , 2 , 3 , l , l 6 J O ]
I :o I Is:z,rol l 7 8 I t s :r , q , Tt.6 l
I ,' I ts;r,r-:_:;rr,rol I 7 e l ta;ffi.I
I 32 | t5:l,l,l,lol I 80 [ 8 ; l , l 6 l
| : l I t s ; r ,rf, r o 1 | 8 2 II [ 9 ;I 8 ]
l:+ I ts;r,+rlot I 8 3I I q ; e J8 t
l:s lts:_ol I 34 1 [ 9 ; 6 , l 8 l
I i7 | t6:l2l I -t -5l | t q ; {I , l , a , I 8 t
i:a j to;o,ut L 16 tq:1.1..-r'r.sJJJmr
l:r 116'aJI l ; J 7 ll [ 9 ; 3 , 1 8 1
] q ol t o ; : J 2 l l ; 1 8 itq;2JJ,l2,l8t
io'lto:fut i ; r e l [\ry,zJal
I 42 ) [ 6: 2 ,t2 1 | .' o i [ 9 ; 2 , 1 8 ]
l aoa, l l u , @ , , r l l; ll
I [ 9 ;l , l , 5 ,I . 5 .l . I . l 8 l
l|.6:l.l,l,2,l.l.t.l2l l . t't- l I l 9 : l , l , 2 . 4 . 2 ..11. 18 1
4slt6;r,t]Jm1 l; 3l _ --
I 9 : 1, 1, 4 . 6 . 4. 1t. 1S l
+e1ro,ffirli 4l rg;mr
4 7 [ [ o ; t , rs,t, z l I g' t [9;1,2,1,18]
48lle;r,rzl lq6l lq;t,:,r,rsl
soltz;l+l l; - l

5r I tt:t.tql I ;8 i [q;t,a,t,te]
szltt:+ttfV.u, lnq i lg;iJTl

Answers to Selected Problems

1. a ) 20 b) s 5 c ) : as d ) 2 0 4 6
2. a ) 3 2 b ) 1 2 0c ) 1 4 4 0 0d ) 3 2 7 6 8
3. t. 2. 6, 24, 120, 72 05, 0 4 0 ,4 0 3 2 0 3, 6 2 8 8 03, 6 2 8 8 00
4. l , 1 2 0 2, 5 2 , 1 2 0I ,
5. 8 4 .1 2 6 2. 1 0
g. \ n + D/ 2
rr. 65536
2 1. x : y : l . z : 2

Section 1.2
l . 9 9 : 3 ' 3 3 , 1 4 5: 5 ' 7 9 ,3 4 3 : 7 ' 4 9 , 0 888'0
2. a).c), d), e)
3. a) 5,15 b) 17,0 c)-3,7 d)-6,2
4. a: *.b
13. b) 3
1 1 . 0 i f a i s a n i n t e g e r ,- l o t h e r w i s e .
2 3 . b ) 2 0 0 . 4 0 , 8 , I c ) 1 2 8 ,l 8
2 4 . 2 0 + l 8 [ x - l ] , S t . 0 8n o , $ 1 . 2 8Y e s

Section 1.3

l. ( 5 5 5 4 ) r ,( 2 f i 2 ) r c
2. ( 3 2 8 ) r o (. l I I I l o o o o o o ) 2
3. ( t r s ) , u , ( 7 4 E )6
4. ( t O t O t 0 lI I l 0 0 l l 0 l I l l 0 l I I l ) 2 , ( t t O t I 1 l 0 l I I I l 0 l 0 l l 0 0 l I l 0 l l 0 l ) 2 ,
( r o o tl o l o o o o o l ol )l 2
6 . b ) - 3 9 , 2 6c ) ( t o o l ) - 2 (, l l 0 0 l l ) - 2 ,( 1 0 0 1 l 0 l ) - z
1 4 .i l t + : 2 ' 3 1 + l ' 2 1 . , 5 6 : 2 ' 4 + t l ' 3 ! + l ' 2 ! , 3 8 4 : 3 ' 5 !+ l ' 4 !

l. ( r o o t 0l o l l o ) 2
2. (rttilolll)z
3. ( r o tt 0 0 0 l l 0 l ) 2
4. ( l l l o ) 2 .( l o o o l ) 2
5. (too65)ro
6. ( 3 3 8 F )r e
't (8705736)
. r6
8. ( l I C) r c ,( 2895)r o
A nsw ers to S el ected probl ems

2 3 ' a ) 7 g r o s s , 7 d o , z e n , a n d g e gb
g )s i l g r o s s , 5 d o z e n , a n d
c) 3 gross,I I dozen,and 6 eggs

Section 1.5
a) prime b) prime c) prime d) compositee) prime f)
I composite
7. 3,7,31,211,2311,59
r 0 . i l 2 4 , 2 5 , 2 6 , 2 7 , 2 9b ) 1 0 0 0 0 0 +
. l 2 , 1 0 0 0 0 0 1 !3+, . . . , 1 0 0 0 0 0 11!0+0 0 0 0 1
16. a) 1, 3, 7, 9 ,1 3 ,1 5 ,2 1 ,2 5 ,3 1 ,3 3 ,3 7 ,4 3 ,49,51,63,67,69,73,75,7g,g7.93.99

Section 2.1
l. il5 b) lll c)o d) I e)rr il2
4. I if a is odd and b is evenor vice versa,2 otherwise
5. 2t2l
14.il2 b)sc)ssd)3 e)t f)1001
15. 66, 70, 105 66; ,7 0 ,1 6 5
o ;r 4 2 ,7 0 ,1 6 5
1 9 . ( 3 k + 2 ,5 k + 3 ) : I s i n c es 3 k + D _ 3 ( 5 k + 3 ) : I

Section 2,2
2 . a ) r s : 2 . 4 5 + ( - l ) 7 5 b ) 6 - 6 . 2 2 2+ ( _ 1 3 ) 1 0 2
c ) z : 6 5 ' 1 4 1 4 + ( - r 3 8 ) 6 6 6d ) 5 : 8 0 0 . 4 4 3 5 0+ ( - 1 1 0 1 ) 2 0 1 8 5
3 . a ) I : l ' 6 + l . l 0 + ( - t ) t 5 b ) 7 : 0 . 7 0 + ( _ l ) 9 g+ 1 . 1 0 5
c ) 5 : - 5 . 2 8 0 + 4 . 3 3 0+ ( - t ) + o s + 1 . 4 9 0
4. ilZ
s. il2

Section 2.3
l . i l 2 2 . 3 2b ) 3 . 1 3 c ) 2 2 . 5 2d ) 1 7 2 d , 2 . l . l l f ) 2 8 g ) s . r o l i l 2 3 . 4 3i ) 2 4 . 3 2 . 5 . 7
| 2 6 5 3 k ) 3 . 5 . 7 I23. l ) 9 . 1l . l 0 l t , 1 t,,l i
8 . b ) 2 r 8 3' 8 . 5 7 4 . 11 . 1 3t 7. . t g
9. 249,331
1 0 . 3 0 0 ,3 0 1 ,3 0 2 ,3 0 3 ,3 0 4
| 2 . b ) 5 , 9 |, 3 , 17 , 2l , Z g , 3 , 3 7 ,14, 4 9 , 5 3 , 517,,669 ,37, 77 , g g ,3g. g 7
d ) 6 9 3 : 2 1 . 3 3: 9 . 7 7
1 4 . il 24 b) 210 c) r+o d) I l2l I e) soo+oil 3426s7
1 5 . i l 2 2 3 35 37 2 . 2 1 3 s s 5 7 7 b ) 1 , 2 . 3 . 5 . 7 . 1 1 . 1 3 . 1 7 . 1 9 . 2 3 . 2 9
d 2 . s . 1 1 , 2 3 . 3 . 5 7 1. 71.1 3 . 1 3d ) 1 0 1 1 0 0 0 , 44l f7i r r 7 g | rg 3 i l r l 0 l r 0 0 l
1 7 . 1 8 , 5 4 0 3; 6 , 2 7 0 : 5 4 ,1 8 0 ;9 0 . 1 0 8
2 1 . 308,490
25. a ) 3 0 , l 0 0 l
29. a f u c ) 2 . : r , r 5 r d ) 3 2 . 5 ..71 3 . t 7 . 2 4 te ) 5 2 1. 3 . 4 1 . 6 t . 1 3 2 1
f ) 3 3 . 5 . I73. .1 9 . 3 7 . 7130. 9
3 0. 1 0 3
Answers to Selected Problems

Section 2.4
l . i l z z ' q l ' e u b ) 7 ' 3 7 ' 5 3 ' 1 0 7c ) t 9 2 ' 3 r ' 4 9 6 9
toot'1999 f) 4957'4967
2 . u ) r : . s q r b ) 7 3 c ) t z ' 6 + t d ) 1 0 3 ' 1 0 7e )
lz' 5 l3' 2nlogrc2
5. d17,347 6. d)13'17,41.61,293'341313'3?'109 7 . 5 '

Section 2.5
l. a)x:33 *5n.1:-ll-2n b) x:*300* 'y -4OO-11n
l 3 n'il
d)nosorution ,x'ZI cb1 y =-zi^\n
i l x : 8 8 9 + 1 9 6 9n , Y : - 6 3 3 - 1 4 0 2 n
2. 39 Frenchfrancs,I I Swissfrancs
3. 17 apples,23 oranges 8-'l. 0f
4. l8 "Pt
5. a) (14-centstamps,2l-centstamps)
( 1 ,
( 1 0 , 1 o ) ,( ? , 1 2 ) , ( 4 ,1 4 ) , 1 6 )
b) no solution
=(54,1)' (51'3)' (48' 5)'(45'7)'
c ) ( 1 4 - c e nst t a m p s , 2 l - c e ns t a m p s )
( 4 2 , g ) , ( 3 9 ,1 1 ) ,( 3 6 , l 3 ) , ( 3 3 , 1 5 ) , 3 0 , l 7 ) , ( 2 7' 1 9 ) '( 2 4 ' , 2 r \ ' , ( 2 1 ' , 2 3 ) ' ,
( 18 , 2 5 ) ,( 1 5 , 2 : 7 ) , ( 1 2 ,2 9 ) , ( 9 ,3 1 ) ,( 6 , 3 3 ) ,( 3 , 3 5 ) ,( 0 ' ,3 7 )
10.a)3 t)ze d242
- l-n
I l . a ) x : 9 8 - 6 n , ! : | * 7 n ,z b) no solution
: 150-3n, w -- fr
c ) x : 5 0 * n , l : - 1 0 0 + 3n, z
: (1 ( 1 4 ,8 , 2 ) , ( 1 1 , 1 2 , 1 ) '
t2. (nickels,dimes,quarters) ( 2 0 ,0 . 4 ) , 7 , 4 , 3 ) ,
( 8 .1 6 , 0 )
1 3 . 9 first-class,l9 second-class, 4 l s t a n d b y 1 4 . n o 1 5 . 7 c e n t sa n d 1 2 c e n t s

Section 3.1
l. a) l,2JlP$ 1,3,9,27,3J,111,33 . .3' i,t9 9 9
4 . i l g b) b c ) o d ) 1 2 d + f) I "ff2,

9. 0 | 2 3 4 5 10. 0 | 2 3 4 5ll. x 0r23 5

0 054 321 0 0 0 0 0 0
0 l0r 2345 432 I 0 I 2 J 5
I lr 2 3450 I 105
2 3 4501 z 2r0 543 2 0 L + 0
lt 32 4 321 054 0 J 0 J J
t -
5012 J J
l o, 432 105 .+ 0 4 2 0
4 0r23 4
5 ls 0 t234 5 543 210 5 0 5 4 J

12. a) 4 o'clock b) 6 o'clock c) 4 o'clock

I 3 . 0 . I, 5 , 6
14.a 7 + b (modp)
17. n 7 + I (mod 6)
l 3,15,17,19,21,23,25
1 8 . 1 , 3 , 5 , 7 , 9l , 1
(modp) whenp is prime andpla
26. a) t b) I cl f O) I e) ap-t = 1
- l - t - l ( p - l ) ! : - l ( m o d p ) w h e np i s p r i m e
27. a) -1 b) c) d) e)
30. a) 15621
A nsw ers to S el ected probl ems

Section 3.2
L a) x:3 (mod 7) b) x:2,5,g (mod
9) c) x=7 (mod 2l) d) no solurion
e) x=812 (modl00l) f) x:1596 (mod
2. c) x=5 (mod 23)
3. I t hours
4 . 6 - 0 , 6 , 1 2 , 1 8 , 2 4( m o d 3 0 ) , 6 s o l u t i o n s
8 . a ) ( x , y )= ( 0 , 5 ) , \ t , D . , e . O , ( 3 , 3 ) , ( 4 , 0 ) , ( 5 ,(4m) o , (d6 , 1 )
b ) ( x , y )= ( t , l ) , ( 1 , 3 ) , ( t , 5 ) , t r , z l , t : , o l
(7,0), , G , z i , i i ' , q j , i r , ul,(5,1),(5,3),(5,5),(5,7),
(7,2).(7,4),(l.0 (modg)
c ) ( x , y )= ( 0 , 0 )( ,0 , 3 )( ,0 , 6 )( I, , I ) ,( I ( I
( 4 , 1 ) , ( 4 , 4 ) , ( 4 , D , $(,5D, 5, ) , ( 5,,4g)l ,, r,e7,),o( l2, ,r2o, )(, 2 , 5()2, , g )( ,3 , 0 )( ,3 , 3 )( ,3 , 6 ) ,
( 8 , 5 ) , ( g , g )( m o d , (7,1),(7,4),(7,7),(g,2),
d) no solution

Section 3.3

l ' a ) x = 3 7 ( m o dl g 7 ) b ) x : 2 3 ( m o d3 0 ) c ) x : 6 ( m o d2 r 0 )
d ) x = 1 5 0 9 9 9( m o d 5 5 4 2 6 8 )
4. 2l0l *201
8. a) x = 28 (mod 30) b) no solution
10. a) x :23 (mod30) b) x = 100 (mod
210) c) no solurion
d) x : 44 (mod g40) e) no solution
il. 30t
| 3. 0000,0001,0625,9376
1 7 . 2 6 f e e t6 i n c h e s

Section 3.4

l . a ) ( x , y ) = ( 2 , 2 ) ( m o d 5 ) b ) n o s o l u ti o n
c ) (x,y) = (0,2),(1,3),(2,4),(:,0) or
(4,1) (mod5)
2 . a ) ( x , y ) = ( 0 , 4 ) ,( l , l ) , (2 ,5 ),(3 ,2 ),(4 ,6 ),(5 ,3),(6,0)
(mod7) b) no sol uti on
3. 0, l, p, orp2
4. a) l0
tt -)
1. a) l 0 orll b ) ls rl c ) fr 4 l
U / l\ o 2/ l lt -, rJ
4 3J [z o 6l ls 5 5 4
l) 545
8. a)
l 4 t o l b )l z ' o l c ) 4 5 5
lr 4 4) ll 4 oj l5
[4 555
9. a) x :0,y E 7,2 -2 (mod7) b) x : l , - y E 0 , 2 = 0 ( m o d7 )
c) = 5 , - y = 5 , , = 5 , w = 5 ( m o d7 )
r 0 . i l 0"b ) 5 c ) 2 s d ) l
An swer s t o S elec t e d P ro b l e ms

Section 4.1

l. a) 28 b) 24 c) 2ro d) 2t
2. a) 53 b) 54 c) 5r c) 5e
9 d) not bv 3
3. a) by 3, not by 9 b) by 3, and 9 c) by 3' and
4. a) no b) Yes c) no d) no
3, and by 9 b) those with an
5. a) thosewith their number of digits divisibleby
with their numbcr of digits divisibleby 6
even number of digits c) those
(same ior 7 and for 13) d) I 1
* a5 aaa3l at apo (mod 3l)'
8 . o z r o 2 n - t . . . a p s - a z n o 2 n -at z n - z*
3 7t r4 $ 6 e 2 . 3 7l1019 2 7 8 s
d) yes
10. a) no b) not by 3, by 5 c) not by 5' not by 13
ll. 73e
check d) no' for example
I 3. a) incorrect b) incorrect c) passescastingout nines
part (c) is incorrect,but check

Section 4.2

a) Friday b) Friday c) Monday d) Thursday

e) Saturday f) Saturday g) Tuesday h) Thursday
i) Monday j) Sunday k) Friday l) Wednesday

Section 4.3
') 3 ,4
t () 1
l. a) Tcanr

I 1 6 b)'c 3

1 6 5
,| 't -l - l
2 b-vc -- ----- 1

3 ) I 1 6 b)'c -l I

3 b\,c 1 o 4

5 ,1
J 2 I 1 brc 5

6 5 .4 bvc ) I 1 o

1 o 5 4 3 2 ) blc

4 : 3 , 4 ' R o u n d5 :
: o u n d l : 4 , 5 . R o u n d2 : 2 , 3 , R o u n d3 : 1 , 5 ,R o u n d
3 . a ) H o m et e a m s R

Section 4.4

5 . 5 5 8 , 1 0 0 2 ,2 t - t 4 ,4
A nsw ers to S el ected probl ems

Section 5.1

l. _l l"
2. I
5. a) x : 9 (mod 17) b) ,r : 17 (mod 19)
18. I
24. 52

Section 5.2

t7. 7.23.67

Section 5.3

l . a ) 1 , 5 b ) 1 . 2 , 4 , 5 , 7 , cg ) 1 , 3 , 7 , 9 d )
1 , 3 , 5 , 9 , , . 1 3e ) t , : . s , 2 , 9 . , , t 3 . 1 5
) 11\
a r . J \ . . , \ L I

5. ll
9. a) x :9 (mod 14) b) x : 13 (mod
15) c) -r = 7 (mod t6)
ll. a) r b) I
1 2 . d ( 1 3 ): 1 2 , 0 0 4 : 6 . a ( 1 6 ) : 8 ,
d ( I 7 ) : 1 6 , , r ( r 8 :) 6 , o ( t g ) : t 8 , d ( 2 0 ): 8
Section 6.1 il f

l. il +o b) t28 d t2o il 5760

2' a) 1,2 b) 3, 4, 6 d no sorurion d) 7,
9 , 1 4 ,a n d r g e ) n o s o r u t i o n
f ) 3 5 , 3 9 , 4 5 , 5 2 , 5 6 , 7 0 ,J 2 , 7 g , g 4 , g 0
3 ' i l l ' z b ) t h o s ei n t e g e r sn s u c h t h a t 8 n : a l
| n . a n dn h a s a t l e a s to n c o d d p r i n r c
factor; n has at reasttwo odd prime factors;or
n has a prime factor p = t (mod 4)

Section 6.2

1. a) 48 b) 399 d 2sqo d) 2r0r_l e)

2.il9 b)6 c)rs il2s6
3. perfect squares
4' thosepositiveintegersthat have only even powers
of odd primes in their prime-
power factorization
5 . a ) 6 , r r b ) r 0 ,r 7 c ) | 4 , | 5 , 2 1
, 2 3 d ) 3 3 , 3 5 ,74 e ) n o s o r u t i o n f ) 4 4 ,6 5
6.a)t 02 dq d)t2 dtgz f)45360
8' a) primes b) squaresof primes c) products
to two distinct primes or cubesof
9. nr(n) /2

1 0 .a ) 7 3 , 2 5 2 . 2 0 4 4
b ) r + p k c ) ( p k u + r t _ D / g k _ Do

Section 6.3

1 . 6 , 2 9 , 4 9 6 ,g I 2 g , 3 3 5 5 0 3 3 6g, 5 g g g 6 9 0 5 6
An sw er s t o S elec t e d Pro b l e m s

3. il t2,18,20,24,30,36b) 945
7 . a ) , c ) P r im e
8. a),b),d) Prime

l . D W W D FN D W G D Z Q
4 . P H O N EH O M E
5. t2
6. 9.t7 'r d (mod 26)
7 . i l C : 7 P + 1 6 ( m o d2 6 ) b ) C : a c P * bc
8 . A ) V S P F X HH I P K L BK I P M I EG T G b )

Section 7.2
Il 2 4 ]
4. a) t b) l3 d 2 6

Iz t: I I
6. I I 23101
1 2 5 37 )
matrix Itj 163]
i. digraphicHill cipherwith enciphering

000 ol
1 3rI 310 ol
12 310 0l
ro r lI
l o 0o 22 tt 37 'l
l0 rl
l.00 00s

Section 7.3
l. t 4 t 7 t 7 2 7 l l 1 7 6 5 7 6 0 77 6 t 4
4. G O O DG U E S S
5. 92
6. 150

Section 7.4
l . 1 4 5 33, 0 1 9
3 . 1 2 1 51 2 2 4t 4 7 l 0 0 2 30 l 1 6
A nsw ers to S el ected probl ems

5 ' a) 037103540 8 5 80 8 5 80 0 8 71 3 5 9
0 3 5 40 0 0 000871543I 7g7 053sb) g
001 0977
0274 0872 082r0073084s
ffi8 #l 3l1i'u* 04r5
6' d 004200560481048107630000
00510000 029402620995049505:|'
00000734 015206470972 ag72
7 ' d ) 1 3 8 31 8 1 2 0 3 5 2 0 0 01 03 8 30 1 3 0
1 0 8 0r 3 5 r r 3 8 3r 8 1 2 0 1 3 0 0 g 7 2 r 2 0 8
00000972l5l5 0 9 3 7 1 2 9 71 2 0 82 2 7 3 0956
l 5 l 5 0 0 00
8. 0872I 152 15 3 70 1 6 9

Section 7.5
l. a) yes b) no c) yes d) no
4 . l 8 : 2 * 1 6 : 2 * 3 * 1 3: 3 * 4 * l I :
7*l I
5 . ( t z , s t , g 5 , g1,6 , 4 g , 6 4 )
6. 6242382306332274
g. (44,37,7 4,72,50,24)
1 0 .a ) 0 o: 2 . 3 . 1 0 : 2 . 5 . 6 : 6 . 1 0
b ) 1 5 9 6 0 :g . 2 1 . 9 5
Section 7,6
l. a) 36962
, 6 4 0 , 5 6 0 0 , 3 g 5b ) 5 3 g 9
2. 829

l. il4 04 c)6
2 . a ) 3 b ) 2 ,3 c ) 3 , 7 d ) 2 , 6 , 7 ,l l
e ) 3 ,5 f ) 5 , I I
1 6. il 23. 89
18. d 2209

Section 8.2
L a)2 04 c)8 d)6 e)t2 f)22
4. il q b) the modulusis not prime
6. 1
i l . b) 6
1 2 . c ) 2 2 , 3 7 g, , 6 , g , 3 g .2 6

Section 8.3
l. 4 , 1 0 ,2 2
2. ilz 02 c): il2
3. il2 02 dz d)3
4. a)5 b)5 c)rs d)15
5. 7 . 1 3 . 1 7 t. 9

Section 8.4

l . i n d 5 l: 2 2 , i n d 5 2 : 2 . i n d 5 3: 1 6 , i n d 5 4 : 4 ,
i n d 5 J : I , i n d 5 6: 1 8 ,i n d 5 7: 19.
Answers to Selected Problems

i n d 5 2 l: 1 3 ,i n d 5 2 2 : l l
2. a) -r=9 (mod23) b) x=9'14
3. .) x : 7 , 1 8 ( m o d 2 2 ) b ) n o s olution
- 1 . a : 2 . 5 ,t l r 6 ( r n o d l 3 )
5 . b : 8 . 9 . 2 0 o. r 2 l
6. ,r 3 10,16,57, 5 9 . 9 0 . 9 9 .I 15 . 13 4 , 1 4 4 . 41 5 .I 4 9 , o r | - 5 2( r . I l o dI - 5 6 )
( r n o d2 3 ) , o r x E 1 , 1 2 . 4 5 . 4 1 . 7 t t ' 9 1 ' 9 3 ' 1 0 0 ' 1 3 7 ' 1 3 9 ' 1 4 4 '
T . x = I ( m o d 2 2 ) .a - 0
3 6 7 ' 3 6 9 ' 36t ,t , 1 | 3 . 451, 4 . ] 0 '
' 32 3 2 . ? . 5 2 . 2 5 45,,2277 7. 3 2l , 3 2 3 ,
1 8 3 l' 8 5 . 1 8 8 , 2 1 0 , 2 2 9 l, 2
4 5 9 , 4 6 1o. r 4 9 6 ( m o d 5 0 6 )
( m o d l 2 ) , ' t - 4 2 ( n r o d8 )
lt. a) (t,Z), (0,2) c) -x = 29
= 1 7 ( m o d6 0 )
12 b) (0,0, 1, l), (0,0' 1,4) d) 'x

Section 8.6
g o f) 3 8 8 0 8 0 g ) 8o+ o h) I 254I l 328000
r . a ) 2 0 b ) 1 2 c ) : 0 d ) 4 8 e) t
d ) 5 , l 0 ' 1 5 .1 6 , 2 0 ,3 0 ' 4 0 ' 4 8 ' 6 0 '
2 . a ) t , z b ) 3 , 4 , 6 ' 8 . 1 2 .2 4 c ) n o s o l u t i o n 1 2 ' 8 4 '1 2 6 '
8 0. 120,240 e) no s o l u ti o n f ) z . 1 4 ,1 8 .2 1 . 2 8 , 3 6 . 4 2 . 5 6 , 6 3 .
I 6 8. 252.504
4. a)tt b)2 c)l d)ll e)tg f)38
I 4 . 5 .I 3 ' l ' l ' 2 9 .5 ' l T ' 2 9 5, ' , 2 9 ' 1 3

Section 8.7
5 , 2 5 .6 2 . 8 4 .- s '2 5 . 62'"
l . 6 9 , 7 6 , 1 7 , 9 2 , 4 6I, I ' 1 2 .1 4 .1 9 .3 6 , 2 9 , 8 4 ,
7 . 6 . 1 3 , 1 0 , 1 4 , 1 5 , l , 7 ' 1 8 .1 6 .6 , l 3 - . . . p
. e r i o dl e n g t hi s 9
3. l0
6) l o z 3 z + tttz:
" 7 .a ) l t b ) 7 1 5 8 2 7 8 8 2c ) 3 l d ) 1 9 5 2 2 5 7 8 c
9 . 1 , 7 4 , 2 5 ,I 8 , I 2 , 3 0 ' l l . l 0

Section 8.8

l . a ) s b ) 5 d 2 d ) 6 e) 30 i) 20
2. a)2 b)3 d2 il2 e)5 t)7
3. a) usesPreads : 3 b) u s es p r e a sd : 2 l c ) u s cs P r c a sd : 2

Section 9.1
l, l6.l7
I . a ) t b ) I , 4 c ) I , 3 , 4 , 9 , 1 02, 1 d ) 1 , 4 , - s , 6 , 7 , 9 . 1
2. l,l,-1,1,-1,-l
(mod 7) c) no solution
I l. a) -r = 2,4 (mod 7) b) -r = |
15. .r = 1,4,11,14 ( m o d l5)
36. c) DETOUR
Answersto Setectedproblems

Section 9.2

l.a)-l b)-l c)_l d)_l e)r f)l

5.p= +1,*3,+g(mod2g)

Section 9.3

l.a)r b)-lc)r d)l e)_l f)l

2. n : 1 , 7 , 1 1 , 1 7 , 4 3 , 4 9 , 5 3 , o r 5 9( m o d 6 0 )
3. n = 1,7,13,17,19,2937,71 9 ,1g, 3
1 ,0 1 , 1 0 3 , 1 0 7 , 1 0 9 ,o1r1 I3l,9 ( m o d 1 2 0 )
9. a) -l b) -l c) -r

Section l0.l

6. a) .lb) .ar6c) .92nr6 d) .5 e) xOq f) .000999

i. a) (:s)g b) (.2)sc) (.r+o:), ai'f.'i6, e ) (.052)6f) (.02721350564)R
8 u)3 b)+ dL
25 90 33
s.u)Sb)+.)Ad) el6
343 70 20 I 365
10. b :2s'3s'5"7"',wheres1,.92,s3, and sa are nonnegative
not a1 zero
ll. a) 2,1 b) l,t c) z,t d) 0,22 e) 3.e rl o.o1
12. a) l, o b) 2 ,0 c ) 1 ,4 d ) 2 ,1 e ) l ,l f) 2 .4
t4. a) 3 b) l1 d tt d) l0l d +t.zT D 7.13
0 l I 1 I 2 t_2 3 1 4 3 2 5 3 4 5 6l
23. a)
T'i' 6'T';'t't't';,r,7,T';,;';,;';,;,;
l . i l t 5 / 7 0 t 0 / 7 d o l z l d ) 3 s s / l l 3 d z f ) 3/2
2 . a ) [ t ; s ] U )B ; z l c ) [ 0 ; 1 , 1 , 1 , 9 d] ) [ 0 ; 1 9 9 , 1 , e d s/3 h) 8/5
4 )] [ - | ; 1 , 2 2 , 3 , 1 , 1 . 2 , 2 1
f ) [ o ; 5l , l , z , l , 4 , l , 2 l l

I . a ) [ l ; 2 , 2 , 2 , . . .b1) [ t ; 1 , 2 , 1 , 2, 2, 1, . . . )c ) [ 2 ; 4 , 4 , 4 , . .d) ) t
[ ;1,1,1,...J
2 . 4 _ l , L ! , s , t b ) 6 J , l , l , J c ) 0 , 2 , 6 , 1 0 , 1 4d ) 0 , 1
? 312689
l- l'3'4 ^7'32'39'7t: o,
4t 69
l l . d ) 2g1 9 l l 1 3 -1 3 5 ' 1 5 7t 7 g ' 2 0 12 2 3 z 4 s 2 6 7 z } s 3 l l
t5'22'29'36,Jt,E-'T,d,7l '7g 'g5 ,lt,f

Section 10.4

l. IU,t,t,+1b) t3;:,61c) ta;l":,

a) to;FrZt
2 . ")
a) [l;2]
3. a) (z: +.,/Til/rc b) (-l +,/+sl/z c) (s + .,Fazlto
4. b) [ lo;20]
, 117:frl,
Answers to Selected Problems

tt o:z2o|lte;Tt4I?q,2,+t1
5. c) [q;j,J8],
6. d to:ffil, 17:7,t41, I l6;l,t5,1,321
I l. b), c), e)

Section I l.l
b) 3'4'5;6'8'105 ; ',12',13;9'
l . a ) 3 , 4 , 5 : 5 , 1 2 , 1 31;5 , 8 , 1 7 : ' 7 , 2 4 , 2 5 : 2 1 , 2 O , 2 9 : 3 5 , 1 2 , 3 7
1 0 ' 2 4 ' 2 6 : 2 1 ' 2 0 ' 2 9l ;8 ' 2 4 ' 3 0 ; 3 0 ' 1 6 ' 3 4 ;
21,28,35,35,12,37 ; I 5,36,39;24,32,40
1 ' - 2\ I (m2+Zn2)
8. x : : n l n , z- - : w h e r em a n d n a r e p o s i t i v e i n t e g e r s .
;(m"-Zn"),Y t
,: L(2^2-nz),! : ^r,, : where m and n a(e positiveintegers,
*>it,li, andn is even
: mn,, - , ) , r ?\ r- - ^^ --- ^-,{
where m and n, - ^are
^^"iti'r, integers,
9. , - l-{^z-3n2),y f,(^2+3n2)
*rrTln,andm = n(mod 2)

Section 11.3
b)nosolutionc)x: + l'y: +2
l. a)x:!2,y:0;x:+l,y:!l
t3,y:*l b)nosolution c)x- + 5 ' l : 0 ; x : * 1 3 ' y:+3
2. a)x:
: 70,y : 13 b) x : 9 8 0 1 , : 1 8 2 0
3. a) x Y
: 829920;x : 42703566796801,
5' X : l 52Q,y : 273 ; x : 4620799,y
: 766987012160
6. a), d), e), g), h) Yes b)' c)' f) no
x : 6239'765965'120528801, ! : 19892016576262330040

Number Theory

l' w. W. Adams and L. J. Goldstein, Intoduction to Number Theory,

Prentice-Hall,EnglewoodCliffs, New Jersey,1g76.
2. G. E. Andrews, Number Theory, w. B. Saunders,philadelphia, lg7l.
3. T. A. Apostol, Introduction to Analytic Number Theory, Springer-
Verlag, New York, 1976.
4. R' G. Archibald, An Introduction to the Theory of Numbers, Merrill,
Columbus,Ohio, 1970.
5. I. A. Barnett, Elements of Number Theory, prindle, weber, and
Schmidt, Boston, 1969.

6. A. H. Beiler, Recreations in the Theory of Numbers, 2nd ed., Dover,

New York, 1966.
7. E. D. Bolker, Elementary Number Theory, Benjamin, New york, 1970.
8. Z. I. Borevich and I. R. Shafarevich, Number Theory, Academic press,
New York, 1966.
9. D. M. Burton, Elementary Number Theory, Allyn and Bacon, Boston,

10. R. D. Carmichael, The Theory of Numbers and Diophantine Analysis,

Dov er , New Y o rk , 1 9 5 9 (re p ri n t o f th e o ri gi nal 1914and l 9l 5 edi ti ons).
I l. H. Davenport, The Higher Arithmetic, 5th ed., Cambridge University
Press,Cambridge, 1982.
12. L. E, Dickson, History of the Theory of Numbers, three volumes,
chelsea, New York, 1952 (reprint of the l9l9 original).
13. L. E. Dickson, Introduction to the Theory of Numbers, Dover,
New York 1957 (reprint of the original 1929 edition).
Bi b l i ogr aP hY

N ew Y ork'
1 4 . H. M . E dwar d s , F e rm a t' s L a s t T h e o re m,Spri nger-verl ag,

15. A.A.Gioia,TheTheoryofIYttmbers,Markham'Chicagol970.
1 6 . E. Grosswald,,Topicsfrom the Theory of Numbers, 2nd ed.,
B o s t o n ,1 9 8 2 .

t'7. R. K. Guy, l.)nsolvedProblems in l,{umber Theory, springer-verlag,

N e w Y o r k , 1 9 8 1.
Theory of
1 8 . G . H. Har dy a n d E. M . W ri g h t, A n In troducti on to the
1,,{umbers,5th ed., Oxford University Press, Oxford, 1919'
New York
1 9 . L. Hua, Introduction to Number Theory, Springer-verlag,
l 982.

20. K. Ireland and M. L Rosen, A Classical Introduction to Modern

I Y um berT heo ry ,Sp ri n g e r-Ve rl a g , e w Y o r k, 1982'

2 1 . E . Landau,E l e m e n ta ryN u m b e r T h e o ry ,C hel sea,N ew Y ork, 1958'

2 2 . W. J. LeVeque, Fundamentals of Number Theory, Addispn-Wesley,

2 3 . w. J. LeVeque, Reviewsin Number TheOry, six volumes, American

M at hem at ic a lS o c i e ty ,W a s h i n g to n ,D .C ., 1974'

2 4 . C. T. Long, Elementary Introduction to Number Theory, 2nd ed.,

Heat h, Lex in g to n ,M a s s a c h u s e tts1,9 7 2 .
(no date)'
25. G. B. Matthews, Theory of Numbers, Chelsea,New York

26. I. Niven and H. S. Zuckerman, An Introduction to the Theory of

Num ber s , 4t h e d ., W i l e y , N e w Y o rk , 1 9 8 0 .

2l. O. Ore, An Invitation to Number Theory, Random House, New York'


28. O. Ore, Number Theory and its History, McGraw-Hill, New York,
I 948.

29. A. J. Pettofrezzo and D. R. Byrkit, Elements of Number Theory,

Prentice-Hall,EnglewoodCliffs, New Jersey,1970'
30. H. Rademacher, Lectures on Elementary [t{umber Theory, Blaisdell,
New York 1964,reprint Krieger, 1977.

31. P. Ribenboim,1-JLectures on Fermat's Last Theorem,Springer-Verlag,

New Y or k , 1 9 1 9 .
B i bl i ography

32. J. Roberts, Elementary Number Theory, MIT press, cambridge,

Massachusetts, 1977.
33. D. shanks,solved and unsolvedproblemsin Number
Theory,2nd ed.,
New york. 197g.
3 4 . J. E. Shockley, Introduction to Number Theory, Holt,
Rinehart, and
Winston, 1967.
3 5 . w. Sierpifski, Elementary Theory of Numbers, polski
Akademic Nauk,
Warsaw, 1964.
3 6 . w. Sierpifiski, A selection of problems in the Theory
of Numbers,
PergammonPress,New york, 1964.
3 7 . w. Sierpirlski, 250 problems in Elementory Number
Theory, polish
ScientificPublishers,Warsaw, 1g70.
3 8 . H. M. Stark, An Introduction to Number Theory, Markham,
1970;reprint MIT press,cambridge, Massachuseits,r9ig.
3 9 . B. M. Stewart, The Theory of Numbers, 2nd, ed., Macmiilan,
New York, 1964.
40. J. v. Uspensky and M. A. Heaslet, Elementary Number Theory,
McGraw-Hill, New York. lg3g.
4l' C' Vanden Eyden, Number Theory, International Textbook,
42. I. M. vinogradov. Elements of Number Theory, Dover, New york,
t 954.

Number Theory with Computer Science

4 3 . A. M. Kirch, Elementary Number Theory: A computer Approach,

Intext, New York, 1974.
44. D. G. Malm, A computer Laboratory Manual
for Number Theory,
COMPress, Wentworth, New Hampshire, 1979.
4 5 . D. D. spencer, computers in Number Theory, computer science press,
Rockville, Maryland, 1982.
Bi b l i o gr aP hY


Hayden, Rochelle Park,

46. B. Bosworth, codes, ciphers, and computers,
New JerseY,1982.
47. D. E. R. Denning, Cryptography and Data Security,
Reading, Massachusetts, 1982'
Aegean Park Press,
48. w. F. Friedman, Elements of Cryptanalysis,
Laguna Hills, California, 1978'

computer Engineering,Univ. calif. Santa Barbara,
50. D. Kahn, The Codebreakers,the Story of Secret Writing'
New York' 1967.
51. A. G. Konheim, Cryptography: A Primer, Wiley' New York'
Park Press,
5 2 . S. Kullback, s/atis tical Methods in cryptanalysis, Aegean
Laguna Hills, California, 1976.
Dimension tn
5 3 . C. H. Meyer and S. M. Matyas' Cryptography: A New
Computer Data Security, Wiley, New York, 1982'
Association of
5 4 . A. sinkov, Elementary cryptanalysis, Mathematical
America, Washington,D.C., 1966'

Computer Science

and Design'
55. K. Hwan g, Computer Arithmetic: Principles, Architecture
WileY, New York, 1979.
'of computer Programming: semi-Numertcal
56. D. E. Knuth, Art
Algorithms volume 2, 2nd d., Addison wesley, Reading
Massachusetts,l98l .
and searching,
57. D. E. Knuth, Art of computer Programming: sorting
volume 3, Addison-wesley,Reading,Massachusetts, 1973.
wiley, New
58. L. Kronsjo, Algorithms: Their complexity and Efficiency,
York, 1979.
its Applications
59. N. S. Szab5 and R. J. Tanaka, ResidueArithmetic and
to Computer Technology,McGraw-Hill' 1967'
442 Bibliography


60. H. Anton, Elementary Linear Algebra, 3rd ed., Wiley, New York, 1981.
6 1 . E. Landau, Foundations of Analysfs, 2nd ed., Chelsea,New York, 1960.
6 2 . W. Rudin, Principles of Mathematical Analysis, 2nd ed., McGraw-Hill,
New York 1964.



63. Ll M. Adleman, C. Pomerancq and R. S. Rumely, "On distinguishing

prlime numbers from composite numbers," Annals of Mathematics,
v o l u m e 1 1 7 ( 1 9 8 3 ) ,1 7 3 - 2 A 6 .

64. J. Ewing, t 286243-lis prime," The Mathematical Intelligencer, Volume

5 (1983),60.

65. J.lE. Freund, "Round Robin Mathematicso" American Mathematical

tullonthly,Volume 63 (1 956), ll2-114.

66. R. K. Guy, "How to factor a number" Proceedings of the Ftfth

Manitoba Coderence on Numerical Mathematics, Utilitas, Winnepeg,
Manitoba, 1975, 49-89.

I ot. A . K . Hea d , " Mu l ti p l i c a ti o n mo d u l o n , " B IT, V ol ume 20 (tgS O), 115-

l I16.

6 8 . P. Hagis, Jr., "Sketch of a proof that an odd perfect number relatively

prime to 3 has at least eleven prime factors," Mathematics of
Computations, Volume 46 0983), 399-404.

69. J. C. Lagarias and A. M. Odlyzko, "New algorithms for computing

n(ff)," Bell LaboratoriesTechnical Memorandum TM-82-1 I 218-57.

7 0 . H. P. Lawther, Jr., "An application of number theory to the splicing of

telephonecables,"American Mathematical Monthly,Yolume 42 (tggS),
8 l - 9 1.
7 1 . H.1 W. Lenstra, Jr., "Primality testing," Studieweek Getaltheorie en
Co[nputers, 1-5 September 1980, Stichting Mathematisch Centrum,
Arfrsterdam. Holland.
Bi b l i ogr aP hY

and testsfor primality Proceedings

72. G. L. Miller, "Riemann'shypothesis
on the Theory of "' computing,
of thq seventhAnnual Ac:M symposium
1,73. in primality testing"' The
-' C. pomerance, "Recent developments
(l g g l ), 97-105.
i' ur r ir *" r ic al In te l l i g e n c e r,v o l u m e 3
\lq. C. pomerance, "The search for primes," Scientific American' Volume
241(tgSD, 136'147.
.15. ,,probabilisticalgorithms for lesting primality," Journal of
M. o. Rabin,
1 2 8 -138'
Num ber T he o ry ,V o l u me 1 2 0 9 8 0 )'
of the
./6. R. Rumely, ,,Recent advances in primality testing," Notices
30 (1983), 4,75-47,7,
American Mathematical Sociely, Volume
2'7th Mersenne prime"' Journal of
77. D. Slowinski, "searching for the
(1 9 18/9),258-261'
Rec r eat ionaM l a th e m a ti c s ,Vo l u m e I I
Monte Carlo test for PrimalitY,"
7 8 . R. Solovay and V. Strassen' "A fast
Volume 6 09ll)' 84-85 and erratum,
SIAM Journal for Computing,
v o l u m e7 ( 1 9 7 8 ) ,1 1 8 .
in the develoPment of
7 9 . H. C. Williams, "The influence of computers
with APPlications,
number theory," Computers and Mathematics
V o l u m e8 ( 1 9 8 2 ) , 7 5 - 9 3 '
g0. H. c. williams, "Primalitytestingon a computer",Ars combinatorica'
v o l u m e5 ( 1 9 7 8, )1 2 7 - 1 8 5 '


for the discrete logarithm

81. L. M. Adleman, "A subexponentialalgorithm
Proceedings of the 2ath
problem with applications to cryptogiaphy,"
of Computer Science' 1979' 55'
Annual Sy*:,porium on the Fonia'tioit
g2. M. Blum, "coin-flipping by telephone- a protocol for solving
problems,"IEEE Proceedings'Spring Compcon"
in cryptography"' IEEE
83. w. Diffie and M. Hellman, "New directions (l976),644-655'
Transactionson Idormation Theory, Volume
public key
g4. D. R. Floyd, "Annotated bibliographicalin conventionaland
(1983) 12'24'
cryptograpnr,. Cryptologia, Volume 7 '
B i bl i ography

8 5 . J. Gordon, "Use of intractable problems

rn cryptography," Information
Privacy, Volume 2 (19g0), l7g-fg4.
8 6 . M. E. Hellman, "The mathematics of public-key
Scientffic American, Volume 241 (1979) t 4 6 - t 5 7 .
8 7 . L. S. Hill, "Concerning certain linear
transformation apparatus of
cryptography," American Mathematical Monthl y, V ol ume 3g (1931).
l 3 5 -15 4 .
8 8 . A. Lempel, "cryptology in transition," computing
surveys, volume ll
Q 979) , 28 5 -3 0 3 .
8 9 . R. J. Lipton, "How to cheat at mental poker,,,
and ,,An improved power
encryption method," unpublished reports, Department
of computer
Science,University of California, Berklir'y, 1979.
90. R. c. Merkle and M. E. Hellman, "Hiding information
and signaturesin
trapdoor knapsacks," IEEE Transactiins in Idormatioi Theory,
V olum e 24 (1 9 7 9 ), 5 2 5 -5 3 0 .
9 1 . s. Pohlig and M. Hellman, "An improved
argorithm for computing
logarithms over GF(p) and its .ryptog.upt
i. significance,,' IEEE
Transactionson Information Theory, volume 24 (rgj"$,
9 2 . M. o. Rabin,. "Digitalized signatures and public-key functions
intractable as factorization," MIT Laboratory for
computer science
Technical Report LCS/TR-212, cambridge, Massachusetts,
9 3 . R. L. Rivest, A. Shamir, and L. M. Adleman, "A method
for obtaining
digital signaturesa1d public-key cryptosystems,"communications
of the
ACM, Volume 2t (1979), tZO-126.
9 4 . A. shamir, uA polynomial time algorithm for
breaking the basic
Merkle-Hellman cryptosystem," proceedings of the
2ird Annual
symposium of the Foundations of computeiscie,nce, r45-r52.
9 5 . A. Shamir, "How to share a secret," communications
of the ACM,
V olum e 22 0 9 7 9 ), 6 1 2 -6 t3 .
9 6 . A. Shamir, R. L. Rivest, and L. M. Adleman, "Mentar poker,,,
Mathematical Gardner, ed. D. A. Klarner, wadsworth
Belmont, California, 198l, 37-43.
List of SYmbols

t2 Summation, 5
nt Factorial, 8
Product, 9
It Binomial coeficient, l0
olb Divides, 19
olt Doesnot divide, 19
lxl Greatestinteger, 20
( a 1 r a 1 r - 1 . . . a f l 0t ) Baseb exPansion,27
Computerword size, 33
ov) Big-O notation, 38
,r(.x) Number of Primes, 47
G,b) Greatestcommondivisor, 5 3
(a 1,,a2,..-,an) Greatestcommondivisor (of n integers), 5 5
un Fibonaccinumber, 60
la,bl Least commonmultiPle, 7 2
min(xy) Minimum, 72
ma x( x , y ) Maximum, 72
p'lln Exactlydivide, 76
ta 1 ,a2, . . . , anl Leastcommonmultiple (of n integers),7 7
F, Fermatnumber, 81
a = b(mod z) Congruent,9l
a # b(mod nr) Not congruent,91
a Inverse, 104
A:B(modra) Congruent(matrices), I l9
7 Inverse(of matrix), l2l
I Identity lnatrix, l2l
adj Ca) Adjoint, 122
h (k) Hashingfunction, 141
6h) Euler'sphi-function, l6l
List of Symbols

Summationoverdivisors, 170

f*s Dirichletproduct, 172

Miibius function. 173
o(n) Sum of divisorsfunction, I74
r(n) Number of divisorsfunction, 17s
M- Mersennenumber.l g2
E*(P) Encipheringtransformation,ZI2
D*(c) Decipheringtransformation,212
ord.a Orderof a modulom. Z3Z
ind,a Index of a to the baser, 252
I(n ) Minimal universalexponent,269
X6(n) Maximal +l - exponent,2g0
Is-l Legendresymbol, 289
lp )
lLl Jacobisymbol, 314
ln J
(c p2ca..)
6 BaseD expansion,341
( . c1 . . . c r - 1 r
b Periodicbase6 expansion,343
Fn Fareyseriesof ordern, 349
Iag;a1,a2,...,,e111 Finitesimplecontinuedfraction, 351
Ck : Pr/qr Convergent of a continuedfraction, 354
[ a g ; at , a z , . . . l Infinite simplecontinuedfraction, 362
* - ,,ffifr|' Periodiccontinuedfraction, 3i4
Conjugate, 377

Absolute least residues, 93 Caesarcipher, 189

Abundant integer, 185 Calendar, 134
Additive function, 174 Gregorian, 135
Affine transformation, l9l International Fixed, 138
Algorithm, 33,58 Cantor expansion, 30
division, 19 Card shuffiing, 152
Euclidean, 58 Carmichael number, 155'272
for addition, 33 Carry, 34
for division, 3'7,41 Casting out nines, 134
for matrix multiPlication, 43 Character ciPher, 189
for modular exPonentiation, 97 Chinese,ancient, 2,107,
for modular multiPlication, 100 Chinese remainder theorem, 107
for multiplication, 35,39 Cicada, periodic, 5'l
for subtraction, 34 Cipher, 188
least-remainder, 67 block, 198
Amicable pair, 185 Caesar, 189
Approximation, character, 189
best rational, 37 | digraphic, 198
by rationals, 369 exponentiation, 205
Arithmetic function, 166,418 Hill, 198
Arithmetic, fundamental iterated knapsack, 224
theorem of, 2,69 knapsack, 221
Arithmetic progression, monographic, 189
primes in, 74 polygraphic, 198
AutomorPh, 114 product, 19'l
public-key, 2,212
B a b y l o n i a n s ,1 , 2 5 Rabin, 215
Balanced ternary exPansion, 30 RSA, 212
Base, 27 substitution, 189
BaseD expansion, 27,341 transposition, 204
Best rational aPProximation, 371 Vigndre, 197
Big-O notation, 38,39 Ciphertext, 188
Binary notation, 27 Clustering, 142
Binomial coeffficient, l0 Coconut problem, 101
Binomial theorem, 12 Coefficients,binomial, 10
Biorhythms, I l4 Coin flipping, 298
Bit operation, 38 Collatz conjecture, 24
Bits, 27 Collision. 142
Block cipher, 198 Common key, 208
Borrow, 35 Common ratio, 5
Complete system of residues, 93
Caesar.Julius, 189 Completelyadditive function, 174

Diophantus, 86
function, 166
Dirichlet, G. Lejeune, 74
Composite, 1,45
Dirichlet product, 172
Computationalcomplexity, 3g
Dirichlet's theorem on primes in
of addition, 39
arithmetic progression, 74
of Euclidean algorithm, 62
Divide, l8
of division,4 -
Divisibility, l8
of matrix multiplication, 43
Divisibilitytests, lZ9
of multiplication, 39
Division algorithm, l9
of subtraction, 39
Divisor, l8
Computer arithmetic, 33,109
Double hashing, 143
Computer files, 141,227
Draim factorization, g4
Computer word size, 33,109
Duodecimal notation, 44
Congruence, 2,gl
linear, 102
Electronic poker, 209,304
of matrices, I l9 Enciphering, 188
Congruenceclass. 92
Encryption, 188
Ccllatz, 24
diophantine, 86
Goldbach, 50
Pell's, 404
Conjugate, 377
Eratosthenes, I
Continued fraction, 350
Eratosthenes,sieveof, 2,46
finite, 351 Euclid, I
infinite, 362 Euclideanalgorithm, 5g
periodic, 374 425
Euler. L.. I
purely periodic, 3g3
Eu l e rphi -functi on,l 6l ,l 67
simple,351 Euler pseudoprime,325
Convergent, 354
Euler'scriterion. 290
Coversionof bases, Zg
Euler's factorizationmethod, g5
Coveringset of congruences,I l5
Euler's theorem, 161
C r y p t a n a l y s i s ,1 8 8
Exactly divide. i6
Cryptography, 188 Expansion,
Cryptology, 188
base b, 27
Cubic residue, 262
Cantor, 30
continuedfraction, 350
Database, 227 periodic base b, 343
Day of the week, 134 periodiccontinuedfunction, 374
Decimal notation, 27
terminating, 341
Deciphering, 186 t l-exponent, 280
Decipheringkey, 213 Exponentiationcipher, 205
Decryption, 188
Deficient integer, 185 Factor, l8
Descent,proof by, 398 Factor table, 4ll
Diabolic matrix, 127 Factorial function, 8
Digraphic cipher, 198 Factorization, 69,79
Diophantineequations, 86,391 Draim, 84
linear, 86 Euler, 85

Fermat. 80 Goldbach,C., 50
prime, 68 Goldbach's conjecture, 50
prime-power, 69 Greatest common divisor, 53
speedof, 80,215 Greatest integer function, 20
Faltings,G., 400 Greeks, ancient, 2
Farey series, 349
Fermat, P. de, 1,397 Hadamard, J., 48
Fermat factorization, 80 Hanoi, tower of, l'l
F e r m a t n u m b e r , 8 1 , 3 0 2 , 31 Hashing, 141
Fermat prime, 8l double, 143
Fermat quotient, 152 quadratic, 304
Fermat's last theorem, 398 Hashing function, 141
Fermat's little theorem, 148 Hexadecimal notation, 27
Fibonacci, 60 Hilbert prime, 76
Fibonacci numbers, 60 Hill cipher, 198
generalized, 68
Fibonacci pseudo-randomnumber Identity matrix modulo z, l2l
generator, 219 Inclusion-exclusion, principle of, 17,51
Frequencies, Incongruent, 9l
of letters, 193 Index of an integer, 252,421
of digraphs, 202 Index of summation, 5
of polygraphs, 203 Index system, 262
Function. Induction, mathematical, 4
additive, 174 Infinite simple continued fraction, 362
arithmetic, 166 Infinitude of primes, 45,82
completely additive, l7 4 Integer,
completely multiPlicative, 166 abdundant,185
Euler phi, 161 deficient, 185
factorial, 8 palindromic, 133
greatest integer, 20 powerful, 16
hashing, 141 square-free,75
Liouville's, 174 Inverse of an arithmetic function, t73
Mobius, l'73 Inverse modulo lrr, 104
multiplicative, 166 Inverse of a matrix modulo nr, l2I
number of divisors. 175 Involutory matrix, 126,244
sum of divisors. 174 Irrational number, 336,36'l
Fundamental Theorem of
Arithmetic, 69 Jacobi symbol, 314

Game of Euclid, 67 Kaprekar constant, 3l

Gauss,C. G., 2,47 Key, l4l
Gauss' generalization of common, 208
Wilson's theorem, 152 deciphering, 213
Gauss'lemma, 293 enciphering, 212
Generalized Riemann hypothesis, 158 mastero 228
Generalized Fibonacci numbers, 68 public, 212
Geometric progression, 5 shared, 208
450 Index

Knapsack cipher, 221 algorithm for, 97

Knapsack problem, 219 Monographic cipher, 189
k-perfect number, 186 Monkeys, l0l
Kronecker symbol, 324 Multiple precision, 33
k th power residue, 256 Multiplication, 35,39
matrix, 43
Lagrange,J., 147 Multiplicative function, 166
Lagrange interpolation, 242 Multiplicative knapsackproblem, 226
Lagrange's theorem Mutually relatively prime, 56
(on continued functions), 378
Lagrange's theorem Nim. 3l
(on polynomial congruences), 219 Notation,
Lam6, G., 62 big-O, 38
Lam6's theorem, 62 binary, 27
Law of quadratic reciprocity, 297,314 decimal, 27
Least common multiple, 72 duodecimal, 44
Least nonnegativeresidue, 93 hexadecimal, 27
Least-remainderalgorithm, 67 octal, 27
Legendre symbol, 289 product, 9
Lemma, Gauss'. 293 summation,5,l70
Linear combination, 54 Number,
greatest common divisor as a, 54,63 Carmichael, 155,2'12
Linear congruence, 102 Fermat, 8l
Linear congruential method, 275 Fibonacci, 60
Liouville's function, 114 generalizedFibonacci, 68
Logarithms modulo p, 207 irrational. 336
Lowest terms, 336 k-perfect, 186
Lucas-Lehmertest, 183 lucky, 52
Lucky numbers, 52 Mersenne, 182
perfect, 180
Magic square, 127 rational, 336
Master key, 228 superperfect, 186
Mathematical induction. 4 Number of divisors function. 175
Matrix, involutory, 126
Matrix multiplication, 43 Octal notation, 27
Maximal t1-exponent, 280 Operation, bit, 38
Mayans, 1,25 Order of an integer, 232
Mersenne,M., 182
Mersenne number. 182 Pairwise relatively prime, 56
Mersenne prime, 182 Palindromic integer, 133
Method of infinite descent, 398 Partial remainder, 37
Middle-squaremethod, 275 Partial quotient, 351
Miller's test, 156 Pascal'striangle, 12
Minimal universal exponent, 269 Pell's equation, 404
Mobius function, 173 Pepin'stest, 3l I
Mobius inversion formula, 173 Perfect number, 180
Modular exponentiation, 97 Period,

pure multiPlicative, 277

of a base b exPansion, 343
of a continued fraction, 374 P u b l i c - k e yc i P h e r , 2 , 2 1 2
Periodic base b exPansion, 343 Purely periodiccontinuedfraction' 383
Periodic cicada, 5'l Pythagoras, 1
Periodiccontinuedfraction, 374 PythagoreantriPle, 391
Plaintext, 188 Pythagoreantheorem, 391
Poker. 209,304
PolygraphicciPher, 198 Quadratic hashing, 304
Powerful integer, 76 Quadratic irrational, 375
Prepperiod, 343 Quadratic nonresidue,288
Primality test, 153,263 Quadratic reciProcitYlaw, 297,304
probabilistic, 158,334 Quadratic residue, 288
Primes, 1,45 Quotient, l9
Fermat, 8l Fermat, l52
Hilbert, 76 partial, 351
in arithmetic Progressions,74
infinitude of, 45 Rabbits, 68
Mersenne, 182 R a b i n ' sc i p h e r s y s t e m , 2 1 5 , 3 0 3
Wilson, 152 Rabin's probabilisticPrimalitY
Prime number theorem, 47 t e s t , I 5 8 , 2 1 4 ,3 4
Prime-power factorization, 69 Rational number, 336
Primitive root, 234,243 42O Read subkeY, 227
Primitive PythagoreantriPle, 391 Recursivedefinition, 8
Principleof inclusion-exclusion,l7 Reducedresiduesystem, 162
Principleof mathematicalinduction, Reducedquadratic irrational, 384
second, 8 ReflexiveproPertY, 92
Probabilisticprimality test, 158'334 Regular polygon,
Probing sequence, 143 constructabilitY, 83
Problem, Relativelyprime, 53
knapsack, 219 mutually, 56
multiplicativeknaPsack, 226 pairwise, 56
Remainder, l9
Product, Dirichlet, 172
Repunit, 133,165
Product ciPher, 192
cubic, 262
reflexive, 92
k th power, 256
symmetric, 92
least nonnegative, 93
transitive, 92
quadratic, 288
well-ordering, 4
absoluteleast, 93
complete sYstemof, 93
Euler, 325
reduced, 162
strong, 157
Root of a polynomialmodulo rn, 238
Pseudo-randomnumbers, 275
Round-robintournament, 139
Pseudo-randomnumber generator'
RSA cipher system, 212,274
Fibonacci, 279
linear congruential, 275
Second princiPle of
middle'square, 275
4s2 lndex

mathematical induction. 8 Fermat's last, 398

Seed, 276 Fermat's little. 148
Shadows, 228 Lagrange's (on continued
Shift transformation. l9l fractions), 378
Shifting, 35 Lagrange's (on polynomial
Sieve of Eratosthenes, 2,46 congruences), 239
Signature, 216 Lam6's, 62
Signed message, 216,218 Wilson's, 147
Solovay-Strassenprobabilistic Threshold scheme, 228,243
primality test, 334 Tower of Hanoi. 17
Splicing of telephonecables, 284 Transitive property, 92
Spread of a splicing scheme, 284 Transpositioncipher, 204
Square-free integer, 7 5 Triangle,
Strong pseudoprime, 157 Pascal's, l2
Subkey, Pythogrean, 391
read, 227 Twin primes, 50
write, 227
Substitution cipher, 189 Universal exponent, 269
Succinct certificate of primality, 266
Sum of divisors function, 174 Vall6e-Poussin, C. de la, 48
Summation notation, 5 Vignrire ciphers, 197
Super-increasingsequence, 22O
Superperfect number, 186 Weights, problem of, 30
Symbol, Well-ordering property, 4
Jacobi. 314 Wilson, J., 147
Kronecker, 324 Wilson prime, 152
Legendre, 289 Wilson's theorem, 147
Symmetric property, 92 Gauss' generalization of, 152
System of residues, Word size, 33,104
complete, 93 Write subkey, 22'l
reduced, 162
System of congruences,107,1l6

Telephonecables, 284
Terminating expansion, 341
divisibility, 129
Lucas-Lehmer, 183
Miller's, 156
Pepin's, 3l I
primality, 153,263
probalisticprimality, 158,334
binomial, 12
Chineseremainder. 107
Dirichlet's, 74
Eulerns, l6l

