A Course on Number Theory

Peter J. Cameron

ii

Preface
These are the notes of the course MTH6128, Number Theory, which I taught at
Queen Mary, University of London, in the spring semester of 2009.
There is nothing original to me in the notes. The course was designed by Susan McKay, and developed by Stephen Donkin, Ian Chiswell, Charles LeedhamGreen, and Thomas Muller; I have benefited greatly from Ian Chiswells notes,
which I have followed closely.
I am grateful to Mark Walters who stood in for me in the first six lectures of
the course, and whose comments have been very helpful; also to the class tutors,
markers, and most of all the students who took the course, for their comments and
support.
The original course was largely based on continued fractions: this technique
is very amenable to hand calculation, and can be used to solve Pells equation,
to write an integer as a sum of squares where this is possible, and to classify the
indefinite binary quadratic forms. This is still the centrepiece of the course, but I
have given alternate treatment of sums of squares.
The syllabus for the course reads
(a) Continued fractions: finite and infinite continued fractions, approximation
by rationals, order of approximation.
(b) Continued fractions of quadratic surds: applications to the solution of Pells
equation and the sum of two squares.
(c) Binary quadratic forms: equivalence, unimodular transformations, reduced
form, class number. Use of continued fractions in the indefinite case.
(d) Modular arithmetic: primitive roots, quadratic residues, Legendre symbol,
quadratic reciprocity. Applications to quadratic forms.
The learning outcomes state
Students will be able to use continued fractions to develop arbitrarily
accurate rational approximations to rational and irrational numbers.
iii

iv
They will be able to work with Diophantine equations, i.e. polynomial equations with integer solutions. They will know some of the
famous classical theorems and conjectures in number theory, such as
Fermats Last Theorem and Goldbachs Conjecture, and be aware of
some of the tools used to investigate such problems.
The recommended books are
[1] H Davenport, The Higher Arithmetic, Cambridge University Press (1999)
[2] Allenby & Redfern, Introduction to Number Theory with Computing, Edward
Arnold (1989)

Contents
1

Overview and revision

1.1 Overview . . . . . . . . . . . . . .
1.2 Euclids algorithm . . . . . . . . . .
1.3 Primes and factorisation . . . . . .
1.4 Congruences and modular arithmetic
1.5 The Chinese Remainder Theorem .
1.6 And finally . . . . . . . . . . . . . .

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

1
1
2
3
4
6
7

Algebraic numbers
11
2.1 Algebraic numbers and algebraic integers . . . . . . . . . . . . . 11
2.2 Quadratic irrationals . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3 Appendix: Sums, products and quotients . . . . . . . . . . . . . . 14

Finite continued fractions

3.1 Introduction . . . . . . . . . . . . . . . . . .
3.2 The [ ] functions . . . . . . . . . . . . . . . .
3.3 The convergents of a finite continued fraction
3.4 A party trick . . . . . . . . . . . . . . . . . .

Infinite continued fractions

4.1 An example . . . . . . . . . .
4.2 The definition . . . . . . . . .
4.3 Approximation by convergents
4.4 Order of approximation . . . .
4.5 Proof of Lemma 4.6 . . . . . .

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.

17
. . . . 17
. . . . 21
. . . . 24
. . . . 26

.
.
.
.
.

29
29
30
35
37
40

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

Periodic continued fractions

43
5.1 Periodic and purely periodic continued fractions . . . . . . . . . . 43
5.2 Quadratic irrationals . . . . . . . . . . . . . . . . . . . . . . . . 44
5.3 The main theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 45
v

vi
6

CONTENTS
Lagrange and Pell
6.1 Introduction . . . . . . . .. .
6.2 The continued fraction for n
6.3 Sums of two squares . . . . .
6.4 The equations x2 ny2 = 1 .
Eulers totient function
7.1 Eulers totient function . . .
7.2 Evaluation of (n) . . . . .
7.3 Orders of elements . . . . .
7.4 Primitive roots . . . . . . . .
7.5 The Mobius function . . . .
7.6 Appendix: An algebraic view
7.7 Appendix: Cryptography . .

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

Quadratic residues and non-residues

8.1 Definition and basic properties .
8.2 The Legendre symbol . . . . . .
8.3 A Euclid-type theorem . . . . .
8.4 Proofs of the first two rules . . .
8.5 Proofs of Rules 3 and 4 . . . . .

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.

.
.
.
.

53
. . . . 53
. . . . 53
. . . . 56
. . . . 60

.
.
.
.
.
.
.

.
.
.
.
.
.
.

67
67
69
70
71
72
74
75

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

77
77
78
80
81
82

Sums of squares
9.1 Sums of two squares . . . . . . . . .
9.2 Sums of four squares . . . . . . . . .
9.3 Two squares revisited . . . . . . . . .
9.4 Sums of three squares . . . . . . . . .
9.5 Where do these identities come from?
9.6 Pythagoras and Fermat . . . . . . . .
9.7 Open problems . . . . . . . . . . . .
9.8 Appendix: an algebraic proof . . . . .

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

89
89
90
93
95
95
96
98
99

.
.
.
.

101
102
103
106
109

.
.
.
.
.

.
.
.
.
.

10 Quadratic forms
10.1 Linear forms and degenerate quadratic forms
10.2 Matrix, discriminant, equivalence . . . . . . .
10.3 Positive definite forms . . . . . . . . . . . .
10.4 Indefinite quadratic forms . . . . . . . . . . .

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

11 Revision problems and solutions

119
11.1 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
11.2 Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Chapter 1
Overview and revision
In this section we will meet some of the concerns of Number Theory, and have a
brief revision of some of the relevant material from Introduction to Algebra.

1.1

Overview

Number theory is about properties of the natural numbers, integers, or rational

numbers, such as the following:
Given a natural number n, is it prime or composite?
If it is composite, how can we factorise it?
How many solutions do equations like x2 + y2 = n or xn + yn = zn have for
fixed n, where the variables are required to be natural numbers?
How closely can we approximate a given irrational number by rational numbers which are not too complicated?
How many primes are there less than 1012 (or any other bound we might
choose? Are more primes of the form 4k + 1 than 4k 1, or vice versa?
Some of these questions are interesting because properties of numbers have
fascinated humans for thousands of years. On the other hand, some of them (such
as primality testing and factorisation) are of very great practical importance: the
secret codes that keep internet commerce secure depend on properties of numbers
such as primality, factorisation, and modular arithmetic.
Not all these questions will be covered in the course. But here are some problems, which turn out to be closely related to one another, which we will consider.
Let p be an odd prime number.
1

CHAPTER 1. OVERVIEW AND REVISION

Can we express p in the form x2 + y2 for some natural numbers x and y?
(For example, 13 = 32 + 22 , but 19 cannot be written in this form, as you
can check.)
Given a natural number a, is it congruent to the square of a number x modulo
p? How do we tell? (For example, 1 52 mod 13, but there is no solution
to 1 x2 mod 19.)
Does the equation x2 py2 = 1 have a solution? What about x2 py2 = 1?
For example, 182 13 52 = 1, but there is no solution to x2 19y2 = 1.

How closely can p be approximated by a rational number? For example,

2 is approximately equal to 141421/100000, but 1393/985 is an even

better approximation, and has much smaller numerator and denominator.
How does one find such good approximations?

1.2

Euclids algorithm

We will always count 0 as being a natural number.

We recall that, if a and b are natural numbers and b > 0, then there exist unique
natural numbers q and r such that a = bq + r, with 0 r < b. The numbers q and
r are the quotient and remainder when a is divided by b. We sometimes write
q = a div b and r = a mod b. If a mod b = 0, we say that b divides a and write b | a.
(Note: a/b but b | a.) The division algorithm finds q and r from a and b.
Euclids algorithm is a procedure for finding the greatest common divisor of
two natural numbers a and b. It can be written as a function gcd(a, b), defined
recursively as follows:

a
if b = 0,
gcd(a, b) =
.
gcd(b, a mod b) if b 6= 0
The greatest common divisor d = gcd(a, b) is characterised by the following
properties:
d | a and d | b;
if e is a natural number satisfying e | a and e | b, then e | d.
Example Find gcd(225, 157). Here is the calculation:
225 = 157 1 + 68
157 = 68 2 + 21

1.3. PRIMES AND FACTORISATION

68 = 21 3 + 5
21 = 5 4 + 1
5 = 15+0
So gcd(225, 157) = 1.
The Euclidean algorithm also finds integers u and v such that
gcd(a, b) = ua + vb.
In the above example, we can work back up the chain:
1 =
=
=
=

21 5 4
21 (68 21 3) 4 = 21 13 68 4
(157 68 2) 13 68 4 = 157 13 68 30
157 13 (225 157) 30 = 157 43 225 30.

So we have u = 30, v = 43.

Remark Sometimes we will modify the division algorithm as follows. Given
integers a and b, with b > 0, there exist unique integers q and r such that a = bq+r
and b/2 < r b/2. In other words, we allow the remainder to be negative,
but choose it to have modulus at most b/2. For example, the classical division
algorithm gives 12 = 7 1 + 5, but the modified version gives 12 = 7 2 2.

1.3

Primes and factorisation

A natural number p is said to be prime if p > 1 and, whenever p = ab holds for

some natural numbers a and b, we have either a = p, b = 1, or a = 1, b = p. In
other words, p is prime if its only factors in the natural numbers are itself and 1,
and these factors are different.
The fact that 1 is not counted as being prime is a convention, but is needed
in order for unique factorisation to hold. (If we allowed 1 to be prime, then 6 =
2 3 = 1 2 3 = 1 1 2 3 = would have infinitely many prime factorisations!
Lemma 1.1 Let p be prime. If p | ab, then p | a or p | b.
Proof Suppose that p does not divide a. Since the only divisors of p are 1 and p,
and p doesnt divide a, we must have gcd(a, p) = 1, so there exist integers u and
v with ua + vp = 1. Now b = uab + vpb; and p divides uab (since it divides ab by
assumption) and p divides vpb; so p divides their sum, which is b.


CHAPTER 1. OVERVIEW AND REVISION

Theorem 1.2 Any natural number greater than 1 can be written as a product of
prime numbers, and this expression is unique apart from re-ordering the factors.

Proof We show the existence of a factorisation into primes by induction. Given

a natural number n, if n is prime, then it is the product of just one prime. (This
starts the induction at n = 2, and is also part of the inductive step.) Otherwise, n
has a factorisation n = ab with a, b < n. By the induction hypothesis (since both a
and b are greater than 1 but smaller than n), they have factorisations into primes;
putting them together we have a factorisation of n.
For the uniqueness, we use the lemma. Suppose that
n = p1 p2 pr = q1 q2 qs ,
where p1 , p2 , . . . , pr , q1 , q2 , . . . , qs are primes. Clearly p1 divides q1 q2 qs ; by
the lemma, either p1 divides q1 or p1 divides q2 qs . Continuing, we find that
p1 divides one of the primes q1 , . . . , qs . By re-ordering them if necessary, we can
assume that p1 divides q1 , whence p1 = q1 since q1 is prime. Now we can cancel
off the first factor from both sides and continue the process, until we have shown
that the two factorisations are the same.


1.4

Congruences and modular arithmetic

Let n be a natural number. We say that two integers a and b are congruent modulo
n if n divides a b. We write this as
a b mod n.
Note that this is a slightly different use of the word mod from the one we used
earlier to denote the remainder. But it is closely connected; two numbers are
congruent modulo n if and only if they leave the same remainder when they are
divided by n.
Congruence modulo n is an equivalence relation; the equivalence classes are
called congruence classes modulo n. There are exactly n congruence classes,
corresponding to the n possible remainders (0, 1, . . . , n 1) we could obtain when
we divide a number by n.
We denote by [a]n the congruence class modulo n containing a, and by Zn the
set of congruence classes modulo n. The set Zn is a ring, in fact a commutative
ring with identity; this means that congruence classes can be added or multiplied,
by the rules
[a]n + [b]n = [a + b]n ,
[a]n [b]n = [ab]n ,

1.4. CONGRUENCES AND MODULAR ARITHMETIC

and the usual laws (commutative, associative, distributive, identity, and additive
inverse laws hold. See the Introduction to Algebra lecture notes if you need a
reminder about this.
Here are the addition and multiplication tables of Z4 . I have written the entries
in the tables as a rather than [a]4 to save clutter.
+
0
1
2
3

0
0
1
2
3

1
1
2
3
0

2
2
3
0
1

3
3
0
1
2

0
1
2
3

0
0
0
0
0

1
0
1
2
3

2
0
2
0
2

3
0
3
2
1

Proposition 1.3 If p is prime, then Z p is a field; that is, all non-zero elements
have multiplicative inverses.
Proof Suppose that [a] p is a non-zero element of Z p . This means [a] p 6= [0] p , so
p does not divide a. Since p is prime, gcd(a, p) = 1. By Euclids algorithm, there
are integers u and v satisfying ua + vp = 1. This means that ua 1 mod p, so that
[u] p [a] p = [1] p .
So [u] p is the inverse of [a] p .

For example, take p = 157. What is the inverse of [225]157 ? Our earlier
calculation showed that 43 157 30 225 = 1, so that the required inverse is
[30]157 = [127]157 .
As a consequence we prove Fermats Little Theorem:
Theorem 1.4 Let p be a prime number. Then n p n mod p for any natural number n.
Proof If n 0 mod p, then the conclusion is certainly true; so suppose not. Then
[n] p is an element of the multiplicative group of non-zero elements of Z p . By
Lagranges Theorem (see the Introduction to Algebra notes), the order of this
element divides the order of the group, which is p 1. So ([n] p ) p1 = [1] p , or in
other words, n p1 1 mod p. Multiplying both sides by n gives the result.

Exercise Prove Fermats Little Theorem by induction on n. (Hint: Use the Binomial
 Theorem and the fact (which you should prove) that the binomial coefficients
p
are divisible by p for 1 k p 1.
k
Fermats Little Theorem shows that it is possible to show that a number n
is composite without finding any factors of n. If we calculate an mod n and the
answer comes out to be different from a, then we know that n is composite.

CHAPTER 1. OVERVIEW AND REVISION

Example 32047 992 mod 2047, so 2047 is not prime.

The computation is not as bad as it might appear. Since 2048 = 211 , we can
work out 32048 mod 2047 by successive squaring. All congruences mod 2047; so
no number occurring in the calculation is larger than 20462 , and the whole thing
can easily be done on a calculator.
31
32
34 = 92
38 = 812
316 = 4202
332 3582
364 12502
3128 6392
3256 9682
3512 15452
31024 2232
32048 6012

=
=
=
=

3
9
81
420
358
1250
639
968
1545
223
601
929

So 22047 992 mod 2047, on dividing by 3 (equivalently, multiplying by the inverse of 3 in Z2047 , which is 1365).
Note that the successive squaring method avoids having to compute very large
numbers. We can evaluate 32048 by just eleven squaring operations of numbers
smaller than 2047 together with taking the remainder mod 2047.
Unfortunately, it doesnt always work. If we had used 2 rather than 3, we
would have found that 22047 2 mod 2047. The converse of Fermats Little Theorem is false! (See the exercise on Carmichael numbers below.)

1.5

The Chinese Remainder Theorem

The Chinese Remainder Theorem is about solving simultaneous congruences to

different moduli.
Theorem 1.5 Let a and b be natural numbers with gcd(a, b) = 1, and let c and d
be arbitrary integers. Then there is a solution to the simultaneous congruences
x c mod a,
x d mod b.

1.6. AND FINALLY . . .

Moreover, the solution is unique modulo ab; that is, if x1 and x2 are two solutions,
then x1 x2 mod ab.

Proof Since gcd(a, b) = 1, there are integers u and v with ua + bv = 1. Now let
x = dau + cbv.
We have bv 1 mod a, and au 1 mod b. So x cbv c mod a, and x dau
d mod b, as required.
If x1 and x2 are two solutions, then x1 c x2 mod a and x1 d x2 mod b.
So both a and b divide x1 x2 . Since a and b are coprime, ab divides x1 x2 , so
that x1 x2 mod ab as required.

This can be extended to an arbitrary number of congruences to pairwise coprime moduli.
Example Find all numbers congruent to 2 mod 3, 1 mod 4 and 3 mod 5.
The theorem shows that there is a unique solution mod 60, which can be found
by trial and error, or systematically as in the proof, which we do here.
Since 3 + 4 = 1, the number 3 1 + 4 2 = 5 satisfies the first two congruences. Now we look for a number congruent to 5 mod 12 and 3 mod 5. We have
2 12 + 5 5 = 1, so the solution is 2 12 3 + 5 5 5 = 53. So the general
solution is the congruence class [53]60 (all numbers congruent to 53 mod 60).

1.6

And finally . . .

Remember Euclids famous proof of the existence of infinitely many primes,

which you will find in the Introduction to Algebra notes.
It is possible to adapt Euclids method for other purposes. Here is an example.
Note that, apart from 2, all primes are odd, and so are of one or other of the forms
4k + 1 and 4k + 3 for some natural number k.
Theorem 1.6 There are infinitely many primes of the form 4k +3 for natural numbers k.
Proof Suppose that there are only finitely many such primes, say p1 , . . . , pr . Consider the number n = 4p1 pr 1. Clearly n is of the form 4k + 3, and so it
must be divisible by some prime of this form. (A number with a factor 2 is
even, while a product of factors of the form 4k + 1 is itself of this form, since

CHAPTER 1. OVERVIEW AND REVISION

(4k + 1)(4l + 1) = 4(4kl + k + l) + 1.) So one of the primes p1 , . . . , pr must be a

factor of n, since these are all primes congruent to 3 mod 4.
But by assumption, n 1 mod p for p = p1 , . . . , pr , so none of p1 , . . . , pr
can divide n. So we have a contradiction to our assumption, and there must be
infinitely many primes of this form.

It is also true that there are infinitely many primes of the form 4k + 1 (and
indeed, roughly equal numbers of the two forms below any given bound), but
these things are more difficult to prove.

Exercises
1.1 Prove that a number with a periodic decimal expansion
a1 . . . ak .ak+1 . . . ak+l ak+l+1 . . . ak+l+m
is rational. (This notation means that the digits from ak+l+1 to ak+l+m repeat
infinitely; for example, 1.234 = 1.2343434 . . ..)
1.2 Find gcd(245, 43) and express it in the form 245u + 43v.
1.3 Find all integer solutions of the congruence x2 2 mod 17.
1.4 Let Zn denote the ring of integers modulo n.
How many solutions does the equation x2 = 1 have
(a) in Z8 ,
(b) in Z9 ,
(c) in Z11 ?
1.5 List the prime numbers less than 100. Which of them can be written in the
form x2 + y2 for integers x and y?
1.6 A natural number q is said to be a Carmichael number if q is not prime but
satisfies the conclusion of Fermats Little Theorem, that is, nq n mod q for all
integers n.
(a) Let p be a prime number, and suppose that p 1 divides q 1. Show that
nq n mod p.
(b) Hence show that, if q is a product of distinct primes, and every prime p
which divides q has the property that also p 1 divides q 1, then q is a
Carmichael number.

1.6. AND FINALLY . . .

(c) Hence show that 561 is a Carmichael number.

1.7 There is an unknown number of objects. When counted in threes, the remainder is 2; when counted in fives, the remainder is 3; when counted in sevens, the
remainder is 2. How many objects are there?
This problem is taken from the fourth-century Chinese text Sun Zi suanjing
(Master Suns Arithmetic Manual). He gives the following formula for its solution:
Not in every third person is there one aged three score and ten,
On five plum trees only twenty-one boughs remain,
The seven learned men meet every fifteen days,
We get our answer by subtracting one hundred and five over and
over again.
Can you explain this?
Note: Sun Zi (formerly transliterated as Sun Tsu), is not to be confused with
the military strategist of the same name.
1.8

(a) Let p be a prime number, not 2 or 5. Show that there exists a positive
integer k such that 10k 1 mod p.

(b) Let k p be the smallest positive integer k with this property. Show that k p
divides p 1.
(c) Show that the digits in the infinite decimal expression for 1/p are periodic
with period k p .
(d) Find a prime p for which k p = p 1.
1.9 What goes wrong with the argument in the last section if you try to prove that
there are infinitely many primes congruent to 1 mod 4?

10

CHAPTER 1. OVERVIEW AND REVISION

Chapter 2
Algebraic numbers
An algebraic number is one which satisfies a polynomial with integer coefficients.
From Pythagoras to the present day, a lot of number theory hae been concerned
with these numbers, and in particular in trying to decide whether particular numbers of interest to mathematics are algebraic or not.

2.1

Algebraic numbers and algebraic integers

Pythagoras and his school discovered that the square root of 2 is not a rational
number. However, it is an easy number to describe geometrically: it is the ratio
of the diagonal of a square to its side. The number has a more complicated
geometric description: it is the ratio of the circumference of a circle to its diameter,
but there is no simple method to construct a straight line which is equal to the
circumference of a given circle. (We know now, for example, that such a line
cannot be constructed with the traditional geometric instruments of ruler and
compass.)
We make a distinction between algebraic numbers (which are roots of polynomials with integer coefficients) and transcendental numbers (which are not):
Definition Let u be a complex number. We say that u is an algebraic number if
there is a non-zero polynomial f with integer coefficients such that f (u) = 0; and
u is a transcendental number otherwise. Moreover, u is an algebraic integer if it
is the root of a non-zero monic polynomial (one with leading coefficient 1) over
the integers.
Note that, if we have any non-zero polynomial over the integers, we can divide by the leading coefficient to get a monic polynomial over the rationals. Conversely, given a monic polynomial over the rationals, we can multiply by the least
common multiple of the denominators of the coefficients to obtain a non-zero
11

12

CHAPTER 2. ALGEBRAIC NUMBERS

polynomial over the integers. So an equivalent definition is: u is an algebraic

number if there is a non-zero monic polynomial f with rational coefficients such
that f (u) = 0.

For example, u = 2 is an algebraic integer since it satisfies the polynomial

u2 2 =
0. The complex number i is an algebraic integer; so is the golden ratio
= (1 + 5)/2 (it satisfies 2 1 = 0). It is known that and e are transcendental numbers, but we will not give the proof here. (You can find these proofs in
Ian Stewarts book Galois Theory.
Any integer is an algebraic integer; the integer n satisfies the polynomial
x n = 0. Similarly, any rational number is an algebraic number. In the other
direction, we have:
Proposition 2.1 A rational number is an algebraic integer if and only if it is an
integer.
For this reason, we sometimes call the ordinary integers rational integers.
Proof We have seen that integers are algebraic integers; we have to prove that a
rational number which is an algebraic integer is an integer.
Let q = a/b be a rational number in its lowest terms (so that gcd(a, b) = 1).
Suppose that q satisfies a monic polynomial with integer coefficients, say
f (q) = qn + cn1 qn1 + + c1 q + c0 = 0.
Putting q = a/b, and multiplying this equation by bn , we obtain
an + cn1 an1 b + + c1 abn1 + c0 bn = 0.
Now every term in this equation except the first is divisible by b, so b divides
an . Applying Lemma 1.1 repeatedly, we find that b | a. But also b | b, so b |
gcd(a, b) = 1. This means that b = 1, so that q is an integer.

There is a result, which I will not prove, which makes things like this much
easier. This is known as Gausss Lemma. It can be stated in many different ways.
(You might like to look at p.258 in my book Introduction to Algebra.) But the
following will do for our purposes.
We define the minimal polynomial of an algebraic number to be the monic
polynomial with rational coefficients of smallest possible degree satisfied by .
(Any algebraic number satisfies a monic polynomial with rational coefficients,
and we can certainly choose one of smallest degree. Why is it unique? Suppose
that f1 (x) and f2 (x) were two different polynomials of the same (smallest) degree
satisfied by , and let g(x) = f1 (x) f2 (x). Then f1 () = f2 () = 0, so g() = 0,
but g has smaller degree than f1 and f2 .)

2.2. QUADRATIC IRRATIONALS

13

Theorem 2.2 The algebraic number is an algebraic integer if and only if its
minimal polynomial has integer coefficients.
Now let q be a rational number. It satisfies the polynomial x q = 0, and
clearly this is monic and has smallest possible degree, so it is the minimal polynomial of q. So q is an algebraic integer if and only if the coefficients 1 and q
of this polynomial are both integers, i.e. if and only if q is an integer.
One of the most important properties of algebraic numbers is the following:
Theorem 2.3 (a) Let a and b be algebraic integers. Then a b and ab are
algebraic integers.
(b) Let a and b be algebraic numbers. Then a b, ab, and (if a 6= 0) 1/a are
algebraic numbers.
I do not expect you to memorise the proof of this theorem. But it uses ideas
from linear algebra, and may be useful revision of linear algebra for you. I have
given the proof in an appendix to this section.
The theorem can be expressed in the language of algebraic structures as follows:
Corollary 2.4

(a) The algebraic numbers form a field.

(b) The algebraic integers form a commutative ring with identity.

Proof The Theorem above says that they satisfy the conditions of the subfield
and subring tests as subsets of the complex numbers.


2.2

Quadratic irrationals

In this course we will be particularly interested in numbers of the form a + b d,

where a and b are rational numbers and d is a squarefree integer not equal to 1.
(An integer d is squarefree if n2 | d implies n = 1 for positive integer
n. Clearly,

2
if d were not squarefree, we could write d = cn , and then a + b d = a + bn c.)
A number of this form is called a quadratic irrational. There will be much more
about quadratic irrationalslater in the notes!
The number u = a+b d is an algebraic number, since it satisfies the quadratic
equation u2 2au + (a2 db2 ) = 0. (This is a quadratic with rational coefficients;
we obtain one with integer coefficients by multiplying up by the denominators of
the coefficients.) In fact, the polynomial
f (x) = x2 2ax + (a2 db2 )

14

CHAPTER 2. ALGEBRAIC NUMBERS

is the minimal polynomial of u. For it is a monic rational polynomial satisfied by

u, and has degree 2; a polynomial of smaller degree would have to have degree 1,
and have the form x q, but if u satisfied this polynomial, then u = q would be a
rational number.
Using Gausss Lemma, we can now decide when a quadratic irrational is an
algebraic integer.
Proposition
2.5 Let a, b be rational numbers and d a squarefree integer. Then

a + b d is an algebraic integer if and only if either

(a) a, b are integers; or
(b) d 1 mod 4 and a 21 and b 12 are integers.

(1
+
3)/2 (a complex cube
Example (1 + 5)/2 (the golden ratio) and

root of unity) are algebraic integers but (1 + 3)/2 is not.

Proof By Gausss Lemma,
we just have to show that the monic quadratic equation satisfied by u = a + b d has integer coefficients precisely in the cases given.
The quadratic is x2 2ax + (a2 db2 ). So the question is, when is it true that
2a and a2 db2 are integers? If 2a is even then a is an integer; if 2a is odd then
a 21 is an integer.
Suppose that a is an integer. Then db2 is an integer; since d is squarefree,
this implies that b is also an integer, since if b = m/n with gcd(m, n) = 1 then
necessarily n2 | d.
Suppose that a = k + 12 , with k Z. Then a2 = k2 + k + 14 , so db2 14 is an
integer. This means that b = l + 21 for l Z (so that db2 has denominator 4). Then

db2 14 = (l 2 + l)d + (d 1)/4, so we must have d 1 mod 4.

2.3

Appendix: Sums, products and quotients

In this section we prove Theorem 2.3. If a and b satisfy monic polynomials over
the integers or rationals, we have to show that their difference and product do also.
The direct approach is quite difficult; to convince
yourself
of this, try writing down
3
a monic polynomial over the integers which has 2 3 as a root. So we need a
different strategy.
First, we give an equivalent characterisation of algebraic numbers and algebraic integers, using the concept of eigenvalues from linear algebra.
Proposition 2.6 Let u be a complex number. Then

2.3. APPENDIX: SUMS, PRODUCTS AND QUOTIENTS

15

(a) u is an algebraic number if and only if it is an eigenvalue of a matrix over

Q;
(b) u is an algebraic integer if and only if it is an eigenvalue of a matrix over Z.
Proof The eigenvalues of a matrix A are the roots of the characteristic polynomial of A, the monic polynomial det(xI A). If A is a rational (resp. integer)
matrix, this polynomial has rational (resp. integer) coefficients.
Conversely, given any monic polynomial f (x) of degree n, there is a matrix
C( f ), called the companion matrix of f , whose characteristic polynomial is f
(and hence whose eigenvalues are the roots of f ). It is the n n matrix which
has entries 1 immediately above the diagonal in the first n 1 rows, 0 in all other
positions in these rowss, and the coefficients of f (other than the coefficient of
xn ) in reverse order with the signs changed in the nth row. So C( f ) is a matrix
of integers (resp. rational numbers) if and only if the coefficients of f are integers
(resp. rational numbers).

Now we define the Kronecker product of matrices. Let A and B be two matrices, possibly of different sizes. Suppose that A is n m, with (i, j) entry ai j . Then
the matrix A B is defined to be the matrix in block form with m n blocks, the
(i, j) block being ai j B. For example, if




1 2
5 6
A=
,
B=
3 4
7 8
then

5
7
AB =
15
21

6
8
18
24

10
14
20
28

12
16
.
24
32

The following result is what is needed. The proof is just a rather boring linear
algebra argument involving playing with subscripts.
Proposition 2.7 Let A, B,C, D be matrices of the appropriate sizes so that AC and
BD are defined. Then (A B)(C D) is defined, and
(A B)(C D) = AC BD.
In particular, if A and B are matrices and v, w are column vectors such that Av
and Bw are defined, then
(A B)(v w) = Av Bw.

16

CHAPTER 2. ALGEBRAIC NUMBERS

Proposition 2.8 Let A and B be square matrices of sizes n n and m m respectively, and suppose that a and b are eigenvalues of A and B respectively. Then
a b is an eigenvalue of A Im In B;
ab is an eigenvalue of A B.
Proof Let u and v be column vectors of lengths n and m which are eigenvectors
of A and B respectively, so that Au = au and Bv = bv. Then u v is a column
vector of length mn; and we have
(A Im In B)(u v) = (a b)(u v),
(A B)(u v) = ab(u v).
(For example, we have (A B)(u v) = Au Bv.)

Now we can prove most of the theorem. If a and b are roots of monic polynomials over Q or Z, then they are eigenvalues of matrices over Q or Z, and hence
so are their difference and product.
For the inverse, we proceed directly. Suppose that a 6= 0 and a is a root of a
rational polynomial xn + cn1 xn1 + + c1 x + c0 ; that is,
an + cn1 an1 + + c1 a + c0 = 0.
Dividing the polynomial by a suitable power of x, we can assume that c0 6= 0.
Then dividing the whole expression by c0 an and reversing the terms, we have
(1/a)n + (c1 /c0 )(1/a)n1 + + (cn1 /c0 )(1/a) + cn /c0 = 0,


so that 1/a is also the root of a rational polynomial.

Exercises
2.1 Find a polynomial with integer coefficients which has

2 + 3 as a root.

2.2 For each of the following numbers, say whether it is an algebraic number
and whether it is an algebraic integer. If you answer yes, justify your answer by
giving a polynomial satisfied by the number in question.

(a) 3 3 + 1

(b) 1 + 21 5

(c) (1 + 13)/2.
2.3 Let satisfy the polynomial x3 + ax2 + bx + c = 0. Find a polynomial satisfied by 2 .

Chapter 3
Finite continued fractions
Now we embark on a major theme of this course; a method for representing rational or irrational numbers by finite or infinite strings of integers, by means of
continued fractions.

3.1

Introduction

Let us return to the calculation of gcd(225, 157) from the preceding chapter.
225
157
68
21
5

=
=
=
=
=

157 1 + 68
68 2 + 21
21 3 + 5
54+1
15+0

We can express this in a different way.

1
21
= 4+
5
5
68
1
= 3+
1
21
4+
5
157
1
= 2+
1
68
3+
1
4+
5
17

18

CHAPTER 3. FINITE CONTINUED FRACTIONS

225
= 1+
157

1
1

2+

3+

1
5
These expressions are called continued fractions. Clearly we will cover a lot
of paper writing out things like this in full, so we abbreviate them. The expression
on the right of the last equation will be written [1; 2, 3, 4, 5]. Notice the semicolon
; in the notation. Later we will define [1, 2, 3, 4, 5] to mean something different!
The part after the semicolon represents the fractional part of 225/157.
4+

Proposition 3.1 Let q = a/b be a rational number greater than 1 in its lowest terms, so that gcd(a, b) = 1. Then q can be written as a continued fraction
[a0 ; a2 , a3 , . . . , an ] for some positive integers a0 , . . . , an with an > 1.
Note that this proposition includes a degenerate case: if b = 1 then the continued fraction is just [a; ].
Proof I will give two proofs of this. They are essentially the same, but the first
is recursive, the second is more explicit. Both involve extracting the continued
fraction from Euclids algorithm, as we did in the example.
First proof We argue by induction on b. If b = 1 then, as we just remarked,
the continued fraction is just [a; ] and the last integer is a, which is greater than 1
by assumption.
If b > 1 then, since the fraction is in its lowest terms, it is not an integer. If
a = bc + r, then r 6= 0, and we have
a
r
1
= c + = a0 +
,
b
b
b/r
with a0 = c, and b/r > 1 and in its lowest terms. By the induction hypothesis,
b
= [a1 ; a2 , . . . , an ],
r
with an > 1. Then
1
a
= a0 +
= [a0 ; a1 , . . . , an ].
b
[a1 ; a2 , . . . , an ]
To see the last step, write it out as a continued fraction:
a0 +

1
1
a1 +
a2 +

3.1. INTRODUCTION

19

We can express this proof by a recurrence:

1
= [a1 , . . . , an ].
q a0

a0 = bqc,

Second proof We run the Euclidean algorithm:

a = a0 b + r1
b = a1 r1 + r2
r1 = a2 r2 + r3
..
.
rn2 = an1 rn1 + 1
rn1 = an 1

so a/b = a0 + r1 /b
so b/r1 = a1 + r2 /r1
so r1 /r2 = a2 + r3 /r2
..
.
so rn2 /rn1 = an1 + 1/rn1
so rn1 = an .

We have 1 < rn1 < < r1 < b < a, so all the fractions on the left are greater
than 1 and those on the right are less than 1; so the integers on the right are the
integer parts of the fractions on the left. Putting it all together, we have
q=

a
= a0 +
b

1
a1 +

1
..

.+

an1 +

1
an

that is, q = [a0 ; a1 , . . . , an1 , an ].

Conversely, any sequence of positive integers, the last greater than 1, defines
a unique rational number greater than 1: Clearly we have
[a0 ; ] = a0
[a0 ; a1 , . . . , an ] = a0 +

1
for n > 0.
[a1 ; a2 , . . . , an ]

This also provides an inductive definition of the symbol [a0 ; a1 , . . . , an ] (by induction on n, the number of terms).
Now consider the second proof of the proposition. Let the fractions on the left
of the equations be
a
b
r1
rn2
q0 = q = , q1 = , q2 = , . . . qn1 =
and qn = rn1 = an .
b
r1
r2
rn1
Then we can write the recurrence as
ai = bqi c,

qi+1 =

1
qi ai

20

CHAPTER 3. FINITE CONTINUED FRACTIONS

for i = 0, . . . , n 1, and an = qn .
This rule allows us to compute the continued fraction of a rational number
without explicitly running the Euclidean algorithm. For example, let q = 87/38.
We have
1
38
a0 = b87/38c = 2,
q1 =
= ,
(87/38 2) 11
11
1
= ,
a1 = b38/11c = 3,
q2 =
(38/11 2)
5
5
1
= , a3 = q3 = 5.
a2 = b11/5c = 2,
q3 =
(11/5) 2 1
So

87
= [2; 3, 2, 5].
38

Remark 1 We assumed that q > 1. If we relax this assumption, the only difference is that the first term of the continued fraction may be zero or negative. For
example, if q = 3/5, we have
a0 = h3/5i = 1,
a1 = h5/2 = 2,

5
1
= ,
(3/5) + 1 2
1
2
q2 =
= ,
(5/2) 2 1

q1 =

a2 = q2 = 2,
so 5/3 = [1; 2, 2].
Remark 2 If we relax the condition that the last entry in the continued fraction is
1
greater than one, then only one small change is necessary. Since an = (an 1)+ ,
1
we see that
[a0 ; a1 , a2 , . . . , an ] = [a0 ; a1 , a2 , . . . , an 1, 1].
So 87/38 = [2; 3, 2, 4, 1].
We end this section by showing the uniqueness of the continued fraction for
any rational number greater than 1 if we require that the last entry is greater than 1.
Theorem 3.2 If q = [a0 ; a1 , . . . , an ] = [b0 ; b1 , . . . , bn ], with an , bm > 1, then m = n
and ai = bi for i = 0, . . . , n.
Proof We prove this by induction on n. If n = 0, then q = a0 is an integer. Now
if m > 0 then
1
,
q = b0 +
[b1 ; b2 , . . . , bm ]

3.2. THE [ ] FUNCTIONS

21

and the fraction is less than one (since the denominator is greater than 1), which
is impossible. So m = 0 and a0 = b0 . This starts the induction.
Suppose that the assertion is true with n 1 replacing n. Then we have
a0 +

1
1
= b0 +
,
[a1 ; . . . , an ]
[b1 ; . . . , bm ]

and again the fractions are less than one; so a0 = b0 = bqc. Then we have
[a1 ; . . . , an ] = [b1 ; . . . , bm ], each expression having one fewer term in its continued fraction than q; so by the inductive hypothesis, m 1 = n 1 and ai = bi for
i = 1, . . . , n. So we are done.


3.2

The [ ] functions

In this section, we analyse continued fractions further by finding recurrence relations for the numerator and denominator of a given continued fraction. In this
section, we will think of the numbers a0 , . . . , an which appear as arguments to
these functions as being positive integers; but in fact everything is quite formal,
and they could in fact be any real numbers.
Definition Let n 1 and let a0 , . . . , an be positive real numbers. Define
[a0 ] = a0 ,
[a0 , a1 ] = a0 a1 + 1,
[a0 , a1 , . . . , ak ] = a0 [a1 , . . . , ak ] + [a2 , . . . , ak ] for 1 < k n.
Note that the last clause expresses a function of k variables in terms of functions
of k 1 and k 2 variables; so the definition is good.
Remark: Often we will adopt the convention that [ ] (with no numbers in the
square brackets) is equal to 1. If we do this, the induction gives the correct answer
for [a0 , a1 ]:
[a0 , a1 ] = a0 [a1 ] + [ ] = a0 a1 + 1.
Warning: [a0 , a1 , . . . , an ] is not the same as the continued fraction [a0 ; a1 , . . . , an ]
defined in the last section. Be very careful to distinguish them!
Example Find [1, 2, 3, 4, 5].
We calculate this by working from the back, since each expression only involves the last so many variables.
[5] = 5

22

CHAPTER 3. FINITE CONTINUED FRACTIONS

[4, 5]
[3, 4, 5]
[2, 3, 4, 5]
[1, 2, 3, 4, 5]

=
=
=
=

4 5 + 1 = 21
3[4, 5] + [5] = 3 21 + 5 = 68
2[3, 4, 5] + [4, 5] = 2 68 + 21 = 157
1[2, 3, 4, 5] + [3, 4, 5] = 157 + 68 = 225.

If you look back at our first example of a continued fraction, you will see a
connection, which is expressed in the following theorem.
Proposition 3.3 Let a0 , . . . , an be positive integers. Then
(a) gcd([a0 , a 1, . . . , an ], [a1 , . . . , an ]) = 1;
(b) The continued fraction [a0 ; a1 , . . . , an ] is equal to
[a0 , a1 , . . . , an ]
.
[a1 , . . . , an ]
Remark: With our convention that [ ] = 1, this gives the correct answer for
n = 0 in part (b):
[a0 ] a0
=
= a0 .
[a0 ; ] =
[]
1
Proof We prove both parts by induction on n.
(a) To start the induction, [a0 , a1 ] = a0 a1 + 1, and
gcd(a0 a1 + 1, a1 ) = gcd(a1 , 1) = 1.
So suppose that the result holds for n 1. Let x = [a0 , . . . , an ], y = [a1 , . . . , an ] and
z = [a2 , . . . , an ]. By the induction hypothesis, gcd(y, z) = 1; and x = a0 y + z, so
gcd(a0 y + z, y) = gcd(y, z) = 1.
(b) By the remark, [a0 ; ] = a0 = [a0 ], so the induction starts. Suppose that it
holds for n 1. With the same notation as in the previous part,
y
[a1 ; a2 , . . . , an ] = ,
z
and so
1
[a0 ; a1 , . . . , an ] = a0 +
[a1 ; . . . , an ]
z
= a0 +
y
a0 y + z
=
y
x
= ,
y
as required.


3.2. THE [ ] FUNCTIONS

23

Example Calculate [3; 1, 4, 1, 6]. We have

[6]
[1, 6]
[4, 1, 6]
[1, 4, 1, 6]
[3, 1, 4, 1, 6]

=
=
=
=
=

6
1[6] + 1 = 7
4[1, 6] + [6] = 34
1[4, 1, 6] + [1, 6] = 41
3[1, 4, 1, 6] + [4, 1, 6] = 157

so [3; 1, 4, 1, 6] = 157/41.
The next theorem, due to Euler, gives a non-recursive way of computing these
functions.
Theorem 3.4 Let a0 , . . . , an be positive integers. Then [a0 , a1 , . . . , an ] can be found
as follows: write the product a0 a1 an ; in all possible ways, delete k adjacent
pairs of factors, where k ranges from 0 to b(n + 1)/2c; add the resulting products.
(By convention, if n is even, then the term obtained by deleting everything has the
value 1.)
Example
[3, 1, 4, 1, 6] = 3 1 4 1 6+ 6 3 6 1 4 1 6 + 3 6 1 6 4 1 6 + 3 1 6 4 6 1 6 +
3 1 4 6 1 6 6+ 6 3 6 1 6 4 6 1 6+ 6 3 6 1 4 6 1 6 6 + 3 6 1 6 4 6 1 6 6
= 72 + 24 + 18 + 18 + 12 + 6 + 4 + 3
= 157.
Proof Induction on n. When n = 1, there is no way to delete any terms, and we
just have the single term a0 , as required.
Suppose that the formula holds for [a0 , . . . , am ] with m < n, and consider
[a0 , . . . , an ]. We take all the terms in Eulers expression, and divide them into
two types:
Those for which a0 is deleted. The only way this can happen is that a1
is also deleted, and we delete all consecutive pairs of a2 , . . . , an . By the
induction hypothesis, the sum of all these terms is [a2 , . . . , an ].
Those for which a0 is not deleted. Then every term has a factor a0 , and
what remains is a1 an with any number of consecutive pairs deleted; so
the sum of all these terms is a0 [a1 , . . . , an ].
Putting the two pieces together and using the definition of [a0 , . . . , an ] gives the
result.


24

CHAPTER 3. FINITE CONTINUED FRACTIONS

The result has a nice corollary:

Corollary 3.5

(a) [a0 , a1 , . . . , an ] = [an , . . . , a1 , a0 ].

(b) [a0 , . . . , an ] = [a0 , . . . , an1 ]an + [a0 , . . . , an2 ].

Proof (a) holds because in Eulers formula the reversed sequence obviously gives
exactly the same result.
Then (b) is straightforward:
[a0 , . . . , an ] = [an , . . . , a0 ]
= an [an1 , . . . , a0 ] + [an2 , . . . , a0 ]
= [a0 , . . . , an1 ]an + [a0 , . . . , an2 ].

This means that we can calculate by expanding from the front as well as
from the back:
[3]
[3, 1]
[3, 1, 4]
[3, 1, 4, 1]
[3, 1, 4, 1, 6]

3.3

=
=
=
=
=

3
[3]1 + 1 = 4
[3, 1]4 + [3] = 19
[3, 1, 4]1 + [3, 1] = 23
[3, 1, 4, 1]6 + [3, 1, 4] = 157.

The convergents of a finite continued fraction

Let a0 , a1 , . . . , an be positive integers. We define the convergents of the continued

fraction [a0 ; a1 , . . . , an ] to be the numbers ck = [a0 ; a1 , . . . , ak ] for k = 0, 1, . . . , n.
It doesnt make much sense yet to call them convergents, but we will see
when we turn to infinite continued fractions for irrational numbers that they do
indeed converge!
Proposition 3.6 Given positive integers a0 , . . . , an , define
pk = [a0 , . . . , ak ],

qk = [a1 , . . . , ak ]

for k = 1, . . . , n, with p0 = a0 and q0 = 1; and let ck = [a0 ; a1 , . . . , ak ] for k 0.

Then
(a) ck = pk /qk for k = 0, . . . , n;

3.3. THE CONVERGENTS OF A FINITE CONTINUED FRACTION

25

(b) gcd(pk , qk ) = 1;
(c) for k > 1, we have
pk = ak pk1 + pk2
qk = ak qk1 + qk2
Proof Parts (a) and (b) are immediate from Proposition 3.3 applied to a0 , . . . , ak .
Part (c) is just the second part of Corollary 3.5.

Example What are the convergents to [1; 1, . . . , 1] (with an arbitrary number of
ones)?
We have p0 = [1] = 1, p1 = [1, 1] = 2, and q0 = 1, q1 = [1] = 1; and
pk = pk1 + pk2
qk = qk1 + qk2
for k 2. These are the recurrence relations for the famous Fibonacci numbers
1, 2, 3, 5, 8, 13, 21, 34, . . .. Note that the q sequence is just the p sequence with 1
added at the front and all the other terms shifted along one place. (In fact, there are
different conventions about the numbering of the Fibonacci numbers; some people
say that the kth Fibonacci number is pk , while others say that it is qk . In any case,
we see that [1; 1, 1, . . . 1] (with n + 1 ones) is equal to pn /qn .) The convergents are
1 2 3 5 8 13
, , , , , ,...
1 1 2 3 5 8
You are encouraged to work out the first few of these fractions with a calculator. What pattern do you see? (The next theorem should confirm your guess.)
Theorem 3.7 With the above notation,
(a) pk qk1 qk pk1 = (1)k1 for k 1.
(b) ck ck1 = (1)k1 /qk1 qk for k 1.
Proof (a) Induction on k. We have p0 = a0 , p1 = a0 a1 + 1, q0 = 1, q1 = a1 , and
so p1 q0 q1 p0 = 1 = (1)0 , so the induction starts. If we assume that pk1 qk2
qk1 pk2 = (1)k2 , then we have pk = ak pk1 + pk2 and qk = ak qk1 = qk2 ;
so
pk qk1 qk pk1 =
=
=
=

(ak pk1 + pk2 )qk1 (ak qk1 + qk2 )pk1

pk2 qk1 qk2 pk1
(1)k2
(1)k1 .

26

CHAPTER 3. FINITE CONTINUED FRACTIONS

(b) Divide both sides of (a) by qk1 qk and use the fact that ck = pk /qk and
ck1 = pk1 /qk1 .

Corollary 3.8 The convergents satisfy
c0 < c2 < c4 < < c5 < c3 < c1 .
In other words, the even-numbered convergents increase and the odd-numbered
convergents decrease.
Proof Theorem 3.7 shows that the odd-numbered convergents are greater than
the preceding even-numbered convergents. Also, the differences between consecutive convergents decrease; so, if k is even, then ck+1 ck < ck1 ck , so that
ck+1 < ck1 , with a similar argument if k is odd.

This is exactly the behaviour that you should have observed for the ratios of
consecutive Fibonacci numbers.

3.4

A party trick

The continued fraction expansion of a rational number is the basis of a party trick
(probably only for nerds and geeks) suggested to me by one of my colleagues.
Ask someone to think of two positive integers r and s, to divide r by s using
their calculator, and to tell you the result. You will find the numbers r and s.
How? You simply calculate the continued fraction for the number q = r/s,
and use this to express it as a fraction:
q = [a0 ; a1 , . . . , an ] =

[a0 , a1 , . . . , an ]
.
[a1 , . . . , an ]

You tell them the numerator and denominator of this fraction.

There are a couple of traps, one theoretical, one practical. First of all, as we
have seen, the greatest common divisor of the numerator and denominator of a
continued fraction is 1. So if the original numbers r and s have greatest common
divisor d > 1, then you will find r/d and s/d instead of r and s. There is nothing
that can be done about this; you have to bluff your way out of it as well as you
can.
The practical problem is caused by rounding errors. Maybe, at some stage
of the algorithm, the calculator will give you a number like 5.99999862, and you
have to guess that this should really be 6, and terminate the algorithm at that point.
There is no hard-and-fast rule for this.

3.4. A PARTY TRICK

27

Example Suppose the chosen numbers are 225 and 157, so that q = 225/157 =
1.433121019. Now we calculate as follows:
a0 = bqc = 1,
a1 = bq1 c = 2,
a2 = bq2 c = 3,
a3 = bq3 c = 4,

q1 = 1/(q 1) = 2.308823529
q2 = 1/(q1 2) = 3.238095238
q3 = 1/(q2 3) = 4.2
q4 = 1/(q3 4) = 5

So q = [1; 2, 3, 4, 5] = 225
157 .
Of course r = 450 and s = 314 would have given the same result!
The chance of the gcd problem arising can be estimated rather precisely, by a
surprising theorem which is not part of this course.
Theorem 3.9 Given a large positive integer n, let pn be the probability that two
6
randomly chosen positive integers at most n are coprime. Then lim pn = 2 .
n

For example, of the 1000000 pairs of positive integers not exceeding 1000,
there are 608383 coprime pairs.

Exercises
3.1 Express 245/43 as a continued fraction.
3.2

(a) Let = [a0 ; a1 , a2 , . . . , an ], where a0 , . . . , an are positive integers.

(i) Show that = a0 + 1/[a1 ; a2 , . . . , an ] if n > 0.
(ii) Show that a0 a0 + 1.

(b) Now let = [b0 ; b1 , b2 , . . . , bm ], where b0 , . . . , bm are positive integers. Suppose that
ai = bi for i = 0, . . . , k 1 and ak < bk .
Prove that
if k is even, then ;
if k is odd, then .
[Hint: Induction on k.]

28

CHAPTER 3. FINITE CONTINUED FRACTIONS

Chapter 4
Infinite continued fractions
Infinite continued fractions are not really continued fractions at all, but are limits
of finite continued fractions. We show in this section that every real irrational
number has an expression as an infinite continued fraction, and show that these
provide good rational approximations to irrational numbers. For example, the
famous approximations 22/7 and 355/113 to arise in this way.

4.1

An example

The Pythagoreans knew that the ratio of the diagonal to the side of a square is
irrational. According to the historian of mathematics David Fowler, they may
have reasoned something like this.

s
s

@
@
@
d

@
@

@
@

Let s and d be the side and diagonal lengths of a square. Rotate the square
through 45 degrees. Prolong the diagonal by s and draw a new square on this side,
with side and diagonal lengths S and D. We see from the figure that S = s + d, and
D = 2s+d; so
S + D 3s + 2d
s
=
= 2+
.
S
s+d
s+d
29

30

CHAPTER 4. INFINITE CONTINUED FRACTIONS

Let u = (s + d)/s. Since any two squares are similar, we also have u = (S +
D)/S, and so
1
u = 2+ .
u
Substituting this expression for u into the right-hand side of the expression repeatedly, we see that
u = 2+

1
2+

= 2+
2+

1
u
1
1
2+

= ...

1
u

Now the Pythagoreans knew the essence of Euclids algorithm, which as we

have seen can be used to find the finite continued fraction of a rational number.
Put another way, if u were a rational number, then the procedure for finding the
continued fraction for u terminates, and the continued fraction is finite. The above
argument shows that, if this algorithm is applied to our number u, it never terminates; the algorithm spins its wheels and the next number at each stage is always
u.
You might guess that this means that u can be expressed as an infinite continued fraction
1
u = 2+
.
1
2+
1
2+
2+
In this chapter we will give a precise meaning to the notion of an infinite continued
fraction, and verify that this is always the case. Morever, every real irrationanl
number has a unique expression as an infinite continued fraction. We will also
see that the finite continued fractions obtained by stopping after a finite number of
steps give the best possible rational approximations to the number in question.

4.2

The definition

Our definition of an infinite continued fraction depends on the following theorem.

Theorem 4.1 Let a0 , a1 , a2 be a sequence of positive integers, and define cn =
[a0 ; a1 , a2 , . . . , an ] for n 0. Then the sequence c0 , c1 , c2 of rational numbers converges to a limit.

4.2. THE DEFINITION

31

Remark This explains why we called the numbers c0 , c1 , . . . convergents.

Proof Since c0 , c1 , . . . , cn are the convergents to the finite continued fraction
[a0 ; a1 , . . . , an ], all the results of Chapter 2 apply here.
We have cn = pn /qn , where pn = [a0 , a1 , . . . , an ] and qn = [a1 , . . . , an ]. Now
c0 < c2 < c4 < < c5 < c3 < c1
and
ck ck1 =

(1)k1
qk1 qk

for k 1.
The even terms c0 , c2 , c4 , . . . form an increasing sequence which is bounded
above (by c1 ) and so tends to a limit y. Similarly, the odd terms c1 , c3 , . . . tend to
a limit z, with y z.
Now the recurrence relation qk = ak qk1 + qk2 shows that the numbers qk
increase strictly with k, so ck ck1 0 as k . Hence y = z, and the whole
sequence converges.

We define the limit of the sequence of convergents to be the value of the infinite
continued fraction [a0 ; a1 , a2 , . . .].
For example, if xn = [2; 2, 2, . . . , 2] (with n + 1 2s), then we have
xn = 2 +

1
xn1

If limn xn = u, then clearly

1
u = 2+ ,
u

2
so u 2u 1 = 0, or u = 1 2. But u is obviously positive; so we have u =
1 + 2. This is exactly what we would expect for u = (s + d)/s, where s are the
side and diagonal of a square!
Now we show that any real number has a continued fraction expansion:
Theorem 4.2 For every irrational real number y greater than 1, there is a sequence of positive integers a0 , a1 , . . . for which the limit of the sequence of convergents of [a0 ; a1 , . . .] is y.
Proof We take a0 = byc, so that 0 < y a0 < 1. Then we put y1 = 1/(y a0 ), so
that y1 is an irrational nummber greater than 1, and continue the process:
ai = byi c,

yi+1 =

1
.
yi ai

32

CHAPTER 4. INFINITE CONTINUED FRACTIONS

Then a0 , a1 , a2 , . . . are positive integers and y0 = y, y1 , y2 are irrational numbers

greater than 1, so the process continues infinitely and produces an infinite continued fraction [a0 ; a1 , a2 ]. We have to show that the value of this continued fraction
is y.
Let c0 , c1 , . . . be the convergents of [a0 ; a1 , a2 , . . .]. Then cn = pn /qn , where
pn = [a0 , a1 , . . . , an ] and qn = [a1 , . . . , an ].
Also, we have
y = a0 +

1
= a0 +
y1

1
1
a1 +
y2

= a0 +

= .

a1 +

a2 +

1
y3

In other words,
y = [a0 ; a1 , a2 , . . . , an , yn+1 ] for all n 0.
So by Proposition 2.6 (and see the remark at the start of Section 2.2, this result is
still valid even though the numbers y and yn+1 are not positive integers!), we have
y=

yn+1 pn + pn1
for all n 0.
yn+1 qn + qn1

So


 yn+1 pn + pn1 pn 

|y cn | = 

yn+1 qn + qn1 qn 
|pn1 qn pn qn1 |
=
(yn+1 qn + qn1 )qn
1
=
(yn+1 qn + qn1 )qn
Now (yn+1 qn + qn1 ) > qn , since yn+1 > 1 and qn1 > 0; so 1/(yn+1 qn +
qn1 )qn < 1/q2n . Also the numbers qn are increasing positive integers, so 1/q2n 0
as n . So finally cn y as n , that is,
y = [a0 ; a1 , a2 , . . .],


as claimed.

Example What is the continued fraction expansion of ?

A few minutes work with a calculator shows that, to a few places of decimals,
= 3.141592653589793,

4.2. THE DEFINITION

33

1/(0.141592653589793)
1/(0.06251330593104577)
1/(0.9965944066857205)
1/(0.003417231013371963)
1/(0.6345910144503185)

=
=
=
=
=

7.062513305931046,
15.99659440668572,
1.003417231013372,
292.6345910144503,
1.575818089492172

so the continued fraction begins [3; 7, 15, 1, 292, 1, . . .].

The convergents are
3,

22 333 355 103993

,
,
,
,...
7 106 113 33102

We recognise two famous approximations to , namely 22/7 and 355/113. (The

famous approximation 22/7 was found by Archimedes, and the more accurate
355/113 was given by Zu Chongzhi in the 5th century; in China it is called Zus
ratio.) The best approximations occur when we stop just before a large number in
the continued fraction. (Can you see why?) For example, the difference between
and 355/113 is only 0.000000266764189 . . ..
Finally we show that the continued fraction expression is unique:
Theorem 4.3 Every irrational number greater than 1 is the limit of a unique infinite continued fraction.
Proof Suppose that y is irrational and y = [b0 ; b1 , b2 , . . .]. Then y = b0 + 1/y1 ,
where y1 > 1; so b0 = byc and y1 = 1/(y b0 ) are determined by y. Similarly
b1 = by1 c and y2 = 1/(y1 b1 ) are determined, and so on.

Remark We have considered numbers greater than 1 so far. The results can be
easily extended to arbitrary irrational numbers. We simply relax the condition that
a0 is a positive integer. For example,

2 1 = [0; 2, 2, 2, . . .].
Here is a comparison between the representation of real numbers by infinite
decimals and continued fractions. A sequence of positive integers may be finite,
or recurring (that is, periodic after some point), or neither. Hidden in this table
is an important theorem which we will prove later. A quadratic irrational is an
irrational number which is a root of a quadratic
equation with rational coefficients,
in other words, a number of the form a + b d where a, b Q and d is a squarefree
integer greater than 1.

34

CHAPTER 4. INFINITE CONTINUED FRACTIONS

Finite
Recurring
Non-recurring

Decimal
Rational with denominator 2a 5b
Other rational
Irrational

Continued fraction
Rational
Quadratic irrational
Other irrational

Examples To calculate the continued fraction for a real number y, set y0 = y and
then ai = byi c, yi+1 = 1/(yi ai ).

(a) u = 1 + 12 2. The
a0 = buc = 1,

a1 = b 2c = 1,

a2 = b 2 + 1c = 2,

1
2
y1 =
= = 2
2/2
2

1
y2 =
= 2 + 1,
21

1
y3 =
= 2 + 1,
21

and then the process simply repeats. So 1 + 12 2 = [1; 1, 2, 2, 2, . . .].

(b) u =

15 3. We have

a0 = b 15 3c = 0,
%
$
15 + 3
a1 =
= 1,
6

a2 = b 15 + 3c = 6,

15 + 3
,
6

= 15 + 3,

1
y1 =
=
15 3

6
y2 =
15 3
1
y2 =
= y0 ,
15 3

and the process repeats. So u = [0; 1, 6, 1, 6, . . .].

(c) Finally, let = (1 + 5)/2 be the golden ratio. Then, as we noted before,
= 1 + 1/ , so the continued fraction is = [1; 1, 1, . . .]. We noted before that the convergents [1; 1, 1, . . . , 1] are ratios of consecutive Fibonacci
numbers. So, if Fn is the nth Fibonacci number, we have

Fn+1 1 + 5
lim
=
.
n Fn
2

4.3. APPROXIMATION BY CONVERGENTS

4.3

35

Approximation by convergents

We have seen that, if y = [a0 ; a1 , a2 , . . .], and cn = [a0 ; a1 , . . . , an ] is the nth convergent to y, then the numbers cn are rational numbers which tend to the limit y. In
this section, we will see that they give the best possible approximations to y.
What should a good rational approximation p/q to y be? First, of course, it
should be close to y. Next, we want the denominator q to be relatively small. In
particular, there should be no rational number with smaller denominator which is
closer to y. Finally, we should have a good estimate for |y p/q|.
We will see that the convergents to the continued fraction for y satisfy all these
properties.
Let cn = pn /qn , where pn = [a0 , . . . , an ] and qn = [a1 , . . . , an ] (so that gcd(pn , qn ) =
1). We know that y lies between cn and cn+1 for all n remember that we have
c0 < c2 < c4 < < y < < c5 < c3 < c1 .
Thus we see that |y cn | < |cn+1 cn |. In x.x, we showed that |cn+1 cn | <
1/qn qn+1 . In particular, |y cn | < 1/qn qn+1 .

Example We showed that 15 3 = [0; 1, 6, 1, 6, . . .]. Let us compute the convergents, using the recurrence
pn+1 = an pn + pn1 ,

qn+1 = an qn + qn1 .

We have
0
c0 = ,
1
c2 =
c3 =
c4 =
c5 =
c6 =

1
c1 = ,
1
61+0 6
= ,
61+1 7
16+1 7
= ,
17+1 8
6 cot 7 + 6 48
= ,
68+7
55
1 48 + 7 55
= ,
1 55 + 8 63
6 55 + 48 378
=
,
6 63 + 55 433

and so on. How good an approximation is c6 ? We know that

|y c6 |

1
1
1
=
=
,
q6 q7 433(1 433 + 63) 214768

36

CHAPTER 4. INFINITE CONTINUED FRACTIONS

so the value is accurate to four places of decimals.

We know that cn is always a better approximation to y than cn2 is. (If n is
even, we have cn2 < cn < y, and if n is odd we have y < cn < cn2 .) What about
cn and cn1 ? We show that, after the first step, the approximation always gets
better as n increases.
Let us stop and recall some notation. We have y = [a0 ; a1 , a2 , . . .]. The nth convergent is cn = pn /qn = [a0 ; a1 , . . . , an ]. As we saw on p. 4, y = [a0 ; a1 , . . . , an1 , yn ],
where yn = [an ; an+1 , . . .]. Also,




1
1
y pn  =

.


qn
qn (yn+1 qn + qn1 ) qn qn+1
Proposition 4.4 For all n 2, we have
(a) |qn y pn | < |qn1 y pn1 |;
(b) |y cn | < |y cn1 |.
Proof First we show that (a) implies (b). We have
qn |y cn | = |qn y pn |.
Also, qn > qn1 . So, if we show that |qn y pn | < |qn1 y pn1 |, then we will be
able to conclude that
|y cn | =

|qn y pn | |qn1 y pn1 |

<
= |y cn1 |.
qn
qn1

So we only have to prove (a). For this, note first that

|qn y pn | =

1
,
yn+1 qn + qn1

|qn1 y pn1 | =

1
,
yn qn1 + qn2

so it is enough to show that yn+1 qn + qn1 > yn qn1 + qn2 .

Now an = byn c, and so yn < an + 1, and
yn qn1 + qn2 < qn1 + an qn1 + qn2
= qn1 + qn
< yn+1 qn + qn1 ,
and we are done.
Now we come to the main result.

4.4. ORDER OF APPROXIMATION

37

Theorem 4.5 Let [a0 ; a1 , a2 , . . .] be the continued fraction for the irrational number y, and let [a0 ; a1 , . . . , an ] = cn = pn /qn be the nth convergent. Let c = p/q be
any rational number in its lowest terms. If q < qn with n > 1, then |y p/q| >
|y pn /qn |.
We say that a rational number p/q is a best approximation to y if |y p/q| <
|y a/b| for any rational number a/b with b < q. We see that the convergents
from c2 on are best approximations to an irrational number.
The proof involves quite a bit of work, which we isolate in a preliminary
lemma.
Lemma 4.6 Let [a0 ; a1 , a2 , . . .] be the continued fraction for the irrational number
y, and let [a0 ; a1 , . . . , an ] = cn = pn /qn be the nth convergent. If gcd(p, q) = 1 and
q qn , then
|qy p| |qn1 y pn1 |,
with equality if and only if p/q = pn1 /qn1 .
We will prove this in the appendix to this chapter.
Proof of the Theorem Suppose that q < qn . By induction, if q < qn1 , then
|y p/q| > |y pn1 /qn1 | > |y pn /qn | (the last inequality by Proposition 4.4),
so we can suppose that q qn1 . Then
|y p/q| =
>
>
>
=

1
|qy p|
q
1
|qn1 y pn1 |
by Lemma 4.6
q
1
|qn y pn |
by Proposition 4.4(a)
q
1
|qn y pn |
since q < qn
qn
|y pn /qn |.


4.4

Order of approximation

We say that an positive irrational number y is approximable by rationals to order n

if there exist a positive constant c and infinitely many rationals p/q with q > 0
such that




p
y  c .

q  qn

38

CHAPTER 4. INFINITE CONTINUED FRACTIONS

Note that is y is approximable to order n, then it is approximable to any smaller

order, since if m < n then c/qn c/qm for positive integer q.
We will see that algebraic numbers (roots of polynomials over the integers) are
not approximable to arbitrarily high order. Then, by writing down a number which
is approximable to order n for every n, we will have exhibited a transcendental
number (one which is not a root of a polynomial over Z).
Theorem 4.7 (a) Positive rational numbers are approximable to order 1 and
no higher.
(b) Every positive irrational number is approximable to order 2.
Proof (a) Let y = a/b be a rational number, with gcd(a, b) = 1. By Euclids
algorithm we can find p0 , q0 such that p0 b q0 a = 1. Then


 a p0 
 = 1 1 .
 b q0  q0 b q0
Similarly, if pm = p0 +ma and qm = q0 +mb, then pm bqm a = 1 (so gcd(pm , qm ) =
1), and exactly as before,


 a pm 
  1 .
 b qm  qm
So a/b is approximable to order 1.
Now suppose that a/b were approximable to order 2, so that there are infinitely
many rationals p/q such that |a/b p/q| c/q2 . We have


 a p  pb qa
1
 =
,
b q 
qb
qb
so that we have 1/(qb) < c/q2 or q < cb for infinitely many q, which is clearly
impossible.
(b) Let y be irrational, and cn = pn /qn be any convergent. As we have seen,




p
n
y  1 1 ,

qn  qn qn+1 q2n
so y is approximable to order 2.

On the other hand, algebraic numbers are not approximable to arbitrary orders:
Theorem 4.8 Let the positive irrational number y be the root of a polynomial of
degree n with integer coefficients. Then y is not approximable to any order greater
than n.

4.4. ORDER OF APPROXIMATION

39

Proof Suppose that y is a root of the polynomial

f (x) = an xn + an1 xn1 + + a1 x + a0
with integer coefficients a0 , . . . , an , not all zero. We can assume that f (x) has no
rational roots. (By the Remainder Theorem, if f (p/q) = 0, then qx p would be
a factor of f (x), and we could find a polynomial of smaller degree satisfied by y.)
Hence
an pn + an1 pn1 q + + a1 pqn1 + a0 qn
.
0 6= f (p/q) =
qn
The numerator of this fraction is thus non-zero. But clearly it is an integer, so it is
at least 1, and we have
| f (p/q)| 1/qn .
Now by the Mean Value Theorem, we have
f (p/q) = f (y) f (p/q) = (y p/q) f 0 (z),
where z is a number between y and p/q. Now f (p/q) 6= 0, so f 0 (z) 6= 0. Choose
a fixed interval containing y and all the rationals that approximate it. The function f 0 (x) is continuous on this interval, and so is bounded there, say by M; then
| f (p/q)| M|y p/q|, and so
|y p/q|

f (p/q)
1
.

M
Mqn

If y were approximable to order n + 1, then |y p/q| c/qn+1 for infinitely many

q. Combining these two bounds, we would have q Mc for infinitely many q,
which is impossible.

Example Let y be Liouvilles number
y = 0.1100010000000000000000010 . . .
where the 1s appear in positions n! for n = 1, 2, 3, . . .. In other words,

y=

10k!.
k=1

Let cn = pn /qn be the rational obtained by truncating the decimal after the nth
occurrence of 1, so that
n

cn =

10k!.
k=1

40

CHAPTER 4. INFINITE CONTINUED FRACTIONS

We have qn = 10n! , and

|y pn /qn | 2 10(n+1)! =

2
qn+1

(Since (n + 1)! = (n + 1) n!, we have 10(n+1)! = (10n! )n+1 .) So y is approximable

by rationals to every order, and is not algebraic; that is, y is transcendental.
This was the first explicit example known of a transcendental number. Later
Hermite and Lindemann showed that e and are transcendental. Later still, Cantor showed that almost all real numbers are transcendental. But there are still
many mysteries: we dont know, for example, whether e is algebraic or transcendental!

4.5

Proof of Lemma 4.6

This ingenious argument is due to Lagrange.

Recall that cn = pn /qn is the nth convergent to the irrational number y =
[a0 ; a1 , a2 , . . .], and c = p/q is any rational number in its lowest terms, with q < qn
for some n > 1. We have to show that
|qy p| |qn1 y pn1 |,
and that equality holds only if c = cn1 .
We start by considering the equations
pn1 u + pn v = p,
qn1 u + qn v = q.
Recalling that pn1 qn qn1 pn = (1)n 6= 0, we see that these equations have a
unique solution (u, v), given by
u = (1)n (pqn qpn ),
v = (1)n (qpn1 pqn1 ).
Note that u and v are integers.
If u = 0, then pn v = p and qn v = q, so that p/q = pn /qn , contradicting our
assumption that q < qn . (Remember that all these fractions are in their lowest
terms.) So u 6= 0.
Similarly, if v = 0, then pn1 u = p, qn1 u = q, so p/q = pn1 /qn1 , which is
the extremal case. So we can also assume that v 6= 0, and we have to prove that
strict inequality holds in the conclusion.

4.5. PROOF OF LEMMA 4.6

41

Now if v < 0, then qn1 u = q qn v, so u > 0; and if v > 0, then qn1 u =

q qn v < 0 since q < qn and v 1, so u < 0. Thus u and v have opposite signs.
Now y lies between the two consecutive convergents cn1 = pn1 /qn1 and
cn = pn /qn . So qn1 y pn1 and qn y pn have opposite signs. So u(qn1 y
pn1 ) and v(qn y pn ) have the same sign. It follows that the absolute value of
their sum is the sum of their absolute values:
|qy p| =
=
=
=
>

|(qn1 u + qn v)y (pn1 u + pn v)|

|u(qn1 y pn1 ) + v(qn y pn )|
|u(qn1 y pn1 )| + |v(qn y pn )|
|u| |qn1 y pn1 | + |v| |qn y pn |
|qn1 y pn1 |,

where in the last step we use the fact that |u| 1 and |v| |qn y pn | > 0. This
completes the proof.

Exercises
4.1 Find the first six terms in the continued fraction for the number e, the root of
natural logarithms. (You may use a calculator for this question.)
Note: You might spot a pattern here. The pattern really does continue!
4.2 Find the continued fractions for the following numbers:

(a) 3 + 2 2;

(b) 11 10;

(c) (1 + 5)/4.

4.3 Why does the number (1 + 3)/2 not have a continued fraction expansion?
4.4 Let Fn be the nth Fibonacci number, defined by the rules
F1 = 1, F2 = 2,

Fn = Fn1 + Fn2 for n 3.

(a) Show that [1, 1, . . . , 1] = Fn for n 1 (where there are n ones in the bracket).
Fn
.
n Fn1

(b) Find lim

Hint: What is the number of which the ratios Fn /Fn1 are the convergents?

42

CHAPTER 4. INFINITE CONTINUED FRACTIONS

Chapter 5
Periodic continued fractions
In this chapter, we see that the irrational numbers whose continued fraction expansion is periodic are precisely the (real) quadratic irrationals, and we determine
which numbers have purely periodic expansion.

5.1

Periodic and purely periodic continued fractions

Definition The infinite continued fraction

[a0 ; a1 , a2 , . . .]
is periodic if there exist integers k, l with k > 0 such that
an+k = an for all n l.
It is purely periodic if there exists k > 0 such that
an+k = an for all n 0.

If an+k = an for all n l, we write the continued fraction as

[a0 ; a1 , a2 , . . . , al1 , al , al+1 , . . . , al+k1 ].
This is a similar notation to the one used for periodic decimals. For example,
[2; 1, 2, 1, 2, 1, 2, 1, . . .] = [2; 1]
[3; 5, 2, 1, 2, 1, 2, 1, . . .] = [3; 5, 2, 1].
43

44

CHAPTER 5. PERIODIC CONTINUED FRACTIONS

We now calculate these two continued fractions. Let c = [2; 1]. Then

c = [2; 1, c]
[2, 1, c]
=
(by Proposition 2.3(b))
[1, c]
3c + 2
.
=
c+1

So c2 + c = 3c + 2, so that
c2 2c 2 = 0, or c = 1 3. But c > 2, so we must
take the plus sign; c = 1 + 3.
Now let d = [3; 5, 2, 1]. Then
d = [3; 5, c]
[3, 5, c]
=
[5, c]
16c + 3
=
5c + 1
19 + 16 3

=
6+5 3

(19 + 16 3)(6 5 3)

=
(6 + 5 3)(6 5 3)

126 3
.
=
39
Note that d, like c, is a quadratic irrational, an algebraic integer satisfying a
quadratic equation. (We saw this already for c; and d satisfies (39x 126)2 = 3.)
In this chapter we are going to show that the result suggested by these examples is true in general. A real number has a periodic continued fraction if and
only if it is a quadratic irrational. We will also find which numbers have purely
periodic continued fractions. We will apply these results to sums of squares and
to a diophantine equation called Pells equation in the next chapter.

5.2

Quadratic irrationals

Recall that quadratic irrational is a real number of the form a + b d, where a

and b are rational numbers, b 6= 0, and d is a squarefree positive integer.
These are precisely the roots of irreducible quadratics with rational coefficients. For the equation Ax2 + Bx +C = 0 has the solutions

B B2 4AC
x=
.
2A

5.3. THE MAIN THEOREM

45

The roots are real if and only if B2 4AC > 0. Now B2 4AC is a rational number,
2
2
and so can
be written u d/v , where u, v, d are integers with d squarefree; then
x = a b d, where
numbers. Conversely,
a = B/2A and b = u/2Av are2 rational
2
the numbers a b d have sum 2a and product a db , so satisfy the equation
x2 2ax + (a2 db2 ) = 0.
If y = a +
b d is a quadratic irrational, we define its algebraic conjugate to
0
be y = a b d. Note that y and y0 are the two roots of the same irreducible
quadratic.
Now we define a reduced quadratic irrational to be a quadratic irreducible y
such that y and its algebraic conjugate y0 satisfy
y>1

and

1 < y0 < 0.

In our worked example, c = 1 + 3 > 0 and 1 < c0 = 1 3 < 0, so c os

a reduced quadratic
irrational. On the other hand, d = (126 3)/39 > 1 but

0
d = (126 + 3)/39 is greater than d. So d 0 is not reduced.

5.3

The main theorem

We are going to show that a number has a purely periodic continued fraction if and
only if it is a reduced quadratic irrational. Here is the first part of the argument.
Proposition 5.1 Let y be the value of a purely periodic continued fraction. Then
y is a reduced quadratic irrational.
Proof Let y = [a0 ; a1 , . . . , ak1 ]. We will suppose that k 3; the argument for
k = 1, 2 is easy to do directly, or we can simply pretend that the period is longer
than it is (for example, [2; 1] = [2; 1, 2, 1]).
We know that y is irrational, since the continued fraction for a rational number
terminates. Also, just as we argued for the number c = [2; 1], we have
y = [a0 ; a1 , . . . , ak1 , y]
ypk1 + pk2
=
,
yqk1 + qk2
where ci = pi /qi is the ith convergent of [a0 ; a1 , . . . , ak1 ].
Hence y2 qk1 + y(qk2 pk1 ) pk2 = 0, so that y is a quadratic irrational.
Also, a0 = ak 1 (remember that all terms except possibly the first in a continued fraction are positive), so y > a0 1. It remains to show that the algebraic
conjugate y0 of y satisfies 1 < y0 < 0.

46

CHAPTER 5. PERIODIC CONTINUED FRACTIONS

From the properties of quadratic equations, we have yy0 = pk2 /qk1 < 0.
Also,
pk2
pk1
ck1
y0 =
<
=
,
yqk1 yqk1
y
because pk2 < pk1 ; and also
y0 =

pk2
ck2
pk2
<
=
,
yqk1 yqk2
y

because qk2 < qk1 . One of k 1 and k 2, say j, is even; and we know from
Corollary 2.8 that c j < y. So y0 < 1, or y0 > 1. Now we have verified all parts
of the definition of a reduced quadratic irrational.

Proposition 5.2 If y is the value of a periodic continued fraction, then y is a
quadratic irrational.
Proof Let y = [a0 ; a1 , . . . , am , am+1 , . . . , am+k ]. Let z = [am+1 ; . . .
, am+k ]. By
Proposition 5.1, z is a (reduced) quadratic irrational, say z = u + v d, where u
and v are rational numbers and d is a squarefree integer. We have
[a0 , . . . , am , z]
[a1 , . . . , am , z]
[a0 , . . . , am ]z + [a0 , . . . , am1 ]
=
.
[a1 , . . . , am ]z + [a1 , . . . , am1 ]

y = [a0 ; a1 , . . . , am , z] =

Let [a0 , . . . , am ] = A, [a0 , . . . , am1 ] = B, [a1 , . . . , am ] = C, [a1 , . . . , am1 ] = D (these

are all positive integers). Then
Az + B
Cz + D

Au + B + Av d

=
Cu + D +Cv d

(Au + B + Av d)(Cu + D Cv d)
=
,
(Cu + D)2 (Cv)2 d

y =

which is a quadratic irrational since it has the form x + y d for some rational
numbers x and y.

Now our goal is to prove the converse of the last two results: if y is a (reduced)
quadratic irrational, then its continued fraction is (purely) periodic. Let us begin
with an example.

5.3. THE MAIN THEOREM

47

Example Find the continued fraction of 2 + 7.

Note that 2 + 7 is reduced: it
is greater than 1, and its algebraic conjugate 2 7 lies between 1 and 0.

y0 = 2 + 7,

y1 = 1/(2 + 7 4) = (2 + 7)/3,

y2 = 3/(2 + 7 3) = (1 + 7)/2,

y3 = 2/(1 + 7 2) = (1 + 7)/3

y4 = 3/(1 + 7 3) = 2 + 7 = y0
So

a0 = b2 + 7c = 4

a1 = b(2 + 7)/3c = 1

a2 = b(1 + 7)/2c = 1

a3 = b(1 + 7)/3c = 1

2 + 7 = [4; 1, 1, 1].

Note that all of y0 , y1 , y2 , y3 are reduced quadratic irrationals, and we can read
off their continued fractions: for example, y2 = [1; 4, 1, 1]. Other observations

which will be important in the proof are that, in each case, yi = (pi + 7)/qi ,
where pi and
qi are integers
(the pi are 2, 2, 1, 1, . . . and the qi are 1, 3, 2, 3, . . .);
and 0 < pi < 7, 0 < qi < 2 7.
We will see that all these properties hold quite generally.
Before we start the proofs, we introduce a slightly different way of writing
quadratic irrationals.

Lemma 5.3 (a) A real quadratic irrational can be written as y = (P + D)/Q,

where P, Q are integers, D is a positive integer which is not a square, and Q
divides D P2 .

(b) If y is reduced, then 0 < P < D and 0 < Q < 2 D.

Proof (a) We know that y = u + v d where u and v are rationals and d is squarefree. Suppose first that v is positive. Let q be the least common multiple of the
denominators of u and v, and u = p/q, v = r/q. Then
p

p+r d
p + r2 d
pq + q2 r2 d
y=
=
=
.
q
q
q2
Put P = pq, Q = q2 , and D = q2 r2 d, and note that Q divides P2 D.
If u < 0, then write y in the specified form and then replace Q by Q.
(b) Now suppose that y is reduced; recall
that this means y > 1 and 1 < y0 < 0,
0
0
where y is the conjugate of y (so y = (P D)/Q). Then

y > 0 > y0 , so (P + D)/Q > (P D)/Q. Hence Q > 0.

48

CHAPTER 5. PERIODIC CONTINUED FRACTIONS

y > 1 > y0 , so (P + D)/Q > (P + D)/Q. Hence P > 0.

y0 < 0, so P D < 0. Hence P < D.

y > 1, so (P + D)/Q > 1. Hence Q < P + D < 2 D.

Suppose that y is reduced. Now we start building the continued fraction for
y0 = y:
1
.
a0 = by0 c,
y1 =
y0 a0
Claim: y1 is reduced.
Certainly y1 > 1, since y1 = 1/(y0 a0 ) and y0 a0 < 1. We have to show
that 1 < y01 < 0.
Let P = Qa0 P. Then
y1 =
=
=
=
=

(P + D)/Q a0
1

(P + D Qa0 )/Q
1

(P + D)/Q

P + D
(D (P )2 )/Q

P + D
,
Q

where Q = (D (P )2 )/Q. Now

Q =

D (Qa0 P)2
D P2
= Qa20 + 2Pa0 +
,
Q
Q

so Q is an integer. Moreover, Q divides D (P )2 (the quotient is just Q). So

we have written y1 in the same form as y, with the same D, but maybe different P
and Q. Also, we have y1 = 1/(y a0 ), and so y01 = 1/(y0 a0 ), so 1 < y01 < 0 as
required.
Our claim is proved.
Now calculate thecontinued fraction expansion of y. In the general step, we
start with yn = (Pn + D)/Q
Pn2 D; assume inductively that
n , where Qn divides

yn is reduced, so 0 < Pn < D, 0 < Qn < 2 D. Then we put

an = byn c,

yn+1 =

1
.
yn an

5.3. THE MAIN THEOREM

49

By the above argument, we have yn+1 = (Pn+1 + D)/Qn+1 , where the same
conditions hold.

Now Pn and Qn are integers satisfying 0 < Pn < D and 0 < Qn < 2 D. There
are only finitely many possible values of Pn and Qn , so after some number of steps,
we must return to values we have seen before. Suppose this first happens when
ym = ym+k . Clearly the sequence repeats after this point, that is, yn = yn+k for all
n m.
We have to show that the repetition starts with m = 0. If not, then we have
ym1 6= ym+k1 . But
ym =
so
y0m =

1
1
= ym+k =
,
ym1 am1
ym+k1 am+k1
1
y0m1 am1

= y0m+k =

,
y0m+k1 am+k1

So y0m1 am1 = y0m+k1 am+k1 . Thus y0m1 and y0m+k1 differ by an integer.
But they both lie between 1 and 0, so they are equal, whence ym1 = ym+k1 ,
contrary to assumption.
So, finally, we have proved the converse implication in the big theorem. (The
forward implication was already proved in Proposition 5.1.)
Theorem 5.4 The irrational number y has a purely periodic continued fraction if
and only if it is a reduced quadratic irrational.
From this, it is not such a big step to the other main theorm of this chapter:
Theorem 5.5 The irrational number y has a periodic continued fraction if and
only if it is a quadratic irrational.
Proof We have proved the forward implication in Theorem 5.2. So suppose that
y is a quadratic irrational. Calculate its continued fraction: that is, put y0 = y, and
then
1
an = byn c,
yn+1 =
yn an
for n 0. It is clear that all the yn are quadratic irrationals, since subtracting an
integer from a quadratic irrational, and taking the reciprocal of one, gives again
a quadratic irrational. We have to prove that, for some value of n, the number yn
is a reduced quadratic irrational. Then by the preceding theorem, the continued
fraction is periodic from that point on.

50

CHAPTER 5. PERIODIC CONTINUED FRACTIONS

By construction, we have yn > 1 for all n > 1 (it is the reciprocal of a number
smaller than 1). Also, we have for any k > 0
y = [a0 ; a1 , . . . , ak1 , yk ] =
Hence

yk pk1 + pk2
.
yk qk1 + qk2

y0k pk1 + pk2

,
y = 0
yk qk1 + qk2
0

so rearranging we obtain
y0k =

qk2 y0 ck2
y0 qk2 + pk2
=

,
y0 qk1 pk1
qk1 y0 ck1

where cn is the nth convergent. Since cn y as n , we have

qk1 0
y0 ck2
y0 y
yk = 0
0
=1
qk2
y ck1
y y

as k . So we can choose n large enough that, for k > n, |(y0 ck2 )/(y0
ck1 ) 1| < 1, and so this fraction is positive. Thus (qk1 /qk2 )y0k > 0, so that
y0k < 0.
Also, we can ensure that n is also large enough that |ck y| < |y0 y| for k > n.
If y0 < y, we use the fact that even-numbered convergents are smaller than y
and odd-numbered convergents are greater; choosing k even, we have y0 < ck2 <
y < ck1 . If y < y0 , then choosing k odd we have ck1 < y < ck2 < y0 . In either
case, we have


qk2  y0 ck2 
0
yk =
< 1,
qk1  y0 ck1 
so finally we conclude
1 < y0k < 0
and yk is a reduced quadratic irrational, as required.

Exercises
5.1
Express each of the following periodic continued fractions in the form u +
v d, where u and v are rationals and d is a squarefree integer greater than 1:
(a) [1; 2, 3],
(b) [2; 3, 1],
(c) [1; 1, 2, 3],

5.3. THE MAIN THEOREM

51

5.2
Express each of the following periodic continued fractions in the form u +
v d, where u and v are rationals and d is a squarefree integer greater than 1:
(a) [1; 2, 3],
(b) [2; 3, 1],
(c) [1; 1, 2, 3],
5.3 Which of the following quadratic irrationals are reduced?

(a) 2 + (3/5)

(b) 5 + 101/2

(c) ( 2 + 3)2

(d) ( 5 1)/2

52

CHAPTER 5. PERIODIC CONTINUED FRACTIONS

Chapter 6
Lagrange and Pell

The continued fraction expansion of n, where n is a positive integer which is not

a square, has a very special form, which we derive in this chapter. We also use it
to solve Pells equation x2 ny2 = 1, and to express primes congruent to 1 mod 4
as sums of two squares.

6.1

Introduction

A diophantine equation is an equation in more than one variable, where we are

looking for integer solutions.
In this chapter we will look for solutions of the two diophantine equations:
Lagranges equation: x2 + y2 = n,
Pells equation: x2 ny2 = 1, and the related equation x2 ny2 = 1.
We will see that continued fractions give us constructive methods to solve these
equations.
Pells equation was given this name by Euler. According to mathematical legend (possibly apocryphal), Euler knew that an English mathematician had worked
on it but couldnt remember which one (in fact it was Wallis). But many earlier
mathematicians had studied this equation, notable among them the Indian mathematician Brahmagupta a thousand years earlier. Despite this, the name has stuck!

6.2

The continued fraction for

First, we need a bit more theory of continued fractions, which we introduce by

way of an example. You know how to do these calculations now, so I will simply
give the result.
53

54

CHAPTER 6. LAGRANGE AND PELL

Example

52 = [7; 4, 1, 2, 1, 4, 14].
Here is the general statement:
Theorem 6.1 Let n be a positive integer, which is not a square. Then

n = [a0 ; a1 , a2 , . . . , al1 , 2a0 ],

where a1 = al1 , a2 = al2 , . . . .

We begin with a lemma about purely periodic continued fractions.
Lemma 6.2 If y = [a0 ; a1 , . . . , an1 , an ], then 1/y0 = [an ; an1 , . . . , a1 , a0 ].
Proof
y = [a0 ; a1 , . . . , an , y] =

ypn + pn1
,
yqn + qn1

so
qn y2 + (qn1 pn )y + pn1 = 0.
Let z = [an ; an1 , . . . , a0 ]. Then
z[an , . . . , a0 ] + [an , . . . , a1 ]
z[an1 , . . . , a0 ] + [an1 , . . . , a1 ]
zpn + qn
=
,
zpn1 + qn1

z = [an ; an1 , . . . , a0 , z] =

where we use the fact that [a0 , . . . , an ] = [an , . . . , a0 ]. So

pn1 z2 + (qn1 pn )z qn = 0.
In other words,
qn (1/z)2 + (qn1 pn )(1/z) + pn1 = 0.
Thus, 1/z satisfies the same quadratic equation as y. But z > 1, so 1 <
1/z < 0, whereas y > 1; so 1/z is the other root y0 of the quadratic equation.
Thus, we have z = 1/y0 , as required.


6.2. THE CONTINUED FRACTION FOR

55

Proof of the
be a positive integer which is not
theorem Let n
a perfect square,
0
0
and a0 = b nc. Put y = a0 + n. Then y > 1, and y = a0
n so 1 < y < 0.
Thus y has purely periodic continued fraction. Since ba0 = n = 2a0 , we have
y = [2a0 ; a1 , . . . , ak ],
so

n = [a0 ; a1 , . . . , ak , 2a0 ].

We have n = a0 + 1/y1 , where

1
y1 =
= [a1 ; . . . , ak , 2a0 ],
n a0
so

1
= a0 + n = [2a0 ; ak , . . . , a1 ].
0
y1

But we know that

a0 + n = [2a0 ; a1 , . . . , ak ],

so
a1 = ak1 , a2 = ak2 , . . .
as required.
In fact, any number y which has a continued fraction of this form (that
is,
y = [a0 , a1 , . . . , ak , 2a0 ], where a1 = ak1 , a2 = ak2 , . . . ) has the form r for
some rational number r (not necessarily an integer):
Proposition 6.3
Let y = [a0 ; a1 , . . . , al 1, 2a0 ], where a1 = al1 , a2 = al2 , and
so on. Then y = r, where
r = a20 +

[2a0 , a1 , . . . , ak2 ]
.
[a1 , . . . , ak1 ]

Proof We have
y + a0 = [2a0 , a1 , . . . , al1 ]
= [2a0 , a1 , . . . , al1 , y + a0 ]
(y + a0 )pl1 + pl2
=
,
(y + a0 )ql1 + ql2
where pk /qk are convergents to y + a0 . Now
2a0 ql1 + ql2 = 2a0 [a1 , . . . , al1 ] + [a1 , . . . , al2 ]
= 2a0 [a1 , . . . , al1 ] + [a2 , . . . , al1 ]
= pl1 ,

56

CHAPTER 6. LAGRANGE AND PELL

using the fact that

[a1 , . . . , al2 ] = [al1 , . . . , a2 ] = [a2 , . . . , al1 , ]
the first equality because a1 = al1 , . . . , al2 = a2 , and the second by the symmetry of the square bracket function (see (2.5)(a)) in Notes 2). Hence
y + a0 =

(y + a0 )pl1 + pl2
.
(y a0 )ql1 + pl1

Multiplying up and cancelling, we obtain

(y2 a20 )ql1 = pl2 ,
y =

r where r = a20 + pl2 /ql1 , as claimed.

Example Let y = [4; 2, 1, 3, 1, 2, 8].

This is of the above form, so y = r, where
r = 42 +
That is,

117
[8, 2, 1, 3, 1]
= 16 +
= 19.
[2, 1, 3, 1, 2]
39

19 = [4; 2, 1, 3, 1, 2, 8].

(Remember the rule for calculating the square bracket functions: delete consecutive pairs in all possible ways and take the product of the remaining terms,
then add all these productss. Check that
[8, 2, 1, 3, 1] = 48 + 3 + 24 + 16 + 16 + 1 + 1 + 8 = 117,
and calculate [2, 1, 3, 1, 2] yourself.)

6.3

Sums of two squares

We are going to investigate the question: Which positive integers can be written
as the sum of two squares of integers? Of the numbers from 1 to 10, we see that
1 = 12 +02 , 2 = 12 +12 , 4 = 22 +02 , 5 = 22 +12 , 8 = 22 +22 , 9 = 32 +02 , 10 = 32 +12 ,
while the other numbers 3, 6, 7 cannot be so written.
In this section, we are going to decide exactly which prime numbers can be
written as the sum of two squares. Of course the prime 2 can be so written. For
odd primes p, we will show that p is the sum of two squares if and only if p is

6.3. SUMS OF TWO SQUARES

57

congruent to 1 mod 4. On Coursework 1, you were asked to decide which primes

less than 100 are sums of two squares, and which are not; you may have observed
this pattern in your answer.
Before we begin, let us observe that any square is congruent to 0 or 1 mod 4,
since Since (2k)2 = 4k2 and (2k + 1)2 = 4k(k + 1) + 1.
So we can very easily do one way round:
Theorem 6.4 Let p be a prime congruent to 3 mod 4. Then p cannot be expressed
as a sum of two squares.
Proof A square is congruent to 0 or 1 mod 4, and so a sum of two squares is
congruent to 0, 1 or 2 mod 4.

In the other direction, we have to show that a prime congruent to 1 mod 4 can
be written as the sum of two squares, by actually constructing such a representation.
Here is Legendres construction for expressing an integer as the sum of two
squares.
Proposition 6.5 Suppose that

n = [a0 ; a1 , . . . , ak , 2a0 ]

where k is odd, say, k = 2m + 1. Write ym+1 = (Pm+1 + n)/Qm+1 . Then

2
n = Pm+1
+ Q2m+1 .

Proof In this case, y = [a0 ; a1 , . . . , am , am , . . . , a1 , 2a0 ]. We have

ym+1 = [am+1 , . . . , a2m , 2a0 , a1 , . . . , am ],
and
1/y0m+1 = [am ; . . . , a1 , 2a0 , a2m , . . . , am+1 ].
But by assumption, these two continued fractions are identical. So
ym+1 y0m+1 = 1.

Now ym+1 = (Pm+1 + n)/Qm+1 and y0m+1 = (Pm+1 n)/Qm+1 . So we have

2
Pm+1
n
= 1,
2
Qm+1
2
so n = Pm+1
+ Q2m+1 , as required.

58

CHAPTER 6. LAGRANGE AND PELL

Example Let n = 41. Put y0 =

a0 = by0 c = 6,
a1 = by1 c = 2,
a2 = by2 c = 2,
So

41. We have

1
6 + 41
y1 =
=
y0 6
5

1
4 + 41
y2 =
=
y1 2
5

1
y3 =
= 6 + 41 = 6 + y0 .
y2 2

41 = [6; 2, 2, 12]. We have m = 1, P2 = 4, Q2 = 5, and so 41 = 42 + 52 .

Remark You do not have to completely work out the continued fraction
for n
in order to apply this method. At each step, you calculate yl = (Pl + n)/Ql ;
check whether Pl2 + Q2l = n. Stop when either this occurs, or you find a complete
period of the continued fraction and it turns out to have even length (in which case
the method has failed).

For example, 6 = [2; 2, 4] (work this out for yourself!), and has even period,
so the method fails. Indeed 6 is not the sum of two squares.
So we have to show that this construction works for any prime number congruent to 1 mod 4. This will take us the rest of the section.
Let us just make a checklist of what we need from the last section. Remember
that a purely periodic continued fraction represents a reduced quadratic irrational
y (one satisfying y > 1 and 1 < y0 < 0, where y0 is the
algebraic conjugate of
y). Any such number y can be written in the form (P + D)/Q,
where P, Q, Dare

integers and D is a positive non-square; we have 0 < P < D and 0 < Q < 2 D,
and Q divides D P2 .

Suppose that n = [a0 ; a1 , . . . , al1 , 2a0 ]. The numbers yk that arise in the
calculation, given by
ak = byk c,

yk+1 =

1
,
yk ak

satisfy

Pk + n
yk =
,
Qk

where 0 < Pk < n, 0 < Qk < 2 n, and Qk divides n Pk2 .

Let pk /qk be the kth convergent to n.

Lemma 6.6 With the above notation, p2k nq2k = (1)k1 Qk+1 for k 0.

6.3. SUMS OF TWO SQUARES

59

Proof We have p0 /q0 = a0 /1, so p20 q20 = a20 n. Also,

1
a0 + n
y1 =
=
,
n a0
n a20
so P1 = a0 , Q1 = n a20 . Thus, p20 q20 = Q1 . So the result is true for k = 0.
For k > 0, we have

n = [a0 ; a1 , . . . , ak , yk+1 ]
yk+1 pk + pk1
=
yk+1 qk + pk

Pk+1 pk + Qk+1 pk1 + pk n

,
=
Pk+1 qk + Qk+1 qk1 + qk n

using yk+1 = (Pk+1 + n)/Qk+1 . Hence

n(Pk+1 qk + Qk+1 qk1 pk ) = Pk+1 pk + Qk+1 pk1 qk n.

Since n is irrational, and everything else in the equation is an integer, both sides
must be zero. Eliminating Pk+1 from this equation, we find after some calculation
that
p2k nq2k = (pk qk1 qk pk1 )Qk+1 = (1)k1 Qk+1 ,
using (3.7)(a) from Chapter 3.

Proposition 6.7 Suppose that pk /qk is the kth convergent to n. Then p2k nq2k =
1
if and only if k is one less than a multiple of the period of the continued fraction
for n.
Proof
Suppose that k is one less than a multiple of the period. Then yk+1 =

n + a0 , so Pk+1 = a0 and Qk+1 = 1. The lemma gives p2k nq2k = (1)k1 .

Conversely, suppose
that p2k nq2k = 1. Then the Lemma

gives Qk+1 = 1.
But 0 < Qk+1 <2 n; so Qk+1 = 1. Thus, yk+1 = Pk+1 + n = Pk+1 + a0 + 1/y1
(since y1 = 1/( n a0 ), whence ak+1 = byk+1 c = Pk+1 + a0 , and yk+2 = y1 , so
we have found a complete period of the continued fraction, which is an arbitrary
multiple of the smallest period.

Now here is the main theorem.
Theorem 6.8 Let p be a prime congruent to 1 mod 4. Then p can be expressed
as a sum of two squares by Legendres construction.

60

CHAPTER 6. LAGRANGE AND PELL

Proof We know that Legendres construction will succeed if p = [a0 ; a1 , . . . , al ]

with l odd, so we have to show that this does indeed happen. Clearly we can
assume that l is as small as possible, since any period is a multiple of the smallest
one, so if the smallest period is even then all periods are even. What we have to
show is that, if p is an odd prime which has the above periodic continued fraction
and l is even, then p is not congruent to 1 mod 4.
We can assume that p > 3. Let l = 2m + 2, so that

p = [a0 ; a1 , . . . , am , am+1 , am , . . . , a1 , 2a0 ].

Now m + 1 < l, and so p 6= [a0 ; a1 , . . . , am+1 ]; by the preceding proposition,

2 .
p2m nq2m 6= 1, so that Qm+1 6= 1. Also, Qm+1 divides p Pm+1
We have
ym+1 = [am+1 ; am , . . . , a1 , 2a0 , a1 , . . . , am ],
and so
1/y0m+1 = [am ; . . . , a1 , 2a0 , a1 , . . . , am , am+1 ].
So ym+1 = am+1 + 1/(1/y0m+1 ), that is, ym+1 + y0m+1 = am+1 . But ym+1 =

(Pm+1 + p)/Qm+1 , and its algebraic conjugate is y0m+1 = (pm+1 p)/Qm+1 ;

their sum is 2Pm+1 /Qm+1 . So Qm+1 divides 2Pm+1 .
2
But we know that Qm+1 divides Pm+1
p; so Qm+1 divides 2p. The only

divisors of 2p are 1, 2, p, 2p. Since 0 < Qm+1 < 2 p, we must have Qm+1 = 1 or
Qm+1 = 2. But we know it isnt 1, so Qm+1 = 2.
So p2m pq2m = 2. Now any square is congruent to 0 or 1 mod 4 So
(0 or 1) p(0 or 1) = 2 (mod 4).
This is impossible to satisfy if p 1 mod 4.

6.4

The equations x2 ny2 = 1

Example Let n = 2. One can easily find the first few solutions of x2 2y2 = 1
in positive integers:
12 2 12 = 1,
32 2 22 = +1,
72 2 52 = 1,
172 2 122 = +1,

(x, y) = (1, 1)
(x, y) = (3, 2)
(x, y) = (7, 5)
(x, y) = (17, 12)

So the solutions of the two equations appear alternately. You might observe that,
if (xk , yk ) is the kth solution, then
xk+1 = xk + 2yk ,

yk+1 = xk + yk ;

6.4. THE EQUATIONS X 2 NY 2 = 1

61

so we can generate the solutions very easily. You might further observe that these
equations imply

xk+1 + yk+1 2 = (xk + yk 2)(1 + 2),

so that xk + yk 2 = (1 + 2)k . This is the general pattern, as we will see. The

only difference is that sometimes only the equation with the + sign has solutions.
Example Let n = 3. The equation x2 3y2 = 1 has no solutions, since any
square is congruent to 0 or +1 mod 3. The first few solutions of x2 3y2 = +1
are
22 3 12 = 1,
72 3 42 = 1,
262 3 152 = 1.

(x, y) = (2, 1)
(x, y) = (7, 4)
(x, y) = (26, 15)

and the general solution is given by xk + yk 3 = (2 + 3)k .

We have seen that the continued fraction for n has the form

n = [a0 ; a1 , . . . , al1 , 2a0 ].

We are going to show that, if pk /qk denotes the nth convergent to n, then (pl , ql ),
(p2l+1 , q2l+1 ), (p3l+2 , q3l+2 ), . . . give all the solutions to the equation in the title
of the section.
Example

2 = [1; 2]. The successive convergents are 1/1, 3/2, 7/5, 17/12, . . .

Example
3 = [1; 1; 2]. The successive convergents are 1/1, 2/1, 5/3, 7/4,
19/11, 26/15, . . . . This time we see that only the odd-numbered convergents
give solutions to Pells equation.
We showed in Proposition 6.7 in the preceding section that convergents pk /qk
give solutions to x2 ny2 = 1 if and
only if k is one less than a multiple of the
period of the continued fraction for n.
Now we have to show that every solution to the equation arises from a convergent. We show that, if x2 ny2 = 1, then

(x + y n)(x y n) = 1,
so

x
1
,
| n | =
y
y(x + y n)

62

CHAPTER 6. LAGRANGE AND PELL

and hence x/y is a good rational approximation to n; but we know that every
good rational approximation is a convergent.
In detail: suppose that u/v is another rational number in its smallest terms with
v < y and

u
x
| n | < | n |.
v
y
The difference (x/y) (u/v) is a non-zero rational number with denominator yv,
so


x u
1
2
,
  <
yv
y v
y(x + y n)

which implies that y > v > (x + y n)/2, which is impossible if n > 2. The
cases n = 2 and n = 3 can be done directly; indeed, they were our introductory
examples.
So we have proved:
Theorem 6.9 Let n be a positive integer which
is not a square, and suppose that
x2 ny2 = 1. Then x/y is a convergent to n.

Example We will find the continued fraction for 13 and use it both to express
13 as a sum of two squares and to solve Pells equation.

a0 = by0 c = 3,
a1 = by1 c = 1,
a2 = by2 c = 1,
a3 = by3 c = 1,
a4 = by4 c = 1,
a5 = by5 c = 6,
So

y0 = 13

y1 = 1/( 13 3) = ( 13 + 3)/4

y2 = 4/( 13 1) = ( 13 + 1)/3

y3 = 3/( 13 2) = ( 13 + 2)/3

y4 = 3/( 13 1) = ( 13 + 1)/4

y5 = 4/( 13 3) = 13 + 3

y6 = 1/( 13 3) = y1

13 = [3; 1, 1, 1, 1, 6].
Since the period is 5, to write 13 as a sum of squares we look at

2 + 13
y3 =
,
13 = 22 + 32 .
3

For Pells equation, we have

[3; 1, 1, 1, 1] =

[3, 1, 1, 1, 1] 18
= ,
[1, 1, 1, 1]
5

6.4. THE EQUATIONS X 2 NY 2 = 1

63

and 182 13 52 = 1. So the smallest solution of Pells equation is (x, y), where

x + y 13 = (18 + 5 13)2 = 649 + 180 13,

that is, (x, y) = (649, 180).
Here you can certainly find the sum of squares by trial and error, but solving
Pells equation without some theory would be more daunting!

Definition The solution to x2 ny2 = 1 in positive integers for which x + y n

is smallest is called the fundamental solution of this equation.
Theorem 6.10 Let (x1 , y1 ) be the fundamental solution of x2 ny2 = , where
= 1.
(a) If = +1, then there are no solutions to x2 ny2 = 1, and all solutions
(xk , yk ) of x2 ny2 = 1 are given by

(xk + yk n) = (x1 + y1 n)k .

(b) If = 1, then all solutions (xk , yk ) of x2 ny2 = 1 are given by

(xk + yk n) = (x1 + y1 n)k ,

where we get the plus sign if k is even and the minus sign if k is odd.
Proof First let us see that these are all the solutions. This depends on the following:
Let (a, b) be a solution of x2 ny2 = s, and (c, d) be a solution of
x2 ny2 = t. Define (e, f ) by the rule

e + f n = (a + b n)(c + d n).
Then (e, f ) is a solution of x2 ny2 = st.
For the given equation implies that

e f n = (a b n)(c d n).
Multiplying these two equations together we find
e2 n f 2 = (a2 nb2 )(c2 nd 2 + = st,
as required.

64

CHAPTER 6. LAGRANGE AND PELL

This together with

shows that, if x2 ny2 = , where
a short proofby induction
= 1, and xk + yk n = (x1 + y1 n)k , then

1
if = 1,
2
2
k
.
x ny = =
(1)k if = 1.
It remains to show that these are all the solutions. So suppose that
u2 nv2 = 1
and that
(u, v) is not of the form (xk , yk ) as in the theorem. We may assume that
|u + v n| is minimal with this property; that is, all smaller solutions are of the
appropriate form. Let (x1 , y1 ) be the fundamental solution. We see that there must
exist k such that

xk + yk n < u + v n < (xk+1 + yk+1 n).

Now (x1 + y1 n)(x1 y1 n) = x12 ny21 = , say, where = 1. So

(x1 y1 n) (xk + yk n = xk1 + yk1 n.

We see that, if u0 + v0 n = (x1 y1 n)(u + v n), then

xk1 + yk1 n < u0 + v0 n < (xk + yk n).

By choice of the solution (u, v), we must have (u0 , v0 ) = (xm , ym ) for some m,
whence (u, v) = (xm+1 , ym+1 ), contrary to assumption. So the theorem is proved.

Example The fundamental solution of x2 3y2 = 1 is easily seen to be (2, 1).
So the next few solutions of this equation are given by

x2 + y2 3 = (2 + 3)2 = 7 + 4 3,
(x2 , y2 ) = (7, 4)

x3 + y3 3 = (2 + 3) = 26 + 15 3,
(x3 , y3 ) = (26, 15)

x4 + y4 3 = (2 + 3) = 97 + 56 3,
(x4 , y4 ) = (97, 56)
and so on.
Example We have seen that (32, 5) is the fundamental solution of x2 41y2 =
1. So the smallest solution of Pells equation x2 41y2 = +1 is (x2 , y2 ), where

x2 + y2 41 = (32 + 5 41)2 = 2049 + 320 41,

in other words, (2049, 320). By taking powers, we find infinitely solutions to the
equation.

6.4. THE EQUATIONS X 2 NY 2 = 1

65

Exercises

6.1 We saw that 3 = [1; 1, 2], and that the solutions (x, y) in positive integers
to x2 3y2 = 1 are given by x = pn , y = qn , where n is odd, and pn /qn is the
nth convergent to the continued fraction for 3. We saw further that all of these
satisfy x2 3y2 = 1.
(a) Prove directly that the equation x2 3y2 = 1 has no solution in positive
integers. (Hint: Congruence mod 3.)
(b) Let am = [1, 1, 2, 1, 2, . . . , 1, 2] (with 2m+1 terms) and bm = [1, 1, 2, 1, 2, . . . , 1]
(with 2m terms), so that am = p2m and bm = p2m1 . Prove that, for m 3,
am = 2bm + am1 ,
bm = am1 + bm1 .
Deduce that bm = 4bm1 bm2 for m 3, with b1 = 2 and b2 = 7.
(c) Similarly show that, if cm = [1, 2, 1, 2, . . . , 1, 2] (with 2m terms) and dm =
[1, 2, 1, . . . , 1] (with 2m 1 terms), so that cm = q2m and dm = q2m1 , then
dm = 4dm1 dm2 for m 3, with d1 = 1 and d2 = 4.
(d) Deduce that, if (xn , yn ) is the nth solution to x2 3y2 = 1 in positive integers,
then
x1 = 2, x2 = 7,
y1 = 1, y2 = 4,

xn = 4xn1 xn2 for n 3,

yn = 4yn1 yn2 for n 3.

(e) Hence find the first four solutions of this equation in positive integers.

66

CHAPTER 6. LAGRANGE AND PELL

Chapter 7
Eulers totient function
In this chapter, we look at Eulers totient function (n), and the existence of primitive roots modulo a prime number.

7.1

Eulers totient function

We say that non-negative integers x and y are coprime if gcd(x, y) = 1.

Eulers totient function, or eulers -function, is the function defined on the
positive integers by the rule that (n) is the number of integers x in {0, 1, . . . , n
1} which are coprime to n.
Example If p is prime, then (p) = p 1: the integers 1, 2, . . . , p 1 are all
coprime to p.
Example (8) = 4; the odd numbers 1, 3, 5, 7 are coprime to 8, while the even
numbers are not.
Here is a more algebraic interpretation of Eulers function. Recall that, if
R is a commutative ring with identity, then an element x R is a unit if there
exists y R such that xy = 1. The units in R form a group (with the operation of
multiplication).
Proposition 7.1 The number of elements in the group of units of Zn is (n).
Proof We show that [x]n is a unit in Zn if and only if x is coprime to n. Then the
result follows.
The first part uses the same argument as we already saw for primes. Suppose
that gcd(x, n) = 1. Then there exist integers y, z with xy + nz = 1, by Euclids
algorithm; thus xy 1 mod n, so [x]n [y]n = [1]n , and [x]n is a unit.
67

68

CHAPTER 7. EULERS TOTIENT FUNCTION

Conversely, if [x]n is a unit, then by definition there exists [y]n so that [x]n [y]n =
[1]n , so that xy 1 mod n, or xy + nz = 1 for some integer z. Let d = gcd(x, n).
Then d divides x and d divides n, so d divides xy + nz = 1; so d = 1, as required.

From this we can deduce a theorem of Euler:
Theorem 7.2 Let n be a positive integer, and x an integer such that gcd(x, n) = 1.
Then x (n) 1 mod n.

Proof There is a very simple proof using algebra. If gcd(x, n) = 1, then [x]n is
an element of the group of units of Zn . let d be its order (the least positive integer
such that xd 1 mod n). By Lagranges Theorem, d divides the order of the group
of units, which is (n), say (n) = de. Then
x (n) = xde = (xd )e 1e = 1 mod n,
as required.
Here is a more direct proof. Let y1 , . . . , y (n) be the integers in {0, . . . , n} which
are coprime to n. Then xy1 , . . . , xy (n) are all coprime to n; and no two of these
are congruent mod n. (If xyi xy j , multiplying by the inverse of x we find that
y1 y j .) Thus xy1 , . . . , xy (n) are congruent to y1 , . . . , y (n) in some order, and so
their products are congruent mod n:
x (n) y1 y (n) y1 y (n) mod n.
But again all the ys can be cancelled since they are coprime to n, leaving us with
x (n) 1 mod n.

As a corollary, we obtain Fermats Little Theorem:
Corollary 7.3 Let p be prime. Then x p x mod p for any integer x.
Proof If p divides x, then x 0 mod p and x p 0 mod p, so the result is true.
If p does not divide x, then gcd(x, p) = 1 and (p) = p 1, so Eulers theorem
gives x p1 1 mod p. Multiplying both sides by x gives x p x mod p.

The converse of this is not true. We saw in an exercise in Chapter 1 that there
exist positive integers n which are not prime but which satisfy xn x mod n for
every integer x. Such integers are called Carmichael numbers; the smallest is 561.

7.2. EVALUATION OF (N)

7.2

69

Evaluation of (n)

We now give a rule for calculating (n) for any integer n.

Theorem 7.4

(a) If p is prime and r > 0, then (pr ) = pr1 (p 1).

(b) If gcd(m, n) = 1, then (mn) = (m) (n).

(c) Suppose that n = pr11 prss , where p1 , . . . , ps are distinct primes and r1 , . . . , rs >
0. Then
s

i=1

i=1

(n) = pri i 1 (pi 1) = n (1 1/pi ).

Example 720 = 24 32 5, so
(720) = 23 (2 1)31 (3 1)50 (5 1) = 8 6 4 = 192.
Proof (a) Let n = pr , where p is prime and r > 0, The numbers less than n which
are coprime to n are precisely those which are not divisible by p. So, of the pr
possibilities, we have to remove pr1 multiples of p, so that (pr ) = pr pr1 =
pr1 (p 1).
(b) We use the Chinese Remainder Theorem (see Chapter 1). Suppose that
gcd(m, n) = 1. Given any x and y, there exists z such that
z x mod m,

z y mod n;

and these congruences have a unique solution mod mn. We show that gcd(z, mn) =
1 if and only if gcd(x, m) = 1 and gcd(y, n) = 1. This is true since any common
factor of z and mn must divide either m (and hence divides gcd(z, m) = gcd(x, m))
or n (and hence divides gcd(z, n) = gcd(y, n)). Conversely, a common factor of x
and m divides z and mn.
So if x1 , . . . , x (m) are all the integers less than m and coprime to m, and
y1 , . . . , y (n) are all the integers less than n and coprime to n, then for each pair i, j,
the Chinese Remainder Theorem gives us a number zi j congruent to xi mod m and
to y j mod n; these zi j are all coprime to mn, and are all distinct mod mn, and every
number less than mn and coprime to mn arises in this way. So (mn) = (m) (n).
(c) The result of (b) easily extends to the product of more than two pairwise
coprime integers. So we can apply it to the prime powers pr11 , . . . , prss to obtain the
first equality in (c). The second equality is a simple manipulation, since pr1 (p
1) = pr (1 1/p).

We need a technical result about Eulers function:

70

CHAPTER 7. EULERS TOTIENT FUNCTION

Proposition 7.5 Let d be a divisor of n. Then the number of integers x with 0

x n 1 and gcd(x, n) = d is (n/d).
Proof Let n = dm. We can write any such integer as x = dy, and when we cancel
the factor d from x and n there is no further common factor; so gcd(y, m) = 1.
There are (m) such numbers y; each of them, multiplied by d, gives a solution
of gcd(x, n) = d, and all solutions are obtained thus.


7.3

Orders of elements

Let n be a positive integer. The order of x mod n is the smallest positive integer d
such that xd 1 mod n (if such an integer d exists).
Proposition 7.6 The integer x has an order mod n if and only if gcd(x, n) = 1. If
so, then the order of x divides (n).
Proof If x has an order d, then xd 1 mod n, so gcd(xd , n) = 1, and certainly
gcd(x, n) = 1. Conversely, if gcd(x, n) = 1, then x (n) 1 mod n, so there certainly
do exist such integers; the order d is the smallest.
Write (n) = rq + r, where 0 r d 1, by the division algorithm. Then
1 x (n) = (xd )q xr xr mod n.
But r < d, and d was the smallest positive integer with this property. So we must
have r = 0, so that d divides (n), as claimed.

Example Let n = 12; we have (12) = 4, and the four integers smaller than and
coprime to 12 are 1, 5, 7, 11. Now we have
11 1,

52 1,

72 1,

112 1

mod 12. So these four integers have orders 1, 2, 2, 2 respectively. This shows that
not every divisor of (n) necessarily occurs as the order of an element mod n. In
the next section, we consider one very important case where every divisor does
indeed occur.
Remark How do we find the order of x mod n? One way would be to calculate
x, x2 , x3 , . . . mod n until we first reach one which is congruent to 1. But the order
must divide (n), so we only need test divisors of (n). For example, (10) = 4,
and 32 6 1 mod 10; so the order of 3 mod 10 must be 4.

7.4. PRIMITIVE ROOTS

7.4

71

Primitive roots

Let p be a prime number. An integer x is said to be a primitive root of p if x has

order p 1 mod p. (This is the largest possible order, since (p) = p 1.
Example Let p = 17. We find that 28 1 mod 17, so 2 is not a primitive root.
But 38 16 mod 17. So the order of 3 is a divisor of 16 but is not a divisor of 8;
thus 3 must be a primitive root of 17.
We show that primitive roots always exist. This depends on the following
lemma together with some clever counting.
Lemma 7.7 Let p be prime, and let d be a divisor of p 1. Then the number of
elements of order d mod p is either 0 or (d).
Proof Suppose that the number of such elements is not zero; so there is at least
one element of order d, say a. Then the numbers 1, a, a2 , . . . , ad1 are all distinct
mod p. For if, say, ai a j , where i < j, then a ji 1, with j i < d, contradicting
the definition of the order of a.
Next we show that these numbers are all the solutions of xd = 1 in Z p . For
Z p is a field, and the polynomial xd 1 of degree d cannot have more than d
solutions; but we have found d distinct solutions, so we have them all.
Finally, we show that am has order d if and only if gcd(m, d) = 1. If e divides
gcd(m, d), then (am )d/e = (ad )m/e 1, so am has order at most d/e. Conversely,
suppose that gcd(m, d) = 1, and choose integers u and v with mu + dv = 1. Let
b = am . Then bu = amu = a1dv a, so each of a and b is a power of the other,
and they must have the same order.
So the number of elements of order d is the number of values of m such that
gcd(m, d) = 1, which is just (d).

Now we are ready to prove the existence of primitive roots.
Theorem 7.8 Let p be prime. Then, for every number d dividing p 1, the number of elements of order d mod p is equal to (d). In particular, there are (p1)
primitive roots of p.
Proof Let (d) be the number of elements of order d mod p. We show:
(a)

(d) = p 1.

d|p1

(b)

d|p1

(d) = p 1.

72

CHAPTER 7. EULERS TOTIENT FUNCTION

(c) For any d, we have (d) (d).

From these equations it clearly follows that (d) = (d) for all d dividing
p 1, and the theorem is proved.
Proof of (a): By Proposition 7.5, the number of integers x with gcd(x, p 1) =
(p 1)/d is (d). But every non-negative integer y < p 1 satisfies gcd(y, p
1) = (p 1)/d for some d. So the equation just counts all these integers; we know
that the total is p 1.
Proof of (b): Every non-zero integer less than p has some order which divides
p 1; so this equation just counts them by their order, and again there are p 1
of them.
Proof of (c): Lemma 7.7 showed the stronger result that, for each d dividing
p 1, we have either (d) = 0 or (d) = (d).


7.5

The Mobius function

Another number-theoretic function which is closely connected with Eulers totient

is the Mobius function .
A positive integer n is squarefree if it is not divisible by any square greater
than 1; that is, m2 | n implies m = 1. So n is squarefree if and only if n is a product
of distinct primes. Now we define
n
r
(n) = (1)
0

if n = p1 p2 pr , where p1 , . . . , pr are distinct primes,

otherwise.

The most important property of the Mobius function is the following result
which is known as Mobius inversion. The sums in each of the two parts are over
all divisors of the positive integer n.
Theorem 7.9 Let f and g be functions defined on the set of positive integers. Then
the following are equivalent:
(a) g(n) = f (m);
m|n

(b) f (n) = g(m)(n/m).

m|n

The proof of this theorem requires a lemma.


7.5. THE MOBIUS
FUNCTION

73

Lemma 7.10 For any positive integer n, we have

n
1 if n = 1,
(m) = 0 otherwise.
m|n
Proof If n = 1, then the sum contains a single term (1) = 1.
Suppose that n > 1; let n = pa11 par r , where p1 , . . . , pr are distinct primes and
a1 , . . . , ar > 0. Since the Mobius function is zero on non-squarefree arguments,
the sum in the lemma is over the squarefree divisors of n, which are the products
of some of the primes p1 , . . . , pr . 
Now,
 if m is the product of k of these primes,
r
then (m) = (1)k ; and there are
(the binomial coefficient) ways to choose
k
k primes from the set of r. So
r  
r
(m) = k (1)k = (1 1)r = 0,
k=0
m|n


where we have used the Binomial Theorem.

Proof of the Theorem
Then

Suppose first that (b) holds. Call the sum in part (a) S.
!

S = f (m) =
m|n

m|n

g(k)(m/k)

k|m

The sum is over all pairs (m, k) with m | n and k | m. Putting m/k = l, we may sum
over all pairs (k, l) where k | n and l | (n/k), to get
!
(l) .

S = g(k)

k|n

l|(n/k)

By the Lemma, the inner sum is 1 if n/k = 1 and 0 otherwise. So the only term in
the outer sum is the one with k = n, and we conclude that
S = g(n).
Now assume that (a) holds, and call the sum in part (b) T . We have
!
T = g(m)(n/m) = (n/m)
m|n

m|n

f (k)

k|m

Again put l = m/k and sum over pairs (k, l) with k | n and l |= (n/k), to obtains
!
T = f (k)

k|n

l|(n/k)

(n/kl) .

74

CHAPTER 7. EULERS TOTIENT FUNCTION

Again the inner sum is zero unless n/k = 1 in which case it is 1, so

T = f (n).
Using this we have a formula for Eulers function:
Theorem 7.11 For a positive integer n,
(n) = m(n/m).
m|n

Proof We saw in part (a) in the proof of Theorem 7.8 that n = (m) (We
m|n

observed there that the argument did not depend on the fact that n is of the form
p 1 with p prime.) Now apply Mobius inversion.

Remark In combinatorics there is a much more general Mobius function, associated with an arbitrary partially ordered set. The number-theorists Mobius
function is a special case. See my Notes on Counting on the Web for this.

7.6

Appendix: An algebraic view

If you are familiar with the language of algebraic structures, some of the results
of this chapter can be re-written in more algebraic terminology.
Recall that Zn is the ring of integers modulo n. The units in this ring form a
group (with the operation of multiplication). We denote this group by U(n); it is
a group of order (n). Now we can re-write the second part of Theorem 7.4 as
follows:
Theorem 7.12 Let m and n be positive integers with gcd(m, n) = 1. Then
U(mn)
= U(m) U(n).
Here the notation A
= B means that the groups A and B are isomorphic, and A
B denotes the direct product of groups A and B, whose elements are the ordered
pairs (a, b) with a A and b B, with pointwise multiplication. The proof of
the theorem, using the Chinese Remainder Theorem, gives a bijection between
U(mn) and U(m) U(n), and it is straightforward to show that this bijection is an
isomorphism.
A group A is cyclic if it contains an element g such that every element of G is
a power of a. Theorem 7.8, on the existence of primitive roots, can be stated as
follows:

7.7. APPENDIX: CRYPTOGRAPHY

75

Theorem 7.13 Let p be prime. Then the group U(p) is cyclic.

What about the converse? It can be shown that the following is true (but I will
not do so here):
Theorem 7.14 Let n be a positive integer which is not a prime number. Suppose
that U(n) is a cyclic group (that is, there exists a primitive root of n). Then n = pa
or n = 2pa for some odd prime p and integer a > 1, or n = 4. Conversely, for
these values of n, the group U(n) is cyclic.
One can go on and determine the structure of the abelian group U(n) for every
positive integer n.
Carmichaels lambda-function (n) is defined to be the largest order of any
element of U(n). So we have (n) = (n) if and only if U(n) is cyclic. This
function has applications in cryptography, but we do not discuss it further here.

7.7

Appendix: Cryptography

Let g be a primitive root of p. Then, for any non-zero element h of Z p , there is

an exponent m in the range 0 m p 2 such that gm = h. However, finding m
is difficult, especially for large primes. If I asked you to find the number m such
that 2m 6 mod 11, you would probably have to resort to calculating powers of 2
mod 11 until 6 occurs.
This problem is known as the discrete logarithm problem, since we are in
essence finding the logarithm of h to base g in the finite field Z p . Its difficulty is
the basis for some of the earliest public-key cryptosystems, such as DiffieHellman
key exchange and the El-Gamal cryptosystem. I will briefly describe the former
of these.
Alice and Bob, who have never met, need to exchange a secret message. If they
both possessed some random information which nobody else knew, they could use
this as a key to encrypt and decrypt the message (for example, using a one-time
pad). But they can only communicate over an insecure line, and if Alice sent Bob
the key, then all the world would know it.
So they choose a (large) prime p and a primitive root g of p, and share these
so everyone knows p and g. Then
Alice chooses a random number a in the range 0 a p 2, calculates ga
mod p, and sends this to Bob.
Bob chooses a random number b in the range 0 b p 2, calculates gb
mod p, and sends this to Alice.

76

CHAPTER 7. EULERS TOTIENT FUNCTION

Then both Alice and Bob can compute (ga )b = (gb )a ; they use this as their
secret key.

Any interceptor is faced with the job of calculating gab from ga and gb . The obvious approach (and nothing better has been found) is to solve the discrete logarithm
problem to find, for example, a from ga , and then do Alices calculation (gb )a .
Thus it is the difficulty of the discrete logarithm problem that keeps the secret
secure!

Exercises
7.1

(a) Show that (n) is even if n > 2.

(b) Find all integers n satisfying (n) = 4.

(c) For any positive integer d, show that there are only finitely many integers n
satisfying (n) = d.
7.2

(a) How many primitive roots of 17 are there?

(b) Find them all.

Chapter 8
Quadratic residues and non-residues
Let p be an odd prime. In this section we are going to show how to decide whether
the congruence
x2 a mod p
has integer solutions, for any integer a not divisible by p.

8.1

Definition and basic properties

First, a definition: we say that a is a quadratic residue mod p if this congruence

has a solution, and a quadratic non-residue mod p if it does not. Clearly, if
a b mod p, then a is a quadratic residue mod p if and only if b is a quadratic
residue mod p; so we may (and often will) restrict our attention to a = 1, . . . , p1.
Example Let p = 7. The squares mod 7 are
12 = 1,

22 = 4,

32 = 2,

42 = 2,

52 = 4,

62 = 1;

so 1, 2, 4 are quadratic residues and 3, 5, 6 are non-residues.

Proposition 8.1 Of the p 1 numbers 1, 2, . . . , p 1, half of them are quadratic
residues and half are quadratic non-residues.
Proof Let g be a primitive root of p. (Recall that this means that g has order p1
mod p.) Then the p 1 numbers g0 , g1 , . . . , g p2 are all distinct, and so must be
congruent to 1, 2, . . . , p 1 in some order. We claim that gi is a quadratic residue
if and only if i is even. The result obviously follows.
If i is even, say i = 2 j, then gi (g j )2 is a quadratic residue.
Conversely, suppose that a = gi is a quadratic residue, say a = b2 . Let b g j .
Then gi = g2 j , so i 2 j mod p 1. But p 1 and 2 j are even; so i must also be
even.

77

78

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES

We learn something very important from the proof:

Proposition 8.2 Let g be a primitive root of the odd prime p. Let a be an integer
not divisible by p. Then a is a quadratic residue if and only if it is an even power
of g, and is a quadratic non-residue if and only if it is an odd power of g.
However, this is not a practical method. For both finding a primitive root g of
p, and expressing an arbitrary element of Z p as a power of g, are hard problems.
The second of these problems is the discrete logarithm problem, which we met in
the last chapter in connection with cryptography; it is the difficulty of this problem
which keeps information secure!
Example For p = 7, it can be checked that 3 is a primitive root. The powers of
3 mod 7 are
30 = 1,

31 = 3,

32 = 2,

33 = 6,

34 = 4,

35 = 5.

The even powers of 3 are thus 1, 2, 4, agreeing with what we found earlier.

8.2

The Legendre symbol

 
a
is defined by
We now introduce some notation. The Legendre symbol
p
  (0
a
= +1
p
1

if a is divisible by p,
if a is a quadratic residue mod p,
if a is a quadratic non-residue mod p.

We give four very important rules which enable us to calculate the value of the
Legendre symbol. (This is equivalent to deciding whether the congruence x2
a mod p has a solution. Actually finding a solution is quite a different matter!)
We saw that the hard method based on the discrete logarithm problem actually
finds a solution; this easy method does not.
Theorem 8.3 For any odd prime p and integers a and b, we have
    
ab
a
b
=
.
p
p
p

8.2. THE LEGENDRE SYMBOL

79

Theorem 8.4 For any odd prime p,



1
p

(p1)/2

= (1)


=

+1 if p 1 mod 4,
1 if p 3 mod 4.

Theorem 8.5 For any odd prime p,


 
2
+1 if p 1 or 7 mod 8,
(p2 1)/8
= (1)
=
1 if p 3 or 5 mod 8.
p

Theorem 8.6 For any two distinct odd primes p and q,

  
n
p
q
1 if p q 3 mod 4,
= (1)(p1)(q1)/4 =
+1 otherwise.
q
p

The fourth rule is known as the Theorem of Quadratic Reciprocity.

We stop here to see why the last inequality is true in each case. Of course,
(1)k is equal to +1 if k is even and 1 if k is odd. Now
(p 1)/2 is odd if and only if p 3 mod 4;
(p2 1)/8 is odd if and only if p 3 or 5 mod 8;
(p 1)(q 1)/4 = ((p 1)/2)((q 1)/2) is odd if and only if both (p
1)/2 and (q 1)/2 are odd.
We will prove these four rules in the remainder of the section. But first we will
have an example of their use, and an unexpected application of the second rule.

Example Is 38 a quadratic residue mod 43?

We could answer this by computing squares mod 43. But our four rules give

80

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES

us a much quicker method:

 
  
38
2
19
=
43
43  43

19
=
 43

43
=
 19 
5
=
 19 
19
=
 5
4
=
5
= +1

(Rule 1)
(Rule 3)
(Rule 4)
(43 5 mod 19)
(Rule 4)
(19 4 mod 5)
(4 22 mod 19),

so 38 is a quadratic residue mod 43.

Let us examine these 
stepsmore closely. The first is straightforward. In the
2
= 1. In the third, 43 and 19 are both congruent
second, 43 3 mod 8, so
43
  
19
43
to 3 mod 4, so the product
is 1; so the two Legendre symbols have
43
19
opposite signs. The fourth step is straightforward. In the fifth, 19 and 5 are not
both congruent to 3 mod 4, so the Legendre symbols have the same sign. The next
step is straightforward, and in the last step we observe that 4 is a square.
There are other ways we could proceed. For example, after the second step,
 


19
24

=
(19 24 mod 43)
43
43
  2  
1
2
6
=
(Rule 1)
43
43
 43

6
=
(Rule 2)
 43 
49
(6 49 mod 43)
=
43
= +1.

8.3

A Euclid-type theorem

We showed in Chapter 1 that there are infinitely many primes congruent to 3 mod
4, and deferred the proof in the other case. Now is the time to fulfil that promise.

8.4. PROOFS OF THE FIRST TWO RULES

81

Theorem 8.7 There are infinitely many primes congruent to 1 mod 4.

Proof Again we argue by contradiction. Suppose that p1 , . . . , pr were all the
primes congruent to 1 mod 4. Now let
x = 2p1 p2 pr ,

N = x2 + 1.

Let q be a prime divisor of N. Then q is odd. We have x2 1 mod q, so 1 is

a quadratic residue mod q. By Theorem 8.4, q 1 mod 4. Hence by assumption,
q must be one of the primes p1 , . . . , pr . But this is a contradiction, since N leaves
remainder 1 when divisible by each of these primes.


8.4

Proofs of the first two rules

In this section we prove the first two rules for the Legendre symbol (Theorems
8.38.4).
Proof of Rule 1 Let g be a primitive root of p. By Proposition 8.2, every integer
not divisible by p is congruent to a power of g, with the squares congruent to even
powers and the non-squares congruent to odd powers. Now the addition table for
exponents translates into the multiplication table for the integers as follows:
+
even odd
even even odd
odd odd even

square
non-square
square
square
non-square
square
non-square non-square


Proof of Rule 2 Again let g be a primitive root of p, and consider z = g(p1)/2 .

We have z2 = g p1 1 mod p, but z is not congruent to 1 mod p (since if it were,
the order of g would be at most (p 1)/2); so z 1 mod p. So 1 is a quadratic
residue or not depending on whether (p 1)/2 is even or odd, that is, on whether
p 1 or p 3 mod 4.

We can prove something a little more general:
Proposition 8.8 Let a be an integer not divisible by p. Then
 
a
a(p1)/2 mod p.
p

82

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES

Proof Let g be a primitive root of p, and a gi . Since g p1 1, we have


1
if i is even,
(p1)/2
a

g(p1)/2 if i is odd.
But we saw in the proof of Rule 2 that g(p1)/2 1 mod p.

Exercise Use this Proposition to give another proof of Rule 1.

8.5

Proofs of Rules 3 and 4

The proofs here depend on a method invented by Gauss. We fix an odd prime p.
Let S = {1, 2, . . . , (p 1)/2}. Noting that
(p 1)/2, . . . , 2, 1, 0, 1, 2, . . . , (p 1)/2
is a complete set of residues mod p, we see that any integer coprime to p is congruent to either an element of S, or the negative of one.
Now take any integer a not divisible by p. Then for any s S, the integer as
is congruent to an element of s or tne negative of one; we write
as = e(a, s)t(a, s),
where e(a, s) = 1 and t(a, s) S. For example, let p = 7, a = 4, s = 3. Then
as = 12 2 mod 7, so e(4, 3) = 1 and t(4, 3) = 2.
For any fixed a, consider the map s 7 t(a, s). This map takes S to itself. We
claim that it is injective. For suppose that t(a, s1 ) = t(a, s2 ). Then as1 as2
mod p, so p divides a(s1 s2 ). But since p does not divide a, and no element of
S is congruent to plus or minus another element, we must have s1 = s2 . Now an
injective map of a finite set is bijective. So for fixed a, the elements t(a, s) run
through S as s does.
The heart of Gausss method is the following result.
Proposition 8.9 With the above notation,
 
a
= e(a, s).
p
sS
Proof We have
a(p1)/2 s =
sS

as
sS

8.5. PROOFS OF RULES 3 AND 4

83
!

e(a, s)
sS

t(a, s)
sS

!
=

e(a, s)
sS

sS

(In the last line we use the fact that the elements t(a, s) run through all of S as s
does.) Now s is coprime to p and can be cancelled; so we get
sS

a(p1)/2 e(a, s) mod p.

sS

Now the result follows because

(p1)/2

 
a

mod p
p


by Proposition 8.8.
Example Let p = 11 and a = 3. Then
3 1 = +3
3 2 = 5
3 3 = 2
3 4 = +1
3 5 = +4

so
so
so
so
so

e(3, 1) = +1
e(3, 2) = 1
e(3, 3) = 1
e(3, 4) = +1
e(3, 5) = +1


3
= +1. Indeed, 3 52 mod 11.
So
11
Before going on to the proofs, let us note that Rule 2 follows very easily from
this. Multiplying S by 1 takes each element to its negative. So e(1, s) = 1
for all s S, and
 
1
= (1)|S| = (1)(p1)/2 .
p


Proof of Rule 3 We split into cases depending on the congruence of p mod 8:

p = 8k + 1: Multiplying s by 2 gives
2, 4, . . . , 4k, 4k + 2 = (4k 1), . . . , 8k = 1;
there are 2k positive and 2k negative terms, so the product is +1.

84

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES

p = 8k + 3: Multiplying S by 2 gives
2, 4, . . . , 4k, 4k + 2 = (4k + 1), . . . , 8k + 2 = 1;
there are 2k positive and 2k + 1 negative terms, so the product is 1.
p = 8k + 5: Multiplying S by 2 gives
2, 4, . . . , 4k + 2, 4k + 4 = (4k + 1), . . . , 8k + 4 = 1;
there are 2k + 1 positive and 2k + 1 negative terms, so the product is 1.
p = 8k + 7: Multiplying S by 2 gives
2, 4, . . . , 4k + 2, 4k + 4 = (4k + 3), . . . , 8k + 6 = 1;
there are 2k + 1 positive and 2k + 2 negative terms so the product is 1.

Gauss gave many different proofs of Rule 4, the Law of Quadratic Reciprocity;
we will make do with just one. We need a lemma:
Lemma 8.10 Let q be an odd integer not divisible by the odd prime p. Then
e(q, s) = (1)bt(2,s)q/pc .
Proof We have sq e(q, s)t(q, s) mod p, so
sq = kp + e(q, s)t(q, s)
for some integer k. Hence
2t(q, s)
2sq
= 2k + e(q, s)
.
p
p
Now t(q, s) S = {1, . . . , (p 1)/2}; so 0 < 2t(q, s) < p. So the second term in
the above equation is a fraction between 0 and 1. Hence
 

2sq
2k
if e(q, s) = +1,
=
2k 1 if e(q, s) = 1,
p
while


 
2sq
2k 1 if e(q, s) = +1,
=

2k
if e(q, s) = 1.
p
Also, 2s {2, . . . , p 1}, so either 2s = t(2, s) or 2s = p t(2, s). We treat the
two cases separately.
If 2s = t(2, s), then we see that bt(2, s)q/pc is even if e(q, s) = +1 and odd if
e(q, s) = 1, so the conclusion of the lemma is true.
If 2s = p t(2, s), then
2sq
t(2, s)q
= q
,
p
p
so the argument applies with the parities reversed (here we use that q is odd). 

8.5. PROOFS OF RULES 3 AND 4

85

Proof of Rule 4 Let p and q be distinct odd primes. Put S p = {1, . . . , (p 1)/2}
and Sq = {1, . . . , (q 1)/2}. We have
 
p
= e(p, s)
q
sSq
=

(1)bt(2, s)p/qc

sSq

bt(2, s)p/qc

sSq

= (1)

Now, as s takes the (q 1)/2 distinct values in Sq , then t(2, s) also takes these
values once each; so
 
bsp/qc
p
sSq
= (1)
.
q
Similarly
 
btq/pc
q
tS p
= (1)
.
p
So we have

  
p
q
= (1)1 +2 ,
q
p

where 1 and 2 are the summations in the two preceding formulae.

We are going to show that 1 + 2 = (p 1)(q 1)/4.
Let
T = {(sp,tq) : 1 s (q 1)/2, 1 t (p 1)/2}.
Clearly |X| = (p 1)(q 1)/4. Also we can divide T into two parts T1 and T2 by
T1 = {(sp,tq) T : sp > tq},

T2 = {(sp,tq) T : sp < tq}.

(We cannot have sp = tq, since this would imply that q divides s, contradicting
1 s (q 1)/2.)
Suppose that (sp,tq) T1 , so that sp > tq. Then 1 t bsp/qc, so there are
bsp/qc points in T1 with a given first coordinate sp. So the sum 1 is precisely the
number of points in T1 .
Similarly 2 is the number of points in T2 . So altogether we have 1 + 2 =
|T | = (p 1)(q 1)/4.
We conclude that
  
p
q
= (1)(p1)(q1)/4 ,
q
p

86

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES



and the theorem is proved.

Here is a diagram illustrating the case p = 5, q = 11; so 1 s (111)/2 = 5

and 1 t (5 1)/2 = 2.

2 = 6
4

22

T2

11

T1

 
tq
tq
p
sp


10

15

20


sp
0
q

We have |T1 | = 4, |T2 | = 6, and

|T | = 4 + 6 = 10 =

5 1 11 1

.
2
2

Exercises
8.1 Calculate the following Legendre symbols:


36
(a)
109


26
(b)
109

25

2 1 = 4

8.5. PROOFS OF RULES 3 AND 4


(c)

7
103

87

 
x
8.2 (a) Let p be an odd prime. Show that there is an integer x such that
=
p


x+1
= 1.
+1 and
p
(b) Let p = 71. Find the smallest positive integer which is a quadratic nonresidue mod p.
8.3 Let p1, . . 
. , pr be odd primes, and let q be a prime divisor of (p1 pr )2 2.
2
Show that
= +1, and deduce that q 1 mod 8.
q
Hence show that there are infinitely many primes p satisfying p 1 mod 8.

88

CHAPTER 8. QUADRATIC RESIDUES AND NON-RESIDUES

Chapter 9
Sums of squares
In this chapter we are going to decide which integers can be written as the sum of
two squares, or the sum of four squares.

9.1

Sums of two squares

In Chapter 6, we found which primes can be written as the sum of two integer
squares. Now we will extend this to arbitrary positive integers.
Let n be any positive integer. Then we can write n = a2 b where a, b are positive
integers and b is squarefree. (Write down the prime factorisation of n. Let b be the
product of all the primes which occur to an odd power in the factorisation. Then b
is squarefree, and n/b has all its prime factors occurring to an even power, so n/b
is a square.) For example,
1440 = 25 32 5 = 122 10,
where 10 is squarefree.
In the above representation, we call b the squarefree part of n.
Theorem 9.1 The positive integer n is the sum of two squares of integers if and
only if the squarefree part of n has no prime factors congruent to 3 mod 4.
In the example, 10 = 2 5 has no prime factor congruent to 3 mod 4, so 1440
is the sum of two squares. Indeed
1440 = 122 10 = 122 (32 + 12 ) = 362 + 122 .
Proof First we have to show that every number which satisfies this condition can
be written as the sum of two squares. This uses the following fact. Suppose that
89

90

CHAPTER 9. SUMS OF SQUARES

two numbers a and b are each the sum of two squares. Then so is their product.
For, if a = x2 + y2 and b = u2 + v2 , then
ab = (x2 + y2 )(u2 + v2 ) = (xu yv)2 + (xv + yu)2 ,
as is easily verified. (The fact that
(x2 + y2 )(u2 + v2 ) = (xu yv)2 + (xv + yu)2
is called the two-squares identity.)
Now any number satisfying the conditions of the theorem is a product of factors of the following types: a square; the prime 2; and primes congruent to 1
mod 4. Now all of these are sums of two squares: a2 = a2 + 02 ; 2 = 12 + 12 ; and
the conclusion for primes congruent to 1 mod 4 was shown in Theorem 6.8. So
the product of such numbers is the sum of two squares.
For example, 340 = 22 5 17, and 5 = 12 + 22 , 17 = 12 + 42 . We have
85 = (12 + 22 )(12 + 42 ) = 92 + 22 ,
and
340 = (22 + 02 )(92 + 22 ) = 182 + 42 .
Now we turn to the converse. Suppose that n = x2 + y2 . We have to show that
no prime congruent to 3 mod 4 divides the squarefree part of n; in other words, if
p is a prime congruent to 3 mod 4, then the power of p which divides n is even.
Our proof will be by induction on n. Clearly n = 1 has no prime divisors at all, so
the induction starts. So suppose that the result is true for all numbers less than n.
Suppose that p divides n, where p 3 mod 4. We claim that p divides both
x and y. For suppose not. Then x2 + y2 0 mod p. If p does not divide x, then
there is an inverse z of x mod p;and 
(xz)2 + (yz)2 0 mod p. But xz 1 mod p;
1
so (yz)2 1 mod p, whence
= +1, contradicting Rule 2. So the claim
p
is proved.
Now write x = pu and y = pv; then n = p2 (u2 + v2 ), so p2 divides n, and
n = p2 m, where m = u2 + v2 . By the induction hypothesis, the power of p dividing
m is even; so the same is true for n, and we are done.


9.2

Sums of four squares

In this section, as a companion piece, we will prove a theorem of Lagrange:

Theorem 9.2 Every positive integer can be written as the sum of four squares of
integers.

9.2. SUMS OF FOUR SQUARES

91

Proof In the two-squares theorem we used the identity

(a2 + b2 )(x2 + y2 ) = (ax by)2 + (ay + bx)2 .
There is a similar identity for four squares:
(a2 + b2 + c2 + d 2 )(w2 + x2 + y2 + z2 )
= (aw bx cy dz)2 + (ax + bw + cz dy)2
+ (ay bz + cw + dx)2 + (az + by cx + dw)2 .
This can be proved just by multiplying it out.
Because of the four-squares identity, we see that if two numbers can be written
as the sum of four squares, then so can their product. So to prove that every
positive integer can be so written, it is enough to show that every prime number is
the sum of four squares. We do this by dividing the primes into three classes:
The prime 2

We have 2 = 12 + 12 + 02 + 02 .

Primes congruent to 1 mod 4 By Theorem 6.8, these primes can be written as

the sum of two squares, say p = x2 + y2 . So we simply put
p = x2 + y2 + 02 + 02 .
Primes congruent to 3 mod 4 This case is the hardest. We proceed in two steps.
Let p be a prime with p 3 mod 4.
Step 1: We can find a positive integer r such that rp is a sum of four squares.
Of the numbers 1, . . . , p 1, half are quadratic residues (including 1) and half
are non-resudues. Let a + 1 be the smallest quadratic non-residue. Since 1 is
also a quadratic non-residue, we see that a and (a + 1) are quadratic residues:
say x2 a, y2 (a + 1) mod p. Then 02 + 12 + x2 + y2 0 mod p; so 02 + 12 +
x2 + y2 = rp for some positive integer r.
Step 2: If rp is the sum of four squares and r > 1, then there is an integer s
with 0 < s < r such that sp is a sum of four squares.
For suppose that rp = a2 + b2 + c2 + d 2 with r > 1, and suppose for a contradiction that no smaller multiple of p is the sum of four squares. We may assume
that p/2 < a, b, c, d < p/2. For changing a by a multiple of p does not change
the fact that the sum of squares is a multiple of p; and there is a unique element a0
of the congruence class of a with smallest modulus, satisfying p/2 < a0 < p/2.

92

CHAPTER 9. SUMS OF SQUARES

Replacing a by a0 would reduce the sum of squares, which by assumption is not

possible. Similarly for b, c, d. Then
rp = a2 + b2 + c2 + d 2 < 4(p/2)2 = p2 ,
so r < p.
Now there is a unique number w with r/2 < w r/2 and w a mod r.
Define x, y, z similarly but with a twist: for example, r/2 < x r/2 and x b
mod 4. Then
w2 + x2 + y2 + z2 a2 + b2 + c2 + d 2 0 mod r,
so w2 + x2 + y2 + z2 = rs for some integer s. The inequalities on w, x, y, z show that
rs = w2 + x2 + y2 + z2 4(r/2)2 = r2 ,
so s r.
Could equality hold? If so then w = x = y = x = r/2, and so a, b, c, d are all
congruent to r/2 mod r. But then
rp = a2 + b2 + c2 + d 2 4(r2 /4) 0 mod r2 ,
so r2 divides rp, and r divides p; a contradiction since p is prime and r < p. So
in fact s < r.
Now we have rp and sr both written as the sum of four squares. The foursquares identity now expresses their product r2 sp as the sum of four squares.
Looking more closely at the identity, we observe that each term is a multiple of r.
For recall that w a, x b, y c, and z d mod r; so
wa xb yc zd a2 + b2 + c2 + d 2 0 mod r,
and
wb + xa + yd zc ab ab cd + cd 0 mod r,
with a similar calculation for the other two terms. So
sr2 p = (re)2 + (r f )2 + (rg)2 + (rh)2 ,
and cancelling r2 we have written sp as the sum of four squares.
This completes the proof.

9.3. TWO SQUARES REVISITED

93

Example Let us apply the method of proof to the prime p = 7. The smallest
quadratic non-residue is 3, and 3 22 , 2 32 . We find that
02 + 12 + 22 + 32 = 14 = 2 7.
Reducing mod 2, we have
02 + 12 + 02 + 12 = 2 = 1 2.
The four-squares identity gives (ignoring minus signs)
42 + 22 + 22 + 22 = 1 22 7,
and cancelling 22 gives 22 + 12 + 12 + 12 = 7.

9.3

Two squares revisited

We used Legendres continued fraction method to express a prime congruent to

1 mod 4 as a sum of two squares. This can also be done by Lagranges method,
similar to the argument in the four-squares proof. The two steps are almost the
same as in that proof.
Step 1: There is a positive number r < psuch 
that rp is the sum of two squares.
1
For the congruence of p mod 4 shows that
= +1, so that there is a positive
p
integer x (less than p/2) satisfying x2 1 mod p; that is, rp = x2 + 12 .
Step 2: If rp is the sum of two squares, with r > 1, then there exists s < r such
that sp is the sum of two squares. For take the equation
rp = a2 + b2
and reduce mod r to get
rs = x2 + y2 ,
where x, y are congruent to a and b respectively mod r, and |x|, |y| r/2 (so that
s < r). Use the two-squares identity to get
r2 sp = (a2 + b2 )(x2 + y2 ) = (ax by)2 + (ay + bx)2 .
Now both ax by and ay + bx are divisible by r. (For, modulo r, we have x a
and y b, and so ax by a2 + b2 0 and ay + bx ab + ab = 0). Say

94

CHAPTER 9. SUMS OF SQUARES

ax by = ru and ay + bx = rv; then we can divide the last displayed equation by

r2 to get
sp = u2 + v2 .
Now repeating this process, we must eventually reach an expression for p as
the sum of two squares.
Example: p = 29.
First lets remember how we expressed p as the sum of two squares. We

calculated the continued fraction for p, expressing the intermediate quantities

in the calculation as ym = (Pm + p)/Qm . For the assumed congruence on p, the

period of the continued fraction will be odd, say 2k + 1, and when we reach the
2 + Q2
point just past half-way, we will have the required expression: Pk+1
k+1 = p.
For p = 29, we have

a0 = b 29c = 5,
a1 = by1 c = 2,
a2 = by2 c = 1,

1
29 + 5
y1 =
=
4
29 5

29 + 3
4
=
y2 =
5
29 3

5
29 + 2
y3 =
=
5
29 2

and we have 29 = 22 + 52 .

You should complete the calculation to show that 29 = [5; 2, 1, 1, 2, 10].

 let us apply Lagranges method. First, since 29 1 mod 4, we know that
 Now
1
= +1, so there is a solution of x2 + 1 0 mod 29. By trial, we find that
29
122 + 12 = 5 29.
Reducing this equation mod 5, we have
22 + 12 = 5 1.
By the two-squares identity, multiplying the two expressions gives
52 1 29 = (122 + 12 )(22 + 12 ) = 252 + 102 ,
so 29 = 52 + 22 .

9.4. SUMS OF THREE SQUARES

9.4

95

Sums of three squares

You might wonder: do we really need four squares? Two are not enough, what
about three? Since squares are congruent to 0, 1 or 4 mod 8, no sum of three
squares can be congruent to 7 mod 8. Moreover, if 4n is the sum of three squares,
then each of the squares must be even (three or fewer odd squares cannot add up
to a multiple of 4, since squares are congruent to 0 or 1 mod 4), so n is also such
a sum. This proves the easy direction in the following theorem:
Theorem 9.3 Every positive integer can be written a the sum of three squares of
integers except for those of the form 4a (8b + 7) for a, b 0.
But this is more difficult to prove, and we will not give the proof.

9.5

Where do these identities come from?

You might recognise that the two-squares identity has something to do with the
complex numbers. We have
|a + bi|2 = a2 + b2 ,
and the two-squares identity
(a2 + b2 )(x2 + y2 ) = (ax by)2 + (ay + bx)2
just says that |z1 |2 |z2 |2 = |z1 z2 |2 , since if z1 = a + bi and z2 = x + yi then
z1 z2 = (ax by) + (ay + bx)i
(using the fact that i2 = 1).
The four-squares identity comes in the same way from another number system,
the quaternions. A quaternion has the form
a + bi + cj + dk,
where a, b, c, d are real numbers; the units satisfy the multiplication rules
i2 = j2 = k2 = 1
and
ij = ji = k,

jk = kj = i,

ki = ik = j.

96

CHAPTER 9. SUMS OF SQUARES

The norm of the quaternion z = a + bi + cj + dk is given by

|z|2 = a2 + b2 + c2 + d 2 ,
and it is an exercise to show that the four-squares identity once again expresses
the fact that the norm is multiplicative, that is, |z1 |2 |z2 |2 = |z1 z2 |2 .
There is a similar eight-squares identity, derived from the multiplication on an
eight-dimensional number system called the octonions or Cayley numbers (actually invented by Graves). More surprisingly, the pattern does not continue; there
is no similar sixteen-squares identity, and indeed no identity for any other number
of squares except one, two, four and eight.

9.6

Pythagoras and Fermat

Every perfect square is the sum of two squares: x2 = x2 + 02 . Indeed, this was
one of the base cases that we used in proving Theorem 9.1 determining those
positive integers which are sums of two squares. But things are very different if
we ask which perfect squares are the sum of two squares of positive integers. The
smallest such is 25: 32 + 42 = 52 .
The equation x2 +y2 = z2 is associated with Pythagoras. Not only did he prove
his famous theorem asserting that this holds if z is the hypotenuse of a rightangled triangle and x and y are the other two sides, but he also gave a rule for
finding all the solutions of this equation in positive integers. (The famous solution
32 + 42 = 52 gives a right-angled triangle which had been used by surveyors since
before the time of Pythagoras. Take a loop of string with twelve equally-spaced
knots. Taking hold of the appropriate knots and pulling the string tight gives a
right angle.)
Theorem 9.4 Let x, y and z be positive integers satisfying x2 +y2 = z2 . Then there
are positive integers d, s,t with gcd(s,t) = 1, such that, after interchanging x and
y if necessary, we have
x = 2std,

y = (s2 t 2 )d,

z = (s2 + t 2 )d.

Note that s = 2, t = 1, d = 1 gives the solution (x, y, z) = (3, 4, 5).

Proof We use the following principle: if ab = c2 and gcd(a, b) = 1, then each
of a and b is a square. For any prime divisor of ab occurs to an even power, and
must occur in one of a and b and not the other; so each of a and b is a product of
even powers of primes, and so is a square. More generally, if the product of any
number of pairwise coprime factors is a square, then each factor is a square.

9.6. PYTHAGORAS AND FERMAT

97

In a similar way, if ab = c2 where gcd(a, b) = 2, then a = 2m2 and b = 2n2 for

some integers m, n. (Just replace a and b by a/2 and b/2; these are coprime and
their product is (c/2)2 , so each is a square.)
Now suppose that x2 + y2 = z2 .
any common factor of two of x, y, z must divide the third, and we can divide
through by it and get a smaller solution. So we can assume that x, y, z are
pairwise coprime, by dividing by their gcd (say d).
Since squares are congruent to 0 or 1 mod 4, the only solutions to our equation mod 4 are 0 + 0 = 0 and 0 + 1 = 1. Since the variables are pairwise
coprime, we can assume the latter: that is, (swapping x and y if necessary)
x is even, y and z are odd.
Now x2 = z2 y2 = (z + y)(z y), and gcd(z + y)(z y) = 2. (For both z + y
and z y are even, so there is a common factor 2; and if d is the gcd, then d
divides both (z + y) + (z y) = 2z and (z + y) (z y) = 2y, so d = 2.) So
z y = 2s2 and z + y = 2t 2 for some (coprime) integers s and t. Now

x2 = 4s2t 2 , so x = 2st;
y = ((z + y) (z y))/2 = s2 t 2 ;
z = ((z + y) + (z y))/2 = s2 + t 2 .

In the seventeenth century, Pierre de Fermat wrote a note in the margin of

his copy of the book on number theory by the Greek mathematician Diophantus.
The note was opposite the place where Diophantus gave the preceding theorem of
Pythagoras. Fermat claimed that he had a truly wonderful proof that, for any
n > 2, the equation xn + yn = zn has no solution in positive integers, but the margin
where he was writing was too small to contain it.
Mathematicians took up the challenge of trying to find the proof of what became known, ironically, as Fermats Last Theorem. Finally in the 1990s, Andrew
Wiles succeeded in finding a proof. But his proof was very long and complicated, and used many concepts which had not been invented in Fermats time.
Moreover, no evidence of such a proof was ever found in Fermats papers. It is
generally believed now that he didnt have a proof; perhaps he thought he had one
but it contained a mistake.
We certainly cannot prove Wiles Theorem here. But as an illustration, we
prove a simple case:
Theorem 9.5 The equation x4 + y4 = z4 has no solution in positive integers x, y, z.

98

CHAPTER 9. SUMS OF SQUARES

Proof We actually consider a slightly different equation, namely x4 + y4 = z2 . If

we show that this equation has no solution, then the equation of the theorem has
no solution either, since if x, y, z satisfy the equation in the theorem, then x, y, z2
satisfy the modified equation.
Suppose that x4 + y4 = z2 , where x, y, z are positive integers. We may suppose that this is the solution with the smallest possible value of z. Then x, y, z
are pairwise coprime, since if there were a common prime factor p of any two
of them it would divide the third and we could replace the solution (x, y, z) by
(x/p, y/p, z/p2 ). So one of x2 and y2 is even; without loss of generality, x is even.
Since (x2 )2 + (y2 )2 = z2 , we can apply Pythagoras to conclude that
x2 = 2st,

y2 = s2 t 2 ,

z = s2 + t 2 ,

where gcd(s,t) = 1.
Applying Pythagoras to the equation t 2 + y2 = s2 (remembering that y is odd),
we have
t = 2uv, y = u2 v2 , s = u2 + v2 ,
where gcd(u, v) = 1. It follows that gcd(u, u2 + v2 ) = gcd(v, u2 + v2 ) = 1. Then
x2 = 2st = 4uv(u2 + v2 ), so that uv(u2 + v2 ) is a square. Since the factors are
pairwise coprime, we have u = m2 , v = n2 , and u2 + v2 = r2 . Thus
m4 + n4 = r2 .
But r u2 + v2 = s < s2 + t 2 = z, so we have (m, n, r) is a solution of the
original equation smaller than the solution (x, y, z), which we assumed to be the
smallest. This contradiction shows that no solution can exist.


9.7

Open problems

Just to show that we dont know everything, here are three problems which are
still unsolved despite a lot of effort from many mathematicians:
Goldbachs Conjecture:
prime numbers.

Every even number greater than 2 is the sum of two

The conjecture is known to be true for all small even numbers (less than
1018 ).
Note that we can decide whether n is the sum of two primes in a finite amount
of time: we only have to check the numbers a with 1 a n/2 to see whether a
and n a are prime. By contrast, if you conjecture instead that any even number
is the difference of two primes, you do not know a priori how long it will take to
check a given value. Of course, 2 is the difference of two primes: 2 = 5 3. But
a famous related problem is currently unsolved:

9.8. APPENDIX: AN ALGEBRAIC PROOF

99

The twin-primes conjecture: There are infinitely many pairs of primes differing by 2.
The last of the three problems has a different flavour.
The congruent number problem: Decide for which positive integers n there
exists a right-angled triangle of area n with all sides rational.
The numbers 1, 2, 3, 4 are not congruent, but 5, 6, 7 are. 157 is a congruent
number, but the simplest right-angled triangle with rational sides and area 157
has hypotenuse
2244035177043369699245575130906674863160948472041
.
8912332268928859588025535178967163570016480830
Andrew Wiles, who proved Fermats Last Theorem, has said that the congruent number problem is even harder!
Here is what Wiles had to say about doing mathematical research, in an interview with Simon Singh for the Horizon program about Fermats Last Theorem:
Perhaps I can best describe my experience of doing mathematics in
terms of a journey through a dark unexplored mansion. You enter
the first room of the mansion and its completely dark. You stumble
around bumping into furniture, but gradually you learn where each
piece of furniture is. Finally after six months or so, you find the light
switch, you turn it on, and suddenly its all illuminated. You can see
exactly where you were. Then you move into the next room and spend
another six months in the dark. So each of these breakthroughs, while
sometimes theyre momentary, sometimes over a period of a day or
two, they are the culmination of and couldnt exist without the
many months of stumbling around in the dark that preceded them.
Look at http://www.maths.qmul.ac.uk/~pjc/comb/quotes.html#work
for more quotes by mathematicians about how they make their discoveries.

9.8

Appendix: an algebraic proof

The fact that a prime congruent to 1 mod 4 is a sum of two squares can be proved
in many different ways; we have already seen two. Here is a third, which depends
on algebraic properties of a certain ring.
A Gaussian integer is a number of the form a + bi, where a, b Z. The Gaussian integers form a ring R; you may have learnt in Algebraic Structures I that this

100

CHAPTER 9. SUMS OF SQUARES

ring is a principal ideal domain. You dont need to know the definition of this;
but it implies that, if p is prime and p divides ab, then either p divides a or p
divides b.
 
1
Let p be a prime congruent to 1 mod 4. We know that
= +1, so there
p
is an integer x such that p divides x2 + 1 = (x + i)(x i).
Suppose that p is prime in R. Then p must divide one of the factors x i,
which is impossible, since the quotient x/p i/p is not a Gaussian integer.
So p is composite in R, say p = (a + bi)(c + di). Taking the complex conjugate gives p = (a bi)(c di). Multiplying these two equations, we obtain the
equation p2 = (a2 + b2 )(c2 + d 2 ). This is an equation in the integers; since p is
prime and neither factor on the right is equal to 1, we must have p = a2 + b2 (and
also p = c2 + d 2 ) that is, p is the sum of two squares.

Exercises
9.1 Which of the following numbers can be written as the sum of two squares?
Give such an expression if it exists, and explain why not if not.
(a) 120
(b) 720
(c) 8633
9.2 A triangular number is a number of the form n(n + 1)/2, for n 0. Express
each integer between 10 and 20 inclusive as a sum of three triangular numbers.

Chapter 10
Quadratic forms
A quadratic form over Z in the variables x1 , . . . , xn is an expression of the form
f (x1 , . . . , xd ) =

ai j xi x j ,

1i jd

where the coefficients ai j are integers. If there are d variables, we call it a d-ary
quadratic form. For d = 2, 3, 4 we use the terms binary, ternary and quaternary.
In this chapter we are only concerned with binary quadratic forms.
Given an d-ary quadratic form f and an integer n, do there exist integers
x1 , . . . , xd such that f (x1 , . . . , xd ) = n? If so, we say that the integer n is represented by the form f . We are interested in the question:
Which integers are represented by a given quadratic form?
Note that f (0, 0, . . . , 0) = 0, so any quadratic form represents 0.
We solved this question for the quadratic forms x12 + x22 and x12 + x22 + x32 + x42
in the last chapter.
A quadratic form f is called
positive definite if it only represents positive integers apart from f (0, 0, . . . , 0) = 0;
negative definite if it only represents negative integers apart from f (0, 0, . . . , 0) = 0;
indefinite if it represents both positive and some negative integers.
In this chapter, we only consider binary quadratic forms (forms in two variables), and write such a form as f (x, y) = ax2 + bxy + cy2 .
Example The quadratic form x2 + y2 is positive definite, and represents precisely zero and those positive integers whose squarefree part has no prime divisor
congruent to 3 mod 4.
101

102

CHAPTER 10. QUADRATIC FORMS

Example The quadratic form x2 y2 is indefinite. It represents precisely those

integers (positive or negative) which are not congruent to 2 mod 4. For, if n is odd,
say n = 2k + 1, then n = (k + 1)2 k2 , while if n is a multiple of 4, say n = 4k,
then n = (k + 1)2 (k 1)2 . But x2 y2 cannot be congruent to 2 mod 4, since
squares are congruent to 0 or 1 mod 4.
Example The quadratic form ax2 + bxy + xy2 represents the integer a (since
f (1, 0) = a).
Example The quadratic form 4x2 + 12xy + 9y2 satisfies none of our three conditions, since f (3, 2) = 0.

10.1

Linear forms and degenerate quadratic forms

Let us take a step back and solve an easier question: Which integers are represented by linear forms?
Proposition 10.1 The equation ax + by = n has a solution in integers x and y if
and only if gcd(a, b) divides n.
Proof Let d = gcd(a, b). If the equation has a solution, then d | a and d | b, so
d | ax + by = n. Conversely, suppose that d | n, say n = md. By Euclids algorithm,
we can find integers u, v such that au + bv = d; then ax + by = n, with x = mu,
y = mv.

As an exercise, you should find all solutions to the equation ax + by = n.
A binary quadratic form is called degenerate if it is a multiple of a square of a
linear form, say k(ax + by)2 .
Corollary 10.2 The degenerate form k(ax + by)2 represents the integers of the
form k(md)2 for m Z, where d = gcd(a, b).
For example, the form 4x2 + 12xy + 9y2 = (2x + 3y)2 is degenerate, and represents precisely the perfect squares.
Remark A degenerate quadratic form falls into none of the three classes we
described earlier: for if f (x, y) = k(ax + by)2 , then f (b, a) = 0. Conversely, a
form which falls into none of these classes is degenerate.

10.2. MATRIX, DISCRIMINANT, EQUIVALENCE

10.2

103

Matrix, discriminant, equivalence

2
Let f (x, y) = ax2+ bxy + cy
 be a quadratic form. We define the matrix of the
2a b
form to be M =
, and the discriminant of the form to be b2 4ac =
b 2c
det(M).
Note that

 
2a b
x
1
.
f (x, y) = 2 ( x y )
b 2c
y

Following the notation from Linear Algebra I, we write this using column
vectors as
f (x, y)) = 12 v> Mv,
 
x
where v =
.
y
Proposition 10.3 A quadratic form is
indefinite if its discriminant is positive;
positive definite if its discriminant is negative and a, c > 0;
negative definite if its discriminant is negative and a, c < 0;
degenerate if its discriminant is zero.
Proof Assume that a 6= 0. Then calculation shows that
ax2 + bxy + cy2 =

1
(2ax + by)2 (b2 4ac)y2 .
4a

If b2 4ac > 0, then clearly this takes both positive and negative values. (If
y = 0, the quantity in brackets is positive, while if y = 2a, x = b, then it is
negative.) If b2 4ac < 0, then 4ac < 0 and a, c have the same sign; and the
values taken by the form have the same sign as a, since the quantity in brackets is
a sum of squares with positive coefficients. Finally, if b2 4ac = 0, then the form
is (1/4a)(2ax + by)2 , which is degenerate.
If c 6= 0, then the same argument applies with a and c reversed.
If a = c = 0, then f (x, y) = bxy. If b 6= 0, the form is indefinite putting x = 1,
y = 1, we get the values b. Its discriminant is b2 , which is positive. If b = 0,
the form is (very) degenerate!


104

CHAPTER 10. QUADRATIC FORMS

Example The form x2 + 3xy + 5y2 has discriminant 9 20 < 0, so is positive

definite. The form x2 + 3xy + y2 has discriminant 9 4 = 5, so is indefinite.
What are the possible discriminants of quadratic forms?
Proposition 10.4 An integer d is the discriminant of a quadratic form if and only
if d 0 or 1 mod 4.
Proof We have d = b2 4ac; and b2 0 or 1 mod 4, while 4ac 0 mod 4.
Conversely, if d 0 mod 4, then d = 4e, and x2 ey2 has discriminant d; and
if d 1 mod 4, then d = 4e + 1, and x2 + xy ey2 has discriminant d.

We can break the representation problem into two, hopefully more tractable,
parts:
Which quadratic forms have given discriminant d?
Which integers are represented by forms of discriminant d?
First we define an equivalence relation on quadratic forms, so that equivalent
forms have the same discriminant and represent the same integers.
Let P be a 2 2 matrix with integer entries. If det(P) = 1, then P has an
inverse which is also a matrix with integer entries. For if ps qr 6= 0, then


p
r

q
s

1

1
=
ps qr

s
r


q
.
p

We call the matrix P unimodular if its determinant is 1.

Now let f and f 0 be quadratic forms with matrices M and M 0 respectively. We
say that f and f 0 are equivalent if there is a unimodular matrix P such that
M 0 = P> MP.
Proposition 10.5
tion.

(a) Equivalence of quadratic forms is an equivalence rela-

(b) Equivalent forms have the same discriminant and represent the same integers.
Proof (a) is straightforward using the fact that the identity is unimodular and
products and inverses of unimodular matrices are unimodular.
[If you have taken the course Algebraic Structures I, there is another way to
view this theorem. The unimodular matrices form a group, called the special
linear group and denoted SL(2, Z); this group acts on the set of quadratic forms,

10.2. MATRIX, DISCRIMINANT, EQUIVALENCE

105

and two forms are equivalent if and only if they lie in the same orbit of the group.]
(b) Calculate. If det(P) = 1 and M 0 = P> MP then
det(M 0 ) = det(P) det(M) det(P) = det(M),
since det(P> ) = det(P). Also, if n is represented by f 0 , then there exist x and y
such that
 
x
>
( x y ) P MP
= n.
y
Now put
 0
 
x
x
=P
;
0
y
y
then
( x0

y0 ) M

 0
x
= n,
y0

so n is represented by f . The converse follows using the fact that the relation of
equivalence is symmetric (or by using the inverse of the matrix P).

 Suppose
 that the quadratic form f is represented by the matrix M, and P =
p q
is unimodular. Then the equivalent form f 0 is represented by M 0 =
r s
P> MP; we have
f 0 (x, y) = f (px + qy, rx + sy).
So, for example, the quadratic forms x2 + y2 and
(3x + 4y)2 + (2x + 3y)2 = 13x2 + 36xy + 25y2
are equivalent; they have the same discriminant (namely 4) and represent the
same integers (namely, the positive integers whose squarefree part has no prime
divisor congruent to 3 mod 4).
2
2
0
>
Remark

 Let M represent f (x, y) = ax + bxy + cy . If M = P MP, where P =
p q
, then M 0 represents a0 x2 + b0 xy + c0 y2 , where a0 = f (p, r), c0 = f (q, s),
r s
and
 
q
0
b = ( p r)M
.
s

106

CHAPTER 10. QUADRATIC FORMS

Remark Equivalent forms have the same discriminant. But the converse is not
true. The forms x2 + 6y2 and 2x2 + 3y2 have the same discriminant (namely, 24),
and are both positive definite; but the first represents the integer 1, while the second obviously does not. So they are not equivalent.

10.3

Positive definite forms

To understand an equivalence relation, a common strategy is to pick one element

out of each equivalence class to use as a representative. (Such a representative is
often called a canonical form.) We now do this for positive definite quadratic
forms:
we define reduced forms, and give a simple test for recognising them;
we give an algorithm for finding the unique reduced form equivalent to a
given form;
we show that there are only a finite number of equivalence classes of positive definite forms with given discriminant.
This gives us a fairly satisfactory classification of positive definite forms.
Definition Let f (x, y) = ax2 + bxy + cy2 be a positive definite quadratic form (so
that b2 4ac < 0, a > 0, c > 0). We say that f is reduced if either
c > a, a < b a; or
c = a, 0 b a.
We are going to show that any positive definite quadratic form is equivalent
to a unique reduced form. This requires two steps: first we show that there is
a reduced form equivalent to any given form; then we show that if two reduced
forms are equivalent then they are equal.
We begin with a simple observation.
Proposition 10.6 let f = ax2 + be a reduced positive definite form. Then a is
the smallest positive integer represented by f .
Proof The form f = ax2 + bxy + cy2 does represent the integer a (just put (x, y) =
(1, 0)). So it suffices to assume that f is reduced (so that, in particular, |b| a c),
and that ax2 + bxy + cy2 < a for some integers x, y (not both zero), and derive a
contradiction.
We divide into four cases, and reach a contradiction in each case.

10.3. POSITIVE DEFINITE FORMS

107

If y = 0, then a > ax2 a (since x2 1).

If x = 0, then a > cy2 c a (since y2 1).
If x, y 6= 0 and |x| |y|, then |bxy| cy2 (since |b| c), and a > ax2 + bxy +
cy2 ax2 a.
If x, y 6= 0 and |y| |x|, then |bxy| ax2 , and a > ax2 + bxy + cy2 cy2
c a.
First we look at a particular kind of equivalence. The matrix


0 1
P=
1 k
is unimodular. Our calculations above show that if f (x, y) = ax2 + bxy + cy2 is
represented by M, then the equivalent form represented by P> MP is
f (y, ky x) = cx2 (b + 2k)xy + (a + bk + ck2 )y2 .
We call this the right neighbour of f via k. This is a formula to which we shall
return very often! Note that the right neighbour of f via 0 is cx2 bxy + ay2 .
Any right neighbour of a form + cy2 looks like cx2 + . Note also that the
coefficient of y2 in the right neighbour of f by k is f (1, k).
Theorem 10.7 Any positive definite quadratic form is equivalent to a reduced
form.
Proof We will see that the method of proof gives us a construction for finding
the reduced form equivalent to a given positive definite form.
Let our form be
f0 = a0 x2 + b0 xy + a1 y2 .
(You will see in a minute why we write it this way.)
Define q and b1 by b0 = 2a1 q b1 , with a1 < b1 a1 . (In other words,
divide b0 by 2a1 , so that the remainder is between a1 and a1 .)
Now take the right neighbouring form by q. This form is
f1 = a1 x2 (b0 2a1 q)xy + (a0 b0 q + a1 q2 )y2 = a1 x2 + b1 xy + a2 y2 ,
where a2 = f0 (1, q) = a0 b0 q + a1 q2 .
If a2 a1 , then stop; otherwise repeat to obtain
f2 = a2 x2 + b2 xy + a3 y2 ,

108

CHAPTER 10. QUADRATIC FORMS

with a2 < b2 a2 . Continue the process, obtaining forms an x2 + bn xy + an+1 y2

for n = 1, 2, . . .; stop when an+1 an .
We have a1 > a2 > a3 > , and this sequence cannot continue for ever since
ai > 0. When it terminates we have a form
fn = an x2 + bn xy + an+1 y2 ,
with an < bn an and an an+1 .
This form is reduced unless an+1 = an and bn < 0; in this case take the right
neighbour by 0 to change the sign of bn .
Example Find a reduced form equivalent to the positive definite form 31x2 +
22xy + 4y2 .
First we put 22 = 8q b1 with 4 < b1 4. The solution is q = 3, b1 = 2, and
f1 = 42 + 2xy + a2 y2 , where a2 = 31 22 3 + 4 9 = 1, that is, f1 = 4x2 + 2xy + y2 .
Now we put 2 = 2q b2 with 1 < b2 1, with solution q = 1, b2 = 0. We
get f2 = x2 + (4 2 + 1)y2 = x2 + 3y2 , which is reduced.
Theorem 10.8 If the two reduced positive definite forms f = ax2 + bxy + cy2 and
g = a0 x2 + b0 xy + c0 y2 are equivalent, then they are equal: a = a0 , b = b0 , c = c0 .
The proof of this theorem is a calculation which we omit. Note that the fact
that a = a0 follows from Proposition 10.6.
Now the theorem gives us an important conclusion. We have seen that equivalent forms have the same discriminant but that the converse is false. But the
following holds:
Theorem 10.9 There are only finitely many equivalence classes of positive definite forms with given discriminant.
Proof Since there is a unique reduced form in any given equivalence class, it is
enough to show that there are only finitely many reduced forms with any given
discriminant.
Let f = ax2 + bxy + cy2 be a reduced form, so that c a |b|, and
d = b2 + 4ac 3ac 3c.
So we have
a b a c |d|/3,
and for given d there are only finitely many choices of (a, b, c).

10.4. INDEFINITE QUADRATIC FORMS

109

Example Discriminant 11. We have b2 ac 11/3 < 4, so b = 1, 0 or 1.

But b2 4ac is odd, so b = 1. Now 4ac = 12 so ac = 3. Now a c, so a = 1,
c = 3, and 1 < b 1 gives b = 1. So the unique reduced form is x2 + xy + 3y2 .
This means that all positive definite forms with discriminant 11 are equivalent.
Example Discriminant 12. We have b2 ac 12/3 = 4, and b is even, so
b = 2, 0 or 2.
If b = 2 then b2 4ac = 12 gives ac = 4, and a < b a c gives
b = a = c = 2.
If b = 0, then b2 4ac = 12 gives ac = 3; and 0 < a c gives a = 1, c = 3.
Thus there are two reduced forms of discriminant 12, namely 2x2 + 2xy + 2y2
and x2 + 3y2 , and hence two equivalence classes of such forms. Note that the
first form represents only even numbers while the second represents both even
and odd numbers. So the form 31x2 + 22xy + 4y2 , which is positive definite with
discriminant 12, is equivalent to the second of these (since f (1, 0) = 43). This
agrees with our calculation in the earlier example.
In general, if we know all the reduced forms of discriminant d, and are given
an arbitrary form with this discriminant, we can decide which reduced form it is
equivalent to, by simply applying the method of Theorem 10.7.
The second part of the program, having classified forms up to equivalence,
is to decide which integers are represented by any given reduced form. But this
would take more time than we can afford!

10.4

Indefinite quadratic forms

Things work rather differently for indefinite quadratic forms. Recall that f (x, y) =
ax2 +bxy+cy2 is indefinite if its discriminant b2 4ac is positive. Such a quadratic
form may factorise over the integers: for example, 5x2 + 12xy + 7y2 = (5x +
7y)(x + y); we exclude these forms from our consideration. In particular, this
implies that a and c are non-zero (if c = 0, then f (x, y) = x(ax + by), and if a = 0,
then f (x, y) = y(bx + cy)).
We will see that the theory of indefinite forms is more difficult than that of
positive definite forms, but links up with the theory of continued fractions for
quadratic irrationals. Recall that a quadratic irrational s is said to be reduced if
s > 1 and 1 < s0 < 0, where s0 is the algebraic conjugate of s. Recall also that
an irrational number has purely periodic continued fraction if and only if it is a
reduced quadratic irrational.
One conclusions are:

110

CHAPTER 10. QUADRATIC FORMS

we give a definition of reduced forms, more complicated than in the positive

definite case, and show that every form is equivalent to a reduced form;
we show that the number of reduced forms in a given equivalence class is
the least common multiple of 2 and k, where k is the period of the continued
fraction of a certain quadratic irrational associated with the form;
we show that there are only finitely many reduced forms of any given discriminant.
This is not as satisfactory as for positive definite forms, since we do not have a
unique reduced form in each equivalence class.
Consider the equation f (x, y) = 0. Putting y = 1, we have
ax2 + bx + c = 0,
so that

b d
x=
.
2a
Note that d is not a square (if it was, the quadratic would have rational roots, and
f would factorise), and the two solutions are conjugate quadratic irrationals. We
call the root t with the + sign the first
root of f . For technical reasons we need a
related quadratic irrational: s = |b + d/2c|.
Proposition 10.10 Let s and t be defined as above. Then s = 1/|t|.
Proof

1
2a
2a(b + d)
b+ d
=
=
=
t
d b2
2c
d b
since d = b2 4ac. Taking the modulus gives the result.

Recall that we said a quadratic irrational s is reduced if s > 1 and 1 < s0 < 0,
where s0 is the algebraic conjugate of s. If s is reduced and u = 1/s, then u is also
a quadratic irrational and satisfies u > 1 and 1 < u0 < 0; so u is also reduced. It
follows from Proposition 10.10 that, if s is reduced, then so is either t or t.
2
2
We
say that the indefinite quadratic form ax + bxy + cy is reduced if s =
|(b + d)/2c| is a reduced quadratic irrational, where d is the discriminant. (Note
that this is quite different from the definition we used in the positive definite case!)
Proposition 10.11 (a) If the indefinite quadratic
form f (x, y) = ax2
+bxy+cy2
with discriminant d is reduced, then 0 < b < d and 0 < |c| < d.

10.4. INDEFINITE QUADRATIC FORMS

111

(b) There are only finitely many reduced indefinite quadratic forms of given
discriminant d.
Proof (a) We have



 b + d  b + d


s=
,
=
 c 
2c

where = 1 and d b2 = 4ac is divisible by 2c. Assume that c > 0 (so that
c = |c|); the case c < 0 is similar, and we cannot have c = 0 since then f would
factorise. Assuming that s is reduced, we have

s > 0, so b + d > 2|c|;

0 > s0 > 1, so 0 > b d > 2|c|.

It follows that b > 0, and

then
the
second
inequality
gives
b
<
d. Subtracting

the inequalities gives 2 d > 2|c|.

(b) There are only finitely many values for b and c, by (a); and a is determined
by b and c, since a = (b2 d)/4c.

Example Find all the reduced forms of discriminant
13.
2
We have b 4ac = 13, so b is odd, and 0 < b < 13, so b = 1 or b = 3. Also,
3 c 3.
If b = 1, then 1 4ac = 13, so ac = 3, and c = 1 or 3. But then

1 13
1 + 13
0
> 1,
1 < s =
< 0,
s=
2|c|
2|c|

giving 1 + 13 < 2|c| < 1 + 13. The only even number in this range is 4, so
|c| = 2, and we have a contradiction.
If b = 3, then 9 4ac = 13, so ac = 1, and so c = 1, a = c. So the
possible forms are
f (x, y) = x2 + 3xy y2 ,
g(x, y) = x2 + 3xy + y2 .

Since s = (3 + 13)/2 is a reduced quadratic irrational, both of these quadratic

forms really are reduced.
In this case, we see that the right neighbour of f by 3 is
f (y, 3y x) = y2 + 3y(3y x) (3y x)2 = y2 + 3xy x2 = g(x, y),
so the forms f and g are equivalent. (Remember that for positive definite forms,
no two reduced forms are equivalent.)

112

CHAPTER 10. QUADRATIC FORMS

We are going to decide when it happens that two reduced forms are equivalent.
First we have to look more closely at reduced forms.
Let f (x, y) = ax2 + bxy + cy2 have discriminant d = b2
4ac > 0, where d is
not a square. We defined the first root of f to be t = (b + d)/2a, a root of the
quadratic ax2 + bx + c = 0.
Proposition 10.12 Let f (x, y) = ax2 + bxy + cy2 be an indefinite form with discriminant d > 0 (d a non-square) with first root t. Then
(a) f is reduced if and only if 1/|t| is a reduced quadratic irrational;
(b) if g is the right neighbour of f by k, then g has first root k 1/t.
Proof (a) Immediate from the definition and Proposition 10.10.
(b) The right neighbour of f by k is
g(x, y) = cx2 (b + 2ck)xy + ( f (1, k))y2 ,
with first root

b + 2ck + d
b+ d
= k+
= k 1/t
2c
2c


by (a).
(Note that f and g, being equivalent, have equal discriminants.)

Now we give an algorithm to show that any indefinite form with non-square
discriminant is equivalent to a reduced form.
We start with such a form, say f0 (x, y) = a0 x2 + b0 xy + c0 y2 .
Suppose that we have constructed fi (x, y) = ai x2 + bi xy + ci y2 . If i = 0, or if
|ai | > |ci |, then we write bi = (2ci )qi bi+1 , where |ci | < bi+1 |ci |. Let fi+1
be the right neighbour of fi by qi . Then
fi+1 = ci x2 (bi 2ci qi )xy + (ai bi qi + ci q2i )y2 = ai+1 x2 + bi+1 xy + ci+1 y2 .
If i > 0 and |ai | |ci |, then put i = n + 1 and stop.
Now
return tofn , the penultimate form in the sequence. Put bn = (2cn )q b,
where d > b > d 2|cn |. Let g be the right neighbour of fn by q.
Proposition 10.13

(a) The above algorithm terminates.

(b) The form g is reduced and equivalent to f .

Proof (a) We have ai = ci1 and bi = ri1 . So if the algorithm fails to terminate
we would have
|a1 | > |c1 | = |a2 | > |c2 | = . . . ,
which is impossible.
(b) A fairly long calculation shows that g is reduced. It is clearly equivalent to
f.


10.4. INDEFINITE QUADRATIC FORMS

113

Example Let f (x, y) = 3x2 + 7xy + 3y2 , with discriminant 72 4 9 = 13. We

have a0 = 3, b0 = 7, c0 = 3.
FIrst we put 7 = 6q0 b1 , with 3 < b1 3, giving q0 = 1 and b1 = 1. The
right neighbour of f by 1 is 3x2 xy y2 .
Next we solve 1 = 2q1 b2 , with 1 < b2 1, giving q2 = 0, b2 = 1. The
right neighbour of f1 by 0 is x2 + xy + y2 , and now |c2 | = |a3 | = 3 > |a2 | = 1, so
we stop.

2 xy y2 , and solve 1 = 2q b with

We
return
to
f
=
3x
13 > b >
1

13 2, giving q = 1, b = 3. The right neighbour of f1 by +1 is

g(x, y) = x2 + 3xy + y2 ,
which is reduced according to the proof of the Proposition. Indeed this is one of
the two reduced forms of discriminant 13 we found earlier.
Now what is the connection with continued fractions?
We have associated a quadratic irrational t with each indefinite form f , namely
the first root of f . Now t has a continued fraction expansion (which is ultimately
periodic, as we saw). Indeed, if f is reduced, then either t or t is a reduced
quadratic irrational, and so has purely periodic continued fraction.
Proposition 10.14 Let f (x, y) = ax2 + xy + cy2 be a reduced indefinite quadratic
form with first root t, and let |t| = t (with = 1). Let
1
= [a0 ; a1 , a2 , . . .].
|t|
Then
(a) If g is the right neighbour of f by a0 , and g has first root T , then g is
reduced, |T | = T , and
1
= [a1 ; a2 , . . .].
|T |
(b) g is the only right neighbour of f which is reduced.
Proof (a) We have
T = a0 1/t
= (a0 1/|t|)
= (a0 [a0 ; a1 , a2 , . . .])
1
=
[a1 ; a2 , . . .]

114

CHAPTER 10. QUADRATIC FORMS

since [a0 ; a1 , a2 , . . .] = a0 + 1/[a1 ; a2 , . . .].Hence T = |T | and

1
= [a1 ; a2 , . . .].
|T |
Since f is reduced, 1/|t| is reduced, so [a0 ; a, a2 , . . .] is purely periodic. So
[a1 ; a2 , . . .] is periodic (we have just moved one place along in the period), so
1/|T | is reduced, whence g is reduced.
(b) A calculation, which we omit.

Now any reduced indefinite form f has associated with it a sign = 1 (where
|t| = t), and a purely periodic continued fraction
1/|t| = [a0 ; a1 , a2 , . . . , ak1 ]
of period k, say. We construct a chain in which one step is to take the right neighbour by a0 . This has the effect of changing the sign of and shifting the continued fraction one place along:
7 ,

[a0 ; a1 , a2 , . . . , ak1 ] 7 [a1 ; a2 , . . . , ak1 , a0 ].

How many steps does it take to return to our starting point? After k steps,
the continued fraction has cycled right around and returned to its starting value,
but has been multiplied by (1)k . If k is even, then everything is the same as
when we started out; but if k is odd, then the sign of has changed, and we have
to go round the cycle one more time to reach our starting point. So the number
of steps we take to return is k if k is even, or 2k if k is odd. This can be written
more succinctly as lcm(2, k). This explains why the number of reduced forms in
an equivalence class is lcm(2, k).
Note that, even if the period of the continued fraction is 1, we still need two
steps. So each equivalence class contains at least two reduced forms (unlike the
positive definite case where there was a unique reduced form in each class).
Example Consider the form x2 + 3xy y2 , with discriminant 13. We have seen
that there are only two reduced forms of discriminant 13, so they must be equivalent. But even without knowing this, we could find another form equivalent to f ,
using the method of proof
of the last propositon.
We have t = (3 + 13)/2, so

1
2
3 + 13
=
=
> 0,
t
2
3 + 13

10.4. INDEFINITE QUADRATIC FORMS

115

so = +1. The continued fraction of 1/t is given by

$
%
3 + 13
2
1
a0 =
= ,
= 3,
y1 =
2
13 3 t
so the continued fraction is [3; 3, . . .].
The right neighbour of f by 3 is x2 + 3xy + y2 (which, as we have seen, is
the other
reduced form ofdiscriminant 13). The first root of this form is T =
(3 + 13)/(2) = (3 13)/2, which is negative; and T = t, asit should be.
The continued fraction of 1/T is the same as that of 1/t, namely [3; 3, . . .].
If we continue the method of the Proposition, we take the right neighbour of
g by 3, which is x2 + 3xy y2 , that is, f . So the sequence of reduced forms is
f , g, f , g, . . ..
So we finally come to the description of all the reduced forms equivalent to a
given one:
Theorem 10.15 Let f (x, y) be an indefinite reduced form with discriminant d and
first root t, where |t| = t. Suppose that
1
= [a0 ; a1 , . . . , ak1 ],
|t|
where k is even. (That is, if the period of 1/|t| is even, we take one period; if the
period is odd, we take two periods.)
Let f0 = f and for i = 1, 2, . . . let fi e the right neighbour of fi1 by (1)i1 ai1 .
Then f0 , f1 , . . . , fk1 are all the reduced forms equivalent to f , and fk = f .
We call the sequence ( f0 , f1 , . . . , fk1 ) the chain of reduced forms equivalent
to f . We see that every reduced form equivalent to f is contained in the chain
beginning at f . Note that k is either the period of the continued fraction of 1/|t|
or twice this period, where t is the first root of f , and the first root of fi is the
reciprocal of (1)i [ai ; ai+1 , . . . , ai1 ].
We forego a detailed proof of the Theorem, and conclude with two examples.
Example Find all the reduced quadratic forms of discriminant 17, and partition
them into equivalence classes (that is, chains).

2 bxy + cy2 of discriminant 17 has 0 < b < 17, 0 < |c| <
A reduced form ax +
17, and b odd (since b2 4ac = 17). So b = 1 or b = 3.
If
b = 1, we have
4ac = 16, so ac = 4; thus c = 1, 2 or 4. Now
|(b + d)/2c| = (1 + 17)/2|c| is a reduced quadratic irrational, so

1 + 17 > 2|c|,
1 17 > 2|c|,

116

CHAPTER 10. QUADRATIC FORMS

giving |c| = 2, c = 2. So we get two forms:

2x2 + xy 2y2 and 2x2 + xy + 2y2 .
If b = 3, we have 4ac = 8, so ac = 2, giving c = 1 or 2. This gives four
further forms,
x2 + 3xy 2y2 , x2 + 3xy + 2y2 , 2x2 + 3xy y2 , 2x2 + 3xy + y2 ,
all of which can be checked to be reduced. So there are six reduced forms in all.
The chains have even length, though we dont yet know how many there are
or what their lengths are.

2
2
Take f0 = 2x + xy 2y . Its first root is t = (1 + 17)/4, with 1/t = (1 +
17)/4 > 0. Find the continued fraction of 1/t:

 
17 + 3
1
4
a0 =
= 1,
y1 =
=
t
2
17 3

17 + 3
2
=
a1 = by1 c = 3,
y2 =
4
17 3
4
1
a2 = by2 c = 1,
y3 =
= .
17 1 t
So

1
= [1; 3, 1] = [1; 3, 1, 1, 3, 1].
t
We see that the chain contains six forms, so that the six reduced forms we found
are all equivalent and form a single chain.
You should check for yourself that the procedure of taking successive right
neighbours of f does indeed produce all six reduced forms.
Example Do the same for discriminant 12.

form ax2 + bxy + cy2 of discriminant 12 has 0 < b < 12, 0 < |c| <
A reduced
12, and b2 4ac = 12, so b is even. We must have b = 2. Then 4ac = 8, so
ac = 2, and there are just four forms,
x2 + 2xy 2y2 , x2 + 2xy + 2y2 , 2x2 + 2xy y2 , 2x2 + 2xy + y2 .
All are reduced.
Since the only possible first neighbour of the first form is the last, and vice
versa (since a right neighbour of + cy2 is cx2 + ), we see that there must
be two chains each containing two forms; so there are two equivalence classes of
forms of discriminant 12.
You should calculate the first roots of these forms and the appropriate continued fractions to check out this conclusion!

10.4. INDEFINITE QUADRATIC FORMS

117

Exercises
10.1 Suppose that f (x, y) = ax2 + bxy + cy2 is an indefinite quadratic form: that
is, it takes both positive and negative values for suitable integers x and y.
(a) Show that there are real numbers u and v, not both zero, such that f (u, v) = 0.
(b) Do there necessarily exist integers u and v, not both zero, such that f (u, v) = 0?
10.2 For each of the following quadratic forms, say whether it is positive definite,
negative definite, or indefinite:
(a) 5x2 + 12xy + 7y2
(b) 13x2 + 36xy + 25y2 .
10.3 Find the continued fraction expansions associated with the four reduced
quadratic forms of discriminant 12, and verify that there are two equivalence
classes of such forms.
10.4 Find all reduced positive definite quadratic forms with discriminant 15.
10.5 Find a reduced quadratic form equivalent to the form 76x2 + 249xy + 204y2 .
10.6 Find all reduced quadratic forms with discriminant 5, and classify them into
chains.
10.7 Find all reduced quadratic forms equivalent to the form 19x2 + 29xy + 11y2 .
10.8 Suppose that the prime p > 3 is represented by the quadratic form x2 xy +
y2 : say u2 uv + v2 = p, where u, v Z.
(a) Show that p does not divide either u or v.
(b) Show that u3 v3 mod p but u 6 v mod p.
(c) Show that uv1 has order 6 in Z p .
(d) Deduce that p 1 mod 6.

118

CHAPTER 10. QUADRATIC FORMS

Chapter 11
Revision problems and solutions
11.1
1

Problems

(a) Find gcd(131, 52) and express it in the form 131x + 52y for integers x, y.
(b) Does 52 have an inverse mod 131? If so, what is it? If not, why not?
(c) State the Chinese Remainder Theorem.
(d) Use your result to part (a) to find an explicit formula for the solution to the
two simultaneous congruences
x a mod 131,
x b mod 52,
in terms of a and b.
(e) True or false? 52130 1 mod 131. Give reasons for your answer.

(a) Express

131
as a continued fraction.
52

(b) Is this expression unique? If so, why? If not, give another expression.
(c) Define Eulers square bracket function [a0 , a1 , . . . , an ], and prove that
gcd([a0 , a1 , . . . , an ], [a0 , a1 , . . . , an1 ]) = 1.
(d) Let xn = [2, 2, 2, . . . , 2], with n terms in the bracket. Show that
x0 = 1,

x1 = 2,

xn = 2xn1 + xn2 for n 2,

and find limn xn+1 /xn .

119

120
3

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

(a) What is an algebraic number? What is an algebraic integer?

(b) Which of the following are algebraic numbers and/or algebraic integers?

3
(i) 273,
(ii) (3 + 5)/2,
(iii) 3 + 1,
(iv)
You should prove any positive assertions but are not required to prove negative assertions. Standard results may be used if clearly stated.
(c) What does it mean to say that a real number y is approximable to order n?
State a theorem about the approximability of algebraic numbers.
4

(a) Let a0 , a1 , a2 , . . . be integers, with an > 0 for n > 0. Let cn be the continued fraction [a0 ; a1 , a2 , . . . , an ]. State a theorem about the ordering of the
numbers cn . Do they have a limit as n ?
(b) Define the infinite continued fraction [a0 ; a1 , a2 , . . .].
(c) Which numbers have a representation as infinite continued fractions? Is the
representation unique? (Proof not required.)

(d) Find a continued fraction for 7.

(a) Prove that the value of a periodic continued fraction is a quadratic irrational. (You should define this term.)
(b) Is the converse true? (No proof required.)
(c) What is meant by saying that a quadratic irrational is reduced? Give a
characterisation of the continued fractions of reduced quadratic irrationals.
(d)
Show that any quadratic irrational can be written in the form y = (P +
D)/Q, where P and Q are integers, and D is a positive integer which is
not a square, such
D P2 . Show further that, if y is reduced,
that Q divides
then 0 < P < D and 0 < Q < 2 D.

11.1. PROBLEMS
6

(a) You are given that

121

19 = [4; 2, 1, 3, 1, 2, 8].

Explain how to find all solutions of the equation x2 19y2 = 1, and

find the smallest solution of this equation.
Can 19 be written as a sum of two squares? Why or why not?

(b) You are given that 29 = [5; 2, 1, 1, 2, 10].

Explain Legendres method for expressing 29 as the sum of two squares.
By carrying out the appropriate steps to find the continued fraction,
find an expression for 29 as the sum of two squares.
7

(a) Define Eulers totient function (n).

(b) From the definition, calculate (20).
(c) Prove that, if p is prime and a > 1, then (pa ) = pa1 (p 1).
(d) Find all positive integers n such that (n) = 2. State carefully any result
you need in your argument.
(e) What is a primitive root of a prime p? How many primitive roots of p are
there? (Proof not required.)
(f) Find a primitive root of 13.

8 Let p be an odd prime.

(a) Define the terms quadratic
residue, quadratic non-residue mod p, and the
 
a
.
Legendre symbol
p
(b) Show that there are equally many (namely (p 1)/2) quadratic residues
and non-residues among the set {1, 2, . . . , p 1}. (You may assume the
existence of a primitive root of p.)
(c) Calculate the following Legendre symbols, explaining carefully the results
you use in your argument:
 
 
 
8
39
24
(i)
, (ii)
, (iii)
.
11
23
41
(d) Show that, if p does not divide a, then

a(p1)/2

 
a
mod p.

122

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

9 Let p be a prime congruent to 1 mod 4.

2
(a) Show that there are positiveintegers
 x and r, with r < p, such that x + 1 =
1
= +1.)
rp. (You may assume that
p

(b) Show that, if rp = x2 + y2 and 1 < r < p, then there exists a positive integer
s < r and integers u, v such that sp = u2 + v2 .
(c) Deduce that p is the sum of two squares.
(d) Outline a proof, using the above fact, that if n is an integer whose squarefree
part has no prime factors congruent to 3 mod 4, then n is the sum of two
squares.
10

(a) Explain what is meant by a quadratic form over Z in two variables x

and y. What is meant by saying that the quadratic form f (x, y) represents
the integer n?

(b) What is meant by saying that a quadratic form is (i) positive definite, (ii)
negative definite, (iii) indefinite.
(c) For each of the quadratic forms below, state (with reasons) whether it is
positive definite, negative definite or indefinite:
(i) 7x2 + xy + y2 ,
(ii) 3x2 2xy 8y2 .
(d) What is meant by saying that two quadratic forms are equivalent? Show
that equivalent forms represent the same integers.
(e) Find the reduced form equivalent to 7x2 + xy + y2 .

11.2

Solutions

Extra comments or alternative answers are given in [square brackets].

1 (a)
131
52
27
25
2

=
=
=
=
=

2 52 + 27
1 27 + 25
1 25 + 2
12 2 + 1
21

11.2. SOLUTIONS

123

So gcd(131, 52) = 1.
1 =
=
=
=

25 12 2
25 12(27 25) = 13 25 12 27
13 (52 27) 12 27 = 13 52 25 27
13 52 25 (131 2 52) = 63 52 25 131

So x = 25, y = 63.
(b) Yes. We have 63 52 1 mod 131, so the inverse of 52 mod 131 is 63.
(c) If gcd(m, n) = 1, then for any integers a, b, the simultaneous congruences
x a mod m,

x b mod n

have a solution, which is unique mod mn.

(d) We have 63 52 1 mod 131, 63 52 0 mod 52, and
25 131 0 mod 131, 25 131 1 mod 52.
So the congruences have a solution
x = 63 52 a 25 131 b,
and the general solution is the congruence class [x]52131 , that is, all integers congruent to x mod 52 131.
(e) True: 131 is prime, so this follows from Fermats Little Theorem. (If p is
prime and p does not divide a, then a p1 1 mod p.)
2 (a) From the application of Euclids algorithm in the preceding part, we see
131
that
= [2; 1, 1, 12, 2]. In more detail:
52
2
= 2
1
25
1
1
= 12 +
= 12 +
2
1/2
2
27
1
1
= 1+
= 1+
1
25
25/2
12 +
2
52
1
1
= 1+
= 1+
1
27
27/25
1+
1
12 +
2
131
1
1
= 2+
= 2+
1
52
52/27
1+
1
1+
1
12 +
2

124

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

1
(b) It is not unique; it can also be written as [2; 1, 1, 12, 1, 1], since 2 = 1 + .
1
[In fact these are the only possible representations.]
(c) We define the function by induction:
[] = 1
[a0 ] = a0
[a0 , a1 , . . . , an ] = a0 [a1 , . . . , an ] + [a2 , . . . , an ]
for n 1.
[If you dont like empty brackets you can start the induction one place later,
by saying [a0 ] = a0 , [a0 , a1 ] = a0 a1 + 1.]
We prove the assertion about gcd by induction on n. For n = 0, we have
gcd([a0 ], [ ]) = gcd(a0 , 1) = 1. [Again if you prefer you can start the induction
at n = 1: gcd([a0 , a1 ], [a0 ]) = gcd(a0 a1 + 1, a0 ) = 1.] Assuming the result for n,
put x = [a0 , . . . , an ] and y = [a0 , . . . , an1 ]. Then gcd(x, y) = 1 by the induction
hypothesis. Using the fact that we can expand the bracket function from the back
as well as from the front, we get
gcd([a0 , . . . , an+1 ], [a0 , . . . , an ]) = gcd(an+1 x + y, x) = gcd(y, x) = 1.
(d) Clearly x0 = [ ] = 1 and x1 = [2] = 2. By (c), xn = 2xn1 + xn2 .
We try a solution of the recurrence relation of the form xn = n . This satisfies
n
n1 + n2 for all n, which holds if 2 2 1 = 0, or
the relation
if = 2
= 1 2. Since the recurrence is linear, the general solution is

xn = a(1 + 2)n + b(1 2)n .

The values
can be found from the initial values: we have a + b
= 1,
a and b
a(1
+
2)
+
b(1

2)
=
2.
Clearly
a
=
6
0,
and
it
follows
(since
1
+
2 > |1

2|) that limn xn+1 /xn = 1 + 2.

[The fractions xn+1 /xn are the convergents to the
continued fraction [2; 2, 2, . . .] =
[2;]; so the value of this
continued fraction is 1 + 2, as you can easily establish
directly. Note that 1 + 2 is a reduced quadratic irrational.]
3 (a) An algebraic number u is a complex number which satisfies an equation
of the form an un + an1 un1 + + a0 = 0, where an , an1 , . . . , a0 are integers,
not all zero. An algebraic integer satisfies an equation of the above form where
an , . . . , a0 are integers and an = 1.
[It is also correct to say an algebraic number u is a complex number which
satisfies an equation of the form an un + an1 un1 + + a0 = 0, where an , . . . , a0
are rational numbers and an = 0.]

11.2. SOLUTIONS

125

(b) We use Gausss Lemma: u is an algebraic integer if and only if its minimal polynomial (the monic polynomial of least degree satisfied by u) has integer
coefficients.
(i) u = 273 satisfies u+273 = 0, so its an algebraic integer (and an algebraic
number).

(ii) Let u = (3 + 5)/2. Then u2 = (7 + 3 5)/2 = 3 1, so u2 3u + 1 = 0.

So its an algebraic
integer (and an algebraic number).
(iii) Let u = 3 3 + 1. Then (u 1)3 = 3, so u3 3u2 + 3u 4 = 0. So its an
algebraic integer (and an algebraic number).
(iv) is known to be transcendental (i.e. satisfies no polynomial equation
with rational coefficients). So it is not an algebraic number (and not an algebraic
integer).
[You may instead quote the known results
that an integer is an algebraic integer, and that a quadratic irrational a + b d (with d squarefree) is an algebraic
integer if and only if either a, b are integers, or d 1 mod 4 and a 21 , b 12 are
integers.]
(c) The real number y is approximable to order n if there are infinitely many
rational numbers p/q such that |y p/q| < c/qn , for some constant c.
The theorem of Liouville says that, if y is an algebraic number whose minimal
polynomial has degree n, then y is not approximable to any order greater than n.
4 (a) The ordering of the convergents cn is
c0 < c2 < c4 < < c5 < c3 < c1 .
The sequence of convergents cn does tend to a limit as n .
[It is not asked why, but this follows immediately from this ordering and the
fact that |cn+1 cn | = 1/qn qn+1 0 as n .]
(b) The infinite continued fraction [a0 ; a1 , a2 , . . .] is defined to be the limit of
the continued fractions in (a).
(c) Theorem: Every irrational real number has a unique representation as an
infinite continued fraction.

(d) Let y0 = 7. We carry out the standard algorithm to find the continued
fraction: successively put an = byn c and yn+1 = 1/(yn an ).

1
7+2
a0 = by0 c = 2,
y1 =
=
,
3
72

3
7+1
a1 = by1 c = 1,
y2 =
=
,
2
71

2
7+1
a2 = by2 c = 1,
y3 =
=
,
3
71

126

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

a3 = by3 c = 1,
a4 = by4 c = 4,

3
y4 =
= 7+2
72
1
y5 =
= y1 .
72

So the continued fraction repeats:

7 = [2; 1, 1, 1, 4, 1, 1, 1, 4, 1, 1, 1, 4, . . .] = [2; 1, 1, 1, 4].

5 (a) A quadratic irrational is a number of the form a + b d, where a and b are

rational, b 6= 0, and d is squarefree.
We first show that the value of a purely periodic continued fraction is a quadratic
irrational. Let y be a real number whose continued fraction is purely periodic; say
y = [a0 ; a1 , . . . , ak1 ] = [a0 ; a1 , . . . , ak1 , a0 , a1 , . . .].
Then
y = [a0 ; a1 , . . . , ak1 , y]
[a0 , a1 , . . . , ak1 , y]
=
[a1 , . . . , ak1 , y]
Ay + B
=
,
Cy + D
where A = [a0 , . . . , ak1 ], B = [a0 , . . . , ak2 ], C = [a1 , . . . , ak1 ], D = [a1 , . . . , ak2 ].
So Cy2 + (D A)y B = 0. The solution to this quadratic equation is a quadratic
irrational.
Now suppose that y is periodic but not purely periodic, say
y = [a0 ; a1 , . . . , ak1 , b0 , . . . , bl1 ].
Let u = [b0 ; b1 , . . . , bl1 ]. Then u is a quadratic irrational; and
y = [a0 ; a1 , . . . , ak1 , u]
[a0 , . . . , ak1 , u]
=
[a1 , . . . , ak1 , u]
Pu + Q
=
Ru + S
as above. Hence y is a quadratic irrational too.
(b) The converse is almost true (values of continued fractions are real!) Any
real quadratic irrational is the value of a periodic continued fraction.

11.2. SOLUTIONS

127

(c) A quadratic irrational u is reduced ifu > 1 and 1 < u0< 0, where u0 is
the algebraic conjugate of u (so, if u = a + b d, then u0 = a b d).
A quadratic irrational is reduced if and only if it is the value of a purely periodic continued fraction.
(d) This part is Lemma 5.3 from the lecture notes: I have copied it out here.

We know that y = a + b d where a and b are rationals and d is squarefree.

Suppose first that b is positive. Let q be the least common multiple of the denominators of a and b, and a = p/q, b = r/q. Then
p

p+r d
p + r2 d
pq + q2 r2 d
y=
=
=
.
q
q
q2
Put P = pq, Q = q2 , and D = q2 r2 d, and note that Q divides P2 D.
If u < 0, then write y in the specified form and then replace Q by Q.
Now suppose that y is reduced; recall that
this means y > 1 and 1 < y0 < 0,

where y0 is the conjugate of y (so y0 = (P D)/Q). Then

y > 0 > y0 , so (P + D)/Q > (P D)/Q. Hence Q > 0.

y > 1 > y0 , so (P + D)/Q > (P + D)/Q. Hence P > 0.

y0 < 0, so P D < 0. Hence P < D.

y > 1, so (P + D)/Q > 1. Hence Q < P + D < 2 D.

2
2
6 (a) We know that solutions to
x ny = 1 are given by x = pn , y = qn , where
pn /qn is the nth convergent to n, and n is one less than a multiple of the period
of the continued fraction.
So the smallest solution of x2 19y2 = 1 is given by

x = [4, 2, 1, 3, 1, 2] = 48 + 6 + 24 + 16 + 16 + 24 + 2 + 2 + 3 + 8 + 12 + 8 + 1 = 170,
y = [2, 1, 3, 1, 2] = 12 + 6 + 4 + 4 + 6 + 2 + 3 + 2 = 39.
[The question does not ask whether we have a solution to the equation with
the plus or minus sign. Now 1702 19 292 = +1 (either by direct calculation,
or noticing that it is congruent to 1 mod 10, or by using the fact that 1 is a nonsquare mod 19). This shows that the method gives only solutions to x2 19y2 =
+1.]
Since the period of the continued fraction is even, 19 cannot be written as the
sum of two squares. [You could also say: Since 19 3 mod 4, it cannot be written
as the sum of two squares.]

128

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

(b) The method involves expressing the quantity yk obtained at stage kof the
continued fraction, where k is half of one more than the period, in the form ( 29+
P)/Q; then P2 + Q2 = 29. Here are the calculations:

a0 = b 29c = 5,
a1 = by1 c = 2,
a2 = by2 c = 1,

1
29 + 5
y1 =
=
,
4
29 5

29 + 3
4
=
y2 =
,
5
29 3

29 + 2
5
.
y3 =
=
5
29 2

So 29 = 22 + 52 .
[You could just calculate P2 + Q2 at each stage obtaining 52 + 42 = 41, 32 +
52 = 34, 22 + 52 = 29: stop when the right value is obtained.]
7 (a) (n) is the number of members x of the set {0, 1, 2, . . . , n 1} which satisfy
gcd(x, n) = 1.
(b) We have to exclude all the even numbers, and the multiples of 5, leaving
{1, 3, 7, 9, 11, 13, 17, 19}; so (20) = 8.
(c) Of the pa numbers 0, 1, , . . . , pa , we have to exclude just the pa1 multiples
of p; so (pa ) = pa pa1 = pa1 (p 1).
(d) Can we have (pa ) = 2, where p is prime? From the expression above this
can happen only if either pa1 = 2, p 1 = 1 (so pa = 4) or pa1 = 1, p 1 = 2
(so pa = 3).
Now we use the fact that if n = pa11 par r , where p1 , . . . , pr are distinct primes,
then (n) = (p1a1 ) (par r ). So each prime power factor of n must have either
(pa ) = 2 (whence pa = 3 or 4), or (pa ) = 1 (whence clearly pa = 2). Since the
primes must be distinct, the only new value of n we obtain is 3 2 = 6.
So the values of n are 3, 4, and 6.
(e) A primitive root of p is an integer u such that every integer not divisible
by p is congruent to a power of u mod p. [You can say: an integer u such that the
order of u mod p is p 1.]
The number of primitive roots of p is (p 1).
(f) We have mod 13:
21 = 2, 22 = 4, 23 = 8, 24 = 3, 25 = 6, 26 = 12.
So the order of 2 mod 13 divides 12 (by Fermats little theorem) but is not 1, 2, 3,
4 or 6; so it must be 12, that is, 2 is a primitive root of 12.

11.2. SOLUTIONS

129

[You may if you wish continue calculating powers of 2,

27 = 11, 28 = 9, 29 = 5, 210 = 10, 211 = 7, 212 = 1,
at which point you can observe that all non-zero integers mod 13 have been obtained.]
8 (a) The integer a, not divisible by p, is a quadratic residue mod p if the congruence x2 a mod p has a solution;
  it is a quadratic non-residue mod p otherwise.
a
The Legendre symbol
is defined for integer a and odd prime p to be
p
  (0
if p divides a;
a
= +1 if a is a quadratic residue mod p;
p
1 if a is a quadratic non-residue mod p.
(b) Let u be a primitive root of p, an element whose order mod p is p 1.
Then all p 1 non-zero integers mod p are powers of u. Clearly the even powers
are quadratic residues and the odd powers are non-residues.
(c) (i)
   3  
8
2
2
=
=
= 1,
11
11
11
 
2
using the multiplicative property (Rule 1) and the fact that
is 1 if p 3
p
mod 8 (Rule 3).
(ii)
   
39
16
=
= +1,
23
23
   
b
a
=
if a and b are congruent mod p and the fact that
using the fact that
p
p
16 is clearly a square modulo any prime.
(iii)
        
24
2
3
41
2
=
=
=
= 1,
41
41
41
3
3
 
2
using the multiplicative property, the fact that 4 is a square, the value
= +1
p
if p 1 mod 8, and the law of quadratic reciprocity (Rule 4).
(d) Let u be a primitive root of p. Then u p1 1 mod p. So if x = u(p1)/2 ,
we have x2 1 mod p, so x 1 or x 1. The first is impossible since the order
of u is p 1. So u(p1)/2 1 mod p. Now, if a = uk , then
n
+1 if k is even,
a(p1)/2 = uk(p1)/2 (1)k =
1 if k is odd.

130

CHAPTER 11. REVISION PROBLEMS AND SOLUTIONS

But we saw that a is a residue or non-residue

according as it is an even or odd
 
a
power of u in part (b); so a(p1)/2
mod p.
p
9 (a) The given value of the Legendre symbol shows that there is a solution of
x2 1 mod p, that is, x2 + 1 is a multiple of p. Choosing x so that x < p (since
we can replace it by its remainder on dividing by p), we have rp = x2 + 1 <
(p 1)2 + 1 < p2 , so r < p.
(b) Choose a, b so that |a|, |b| < r/2 and a x, b y mod r. Then a2 + b2
0 mod r, so a2 + b2 = rs, with s < r. The two-squares identity gives

x2 + y2

rp rs = (x2 + y2 )(a2 + b2 ) = (xa yb)2 + (xb + ya)2 ,

and xa yb x2 + y2 0 mod r, xb + ya xy yx 0 mod r. Put xa yb = ru,
xb + ya = rv. Then
r2 sp = (ru)2 + (rv)2 ,
so sp = u2 + v2 .
(c) This process can be continued until we obtain p = x2 + y2 for some x, y,
since the multiple of p which is a sum of two squares cannot decrease for ever.
(d) If the squarefree part of n has no prime factor congruent to 3 mod 4, then
n = m2 p1 pr , where p1 , . . . , pr are primes congruent to 1 mod 4 or the prime
2. Each factor is the sum of two squares: m2 = m2 + 02 , 2 = 12 + 12 , and the
result for odd primes is (c) above. By the two-squares identity, n is the sum of two
squares.
10 (a) A quadratic form in x and y is an expression f (x, y) = ax2 + bxy + cy2 ,
where a, b, c are integers. We say that it represents the integer n if there are integer
values x and y such that f (x, y) = n.
(b) The form f is positive definite if f (x, y) > 0 for all integers x, y not both
zero; negative definite if f (x, y) < 0 for all integers x, y not both zero; and indefinite if it takes both positive and negative values.
(c) (i) This form can be written as (27/4)x2 + (x/2 + y)2 , so clearly its values
are 0. If it is zero, then x = (x/2 + y) = 0, so x = y = 0. So the form is positive
definite.
(ii) F(1, 0) = 3 > 0 and f (0, 1) = 8 < 0, so the form is indefinite.
[You could also use the standard tests here. For the first form, the discriminant
is 12 4 7 1 = 27 which is negative, and a = 7 > 0; so the form is positive
definite. For the second, the discriminant is 22 4 3 (8) = 100, which is
positive; so the form is indefinite.]

11.2. SOLUTIONS

131

(d) Two forms f (x, y), g(x, y) are equivalent if g(x, y) = f (px +
qy, rx +sy)
p q
for some p, q, r, s satisfying ps qr = 1 (that is, such that the matrix
is
r s
unimodular).
If f and g satisfy this relation and f (x, y)= n, then
 g(px
 + qy, rx+ sy) = n.
p q
s q
Conversely, since the inverse of the matrix
is
, we have
r s
r p
f (x, y) = g(sx qy, rx + py), so any integer represented by f is also represented
by g. So they represent the same integers.
(e) Remember that the positive definite form ax2 + bxy + cy2 is reduced if
either c > a and a < b a, or c = a and 0 b a.
Apply the algorithm in Chapter 10 of the notes. We begin with the form f0 =
2
a0 x + b0 xy + a1 y2 , with a0 = 7, b0 = a1 = 1.
First we put b0 = 2a1 q b1 with a1 < b1 a1 ; in other words, 1 = 2q b1
with 1 < b1 1. Clearly q = 1 and b1 = 1. The right neighbour of f0 by
1 is a1 x2 + b1 xy + a2 y2 , with a1 = 1, b1 = 1, a2 = f0 (1, 1) = 7; that is, f1 =
x2 + xy + 7y2 .
Now a2 = 7 > a1 = 1 and b1 = 1 satisfies 1 < b1 1; so this form is reduced.

Index
[ ] function, 21

Eulers totient function, 67

Euler, Leonhard, 23, 53

algebraic integer, 11
algebraic number, 11
Binomial Theorem, 73
Brahmagupta, 53
Cantor, Georg, 40
Carmichael number, 8, 68
Carmichaels lambda-function, 75
Cayley numbers, 96
chain of reduced indefinite forms, 115
characteristic polynomial, 15
Chinese Remainder Theorem, 7, 69
commutative ring with identity, 4, 13,
67
companion matrix, 15
complex numbers, 95
congruence, 4
congruent number problem, 99
continued fraction, 18
convergent of continued fraction, 24
cyclic group, 74
degenerate, 102
DiffieHellman key exchange, 75
direct product, 74
discrete logarithm problem, 75, 78
discriminant, 103
division algorithm, 2
Euclids algorithm, 2, 19
Euclids Theorem on primes, 7
Eulers Theorem, 68

Fermats Last Theorem, 97

Fermats Little Theorem, 5, 68
Fermat, Pierre de, 97
Fibonacci numbers, 25
field, 13
first root of indefinite form, 110
Fowler, David, 29
fundamental solution, 63
Gauss Lemma, 13
Gauss, Carl, 82
Gaussian integer, 99
gcd, 2
Goldbachs Conjecture, 98
golden ratio, 12
Graves, John, 96
greatest common divisor, 2
group of units, 67, 74
Hermite, Charles, 40
indefinite, 101
infinite continued fraction, 31
integer represented by quadratic form,
101
Kronecker product, 15
Lagrange, Joseph-Louis, 40
Legendre symbol, 78
Legendres construction, 57, 59
Legendre, Adrien-Marie, 57

132

INDEX
Lindemann, Ferdinand von, 40
linear form, 102
Liouvilles number, 39
Mean Value Theorem, 39
minimal polynomial, 12
Mobius function, 72
Mobius inversion, 72
monic polynomial, 11
negative definite, 101
octonions, 96
orbit, 105
order of approximation, 37
order of element, 70
Pells equation, 53
periodic, 43
positive definite, 101
prime, 3
primitive root, 71
principal ideal domain, 100
public-key cryptosystem, 75
purely periodic, 43
Pythagoras, 11, 96
quadratic form, 101
binary, 101
indefinite, 101
negative definite, 101
positive definite, 101
quadratic irrational, 13, 44
reduced, 45
quadratic non-residue, 77
quadratic reciprocity, 79, 84
quadratic residue, 77
quaternions, 95
rational approximation, 35
rational integer, 12
reduced indefinite form, 110
reduced quadratic irrational, 45, 109, 110

133
special linear group, 105
square bracket function, 21
squarefree, 13
squarefree part, 89
Stewart, Ian, 12
sums of squares, 56, 89
Sun Zi, 9
transcendental number, 11, 40
twin-primes conjecture, 99
unimodular matrix, 104
unique factorisation, 4
Wallis, John, 53
Wiles, Andrew, 97, 99
Zu Chongzhi, 33