Number Theory

Download as pdf or txt
Download as pdf or txt
You are on page 1of 31

Chapter 1

Topics in Number Theory


We assume familiarity with the number systems. The notion of a number
line, which extends from to +, represents the ordering of the real
numbers. Among these, the counting numbers, 1, 2, 3, . . . are better known
as the natural numbers. There are also the integers, which extend the natural
numbers by including zero and negative natural numbers. In other words,
natural numbers are precisely the positive integers.
The integers come in two kinds, even and odd. The even numbers are
0, 2, 4, 6, 8, 10, 12, . . .
and the rest of the integers are odd:
1, 3, 5, 7, 9, 11, 13, . . .
Observe that the sequence of even numbers can be written in the form
. . . , 2 1, 2 0, 2 1, 2 2, 2 3, . . .
So the two classes of integers may be dened as follows.
Denition. An integer n is even if n = 2m, where m is again integer. On
the other hand, n is odd if n = 2m + 1 for some integer m.
For instance, 26 is even because 26 = 2 13, and 13 is integer. But, the
number 17 is not even because 17 = 2 8.5, where 8.5 is not an integer.
Note that 17 is odd because 17 = 2 8 + 1, where 8 is an integer.
Question. With these denitions, can an integer be both even and odd? Why
or why not?
1
2 Discrete Structures in Five Chapters
The ratio of two integers, written a/b, with b = 0, is what we call a
rational number. Sometimes, a rational number can actually be an integer,
e.g., 21/3 is the integer 7. In general, however, the rational numbers form a
bigger set which contains the integers as a subset.
Real numbers which are not rational are called irrational numbers. Thus,
irrational numbers are real numbers which cannot be expressed as the ratio
of two integers. An example of irrational numbers is given by

2. We will
see in Section 2.3.4 a proof of the fact that

2 is indeed irrational.
The integers are the domain of number theory. In particular, number
theory is concerned with the properties of the natural numbers. How can
we know if a given natural number n is the product of two smaller numbers,
which are called factors of n? Is there an algorithm to nd all common
factors of a given pair (m, n)? These are two questions one may ask in
number theory.
1.1 Integers in Various Bases
We start by introducing dierent systems in which we may represent count-
ing numbers. The way we are used to count is based on a ten-digit system,
called decimal, i.e., using the digits 0 to 9. In computer language, however,
it is more convenient to use the binary number system, in which we employ
only 0 and 1. Computers rely on switches to perceive quantities, and a swith
can be o or onthus the reason for the binary digits of zeros and ones.
Hence, to enumerate the natural numbers in binary, we begin with
1, 10, 11, 100, 101, 110, 111, 1000, 1001, 1010, . . .
Note that 111, for instance, corresponds to the number 7 in decimal. We
express this relation by writing 111
2
= 7
10
. The rst question that arises is,
given a binary number, how do we know its equivalent in decimal? The key
to the algorithm for nding the answer is the following observation.
In decimal, every digit acts as a counter, where from right to left we
have the number of ones, then the number of tens (ten ones), the number
of hundreds (ten tens), and on. For example,
5, 467 = 5, 000 + 400 + 60 + 7
= 5 10
3
+ 4 10
2
+ 6 10
1
+ 7 10
0
This principle holds in the binary number system as well, except that powers
Amin Witno ISBN 1449976611 3
of 10 are replaced by powers of 2. Hence,
111
2
= 1 2
2
+ 1 2
1
+ 1 2
0
= 4 + 2 + 1
= 7
10
Example. Convert the binary number 1100101 to decimal.
Solution. Multiply each digit by the appropriate power of 2, ignoring the
zeros since they do not add anything:
1100101
2
= 1 2
6
+ 1 2
5
+ 1 2
2
+ 1 2
0
= 2
6
+ 2
5
+ 2
2
+ 2
0
= 64 + 32 + 4 + 1
= 101
10
Note that without the indices, writing 1100101 = 101 would have been
misleading!
Exercise 1.1. Convert the binary numbers to decimal.
a) 1101111
b) 1110111
c) 100000001
d) 1101111000
Test 1.2. Which binary number represents an odd number?
a) 1100101100
b) 111010010101010
c) 1010010010101011
d) 1010100101111111100
Going in the other direction, how do we convert a decimal number to
binary? The reverse algorithm will now involve divisions by powers of 2.
Example. Convert the decimal number 101 to binary.
Solution. Ahead of time, we do not know the largest power of 2 which divides
into 101. So we will divide 101 by 2 repeatedly, as follows.
101 2 = 50 with remainder 1
50 2 = 25 with remainder 0
25 2 = 12 with remainder 1
12 2 = 6 with remainder 0
6 2 = 3 with remainder 0
3 2 = 1 with remainder 1
1 2 = 0 with remainder 1
4 Discrete Structures in Five Chapters
Note that the remainders determine the digits of the sought binary number;
and we recover the relation 101
10
= 1100101
2
by reading these remainders
from the last one up.
Exercise 1.3. Convert the decimal numbers to binary.
a) 99
b) 129
c) 999
d) 2730
In principle, the idea of a base-10 or base-2 number system can be gen-
eralized to any base-n number system, where n is the number of digits used.
Two other common number systems for the computing language are the
hexadecimal and octal systemsusing 16 and 8 digits, respectively.
In hexadecimal, we count using the sixteen digits 0 to 9 and A to F,
in this order. From 1 to 20, for instance, we write,
1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14
The fact that 14
16
is equivalent to 20
10
can be explained by the same prin-
ciple of multiples of powers, which has been demonstrated in decimal as
well as in binary, i.e., 14
16
= 1 16
1
+ 4 16
0
= 16 + 4 = 20
10
.
Example. Convert the hexadecimal number 1A5E to decimal.
Solution. This time, multiply each digit by the appropriate power of 16:
1A5E
16
= 1 16
3
+ 10 16
2
+ 5 16
1
+ 14 16
0
= 4096 + 2560 + 80 + 14
= 6750
10
Exercise 1.4. Convert each hexadecimal number given below to decimal.
a) AA
b) CEF
c) 2BAD
d) 10101
Test 1.5. Which hexadecimal number represents an even number?
a) A625B
b) FF79C3
c) E020ADD
d) 37B951FE
The conversion from decimal to hexadecimal is now through iterative
division by 16, analogous to that from decimal to binary.
Amin Witno ISBN 1449976611 5
Example. Convert the decimal number 6750 to hexadecimal.
Solution. We use division with remainder, like in grade school, and nd,
6750 16 = 421 with remainder 14
421 16 = 26 with remainder 5
26 16 = 1 with remainder 10
1 16 = 0 with remainder 1
The answer, again, is read from last to rst: 6750
10
= 1A5E
16
.
Question. How do we nd these remainders in the calculator?
Exercise 1.6. Convert the decimal numbers to hexadecimal.
a) 999
b) 10001
c) 98765
d) 522958
The octal number system mentioned earlier employs only the digits 0 to
7. Again, the principles of conversion between two bases remain valid.
Exercise 1.7. Convert the octal numbers to decimal.
a) 777
b) 1234
c) 5702
d) 52543
Exercise 1.8. Convert the decimal numbers to octal.
a) 99
b) 999
c) 10001
d) 98765
The hexadecimal and octal number systems are chosen for the following
practical reason. Note the relation 2
4
= 16
1
, which indirectly says that four
binary digits, or bits, are equivalent to one hexadecimal digit. With the help
of Table 1.1, this provides a fast method of conversion between base-16 and
base-2.
Example. Convert the hexadecimal number 1A5E to binary.
6 Discrete Structures in Five Chapters
Table 1.1: The numbers 0 to 15 in hexadecimal and in binary.
0 1 2 3 4 5 6 7
0000 0001 0010 0011 0100 0101 0110 0111
8 9 A B C D E F
1000 1001 1010 1011 1100 1101 1110 1111
Solution. In fact, we simply replace each hexadecimal digit, 1, A, 5, E, by
the corresponding four bits shown in Table 1.1, then we juxtapose these
binary digits to form the answer.
1A5E
16
= 0001, 1010, 0101, 1110
2
The comas are inserted for better reading, and the answer can well be written
without them, i.e., 1101001011110.
Exercise 1.9. Convert the hexadecimal numbers of Exercise 1.4 to binary.
To convert from binary to hexadecimal, simply reverse this action. In
the case where the binary digits are not evenly grouped into fours, we simply
add extra zeros to the left of the quantity.
Example. Convert the binary number 11011000111100 to hexadecimal.
Solution. There are 14 digits; to group them into fours we need to have two
extra zeros on the left. With Table 1.1 again, we get the following answer.
0011, 0110, 0011, 1100
2
= 363C
16
Question. Would it be wrong if we pad zeros to the right?
Exercise 1.10. Convert the binary numbers to hexadecimal.
a) 1101111
b) 11111111111
c) 100000000001
d) 111110000111001
Exercise* 1.11. Elias has carelessly added two extra zeros to the right,
instead of to the left of the binary digits and come up with his wrong hex-
adecimal answer, ACE8. What is supposed to be the correct answer?
For base-8, similarly, we have the relation 2
3
= 8
1
. Since this implies
that every octal digit corresponds to three bits, there is also a quick way to
convert between binary and octal.
Amin Witno ISBN 1449976611 7
Exercise 1.12. Convert the binary numbers to octal, or vice versa.
a) 1101111
2
b) 10111001011
2
c) 264
8
d) 10101
8
Now suppose we wish to convert a hexadecimal number to octal. One
way to do this is to convert rst to decimal and then to octalbut why not
to binary rst, and then from binary to octal?
Exercise 1.13. Convert the hexadecimal numbers to octal, or vice versa.
a) A2C
16
b) E7DC2
16
c) 5764
8
d) 7777777
8
Test 1.14. We are given a number in the base-4 system, 1231231
4
. What
is this number in hexadecimal?
a) 6DB1
b) 1B6D
c) 6DB4
d) 1BCD
Exercise* 1.15. The base-26 number system uses the letters of the alpha-
bet, i.e., from A to Z, to represent the digits 0 through 25. How do we
represent the decimal number 62534 in base-26?
Exercise* 1.16. Amira is a very wealthy businesswoman who has built a
modern village in the suburb of Jakarta. Being superstitious, she refuses to
use the digit 4 in numbering the oors of her high-rise oce building, the
top oor being the 69th. How many oors up is that, if Amira were not
afraid to count with 4? Of course, there is no 13th oor either. Can you
write a computer program to do this conversion, in either direction?
Appendix: Representing Non-Integer Numbers
We have been concerned with conversion of natural numbers between num-
ber systems of dierent bases. There are ways in which binary digits are
used to represent negative integers or even non-integer rational numbers.
In the decimal system, a rational number can be written using a dot
(period sign) properly inserted among the digits, e.g., 3.1415. The part to
the right of the dot is called the fractional part. We observe that the digits
8 Discrete Structures in Five Chapters
of the fractional part represent multiples of negative powers of 10. In this
example,
3.1415 = 3 + 0.1 + 0.04 + 0.001 + 0.0005
= 3 10
0
+ 1 10
1
+ 4 10
2
+ 1 10
3
+ 5 10
4
If we keep this principle for the binary number system, then we may repre-
sent certain rational numbers by association with negative powers of 2.
Example. Convert the binary number 0.1011 to decimal.
Solution. We do not need to write down the multiples of zero:
0.1011
2
= 2
1
+ 2
3
+ 2
4
= 0.5 + 0.125 + 0.0625
= 0.6875
10
Exercise 1.17. Convert the binary numbers to decimal.
a) 0.01
b) 0.10001
c) 0.11111
d) 0.000001
From decimal to binary, converting the fractional part of a rational num-
ber would be through repeated multiplication by 2, where in each step we
keep record of the integer part.
Example. Convert the decimal number 0.6875 to binary.
Solution. We write the integer parts in the far right column.
0.6875 2 = 1 + 0.375 1
0.375 2 = 0 + 0.75 0
0.75 2 = 1 + 0.5 1
0.5 2 = 1 + 0 1
This time, the correct answer is obtained by reading the integer parts down-
ward from the top, following the dot: 0.1011
2
.
Note that in the above example we stop the algorithm when we reach 0
in the fractional part. In general, however, the iterations may never termi-
nate with a zero. The situations parallel those in decimal, where a rational
number may be represented by an innite, but always periodic, extension of
digits, e.g., 1/3 = 0.333 . . . = 0.3 and 5/11 = 0.45.
Amin Witno ISBN 1449976611 9
Exercise 1.18. Convert the decimal numbers to binary and to hexadecimal.
a) 0.03125
b) 0.765625
c) 5/8
d) 1/3
1.2 Divisibility
We return to the studies of integers. It is clear that adding or multiplying
two integers results in another integer. Dividing an integer by another, on
the other hand, sometimes yields an integer value but sometimes does not.
The relation in which an integer divides another integer (resulting in another
integer) is an important concept in the theory of numbers.
First, we need to introduce some functions which have their domain or
range in the set of integers. For instance, there are times when we need to
extract the integer part of a non-integer number. This particular operation
is performed by the oor function.
Denition. The oor function f(x) = x takes any real number x and
returns the greatest integer n with condition n x. The quantity x may
be called the oor of x.
For example, we have 3.1415 = 3 and 100/7 = 15. Note that
x = x if, and only if, x is already an integer. Furthermore, the inequalities
x x < x + 1 hold for any real number x.
A companion to the oor function is the ceiling function, dened as
follows.
Denition. The ceiling function f(x) = x takes any real number x and
returns the least integer n with condition n x. We may call x the ceiling
of x.
Hence, to illustrate, 3.1415 = 4 and 20/3 = 6. Similar to the
oor function, we also have x = x if and only if x is an integer.
Exercise* 1.19. Order the following quantities, from the smallest to the
largest.
x, x, x + 1, x 1, x, x + 1, x 1
1.2.1 The Mod Operation
The oor function is needed to dene the next, very useful operation with
integers.
10 Discrete Structures in Five Chapters
Denition. With two integers m and n, where n > 0, we dene the oper-
ation m mod n by
m mod n = m
_
m
n
_
n
In some programming language, like C++ or Java, the notation m mod n is
written m % n.
Example. Compute 12345 mod 7.
Solution. According the to denition,
12345 mod 7 = 12345
_
12345
7
_
7
= 12345 1763.571429 . . . 7
= 12345 (1763 7)
= 12345 12341
= 4
Exercise 1.20. Perform the following mod operations.
a) 678 mod 5
b) 35 mod 217
c) 3393 mod 29
d) 99999 mod 111
Test 1.21. Which one of these four quantities is the largest?
a) 100 mod 7
b) 234 mod 9
c) 11 mod 29
d) 20 mod 11
As you may have suspected by now, the operation m mod n actually
returns the remainder upon dividing m by n via the division-with-remainder
method. In the preceding example, dividing 12345 by 7 will give us the
integer output 1763, which we call the quotient, and the remainder 4a
fact we may express as an equation,
12345 = (1763) 7 + (4)
The brackets are added merely to emphazise where the quotient and the
remainder are, respectively.
The next theorem, whose proof is left as an easy challenge, states some
basic properties of the mod operation which are familiar facts concerning
the remainder of a division.
Amin Witno ISBN 1449976611 11
Theorem 1.1. Let m and n > 0 be xed integers. Then
1) 0 m mod n < n.
2) m mod n = m, if 0 m < n.
3) m mod n = 0, if m/n is an integer.
4) m/n is an integer, if m mod n = 0.
The relation m mod n = 0, appearing in the above theorem, is an im-
portant and useful concept in working with integers. This leads us to the
next denition.
Denition. The following statements all have one and the same meaning,
namely that m mod n = 0.
a) m is a multiple of n
b) m is divisible by n
c) n is a divisor, or factor, of m
d) n divides m
In view of Theorem 1.1, this denition also means that m/n is an integer,
i.e., there is an integer k such that m = nk.
Example. The following examples illustrate the newly dened terms.
a) The fact that 40/8 = 5, an integer, allows us to say that 8 divides 40 and
that 40 is a multiple of 8 or is divisible by 8.
b) The numbers 10, 20, 30, 40, 50, . . . are all divisible by 2 and 5.
c) Even numbers are multiples of 2. In contrast, no odd number has a factor
of 2.
d) The number 17 has no divisors other than 1 and 17.
Test 1.22. Which number is a multiple of 24?
a) 0
b) 8
c) 16
d) 84
Another important and useful concept involving the mod operation is
the relation between integers which have the same remainder upon division
by a xed number n > 0.
Denition. If a and b are two integers such that a mod n = b mod n, then
we write a b (mod n), and say that a is congruent to b mod n. The
relation a b (mod n), which is equivalent to b a (mod n), is called a
congruence mod n.
12 Discrete Structures in Five Chapters
For example, since 23 mod 7 = 2 and 100 mod 7 = 2, we have 100 23
(mod 7). In this new notation, we can say that m 0 (mod n) precisely
when n divides m.
Test 1.23. Which one of the following numbers is congruent to 99 mod 13?
a) 0
b) 69
c) 96
d) 112
1.2.2 An Application in Check Digits
The mod operation is used in many modern applications of identication
number assignment, as for a bank account, credit card, airline ticket, product
bar code, or a vehicle license plate. In particular, such ID numbers come
with a check digit (usually the right-most digit) whose purpose is to alert
us when an error has occured in typing the number. We illustrate here the
use of check digits in assigning the International Standard Book Number
(ISBN) for book publications.
An ISBN consists of 10 digits which are separated into four groups by
a hyphen between them, e.g., 1-4196-8735-2. These four groups represent
the codes for, from left to right, language (0 or 1 means English), publisher,
book title, and check digit. In this case, the check digit can also be a capital
letter X, and it is determined according to the following algorithm.
Let a
1
, a
2
. . . , a
10
represent the ten digits of the ISBN, in the order
from left to right, and let S be dened by
S = (10a
1
+ 9a
2
+ 8a
3
+ 7a
4
+ 6a
5
+ 5a
6
+ 4a
7
+ 3a
8
+ 2a
9
) mod 11
The check digit will then be given by
a
10
= (11 S) mod 11
In addition, due to the range 0 a
10
10, we agree to replace a
10
= 10 by
the letter X.
For example, having determined that the rst three codes for the ISBN
of a book to be 1-4196-8735-x, we proceed to assigning the check digit x:
S =
_
(10 1) + (9 4) + (8 1) + (7 9) + (6 6)
+ (5 8) + (4 7) + (3 3) + (2 5)
_
mod 11
= (10 + 36 + 8 + 63 + 36 + 40 + 28 + 9 + 10) mod 11
= 240 mod 11 = 9
Thus, x = (11 9) mod 11 = 2, and 1-4196-8735-2 is the complete ISBN.
Amin Witno ISBN 1449976611 13
Exercise 1.24. Determine the check digit for each of the following incom-
plete ISBNs.
a) 3-314-00783-x
b) 957-747-134-x
c) 962-244-122-x
d) 977-230-154-x
It is not hard to show that the algorithm we have used to produce the
check digit a
10
can be summarized with a single formula,
a
10
= (1a
1
+ 2a
2
+ 3a
3
+ 4a
4
+ 5a
5
+ 6a
6
+ 7a
7
+ 8a
8
+ 9a
9
) mod 11
It can also be veried that a common typing error like a mistake in just one
of the ten digits, or two digits reversely placed, will always be detected by
this formula.
Test 1.25. Which one of the following ISBNs is in error?
a) 0-310-91291-1
b) 0-87509-701-4
c) 0-88368-324-X
d) 0-9629049-0-2
Exercise* 1.26. Is it possible, hypothetically, to have two consecutive
ISBNs? Think of an example or explain why it is not possible.
As of 1 January 2007, however, all ISBNs have been extended to 13
digits, now called EAN-13, in compliance with the European Article Number
for product codes. The conversion is done by prexing the digit 978 (the
code for all books) and readjusting the check digit, according to the following
rule.
Let S now be the sum of the rst 12 digits, after rst multiplying a
2
, a
4
,
a
6
, a
8
, a
10
, and a
12
, each by 3. Then the check digit a
13
is chosen such that
(S + a
13
) mod 10 = 0.
Example. Convert the ISBN 1-4196-8735-2 to the corresponding 13-digit
EAN.
Solution. The EAN-13 looks like 978-1-4196-8735-x. To determine the check
digit, we rst calculate S:
S = 9 + (7 3) + 8 + (1 3) + 4 + (1 3)
+ 9 + (6 3) + 8 + (7 3) + 3 + (5 3)
= 9 + 21 + 8 + 3 + 4 + 3 + 9 + 18 + 8 + 21 + 3 + 15
= 122
14 Discrete Structures in Five Chapters
Hence we choose the digit x = 8 in order to make the sum 122 + 8 = 130,
a multiple of 10. The complete EAN-13 for this book is then 978-1-4196-
8735-8 or, as normally written without the hyphens, 9781419687358.
Exercise 1.27. Convert each of the ISBNs in Exercise 1.24 to its corre-
sponding EAN-13.
Question. Do we ever need the letter X in an EAN-13?
Exercise 1.28. A number theory textbook shows on its back cover, ISBN
0-471-62546-9. Elias converted this to EAN-13, ignorantly, by simply adding
the prex: 9780471625469. Kindly correct his answer.
Exercise 1.29. A newly published paperback has 9781449976613 for its
EAN-13. What would have been the books ISBN had it been released
before the year 2007?
Exercise* 1.30. Is it possible, hypothetically, to have two consecutive
EAN-13s? Think of an example or explain why it is not possible.
1.2.3 GCD and LCM
With two integers, it is useful sometimes to nd a divisor common to both.
For example, 5 is a divisor of both 10 and 25. The next theorem says
something about a property of a common divisor.
Theorem 1.2. Suppose d is a divisor of both m and n. Then d divides
am + bn for any integers a and b.
Proof. Since m/d and n/d are both integers, the number
am + bn
d
= a
m
d
+ b
n
d
is also an integer, if a and b are.
Now, given an integer m = 0, there exist only a nite number of divisors.
This is so because if m/n is an integer then |n| |m|. The next function will
take two integers m and n and returns the greatest of all divisors common
to both.
Denition. Let m and n be two integers, not both zero. The greatest
common divisor of m and n is the largest integer d which divides both m
and n. We shall denote this quantity by writing d = gcd(m, n).
For example, gcd(18, 30) = 6 because 6 divides both 18 and 30, and 6 is
the largest number with such a property.
Amin Witno ISBN 1449976611 15
Exercise 1.31. Evaluate gcd(m, n) given below.
a) gcd(125, 200)
b) gcd(12345, 0)
c) gcd(12, 145)
d) gcd(2, 10000)
The following theorem will be essential in evaluating gcd(m, n) for arbi-
trary values of m and n, even if they are very large.
Theorem 1.3. We have gcd(m, n) = gcd(n, m mod n).
Proof. Any common divisor of m and n also divides m mod n = mm/nn
by Theorem 1.2. Conversely, any common divisor of n and m mod n also
divides m = m mod n + m/nn by the same theorem. Hence, both pairs
(m, n) and (n, m mod n) share the same set of all divisors common to them
and, in particular, equal common divisor of greatest value.
Applying Theorem 1.3 twice gives us gcd(m, n) = gcd(m mod n, n mod
(m mod n)). By iteration, the pair decreases in size quite rapidly. This
iterative procedure is called the Euclidean algorithm, a very ecient method
for computing gcd.
Example. Evaluate gcd(12345, 6789) by the Euclidean algorithm.
Solution. Repeated application of Theorem 1.3 allows us to write
gcd(12345, 6789) = gcd(6789, 5556) since 12345 mod 6789 = 5556
= gcd(5556, 1233) since 6789 mod 5556 = 1233
= gcd(1233, 624) since 5556 mod 1233 = 624
=
Or we may opt to write only the sequence of remainders:
12345, 6789, 5556, 1233, 624, 609, 15, 9, 6, 3, 0
The last pair tells us that gcd(12345, 6789) = gcd(3, 0) = 3.
Question. Does the Euclidean algorithm always terminate with a zero re-
mainder?
Exercise 1.32. Use the Euclidean algorithm to evaluate gcd(m, n).
a) gcd(12345, 67890)
b) gcd(12345, 54321)
c) gcd(88888, 555)
d) gcd(234, 60970)
16 Discrete Structures in Five Chapters
We conclude this section with one more integer function which comple-
ments the gcd function, i.e., the least common multiple.
Denition. With positive integers m and n, we dene their least common
multiple to be the least positive integer which is divisible by both m and n,
denoted by lcm(m, n).
We have lcm(12, 15) = 60, for instance, since 60 is a common multiple
of 12 and 15, and it is the smallest of such.
We do not have a particular algorithm to evaluate lcm(m, n), but the
following equality reveals a nice relation between gcd(m, n) and lcm(m, n)
which can well be used to evaluate one given the other.
Theorem 1.4. For positive integers m and n, we have
gcd(m, n) lcm(m, n) = mn
We postpone the proof of this claim until later when we reestablish this
result following Theorem 1.9 in this chapter.
For example, to evaluate lcm(12, 15) we may rst note that gcd(12, 15) =
3, from which we conclude that lcm(12, 15) = 12 15/3 = 60.
Exercise 1.33. Evaluate lcm(m, n) by rst evaluating gcd(m, n).
a) lcm(275, 115)
b) lcm(144, 456)
c) lcm(999, 123)
d) lcm(725, 1000)
1.3 Solving Linear Equations
Given integers m, n, and c, we are interested in nding solutions to the
linear equation in two variables, x and y, of the form
mx + ny = c (1.1)
By solutions we mean integer solutions. It turns out that the main ingredient
in solving equations of this kind is in fact the Euclidean algorithm.
Theorem 1.2 reminds us that if d is a common divisor of m and n, then
d divides mx + ny for any integer values of x and y. Therefore, the rst
condition for Equation (1.1) to have a solution is that c must be divisible
by d and, in particular, by gcd(m, n).
Theorem 1.5. If the linear equation mx +ny = c has a solution for x and
y which are both integers, then gcd(m, n) must divide c.
Amin Witno ISBN 1449976611 17
Conversely, when c is a multiple of gcd(m, n), we claim that integer
solutions x and y for Equation (1.1) always exist. How do we nd at least
one such solution pair? First, we claim that integers a and b exist such that
ma + nb = gcd(m, n) (1.2)
Then if c/ gcd(m, n) is an integer, we multiply through Equation 1.2 by this
integer to obtain
m
_
ac
gcd(m, n)
_
+ n
_
bc
gcd(m, n)
_
= c
thereby producing a solution (x, y) for Equation (1.1).
And how do we nd an integer pair (a, b) for Equation (1.2)? We need
an extension of the Euclidean algorithm, thus called the extended Euclidean
algorithm, which we illustrate in the next example.
Example. Find integers a and b such that 123a + 45b = gcd(123, 45).
Solution. We start by writing rows of three integers, labeled (d
i
, a
i
, b
i
) for
each row i 1, beginning with
d
i
a
i
b
i
1 123 1 0
2 45 0 1
To determine the third row, subtract 123/45 = 2 times the entire second
row from the rst. In particular, we will have d
3
= 123 123/4545 =
123 mod 45 = 33. Similarly, for the fourth row, we substract 45/33 = 1
times the entire third row from the second, so that d
4
= 45 mod 33 = 12.
In this way, down the rst column we have the sequence of remainders
which we would have upon computing gcd(123, 45) using the Euclidean al-
gorithm, i.e.,
123, 45, 33, 12, 9, 3, 0
The completed table with the seven rows is thus obtained:
d
i
a
i
b
i
123 1 0
(2) 45 0 1
(1) 33 1 2
(2) 12 1 3
(1) 9 3 8
(3) 3 4 11
0 15 41
18 Discrete Structures in Five Chapters
In such table, we claim that each row obeys the relation
d
i
= 123a
i
+ 45b
i
(1.3)
In particular, the row before the last gives us gcd(123, 45) = 3 = 123(4) +
45(11). Thus, we have found our solution of a = 4 and b = 11.
Question. Can you prove why the relation (1.3) holds in each row?
Exercise 1.34. For each given pair (m, n), nd integers a and b such that
ma + nb = gcd(m, n).
a) (345, 215)
b) (826, 112)
c) (2890, 843)
d) (529, 6739)
Example. Find integers x and y such that 123x + 45y = 66.
Solution. In the last example, we have found that 123(4) + 45(11) = 3.
Simply multiply by 66/3 = 22, and we have a particular solution x = 88
and y = 242.
Test 1.35. Which equation has integer solutions?
a) 12x + 27y = 35
b) 12x + 27y = 15
c) 12x + 20y = 35
d) 12x + 20y = 15
Exercise 1.36. For each pair (m, n) given in Exercise 1.34, nd integers x
and y such that mx + ny = c.
a) c = 95
b) c = 98
c) c = 11
d) c = 99
In remark, a solution pair for (1.1) in general is not unique. In the
preceding table, for instance, if we multiply the third row by 2, then 123(2)+
45(4) = 66, providing another solution pair to 123x + 45y = 66.
Under the condition that gcd(m, n) divides c, it is now established that
Equation (1.1) has at least one solution, or a particular solution, denoted
by (x
0
, y
0
). The next theorem describes how to nd all the solutions.
Theorem 1.6. The equation mx + ny = c has a solution if and only if
gcd(m, n) divides c, in which case all its solutions are given in the form
x = x
0

nk
gcd(m, n)
and y = y
0
+
mk
gcd(m, n)
for any particular solution (x
0
, y
0
) and for any integer k.
Amin Witno ISBN 1449976611 19
Proof. If we were working over the real numbers, the solutions to mx+ny = c
would be represented by a straight line passing through the point (x
0
, y
0
)
and with a slope equals m/n. An arbitrary point on this line is therefore
given by (x, y), where
x = x
0
t and y = y
0
+ tm/n
for any real number t. We want points on this line which have integer
coordinates, so we require that both t and tm/n be integers. We leave as
an exercise to verify that this desired condition is achieved precisely when t
is a multiple of n/ gcd(m, n), in order to complete the proof.
Example. Find all integers x and y such that 123x + 45y = 66.
Solution. Since we have found a particular solution (88, 242), and since
gcd(123, 45) = 3, the general solutions are now given by
x = 88 15k and y = 242 + 41k
for any integer k. For example, with k = 6 we have the particular solution
x = 2 and y = 4, of which we have remarked earlier.
Exercise 1.37. Complete Exercise 1.36 by nding the general solutions.
Exercise* 1.38. Elias placed a take-out order from Tea Kitchen Chinese
restaurant, where a bowl of seafood fried rice costs 3 dinars, a plate of
General Tsos chicken is 5.5 dinars, and individually wrapped spring rolls
sell for 20 piasters (0.2 dinar) a piece. Elias spent exactly 100 dinars, and he
remembered there were exactly 100 items in the bag. Can you break down
the receipt for him?
1.4 Prime Numbers and Factorization
The term factorization refers to the process of expressing a positive integer
as the product of two smaller numbers. For instance, we factor the number
91 when we write 91 = 7 13. In this sense, factorization is the reverse
action of multiplication. A prime number can be thought of as an integer
which cannot be factored. More precisely,
Denition. An integer p 2 is called prime or a prime number, if it has
no divisor strictly between 1 and p. The list of prime numbers begins with
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, . . .
An integer n 2 which is not prime is called a composite.
20 Discrete Structures in Five Chapters
1.4.1 Unique Factorization into Primes
Prime numbers are the building blocks of the integers, in the sense that every
integer can be written as a product of primes, and that in an essentially
unique way. We now observe some properties of primes which will lead to
the establishment of this claim.
Theorem 1.7. Let p be a prime number. If p divides a product of integers,
then p must divide one of them.
Proof. Assume that p divides mn. If p does not divide m, we will show that
p divides n. Look at gcd(m, p). Being a divisor of p, this quantity is either
1 or p. So, if p does not divide m, then gcd(m, p) = 1. Using the extended
Euclidean algorithm, we can nd integers a and b such that ma + pb = 1.
Multiply this equality by n/p to get
_
mn
p
_
a + nb =
n
p
The quantity on the left-hand side is an integer, since p divides mn; hence
so is n/p an integer, i.e., p divides n.
This argument can be repeated to prove the theorem for the case where
the product involves three integers or more.
By denition, a composite n can be factored as n = a b, where 1 <
a, b < n. If a or b is again composite, we can factor it again, and again, and
with each step the factors decrease in size. After a nite number of steps,
the nal stage in this process will be something like
n = p
1
p
2
p
3
p
k
where each p
i
is a prime number. But is it possible, for the same n, another
person comes down to a dierent factorization, other than mere reordering
of the primes? Well, suppose there are two such results:
p
1
p
2
p
3
p
k
= q
1
q
2
q
3
q
h
(1.4)
We may cancel o common primes from each left and right, and if the ps
and the qs are really dierent, then we end up with an equality like (1.4)
in which none of the ps equals any of the qs.
However, by Theorem 1.7, p
1
must divide one of the qs. This cannot
happen as distinct primes do not divide each other. And that can only mean
that the factorization of n into primes involves a unique collection of prime
factors. We have proved the fundamental theorem of arithmetic.
Amin Witno ISBN 1449976611 21
Theorem 1.8 (The Fundamental Theorem of Arithmetic). Every integer
n 2 can be factored into prime numbers in a unique way, apart from
reordering of the prime factors.
For example, in factoring the number 936 into primes, one may obtain
936 = 3 2 3 13 2 2, while another 936 = 13 2 2 3 2 3.
But, it would be impossible to nd a prime factor outside the collection
{2, 2, 2, 3, 3, 13}. We normally write the nal factorization, where all the
factors are primes, using the exponential notation in order to clearly display
the repeated primes, e.g.,
936 = 2
3
3
2
13 (1.5)
Exercise* 1.39. Amira claims that she has found a counter-example to
the fundamental theorem of arithmetic by showing a dierent factorization:
936 = 2 3 167, which she insists is correctonly that it is not written
in decimal. Which integer base does Amira have in mind? Does her nding
really contradict Theorem 1.8?
Exercise 1.40. Factor these numbers into primes.
a) 888
b) 36000
c) 63756
d) 111111
We have sensed here that factoring in general is harder than multiplying.
The most basic, and slowest, factoring algorithm is the trial division, where
we repeatedly divide n by the primes 2, 3, 5, 7, . . . in an attempt to discover
a prime factor. Note that only primes up to

n need to be considered, and
if no such factor is found then we may conclude that n is itself prime.
Question. Why dont we need to consider prime factors larger than

n?
Example. Determine whether the number 577 is prime or composite, using
trial division.
Solution. We have

577 24.02. The only prime numbers up to 24 are 2,


3, 5, 7, 11, 13, 17, 19, and 23. After a little bit of checking, we see that none
of these primes divides 577. Hence, 577 is itself a prime number.
Exercise 1.41. Determine prime or composite by trial division. If compos-
ite, factor the number into primes.
a) 239
b) 841
c) 911
d) 1147
22 Discrete Structures in Five Chapters
1.4.2 GCD and LCM via Factorization
It is sometimes convenient to express the factorization of n into primes using
the product notation,
n =

i1
p
e
i
i
= p
e
1
1
p
e
2
2
p
e
3
3

where the product ranges over all prime numbers, p
1
= 2, p
2
= 3, p
3
= 5, . . .
The exponents e
i
will be zero except for nitely many of them. For example
with n = 936, Equation (1.5) shows that e
1
= 3, e
2
= 2, e
6
= 1, and e
i
= 0
for all the rest.
Now let d =

p
d
i
i
be the prime factorization of another integer d. As
a consequence of Theorem 1.7 and the fundamental theorem of arithmetic,
if d divides n =

p
e
i
i
then it is necessary that d
i
e
i
. This fact leads to
a more explicit way of evaluating the functions gcd(m, n) and lcm(m, n),
provided that the factorizations of m and n have been established.
Theorem 1.9. Let m =

p
f
i
i
and n =

p
e
i
i
, and let min(e
i
, f
i
) and
max(e
i
, f
i
) denote the lesser and the greater, respectively, of e
i
and f
i
. Then,
gcd(m, n) =

p
min(e
i
,f
i
)
i
and lcm(m, n) =

p
max(e
i
,f
i
)
i
Proof. Suppose d divides n, where d =

p
d
i
i
. We have argued that a
necessary condition for d is that d
i
e
i
. Now if d also divides m then as
well d
i
f
i
. Hence the greatest common divisor of m and n is such an
integer d for which d
i
= e
i
or d
i
= f
i
, whichever is smaller. This gives
d
i
= min(e
i
, f
i
). The proof for lcm(m, n) is very similar.
For example, having factored m = 2
5
3 7
2
13
8
37 101 and
n = 2
11
3
2
5
9
11 13
4
23 37, we readily conclude that
gcd(m, n) = 2
5
3 13
4
37
lcm(m, n) = 2
11
3
2
5
9
7
2
11 13
8
23 37 101
Thus Theorem 1.9 provides a second method for evaluating gcd(m, n)
without the use of the Euclidean algorithm. Even so, factorization in general
is extremely time-consumingwhile in contrast, the Euclidean algorithm is
particularly a very ecient algorithm.
Exercise 1.42. Redo Exercise 1.32, this time evaluate gcd(m, n) by factor-
ing m and n.
Amin Witno ISBN 1449976611 23
Note that with Theorem 1.9, we are now able to derive the relation
gcd(m, n) lcm(m, n) = mn (1.6)
thereby proving Theorem 1.4. Details are asked in the next exercise.
Exercise 1.43. Redo Exercise 1.33, this time evaluate both gcd(m, n) and
lcm(m, n) by way of factoring m and n. In each case, verify that (1.6) holds
and then try to write a proper proof of Theorem 1.4.
As a further consequence of the fundamental theorem of arithmetic, it is
not dicult to show that the list of prime numbers never ends. This claim
is stated in the next theorem, whose proof was rst given by Euclid some
2500 years ago. Our proof here is a slightly modied version of his.
Theorem 1.10. There are innitely many prime numbers.
Proof. Form the following sequence of integers.
a
1
= 2
a
2
= a
1
+ 1 = 3
a
3
= a
1
a
2
+ 1 = 7
a
4
= a
1
a
2
a
3
+ 1 = 43
.
.
.
a
k
= a
1
a
2
a
3
a
k1
+ 1
We claim that every pair (a
m
, a
n
) of two numbers taken from this sequence
has gcd(a
m
, a
n
) = 1. To see why this is true, assuming m > n, we can write
a
m
= a
1
a
2
a
3
a
n
a
m1
+ 1
which shows that a
m
mod a
n
= 1. By Theorem 1.3, we have gcd(a
m
, a
n
) =
gcd(a
n
, 1) = 1. This says that each successive term in the sequence a
k
yields
a completely new set of prime factors, proving their innitude.
Question. Does this theorem imply that there are only nitely many com-
posites?
1.4.3 Power Mod Computations
We are to observe that in computing ab mod n, we may rst reduce a and b
by replacing them with their respective remainders mod n. The congruence
notation, which was introduced in Section 1.2.1, provides a convenient way
to state this theorem.
24 Discrete Structures in Five Chapters
Theorem 1.11. Let n > 0 be a xed integer. For any integers a and b,
(a mod n)(b mod n) ab (mod n)
Proof. By denition, we have
(a mod n)(b mod n) =
_
a
_
a
n
_
n
__
b
_
b
n
_
n
_
= ab + n
_
_
a
n
__
b
n
_
n a
_
b
n
_
b
_
a
n
_
_
Moreover, since ab = ab mod n +ab/nn, we are then allowed to write
(a mod n)(b mod n) = ab mod n + nk
for some integer k. It follows that (a mod n)(b mod n) mod n = ab mod n,
proving the congruence.
Now some applications, like in cryptography, involve the task of comput-
ing an expression of the form a
k
mod n with a very large exponent k, e.g.,
2
1000
mod 7. Note that in this example, while the power 2
1000
is quite large,
its remainder mod 7 will not exceed 6!
With Theorem 1.11, we will evaluate a
k
mod n by iteratively multiplying
a to itself, k times, while in each step reducing the product mod n, in order to
keep the calculations manageable. Being more clever, the successive squaring
algorithm, described next, achieves this goal in much less time.
Example. Compute 3
234
mod 25 by the successive squaring algorithm.
Solution. We will form a sequence of successive squares with initial term 3,
in which each term is reduced mod 25. In displaying the result below, we
omit writing mod 25 for better readability.
3
2
= 9
3
4
= 9
2
= 6
3
8
= 6
2
= 11
3
16
= 11
2
= 21
3
32
= 21
2
= 16
3
64
= 16
2
= 6
3
128
= 6
2
= 11
Amin Witno ISBN 1449976611 25
The next square, 3
256
, is bigger than 3
234
, so we stop here. Next, we express
the exponent 234 in binary, which is really the sum of powers of 2, i.e.,
234 = 11101010
2
= 128 + 64 + 32 + 8 + 2
Finally, we rely on Theorem 1.11 to conclude that
3
234
mod 25 = (3
128
3
64
3
32
3
8
3
2
) mod 25
= (11 6 16 11 9) mod 25 = 19
Exercise 1.44. Use the successive squaring algorithm for each power mod.
a) 2
22
mod 10
b) 5
99
mod 36
c) 23
333
mod 100
d) 2
2249
mod 23
Test 1.45. What is the unit digit, i.e., right-most digit, of the number 7
99
?
a) 1
b) 3
c) 7
d) 9
From the theoretical point of view, power mod operation touches on
an elegant theorem of Fermat, which plays an important role in the RSA
cryptography of the next section. However, the theorem will not be proved
until later in the texttwice, in fact, restated as Theorems 3.30 and 4.15.
Theorem 1.12 (Fermats Little Theorem). Suppose that a is an integer
not divisible by the prime p. Then a
p1
mod p = 1.
For example, knowing that 5647 is prime, Fermats little theorem assures
us that 89
5646
mod 5647 = 1.
Exercise 1.46. Compute the following powers mod 23, a prime, mentally
with the help of Fermats little theorem.
a) 100
22
mod 23
b) 5
24
mod 23
c) 3
47
mod 23
d) 2
2249
mod 23
Exercise* 1.47. If p is a prime number, prove that a
p
a (mod p) for
every integer a.
Exercise 1.48. Prove that 779 is composite without factoring it, but by
showing that 2
778
mod 779 = 1, thereby failing the statement of Fermats
little theorem.
Exercise* 1.49. Is it possible to have 2
p1
mod p = 1, but p is composite?
Find an example or explain why it is not possible.
26 Discrete Structures in Five Chapters
1.4.4 An Application in Cryptography
The technology of data transfer has become an inseparable part of the mod-
ern life, be it over the Internet, email, or mobile telephone. At times it
becomes necessary to send sensitive data, such as a credit card number,
over a secure line.
Cryptography is a eld of study wherein we analyze dierent algorithms
by which we convert such a sensitive numeric into a secret number which
can be read only by the intended recipient who possesses the secret key to it.
(A non-numerical message can be treated numerically, usually by assigning
a value to each character such as that based on the ASCII table.) One
application we wish to present here is the RSA algorithm, named after its
three inventors, Rivest, Shamir, and Adleman in 1976.
Lets say Amira represents an online company which involves receiving
important data from its users. She secretly selects two distinct, very large
prime numbers p and q (of at least 100 digits each) and another positive
integer e such that
gcd((p 1)(q 1), e) = 1
Of course, Amira uses the Euclidean algorithm to check this gcd condition.
In fact, she employs the extended Euclidean algorithm, which gives her two
more integers, a < 0 and b > 0, such that
(p 1)(q 1)a + eb = 1
Question. What if the algorithm does not yield a < 0 and b > 0?
Amira then computes n = p q and goes on to post on her web site the
two values of n and e, with the following instruction: Everyone who wishes
to send her an integer m (the sensitive message) must rst convert m into
a secret number s, based on the formula
s = m
e
mod n
This can be performed eciently using the successive squaring algorithm.
And when Amira receives this value of s, she uses her secret key b to recover
the intended message m, also using the successive squaring algorithm, i.e.,
s
b
mod n = m (1.7)
Why is this true? First, by Fermats little theorem, we have
m
(p1)(q1)
mod p = (m
p1
)
q1
mod p = 1
q1
mod p = 1
m
(p1)(q1)
mod q = (m
q1
)
p1
mod q = 1
p1
mod q = 1
Amin Witno ISBN 1449976611 27
These two equations imply that m
(p1)(q1)
1 is a common multiple of p
and q. Being distinct, both p and q must appear in the prime factorization
of m
(p1)(q1)
1. Hence, m
(p1)(q1)
1 is actually a multiple of pq, and
m
(p1)(q1)
mod pq = 1
Remembering that p q = n, we observe that
m
eb
= m
1(p1)(q1)a
= m(m
(p1)(q1)
)
a
and therefore, proving (1.7),
s
b
mod n = m
eb
mod n = m(1)
a
mod n = m
assuming that m < n. With the size of n being very large, this is probably
the case, but if m > n then m needs to be cut up into two or more blocks
of smaller integers and sent one at a time.
Question. Where has Theorem 1.11 been used again in this algorithm?
However, just how secure is this RSA algorithm? Recall that only n and
e are known to the public. In the worst case, an enemy can also steal s when
it is transmitted across the Internet. Knowing n, e, and s, can the enemy
recover the secret key b and/or the intended message m?
The only known feasible way to retrieve b is to rst nd the factors p
and q; and that is exactly the strength of RSA: While multiplying takes a
quadratic time, with respect to the number of digits in p and q, factoring
takes an exponential time. To illustrate, with the size of n around 200 digits,
if multiplying p and q took only one second, then factoring n would take
10
18
years!
Example. Let us suppose, for a small example, that p = 29 and q = 101.
Hence, n = 29101 = 2929 and (p1)(q 1) = 2800. Amira selects e = 13
and runs the extended Euclidean algorithm, arriving at the result
2800(5) + 13(1077) = 1
Her secret key is b = 1077, whereas the values of n = 2929 and e = 13 are
made public.
Now suppose Elias is an online customer who wishes to send securely to
Amira the number m = 888. He rst computes
888
13
mod 2929 = 2705
then sends her this number s = 2705. Upon receiving s, Amira computes
2705
1077
mod 2929 = 888
which is the correct intended number (message) from Elias.
28 Discrete Structures in Five Chapters
Exercise 1.50. In this mini RSA exercise, Amira uses n = 391 and e = 5.
a) Elias is to give her the message m = 234. What is the value of s which
he sends to Amira?
b) Find p and q using trial division.
c) Find Amiras secret key b and verify that s
b
mod 391 = 234.
d) Another time Amira receives s = 319. Discover the intended message m
and cross-check that m
5
mod 391 = 319.
Exercise* 1.51. The statement a
p1
mod p = 1 in Fermats little theorem
relies on the assumption that p does not divide a. The RSA algorithm,
however, assumes the theorem without knowing whether p or q divides m.
In theory, the probability of such occurrence is extremely small in view of
the abundance of primes their size. Nevertheless, please modify the RSA
argument to conrm that (1.7) remains valid even if p or q divides m.
1.4.5 Recognizing Large Composites
We have seen that with trial division we can factor any integer, at least
theoretically, or prove that it is prime. There are times, as in RSA, when
we need to distinguish large primes from composites. We will see two algo-
rithms which can be used to identify large composites without resorting to
factorization. While they may not work for all composites, these algorithms
are still far superior than trial division in time eciency.
The rst such algorithm is based on Fermats little theorem. The state-
ment of Theorem 1.12 holds whenever p is prime; so if it fails for some integer
p = n, whose primality is to be determined, then we may safely conclude
that n is composite.
Example. Given n = 989. Choosing a = 2, we use the successive squaring
algorithm to discover that 2
988
mod 989 = 213 = 1, a result which would
violate Fermats little theorem if 989 were prime. Hence, we conclude that
989 is composite.
Question. Have you wondered why Fermats theorem is called little?
Fermats little theorem, however, is not designed to recognize a prime
number. What this means is, if a
n1
mod n = 1, we are not allowed to
hastily conclude that n is a prime. See, for instance, that 2
340
mod 341 = 1,
and yet 341 is genuinely composite, as 341 = 11 31. What we can do in
such a case is perhaps try another value of a, e.g., 3
340
mod 341 = 56 = 1,
which conrms that 341 is indeed composite.
Exercise 1.52. Which ones of the following numbers are recognized as
composites using Fermats little theorem with base a = 2 and/or a = 3?
Amin Witno ISBN 1449976611 29
a) 561
b) 779
c) 1013
d) 1387
Denition. Suppose that a
n1
mod n = 1 for some integer a 2 and
some odd number n. If the number n is composite, then we call n a Fermat
pseudoprime base a.
As we have just seen, the number 341 is a Femat pseudoprime base 2, but
not base 3. The worst kind of a Fermat pseudoprime is when a
n1
mod n = 1
holds for many values of a. In fact, the Carmichael numbers n, dened next,
are Fermat pseudoprimes to all bases a as long as gcd(a, n) = 1.
Denition. A composite n is called a Carmichael number when n factors
into distinct primes such that for each prime factor p, the number p 1
divides n 1.
For example, 561 is a Carmichael number because 561 = 3 11 17, all
distinct primes, and 560 is divisible by 2, by 10, and by 16. In fact, 561 is
actually the smallest Carmichael number.
Exercise 1.53. Use trial division to factor each number, then verify that
the composite is a Carmichael number.
a) 1729
b) 2465
c) 6601
d) 8911
Exercise 1.54. Find two examples of a prime p < 100 such that the number
n = 7 31 p is Carmichael.
Exercise* 1.55. Show why a Carmichael number must be odd.
Theorem 1.13. Suppose that gcd(a, n) = 1. If n is a Carmichael number,
then n is a Fermat pseudoprime base a.
Proof. We will demonstrate the claim for n = 561 in a structural way which
readily applies to all Carmichael numbers n in general.
Let gcd(a, 561) = 1, so a is not a multiple of 3, 11, or 17. By Fermats
little theorem we have a
p1
mod p = 1 for each p = 3, 11, and 17. Since
a
560
= (a
2
)
280
= (a
10
)
56
= (a
16
)
35
we see by Theorem 1.11 that a
560
mod p = 1 for each p = 3, 11, and 17. It
follows that 3, 11, and 17 are all prime factors of the number a
560
1. And
as 3 11 17 = 561, we conclude that a
560
mod 561 = 1.
30 Discrete Structures in Five Chapters
Although rare, it has been discovered that Carmichael numbers are in-
nitely many. If the job is to catch composites, Fermats little theorem is
therefore rather weak at it. A stronger compositeness test is based on the
following observation.
Theorem 1.14. If p is a prime and x
2
mod p = 1 for some integer x, then
either x mod p = 1 or x mod p = p 1.
Proof. We have p dividing x
2
1 = (x + 1)(x 1). By Theorem 1.7, either
p divides x + 1 or x 1; the former implies x mod p = p 1 and the latter
x mod p = 1.
Theorem 1.14 may not hold for composites, e.g., 5
2
mod 12 = 1, where
neither 5 mod 12 = 1 nor 5 mod 12 = 11 is true. In fact, this is the idea:
if a
n1
mod n = 1 and we suspect that n might be a pseudoprime, we will
look at a
(n1)/2
mod n. If this last quantity is neither 1 nor n 1 then,
failing the theorem, n must be a composite. The full algorithm is given as
the next compositeness test.
Theorem 1.15 (Miller-Rabin Test). Let n be an odd integer whose primal-
ity is to be determined, and x a base number a such that gcd(a, n) = 1.
Write n 1 = 2
e
d where d is odd, and consider the sequence given by
a
d
mod n, a
2d
mod n, a
4d
mod n, a
8d
mod n, . . . , a
n1
mod n
If a term equals 1 and is preceded by neither 1 nor n1, then n is composite.
Proof. Each successive term is obtained by squaring the previous one, hence
by Theorem 1.14, a 1 must be preceded by 1 or n 1, if n be prime.
Note that the sequence consists of e + 1 numbers in all, the last term
being a
2
e
d
mod n. Moreover, if this last term is not 1, then n is composite,
but that is Fermats little theorem.
Example. We try the Carmichael number 561 for Miller-Rabin test with
a = 2. Since 560 = 2
4
35, there are 5 terms in our sequence:
2
35
mod 561, 2
70
mod 561, 2
140
mod 561, 2
280
mod 561, 2
560
mod 561
Using successive squaring algorithm, this sequence turns out to be
263, 166, 67, 1, 1
Note the term 1 preceded by 67, so we conclude that 561 is composite.
Amin Witno ISBN 1449976611 31
Exercise 1.56. Test the Carmichael numbers given in Exercise 1.53 using
Theorem 1.15. Which ones are recognized as composites?
Still, Miller-Rabin test may miss some composites which go undetected
by Theorem 1.15. We call such odd composites strong pseudoprimes base a.
The smallest strong pseudoprime base 2 is 2047 = 23 89. You may verify,
with 2046 = 2 1023, that the two terms in the sequence are just 1 and 1.
Exercise 1.57. The following composites are all Fermat pseudoprimes base
2. Which ones are also strong pseudoprimes base 2?
a) 1105
b) 2821
c) 3277
d) 4033
Exercise* 1.58. Explain why every strong pseudoprime is necessarily a
Fermat pseudoprime, to the same base.
As a nal remark, although strong pseudoprimes do exist, Theorem 1.15
can nevertheless be used to recognize primes within certain bounds. It has
been tested, for instance, that there are no strong pseudoprimes less than
2 trillion to the bases 2, 3, 5, 7, and 11 simultaneously. Hence, within this
huge interval, a number n which passes Miller-Rabin test to these ve
bases must be a genuine prime.
Books to Read
1. D. M. Bressoud, Factorization and Primality Testing, Springer 1989.
2. S. C. Coutinho, The Mathematics of Ciphers: Number Theory and
RSA Cryptography, A K Peters 1999.
3. O. Ore, Number Theory and Its History, 1948, Dover Publications
1988.
4. W. Trappe and L. C. Washington, Introduction to Cryptography with
Coding Theory, Second Edition, Prentice Hall 2005.

You might also like