Topics in Number Theory

MA3H1
Topics in Number Theory
Samir Siksek
Samir Siksek, Mathematics Institute, University of War-
wick, Coventry, CV4 7AL, United Kingdom
E-mail address: [email protected]
Contents
Chapter -1. FAQ 6

Chapter 0. Prologue 7
1. What’s This? 7
2. The Queen of Mathematics 7
Chapter 1. Review 9
1. Divisibility 9
2. Ideals 10
3. Greatest Common Divisors 11
4. Euler’s Lemma 12
5. The Euclidean Algorithm 12
6. Primes and Irreducibles 13
7. Coprimality 15
8. ordp 15
9. Congruences 17
10. The Chinese Remainder Theorem 21
Chapter 2. Multiplicative Structure Modulo m 23
1. Euler’s ϕ Revisited 23
2. Orders Modulo m 24
3. Primitive Roots 25
Chapter 3. Quadratic Reciprocity 29
1. Quadratic Residues and Non-Residues 29
2. Quadratic Residues and Primitive Roots 29
3. First Properties of the Legendre Symbol 30
4. The Law of Quadratic Reciprocity 31
5. The Sheer Pleasure of Quadratic Reciprocity 36
Chapter 4. p-adic Numbers 39
1. Congruences Modulo pm 39
2. p-Adic Absolute Value 41
3. Convergence 43
4. Operations on Qp 46
5. Convergence of Series 49
3
4 CONTENTS
6. p-adic Integers 49
7. Hensel’s Lemma Revisited 51
8. The Hasse Principle 53
Chapter 5. Geometry of Numbers 57
1. The Two Squares Theorem 57
2. Areas of Ellipses and Volumes of Ellipsoids 58
3. The Four Squares Theorem 60
4. Proof of Minkowski’s Theorem 62
Chapter 6. Irrationality and Transcendence 65
1. Irrationality: First Steps 65
2. The irrationality of e 66
3. What about Transcendental Numbers? 67
Appendix X. Last Year’s Exam 71
Appendix Y. Mathematical Pornography 75
1. An Integral Equation 76
5
Do you subscribe to the illustrious Warwick tradition
of setting the same exam every year? I am not going to
answer that question, except to point out that this is only the
second time the module is being offered, so there’s no way for
you to guess what I’m going to do, and you’ll just have to work
hard for the exam.
The exam is tomorrow/next week/within six months.
I’m running around like a headless chicken and stressing
all my friends because I can’t do a homework question.
Can I knock on your door and ask you about it? Don’t
worry, I’ve already branched out into agony-aunting. Yes come
and ask, and I promise not to set the dogs on you.
IS THIS IT? I’ve spent two whole quid from my beer
money on your notes and they’re only 70 odd pages. Do
you call that value for money? I’m gutted to see you upset.
I was just about to offer you your two pounds back but I’ve had
a better idea. I’ll go through many sleepless nights to write more
notes and make them available via mathstuff. Do you forgive
me now?
After this year is over, I’m going to devote my life to
drunkeness and antisocial behaviour. This year however
is my last year in mathematics and I want to enjoy it to
the full. Can you pleeeeeease set us lots
of homework? We must be careful. If I give you too
much homework then you’ll suffer severe withdrawl symptoms
once the term is over, and there’s no telling what you might
do to yourself. I simply can’t have that on my conscience. I’ll
therefore limit the homework to one sheet per week. It cuts me
deep to be so hard on you, but sometimes you have to be tough
to be kind.
CHAPTER -1
FAQ
Why is this FAQ upside down? This is to increase the prob-
ability that you will notice it and read it, but you should already
know this if you took Vectors and Matrices with me.
I have/haven’t done MA246 Number Theory. Am I al-
lowed to take this module? Yes. This module has nothing
to do with MA246 Number Theory.
How is this module related to Algebra II? In my humble
opinion, this module should have been a prerequiste to Algebra
II. On the other hand, Algebra II is not needed to follow this
module.
I got massacred in second year algebra. Is it total suicide
for me to take your module? No. This module relies on
common sense, not algebra.
How is this course assessed? 15% for a yet undetermined
number of homework assignments and 85% for the final exam.
Are past exam papers available? This course has been of-
fered only once before. Last year’s paper is at the end of these
notes.
Can we have solutions to last year’s paper? I want you
to answer last year’s paper on your own; it will be good prac-
tice. However, if you email me two weeks before the final exam
solemnly swearing that you have done the paper and only want
to check your answers I’ll be happy to oblige you.
Are we required to know the proofs taken during the
lectures or found in the lecture notes? Yes, theorems, def-
initions, proofs and homework questions. I love bookwork.
-1. FAQ 6
CHAPTER 0
Prologue
1. What’s This?
These are my lecture notes for MA3H1 Topics in Number The-
ory, with the usual Siksek trademarks. Thanks go to Jenny Cooley,
Samantha Pilgram and Vandita (Ditz) Patel for corrections. Please
send comments, misprints and corrections to [email protected].
2. The Queen of Mathematics
Gauss wrote that “mathematics is the queen of sciences and number
theory is the queen of mathematics”. In this module we hope to cover
some fascinating but fairly elementary aspects of the subject, to ensure
maximal enjoyment with minimal prerequisites. Topics covered
should include:
(1) A review of the number theory you met in the first year Foun-
dations module (primes, unique factorisation, greatest com-
mon divisors, modular arithmetic, Chinese Remainder Theo-
rem).
(2) Structure of Z/mZ and Um .
(3) p-adic numbers.
(4) Geometry of Numbers.
(5) Diophantine equations.
(6) The Hasse Principle for ternary quadratic forms.
(7) Counterexamples to the Hasse Principle.
(8) Irrationality and transcendence.
7
CHAPTER 1
Review
You’ve spent the last two or three years thinking about rings, topo-
logical spaces, manifolds, and so on. This chapter reminds you of the
heros of your mathematical childhood: the integers. We review some
of their properties which you have seen before, but perhaps not for a
long time.
1. Divisibility
Definition. Let a, b be integers. We say that a divides b and write
a | b if there exists an integer c such that b = ac.
The following lemma gives easy properties of divisibility; all have
one-line proofs from the definition.
Lemma 1.1. (Easy Properties of Divisibility) For all integers a,
b, c and k:
(1) a | 0;
(2) if a | b then a | kb;
(3) if a | b and a | c then a | (b ± c);
(4) if a | b and b | c then a | c;
(5) if a | b and b | a then a = ±b.
(6) if a | b and b 6= 0 then |a| ≤ |b|;
(7) (±1) | a for all integers a;
(8) if a | (±1) then a = ±1.
Example 1.1. Show that 42 | (7n − 7) for all positive integers n.
Answer. This is easy to do using congruences (have a go). But let us
try to do it from the definition of divisibility using induction on n. It is
obvious for n = 1. Suppose it is true for n = k. That is, suppose that
42 | (7k − 7). In other words, 7k − 7 = 42c for some integer c. Then
7k+1 − 72 = 7 × 42c
so
7k+1 − 7 = 7 × 42c + 42 = 42(7c + 1).
As c is an integer, 7c + 1 is an integer, so 42 | (7k+1 − 7).
9
10 1. REVIEW
Theorem 1.2. (Division with remainder) Let a, b be integers with b

positive. Then there are unique integers q, r satisfying a = qb + r and
0 ≤ r ≤ b − 1.
Here q is called the quotient and r the remainder on dividing a by
b. The uniqueness is certainly needed to say ‘the quotient’ and ‘the
remainder’.
Proof. Let us prove uniqueness first. Suppose that
a = qb + r, a = q 0 b + r0
where q, q 0 , r, r0 are integers and 0 ≤ r, r0 ≤ b − 1. Without loss of
generality, we can suppose that r < r0 . Subtracting we see that
(q − q 0 )b + r − r0 = 0
so
(q − q 0 )b = r0 − r.
Hence 0 ≤ r0 − r ≤ b − 1 and r0 − r is a multiple of b. Therefore
r0 − r = 0, so r = r0 and q = q 0 . This proves uniqueness.
Let us now prove the existence of q and r. Suppose first that a ≥ 0.
In Foundations you have done this case using the well-ordering princi-
ple. Keep b fixed and let a be the least non-negative counterexample
to the statement of the theorem. If 0 ≤ a ≤ b − 1 then we can take
q = 0 and r = a. So a ≥ b. Now let a1 = a − b. Then 0 ≤ a1 < a.
Hence a1 = q1 b + r1 where q1 and r1 are integers and 0 ≤ r1 ≤ b − 1.
Now just let q = q1 + 1 and r = r1 , and so a = qb + r.
The proof is complete for a ≥ 0. What about for a < 0?
2. Ideals
Definition. An ideal in Z is a subset I satisfying the following three
properties:
(i) 0 ∈ I,
(ii) if a, b ∈ I then a + b ∈ I,
(iii) if a ∈ I and r ∈ Z then ra ∈ I.
The principal ideal of Z generated by a is the subset
(a) = aZ = {ka | k ∈ Z}.
In other words, (a) is the set of multiples of a.
It is very easy to check that every principal ideal is an ideal 1.
1Ifyou have done Algebra II then you will know that the converse is not true
in every ring, but is true for Z.
3. GREATEST COMMON DIVISORS 11
Proposition 1.3. Let I be an ideal in Z. Then I is principal. More-

over, there is a unique non-negative integer a such that I = (a).
Proof. Let I be an ideal of Z; we want to show that I is principal.
If I = {0} then I = (0) and we’re finished, so suppose I 6= {0}. Then I
must contain a non-zero element. From (iii) in the definition, we know
that if a ∈ I then −a ∈ I. Thus I must have a positive element. Let a
be the least positive element of I. Again by (iii) we have that (a) ⊆ I.
We want to show that I = (a). Suppose otherwise. Then there is some
b ∈ I\(a). By Theorem 1.2 we can write b = qa + r where 0 ≤ r < a. If
r = 0 then b ∈ (a) giving a contradiction. Hence 0 < r < a. Moreover
r = b − qa ∈ I using (iii) and (ii). This contradicts the fact that a is
the smallest positive element of I. Hence I = (a).
Finally we want to show that a is the unique non-negative element
satisfying I = (a). Suppose I = (b) with b non-negative. Then a | b
and b | a so a = ±b, and so a = b.
3. Greatest Common Divisors

Theorem 1.4. Let a1 , . . . , an be a finite set of elements of Z.
1. There exists a unique integer d satisfying
(i) d divides ai for i = 1, . . . , n;
(ii) if c divides ai for i = 1, . . . , n then c divides d;
(iii) d ≥ 0.
2. The integer d can be expressed in the form d = u1 a1 + u2 a2 +
· · · + un an where u1 , . . . , un ∈ Z.
Definition. For a1 , . . . , an ∈ Z we define their greatest common divisor
(or GCD) to be the integer d satisfying properties (i–iii) of Theorem 1.4.
Some books and lecturers call this the highest common factor. We shall
denote the GCD of a1 , . . . , an by gcd(a1 , . . . , an ). Again some books
and lecturers used the notation (a1 , . . . , an ).
Proof of Theorem 1.4. Let
( n )
X
I= x i ai : x 1 , . . . , x n ∈ Z .
i=1
In other words I is the set of all linear combinations of the ai with

integer coefficients. It is very easy to see that I is an ideal (use the
definition of ideal). By Proposition 1.3 we know that I = (d) for some
unique non-negative integer d; in other words, every element of I is a
multiple of d and d is non-negative. We will prove that d satisfies the
statement of Theorem 1.4. It certainly satisfies (iii) and moreover since
12 1. REVIEW
it is an element of I and I is the set of integral linear combinations of

the ai , it satisfies 2.
Clearly a1 , . . . , an ∈ I so the ai are multiples of d. This proves
(i). Let us prove (ii). Suppose c divides all the ai . Thus ai = ki c for
integers ki for i = 1, . . . , n. Moreover as d ∈ I,
d = u1 a1 + · · · + un an ,
with ui ∈ Z. So
d = (u1 k1 + · · · + un kn )c.
Hence c | d. This proves (ii) and completes the proof of Theorem 1.4.

4. Euler’s Lemma
The fact that the gcd can expressed as a linear combination is used
again and again. For example, in the proof of the following crucial
lemma.
Lemma 1.5. (Euler’s Lemma) If u | vw and gcd(u, v) = 1 then u | w.
Proof. Since gcd(u, v) = 1 we can, using Theorem 1.4, write 1 =

au + bv for some a, b ∈ Z. Multiply by w to obtain w = auw + bvw.
Now since u | vw we can write vw = cu for some c ∈ Z, hence w =
auw + bvw = (aw + bc)u, so u | w as required.
5. The Euclidean Algorithm

Lemma 1.6. If a = qb + r then gcd(a, b) = gcd(b, r).
Proof. Note that for any integer c
c | a and c | b ⇐⇒ c | b and c | r.
Hence gcd(a, b) | gcd(b, r) and gcd(b, r) | gcd(a, b), and so gcd(a, b) =

± gcd(b, r). As both are non-negative, they must be equal.
Lemma 1.6 is the basis for the Euclidean Algorithm for computing
the GCD, which you did in Foundations. Here is an example.
6. PRIMES AND IRREDUCIBLES 13
Example 5.1. To find the greatest common divisor of 1890 and 909
using the Euclidean Algorithm you would write
1890 = 2 × 909 + 72,
909 = 12 × 72 + 45,
72 = 1 × 45 + 27,
45 = 1 × 27 + 18,
27 = 1 × 18 + 9,
18 = 2 × 9 + 0,
therefore
gcd(1890, 909) = gcd(909, 72) = gcd(72, 45) = gcd(45, 27)
= gcd(27, 18) = gcd(18, 9) = gcd(9, 0) = 9.
You also know, or should know, how to use the above to express the
GCD, in this case 9, as a linear combination of 1890 and 909:
9 = 27 − 18
= 27 − (45 − 27) = −45 + 2 × 27
= −45 + 2(72 − 45) = 2 × 72 − 3 × 45
= 2 × 72 − 3(909 − 12 × 72) = −3 × 909 + 38 × 72
= −3 × 909 + 38(1890 − 2 × 909) = 38 × 1890 − 79 × 909.
6. Primes and Irreducibles

Definition. An integer p > 1 is a prime if it satisfies the property: for
all integers a, b, if p | ab then p | a or p | b.
An integer p > 1 is irreducible if its only factors are ±1 and ±p.
Of course, you will immediately say that primes and irreducibles
are the same thing, which is true but we have to prove it. If you think
the proof should be trivial, put these notes down and try it yourself.
Theorem 1.7. (irreducibles and primes are the same) p > 1 is irre-
ducible if and only if it is prime.
Proof. Let p > 1 be a prime. We want to show that p is irre-
ducible; i.e. that the only factors of p are ±1 and ±p. Suppose a ∈ Z
is a factor of p. Then we can write p = ab where b ∈ Z. Then p | ab.
Since p is a prime, by definition, we have p | a or p | b. Let’s look at
these possibilities separately:
(a) Suppose first that p | a. Then a | p and p | a so a = ±p.
(b) Suppose that p | b. Then b = pc for some c ∈ Z. Hence
p = ab = apc, so ac = 1 and so a = ±1.
14 1. REVIEW
In other words, the only factors of p are ±1 and ±p, so p is irreducible.

Now we have to do the converse direction. Let p > 1 be irreducible.
We want to show that p is prime. So suppose that p | ab and we want
to show that p | a or p | b. Let d = gcd(a, p). Then d | p. As p is
irreducible, d = ±1 or d = ±p, but GCDs are non-negative, so d = 1
or d = p. If d = p then p | a (as d = p is the GCD of a and p). Suppose
d = 1; i.e. gcd(a, p) = 1. Using p | ab and Euler’s Lemma (Lemma 1.5)
we obtain that p | b. Hence either p | a or p | b, and so p must be
prime.
From now on we will not mention the word irreducible again, as
irreducibles are the same as primes. But what is vital is to know that
the two definitions are equivalent. A positive integer m > 1 which is
not a prime is called a composite. Note that m > 1 is a composite iff
we can write m = ab with 1 < a, b < m.
You’ll have no trouble seeing why the following lemma is true.
Lemma 1.8. If p | a1 . . . an where p is a prime then p | ai for some
i = 1, . . . , n.
Theorem 1.9. (The Fundamental Theorem of Arithmetic) Every pos-
itive integer n can be written as a product of prime numbers, this fac-
torisation into primes is unique up to the order of the factors.
Proof. Let us prove the existence of factorisation into primes first
and then the uniquenss. The proof is by induction. Note that n = 1 is
regarded as the ‘empty’ product of primes. If n is a prime then there
is nothing to prove. Suppose that n > 1 is composite. Then we can
write n = ab with 1 < a, b < n. By the inductive hypothesis, a, b can
be written as products of primes and so n = ab is a product of primes.
This proves the existence.
Now let us prove the uniqueness. Again we do this by induction.
This is clear for n = 1. Suppose n > 1 and uniquness is established for
m < n. Suppose
n = p1 · · · pr = q1 · · · q s
where the pi and the qj are primes. We want to show that r = s and
the pi and qj are the same up to ordering. Now pr | q1 · · · qs and so
pr | qj for some j. By reordering the qs we may assume that pr | qs and
so pr = qs . Cancelling we obtain
p1 · · · pr−1 = q1 · · · qs−1 .
By the inductive hypothesis, r − 1 = s − 1 and q1 , · · · , qs−1 are a
rearrangement of p1 , · · · , pr−1 . Hence r = s and q1 , · · · , qs is a re-
arrangement of p1 , · · · , pr .
8. ordp 15
You should have no trouble remembering the following theorem or

its proof from Foundations.
Theorem 1.10. (Euclid) There are infinitely many primes.
Proof. Suppose that there are finitely many and let them be
p1 , . . . , pn . Let N = p1 p2 · · · pn + 1. Then N ≥ 2 and so by the
Fundamental Theorem of Arithmetic must have a prime divisor. This
must be one of p1 , . . . , pn ; say it’s pi . Then pi | N and pi | p1 p1 · · · pn .
Hence pi divides N − p1 p1 · · · pn = 1 giving a contradiction.
This proof is a model for many other proofs. For example, we’ll
show later that there are infinitely many primes p ≡ 1 (mod 4), p ≡ 3
(mod 4), p ≡ 1 (mod 3) etc.
7. Coprimality
Definition. We say that integers m1 , m2 , . . . , mn are coprime if
gcd(m1 , m2 , . . . , mn ) = 1.
We say that integers m1 , . . . , mn are pairwise coprime if gcd(mi , mj ) =
1 whenever i 6= j.
Lemma 1.11. Let m1 , . . . , mn be pairwise coprime
Q integers and sup-
pose mi | x for all i. Then M | x where M = mi .
Proof. Let us prove it for n = 2. The general case then follows

by induction. So m1 | x and m2 | x where gcd(m1 , m2 ) = 1. We can
write x = km1 for some integer k. So m2 | km1 and by Euler’s Lemma
(Lemma 1.5) we have that m2 | k. So k = cm2 for some integer c.
Hence x = km1 = cm1 m2 = cM , which gives the desired M | x.

8. ordp
Let p be a prime, and let n be a non-zero integer. We define ordp (n)
by the property
e = ordp (n) if and only if pe | n and pe+1 - n.
In a sense, ordp (n) measures how divisible n is by powers of p. We
define ordp (0) = ∞.
Example 8.1. If n = 23 × 32 × 7, then ord2 (n) = 3, ord3 (n) = 2,
ord7 (n) = 1 and ordp (n) = 0 for all primes p 6= 2, 3, 7.
16 1. REVIEW
We extend ordp to a function Q → Z ∪ {∞} by defining

a
ordp = ordp (a) − ordp (b)
b
for any non-zero integers a, b.
Exercise 8.2. Check that ordp is well-defined on Q∗ . In other words,
if a, b, c, d are integers and a/b = c/d then ordp (a/b) = ordp (c/d).
Theorem 1.12. (Another formulation of the Fundamental Theorem of
Arithmetic) Every non-zero rational number α can be expressed uniquely
in the form
Y
α=± pordp (α)
p∈P
where P is the set of all primes.

Note the following obvious corollary.
Corollary 1.13. Let α, β be non-zero rationals.
(i) α = ±β if and only if ordp (α) = ordp (β) for all primes p.
(ii) α = ±1 if and only if ordp (α) = 0 for all primes p.
(iii) α is a square of some other rational if and only if ordp (α) is
even for all primes p.
The following is the fundamental theorem about ordp .
Theorem 1.14. (Properties of ordp ) Let p be a prime, and α, β ra-
tional numbers. Then,
(1) ordp (αβ) = ordp (α) + ordp (β).
(2) ordp (α+β) ≥ min{ordp (α), ordp (β)} with equality if ordp (α) 6=
ordp (β).
Before proving Theorem 1.14 we need the following observation
whose proof is an easy exercise.
Lemma 1.15. Any non-zero rational α can be written as
a
α = pordp (α)
b
where a, b are integers and p - a, b.
Proof of Theorem 1.14. Part (1) is obvious from Lemma 1.15.

Let’s prove part (2). Write
a c
α = pu , β = pv
b d
9. CONGRUENCES 17
where p does not divide a, b, c, d. Here u = ordp (α) and v = ordp (β).
Without loss of generality, we suppose that u ≤ v. Then
a c ad + pv−u bc
α + β = pu + pv−u = pu .
b d bd
Note that p - bd. However, we don’t know if the integer ad + pv−u bc is
divisible by p, so let’s write ad + pv−u bc = pw e, where p - e and w ≥ 0,
and write f = bd. Hence
e
α + β = pu+w
f
and so
ordp (α + β) = u + w ≥ u = min(u, v) = min(ordp (α), ordp (β)).
To complete the proof, suppose that ordp (α) 6= ordp (β), or in other
words, u 6= v. Since we are assuming u ≤ v we have u < v and so
v − u > 0. Now if p | (ad + pv−u bc) then p | ad which contradicts p - a,
d. Hence p - (ad + pv−u bc) which says that w = 0. We obtain the
desired equality
ordp (α + β) = u + w = u = min(u, v) = min(ordp (α), ordp (β)).

9. Congruences
We are still revising the material you have met in the first year
Foundations module.
Definition. Let a, b and m be integers with m positive. We say a
is congruent to b modulo m and write a ≡ b (mod m) if and only if
m | (a − b).
Lemma 1.16. Congruence modulo a fixed positive integer m is an
equivalence relation:
• Reflexive: a ≡ a (mod m) for all integers a;
• Symmetric: if a ≡ b (mod m) then b ≡ a (mod m);
• Transitive: if a ≡ b (mod m) and b ≡ c (mod m) then a ≡ c
(mod m).
The equivalence classes are represented by 0, 1, . . . , m − 1. In other
words, every integer is congruent to precisely one of 0, 1, . . . , m − 1
modulo m.
Lemma 1.17. (a) If a ≡ b (mod m) and c ≡ d (mod m) then
a + c ≡ b + d (mod m) and ac ≡ bd (mod m).
(b) If a ≡ b (mod m) and d | m then a ≡ b (mod d).
18 1. REVIEW
(c) If a ≡ b (mod m) then na ≡ nb (mod nm).

(d) If ac ≡ bc (mod m) then a ≡ b (mod m0 ) where m0 = gcd(c,m)
m
.
In particular, if gcd(c, m) = 1 and ac ≡ bc (mod m) then
a ≡ b (mod m).
Proof. Parts (a), (b), (c) are easy consequences of the definition
and the properties of divisibility. Let us prove (d), so suppose ac ≡ bc
(mod m). Suppose first that gcd(c, m) = 1 which is easier. Then
m | c(a − b) and so by Euler’s Lemma (Lemma 1.5), m | (a − b) which
gives a ≡ b (mod m).
Now let’s do the general case. Let d = gcd(c, m) and let c0 = c/d
and m0 = m/d. Observe that gcd(c0 , m0 ) = 1. From ac ≡ bc (mod m),
we know that m | (ac − bc) which means
(a − b)c = km
for some integer k. Dividing both sides by d we obtain
(a − b)c0 = km0
and so m0 | (a − b)c0 . As gcd(c0 , m0 ) = 1, Euler’s Lemma tells us that
m0 | (a − b). Hence a ≡ b (mod m0 ) as required.
Example 9.1. You should be very careful with cancellation where
congruences are involved. For example, 100 ≡ 60 (mod 8), but 10 6≡ 6
(mod 8). However, using part (d) of the above lemma to cancel the
factor of 10, we get 10 ≡ 6 (mod 8/ gcd(8, 10)) which means 10 ≡ 6
(mod 4) and this is true.
9.1. Inverses modulo m.

Lemma 1.18. Suppose that a, m are integers with m ≥ 1. Then there
exists an integer b such that ab ≡ 1 (mod m) if and only if gcd(a, m) =
1.
Proof. Suppose gcd(a, m) = 1. We know from Euclid’s algorithm
that there are integers b, c such that ab + cm = 1. Reducing modulo
m we obtain ab ≡ 1 (mod m) as required.
To prove the converse, suppose ab ≡ 1 (mod m). Thus ab−1 = km
for some integer k. Write g = gcd(a, m). Now g | a and g | m, so g | ab
and g | km. Hence g | (ab − km) = 1. Thus gcd(a, m) = g = 1
completing the proof.
You should pay special attention to the above proof as it gives
us a practical way of inverting elements modulo m; see the following
example.
9. CONGRUENCES 19
Example 9.2. Let us find the inverse of 502 modulo 2001. One way
of doing this is to try all the numbers b = 0, 1, · · · , 2000 and see which
one satisfies 502b ≡ 1 (mod 2001). Using Euclid’s algorithm is much
faster!
2001 = 3 × 502 + 495,
502 = 1 × 495 + 7,
495 = 70 × 7 + 5,
7 = 1 × 5 + 2,
5 = 2 × 2 + 1.
Therefore gcd(502, 2001) = 1. Moreover,
1=5−2×2
= 5 − 2(7 − 5) = −2 × 7 + 3 × 5
= −2 × 7 + 3(495 − 70 × 7) = 3 × 495 − 212 × 7
= 3 × 495 − 212(502 − 495) = −212 × 502 + 215 × 495
= −212 × 502 + 215(2001 − 3 × 502) = 215 × 2001 − 857 × 502.
Reducing 215 × 2001 − 857 × 502 = 1 modulo 2001 we obtain −857 ×
502 ≡ 1 (mod 2001), so the inverse of 502 is −857 ≡ 2001−857 ≡ 1144
(mod 2001).
9.2. Complete Residue Systems. A complete residue system

modulo m is a set of m integers {a1 , a2 , . . . , am } such that ai 6≡ aj
(mod m) whenever i 6= j.
Example 9.3. The set {0, 1, 2, 4} isn’t a complete residue system mod-
ulo 5, since it has too few elements. The set {0, 1, 2, 3, 6} also isn’t a
complete residue system since 6 ≡ 1 (mod 5). However, {0, 1, 2, 3, 4}
is a complete residue system modulo 5 and so is {2, 3, 4, 5, 6} and so is
{0, 6, −3, 13, 24}.
Lemma 1.19. (a) Let {a1 , . . . , am } be a complete residue system
modulo m, then every integer is congruent to precisely one ai
modulo m.
(b) Let {a1 , . . . , am } and {b1 , . . . , bm } be complete residue systems
modulo m. Then, after reordering the bi if necessary, ai ≡ bi
(mod m) for all i.
Proof. Let ci be the unique integer in {0, 1, . . . , m − 1} satisfying
ci ≡ ai (mod m). Since ai 6≡ aj (mod m) whenever i 6= j, we have
ci 6≡ cj (mod m) and so ci 6= cj . Hence c1 , c2 , . . . , cm are m distinct
elements of the set {0, 1, . . . , m−1}, which itself has precisely m distinct
20 1. REVIEW
elements. Hence c1 , c2 , . . . , cm is a rearrangment of {0, 1, . . . , m − 1}.

This quickly proves parts (a) and (b).
9.3. Reduced Residue Systems.

Definition. We define Euler’s ϕ-function as follows. Let m ≥ 1. Let
ϕ(m) be the number of integers a in the set {0, 1, . . . , m − 1} satisfying
gcd(a, m) = 1. If you like symbols,
ϕ(m) = #{a | 0 ≤ a ≤ m − 1 and gcd(a, m) = 1}.
Example 9.4. You’ll have no trouble seeing, for example, that ϕ(5) =
4 and ϕ(24) = 8.
Definition. A reduced residue system modulo m is a set {a1 , a2 , . . . , aϕ(m) }
of ϕ(m) elements such that gcd(ai , m) = 1 for all i and ai 6≡ aj
(mod m) whenever i 6= j.
Example 9.5. {1, 3, 5, 7} is a reduced residue system modulo 8, and
so is {7, 5, 9, −5}. However {2, 3, 5, 7} isn’t, nor is {1, 3, 5} nor is
{1, 3, 5, 13}.
There are no prizes for guessing what comes next.
Lemma 1.20. (a) Let {a1 , . . . , aϕ(m) } be a reduced residue system
modulo m, then every integer a satisfying gcd(a, m) = 1 is
congruent to precisely one ai modulo m.
(b) Let {a1 , . . . , aϕ(m) } and {b1 , . . . , bϕ(m) } be reduced residue sys-
tems modulo m. Then, after reordering the bi if necessary,
ai ≡ bi (mod m) for all i.
The proof is left as an exercise. You have to follow the same steps
as in the proof of Lemma 1.19, but you’ll need the following lemma,
whose proof is also an exercise.
Lemma 1.21. If a ≡ b (mod m) then gcd(a, m) = gcd(b, m).
Lemma 1.22. If {a1 , . . . , aϕ(m) } is a reduced residue system modulo m,
and gcd(c, m) = 1 then {ca1 , ca2 , . . . , caϕ(m) } is also a reduced residue
system modulo m.
Proof. Note that the set {ca1 , ca2 , . . . , caϕ(m) } has precisely ϕ(m)
elements and that all are coprime to m. Suppose i 6= j. We want to
show that cai 6≡ caj (mod m), so suppose that cai ≡ caj (mod m).
Since gcd(c, m) = 1 we obtain that ai ≡ aj (mod m) by part (d) of
Lemma 1.17; this contradicts the fact that {a1 , . . . , aϕ(m) } is a reduced
residue system modulo m.
9.4. The Theorems of Fermat and Euler.

10. THE CHINESE REMAINDER THEOREM 21
Theorem 1.23. (Euler’s Theorem) If gcd(c, m) = 1 then cϕ(m) ≡ 1

(mod m).
Proof. Suppose first that {a1 , . . . , aϕ(m) } and {b1 , . . . , bϕ(m) } are
reduced residue systems modulo m. By part (b) of Lemma 1.20 we
have
ϕ(m) ϕ(m)
Y Y
ai ≡ bi (mod m).
i=1 i=1
Now let {a1 , . . . , aϕ(m) } be any reduced residue system and observe that
{ca1 , ca2 , . . . , caϕ(m) } is also a reduced residue system by Lemma 1.22.
Hence
ϕ(m) ϕ(m)
Y Y
ai ≡ cai (mod m).
i=1 i=1
ϕ(m)
Q
We may rewrite this as A ≡ c A (mod m) where A = ai . Clearly
gcd(A, m) = 1, and by part (d) of Lemma 1.17 we obtain cϕ(m) ≡ 1
(mod m).
Corollary 1.24. (Fermat’s Little Theorem)

(i) If p is a prime and p - a then
ap−1 ≡ 1 (mod p).
(ii) If p is a prime and a is any integer then
ap ≡ a (mod p).
Proof. Let p be a prime. Note that the only integer in the set
{0, 1, . . . , p − 1} that is not coprime with p is 0. Hence, by definition
of ϕ, we have ϕ(p) = p − 1. Now (i) follows from Euler’s Theorem.
Let us prove (ii). If p - a then (ii) follows from (i) on multiplying both
sides by a. If p | a then (ii) is obvious since both sides are congruent
to 0 modulo p.
10. The Chinese Remainder Theorem

Theorem 1.25. (The Chinese Remainder Theorem) Let a1 , . . . , an
and m1 , . . . , mn be integersQwith mi positive and gcd(mi , mj ) = 1 when-
ever i 6= j. Write M = mi . Then there exists a unique integer x
such that x ≡ ai (mod mi ) for i = 1, 2, . . . , n and 0 ≤ x ≤ M − 1.
Moreover, if x0 also satisfies x0 ≡ ai (mod mi ) then x0 ≡ x (mod M ).
For the proof we need a the following lemma.
22 1. REVIEW
Lemma 1.26. With notation as in the Chinese Remainder Theorem,

there exists integers u1 , u2 , . . . , un such that
(
1 (mod mi )
(1) ui ≡
0 (mod mj ) whenever j 6= i.
Q
Proof. Let us prove this for u1 . Put M1 = j6=1 mj . Then
gcd(m1 , M1 ) = 1 and by Euclid’s Algorithm there are integers r1 and
s1 such that r1 m1 + s1 M1 = 1. Let u1 = s1 M1 . Clearly u1 satisfies
(1).
Now the proof of the Chinese Remainder Theorem is easy.
Proof of the Chinese Remainder Theorem. Let the ui be
as in Lemma 1.26. Write
y = a1 u1 + a2 u2 + · · · + an un .
From (1) we see that y ≡ ai (mod mi ). Now let x satisfy 0 ≤ x ≤ M −1
and x ≡ y (mod M ). Clearly x ≡ y (mod mi ) for all i and so x ≡ ai
(mod mi ) for all i. The uniqueness of x follows from the second part
of the Chinese Remainder Theorem that we’re about to prove.
Suppose also that x0 ≡ ai (mod mi ) for all i. Then mi | (x0 − x)
for allQi. By Lemma 1.11, as the mi are coprime, M | (x0 − x) where
M = mi .
You should pay particular attention to the proof of the Chinese
Remainder Theorem. It’s constructive; this means that it gives us
a practical method of solving a system of simultaneous congruences.
Once again it is the Euclidean Algorithm that does the work, and so
you must make sure that you know how to use it to express the gcd as
a linear combination. See the following example.
Example 10.1. Solve the simultaneous congruences
x≡3 (mod 4), x≡5 (mod 7).
Answer: Using Euclid’s Algorithm you will see that
2 × 4 − 1 × 7 = 1.
Let u1 = −1 × 7 = −7 and u2 = 2 × 4 = 8. Note that
( (
1 (mod 4), 0 (mod 4),
u1 ≡ u2 ≡
0 (mod 7), 1 (mod 7).
Now let y = 3 × u1 + 5 × u2 = −21 + 40 = 19. Then the solutions to
the simultaneous congruences are precisely those values of x such that
x ≡ 19 (mod 28).
CHAPTER 2
Multiplicative Structure Modulo m
1. Euler’s ϕ Revisited
With the help of the Chinese Remainder Theorem we will derive a
convenient formula for ϕ. For this we have to revisit reduced residue
systems.
Lemma 2.1. If gcd(m1 , m2 ) = 1 then ϕ(m1 m2 ) = ϕ(m1 )ϕ(m2 ).
Proof. For a positive integer m define
U (m) = {a | 0 ≤ a ≤ m − 1 and gcd(a, m) = 1}.
Note that ϕ(m) = #U (m). Now let m1 , m2 be coprime and write
M = m1 m2 . We will shortly define a bijection
f : U (m1 ) × U (m2 ) → U (M ).
You know if two finite sets are related by a bijection then they have
the same number of elements. Assuming the existence of the bijection
f we obtain
ϕ(m1 m2 ) = ϕ(M ) = #U (M ) = # (U (m1 ) × U (m2 ))

= #U (m1 ) × #U (m2 ) = ϕ(m1 )ϕ(m2 ).
So to complete the proof all we have to do is to define f and show
that it’s a bijection. Now let ai ∈ U (mi ) for i = 1, 2. Let f (a1 , a2 )
be the unique x satisfying 0 ≤ x ≤ M − 1 and x ≡ ai (mod mi )
whose existence is guaranteed by the Chinese Remainder Theorem.
For the map f to be well-defined, we have to show that gcd(x, M ) = 1.
However, gcd(x, mi ) = gcd(ai , mi ) = 1 and as M = m1 m2 we obtain
that gcd(x, M ) = 1 as required. Thus f (a1 , a2 ) = x is in U (M ). Now
let us show that f is 1 − 1. Suppose that x = f (a1 , a2 ) = f (b1 , b2 ).
Then x ≡ ai (mod mi ) and x ≡ bi (mod mi ) and so ai ≡ bi (mod mi ).
As 0 ≤ ai , bi ≤ mi − 1, we have ai = bi for i = 1, 2, so that f is
1 − 1. Finally let us show that f is onto. Let c ∈ U (M ). Let ai be
the unique integer satisfying 0 ≤ ai ≤ mi − 1 and c ≡ ai (mod mi ).
Then gcd(ai , mi ) = gcd(c, mi ) and this divides gcd(c, M ) = 1. Hence
gcd(ai , mi ) = 1 so ai ∈ U (mi ). Now f (a1 , a2 ) = x is the unique integer
23
24 2. MULTIPLICATIVE STRUCTURE MODULO m
satisfying x ≡ ai (mod mi ) and 0 ≤ x ≤ mi − 1. But c satisfies these

properties, so c = x = f (a1 , a2 ). This shows that f is onto, and so is a
bijection.
Theorem 2.2. Let m ≥ 2 be an integer and let
n
Y
m= pri i
i=1
be its factorisation into prime powers with ri ≥ 1. Then

n
Y
ϕ(m) = pri i −1 (pi − 1).
i=1
Proof. We will prove that if p is a prime and r ≥ 1 then ϕ(pr ) =

pr−1 (p − 1). The theorem follows from this and Lemma 2.1.
By definition, ϕ(pr ) is the number of integers m in the interval
0 ≤ m ≤ pr − 1 that are coprime with pr ; in otherwords not divisible
by p. There are pr integers in the interval, and the ones divisible by p
are
0, p, 2p, 3p, . . . , (pr−1 − 1)p.
Clearly there are pr−1 integers in the interval that are divisible by p,
so ϕ(pr ) = pr − pr−1 = pr−1 (p − 1) as required.
2. Orders Modulo m
Definition. Let gcd(a, m) = 1. We define the order of a modulo m to
be the least positive integer d such that ad ≡ 1 (mod m).
Lemma 2.3. Suppose
au ≡ av ≡ 1 (mod m).
and let w = gcd(u, v). Then aw ≡ 1 (mod m).
Proof. By Euclid’s Algorithm, there are r, s such that w = ru +
sv. So that
aw = (au )r (av )s ≡ 1 (mod m).

Theorem 2.4. Let gcd(a, m) = 1, and let d be the order of a modulo
m.
(i) If ae ≡ 1 (mod m) then d | e.
(ii) d | ϕ(m). In particular, if m = p is prime then d | (p − 1).
3. PRIMITIVE ROOTS 25
Proof. Let d be the order of a modulo m. Then ad ≡ 1 (mod m)

by definition of order. Suppose that ae ≡ 1 (mod m). By Lemma 2.3,
0
ad ≡ 1 (mod m) where d0 = gcd(d, e). Note that d0 | d and so d0 ≤ d.
But by definition of order, d is the least positive integer satisfying
ad ≡ 1 (mod m). Hence d ≤ d0 and so d = d0 . As d0 | e we have d | e.
This proves (i).
Part (ii) follows from (i) and Euler’s Theorem.
Lemma 2.5. Let gcd(gi , m) = 1 for i = 1, 2 and suppose that gi has
order di modulo m. Suppose that gcd(d1 , d2 ) = 1. Then g1 g2 has order
d1 d2 modulo m.
Proof. Let d be the order of g = g1 g2 modulo m. Note that
g d1 d2 = (g1d1 )d2 (g2d2 )d1 ≡ 1 (mod m).
Hence by Theorem 2.4, d | d1 d2 .
From g d ≡ 1 (mod m) we obtain
g1d g2d ≡ 1 (mod m)
and raising both sides to d2 we have that
g1dd2 (g2d2 )d ≡ 1 (mod m).
But g2d2 ≡ 1 (mod m), so g1dd2 ≡ 1 (mod m). By Theorem 2.4, d1 | dd2 .
Since gcd(d1 , d2 ) = 1, Euler’s Lemma tells us that d1 | d. Likewise
d2 | d. So d1 d2 | d. As we’ve already observed that d | d1 d2 we obtain
that d = d1 d2 .
3. Primitive Roots
Lemma 2.6. Let p be a prime and X an indeterminate. Then
X p−1 − 1 ≡ (X − 1)(X − 2) · · · (X − (p − 1)) (mod p).
Proof. By Fermat’s Little Theorem, ap−1 ≡ 1 (mod p) for a =
1, 2, . . . , p−1. So X p−1 −1 must have a = 1, 2, · · · , p−1 as roots modulo
p. Thus, modulo p, the polynomial (X − 1)(X − 2) · · · (X − (p − 1)) is
a factor of X p−1 − 1. But both are monic of degree p − 1, so they must
be the same modulo p.
Lemma 2.7. Let p be a prime. If n | (p − 1) then xn ≡ 1 (mod p) has
exactly n incongruent solutions modulo p.
Proof. Let p − 1 = nd. Recall the factorization
X p−1 − 1 = X nd − 1 = (X n − 1)(X n(d−1) + X n(d−2) + · · · + 1).
26 2. MULTIPLICATIVE STRUCTURE MODULO m
By Lemma 2.6, X p−1 − 1 factors completely modulo p and has distinct

roots. Since X n −1 is a factor of X p−1 −1, it must also factor completely
and have distinct roots modulo p. This proves the lemma.
Definition. A primitive root modulo p is a number g such that p - g
and g has order p − 1.
Theorem 2.8. If g is a primitive root modulo p then 1, g, g 2 , . . . , g p−2
is a reduced residue system modulo p. In particular, for every integer
a 6≡ 0 (mod p), there is a unique 0 ≤ r ≤ p − 2 such that a ≡ g r
(mod p).
Proof. The second part follows from the first and the definition of
a reduced residue system. Let us prove the first part. Note that every
element of 1, g, g 2 , . . . , g p−2 is coprime to p and the set has p − 1 = ϕ(p)
elements. All we have to do is to show that no two elements of this
set are congruent modulo p. Now suppose g r ≡ g s (mod p) where
0 ≤ r ≤ s ≤ p − 2. Then g s−r ≡ 1 (mod p). By definition of primitive
root, g has order p − 1 and so (p − 1) | (s − r). This is impossible unless
s = r.
Theorem 2.9. If p is prime, there exists a primitive root modulo p.
Proof. Want to find an integer g such that p - g and has order
p − 1 modulo p. Let the prime-power factorization of p − 1 be
p − 1 = q1e1 q2e2 . . . qrer .
By Lemma 2.7,
ei
• xqi ≡ 1 (mod p) has qiei incongruent solutions modulo p, and
ei −1
• xqi ≡ 1 (mod p) has qiei −1 incongruent solutions modulo p.
So there must be some integer gi with
ei ei −1
q q
gi i ≡ 1 (mod p), gi i 6≡ 1 (mod p).
Thus gi has exact order qiei modulo p. Let g = g1 g2 . . . gr . By Lemma 2.5,
g has order p − 1 modulo p, and so g is a primitive root.
Here is a past exam question.
Example 3.1. Find a primitive root for 149. You may use the follow-
ing observations:
149 = 22 ×37+1, 537 ≡ 444 ≡ 1 (mod 149), 442 6≡ 1 (mod 149).
Answer. The order of 5 modulo 149 divides 37. But the only positive
divisors of 37 are 1 and 37. Moreover, 51 6≡ 1 (mod 149), so 5 has
order 37 modulo 149.
3. PRIMITIVE ROOTS 27
The order of 44 modulo 149 divides 4 and so is 1, 2 or 4. But

441 6≡ 1 (mod 149), and 442 = 1936 ≡ 148 6≡ 1 (mod 149). Hence the
order of 44 is 4.
Now we use Lemma 2.5. Since gcd(37, 4) = 1, we find that the
order of 20 = 5 × 4 modulo 149 is 37 × 4 = 149 − 1. Hence 20 is a
primitive root modulo 149.
CHAPTER 3
Quadratic Reciprocity
1. Quadratic Residues and Non-Residues

Definition. Let gcd(a, m) = 1. We say that a is a quadratic residue
modulo m if the congruence x2 ≡ a (mod m) has a solution. Otherwise
we say that a is a quadratic non-residue.
Example 1.1. Note that
12 ≡ 62 ≡ 1, 22 ≡ 52 ≡ 4, 32 ≡ 42 ≡ 2 (mod 7).
Hence the quadratic residues modulo 7 are 1, 2 and 4. The quadratic
non-residues modulo 7 are 3, 5 and 6.
Definition. Let p be an odd prime. Let


a 1 if a is a quadratic residue modulo p
= −1 if a is a quadratic non-residue modulo p
p 
0 if p | a.

a
The symbol is called a Legendre symbol.
p
The Legendre symbol is extremely convenient for discussing qua-
dratic residues.
Example 1.2. From Example 1.1 we have

0 1 2 4
= 0, = = = 1,
7 7 7 7
and
3 5 6
= = = −1.
7 7 7
We will focus on quadratic residues modulo primes and return to
quadratic residues modulo arbitrary positive integers later.
2. Quadratic Residues and Primitive Roots

Lemma 3.1. Let p be an odd prime and let g be a primitive root modulo
p.
29
30 3. QUADRATIC RECIPROCITY
• The quadratic residues modulo p are of the form g r where 0 ≤

r ≤ p − 2 and r is even.
• The quadratic non-residues are of the form g r where 0 ≤ r ≤
p − 2 and r is odd.
In particular, exactly half the non-zero residues are quadratic residues
modulo p and the other half are quadratic non-residues.
Proof. Let g be a primitive root modulo p. Modulo p, the integers

1 ≤ a ≤ p − 1 are a rearrangement of the integers 1, g, . . . , g p−2 , since
both lists are reduced residue systems. Note that g r is certainly a
quadratic residue modulo p for all even integers r. Let us prove the
converse. Suppose that g r ≡ x2 (mod p). Then we can write x ≡ g s
(mod p) for some 0 ≤ s ≤ p − 2. Thus g r−2s ≡ 1 (mod p). As g is a
primitive root, p − 1 divides r − 2s. But p − 1 is even so r − 2s is even
and so r is even. Thus we know that g r is a quadratic residue modulo
p if and only if r is even. Hence the quadratic residues modulo p are
1, g 2 , g 4 , . . . , g p−3 and the quadratic non-residues are g, g 3 , g 5 , . . . , g p−2 .
This proves the lemma.
Before we start proving properties of the Legendre symbol, we need

another important fact about primitive roots.
Lemma 3.2. Let p be an odd prime and g a primitive root modulo p.
Then
g (p−1)/2 ≡ −1 (mod p).
Proof. Let h = g (p−1)/2 . Then h2 = g p−1 ≡ 1 (mod p). So p |

2
(h − 1) = (h + 1)(h − 1). Hence h ≡ ±1 (mod p). If h ≡ 1 (mod p)
then g (p−1)/2 ≡ 1 (mod p) contradicting the fact that the order of g (a
primitive root) is exactly p − 1. Hence h ≡ −1 (mod p) which is what
we want.
3. First Properties of the Legendre Symbol

Proposition 3.3. Let p be an odd prime, and a, b integers.

a b
(i) If a ≡ b (mod p) then = .
p p
a
(ii) (Euler’s Criterion) ≡ a(p−1)/2 (mod p).
p
ab a b
(iii) For integers a, b we have = .
p p p
4. THE LAW OF QUADRATIC RECIPROCITY 31
Proof. (i) follows straightaway from the definition, and (iii) fol-
lows from (ii). Let’s prove (ii). Let a be an integer. If p | a then

a
= 0 ≡ a(p−1)/2 (mod p).
p
Hence suppose that p - a. Let g be a primitive root modulo p. We

know from Lemma 3.1 that a ≡ g r (mod p) for some 0 ≤ r ≤ p − 2
and that r is even if and only if a is a quadratic residue. Hence
r
a(p−1)/2 ≡ g (p−1)/2 ≡ (−1)r (mod p)
by Lemma 3.2. This proves (ii).
4. The Law of Quadratic Reciprocity

The main theorem on quadratic reciprocity is the Law of Quadratic
Reciprocity.
Theorem 3.4. Let p and q be distinct odd primes. Then

p q (p−1) (q−1)
(a) (Law of Quadratic Reciprocity) = (−1) 2 2 .
q p
(b) (First Supplement to the Law of Quadratic Reciprocity)
(
−1 1 if p ≡ 1 (mod 4)
=
p −1 if p ≡ 3 (mod 4).
(c) (Second Supplement to the Law of Quadratic Reci-
(
2 1 if p ≡ 1, 7 (mod 8)
procity) =
p −1 if p ≡ 3, 5 (mod 8).
Remark. Note that we can rephrase the Law of Quadratic Reciprocity
as follows:

 p =− q if p ≡ q ≡ 3 (mod 4)
q p
 p = q if p ≡ 1 or q ≡ 1 (mod 4)
q p
Example 4.1. Is 94 a square modulo 257? One way to decide this

is to run through the integers x = 0, 1, . . . , 256 and see if 94 ≡ x2
(mod 257). It is much quicker to use Proposition 3.3 and the Law of
Quadratic Reciprocity.

94 2 47
= by Proposition 3.3
257 257 257

47
= using the second supplement
257

257
= since 257 ≡ 1 (mod 4)
47

22
= 257 ≡ 22 (mod 47)
47

2 11
=
47 47

11
=
47

47
=− 11 ≡ 47 ≡ 3 (mod 4)
11

3
=−
11

11
= 3 ≡ 11 ≡ 3 (mod 4)
3

2
= 11 ≡ 2 (mod 3)
3
= −1 using the second supplement.
Hence 94 is not a square modulo 47.

Actually the proof of the first supplement is straightforward.
Proof of the First Supplement. By Euler’s Criterion (Propo-

sition 3.3),

−1 p−1
≡ (−1) 2 (mod p).
p

Thus −1 p
= 1 if and only if (p − 1)/2 is even. This is the case if and
only if p ≡ 1 (mod 4).
To prove the Law of Quadratic Reciprocity we need Gauss’ Lemma.

Theorem 3.5. (Gauss’ Lemma) Let p be an odd prime and write

p−1
S = 1, 2, . . . , .
2
For integer n let n b ≡ n (mod p) and
b be the unique integer satisfying n
−p/2 < nb < p/2. Let p - a and let
c = {as
aS b : s ∈ S}.
Define µ(a) to be the number of negative members of the set aS.
c Then

a
= (−1)µ(a) .
p
3

Example 4.2. Let us determine 11 using Gauss’ Lemma. Note that
S = {1, 2, 3, 4, 5}
and
c = {b
3S 3, b
6, b
9, 12, b = {3, −5, −2, 1, 4}.
b 15}
3

Thus µ(3) = 2 and so 11 = 1.
Proof of Gauss’ Lemma. We will show that (−1)µ(a) a(p−1)/2 ≡

1 (mod p). Gauss’ Lemma will then follow from Euler’s Criterion.
By definition, µ(a) is the number of negative elements in aS.
c Let
|aS|
c = {|as|
b : s ∈ S}. We claim that |aS|
c = S. Let’s assume this for
the moment and use it to complete the proof. We will return to prove
the claim later on. Now
Y Y
s= t as S = |aS|
c
s∈S t∈|aS|
c
Y
= |as|
b by definition of |aS|
c
s∈S
Y
= (−1)µ(a) as
b b = −|as|
as b for precisely µ(a) values of s ∈ S
s∈S
Y
µ(a)
≡ (−1) as since as ≡ as
b (mod p)
s∈S
Y
µ(a) (p−1)/2
≡ (−1) a s (mod p) since #S = (p − 1)/2.
s∈S
s we obtain the desired conclusion that (−1)µ(a) a(p−1)/2 ≡

Q
Cancelling s∈S
1 (mod p).
It remains to prove our claim that |aS|

c = S. Suppose s ∈ S. Then
−p/2 < as b < p/2 so 0 ≤ |as|
b < p/2. But as b 6= 0 since p - a and p - s.
Hence as b ∈ S. This shows that |aS| ⊆ S. To show that the two sets
c
are equal, we must show that the have the same number of elements.
Suppose that s, t ∈ S satisfy |as|b = |at|.
b Then as ≡ ±at (mod p)
and so s ≡ ±t (mod p). But −p/2 < s, ±t < p/2, so their difference
can’t be divisible by p unless it is 0. Thus s = ±t. But s, t ∈ S so
s = t. This shows that |aS|
c has as many elements as S, completing the
proof.
Gauss’ Lemma enables us to prove the second supplement to the
Law of Quadratic Reciprocity.
Proof of the Second Supplement. We want to show that
(
2 1 if p ≡ 1, 7 (mod 8)
=
p −1 if p ≡ 3, 5 (mod 8).
Consider the case p ≡ 1 (mod 8); the other cases are similar and are left
as an exercise. Then p = 8m + 1 for some integer m. Here (p − 1)/2 =
2
4m. We will apply Gauss’ Lemma to determine p . For this we need
to compute 2xc where x = 1, 2, . . . , 4m. Now for x = 1, 2, . . . , 2m we
have 0 < 2x < p/2 and so 2x c = 2x which is positive. However, for
x = 2m + 1, 2m + 2, . . . , 4m we have p/2 < 2x < p and 2x c = 2x − p
which is negative. Hence µ(2) = 2m, so by Gauss’ Lemma

2
= 1.
p

Proof of the Law of Quadratic Reciprocity. The original
proof is due to Gauss. Gauss altogether gave eight different proofs of
LQR, and there are hundreds of published proofs. The proof we give
is due to Eisenstein. It starts with the following trigonometric identity
which everyone knows. Let m be an odd positive integer and let

m−1
Sm = 1, 2, 3, . . . , .
2
Then
sin mx Y
(m−1)/2 2 2 2πt
(2) = (−4) sin x − sin .
sin x t∈S
m
m
Observe that if u ≡ v (mod p) then 2πu/p and 2πv/p differ by a

multiple of 2π and so sin(2πu/p) = sin(2πv/p). Let sgn(u) denote the
sign of u so that u = sgn(u)|u|. Then sin(2πu/p) = sgn(u) sin(2π|u|/p).

Now for s ∈ Sp ,
qs ≡ qs
b ≡ sgn(qs)|
b qs|b (mod p).
Thus
2πqs 2π|qs|b
sin = sgn(qs)
b sin .
p p
In the notation of Gauss’ Lemma, exactly µ(q) of the qs
b are negative.
Hence Y
q
= sgn(qs).
b
p s∈S p
From the last two equations,

Y
Y 2πqs q 2π|qs|
b
sin = sin .
s∈S
p p s∈S
p
p p
However, from the proof of Gauss’s Lemma, {|qs|

b : s ∈ Sp } = |qS
dp | =
Sp . Hence Y
Y 2πqs q 2πs
sin = sin ,
s∈S
p p s∈S
p
p p
which can be rewritten as

Y
q sin(2πqs/p)
= .
p s∈S
sin(2πs/p)
p
Using the identity (2) with m = q and x = 2πs/p we obtain

Y
q Y
(−4)(q−1)/2 sin2 (2πs/p) − sin2 (2πt/q)

=
p s∈Sp t∈Sq
Y
= (−4)(p−1)(q−1)/4 sin2 (2πs/p) − sin2 (2πt/q) ,

s∈Sp ,t∈Sq
as Sp has (p − 1)/2 members. Now interchanging p and q we have

p Y
= (−4)(q−1)(p−1)/4 sin2 (2πt/q) − sin2 (2πs/p) .

q s∈S ,t∈S
p q
The right-hand sides of the last two equations are identical except for a
minus sign for each term in the product. But there are (#Sp )(#Sq ) =
(p − 1) (q − 1)
terms in the product. Thus
2 2

q p (p−1) (q−1)
= (−1) 2 2 ,
p q
completing the proof.
5. The Sheer Pleasure of Quadratic Reciprocity

Did you enjoy the proof of the Law of Quadratic Reciprocity? Or
did the flicker of light at the end of the long, dark tunnel not seem
worth it? If you’re having doubts prepare to dispel them: we’re going
to exhilarate ourselves with several applications of LQR.
5.1. Mersenne Numbers. You have met the Mersenne numbers

Mn = 2n − 1 in the homework, and know that if n is composite then
so is Mn . What if n = q is prime; is Mq necessarily prime? Computing
the first few we find
M2 = 3, M3 = 7, M5 = 31, M7 = 127,
which are all prime numbers. Now M11 = 2047 which is already not
entirely trivial to factor by hand. The following theorem gives us a large
supply of Mersenne numbers Mq where q is prime but Mq is composite.
Theorem 3.6. Let q ≡ 3 (mod 4) be a prime such that p = 2q + 1
is also prime. Then p divides Mq . In particular, for q > 3, Mq is
composite.
Before proving Theorem 3.6 let us apply it with q = 11. Note that
q ≡ 3 (mod 4) and p = 2q + 1 = 23 is prime. Then according to the
Theorem 3.6, p divides Mq and indeed we find that M11 = 2047 =
23 × 89. You can use the same argument to find a factor of Mq for
q = 11, 23, 83, 131, 179, 191, 239, 251, 359, 419, 431, 443, 491, 659, . . .
Proof of Theorem 3.6. Since q ≡ 3 (mod 4), we have that p =

2q + 1 ≡ 7 (mod 8). Hence

2
= 1.
p
But by Euler’s Criterion

q p−1 2
2 =2 2 ≡ =1 (mod p).
p
Hence Mq = 2q − 1 is divisible by p. To prove the last statement in
Theorem 3.6, observe that Mq is composite if Mq > p. This is the same
as 2q − 1 > 2q + 1 which is satisfied if q > 3.
5. THE SHEER PLEASURE OF QUADRATIC RECIPROCITY 37
5.2. A Diophantine Equation. A Diophantine equation is one

where we are interested in integer solutions. It can be very hard to
determine all the solutions of a Diophantine equations (e.g. Fermat’s
Last Theorem). However, quadratic reciprocity can sometimes be used
to show that there are no solutions. Here is an example.
Theorem 3.7. The equation
y 2 = x3 − 5
has no solutions with x, y ∈ Z.
Proof. We proceed by contradiction. Suppose that x, y ∈ Z sat-
isfy y 2 = x3 − 5. If x is even then y 2 ≡ −5 ≡ 3 (mod 8) which is
impossible as the squares modulo 8 are 0, 1 and 4. Thus x is odd. Now
rewrite the equation as
y 2 + 4 = x3 − 1 = (x − 1)(x2 + x + 1).
Note that x2 + x + 1 = odd + odd + odd and so is odd. Moreover
x2 + x + 1 is positive (e.g. by completing the square). Let p be a prime
divisor of x2 + x + 1. Then p | (y 2 + 4) and so y 2 ≡ −4 (mod p). Hence

−1
= 1.
p
Thus p ≡ 1 (mod 4). As this is true of all prime divisors of x2 + x + 1
we have
x2 + x + 1 ≡ 1 (mod 4).
If x ≡ 1 (mod 4) then x2 + x + 1 ≡ 3 (mod 4) giving a contradiction.
Hence x ≡ 3 (mod 4). Hence y 2 ≡ x3 − 5 ≡ 3 − 5 ≡ 2 (mod 4), which
is impossible.
CHAPTER 4
p-adic Numbers
1. Congruences Modulo pm
In quadratic reciprocity we studied congruences of the form x2 ≡ a
(mod p). We now turn our attention to situations where p is replaced
by a power of p.
We shall need the following lemma whose proof is an easy exercise,
but try out a few examples first to convince yourself that it is true.
Lemma 4.1. Let f (X) ∈ Z[X] and let n > 0 be an integer. Then
f (n) (X)/n! has integer coefficients.
Next is Hensel’s Lemma which is the main result of this section.
Theorem 4.2. (Hensel’s Lemma) Let f (X) ∈ Z[X]. Let p be a
prime and m ≥ 1. Suppose a ∈ Z satisfies
f (a) ≡ 0 (mod pm ), f 0 (a) 6≡ 0 (mod p).
Then there exists some b ∈ Z such that
(3) b ≡ a (mod pm ), f (b) ≡ 0 (mod pm+1 ).
We say that we lift a to a solution modulo pm+1 .
Proof of Hensel’s Lemma. By Taylor’s Theorem
f (2) (a) 2 f (n) (a) n
f (a + x) = f (a) + f 0 (a)x + x + ··· + x
2! n!
where n is the degree of f (note that all higher derivatives vanish). We
want b to satisfy two conditions, one of them that b ≡ a (mod pm ).
Let us write b = a + pm y where the integer y will be determined later.
Then
f (b) = f (a) + pm f 0 (a)y + p2m (integer).
Since f (a) ≡ 0 (mod pm ) we have f (a) = pm c where c is an integer.
Thus
f (b) = pm (c + f 0 (a)y) + p2m (integer).
Note that pm+1 | p2m . To make f (b) ≡ 0 (mod pm+1 ) it is enough to
choose y so that p | (c + f 0 (a)y). In otherwords, we want y so that
f 0 (a)y ≡ −c (mod p). But f 0 (a) 6≡ 0 (mod p) and so is invertible
39
40 4. p-ADIC NUMBERS
modulo p. Let h satisfy hf 0 (a) ≡ 1 (mod p). Then we choose y =

−hc and take b = a − hcpm and then both congruences in (3) are
satisfied.
The proof of Hensel’s Lemma is constructive; this means that it

can be used to solve congruences modulo prime powers. You need
to practice Hensel’s Lemma a few times to get the hang of it. The
following example will help show you how.
Example 1.1. Solve the congruence x2 ≡ 2 (mod 73 ).
Answer: It is easy to solve x2 ≡ 2 (mod 7) by trying all the values
modulo 7. We get that x ≡ 3, 4 (mod 7). Note that obviously if u is a
solution then −u is also a solution.
Next we solve x2 ≡ 2 (mod 72 ). Note that any solution must also
satisfy x2 ≡ 2 (mod 7) and so x ≡ 3, 4 (mod 7). Suppose first that
x ≡ 3 (mod 7). Then x = 3 + 7y where y is an integer. Substituting
in x2 ≡ 2 (mod 72 ) we obtain
9 + 42y + 49y 2 ≡ 2 (mod 72 )
or equivalently
7(1 + 6y) ≡ 0 (mod 72 )
or equivalently 1 + 6y ≡ 0 (mod 7), so y ≡ 1 (mod 7), so we obtain

that x = 3 + 7y ≡ 3 + 7 = 10 (mod 72 ). Similarly, if x ≡ 4 (mod 7)
then x ≡ 39 (mod 49) (which is the same as −10 modulo 49).
Now let us solve x2 ≡ 2 (mod 73 ). Then x ≡ 10, 39 (mod 72 ).
Suppose first x ≡ 10 (mod 72 ). Then x = 10 + 72 z for some integer z.
Hence
100 + 2 × 10 × 72 z + 74 z 2 ≡ 2 (mod 73 ).
Note 100 − 2 = 98 = 2 × 72 . Thus
72 × 2(1 + 10z) ≡ 0 (mod 73 ).
This is equivalent to 1 + 10z ≡ 0 (mod 7) which gives z ≡ 2 (mod 7).

Hence x = 10 + 72 z = 108 (mod 73 ). Similarly starting from x ≡ 39
(mod 72 ) would give x ≡ 235 (mod 73 ).
In the above example, we note that to obtain a solution modulo 72
we had to add 7y = 1 × 7 and to obtain a solution modulo 73 we had
to add a 72 z = 2 × 72 . We can continue this calculation and write up
our solutions in the following suggestive manner:
2. p-ADIC ABSOLUTE VALUE 41
m solutions to x2 ≡ 2 (mod 7m )
1 ±3
2 ±(3 + 7)
3 ±(3 + 7 + 2 × 72 )
4 ±(3 + 7 + 2 × 72 + 6 × 73 )
5 ±(3 + 7 + 2 × 72 + 6 × 73 + 74 )
We are writing solutions as a series in powers of 7 with coefficients
between 0 and 6. This suggests very much an analogy with decimal
expansions. We immediately begin to wonder if the series converges
in any sense. Of course it does not converge in the sense of 1st year
analysis as the powers of 7 are tending to infinity. However we will
change our notion of large and small to make it converge.
2. p-Adic Absolute Value

Before we define the p-adic absolute value, it is worth recalling ordp
and its properties. Remember that if p is a prime and α is a non-zero
rational, then ordp (α) is the unique integer such that
a
α = pordp (α) · , a, b ∈ Z, p - a, b.
b
We defined ordp (0) = +∞. Recall also that one formulation of the
Unique Factorization Theorem says that any non-zero rational α can
be written as
Y
(4) α=± pordp (α) ,
p∈P
where P is the set of all primes. Of course only finitely many of the
exponents ordp (α) are non-zero, so the product makes sense.
Definition. Let p be a prime and α a non-zero rational number. We
define the p-adic absolute value of α to be
|α|p = p− ordp (α) .
We define |0|p = 0 which is consistent with our convention that ordp (0) =
+∞.
Example 2.1. Let α = −50/27. Then


 2−1 p = 2
33

p=3
|α|p = −2

 5 p=5

1 p 6= 2, 3, 5.

Q
Now evaluate p∈P |α|p . What do you notice.
Example 2.2. Notice that |pr |p = p−r , so powers of p with positive

exponent are actually ‘small’.
√ It now looks likely that the series where
we seem to be expanding 2 as a ‘powerseries’ in 7 does converge. We
will come to that soon, but first we need some properties of the p-adic
absolute value.
Theorem 4.3. Let p be a prime and α, β ∈ Q. Then
(i) |α|p ≥ 0. Moreover, |α|p = 0 iff α = 0.
(ii) |αβ|p = |α|p |β|p .
(iii) |α + β|p ≤ max{|α|p , |β|p }, with equality if |α|p 6= |β|p .
Inequality (iii) is called the ultrametric inequality. Notice that
it implies the triangle inequality |α + β|p ≤ |α|p + |β|p but is actually
much stronger.
Proof of Theorem 4.3. We’ll leave (i) and (ii) as exercises. Let’s
do (iii). Recall the following property of ordp :
(5) ordp (α + β) ≥ min{ordp (α), ordp (β)}
with equality if ordp (α) 6= ordp (β). Write
r = ordp (α), s = ordp (β), t = ordp (α + β),
and suppose that r ≤ s. Then t ≥ min(r, s) = r. Hence
|α + β|p = p−t ≤ p−r = max{p−r , p−s } = max{|α|p , |β|p }.
Now suppose that |α|p 6= |β|p . Then p−r 6= p−s which means that r 6= s.
Hence ordp (α) 6= ordp (β) and we have equality in (5). Hence t = r and
so
|α + β|p = p−t = p−r = max{p−r , p−s } = max{|α|p , |β|p }.

Example 2.3. The triangle inequality is true for the p-adic absolute
value, so everything you proved previously for the ordinary absolute
value using the triangle inequality also holds for the p-adic absolute
value. But the ultrametric inequality is much stronger. Notice the
following striking consequence of the ultrametric inequality. Let C be
a constant and p a prime. Consider the set
{α ∈ Q : |α|p ≤ C}.
This is a ‘disc centred at the origin’. However, the ultrametric inequal-
ity tells us that if we add two elements in this ‘disc’, we stay inside it.
Compare this with what happens if you add two elements of the disc
in the complex plane
{α ∈ C : |α| ≤ C}.
3. CONVERGENCE 43
Here it is easy to add two elements in the disc so that you leave the
disc. The triangle inequality for the usual absolute value will tell you
that if |α| ≤ C and |β| ≤ C then |α + β| ≤ 2C, so you can see that the
ultrametric inequality is much stronger than the triangle inequality.
Theorem 4.4. (The Product Formula) Let α be a non-zero rational
number. Then Y
|α| |α|p = 1,
p∈P
where P is the set of primes.
Proof. Prove this using (4). Notice that all but finitely many
terms in the product are 1, so the product makes sense.
3. Convergence
Definition. We say that the series of rational numbers {an }∞
n=1 con-
verges p-adically to a ∈ Q if
lim |an − a|p = 0.
n→∞
We can also express this in terms of epsilons: the series {an }∞

n=1 con-
verges to a ∈ Q if for every > 0, there
P∞ is some N such that for all
n ≥ N , we have |an − a|p < . A series j=1 aj converges p-adically if
the sequence of partial sums sn = nj=1 aj converges p-adically.
P
Example 3.1. Let a ∈ Q. It is easy to see that the constant sequence

{a}∞
n=1 converges p-adically to a.
Example 3.2. The sequence {pn }∞

n=1 converges to 0 p-adically since
|pn − 0|p = p−n → 0 as n → ∞.

Example 3.3. Consider 5-adically the series
1 + 5 + 52 + 53 + · · · .
The n-th partial sum is
5n − 1 5n 1
sn = 1 + 5 + · · · + 5n−1 = = − .
5−1 4 4
n
As 5 → 0, it seems that the sequence of partial sums is converging to
−1/4. Let’s check this:
|sn − (−1/4)|5 = |5n /4|5 = 5−n → 0 as n → ∞.
Hence {sn }∞
n=1 converges 5-adically to −1/4 and we can write
−1
1 + 5 + 52 + · · · = .
4
Example 3.4. Now consider 7-adically the same series

1 + 5 + 52 + 53 + · · · .
Now the partial sums are exactly the same as before, and find that
|sn − (−1/4)|7 = |5n /4|7 = 1 → 1 as n → ∞.
This shows that the series does not 7-adically converge to −1/4. Does
it converge to something else, or not converge at all? We’ll answer this
question shortly.
Definition. A sequence {an }∞ n=1 of rational numbers is p-adically
null if it p-adically converges to 0. A sequence {an }∞
n=1 of rational
numbers is p-adically Cauchy if
lim |am − an |p = 0.
m,n→∞
Example 3.5. As we saw previously, the sequences {0}∞ n ∞

n=1 and {p }n=1
converge p-adically to 0 and so are both null.
The following lemma will give us lots of examples of Cauchy se-
quences.
Lemma 4.5. If the sequence of rational numbers {an }∞
n=1 converges
p-adically then it is p-adically Cauchy.
Proof. Suppose {an } converges p-adically to a ∈ Q. Then limn→∞ |an −

a|p = 0. Now
|am − an |p = |(am − a) − (an − a)|p ≤ max{|am − a|p , |an − a|p }
using the ultrametric inequality. Hence
|am − an |p → 0 as m, n → ∞,
which is what we wanted to prove. Notice that the proof is almost the
same as the proof you saw in first-year analysis with the usual absolute
value. The only difference is that the triangle inequality is replaced by
the ultrametric inequality.
What about the converse of Lemma 4.5. Does every p-adically

Cauchy sequence of rationals converge to a rational number? If you
recall our earlier example where we were solving x2 ≡ 2 (mod 7n ), we
seemed
√ to be constructing a 7-adically Cauchy sequence that converges
to 2 which is not rational. So it seems that the converse of Lemma 4.5
does not hold unless we replace the rationals by something bigger. We
know that with the usual absolute value a sequence is Cauchy if and
3. CONVERGENCE 45
only if it converges; but here we are talking about real numbers, not
just rational numbers. For example, you know that the sequence
n
1
an = 1 +
n
is a Cauchy sequence of rational numbers that converges to e which is
not rational but real. But what is a real number? The best way to
define real numbers is to say that a real number is simply a Cauchy
sequence of rational numbers! Think about it. This motivates our next
definition.
Definition. A p-adic number α is a p-adically Cauchy sequence {an }∞
n=1
of rational numbers. We write Qp for the set of p-adic numbers. We
identify Q as a subset of Qp via the map
(6) Q → Qp , a 7→ {a}∞
n=1 .
Let’s go back to the reals for a moment to make sure that our
definition makes sense. We said that a real number is simply a Cauchy
sequence of rationals. So e is just the sequence (1 + 1/n)n . But there
are other sequences converging to e. For example, take the partial sums
of the series
1 1 1
1 + + + + ··· .
1! 2! 3!
So to say that a real number is a Cauchy sequence seems an ambiguous
way to define real numbers. However, the ambiguity disappears as soon
as we adopt the convention that two Cauchy sequences define the same
real number if their difference is a null sequence. We do the same in
the p-adic setting.
Definition. We say that two p-adic numbers {an } and {bn } are equal
if the difference {an − bn } is p-adically null.
Example 3.6. Via the identification (6) we think of 0 ∈ Q to be the
same as the zero sequence {0} in Qp . Now the {pn } and {0} are both
p-adically null sequences and we have that
0 = {0} = {pn } = any null sequence of rationl numbers.
Lemma 4.6. Suppose that the sequence of rational numbers {an } con-
verges p-adically to a ∈ Q. Then in Qp
lim an = a = {an }∞
n=1 .
n→∞
Proof. What is the lemma saying? There is no doubt that limn→∞ an =

a. Now a ∈ Q and via the identification (6) we can write a = {a}∞
n=1 .
So what we’re asked to prove that the sequences {an }n=1 and {a}∞
∞
n=1
are the same in Qp . In other words, they differ by a p-adically null

sequence. But this true: limn→∞ |an − a|p = 0 as {an }∞
n=1 converges to
a p-adically. This completes the proof.
Lemma 4.6 gives a hint of how to define limits of p-adically Cauchy
sequences that don’t seem to have a rational limit.
Definition. Suppose that {an }∞n=1 is a p-adically Cauchy sequence of
rational numbers. We define the limit
lim an = {an }∞
n=1 .
n→∞
There is no misprint in this definition! A p-adically Cauchy se-

quence converges to a p-adic number that happens to be the sequence
itself. This solves the convergence problem and, by Lemma 4.6, is con-
sistent with the case where the sequence does converge to a rational
number.
It might be said that this is a cowardly way of solving the issue of
p-adically Cauchy sequences for which there is no rational limits. But
mathematics is full of such
√ cowardice. For example, to square-root 2 we
introduce the symbol 2 and work with it. Everytime we square this
symbol we replace it with 2. This does not tell us what the square-root
of 2 is, but is a convenient psychological way of avoiding answering
the question. Likewise, the only difficulties with accepting the above
definition are purely psychological, and at any rate, it is rather late in
the term to drop MA3H1 and take up something else.
4. Operations on Qp
Of course Qp would not be very interesting if it was a set with no
additional structure. In fact we can define addition and multiplication
on Qp in a natural way:
{an } + {bn } = {an + bn }
and
{an } · {bn } = {an bn }.
One must check that these operations are well-defined. For a start
we want to make sure that the sequences {an + bn } and {an bn } are
p-adically Cauchy so that we are staying in Qp . We also want to
check that if {an } and {a0n } differ by a p-adically null sequence and
if {bn } and {b0n } differ by a p-adically null sequence then {an + bn } and
{a0n + b0n } differ by a p-adically null sequence and {an bn } and {a0n b0n }
differ by a p-adically null sequence. These we’ll leave as relatively easy
exercises. We also want to check that the usual properties of addition
4. OPERATIONS ON Qp 47
and multiplication hold (commutativity, associativity, distributivity of

multiplication over addition); again these are easy exercises.
What about division? Here there is a slight difficulty. We might
want to define {an }/{bn } = {an /bn }. Of course we will exclude the
case when {bn } is p-adically null. But even if {bn } is not null, it might
contain some zeros. We might then say, ignore them, after all ignoring
finitely many terms in a sequence is not going to affect its limit. But
what if {bn } has infinitely many zeros? Well that can’t happen and to
show that we need a lemma.
Lemma 4.7. Let {an } be a sequence of rational numbers that is p-
adically Cauchy. Then the sequence {|an |p } converges to some element
in the set {0} ∪ {pr : r ∈ Z}.
Proof. Note that the convergence we’re talking about in the sec-
ond sentence of the lemma is covergence with respect to the usual
absolute value. Now certainly |an |p is in the set {0} ∪ {pr : r ∈ Z},
and it’s easy to see that any Cauchy subsequence of {0} ∪ {pr : r ∈ Z}
must actually converge to some element of this set. Thus all we have
to show is that {|an |p } is Cauchy with respect to the usual absolute
value. Now it is an easy exercise to check that

|a|p − |b|p ≤ |a − b|p .
Hence

0 ≤ |am |p − |an |p ≤ |am − an |p .
As {an } is p-adically Cauchy, limm,n→∞ |am − an |p = 0. Hence by the
Sandwich Theorem,

lim |am |p − |an |p = 0.
m,n→∞
This shows that the sequence {|an |p } is Cauchy with respect to the
usual absolute value and completes the proof.
Lemma 4.8. Let {bn } be a p-adically Cauchy sequence of rational

numbers that is non-null. Then the sequence contains at most finitely
many zero elements.
Proof. By the previous lemma, |bn |p has a limit, which is either

zero, or a power of p. However, as {bn } is non-null, this limit must
be non-zero. Now if the sequence contains infinitely many zeros then
{|bn |p } contains infinitely many zeros and hence a subsequence con-
verging to zero. This contradicts that fact that {|bn |p } converges to a
non-zero limit.
The above lemma allows us to define division. If {an } and {bn } are
elements of Qp and {bn } = 6 0 (i.e. non-null) then there is some N such
that for n ≥ N , bn 6= 0 and we define {cn } = {an }/{bn } by assigning
cn randomly for n < N and letting cn = an /bn for n ≥ N . Note that
{cn } · {bn } agrees with {an } except for finitely many terms and so their
difference is null; in other words {cn } · {bn } = {an } in Qp .
Theorem 4.9. Qp is a field containing Q as a subfield.
Proof. The proof is an easy but slightly lengthy verification which

we leave as an exercise.
We can extend the p-adic absolute value to Qp as follows.

Definition. Let α ∈ Qp be represented by the p-adically Cauchy se-
quence of rationals {an }. We define the p-adic absolute value of α
by
|α|p = lim |an |p .
n→∞
Note that the limit exists by Lemma 4.7 and is equal to some ele-
ment of the set {0} ∪ {pr : r ∈ Z}, but we still need to show that |α|p
is well-defined in the sense that if {an } = {bn } in Qp then
lim |an |p = lim |bn |p .
n→∞ n→∞
The assumption that {an } = {bn } in Qp means that the difference

{an − bn } is p-adically null. Now by the triangle inequality
|an |p = |(an − bn ) + bn |p ≤ |an − bn |p + |bn |p .
Hence
lim |an |p ≤ lim |an − bn |p + lim |bn |p .
n→∞ n→∞ n→∞
As {an − bn } is null, limn→∞ |an − bn |p = 0, so

lim |an |p ≤ lim |bn |p .
n→∞ n→∞
Swapping the rôles of the as and bs in the above argument gives

lim |bn |p ≤ lim |an |p .
n→∞ n→∞
Hence
lim |bn |p = lim |an |p ,
n→∞ n→∞
which shows that |α|p is well-defined for α ∈ Qp .

6. p-ADIC INTEGERS 49
4.1. Properties of p-adic absolute value. Now that we have

defined the p-adic absolute value on Qp , it is natural to ask if it has
the same properties it had on Q, and it does.
Theorem 4.10. Let p be a prime and α, β ∈ Qp . Then
(i) |α|p ≥ 0. Moreover, |α|p = 0 iff α = 0.
(ii) |αβ|p = |α|p |β|p .
(iii) |α + β|p ≤ max{|α|p , |β|p }, with equality if |α|p 6= |β|p .
Proof. The proof follows by choosing p-adically Cauchy sequences
of rationals representing α and β and then using the definition of |·|p
in terms of these sequences and Theorem 4.3. We leave this as an
exercise.
5. Convergence of Series
The ultrametric inequality has a dramatic effect of making the con-
vergence of series very easy to check.
Theorem 4.11. Let p be a prime. The series ∞
P
j=1 aj converges p-
adically if and only if limj→∞ |aj |p = 0.
We know that with the usual absolute value the theorem is true
only in the left to right direction. The famous counterexample being
the harmonic series
1 1 1
1 + + + + ··· ,
2 3 4
which diverges even though limj→∞ 1/j = 0. Working p-adically, we
don’t need any of the complicated convergence tests of first-year analysis—
the theorem makes it all very easy!
Proof of Theorem 4.11. Suppose that limn→∞ |an |p =P0. All
we have to do is to show the the sequence of partial sums sn = nj=1 aj
is Cauchy. A Cauchy sequence converges to some element of Qp (which
happens to equal the sequence itself). Now suppose m > n. Then
|sm − sn |p = |an+1 + an+2 + · · · + am |p = max |aj |p ,
n+1≤j≤m
by the ultrametric inequality. For any > 0, there is some N such that
if j ≥ N then |aj |p < . Hence if m, n ≥ N then |sm − sn |p < , proving
that the sequence {sn } is p-adically Cauchy.
6. p-adic Integers
Definition. The set of p-adic integers Zp is defined by
Zp = {α ∈ Qp : |α|p ≤ 1}.
So Zp ‘looks’ like a disc of radius 1 centred at the origin. In this

sense, the following theorem is striking.
Theorem 4.12. Zp is a ring and contains Z as a subring.
Proof. Note first that if a ∈ Z then ordp (a) ≥ 0 and so |a|p =
− ordp (a)
p ≤ 1. Hence Z ⊂ Zp .
To complete the proof we must show that Zp is a ring. You don’t
have to know anything about rings except the definition. Note that
Zp ⊂ Qp and Qp is already a field. So we have to show that Zp is
closed under addition and multiplication (it already contains 0 and 1).
But if α, β ∈ Zp then
|αβ|p = |α|p |β|p ≤ 1 · 1 = 1,
and
|α + β|p ≤ max{|α|p , |β|p } ≤ max{1, 1} = 1.
Hence αβ, α + β ∈ Zp .
Lemma 4.13. If {an } is a p-adically Cauchy sequence with an ∈ Z
then limn→∞ an is in Zp . Conversely, any α ∈ Zp is the limit of such a
sequence.
Proof. Suppose {an } is a p-adically Cauchy sequence with an ∈ Z
and let α = limn→∞ an . Then |an |p ≤ 1 and so
|α|p = lim |an |p ≤ 1
n→∞
which shows that α ∈ Zp . The converse is harder. Suppose α ∈ Zp .
Now Zp ⊂ Qp and so α = limn→∞ an where {an } is a p-adically Cauchy
sequence of rational numbers, but there is a priori no reason for the
an be integral. We will construct a p-adically Cauchy sequence {bn }
where the bn are in Z and {an − bn } is a p-adically null sequence. Then
α = limn→∞ bn as required. Now
lim |an |p = |α|p ≤ 1.
n→∞
Consider ordp (an ). If there are infinitely many n such that ordp (an ) ≤
−1 then there are infinitely many n such that |an |p ≥ p and this con-
tradicts the above. Hence there is some N such that ordp (an ) ≥ 0 for
all n ≥ N . So we can write
un
an =
vn
where un , vn ∈ Z, with p - vn . Since p - vn , we know that vn is
invertible modulo pn . Let vn wn ≡ 1 (mod pn ), where wn ∈ Z and
write bn = un wn ∈ Z. Then an = un /vn ≡ un wn = bn (mod pn ) and so
|an − bn |p ≤ p−n . This completes the proof.
7. HENSEL’S LEMMA REVISITED 51
7. Hensel’s Lemma Revisited

Corollary 4.14. Let p be a prime. Let f (X) be a polynomial with
integer coefficients. Suppose that there is an integer a such that
f (a) ≡ 0 (mod p), f 0 (a) 6≡ 0 (mod p).
(i) Then there is a sequence {am }∞
m=1 such that a1 = a, and
(7) f (am ) ≡ 0 (mod pm ), am+1 ≡ am (mod pm ).

(ii) The sequence {am }∞
m=1 converges to α ∈ Zp and α satisfies
f (α) = 0.
Proof. We start with a1 = a and apply Hensel’s Lemma (Theorem
4.2) with m = 1. We obtain an a2 such that
f (a2 ) ≡ 0 (mod p), a 2 ≡ a1 (mod p).
Suppose now we have constructed a1 , a2 , . . . , ak to satisfy (7). Note
that
ak ≡ ak−1 (mod pk ), ak−1 ≡ ak−2 (mod pk−1 ), . . . , a2 ≡ a1 (mod p).
Then certainly ak ≡ a1 = a (mod p) and so f 0 (ak ) ≡ f 0 (a) 6≡ 0
(mod p). We can now apply Hensel to obtain ak+1 . This completes
the proof of (i).
Let us prove (ii). We want to prove that {an } converges p-adically.
Write
b 1 = a1 , b2 = a2 − a1 , b3 = a3 − a2 , . . . .
Then an = b1 + b2 + ·P · · + bn . Hence the sequence {an } converges
p-adically iff the series bm converges p-adically. But
|bm |p = |am − am−1 |p ≤ p−(m−1) ,
since am ≡ am−1 (mod pm−1 ). Thus {an } converges in Qp . As an ∈ Z,
we know from the previous lemma that {an } converges to some α ∈ Zp .
Now 1
f (α) = f lim an = lim f (an ) = 0,
n→∞ n→∞
−n
since |f (an )|p ≤ p .
Corollary 4.15. Let b ∈ Z be non-zero and p an odd prime. Then b
is a square in Zp if and only if b = p2r c where r ∈ Z and pc = 1.
1For a polynomial f , the equality

f lim an = lim f (an )
n→∞ n→∞
is an easy exercise.

c
Proof. Suppose b = p2r c where r ∈ Z and = 1. All we have
p

to show is that c is a square in Zp . Let f (X) = X − c. Since pc = 1,
2
there is some a 6≡ 0 (mod p) such that c ≡ a2 (mod p). Hence

f (a) ≡ 0 (mod p), f 0 (a) = 2a 6≡ 0 (mod p).
By the above corollary to Hensel’s Lemma, there is some α ∈ Zp such
that f (α) = 0, so α2 = c as required.
Let us prove the converse. Suppose b is a square in Zp , say b = β 2
where β ∈ Zp . Write b = ps c where p - c. Then
p−s = |b|p = |β|2p .
Now |β|p is a power of p, so s is even, say s = 2r. So b = p2r c is a
square in Zp . Hence c is a square in Qp . Say c = γ 2 with γ ∈ Qp . But
1 = |c|p = |γ|2p , so γ ∈ Zp . Let {an } be a Cauchy sequence of integers
converging to γ. Then {a2n } coverges to c. Hence there is some N such
that for n ≥ N ,
|a2n − c|p ≤ p−1 ,
which can be rewritten as
c ≡ a2n (mod p).

c
This shows that p
= 1.
Deciding which integers are squares in Z2 is a little more tricky, and

needs a stronger version of Hensel’s Lemma.
Theorem 4.16. (Hensel’s Lemma—Strong Version)
Let f (X) ∈ Z[X]. Let p be a prime and m ≥ 0. Suppose a ∈ Z and
write
k = ordp (f 0 (a)).
Suppose that m ≥ 1 and
f (a) ≡ 0 (mod pm+2k ).
Then there exists b ∈ Z such that
b ≡ a (mod pm+k ), f (b) ≡ 0 (mod pm+1+2k ).
Proof. Write b = a + pm+k y where y ∈ Z is yet to be determined.
By Taylor’s Theorem,
f (b) = f (a) + pm+k y · f 0 (a) + p2m+2k (integer).
We can write
f (a) = pm+2k c, f 0 (a) = pk d
8. THE HASSE PRINCIPLE 53
where c, d ∈ Z and p - d. Then

f (b) = pm+2k (c + dy) + p2m+2k (integer).
To complete the proof of the theorem, all we have to do is to choose
y ∈ Z so that p | (c + dy). In other words we want dy ≡ −c (mod p),
and we can do this as d is invertible modulo p; this is where we use the
fact that p - d.
We can now improve on Corollary 4.14 as follows.
Corollary 4.17. Let p be a prime. Let f (X) be a polynomial with
integer coefficients, and k ≥ 0 an integer. Suppose that there is an
integer a such that
f (a) ≡ 0 (mod p2k+1 ), ordp (f 0 (a)) = k.
(i) Then there is a sequence {am }∞
m=1 such that a1 = a, and
f (am ) ≡ 0 (mod pm+2k ), am+1 ≡ am (mod pm+k ).

(ii) The sequence {am }∞
m=1 converges to α ∈ Zp and α satisfies
f (α) = 0.
The proof is an easy modification of the proof of Corollary 4.14 using
the strong version of Hensel’s Lemma and we leave it as an exercise.
Corollary 4.18. Let b ∈ Z be non-zero. Then b is a square in Z2 if
and only if b = 22r c where c ≡ 1 (mod 8).
Proof. The proof is almost the same as the proof of Corollary 4.15
but uses Corollary 4.17 instead. Let us show that if c ≡ 1 (mod 8) then
c is a square in Z2 . Let f (X) = X 2 − c. Then
f (1) ≡ 0 (mod 23 ), ord2 (f 0 (1)) = 1,
so taking k = 1 in Corollary 4.17 shows that there is some α ∈ Z2 such
that f (α) = 0. Then c = α2 as required.
The rest of the proof is an exercise.
8. The Hasse Principle

Let f ∈ Z[X1 , . . . , Xn ]. We want to know if the equation f (X1 , . . . , Xn ) =
0 has a solution in integers. As Z ⊆ Zp for all primes p and as Z ⊆ R
we know the following:
(
f = 0 has a solution in Znp for all primes p and
f = 0 has a solution in Zn =⇒
f = 0 has a solution in Rn .
Is the converse statement true? The converse statement is called the
‘Hasse Principle’. It is true for many classes of polynomials, and for
these classes of polynomials we say that the Hasse Principle holds. But
it is false for many other classes of polynomials and for those we say
that the Hasse principle fails. Here is a counterexample to the Hasse
principle for polynomials in 1 variable.
Example 8.1. Let f (X) = (X 2 − 2)(X 2 − 17)(X 2 − 34). Show that
f (X) = 0 is a counterexample to the Hasse principle.
Answer: Basically we are asked to show that f (X) = 0 has solutions
in Zp for all primes p and in R, √ but has
√ no solutions
√ in Z. It clearly
has solutions in R, which are ± 2, ± 17, ± 34, and clearly it has
no solutions in Z as none of these roots are integral.
Now 17 ≡ 1 (mod 8) and so by Corollary 4.18 17 = α2 for some
α ∈ Z2 . Then f (α) = 0, so f (X) = 0 has a solution in Z2 . Also
2
17
= 1, so 2 is a square in Z17 by Corollary 4.15, and so f (X) = 0
has a solution in Z17 . Suppose that p 6= 2, 17. We want to show that
f (X) = 0 has a solution in Zp . Equivalently, we want to show that
at least one of 2, 17, 34 is a square in Zp . Suppose that 2, 17 are not
squares in Zp . By Corollary 4.15,

2 17
= −1, = −1.
p p
But multiplying we obtain

34 2 17
= = 1.
p p p
Hence 34 is a square in Zp and so f (X) has a solution in Zp . This

completes the proof.
8.1. A Bivariate Counterexample to the Hasse Principle.

Let f (X, Y ) = 2Y 2 − X 4 + 17. We claim that f (X, Y ) = 0 is a
counterexample to the Hasse Principle.
√ Clearly f (X, Y ) = 0 has solu-
tions in R; for example (X, Y ) = ( 4 17, 0). The standard proof that
f (X, Y ) = 0 has solutions in Zp for all primes p uses some advanced
results and we shall omit it. How do we show that f (X, Y ) = 0 has no
solutions in Z? Suppose x, y ∈ Z such that f (x, y) = 0. Clearly y 6= 0,
and f (x, −y) = f (x, y), so we can assume that y > 0. Moreover, from
2y 2 = x4 − 17, if 17 | x or 17 | y then 17 divides both and 172 | 17
which is impossible. Thus 17 - x, 17 - y.
Suppose p is an odd prime divisor of y. Then
x4 ≡ 17 (mod p).
8. THE HASSE PRINCIPLE 55
So certainly 17 is a square modulo p, and we can write

17
= 1.
p
By the Law of Quadratic Reciprocity (as 17 ≡ 1 (mod 4)),
p
= 1.
17
Write y = 2r pri i where the pi are distinct odd prime divisors of y.
Q
Then p
i
=1
17
by the above, and
2
= 1,
17
as 17 ≡ 1 (mod 8). Thus
y 2 r Y p ri
i
= = 1.
17 17 17
Hence y ≡ z 2 (mod 17). From 2y 2 = x4 − 17 we obtain that
2z 4 ≡ x4 (mod 17).
We said earlier that 17 - x, y, so z 6≡ 0 (mod 17). Thus z is invertible
modulo 17. Let w ≡ xz −1 (mod 17). Then w4 ≡ 2 (mod 17). How-
ever, by trying the values w = 0, 1, . . . , 16 we find that the congruence
w4 ≡ 2 (mod 17) does not have any solutions, giving us a contradic-
tion.
CHAPTER 5
Geometry of Numbers
We now come to the Geometry of Numbers, a branch of number

theory that will enable us to prove several interesting results, includ-
ing the Hasse Principle for conics. There are only two theorems from
the Geometry of Numbers that we need: Blichfeldt’s Theorem and
Minkowski’s Theorem.
Definition. By a sublattice of Zn we simply mean a subgroup of Zn
of finite index.
A subset C ⊂ Rn is said to be symmetric if for every x in C, −x
is also in C. We say C is convex if for every pair of points x and y
in C, the entire line segment joining x and y is contained in C. If you
like symbols you can write this as, for all x, y ∈ C and all 0 ≤ λ ≤ 1,
we have
λx + (1 − λ)y ∈ C.
Theorem 5.1. (Minkowski’s Theorem) Let Λ be a sublattice of Zn
of index m. Let C be a convex symmetric subset of Rn having volume
V (C) satisfying
V (C) > 2n m.
Then C and Λ have a common point other than 0.
For the proof of Minkowski’s Theorem we will need Blichfeldt’s
Theorem. So we’ll delay Minkowski’s proof until we’ve seen some of
it’s beautiful consequences.
1. The Two Squares Theorem

Theorem 5.2. Every prime p ≡ 1 (mod 4) can be written in the form
p = x2 + y 2 for some integers x, y.

Proof. Since p ≡ 1 (mod 4) we know that −1
p
= 1. Hence there
is an integer ` ∈ Z such that
(8) `2 ≡ −1 (mod p).
Let
Λ = {(x, y) ∈ Z2 : x ≡ `y (mod p)}.
57
58 5. GEOMETRY OF NUMBERS
Common sense dictates that Λ is a subgroup of Z2 of index p. But if

you’re not a fan of common sense we can also prove this using the First
Isomorphism Theorem. Write Z/pZ = {0, . . . , p − 1} for the group of
integers modulo p. Let
φ : Z2 → Z/pZ, φ(x, y) = x − `y.
It’s easy to check that φ is a homomorphism and that Λ is the kernel
of φ. Hence Λ is a subgroup of Z2 . If a ∈ Z/pZ then φ(a, 0) = a,
so φ is surjective. In other words, the image of φ is Z/pZ. The First
Isomorphism Theorem tells us that
Z2 /Λ ∼
= Z/pZ.
Hence the index of Λ in Z2 is the cardinality of Z2 /Λ which is the
cardinality of Z/pZ which is p. We have now completely circumvented
common sense to show that the index is p and can with clear conscience
return to the proof of the Two Squares Theorem.
Let
C = {(x, y) ∈ R2 : x2 + y 2 < 2p}.
This is clearly convex and symmetric with volume(=area)
V (C) = 2πp > 22 p.
You’re probably reading this in the privacy of your own room, so feel
free to jump up and down from excitement now that we have satisfied
all the conditions of Minkowski’s Theorem. Minkowski tells us that C
and Λ have some common point other than (0, 0). Let this be (x, y).
As (x, y) ∈ Λ, we have that x, y ∈ Z and x ≡ `y (mod p). Hence
x2 + y 2 ≡ `2 y 2 + y 2 ≡ (`2 + 1)y 2 ≡ 0 (mod p);
here we made use of (8). Also (x, y) is a non-zero point of C, so
0 < x2 + y 2 < 2p.
To sum up, x2 + y 2 is an integer strictly between 0 and 2p that is
divisible by p. Hence x2 + y 2 = p, as required.
The Two Squares Theorem is due to Fermat who proved it using
the a technique called infinite descent.
2. Areas of Ellipses and Volumes of Ellipsoids

To be able to do the homework you need formulae for the area of
the ellipse
2
y2

2 x
Ea,b = (x, y) ∈ R : 2 + 2 < 1 ,
a b
2. AREAS OF ELLIPSES AND VOLUMES OF ELLIPSOIDS 59
and the volume of the ellipsoid

2
y2 z2

3 x
Ea,b,c = (x, y, z) ∈ R : 2 + 2 + 2 < 1 .
a b c
Here a, b and c are positive constants.
You know of course that the area of the ellipse is going to be given
by the double integral
ZZ
V (Ea,b ) = 1dxdy.
Ea,b
To evaluate this double integral we’ll use a substitution. Let u = x/a

and v = y/b. Then the ellipse Ea,b in the xy-plane becomes the unit
disc
D = {(u, v) ∈ R2 : u2 + v 2 < 1}
in the uv-plane. Moreover dx = d(au) = adu and dy = d(bv) = bdv.
Hence
ZZ ZZ
V (Ea,b ) = abdudv = ab 1dudv = abV (D),
D D
and V (D) = π is the area of the unit disc D. We obtain
V (Ea,b ) = πab,
and similarly you can prove that
4π
V (Ea,b,c ) =
abc.
3
2.1. Volume of the Ball in 4-Dimensions. For our next treat,
the Four Squares Theorem, we will need the volume of the Ball of
radius r in 4-dimensions:
Br = {(x, y, z, w) ∈ R4 : x2 + y 2 + z 2 + w2 < r2 }.
This is given by the quadruple integral
ZZZZ
V (Br ) = dxdydzdw.
x2 +y 2 +z 2 +w2 <r2
Note that −r < w < r, so we can rewrite the quadruple integral as

Z w=r Z Z Z
V (Br ) = dxdydz dw.
w=−r x2 +y 2 +z 2 <r2 −w2
However
√ x2 + y 2 + z 2 < r2 − w2 is a ball (sphere) in xyz-space of radius
r2 − w2 , so
ZZZ
4π 2
dxdydz = (r − w2 )3/2 .
2 2 2 2
x +y +z <r −w 2 3
Hence
Z w=r Z w=r
4π 2 2 3/2 8π
V (Br ) = (r − w ) dw = (r2 − w2 )3/2 dw.
3 w=−r 3 w=0
You immediately say to yourself that this needs are trigonometric sub-
stitution, and you’re right: let w = r sin θ, so dw = r cos θdθ, and
so
8π θ=π/2 3 8πr4 π/2
Z Z
2 3/2
V (Br ) = r (1 − sin θ) r cos θdθ = cos4 θdθ.
3 θ=0 3 0
We need to integrate cos4 , and one way of doing this is using multiple-
angle formulae. See your Vectors and Matrices lecture notes if you
haven’t ceremoniously incinerated them at the end of your first year.
But just in case, here is how it works. Write
eiθ + e−iθ
cos θ = .
2
Taking fourth powers we get
1 4iθ
cos4 θ = e + 4e2iθ + 6 + 4e−2iθ + e−4iθ

16
which we can rewrite as
1 1 3
cos4 θ = cos 4θ + cos 2θ + .
8 2 8
Hence Z π/2
3π
cos4 θdθ = .
0 16
We deduce that the volume of the ball of radius r in 4-space is
π 2 r4
(9) V (Br ) = .
2
3. The Four Squares Theorem
Theorem 5.3. Every positive integer n can be written as the sum of
four integer squares.
This is a statement that your non-mathematical parents would un-
derstand. If they ask you what you’ve learned in three or four years
on a maths degree you can mention this, and they’ll be very impressed
and think that your education has been worthwhile. Most of your other
modules give you statements that are pure gobbledygook to the unini-
tiated. Galois Theory gives a few statements that your parents might
understand but they’re all negative: you can’t solve a quintic, or con-
struct a heptagon, or trisect an angle. Number Theory gives positive
3. THE FOUR SQUARES THEOREM 61
assertions that broaden your horizons, and expand the frontiers of your
knowledge . . .
If you’ve survived reading the previous paragraph without vomiting
then you have strong constitution and is ready for the proof of the Four
Squares Theorem.
Proof of the Four Squares Theorem. First we prove the state-
ment of the theorem for primes. If p = 2 then we can write p =
12 + 12 + 02 + 02 , so assume that p is an odd prime. By one of the
exercises on the early homework assignments—unassessed due to lack
of foresight on my part—you know that there integers a, b such that
a2 + b 2 + 1 ≡ 0 (mod p).
Let
Λ = {(x, y, z, w) ∈ Z4 : x ≡ az+bw (mod p), y ≡ bz−aw (mod p)}.
This common-sensically is a sublattice of Z4 of index p2 .
We also take
C = {(x, y, z, w) ∈ R4 : x2 + y 2 + z 2 + w2 < 2p}.
√
This is a ball of radius 2p, so is convex and symmetric and by (9) we
have
π2 p
V (C) = ( 2p)4 = 2π 2 p2 > 24 p2 .
2
Hence the hypotheses of Minkowski are satisfied. So we have a point
(x, y, z, w) common to both Λ and C that is not (0, 0, 0, 0). As (x, y, z, w)
is in Λ, the coordinates are integers and
x2 + y 2 + z 2 + w2 ≡ (az + bw)2 + (bz − aw)2 + z 2 + w2
= (a2 + b2 + 1)(z 2 + w2 ) ≡ 0 (mod p).
However, as (x, y, z, w) is a non-zero point of C,
0 < x2 + y 2 + z 2 + w2 < 2p,
so x2 + y 2 + z 2 + w2 is an integer strictly between 0 and 2p that is
divisible by p. The inescapable conclusion is x2 + y 2 + z 2 + w2 = p.
This proves the theorem for primes. To complete the proof we need
the identity
(10) (a2 + b2 + c2 + d2 )(x2 + y 2 + z 2 + w2 ) =
(ax−by−cz−dw)2 +(ay+bx+cw−dz)2 +(az−bw+cx+dy)2 +(aw+bz−cy+dx)2
Now if n > 1 is a positive integer then you can write as a product
of primes and use the identity repeatedly to write n as a sum of four
squares.
Notes:
• The Four Squares Theorem was proved by Joseph Louis La-
grange in 1770, though the theorem appears–without proof–
in the Arithmetica of Diophantus (probably written around
250AD). We have followed Davenport’s proof of the Four Squares
Theorem (1941).
• Another fascinating question is, in how many ways can we
write a positive integer n as the sum of four squares? This
was answered in 1834 by Carl Jacobi. He showed that this
number is eight times the sum of the divisors of n if n is odd,
and 24 times the sum of the odd divisors of n if n is even.
Jacobi’s theorem has remarkable proof using modular forms.
• Where does identity in (10) come from? You are surely familiar
with the multiplicative property of norms of Gaussian integers.
If α = a + bi ∈ Z[i] then the norm of α is defined by N (α) =
a2 + b2 , and you know N (αβ) = N (α)N (β). The identity in
(10) is the corresponding identity for quaternion norms.
4. Proof of Minkowski’s Theorem

Now that you’ve seen these ‘wicked’ applications of Minkowski’s
Theorem, you’re obviously dying to see its proof. But that has to wait
(I know I’m cruel) until after Blichfeldt’s Theorem.
Theorem 5.4. (Blichfeldt’s Theorem) Let m ≥ 1 be an integer.
Let S be a subset of Rn with volume V (S) satisfying
V (S) > m.
There exists m + 1 distinct points x0 , . . . , xm ∈ S such that
xj − xi ∈ Zn , for 0 ≤ i, j ≤ m.
Proof. Let χS be the characteristic function of S; thus
(
1 if x ∈ S
χS (x) =
0 if x ∈ / S.
Then
Z
(11) V (S) = χS (x) dx.
Rn
Let W be the unit cube:

W = {(x1 , . . . , xn ) : 0 ≤ xi < 1}.
4. PROOF OF MINKOWSKI’S THEOREM 63
Then every vector x ∈ Rn can be decomposed uniquely 1 as x = z + w

where z ∈ Zn and w ∈ W . Thus
[
Rn = (z + W ),
z∈Zn
where
z + W = {z + w : w ∈ W }.
Thus we can rewrite (11) as
XZ
V (S) = χS (z + w) dw.
z∈Zn w∈W
2
Interchanging the summation and integration signs we obtain
Z !
X
V (S) = χS (z + w) dw.
w∈W z∈Z
P
Write f (w) = z∈Z χS (z + w), and recall that V (S) > m is a hypoth-
esis of the theorem. Hence
Z
f (w)dw > m.
w∈W
But W has volume P 1. Hence there is some point w ∈ W such that
f (w) > m; i.e. z∈Z χS (z + w) > m for that particular w. But the
χS (z+w) are ones and zeros, so there are m+1 distinct z0 , . . . , zm ∈ Zn
such that χS (zi + w) = 1. Write xi = zi + w, so the xi are distinct.
Now note that χS (xi ) = 1, so by definition of χS , the xi are in S.
Finally
xj − xi = (zj + w) − (zi + w) = zj − zi ∈ Zn ,
which completes the proof.
Here is the statement of Minkowski again, with proof.
Theorem 5.5. (Minkowski’s Theorem) Let Λ be a sublattice of Zn
of index m. Let C be a convex symmetric subset of Rn having volume
V (C) satisfying
V (C) > 2n m.
Then C and Λ have a common point other than 0.
1For example in R2 , we write (1.7, 5.9) = (1, 5) + (0.7, 0.9) where we note that
(1, 5) ∈ Z2 and (0.7, 0.9) ∈ W .
2To justify interchanging integration with infinite summation one needs rather
delicate theorems in Lebesgue Integration. Fortunately/unfortunately for you, I’ve
forgotten my Lebesgue and so I can’t tell you about it. But beware, Analysis
lecturers with no sense of humour don’t like to see this sort of thing without justi-
fication; they would regard my lecture notes as mathematical pornography.
Proof. Let
1 1
S= C= x:x∈C .
2 2
The volume of S is
1
V (S) = V (C) > m.
2n
By Blichfeldt’s Theorem, there are m+1 distinct points x0 , . . . , xm ∈ S
such that
xj − xi ∈ Zn , for 0 ≤ i, j ≤ m.
n
Let yj = xj − x0 ∈ Z for j = 0, . . . , m. These are m + 1 distinct
points yj in Zn and Λ has m cosets in Zn . So two distinct yi , yj lie in
the same coset of Λ. Thus, xj − xi = yj − yi is a non-zero element of
Λ. Now we can write xj = c/2 and xi = c0 /2 where c and c0 are in C.
Hence
c − c0
2
is a non-zero element of Λ. Now C is symmetric so, −c0 ∈ C as well
as c ∈ C. Finally C is convex and (c − c0 )/2 is the mid-point between
c and −c0 , so it must be in C as well as being a non-zero element of
Λ. This is the point whose existence is asserted in the statement of the
theorem.
CHAPTER 6
Irrationality and Transcendence
1. Irrationality: First Steps

A number in C is called irrational
√ if it does not belong to Q.
You of course recall the proof that 2 is irrational which you did in
Foundations. Let’s go through it again as it is the model for Gauss’
Theorem below.
√
Theorem 6.1. 2 is irrational.
√
Proof.√The proof is by contradiction. Suppose 2 is rational, and
write it as 2 = a/b where a, b are coprime integers with b 6= 0. Then
a2 = 2b2 , so a2 is even and hence a is even. We write a = 2c where
c is an integer. Thus b2 = 2c2 . Hence b2 is even and therefore b is
even. Since a, b are both even they’re not coprime; this is the desired
contradiction.
Theorem 6.2. (Gauss) Let f (x) = a0 + a1 x + · · · + an−1 xn−1 + xn be a
monic polynomial with integer coefficients and degree n ≥ 1. The only
possible rational roots of f are integers which divide a0 .
Proof. Let λ be a rational root and write λ = c/d where c, d are
coprime integers with d > 0. Thus
c cn−1 cn
(12) a0 + a1 + · · · + an−1 n−1 + n = 0.
d d d
Multiplying by dn and rearranging we have
d(−a0 dn−1 − a1 cdn−2 − · · · − an−1 cn−1 ) = cn .
Thus d | cn . We argue that d = 1. Suppose d > 1 and let p be a prime
factor of d. Then p | d so p | cn and hence p | c, contradicting the
fact that c and d are coprime. Hence d = 1. Therefore λ = c ∈ Z.
Moreover, by (12) we have
c(−a1 − a2 c − · · · − an−1 cn−2 ) = a0 ,
hence c | a0 . In otherwords, any rational root of f must be an integer
dividing a0 .
65
66 6. IRRATIONALITY AND TRANSCENDENCE
From Gauss’ Theorem it √is easy to deduce the following generaliza-

tion of the irrationality of 2.
Corollary 6.3. Let n > 1 be a positive integer.√Suppose that d is a
positive integer that is not an n-th power. Then n d is irrational.
√
Proof.√Let f (x) = xn − d. √Suppose n d is rational. By Gauss’
Theorem, n d is an integer, say n d = c ∈ Z. Then d = cn is a square,
giving a contradiction.
2. The irrationality of e
So far the only irrational numbers we’ve seen are roots of polynomi-
als. It is natural to wonder about the irrationality of naturally occuring
numbers such as e = exp(1). In fact Euler proved that e is irrational.
Theorem 6.4. (Euler) e = exp(1) is irrational.
Proof. The proof starts with the familiar power series expansion
∞
X xn
exp(x) = .
n=0
n!
Thus
1 1
e=1+1+ + + ··· .
2! 3!
Suppose that e is rational, and write e = a/b where a, b are positive
coprime integers. Now

1 1
(b − 1)!a = b!e = b! 1 + 1 + + + · · ·
2! 3!

1 1 1 1
= b! 1 + 1 + + · · · + + b! + + ··· .
2! b! (b + 1)! (b + 2)!
Write

1 1
α = b! 1 + 1 + + · · · +
2! b!
and note that α is an integer. Thus (b − 1)!a − α is an integer. Write
β = (b − 1)!a − α ∈ Z. We see that

1 1
β = b! + + ··· .
(b + 1)! (b + 2)!
3. WHAT ABOUT TRANSCENDENTAL NUMBERS? 67
It is clear from this that β > 0. However,

1 1 1
β= + + + ···
b + 1 (b + 1)(b + 2) (b + 1)(b + 2)(b + 3)

1 1 1 1
= 1+ + + + ···
b+1 b + 2 (b + 2)(b + 3) (b + 2)(b + 3)(b + 4)

1 1 1 1
< 1+ + + + ···
b+1 b + 1 (b + 1)2 (b + 1)3
!
1 1
= 1 (by the formula for geometric series)
(b + 1) 1 − b+1
1
= < 1.
b
Summing up, β is an integer and 0 < β < 1. This is impossible! Hence
e is irrational.
You can see from the proof why Euler was such a hero.
3. What about Transcendental Numbers?

Definition. A number α ∈ C is algebraic if there is some n ≥ 1
and integers a0 , a1 , . . . , an , not all zero, such that α is a root of the
polynomial
a0 + a1 x + · · · + an x n .
A number α ∈ C is transcendental if it is not algebraic.
It is easy to come up with examples of algebraic numbers.
Example 3.1. 1 is algebraic because it is a root of x − 1 which has
integer coefficients. The number −5/17 is algebraic
√ because it is a root
of 17x + 5 which has integer coefficients. Also 2 is algebraic because
it is a root of x2 − 2 which has integer coefficients.
By now you must have formulated and proved in your head the
following lemma.
Lemma 6.5. Every rational number is algebraic.
3.1. Hocus Pocus. It is not so easy to give examples of tran-
scendental numbers. But there is a magic way to show that there are
plenty of transcendental numbers. If you remember your Foundations,
it isn’t hard to show that algebraic numbers are countable, whilst you
know that real and complex numbers are uncountable. This shows that
‘almost all’ numbers are transcendental. If you’re a set-theorist then
you’d satisfied with this; no need for examples. But if you’re a normal
person, you’d no doubt be dying to see one.
3.2. More on algebraic numbers.

Definition. Let α be an algebraic number. The degree of α is the
smallest positive integer d such that there is a polynomial f ∈ Z[x] of
degree d with f (α) = 0.
Lemma 6.6. Let α be an algebraic number of degree d. Then it is a
root of an irreducible polynomial f ∈ Z[x] with degree d.
Proof. All we’re adding to the definition is the specification that

f is irreducible. If it isn’t, then we can write f (x) = g(x)h(x) with
g(x), h(x) ∈ Z[x] having degree smaller than d and either g(α) = 0 or
h(α) = 0. This contradicts the mimimality of d.
Theorem 6.7. (Liouville’s Theorem) Let α ∈ R be an algebraic num-

ber of degree d. Then there is a constant C > 0, depending on α, so
that for all rational numbers p/q,

p p C
either α = , or − α ≥ d .
q q q
Proof. We know that f (α) = 0 for some irreducible polynomial

f ∈ Z[x] of degree d ≥ 1. Write
f (x) = a0 + a1 x + · · · + ad xd .
Then
pd

p p
f = a0 + a1 + · · · ad d
q q q
N
= d
q
where N = a0 q d + a1 pq d−1 + · · · + ad pd . Clearly N ∈ Z. Can N = 0?

Let’s suppose it is. Then f (p/q) = 0, so qx − p is a factor of the
irreducible polynomial f . Hence f has degree 1 and is equal to qx − p
up to multiplication by a non-zero constant. By f (α) = 0. Hence
qα − p = 0 so α = p/q.
What happens if α 6= p/q. Well, for a start N 6= 0. As N is an
integer, |N | ≥ 1. So

f p ≥ 1 .

q qd
3. WHAT ABOUT TRANSCENDENTAL NUMBERS? 69
Now we note that

1 f p

≤
qd q

p
(13) = f (α) − f
since f (α) = 0
q

0
p
= f (η) α − ,
q
by the Mean Value Theorem, where η is some number between α and
p/q.
Let
C 0 = sup {|f 0 (t)| : α − 1 ≤ t ≤ α + 1.} .
Let
1
C = min 1, 0 .
C
We shall show that

α − p C
≥ ,
q qd
which proves the theorem. If α − 1 ≤ p/q ≤ α + 1, then η is also in the
interval [α − 1, α + 1]. So f 0 (η) ≤ C 0 . Hence by (13),

p
α − ≥ 1 1 ≥ C ,

q C 0 qd qd
which is what we want. Now all we have to worry about is the case
when p/q is outside the interval [α − 1, α + 1]. But this is easy:

α − p ≥ 1 ≥ 1 ≥ C ,

q qd qd
which completes the proof.
3.3. Transcendentals at last. Now at last we can see some tran-

scendental numbers. Joseph Liouville was the first to construct them
in 1844. Here is his example.
Corollary 6.8. Let
∞
X 1
α= i!
.
i=0
10
Then α is transcendental.
Proof. We do this using contradiction. Suppose that α is alge-

braic of degree d. Let n ≥ 1 and let q = 10n! . Let
n
X 1
p=q· i!
.
i=0
10
Note that p, q are positive integers, and that
p
0<α−
q
1 1
= (n+1)! + (n+2)! + · · ·
10 10
1 1 1
= (n+1)! 1 + (n+2)!−(n+1)! + + (n+3)!−(n+1)! + · · ·
10 10 10

1 1 1
< (n+1)! 1 + + 2 + ···
10 10 10
10
= .
9 · 10(n+1)!
By the first inequality α 6= p/q. So we know by Liouville’s Theorem
that, for some positive constant C
10 C C
(n+1)!
> d = d·n! .
9 · 10 q 10
Hence
10
> 10(n+1)!−d·n! .
9C
Note here that d and C are fixed, where as we can choose n as large as
we like. Making n very large gives a contradiction.
Perhaps you’re not impressed. Maybe you think that Lioville’s

number is a little artificial? What about naturally occuring numbers
like e and π? Are they transcendental? Perhaps you should check out
Wikipedia.
APPENDIX X
Last Year’s Exam

THE UNIVERSITY OF WARWICK
THIRD YEAR EXAMINATION : April 2010
TOPICS IN NUMBER THEORY
Time Allowed: 3 hours

Read carefully the instructions on the answer book and make sure that
the particulars required are entered on each answer book.
Calculators are not needed and are not permitted in this examination.
ANSWER 4 QUESTIONS.
If you have answered more than the required 4 questions in this ex-
amination, you will only be given credit for your 4 best answers. The
numbers in the margin indicate approximately how many marks are
available for each part of a question.
1) Let p be a prime.
a) What does it mean for an integer g to have order d modulo p?
[2]
b) Show that if g has order d modulo p and if g m ≡ 1 (mod p)
then d | m. [6]
c) Suppose g1 and g2 respectively have orders d1 , d2 modulo p.
Suppose moreover that gcd(d1 , d2 ) = 1. Show that g1 g2 has
order d1 d2 modulo p. [6]
d) What does it mean for g to be a primitive root modulo p? [2]
e) Show that p must have a primitive root. You may assume that
e
if q e is a prime power dividing p − 1 then xq ≡ 1 (mod p) has
precisely q e incongruent solutions modulo p. [6]
f) Find a primitive root for 149. You may use the following
observations: [3]
149 = 22 ×37+1, 537 ≡ 444 ≡ 1 (mod 149), 442 6≡ 1 (mod 149).
71
72 X. LAST YEAR’S EXAM
2)
a) Let a be an integer and p an odd prime. Show that

a
≡ a(p−1)/2 (mod p).
p
You may assume standard facts about primitive roots. [7]
b) State without proof the two supplements to the law of qua-
dratic reciprocity. [4]
c) Let x be an even integer. Show that every prime divisor p of
x4 + 1 satisfies

−1 2
= = 1,
p p
and hence p ≡ 1 (mod 8). Hint: You might find it helpful to
observe that x4 + 1 = (x2 + 1)2 − 2x2 . [7]
d) Deduce that there are infinitely many primes p ≡ 1 (mod 8).
[7]
3)
a) State Blichfeldt’s Theorem and Minkowski’s Theorem. [6]
b) Give a proof of Minkowski’s Theorem assuming Blichfeldt’s
Theorem. [6]
c) Let a, b > 0. Show that the area of the ellipse
x2 y 2
+ 2 <1
a2 b
is πab. You may assume the formula for the area of a circle.
[6]
d) Suppose λ and N are coprime positive integers satisfying
λ2 ≡ 2 (mod N ).
Show that there are integers x, y such that [7]
2 2
x − 2y = ±N.
Hint: In Minkowski’s Theorem, take the convex symmetric
set to be
C = {(x, y) ∈ R2 : x2 + 2y 2 < 2N }.
X. LAST YEAR’S EXAM 73
4)
a) Let f (X) ∈ Z[X], a ∈ Z and n a positive integer. Show that
f (n) (a)/n! is an integer. [4]
b) Let f (X) ∈ Z[X]. Let p be a prime and m ≥ 1. Suppose
a ∈ Z satisfies
f (a) ≡ 0 (mod pm ), f 0 (a) 6≡ 0 (mod p).
Show that there exists some b ∈ Z such that [8]
b ≡ a (mod pm ), f (b) ≡ 0 (mod pm+1 ).
c) Solve the following simultaneous system of congruences [4]
2 3 2
x ≡3 (mod 5 ), x ≡6 (mod 7).
d) Solve the following simultaneous system of congruences [9]
3 3
y ≡3 (mod 5 ), y≡1 (mod 4).
5) Let p be a prime.
a) Let α be a rational number. Define ordp (α) and |α|p . [2]
b) Let α, β be rational numbers. Prove that
ordp (α + β) ≥ min{ordp (α), ordp (β)},
and [8]
|α + β|p ≤ max{|α|p , |β|p }.
c) Prove that the series of rational numbers ∞
P
n=1 an converges
in Qp if and only if limn→∞ |an |p = 0. You may assume that a
sequence converges in Qp if and only if it is p-adically Cauchy.
[7]
d) State—with proof—for which primes p do the following series
converge in Qp ?
(i) 1 + (21/2)2 + (21/2)4 + (21/2)8 + · · · . [4]
(ii) 11 + 22 + 33 + 44 + · · · . [4]
APPENDIX Y
Mathematical Pornography
After I wrote the footnote on page 63 in last year’s lecture notes, I

was inundated with requests for more explicit examples of mathemat-
ical pornography. Being an obliging and generous person, I’ll share
with you couple of my favourites. They are due to Leonhard Euler, the
greatest mathematician (and mathematical pornographer) of his age.
Needless to say the material in this appendix is not examinable and
is merely for your own personal gratification.
Euler defines x n
ex = lim 1 +
n→∞ n
and wants to deduce the well-known power series expansion for ex .
So he introduces infinite numbers, and reasons that if i is an infinite
number then obviously
i i(i − 1) i(i − 1)(i − 2)
= 1, = 1, = 1, . . . .
i i2 i3
Thus
x
x n
e = lim 1 +
n→∞ n
x i
= 1+ i infinite
i
x i(i − 1) x2
=1+i + + ··· using the binomial theorem
i 2! i2
x2
=1+x+ + ···
2!
Next Euler wants to derive the power series expansion for log(1 + t).
To do this he defines the infinitesimal = 1/i. This infinitesimal is so
small that
(14) 2 = 3 = · · · = 0.
Now to get the power series expansion for log(1 + t), write x = 1 + t,
and y = log x. Thus
y i
x = ey = 1 + .
i
75
76 Y. MATHEMATICAL PORNOGRAPHY
Hence
y
x = x1/i = 1 + = 1 + y.
i
Rearranging we get
1 1
(15) log(1 + t) = log x = y = (x − 1) = (−1 + (1 + t) ) .

Now by the Binomail Theorem
( − 1) 2 ( − 1)( − 2) 3 ( − 1)( − 2)( − 3) 4
(1+t) = 1+t+ t+ t+ t +· · ·
2! 3! 4!
However, by (14) we can eliminate all higher powers of . Thus
− 2 2! 3 −3! 4
(1 + t) = 1 + t + t + t + t + ···
2! 3! 4!

= 1 + t − t2 + t3 − t4 + · · ·
2 3 4
Substituting into (15) we obtain
1 2 3 4
log(1 + t) = t − t + t − t + · · ·
2 3 4
t2 t3 t4
= t − + − + ···
2 3 4
1. An Integral Equation
R Here
R x is an beautiful example I found on mathoverflow.org. Let
“ = 0 ”. We want to solve the integral equation
Z
f − f = 1.
Factoring out the f we have

Z
1− f = 1.
Hence
Z −1
f= 1− 1
Z ZZ ZZZ
= 1+ + + +··· 1
Z x Z xZ x Z xZ xZ x
=1+ 1+ 1+ 1 + ···
0 0 0 0 0 0
x2 x3
=1+x+ + + ···
2! 3!
= ex .

Topics in Number Theory - Siksek

Uploaded by

Copyright:

Available Formats

Topics in Number Theory - Siksek

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Topics in Number Theory - Siksek

Uploaded by

Copyright:

Available Formats

MA3H1

Chapter -1. FAQ 6

Theorem 1.2. (Division with remainder) Let a, b be integers with b

Proposition 1.3. Let I be an ideal in Z. Then I is principal. More-

3. Greatest Common Divisors

In other words I is the set of all linear combinations of the ai with

it is an element of I and I is the set of integral linear combinations of

Proof. Since gcd(u, v) = 1 we can, using Theorem 1.4, write 1 =

5. The Euclidean Algorithm

Proof. Note that for any integer c

Hence gcd(a, b) | gcd(b, r) and gcd(b, r) | gcd(a, b), and so gcd(a, b) =

6. Primes and Irreducibles

In other words, the only factors of p are ±1 and ±p, so p is irreducible.

You should have no trouble remembering the following theorem or

Proof. Let us prove it for n = 2. The general case then follows

We extend ordp to a function Q → Z ∪ {∞} by defining

where P is the set of all primes.

Proof of Theorem 1.14. Part (1) is obvious from Lemma 1.15.

(c) If a ≡ b (mod m) then na ≡ nb (mod nm).

9.1. Inverses modulo m.

9.2. Complete Residue Systems. A complete residue system

elements. Hence c1 , c2 , . . . , cm is a rearrangment of {0, 1, . . . , m − 1}.

9.3. Reduced Residue Systems.

9.4. The Theorems of Fermat and Euler.

Theorem 1.23. (Euler’s Theorem) If gcd(c, m) = 1 then cϕ(m) ≡ 1

Corollary 1.24. (Fermat’s Little Theorem)

10. The Chinese Remainder Theorem

Lemma 1.26. With notation as in the Chinese Remainder Theorem,

Multiplicative Structure Modulo m

ϕ(m1 m2 ) = ϕ(M ) = #U (M ) = # (U (m1 ) × U (m2 ))

satisfying x ≡ ai (mod mi ) and 0 ≤ x ≤ mi − 1. But c satisfies these

be its factorisation into prime powers with ri ≥ 1. Then

Proof. We will prove that if p is a prime and r ≥ 1 then ϕ(pr ) =

Proof. Let d be the order of a modulo m. Then ad ≡ 1 (mod m)

By Lemma 2.6, X p−1 − 1 factors completely modulo p and has distinct

The order of 44 modulo 149 divides 4 and so is 1, 2 or 4. But

1. Quadratic Residues and Non-Residues

2. Quadratic Residues and Primitive Roots

• The quadratic residues modulo p are of the form g r where 0 ≤

Proof. Let g be a primitive root modulo p. Modulo p, the integers

Before we start proving properties of the Legendre symbol, we need

Proof. Let h = g (p−1)/2 . Then h2 = g p−1 ≡ 1 (mod p). So p |

3. First Properties of the Legendre Symbol

Hence suppose that p - a. Let g be a primitive root modulo p. We

by Lemma 3.2. This proves (ii).

4. The Law of Quadratic Reciprocity

Example 4.1. Is 94 a square modulo 257? One way to decide this

Hence 94 is not a square modulo 47.

Proof of the First Supplement. By Euler’s Criterion (Propo-

To prove the Law of Quadratic Reciprocity we need Gauss’ Lemma.

Theorem 3.5. (Gauss’ Lemma) Let p be an odd prime and write

Proof of Gauss’ Lemma. We will show that (−1)µ(a) a(p−1)/2 ≡

s we obtain the desired conclusion that (−1)µ(a) a(p−1)/2 ≡

It remains to prove our claim that |aS|

Observe that if u ≡ v (mod p) then 2πu/p and 2πv/p differ by a

sign of u so that u = sgn(u)|u|. Then sin(2πu/p) = sgn(u) sin(2π|u|/p).

From the last two equations,

However, from the proof of Gauss’s Lemma, {|qs|