OURNAL OF I NQUIRY-B ASED L EARNING IN M ATHEMATICS

J No. 20, (Dec. 2010)

A
DO-IT-YOURSELF
INTRODUCTION TO NUMBER
THEORY

William Priestley << James T. Cross

University of the South

Contents

Preface iv

To the Instructor v

To the Student viii

1 The Fundamental Theorem of Arithmetic 1

1.1 The Fundamental Theorem in Z . . . . . . . . . . . . . . . 1
1.2 The Fundamental Theorem in the Gaussian Integers . . . . . 6
1.3 An Integral Domain That Does Not “Enjoy” Unique Factor-
ization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.4 Polynomials Over a Field . . . . . . . . . . . . . . . . . . . 11

2 An Overview of the Primes in Z 16

2.1 More Arithmetic in Z . . . . . . . . . . . . . . . . . . . . . 16
2.2 Some Special Primes in Z . . . . . . . . . . . . . . . . . . . 18

3 Congruences 21
3.1 Congruences and the Ring Zn . . . . . . . . . . . . . . . . . 21
3.2 The Euler φ -Function . . . . . . . . . . . . . . . . . . . . . 24
3.3 Arithmetic Functions . . . . . . . . . . . . . . . . . . . . . 29
3.4 Primitive Roots (mod p) . . . . . . . . . . . . . . . . . . . 31
3.5 Communicating by Secret Code . . . . . . . . . . . . . . . 33

4 Quadratic Reciprocity 35
4.1 Squares mod p . . . . . . . . . . . . . . . . . . . . . . . . 35

5 Sums of Two Squares and Pythagorean Triples 42

5.1 Which Positive Integers Are Sums of Two Squares? . . . . . 42
5.2 Pythagorean Triples in Z . . . . . . . . . . . . . . . . . . . 45

ii
CONTENTS iii

Notes to the Instructor 50

William Priestley << James T. Cross www.jiblm.org

Preface

This course, and its accompanying notes, were developed by (now retired)
Professor James T. Cross over many years at the University of the South.
The course has been consistently popular and it continues to be offered
by friends of Prof. Cross, most recently by Profs. Drinen and Priestley.
The notes were typeset in LaTeX in 2009 by Ye Katerina Totskaya and Van
Nguyen. Subsequently, Chris Parrish has worked tirelessly to bring this
work to completion. The notes are made available here by the Department
of Mathematics and Computer Science as a tribute to Jim Cross’s commit-
ment to mathematics education.

iv
To the Instructor

These notes on Number Theory were developed, class-tested, and modified

several times, by James T. Cross over many years of teaching at the Univer-
sity of the South, Sewanee, Tennessee. Cross retired in the 1990s, but his
notes have since continued to be used in Math 313 by other instructors.
Math 313 is a one-semester course intended for third-year undergraduate
mathematics majors. It is usually comprised of six or eight students who
have met the only prerequisite—a course in Discrete Structures, intended
among other things to introduce them to proofs, and, in particular, to proofs
using mathematical induction.
Typically, a daily classroom experience in Math 313 consists of two
or three students each presenting their demonstrations of solutions (often
proofs) to three or four exercises from the notes expressly assigned to them
for that day. The other students—and the instructor, if needed—are encour-
aged to ask questions for clarification when necessary. During the course of
the semester the students often have to build upon the work of their fellow
students, as the exercises often require the results of previous exercises in
order to be done easily and quickly.
If a bewildered student should come to the instructor the day before class
to ask for help in presenting his/her assignment, there is usually a typical
response that begins: Do you understand the results of the previous couple
of exercises? Have you thought about how those results might make your
assignment easier? And have you glanced ahead a little to see where all of
this may be leading?
It takes some measure of maturity and patience on the part of students
to take full advantage of such a response, and the major prerequisite for
this course is a willingness to cultivate such maturity if it is not already
present. The reward of such a regimen over the course of an entire semester,
however, is often a marked improvement in the students’ abilities to express
themselves clearly for the benefit of their fellows. Also, in focussing upon
clarity, the students may inadvertently learn to read mathematics with far
more attention than before.
Cross’s initial chapter begins by considering carefully how the simple
division theorem and its systematic repetition in the Euclidean algorithm

v
To the Instructor vi

lead to something with which all students are already familiar—the funda-
mental theorem of arithmetic in its original setting of the natural numbers.
The notes then go on to show how an attempt to extend the notions involved
to the Gaussian integers leads naturally to the ideas of groups, rings, ide-
als, integral domains, and isomorphisms—thus introducing the student to
basic ideas of abstract algebra. Cross gives an example of a simple integral
domain in which the fundamental theorem fails, and goes on to investigate
how the theorem manifests itself in unsuspected places, such as in the fun-
damental theorem of algebra. Here it comes as something of a revelation to
many students to see clearly how the splitting of an n-th degree polynomial
over the complex numbers into n linear factors (primes) may be understood
as nothing other than the familiar fundamental theorem of arithmetic as ap-
propriately conceived in the integral domain C[x].
The titles of the remaining chapters and the titles of the sections therein
indicate clearly how the course proceeds. Actually, we have never been able
to work completely through all the notes in any one semester. Sometimes we
choose to omit some sections, sometimes others. If a section is omitted, we
simply outline and take for granted the main results of the section that are
necessary to move forward. There has been at least one occasion, however,
when the students became so enthusiastic about the enterprise that some of
them agreed to meet together after the end of the semester in order to finish
every detail on their own.
Usually, we have augmented the notes by making up and assigning weekly
homework problems to be handed in by all students—sometimes including
exercises from the notes themselves intended to reinforce ideas just intro-
duced. And we usually have two or three hour tests and a final examination
to ensure that definitions and particularly important proofs and procedures
are remembered. The main focus of the class, however, has always been on
the daily regimen and on the growth it fosters among students.
Although Cross later gives precise statements of the axioms for groups,
rings, etc., he begins the notes by taking the point of view popularized long
ago, that the natural numbers just are and that we have an intuitive under-
standing of their properties—their most subtle property being formalized by
taking any one of three principles as fundamental and agreeing that the other
two are consequences of it. Thus, the well-ordering principle, the principle
of infinite descent, and the principle of mathematical induction should be
already familiar—or readily grasped—by the students, who are expected to
know how to employ such principles to establish results that hold for all
natural numbers. A reminder of the precise statements of these principles
follows this introduction.

W. M. Priestley
[email protected]

William Priestley << James T. Cross www.jiblm.org

To the Instructor vii

February, 2010

William Priestley << James T. Cross www.jiblm.org

To the Student

I have arranged in this collection a sequence of do-it-yourself exercises that

will introduce the student to the theory of numbers. These exercises are con-
cerned with the Fundamental Theorem of Arithmetic in a variety of settings,
the Quadratic Reciprocity Law, convolution of number-theoretic functions,
sums of two squares, Pythagorean triples, etc. As anyone familiar with the
subject matter will recognize, the study of these problems calls forth such
topics as congruences, the Chinese Remainder Theorem, arithmetic func-
tions, and other notions leading naturally to an introduction to groups, rings,
integral domains, and fields.
It has been my practice to simply let the students do the exercises and
present them in class. I have had very much fun in doing so, largely be-
cause the response from the students was so positive. Many of them not
only did the exercises with pleasure, but also contributed to the ongoing re-
vision of the collection. In particular I give thanks for Bob Kauffman, Mike
Crowe, Jim Mathes, Charles Yeomans, Teresa Owen, Jay Woolfson, Emily
Puckette, Lewis Jones, Nick Bennett, and Nowlin Randolph.
For a particularly good class, some of the exercises can be made strictly
do-it-yourself and might not then be formally presented in class.
Have fun!
James T. Cross, January, 1995

THREE FAMOUS PRINCIPLES

The set of natural numbers is usually denoted by N or by Z+ . The natural
numbers are simply the familiar “whole numbers” 1, 2, 3, . . ..
(WOP) Well-ordering principle: Any nonempty set of Z+ contains a
least element.
Restatement: If a set of natural numbers contains no least element, then
the set is empty.
Re-restatement: If P(n) is a proposition about the natural number n, and
if the set of all n for which P(n) is false contains no least element, then P(n)
is true for all natural numbers.
(PID) Principle of infinite descent: There is no strictly decreasing infi-

viii
To the Student ix

nite sequence of natural numbers. [You have to run into negative numbers,
which are not in Z+ , if you have a strictly decreasing infinite sequence of
whole numbers.]
Restatement: Any assertion that implies there is a strictly decreasing
sequence of natural numbers must be false.
Re-restatement: Any assertion whose negation implies there is a strictly
decreasing sequence of natural numbers must be true.
(POMI) Principle of Mathematical Induction: If P(n) is a proposition
about the natural number n, if P(1) is true, and if P(n) implies P(n + 1),
then P(n) is true for all natural numbers n.
In the natural numbers, each of these three principles implies the other
two! This means that if we accept any one of the three principles as a “self-
evident axiom” then we can logically deduce the other two as “theorems”
about Z+ .
The question of which one of the three we take as an axiom (i.e., which
one of the three we take as “most fundamental”) is really a question of aes-
thetics. The well-ordering principle is probably the most popular choice
because it is stated in terms of sets and it can be stated very briefly—and
speaking in terms of sets seems to be the preferred way of speaking of mod-
ern mathematics.
The principle of infinite descent is usually associated with Pierre de Fer-
mat (1605?-1665) and the principle of mathematical induction with Blaise
Pascal (1623-1662). This is not to say that they “discovered” the principles
first, but that they were the ones who emphasized the fundamental roles in
number theory played by the principles.
Finally, a note about some conventions used in these notes: Exercises
are numbered, but definitions are not. Instead, definitions are introduced in
bold-face, and most of the terms being defined re-appear in the index so that
they can be found again.

William Priestley << James T. Cross www.jiblm.org

Chapter 1

The Fundamental Theorem of Arithmetic

1.1 The Fundamental Theorem in Z

Definition. Let Z denote the set of all integers (the counting numbers and
their negatives together with 0) and let a, b, and c be in Z: if ab = c, then
each of a and b divides c (written a|c and b|c) and c is a multiple of each
of a and b. If u is in Z and u|1, then u is a unit in Z.
Exercise 1.1. What are the units in Z? Show that a unit in Z divides every
member of Z. Hint: The multiplicative unity 1 is of course a unit, but Z has
a unit different from unity. What is it?
Exercise 1.2. If a and b are in Z and a = ub for some unit u in Z, then there
is a unit v in Z such that b = va.
Definition. If a and b are in Z and a = ub for some unit in Z, then a and b
are associates.
Exercise 1.3. If a and b are associates, then each divides the other. Con-
versely, if each divides the other, they are associates.
Exercise 1.4. If a is in Z, what are a’s associates in Z?
Exercise 1.5. If a is in Z+ (the positive integers), then there are integers, q
and r, in Z with r = 0 or r = 1, such that a = 2q + r. (Hint: mathematical
induction on a)
Exercise 1.6. If a is in Z+ , then there exist q and r in Z, with r = 0, 1, or 2,
and such that a = 3q + r.
Exercise 1.7. If a and b are in Z+ , then there exist q and r in Z, with
0 ≤ r < b, and such that a = bq + r.
Exercise 1.8. Find integers q and r such that 12 = 5q + r, where 0 ≤ r < 5.
Find integers q and r such that 5 = 12q + r, where 0 ≤ r < 12. Find integers
q and r such that −12 = −5q + r, where 0 ≤ r < | − 5|.

1
The Fundamental Theorem of Arithmetic 2

Now you can see what we really want:

Exercise 1.9. The Divisor Theorem in Z: If a and b are in Z and b is not
0, then there exist q and r in Z, such that a = bq + r, where 0 ≤ r < |b|.
Be alert for the far-reaching consequences of this theorem.
Exercise 1.10. Give a and b various values and compare q and r. Draw
some pictures on a number line. Don’t be insulted because this seems to be
a 4th grade exercise. It will help you be a better teacher of 4th graders, or of
14th graders.
Definition. Let a and b be in Z and suppose g is in Z and g|a and g|b. Then
g is a common divisor of a and b. If g is a common divisor of a and b and
g has the property that every common divisor of a and b divides g, then g
is a greatest common divisor (GCD) of a and b. We will denote a GCD
of a and b by gcd(a, b). (You may be somewhat mystified by what seems
to be an effort to make a simple concept appear more complex. Please be
patient; you will see that this definition of a GCD will generalize readily to
other mathematical entities, which in some cases we will call integers, and
in which we don’t have the handy ordering (a < b, etc.) that we have in Z.)
Exercise 1.11. Find two GCD’s of 12 and -38.
Exercise 1.12. If g is a GCD of a and b in Z, then so is g’s associate in Z,
but there are no others. (If h is a gcd(a, b), then h|g and g|h).
Exercise 1.13. Let a and b be in Z and not both 0. Let S = {ax + by : x and
y are in Z}. S is closed under addition and under multiplication by members
of Z. That is, if s and s′ are in S and z is in Z, then s + s′ and zs are in S.
Exercise 1.14. (For those who have studied abstract algebra; we will revisit
this exercise later for everyone.) The set S of Exercise 1.13 is an ideal of the
ring Z.
Exercise 1.15. Let a and b be −6 and 4, respectively, and S = {−6x + 4y : x
and y are in Z}. List enough members of S so that you can recognize a
simpler way to define S. What is the least positive member of S?
Exercise 1.16. If a and b are in Z, not both 0, and S = {ax + by : x and y are
in Z}, then S contains a least positive member, d.
Exercise 1.17. (Use the notation of Exercise 1.16.) The member d divides
both a and b. (Start with the Divisor Theorem. Remember that d is in S. Is
a in S?)
Exercise 1.18. (Use the notation of Exercise 1.16.) If z is in Z and z|a and
z|b, then z|d. (Again remember that d has the ticket of admission to S.)
Exercise 1.19. (Use the notation of Exercise 1.16.) Put Ex’s 1.17 and 1.18
together and conclude that d is a GCD of a and b.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 3

Exercise 1.20. (Use the notation of Exercise 1.16.) If z is in Z, and d|z, then
z is in S. If s is in S, then d|s. Thus S = {nd : n is in Z}.
Exercise 1.21. (Again for those who have studied abstract algebra, and
again be assured that we will come to this again when everyone has the
tools to participate.) The ideal S of Exercise 1.13 and 1.16 is a principal
ideal, generated by d. This is not surprising, since every ideal in Z is prin-
cipal. Can you prove it?
Exercise 1.22. If 1 is a GCD of a and b, what does the set S = {ax + by : x
and y are in Z} look like? What if 2 is a GCD of a and b? What if 25 is a
GCD of a and b?
Exercise 1.23. Suppose that you have a set of two-pan balances and an
unlimited supply of 6-pound weights and 4-pound weights. Is it possible to
weigh out exactly 15 pounds of sugar? (Argue by the use of the set S of
the preceding exercises.) What if you have plenty of 25-pound weights and
46-pound weights?

We see that if a and b are in Z, not both 0, then they have a GCD in Z.
(Of course, then they have two, according to Exercise 1.12.) Our proof was
of the existence type; it doesn’t give us a method by which we can chase
down a GCD of a and b. There is an old algorithm (Euclidean) which
enables one to do so. To illustrate the method, we find a GCD of 4827 and
32586.

32586 = 4827(6) + 3624, a = bq1 + r1 ,

4827 = 3624(1) + 1203, b = r 1 q2 + r 2 ,
3624 = 1203(3) + 15, r1 = r 2 q3 + r 3 ,
1203 = 15(80) + 3, r2 = r 3 q4 + r 4 ,
15 = 3(5) + 0. r3 = r4 q5 + 0.

The last nonzero remainder in this process (r4 in this case) is a GCD of a
and b. Why? The last line shows that r4 divides r3 . Then from the next-to-
last line we see that r4 divides r2 . How do we see this? Now, keep climbing
the column until you find that r4 divides b and then a. Next, suppose d is a
common divisor of a and b. The top line shows that d divides r1 . Now, keep
descending the column until you see that d divides r4 .
Exercise 1.24. Describe the above algorithm in your own words and explain
why it can not fail to identify a GCD of a and b. Why can the steps in the
procedure not continue indefinitely?
Exercise 1.25. Use the Euclidean Algorithm to find a GCD for each of the
following pairs of integers: 36 and 188; 36 and -188; 25 and 147; -389 and
12465.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 4

Exercise 1.26. Explain why it is true that there exist integers x0 and y0 such
that 32586x0 + 4827y0 = 3. Then using (x0 , y0 ) as a base point on the graph
of 32586x + 4827y = 3, write parametric equations of the line and show
how to generate all (infinitely many) integer solutions of the equation. Also
show that the same applies when 3 is replaced by any multiple of 3.
Exercise 1.27. Find integers x and y such that 32586x + 4827y = 3. I’ll help
you get started. Go back to the display in which we found a GCD of the two
integers:

3 = 1203+15(-80)
= 1203+[3624+1203(-3)](-80) = 3624(-80)+1203(241)
= 3624(-80)+[4827+3624(-1)](241) = 4827(241)+3624(-321)
= ...

Now you finish. (Then find all (infinitely many) pairs (x, y) of integers
such that (x, y) is on the graph of the equation.) Put the algorithm in your
own words and explain why it must succeed in expressing a GCD of two
integers as a “linear combination” of the two integers.
Exercise 1.28. For each given pair of integers of Exercise 1.25 give your
GCD as a linear combination of the two integers.
Definition. If 1 is a GCD of the two integers, a and b, then a and b are said
to be relatively prime or coprime and each is said to be relatively prime to
the other or coprime with the other.
Exercise 1.29. The integers a and b are relatively prime if and only if 1 and
-1 are their only common divisors. This is true if and only if there exist
integers x and y such that ax + by = 1.
Exercise 1.30. If each of c, a, and b is in Z and c|ab and c is relatively prime
to a, then c|b. Hint: cx + ay = 1. Multiply through by b.
Definition. Let n be in Z and n not be 0 and n not be a unit. If every divisor
of n is either a unit or an associate of n (thus the only divisors of n are 1,
−1, n, and −n), then n is a prime in Z; if n is not prime in Z (thus n has a
divisor other than 1, −1, n, −n), then n is said to be composite.
Exercise 1.31. The set Z of integers can be partitioned into four non-intersecting
classes. These are 0, the units, the primes, and the composites.
Exercise 1.32. Find all the primes between 0 and 100 and all those between
-100 and 0.
Exercise 1.33. If p is a prime in Z and p|ab, then p|a or p|b. If n is com-
posite in Z, n may divide ab without dividing a or b. Give examples.
Exercise 1.34. Show that 3100 6= 7k for any integer k. (Hint: 3 is a prime
dividing the left side of the inequality. Use Exercise 1.33).

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 5

Exercise 1.35. If p and q are primes in Z and p|q, then p = q or p = −q.

Exercise 1.36. Let a be composite in Z. Then a = bc for some b and c in
Z, where neither b nor c is a unit or an associate of a; if a is positive, then
there exist b and c in Z with 1 < b < a and 1 < c < a and such that a = bc.
Exercise 1.37. If a is in Z and a > 1, then a is a product of positive primes.
(We consider a single prime to be a product having one factor.) (Hint: Sup-
pose for some bad a > 1, a is not a product of positive primes. Let L be the
least such bad one. Is L composite? Proceed.)
Exercise 1.38. If a is in Z and a is not 0 and a is not a unit, then a is a
product of primes.
Exercise 1.39. Express each of the following integers as a product of primes:
48, −48, 3624, −3624, 10000, −10000. Do you have some choice in each
case? Exactly what choices do you have?
Exercise 1.40. Check that 36 = 22 32 = (−2)2 (−3)2 = 2(−2)3(−3). Show
that any prime factor of 36 divides 2 or 3 and hence is 2 or −2 or 3 or −3.
Exercise 1.41. Show that 36 can be factored into positive primes in one and
only one way: 36 = 22 32 . (Hint: Suppose that 22 32 = p1 p2 p3 . . . pr , where
the p’s are positive primes, not necessarily distinct. Does 2 divide one of
them? Is 2 one of them? Cancel 2 from both sides. Proceed.)
Exercise 1.42. If a is in Z and a > 1, then a can be factored into positive
primes in one and only one way.
Exercise 1.43. Suppose n is in Z and n 6= 0 and n is not a unit. Then a
factorization of n into primes is essentially unique. That is, if we have two
factorizations, F1 and F2 , of n into primes, and the prime p appears k times
as a factor in F1 while its associate (negative) appears m times, so that the
total number of times that p or −p occurs in F1 is k + m = r, then r is also
precisely the number of times that p or −p occurs in F2 .
Now put Ex.’s 1.38 and 1.43 together to establish the Fundamental The-
orem of Arithmetic in Z:
Exercise 1.44. If a is in Z and a 6= 0 and a is not a unit, then a can be
factored into primes, and if the distinction between a prime and its associate
is ignored, then the factorization is unique.
You should note that it is the Divisor Theorem that enabled us to waltz
straight to the Fundamental Theorem.
Exercise 1.45. Produce a road map from Exercise 1.9 to Exercise 1.44.
One is inclined to think that this emphasis on the Fundamental Theorem
is a lot of fuss about nothing since the theorem merely confirms what was

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 6

learned in elementary school. In order to help you gain some perspective

about this point and also to develop some tools with which to solve some
simple-sounding and tantalizing problems (for example, what positive in-
tegers are sums of two squares?), we are now going to examine some sets
whose members share so many properties with Z that we call them integers
(of course we will have to employ adjectives to distinguish them from Z).
We will see that in some of these sets of “integers,” factorization into primes
is unique, while in others it is not, and we will see later that this uniqeness
property is a powerful tool in solving some of those tantalizing problems.

1.2 The Fundamental Theorem in the Gaussian Integers

Definition. The subset G = {x + yi : x and y are in Z} of the complex

numbers is called the set of Gaussian Integers.
Exercise 1.46. Plot the set of Gaussian Integers in the complex plane.
Definition. A group is a nonempty set, S, together with a binary operation
on S (which we will denote at this point by the symbol, +, although the
operation may very well not be the common garden variety of addition),
which has these four properties:
1. If a and b are in S, then so is a + b. (S is closed relative to the
operation.)
2. If a, b, and c are in S, then a + (b + c) = (a + b) + c. (The operation is
associative.)
3. There is a member, e, in S, such that a + e = e + a = a. (There is an
identity member for the operation.)
4. If a is in S, there is a member, b, in S such that a + b = e. (Every
member of S has an inverse in S.)
If a group has the additional property that a + b = b + a for all a and b in
the group, then the group is said to be commutative, or abelian.
Exercise 1.47. G is an abelian group relative to addition. So is Z.
Definition. A ring R is a nonempty set with two operations (which we will
call addition and multiplication, although again they may not be the usual
sort), which have these three properties:
1. R is an abelian group relative to addition.
2. Multiplication in R is associative; that is a(bc) = (ab)c.
3. Multiplication distributes over addition; a(b + c) = ab + ac.
If a ring has the property that multiplication is commutative, then it is
called a commutative ring. If it has an identity for multiplication (distinct
from its identity for addition), then it is a ring with unity.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 7

(You may be acquainted with one ring which is not commutative: the
ring of n × n matrices.)
Exercise 1.48. G is a commutative ring with unity. So is Z.
Definition. Let a = x + yi be a complex number, where x and y are real
numbers. The norm, N(a), of a is x2 + y2 . The complex conjugate a, of a,
is x − iy.
Exercise 1.49. The norm of a is the product of a and its complex conjugate:
N(a) = aa. If a = x+yi, then N(a) is the square of the distance from (0,0) to
(x, y) in the complex plane. If a and b are complex numbers, then N(ab) =
N(a)N(b). If a is in G, the norm of a is a nonnegative member of Z. If a
and b are in G and a divides b in G, then N(a) divides N(b) in Z.
Exercise 1.50. The ring G is an integral domain; that is, a commutative
ring with unity in which the product of any two nonzero members of G is
nonzero. The same is true of Z. (One usually thinks of Z as the model for
an integral domain.)

Now we are going to do some exercises to convince you that the Funda-
mental Theorem of Arithmetic is valid in G. (I promise you that you will
see an integral domain in which the Fundamental Theorem is not valid.)
You would find it rewarding to try to navigate your own way to the goal by
attempting to adapt Exercises 1.1–1.44 to G, peeking at our program only
when (and if) you must.
Exercise 1.51. Look at the definition of a unit in Z and what it means to say
that a divides c in Z. Now, of course you can define a unit in G and say what
it means that a divides c in G. Answer: the member u of G is a unit if there
is a member v of G such that uv = 1. To say that a divides c in G (written
a|c) means that there is some b in G such that ab = c. Thus the units in G
(or in Z) are the divisors of 1.
Exercise 1.52. If u is a unit in G, then N(u) = 1. There are exactly four
members of G having norm 1 and each of these four is a unit. The set U of
units in G is {1, i, −1, −i}. This set U is a group relative to multiplication.

(We may as well note that U is the group of 4th roots of 1. If n is a

positive integer, there are n nth roots of 1, and they are a group relative to
complex number multiplication.)
Exercise 1.53. Now you can say what it means that a and b are associates in
G and show that if a and b are associates, then they have the same norm. Is
the converse true: if a and b have the same norm, then they are associates?
Exercise 1.54. Let a and b be associates in G. Describe their relative posi-
tions as points in the complex plane.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 8

Exercise 1.55. Divide 5 + 6i by 3 + i to obtain

5 + 6i 21 + 13i 1 3
= = 2 + i + + i.
3+i 10 10 10
21+13i 1 3
Plot 10 in the complex plane. Also plot 2 + i and 10 + 10 i.
Exercise 1.56. Show that 5+6i = (3+i)(2+i)+i and verify that there exist
q and r in G such that 5 + 6i = (3 + i)q + r, where 0 ≤ N(r) < N(3 + i).
Exercise 1.57. If c is a complex number, then there is a Gaussian Integer
q such that N(c − q) < 1. If a and b are complex numbers and b 6= 0, then
there is a Gaussian Integer q such that N((a/b) − q) < 1.
Exercise 1.58. If each of a, b, and q is a Gaussian Integer and r is a complex
number and a = bq + r, then r is a Gaussian Integer.
Exercise 1.59. If each of a and b is in G and b 6= 0, then there exist q and r
in G with r = 0 or N(r) < N(b) and such that a = bq + r. (This result is, of
course, the Divisor Theorem in G.)
Exercise 1.60. Practice a bit. Take some a’s and b’s and find q’s and r’s.
Then you will really understand “what’s going on”.
Definition. If a, b, and g are in G and g|a and g|b, then of course we say
that g is a common divisor of a and b. If g is a common divisor of a and b
and every common divisor of a and b divides g, then again of course we say
that g is a greatest common divisor (GCD) of a and b. (Now your patience
is paying off; you can see why we defined a gcd in Z as we did.)
Exercise 1.61. If g is a GCD of a and b in G and u is a unit in G, then ug is
a GCD of a and b in G.
Exercise 1.62. Let each of a and b be in G and not both 0. Let S = {ax+by :
x and y are in G}. Then S is closed under addition and under multiplication
by members of G, S contains a member d with least positive norm, d divides
both a and b in G and any common divisor of a and b in G divides d in G, d
is a GCD of a and b in G, and S = {nd : n is in G}.
Exercise 1.63. Every pair of Gaussian integers, at least one of which is
nonzero, has exactly four GCD’s.
Definition. If T is a group and S is a subset of T that is itself a group relative
to the operation that makes T a group, then S is a subgroup of T .
Definition. If S is a subgroup of the additive group of a ring R and S has the
property that for any s in S and any r in R, rs and sr are in S, then S is an
ideal of R.
Exercise 1.64. If R is a commutative ring with unity and a is a member of
R, then the set {ra : r is in R} is an ideal of R, called the principal ideal
generated by a.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 9

Exercise 1.65. The set S of Exercise 1.13 and the set S of Exercise 1.62 are
principal ideals of Z and G, respectively.
Exercise 1.66. Every ideal of Z and every ideal of G is a principal ideal.
Exercise 1.67. The Euclidean Algorithm can be used to chase down GCD’s
in G. For example, find a GCD of 4 + 10i and 1 + 5i by means of the
Algorithm. (Start by dividing 4 + 10i by 1 + 5i, getting a quotient and a
remainder, where the remainder has norm less than that of 1 + 5i. Compare
with Exercise 1.25.) Answer: 1 + i (or any associate of 1 + i).
Exercise 1.68. Find Gaussian integers, x and y, such that (1 + 5i)x + (4 +
10i)y = 1 + i. (Compare with Exercise 1.27.)
Exercise 1.69. For each of the following pairs of Gaussian integers, find a
GCD. Then write the GCD as a linear combination of the two given integers:
3 + i and 1 + 2i; 1 + 18i and 11 + 13i; 36 and 188.
Definition. If 1 is a GCD of two Gaussian integers, then of course they are
said to be relatively prime or coprime in G and each is said to be relatively
prime to the other.
Exercise 1.70. The Gaussian integers a and b are relatively prime if and
only if their common divisors are 1, i, −1, −i. This is true if and only if
there exist Gaussian integers, x and y, such that ax + by = 1.
Exercise 1.71. If a and b are in Z and are relatively prime in Z, then they
are relatively prime in G. (There is more to this than meets the eye. Is it
not reasonable to think that even though a and b have no nontrivial common
divisor in Z, they might have one in G?)
Exercise 1.72. If each of c, a, and b is a Gaussian integer and c and a are
relatively prime and c divides ab, then c divides b.
Definition. Let g be in G and g 6= 0 and g not a unit. If every divisor of g is
either a unit or an associate of g, then g is prime in G; if g is not prime in G
(thus g has a divisor different from g, ig, −g, or −ig), then g is composite.
Exercise 1.73. The Gaussian integers can be partitioned into four noninter-
secting classes: 0, the units, the primes, and the composites.
Exercise 1.74. The numbers 1 + i, 1 + 2i, 3, 7, 11, and 19 are all prime in
G. The numbers 1 + 5i, 2, 5, and 13 are all composite in G. (Hint: Suppose
1 + i = ab, where neither a nor b is a unit. Then N(1 + i) = 2 = N(a)N(b),
etc.)
Exercise 1.75. Let p be a prime in G and let a and b be in G. If p|ab, then
p|a or p|b.
Exercise 1.76. If p and q are prime in G and p|q, then p = q or p is an
associate of q. That is, p = q or p = qi or p = −q or p = −qi.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 10

Exercise 1.77. Fundamental Theorem of Arithmetic in G: If g is in G

and g 6= 0 and g is not a unit, then g is a product of primes. (Hint: Suppose
there is some bad g (one that is not a product of primes). Then let b be a bad
one with least norm. Then what?) Moreover, if we ignore the distinction
between a prime and its associates, then the factorization is unique.

You can see that gcd’s are related to unique factorization. Ideals √ were
conceived by E. Kummer in the 1800’s as “ideal numbers” (Was −1 a
sort of ideal number at one time? Indeed, would −1 have been considered
“ideal” when first conceived?) Kummer’s ideals were used in order to pro-
vide ideal gcd’s of numbers in certain domains in which it isn’t true that
every pair of members, not both 0, have a gcd. (This is a simplification but
maybe you can get the idea: {6x + 4y : x and y are in Z} = {2x : x is in Z}.
Now, suppose there were no number to play the role of 2 here. You could
still talk about the ideal {6x + 4y : x and y are in Z} and maybe you could
arrange things so as to think of the ideal itself as a gcd of 4 and 6.) It was a
valiant attempt to prove Fermat’s Last Theorem, which would have been
provable at the time if there weren’t some domains which do not “enjoy”
unique factorization into primes. We will have more to say about Fermat’s
Last Theorem later, but we should state it here: if x, y, z, and n are positive
integers and n > 2, then xn + yn 6= zn .
I hope that you have had fun with this new integral domain, the Gaussian
Integers, and that you were particularly impressed by the kinship between
G and Z. Have you thought about how to identify the primes in G? We can
not address that problem efficiently until we return to our study of Z and
develop some helpful tools. We shall do that presently. At this point I think
you deserve to see an integral domain in which the Fundamental Theorem
is not valid and a familiar one in which it is.

1.3 An Integral Domain That Does Not “Enjoy” Unique

Factorization

The word “enjoy” is not my concoction; it is commonly used in this context

to ascribe emotion to an abstract concept.
√
In the complex numbers, let J denote the set, {x + y 3 i : x and y are in
Z}. 1
Exercise 1.78. Plot J in the complex plane.
Exercise 1.79. J is an integral domain containing Z.
Exercise 1.80. If a is in J, then N(a) is a nonnegative member of Z. If a
and b are in J and a|b in J, then N(a)|N(b) in Z.

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 11

Exercise 1.81. The units (divisors of 1, of course) in J are the set U, each
of whose members has norm 1; U = {1, −1}.
Exercise 1.82. If a and b are in J and ab = 2, then one of a and b is a unit.
Thus, 2 is prime in J. So is −2. (You can make your own definition of a
prime in J.)
√
Exercise 1.83. If√a and b are in J and ab = 1√+ 3 i, then one of a and b is
a unit. Thus 1 + 3 i is prime in J. So is 1 − 3 i.
√
Exercise√1.84. The primes 2 and 1 + 3 i are not associates. Neither are 2
and 1 − 3 i. (Remember that if a and b are associates, then one is a unit
times the other.)
Exercise 1.85. The member 4 of J factors into primes in two distinct ways:
√ √
4 = 2 × 2 = (1 + 3 i)(1 − 3 i).

The Fundamental Theorem of Arithmetic is not valid in J. The domain J

can be enlarged to obtain an interesting and useful integral domain in which
the Fundamental Theorem is valid. That domain can be used to show that
there exists no triple {x, y, z} of positive integers such that x3 + y3 = z3 . This
is a special case of Fermat’s Last Theorem mentioned earlier: if n is in Z
and n > 2, there is no triple of positive integers such that xn + yn = zn .

1.4 Polynomials Over a Field

Now we are going to look at an integral domain with which you are familiar,
almost as familiar as you are with Z. You will see it from a new perspec-
tive and be impressed by its kinship with Z and with G. At points in our
discussion we will need the definition of a field:
Definition. A field is an integral domain in which all nonzero members are
units.
Examples: The rational numbers, Q; the real numbers, R; the complex
numbers, C; the set {a + bi : each of a and b is in Q}. (You should check out
that what I’ve said is true.) These are all examples of infinite fields; we will
see later that there are some interesting and useful finite fields with which
you probably are not yet familiar. 2
Definition. Let D be a ring (not necessarily a field). A polynomial (in one
variable) over D is an expression of this type:
a0 + a1 x + a2 x2 + a3 x3 + . . . + an xn ,
where the a’s are members of D and n is a nonnegative integer. The set of
all such polynomials will be denoted by D[x].

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 12

Of course you have seen these polynomials since you studied elementary
algebra.
Exercise 1.86. Determine whether each of the following polynomials is a
member of C[x], R[x], Q[x], G[x], and Z[x]:

• 3 + 2x + 4x2 ;
• 1/2 + 3x;
• (1 + 2i)x;
• 5;
• 3 + π x3 ;
   
2 1 1 3
• + x4 .
3 2 2 5
Definition. Let P(x) denote a polynomial in D[x], where D is a ring. If
P(x) 6= 0 (that is, some ai 6= 0) and P(x) = a0 + a1 x + a2 x2 + a3 x3 + · · · +
an xn , where an 6= 0, then n is the degree of P(x). If P(x) = 0, then P(x) has
no degree.
Exercise 1.87. Give a polynomial over Q having degree 2, give one having
degree 1, give one having degree 0, and give one having no degree.
Exercise 1.88. Let D be a ring. The polynomials over D having degree 0
are precisely the nonzero members of D.

We could make formal definitions of the sum and the product of two
polynomials in D[x]. Let us not do so. You have added and multiplied
polynomials enough so that we can avoid this bit of formalism. (Notice that
we didn’t define addition and multiplication in Z, either.) Again, I think it is
unnecessary for me to tell you what it means that a(x) divides b(x) in D[x].
What does it mean? If polynomials are added or multiplied, what can you
say about the degree of the resulting sum or product?
Exercise 1.89. If D is an integral domain (remember, every field is an inte-
gral domain), then so is D[x], and the units of D[x] (divisors of 1, of course,
where 1 denotes the unity member of D and of D[x]) are precisely the units
of D.
Exercise 1.90. Let P(x) and P1 (x) be in D[x], where D is an integral domain.
What would it mean to say that they are associates in D[x]?
Exercise 1.91. Let P(x) = 1/2 + 3x + 4x2 + 2/3x4 and P1 (x) = 3 + 18x +
24x2 + 4x4 be polynomials in Q[x]. Then P(x) does not belong to Z[x], but
P(x) and P1 (x) are associates in Q[x].

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 13

Exercise 1.92. Let 1/2 + 3x + 4x2 + 2/3x4 and 1 + 2x2 be polynomials

in Q[x]. Find polynomials q(x) and r(x) in Q[x] with r(x) = 0 or degree
(r(x)) < 2 and such that 1/2 + 3x + 4x2 + 2/3x4 = (1 + 2x2 )q(x) + r(x).
Exercise 1.93. Let F be a field and let a(x) and b(x) be polynomials over
F and let b(x) 6= 0. Then there exist polynomials q(x) and r(x) in F[x] with
r(x) = 0 or degree (r(x)) < degree (b(x)) and such that a(x) = b(x)q(x) +
r(x). (This result is, of course, the Divisor Theorem in F[x].)
Exercise 1.94. Let F denote a field. Make up your own program that leads
to the Fundamental Theorem of Arithmetic in F[x].
Exercise 1.95. Take the two given polynomials of Exercise 1.92 and chase
down a GCD by the Euclidean Algorithm. Do the same for 1 + 2x2 and
P1 (x), where P1 (x) was given in Exercise 1.91. Do you get the same an-
swer? How many such GCD’s are there in each case? Are they all asso-
ciates? In each case write your GCD as a linear combination of the two
given polynomials.
Exercise 1.96. Give examples of irreducible polynomials (primes) in Q[x],
in R[x], and in C[x].

In Chapter 5 you will see how to identify all primes in G, using those in
Z. You are pretty familiar with primes in Z, although you will learn more
about them in Chapter 2. I think that this is probably the point to teach you
some significant facts about primes in Q[x], R[x], and C[x]. First, we need a
theorem:
Exercise 1.97. Let F be a field, f (x) be in F[x], and a in F. Use the divisor
theorem in F[x] to prove that f (a) = 0 (a is a zero of f ) if and only if
(x − a)| f (x) in F[x].

Now I am going to state the Fundamental Theorem of Algebra, which

is easy to state and understand, but the proof of which does not belong in
this collection but in a course in complex variables: let f (x) be in C[x] and
have degree one or more. (You must keep aware that if f (x) is in Q[x] or
R[x], then f is in C[x].) Then there is a member c in C such that f (c) = 0
(that is, f has a zero in C). There is jargon for this: C is an algebraically
closed field ; you don’t have to go to a bigger field in order to get a zero of a
polynomial in C[x]. (This does not mean, of course, that you can easily find
the zero c.)
Exercise 1.98. Factor f (x) = x3 − 1 into primes in G[x], R[x], and C[x].
Note that x3 − 1 = (x − 1)g(x) and the Fundamental Theorem of Algebra
assures that g has a zero in C. 3 (The zero might be in R or even Q.)
Exercise 1.99. The Fundamental Theorem of Algebra and Exercise 1.97 can
be used repeatedly to imply that if f (x) is in C[x] and has positive degree,

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 14

then f factors into n linear factors (possibly times a unit) in C[x]; some of
the factors may be repeated.
Exercise 1.100. The primes in C[x] are precisely the linear members. Don’t
let this slip by you; it is significant.

Now we turn to R[x], which is more interesting. Consider the mapping

(function) g from C to C : g(c) = c. (The function takes a complex number
(reals and rationals included, of course) to its complex conjugate.)
Exercise 1.101. If c and d are in C, then g(c+d) = g(c) +g(d) and g(cd) =
g(c)g(d). Moreover, g is a bijection from C to C.
Exercise 1.102. If a is a real number, then g(a) = a. In particular, g(0) = 0.
Exercise 1.103. If a is a (complex) zero of the polynomial

r0 + r1 x + r2 x2 + · · · + rn xn
in R[x], then so is a. (What does it mean to say that a is a zero of f ?)
Exercise 1.104. Let r, s, and t be real numbers and a be a complex (maybe
real, maybe not). Then g(r + sa + ta2) = r + sa + ta2 .
Exercise 1.105. If a and a are zeros of f (x) in R[x], where a is not real, then
the polynomial (x − a)(x − a) = x2 − (a + a)x + aa is prime in R[x] and is a
factor of f (x) there.
Exercise 1.106. The primes in R[x] are linear or quadratic polynomials, the
quadratic ones having conjugate pairs of complex nonreal zeros.

We see that in C[x] there is no prime with degree greater than 1 and that
in R[x] there is no prime with degree greater than 2. Now we wonder about
Q[x].
Exercise 1.107. Find a prime polynomial with degree 1, one with degree 2,
one with degree 3, and one with degree 4 in Q[x].

There exist prime polynomials of all positive degrees in Q[x]; it would

take us too far afield (pun intended) to prove it, but we could surely do it.
It is generally difficult to determine whether a given polynomial in Q[x] is
prime there; there exist some tests which can be used in special cases.
It is not at all difficult, however, to determine whether a polynomial in
Q[x] has a linear factor in Q[x].
Exercise 1.108. Let f (x) = 2/3x3 −1/3x2 −1/3x −1 and g(x) = 2x3 −x2 −
x − 3 be in Q[x]. Show that f and g have the same zeros in C (and therefore,
in R or Q). This is not a big deal; f and g are associates in Q[x].

William Priestley << James T. Cross www.jiblm.org

The Fundamental Theorem of Arithmetic 15

Exercise 1.109. Let f (x) be in Q[x]. Then by multiplying by an appropriate

unit (rational number), one can find g(x) in Z[x] that has the same zeros as
f (x).
Exercise 1.110. Suppose a/b (a and b in Z and gcd(a, b)= 1) is a rational
number that is a zero of the polynomial g(x) in Exercise 1.108. Substitute
a/b for x, set equal to 0, and show that a|3 and b|2, so that the only possible
rational zeros of g(x) are 1, −1, 3, −3, 1/2, −1/2, 3/2 and −3/2.
Exercise 1.111. Find all (complex) zeros of the polynomial f (x) of Exercise
1.108. Factor f in Q[x], R[x], and C[x].
Exercise 1.112. Generalize Exercises 1.108–1.110 and show how to find
all rational zeros of a member of Q[x]. (You will have proved the Rational
Root Theorem.)
Exercise 1.113. Apply the Rational Root Theorem to the equation x2 −c =
0, where c is a positive integer. Deduce that the square root of c is irrational
unless c is a perfect square.

William Priestley << James T. Cross www.jiblm.org

Chapter 2

An Overview of the Primes in Z

2.1 More Arithmetic in Z

Exercise 2.1. Let a and b be relatively prime positive members of Z.

√ √
Show that 7 6= a/b. (Hint: Exercise 1.33) Then show that 7 6= a/b
for any members, a and b, of Z. (Alternatively, use Exercise 1.113.)
Exercise 2.2. Let p be a positive prime and n an integer greater than 1. Then
(p)1/n 6= a/b for members, a and b, of Z. 4 That is, (p)1/n is not a rational
number.
Exercise 2.3. Do the prime factorizations of two members of Z provide a
means of writing down a GCD? For example give a GCD of the two mem-
bers, 23 35 172 and 32 5 · 172 37. Put your method into words.
Definition. Let a and b be nonzero members of Z. If m is in Z and each
of a and b divides m, then m is a common multiple of a and b. If m is a
common multiple of a and b and m divides every common multiple of a and
b, then m is a least common multiple of a and b.
Exercise 2.4. Check that 6 is a least common multiple of 2 and 3, that 12
is a least common multiple of 4 and 6, and that −12 is a least common
multiple of 4 and 6.
Exercise 2.5. If m is a least common multiple of a and b in Z, then so is −m.
If m and n are both least common multiples of a and b, then each divides
the other and hence they are associates.
Exercise 2.6. If a and b are nonzero members of Z and d denotes gcd(a, b)
and a = a1 d and b = b1 d, then a1 and b1 are relatively prime.
ab
Exercise 2.7. If a and b are nonzero members of Z and L denotes gcd(a,b) ,
then L is a least common multiple of a and b.
Exercise 2.8. Find a least common multiple of the two integers of Exercise
2.3. Put into words your method of doing so.

16
An Overview of the Primes in Z 17

Is it obvious to you that there should be infinitely many primes in Z? If

so, you should be able to give some reasons. (It isn’t obvious to me.) You
can prove it though:
Exercise 2.9. Let n be a positive integer and suppose that for each posi-
tive integer i such that 1 ≤ i ≤ n, Pi is a positive prime in Z. Let M =
(P1 P2 P3 . . . Pn) + 1. Then M has a prime divisor, which cannot be Pi for any
i such that 1 ≤ i ≤ n. 5
Exercise 2.10. Exercise 2.9 implies, à la Euclid, that Z contains infinitely
many primes.
Exercise 2.11. Check that 2+1, (2)(3)+1, (2)(3)(5)+1, and (2)(3)(5)(7)+
1 are all primes.
Exercise 2.12. Make a conjecture based on Exercise 2.11. Do a bit of check-
ing on your conjecture. 6
Now that you know that there are infinitely many primes, would you be-
lieve that there are arbitrarily long gaps between consecutive primes? That
is, let your friends choose a positive integer n, no matter how large. Then
you can prove that there exists a string of n consecutive composite positive
integers. First we look at a special case:
Exercise 2.13. The 100 consecutive numbers in the set, {(101)!+2, (101)!+
3, (101)! + 4, . . . , (101)! + 101}, are all composite.
Now we generalize:
Exercise 2.14. Let n be a positive integer. There exists a set of n consecutive
composite positive integers.
Exercise 2.15. On the other hand it has been conjectured (but not proved)
that there are infinitely many pairs of twin primes (primes, p and q, such
that q = p + 2). Find a pair of twin primes, each member of which is greater
than 100.
Exercise 2.16. You can sense that the primes are scattered very irregularly
among the positive integers. You may therefore be surprised to discover that
there is order in the chaos. Let x denote a positive number and π (x) denote
the number of positive primes less than or equal x. Thus π (1) = 0, π (3.5) =
2, and π (11) = 5. Now I am going to give you π (x) for an increasing
sequence of x’s and you are to compute q(x) = x/ ln x. Then you are to
compare π (x) with q(x) by looking at the quotient, Q(x) = π (x)/q(x) =
(π (x) ln x)/x. Then you are to make a conjecture about limx→∞ Q(x). (Note:
ln x denotes the natural logarithm of x.) Here is the sequence:
π (1000) = 168, π (10, 000) = 1229,
π (100, 000) = 9,592, π (1,000,000) = 78,498,
π (10,000,000) = 664,579, π (100, 000, 000) = 5, 761, 455.

William Priestley << James T. Cross www.jiblm.org

An Overview of the Primes in Z 18

Now what do you think Q(x) does as x gets big? You have conjectured
the Prime Number Theorem, the proof of which is among the greatest of
all mathematical achievements. It is beyond us at this point. The theorem
was proved independently by J. Hadamard and C.J. de la Vallée-Poussin
in 1896, using important results in complex analysis developed by G.F.B.
Riemann, in particular the Riemann Zeta function, which we will define
later.

2.2 Some Special Primes in Z

Exercise 2.17. Let n be a positive integer. If 2n + 1 is prime, then n is a

12
power of 2. (Hint: 1+2
1+24
= 1 − 24 + 28 ; you can generalize.)
n
Definition. Let n be a nonnegative integer and let Fn = 22 + 1. Then Fn is
said to be a Fermat number (a Fermat prime if Fn is prime).
Exercise 2.18. F0 , F1 , F2 , and F3 are all primes.
Exercise 2.19. Fermat thought that Fn is prime for all n. Show, as did Euler,
that 641 is a factor of F5 . You can do it! In fact, F0 , F1 , F2 , F3 , and F4 are the
only Fermat numbers known to be prime! There may or may not be others.
We will have a bit more to say about Fermat primes when we study the
Euler φ -function. At this point I hope that you are going to be surprised
when I tell you that they are intimately connected with the problem of the
constructibility (with straight edge and compass) of regular polygons. Have
you ever constructed a regular triangle? A square? A regular hexagon? Of
course you have. How about a regular pentagon? This one is harder, but
I am confident that you could find a way to do it. However, you have not
constructed (with straight edge and compass, of course) a regular 7-gon or
a regular 11-gon. How do I know? I will tell you more about it later. Now,
having searched the set of positive integers of the form 2n + 1 for primes,
we change the sign between the terms:
Definition. Let n be a positive integer. Then Mn = 2n − 1 is a Mersenne
number. If Mn is prime, then Mn is a Mersenne prime.
Exercise 2.20. If Mn is prime, then n is prime. Hint: (2kr − 1)/(2r − 1) =
2(k−1)r + 2(k−2)r + . . . + 2r + 1.
Exercise 2.21. Find a few Mersenne primes.
As in the case of Fermat primes, we don’t know whether the set of
Mersenne primes is infinite; large primes are central to modern communica-
tion by secret code. Newly discovered enormously large Mersenne primes
are announced frequently.
Mersenne primes are closely connected with “perfect” numbers:

William Priestley << James T. Cross www.jiblm.org

An Overview of the Primes in Z 19

Definition. Let n be a positive integer and let τ (n) denote the number of
positive divisors of n while σ (n) denotes the sum of these divisors. (Thus,
for example, τ (9) = 3 and σ (9) = 13.) A perfect number is a positive
integer n such that σ (n) = 2n. (The sum of all divisors which are less than
n is n.)
Exercise 2.22. Find the two least perfect numbers.
Exercise 2.23. Let p be a positive prime and r a positive integer. Then
r+1
τ (pr ) = r + 1 and σ (pr ) = 1 + p + p2 + . . . + pr = p p−1−1 .
Exercise 2.24. Let m and n be relatively prime positive integers, let Dm
denote the set of all positive divisors of m, let Dn denote the set of all positive
divisors of n, and let Dmn denote the set of all positive divisors of mn. Then
Dmn = {ab : a is in Dm and b is in Dn }.
Definition. A function of f from the positive integers to the complex num-
bers is multiplicative if f (mn) = f (m) f (n) for relatively prime positive
integers m and n.
Exercise 2.25. Give examples of multiplicative functions and examples of
functions from the positive integers to the complex numbers that are not
multiplicative. (You realize, of course, that a function from the positive
integers to the integers is a function from the positive integers to the complex
numbers.)
Exercise 2.26. Both τ and σ are multiplicative. (Hint: Exercise 2.24)
Exercise 2.27. Let n be a positive integer expressed (uniquely) as a product
of powers of positive primes. Use Exercise 2.23 and 2.26 to find formulas
for τ (n) and σ (n).
Exercise 2.28. (Euclid) Let M p be a Mersenne prime. Then 2 p−1 M p is a
perfect number.
Exercise 2.29. (Euler) Let n be an even perfect number. Then n = 2 p−1 M p
for some Mersenne prime, M p . (Let us break this exercise down a bit):
A) Let n be even and perfect. Then n = 2r m, where m is odd.
B) (2r+1 − 1)σ (m) = 2r+1 m, so that 2r+1 |σ (m) and (2r+1 − 1)|m.
C) σ (m) = 2r+1 s and m = (2r+1 − 1)t for some integers s and t.
D) (2r+1 − 1)2r+1 s = 2r+1 (2r+1 − 1)t, so that s = t.
E) σ (m) = m + s, where s|m. This implies something special about m.
Proceed.
Exercise 2.30. Use Exercise 2.28 to help you find a third (even) perfect
number.

William Priestley << James T. Cross www.jiblm.org

An Overview of the Primes in Z 20

Exercise 2.31. In the proof of Exercise 2.29, where was it necessary to use
the hypothesis that n is even?

(No one knows whether there exist odd perfect numbers, and since we
don’t know whether there exist infinitely many Mersenne primes, we don’t
know whether there are infinitely many even perfect numbers.)
For an exhaustive discussion of the lore and history of perfect numbers,
see L.E. Dickson’s History of the Theory of Numbers, Vol. 1.

William Priestley << James T. Cross www.jiblm.org

Chapter 3

Congruences

3.1 Congruences and the Ring Zn

Definition. Let J be an integral domain and let a, b, and m be in J and

m 6= 0. The statement that a is congruent to b (modulo m) means that a − b
is divisible (in J) by m. This is written: a ≡ b (mod m).

Congruences were invented by Gauss around 1800; they became indis-

pensable in the study of numbers.
Exercise 3.1. In J, a ≡ a (mod m); if a ≡ b (mod m), then b ≡ a (mod m);
if a ≡ b (mod m) and b ≡ c (mod m), then a ≡ c (mod m).
Exercise 3.2. In J, if a ≡ b (mod m) and c ≡ d (mod m), then a+c ≡ b+d
(mod m), a − c ≡ b − d (mod m), and ac ≡ bd (mod m). If a = mq + r,
then a ≡ r (mod m).
Exercise 3.3. In Z, a ≡ b (mod m) if and only if a = mq+r and b = mQ+r,
where 0 ≤ r < |m|. (That is, a and b leave the same remainder when divided
by m.)
Exercise 3.4. In Z find all x between 0 and 6 inclusive such that 3x ≡ 1
(mod 7).
Exercise 3.5. Let m be in Z, m 6= 0, and let a be in Z. Then a is congruent
mod m to one and only one member of the set, {0, 1, 2, . . ., |m| − 1} and this
member can be found by division. Give examples.
Exercise 3.6. In G, 3 + 2i ≡ 1 (mod 1 + i) and 5 + 10i ≡ 0 (mod 1 + 2i).
Exercise 3.7. Let a be in G and let δ = 1 + i. Then a is congruent mod δ to
one and only one member of the set, {0, 1}, and a is congruent mod 2 to one
and only one member of the set, {0, 1, i, 1 + i}. In each case this member
can be found by division. Give examples.
Exercise 3.8. In Q[x], x2 + 4x + 5 ≡ 2 (mod x + 1).

21
Congruences 22

Exercise 3.9. Let f (x) be in Q[x]. Then f (x) is congruent mod x3 + 1 to

one and only one polynomial in Q[x] with degree less than 3 or with no
degree, and this polynomial can be found by division. Give examples.
Exercise 3.10. In Z find an x that satisfies all four of the following condi-
tions simultaneously: x ≡ 1 (mod 2), x ≡ 2 (mod 3), x ≡ 3 (mod 5), x ≡ 4
(mod 7).
Exercise 3.11. Let n denote a positive integer. Then 10n ≡ 1 (mod 9). (Use
Ex. 3.2.) 7
Exercise 3.12. Let n denote a positive integer. Then n is congruent mod 9
to the sum of its digits. (Hint: What does 328 mean, for example? Does it
mean 8 + 2(10) + 3(102)? Make repeated use of Exercise 3.2.)
Exercise 3.13. What is the remainder when (1327945386)(123456) is di-
vided by 9? Don’t do this the long way. After all, you can “cast out” nines:
2 and 7 sum to 0 mod 9, so do 4 and 5, etc. Do it fast!
Exercise 3.14. Making use of Exercise 3.2 and “casting out” nines, quickly
check this multiplication for accuracy: (38)(42) = 1696.
Exercise 3.15. Let n = 1 + 2 + 3 + . . . + 300. Then n ≡ 6 (mod 9).
Exercise 3.16. The huge number gotten by writing down in order the num-
bers 1 through 300 is congruent mod 9 to 6.
Exercise 3.17. If a ≡ 0 (mod 9), then a2 ≡ 0 (mod 9); if a ≡ 1 (mod 9),
then a2 ≡ 1 (mod 9), if a ≡ 2 (mod 9), then a2 ≡ 4 (mod 9), . . . , if a ≡
8 (mod 9), then a2 ≡ 1 (mod 9). You fill in all the missing pieces and
conclude that if a is any integer, then a2 is congruent mod 9 to one and only
one of 0, 1, 4, or 7.
Exercise 3.18. If the positive integer n is not congruent mod 9 to one of 0,
1, 4, or 7, then n is not a square.
Exercise 3.19. The huge number of Exercise 3.16 is not a square. Neither
is it a cube. Neither is it the sum of two squares.
Exercise 3.20. Let a be in Z and let [a]5 denote the set of all integers that are
congruent mod 5 to a. Then, for instance, [3]5 = {. . . , −7, −2, 3, 8, 13, . . .}.
Now, write down in a similar way: [0]5, [1]5 , [2]5 , [4]5, [5]5 , [6]5 , and [17]5 .
Now, consider the set, Z5 = {[a]5 : a is in Z}. How many distinct mem-
bers has this set?
Exercise 3.21. Prove:

1. a is in [a]5,
2. If x is in [b]5, and x is in [a]5, then [a]5 = [b]5,

William Priestley << James T. Cross www.jiblm.org

Congruences 23

3. If x is in Z, then x is in one and only one [a]5 , where 0 ≤ a < 5, and

therefore Z5 = {[0]5, . . . , [4]5}.
Exercise 3.22. What would Z12 mean? Zn ? How many members has it?
Exercise 3.23. Let n be a positive integer. Then Zn = {[a]n : a = 0 or 1 or
. . . or n − 1}.
Unless needed for clarification, the subscripts on the [a]’s are going to
be omitted. Thus, when we are talking about members of Zn , [a]n is simply
going to be denoted by [a].
Exercise 3.24. In Zn , [a] = [b] if and only if a ≡ b (mod n). In the set Zn ,
we are going to define “addition” and “multiplication”:
[a] + [b] = [a + b] and [a][b] = [ab].
We should check that we aren’t being silly about this. Suppose, for ex-
ample, that n = 12. Now, by our definition, [2][3] = [6]. Fine. But now,
[2] = [14] and [3] = [−9]. Do you see that [a] can be represented by many
different a’s, and so can b? We have made our definitions of addition and
multiplication in terms of representatives; maybe [a] + [b] (or [a][b]) is de-
pendent on the particular a and b that are used to represent these sets. This
would be unpleasant.
Exercise 3.25. In Zn , if [a] = [a′ ] and [b] = [b′ ], then [a + b] = [a′ + b′ ] and
[ab] = [a′ b′ ]; our definitions are not representative dependent.
Exercise 3.26. Zn is an abelian group relative to addition.
Exercise 3.27. (i) Multiplication in Zn is associative. (ii) There is a multi-
plicative identity in Zn .
Exercise 3.28. In Zn , multiplication distributes over addition.
Exercise 3.29. Zn is a commutative ring with unity, the ring of integers
(mod n).
Exercise 3.30. Make operation (addition and multiplication) tables for Z5
and for Z6 .
Exercise 3.31. Z5 is a field. Z6 is not an integral domain and is, therefore,
not a field.
Exercise 3.32. If F is a field, the nonzero members of F are a multiplicative
group.
Exercise 3.33. Let U6 denote those members of Z6 that have multiplicative
inverses. Then U6 is a multiplicative group.
Exercise 3.34. Generalize Exercise 3.33: Let n be an integer greater than 1
and let Un denote the subset of Zn each of whose members has a multiplica-
tive inverse. Then Un is a multiplicative group, and Un = {[a] : 1 ≤ a ≤ n −1

William Priestley << James T. Cross www.jiblm.org

Congruences 24

and gcd(a, n) = 1}. (Hint: If gcd(a,n) = 1, then ax + ny = 1, then ax ≡ 1

(mod n), then [ax] = [1], then [a][x] = [1]. This is not the whole proof!)
Exercise 3.35. Write down the members of Z12 and those of U12 . Make a
multiplication table for U12 .
Exercise 3.36. If p is prime, then U p consists of all nonzero members of
Z p and therefore Z p is a field. If n is not prime, then Zn has some nonzero
members that are not in Un and therefore Zn is not a field.

3.2 The Euler φ -Function

Definition. The order of a group is the number of members in the group.

Let n be an integer greater than 1. We let φ (n) denote the order of the
group, Un . If n = 1, then we define φ (n) = 1. Here, φ is called the Euler
φ -function.
Exercise 3.37. If n is a positive integer, then φ (n) is the number of positive
integers less than or equal to n and relatively prime to n.
Exercise 3.38. Find φ (n) for n = 1, for n = 2, . . . , for n = 24.

The Euler φ -function is important in the study of numbers. We shall have

to find a formula giving φ (n) for any positive integer n. (Recall that you did
this for σ and τ .) You can do it right now for n a power of a prime:
Exercise 3.39. Let p be a positive prime and n a positive integer. Then,
counting the number of positive integers less than pn and relatively prime to
p, we find
φ (pn ) = pn − pn−1 = pn−1 (p − 1).

Now, wouldn’t it be pleasant if φ were multiplicative? Why?

Exercise 3.40. Assuming that φ is multiplicative, find φ (48) and φ (1000).

We shall have to do a bit of work to find that φ is multiplicative.

Exercise 3.41. Let G be a group and H a nonempty subset. If H is closed
relative to the operation (for x and y in H, xy (this means x operate y) is in
H), and H has the property that when x is in H, the inverse of x is also in H,
then H is a subgroup of G.
Exercise 3.42. Find a nontrivial subgroup of Z (addition, of course). Find
one of Z6 (addition, of course). Find one of Z5 (addition). See how many
subgroups of U5 that you can find. What are the orders?
Definition. A group is cyclic if there exists in the group a member g such
that every member of the group is a “power” of g. (Here one has to be a bit

William Priestley << James T. Cross www.jiblm.org

Congruences 25

careful about what is meant by a power of g. For example, if a is a member

of G, then a2 means a operate a. If the operation happens to be addition,
then this means a + a; a0 means the identity member of the group, and a−1
means the inverse of a, while a−2 means (a−1 )2 .) The member g is called a
generator of the group.
Exercise 3.43. The additive group of Zn is cyclic, [1] being a generator.
Exercise 3.44. The multiplicative group, U5 , of Z5 is cyclic, [2] being a
generator.
Exercise 3.45. U8 is not cyclic. Z is cyclic. U9 and U18 are cyclic. U12 is
not cyclic.
Exercise 3.46. Let G be any group (not necessarily cyclic and not neces-
sarily finite). Let a be in G. Let (a) denote the set of all powers (positive,
negative, and zero) of a. Then (a) is a cyclic subgroup of G (called the
subgroup generated by a).
Definition. Let a be a member of the group G. The order of a is the order
of the subgroup of G generated by a.
Exercise 3.47. In Z find (2) and (6). In U13 find ([2]) and ([3]). Find the
orders of all these members.
Exercise 3.48. Let G be finite and let a be in G. For some positive integer k,
ak = e, where e is the identity member of G. Hence, there is a least positive
integer m such that am = e. Hint: If n is the order of G, then in the set,
{e, a, a2 , a3 , . . ., an }, there is a repetition.
Exercise 3.49. Let G, a, and m be as in Ex. 3.48. The subgroup of G
generated by a is {e, a, a2, a3 , . . . , am−1 }. The order of a is m, the least
positive integer such that am = e.
Exercise 3.50. Go back to U13 and find the order of each member. Do the
same for the members of U8 . You should note that in each case in which
the group is of finite order, the order of a member (and of the subgroup
generated by that member) is a divisor of the order of the group.
We are going to prove that the order of a subgroup of a finite group
divides the order of the group. This is one of the most basic and important
facts about finite groups.
Definition. Let G be a group (not necessarily finite) and H a subgroup. For
any a in G, let aH = {ah : h is in H}, be called a left coset of H in G.
Exercise 3.51. Let G be Z and let H = (5). Find 0H, 1H, 2H, 3H, 4H, and
5H. (Remember now that the operation in Z is addition so that aH really
means a + H.) Have you seen this before? Is a ≡ b (mod m) if and only if
a and b are in the same coset of (m) in Z?

William Priestley << James T. Cross www.jiblm.org

Congruences 26

Exercise 3.52. You are going to think that you are doing Ex.’s 3.21 and 3.23
again. Let G be a group and H a subgroup. Prove

1. If a is in G, then a is in aH.
2. If x is in aH and x is in bH, then aH = bH.
3. If G is finite (so, then, is H), and the order of H is m, then each aH
contains exactly m members.
4. If G has order n and H has order m and there are k distinct aH’s, then
mk = n, and thus m|n. (Lagrange’s Theorem)
Exercise 3.53. Can a 12-member group have a subgroup of order 5? Can a
group of order p (prime) have a subgroup of order other than 1 or p?
Exercise 3.54. Let G be a group of order p (prime). Let a be in G and a 6= e.
What is a’s order? A group of prime order is [fill in the blank]?
Exercise 3.55. Let G be a group of order n and let a be in G. Then an = e.
(Hint: Let m be the order of a. What is am ? Does m|n? What is an ?)
Exercise 3.56. Let p be prime and let [a] be in U p. Then [a] p−1 = [1]. (Hint:
What is the order of the group U p?)
Exercise 3.57. (Fermat’s Little Theorem) Let p be a prime and p not
divide a. Then a p−1 ≡ 1 (mod p).

Exercise 3.58. Let [a] be in Un . Then [aφ (n) ] = [1].

Exercise 3.59. Let gcd(a, n) = 1. Then aφ (n) ≡ 1 (mod n). (Euler’s gen-
eralization).
Exercise 3.60. What is the remainder when 15018 is divided by 19? What
is the remainder when 1591000 is divided by 50?

(The Little Theorem can be used to show a positive integer composite:

if n is a positive integer and one can find a positive integer, a, such that
an−1 6≡ 1 or 0 (mod n), then n is not prime. You are probably aware that
there are numbers known to be composite but whose factors are unknown.
Do you see how this might be?)
The converse of the Little Theorem is false. Nevertheless there are some
tests for primes based on the Little Theorem. To illustrate, we take a ridicu-
lously simple case: n = 29. Suppose we don’t know that 29 is prime. Let
a = 2 (because powers of 2 are easy to manage). You can check that 228 ≡ 1
(mod 29). (25 ≡ −3, 210 ≡ 9, etc.) This does not prove that 29 is prime,
but it does show that the order of [2] in U29 is a divisor of 28. Now 214 6≡ 1
(mod 29) and 24 6≡ 1 (mod 29). This is sufficient to prove that 28 is the
order of [2], for if 27 or 22 were congruent mod 29 to 1, then so would be

William Priestley << James T. Cross www.jiblm.org

Congruences 27

214 or 24 , respectively. Thus, 29 is prime. Why? If 214 had turned out to be

congruent mod 29 to 1, would this have proved that 29 isn’t prime?
Note: We are still working on the question of whether the Euler φ -
function is multiplicative. There are faster routes, but not as instructive.
Exercise 3.61. Prove:
1) If m and n are relatively prime and c is any integer, then there exist x and
y in Z such that xm + yn = c.
2) If m, n, and c are in Z, then there exist x and y in Z such that xm + yn = c
if and only if gcd(m, n) | c.
Exercise 3.62. 1) If m and n are relatively prime and a and b are in Z, then
there exists x in Z such that x ≡ a (mod m) and x ≡ b (mod n). Hint: Use
Exercise 3.61 to show that a + km = b + rn can be solved for r and k.
Exercise 3.63. Show that the x guaranteed by Exercise 3.62 is unique mod
mn. That is, show that if x and y are two integers each of which is congruent
mod m to a and congruent mod n to b, then x ≡ y (mod mn)
Exercise 3.64. If m, n, and k are relatively prime in pairs and a, b, and c are
in Z, then there exists x in Z such that x ≡ a (mod m), x ≡ b (mod n), and
x ≡ c (mod k). Give examples. Then generalize. You will then have the
Chinese Remainder Theorem in Z. You can also prove a similar theorem
in the Gaussian Integers and in polynomials over a field.
Exercise 3.65. Let S = {1, 2} and T = {1, 2, 3}. For each s in S and t in
T , find an x such that x ≡ s (mod 3) and x ≡ t (mod 4). Find what x is
congruent mod 12.
Exercise 3.66. If gcd(x,m) = 1 and gcd(x,n) = 1, then gcd(x,mn) = 1.
Definition. Let each of G and L be a group, and G × L = {(a, b) : a is in
G and b is in L}. For (a, b) and (c, d) in G × L we define the “product”
to be (ac, bd), where these indicated products are taking place in G and L,
respectively.
Exercise 3.67. Make an operation table for U3 ×U4 .
Exercise 3.68. The operation defined above makes G × L into a group.
Definition. A mapping f from a group G to a group G′ is a homomorphism
if f (ab) = f (a) f (b) for a and b in G. If f is also bijective, then f is an
isomorphism, and G and G′ are isomorphic. If f is a mapping from a
field F to a field F ′ such that f is an isomorphism between the two additive
groups and also between the two multiplicative groups (units) then f is a
field isomorphism. Isomorphic groups (fields) are, from the point of view
of their operation tables, just alike except for the symbols used to represent
members.

William Priestley << James T. Cross www.jiblm.org

Congruences 28

Exercise 3.69. Let G be Z4 (addition) and let G′ be the (multiplicative)

fourth roots of 1. Find an isomorphism from G to G′ . Is your answer unique?
How many such isomorphisms do you think there are?
Exercise 3.70. The function, f (x) = ln(x) is a group isomorphism (between
what groups?). The function g defined between exercises 1.100 and 1.101
is a field isomorphism from C to C (an automorphism).
Exercise 3.71. U3 × U4 is isomorphic to U12 . Check that f is an isomor-
phism, where
f ([1]3, [1]4) = [1]12 ,
f ([1]3, [3]4) = [7]12 ,
f ([2]3, [1]4) = [5]12 ,
f ([2]3, [3]4) = [11]12 .
How do you think I got this? You should go back and look at Exercise
3.65.
Exercise 3.72. This is a dinky little result that you will need soon: If x ≡ y
(mod n) and gcd(x,n) = 1, then gcd(y,n) = 1.
Exercise 3.73. Here we are! Let m and n be relatively prime. Then Um ×Un
is isomorphic to Umn and therefore φ (mn) = φ (m)φ (n).
Exercise 3.74. Find φ (n) for n = 468, for n = 265, for n = 1, 000, 000, 000.
For what positive integers n is φ (n) odd?
Exercise 3.75. If n = 2k p1 p2 . . . pr , where each p is a Fermat prime and no
two of the p’s are equal, then φ (n) is a power of 2. Conversely, if φ (n) is
a power of 2, then n has the given form. (A regular polygon with n sides is
constructible with straight edge and compass if and only if φ (n) is a power
of 2. This striking result, due to Gauss, is proved by relating the geometric
process of locating points in the plane to the algebraic one of extending the
rational field of Q to certain larger subfields of the complex numbers. We
won’t prove it, although it is not beyond our capability.)
Exercise 3.76. Give some n’s for which regular polygons with n sides are
constructible, and give some for which they are not.
Exercise 3.77. Check that ∑d|6 φ (d) = 6, ∑d|15 φ (d) = 15, and ∑d|24 φ (d) =
24.
Make a conjecture.
Exercise 3.78. Let i denote the function from the positive integers to the
complex numbers (to Z, to be more exact) such that i(n) = ∑d|n φ (d). If p
is a positive prime, and k is a nonnegative integer, then i(pk ) = pk .

William Priestley << James T. Cross www.jiblm.org

Congruences 29

Exercise 3.79. If f is a multiplicative function and F(n) = ∑d|n f (d), then

F is multiplicative. This implies that the function i of Exercise 3.78 is mul-
tiplicative and the conjecture of Exercise 3.77 checks out. (You will find
Exercise 2.24 helpful here.)
Exercise 3.80. There is a curious (at first glance) kinship among φ , τ , and
σ:
Let α (n) = ∑d|n φ (d)τ (n/d).
Find α (6) and compare with σ (6). Find α (18) and compare with σ (18).
Make a conjecture. The function α is not particularly important for our
purposes. I think you could prove your conjecture but it might be hard. It
happens that the proof will be an example of the fruit that can be picked
easily after we have made a study of another integral domain, the domain of
all functions from Z+ to the complex numbers. Of course we will have to
define operations on the members of the set in order to have hope of making
it into an integral domain.

3.3 Arithmetic Functions

A function from Z+ (the positive integers) to the complex numbers is called

an arithmetic function. We let A denote the set of all such functions. We
have seen four members, (τ , σ , φ , and i) of A that are multiplicative. (Of
course the function, i, turned out to be a very simple function: i(n) = n.) We
are now going to do a few exercises to show you that we can define addition
and multiplication in A so as to make A an integral domain. We will then
exploit the algebraic structure of A to obtain a classic and important result
in number theory, the Möbius Inversion Formula.
Definition. Let f and g be in A. Then their sum, f + g, is that member of A
such that
( f + g)(n) = f (n) + g(n),
and their (Dirichlet) product, f ∗ g, is that member of A such that
n
( f ∗ g)(n) = ∑ f (d)g( ).
d|n
d

(The Dirichlet product of two members of A is far more useful than the sum.
We define the sum largely because it is pleasing to have an integral domain.)
We let u, z, and e denote members of A such that for all n, u(n) = 1 and
z(n) = 0, while e(n) = 0 if n 6= 1 and e(1) = 1.
We can get a triple of easy pickings from the definitions and Exercise
3.79:
Exercise 3.81. Show that u ∗ φ = i, that u2 = τ , and that u ∗ i = σ .

William Priestley << James T. Cross www.jiblm.org

Congruences 30

Now let us see whether our definitions of addition and multiplication in

A are fruitful.
Exercise 3.82. A is an abelian group relative to addition.
Exercise 3.83. Multiplication in A is associative and commutative. Hint:
f ∗ (g ∗ h)(n) is the sum of all f (a)g(b)h(c), where abc = n.

Now we can get the conjecture of Exercise 3.80 for a nickel:

Exercise 3.84. φ ∗ τ = σ . Hint: u ∗ i = σ = u ∗ (u ∗ φ ).
Exercise 3.85. The member e of A is the unity (multiplicative identity).
Exercise 3.86. Multiplication in A distributes over addition.
Exercise 3.87. The member z of A is the zero member (additive identity)
and if f and g are in A and f ∗ g = z, then f = z or g = z. (Hint: If f 6= z,
there is a least n such that f (n) 6= 0.)
Exercise 3.88. A is an integral domain.
Exercise 3.89. The member f of A is a unit if and only if f (1) 6= 0.
Exercise 3.90. The functions, u, i, e, τ , σ , and φ , are units in A.
Exercise 3.91. If f 6= z is in A and f is multiplicative, then f is a unit
in A and f ’s inverse is itself multiplicative. (Let g denote f ’s inverse. If
g is not multiplicative, there exists some least positive integer mn such that
gcd(m, n) = 1 and g(m)g(n) 6= g(mn). Now use that f ∗ g = e and remember
g(ab) = g(a)g(b) if gcd(a, b) = 1 and ab < mn. Write out the product of ( f ∗
g)(m) with ( f ∗ g)(n), using multiplicativity where possible, and compare
with ( f ∗ g)(mn). You might try mn = 3x4.)
Exercise 3.92. The subset M of all nonzero multiplicative functions in A is
a subgroup of the group of units of A.
Exercise 3.93. Find σ −1 (pk ), where p is prime. Find all n such that σ −1 (n) =
2n. Shall we call them (it) inverse perfect?
Exercise 3.94. Let µ denote the multiplicative inverse of the function u. The
function µ is the Möbius function. Show that µ (1) = 1, µ (2) = −1 = µ (3),
and µ (4) = 0.
Exercise 3.95. Let p denote a prime in Z+ . Then µ (p) = −1, and µ (pk ) = 0
if k is an integer greater than 1. (Use that u ∗ µ = e.)
Exercise 3.96. Use Exercise 3.92 to show that µ is in M and then use Exer-
cise 3.95 to find a way to determine µ (n) for any positive integer n and thus
get Möbius’s definition of µ .
Exercise 3.97. If f and g are in A and f = u ∗ g, then g = µ ∗ f = f ∗ µ .

William Priestley << James T. Cross www.jiblm.org

Congruences 31

Exercise 3.98. (Möbius Inversion Formula) If f and g are in A and

n
f (n) = ∑ g(d), then g(n) = ∑ f (d)µ ( ).
d|n d|n
d

Show that if f is multiplicative, then so is g.

Exercise 3.99. By Exercise 3.79, i = φ ∗ u and Exercise 3.97 implies that
φ = µ ∗ i.

We will make use of this inversion formula later in our study. At this
point I think I should show you an example of its use in the inversion (in the
usual sense) of functions whose domains are not the positive integers, but
rather the real or complex numbers.
The Riemann zeta function is defined this way:
∞
1
ζ (z) = ∑ nz ,
n=1

for complex numbers z with real part x > 1.

(I am using z as the variable here; it is customary to use s instead.) The
zeta function is an important one; among other uses it is central to the 1896
proofs of the prime number theorem which I told you about. Now,
∞
1 µ (n)
=∑ z ,
ζ (z) n=1 n

the likely truth of which you can probably convince yourself by writing out
a few terms of ζ (z) and of the other series and multiplying.
µ (n)
It is also true that ∑∞
1 n = 0. You would probably have a hard time
convincing yourself of this because it is equivalent to the prime number
theorem in the sense that each implies the other!
Exercise 3.100. Use your result of Exercise 3.95 as the definition of µ
and prove the inversion formula independently of the algebraic machinery
above.

3.4 Primitive Roots (mod p)

Exercise 3.101. Un is cyclic for n = 2, n = 3, n = 4, n = 5, n = 6, and n = 7.

Exercise 3.102. U8 is not cyclic; neither is U20 .
Definition. If Un is cyclic and [a] is a generator, then a is said to be a prim-
itive root (mod n).

William Priestley << James T. Cross www.jiblm.org

Congruences 32

We are going to do some exercises to show that if p is prime, then U p is

cyclic; in other words that there exists a primitive root mod p. In fact, we
shall show that U p has φ (p − 1) primitive roots if p is prime.
Exercise 3.103. Find a primitive root mod p for each of these primes: 3, 5,
7, 11, 13, 17.
Exercise 3.104. Let G be a group and let a in G have order m. If k is a
positive integer and ak = e, then m|k. (Hint: k = qm + r.)

Before proving our theorem, we do a couple of exercises that shed some

light on the structure of cyclic groups.
Exercise 3.105. If G is a cyclic group of order n and g is a generator of G
(and thus G = {e, g, g2 , . . ., gn−1 }), then the order of gk is n/gcd(k, n). It
follows that G has φ (n) generators. (Hint: Let n1 = n/gcd(k, n). First show
that (gk )n1 = e, so that the order, t, of gk divides n1 . Next, since (gk )t = e, n
divides kt. Use this to get that n1 divides t.)
Exercise 3.106. If G is cyclic of order n and d|n, then G has only one
subgroup of order d. (Hint: Let dk = n and let g be a generator of G. Verify
that gk has order d and therefore generates a subgroup of order d. Then
show that any member of G having order d is in this subgroup.) Show that
any subgroup of a cyclic group is cyclic.
Exercise 3.107. Let F be a field (we will specialize to Z p shortly). Remind
yourself of Exercise 1.97: If a is in F and f (x) is in F[x], then f (a) = 0 iff
(x − a)| f (x) in F[x].
Exercise 3.108. If f of Exercise 3.107 has degree n, there are at most n
members a of F such that f (a) = 0.
Exercise 3.109. Every nonzero member of Z p satisfies x p−1 − [1] = [0], and
this polynomial factors into p − 1 distinct linear factors in Z p [x]. If d is
a positive divisor of p − 1, then xd − [1] also factors into d distinct linear
factors; thus d distinct members of Z p are zeros of xd − [1].
Exercise 3.110. Let d be a positive divisor of p − 1, and let C denote the set
of all positive divisors of d, while R denotes the set of all zeros of xd − [1]
in Z p . The order (in U p ) of each member of R is a unique member of C.
Exercise 3.111. Let p = 13 and d = 4. List the set R and set C. Draw
arrows from R to C, connecting each member, r, of R, with a member of C
(the order of r as a member of U13 ).
Exercise 3.112. Let c be a member of C and let ψ (c) be the number of
members of R that have order c. Then if we let f (d) = ∑c|d ψ (c), we have
that f (d) = d, since R has d members. Check this in your example.

William Priestley << James T. Cross www.jiblm.org

Congruences 33

Exercise 3.113. ψ (d) = ∑c|d µ (c) f (d/c) = ∑c|d µ (c)(d/c) = (µ ∗ i)(d) =

φ (d), by the Möbius inversion formula and Exercise 3.99.
Exercise 3.114. Since p − 1 is a divisor of p − 1, ψ (p − 1) = φ (p − 1),
so U p has members with order p − 1 and is therefore cyclic and there exist
primitive roots mod p.
Exercise 3.115. Make a conjecture about which Un ’s are cyclic. That is for
which n’s is there a primitive root mod n?

We could do a sequence of exercises to answer this question, but semesters

are cyclic and finite and we have other things to do in this cycle. It happens
that Un is cyclic iff n is a power of an odd prime or if n = 2 or 4 or twice a
power of an odd prime.
The φ -function and primitive roots mod n are germane to the study of
repeating decimal fractions. We will do just enough to arouse your curiosity.
Consider the decimal fraction 0.a1 a2 a3 . . . for 1/n, where n > 1. By the
divisor theorem we get

10(1) = a1 n + r1 , r1 < n, r1 ≡ 10 (mod n),

10r1 = a2 n + r2 , r2 < n, r2 ≡ 102 (mod n),
etc.

We see that rk ≡ 10k (mod n).

Exercise 3.116. Find the decimal fraction for each k/7, where 0 < k < 7.
Exercise 3.117. Suppose that gcd(10, n) = 1. Then the number of distinct
remainders in the above sequence (preceding Exercise 3.116) is the order of
[10] in Un . The length of the repetend is a divisor of φ (n), and the length is
φ (n) iff [10] is a generator of Un .
Exercise 3.118. Under what circumstances will the decimal for k/n be a
permutation of the digits of that for 1/n?

We will end this discussion here, although you can see that there are
many questions whose answers we could chase. Name some.

3.5 Communicating by Secret Code

I told you earlier that huge primes were central to modern communication
by secret code. Now we have built the machinery (congruences and Euler’s
generalization of Fermat’s Little Theorem) to see how this works. I will give
you the theory only, with no attempt to discuss the computational aspects.

William Priestley << James T. Cross www.jiblm.org

Congruences 34

Suppose you and I are in a network, the members of which communicate

by secret code, and that we have adequate computer power (it exists) to
carry out the operations that I am going to describe. You select two very
large primes, p and q, whose product is n, a number so big that even the
most powerful computers are unable to factor it in a tolerable length of time.
Only you know the factors of n, but you publish n itself in a directory. You
also select and publish a positive integer k that is coprime with φ (n). Since
gcd(φ (n), k) = 1, there is a positive integer m such that km ≡ 1 (mod φ (n));
put another way, [k][m] = [1] in Uφ (n) . You publish both n and k, but you
keep p, q, and m to yourself.
Now, let us say that I want to send you a secret message. I first convert the
message to a number, M, by means of a numerical alphabet. For example,
here is standard one:
A → 01, , (comma) → 27,
B → 02, . (period) → 28,
C → 03, ? → 29,
..., 0 → 30,
..., 1 → 31,
I → 09, ...,
J → 10, ...,
K → 11, 9 → 39,
..., (with 00 indicating space between words)
...,
Z → 26.
For example 8 I passed my comps. would be numberized this way:
M = 090016011919050400132500031513161928

It is assumed that the numerical message, M, is a number less than n.

(Messages can be broken into blocks if desirable.) We also assume that
gcd(M, n) = 1. To send you the message, M, I look up your n and k, find M k ,
and reduce mod n. That is, M k ≡ r (mod n). I then send you the number r.
You then find rm .
Exercise 3.119. rm ≡ M km (mod n)
Exercise 3.120. rm ≡ M φ (n)t+1 ≡ (M φ (n)t )M (mod n), for some positive
integer t, since km ≡ 1 (mod φ (n)).
Exercise 3.121. M φ (n)t ≡ 1 (mod n). Then rm ≡ M (mod n). You have
recovered my numerical message M, which you convert to English with the
standard alphabet.
(The assumption that gcd(M, n) = 1 was used in this proof. A proof can
be made without this assumption if we retain the hypothesis that M < n and
note that at most one of p and q can divide n.)

William Priestley << James T. Cross www.jiblm.org

Chapter 4

Quadratic Reciprocity

4.1 Squares mod p

We let S p denote the squares in U p , where p is prime in Z. That is, [a] is in

S p if and only if [a] = [b]2 for some [b] in U p .
Exercise 4.1. Find S7 and S17 .
Exercise 4.2. Find a generator of U17 and denote it by g. Now, find the set
of all even powers of g. How does this set compare with S17 ?
Exercise 4.3. If g is a generator of U p , then S p is the set of all even powers
of g. (Do you remember how we can be sure that U p has a generator if p is
prime?)
Exercise 4.4. If p > 2, S p is a subgroup of U p , and has (p − 1)/2 members.
Definition. Let p be prime and let a be in Z and gcd(a, p) = 1. We say
that a is a quadratic residue mod p if there is some x in Z such that x2 ≡ a
(mod p). If there exists no such x then we say that a is a quadratic non-
residue.
Exercise 4.5. Let a be in Z. Then a is a quadratic residue mod p if and only
if [a] is in S p .
Exercise 4.6. Prove:

A) Let b ≡ a (mod p). If a is a quadratic residue mod p, then so is b.

B) If both a and b are quadratic residues mod p, then so is ab.
C) If both a and b are quadratic nonresidues mod p, then ab is a quadratic
residue mod p.
D) 1 is a quadratic residue mod p and if gcd(a, p) = 1, then a2 is a quadratic
residue mod p.

35
Quadratic Reciprocity 36

Definition. Let a be in Z and p be prime. Then (Legendre’s Symbol):

( ap ) = 1 if a is a quadratic residue mod p, -1 if a is a quadratic non-residue
mod p, and 0 if p|a.
Exercise 4.7. Prove

A) If a ≡ b (mod p), then ( ap ) = ( bp ),

B) ( ab a b
p ) = ( p )( p )
2
C) ( ap ) = 1 if gcd(a, p) = 1,

D) ( 1p ) = 1.

Exercise 4.8. Find ( 74 ), ( 57 ), ( 75 ), ( 71 23 5 7 11

5 ), ( 5 ), ( 23 ), ( 11 ), and ( 7 ).

One can see that Exercise 4.7 implies that ( ap ) can be determined for any
a provided ( qp ) can be determined for primes q. For odd primes q 6= p this
determination is given by the Quadratic Reciprocity Law (QRL): For odd
primes p and q, ( qp ) = ( qp ) if at least one of p and q is congruent mod 4 to 1.
If both are congruent mod 4 to -1, then ( qp ) = −( qp ). To give you a sample
of the efficiency of the law, let us do an exercise assuming the law and also
assuming that ( 2p ) = 1 iff p is congruent mod 8 to ±1. (You will also need
to use the results of Exercise 4.7).
5 27(507)
Exercise 4.9. Find ( 23 ), ( 30 507
89 ), ( 773 ), and ( 773 ). Is there an integer x
such that x2 ≡ 507 (mod 773)? Note: 773 is prime, as you can determine
by trying 3, 5, 7, 11, 13, 17, 19, 23, and 29 for divisors. (Why is this
enough?) Similarly, you can search 507 for divisors. 9

Now we begin a sequence of exercises to prove the QRL. We are in-

debted
  to Gauss,
  who was first to find a proof. We will also determine
−1
p and 2p .

Exercise 4.10. Letp denote an odd prime and let a be an integer not divisi-
ble by p. Then ap ≡ a(p−1)/2 (mod p). Hint: [a](p−1)/2 is a sol’n in Z p [x]
of x2 − [1] = [0]. There are only two sol’ns: [1] and [-1]. Now let a be an
even (odd) power of a generator of U p . Proceed.
Exercise 4.11. Factor x2 − [1] completely into linear factors in Z3 [x]. Factor
x4 − [1] into linear factors in Z5 [x]. Factor x p−1 − [1] into linear factors in
Z p [x]. Hint: See Ex. 3.109.
Exercise 4.12. Wilson’s Theorem: If p is prime, then (p−1)! ≡ −1 (mod p).
Hint: put x = [0] in the factorization above.

William Priestley << James T. Cross www.jiblm.org

Quadratic Reciprocity 37

If n > 1 and (n − 1)! ≡ −1 (mod n), does it follow that n is prime?

Exercise 4.13. Gauss gave an elegant different proof of Wilson’s theo-
rem. Let us see an example and you can generalize. Let p = 13. Then
(p − 1)! = 12! = (2 × 7)(3 × 9)(4 × 10)(5 × 8)(6 × 11)(1 × 12). Now re-
duce this product mod 13 and see what you get. I have grouped by what
we now call inverses. Gauss called them associates. He did this theorem in
his masterpiece, Disquisitiones Arithmeticae. He says that neither Wilson
nor Waring, who attributed the theorem to Wilson, had a proof, that Waring
implied that he was unable to effect a proof because no notation could be
devised to express a prime. Then he says that truths of this kind (the the-
orem) should be drawn from notions rather than from notations. You must
remember that we have handy algebraic tools that Waring and Wilson (and
Gauss) lacked.
The truth of the QRL is surely not transparent, although almost anyone
could conjecture it by examining a few odd primes. Had the proof not been
difficult, others would have found one before Gauss, who worked hard on it.
I am going to break it into modest steps so as to render the steps transparent
8
(I hope). Again I resort to an example. Suppose we want to determine ( 13 ),
where we let p = 13 and a = 8. Look at this display of (p − 1)/2 lines:
1 × 8 = 0 × 13 + 8
2 × 8 = 1 × 13 + 3
3 × 8 = 1 × 13 + 11
4 × 8 = 2 × 13 + 6
5 × 8 = 3 × 13 + 1
6 × 8 = 3 × 13 + 9
Exercise 4.14. Find the product of the members of the left column, the
product of the members of the right column and equate, then reduce mod p.
Ans.
p − 1 (p−1)/2
!a ≡ 1 × 3 × 6 × 8 × 9 × 11
2
≡ 1 × 3 × 6 × (13 − 5) × (13 − 4) × (13 − 2)
p−1
≡ ! (−1)3 (mod p)
2

Exercise 4.15. Cancel factorials (can you cancel across congruences?). Then
a(p−1)/2 ≡ (−1)n (mod p),
where n is the number of remainders in the above display that exceed p/2.

William Priestley << James T. Cross www.jiblm.org

Quadratic Reciprocity 38

Exercise 4.16. Continue with the above
example. Exercise 4.15, with the
8
help of Exercise 4.10, implies that 13 = (−1)3 = −1. You should check
this directly by listing the squares mod 13.
Now let’s set out to prove the result suggested by the example which
we just saw. We want to let p be an odd prime and a be an integer not
divisible by p. We want to get the products, 1a, 2a, 3a, . . . , ((p − 1)/2)a
and write them as ia = qi p + ri (i = 1, 2, 3, . . ., (p − 1)/2). (Here, qi denotes
a quotient. Do not confuse it with a prime, q). I considered other notations
for the quotient
 but
 couldn’t (à la Waring) find a suitable one. Then we want
a
to show that p = (−1)n , where n is the number of the ri ’s that exceed
p/2. It will then be necessary to find some way to manage n mod 2, but
that’s down the road a bit.
Exercise 4.17. Let p be an odd prime and p not divide the integer a. Con-
sider the (p − 1)/2 equations:

1a = q1 p + r1
2a = q2 p + r2
... 0 < r < p, for each r.
...
 p − 1
a = q(p−1)/2 p + r(p−1)/2 .
2

A) The r’s are distinct.

B) For each ri that exceeds p/2 let ri = p − si and let n denote the
number of si ’s. Then n si ’s, together with the remaining ri ’s are the set,
{1, 2, 3, . . ., (p − 1)/2} in some order.
C) Multiply by columns, cancel factorials, and get: a(p−1)/2 ≡ (−1)n mod
p.
 
D) ap = (−1)n . Note that this is equality, not just congruence.

The above exercise is known as Gauss’s Lemma. You are probably

saying, “What good is it? I don’t know n.” As you will see, you don’t have
to know n; of course we are going to use it somehow. We will do some
clever counting mod 2 shortly,
 but
 before doing so we will use the lemma
directly to determine −1p and 2p .

William Priestley << James T. Cross www.jiblm.org

Quadratic Reciprocity 39

Exercise 4.18. Let p denote an odd prime. Then

1(−1) = (−1)p + (p − 1)
2(−1) = (−1)p + (p − 2)
etc.
(p − 1)/2(−1) = (−1)p + (p + 1)/2

 
−1
All the ri ’s are greater than p/2 and = (−1)(p−1)/2 .
p
 
Exercise 4.19. If p is an odd prime, then −1
p = 1 iff p ≡ 1 (mod 4).

Don’t be misled by the ease with which this result came. This is an
important conclusion, which we used a big gun (Gauss’s lemma) to get.
Everyone interested in numbers commits it to memory. 10
Exercise 4.20. Take a few odd primes andcheck the result in Exercise 4.19.
We can use the lemma directly to get 2p for odd primes, p; this is neces-
 
sary if we hope to be able to determine ap for any a, because the QRL
helps only if a is another odd prime.
Exercise 4.21. Now let a = 2 while p is an odd prime. Then,

1 × 2 = 0p + 2
2 × 2 = 0p + 2 × 2
etc.
i × 2 = 0p + 2i
etc.
((p − 1)/2) × 2 = 0p + p − 1.

All the q’s are zero and ri = 2i for each i between 1 and (p − 1)/2, inclusive.

Now we want n, the number of r’s exceeding p/2.

Exercise 4.22. Refer to Exercise 4.21. There, ri > p/2 iff i > p/4. Thus n
is the number of i’s between p/4 and (p − 1)/2, including (p − 1)/2.
Exercise 4.23. If p is an odd number then p = 8k + R, where R = 1, 3, 5, or
7.
Exercise 4.24. Refer to 4.23. The least integer, i that is greater than p/4 is
2k + 1 if R = 1 or 3 and is 2k + 2 if R = 5 or 7.

William Priestley << James T. Cross www.jiblm.org

Quadratic Reciprocity 40

Exercise 4.25. If each of a and b is a positive integer and b > a, then the
number of integers between a and b inclusive is b − a + 1.
Exercise 4.26. Refer to Exercise 4.22. Let p = 8k + R; the number n is
(4k) + (R − 1)/2 − (2k + 1) + 1 = 4k + (R − 1)/2 − 2k if R = 1 or 3
and n is
(4k) + (R − 1)/2 − (2k + 2) + 1 = 4k + (R − 1)/2 − 2k − 1 if R = 5 or 7.
Exercise 4.27. Let R take its allowed values and conclude that
 
2
= 1 iff R = 1 or 7 iff p = ±1 (mod 8).
p

We have gotten quite a bit of mileage from the display of Exercise 4.17
by multiplying by columns. We can get a great deal more if we add by
columns. To move forward without a lot of wheel spinning, we need a
definition. Let x denote a real number. Then the greatest integer in x is the
greatest integer that does not exceed x. We will denote it by ⌊x⌋, which is
standard notation.
Exercise 4.28. Find ⌊7.5⌋, ⌊π ⌋, ⌊−π ⌋, ⌊29/3⌋.
Exercise 4.29. Let a, b, q, and r be in Z+ and let a = bq + r, with 0 ≤ r < b.
Then q = ⌊a/b⌋.
Exercise 4.30. Go back and rework the display of Exercise 4.17. Replace
(p−1)/2
∑i=1
each qi by ⌊(ia)/p⌋. Let S denote  i. Add the left column to get
(p−1)/2
Sa. Add the right column to get p × ∑i=1 ⌊(ia)/p⌋ + ∑ ri + np − ∑ sk ,
where the ri ’s are those less than p/2 and the n sk ’s are gotten by subtracting
the ri ’s that are greater than p/2 from p.
Exercise 4.31. Continue with Exercise 4.30. Let N denote the sum in the
parentheses (multiplying p). Then
Sa = N p + np + ∑ ri − ∑ sk .
Exercise 4.32. Now assume a is odd (we know how to handle powers of 2)
and remember that p is odd. Also note that -1 and 1 are congruent mod 2.
Then since the r’s and s’s together make up the set {1, 2, 3, . . ., (p − 1)/2},
S ≡ N + n + S (mod 2).
 
Then n ≡ N (mod 2) and ap = (−1)N .
3


Exercise 4.33. Find 11 by determining N directly from its definition. It
may seem that we are no closer to our goal (the QRL), since we have merely
transferred our attention from n to N, where n is the number of remainders

William Priestley << James T. Cross www.jiblm.org

Quadratic Reciprocity 41

exceeding p/2 and N is the sum of the quotients. Let me point out that
we are not trying to determine p directly, but are trying to relate qp to
a
 
p
q , where both are odd primes. We saw in Exercise 4.9 that if we could
 
do so, then we could determine ap .
Exercise 4.34. Check this restatement of Exercise 4.32, where a is now the
odd prime, q.
 
(p−1)/2
If p and q are distinct odd primes and N = ∑i=1 ⌊(iq)/p⌋, then qp =
(−1)N .
 
(q−1)/2 p
Exercise 4.35. Let M = ∑i=1 ⌊(ip)/q⌋. Then q = (−1)M .
Exercise 4.36. In the notation of Exercises 4.34 and 4.35,
  
q p
= (−1)N+M .
p q
Now you can see that we have to determine N + M mod 2. We can do so
with some simple geometry.
Exercise 4.37. Sketch the x, y plane and on it draw the lines, x = p/2 and
y = q/2, and the diagonal line, y = qx/p.
Exercise 4.38. Let R denote the rectangle with boundaries x = p/2, y = q/2,
x = 0, and y = 0. There are (p − 1)/2 × (q − 1)/2 lattice points (points with
integer coordinates) in the interior of the rectangle.
Exercise 4.39. There is no lattice point on the diagonal, y = qx/p.
Exercise 4.40. There are N lattice points in R below the diagonal, and there
are M lattice points in R above the diagonal.
Exercise 4.41. N + M = ((p − 1)/2)((q − 1)/2) and
  
q p
= (−1)((p−1)/2)((q−1)/2) .
p q
Exercise 4.42. Now we have the long-awaited goal, the QRL: If p and q
are odd primes, then    
q p
=
p q
if and only if p or q is congruent mod 4 to 1.
Exercise 4.43. Find whether 244 is a quadratic residue mod 5, mod 3, mod
7, mod 11, mod 13, and mod 29.
Exercise 4.44. Exploit the QRL and a bit of ingenuity to determine whether
there exists an integer x such that 3x2 + 6x − 2 ≡ 0 (mod 89).

William Priestley << James T. Cross www.jiblm.org

Chapter 5

Sums of Two Squares and Pythagorean Triples

5.1 Which Positive Integers Are Sums of Two Squares?

Exercise 5.1. Check that the following is true: Every odd prime between 1
and 50 is the sum of two squares if and only if it is congruent mod 4 to 1.
Make a conjecture.
Exercise 5.2. If the odd prime p is the sum of two squares, then p ≡ 1
(mod 4). (This is easy: Suppose x2 + y2 = p. Think about x2 , y2 , and
p mod 4.)

The Gaussian integers G provide a fruitful setting in which to study sums

of two squares. Why? Well, a positive integer is a sum of two squares if it
is the norm of a member of G. We propose to learn enough about G to be
able to identify those norms.
Exercise 5.3. Prove:

(A) 3, 7, 11, 19, 23, and 31 are all prime in G. (Consider norms.)
(B) Neither of 5, 13, 17, and 29 is prime in G.
(C) Each of the numbers in Exercise 5.3 (B) factors into a product of two
distinct primes which are conjugates. By distinct, we mean that they
are not associates. 5 = (1 + 2i)(1 − 2i), for example.
(D) If p is prime in Z and p ≡ 3 (mod 4), then p is prime in G. (Suppose
p factors in G. Then the product of the norms of the factors must be
p2 .)
Exercise 5.4. Prove:

(A) Let p be prime in Z and p ≡ 1 (mod 4). Let [t] be in Z p such that
[t]2 = [−1], where the brackets denote members of Z p . How do we
know that there is such a t? Then t 2 ≡ −1 (mod p). Then p|(t 2 + 1),

42
Sums of Two Squares and Pythagorean Triples 43

so that p divides the product (t + i)(t − i). Does p divide either factor?
Conclude that p is not prime in G.
(B) Let p = 17. Find a t such that t 2 ≡ −1 (mod p). Verify that p divides
(t + i)(t − i) in G. Do the same for p = 29.
(C) Let p be prime in Z and p ≡ 1 (mod 4). Since p is not prime in G, let
p = αβ in G. Then p2 = N(α )N(β ) in Z. If follows that p = N(α ) =
αα in G, so that p is the sum of two squares in Z. Both α and α are
prime in G and they are not associates.
Exercise 5.5. Factor 5, 13, 17, 29, 33, 37, and 41 into primes in G.
Exercise 5.6. In G,
2 = (1 + i)(1 − i),
where both factors are primes. They are associates, so that, in fact, 2 is
(except for a unit) the square of a prime in G.

Let us summarize what we know about primes in G:

• We know the prime factors of 2.

• We know that if p is prime in Z and p ≡ 3 (mod 4), then p is prime in
G.
• We know that if p is prime in Z and congruent mod 4 to 1, then p
factors into two distinct (and conjugate) primes in G.

Now we wonder whether there are other primes in G and hope there aren’t.
Exercise 5.7. Let α be in G and α 6= 0. Then α |N(α ) in G. N(α ) is a
positive member of Z, so that there is a least positive integer divisible by α .
Exercise 5.8. If α is prime in G, then the least positive integer guaranteed
by Exercise 5.7 is a prime in Z. (Remember now: If α |β χ , then α |β or
α |χ .)
Exercise 5.9. Let π be prime in G. Let L denote the (prime) least positive
member of Z divisible by π .

(A) If L ≡ 3 (mod 4), let L be denoted by q. Then π = uq, where u is a

unit in G.
(B) If L ≡ 1 (mod 4), let L be denoted by p. Then p = αα , where both of
these factors are prime and π = uα or π = uα , where u is a unit in G.
(C) If L ≡ 2 (mod 4), then L = 2 and π = u(1 + i), where u is a unit in G.
(D) Let δ = (1 + i). Then δ and primes of the types q and α described
above are, together with their associates, the only primes in G.

William Priestley << James T. Cross www.jiblm.org

Sums of Two Squares and Pythagorean Triples 44

Exercise 5.10. Find the prime factors in G of the following “integers”:

12, 25, 19, 325, 6 + 7i, 7 + 7i, 3 + 5i, and −1 + 13i. (You will need to
look at norms.)
Exercise 5.11. Let α be in G and α 6= 0. Then
α = uδ k qn11 qn22 . . . qnr r π1m1 π2m2 . . . πsms ,
where u is a unit, δ = (1 + i), each qi is Z-prime congruent mod 4 to 3, and
each of the π ’s is a prime factor of a Z-prime, p, such that p ≡ 1 (mod 4).
The nonzero members of G consist of all such α ’s.
Exercise 5.12. Use the result of Exercise 5.11 to describe the set of all
norms of members of G.
Exercise 5.13. Let n be in Z. Then n is a sum of two squares in Z iff n is the
norm of a member of G. What positive integers are sums of two squares?
Exercise 5.14. Decide whether each of these positive integers is the sum of
two squares: 26, 27, 28, 29, 30, 31, 32, 325, 1200.
Exercise 5.15. If each of x and y is in Z and each is the sum of two squares,
then so is xy.
Exercise 5.16. Let each of a, b, c, and d be in Z. Exploit factorization in G
to find x and y in Z such that

(a2 + b2 )(c2 + d 2 ) = x2 + y2 .
At this point we do a few more exercises in G with no particular goal other
than the fun you are going to have. That’s not quite right; we will need some
of the results, but the main goal is fun.
Exercise 5.17. Show that each of 1+3i, 6, 2+4i, 3+5i, and 3−i is divisible
in G by δ but that neither of 2 + 3i, 5i, 3 + 4i, nor 5 + 6i is divisible by δ .
Exercise 5.18. Let α = a + bi be in G. Then α ≡ 0 (mod δ ) iff a ≡ b
(mod 2), and α ≡ 1 (mod δ ) iff a 6≡ b (mod 2), Gδ = {[0], [1]}, and Gδ
is a field that is isomorphic to Z2 . This means there is a bijection between
the two fields that is an isomorphism between the two additive groups and
between the two multiplicative groups.
(We didn’t define Gδ but we have met it before. To make your definition
maybe you will need to go back and look at Ex. 3.7 to see how it is as
natural to speak of Gδ or G2 as to speak of Zn .)
Exercise 5.19. In Gδ , each [a + bi] is either [0] or [1] by Exercise 5.18.
Take a few members of G and decide to which class each belongs. Make
operation tables for Gδ .

William Priestley << James T. Cross www.jiblm.org

Sums of Two Squares and Pythagorean Triples 45

Definition. (This definition is due to Charles Yeomans. Charles had fun

doing these exercises and made contributions to their evolution.) Let α be
in G. Then α is “even” if α is divisible by δ (that is, of course, if α ≡ 0
(mod δ )) and α is “odd” if α ≡ 1 (mod δ ).

Exercise 5.20. The sum of two even members or of two odd members of G
is even. The sum of an odd and an even member of G is odd. The product
of an even member with any member is even, and the product of two odd
members of G is odd.
Exercise 5.21. Let α = (2 + i). Then Gα has exactly five members. Can
you identify them and make operation tables? Can you show that Gα is a
field?
Exercise 5.22. G3 has nine members. Can you identify them and make
operation tables? Can you show that G3 is a field?
Exercise 5.23. G5 has 25 members. Can you identify them? Can you show
that G5 is not a field?
Exercise 5.24. How many members do you think G9 has? How about
G2+3i ?
Exercise 5.25. What would it mean to say that φG (2 + i) = 4? That φG (3) =
8? Can you find φG (5)? To what is (1 + i)4 congruent mod (2 + i)? State
Fermat’s Little Theorem for G and give Euler’s generalization.

5.2 Pythagorean Triples in Z

Now we are going to do a few exercises dealing with Pythagorean Triples

in Z; that is, all triples {x, y, z} of positive integers such that x2 + y2 = z2 .
Equivalently, we are considering all right triangles with integers for side-
lengths. Every carpenter knows one Pythagorean triple, {3, 4, 5} (why does
he know it?); some know another: {5, 12, 15}; these have been known since
anquity, not only by Greeks, but also by Chinese, Hindus, Arabs and proba-
bly others. You are soon going to know how to generate all infinitely many
such triples. We are indebted to the Greeks (more specifically, to Diophan-
tus) for the genesis of the method that you are about to learn, which evolved
during a period of centuries in the minds and hands of Greeks, Hindus and
Arabs, beginning around 300-200 B.C. You can probably sense that G is
again a good setting in which to study the problem since we factor x2 + y2
in G. (We could confine our attention to Z.)
Definition. A Primitive Pythagorean Triple (PPT) in Z is a Pythagorean
Triple, {x, y, z}, in which x and y are relatively prime.

William Priestley << James T. Cross www.jiblm.org

Sums of Two Squares and Pythagorean Triples 46

Exercise 5.26. If {x, y, z} is a PPT in Z, then the members of the triple are
relatively prime in pairs, z is odd and exactly one of x and y is odd. (Consider
x2 + y2 = z2 (mod 4).) We arrange the nomenclature so that x is odd and
regard the triple as an ordered triple (x, y, z).
Exercise 5.27. Every Pythagorean Triple can be gotten from a PPT by mul-
tiplying the members through by some positive integer.
Exercise 5.28. Let (x, y, z) be a PPT in Z. Then x2 + y2 = z2 and
(x + iy)(x − iy) = z2 in G.
Exercise 5.29. The factors on the left side are both odd and they are co-
prime. (If π is a prime dividing each, then π divides their sum and their
difference.).
Exercise 5.30. The Fundamental Theorem of Arithmetic in G implies that
each factor on the left in Exercise 5.28 is a unit times a square. Thus, for
some unit u and some odd number a in G, x + iy = ua2 .
Exercise 5.31. Let a = t + si, where of course t and s are in Z, one even and
the other odd. Then

ua2 = u(t 2 − s2 + 2its) = u(t 2 − s2 ) + u(2ts)i = x + iy.

Exercise 5.32. Since the real part of ua2 is x, and x is odd, u is neither i nor
−i.
Exercise 5.33. If u = 1, then x + iy = a2 ; if u = −1, x + iy = (ia)2. In either
case, x + iy is a square; x + iy = A2 = (C + iD)2 = (C2 − D2 ) + (2CD)i. Here
C and D are coprime, and one is even, the other odd.
Exercise 5.34. If (x, y, z) is a PPT in Z, then there are positive integers, C
and D, with gcd(C, D) = 1, one even and the other odd, such that
x = C2 − D2 , y = 2CD, and z = C2 + D2 .

Exercise 5.35. Find a pair (C, D), guaranteed by Ex. 5.34, for each of the
following PPT’s: (3, 4, 5), (5, 12, 13), (7, 24, 25) and (15, 8, 17).
Exercise 5.36. Let M denote the set of all pairs, (C, D), of coprime positive
integers, C odd and D even. Let P denote the set of all PPT’s in Z. The map
(C, D) → (|C2 − D2 |, 2CD,C2 + D2 ),
is a bijection from M to P.

Now you know how to generate all PPT’s, and you know that you won’t
waste time using different generators to get the same PPT.

William Priestley << James T. Cross www.jiblm.org

Sums of Two Squares and Pythagorean Triples 47

Exercise 5.37. Generate some PPT’s, using pairs from M. Find an infinite
set of Pythagorean triples, using just one PPT to provide a start.

As I have mentioned before, Fermat’s Last Theorem states that if n >

2, xn + yn = zn is not solvable in positive integers. Fermat thought he had
a truly remarkable proof of the theorem, he did not communicate the proof,
and it was a challenging problem for centuries. Fermat was almost certainly
mistaken.
Of course, when one has solved the Pythagorean Triple problem, he
thinks about integer solutions
√ of x3 + y3 = z3 and, more generally, of xn +
yn = zn . Let ω = −1+2 3i and let K = {a + bω : a and b are in Z}. K is an
integral domain which includes the domain J of Section 1.3. Just as x2 + y2
factors into linear factors in the Gaussian integers, the polynomial, x3 + y3 ,
factors into linear factors in K; K “enjoys” unique factorization. One can
use K to prove Fermat’s (n = 3) Last Theorem. Similar techniques work for
n a prime greater than 2 if the appropriate integral domain “enjoys” unique
factorization; some don’t. (To prove the theorem it suffices to prove it for
n = 4, which is easy, and for n an odd prime. Why?) Despite many attempts
to overcome the obstacles, this line of attack on the problem failed. The
theorem was finally proved in the 1990’s using powerful newly developed
and diverse theories, which are beyond the scope of these exercises. The
original version of the proof (by Andrew Wiles) filled 200 pages.

William Priestley << James T. Cross www.jiblm.org

Index

abelian, 6
algebraically closed, 13
arithmetic function, 29
automorphism, 28
casting out nines, 1
Chinese Remainder Theorem, 27
commutative, 6
commutative ring, 6
composite, 4
congruence, 21
coprime, 4
cyclic group, 24
degree, 12
Dirichlet Product, 29
divides, 1
divisor theorem, 2
Euclidean Algorithm, 3
Euler φ -function, 24
Euler’s generalization
of Fermat’s Little Theorem, 26
even Gaussian Integer, 45
Fermat number, 18
Fermat prime, 18
Fermat’s Last Theorem, 10
Fermat’s Little Theorem, 26
field, 11
Fundamental Theorem of Algebra, 13
Fundamental Theorem of Arithmetic,
5 repeating decimals, 33
Gaussian integer, 6
greatest common divisor, 2
greatest integer function, 40
group, 6
Gauss’s Lemma, 38
homomorphism, 27
ideal, 8
integers, 1
integral domain, 7
isomorphism, 27
Lagrange’s Theorem, 26
lattice point, 41
least common multiple, 16
Legendre Symbol, 36
linear combination, 4
Mersenne prime, 18
Möbius Function, 30
Möbius Inversion Formula, 31
multiple, 1
multiplicative function, 19
norm, 7
odd Gaussian integer, 45
order of a group, 24
order of a member of a group, 25
Perfect Number, 19
prime, 4
Prime Number Theorem, 18
Primitive Pythagorean triple, 45
primitive root, 31
principal ideal, 8
Pythagorean triple, 45
Quadratic Reciprocity Law, 36
quadratic residue, 35
Rational Root Theorem, 15
relatively prime, 4
Riemann Zeta Function, 31
ring, 1
ring of integers (mod n), 23
ring with unity, 6
secret codes, 33
squares (mod p), 35
subgroup, 8

48
INDEX 49

sum of two squares, 6

twin primes, 17
unit, 1
Wilson’s Theorem, 36

William Priestley << James T. Cross www.jiblm.org

Notes to the Instructor

1 The instructor might choose to talk about the notion of “Euclidean domains” in con-
nection with this failure of unique factorization in J.
2 We shall later, of course, see the finite fields Z p where p is a prime. But it is interesting
to note that at the very end of the Notes we naturally encounter a few finite fields that have
p2 elements in them, as in Ex. 5.22.
3 InEx. 1.98 it might be pointed out that we are here discovering the three cube roots of
unity – something that will be new to some students.
4 InEx. 2.2 one might comment that after replacing each of the integers a and b by an
appropriate product of primes, we see that the equation p(bn ) = an cannot hold, for the
prime p cannot occur the same number of times on both sides of this equation if n > 1.
5 Ex. 2.9 outlines Euclid’s ancient algorithm for finding a new prime, given any finite
set of primes: Just find a prime factor of one plus the product of all the primes in the set. It
might be pointed out, however, that Euclid’s method – though constructive – is hopelessly
inefficient. Anyone who knows the first 25 primes and wants another prime would not want
to multiply the 25 known primes together and attempt to factor the product plus one.
6 In Ex. 2.12 it has been my experience that students generally don’t work hard enough
to find a counterexample to the natural conjecture here. In this connection a problem related
to the famous Euler polynomial n2 − n + 41 might be helpful. This polynomial takes prime
values for n = 1, 2, 3, ..., 40, but this fact doesn’t mean you can’t find a non-prime output
(n = 41).
7 After the work based on the fact that 10 is congruent to 1 mod 9, one might assign a
problem based on the fact that 10 is congruent to - 1 mod 11. Thus, a number in decimal
notation is divisible by 11 iff the alternating sum of its divisors is.
8
Cross gives as an example the message,“I passed my comps.” This refers to his stu-
dents’ passing their comprehensive examination in mathematics.
9 Perhaps the instructor should make up some more complicated quadratic reciprocity
problems for the students to work out, by introducing quadratic equations modulo larger
primes than are considered here.
10 In connection with Exercise 4.19 it might not be a good idea to interrupt the flow
of ideas here, but the result of this exercise quickly shows that there are infinitely many
primes of the form 4n + 1: For any prime factor of [N!]2 + 1 is seen to be such a prime p
by this exercise and it is easy to see that p > N. (An easier argument based upon a simple

50
 51

modification of Euclid’s familiar argument shows that there are also infinitely many primes
of the form 4n + 3. Proofs of these relatively simple special cases of Dirichlet’s Theorem
might make good assignments for students.

Additional materials in support of this course are available. Interested in-

structors are invited to correspond with W. M. Priestley at [email protected].

William Priestley << James T. Cross www.jiblm.org