October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 1

by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Chapter 1

Euclid’s Algorithm
Introduction to Number Theory Downloaded from www.worldscientific.com

1.1 SOME EXAMPLES OF RINGS

Number theory began as the study of the natural numbers N, the integers
Z and the rational numbers Q, and number theorists were concerned with
questions about how integers factorize, which equations have solutions in
integers, etc. The subject matter of number theory has shifted over the
centuries. During the 19th century, several number theorists, beginning with
Gauss, became interested in other sets of numbers, such as the Gaussian
integers, which are defined as follows:
√
Z[i] = {x + iy : x, y ∈ Z}, where i = −1.
There were two reasons for this shift in interest. First, number theorists
noticed that many of the theorems and methods which they had developed
for solving problems with integers could also be used to solve similar
problems with the Gaussian integers. Secondly, many problems concerning
the integers have a solution which is most easily described using a bigger set
of numbers. The most obvious example of this is the Quadratic Reciprocity
Law which we shall see in a later chapter. This is a theorem about equations
in Z, but its most natural proof uses larger sets of numbers called the
cyclotomic rings.
One thing which all these sets of numbers have in common is that they
are all rings. In this book, the word “ring” will mean what is often called a
“commutative unital ring”, which is defined as follows:

1
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 2

2 Introduction to Number Theory

Ring Axioms. A (commutative unital) ring is a set R with two binary

operations + and ×, satisfying the following axioms:
Addition Axiom. (R, +) is an abelian group, with an identity element which
we shall always call 0.
Multiplication Axiom. The operation × is associative and commutative, and
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

there is a multiplicative identity element in R, which we shall always

call 1. (We’ll often write xy instead of x × y).
Distributivity Axiom. For all elements x, y, z ∈ R, we have (x + y)z =
xz + yz. In other words, we can expand out all brackets in the usual
Introduction to Number Theory Downloaded from www.worldscientific.com

way.

We’ll see several examples of rings in this book. Here are a few familiar
examples.

The integers. We write Z for the ring of integers, i.e.

Z = {. . . , −2, −1, 0, 1, 2, . . .}.

We have operations of addition and multiplication on Z, and these

operations obviously satisfy the Ring Axioms.

Fields. Every field is a ring, so in particular, the rational numbers Q, the

real numbers R and the complex numbers C are all rings. A field is a ring
which satisfies two further axioms:

(1) The elements 0 and 1 in R are not equal.

(2) For every non-zero element x ∈ R, there is an element x−1 ∈ R, such
that xx−1 = 1.

The integers modulo n. Let n be a positive integer. Two integers x and

y are said to be congruent modulo n if x − y is a multiple of n. This is
written as

x≡y mod n.

The relation of congruence modulo n is an equivalence relation. The

congruency class x̄ of an integer x is the set of integers congruent to x.
This means that

x̄ = {x + ny : y ∈ Z}.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 3

Euclid’s Algorithm 3

For example, there are three congruency classes modulo 3, and they are
0̄ = {. . . , −6, −3, 0, 3, 6, . . .},
1̄ = {. . . , −5, −2, 1, 4, 7, . . .},
2̄ = {. . . , −4, −1, 2, 5, 8, . . .}.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Note that 3̄ is the same congruency class as 0̄ modulo 3. In fact, the

congruence x ≡ y mod n is equivalent to the equation x̄ = ȳ.
We’ll write Z/n for the set of congruency classes modulo n. Since every
integer is congruent to exactly one of the integers 0, 1, . . . , n − 1, we have
Introduction to Number Theory Downloaded from www.worldscientific.com

Z/n = {0̄, 1̄, . . . , n − 1}.

We can think of Z/n as the integers, with two integers regarded as equal
when they are congruent modulo n.

Lemma 1.1. Let x, x , y, y  be integers and let n be a positive integer. If

x ≡ x mod n and y ≡ y  mod n, then x + y ≡ x + y  mod n and xy ≡
x y  mod n.

Proof. This is left as Exercise 1.1. (There is a solution at the end of the
book.) 
Lemma 1.1 is quite useful for calculations. For example, suppose we’d
like to know the congruency class of 26 × 37 modulo 10. According to the
lemma, this is the same as the congruency class of 6 × 7 modulo 10 because
26 ≡ 6 mod 10 and 37 ≡ 7 mod 10.
The lemma is also used in defining operations of addition and multi-
plication on the set Z/n, which allow us to regard Z/n as a ring. These
operations are defined as follows:
x̄ + ȳ = (x + y),

x̄ × ȳ = (x × y).
For example, in Z/8, we have
33 + 12 = 45 = 5 and 33 × 12 = 396 = 4.
One needs to be a little careful with definitions like this. For example, in
Z/8, we have 33 = 17 and 12 = 20. Therefore, we require 33 × 12 to be the
same congruency class as 17 × 20. However, Lemma 1.1 tells us that this
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 4

4 Introduction to Number Theory

is the case. Indeed, in the language of congruency classes, the lemma says
that if x = x and y = y  , then x + y = x + y  and xy = x y  .
To show that Z/n is a ring (with the operations + and × just defined),
one needs to check the Ring Axioms. As an example, we’ll show that the
operation of multiplication on Z/n defined above is associative. For this,
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

we need to check that for all elements x̄, ȳ, z̄ ∈ Z/n, we have
(x̄ × ȳ) × z̄ = x̄ × (ȳ × z̄).
After unwinding the definition of multiplication, this amounts to proving
Introduction to Number Theory Downloaded from www.worldscientific.com

the congruence
(xy)z ≡ x(yz) mod n.
However, the congruence is obviously true: the two sides are actually equal
as integers, so they are certainly congruent modulo n. In fact, each ring
axiom for Z/n can be expressed as a congruence. This congruence is implied
by the corresponding ring axiom for Z, which is the same statement with
the congruence relation replaced by “=”. In this way, we see that the ring
axioms for Z/n are consequences of the ring axioms for Z.
In practice, the notation x̄ for a congruency class is very inconvenient.
It does not tell us the value of n, and it’s a lot of extra work writing a bar
on top of every symbol. Instead, we write the elements of Z/n as integers,
but replace the “=” sign with congruence modulo n. In particular, we’ll
often write Z/n = {0, 1, . . . , n − 1}, when we really mean that the elements
of Z/n are congruency classes.
Example. The elements of Z/5 are the congruency classes of 0, 1, 2, 3
and 4. Addition and multiplication are given by the following tables:

+ 0 1 2 3 4 × 0 1 2 3 4
0 0 1 2 3 4 0 0 0 0 0 0
1 1 2 3 4 0 1 0 1 2 3 4
2 2 3 4 0 1 2 0 2 4 1 3
3 3 4 0 1 2 3 0 3 1 4 2
4 4 0 1 2 3 4 0 4 3 2 1

One can see from the multiplication table that Z/5 is actually a field. This
is because 1 ≡ 0 mod 5, and every element apart from 0 has an inverse for
multiplication:
1 × 1 ≡ 1 mod 5, 2 × 3 ≡ 1 mod 5, 4 × 4 ≡ 1 mod 5.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 5

Euclid’s Algorithm 5

We’ll see in Theorem 1.2 that whenever n is a prime number, the ring Z/n
is a field.

Exercise 1.1. Show that if x ≡ x mod n and y ≡ y  mod n, then x + y ≡

x + y  mod n and xy ≡ x y  mod n (i.e. prove Lemma 1.1).
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

1.2 EUCLID’S ALGORITHM

Let’s suppose that d and m are integers. We say that d is a factor of m, or

d divides m, or m is a multiple of d if m = dx for some integer x. This is
Introduction to Number Theory Downloaded from www.worldscientific.com

written as
d|m.
If d is a factor of two integers n and m, then we call d a common factor
of n and m. Unless n and m are both zero, they have only finitely many
common factors. There is therefore the highest common factor which is
written hcf(n, m) or sometimes gcd(n, m). We’ll say that n and m are
coprime if their only common factors are 1 and −1, or equivalently if their
highest common factor is 1.
Suppose that n and m are integers with n ≥ m > 0. Dividing n by m
with remainder, we may find integers q and r, such that
n = qm + r, 0 ≤ r < m. (1.1)
The integers q and r are called the quotient and the remainder. All we’re
saying here is that the remainder on dividing an integer by m will always
be less than m. From Equation (1.1), we can see that
Every common factor of m and r is also a factor of n.
Rearranging Equation (1.1), we have r = n − qm, and from this, we can see
that
Every common factor of n and m is also a factor of r.
The last two statements show that the common factors of n and m are
exactly the same as the common factors of m and r. In particular, this
implies
hcf(n, m) = hcf(m, r). (1.2)
As the new numbers m and r are smaller than the original numbers n and
m, we have reduced the problem of calculating hcf(n, m) to the smaller
problem of calculating hcf(m, r). Indeed, as long as r is non-zero, we can
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 6

6 Introduction to Number Theory

reduce the size of the problem further by dividing m by r with remainder.

Here is an example of how this method works.
Example. We’ll calculate hcf(106, 42). The first step is to divide 106 by
42 with remainder:
106 = 2 × 42 + 22.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Equation (1.2) shows that hcf(106, 42) = hcf(42, 22). To calculate

hcf(42, 22), we again divide with remainder:
42 = 1 × 22 + 20.
Introduction to Number Theory Downloaded from www.worldscientific.com

This shows that hcf(42, 22) = hcf(22, 20). Continuing in this way, we
calculate as follows:
22 = 1 × 20 + 2,
20 = 10 × 2 + 0.
Therefore, hcf(22, 20) = hcf(20, 2) = hcf(2, 0). Since every integer is a
factor of 0, the highest common factor of 2 and 0 is just the largest factor
of 2, which is 2. Putting all this together, we’ve shown that hcf(106, 42) =
hcf(2, 0) = 2.
The algorithm used above for calculating hcf(106, 42) is called Euclid’s
algorithm. Here is a more formal description of the algorithm.
Euclid’s Algorithm.
(1) We begin with two integers n, m and let’s assume that n ≥ m ≥ 0.
(2) Define a finite sequence of integers
r1 ≥ r2 > · · · > rN > rN +1 = 0
recursively as follows: r1 = n, r2 = m, and if rs = 0, then rs+1 is the
remainder on dividing rs−1 by rs .
(3) The highest common factor of n and m is the number rN , i.e. the last
non-zero remainder. To see why this is the case, we use Equation (1.2)
several times:
hcf(n, m) = hcf(r1 , r2 ) = hcf(r2 , r3 ) = · · · = hcf(rN , 0) = rN .
Apart from being useful for calculating the highest common factors, Euclid’s
algorithm also has significant theoretical consequences. This is because it
allows us to prove results concerning highest common factors by induction;
the inductive step uses Equation (1.2). One of the most important examples
of this kind of proof is the following lemma.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 7

Euclid’s Algorithm 7

Lemma 1.2 (Bezout’s Lemma). Let n and m be integers which are not
both 0. Then there exist integers h and k such that
hcf(n, m) = hn + km. (1.3)

Before proving Bezout’s Lemma, we’ll describe a method which actually

by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

finds integers h and k which solve Equation (1.3). This method is just an
extension of Euclid’s algorithm. Suppose we divide n by m with remainder:
n = qm + r, 0 ≤ r < m.
Introduction to Number Theory Downloaded from www.worldscientific.com

The numbers m, r are smaller than n, m, and so the problem of solving

the equation hcf(m, r) = h m + k  r seems easier than our original problem.
Indeed if the remainder r is zero, then there is a simple solution h = 1,
k  = 0. Let’s suppose we already know an expression hcf(m, r) = h m + k r,
then since hcf(n, m) = hcf(m, r), we have
hcf(n, m) = h m + k  (n − qm) = hn + km,
where h = k  and k = h − k  q.
Example. We’ll find integers h, k such that hcf(106, 42) = 102h + 42k.
Recall that we calculated hcf(106, 42) as follows:
106 = 2 × 42 + 22,
42 = 1 × 22 + 20,
22 = 1 × 20 + 2,
20 = 10 × 2 + 0.
The numbers in bold are the sequence rn in Euclid’s algorithm. The highest
common factor is the last non-zero remainder, which in this case is 2. Using
the third line in the calculation above, we can write 2 as a multiple of 22
plus a multiple of 20:
2 = 22 − 1 × 20.
Using the second line, we can replace the 20 in this equation by an
expression in terms of 42 and 22:
2 = 22 − 1 × (42 − 22).
Expanding out the bracket and collecting terms together, we get an
expression for 2 in terms of 22 and 42:
2 = 2 × 22 − 42.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 8

8 Introduction to Number Theory

Using the top line of the calculation, we can replace the 22 by an expression
in terms of 106 and 42:
2 = 2 × (106 − 2 × 42) − 42.
As before, we can simplify this:
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

2 = 2 × 106 − 5 × 42.
We’ve shown that h = 2, k = −5 is a solution to Equation (1.3). Of course,
this is not the only solution; if we add 42 to h and subtract 106 from k,
Introduction to Number Theory Downloaded from www.worldscientific.com

then we will obtain another solution, so in fact there are always infinitely
many solutions to Equation (1.3).

Proof of Bezout’s Lemma. We can replace n and m by −n and −m

without altering their highest common factor, and so we may assume
without loss of generality that n and m are both greater than or equal to 0.
Also, we’ll assume that m ≤ n. We’ll prove the statement by induction on
m. If m = 0, then hcf(n, m) = n, and the lemma is true with h = 1 and
k = 0. Assume now that m > 0 and that the lemma is true for all pairs of
integers n , m with 0 ≤ m < m. As m > 0, we may divide n by m with
remainder:
n = qm + r, 0 ≤ r < m.
As we saw in Equation (1.2), hcf(n, m) = hcf(m, r). However, since r < m,
the inductive hypothesis implies that there exist integers h and k  such
that
hcf(m, r) = h m + k  r.
Rearranging this, we get
hcf(n, m) = h m + k  (n − qm) = hn + km,
where h = k  and k = h − k  q. 

Exercise 1.2. Find integers h and k such that 123h + 136k = 1.

One can answer questions like Exercise 1.2 using sage. For example,
the command gcd(1349,6035) will give the highest common factor of 1349
and 6035. To find integers h and k satisfying Equation (1.3), we use the
command xgcd(1349,6035). This will return the highest common factor
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 9

Euclid’s Algorithm 9

and the integers h and k. For example,

gcd(1349,6035)
71
xgcd(1349,6035)
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

(71, 9, −2)
9 * 1349 - 2 * 6035
71
Introduction to Number Theory Downloaded from www.worldscientific.com

Exercise 1.3. Let n and m be integers which are not both zero. Show
that an integer a can be written in the form rn + sm with r, s ∈ Z if and
only if a is a multiple of hcf(n, m).

Exercise 1.4. Show that d is a common factor of n and m if and only if

d is a factor of hcf(n, m).

Exercise 1.5. Let n and m be positive integers. We shall write lcm(n, m)

for the smallest positive integer which is a multiple of both n and m. Show
that
hcf(n, m) · lcm(n, m) = nm.

1.3 INVERTIBLE ELEMENTS MODULO n

Let’s suppose that R is a ring. An element x ∈ R is called invertible, or a

unit if there is an element y in R, such that xy = 1. The element y is called
the inverse of x. Note that x cannot have more than one inverse, since if z
is also an inverse then by the Ring Axioms, we have
y = y · 1 = y(xz) = (yx)z = 1 · z = z.
It therefore makes sense to write x−1 for the inverse of x, when this exists.
We’ll write R× for the set of invertible elements in a ring R. For example,
in the ring Z, only the elements 1 and −1 are invertible, so Z× = {1, −1}.
In contrast, if F is a field, then all the non-zero elements have inverses, so
F× is the set of all non-zero elements of F.

Proposition 1.1. For any ring R, the set R× is a group with the operation
of multiplication.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 10

10 Introduction to Number Theory

Proof. If x and y are both invertible, then xy is invertible with inverse

x−1 y −1 . Therefore, R× is closed under multiplication. We must check the
three group axioms.
Associativity. The operation of multiplication is certainly associative on
R× because associativity is one of the Ring Axioms.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Identity. The element 1 ∈ R is invertible with inverse 1, so R× has an

identity element.
Inverses. If x is invertible, then x−1 is also invertible (with inverse x).
Therefore, every element of R× has an inverse in R× . 
Introduction to Number Theory Downloaded from www.worldscientific.com

We’ll now consider which elements of the ring Z/n are invertible.
In other words, given an element x ∈ Z/n, we want a way of finding
out whether there is a y ∈ Z/n such that xy ≡ 1 mod n. To illustrate
this problem, we look at an example. The ring Z/10 has elements
{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, and multiplication in this ring is given by the
following table:

× 0 1 2 3 4 5 6 7 8 9
0 0 0 0 0 0 0 0 0 0 0
1 0 
1 2 3 4 5 6 7 8 9
2 0 2 4 6 8 0 2 4 6 8
3 0 3 6 9 2 5 8 
1 4 7
4 0 4 8 2 6 0 4 8 2 6
5 0 5 0 5 0 5 0 5 0 5
6 0 6 2 8 4 0 6 2 8 5
7 0 7 4 
1 8 5 2 9 6 3
8 0 8 6 4 2 0 8 6 4 2
9 0 9 8 7 6 5 4 3 2 
1

To find out whether an element x has an inverse, we look along row x to see
if any multiple of x is 1 (in the table, the 1’s are circled). From the table,
we can see that only 1, 3, 7 and 9 have inverses, so (Z/10)× = {1, 3, 7, 9}.
It’s quite time consuming to write out the whole table, just to find out
whether an element has an inverse. The following proposition is a much
quicker way of checking.

Proposition 1.2. Let n be a positive integer and let x ∈ Z/n. Then x is

invertible modulo n if and only if x and n are coprime.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 11

Euclid’s Algorithm 11

Proof. Suppose first that x is invertible, and that y is an inverse of x

modulo n. This means that 1 = xy + nz for some integer z. It follows that
every common factor of x and n must also be a factor of 1. This implies
hcf(x, n) = 1, so x and n are coprime.
Conversely, suppose that hcf(x, n) = 1. By Bezout’s Lemma, there exist
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

integers h and k such that hx + kn = 1. This implies hx ≡ 1 mod n, so h

is the inverse of x. 
Looking at the proof of Proposition 1.2, we see that in order to find
the inverse of an element x in Z/n, it’s sufficient to find a solution to
Introduction to Number Theory Downloaded from www.worldscientific.com

1 = hx + kn by the method described just after Bezout’s Lemma. Reducing

this equation modulo n, we see that h is the inverse of x.
Example. We’ll find the inverse of 29 in Z/100, or equivalently we’ll find
an integer x such that 29x ≡ 1 mod 100.
In order for such an inverse to exist, the numbers 100 and 29 must be
coprime. To check this, we go through Euclid’s algorithm with 100 and 29.
As before, the sequence rn is in bold.
100 = 3 × 29 + 13,
29 = 2 × 13 + 3,
13 = 4 × 3 + 1,
3 = 3 × 1 + 0.
The highest common factor is the last non-zero remainder, which in this
case is 1. Hence, 100 and 29 are coprime, so 29 is invertible modulo 100. To
find 29−1 mod 100, we find a solution to 1 = 100h + 29k as before.
1 = 13 − 4 × 3
= 13 − 4 × (29 − 2 × 13)
= 9 × 13 − 4 × 29
= 9 × (100 − 3 × 29) − 4 × 29
= 9 × 100 − 31 × 29.
Reducing the final line of this calculation modulo 100, we find that
1 ≡ −31 × 29 mod 100.
Therefore, the inverse of 29 modulo 100 is −31. We might sometimes want
to express the inverse as an integer between 0 and 99. To change −31 into
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 12

12 Introduction to Number Theory

this form, we simply add 100 to it, which will not change the congruency
class modulo 100. We therefore have
29−1 ≡ 69 mod 100.
Looking at this example, we can see that our method of finding 29−1 is
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

rather fast, when compared with the most naive method where one simply
multiplies all the numbers from 1 to 99 by 29 until one finds a solution to
29x ≡ 1 mod 100.

Exercise 1.6. Find all elements of (Z/12)× and write down a multiplica-
Introduction to Number Theory Downloaded from www.worldscientific.com

tion table for this group.

To answer a question like Exercise 1.6 in sage, we first define R to be

the ring Z/n using the command IntegerModRing
R=IntegerModRing(8)
R
Z/8Z

To list the units in Z/8, we use the following command:

R.list_of_elements_of_multiplicative_group()
[1, 3, 5, 7]

This shows that (Z/8)× = {1, 3, 5, 7}. We can produce a multiplication

table of just these elements as follows:
G=R.list_of_elements_of_multiplicative_group()
R.multiplication_table(names=’elements’,elements=G)
∗ 1 3 5 7
1 1 3 5 7
3 3 1 7 5
5 5 7 1 3
7 7 5 3 1

Exercise 1.7. Using Euclid’s algorithm, find the inverses of 9 and 23 in

Z/175.

There are several ways to calculate inverses in sage. We’ll illustrate

these methods by calculating 43−1 modulo 120. The easiest way is to simply
reduce modulo 120 using the operation %. If a and b are integers, then a%b
will return the remainder on dividing a by b. The operation also works when
a is a rational number, as long as its denominator is invertible modulo b.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 13

Euclid’s Algorithm 13

For example,
1/43 % 120
67
43^-1 % 120
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

67

There is also a command inverse_mod, which does the same thing.

inverse_mod(43,120)
Introduction to Number Theory Downloaded from www.worldscientific.com

67

One can also use the command mod(43,120) to define the congruency class
of 43 modulo 120 and then find the inverse of this congruency class.
mod(43,120)^-1
67

We can also define R to be the ring Z/120 and then use R(43) to indicate
the element 43 in the ring Z/120.
R=IntegerModRing(120)
R(43)^-1
67

The third and fourth methods are subtly different from the first and
second methods. This is because the third and fourth methods output the
congruency class of 67 modulo 120, whereas the first two methods output
the integer 67. This difference is apparent if we use the answer in a further
calculation:
2*inverse_mod(43,120)
134
2*R(43)^-1
14

1.4 SOLVING LINEAR CONGRUENCES

Suppose we’d like to solve a congruence of the form

ax ≡ b mod n, (1.4)
where we are given a, b and n and we would like to find all the integer
solutions x. Assume first that a and n are coprime. By Proposition 1.2, this
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 14

14 Introduction to Number Theory

implies a is invertible modulo n. Multiplying both sides of Equation (1.4)

by a−1 , we have the solution:
x ≡ a−1 b mod n.
Example. We’ll solve the congruence
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

5x ≡ 11 mod 13.
We go through Euclid’s algorithm starting with 13 and 5. As before, we
write the sequence rn from Euclid’s Algorithm in bold.
Introduction to Number Theory Downloaded from www.worldscientific.com

13 = 2 × 5 + 3,
5 = 1 × 3 + 2,
3 = 1 × 2 + 1.
The next remainder would be 0 because our next step would be to divide
by 1. Therefore, the highest common factor of 13 and 5 is 1. This shows
us that 5 is invertible modulo 13, and we continue with our method for
finding the inverse. The next step is to find an expression of the form
1 = h · 13 + k · 5, working backwards through the calculation we’ve just
done.
1=3−2
= 3 − (5 − 3)
=2×3−5
= 2(13 − 2 × 5) − 5
= 2 × 13 − 5 × 5.
Hence, −5 × 5 ≡ 1 mod 13 so 5−1 ≡ −5 mod 13. Now, we can solve the
congruence:
x ≡ −5 × 11 = −55 ≡ 10 mod 13.
We can check that this is indeed a solution: 5 × 10 = 50 ≡ 11 mod 13.
This method will only work if a is coprime to n, since otherwise a would
have no inverse. However, we can still solve the congruence in Equation (1.4)
even when a and n have a common factor. To do this, we use the following
two exercises.

Exercise 1.8. Show that if a is a factor of n but is not a factor if b, then

the congruence ax ≡ b mod n has no solutions x ∈ Z.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 15

Euclid’s Algorithm 15

Exercise 1.9. Show that if a is a common factor of b and n, then the

congruence ax ≡ b mod n is equivalent to x ≡ ab mod na .

The exercises give us a general method for solving Equation (1.4):

Case 1. Suppose a is invertible module n, i.e. there is an element a−1 ∈

by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Z/n such that a × a−1 ≡ 1 mod n. Then we can multiply both sides of
the congruence by a−1 to get
x ≡ a−1 b mod n.
Introduction to Number Theory Downloaded from www.worldscientific.com

Case 2. Suppose that n is a multiple of a. In particular, n and a are not

coprime, so a has no inverse modulo n. If b is not a multiple of a, then
the congruence has no solutions. If on the other hand b is a multiple of
a, then the solution is
b n
x≡ mod .
a a
b n
(Note that both a and a are integers.)

Example.
7x ≡ 84 mod 490.
Note that 7 is a common factor of 84 and 490, so the solution is x ≡
12 mod 70.
Example.
7x ≡ 85 mod 490.
Note that 7 is a factor of 490, but is not a factor of 85, so this congruence
has no solutions.
Example.
6x ≡ 3 mod 21.
This is in neither case 1 nor case 2, since 6 is neither coprime to 21 nor a
factor of 21. However, we can rewrite the congruence as
3(2x) ≡ 3 mod 21.
Using case 2, we deduce that
2x ≡ 1 mod 7.
Now 2 and 7 are coprime, so we use case 1 to get
x ≡ 2−1 ≡ 4 mod 7.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 16

16 Introduction to Number Theory

Exercise 1.10. Solve each of the following congruences:

4x ≡ 3 mod 71, 6x ≡ 12 mod 71,

12x ≡ 20 mod 72, 20x ≡ 12 mod 72,
55x ≡ 44 mod 121.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

One can solve such congruences in sage using the command solve_mod.
For example, to solve the first congruence in the exercise above, we use the
command
Introduction to Number Theory Downloaded from www.worldscientific.com

solve_mod(4*x==3, 71)
[(54)]

1.5 THE CHINESE REMAINDER THEOREM

Suppose that x is an integer which is congruent to 7 modulo 10. The

congruence x ≡ 7 mod 10 means that x − 7 is a multiple of 10. Obviously,
this implies that x − 7 is a multiple of 5 and is also a multiple of 2. Hence,
the congruence x ≡ 7 mod 10 implies both x ≡ 7 mod 5 and x ≡ 7 mod 2.
However, we know nothing of the congruency class of x modulo 3. For
example, x could be the integer 7, which is congruent to 1 modulo 3, or
x could be the integer 17 which is congruent to 2 modulo 3, or x could
be the integer 27 which is congruent to 0 modulo 3. The difference here is
that 2 and 5 are factors of 10, whereas 3 is coprime to 10. In general, if
x ≡ y mod nm, then x ≡ y mod n and x ≡ y mod m.
One could ask whether the converse to this is true: if we know the
congruency classes of an integer x modulo n and modulo m, then can we
recover its congruency class modulo nm. This question is answered by the
next result.

Theorem 1.1 (Chinese Remainder Theorem). Assume n and m are

coprime and let a ∈ Z/n, b ∈ Z/m. Then there is a unique x ∈ Z/nm such
that

x ≡ a mod n, x ≡ b mod m.

Before proving the theorem, we’ll discuss the general strategy for
proving this kind of result. The theorem states that there is a unique
solution x in Z/nm, and so the proof is in two steps. First, we show that
there is at least one solution; this is called the existence part of the proof.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 17

Euclid’s Algorithm 17

After that, we shall show that any two solutions are actually congruent
modulo nm; this is called the uniqueness part of the proof.
There is another way of thinking about these two steps, which we shall
use here. Recall that for two sets X and Y , the Cartesian product X × Y
is the set of pairs (x, y), where x is an element of X and y is an element
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

of Y . For example,

{1, 3, 4} × {2, 3} = {(1, 2), (1, 3), (3, 2), (3, 3), (4, 2), (4, 3)}.

We have a function C from Z/nm to the Cartesian product Z/n × Z/m,

Introduction to Number Theory Downloaded from www.worldscientific.com

which takes the congruency class of x modulo nm to the pair (x mod

n, x mod m). The existence part of the proof is showing that C is a surjective
function, since it shows that for any a and b, there is an integer x such that
C(x) = (a, b). The uniqueness part of the proof is showing that C is injective.

Proof. (Existence) Since n and m are coprime, we can find integers h and
k such that hn + km = 1. Let x = hnb + kma. We’ll show that x is a
solution to both congruences. From the definition of x, we have

x ≡ kma mod n.

However, the equation hn + km = 1 implies km ≡ 1 mod n. Therefore,

x≡a mod n.

A similar argument shows that x ≡ b mod m.

(Uniqueness) By proving the existence part of the theorem, we’ve shown

that the map C : Z/nm → Z/n × Z/m given by

C(x) = (x mod n, x mod m)

is surjective. To prove the uniqueness part of the theorem, we must show

that this map is also injective. However, both sets Z/nm and Z/n × Z/m
have exactly nm elements, so any surjective map from one set to the other
is also injective. 

If we look again at the existence part of this proof, then we see that
it actually gives us a formula x = hnb + kma for the solution to the
simultaneous congruences. This allows us to solve these congruences easily
in practice, which is rather more than just knowing that there is a solution.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 18

18 Introduction to Number Theory

Example. We’ll solve the simultaneous congruences

x ≡ 3 mod 8, x ≡ 4 mod 5.
The numbers 5 and 8 are coprime, so there will be integers h and k satisfying
8h + 5k = 1. The solution to the simultaneous congruences is given by
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

x ≡ h · 8 · 4 + k · 5 · 3 mod 5 × 8.
We can find the integers h and k as before by Euclid’s algorithm.
8 =5+3 1 =3−2
= 3 − (5 − 3)
Introduction to Number Theory Downloaded from www.worldscientific.com

5 =3+2
3 =2+1 =2×3−5
= 2 × (8 − 5) − 5
= 2 × 8 − 3 × 5.
This shows that we may take h = 2 and k = −3. Hence, the solution is
x ≡ 2 · 8 · 4 − 3 · 5 · 3 ≡ 19 mod 40.
We can easily check that x = 19 is a solution and we have made no mistake,
since 19 ≡ 3 mod 8 and 19 ≡ 4 mod 5. The uniqueness part of the Chinese
Remainder Theorem tells us that there are no other solutions in Z/40.
Remark. The Chinese Remainder Theorem gives us a method for solving
congruences modulo nm by simply solving modulo n and modulo m. For
example, suppose we would like to solve
x2 ≡ 2 mod 119.
We can factorize 119 = 7 × 17, so it’s really enough to find solutions
modulo 7 and modulo 17 and then put the solutions together using the
Chinese Remainder Theorem. The numbers 7 and 17 are small enough that
we can find the solutions by hand:
x ≡ ±3 mod 7, x ≡ ±6 mod 17.
To put the solutions together, we go through Euclid’s algorithm with 7
and 17:
17 = 2 × 7 + 3 1 = 7 − 2 × 3
7 =2×3+1 = 7 − 2(17 − 2 × 7)
= 5 × 7 − 2 × 17.
Hence, the solutions modulo 119 are
x ≡ 5 · 7 · (±6) − 2 · 17 · (±3)
≡ ±28 ± 17 mod 119.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 19

Euclid’s Algorithm 19

The two ± signs may be chosen independently of each other, and so there
are four solutions modulo 119, which are given by

x ≡ 45, −45, 11 or − 11 mod 119.

Exercise 1.11. Solve each of the following pairs of simultaneous congru-

by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

ences:
(a) x ≡ 3 mod 8, x ≡ 4 mod 5,
(b) x ≡ 2 mod 25, x ≡ 1 mod 19.
Introduction to Number Theory Downloaded from www.worldscientific.com

Exercise 1.12. Prove that the simultaneous congruences

x ≡ a mod n, x ≡ b mod m

have a common solution x if and only if a ≡ b mod hcf(n, m).

Exercise 1.13. Let R and S be rings. Show that the cartesian product
R × S is a ring, with addition and multiplication defined by

(x, y) + (x , y  ) = (x + x , y + y  ), (x, y)(x , y  ) = (xx , yy  ).

Show that the map C : Z/nm → Z/n × Z/m is a ring isomorphism.

1.6 PRIME NUMBERS

A positive integer p is called a prime number if p ≥ 2 and the only factors

of p are ±1 and ±p. The first few prime numbers are

2, 3, 5, 7, 11, 13, 17, . . .

An integer n > 1 which is not prime is called a composite number. In the

case that p is a prime number, we’ll use the notation Fp for the ring Z/p.
This is because of the following useful fact.

Theorem 1.2. If p is prime, then Fp is a field.

Proof. We already know that Fp is a ring. To show that it is a field, we

need to check two more axioms:

(1) 1 ≡ 0 mod p,
(2) Every non-zero element of Fp is invertible.

The first of these is obviously true because p ≥ 2. It remains to check

that every non-zero element of Fp has an inverse. The non-zero elements of
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 20

20 Introduction to Number Theory

Fp are {1, 2, . . . , p − 1}. None of these are multiples of p, so they must be

coprime to p. By Proposition 1.2, they are invertible modulo p. 
Exercise 1.14. Write down a multiplication table for F×
7 and find the
inverse of each element.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

Exercise 1.15. Let n be a positive integer. Show that if n is not prime,

then Z/n is not a field (and so Theorem 1.2 can be made into an if and
only if statement).
The prime numbers are thought of as the building blocks from which
Introduction to Number Theory Downloaded from www.worldscientific.com

all integers are made. This is because every positive integer can be written
as a product of primes. Indeed, if n is not itself prime, then it may be
factorized into two smaller numbers; if they are not prime, then they may
both be factorized, etc. This factorizing process cannot continue forever,
since the factors get smaller with each step, so eventually we end up with
a factorization of n into prime numbers. It turns out that this factorization
into prime numbers is unique, even though we may have made many choices
along the way to obtain the factorization.
Theorem 1.3 (Fundamental Theorem of Arithmetic). For every
positive integer n, there is a factorizationa n = p1 · · · pr with prime numbers
p1 , . . . , pr . If we have another factorization n = q1 · · · qs into prime numbers
qi , then r = s and the primes qi may be reordered so that pi = qi for all i.
The two sentences in the Fundamental Theorem of Arithmetic are called
the existence and the uniqueness statements. The existence statement
follows from the discussion above. However, the uniqueness statement is
a little harder, and to prove this part, we shall use the following lemma.

Lemma 1.3 (Euclid’s Lemma). Let p be a prime number and let

a, b ∈ Z. If p|ab, then p|a or p|b.

Proof. The assumption that p divides ab means that ab ≡ 0 mod p. If

a ≡ 0 mod p, then by Theorem 1.2, we know that a is invertible modulo
p, and therefore, b ≡ a−1 × 0 ≡ 0 mod p. Hence, either a or b is a
multiple of p. 

Proof of the Fundamental Theorem of Arithmetic (Existence). We’ll

prove by induction on n. If n = 1, then the theorem is true with r = 0.

a It is implicit in this notation that when n = 1, we have r = 0, and the empty product

on the right-hand side is equal to 1.

October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 21

Euclid’s Algorithm 21

Assume that all positive integers less than n factorize into primes. Either n
is prime, in which case, it is a product of exactly one prime, or n = ab with
a and b less than n. By the inductive hypothesis, a and b can be factorized
into primes, and therefore so can n.
(Uniqueness) We’ll prove again by induction on n. The uniqueness
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

statement is clearly true for n = 1. Assume that all positive integers less
than n have a unique factorizaion into primes, and suppose we have two
factorizations of n

n = p1 · · · pr = q1 · · · qs
Introduction to Number Theory Downloaded from www.worldscientific.com

with pi and qi all prime. Clearly, p1 is a factor of n, so by Euclid’s Lemma,

p1 |qj for some j. After reordering the qj ’s, we can assume that p1 |q1 . Since
q1 is prime, we actually have p1 = q1 . Hence,
n
= p2 · · · pr = q2 · · · qs .
p1
By the inductive hypothesis, pn1 has a unique factorization into primes. It
follows that r = s and we can reorder so that pi = qi for all i. Therefore,
the factorization of n is unique. 
The Fundamental Theorem of Arithmetic never seems to surprise
anyone. This is perhaps because we are so familiar with all the prime
factorizations of small numbers that we are already aware of the uniqueness
of prime factorizations, perhaps without being completely sure why they
are unique. It’s worth pointing out that the uniqueness of factorization is
quite a special property of the ring Z. One can easily come up with other
rings in which factorization is not unique. For example, let
√ √
Z[ −5] = {x + y −5 : x, y ∈ Z}.
√
It’s easy to see that Z[ −5] is closed under addition, subtraction and
√
multiplication, so Z[ −5] is a subring of C (see Exercise 1.16). The
number 6 in this ring factorizes in two very different ways.
√ √
6 = 2 × 3 = (1 + −5)(1 − −5).
√
From this, we see that Z[ −5] does not have unique factorization.

Exercise 1.16. Let R be a ring and let S be a subset of R satisfying the

following conditions:

(1) S contains the elements 0 and 1 of the ring R;

(2) if x and y are in S, then x + y, x − y and xy are also in S.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 22

22 Introduction to Number Theory

Show that S is a ring, with the operations of addition and multiplication

from the ring R. (In these circumstances, S is called a subring of R.)

Trial division. It is clear, even from the existence part of the Fundamental
Theorem of Arithmetic, that if n is composite, then the smallest prime
√
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

factor p of n is no greater than n. In practice, this makes it quite easy

to find out whether relatively big numbers are prime. One simply lists the
√
primes less than or equal to n; if none of these are factors of n, then n is
prime. This method is called trial division.
Introduction to Number Theory Downloaded from www.worldscientific.com

Example. We’ll determine whether 199 is prime by trial √ division. The

number 199 is between 142 = 196 and 152 = 225, so 199 < 15. The
primes up to 15 are 2, 3, 5, 7, 11, 13, so we just need to check whether any
one of these divides 199.
We can immediately see that 199 is not a multiple of 2, 3 or 5. For the
other primes, we simply divide to check:
199 = 140 + 49 + 7 + 3 ≡ 3 mod 7,
199 = 99 + 99 + 1 ≡ 1 mod 11,
199 = 130 + 65 + 4 ≡ 4 mod 13.
√
We’ve shown that 199 is not a multiple of any of the primes ≤ 199, so
199 is a prime number.
The time taken to show that an integer n is prime by trial division
√ √
n
grows faster than n as n gets large (we need to divide by roughly log(n)
smaller primes, and each division takes time proportional to log(n)2 ). There
are more sophisticated algorithms which test much more quickly whether a
very large integer n is prime. For example, it’s known that we can test for
primality in time proportional to (log n)6 (see [1]).

Exercise 1.17. List the prime numbers up to 30. Hence, use trial division
to determine which of the following numbers are prime and factorize those
which are composite into primes.
263, 323, 329, 540, 617, 851.

We can check using sage that we have the right answer using the
command is_prime:
is_prime(199)
True
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 23

Euclid’s Algorithm 23

We can list all the primes between two numbers with the command
prime_range:
prime_range(100,150)

[101, 103, 107, 109, 113, 127, 131, 137, 139, 149]
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

We can also find the factorization of a number into primes using the factor
command.
factor(100)
Introduction to Number Theory Downloaded from www.worldscientific.com

22 · 52

We’ll next consider the question of how many prime numbers there are.

Theorem 1.4. There are infinitely many prime numbers.

Proof. We’ll prove the theorem by contradiction. Suppose there are only
finitely many primes, and let p1 , . . . , pr be a complete list of all the prime
numbers. Let N = p1 · · · pr + 1. Clearly, N is congruent to 1 modulo every
prime, so in particular, N is not a multiple of any prime number. This
contradicts the Fundamental Theorem of Arithmetic. 

There are many variations on the proof of Theorem 1.4 given above,
which show that there are infinitely many prime numbers of a particular
kind. For example, one can show that there are infinitely many prime
numbers congruent to 2 modulo 3. To see this, we shall argue by
contradiction. Suppose for a moment that there were only finitely many
such primes and call these primes p1 , . . . , pr . Consider the prime factors of
the number

N = 3p1 · · · pr − 1.

None of the primes p1 , . . . , pr are factors of N , so N has no prime factors

congruent to 2 modulo 3. Also, the number N is not a multiple of 3, so
all of its prime factors are congruent to 1 modulo 3. By the Fundamental
Theorem of Arithmetic, N is a product of primes which are congruent to 1
modulo 3, and therefore, N ≡ 1 mod 3. However, it’s clear from the formula
for N that N ≡ 2 mod 3, so we have a contradiction.
Here are some similar examples.

Exercise 1.18. Prove that there are infinitely many primes which are not
congruent to 1 modulo 5.
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 24

24 Introduction to Number Theory

Exercise 1.19. Let H be a proper subgroupb of the group (Z/n)× . Prove

that there are infinitely many prime numbers, whose congruency class
modulo n is not in H.

Exercise 1.20. Show that there are no primes congruent to 210

by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

modulo 1477.

Exercise 1.21. Show that there are infinitely many prime numbers p such
that the congruence x5 + x + 1 ≡ 0 mod p has a solution.
Introduction to Number Theory Downloaded from www.worldscientific.com

Generalizing these exercises, one might ask which arithmetic progres-

sions contain infinitely many prime numbers. Suppose we have a sequence

xn = a + dn, n ∈ N,

and we’d like to know whether the sequence contains infinitely many primes
numbers. It’s clear that hcf(a, d) is a factor of every term xn , and so the
sequence can only contain more than one prime if a and d are coprime.
It turns out that this is the only condition required for such a sequence
to contain infinitely many prime numbers. In other words, we have the
following.

Theorem 1.5 (Dirichlet’s Primes in Arithmetic Progressions

Theorem). If a and d are coprime integers, then there are infinitely many
prime numbers congruent to a modulo d.

The proof of Dirichlet’s Primes in Arithmetic Progressions Theorem

goes beyond the scope of this book. Dirichlet’s proof, which requires some
knowledge of complex analysis, can be found in [6]. A more elementary
(although not necessarily easier) proof was found much later by Selberg in
1949 [22].
One can also ask roughly how many prime numbers there are up to a
given bound N , in other words, roughly how big is the quantity

π(N ) = |{p ≤ N : p is a prime number}|.

It’s useful when discussing π(N ) to use the notation of asymptotic

equivalence. We say that two functions f (N ) and g(N ) are asymptotically
equivalent (written f (N ) ∼ g(N )) if limN →∞ fg(N
(N )
) = 1. By studying tables

b A proper subgroup of (Z/n)× is a subgroup which does not contain all the elements of

(Z/n)× .
October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 25

Euclid’s Algorithm 25

of prime numbers, both Gauss and Legendre independently conjectured

N c
in the 1790s that π(N ) is approximately log(N ) . Their conjecture was
eventually made precise and proved roughly 100 years later independently
by both Hadamard and de la Vallée–Poussin in 1896. The result is now
called the Prime Number Theorem.
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

N
Theorem 1.6 (Prime Number Theorem). π(N ) ∼ log(N ) .

In fact, a slightly better estimate for π(N ) is the logarithmic integral

Li(N ), defined by
Introduction to Number Theory Downloaded from www.worldscientific.com

 N
1
Li(N ) = dx.
2 log(x)
N
The logarithmic integral is asymptotically equivalent to log(N ) , but |π(N )−
N
Li(N )| is smaller than |π(N ) − log(N ) |. It’s an important open question
to determine just how small π(N ) − Li(N ) is. It is believed that the
following statement is true (which is much stronger than the Prime Number
Theorem).
Conjecture (Riemann Hypothesis). There is a real number B such
that for all N ≥ 2,
√
|π(N ) − Li(N )| ≤ B N log(N ).
The Riemann Hypothesis is usually stated in a different way (see for
example [17]), but the statement above is equivalent.

Exercise 1.22. Let a ≥ 2 and b ≥ 2 be integers, such that ab − 1 is a

prime number. Show that a = 2 and b is prime.

The prime numbers of the form 2p − 1 are called Mersenne Primes. Not
all numbers of the form 2p − 1 are prime, but it has been conjectured that
there are infinitely many Mersenne Primes.

Exercise 1.23. Let k ≥ 2 be an integer such that 2k +1 is a prime number.

Show that k = 2n for some integer n.
n
Numbers of the form Fn = 22 + 1 are called Fermat numbers. This is
because Fermat wrongly conjectured that all such numbers are prime. In
fact, the only known Fermat prime numbers are F0 , F1 , F2 , F3 and F4 .
It is not known whether there are infinitely many prime numbers of the

c We write log for the logarithm to the base e.

October 31, 2017 14:7 Introduction to Number Theory 9in x 6in b3063-ch01 page 26

26 Introduction to Number Theory

form Fn , or even whether there are infinitely many composite numbers of

this form.

Exercise 1.24. Find all solutions to the simultaneous congruences

x ≡ 5 mod 2400 and x ≡ 5 mod 3400 .
by Prajay Thul on 08/09/24. Re-use and distribution is strictly not permitted, except for Open Access articles.

HINTS FOR SOME EXERCISES

1.5. Use Bezout’s lemma to show that hcf(n, m)lcm(n, m) is a multiple of

nm
nm and prove directly from the definition that lcm(n, m) ≤ hcf(n,m) .
Introduction to Number Theory Downloaded from www.worldscientific.com

1.12. This is an if and only if statement, so there are two things to

prove. If we assume that the congruences have solutions, then we can prove
directly that a ≡ b mod hcf(n, m). To prove the converse, it’s convenient to
x−a
rewrite the congruences in terms of the variable y = hcf(n,m) and use the
Chinese Remainder Theorem to show that an integer solution y exists.

1.18. N = 5p1 · · · pr − 1.

1.22. Show that if b is a factor of c, then ab − 1 is a factor of ac − 1.

1.23. Show that if k = rs with r odd, then 2s + 1 is a factor of 2k + 1.