Chapter 2

Chapter Two
Number Theory
2.1 INTRODUCTION
Number theory is that area of mathematics dealing with the properties of the integers under the
ordinary operations of addition, subtraction, multiplication and division. It is one of the oldest and,
without dispute, one of the most beautiful branches of mathematics. Its problems and theorems
have been studied by mathematicians, both amateur and professional, for well over 2000 years.
In a large measure, the subject is characterized by the simplicity with which dicult problems
can be stated and the ease with which they can be understood and appreciated by persons without
much mathematical background. Thus it should come as no surprise that such problems have
attracted the attention of professional mathematicians and amateurs alike.
Many of the most basic and interesting problems in number theory involve prime numbers. Here
is an example of one such problem: We prove in Section 2.4 that there are innitely many prime
numbers; but
Are there innitely many primes of the form n
2
+ 1, where n Z
+
?
For instance, the primes 2, 5, and 17 are of this form, since 2 = 1
2
+ 1, 5 = 2
2
+1, and 17 = 4
2
+ 1.
This question is certainly easy to understand and yet, to this day, no one has determined the answer
to it.
Another famous problem, one with an intriguing history, is due to the famous French mathe-
matician Pierre de Fermat (1601-1665). To begin our discussion of it, recall from plane geometry
the Pythagorean theorem, which says that the side lengths a, b, and c of a right triangle (where c is
the length of the hypotenuse) satisfy the relation
c
2
= a
2
+ b
2
Triples (a, b, c) of positive integers that satisfy this relation and are called Pythagorean triples; the
smallest and most well-known is (3, 4, 5). Are there innitely many Pythagorean triples? Well, of
course! Once we have one triple (a, b, c) we can get innitely many others just by taking multiples
of it; that is, look at (na, nb, nc) where n is any positive integer. Starting with the triple (3, 4, 5),
for instance, we obtain (6, 8, 10), (9, 12, 15), and so on. But multiples of a given triple are not very
interesting. So lets call a Pythagorean triple primitive provided it is not simply a multiple of some
smaller triple. We then get a revised, and more interesting, question: Are there innitely many
primitive Pythagorean triples? It turns out that the answer is yes. In fact, Pythagoras himself is
credited with the following result.
84 Chapter 2 Number Theory
Theorem 2.1 (Pythagoras): If n is an odd integer, n 3, then
(n,
n
2
1
2
,
n
2
+ 1
2
)
is a primitive Pythagorean triple.
Note that Pythagoras formula yields the following triples:

(3, 4, 5), (5, 12, 13), (7, 24, 25), (9, 40, 41), (11, 60, 61), (13, 84, 85), . . .
However, it does not give us all the primitive triples, for example, (8, 15, 17) does not t Pythagoras
formula. For more on the problem of nding primitive Pythagorean triples, see Chapter Problems
19 and 20.
Are you starting to think like a mathematician yet? Seeing that the equation z
2
= x
2
+ y
2
has innitely many solutions in the positive integers, it may seem natural to wonder about similar
equations of higher degree. What about the equation z
3
= x
3
+ y
3
? Does this equation have any
solutions in the positive integers? That is, are there any triples (a, b, c) of positive integers such
that c
3
= a
3
+ b
3
?
In general, let d be a positive integer, and consider the equation
z
d
= x
d
+ y
d
For d > 2, are there any solutions to equation in the positive integers? Fermat couldnt nd any;
in fact, he claimed, in 1637, to have proved the following assertion.
Fermats Conjecture: For d > 2, no solutions to equation exist in the positive integers.
Now heres where the story gets interesting. Fermat had the practice of making notes in his
copy of the works of the Greek mathematician Diophantus (circa A.D. 300). He would quite often
write down, without proof, a result he had discovered. The preceding conjecture is one of these
discoveries. In fact, it is the only one that mathematicians had, until very recently, been unable
to prove. Tantalizing us even further, Fermat himself wrote, For this I have discovered a truly
wonderful proof, but the margin is too small to contain it. Because of this claim the conjecture
has been called Fermats last theorem, or FLT for short.
Many famous mathematicians worked on the Fermat conjecture. Euler, for example, proved
the conjecture for the case d = 3. Fermat himself proved it for d = 4 and, in 1825, Legendre
and Dirichlet independently proved it for d = 5. More recently, in 1983, Gerd Faltings proved a
conjecture of Mordell which implies that, for each d > 2, there are only nitely many (possibly
none!) solutions to equation in the positive integers. But, though many tried, no one was able
to prove Fermats conjecture until recently, that is. As is often the case in mathematics, failed
attempts to prove the general Fermat conjecture were far from fruitless; they gave rise to a wealth
of important mathematics, including a good portion of abstract algebra.
Let us now fast-forward to the summer of 1993. A 40-year-old mathematics professor at Prince-
ton University, Andrew Wiles, had just spent the last seven years working alone and in secrecy on
the worlds most famous unsolved math problem. Finally, a shout of Eureka! In fact, Wiles
had managed to prove (he thought) an important special case of a very general conjecture known as
2.1 Introduction 85
the Shimura-Taniyama conjecture, and from this result Fermats last theorem follows as a corollary.
Wiles decided to unveil his results by giving a series of three lectures in June at a number theory
conference at Cambridge University in England. Maintaining suspense to the very end, Wiles gave
his lecture series the very general title of Modular Forms, Elliptic Curves, and Galois Represen-
tations. By the third lecture, many in the audience had guessed what Wiles was up to. When
he wrote his main theorem on the blackboard, there was an audible gasp in the room, and when
he then wrote that Fermats last theorem followed as a corollary, the audience of mathematicians
(usually a fairly staid bunch) broke into applause!
E-mail messages ashed the news across the world that Wiles had proven FLT. The news even
made front page headlines in many newspapers, including the New York Times. But wait, a few
skeptics cautioned, shouldnt the celebration be put on hold until the details of the proof have
been checked? Havent other people claimed to have proven FLT, only to have errors found in
their proofs upon closer examination? Indeed, FLT is generally considered to hold the record for
incorrect proofs; in fact, several purported proofs were at rst judged to be correct and were actually
published in mathematics journals.
But following the Cambridge conference, even though no one had as yet read the 200 or so hand-
written pages of Wiles manuscript, most of the experts believed that Wiles had indeed proven FLT
this based on Wiles excellent reputation, the outline of the proof he had given in his series of
lectures, and the fact that his approach just seemed right to experts in the eld.
Ever cautious, Wiles initially refused to circulate his manuscript broadly, preferring instead to
have a small number of close associates check it. He knew it was inevitable that a number of
minor errors would be uncovered errors that, hopefully, could be xed easily. Unfortunately, one
seemingly small gap turned out to be rather large. In December of 1993, Wiles sent out an e-mail
message acknowledging that a gap had been found, but expressing the hope that it could be bridged
using the ideas explained in his Cambridge lectures.
Fortunately, the story has a happy ending. With the help of a colleague, Richard Taylor, Wiles
was able to x his proof of FLT as Faltings puts it, Taylor and Wiles did not bridge the gap,
but rather circumvented it. A set of two manuscripts, a long one by Wiles alone, and another
shorter, joint paper by Taylor and Wiles, were released in late October, 1994. Having been checked
already by several leading experts in the eld, they were accepted for publication, and the articles
appeared in 1995 in the Annals of Mathematics [A. Wiles, Modular elliptic curves and Fermats Last
Theorem, Ann. Math. 141 (1995), 443551; R.L. Taylor and A. Wiles, Ring theoretic properties
of certain Hecke algebras, Ann. Math. 141 (1995), 553572]. Thus, for the record, let us formally
state Fermats last theorem.
Fermats Last Theorem (A. Wiles and R.L. Taylor, 1995): For any positive integer d > 2, the
equation
z
d
= x
d
+ y
d
has no solution (x, y, z) such that each of x, y, and z is a positive integer.
The primary aim of this chapter is to provide some basic information from elementary number
theory. This includes a treatment of several number-theoretic algorithms. In addition, we provide
additional practice with mathematical induction, which provides an important technique for proving
statements about the positive integers. Many of the ideas and results presented in this chapter are
used in succeeding chapters of this book, and will be encountered again by the student taking
subsequent course work in the mathematical sciences.
One of the most basic principles used in mathematics, especially in number theory, is the principle
of well-ordering (PWO). This was introduced in Chapter 1, and we restate it now.
Principle of Well-ordering: Every nonempty subset of Z
+
has a smallest element.
It is not possible to prove the principle of well-ordering using the familiar properties satised
by the integers under addition and multiplication. However, a little thought should convince you
of its self-evident nature. Hence, the principle of well-ordering is adopted as an axiom, or basic
assumption.
To get a better grasp of the principle of well-ordering (or, well-ordering principle), lets nd the
smallest element of several nonempty subsets of Z
+
.
Example 2.1: Find the smallest element of each of these nonempty subsets of Z
+
.
(a) S
1
= n Z
+
[ n is prime
(b) S
2
= n Z
+
[ n is a multiple of 7
(c) S
3
= n Z
+
[ n = 110 17m for some m Z
(d) S
4
= n Z
+
[ n = 12s + 18t for some s, t Z
Solution:
(a) The set S
1
is the set of primes, and the smallest prime is 2.
(b) The set S
2
is the set of positive multiples of 7, and the smallest positive multiple of 7 is 7.
(c) Here we must nd the smallest positive integer n of the form 110 17m, where m is an
integer. The number 110 = 110 17(0) is of this form and, as m increases, n decreases. In fact,
as m takes on the values 0, 1, 2, 3, . . ., the values of n form the sequence
110, 93, 76, 59, . . . , 8, 9, . . .
Hence, the smallest element of S
3
is 8. The number 8 just happens to be the remainder when 110
is divided by 17. This is more than just a coincidence, as is shown in the next section where the
division algorithm is discussed.
(d) In this part we are looking for the smallest positive number n of the form 12s +18t, where s
and t are integers. Note that 12s + 18t = 6(2s +3t); thus, any element of S
4
must be a multiple of
6. Moreover, 6 = 12(1) + 18(1), so that 6 S
4
. This shows that 6 is the smallest element of S
4
.
The number 6 happens to be the greatest common divisor of 12 and 18, an idea that is explored in
Section 2.3.
We often make use of the following slight extension of the principle of well-ordering.
2.1 Introduction 87
Theorem 2.2: Any nonempty subset of the set 0, 1, 2, 3, . . . of nonnegative integers has a
smallest element.
Proof: Let S be an arbitrary nonempty subset of the set of nonnegative integers. We consider
two cases, depending on whether or not 0 S. In the rst case, if 0 S, then clearly 0 is the
smallest element of S (because 0 is the smallest nonnegative integer). In the second case, if 0 / S,
then S is a nonempty subset of Z
+
. In this case the principle of well-ordering implies that S has a
smallest element. In either case, then, S has a smallest element, and this completes the proof.
Exercise Set 2.1

1. Plato is credited with the following result: If n is a positive integer, n 3, then
(2n, n
2
1, n
2
+ 1)
is a Pythagorean triple.
(a) Verify this result.
(b) Find the Pythagorean triples given by Platos formula for n 3, 4, 5, . . . , 12. Which of
them are primitive?
(c) Give a necessary and sucient condition (on n) for Platos formula to yield a primitive
Pythagorean triple.
(d) In what sense do the formulas of Plato and Pythagoras (Theorem 2.1) complement each
other?
2. Using Fermats last theorem, show that the equation
z
3
= 8x
3
+ 27y
3
has no solution (x, y, z) in the positive integers.
3. Prove Theorem 2.1.
4. In general, a subset T of R is said to be well-ordered provided every nonempty subset of T has
a smallest element. Determine whether these subsets of R are well-ordered.
(a) (b) 9, 6, 3, 0, 1, 2, 3
(c) 0 Q
+
(d) 2Z
(e) 9, 8, 7, 6, . . .
5. Find the smallest element of each subset of Z
+
.
(a) A = n Z
+
[ n = m
2
10m+ 28 for some integer m
(b) B = n Z
+
[ n = 5q + 2 for some integer q
(c) C = n Z
+
[ n = 150 19m for some integer m
(d) D = n Z
+
[ n = 5s + 8t for some integers s and t
6. Let T, T
1
, and T
2
denote arbitrary subsets of R. Referring to the denition given in Exercise
4, prove each of the following:
(a) If T is a nite subset of R, then T is well-ordered.
(b) If T is well-ordered, then c + T is well-ordered for any real number c.
(c) If T is well-ordered, then cT is well-ordered for any nonnegative real number c.
(d) If T is a subset of Z and T itself has a smallest element, then T is well-ordered.
(e) If T
1
T
2
and T
2
is well-ordered, then T
1
is well-ordered.
7. Verify that (20, 21, 29) is a primitive Pythagorean triple that results neither from the formula of
Pythagoras nor from the formula of Plato. (Is it the smallest Pythagorean triple that is missed by
both of these formulas? See Chapter Problem 20.)
2.2 DIVISION ALGORITHM
One of the fundamental concepts included in any introduction to number theory is that of
factoring integers. In particular, given an integer n > 1, we are interested in expressing n as a
product of primes. For example, if n = 132, then n = 2 2 3 11. Is it always possible to do this?
Can it, for some n, be done in more than one way?
Before these questions can be answered, it is necessary to dene and work with certain funda-
mental terms, like factor and prime.
Denition 2.1: Let a and b be integers, with a ,= 0. We say that a divides b, denoted a [ b,
provided there is an integer q such that b = aq. In this case we also say that a is a factor (or
divisor) of b and we call b a multiple of a.
Example 2.2:
(a) 2 [ 6, since 2 3 = 6.
(b) 3 [ 27, since (3)(9) = 27.
(c) 12 [ (72), since 12(6) = 72.
(d) 4 does not divide 7, since there is no integer q such that 4q = 7.
(e) 8 does not divide 28, since there is no q Z such that (8)q = 28.
(f) For which integers m is it true that 0 is a multiple of m? In order for m [ 0 to hold, there
must exist an integer q such that mq = 0. Note that q = 0 works, since m 0 = 0. Thus, 0 is a
multiple of m for every integer m. Now, if m is not zero and m is a factor of the integer n, then
n/m is also a factor of n; in fact,
n
m
m = n
However, this wont work if m = 0. For this and other technical reasons, we do not allow 0 to be a
factor.
Note that, for any integer b > 1, both of the numbers 1 and b are positive factors of b. For some
positive integers b these are the only positive factors of b.
2.2 Division Algorithm 89
Denition 2.2: An integer p > 1 is called a prime number (or, simply, a prime) provided the
only positive factors of p are 1 and p. An integer n > 1 that is not prime is called a composite
number (or, simply, a composite).
Suppose that the integer n is composite. Then n > 1 and n is not prime. This means that n has
a factor d such that 1 < d < n. Thus it follows that n = dq, where q is an integer and 1 < q < n.
In general, we refer to factors such as d and q as proper factors (or proper divisors) of n, and
we call 1 and n the trivial factors (or trivial divisors) of n.
Example 2.3: The numbers 2 and 3 are prime, 4 = 2 2 is composite, 5 is prime, 6 = 2 3 is
composite, 7 is prime, 8 = 2 4 is composite, and 9 = 3 3 is composite. The primes less than 100
are:
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97
Primes are discussed further in Section 2.4.
Example 2.4: Find the factors of 126.

Solution: Note that
126 = 2 63 = 3 42 = 6 21 = 7 18 = 9 14
so the set of positive factors of 126 is
S = 1, 2, 3, 6, 7, 9, 14, 18, 21, 42, 63, 126
Moreover, for any integers a and b (a ,= 0), if a is a factor of b then a is also a factor of b. It
follows that the set of negative factors of 126 is
1S = 1, 2, 3, 6, 7, 9, 14, 18, 21, 42, 63, 126
A number of basic properties of the relation divides are used in this and subsequent chapters.
The next theorem lists several of these properties.
Theorem 2.3: The following implications hold for any integers a, b, and c, with a ,= 0:
1. If a [ b, then a [ (bx) for any integer x.
2. If a [ b and b [ c, then a [ c. (Here, b ,= 0.)
3. If a [ b and a [ c, then a [ (bx + cy) for any integers x and y.
4. If a [ b and b [ a, then a = b or a = b. (Here, b ,= 0.)
5. If a [ b and b is nonzero, then [a[ [b[.
Proof: We give direct proofs of parts 2 and 4 and leave the remaining parts to Exercise 2; the
proofs of parts 2 and 4 provide a good illustration of how the remaining parts are proved.
For part 2, assume a [ b and b [ c. Then there exist integers q
1
and q
2
such that b = aq
1
and
c = bq
2
. It follows (using substitution for b) that
c = bq
2
= (aq
1
)q
2
= a(q
1
q
2
)
Thus, there exists an integer q, namely q = q
1
q
2
, such that c = aq. Therefore, a [ c.
For part 4, assume a [ b and b [ a. Then there exist integers q
1
and q
2
such that b = aq
1
and
a = bq
2
. Hence, we have that
a = bq
2
= (aq
1
)q
2
= a(q
1
q
2
)
Since a ,= 0, it follows that 1 = q
1
q
2
and, since q
1
and q
2
are integers, we have that either q
1
= q
2
= 1
or q
1
= q
2
= 1. Hence, a = b.
Let us emphasize again the meaning of the statement a is a factor of b. This means that
there is some integer q such that b = aq. You probably remember learning about long division
in elementary school. In this process, one integer b, called the dividend, is divided by another
integer a, called the divisor, to obtain a quotient q and a remainder r. For example, when
b = 23 is long-divided by a = 7, we obtain a quotient of 3 and a remainder of 2. One then checks
this by noting that 23 = 7(3) + 2. However, note that 23 can be expressed in the form 7q + r
in other ways; for example, 23 = 7(4) + (5) = 7(2) + 9. Is it wrong to say that the quotient
is 4 and the remainder is 5, or that the quotient is 2 and the remainder is 9? Well, yes it is,
because, in long-dividing 23 by 7, one is taught to determine the largest quotient q for which the
remainder r is nonnegative. This implies that the remainder must be less than the divisor. In
fact, it should be remarked that, among all integer expressions of the form 23 7q, one chooses the
smallest nonnegative one for the remainder.
In general, given integers a and b with a > 0, there exist unique integers q and r such that
b = aq + r, where 0 r < a. Analogous to what is stated above regarding 23 and 7, the remainder
r will turn out to be the smallest nonnegative value of the expression b aq, where q Z. This
property is known as the division algorithm, and in this context the integers a, b, q, and r are
called the divisor, dividend, quotient, and remainder, respectively.
Theorem 2.4 (Division Algorithm): Given integers a and b with a > 0, there exist integers q
and r such that b = aq + r and 0 r < a. Moreover, q and r are uniquely determined by a and b.
Proof: Let integers a and b be given with a > 0. We rst show that there exist integers q and r
such that b = aq + r and 0 r < a. In order to do this, we apply the extended version of the
principle of well-ordering (Theorem 2.2) to the set
S = b ax [ x Z and b ax 0
So S is a set of nonnegative integers. In order to apply Theorem 2.2, we must show that S is
nonempty. If b 0, then b S, since, letting x = 0, we obtain b = b a(0). Suppose, on the other
hand, that b < 0. Then b ab S, since letting x = b yields b ab = b(1 a) 0. Thus, in either
case, S is nonempty. Therefore, by Theorem 2.2, S has a smallest element; call it r. Since r S,
there is some x Z, say x = q, such that r = b aq. Thus, b = aq + r and, since r S, we have
that r 0.
It remains to show that r < a. To do this, we proceed by contradiction and suppose that r a.
Let t = r a. Then t 0 and, since a > 0, we have that t < r. Moreover,
t = r a = (b aq) a = b (aq + a) = b a(q + 1)
But this means that t S (let x = q + 1) and t < r, contradicting the fact that r is the smallest
element of S. This completes the proof of the existence of q and r.
We next show that the quotient q and the remainder r are uniquely determined by a and b. To
show that there is a unique mathematical object with a given property, a standard technique is to
suppose that there are two objects with the given property, and then show that the two objects
must, in fact, be equal. So, suppose that aq
1
+ r
1
= b = aq
2
+ r
2
, where q
1
, r
1
, q
2
, and r
2
are
integers and both 0 r
1
< a and 0 r
2
< a. We wish to show that q
1
= q
2
and r
1
= r
2
. Assume,
without loss of generality, that r
1
r
2
; hence, r
2
r
1
0. Since aq
1
+ r
1
= aq
2
+ r
2
, we obtain
a(q
1
q
2
) = r
2
r
1
Thus, a [ (r
2
r
1
). Since 0 r
2
r
1
< a, it must be the case that r
2
r
1
= 0. Therefore, r
2
= r
1
.
Then, since a(q
1
q
2
) = r
2
r
1
= 0 and a ,= 0, we obtain that q
1
q
2
= 0, so that q
1
= q
2
. This
completes the proof.
The proof of Theorem 2.4 is an existence proof. It concentrates on verifying the existence of
integers q and r satisfying the properties stated in the theorem, rather than on giving a method for
nding q and r. However, the proof implicitly suggests an algorithm for nding q and r from a and
b, using only the operations of addition and subtraction. We give an informal description of this
algorithm here, leaving further investigation of it to the exercises.
If b 0, then consider the sequence
b a(0), b a(1), b a(2), . . .
of numbers obtained by starting with b and then repeatedly subtracting a. Since a > 0, the numbers
in this sequence are eventually negative; r = b aq is the last nonnegative term in this sequence.
On the other hand, if b < 0, then consider the sequence
b a(0), b a(1), b a(2), . . .
of numbers obtained by starting with b and then repeatedly adding a. The numbers in this sequence
are eventually nonnegative; r = b aq is the rst nonnegative term. (Note in this case that q 0.)
The following corollary to Theorem 2.4 extends the division algorithm to handle the case of a
negative divisor. Its proof is left to Exercise 10.
Corollary 2.5: Given integers a and b with a ,= 0, there exist uniquely determined integers q
and r such that b = aq + r, where 0 r < [a[.

Example 2.5: In the context of Corollary 2.5, nd q and r for the given a and b.
(a) a = 17, b = 110 (b) a = 7, b = 59
(c) a = 11, b = 41 (d) a = 5, b = 27
(e) a = 13, b = 7 (f) a = 13, b = 7
Solution:
(a) Since 110 = 17(6) + 8, we have that q = 6 and r = 8.
(b) Since 59 = 7(9) + 4, we have that q = 9 and r = 4. In this problem it is easy to make
the mistake of saying q = 8 and r = 3, since 59 = 7(8) +(3). However, remember that any
remainder is required to be nonnegative, so r = 3 cant be right.
(c) In this part we nd that q = 3 and r = 8.
(d) Here we nd that q = 6 and r = 3.
Parts (e) and (f) are meant to illustrate the following general problem: Given integers a and b
with 0 b < [a[, nd q and r. This is actually an easy problem, since b = a(0) + b and b is a valid
remainder; see Exercise 24. In part (e), for example, note that
7 = 13(0) + 7 and 0 7 < 13
Thus, q = 0 and r = 7. Similarly, in part (f), 7 = (13)(0) +7 and 0 7 < [13[. Hence it follows
that q = 0 and r = 7.
Example 2.6: Show that any integer m is expressible in precisely one of the forms 3q, 3q + 1, or
3q + 2, where q is an integer.
Solution: Apply Corollary 2.5 with dividend m and divisor 3 it states that there exist unique
integers q and r such that m = 3q + r, where 0 r < 3. Hence r = 0, r = 1, or r = 2. Since r is
uniquely determined, it follows that m is expressible in precisely one of the forms 3q, 3q + 1, or
3q + 2.
Example 2.7: Show that the product of any two consecutive integers is even.
Solution: According to the division algorithm (Corollary 2.5), every integer m is uniquely
expressible in the form m = 2q + r, where 0 r < 2. Thus m is expressible in precisely one of the
forms 2q or 2q + 1. If m = 2q, we call m an even integer, whereas if m = 2q + 1, we call m an odd
integer. Now, consider two arbitrary consecutive integers, n and n + 1, say. We want to show
that n(n + 1) is even. This means that we must show that n(n + 1) = 2k for some integer k. We
consider two cases, depending on whether n itself is even or odd.
In the rst case, suppose that n is even, say n = 2q. Then
n(n + 1) = 2q(2q + 1) = 2(2q
2
+ q)
This shows that n(n + 1) is even. (Here, k = 2q
2
+ q.)
In the second case, suppose that n is odd, say n = 2q + 1. Then
n(n + 1) = (2q + 1)(2q + 2) = 2(2q + 1)(q + 1)
so again n(n + 1) is even. (In this case, k = (2q + 1)(q + 1).)
In general, given an arbitrary positive integer n, the division algorithm tells us that every integer
is expressible in precisely one of the following forms:
nq, nq + 1, nq + 2, . . . , nq + (n 1)
In much of the discussion that follows you need to make use of this idea, so be ready for it. The
following example illustrates this point.
Example 2.8: Show that the product of any two integers of the form 6k + 5 has the form 6k + 1.
Solution: Let m
1
and m
2
be two integers of the form 6k + 5. This means that m
1
= 6k
1
+ 5 and
m
2
= 6k
2
+ 5 for some integers k
1
and k
2
. Thus,
m
1
m
2
= (6k
1
+ 5)(6k
2
+ 5)
= 36k
1
k
2
+ 30k
1
+ 30k
2
+ 25
= 36k
1
k
2
+ 30k
1
+ 30k
2
+ 24 + 1
= 6(6k
1
k
2
+ 5k
1
+ 5k
2
+ 4) + 1
Therefore, m
1
m
2
has the form 6k + 1 (with k = 6k
1
k
2
+ 5k
1
+ 5k
2
+ 4), as was to be shown.
As already noted, if the division algorithm is applied to an integer m and the divisor 3, then the
remainder r is precisely one of the numbers 0, 1, or 2. Dene the sets S
0
, S
1
, and S
2
by
S
0
= 3q [ q Z = 3Z
S
1
= 3q + 1 [ q Z = 1 + 3Z
S
2
= 3q + 2 [ q Z = 2 + 3Z
Then, for r 0, 1, 2, S
r
is the set of all those integers m that yield a remainder of r when divided
by 3. For instance, 11 = 3 3 + 2, so 11 S
2
, whereas 11 = 3(4) + 1, so 11 S
1
. By the
uniqueness of r, each integer m belongs to exactly one of the sets S
0
, S
1
, or S
2
. It follows that:
1. Z = S
0
S
1
S
2
;
2. The sets S
0
, S
1
, and S
2
are pairwise disjoint.
Because these two properties hold, we say that S
0
, S
1
, S
2
is a partition of the set Z. The
important concept of partition is explored further in Chapter 4.
In explicit form,
S
0
= . . . 9, 6, 3, 0, 3, 6, 9, . . .
S
1
= . . . 8, 5, 2, 1, 4, 7, 10, . . .
S
2
= . . . 7, 4, 1, 2, 5, 8, 11, . . .
Note that two integers are in the same set S
r
if and only if they dier by a multiple of 3. This
suggests the following general and important result.
Theorem 2.6: Let m
1
, m
2
, and n be integers, with n ,= 0, and let the remainders upon division
of m
1
and m
2
by n be r
1
and r
2
, respectively. Then
r
1
= r
2
if and only if n [ (m
2
m
1
)
Proof: Let m
1
, m
2
, and n be integers, with n ,= 0, and let the remainders upon division of m
1
and
m
2
by n be r
1
and r
2
, respectively. To prove this result, we must prove the two implications:
(1) If r
1
= r
2
, then n [ (m
2
m
1
).
(2) If n [ (m
2
m
1
), then r
1
= r
2
.
According to the division algorithm,
m
1
= nq
1
+ r
1
and m
2
= nq
2
+ r
2
for some integers q
1
and q
2
. Thus,
m
2
m
1
= (nq
2
+ r
2
) (nq
1
+ r
1
) = n(q
2
q
1
) + (r
2
r
1
)
We rst prove (1) directly. Assume r
1
= r
2
. Then r
2
r
1
= 0, and so
m
2
m
1
= n(q
2
q
1
)
which shows that n [ (m
2
m
1
).
To complete the proof, we must prove implication (2). This is left to Exercise 8.
Exercise Set 2.2

1. In the context of Corollary 2.5, nd q and r for the given a and b.
(a) a = 11, b = 297 (b) a = 9, b = 63
(c) a = 8, b = 77 (d) a = 6, b = 71
(e) a = 5, b = 35 (f) a = 6, b = 39
2. Prove Theorem 2.3, parts 1, 3, and 5. Also, prove part 4 as a corollary to part 5.
3. Let a, b, and c be integers, with a ,= 0. Prove each of these implications:
(a) If a [ b and a [ c, then a
2
[ (bc).
(b) If a [ b, then a [ (b) and (a) [ b.
4. Prove that the following implication holds for any integers a, b, c, and d, with a and c nonzero:
If a [ b and c [ d, then (ac) [ (bd).
5. Prove each of the following facts:
(a) The square of any odd integer is of the form 4k + 1 (for some integer k).
(b) The square of any integer is of the form 3k or 3k + 1.
6. Let a, b, and c be arbitrary integers with a and c nonzero. Prove:
If (ac) [ (bc), then a [ b.
7. Apply the result of part (a) of Exercise 5 to show that none of the numbers 11, 111, 1111, and
11111 is a perfect square. (Hint: Apply the division algorithm, with a divisor of 4.) Based on the
result of this exercise, make a general conjecture regarding numbers of the form 11 1.
8. Complete the proof of Theorem 2.6. (Hint: Show that r
1
r
2
is a multiple of n and that
0 [r
1
r
2
[ < n. It follows that r
1
r
2
= 0. Why?)
9. Let a, b, and c be arbitrary integers, with a ,= 0. Prove or disprove: If a [ (bc), then either
a [ b or a [ c.
10. Prove Corollary 2.5. (Hint: If a < 0, then a > 0, and we can apply Theorem 2.4 to nd
integers q and r such that b = (a)q + r, where 0 r < a.)
11. Apply the result of part (b) of Exercise 5 to show that, for any integer m, 3m
2
1 is not a
perfect square.
12. Prove that:
(a) The sum of any two even integers is even.
(b) The sum of any two odd integers is even.
(c) The sum of any even integer and any odd integer is odd.
13. Prove: Given any three consecutive integers, (exactly) one of them is a multiple of 3. (Hint:
Denote the three consecutive integers by m, m+ 1, m + 2 and use the fact that m is expressible in
exactly one of the forms 3q, 3q + 1, or 3q + 2.)
14. Prove that, for any integer m, m
3
m is a multiple of 3. (Hint: Note that
m
3
m = m(m
2
1); if m is not a multiple of 3, what can be said about m
2
1?)
15. Prove: For any integer m, (exactly) one of the integers m, m + 4, m+ 8, m+ 12, m+ 16 is a
multiple of 5.
16. Let m represent an arbitrary integer. Prove: If m has the form 6q + 5 for some integer q,
then mhas the form 3k + 2 for some integer k. What about the converse of this implication?
17. Prove the following results as corollaries to Theorem 2.3.
(a) For any integer m, if m is even, then mx is even for any integer x.
(b) For any positive integers m and n, if m [ n, then m n.
18. Other than 2, show that no positive integer of the form n
3
+ 1 is prime. (Hint: Apply the
standard formula for factoring the sum of two cubes.)
19. Let p represent an arbitrary prime. Prove: If p has the form 3q +1 for some integer q, then p
has the form 6k + 1 for some integer k. (Hint: If p has the form 3q + 1, then p must be odd, so
what can be said about q?)
20. Prove: If (a, b, c) is a Pythagorean triple, then one of a, b, or c is divisible by 3, one is divisible
by 4, and one is divisible by 5. (For example, if a = 5, b = 12, and c = 13, then 3 [ b, 4 [ b, and
5 [ a.)
21. In this exercise, we introduce the div and mod notation. Given integers a and b with a ,= 0,
Corollary 2.5 states that there exist uniquely determined integers q and r such that b = aq + r,
where 0 r < [a[. In this context, we dene the operators div and mod as follows:
b div a = q
b mod a = r
Find b div a and b mod a for the pairs of integers a and b given in Exercise 1.
22. Given positive integers a and b, explain how to use a standard pocket calculator to compute
b div a and b mod a
23. Let m
1
and m
2
be integers such that
m
1
div 5 = q
1
m
1
mod 5 = 2
m
2
div 5 = q
2
m
2
mod 5 = 3
Find:
(a) (m
1
+ m
2
) div 5 (b) (m
1
+ m
2
) mod 5
(c) (m
1
m
2
) div 5 (d) (m
1
m
2
) mod 5
24. Given integers a and b with 0 b < [a[, nd b div a and b mod a.
25. Compute each of the following.
(a) 47 div 10 (b) 47 mod 10
(c) 47 div (10) (d) 47 mod (10)
(e) (47) div 10 (f) (47) mod 10
(g) (47) div (10) (h) (47) mod (10)
26. Show, for a > 0, that
b div (a) = (b div a) and b mod (a) = b mod a
27. Given that m
1
div 7 = q
1
, m
1
mod 7 = 2, m
2
div 7 = q
2
, and m
2
mod 7 = 6, nd:
(a) (m
1
+ 5) div 7 (b) (m
1
+ 5) mod 7
(c) (2m
1
) div 7 (d) (2m
1
) mod 7
(e) (m
2
) div 7 (f) (m
2
) mod 7
(g) (m
1
+ m
2
) div 7 (h) (m
1
+ m
2
) mod 7
(i) (2m
1
+ 3m
2
) div 7 (j) (2m
1
+ 3m
2
) mod 7
(k) (m
1
m
2
) div 7 (l) (m
1
m
2
) mod 7
28. Let a and b be positive integers with 1 a b.
(a) Find and verify a formula for (b) div a in terms of b div a.
(b) Find and verify a formula for (b) mod a in terms of b mod a.
29. Let a and b be positive integers.
(a) What is the smallest possible value for b div a?
(b) What is the largest possible value for b div a?
2.3 Euclidean Algorithm 97
Given a and b, suppose one guesses a value q
for b div a in the range of possible values. Note

that, if 0 b aq
< a, then b div a = q
and b mod a = b aq
. However:
(c) If b aq
< 0, what does this indicate about the guess q
?
(d) If b aq
a, what does this indicate about the guess q
?
30. Describe (and implement as a computer program) an algorithm that inputs integers a and b
with a ,= 0 and outputs b div a and b mod a. Base your algorithm on the results of Exercises 26,
28, and the remarks following the proof of Theorem 2.4.
31. Several computer programming languages, such as Ada and C++, have built in operators to
compute b div a and b mod a for integers a and b. However, the results do not always agree with
Denition 2.3. If you are familiar with a language that has such operators, write a short program
to test them.
2.3 EUCLIDEAN ALGORITHM
In this section we dene the greatest common divisor of two integers and describe an ecient
method for nding it, given the integers.
Denition 2.3: Given integers a and b, the integer c ,= 0 is called a common divisor (or
common factor) of a and b provided both c [ a and c [ b. If a and b are not both zero, then we
dene the greatest common divisor (or greatest common factor) of a and b to be the largest
common factor of a and b. The greatest common divisor of a and b is denoted by gcd(a, b).
Let us make a few observations about gcd(a, b). First, since 1 [ a and 1 [ b, we have that
1 gcd(a, b)
Second,
gcd(b, a) = gcd(a, b)
so we may, without loss of generality, assume that [a[ [b[. Third, since
gcd(a, b) = gcd(a, b) = gcd(a, b)
we can assume that 0 a b. Finally note that, for b > 0,
gcd(0, b) = b = gcd(b, b)
Thus, in seeking gcd(a, b), it suces to consider the case when 1 a < b; in this case, 1
gcd(a, b) a. In particular, this last statement implies that gcd(a, b) exists.
Example 2.9: Find:
(a) gcd(12, 36)
(b) gcd(18, 42)
(c) gcd(15, 28)
Solution:
(a) Note that 12 is a factor of 36; hence gcd(12, 36) = 12.
(b) The positive factors of 18 are 1, 2, 3, 6, 9, and 18; of these, only 1, 2, 3, and 6 are factors of
42. Therefore, gcd(18, 42) = 6.
(c) The positive factors of 15 are 1, 3, 5, and 15. Of these, only 1 is a factor of 28. Thus,
gcd(15, 28) = 1.
Generalizing the result of part (a) of the preceding example, note that, for 1 a < b,
gcd(a, b) = a if and only if a [ b
For 1 a < b, a simple-minded method for nding d = gcd(a, b) is to search the list of numbers
a, a 1, a 2, . . ., 2, 1, looking for the largest one that is a common factor of a and b. In the
worst case (when gcd(a, b) = 1), this method would take a steps to nd d, where each step consists
of determining whether a given positive integer is a common factor of a and b. In a number of
practical applications (e.g., data encryption) in which gcd(a, b) must be computed, a might be a
number on the order of 10
100
. Even with a fast computer that performs, say, 10
10
steps per second,
nding gcd(a, b) by this method could take 10
90
seconds in the worst case. Since there are less than
10
8
seconds in a year, this is a very long time far longer than the estimated age of the universe!
Fortunately, there is a much faster method, which goes way back to Euclid ( 300 B.C.), and
is based on repeated application of the division algorithm. For this method, assume we are given
integers a and b with 0 a < b; we wish to nd gcd(a, b). First of all, lets handle the easy case;
namely, if a = 0, then gcd(a, b) = b. To handle the case when a > 0, we make use of the following
lemma.
Lemma 2.7: For integers a and b with 0 < a b, let r = b mod a. Then
gcd(a, b) = gcd(r, a)
Proof: Let
d
1
= gcd(a, b) and d
2
= gcd(r, a)
We wish to show that d
1
= d
2
. We do this by showing that d
1
d
2
and d
2
d
1
.
Let q = b div a. Then b = aq + r. Since b = a(q) + r(1), by Theorem 2.3, part 3, any common
factor of a and r is also a factor of b. Hence, d
2
is a factor of b, and thus d
2
is a common factor of
a and b. Therefore, d
2
d
1
. (Why?)
Similarly, since r = b aq = a(q) + b(1), any common factor of a and b is also a factor of r.
Hence, d
1
is a factor of r, and thus d
1
is a common factor of a and r. It follows that d
1
d
2
.
Now consider nding gcd(a, b) when 0 < a b. By the division algorithm, there exist (unique)
integers q and r such that b = aq + r, with 0 r < a. By Lemma 2.7, we see that
gcd(a, b) = gcd(r, a)
This observation forms the basis for a procedure known as the Euclidean algorithm. Note that, for
a > 0, we replace the problem of nding gcd(a, b) with the problem of nding gcd(r, a). In the
sense that r < a and a < b, this new problem constitutes a reduced form of the original problem.
But, you may ask, How do I now nd gcd(r, a)? The answer is, Apply the same reasoning again!
That is, if r = 0, then gcd(r, a) = a. Otherwise, let r
be the remainder when a is divided by r; then

gcd(r, a) = gcd(r
, r). The Euclidean algorithm is an example of a recursive algorithm, because it

operates by reducing a (nontrivial) instance of a given type of problem to a smaller instance of the
same type of problem.
Euclidean Algorithm: Given integers a and b with 0 a b:
0. If a = 0, then gcd(a, b) = b;
1. Otherwise, let r be the remainder when b is divided by a; then gcd(a, b) = gcd(r, a).
Example 2.10: Use the Euclidean algorithm to compute gcd(64, 148).

Solution: Since 64 > 0, we apply the division algorithm to 64 and 148, obtaining
148 = 64(2) + 20, namely, a quotient of 2 and a remainder of 20. By step 1 of the algorithm, then,
gcd(64, 148) = gcd(20, 64)
Next 20 > 0, so now we divide 64 by 20, obtaining a quotient of 3 and a remainder of 4. So, by
step 1 of the algorithm,
gcd(20, 64) = gcd(4, 20)
Still 4 > 0, so we apply the recursive step again. Dividing 20 by 4 yields a quotient of 5 and a
remainder of 0, so that
gcd(4, 20) = gcd(0, 4)
Finally, gcd(0, 4) = 4. Therefore, putting all of the steps together, we see that
gcd(64, 148) = gcd(20, 64) = gcd(4, 20) = gcd(0, 4) = 4
It is the repeated application of Lemma 2.7 that indicates the general form of the Euclidean
algorithm. Lets look at this form more carefully. Suppose that a and b are positive integers with
a < b. We begin by setting r
0
= b and r
1
= a. We then successively apply the division algorithm
as follows:
r
0
= r
1
q
1
+ r
2
0 r
2
< r
1
r
1
= r
2
q
2
+ r
3
0 r
3
< r
2
.
.
.
.
.
.
r
k1
= r
k
q
k
+ r
k+1
0 r
k+1
< r
k
.
.
.
.
.
.
Consider the values r
0
, r
1
, r
2
, . . ., r
k1
, r
k
, r
k+1
, . . . . In view of the requirement in the division
algorithm that any remainder be less than its corresponding divisor, we see that these numbers
form a strictly decreasing sequence of integers; namely, that
r
0
> r
1
> r
2
> > r
k1
> r
k
> r
k+1
>
However, the above sequence of remainders cant go on forever, because each remainder is
nonnegative, and its impossible to have an innite, strictly decreasing sequence of nonnegative
integers. Hence, there must be some positive integer n + 1 such that r
n+1
= 0, and so the above
list of relations can be rewritten as follows:
r
0
= r
1
q
1
+ r
2
0 r
2
< r
1
r
1
= r
2
q
2
+ r
3
0 r
3
< r
2
.
.
.
.
.
.
r
n2
= r
n1
q
n1
+ r
n
0 r
n
< r
n1
r
n1
= r
n
q
n
+ r
n+1
r
n+1
= 0
Then we obtain
gcd(a, b) = gcd(r
2
, a) = gcd(r
3
, r
2
) = = gcd(r
n+1
, r
n
) = gcd(0, r
n
) = r
n
It can be shown (see Chapter Problem 30) that the Euclidean algorithm requires not more than
2 log
2
a divisions to compute gcd(a, b). For a on the order of 10
100
, this bound is on the order of
200(log
2
10) 665. So the Euclidean algorithm is very ecient!
Given integers a and b, a linear combination of a and b (over Z) is any expression of the form
as + bt
with s, t Z. Our next result provides an important characterization of gcd(a, b), showing that it
is the smallest positive integer that can be expressed as a linear combination of a and b. The proof
of the theorem applies the division algorithm in a strong way, and also makes use of the principle of
well-ordering.
Theorem 2.8: Let a and b be integers, not both 0. Then gcd(a, b) is the smallest positive
integer expressible as a linear combination of a and b.
Proof: Consider the set
S = ax + by [ x, y Z and ax + by > 0
If we let x = a and y = b, then ax + by = a
2
+ b
2
> 0 (since not both a and b are zero). Thus, the
set S is nonempty. By the principle of well-ordering, S has a smallest element; call it d. So d is
the smallest positive integer expressible as a linear combination of a and b, say, d = as + bt, where
s, t Z. To show that d = gcd(a, b), we must verify the following:
1. d is a common divisor of a and b;
2. If c is any common divisor of a and b, then c d.
To show 1, we rst apply the division algorithm to a and d, obtaining integers q and r such that
a = dq + r, with 0 r < d. To show that d [ a, it suces to show that r = 0. Since d = as + bt,
we have that
r = a dq = a (as + bt)q = a(1 sq) + b(tq)
where both 1 sq and tq are integers. So r is a linear combination of a and b. But r < d, and
d is the smallest positive linear combination of a and b, so r cant be positive. Hence, r = 0, as we
wished to show. In a completely analogous way, it can be shown that d [ b.
Next, to show 2, let c be any common divisor of a and b. If c < 0, then clearly c d, so we
may assume that c > 0. Since c is a common divisor of a and b, it follows from Theorem 2.3, part
3, that c is a divisor of any linear combination of a and b; in particular, c [ d. Then, since both c
and d are positive, it follows from part 5 of Theorem 2.3 (more directly, from Exercise 17, part (b)
of Exercise Set 2.2), that c d. This completes the proof.
So, given integers a and b, not both zero, there exist integers s and t such that
gcd(a, b) = as + bt
We have an ecient algorithm, namely, the Euclidean algorithm, for nding gcd(a, b). Is there some
way to extend this algorithm so that it also nds the integers s and t? Indeed there is, and it is
called the extended Euclidean algorithm.
We illustrate the general form of the extended Euclidean algorithm by looking at a particular
example. In particular, lets compute d = gcd(141, 486) and nd integers s and t such that d =
141s + 486t.
Recall that d is the last nonzero remainder obtained in the process of applying the Euclidean
algorithm. There is an especially nice way to display the remainders and quotients obtained along
the way. In the general case, where 0 < a < b, if r
n
is the last nonzero remainder, then d = r
n
, and
we can display the results in the following table (recall that r
0
= b and r
1
= a):
b a r
2
r
3
r
4
r
n
0
q
1
q
2
q
3
q
4
q
n
It is easy to see how the relations obtained from our successive application of the division algorithm
give rise to the entries in this table. Namely, for 0 k < n, we have the relation
r
k
= r
k+1
q
k+1
+ r
k+2
and in the table this information is entered into successive columns as follows:
r
k
r
k+1
r
k+2

q
k+1

In our particular example, with a = 141 and b = 486, you should verify that the following table is
obtained:
486 141 63 15 3 0
3 2 4 5
Thus, we see that d = gcd(141, 486) = 3.
The method for determining the values of s and t such that
3 = 141s + 486t
makes use of the above table. The idea is to express each remainder r
k
, 0 k n, as a linear
combination of a and b. That is, for each k, 0 k n, we wish to nd integers s
k
and t
k
such that
r
k
= as
k
+ bt
k
Then, when k = n, we obtain the desired relation expressing d as a linear combination of a and b.
So the method generates two additional sequences: s
0
, s
1
, s
2
, . . . , s
n
and t
0
, t
1
, t
2
, . . . , t
n
. These
two sequences are added as rows to the table, so that in general the table looks like this:
b a r
2
r
n
0
q
1
q
2
q
n
s
0
s
1
s
2
s
n
t
0
t
1
t
2
t
n
To get things started, we need to nd values for s
0
, t
0
, s
1
, and t
1
such that
b = r
0
= as
0
+ bt
0
a = r
1
= as
1
+ bt
1
Thats easy! Simply let s
0
= 0, t
0
= 1, s
1
= 1, and t
1
= 0. Its also easy to obtain the values of s
2
and t
2
. By the division algorithm,
r
2
= b aq
1
= a(q
1
) + b(1)
Hence, s
2
= q
1
and t
2
= 1. So far, then, our general table looks like this:
b a r
2
r
3
r
n
0
q
1
q
2
q
3
q
n
0 1 q
1
s
3
s
n
1 0 1 t
3
t
n
In our particular example, when a = 141 and b = 486, we have the following so far:
486 141 63 15 3 0
3 2 4 5
0 1 3 s
3
s
4
1 0 1 t
3
t
4
It is important to understand that each column of this table indicates how to express the remainder
in that column as a linear combination of a and b. For example, in the above table, the column
corresponding to k = 2 indicates that
63 = 141(3) + 486(1)
Next, we need to determine values for s
3
and t
3
such that 15 = r
3
= as
3
+bt
3
. To do this, we rst
make use of the division algorithm to express r
3
in terms of r
1
and r
2
. Recall that r
1
= r
2
q
2
+ r
3
;
hence:
15 = r
3
= r
1
r
2
q
2
= 141 63(2)
We then use the values already found for s
1
, s
2
, t
1
, and t
2
to replace each of r
1
and r
2
in the above
expression by a linear combination of a and b. In the general case, this gives us:
r
3
= r
1
r
2
q
2
= (as
1
+ bt
1
) (as
2
+ bt
2
)q
2
= a(s
1
s
2
q
2
) + b(t
1
t
2
q
2
)
and so we see that s
3
= s
1
s
2
q
2
and t
3
= t
1
t
2
q
2
. In our particular example, we nd that
r
3
= 15 = 141 63(2) =
_
141(1) + 486(0)
_
141(3) + 486(1)
(2)
= 141(1 (3)2) + 486(0 1(2))
= 141(7) + 486(2)
Thus, s
3
= 7 and t
3
= 2. (Check that 15 = 141(7) + 486(2).)
Try to notice a general pattern in the above expressions for s
3
and t
3
. Can you guess what the
expressions for s
4
and t
4
are? Lets work it out. Again the division algorithm is the key, because
from it we know that r
2
= r
3
q
3
+ r
4
. Hence,
r
4
= r
2
r
3
q
3
= (as
2
+ bt
2
) (as
3
+ bt
3
)q
3
= a(s
2
s
3
q
3
) + b(t
2
t
3
q
3
)
Thus, s
4
= s
2
s
3
q
3
and t
4
= t
2
t
3
q
3
. In our example, then, we nd that
s
4
= s
2
s
3
q
3
= 3 7(4) = 31
t
4
= t
2
t
3
q
3
= 1 (2)(4) = 9
Hence, r
4
= 3 = 141(31) + 486(9). (Check this!) Since d = r
4
, our example is complete. In
summary, our results indicate that d = 3, s = 31, and t = 9, and here is the complete table:
486 141 63 15 3 0
3 2 4 5
0 1 3 7 31
1 0 1 2 9
Let us now return to consideration of the extended Euclidean algorithm in the general case. As
already noted, the results from an application of the algorithm can be displayed in table form as
follows:
b a r
2
r
k1
r
k
r
k+1
r
n
0
q
1
q
2
q
k1
q
k
q
k+1
q
n
s
0
s
1
s
2
s
k1
s
k
s
k+1
s
n
t
0
t
1
t
2
t
k1
t
k
t
k+1
t
n
Suppose that the above table has been completed through column k, except for the value of q
k
, and
we next wish to nd q
k
and then ll in the values of r
k+1
, s
k+1
, and t
k+1
in column k + 1. If we
understand how this is done, then we understand how the extended Euclidean algorithm works in
general. Now then, we know how to obtain q
k
and r
k+1
, since these are the quotient and remainder,
respectively, obtained by dividing r
k1
by r
k
. Hence it follows that r
k1
= r
k
q
k
+ r
k+1
, and we
use this relation and the values from columns k 1 and k to nd s
k+1
and t
k+1
. This is done as
follows:
r
k+1
= r
k1
r
k
q
k
= (as
k1
+ bt
k1
) (as
k
+ bt
k
)q
k
= a(s
k1
s
k
q
k
) + b(t
k1
t
k
q
k
)
Thus, s
k+1
= s
k1
s
k
q
k
and t
k+1
= t
k1
t
k
q
k
.
In summary, the sequence s
0
, s
1
, s
2
, . . . , s
n1
is dened by
s
0
= 0
s
1
= 1
s
k+1
= s
k1
s
k
q
k
, for k = 1, 2, . . . , n 1
We say that the sequence is dened recursively by the initial values s
0
= 0 and s
1
= 1 and the recur-
rence relation (or recurrence formula) s
k+1
= s
k1
s
k
q
k
. Similarly, the sequence t
0
, t
1
, t
2
, . . . , t
n1
is dened recursively by the following initial values and recurrence relation:
t
0
= 1
t
1
= 0
t
k+1
= t
k1
t
k
q
k
, for k = 1, 2, . . . , n 1
In words, to obtain the value of s in a given column, multiple the value of s in the preceding
column by the quotient in that column, and then subtract this product from the value of s in the
column two columns before the given one. Similarly, to obtain the value of t in a given column,
multiply the value of t in the preceding column by the quotient in that column, and then subtract
this product from the value of t two columns before.
Example 2.11: Use the extended Euclidean algorithm to nd d = gcd(1407, 3255) and integers s
and t such that d = 1407s + 3255t.
Solution: First, we successively apply the division algorithm to obtain the rst two rows of the
table:
3255 1407 441 84 21 0
2 3 5 4
So we see that d = gcd(1407, 3255) = 21. Now we must complete the third and fourth rows of the
table using the initial values and recurrence relations for the s and t values. It is recommended
that you complete the third row rst, and then do the fourth row. Completing the third row, you
should get
3255 1407 441 84 21 0
2 3 5 4
0 1 2 7 37
For example, s = s
4
= s
2
s
3
q
3
= 2 (7)5 = 2 35 = 37. We then do the fourth row; see if
you get
3255 1407 441 84 21 0
2 3 5 4
0 1 2 7 37
1 0 1 3 16
For instance, t = t
4
= t
2
t
3
q
3
= 1 (3)5 = 1 + 15 = 16. Therefore, d = 21, s = 37, and
t = 16, and it can be checked that
21 = 1407(37) + 3255(16)
Easy, is it not? And fast, too!
A nal comment about the extended Euclidean algorithm. When applying the algorithm by
hand, some people prefer to generate the table one column at a time. For instance, in the above
example, suppose we have completed the table to this point:
3255 1407 441
2
0 1 2
1 0 1
At the next step, we divide 1407 by 441, obtaining a quotient of 3 and a remainder of 84. We then
compute the s and t values in column 3, and the table is updated as follows:
3255 1407 441 84
2 3
0 1 2 7
1 0 1 3
The entries in column 3 indicate that 84 = 1407(7) +3255(3), and this relation can be checked. In
general, if one checks that r
k
= as
k
+bt
k
, but, after the next step, one nds that r
k+1
,= as
k+1
+bt
k+1
,
then one knows that a mistake has just been made. That is, either a mistake has been made in
dividing r
k1
by r
k
, or a mistake has been made in computing the values of s
k+1
and t
k+1
. One
could wait to the end, and simply check that d = as + bt, but if this does not check then one wont
know at what step things went wrong.
As stated in Theorem 2.8, if d = gcd(a, b), then d is the smallest positive integer expressible as
a linear combination of a and b, namely, as d = as + bt, where s, t Z. It is important to note,
however, that just because some positive integer e is expressible as a linear combination of a and b,
this does not necessarily imply that e = gcd(a, b). For example, 10 = 2(11) + 3(4), but clearly
10 ,= gcd(2, 3).
There is an exceptional case that deserves special attention, however. Given a, b Z, suppose
that there exist integers x and y such that 1 = ax + by. Then 1 is a linear combination of a and b,
and 1 is the smallest positive integer. Therefore, 1 is the smallest positive linear combination of a
and b, and so 1 = gcd(a, b). We state this result as a corollary to Theorem 2.8.
Corollary 2.9: Let a and b be integers, not both 0. Then gcd(a, b) = 1 if and only if
1 = ax + by for some integers x and y.
Denition 2.4: Two positive integers a and b are called relatively prime provided
gcd(a, b) = 1.

Just because two positive integers a and b are relatively prime, this does not mean, necessarily,
that either a or b is a prime number. For example, 10 and 21 are relatively prime, and neither
10 nor 21 is prime. What being relatively prime does mean is that 1 is the only positive common
factor of a and b, and so, in particular, a and b have no common prime factors. Conversely, if a
and b have no prime factors in common, then a and b are relatively prime.
In order to show that two given positive integers a and b are relatively prime, it suces to nd
integers x and y such that 1 = ax+by. Of course, one way to nd x and y is to employ the extended
Euclidean algorithm. Sometimes, however, we can nd x and y more directly, perhaps by trial and
error.
Example 2.12: Show that 5n + 3 and 7n + 4 are relatively prime for any nonnegative integer n.
Solution: The trick here is to notice that
1 = (5n + 3)(7) + (7n + 4)(5)
Hence, by Corollary 2.9, it follows that 5n + 3 and 7n + 4 are relatively prime.
There are a number of interesting, intriguing, and useful results that involve the concept of
relatively prime. We present one of these and two of its corollaries next, with further applications
presented in the exercises and chapter problems.
Theorem 2.10 (Euclids Lemma): Let a, b, and c be positive integers. If a [ (bc) and a and b
are relatively prime, then a [ c.
Proof: Assume a [ (bc) and a and b are relatively prime. Since a [ (bc), there is some integer q
such that bc = aq. Since a and b are relatively prime, there exist integers x and y such that
1 = ax + by. Thus,
c = c 1 = c(ax + by) = a(cx) + (bc)y = a(cx) + (aq)y = a(cx + qy)
Since cx + qy is an integer, this shows that a [ c.
Compare Theorem 2.10 with Exercise 9 of Exercise Set 2.2.

Corollary 2.11: Let b and c be positive integers and let p be a prime. If p [ (bc), then either
p [ b or p [ c.
Proof: Assume p [ (bc). We know that either p is a factor of b or p is not a factor of b. If p is a
factor of b, then the conclusion of the theorem holds and the proof is complete. If p is not a factor
of b, then, since the only positive factors of p are 1 and p and p is not a factor of b, we see that p
and b are relatively prime. Thus, by Euclids lemma, p [ c, and so the proof is complete in this
case, also. (Alternately, one can give a proof based on the logical equivalence presented in Chapter
1, Problem 5, part (b).)

The preceding corollary can be extended to the case when a prime p divides a product of any
nite number of factors. We state this result as Corollary 2.12, with the proof left to Chapter
Problem 29.
Corollary 2.12: Let a
1
, a
2
, . . ., a
n
be positive integers and let p be a prime. If p [ (a
1
a
2
a
n
),
then p [ a
i
for some i, 1 i n.
Theorem 2.8 characterizes the greatest common divisor of two integers a and b as a special linear
combination of a and b. Another very important and useful characterization of gcd(a, b) is presented
in the next theorem, whose proof is left to Exercise 2. Some textbooks take the stated condition as
the denition of gcd(a, b).
Theorem 2.13: Let a and b be integers, not both 0. Then a positive integer d is the greatest
common divisor of a and b if and only if d satises the following two conditions:
1. d is a common divisor of a and b.
2. If c is any common divisor of a and b, then c [ d.
Exercise Set 2.3

1. Use the Euclidean algorithm to nd gcd(a, b).
(a) a = 27, b = 81 (b) a = 120, b = 615
(c) a = 1380, b = 3020 (d) a = 412, b = 936
2. Prove Theorem 2.13.
3. For the a and b given in each part of Exercise 1, apply the extended Euclidean algorithm to
nd d = gcd(a, b) and integers s and t such that d = as + bt.
4. Let a and b be integers, not both 0. We know that gcd(a, b) can be expressed as a linear
combination of a and b. What other integers can be so expressed? Prove: Given an integer e, e
is a linear combination of a and b if and only if e is a multiple of gcd(a, b).
5. Suppose the Euclidean algorithm is being applied to nd gcd(a, b), and at some step the
remainder r
i+1
obtained is exactly 1 less than the remainder r
i
obtained at the previous step.
What does this imply? Apply your observation to aid in nding gcd(383, 862).
6. Prove, using Corollary 2.9: For any positive integer n, n and n + 1 are relatively prime.
7. Prove: Any two consecutive odd positive integers are relatively prime.
8. Suppose the Euclidean algorithm is being applied to nd gcd(a, b), and at some step we
recognize that the remainder r
i
just obtained is prime.
(a) Show that either gcd(a, b) = r
i
or gcd(a, b) = 1.
(b) How can one tell which of the alternative conclusions in part (a) holds?
Apply the observations made in parts (a) and (b) to aid in nding:
(c) gcd(40, 371) (d) gcd(52, 325)
9. Prove or disprove each of the following assertions about an arbitrary positive integer n.
(a) 2n and 4n + 3 are relatively prime.
(b) 2n + 1 and 3n + 2 are relatively prime.
10. Let m and n be positive integers. Prove that gcd(m, m+ n) [ n.
11. Let a and b be integers such that 1 < a < b and a and b are relatively prime. Prove the
following assertions:
(a) gcd(a + b, a + b) = 1 or 2 (Hint: Apply Theorem 2.3, part 3.)
(b) gcd(2a + b, a + 2b) = 1 or 3
(c) gcd(a + b, ab) = 1
(d) gcd(a
2
, b
2
) = 1
12. Prove each of the following assertions about arbitrary positive integers a, b, c, and d.
(a) If a [ c, b [ c, and d = gcd(a, b), then (ab) [ (cd).
(b) If a [ c, b [ c, and a and b are relatively prime, then (ab) [ c.
13. Let a, b, and d be integers with 0 < d a b. Prove: If d is a common divisor of a and b
and d can be expressed as a linear combination of a and b, then d = gcd(a, b).
14. Let m and n be positive integers, and let p be a prime such that p is not a factor of m. Show
that m and p
n
are relatively prime.
15. Let a, b, and n be positive integers with n a and n b. Prove or disprove:
(a) If a mod n = b mod n, then gcd(n, a) = gcd(n, b).
(b) If gcd(n, a) = gcd(n, b), then a mod n = b mod n.
16. Implement the Euclidean algorithm as a computer program. (The program is to input
integers a and b with 0 a < b and output d = gcd(a, b).)
17. Let a and b be integers and let n, n
1
, and n
2
be positive integers such that n = gcd(n
1
, n
2
).
Prove:
If a mod n
1
= b mod n
1
or a mod n
2
= b mod n
2
, then a mod n = b mod n.
18. Implement the extended Euclidean algorithm as a computer program. (The program is to
input integers a and b with 0 a < b and output d = gcd(a, b) and integers s and t such that
d = as + bt.)
19. Prove or disprove the converse of the implication in Exercise 17.
20. Describe (and implement as a recursive procedure) a recursive form of the extended Euclidean
algorithm.
21. In the context of the extended Euclidean algorithm, where r
n
= gcd(a, b) = as
n
+ bt
n
, dene
the numbers s
n+1
and t
n+1
as follows:
s
n+1
= s
n1
s
n
q
n
and t
n+1
= t
n1
t
n
q
n
What is the value of the expression as
n
+ bt
n
?
22. In the context of the extended Euclidean algorithm, prove the following:
(a) s
k
t
k
< 0 for 2 k n
(b) s
k
s
k+1
< 0 for 1 k < n
(c) t
k
t
k+1
< 0 for 2 k < n
2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 109
2.4 PRIME NUMBERS AND
THE FUNDAMENTAL THEOREM OF ARITHMETIC
As stated in Section 2.2, one of the basic notions in number theory is that any integer n > 1 may
be factored as a product of primes, and that such a factorization is essentially unique. We prove
this result in this section, along with several other results concerning prime numbers.
We rst prove the following lemma. Note: A lemma is a result which is used to prove another
(usually more important) result.
Lemma 2.14: Every positive integer n > 1 has a prime factor.
Proof: Let P(n) represent the statement
n has a prime factor
When n = 2, we see that 2 is prime and is certainly a factor of itself. So P(2) is true.
Suppose it is not the case that P(n) holds for every integer n 2. Then the set
S = n [ n 2 and P(n) is false
is a nonempty subset of the set of positive integers. It follows by the PWO that S contains a
smallest element; denote this by n. Note that n must be composite, for otherwise n would be a
prime factor of itself. It follows from this observation and our anchor step that n > 3.
Since n is composite, it can be factored as n = n
1
n
2
, where n
1
and n
2
are integers and 1 < n
1

n
2
< n. It then follows, since n is the smallest element of S, that n
1
has a prime factor. But since
any factor of n
1
is also a factor of n, we have shown that n has a prime factor. Thus P( n) is true, a
contradiction. It follows that the set S is empty, and therefore P(n) is true for every integer n 2.
Let n be an integer, n > 1. By Lemma 2.14, n has a prime factor, and hence the set of prime
factors of n is a nonempty subset of Z
+
. It follows from the principle of well-ordering that n has a
smallest prime factor; we state this as a corollary to Lemma 2.14.
Corollary 2.15: Every integer n > 1 has a smallest prime factor.
We are now ready to prove that every integer n > 1 can be (uniquely) factored as a product of
primes. This result is so important in number theory that it called the fundamental theorem of the
subject. Its proof suggests an algorithm (albeit a rather inecient one) for nding the factorization
of a given integer n > 1. Before proceeding to the theorem, lets illustrate the algorithm with an
example.
Example 2.13: We repeatedly apply the idea of Corollary 2.15 to factor n
1
= 474383 as a
product of primes.
We begin by nding the smallest prime factor p
1
of n
1
. Since n
1
is odd, we see that 2 is not a
factor of n
1
. Likewise, it can be checked that neither 3 nor 5 is a factor of n
1
. Then checking 7,
we nd that p
1
= 7 is a factor of n
1
; in fact, n
1
= 7 67769.
To complete the factorization at this point, we must factor n
2
= 67769 as a product of primes.
Again, we apply the idea of Corollary 2.15, namely, we want to nd the smallest prime factor p
2
of
n
2
. Now, ask yourself this question: Could p
2
be 2 or 3 or 5? Clearly not, because any factor of
n
2
is also a factor of n
1
, and so the smallest prime factor of n
2
cant be smaller than the smallest
prime factor of n
1
.
Hence, p
2
7. However, it can be checked that 7 is not a factor of n
2
. The next prime after
7 is 11, but 11 is also not a factor of n
2
. The next prime after 11 is 13, and 13 is a factor of n
2
; in
fact, n
2
= 13 5213. Thus, p
2
= 13.
At this point we have n
1
= 7 13 5213. Letting n
3
= 5213, we next need to nd the smallest
prime factor p
3
of n
3
. Checking 13, we nd that 13 is a factor of n
3
, and so p
3
= 13. Also,
n
3
= 13 401.
The situation now is that n
1
= 7 13 13 n
4
, where n
4
= 401; the next task is to nd the smallest
prime factor p
4
of n
4
. Checking 13 and the next several primes after 13, we nd that none of 13,
17, and 19 is a factor of 401. The next prime after 19 is 23, but 23 is greater than
401. As a
result of this fact, we claim that 401 is itself a prime number! The reason goes as follows. If 401
is not prime, namely, if 401 is composite, then Corollary 2.15 tells us that 401 has a smallest prime
factor; call it p. We know from our work above that p 23, and so 401 = pt, for some t, with
23 p t < 401. But then
401 = p t 23
2
= 469 > 401
This is a clear contradiction. Therefore, 401 must be prime, and so p
4
= 401.
Thus, we have factored n
1
= 474383 as a product of primes; namely,
474383 = 7 13 13 401
The reasoning used in the above example to argue that 401 is prime can be generalized to prove
the following useful lemma.
Lemma 2.16: Let n be an integer, n > 1. If n is composite, then n has a prime factor p such
that p
n.
Theorem 2.17 (Fundamental Theorem of Arithmetic): Any integer n > 1 can be factored
as a product of primes, that is, n can be expressed as
n = p
1
p
2
p
m
where p
1
, p
2
, . . ., p
m
are primes and p
1
p
2
p
m
. Furthermore, the above factorization is
unique in the sense that, if q
1
, q
2
, . . ., q
m
are primes with q
1
q
2
q
m
and
n = q
1
q
2
q
m
, then m = m
and q
i
= p
i
for each i, 1 i m.
Proof: We rst employ the principle of well-ordering to prove the existence part of the result, and
then show uniqueness. For n 2, let P(n) represent the statement
n can be expressed as a product of primes
Note that, if n is prime, then n is already expressed as a product of primes, namely, a product
with only one factor, that factor being n. In particular, 2 and 3 are prime, so that P(2) and P(3)
are true.
Suppose that P(n) is false for some integer n, n > 3. Then the set
S = n [ n 2 and P(n) is false
is a nonempty subset of Z
+
. It follows by the PWO that S contains a smallest element; as usual,
denote it by n. It follows from the above remarks that n is composite.
By Corollary 2.15, n has a smallest prime factor; call it p
1
; then, since n is composite, n = p
1
n
2
for some integer n
2
, 2 n
2
< n. So, n
2
is not in S, and it follows that n
2
can be expressed as a
product of primes, say n
2
= p
2
p
m
, with p
2
p
m
. Since p
1
is the smallest prime factor of
n, we have that p
1
p
2
, and since n = p
1
n
2
, we have that
n = p
1
p
2
p
m
This shows that P( n) holds, a contradiction. Therefore, S is empty, and it follows that P(n) holds
for every integer n > 1.
Next we prove uniqueness. This time, we use the strong form of induction on n; let P(n) be the
statement that
n is uniquely expressible as a product of primes
Clearly, P(2) holds, and so the induction is anchored.
Let k represent an arbitrary integer, k 2, and assume that P(n) holds for every integer n,
2 n k; explicitly, the induction hypothesis is that any such n is uniquely expressible as a
product of primes.
To complete the proof, we must show that P(k+1) holds, namely, that k+1 is uniquely expressible
as a product of primes. This is clearly the case if k +1 is prime, so assume that k +1 is composite.
Suppose that we can factor k + 1 as a product of primes in two ways, say,
p
1
p
2
p
m
= k + 1 = q
1
q
2
q
m
where p
1
, p
2
, . . ., p
m
, q
1
, q
2
, . . ., q
m
are primes such that p
1
p
2
p
m
and q
1
q
2

q
m
. Since p
1
[ (k + 1), we have that p
1
[ (q
1
q
2
q
m
). By the extended form of Euclids lemma
(Corollary 2.12), p
i
must be a factor of q
j
for some j, i j m
. Now q
j
is prime, and so p
1
= q
j
.
Since q
1
q
j
, we have that q
1
p
1
. In a completely analogous manner, beginning with the fact
that q
1
[ (k + 1), we can show that p
1
q
1
. Therefore, p
1
= q
1
. Now let n = (k + 1)/p
1
. Since
2 n k, it follows from the induction hypothesis that n is uniquely expressible as a product of
primes. Hence, it must be that m = m
and that p
i
= q
i
for each i, 2 i m. Therefore, P(k+1)
holds and the proof is complete.
Suppose now that an integer n > 1 is expressed as a product of primes, say, n = q

1
q
2
q
m
,
with q
1
q
2
q
m
. The primes q
1
, q
2
, . . . , q
m
need not be distinct, of course; however, we can
collect together all equal prime factors and express n in the following form:
n = p
a1
1
p
a2
2
p
ak
k
where p
1
, p
2
, . . ., p
k
are primes such that p
1
< p
2
< < p
k
and each a
i
is a positive integer. We
call this the canonical factorization of n.
Example 2.14: Find the canonical factorization of:
(a) 474383 (b) 4918914
(c) 5337423 (d) 983
Solution: For part (a), we see from Example 2.21 that the canonical factorization of 474383 is
474383 = 7
1
13
2
401
1
For part (b), we proceed as follows: 2 is the smallest prime factor of 4918914 and 4918914 =
2 2459457; then 3 is the smallest prime factor of 2459457 and 2459457 = 3 819819; then 3 is the
smallest prime factor of 819819 and 819819 = 3 273273; then again 3 is the smallest prime factor of
273273 and 273273 = 3 91091; then 7 is the smallest prime factor of 91091 and 91091 = 7 13013;
then again 7 is the smallest prime factor of 13013 and 13013 = 7 1859; then 11 is the smallest prime
factor of 1859 and 1859 = 11 169; then 13 is the smallest prime factor of 169 and 169 = 13 13.
Therefore, the canonical factorization of 4918914 is
4918914 = 2
1
3
3
7
2
11
1
13
2
For (c), we proceed in a similar manner to nd that
5337423 = 3
2
7
4
13
1
19
1
For part (d), checking the primes up to 31, we nd that none is a factor of 983. The next prime
after 31 is 37, and 37
2
> 983. It follows from Lemma 2.20 that 983 is prime, and so the canonical
factorization of 983 is 983
1
.
As an interesting sidelight to the preceding example, consider the problem of nding the canonical
factorization of gcd(4918914, 5337423). With this purpose in mind, it is convenient to express these
numbers as follows:
4918914 = 2
1
3
3
7
2
11
1
13
2
19
0
5337423 = 2
0
3
2
7
4
11
0
13
1
19
1
so that each factorization includes the same primes. Then we have
gcd(4918914, 5337423) = gcd(2
1
3
3
7
2
11
1
13
2
19
0
, 2
0
3
2
7
4
11
0
13
1
19
1
)
= 2
0
3
2
7
2
11
0
13
1
19
0
= 3
2
7
2
13
1
Note that, for each of the primes involved, we take the smaller of the two exponents to determine
its contribution to gcd(4918914, 5337423). This procedure can be formulated in general terms
without much diculty (see Chapter Problem 14). It should be mentioned that there are additional
applications of canonical factorizations.
We next prove that the number of primes is innite. You are no doubt aware of this fact but
perhaps you have never seen a proof. The proof we give, which is credited to Euclid, is considered
one of the most elegant in all of mathematics.
Theorem 2.18: The number of primes is innite.
Proof: We proceed by contradiction and suppose that the number of primes is nite. Suppose
that P = p
1
, p
2
, . . . , p
n
is the set of all primes. Consider the integer m = 1 + p
1
p
2
p
n
.
Clearly, m 2. Moreover, it is easy to verify that, for each i, 1 i n, no p
i
is a factor of m.
(In fact, m mod p
i
= 1.) However, by Corollary 2.15, m has a smallest prime factor; call it q.
Then q ,= p
i
for any i, 1 i n, so q / P. This contradicts the supposition that P is the set of all
primes and therefore proves the result.
If one looks at a list of primes, say a list of all the primes less than 1000, one is hard-pressed
to nd any pattern to them. One interesting phenomenon is the occurrence of consecutive odd
integers both of which are prime; such as 3 and 5, 5 and 7, 11 and 13, 17 and 19, 29 and 31, 41 and
43, and so on. Such pairs of odd integers are called twin primes, and it is conjectured that there are
innitely many pairs of twin primes. Opposed to the phenomenon of twin primes, it can be shown
that, for any positive integer n, there exist n consecutive composite integers; see Exercise 2.
Although the primes individually do not follow any denite pattern or formula, we can say
something about the number of primes up to n. Let us denote this function by (n); that is, given
a positive integer n, let (n) denote the number of primes between 1 and n, inclusive. (Note that
here the Greek letter is not denoting the famous constant 3.14159 , but instead is being used
to name a function.) The great German mathematician Carl Freidrich Gauss, in 1793, made some
calculations concerning (n), and came up with something like the following table:
n (n) n/ln n
10
1
4 5
10
2
25 22
10
3
168 145
10
4
1229 1086
10
5
9592 8686
10
6
78498 72383
Table 2.1
(Here, lnn denotes the natural logarithm of n. Also, we are using the ceiling notation: given a
real number x, x| denotes the smallest integer greater than or equal to x. Thus, the notation
n/ ln n| indicates that the value n/ lnn is to be rounded up to the nearest whole number.) It
appears from the table that the function n/ ln n| provides a reasonably good approximation to
(n), in the sense that the relative error
[(n) n/ ln n| [
(n)
decreases toward 0 as n increases; see Exercise 7. Gauss conjectured that this was indeed the case,
and this was proved in 1896, independently, by both J. Hadamard and C.J. de la Vallee-Poussin.
This result is known as the prime number theorem. We state it and consider an application, but
do not prove the theorem since it requires mathematical knowledge beyond the scope of our
discussion.
Theorem 2.19 (Prime Number Theorem): The function n/ ln n| provides an
approximation to (n), and the relative error of this approximation approaches zero as n
approaches innity; that is
lim
n
[(n) n/ ln n|[
(n)
= 0
Example 2.15: Consider the following question: If an odd (positive) integer m having k digits is
chosen at random, what is the probability that it is prime?
In particular, consider the case k = 6. Well, the number of 6-digit odd integers is
10
6
10
5
2
= 450000
(since 10
6
10
5
is the number of 6-digit integers, and half of them are odd). Also, using information
from Table 2.1, we obtain that the number of 6-digit primes is
(10
6
) (10
5
) = 78498 9592 = 68906
Thus, the probability that a 6-digit odd integer chosen at random is prime is 68906 out of 450000;
mathematically, such a probability is usually expressed as a fraction, decimal, or percentage:
68906
450000
.1531 15.3%
Now consider the case k = 10: What is the probability that a 10-digit odd integer selected at
random is prime? Well, the number of 10-digit odd integers is
10
10
10
9
2
= 4500000000
And the number of 10-digit primes is
(10
10
) (10
9
)
Table 2.1 does not provide the values for (10
9
) and (10
10
). However, even though we may not
know their exact values, we can approximate these values using the prime number theorem. Doing
so, we obtain that the number of 10-digit primes is approximately
_
10
10
ln 10
10
_
_
10
9
ln10
9
_
= 386039539
Thus, the probability that a 10-digit odd integer chosen at random is prime is approximately
386039539
4500000000
.0858 8.6%

Exercise Set 2.4
1. For each of these integers, nd its smallest prime factor.
(a) 539 (b) 1575
(c) 529 (d) 1601
2. For any positive integer n, show that there exist n consecutive positive integers each of which is
composite. Hint: Consider the numbers
2 + (n + 1)!, 3 + (n + 1)! , . . . , n + (n + 1)!, n + 1 + (n + 1)!
3. For each of these integers, nd its canonical factorization.
(a) 4725 (b) 9702
(c) 180625 (d) 1662405
4. If p is an odd prime, show that:
(a) p is of the form 4k + 1 or of the form 4k + 3 (for some nonnegative integer k).
(b) p is of the form 6k + 1 or of the form 6k + 5.
Give an example of an odd prime p of each of the specied forms:
(c) 4k + 1 (d) 4k + 3
(e) 6k + 1 (f) 6k + 5
5. Prove each of the following statements.
(a) Any prime of the form 3n + 1 is also of the form 6k + 1.
(b) If the positive integer n has the form 3k + 2, then n has a prime factor of this form.
(c) The number 5 is the only prime of the form n
2
4.
(d) If p is a prime and p 5, then p
2
+ 2 is composite. (Hint: Apply the result of Exercise 4,
part (b).)
6. Prove: If p and q are primes with p q 5, then 24 [ (p
2
q
2
).
7. Use mathematical induction to prove that the following statement P(n) holds for every n Z
+
:
If a
1
, a
2
, . . . , a
n
are integers with a
i
mod 3 = 1 for each i, 1 i n, then (a
1
a
2
a
n
) mod 3 = 1.
8. Prove Lemma 2.14.
9. Prove the following implication concerning a positive integer k: If 2
k
1 is prime, then k is
prime. (See also Exercise 6, part (c), of Exercise Set 1.1.)
10. Prove: If p, p + 2, and p + 4 are all (odd) primes, then p = 3. (Thus, 3, 5, and 7 are the only
three consecutive odd primes; i.e., (3, 5, 7) is the only prime triplet.)
11. Given that (10
7
) = 664579, (10
8
) = 5761455, and (10
9
) = 50847534, add three rows to
Table 2.1. (See Exercise 13.)
12. As regards the proof of Theorem 2.18, dene an innite sequence (p
1
, p
2
, p
3
, . . .) of primes
recursively as follows:
p
1
= 2;
For n 2, p
n
= the smallest prime factor of 1 +
n1
k=1
p
k
(a) Find p
2
, p
3
, p
4
, p
5
, p
6
, p
7
, and p
8
.
(b) Show that (p
1
, p
2
, p
3
, . . .) is an innite sequence of distinct primes.
13. For a given positive integer n, when p(n) = n/ lnn| is used to approximate (n), the
(absolute) error in the approximation is [(n) p(n)[, and the relative error in the approximation
is [(n) p(n)[/(n). Complete Table 2.2. The prime number theorem says that the relative
error approaches zero as n gets larger and larger. Based on the data in this table, what appears to
happen to the error as n gets larger and larger?
n (n) n/ln n error relative error
10
1
4 5
10
2
25 22
10
3
168 145
10
4
1229 1086
10
5
9592 8686
10
6
78498 72383
10
7
664579
10
8
5761455
10
9
50847334
Table 2.2
14. A method of nding all the primes up to some given positive integer n is known as the sieve
of Eratosthenes. Start with a list of the integers from 2 to n. The rst number on the list, 2, is
prime; output 2 and then delete all multiples of 2 from the list. The rst number on the new list,
3, is prime; output 3 and then delete all multiples of 3 from the list. Continue this process until
only prime numbers remain on the list, then output these. Implement the sieve of Eratosthenes as
a program that inputs n and outputs all the primes n.
15. Given that (10
9
) = 50847334 and (10
10
) = 455052512, nd the probability that a 10-digit
odd integer chosen at random is prime. Compare this with the approximate value found in
Example 2.23.
16. Design, and implement as a program, an algorithm that inputs a positive integer n and
outputs the rst n primes.
17. Use the ideas in Example 2.15 to approximate the probability that a 50-digit odd integer
chosen at random is prime.
18. Design, and implement as a program, an algorithm that inputs a positive integer n 2 and
outputs:
(a) the smallest prime factor of n
(b) the canonical factorization of n
19. Let
(k) denote the number of k-digit primes (where k represents a positive integer).
(a) Use the prime number theorem to develop an approximation p
(k) for
(k).
(b) Make a table, similar to Table 2.2, showing
(k), p
(k), the error, and the relative error for

1 k 9.
(c) Does the error in using p
(k) to approximate
(k) appear to approach zero as k gets larger

and larger? What about the relative error?
2.5 Modular Addition and Multiplication 117
20. Execute the program of Exercise 18, part (a), for the following prime values of n. Measure
the runtime of the program in each case. How does the runtime vary with the size (number of
digits ) of n? Try to answer this question as precisely as possible.
(a) 7 (b) 97 (c) 997 (d) 9973 (e) 99991
21. How would you choose, at random, an odd positive integer m having k digits?
22. Prove Theorem 2.18 by using mathematical induction to prove that there exist at least n
primes for any positive integer n.
2.5 MODULAR ADDITION AND MULTIPLICATION
When an integer m is divided by the positive integer n, a remainder r is obtained satisfying
0 r n1; that is, m mod n 0, 1, 2, . . . , n1. This set of possible remainders upon division
by n is denoted by Z
n
and is called the set of integers modulo n. In this section we want to
dene operations of addition and multiplication on Z
n
and determine what properties are satised by
these operations. The resulting algebraic structure is extremely important and useful in a number
of mathematical disciplines, including algebra, number theory, combinatorics, and computer science.
To begin and focus our discussion, let us recall some of the properties that are satised by the
real numbers under the operations of addition and multiplication.
Theorem 2.20: The operations of addition and multiplication on R satisfy the following
properties:
1. The associative laws: For any x
1
, x
2
, x
3
R,
(a) (x
1
+ x
2
) + x
3
= x
1
+ (x
2
+ x
3
)
(b) (x
1
x
2
) x
3
= x
1
(x
2
x
3
)
2. The commutative laws: For any x
1
, x
2
R,
(a) x
1
+ x
2
= x
2
+ x
1
(b) x
1
x
2
= x
2
x
1
3. The distributive laws: For any x
1
, x
2
, x
3
R,
(a) x
1
(x
2
+ x
3
) = (x
1
x
2
) + (x
1
x
3
)
(b) (x
1
+ x
2
) x
3
= (x
1
x
3
) + (x
2
x
3
)
4. The number 0 is the additive identity; that is, 0 + x = x + 0 = x for any x R.
5. The number 1 is the multiplicative identity; that is, 1 x = x 1 = x for any x R.
6. For every number x R, there is a number y R such that x + y = 0; y is called the
(additive) inverse of x. Note that the inverse of x is x.
7. For every number x R, except 0, there is a number y R such that xy = 1; y is called the
reciprocal (or multiplicative inverse) of x. Note that the reciprocal of x is x
1
= 1/x.

Because it has the properties listed in Theorem 2.20, we call the algebraic structure (R, +, ) (the
real numbers under addition and multiplication) a eld. In particular, (R, +, ) is called the eld
of real numbers.
Recall that the set of rational numbers is a subset of the set of real numbers; that is, Q R.
Furthermore, for x, y Q, we have x + y Q and xy Q. Thus, we can consider the algebraic
structure (Q, +, ). Immediately we see that the associative, commutative, and distributive laws
hold; in fact, these are inherited from (R, +, ). Since 0 and 1 are rational, 0 and 1 are the additive
and multiplicative identities of (Q, +, ), respectively. Also, x Q has inverse x Q, and the
reciprocal of x is 1/x Q, provided x ,= 0. Therefore, (Q, +, ) is also a eld; it is called the eld
of rational numbers.
Since Q R, we say that (Q, +, ) is a subeld of (R, +, ), and that (R, +, ) is an extension eld
of (Q, +, ). In general, if (F, +, ) and (E, +, ) are elds and F E, then (F, +, ) is a subeld of
(E, +, ) and (E, +, ) is an extension eld of (F, +, ). In particular, any eld is a subeld and
an extension eld of itself.
It also makes sense to consider the algebraic structure (Z, +, ); however, this is not a eld.
Note that it satises all the properties listed in Theorem 2.20 except property 7; for example, the
reciprocal of 2 is 1/2, but 1/2 is not an integer.
The elds discussed above are innite elds because the sets Q and R are innite. The set Z
n
is
nite, of course, and the algebraic structure (Z
n
, +, ) we are about to describe is a eld if and only
if n is prime. Moreover, when p is prime, (Z
p
, +, ) can be used to construct elds with cardinalities
p
2
, p
3
, p
4
, and so on. Having a catalog of such nite elds turns out to be useful for a variety of
applications, particularly in the area of combinatorial designs.
We now dene operations of addition and multiplication on Z
n
= 0, 1, 2, . . . , n 1. Initially,
so as not to confuse these operations with the standard operations of addition and multiplication
on Z, we will denote the addition operation on Z
n
by (this symbol is called oplus) and the
multiplication operation on Z
n
by (called odot). So then, for x, y Z
n
, we dene:
x y = (x + y) mod n
x y = (xy) mod n
It is clear that (x + y) mod n Z
n
and (xy) mod n Z
n
, since x + y and xy are integers. So
and are valid (binary) operations on Z
n
.
For x, y Z
n
, it is sometimes convenient to present the values of xy and xy by giving addition
and multiplication tables; these are like the familiar tables we all used in elementary school. For
instance, the addition and multiplication tables for (Z
5
, , ) are shown in Tables 2.3 (a) and (b).
Note, for example, that 34 = (3+4) mod 5 = 7 mod 5 = 2, and 24 = (24) mod 5 = 8 mod 5 = 3.
(a)
0 1 2 3 4
0 0 1 2 3 4
1 1 2 3 4 0
2 2 3 4 0 1
3 3 4 0 1 2
4 4 0 1 2 3
(b)
0 1 2 3 4
0 0 0 0 0 0
1 0 1 2 3 4
2 0 2 4 1 3
3 0 3 1 4 2
4 0 4 3 2 1
Tables 2.3 Addition and multiplication tables for (Z
5
, , )
Now, lets see what properties are satised by these operations on Z
n
. Note that
x y = (x + y) mod n = (y + x) mod n = y x
and
x y = (xy) mod n = (yx) mod n = y x
so that both and are commutative. To prove that the associative and distributive laws hold,
we need the following lemma.
Lemma 2.21: Let n Z
+
and let m
1
, m
2
Z. Then:
1. (m
1
+ m
2
) mod n =
_
(m
1
mod n) + (m
2
mod n)
mod n
2. (m
1
m
2
) mod n =
_
(m
1
mod n)(m
2
mod n)
mod n
Proof: Let
m
1
div n = q
1
, m
1
mod n = r
1
, m
2
div n = q
2
, m
2
mod n = r
2
Then
m
1
= nq
1
+ r
1
and m
2
= nq
2
+ r
2
Thus,
m
1
+ m
2
= (nq
1
+ r
1
) + (nq
2
+ r
2
) = n(q
1
+ q
2
) + (r
1
+ r
2
)
and
m
1
m
2
= (nq
1
+ r
1
)(nq
2
+ r
2
) = n(nq
1
q
2
+ q
1
r
2
+ r
1
q
2
) + r
1
r
2
Hence,
(m
1
+ m
2
) (r
1
+ r
2
) = n(q
1
+ q
2
) and m
1
m
2
r
1
r
2
= n(nq
1
q
2
+ q
1
r
2
+ r
1
q
2
)
In other words, both (m
1
+ m
2
) (r
1
+ r
2
) and m
1
m
2
r
1
r
2
are multiples of n. It follows from
Theorem 2.6 that
(m
1
+ m
2
) mod n = (r
1
+ r
2
) mod n
and
(m
1
m
2
) mod n = (r
1
r
2
) mod n
which proves the lemma.
Lemma 2.21 is important in its own right. Before proceeding, we illustrate a few of its applica-
tions.
Example 2.16: Apply Lemma 2.21 to nd:
(a) (2045 + 2761) mod 13 (b) (2045 2761) mod 13
Solution: For part (a), we apply Lemma 2.21, part 1, as follows:
(2045 + 2761) mod 13 =
_
(2045 mod 13) + (2761 mod 13)
mod 13
= (4 + 5) mod 13 = 9 mod 13 = 9
And for part (b), we apply Lemma 2.21, part 2:
(2045 2761) mod 13 =
_
(2045 mod 13) (2761 mod 13)
mod 13
= (4 5) mod 13 = 20 mod 13 = 7
Example 2.17: Apply Lemma 2.21 to show that m

2
mod 5 0, 1, 4 for any integer m.
Solution: By Lemma 2.21, part 2, we have that
m
2
mod 5 = (m mod 5)
2
mod 5
Now, whereas there are innitely many possible values for m, there are only 5 possible values for
m mod 5, namely, 0, 1, 2, 3, and 4. Checking these, we nd that
0
2
mod 5 = 0, 1
2
mod 5 = 1, 2
2
mod 5 = 4, 3
2
mod 5 = 4, 4
2
mod 5 = 1
which veries the result.
Now we move on to prove that and are associative. Let x, y, z Z

n
; then
(x y) z =
_
(x + y) mod n
z
= (
_
(x + y) mod n
+ z) mod n
=
_
(x + y) + z
mod n by Lemma 2.21, part 1

=
_
x + (y + z)
mod n
= (x +
_
(y + z) mod n
) mod n again by Lemma 2.21, part 1

= x
_
(y + z) mod n
= x (y z)
This shows that is associative. Next,
(x y) z =
_
(xy) mod n
z
= (
_
(xy) mod n
z) mod n
=
_
(xy)z
mod n by Lemma 2.21, part 2

=
_
x(yz)
mod n
= (x
_
(yz) mod n
) mod n again by Lemma 2.21, part 2

= x
_
(yz) mod n
= x (y z)
which shows that is associative.
Next, to verify the distributive laws for x, y, z Z
n
:
x (y z) = x
_
(y + z) mod n
= (x
_
(y + z) mod n
) mod n
=
_
x(y + z)
mod n
= (xy + xz) mod n
= (
_
(xy) mod n
+
_
(xz) mod n
) mod n
= (
_
x y
+
_
x z
) mod n
= (x y) (x z)
This veries one of the distributive laws, and the other follows from this one and commutativity:
(x y) z = z (x y) = (z x) (z y) = (x z) (y z)
Next we observe that the following three properties hold for any x Z
n
:
x 0 = (x + 0) mod n = x mod n = x
x 1 = (x 1) mod n = x mod n = x
x (x mod n) = (x + ( x)) mod n = 0 mod n = 0
It follows that 0 is the additive identity, 1 is the multiplicative identity, and the inverse of x is
x mod n. For x Z
n
= Z
n
0, note that
x mod n = n x
At this point we have shown that (Z
n
, , ) has all the properties of a eld, with the possible
exception of the existence of reciprocals for elements of Z
n
. This brings us to the following important
result.
Theorem 2.22: Let x and n be integers with 1 x < n. Then x has a reciprocal in Z
n
if and
only if gcd(x, n) = 1.
Proof: We prove suciency and leave the proof of necessity to Exercise 4.
Assume gcd(x, n) = 1. Then there exist integers s and t such that
1 = xs + nt
Thus, 1 xs = nt, and it follows from Theorem 2.6 that (xs) mod n = 1 mod n = 1. Therefore, s
mod n is the reciprocal of x in Z
n
.
Corollary 2.23: For n Z

+
with n 2, (Z
n
, , ) is a eld if and only if n is prime.
Proof: For suciency, note that, if n is prime, then gcd(x, n) = 1 for every x, 1 x < n. It
follows from Theorem 2.22 that every such x has a reciprocal in Z
n
, and thus (Z
n
, , ) is a eld.
To prove necessity, assume n is composite. Then n = ab for some integers a and b with
1 < a b < n. Hence, gcd(a, n) = a, and by Theorem 2.22, a does not have a reciprocal in Z
n
.
Therefore, (Z
n
, , ) is not a eld.
Thus, we have an example of a nite eld with p elements when p is prime, namely, (Z
p
, , ).
Having considered the properties satised by the operations of and on Z
n
, it becomes
cumbersome at this point to continue to use the special symbols and to denote these operations.
Henceforth, unless stated otherwise, we agree to denote the addition and multiplication operations
in Z
n
(and in any eld F) by the familiar + and . For x Z
n
(and for x in any eld F), the
(additive) inverse of x is denoted by x and the reciprocal (multiplicative inverse) of x (if it exists)
is denoted by x
1
. (We should remark that the inverse of x is unique, as is the reciprocal of x, if
it exists; see Exercise 2.)
Example 2.18: Find each of the following elements in the eld (Z
23
, +, ).
(a) 10 + 17 (b) 10 17
(c) 10 (the inverse of 10) (d) 17
(e) 10
1
(the reciprocal of 10) (f) 17
1
Solution:
(a) Here, 10 + 17 = (10 + 17) mod 23 = 27 mod 23 = 4.
(b) Here, 10 17 = (10 17) mod 23 = 170 mod 23 = 9.
For parts (c) and (d) we use the fact that the inverse of x ,= 0 in Z
n
is n x. Hence,
10 = 23 10 = 13 and 17 = 23 17 = 6
For part (e), we might observe that
10 7 = 70 mod 23 = 1
so that 10
1
= 7. Instead, lets use the more systematic approach suggested by the proof of Theorem
2.22. We apply the extended Euclidean algorithm to nd integers s and t such that 1 = 10s + 23t;
then 10
1
= s mod 23:
r 23 10 3 1 0
q 2 3 3
s 0 1 2 7
Thus, 10
1
= 7 mod 23 = 7.
Part (f) is handled in a similar fashion. Applying the extended Euclidean algorithm we obtain:
r 23 17 6 5 1 0
q 1 2 1 5
s 0 1 1 3 4
Thus, 17
1
= (4) mod 23 = 19. (Check: 17 19 = 323 mod 23 = 1.)
Example 2.19: For x Z

n
, note again the following facts:
x + 0 = 0 + x = x
x 0 = 0 x = 0
x 1 = 1 x = x
This, and the fact that 1 + 1 = 0, tells us everything about the addition and multiplication in the
eld (Z
2
, +, ), because Z
2
= 0, 1.
For the eld (Z
3
, +, ), we have the following additional results:
1 + 1 = 2, 1 + 2 = 2 + 1 = 0, 2 + 2 = 1, 2 2 = 1
The addition and multiplication tables for (Z
4
, +, ) are shown in Tables 2.4 (a) and (b). Because
of the facts stated above, we have reduced these tables somewhat by excluding 0 (as an operand)
from the addition table and by excluding both 0 and 1 from the multiplication table. We know
from Corollary 2.23 that (Z
4
, +, ) is not a eld because 4 is not prime. In particular, we see from
Table 2.4(b) that 2 does not have a reciprocal.
(a)
+ 1 2 3
1 2 3 0
2 3 0 1
3 0 1 2
(b)
2 3
2 0 2
3 2 1
Tables 2.4 Addition and multiplication tables for (Z
4
, +, )
In Z
n
, we have
0 = 0 and 1
1
= 1
Moreover,
(x) = x
and, when gcd(x, n) = 1,
(x
1
)
1
= x
Thus, in Z
3
for example, once we have determined that 1 = 2, then it follows immediately that
2 = 1. Also, 2
1
= 2 in Z
3
. In Z
5
, the operation tables (Tables 2.3) show us that 1 = 4,
2 = 3, 2
1
= 3, and 4
1
= 4. In stating that 2
1
= 3, we are also implicitly stating that 3
1
= 2.
If a nite eld F has n elements, then we say that F has order n. For what values of n does
there exist a nite eld of order n? This question is answered by the next theorem.
Theorem 2.24: There exists a nite eld of order n if and only if n = p
k
for some prime p and
some positive integer k.

When k = 1 in Theorem 2.24, we already have an example of a eld of order p, namely, (Z
p
, +, ).
It is beyond the scope of this text to discuss the general method used to construct a eld of order
n = p
k
when p is prime and k is a positive integer, k 2. However, we do consider a few specic
cases in the exercises and chapter problems. For example, Theorem 2.24 tells us that there is a eld
of order 4, and Corollary 2.23 tells us that this eld is not (Z
4
, +, ). A eld of order 4 is presented
in Exercise 13.
For x Z
n
(and for x in any eld F), multiples and powers of x are dened in the usual way.
Multiples of x are dened recursively, for m Z
+
, as follows:
1. 0x = 0
2. mx = x + (m 1)x
3. m(x) = (mx)
Thus, for example, 2x = x + x, 3x = x + 2x = x + x + x, and 2(x) = (2x) = (x + x). Powers
of x are dened recursively, for m Z
+
, as follows:
1. x
0
= 1
2. x
m
= x x
m1
3. x
m
= (x
m
)
1
(Note: Rule 3 is valid only if (x
m
)
1
exists.) We call the power to which x is being raised an
exponent, as usual. Thus, for example, x
2
= x x, x
3
= x x
2
= x x x, and x
2
= (x
2
)
1
.
Multiples and exponents obey the usual properties; in particular, given x Z
n
and m
1
, m
2
Z, we
have that:
(m
1
x) + (m
2
x) = (m
1
+ m
2
) and m
1
(m
2
x) = (m
1
m
2
)x
x
m1
x
m2
= x
m1+m2
and (x
m1
)
m2
= x
m1m2
(See Exercises 12 and 16.)
Example 2.20: Find each of the following elements in (Z
13
, +, ):
(a) 4(7) (b) 3(7)
(c) 7
43
(d) 7
43
Solution: For parts (a) and (b) we have the following:
4(7) = 7 + 7 + 7 + 7 = 28 mod 13 = 2
3(7) = (7 + 7 + 7) = (21 mod 13) = 8 = 5
For part (c) the trick is to apply Lemma 2.21. In fact, there is a particularly eective and
ecient method for computing powers modulo n called repeated squaring. We illustrate this
method for the problem of part (c). We start by expressing the exponent, 43 in this case, as a sum
of powers of 2; here, 43 = 1 + 2 + 8 + 32. Then, as an element of Z
13
,
7
43
= 7
1+2+8+32
= 7
1
7
2
7
8
7
32
Hence, to complete the calculation, we need to compute the elements 7
1
, 7
2
, 7
8
, and 7
32
. Actually,
what we do is compute the list of values (7
1
, 7
2
, 7
4
, 7
8
, 7
16
, 7
32
). This is where the repeated
squaring comes in, because
7
2
= (7
1
)
2
, 7
4
= (7
2
)
2
, 7
8
= (7
4
)
2
, 7
16
= (7
8
)
2
, 7
32
= (7
16
)
2
that is, each number on this list of values, after the rst value, is the square of the preceding value.
Using this idea we obtain the following values (remember that we are performing all operations in
Z
13
):
7
1
= 7
7
2
= 49 mod 13 = 10
7
4
= 10
2
= 100 mod 13 = 9
7
8
= 9
2
= 81 mod 13 = 3
7
16
= 3
2
= 9
7
32
= 9
2
= 3
Thus,
7
43
= 7
1+2+8+32
= 7
1
7
2
7
8
7
32
= 7 10 3 3
= 7 10 9
= 7 12
= 6
For part (d) then, we have
7
43
= (7
43
)
1
= 6
1
= 11
(Note that 6
1
= 11, since 6 11 = 66 mod 13 = 1.)
Exercise Set 2.5

1. Consider (Z
6
, +, ).
(a) Give the addition table for Z
6
.
(b) Find the inverse of each element.
(c) Give the multiplication table for Z
6
.
(d) Find the reciprocal of each element that has one.
2. For (Z
n
, +, ), prove that:
(a) The inverse of any element x is unique.
(b) For any element x, if x has a reciprocal, then it has a unique reciprocal.
(Recall that, to show that something (which is known to exist) is unique, assume that there are
two of them, say x
and x
, and show that x
= x
.)
3. Consider the eld (Z
7
, +, ).
7
.
7
.
(d) Find the reciprocal of each nonzero element.
4. Consider (Z
n
, +, ), n 2 and let x Z
n
. Complete the proof of Theorem 2.22 by showing
that, if x has a reciprocal y in Z
n
, then gcd(x, n) = 1. (Hint: Let d = gcd(x, n), and let q
1
=
x div d and q
2
= n div d; then q
2
mod n = 1 q
2
= (y x) q
2
= = 0. It follows that q
2
= n,
and hence that d = 1.)
5. Apply Lemma 2.21 to nd:
(a) (2054 + 2761) mod 17 (b) (2054 2761) mod 17
6. Apply Lemma 2.21 to show that m
3
mod 7 0, 1, 6 for any integer m.
7. Find each of the following elements in the eld (Z
31
, +, ):
(a) 7 + 27 (b) 7 27
(c) 7 (d) 27
(e) 7
1
(f) 27
1
8. Let m be an integer.
(a) Show that no integer of the form m
2
+ 1 is a multiple of 7.
(b) Find the two possible values for m mod 13 given that m
2
+ 1 is a multiple of 13.
53
, +, ):
(a) 14 + 20 (b) 14 20
(c) 14 (d) 20
(e) 14
1
(f) 20
1
10. For (Z
n
, +, ), prove directly from the denitions of the operations that:
(a) (x)
2
= x
2
for any element x
(b) (x)
3
= (x
3
) for any element x
11. In the eld (Z
11
, +, ):
(a) Find 4
45
using the fact that 4
45
= ((4
3
)
3
)
5
.
(b) Find 4
45
using repeated squaring.
(c) Find 5
23
12. Prove that the following two properties of multiples hold in (Z
n
, +, ), where x Z
n
and
m
1
, m
2
Z:
(a) (m
1
x) + (m
2
x) = (m
1
+ m
2
)x
(b) m
1
(m
2
x) = (m
1
m
2
)x
(Hint: First use induction on m
1
to prove that the property holds for all m
1
0; then prove that
the property holds for m
1
< 0.)
13. We can construct a eld of order 4 by dening operations of addition and multiplication on
Z
2
Z
2
so that the properties of a eld are satised. Consider the operations of addition and
multiplication (denoted, as usual, by + and , respectively) dened by the following operation
tables:
+ (0, 0) (0, 1) (1, 0) (1, 1)
(0, 0) (0, 0) (0, 1) (1, 0) (1, 1)
(0, 1) (0, 1) (0, 0) (1, 1) (1, 0)
(1, 0) (1, 0) (1, 1) (0, 0) (0, 1)
(1, 1) (1, 1) (1, 0) (0, 1) (0, 0)
(0, 0) (0, 1) (1, 0) (1, 1)
(0, 0) (0, 0) (0, 0) (0, 0) (0, 0)
(0, 1) (0, 0) (0, 1) (1, 0) (1, 1)
(1, 0) (0, 0) (1, 0) (1, 1) (0, 1)
(1, 1) (0, 0) (1, 1) (0, 1) (1, 0)
Note that the addition on Z
2
Z
2
is dened as coordinate-wise addition modulo 2; that is,
(x
1
, y
1
) + (x
2
, y
2
) = (x
1
+ x
2
, y
1
+ y
2
)
where x
1
+ x
2
and y
1
+ y
2
denote the usual addition in Z
2
. Verify that (Z
2
Z
2
, +, ) is a eld as
follows:
(a) Show that + is associative.
(b) Show that + is commutative.
(c) What is the additive identity?
(d) Show that each element has an inverse.
(e) Show that is associative.
(f) Show that is commutative.
(g) What is the multiplicative identity?
(h) Show that each element, except for the additive identity, has a reciprocal.
(i) Show that the distributive laws hold.
14. Prove that the following properties hold in (Z
n
, +, ), n 2, where x, y Z
n
,
gcd(x, n) = gcd(y, n) = 1 (so that x
1
and y
1
exist), and m is a nonnegative integer:
(a) (x y)
1
= x
1
y
1
(b) (x
m
)
1
= (x
1
)
m
15. In each part, indicate whether the given statement is true or false, and justify your answer.
(a) (Z
29
, +, ) is a eld.
(b) There exists a eld of order 6.
(c) There exists a eld of order 8.
(d) (Z
8
, +, ) is a eld.
(e) There exists a eld of order 9.
(f) (Z
9
, +, ) is a eld.
(g) There exists a eld of order 10.
(h) There exists a eld of order 12.
16. Prove that the following two properties of exponents hold in (Z
n
, +, ), where x Z
n
and
m
1
, m
2
Z (and, whenever the exponent on x is negative, assume gcd(x, n) = 1):
(a) x
m1
x
m2
= x
m1+m2
(b) (x
m1
)
m2
= x
m1m2
7
, +, ). (Refer to Exercise 3.)
(a) Find the multiples of 6; that is, nd: . . ., 3(6), 2(6), 1(6), 0(6), 1(6), 2(6), 3(6), . . . .
(b) Find the powers of 6; that is, nd: . . ., 6
3
, 6
2
, 6
1
, 6
0
, 6
1
, 6
2
, 6
3
, . . . .
(c) Find the multiples of 2.
(d) Find the powers of 2.
(e) Find the multiples of 3.
(f) Find the powers of 3.
(g) Compute 3
83
(h) Compute 3
83
using the result of part (f) and the fact that 3
83
= (3
6
)
13
3
5
.
18. Let (F, +, ) be a eld and let 0 denote the additive identity (in particular, consider (Z
p
, +, ),
where p is prime). Show that the following properties are satised for any x, y F:
(a) Cancellation law of addition: If x + z = y + z for some z F, then x = y.
(b) Cancellation law of multiplication: If xz = yz for some z F 0, then x = y.
17
, +, ).
(a) Find the multiples of 4; that is, nd: . . ., 3(4), 2(4), 1(4), 0(4), 1(4), 2(4), 3(4), . . . .
(b) Find the powers of 4; that is, nd: . . ., 4
3
, 4
2
, 4
1
, 4
0
, 4
1
, 4
2
, 4
3
, . . . .
(c) Find the multiples of 3.
(d) Find the powers of 3.
(e) Compute 4
59
in two dierent ways.
20. Let (F, +, ) be a nite eld and let 0 denote the additive identity (in particular, consider
(Z
p
, +, ), where p is prime), and refer to Exercise 18.
(a) Consider the operation table for F under +; what does the cancellation law of addition imply
about each row (or column) of this table?
(b) Consider the operation table for F under ; what does the cancellation law of multiplication
imply about each row (or column) of this table?
21. In this exercise we outline the construction of a eld (F, +, ) of order 8. Let
F = 0, 1, a, a
2
, . . . , a
6
, where, as usual, 0 is the additive identity and 1 is the multiplicative
identity. The multiplicative structure of the eld is implicit in the way the elements of F 0
have been listed as powers of the element a where a
7
= 1. Thus, for example, a
2
a
3
= a
5
and a
4
a
5
= a
9
= a
7
a
2
= 1 a
2
= a
2
. The additive structure of the eld is determined by the
following two rules: (1) every element x is its own inverse, that is, x + x = 0 for every x F; (2)
1 + a = a
3
. Using these two rules and the commutative and distributive laws, one can complete
the addition table for the eld; do so.
22. Having done Exercise 21, rename the elements of F using the elements of Z
2
Z
2
Z
2
such
that (0, 0, 0) is the additive identity, (0, 0, 1) is the multiplicative identity, and the addition is
coordinate-wise addition modulo 2; that is
(x
1
, y
1
, z
1
) + (x
2
, y
2
, z
2
) = (x
1
+ x
2
, y
1
+ y
2
, z
1
+ z
2
)
where x
1
+x
2
, y
1
+ y
2
, and z
1
+ z
2
2
. Show the multiplication table
with the renamed elements.
Chapter Problems 129
CHAPTER PROBLEMS
1. Compute the quotient q and the remainder r for the given dividend b and divisor a.
(a) b = 100, a = 13 (b) b = 100, a = 13
(c) b = 100, a = 13 (d) b = 100, a = 13
2. Give an example of a set A such that Z
+
A Z and:
(a) A is well-ordered.
(b) A is not well-ordered.
3. Given that m
1
div 6 = q
1
, m
1
mod 6 = 3, m
2
div 6 = q
2
, and m
2
mod 6 = 5, nd:
(a) (m
1
+ 4) div 6 (b) (m
1
+ 4) mod 6
(c) (3m
1
) div 6 (d) (3m
1
) mod 6
(e) (m
2
) div 6 (f) (m
2
) mod 6
(g) (m
1
+ m
2
) div 6 (h) (m
1
+ m
2
) mod 6
(i) (4m
1
m
2
) div 6 (j) (4m
1
m
2
) mod 6
(k) (m
1
m
2
) div 6 (l) (m
1
m
2
) mod 6
4. For any positive integer n, prove that:
(a) n
2
n is a multiple of 2
(b) n
2
+ 1 is not a multiple of 4
(c) n(n + 1)(2n + 1) is a multiple of 6
5. Find d = gcd(a, b) and integers s and t such that d = as + bt.
(a) a = 357, b = 629 (b) a = 812, b = 1876
(c) a = 1109, b = 4999 (d) a = 1278, b = 2844
6. Prove or disprove each of the following assertions about an arbitrary integer m:
(a) If m = 8k + 5 for some integer k, then m = 4t + 1 for some integer t.
(b) If m = 4t + 1 for some integer t, then m = 8k + 5 for some integer k.
7. Find the canonical factorization of each of the following:
(a) 17892875 (b) 24635975
8. Let a, b, and c be integers with a odd. Prove: If a [ b and a + b = 2c, then a [ c.
9. Let a and b be positive integers with a < b. Find the relationship between:
(a) b div a and (b a) div a
(b) b mod a and (b a) mod a
10. For positive integers a, b, and d, prove or disprove: If gcd(a, b) = d, then
gcd
_
a
d
, b
_
= 1
11. Let d
k
d
1
d
0
be the usual decimal representation of the positive integer n; that is,
n = d
k
10
k
+ + d
1
10
1
+ d
0
where d
i
0, 1, 2, . . . , 9, 0 i k, are the digits of n and d
k
,= 0. Prove that n is a multiple of
3 if and only if d
0
+ d
1
+ + d
k
is a multiple of 3.
12. For positive integers m and n with m n, use the Euclidean algorithm to nd
gcd(2
m
1,2
n
1).
13. Prove: If the positive integer n is both a perfect square and a perfect cube (for example,
n = 64 = 8
2
= 4
3
), then n is of the form 7k or 7k + 1 for some positive integer k.
14. Given positive integers a and b with 1< a b, let p
1
, p
2
, . . . , p
n
be the set of prime factors of
ab, where p
1
< p
2
< < p
n
. Further, suppose that
a = p
a1
1
p
a2
2
p
an
n
b = p
b1
1
p
b2
2
p
bn
n
where a
i
and b
i
are nonnegative integers for each i, 1 i n.
(a) Using the above expressions for a and b, give a formula for gcd(a, b) of the form
gcd(a, b) = p
d1
1
p
d2
2
p
dn
n
Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to nd the canonical
factorization of gcd(a, b) for the given values of a and b. (See Exercise 3 in Exercise Set 2.5 and
Problem 7 above.)
(b) a = 4725, b = 9702
(c) a = 180625, b = 1662405
(d) a = 17892875, 24635975
15. For positive integers a, b, and c, prove that gcd(ac, bc) = c gcd(a, b).
16. Given (positive) integers a and b, their least common multiple, denoted lcm(a, b), is dened as
the smallest positive integer c such that a [ c and b [ c. Suppose that a and b are expressed as in
Problem 14.
(a) Give a formula for lcm(a, b) in the form
lcm(a, b) = p
c1
1
p
c2
2
p
cn
n
Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to nd the canonical
factorization of lcm(a, b) for the given values of a and b. (See Problem 14.)
(b) a = 4725, b = 9702
(c) a = 180625, b = 1662405
(d) a = 17892875, 24635975
Prove each of the following assertions:
(e) gcd(a, b)lcm(a, b) = ab
(f) For any positive integer n, if a [ n and b [ n, then lcm(a, b) [ n.
17. For positive integers a, b, and d, prove: If gcd(a, b) = d, then
gcd
_
a
d
,
b
d
_
= 1
18. For a positive integer n > 1, prove: If n [ (35m+ 26) and n [ (7m + 3) for some integer m,
then n = 11.
19. Recall that a triple (a, b, c) of positive integers such that c
2
= a
2
+ b
2
is called a Pythagorean
triple. Prove:
(a) If (a, b, c) is a Pythagorean triple, then ab is even.
(b) If (a, b, c) is a Pythagorean triple, then (na, nb, nc) is a Pythagorean triple for any n Z
+
.
A Pythagorean triple (a, b, c) is called primitive if gcd(a, b) = 1. (In this case it also happens
that gcd(a, c) = gcd(b, c) = 1.)
(c) Prove: If (a, b, c) is a primitive Pythagorean triple, then a + b is odd.
(d) Develop and implement as a program an algorithm that inputs a positive integer m and
outputs all primitive Pythagorean triples (a, b, c) such that 1 < a < b < c m.
20. Let s and t be positive integers with s > t and gcd(s, t) = 1 such that s + t is odd.
(a) Show that (s
2
t
2
, 2st, s
2
+ t
2
) is a primitive Pythagorean triple.
(b) Obtain Theorem 2.1 as a corollary to the result in part (a).
(c) Obtain the result of Exercise 1, part (c) of Exercise Set 2.1 as a corollary to the result in part
(a).
(d) The formula in part (a) is credited to Euclid. Show that Euclids formula yields all primitive
Pythagorean triples.
(e) Show that (3, 4, 5) is the only Pythagorean triple consisting of consecutive positive integers.
21. Let n
1
and n
2
be positive integers such that n
1
[ n
2
. Prove: For any integers m
1
and m
2
,
If m
1
mod n
2
= m
2
mod n
2
, then m
1
mod n
1
= m
2
mod n
1
.
22. Let n
1
and n
2
be positive integers and let d = gcd(n
1
, n
2
). Prove that, for any integers m
1
and m
2
:
If (m
1
n
1
) mod n
2
= (m
2
n
1
) mod n
2
, then m
1
mod
_
n
2
d
_
= m
2
mod
_
n
2
d
_
.
What does this result say in the case that n
1
and n
2
are relatively prime?
23. Let p be a prime. An integer a with 1 < a < p is called a primitive root of p provided
a, a
2
mod p, a
3
mod p, . . . , a
p1
mod p = 1, 2, 3, . . . , p 1
Find all primitive roots of:
(a) 5 (b) 7 (c) 11 (d) 13
24. Let n be a positive integer such that n = 4k + 3 for some nonnegative integer k. Show that it
is not possible to express n in the form n = a
2
+ b
2
for some integers a and b.
25. In Section 2.2, we stated the division algorithm: Given integers b and a with a > 0, there exist
integers q and r (uniquely determined by b and a) such that
b = aq + r and 0 r < a
Use of the strong form of induction to prove the existence part of this result.
26. Let m
1
and m
2
be integers and let n
1
and n
2
be positive integers such that each of m
1
, m
2
,
and n
2
is a multiple of n
1
. Prove:
If m
1
mod n
2
= m
2
mod n
2
, then
_
m
1
n
1
_
mod
_
n
2
n
1
_
=
_
m
2
n
1
_
mod
_
n
2
n
1
_
.
27. Let a and b be integers with 0 a < b and let d = gcd(a, b). Use the strong form of induction
(on a) to show that there exist integers s and t such that d = as +bt. (Hint: In the inductive step,
use the idea of the Euclidean algorithm. Let r = b mod (k + 1); then 0 r k and
gcd(k + 1, b) = gcd(r, k + 1).)
28. Prove that there are innitely many primes of the form 4k + 3. (Hint: Mimic the proof of
Theorem 2.22.)
29. Use induction on n to prove Corollary 2.12 (the extended version of Euclids lemma).
30. Let a and b be integers with 1 a b and let r = b mod a. Recall that the Euclidean
algorithm is based on the observation that gcd(a, b) = gcd(r, a).
(a) Show that 2r < b.
Let P(b) be the statement that, if 1 < a < b, then the number of divisions required by the
Euclidean algorithm to compute gcd(a, b) is less than 2 log
2
b.
(b) Use the result of (a) and the strong form of induction to prove that P(b) holds for all integers
b 3.
(c) Use the result of (b) to prove that, if 1 < a < b, then the number of divisions required by the
Euclidean algorithm to compute gcd(a, b) is less than 1 + 2 log
2
a.
31. Let p be a prime and consider the eld (Z
p
, +, ).
(a) Prove: For any elements a and b, if a
2
= b
2
, then either a = b or a = b.
(b) Does the result of part (a) hold in general for (Z
n
, +, )? (In other words, is the requirement
that n be prime necessary?)
32. Let a, b, and c be positive integers with 2 a < b and gcd(a, b) = 1. Consider the equation
ax + by = c
(a) Discuss how to obtain a particular solution of equation in integers x
1
and y
1
.
(b) Let (x
1
, y
1
) be a particular solution of equation . Show that (x, y) is a solution, x, y Z,
if and only if x = x
1
+ bt and y = y
1
at for some integer t.
(c) Show that equation has a solution in nonnegative integers x and y if and only if, for any
particular solution (x
1
, y
1
), the closed interval [x
1
/b, y
1
/a] contains an integer.
(d) Show that the equation ax+by = ab ab does not have a solution in nonnegative integers.
(e) Show that equation has a solution in nonnegative integers for all c > ab a b. (Hint:
Write c = ab a b +n, n Z
+
, and use the strong form of induction on n. Anchor the induction
by showing that has a solution in nonnegative integers for n 1, 2, . . . , a. In particular, for
n 1, 2, . . . , a1, let x
0
and y
0
be integers such that n = ax
0
+by
0
. Note that y
0
may be chosen
so that 1 y
0
< a. Then c = a(x
0
+ b 1) + b(y
0
1); show that x
0
+ b 1 0.)
33. Let p denote a prime.
(a) Prove that there do not exist positive integers a and b such that a
2
= pb
2
.
(b) Apply the result of part (a) to show that

p is irrational.
34. Given a nite eld (F, +, ), the characteristic of F is the smallest positive integer c such that
c(1) = 0 (where 0 and 1 denote the additive and multiplicative identities of F, respectively).
(a) Show that the characteristic of Z
p
(where p is prime) is p.
(b) Show that the characteristic of any nite eld F must be prime.
(If the characteristic of F is the prime p, then the theorems of Lagrange and Cauchy from the
theory of nite groups can be used to prove that the order of F must be p
k
for some positive
integer k, thus proving necessity in Theorem 2.27.)
35. Let the canonical factorizations of the positive integers a and b be given by:
a = p
a1
1
p
a2
2
p
ak
k
b = q
b1
1
q
b2
2
q
bn
n
What conditions must be satised by the primes and/or the exponents if:
(a) a is a perfect square?
(b) b is a perfect cube?
(c) a [ b?
36. Let n be a positive integer. The purpose of this problem is to develop ecient algorithms to
do arithmetic modulo n; that is, given a, b Z
n
and a nonnegative integer m, we wish to compute,
as elements of Z
n
, a b, a b, and a
m
.
(a) Develop (and implement as a program) an algorithm to eciently compute a + b. (Note
that, if a + b n, then a b = a + b n.)
(b) Develop an algorithm to eciently compute a b. Use the technique known as repeated
doubling: Compute a, 2a, 4a, and so on, by doubling; then use the binary representation of b to
determine which terms are needed for the nal result. For example, when b = 101, we would have
a b = a (1 + 4 + 32 + 64) = a 4a 32a 64a
(c) Develop an algorithm to eciently compute a
m
. Use the repeated squaring technique.
37. Consider (Z
9
, +, ).
9
.
9
.
(d) Find the reciprocal of each element that has one.
11
, +, ).
11
.
11
.
(d) Find the reciprocal of each nonzero element.
39. Let a and b be integers with 1 < a < b.
(a) Prove: If a and b are both even, then gcd(a, b) = 2 gcd(a div 2, b div 2).
(b) Prove: If a is even and b is odd, then gcd(a, b) = gcd(a div 2, b). (Or, if a is odd and b is
even, then gcd(a, b) = gcd(a, b div 2).)
(c) Prove: If a < b, then gcd(a, b) = gcd(a, b a). (Or, if b < a, then gcd(a, b) = gcd(a b, b).)
(d) Use the results of parts (a), (b), and (c) to design (and implement) an algorithm that inputs
positive integers a and b and outputs gcd(a, b).
(e) Use the algorithm of part (d) to nd gcd(1428, 2516).
43
, +, ):
(a) 10 + 39 (b) 10 39
(c) 10 (d) 39
(e) 10
1
(f) 39
1
(g) 10
31
(h) 39
42
41. Let n be a positive integer and let m be an integer with 0 m 2
n+1
1.
(a) Show that m is uniquely expressible in the form
m = b
n
2
n
+ b
n1
2
n1
+ + b
1
2
1
+ b
0
where each b
i
is either 0 or 1. The representation (b
n
b
n1
b
1
b
0
)
2
is called the binary represen-
tation of m. (For example, the binary representation of 25 is (11001)
2
, or more simply, 11001.)
(b) Design and implement an algorithm that inputs a nonnegative integer m and outputs the
binary representation of m.
(c) Design and implement an algorithmthat inputs a bit string (a string of 0s and 1s) and outputs
the nonnegative integer m having that string as its binary representation.
42. In this problem we outline the construction of a eld (F, +, ) of order 9. Let
F = 0, 1, a, a
2
, . . . , a
7
, where, as usual, 0 is the additive identity and 1 is the multiplicative
identity. The multiplicative structure of the eld is implicit in the way the elements of F 0
have been listed as powers of the element a where a
8
= 1. Thus, for example, a
2
a
3
= a
5
and a
4
a
6
= a
10
= a
8
a
2
= 1 a
2
= a
2
. The additive structure of the eld is determined by the
following two rules: (1) 3x = 0 (that is, x + x + x = 0) for every x F; (2) 1 + a = a
2
. Using
these two rules and the commutative and distributive laws, one can complete the addition table for
the eld; do so.
43. Having done Problem 42, rename the elements of F using the elements of Z
3
Z
3
such that
(0, 0) is the additive identity, (0, 1) is the multiplicative identity, and the addition is
coordinate-wise addition modulo 3; that is
(x
1
, y
1
) + (x
2
, y
2
) = (x
1
+ x
2
, y
1
+ y
2
)
where x
1
+ x
2
and y
1
+y
2
3
. Show the multiplication table with the
renamed elements.
44. Given that m
1
div 6 = q
1
, m
1
mod 6 = 3, m
2
div 6 = q
2
, and m
2
mod 6 = 5, redo Problem 3,
replacing the divisor 6 by 3 in each part.

Chapter 2

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 2

Uploaded by

Copyright:

Available Formats

Chapter Two

Note that Pythagoras formula yields the following triples:

Exercise Set 2.1

Example 2.4: Find the factors of 126.

92 Chapter 2 Number Theory

Exercise Set 2.2

for b div a in the range of possible values. Note

< a, then b div a = q

< 0, what does this indicate about the guess q

a, what does this indicate about the guess q

be the remainder when a is divided by r; then

, r). The Euclidean algorithm is an example of a recursive algorithm, because it

Example 2.10: Use the Euclidean algorithm to compute gcd(64, 148).

106 Chapter 2 Number Theory

Compare Theorem 2.10 with Exercise 9 of Exercise Set 2.2.

2.3 Euclidean Algorithm 107

Exercise Set 2.3

Suppose now that an integer n > 1 is expressed as a product of primes, say, n = q

2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 115

(k), the error, and the relative error for

(k) appear to approach zero as k gets larger

118 Chapter 2 Number Theory

Example 2.17: Apply Lemma 2.21 to show that m

Now we move on to prove that and are associative. Let x, y, z Z

mod n by Lemma 2.21, part 1

) mod n again by Lemma 2.21, part 1

mod n by Lemma 2.21, part 2

) mod n again by Lemma 2.21, part 2

Corollary 2.23: For n Z

Example 2.19: For x Z

124 Chapter 2 Number Theory

Exercise Set 2.5

, and show that x

You might also like