This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Elementary Number Theory andlts Applications KennethH. Rosen AT&T Informotion SystemsLaboratories (formerly part of Bell Laborotories)
A YY
ADDISON-WESLEY PUBLISHING COMPANY Read ing, Massachusetts Menlo Park, California London Amsterdam Don Mills, Ontario Sydney
Cover: The iteration of the transformation
T(n) :
if n is even \ n/2 if n is odd l Qn + l)/2
is depicted. The Collatz conjecture assertsthat with any starting point, the iteration of ?"eventuallyreachesthe integer o n e . ( S e eP r o b l e m 3 3 o f S e c t i o n l . 2 o f t h e t e x t . )
Library of Congress Cataloging in Publication Data Rosen, Kenneth H. Elementary number theory and its applications. Bibliography: p. Includes index. l. Numbers, Theory of.
QA24l.R67 1984 rsBN 0-201-06561-4
I. Title.
512',.72
8 3 - l1 8 0 4
Reprinted with corrections, June | 986 Copyright O 1984 by Bell Telephone Laboratories and Kenneth H. Rosen. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,photocopying, recording, or otherwise, without prior written permission of the publisher. printed in the United States of America. Published simultaneously in Canada. DEFGHIJ_MA_8987
Preface
Number theory has long been a favorite subject for students and teachersof mathematics. It is a classical subject and has a reputation for being the "purest" part of mathematics, yet recent developments in cryptology and computer science are based on elementary number theory. This book is the first text to integrate these important applications of elementary number theory with the traditional topics covered in an introductory number theory course. This book is suitable as a text in an undergraduatenumber theory course at any level. There are no formal prerequisitesneeded for most of the material covered, so that even a bright high-school student could use this book. Also, this book is designed to be a useful supplementarybook for computer science courses,and as a number theory primer for computer scientistsinterested in learning about the new developmentsin cryptography. Some of the important topics that will interest both mathematics and computer sciencestudents are recursion,algorithms and their computationai complexity, computer arithmetic with large integers, binary and hexadecimal representations of integers, primality testing, pseudoprimality,pseudo-randomnumbers, hashing functions, and cryptology, including the recently-invented area of public-key cryptography. Throughout the book various algorithms and their computational complexitiesare discussed.A wide variety of primality tests are developedin the text. Use of the Book The core material for a course in number theory is presentedin Chapters 1, 2, and 5, and in Sections 3.1-3.3 and 6.1. Section 3.4 contains some linear algebra; this section is necessary background for Section 7.2; these two sections can be omitted if desired. Sections 4.1, 4.2, and 4.3 present traditional applications of number theory and Section 4.4 presents an application to computer science; the instructor can decide which of these sectionsto cover. Sections 6.2 and 6.3 discussarithmetic functions. Mersenne primes, and perfect numbers; some of this material is used in Chapter 8. Chapter 7 covers the applications of number theory to cryptology. Sections 7.1, 7.3, and 7.4, which contain discussionsof classical and public-key
vt
Preface
cryptography,should be included in all courses.Chapter 8 deals with primitive roots; Sections 8.1-8.4 should be covered if possible. Most instructors will want to include Section 8.7 which deals with pseudo-randomnumbers. Sections 9.1 and 9.2 are about quadratic residues and reciprocity, a fundamental topic which should be covered if possible;Sections 9.3 and 9.4 deal with Jacobi symbols and Euler pseudoprimesand should interest most readers. Section 10.1, which covers rational numbers and decimal fractions. and Sections I 1.1 and I 1.2 which discussPythagoreantriples and Fermat's last theorem are coveredin most number theory courses. Sections 10.2-10.4 and I 1.3 involve continued fractions; these sectionsare optional. The Contents The reader can determine which chapters to study based on the following descriptionof their contents. Chapter I introduces two importants tools in establishing results about the integers, the well-ordering property and the principle of mathematical induction. Recursive definitions and the binomial theorem are also developed. The concept of divisibility of integers is introduced. Representations of integers to different bases are described, as are algorithms for arithmetic operations with integers and their computational complexity (using big-O notation). Finally, prime numbers, their distribution, and conjectures about primes are discussed. Chapter 2 introduces the greatest common divisor of a set of integers. The Euclidean algorithm, used to find greatest common divisors, and its computational complexity, are discussed, as are algorithms to express the greatest common divisor as a linear combination of the integers involved. The Fibonacci numbers are introduced. Prime-factorizations, the fundamental theorem of arithmetic, and factorization techniques are covered. Finally, linear diophantine equationsare discussed. Chapter 3 introduces congruences and develops their fundamental properties. Linear congruencesin one unknown are discussed,as are systems of linear congruences in one or more unknown. The Chinese remainder theorem is developed,and its application to computer arithmetic with large integers is described. Chapter 4 developsapplicationsof.congruences. In particular, divisibility tests, the perpetual calendar which provides the day of the week of any date, round-robin tournaments,and computer hashing functions for data storage are discussed.
Preface
vtl
Chapter 5 developsFermat's little theorem and Euler's theorem which give some important congruencesinvolving powers of integers. Also, Wilson's theorem which gives a congruencefor factorials is discussed. Primality and probabilistic primality tests based on these results are developed. Pseudoprimes, strong pseudoprimes, and Carmichael numbers which masquaradeas primes are introduced. Chapter 6 is concernedwith multiplicative functions and their properties. Special emphasisis devotedto the Euler phi-function, the sum of the divisors function, and the number of divisors function and explicit formulae are developed for these functions. Mersenne primes and perfect numbers are discussed. Chapter 7 gives a thorough discussionof applicationsof number theory to cryptology, starting with classical cryptology. Character ciphers based on modular arithmetic are described,as is cryptanalysisof these ciphers. Block ciphers based on modular arithmetic are also discussed. Exponentiation ciphers and their applications are described, including an application to electronic poker. The concept of a public-key cipher system is introduced and the RSA cipher is describedin detail. Knapsackciphers are discussed,as are applicationsof cryptographyto computer science. Chapter 8 includes discussionsof the order of an integer and of primitive roots. Indices, which are similar to logarithms, are introduced. Primality testing basedon primitive roots is described. The minimal universalexponent is studied. Pseudo-random numbers and means for generating them are discussed.An applicationto the splicingof telephonecablesis also given. Chapter 9 covers quadratic residues and the famous law of quadratic reciprocity. The Legendreand Jacobi symbolsare introduced and algorithms for evaluating them are developed. Euler pseudoprimesand a probabilistic primality test are covered. An algorithm for electronically flipping coins is developed. Chapter l0 coversrational and irrational numbers,decimal representations of real numbers,and finite simple continuedfractionsof rational and irrational numbers. Special attention is paid to the continued fractions of the square roots of po"itive integers. Chapter 1l treats some nonlinear diophantine equations. Pythagorean triples are described. Fermat's last theorem is discussed. Finallv. Pell's equation is covered.
vill
P reface
Problem Sets After each sectionof the text there is a problem set containing exercisesof various levelsof difficulty. Each set containsproblemsof a numerical nature; these should be done to develop computational skills. The more theoretical and challenging problems should be done by studentsafter they have mastered the computationalskills. There are many more problemsin the text than can be realistically done in a course. Answers are provided at the end of the book for selectedexercises,mostly those having numerical answers. Computer Projects After each section of the text there is a selectionof computer projects that involve concepts or algorithms discussedin that section. Students can write their programs in any computer language they choose, using a home or personal computer, or a minicomputer or mainframe. I encouragestudents to use a structured programming languagesuch as C, PASCAL, or PL/ 1, to do these projects. The projects can serve as good ways to motivate a student to learn a new computer language, and can give those students with strong computer science backgrounds interesting projects to tie together computer scienceand mathematics. Unsolved Problems In the text and in the problem setsunsolvedquestionsin number theory are mentioned. Most of these problems have eluded solution for centuries. The reader is welcome to work on these questions,but should be forewarned that attempts to settle such problems are often time-consuming and futile. Often people think they have solved such problems,only to discover some subtle flaw in their reasoning. Bibliography At the end of the text there is an extensivebibliography,split into a section for books and one for articles. Further, each section of the bibliography is subdivided by subject area. In the book section there are lists of number theory texts and references, books which attempt to tie together computer scienceand number theory, books on some of the aspectsof computer science dealt with in the text, such as computer arithmetic and computer algorithms, books on cryptography, and general references.In the articles section of the bibliography, there are lists of pertinent expository and research papers in number theory and in cryptography. These articles should be of interest to the reader who would like to read the original sources of the material and who wants more details about some of the topics coveredin the book.
Preface
tx
Appendix A set of five tables is included in the appendix to help studentswith their computations and experimentation. Students may want to compile tables different than those found in the text and in the appendix; compiling such tables would provide additional computer projects. List of Symbols A list of the svmbols used in the text and where they are defined is included. Acknowledgments I would like to thank Bell Laboratoriesand AT&T Information Systems Laboratories for their support for this project, and for the opportunity to use the UNIX system for text preparation. I would like to thank George Piranian for helping me develop a lasting interest in mathematics and number theory. Also I would like to thank Harold Stark for his encouragementand help, starting with his role as my thesisadvisor. The studentsin my number theory courses at the University of Maine have helped with this project, especially Jason Goodfriend, John Blanchard, and John Chester. I am grateful to the various mathematicians who have read and reviewed the book, including Ron Evans, Bob Gold, Jeff Lagarias and Tom Shemanske. I thank Andrew Odlyzko for his suggestions,Adrian Kester for his assistancein using the UNIX system for computations, Jim Ackermann for his valuable comments, and Marlene Rosen for her editing help. I am particularly grateful to the staff of the Bell Laboratories/American Bell/AT&T Information Services Word ProcessingCenter for their excellent work and patience with this project. Special thanks go to Marge Paradis for her help in coordinating the project, and to Diane Stevens, Margaret Reynolds, Dot Swartz, and Bridgette Smith. Also, I wish to express my thanks to Caroline Kennedy and Robin Parson who typed preliminary versions of this book at the University of Maine. Finally, I would like to thank the staff of Addison-Wesley for their help. I offer special thanks to my editor, Wayne Yuhasz, for his encouragement,aid, and enthusiasm.
Lincroft, New Jersey December.1983
Kenneth H. Rosen
Contents
Chapterl. l.l 1.2 1.3 t.4 1.5
The Integers The well-ordering Divisibility Representations of int;;;;;....-'.....-'-.'......... Computer operationswith integers............ Prime numbers...
Chapter2.
Greatest Common Divisors and Prime Factorization
2.1 2.2 2.3 2, 4 2.5
Greatest common divisors The Euclideanalgorithm ........... The fundamentaltheorem of arithmetic ............ Factorization of integers and the Fermat numbers Linear diophantineequations...............
Congruences Introduction to congruences Linearcongruences.............. The Chinese remainder theorem Systemsof linear congruences..............
9l 102 107 I 16
Applications of Congruences D i v i s i b i l i t yt e s t s . . . . . . . . . T h e p e r p e t u a cl a l e n d a r . . . . . . . . . . . . . R o u n d - r o b i nt o u r n a m e n t s . . . . . . . . . . Computer file storageand hashingfunctions...............
Some Special Congruences Wilson's theorem and Fermat's little theorem Pseudoprimes.............. Euler's theorem
..
147 152 16l
MultiplicativeFunctions E u l e r ' sp h i - f u n c t i o n. . . . . . . . . . . . . . . T h e s u m a n d n u m b e ro f d i v i s o r s . . . . . . . . . . . . . . Perfect numbersand Mersenneprimes
166 174 180
Cryptology Character ciphers Block ciphers Exponentiation ciphers............... Public-keycryptography............. Knapsack ciphers Some applicationsto computer science
..
188 198 205 212 219 227
Primitive Roots The order of an integer and primitive roots Primitive roots for primes Existenceof primitive roots Index arithmetic Primality testing using primitive roots......... Universal exponents. Pseudo-random numbers............ The splicingof telephonecables
.. ..
232 238 243 252 263 268 275 280
Quadratic Residuesand Reciprocity Quadratic residues Quadratic reciprocity The Jacobi symbol Euler pseudoprimes.............
..
288 304 314 325
xtl
Contents
Chapter 10. 10.1 10.2 10.3 10.4 Chapter I l.
l.l t.2 1.3
Decimal Fractions and Continued Fractions Decimal fractions... Finite continuedfractions Infinite continued fractions Periodic continued fractions
336 350 361 315
Some Nonlinear Diophantine Equations Pythagoreantriples.... F e r m a t ' sl a s t t h e o r e m. . . . . . . . . . . . . Pell'sequations
391 397 401
Appendix.. Answers to selected problems Bibliography............. List of symbols.... Index
410 426 438 445 447
lntroduction
Number theory, in a general sense, is the study of numbers and their p r o p e r t i e s .I n t h i s b o o k ,w e p r i m a r i l y d e a l w i t h t h e i n t e g e r s , 0 ,+ 1 , + 2 , . . . . We will not axiomatically define the integers, or rigorously develop integer arithmetic.l Instead, we discussthe interestingpropertiesof and relationships between integers. In addition, we study the applicationsof number theory, particularly thosedirected towardscomputer science. As far back as 5000 years ago, ancient civilizations had developedways of expressingand doing arithmetic with integers. Throughout history, different methods have been used to denote integers. For instance, the ancient Babyloniansused 60 as the base for their number system and the Mayans used 20. Our method of expressing integers, the decimal system,was first developed in India approximately six centuries ago. With the advent of modern computers, the binary system came into widespreaduse. Number theory has been used in many ways to devise algorithms for efficient computer arithmetic and for computer operationswith large integers. The ancient Greeks in the school of Pythagoras, 2500 years ago, made the distinction betweenprimes and composites. A prime is a positive integer with no positive factors other than one and the integer itself. In his writings, Euclid, an ancient Greek mathematician, included a proof that there are infinitely many primes. Mathematicians have long sought formulae that generate primes. For instance, Pierre de Fermat, the great French number theorist of the seventeenthcentury, thought that all integers of the form 22' + 1 are prime; that this is false was shown, a century after Fermat made this claim, by the renowned Swiss mathematician Leonard Euler, who demonstratedthat 641 is a factor of 22' + | . The problem of distinguishing primes from compositeshas been extensively studied. The ancient Greek scholarEratosthenesdeviseda method, now called l.
S u c h a n a x i o m a t i c d e v e l o p m e n to f t h e i n t e g e r sa n d t h e i r a r i t h m e t i c c a n b e f o u n d i n L a n d a u
t6ll.
Introduction
the sieve of Eratosthenes, that finds all primes less than a specified limit. It is inefficient to use this sieve to determine whether a particular integer is prime. The problem of efficiently determining whether an integer is prirne has long challengedmathematicians. Ancient Chinese mathematiciansthought that the primes were precisely those positive integers n such that n divides 2' - 2. Fermat showed that if n is prime, then n does divide 2n - 2. However, by the early nineteenth century, it was known that there are compositeintegersn such that n divides 2n - 2, such as n : 341 . These compositeintegers are called pseudoprimes Becausemost compositeintegers are not pseudoprimes,it is possibleto develop primality tests based on the original Chinese idea, together with extra observations. It is now possibleto efficiently find primes; in fact, primes with as many as 200 decimal digits can be found in minutes of computer time. The fundamental theorem of arithmetic, known to the ancient Greeks, says that every positive integer can be written uniquely as the product of primes. This factorization can be found by trial division of the integer by primes less than its square-root; unfortunately, this method is very timeconsuming. Fermat, Euler, and many other mathematicians have produced imaginative factorization techniques. However, using the most efficient technique yet devised, billions of years of computer time may be required to factor an integer with 200 decimal digits. The German mathematician Carl Friedrich Gauss, consideredto be one of the greatest mathematicians of all time, developed the language of congruences in the early nineteenth century. When doing certain computations,integers may be replaced by their remainders when divided by a specific integer, using the language of congruences. Many questions can be phrased using the notion of a congruencethat can only be awkwardly stated without this terminology. Congruenceshave diverse applications to computer science,including applications to computer file storage, arithmetic with large integers,and the generationof pseudo-randomnumbers. One of the most important applications of number theory to computer science is in the area of cryptography. Congruencescan be used to develop various types of ciphers. Recently, a new type of cipher system, called a public-key cipher system, has been devised. when a public-key cipher is used, each individual has a public enciphering key and a private deciphering key. Messagesare encipheredusing the public key of the receiver. Moreover, only the receiver can decipher the message,since an overwhelming amount of computer time is required to decipher when just the enciphering key is known. The most widely used public-key cipher system relies on the disparity in computer time required to find large primes and to factor large integers. In
lntrocluction
particular, to produce an enciphering key requires that two large primes be found and then multiplied; this can be done in minutes on a computer. When these large primes are known, the decipheringkey can be quickly found. To find the deciphering key from the enciphering key requires that a large integer, namely the product of the large primes, be factored. This may take billions of years. In the following chapters,we discussthese and other topics of elementary number theory and its applications.
1 The Integers
1.1 The Well-OrderingProperty In this section,we discussseveral important tools that are useful for proving theorems. We begin by stating an important axiom, the well-ordering property. The Well-Ordering Property. Every nonempty set of positive integers has a least element. The principle of mathematical induction is a valuable tool for proving results about the integers. We now state this principle, and show how to prove it using the well-ordering property. Afterwards, we give an example to demonstrate the use of the principle of mathematical induction. In our study of number theory, we will use both the well-ordering property and the principle of mathematical induction many times. The Principle of Mathematical Induction. A set of positive integers that contains the integer I and the integer n I I whenever it contains n must be the set of all positive integers. Proof. Let S be a set of positive integers containing the integer I and the integer n * | whenever it contains n. Assume that S is not the set of all positive integers. Therefore, there are some positive integers not contained in .S. By the well-ordering property, since the set of positive integers not contained in S is nonempty, there is a least positive integer n which is not in . S . N o t e t h a t n 1 1 , s i n c el i s i n S . N o w s i n c en ) l , t h e i n t e g e r n - 1 i s
l.l
The Well-Ordering ProPertY
a positive integer smaller than n, and hence must be in S. But since S contains n - l, it must also contain (n-t) + | : n, which is a contradiction, since n is supposedlythe smallest positive integer not in S. This shows that S must be the set of all positive integers. tr To prove theorems using the principle of mathematical induction, we must show two things. We must show that the statement we are trying to prove is true for l, the smallest positive integer. In addition, we must show that it is true for the positive integer n * I if it is true for the positive integer n. By the principle of mathematical induction, one concludes that the set S of all positive integers for which the statement is true must be the set of all positive integers. To illustrate this procedure, we will use the principle of mathematical induction to establish a formula for the sum of the terms of a geometric progression. Definition. Given real numbers 4 and r. the real numbers a , a r , e r 2 ,o t 3 r . . . are said to form a geometric progression. Also, a is called the initial term and r is called the common ratio. Exa m ple. T he num b e rs 5 , -1 5 ,4 5 , -1 3 5 ,... fo rm a geometri c progressi on with initial term 5 and common ratio -3. In our discussion of sums, we will find summation notation useful. The following notation representsthe sum of the real numberse1, o2,...,on. lan
2oo:er*az*
k-l
We note that the letter k, the index of summation, is a "dummy variable" and can be replaced by any letter, so that
5,
ak:
k-l
Example. We see that
nn
2 oi
j-t
i-l
The Integers
) 2j:I+2+3+4+5:15,
j-r
) 2t2:2+2+2+2+2:10,
j-r
and ) 2 2i : 2 * 22+ 23+ 24+ 2s : 62 .
j-1
We also note that in summation notation, the index of summation may range betweenany two integers,as long as the lower limit does not exceedthe upper limit. If m and h are integers such that z ( n, then b
oo:am*a^a1*
*an.
k-m
For instance.we have 5
> k 2 : 3 3+ 4 2+ 5 2 : 5 0 ,
k;t
> 3k:30 + 3t + 32: 13,
fr:0 and I k--2
We now turn our attention to sums of terms of geometricprogressions.The su m of t he t er m s e ) e r, o r2 ,...,a rn i s n
2ori:e*ar*ar2+
*arn,
j-0
where the summation beginswith 7 : g. We have the following theorem. Theorem l.l.
If a and r ^re real numbersand r *
l. then
1.1 The Well-OrderingProperty
n),,narn*l-Q
(1.1)
r* a arn r ' ' : T: T
: a * ar i*a rar2 -t + E ori j:o
.
Proof. To prove that the formula for the sum of terms of a geometric progressionis valid, we must first show that it holds for n : l. Then, we must show that if the formula is valid for the positive integer n, it must also be true for the positive integer n * l. To s t ar t t hings o ff, l e t n : l . T h e n , th e l e ft si de of (t.t) i s a * ar, w hi l e o n t he r ight s ideof (1 .1 ) w e h a v e arL-a _ a?z-t) r-l r-l
_ ab*l)(r-1) T:
a(r*l) : a * ar
So the formula is valid when n : l. N ow we as s um eth a t (1 .1 ) h o l d s for the positive integer n. assumethat
0.2)
That is, we
'tar'-arn*l-Q
alar+arz+
I
We must show that the formula also holds for the positive integer n * l. What we must show is that
(t.:)
a*ar+ar2+
* arn * arn*l :
or@+t)+t_o
ar'+2-e
r-l
r-l
To show that (1.3) is valid, we add orn*r to both sidesof (1.2), to obtain (t.+)
(a*ar*ar2+...+arn)
*
arn+t:o + arr+t, r-l
a r ' + r-
The left side of (t.+) is identical to that of (1.3). To show that the right sides are equal, we note that arn*l-a r-
1 T A ^r - n r r _
I
arn+l-e
r-l
, or'*l (r- I )
T-
orn*l-a*ar'+Z
r-1 arn*l
: r-l
Since we have shownthat 0.2) i m p l i e s (t.:), w e can concl udethat (t.t)
The Integers
holds for all positive integers n. tr Example. Let n be a positive integer. To find the sum
*2',
bro:r*2+22+
k:0
we use Theorem l.l with e : I and r : 2, to obtain
l+2+22+
.
J- 1n
1n*l _ I :
rn*l_r
2-l
Hence, the sum of consecutivenonnegative powers of 2 is one less than the next largest power of 2. A slight variant of the principle of mathematical induction is also sometimes useful in proofs. The Second Principle of Mathematical Induction. A set of positive integers which contains the integer 1, and which has the property that if it contains all th e pos it iv eint eg e rs1 ,2 ,..., k , th e n i t a l s o c ontai nsthe i nteger k + l , must be the set of all positive integers. Proof. Let T be a set of integers containing I and containing k + I if it co nt ains 1, 2, . . . , k . L e t S b e th e s e t o f a l l p osi ti vei ntegersn such that al l the positive integers less than or equal to n are in Z. Then I is in S, and by the hypotheses,we see that if k is in S, then k + | is in S. Hence, by the principle of mathematical induction, S must be the set of all positive integers, so clearly T is also the set of all positive integers. tr The principle of mathematical induction provides a method for defining the values of functions at positive integers. Definition. We say the function f is defined recursively if the value of f at I from f h) . is specifiedand if a rule is providedfor determiningf h*l) If a function is defined recursively, one can use the principle of mathematical induction to show it is defined uniquely at each positive integer. (See problem 12 at the end of this section.) We now give an example of a function defined recursively. We define the factorial function f fu) : nt . First, we specify that
1.1 The Well-Ordering ProPertY
f(r): I , and then we givethe rule for finding f h*1) from f fu), namely
f h+r) : (n+r)'ffu). These two statementsuniquely define r!. To find the value of f G) : 6! from the recursive definition of f h) : nl, use the secondproperty successively,as follows
(2) :6's'4'3'2f0). f 6) :6.f (5) : 6.5.f(4) : 6.s.4'f(3) : 6's'4'3'f We now use the first statement of the definition to replacef 0) by its stated value l. to concludethat 6 l : 6 ' 5 ' 4 ' 3 ' 2 ' :l 7 2 0 . In general, by successivelyusing the recursive definition, we see that n! is the product of the first n positive integers,i.e. n! : l'2'3
n
For convenience,and future use, we specify that 0! : l. We take this opportunity to define a notation for products, analogous to summation notation. The product of the real numbers a1, a2,...,a, is denoted by
ft o, : ere2
j -r
an
The letter 7 above is a "dummy variable", and can be replaced arbitrarily. Example. To illustrate the notation for products we have ) fI j:l'2'3'4'5:120. j-r 5
I I 2 : 2 . 2 . 2 . 2 . 22: 5: 3 2 .
j-r 5 fI Zi : j-r
2.22.23.24.2s:
2r5
l0
The Integers
We note that with this notation, n ! :
fI . j -r ,r
Factorials are used to define binomial cofficients. Definition. Let m and k be nonnegativeintegers with k 4 m. The
r) binomial cofficien,lT I isoenneo uy (^ / r)
mt kt(m_k)t
l*| lk J t r t : -
l^)
In computing we see that there is a good deal of cancellation,because lO ,J,
l^) : - lk )
m; kt@_k)l
t . 2 . 3. . . @ - k ) @ - k + t ) . . . t u - t ) m k! t.2.3 fu-k) (m-k+r) ( m - r )m kt
We see that the exteriornumbersin the triangleare all l. To find an interiornumber,we simplyadd the two numbersin the positionsabove,and to either side,of the positionbeing filled. From Theorem1.2, this yieldsthe correctinteger. of powersof sums. Exactly occur in the expansions Binomial coefficients how they occuris describedby the binomial theorem. The BinomialTheorem. Let x and y be variablesand n a positiveinteger. Then
We prove the binomial theorem by mathematical induction. In the proof we make use of summation notation. Proof. We use mathematical induction. When n : l, according to the binomial theorem. the formula becomes
(x*y)r-frlfrl + loj"'.yoI,,J"or' lrlfrl
But because lnl: t"J
lil:t,this
s t a t e st h a t ( x + y ) r : x
*y,
w h i c hi s
\^/
obviously true. We now assume the theorem is valid for the positive integer n, that is, we assumethat
^ fn) G+ y ) n: 2 l , l r ' - i r i . \r ) j-0 We must now verify that the correspondingformula holds with n replaced by n * l, assumingthe result holds for n. Hence, we have (x+y)n+r - (xty)"(x+y)
'l I : l, |,,.l l a l\ri l)" - t ' l l ( x + r ) |.i:o
, lnl j-0
\r )
J
, fr) j:0
\J ./
We see that by removing terms from the sums and consequently shifting indices.that
lrj*loj: loJ 6 . Show that a nonempty set of negative integers has a largest element. 7 . Use mathematical induction to prove the following formulae.
a) >,i:t+2+3+
+ ,:n(nlD. L
j-l
U) 2i': j-l
12+22+32+
+
.t , a
n (n+l) (2n+l) 6
t6
The Integers
|
c ) i . r ' : t ' + 2 3+ 3 3+ i-tt2l
* n3: | 't'ftl
12
I
8.
Finda formula rcrjft Zi. -l
9.
Use the principle of mathematical induction to show that the value at each positive integer of a function defined recursivelyis uniquely determined.
r0.
what function f (n) is defined recursively by f 0) : 2 and for n)l?
ll.
I f g i s d e f i n e d r e c u r s i v e l yb y g ( l ) : 2 what is S(02
t2.
The second principle of mathematical induction can be used to define functions recursively. We specify the value of the function at I and give a rule for finding from the values of f at the first n positive integers. Show that the f h+l) values of a function so defined are uniquely determined.
t3.
We define a function recursively for all positive integers n bV (l) : l, "f and for n 2 2, f h+t):f Show that f (n) : h) + 2f (n-t). f (2):5, 2^ + el)n, using the secondprinciple of mathematical induction.
14. a)
g(n) :2sb-D
and
Let n be a positive integer. By expanding (l+(-l))'with theorem. show that
f (n+D : 2f (n) for
n 7 2,
the binomial
,
fr) : o. ) (-r)o lrJ b) usepart(a),andthefactthat > f;l :2' , to find \'' J t-o
f,l* f,l* l,l * loj IrJ loj and
[,lf,l|,,l ['J*l,J* I'J* c)
Findthesuml -2+22-23
+
15. Show by mathematical induction that (2n)t < 22'(nl)z.
+2too. if
n
is a
positive integer, then
t7
1.1 The Well-Ordering ProPertY
16. The binomial coefficients
x is a variable, and n is a positive integer, [;],*nr." : x and
of inclusion - exclusion. Suppose P2,.,., P, be t different properties Pr, that S is a set with n elements and let that an element of S may have. Show that the number of elements of S possessingnone of the / properties is
t 7 . In this problem, we develop the principle
+ n@)l n -ln(rr) + n(p) + + n(P,-r,P,)l + l n ( P t , P z+ ) n ( P t , P r+) - { n ( P r , P z , P t )* n ( P r P z , P q ) + + + (-l)'n (P1,P2,...,P,),
* n(P,-2,P,4,P,)|
where n(Pi,,Pi,,..., P,,) is the number of elements of S possessingall of the properties Pi,,P;,,...,P;,.The first expressionin brackets contains a term for each property, the secondexpressionin brackets contains terms for all combinations of two properties, the third expressioncontains terms for all combinations of three properties,and so forth. (Hint: For each element of S determine the number of times it is counted in the above expression. If an element has k of the
properties, showit is counted t-
lrl + lpllrJ
Itl
+ (-l)ft
ltl ,i-.t. lrJ
This
equals zeroby problem la(a).) 1 8 . The tower of Hanoi was a popular puzzle of the late nineteenth century. The puzzle includes three pegs and eight rings of different sizes placed in order of size, with the largest on the bottom, on one of the pegs. The goal of the puzzle is to move all the rings, one at a time without ever placing a larger ring on top of a smaller ring, from the first pbg to the second,using the third peg as an auxiliary peg.
l8
The Integers
a)
Use mathematicalinduction to show that the minimum number of movesto transfer n rings, with the rules we have described,from one peg to another is 2n - 1.
b)
An ancient legend tells of the monks in a tower with 64 gold rings and 3 diamond pegs. They started moving the rings, one move per second, when the world was created. When they finish transferring the rings to the second peg, the world ends. How long will the world last?
19. Without multiplying all the terms, show that il 6! 7!: l0! b) l0!:7! 5! 3!
c) 16!: l4t 5t 2l d ) 9 t - 7 13 ! 3 ! 2 ! .
20. Let an : (af a2l. ar-1!) - l, and on+t: af. a2t o1,a2,...,etr-1 or€ positiveintegers. Show that an*1!: al. a2t 2 1 . F i n d a l l p o s i t i v ei n t e g e r sx , y , a n d z s u c h t h a t x t * y l : l.l
an_tl, onl.
where
z!.
Computer Projects Write programs to do the following:
l.
Find the sum of the terms of a geometric series.
2.
Evaluate n !
3.
Evaluate binomial coefficients.
4.
Print out Pascal'striangle.
5.
List the movesirr the Tower of Hanoi puzzle (see problem l8).
6.
Expand (x*y)",
where n is a positive integer, using the binomial theorem.
1.2 Divisibility When an integer is divided by a secondnonzerointeger, the quotient may or m ay not be an i n te g e r. F o r i n s ta n c e ,2 4 /8 : 3 i s an i nteger,w hi l e l 7/5:3.4 is not. This observationleads to the following definition. Definition. If a and b are integers, we say that a divides b if there is an integer c such that b : ac. lf a divides b, we also say that a is a divisor or factor of b.
t9
1.2 Divisibility
I f a d i v i d e sb w e w r i t e a l b , w h i l e i f a d o e s n o t d i v i d e b , w e w r i t e a t r U . Example. The following examples illustrate the concept of divisibility of
i n t e g e r s1:3| 1 8 2-,5 | 9 0 ,t 7 l 2 8 g , e t r q q , l t r s o-,l | : 1 , a n d1 71 0 .
Example. The divisorsof 6 are +1, *2, +3, and +6. The divisorsof 17 are +5, +10, The divisors of 100 are +1, *2,+4, tl and tI7. +20, +25, +50, and + 100. In subsequentsections,we will need some simple properties of divisibility. We now state and prove these properties. 1.3. If a,b,and c areintegerswitha Proposition l b a n db l r , t h e n a l c . Proof. Since a I b and b I c, there are integers e and f with ae : b and bf : ,. Hence, bf : be)f : aGf) : c, and we concludethat a I c. a Exa mple. S inc e 1l | 6 6 a n d 6 6 | tl a , P ro p o s i ti on1.3 tel l s us that 11 | 198. P r o p o s i t i o n1 . 4 . l f a , b , m , c | (ma+nb).
a n d n a r e i n t e g e r sa, n d i f c l a a n d c l D , t h e n
Proof. Since c I a and c | 6, there are integers e and / such that a : ce and b : c f . Henc e, m a * n b : m c e * n c f : c (me + nf). C onsequentl y, w e see th a t c | f ua+ nb) . E Exa mple. S inc e 3l2 l
a n d : I l l , Pro p o s i ti o n1 .4 tel l s us that
3 | 6 - z l - 3 . 3 3:) l o 5 - 9 9 : 6 . The following theorem states an important fact about division. The Divisionl$f$* If a and b are integers such that b > 0, then there are unique integers q and r such that a : bq * r with 0 ( r < b. In the equation given in the division algorithm, we call q the quotient and r the remainder. We note that a is divisible by b if and only if the remainder in the division algorithm is zero. Before we prove the division algorithm, consider the following examples.
20
The Integers
Example. If a-.133 and b:21, then Q:6 and r:7, since 133:21'6+7. L i k e w i s ei,f a : - 5 0 a n d b : 8 , t h e n q - - 7 and r:6, s i n c e- 5 0 : 8 ( - 7 ) + 6. For the proof of the division algorithm and for subsequent numerical computations,we need to define a new function. Definition. Let x be a real number. The greatest integer in x, denoted by [x ], is the largest integer lessthan or equal to x. Example.
We
have the following values for
: 2,131: 3, andI-t.sl : -2. x'. 12.21
the greatest integer in
The proposition below follows directly from the definition of the greatest integer function. Proposition 1.5. If x is a real number, then x-l
< [x] ( x.
We can now prove the division algorithm. Note that in the proof we give explicit formulae for the quotient and remainder in terms of the greatest integer function. Proof. Let q:la/bl a n d r : a - b l a / b l . C l e a r l ya : b q * r . T o s h o w r that the remainder satisfies the appropriate inequality, note that from Proposition1.5, it follows that G/b)-l
< ta/bl 4a/b.
We multiply this inequality by b, to obtain a - b < btalbl 4 a. Multiplying by -1, and reversingthe inequality,we find that
-a(-b[a/bl l, always reachesthe integer l.
1.2 Computer Projects Write programs to do the following: l
Decide whether an integer is divisible by a given integer.
2.
Find the quotient and remainder in the division algorithm.
3.
Find the quotient, remainder, and sign in the modified division algorithm given in problem 14.
4.
I n v e s t i g a t et h e s e q u e n c en , T ( n ) , T ( T h ) ) , 33.
f (rQ
( n ) ) ) , . . . d e f i n e di n p r o b l e m
1.3 Representations of Integers The conventionalmanner of expressingnumbersis by decimal notation. We write out numbers using digits to representmultiples of powers of ten. For instance,when we write the integer 34765,we mea;r 3 . 1 0 4+ 4 . 1 0 3+ 7 . 1 0 2+ 6 . 1 0 1+ 5 . 1 0 0 . There is no particular reasonfor the use of ten as the base of notation,other than the fact that we have ten fingers. Other civilizations have used different
25
of Integers 1.3 Representations
bases,including the Babylonians,who used base sixty , and the Mayans, who Electronic computers use two as a base for internal used base twenty representationof integers,and either eight or sixteen for display purposes. We now show that every positive integer greater than one may be used as a base. Theorem 1.3. Let b be a positive integer with b > l. integer n can be written uniquely in the form n : a k b k * a p - 1 b k - rt
Then every positive
* a1b I oo,
w h e r e a; is an int eg e rw i th 0 ( o ; < b -l coefficientak I O.
fo r,/ :0,
1,..., k and the i ni ti al
Proof . We obtain an expressionof the desired type by successivelyapplying the division algorithm in the following way. We first divide n by b to obtain n:beo*oo,
0(ao "'>
0,
and any decreasing sequence of nonnegative integers must eventually terminate with a term equaling 0.
26
The Integers
From the first equation above we find that n:
beo* ao.
We next replace {6 using the secondequation, to obtain n : b(bqfta1) + as : bzqrI a1b I as, Successively substituting for qr, Q2,..., Qk_r,we have n:
b 3 q z + a 2 b 2* a 1 b * o r ,
: =i: ri::,-'**"::,t{,-'..**olr'u**ol' : a t b k + a 1 r - 1 b k -*r
t aft * ao.
w her e 0 ( a; < b -l fo r 7 : 0 ,1 ,...,ka n d a * I 0, si nceek : 4r-r i s the l ast nonzero quotient. Consequently,we have found an expansion of the desired type. To see that the expansion is unique, assume that we have two such expansionsequal to n, i.e. n : e k b k + a 1 r - y b k - *t : c * b k * c 1 r-1 b k -r*
t a1b * ao * cft * ro,
where 0 ( ar (b and 0 ( c1(b (and if necessarywe add initial terms with zero coefficients to have the number of terms agree). Subtracting one expansionfrom the other, we have (ar,-c)bk +(o,,-r-c1,-)bk-t *
*(a;cr)b
+ (as-ca):0.
If the two expansionsare different, there is a smallest integer j, O ( < k, "l such that ai # ci. Hence, .f
br
+ l(a*-c*)b(-r
* (ai+rci+r)b * G1-c1)] : o,
so that
Gr,-c)bk-i +
+ (a1+rci+)b
r (ai-c1) : O.
27
1.3 Representationsof Integers
Solving for ai-c; we obtain aj- c j:
(c rr-a r)b k -j +
* (c 7+ r-ai + )b
: bl(c1,-a1)bk-j-t +
* (c7+r-or*,) ].
Hence, we see that
bl
G 1 -c 1 ).
But since 0 ( a; < b and 0 ( c; < b, we know that -b < ai-c1 I b. implies that ej : cj. This contradicts the Consequently, b I h1-c) assumptionthat the two expansionsare different. We concludethat our base 6 expansionof n is unique. ! For b - 2 . we see from Theorem 1.3 that the following corollary holds. Corollary 1.1. Every positive integer may be represented as the sum of distinct powersof two. Proof. Let n be a positive integer. From Theorem 1.3 with b : 2, we know t h a t n : a t r T k * a 1 r - 1 2 k - t* + a Q * a s w h e r e e a c h a ii s e i t h e r 0 o r 1 . Hence, every positive integer is the sum of distinct powersof 2. tr In the expansionsdescribedin Theorem 1.3, b is called the base or radix of the expansion. We call base l0 notation, our conventionalway of writing integers, decimal notation. Base 2 expansionsare called binary expansions, base 8 expansionsare called octal expansions,and base 16 expansionsare called hexadecimal, or hex for short, expansions. The coefficients ai are called the digits of the expansion. Binary digits are called bits (binary digils) in computer terminology. To distinguish representationsof integers with different bases, we use a special notation. We write (apapa...aps) 6 to represent the expansion a*bklapabk-rl taft*ao. Example. To illustrate base b notation, note that Q3Ot : 2.72+ a n d ( 1 0 0 1 0 0 1 1 :) 2 1 . 2 7+ 1 . 2 4+ 1 . 2 r+ 1 .
3.7 + 6
Note that the proof of Theorem 1.3 gives us a method of finding the base b expansion of a given positive integer. We simply perform the division algorithm successively,replacing the dividend each time with the quotient, and
28
The Integers
stop when we come to a quotient which is zero. We then read up the list of remaindersto find the base b expansion. Example. To find the base 2 expansionof 1864, we use the division algorithm successively:
1 8 6 4: 2 . 9 3 2 + 0 , 932:2'466 +0, 466:2'233 +0 233-2'116+1, 1 1 6: 2 ' 5 8 + 0 , 58:2'29 +0, 29:2'14 +1, 14:2'7 +0, 7 : 2'3 + 1, 3 : 2'l + l, | : 2'O + 1. To obtain the base 2 expansionof 1984, we simply take the remaindersof t h e s ed i v i s i o n s .T h i s s h o w st h a t ( 1 8 6 4 ) r o : ( 1 1 1 0 1 0 0 1 0 0 0 ) 2 . Computers represent numbers internally by using a series of "switches" which may be either "on" or "off". (This may be done mechanically using magnetic tape, electrical switches, or by other means.) Hence, we have two possiblestates for each switch. We can use "on" to represent the digit I and "off" to representthe digit 0. This is why computers use binary expansionsto representintegers internally. Computers use base 8 or base 16 for display purposes. In base 16, or hexadecimal, notation there are l6 digits, usually denoted by 0 ,1, 2, 3, 4, 5, 6,, 8, 7 9 ,A,8 ,,C ,D ,,Ea n d F . T h e l e tters A ,B ,C ,D ,E , and F are and l5 (written used to representthe digits that correspondto 10,11,12,13,14 in decimal notation). We give the following example to show how to convert from hexadecimalnotation to decimal notation. Example. To convert (A35B0F) 16we write ( e l s n o r ) r e : 1 0 . 1 6 s + 3 ' 1 6 4+ 5 ' 1 6 3+ l l ' r c z + 0 ' 1 6 + 1 5 : ( t o7o5 679)rc.
29
1.3 Representationsof Integers
A simple conversionis possible between binary and hexadecimal notation. We can write each hex digit as a block of four binary digits according to the correspondencegiven in T a b l e l . l . Hex Digit
Binary Digits
Hex Digit
Binary Digits
0 I 2 3 4 5 6 7
0000 0001 0010 0 0 1l 0100 0101 0110 0l l1
8 9 A B C D E F
r000 1001 1010 1011 l 100 I l0l 1110 llll
Table1.1. Conversion from hex digits to blocksof binarydigits. Example. An example of conversionfrom hex to binary is (zFBrrc: (tOt t 1110110011)2 .E a c h h e x d i g i t i s c o n v e rt edto a bl ock of four bi nary digits (the initial zeros in the initial block (OOIO)2correspondingto the digit (2) rc are omitted). To convert from binary to hex, consider(t t t tOl I I101001)2. We break this into blocks of four starting from the right. The blocks are, from right to left, 1 0 0 1, 1110, 1101,an d 0 0 1 1 (w e a d d th e i n i ti a l z eros). Transl ati ngeach bl ock to hex, we obtain GOng)ru. We note that a conversionbetween two different basesis as easy as binary hex conversion,wheneverone of the basesis a power of the other.
1.3 Problems l.
Convert (1999)1sfrom decimal to base 7 notation. Convert (6tOS)t from base 7 to decimal notation.
2.
Convert (tOtOOtOOO),from binary to decimal notation and (tgg+),0 from decimal to binary notation.
30
The Integers
3 . c o n v e r t ( 1 0 0 0 1 II l 0 l 0 l ) 2 a n d ( l I 1 0 1 0 0 1 1 1 0 ) 2f r o m b i n a r y t o h e x a d e c i m a l . 4 . convert (ABCDEF)rc, @nrecnD)to,
and (9A08)rc from hexadecimal to
binary.
5 . Explain why we really are using base 1000 notation when we break large decimal integers into blocks of three digits, separatedby commas.
6 . a)
Show that if D is a negative integer less than -1, then every integer n can be uniquer';:.])::'::;' .
*
a 1 b*
oo,
where a1, I 0 and O lj-0 )
For i : 0, this is clearly correct, since R0 : a : qb + R. Now assumethat
38
The Integers
Rft:
Then Rt+r :
:
:|
Rft - bqn-*-rrn-k-l 'l (n-k-t .
I U l. .r-o
qirilb+R-bqn-*-rvn-k-l )
fn-(k+r)-r
>
.l
qi"lb+R'
Ij-0)
e s t a b l i s h i n( 1g . 5 ) . F r o m ( t . S ) , w e s e e t h a t 0 ( R i < r n - i b , f o r i : 1 , 2 , . . . ,f l , s i n c e
n-i -l i-0
O ( Ri < rn-tb, we see that the digit qn-i is given by lRi-r/brn-il and can be obtained by successivelysubtracting brn-t from Ri-1 until a negative result is obtained,and then qn-; is one lessthan the number of subtractions. This is how we find the digits of q. E x a m p l e .T o d i v i d e( t t t O l ) 2 b y ( t t t ) 2 , w e l e t q : ( q r q r q i r . W e s u b t r a c t Z2( t t l) z : ( t t t O O), o n c e fro m (t t tO t)z to obtai n (l )2, and once more to o b t a i na n e g a t i v er e s u l t s, o t h a t Q 2 : l . N o w R l : ( t t t O l ) t - ( t t t 0 0 ) t : (1)2. We find that ql:0, s i n c eR 1 - 2 ( 1 l l ) 2 i s l e s st h a n z e r o ,a n d l i k e w i s e q u o ti e n t Henc e t h e o f th e d i v i s i o ni s (1 00)2and the remai nderi s (l )2 Qz : 0. We will be interested in discussinghow long it takes a computer to perform calculations. We will measure the amount of time needed in terms of bit operations. By a bit operation we mean the addition, subtraction, or multiplication of two binary digits, the division of a two-bit integer by one-bit, or the shifting of a binary integer one place. When we describethe number of bit operations needed to perform an algorithm, we are describing the computational complexity of this algorithm. In describing the number of bit operations needed to perforrn calculations we will use big-O notation.
39
1.4 ComputerOperationswith Integers
Definition. If f and g are functions taking positive values, defined for all x in a set S, then we say f is OQ) if there is a positive constant K such that f G) < K g( x ) f or a l l x i n th e s e t S . Proposition 1.6. If / is OQ) and c is a positiveconstant,then cf is Ok). Proof . If / is Ok), then there is a constantK such that f G) < Kg(x) for Therefore, y' is all x under consideration. Hence cf G) < GK)gG).
oQ). n P r o p o s i t i o1n. 7 .l f f t i s O ( g r ) a n d f 2 i s O k z ) , t h e n" f t + - f z i s O Q f t g 2 ) andfJzisoQe). Proof . If / is OQr) and f2 is Okz), then there are constantsK1 and K2 su ch t hat - f , ( *) < ,< 1 g 1 (x ) a n d " f z (x ) 1 K2g2(x) for al l x under consideration. Hence f 1G) +f2G)
( Krsr(x) + x2g2k)
( Kkr(x) + sz?))
where K is the maximum of K1 and K2. Hencef r + -f zis Ok,
+ gz).
Also -f tk)f
so th at " f f z is 0( 96 ).
z(.x) ( Krsr G) K2s2G) : (KrK2)kt?)g2(x)),
tr
C o rollar y 1. 2. I f / 1 a n d f 2 a re O G), th e n -f r + -f zi s Ok). Proof . Proposition 1.7 tells us that But if "f t + f z is O QS). ( ( (z x )g , s o th at -f r + .f zi s Ok). a + K Q s ) , t h e nf t + f t "fz " fz Using the big-O notation we can see that to add or subtract two r-bit integers takes Ofu) bit operations,while to multiply two n-bit integers in the conventionalway takes OGz) bit operations(see problems 16 and 17 at the end of this section). Surprisingly, there are faster algorithms for multiplying large integers. To develop one such algorithm, we first consider the multiplication of two 2n-bit integers, say a : (a2n4a2n_2...eflo)z and 2 .e w r i t e a : 2 n A t f 4 6 a n d b : 2 n B r t B s , w h e r e b : ( b 2 , 6 b , 2 n - 2 . . . b f t iW -l
40
The Integers
A t : ( a 2 r - 1 a 2 n * 2 . . . a 1 7 1 1 eA1o7: ) 2 (, a n - 1 a n - 2 . . . a p g ) 2B, t : ( b 2 n - f t 2 r - z . . . b n + t br)2, and B0 : (br-t bn-z...brbiz. We will use the identity (t.e)
a b : ( 2 2 , + 2 , ) A r B r r 2 n( A r A i ( a o - n r )
+ (2,+l)AoB0.
To find the product of a and 6 using (t.0), requires that we perform three mu lt iplic at ions o f n -b i t i n te g e rs (n a me l y A r B r (A , - A d(B oB r), and AsBs), as well as a number of additions and shifts. If we let M(n) denote the number of bit operations needed to multiply two n -bit integers, we find from (t.0) t t r at
(r.z)
M (2n) < ru h) + Cn.
where C is a constant, since each of the three multiplications of n -bit integers takes M (n) bit operations,while the number of additions and shifts neededto compute a'b via (t.0) does not depend on n, and each of these operations takes O (n) bit operations. From (t.Z), using mathematical induction, we can show that
a(zk) ( c(3k -2k),
(1.8)
where c is the maximum of the quantities M Q) and C (the constant in (t.Z)). To carry out the induction argument, we first note that with k: l, we have MQ) ( c(3t -2t) : c, sincec is the maximum of M(2) and C. As the induction hypothesis,we assumethat MQk)
( c (3 ft - 2 k).
Then, us ing ( 1. 7), w e h a v e M (z k + t) ( ( ( (
3 u (z k ) 3c (lt c a k + t_ c ( 3 f t + l-
+ czk 2k) + c2k c . 3 . 2 k* c 2 k zk+t).
This establishesthat (1.8) is valid for all positive integers ft. Using inequality (t.8), we can prove the following theorem. Theorem 1.4. Multiplication of two n-bit integers can be performed using O(nto9'3) bit operations. (Note: log23 is approximately 1.585, which is
1.4 ComputerOperationswith Integers
4l
considerably less than the exponent 2 that occurs in the estimate of the number of bit operations needed for the conventional multiplication algorithm.) Proof . From (t.8) we have M h) : M (ztos'n)( lzlttloerl+t; < , (3ttot'nl+t_rltoe'nl+t; ( 3 c .rl l o g Irn( 3 c .3 l o sr,:3rnto93 (since 3lo8'n: ,'ot"). Hence, Mh)
:
glnroe'3l. tr
We now state, without proof, two pertinent theorems. Proofs may be found in Knuth [50] or Kronsjii tSgl. Theorem 1.5. Given a positive number e ) 0, there is an algorithm for multiplication of two n-bit integersusing O(nr+') bit operations. Note that Theorem 1.4 is a specialcaseof Theorem 1.5 with e : log23- l, which is approximately0.585. Theorem 1.6. There is an algorithm to multiply two n-bit integers using O(n log2n log2log2n)bit operations. Since log2n and log2log2nare much smaller than n' for large numbers n, Theorem 1.6 is an improvement over Theorem 1.5. Although we know that M h) : O (n log2n log2log2n), for simplicity we will use the obvious fact that M fu) : O (n2) in our subsequentdiscussions. The conventionalalgorithm described above performs a division of a 2n-bit integer by an n-bit integer with O(n2) bit operations. However, the number of bit operations needed for integer division can be related to the number of bit operations needed for integer multiplication. We state the following theorem, which is basedon an algorithm which is discussedin Knuth 1561. Theorem 1.7. There is an algorithm to find the quotient q:Ia/bl, when the 2n-bit integer a is divided by the integer b having no more than n bits, using O(M Q)) bit operations, where M fu) is the number of bit operationsneededto multiply two n-bit integers.
42
The Integers
1.4 Problems l.
Add (l0llll0ll)2 and(ttootll0ll)2.
2 . S u b t r a c t( t o t t l 0 l 0 l ) 2 f r o m ( 1 1 0 1 1 0 1 1 0 0 ) 2 . 3.
Multiply (t t rOr), and (l10001)2.
4.
F i n d t h e q u o t i e n ta n d r e m a i n d e rw h e n ( t t o t o o n l ) 2 i s d i v i d e db y ( 1 1 0 1 ) 2 .
5.
A d d ( A B A B ) 1 6a n d ( B A B A ) r c .
6.
Subtract (CAFE)16 from (rnno)ru.
7.
Multiply
8.
Find the quotient and remainder when Gneono),u
9.
Explain how to add, subtract, and multiply the integers 18235187and 22135674 on a computer with word size 1000.
(FACE) 16and (BAD)rc. is divided by (enn.n)ru.
10. Write algorithms for the basic operations with integers in base (-2) (see problem 6 of Section 1.3).
notation
11. Give an algorithm for adding and an algorithm for subtracting Cantor expansions (see problem l4 of Section 1.3). 12. Show that if f 1 and f 2 are O(St) and O(g2), respectively,and c1 and c2 are constants,then c;f1 * ,zf z is O(g1 * g). 13. Show that if f is O(g), then fr
it OQk) for all positiveintegersk.
14. Show that a function f is O(log2n) if and only if f is O(log,n) wheneverr ) (Hint: Recall that logon/log6n: logo6.)
l.
15. Show that the base b expansionof a positive integer n has llog6nl+t digits. 16. Analyzing the algorithms for subtraction and addition, show that with n-bit integers these operationsrequire O h) bit operations. 17. Show that to multiply an n-bit and an m-bit integer in the conventional manner requires OQm) bit operations. 18. Estimate the number of bit operationsneededto find l+2+ il
by performing all the additions.
b)
by using the identity l+2* shifting.
I n:
nh+l)/2,
* n
and multiplying and
43
1.4 Computer Operations with Integers
19. Give an estimate for the number of bit operationsneededto find
b)
a) n'.
["1 |.o,|
20. Give an estimate of the number of bit operations needed to find the binary expansionof an integer from its decimal expansion'
21.
22.
il
Show there is an identity analogousto (1.6) for decimal expansions.
b)
Using part (a), multiply 73 and 87 performing only three multiplications of one-digit integers,plus shifts and additions.
c)
Using part (a), reduce the multiplication of 4216 and 2733 to three multiplications of two-digit integers, plus shifts and additions, and then using part (a) again, reduce each of the multiplications of two-digit integers into three multiplications of one-digit integers, plus shifts and additions. Complete the multiplication using only nine multiplications of one-digit integers, and shifts and additions.
il
lf A and B are nxn
matrices, with entries aii and bii for I ( i ( n,
I ( f ( n, then AB
is the nxn matrix with entries cii :
Show that n3 multiplications of integers are used to find AB its definition. b)
2
ai*b*j.
dir:;;ly from
Show it is possible to multiply two 2x2 matrices using only seven multiplications of integers by using the identity
o,rf lb,, D'tl
lo,, l a z r o,,)
l"r r b r r*
II lx
lr,, t,,)
anbzt
( a r r l a 1 2 - a 2 1 - a 2 2 )b 2 2
* (as-a2)(bzz-bn) -
a 2 2 ( br - b z r - b e * b 2 2 )
w h e r ex : c)
* a22)(bn-b,+ , )l x I (a21 |
x * ( a n - a z t ) ( b r r - b r+r ) I ( a 2 1* a 2 ) ( b r z - b ' , - )
a r r b r ,- ( a t t - c t 2 r - a 2 ) ( b n -
bp*
|
b2).
Using an inductive argument, and splitting 2nx2n matrices into four nxn matrices, show that it is possibleto multiply two 2k x2k matrices using only 7ft multiplications, and less than 7ft+r additions.
44
The Integers
d)
23.
Conclude from part (c) that two nxn matrices can be multiplied using O(nt"c7) bit operations when all entries of the matrices have less than c bits, where c is a constant.
A dozen equals 12 and a gross equals 122. Using base 12, or duodecimal. arithmetic answer the following questions. il
If 3 gross, 7 dozen, and 4 eggs are removed from a total of l l gross and 3 dozen eggs, how many eggs are left?
b)
If 5 truckloads of 2 gross, 3 dozen, and 7 eggs each are delivered to the supermarket, how many eggs were delivered?
c)
If I I gross, I 0 dozen and 6 eggs are divided in 3 groups of equal size, how many eggs are in each group?
24.
A well-known rule used to find the square of an integer with decimal expansion (an-1...apJro with final digit ao:5 is to find the decimal expansionof the product (anan-1...a)rcl(anan-r...ar)ro* ll and append this with the digits (25)ro. For instance, we see that the decimal expansion of (tOS)2 begins with 16'17 :272, so that (165)2 :27225. Show that the rule just describedis valid.
25.
In this problem, we generalizethe rule given in problem 24 to find the squaresof integers with final base 28 digit 8, where I is a positive integer. Show that the base 28 expansion of the integer (ana,-1...afl0)z,astarts with the digits of the base 28 expansionof the integer (anana...aflo)zn l(anan-1...ap0)zn* ll and ends with the digits Bl2 and 0 when B is even, and the digits G-l)12 and.B when I is odd.
1.4 Computer Projects Write programs to do the following: l.
Perform addition with arbitrarily large integers.
2.
Perform subtraction with arbitrarily large integers.
3.
Multiply two arbitrarily large integers using the conventionalalgorithm.
4.
Multiply two arbitrarily laige integers using the identity (1.6).
5.
Divide arbitrarily large integers, finding the quotient and remainder.
6.
Multiply two n xn matrices using the algorithm discussedin problem 22.
45
1.5 Prime Numbers
1.5 Prime Numbers The positive integer I has just one positive divisor. Every other positive integer has at least two positive divisors, becauseit is divisible by I and by itself. Integers with exactly two positive divisors are of great importance in number theory; they are called primes. Definition. A prime is a positive integer greater than I that is divisible by no positive integers other than I and itself. Example. The integers2,3,5,13,101and 163 are primes. Definition. A positive integer which is not prime, and which is not equal to l, is called composite. Example. The integers 4:2'2,8:4'2, l 0 0 l : 7' ll' 13 ar e co m p o s i te .
3 3 : 3 ' 1 1 ,1 l l : 3 ' 3 7 , a n d
The primes are the building blocks of the integers. Later, we will show that every positive integer can be written uniquely as the product of primes. Here, we briefly discuss the distribution of primes and mention some conjecturesabout primes. We start by showing that there are infinitely many primes. The following lemma is needed. Lemma 1.1. Every positive integer greater than one has a prime divisor. Proof . We prove the lemma by contradiction; we assume that there is a positive integer having no prime divisors. Then, since the set of positive integers with no prime divisors is non-empty, the well-ordering property tells us that there is a least positive integer n with no prime divisors. Since n has no prime divisors and n divides n, we see that n is not prime. Hence, we can write n:ab with I 1 a 1 n and | < b 1 n. Becausea 1 n. a must have a prime divisor. By Proposition 1.3, any divisor of a is also a divisor of n, so that n must have a prime divisor, contradicting the fact that n has no prime divisors. We can conclude that every positive integer has at least one prime divisor. tr We now show that the number of primes is infinite. Theorem 1.8. There are infinitely many primes.
46
The Integers
Proof . Consider the integer Qn: nt t l,
n 2 l.
Lemma 1.1. tells us that Q, has at least one prime divisor, which we denote by gr. Thus, q, must be larger than n; for if 4, ( n, it would follow that Qn I n!, and then, by Propositionl.!, Q, | (er-rr) : l, which is impossible. Since we have found u priJ.''lur*r, tt* there must be infinitely many primes. tr
r, for every positive integer n,
Later on we will be interested in finding, and using, extremely large primes. We will be concerned throughout this book with the problem of determining whether a given integer is prime. We first deal with this question by showing that by trial divisions of n by primes not exceeding the square root of n, we can find out whether n is prime. Thedrem 1.9. If n is a composite integer, then n has a prime factor not exceeding..1n. Proof . Since n is composite, we can write n : ab, where a and b are ( D < n. we must have a 4 r/i, since otherwise integers with | 1a : n. Now, by Lemma I.l, a must have a b 7 a > ,/; and ab > '/i.,/i prime divisor, which by Proposition 1.3 is also a divisor of a and which is clearly less than or equal to ,/i . D We can use Theorem 1.9 to find all the primes less than or equal to a given positive integer n. This procedure is called the steve of Eratosthenes. We illustrate its use in Figure 1.2 by finding all primes less than 100. We first note that every composite integer less than 100 must have a prime factor less than J00-: 10. Since the only primes lessthan l0 are 2,3,4, and 7, we only need to check each integer less than 100 for divisibility by these primes. We first cross out, below by a horizontal slash -, all multiples of 2. Next we cross out with a slash / those integers remaining that are multiples of 3. Then all multiples of 5 that remain are crossedout, below by a backslash\. Finally, all multiples of 7 that are left are crossedout, below with a vertical slash l. ntt remaining integers (other than l) must be prime.
41
1.5 Prime Numbers
5
t23+ ++ ll
13
l+-
X
2{-*23+g-. 3l+2Ii+ 4r+43
1+
>{+*s3*r4*tr# 61 7t+73.+ y{ 83 t.> I
tlt
+>
yr
2 1/5, we seethat l o g rq b > h -l )l o g l s a
> (C I-l ) /5.
Consequently, n-l(S'logleb.
63
2 .2 T he E uc lidean Al g o ri th m
Let b have k decimal {igits, so that b < 10ftand loglsb < k. Hence, we see that n - I < 5k and since /c is an integer, we can conclude that n < 5k. This establishesLam6's theorem. tr The following result is a consequence of Lam6's theorem. Corollary 2.1. The number of bit operations needed to find the greatest
integers of twopositive a and, yy divisor common
ir;;i.:f$;:ri?',
Proof. We know from Lam6's theorem that O Qogra) divisions, each taking O(log2a)2) bit operations,are neededto find fu, b). Hence, by Proposition 1.7, (a, b) may be found using a total of O((log2a)3) bit operations. D The Euclideanalgorithm can be used to expressthe greatestcommon divisor of two integers as a linear combination of these integers. We illustrate this by expressing(252, 198) : l8 as a linear combinationof 252and 198. Referring to the stepsof the Euclideanalgorithm used to find (252, 198), from the next to the last step, we seethat 18:54-l'36. From the secondto the last step, it follows that
36:198-3'54, which implies that
1 8: 5 4 - t . ( 1 9 8 - 3 . 5 4: ) 4 . 5 4 - 1 . 1 9 8 . Likewise, from the first stepwe have 54:252 - l'198. so that
l 8 - 4 ( 2 5 2 - 1 . 1 9 8- ) 1 . 1 9 8: 4 . 2 5 2 - 5 . 1 9 8 . This last equationexhibits l8 : (252, 198) as a linear combinationof 252 and l 98. In general,to see how d : (a, b) may be expressedas a linear combination of a and 6, refer to the series of equations that is generated by use of the Euclideanalgorithm. From the penultimateequation,we have rn: (a, b) : Th i s e x pr es s es b, b) ' a s
r n - 2 - r n - r Q n - .r
a l i n e a r c o mb i n a ti o no f rr-2e,fi drr-1. The secondto
GreatestCommonDivisorsand PrimeFactorization
64
the last equation can be used to expressr2-1 &S rn-3 -rn-zen-z . Using this last equation to eliminate rn-1 in the previousexpressionfor (4,6), we find that ln:
ln-3-
fn-24n-2,
so that b, b) : rn-2- (rn4-rn-zQn-z)en-r -- (l + q rn Q n -z )rn - zQn-rrn-3, which expressesb, b) as a linear combinationof rn-2 zfid r,4. We continue working backwards through the steps of the Euclidean algorithm to express G, b) as a linear combinationof each precedingpair of remaindersuntil we havefound (a, b) as a linear combinationof to: a and 11- b. Specifically, if we have found at a particular stagethat G,b):sriltrit, then, since ti:
ti_2- ri_tQi_r,
we have b,b) : s (ri-z*ri-g1-r) * tr1-r : Q-sqt-)ri-r * sri-2. This showshow to move up through the equationsthat are generatedby the Euclidean algorithm so that, at each step, the greatestcommon divisor of a and b may be expressedas a linear combination of a and b. This method for expressingG, b) as a linear combinationof a and b is somewhatinconvenientfor calculation, becauseit is necessaryto work out the steps of the Euclidean algorithm, save all these steps, and then proceed backwardsthrough the steps to write G,b) as a linear combinationof each successivepair of remainders. There is another method for finding b,b) which requires working through the steps of the Euclidean algorithm only once. The following theoremgivesthis method. Theorem 2.4. Let a and b be positive integers. Then fu,b):sna+tnb, defined for n:0,1,2,..., where,sn andtn are the nth terms of the sequences recursivelyby
65
2.2 The Euclidean Algorithm
SO: l, /0:0, sl :0, /l : l,
and si : Si*z- ?i-tsi-t, tj : tj-z - Q1-zt1-t for 7 :2,3, ..., fl, where the q;'s are the quotientsin the divisionsof the Euclideanalgorithm when it is usedto find G,b). Proof. We will prove that ri : sia + tjb
Q.D
for 7 : 0, I ,...,fl. Since G,b) : r, once we have established(2.2), we will know that G,b):sna+tnb. We prove (2.2) using the secondprinciple of mathematicalinduction. For :0 , we hav e a : r0 : l ' a * 0 ' b : s s a* ts b . H ence, Q.D i s val i d for l j : 0 . L i k e w i s eb, : r r : 0 ' a + l ' b : s l c + t f t , s o t h a t Q . D i s v a l i d f o r j : l. Now, assumethat ri:Sia+tjb for 7 : 1,2,..., k-1. Then, from the kth step of the Euclideanalgorithm,we have tk : rk-2 - r*_lQt-l . Using the inductionhypothesis,we find that r1 : (s1-2a*tp-2b) - (s1raa*t1r-1b) Q*-r : (s 1 -2 -s * -tq * -)a * Q p 2 -t* -rq* -)b :Ska+tkb. This finishesthe proof. tr The following example illustrates the use of this algorithm for expressing (a,b) as a linear combinationof a and b. Example. Let a :252 and D : 198. Then
GreatestCommonDivisorsand prime Factorization
66
so: l, sl :0, J2:S0-sql:l0'l:1, J 3 : S t - S Z Q z : 0- l ' 3 : - 3 , s 4 : s 2- s t Q t : I - ( - l ) ' t : 4 ,
lo:0, Ir : 1, tZ:tO-ttQt:01 . 1: - 1 , t 3 : t t - 1 Z Q Z :1 - ( - l ) 3 : 4 , t q : t z - t t Q z : - l - 4 . 1: - 5 .
S i n c e1 4 : 1 8 : ( 2 5 2 , 1 9 8 )a n d 1 4 : s 4 o+ t 4 b , w e h a v e 1 8 - ( 2 5 2 ,1 9 8 ): 4 . 2 5 2- 5 . 1 9 8. It should be noted that the greatestcommon divisor of two integersmay be expressedin an infinite number of different ways as a linear combination of theseintegers. To seethis, let d : (a,b) and let d : so I tb be one way to write d as a linear combination of a and b, guaranteed to exist by the previousdiscussion.Then d : (s - k(b/d))a + Q - kb/d))b for all integersk. Example. With a :252 and b : 198, lB: (-S - l4k)198 whcneverk is an integer.
(252, 198) :
(+ - t Ik)252 +
2.2 Problems l.
Use the Euclidean algorithm to find the following greatest common divisors
il (45,75)
c) (ooo, r+r+)
b) 002,22D
d) (2078S,44350).
2.
For each pair of integers in problem l, expressthe greatest common divisor of the integers as a linear combination of these integers.
3.
For each of the following sets of integers, expresstheir greatest common divisor as a linear combination of these integers il
6, 10,l5
b)
7 0 , 9 8 ,1 0 5
c)
2 8 0 ,3 3 0 , 4 0 5 , 4 9 0 .
4. The greatest common divisor of two integers can be found using only subtractions, parity checks, and shifts of binary expansions,without using any divisions. The algorithm proceedsrecursively using the following reduction
67
2.2 The Euclidean Algorithm
I,
G.b):
if a:b
)2 k l L ,b/2 ) if a and 6 are even
l{o/z,t) -D,b)
if a is even and b is odd if a and b are odd.
[(a a)
Find (2106,8318) usingthis algorithm.
b)
Show that this algorithm always produces the greatest common divisor of a pair of positiveintegers.
5. In problem 14 of Section 1.2, a modified division algorithm is given which says that if a and 6 > 0 are integers,then there exist unique integersq,r, and e such that a : bq * er, where e - tl,r ) 0, and -blz < er { bl2. We can set up an algorithm, analogous to the Euclidean algorithm, based on this modified division algorithm, called the least-remainder algorithm. It works as follows. Let rs: a and rr: b, where a ) b 7 0. Using the modified division algorithm repeatedly,obtain the greatest common divisor of a and b as the last nonzeroremainder rn in the sequenceof divisions ro :
rn-Z : fn-l :
rtQr * e2r2,
-rtlz
1 e2r2 4 ,tlz
ln-tQn-t I enrn, 7n4n'
-rn-tl2
I
enrn 4, rn-tl2
a)
Use the least-remainderalgorithm to find (384, 226).
b)
Show that the least-remainder algorithm always produces the greatest common divisorof two integers.
c)
Show that the least-remainderalgorithm is always faster, or as fast, as the Euclidean algorithm.
d)
Find a sequenceof integers v6, V1,v2,... such that the least-remainder algorithm takes exactly n divisionsto find (vn*,, vn+z).
e)
Show that the number of divisions needed to find the greatest common divisor of two positive integers using the least-remainderalgorithm is less than 8/3 times the number of digits in the smaller of the two numbers,plus
413. 6 . Let m and n be positive integers and let a be an integer greater than one. Show that (a^-1, an-l) - a(^' n)- l.
7 . In this problem, we discuss the game of Euclid. Two players begin with a pair of positive integers and take turns making movesof the following type. A player can move from the pair of positiveintegers{x,y} with x 2 y, to any of the pairs where / is a positive integer and x-ty 2 0. A winning move [x-ty,yl,
68
GreatestCommonDivisorsand PrimeFactorization
consistsof moving to a pair with one element equal to 0. a)
Show that every sequence of moves starting with the pair {a, bl must eventuallyend with the pair {0, (a, b)}.
b)
show that in a game beginning with the pair {a, b},1he first player may play a winning strategy if a - 6 or if a 7 b0+ Jil/z; otherwisethe second player mgr play a winning strategy. (Hint: First show that if y < x ( y(t+VS)/Z then thge is a unique move from l*,Ol that goes to a pair lt, r| with y > ze+Jil/z.)
In problems8 to 16, un refers to the nth Fibonaccinumber. 8. Show that if n is a positiveinteger,then rz1l u2 I
I ttr:
9. Show that if n is a positiveinteger, then unapn-r - u] :
GD'.
10. Show that if n is a pqsitive integer, then un: o : (t+.,6) /2 andp : Q-'./-il/2. ll.
un+z- l.
(c'n-0\/'..fs, where
Show that if m and n arepositiveintegerssuch that m I n, then u^ | un.
12. Show that if m and n are positiveintegers,then (u^, un) : u(m,il. 13. Show that un is even if and only if 3 | n.
(t 'l
t4. Letu: li i,. a)
Show that Un :
Irn*, Itn I lu,
b)
u^_r)
.
Prove the result of problem 9 by consideringthe determinant of Un.
15. We define the generalized Fibonacci numbers recursively by the equations gr- a, E2: b, and gn - gn-t* gr-zfor n 2 3. Showthat gn: oun-2* bun-1 for n )- 3. 16. The Fibonacci numbers originated in the solution of the following problem. Supposethat on January I a pair of baby rabbits was left on an island. These rabbits take two months to mature, and on March I they produce another pair of rabbits. They continually produce a new pair of rabbits the first of every succeeding month. Each newborn pair takes two months to mature, and producesa new pair on the first day of the third month of its life, and on the first day of every succeedingmonth. Show that the number of pairs of rabbits alive after n months is precisely the Fibonacci number un, assuming that no rabbits ever die. 17. Show that every positive integer can be written as the sum of distinct Fibonacci numbers.
2.3 The Fundamental Theorem of Arithmetic
69
2.2 Computer Projects Write programs to do the following: l.
Find the greatestcommondivisor of two integersusing the Euclideanalgorithm.
2.
Find the greatest common divisor of two integers using the modified Euclidean algorithm given in problem 5.
3.
Find the greatest common divisor of two integers using no divisions (see problem
0. 4.
Find the greatest common divisor of a set of more than two integers.
5.
Express the greatest common divisor of two integers as a linear combination of theseintegers.
6.
Express the greatest common divisor of a set of more than two integers as a linear combination of these integers.
7.
List the beginning terms of the Fibonacci sequence.
8.
Play the game of Euclid describedin problem 7.
2.3 The FundamentalTheoremof Arithmetic The fundamental theorem of arithmetic is an important result that shows that the primes are the building blocks of the integers. Here is what the theoremsays. The Fundamental Theorem of Arithmetic. Every positive integer can be written uniquely as a product of primes,with the prime factors in the product written in order of nondecreasing size. Example. The factorizationsof somepositive integersare given by 2 4 0: 2 . 2 . 2 . 2 . 3:. 5 2 4 . 3 . 5 , 2 8: 9 1 7 . 1 7: 1 i 2 . 1 0 0 1: 7 . 1 1 . 1 3 . Note that it is convenient to combine all the factors of a particular prime into a power of this prime, such as in the previous example. There, for the factorization of 240, all the fdctors of 2 were combined to form 24. Factorizationsof integers in which the factors of primes are combined to form powersare called prime-power factorizations. To prove the fundamental theorem of arithmetic, we need the following lemma concerningdivisibility. Lemma 2.3. lf a, b, and c are positive integers such that (a, b) : I and
70
GreatestCommonDivisorsand PrimeFactorization
a I bc , t hen a I c , Proof. Since G,b): 1, there are integersx and y such that ax * by : y. Multiplying both sides of this equation by c, we have acx * bcy: c. By Proposition1.4, a divides acx * 6cy, since this is a linear combinationof a and bc, both of which are divisibleby a. Hencea I c. a The following corollary of this lemma is useful. Corollary 2.2. If p dividasap2 an wherep is a prime and c r, a2,...,on are positive integers, then there is an integer i with I < t ( n such that p dividesa;. Proof. We prove this result by induction. The case where n : I is trivial. Assume that the result is true for n. Consider a product of n * t, integers, ar az aral that is divisibleby the prime p. Sincep I ar az on*t: (a1a2 an)ana1,we know from Lemma 2.3 that p I ar az en or p I ar+r. Now, it p I ar az a' from the induction hypothesisthere is an integer i with 1 < t ( n such Ihat p I ai. Consequentlyp I a; for some i w i t h l < t < n * 1 . T h i s e s t a b l i s h e s t h e r e s ut rl t . We begin the proof of the fundamental theorem of arithmetic. First, we show that every positive integer can be written as the product of primes in at least one way. We use proof by contradiction. Let us assume that some positive integer cannot be written as the product of primes. Let n be the smallest such integer (such an integer must exist from the well-ordering property). lf n is prime, it is obviously the product of a set of primes, namely t h e o n e p r i m e n .S o n m u s t b e c o m p o s i t Le e. t n : a b , w i t h | 1 a ( n a n d | 1 b I n. But since a and b are smaller than n they must be the product of primes. Then, since n : ab, we conclude that n is also a product of primes. This contradictionshowsthat every positiveinteger can be written as the product of primes. We now finish the proof of the fundmental theorem of arithmetic by showing that the factorization is unique. Supposethat there is a positive interger that has more than one prime factorization. Then, from the well-ordering property, we know there is a least integer n that has at least two different factorizationsinto primes: fl:PtPz
Ps:QtQz
Qt,
w h e r ep t , p 2 , . . . , p s , Q t , . . . , 4atr e a l l p r i m e s ,w i t h p r ( p z ( (q'. {r(42(
( p, and
71
2.3 The Fundamental Theorem of Arithmetic
We will s how t ha t p t: Qr,p 2 : Q 2 ,...,a n d c o nti nueto show that each of p's and q's are equal, and that the number of prime factors in the successive the two factorizations must agree, that is s : /. To show that pr: Qr, assumethat pr * qy Then, either pr ) 4r or pr 1 Qr By interchanging we can assumethat pr ( qr. Hence,pr 1q; for the variables,if necessary, i : 1, 2, . . . , ts inc e41 i s th e s m a l l e sot f th e q ' s . H e nce,pr tr qi for al l i . B ut, from Corollary 2.2, we see that pr I qflz et : tt. This is a pr : Qr contradiction. Hence, we can conclude that and p s : QzQ t n /p r: pz pt n l p l i s i nteger smal l er than S i n c e an Qt. n, and since n is the smallest positive integer with more than one prime factorization,nfpl con be written as a product of primes in exactly one way. Hence, each pi is equal to the correspondingq;, and s : /. This proves the uniquenessof the prime factorization of positive integers. tr The prime factorization of an integer is often useful. As an example, let us find all the divisorsof an integer from its prime factorization. Example. The positivedivisorsof 120 : 233'5 are thosepositiveintegerswith prime power factorizationscontaining only the primes 2,3, and 5, to powers lessthan or equal to 3, 1, and l, respectively.Thesedivisorsare
I 2 22: 4 23:8
3 2 ' 3: 6 22.3: 12 z3-3: 24
5 2 ' 5: 1 0 22.5: 20 23.5: 40
3'5:15 2 ' 3 ' 5: 3 0 223.5: 6o : l2o . 23.3.s
Another way in which we can use prime factorizations is to find greatest common divisors. For instance,supposewe wish to find the greatest common divisor of 720 : 2432'5and 2100 : 223'52'7. To be a commondivisor of both 720 and 2100, a positiveinteger can contain only the primes 2, 3, and 5 in its prime-power factorization, and the power to which one of these primes appears cannot be larger than either of the powersof that prime in the factorizations of 720 and 2100. Consequently,to be a common divisor of 720 and 2100, a positive integer can contain only the primes 2,3, and 5 to powers no larger than2, l, and l, respectively.Therefore,the greatestcommon divisor of 720 a n d 2100is 22. 3. 5: 6 0 . To describe, in general, how prime factorizations can be used to find greatestcommondivsors,let min(a, D) denotethe smaller or minimum, of the two numbers d and 6. Now let the prime factorizationsof a and b be
o : pi,pi2 .. . p:., b : p'r,plz.. . p:,, where each exponent is a nonnegativeinteger and where all primes occurring
72
GreatestCommonDivisorsand PrimeFactorization
in the prime factorizationsof c and of b are included in both products, perhapswith zero exponents. We note that fu,b):
pl'"k"0,)plinb,'b,
p:'n(oro,) ,
sincefor eachprimepi, a and b shareexactlymin(a;,6;) factorsof p;. Prime factorizationscan also be used to find the smallestinteger that is a multiple of two positive integers. The problem of finding this integer arises when fractions are added. Definition. The least common multiple of two positive integersa and D is the smallestpositiveinteger that is divisibleby a and b. The leastcommonmultiple of a and b is denotedby Io, bl. Example. We have the following least common multiples: ll5,2l l: lZ q, X l : 72, l Z , Z 0 l : 2 A ,a n d [7 , l l l : 7 7.
105,
Once the prime factorizations of a and b are known, it is easy to find p l r. a n d ,b : p i ,pur2 .. . pun,w herept,pz,...,pn I a, bl. I f a : p i ,p i , are the primes occurring in the prime-powerfactorizationsof a and b, then for an integer to be divisible by both c and D, it is necessarythat in the factorization of the integer, eachp; occurs with a power at least as large as ai and bi. Hence, [a,b], the smallestpositiveinteger divisible by both a and b is la,bl:
pl
*Grb,) Omaxb,'b,)
pf
*Gru')
where max(x, /) denotesthe larger, or maximum, of x andy. Finding the prime factorization of large integers is time-consuming. Therefore, we would prefer a method for finding the least common multiple of two integers without using the prime factorizations of these integers. We will show that we can find the least common multiple of two positiveintegersonce we know the greatest common divisor of these integers. The latter can be found via the Euclideanalgorithm. First, we prove the following lemma. Iemma 2,4. If x
and y are real numbers, then max(x,y) + min(x,y)
:x+y. then min(x,y):y and max(x,!):x, so that P r o o f .I f x ) y , and m a x ( x , y ) +m i n ( x , y ) : x * y . If x 0 I is dropped, is the conclusionthat a = b (mod rn ). If the condition (a,m): a = b (mod z) still valid? 16. Show that if n is a positive integer, then +(n-l)
il
t+2+3+
b)
13+23+33+
+
=0(modn).
(n-l)3=o(modn).
17. For which positive integers n is it true that 1 2+ 2 2 + 3 2 +
* ( n - l ) 2 = o ( m o dn ) ?
18. Give a complete system of residuesmodulo l3 consistingentirely of odd integers. 19. Show that if n = 3 (mod 4), then n cannot be the sum of the squares of two integers. 20.
il
Show that if p is prime, then the only solutions of the congruence x 2 = x ( m o d p ) a r e t h o s ei n t e g e r sx w i t h x = 0 o r I ( m o d p ) .
100
Congruences
b) 21.
Show that if p is prime and ft is a positive integer, then the only solutionsof x2 =x (mod pk) arethoseintegersx such that x E 0 or I (modpe).
Find the least positive residuesmodulo 47 of a)
232
b)
c)
247
22w
2 2 . Let
t/t1,t/t2,...,n\r be pairwise relatively prime positive integers. M : mifiz' ' ' mp and Mj : M/mi for; - 1,2,...,k. Show that M(tr*
M2a2*
Let
* Mpap
runs through a complete system of residues modulo M when a1,a2,...,a1,run through complete systemsof residuesmodulo rn1,nt2,...,r/t1, respectively.
2 3 . Explain how to find the sum z * v from the least positive residue of u * v modulo m, where u and. v are positive integers less than z . (Hint: Assume that u ( v and consider separately the cases where the least positive residue of u I v is less than a, and where it is greater than v.)
24. on a computer with word size w, multiplicertion modulo n, where n I w f2, can
be performed as outlined. Let T:IJn + %1, and t : T2 - n. For each computation, show that all the required computer arithmetic can be done without exceedingthe word size. (This method was describedby Head t67]). a)
Show that lr | < r.
b)
Show that if x and y are nonnegativeintegers less than n, then x:aT*b,
y:cT*d
where a,b,c, and d are integers such that 0 ( a ( 0 ( c < T, and 0 < d < T. c)
Letz = ad * bc (mod n), with 0 ( z ( z. Show that
d)
Let ac:eT*f where e 0 | is an integer,then the equationrh) solutions. 8.
g.
: ft has infinitely many
Which positive integers have exactly a)
two positive divisors
b)
three positive divisors
c)
four positive divisors?
What is the product of the positive divisors of a positive integer n ?
10. Let o1,h) denote the sum of the kth powers of the divisors of n, so that o1,h) : 2 dk. Note that o1h) : sfu). dln
a)
Find or(4), or(6) and o{12).
b)
Give a formula for o1(p), wherep is prime'
c)
Give a formula for o1(po), wherep is prime, and a is a positiveinteger.
d)
Show that the function op is multiplicative'
e)
Using parts (c) and (d), find a formula for o;(n), where n has prime-power factorizationn : pi'pi' . . . p:;.
11. Find all positiveintegersn such that d(n) + oQ):2n. 12. Show that no two positive integers have the same product of divisors. 13. Show that the number of pairs of positiveintegerswith least common multiple equal to the positive integer n is r(nz). 14. Let n be a positive integer. Define the sequence of integers fl1,tr2,rt3,...b! n 1 : r ( n ) a n d n 1 . , 1: r ( n * ) f o r f t : 1 , 2 , 3 , . . . . S h o w t h a t t h e r e i s a p o s i t i v e integer r such that 2 : f,r : flr1t : rlr+2: 15. Show that a positiveinteger n is compositeif and only if o(n) > n + ,/i.
180
MultiplicativeFunctions
16. Show that if n is a positiveinteger then r(n)z : )r(d)3 dln
6.2 Computer Projects Write programs to do the following: l.
Find the number of divisorsof a positive integer.
2.
Find the sum of the divisors of a positive integer.
3.
Find the integer r defined in problem 14.
6.3 Perfect Numbersand MersennePrimes Becauseof certain mystical beliefs, the ancient Greeks were interested in those integers that are equal to the sum of all their proper positive divisors. Theseintegersare called perfect numbers. Definition. If n is a positive integer and o(n) : 2n, then n is called a perfect number. E x a m p l e . S i n c eo ( 6 ) : l + 2 + 3 + 6 : 1 2 , w e s e et h a t 6 i s p e r f e c t . w e a l s on o t et h a t o ( 2 8 ) : 1 + 2 + 4 + 7 +14*28:56. sothat28 is another perfect number. The ancient Greeks knew how to find all even perfect numbers. The following theorem tells us which even positive integersare perfect. Theorem 6.9. The positiveinteger n is an even perfect number if and only if n :2m-r(2^-l) where m is a positiveinteger such that 2^-l
is prime.
Proof. First, we show that if n:2m-r(2^-l) where 2^-l is prime, then n is perfect. We note that sincezn-l is odd, we have (2m-r,2m-l) : 1. Since o is a multiplicative function, we seethat o (n ) - o (2 ^ -t)o (2 ^-l )
.
L e m m a 6 . 1 t e l l su s t h a t o ( 2 ^ - r ) : 2 ^ - l and o(2^-l):2^, assumingthat 2m-l is prime. Consequently,
s i n c ew e a r e
181
6.3 PerfectNumbersand MersennePrimes
o(n) : Q^-l)2^
:2n
,
demonstratingthat n is a perfect number. To show that the converseis truen let n be an even perfect number. Write : 1, we n :2'l wheres and t arepositiveintegersand f is odd. Since (2t,t) seefrom Lemma 6.1 that
(6.1)
o(n) : o(2':) : o(2')o(t) : (2'+t-t)o(l)
Since n is perfect, we have o (n ) : 2 n : 2 s + r1
G'D
Combining (6.1) and (6.2) showsthat (2 ' + r-1 )o(i
(6 .3 )
: 2 s + t1
Si n ce( 2s + r , 2s + t - l) : l , fro m L e mma 2 .3 w e s e eth a t 2' + 1 l o(r). Therefore, there is an integerq such that o(t) - 2'+rQ. Inserting this expressionfor o(t) into (6.3) tells us that (2 s + r_ l )2 s * rq- 2 ' * rt , and, therefore, (2'+t-l)q
(6.4)
: 1.
Hence,q I t and q # t. When we replace / by the expressionon the left-hand side of (6.4), we find that (6.5)
t +q:
( 2 s + t - t ) q+ q : 2 ' + r q : o Q ) .
We will show that q : 1. Note that if q * l, then there are at least three distinct positive divisors of t , namely 1, q, and t . This implies that oQ) 2 t + q -| 1, which contradicts(6.5). Hence,4: I and, from (6.4), we concludethat / :2s+l-1. Also, from (6.5), we seethat oQ): t + l, so that t must be prime, since its only positive divisors are I and t. Therefore, n :2 t ( 2r + l- 1) , where2 s + l -1 i s p ri me . tr From Theorem 6.9 we see that to find even perfect numbers, we must find primes of the form 2t-1. In our searchfor primes of this form, we first show that the exponentru must be Prime. Theorem 6.10. If la is a positiveinteger and2^-l
is prime, then m must be
182
MultiplicativeFunctions
pnme. Proof. Assume that m is not prime, so that m : ab where | 1 a 1 m and, | < b 1m. Then 2m-l
: 2ab-, - (Zo-l) 12a(b-D a2a(b-Dq...q1o+l) .
Since both factors on the right side of the equationare greater than I, we see that 2m-l is compositeif m is not prime. Therefore,if 2^-l is prime, then nr must also be prime. tr From Theorem6.10 we seethat to searchfor primes of the form 2^-1, we need to consideronly integersm that are prime. Integers of the form 2m-l have been studied in great depth; these integers are named after a French monk of the seventeenth century, Mersenne,who studiedtheseintegers. Definition. If m is a positiveinteger, then M^:2^-I is called the mth Mersennenumber, and, if p is prime and Mp:2p-l is also prime, then M, is called a Mersenneprime. Example. The Mersennenumber M7:27-I is prime, whereasthe Mersenne :2 0 4 7 : 2 3 .8 9i s c o m posi te. num berM n: 2rr-I It is possibleto prove various theoremsthat help decide whether Mersenne numbers are prime. One such theorem will now be given. Related results are found in the problemsof Chapter 9. Theorem 6.11. rf p is an odd prime, then any divisor of the Mersenne number Mp :2p-l is of the form 2kp + I where k is a positiveinteger. - 2p - I. From Fermat's little Proof. Let q be a prime -dividing Mp theorem,we know thatql(ze-t-t). Also, from Lemma 1.2 we know that ll\ (6.6) (T -t, 2c-t-t) : 2$t-D - f. Since q is a common divisor of zp-l and zc-t-L we know that > l . H e n c e , (p ,q -l ): Q p- t , 24- t - l) p , si ncethe onl y other possi bi l i ty, namely (p,q-l) : I, would imply from (6.6) that (Zp-t,2Q-t-l) : l. Hence p | (q-t), and, therefore, there is a positive integer m with q - | : mp. Since q is odd we see that m must be even, so that m : Zk. w h e r e k i s a p o s i t i v e i n t e g e rH . e n c eq , :mp * I - 2kp+1 . tr We can use Theorem6.1I to help decide whether Mersenne numbers are prime. We illustrate this with the following examples.
183
6.3 PerfectNumbersand MersennePrimes
8191 is prime, we only needlook Example. To decidewhetherMB:2r3-l: : 90.504.... Furthermore, from for a prime factor not exceeding lml Theorem6.11, any such prime divisor must be of the form 26k + L The only candidatesfor primesdividinB Mnless than or equal to1fTp are 53 and79. Trial divisioneasilyrules out thesecases,so that M s is prime. i s pri me,w e onl y need Exa m ple. T o dec idew h e th e rM z t:2 2 3 -r:8 3 8 8 6 0 7 prime less than or equal to by a is divisible whether M to determine zt prime this form is 47. of + first l. The form 46k the of 2896.309... ffi: A trial divisionshowsthat 8388607:47'178481, so that M4is composite. Becausethere are specialprimality tests for Mersennenumbers,it has been possibleto determine whether extremely large Mersennenumbers are prime. Following is one such primality test. This test has been used to find the largest known Mersenne primes, which are the largest known primes. The proof of this test may be found in Lenstra [7t] and Sierpifiski[351. The Lucas-LehmerTest. Let p be a prime and let Mo : 2! -l denote the pth Mersennenumber. Define a sequenceof integersrecursivelyby setting tr:4, andfork>2, r * ? rtq -2
(m o d M),
0 ( rr I Mo .
Then, M, is prime if and only if rp-1 - 0 (mod M)
.
We use an exampleto illustrate an applicationof the Lucas-Lehmertest. 4, Exa mple. c ons idert h e Me rs e n n en u m b e rM5 :2 5 - I - 3l ' Then r,: 2 ( m o d 3 1 ) , ( m o d 3 l ) , r + 2 a n d rt4 8 A2 rzz42-2:14 ( m o d3 1 ) . S i n c e r t t 0 ( m o d 3 1 ) , w e c o n c l u d et h a t M 5 : 3 1 i s 8 2- 2 : 0 prime. The Lucas-Lehmer test can be performed quite rapidly as the following corollary states. Corollary 6.1. Let p be prime and let Mp : 2p - | denotethe pth Mersenne number. It is possibleto determine whether Mo is prime using OQ3) bit operations. Proof. To determine whether Mp is prime using the Lucas-Lehmer test O(p2) requiresp - | squaringsmodulo iV* each requiring O((log M)2): bit operations. Hence, the Lucas-Lehmer test requires O Q3) bit operations.tr
184
Multiplicative Functions
Much activity has been directed toward the discoveryof Mersenneprimes, especiallysince each new Mersenne prime discoveredhas become the largest prime known, and for each ngw Mersenne prime, there is a new perfect number. At the presenttime, a total of 29 Mersenneprimes are known and these include all Mersenne primes Me with p ( 62981 and with 75000 < p < 100000. The known Mersenneprimes are listed in Table 6.3.
p
Number of decimal digits in M o
2 3 5 2 7 2 l3 6 + I1 2 t9 1'2 3 l 9a 'zz 68 9l ig 107 zf) q + t27 )q 52r 8 t ) 607 I (, 72 r279 ? 2^ lh 2203 -7s 2281 3 b 32r7 4253 4423 9689 Lbb 5z 994r I 1213 r9937 2r701 23209 44497 86243 r32049 I
Computers were used to find the 17 largest Mersenne primes known. The discovery by high school students of the 25th and 26th Mersenne prime received much publicity, including coverageon the nightly news of a major television network. An interesting account of the search for the 27th Mersenne prime and related historical and computational information may be found in [77]. A report of the discoveryof the 28th Mersenne prime is given in [64]. It has been conjectured but has not been proved, that there are infinitely many Mersenneprimes. We have reduced the study of even perfect numbers to the study of Mersenne primes. We may ask whether there are odd perfect numbers. The answer is still unknown. It is possibleto demonstratethat if they exist, odd perfect numbers must have certain properties (see problems 1l-14, for example). Furthermore, it is known that there are no odd perfect numbers less than 10200,and it has been shown that any odd perfect number must have at least eight different prime factors. A discussionof odd perfect numbers may be found in Guy [17], and information concerningrecent results about odd perfect numbersis given by Hagis [681.
6.3 Problems l.
Find the six smallesteven perfect numbers.
2 . Show that if n is a positive integer greater than l, then the Mersenne number Mn cannot be the power of a positive integer.
3 . If n is a positive integer, then we say that n is deficient if ofu) 1 2n , and we say that n is abundant if oh) or abundant.
4.
) 2n. Every integer is either deficient, perfect,
a)
Find the six smallestabundant positive integers.
b)
Find the smallestodd abundant positive integer.
c)
Show that every prime power is deficient.
d)
Show that any divisor of a deficient or perfect number is deficient.
e)
Show that any multiple of an abundant or perfect number is abundant.
f)
Show that if n -2m-t(2^-l) , where ra is a positive integer such that 2 -l is composite, then n is abundant.
if Two positive integers m and n are called an amicable pair o(m\ : o(n) : m * n. Show that each of the following pairs of integers are amicable pairs
186
MultiplicativeFunctions
a) 220,294 b) 1 1 8 4l ,2 1 0 c) 7975A,98730. 5. a) Showthat if n is a positiveintegerwith n ) 2, suchthat3.2n-t-1,3.2n-1, and32'22n-r-1 are all prime,then2n(3'2'-t-DQ.2'-l) and2n(32.22n't-l) form an amicablepair. b)
Find three amicablepairs using part (a).
6 . An integer n is called k-perfect if o(il: 2-perfect.
kn. Note that a perfect number is
a)
Show that 120 : 23.3.5is 3-perfect.
b)
Show that 30240 : 2s32.5., is 4-perfect.
c)
- 27.34.5.7.n2.17.19 Show that 14182439040 is 5-perfect.
d)
Find all 3-perfectnumbersof the form n -2k.3.p, prime.
e)
Show that if n is 3-perfectand 3 I n, then 3n is 4-perfect.
7 . A positiveinteger n is called superperfectif oGh))
where p is an odd
: Zn.
a)
Show that 16 is superperfect.
b)
Show that if n : 2e where 2q+t-l is prime, then n is superperfect.
c)
Show that every even superperfect number is of the form n : 2q where zq+t-l is prime.
d)
Show that if n : p2 wherep is an odd prime,'then n is not superperfect.
8 . Use Theorem6.ll to determine whether the following Mersenne numbers are pnme a) M7
b) Mn 9'
c) Mn d) Mzs.
Use the Lucas-Lehmer test to determine whether the following Mersenne numbersare prime a) M3 b) M7.
10. a)
b)
c) Mn d Mn.
Show that if n is a positive integer and 2n i L is prime, then either (Hint: Use Fermat's little theorem to Qn+l) | M^ or Qn+D | (a,+D. showthat Mn(Mn+z) = O (mod 2z+l).) Use part (a) to show that Ms and My are composite.
187
6.3 Perfect Numbers and Mersenne Primes
11.
t2.
a)
Show that if n is an odd perfect number, then n : po m2 wherep is an odd I (mod4). p r i m e a n d p7 a z
b)
Use part (a) to show that if n=l(mod4).
n
is an odd perfect number, then
Show that if n - po m2 is an odd perfect number where p is prime, then n=p(mod8). that if n is an odd perfect number, then 3, 5, and 7 are not all divisors of
13. :**
1 4 . Show that if n is an odd perfect number then n has a)
at least three different prime divisors.
b)
at least four different prime divisors.
1 5 . Find all positive integers n such that the product of all divisors of n other than n is exactly n 2. (These integers are multiplicative analoguesof perfect numbers.) recursively by 1 6 . Let n be a positive integer. Define the sequenca fl1,tt2,rt3,..., n 1 : o ( n ) - n a n df l k + r : o Q )
- np fot k - 1,2,3,... tt3 :
a)
Show that if n is perfect,then n : nt : fi2:
b)
Show that if n and m are an amicablepair, then n1 : ftt, ttz- tt, tt3: t/t, is periodicwith period 2. n4: n,... and so on, f.e.,the sequencefl1,tt2,t13,...
c)
of integersgeneratedif n :12496:24'll'71. Find the sequence
It has been conjecturedthat for all is pefiodic. n 1,n2,n3,...
n, the sequence of integers
6.3 ComputerProjects Write programsto do the following: l.
Classifypositiveintegersaccordingto whether they are deficient, perfect, or abundant(seeproblem3).
2. Use Theorem6.ll to look for factorsof Mersennenumbers. 3. Determine whether Mersenne numbers are prime using the Lucas-Lehmer test. 4. Given a positive integer n, determine if the sequencedefined in problem 16 peric.ic. 5. Find amicablepairs.
Cryptology
7.1 CharacterCiphers From ancient times to the present, secret messages have been sent. Classically, the need for secret communication has occurred in diplomacy and in military affairs. Now, with electronic communication coming into widespread use, secrecy has become an important issue. Just recently, with the advent of electronic banking, secrecy has become necessary even for financial transactions. Hence, there is a great deal of interest in the techniquesof making messagesunintelligible to everyoneexcept the intended receiver. Before discussing specific secrecy systems, we present some terminology. The discipline devoted to secrecy systems is called cryptology. Cryptography is the part of cryptology that deals with the design and implementation of secrecy systems, while cryptanalysis is aimed at breaking these systems. A messagethat is to be altered into a secret form is called plaintext. A cipher is a method for altering a plaintext message into ciphertext by changing the letters of the plaintext using a transformation. The key determines the particular transformation from a set of possibletransformations that is to be used. The processof changing plaintext into ciphertext is called encryption or enciphering, while the reverse process of changing the ciphertext back to the plaintext by the intended receiver, possessingknowledge of the method for doing this, is called decryption or deciphering. This, of course, is different from the process someone other than the intended receiver uses to make the messageintelligible through cryptanalysis.
188
189
7.1 Character Ciphers
In this chapter, we present secrecy systems based on modular arithmetic. The first of these had its origin with Julius Caesar. The newest secrecy system we will discusswas invented in the late 1970's. In all thesesystemswe start by translating letters into numbers. We take as our standard alphabet the letters of English and translate them into the integers from 0 to 25, as sh o w nin T able 7. 1.
letter
A B C D E F G H I J K L M N
numerical 0 I equivalent
o
P
a
R S T
I I
V
w
X Y Z
2 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25
Table7.1. The NumericalEquivalents of Letters. Of course, if we were sending messagesin Russian, Greek, Hebrew or any other languagewe would use the appropriate alphabet range of integers. Also, we may want to include punctuation marks, a symbol to indicate blanks, and perhaps the digits for representingnumbers as part of the message. However, for the sake of simplicity, we restrict ourselvesto the letters of the English alphabet. First, we discuss secrecy systems based on transforming each letter of the plaintext message into a different letter to produce the ciphertext. Such ciphers are called character or monographic ciphers, since each letter is changed individually to another letter by a substitution. Altogether, there are 26! possibleways to produce a monographic transformation. We will discuss a set that is basedon modular arithmetic. A cipher, that was used by Julius Caesar, is based on the substitution in which each letter is replaced by the letter three further down the alphabet, with the last three letters shifted to the first three letters of the alphabet. To describe this cipher using modular arithmetic, let P be the numerical equivalent of a letter in the plaintext and C the numerical equivalent of the correspondingciphertext letter. Then
To see that knapsack problems involving super-increasingsequencesare easy to solve,we first consideran example. Example. Let us find the integersfrom the set 2,3,7,14,27 that have 37 as their sum. First, we note that since 2+ 3 + 7 + 14 < 27, a sum of integers from this set can only be greater than 27 if the sum contains the integer 27. H e n c e ,i f 2 x 1 * 3 x 2 * 7 x 3 * l 4 x a * 2 7 x 5- 3 7 w i t h e a c h . x ; : 0 o r l , w e must have 15 : I and 2x1* 3x2* 7x3| l4xa: 19. Since 14 > 10, x4 m us t be 0 and w e h a v e 2 x 1 * 3 x 2 * 7 x 3 : 10. S i nce 2 + 3 ( 7, w e must h a v e x , : 1 and th e re fo re 2 x 1 l 3 x 2 :3 . O bvi ousl y,w e hava x2: I and rr - 0. The solutionis 37 - 3 + 7 + 27. In general, to solve knapsack problems for a super-increasingseeuolco 41, a 2, . . . ,an, i. e. t o fi n d th e v a l u e s o f x t, x 2 , ..., xn w i th ,S : atxl * a2x2* * enxnand x;:0 o r I f o r i : 1 , 2 , . . . , n w h e n . S i s g i v e n ,w e u s e t h e following algorithm. First, we find x, by noting that [r ir
r,:toif
S Z an
S(an.
Then, we find xn-r, xn-2,...,x1, in succession,using the equations
221
7.5 KnapsackCiphers
if
n
s-
t-i+l xj-
.s-
n
;-;+l
for7 : n-l,n-2,...,1. To seethat this,algorirhmworks, first note that if xn :0 then)orrr(
when S 7 an,
g condition ! 2 o , l e n < S , c o n t r a d i c t i n the
i-l
i-l
,
Similarly, if xy : 0 when S -
7 oj, then ) a;x; (
;-j+l
n
j-'
i-l
o1*i : S j-r
2 *, + t-l
aj* i-j+1
r-i+l
Using this algorithm, knapsack problems based on super-increasing sequencescan be solved extremely quickly. We now discuss a cipher system based on this observation. This cipher system was invented by Merkle and Hellman [90], and was considered a good choice for a public-key cipher system until recently. we will comment more about this later. The ciphers that we describe here are based on transformed super-increasing sequences.To be specific,let or, a2,...,an be super-increasingand let m be a positive integer with lz ) 2ao. Let w be an integer relatively prime to m with inverse w modulo m. We form the sequence b1, b2,...,b, where bj : wai (mod m) and 0 < bi 1 m. we cannot use a special technique to solve a knapsack problem of the type ^g :
b b,", where ,S is a positive i-l
integer, since the sequence when fr is known. we can find
(7.4)
is not super-increasing. However,
wT : i fr|,r, : h o,r, (modlz) j-l i-l
since fibi =ai
(mod m). From (7.0 we see that
So: Zo,r, t-l
where Ss is the least positiveresidueof frS modulo z. the equation
We can easilv solve
222
Cryptology
So : D o,r,, i-l
since er, e2,...,an is super-increasing.This solvesthe knapsack problem
s : !, b,r,, i-l
since bi = wa; (mod m) and 0 ( D; I an example.
m. We illustrate this procedure with
Example. The super-increasingsequence (oya2,a3,a4,a5):(3,5,9,20,44) can be transformed into the sequence(b3 b2, by bq, b5): (23,6g,69,5,11)by taking bi = 67a1 (mod 89), for 7 : 1,2,3,4,5. To solve the knapsack problem 2 3 x 1 + 6 8 x z * 6 9 x 3 * S x a* l l x 5 : 8 4 , w e c a n m u l t i p l y b o t h s i d e so f t h i s equation by 4 , an inverse of 67 modulo 89 , and reduce modulo 89, to obtain the congruence 3x1 * 5x2 * 9x3 * 20xa * 44x5 = 336 = 69 (mod g9). since 89>3+5+9+20+44, w e c a n c o n c l u d et h a t 3 x 1 * 5 x 2 * 9x3 * 20xa * 44x5: 69. The solution of this easy knapsack problem is xs : x4: x2: I and x3 : rr : 0. Hence, the original knapsack problem has as its solution 68 * 5 + 1l : 84. The cipher system based on the knapsack problem works as follows. Each individual chooses a super-increasing sequence of positive integers of a specified length, say N, e.g. ar, a2,..., aN, as well as a modulus m with m ) 2ay and a multiplier w with (m,w) :1. The transformed sequence b 1, b2, . . . by , , whe re b i = w a i (m o d m ), 0 < bi 1 m, for j - 1,2,...,N , i s made public. When someonewishes to send a messageP to this individual, the messageis first translated into a string of 0's and I's using the binary equivalentsof letters, as shown in Table 7.10. This string of zeros and ones is next split into segmentsof length N (for simplicity we supposethat the length of the string is divisible by N; if not, we can simply fill out the last block with all l's). For each block, a sum is computed using the sequencebvbz,...,bxi fo r ins t anc e, t he b l o c k x 1 x 2 ...x 1 1g i v e s S: D rxr * b2x2* * byxy. Finally, the sums generatedby each block form the ciphertext message. We note that to decipher ciphertext generated by the knapsack cipher, without knowledge of m and w, requires that a group of hard knapsack problems of the form
(7.s)
S : brxr f b2x2*
* byxy
be solved. on the other hand, when m and w are known, the knapsack problem (z.s) can be transformed into an easy knapsack problem, since
binary equivalent 01101 0lll0 0llll 10000 10001 10010 l00l I 10100 l0l0l 10110 l0l l1 l 1000 11001
Table 7.10. The Binary Equivalents of Letters.
wIS: frbp1 * frb2x2I z
where frbj: (7.6)
atxl * a2x2*
' * wbyx7,1 (mod m ), * ayxy
a; (mod 22), where w- is an inverseof w modulo m, so that So - afi1 * a2x2l
* a1vx1v,
where Ss is the least positive residue of wlS modulo rn. We have equality in (7.6), since both sides of the equation are positive integers less than m which are congruent modulo ltt. We illustrate the enciphering and deciphering proceduresof the knapsack cipher with an example. We start with the super-increasing sequence : (2,1I '14'29'58'lI9'24I'480'959'1917)' We (a1,a2,a3,Q4,Q5tA6,A7,Qg,Qg,,Ato) : l00l take m: 383? as the encipheringmodulus,so that m ) 2a1s,?fld w (m,w):1, super-increasing the to transform as the multiplier, so that sequenceinto the sequence(2002,3337,2503,2170,503,172,3347,855,709,417). To encipher the message
REPLY IMMEDIATELY,
Cryptology
we first translate the letters of the message into their five digit binary equivalents,as shown in Table 7.10,,and thenlroup these digits into blocks of ten, to obtain 1000100100 0llltOl0ll 1100001000 0110001100 0010000011 0100000000 1001100100 0101I11000. For each block of ten binary digits, we form a sum by adding together the appropriate terms of the sequence(2002, 3337, 2503, 2170, sd:, t 72, 3347, 855,709, 417) in the slots correspondingto positionsof the block containing a digit equal to l. This gives us 3360
12986 8686
10042 3629 3337 5530
s72s.
For instance,we compute the first sum, 3360, by adding 2002,503, and g55. To decipher, we find the least positive residue modulo 3837 of 23 times each sum' since 23 is an inverse of 1001 modulo 3837, and then we solve the corresponding easy knapsack problem with respect to the original superincreasing sequence (2,11,14,29,59,119,241,4g0,959,lglT). For example, to decipher the first block, we find that 3360.23:540(mod 3837), and then note that 540 : 480 + 58 + 2. This tells us that the first block of plaintext binary digit s is 10001 0 0 1 0 0 . Recently, Shamir [g+] tras shown that knapsack ciphers are not satisfactory for public-key cryptography. The reason is that there is an efficient algorithm for solving knapsack problems involving sequences b1, b2,...,b, with bi: wai (modm), where w and m are relatively prime poritiue integers and ar, o2,...,an is a super-increasingsequence. The algorithm found by Shamir can solve these knapsack problems using only O @ hD bit operations, where P is a polynomial, instead of requiring exponential time, ir required for general knapsack problems, involving sequencesof a general "r nature. There are several possibilities for altering this cipher system to avoid the weakness found by Shamir. One such possibility is to choose a sequence of pairs of relatively prime integers (w1,m1),,(w2,m2),..., (w,mr), and then form the series of sequences
22s
7.5 Knapsack GiPhers
b9) 7 w 1 a i ( m o d z r ) (mod m z) ;;,, :rrijt'
bj') =w,b j'-rt (mod z"), for j : l, 2, ..., n. We then use the final sequenceb[') , b$'),..., bl') as the encipheringsequence.As of mid-1983,no efficientalgorithmhad beenfound for solving knapsack problems involving sequencesobtained by iterating modular multiplications with different moduli (although there are several promisingmethodsfor the productionof suchalgorithms).
7.5 Problems l.
is super-increasing Decidewhethereachof the followingsequences a) b)
(3,5,9,19,40) c) ( 2, 6, 10, 15 ,3 6 ) d
(3 ,7 ,1 7 ,3 0 ,5 9 ) (l l,2l,4l,8l,l5l).
sequence,then c; 2 A-r for 2 . Show that if 41, a2,...,dn is a super-increasing j - 1 , 2 ,. " , f , ' 3 . Show that the sequencea1, a2,...,a21is super-increasingif ai+r ) 2ai for j - 1, 2,. . . ,f l- l' . of the integers2,3,4,7, 11, 13, 16 that have18 as their sum. 4 . Find all subsets 5 . Find the sequence obtained from the super-increasing sequence (1,3,5,10,20,41,80) when modular multiplication is applied with multiplier : w 17 and modulvsm : 162. 6 . Encipher the messageBUY NOW using the knapsackcipher based on the by sequence(17,19,37,81,160), sequenceobtained from the super-increasing and modulus performing modular multiplication with multiplier w :29 m :331. 7 . Decipherthe ciphertext402 105 150 325 that was encipheredby the knapsack This sequenceis obtained cipher basedon the sequence(306,374,233,L9,259). by using-modularmultiplicationwith multiplier w : 17 and modulusm : 464, sequence(I8,22,4I,83,179). to transformthe super-increasing the modularmultiplications 8 . Find the sequenceobtainedby applyingsuccessively on the with multipliersand moduli (7,92), (11,95),and (6,101),respectively, (3,4,8,I7,33,67) . sequence super-increasing
226
Cryptology
9 . What process can be employed to decipher messagesthat have been enciphered using knapsack ciphers that involve sequences arising from iterating modular multiplications with different moduli?
1 0 . A multiplicative knapsack problem is a problem of the following type: Given positive integers aya2,...,an and a positive integer P, find the subset, or subsets, of these integers with product P, or equivalently, find all solutions of
P - ai'ai'." oi' where xj - 0 or I for j :
1,2,...,n.
il
Find all products of subsetsof the integers 2,3,5,6,and l0 equal to 60.
b)
Find all products of subsetsof the integers 8,13,17,21,95,121equal to 15960.
c)
Show that if the integets a1,a2,...,anare mutually relatively prime, then the multiplicative knapsack problem P:ai'ai'"'oI', rj-0 or I for j : I,2,...,n, is easily solved from the prime factorizations of the integers P,ayo2,...,an, and show that if there is a solution, then it is unique.
d)
Show that by taking logarithms to the base b modulo m,where (b,m): and 0 < b < m, the multiplicative knapsack problem
I
P-ai'ai'"'ol' is converted into an additive knapsack problem S - a1x1 * a2x2 *
* anxn
where S, @1,e20...;dn ate the logarithms of modulo m, respectively. e)
to the base 6
Explain how parts (c) and (d) can be used to produce ciphers where messagesare easily deciphered when the mutually relatively prime integers a1, a2t...; an are known, but cannot be deciphered quickly when the integers d\, dzr...,an Are knOwn.
7.5 ComputerProjects Write programsto do the following: 1. Solveknapsackproblemsby trial and error. 2 . Solve knapsack problems involving super-increasing sequences. 3 . Encipher messagesusing knapsack ciphers. Decipher messagesthat were enciphered using knapsack ciphers. Encipher and decipher messages using knapsack ciphers involving sequences arising from iterating modular multiplications with different moduli.
7.6 Some Applicationsto ComputerScience
6.
227
mutually relatively Solve multiplicative knapsack problems involving sequencesof prime integers (see Problem 10).
7.6 Some Applications to Computer Science In this section we describe two applications of cryptography to computer science. The Chinese remainder theorem is used in both applications. The first application involves the enciphering of a database. A database is a collection of computer files or records. Here we will show how to encipher an entire databasi so that individual files may be deciphered without jeopardizing the security of other files in the database' Supposethat a databaseB contains the n files Fv Fz,,-.-,Fn' Since each file is a string of 0's and I's, we can consider each file to be a binary integer. We first choose n distinct primes rltr, t7r2,...1r/tn with m1 ) F1 for j :1 ,2 , . . . , f r . A s t h e c i p h e rte x tw e u s e a n i n te g erC that i s congruentto F;_ th e e x i s te n c eo f s u c h an i nteger i s guaranteed mo d u l o m i f or j : 1, 2 ,...,n ; - fttr trtz mn and remainder theorem. We let M by the ihin.t" w h e r e y; is an : 1 , 2 , . . . , n . l e t , i Furthermore, fui: M/ry forT !i.'-lf with C integer the we take inverse of Ml modulo rz;. For the ciphertext,
C:br,r,(modM),
0 j . S i nce (a,n): know that (ai,n) : 1. Hence, using Corollary 3.1, the congruence
l, we
ai = ai ai-i = ai (mod n) implies, by cancellationof a/, that ai-j:
I (modn).
From Theorem 8.1, it follows that ordra divides i - j, or equivalently, j (mod ord,a). tr = i Given an integer n, we are interested in integers a with order modulo n equal to Qfu). This is the largest possibleorder modulo r. Definition. If r and n are relatively prime integers with n ) 0 and if ordrr :6h), then r is called a primitive root modulo n. Example. We have previously shown that ord73 : 6 : 00). Consequently,3 is a primitive root modulo 7. Likewise, since ord75 : 6, as can easily be verified, 5 is also a primitive root modulo 7. Not all integers have primitive roots. For instance, there are no primitive roots modulo 8. To see this, note that only integers less than 8 and relatively p r i m e t o 8 a r e 1 , 3 , 5 , a n d 7 , a n d o r d 3 l : l , w h i l eo r d s 3 : o r d s 5 : o r d s 7 : 2 . Since d(8) : 4, there are no primitive roots modulo 8. In our subsequent discussions,we will find all integers possessingprimitive roots. To indicate one way in which primitive roots are useful, wo following theorem.
the
Theorem 8.3. lf r and n are relatively prime positive integers with n ) 0 and if r is a primitive root modulo n, then the integers
235
8 .1 Th e O r der of an I n te g e r a n d P ri mi ti v e R o o ts
tl , f2' "'' '6b)
form a reduced residue set modulo n. root r form Proof. To demonstratethat the first @(r) powers of the primitive they are all a reduced residue set modulo n, we only need to show that n. modulo congruent are no two that relatively prime to n, and (rk,n):1 i t f o l l o w sf r o m p r o b l e m8 o f S e c t i o n2 ' 1 t h a t Since G,n):1, prime to n ' relatively all for any positive integer k. Hence, these powers are that To show that no two of these powers are congruent modulo n, assume ri = r/ (mod n ) . (mod Qfu))' However' for From Theorem 8.2, we see that i = i (mod = i d(n)) implies / I < t ( O(n) and 1 < j < 0h), the congruence n. This modulo congruent are powers that i : j . Hence, no i*o of these D r. modulo showsthat we do have a reduced residue system Note that 2 is a primitive root modulo 9, since Example. first 22 = 4,2t = g, and 26 = I (mod 9). From Theorem 8.3, we see that the are These 9. modulo system residue :6 powers of 2 form a reduced OO) (mod = (mod 9), 7 24 (mod = 9), 8 23 (mod = 9), 4 22 9), Zt = 2 (mod = (mod 9). 1 9), and 26 2s = 5 a primitive root, it usually has many primitive When an integer possesses roots. To demonstratethis, we first prove the following theorem' Theorem 8.4. If ord-a : / and if r,l is a positive integer, then o rd - (a " ) : t l Q ,D . v:(t,u), Proof. Let J:ord-(a"), (r yu1) : l. that know Proposition2.1, we
t:tvv,
and u:tltv'
From
Note that (a")t':
( a r ' , ) Q l v ): ( a t ) u ' :
I ( m o d r n) ,
since ord.^a : t. Hence, Theorem 8.1 tells us that s I tr' On the other hand, since (a \t
: e u s = I (mo d rn ),
we know that I I zs. Hence, tp
I u1vs, slld consequently,tt | ,tt.
Since
236
Primitive Roots
Q6u):
l , u s i n gL e m m a 2 . 3 , w e s e et h a t / , | ". N o w , s i n c es I t r a n d t , I r , w e c o n c l u d et h a t , s : I t: proves the result. tr
t/v : t/(t,u). This
We have the following corollary of Theorem g.4. Corollary 8.2. I et r be a primitive root modulo z where m is an integer, m 2 r. Then r' is a primitive root modulo m if and,only if (u,o(d ) : l: Proof. From Theorem 8.4, we know that ord,^r' : ord^rf (u,ord*r)
: Q ( m ) / f u , 0 @. D
consequently, ord- ru : efu), onlyif (u,Q(m)) : t. D
and ru is a primitive root modulo m, if and
This leads immediately to the following theorem. Theorem 8.5' If the positive integer m has a primitive root, then it has a total of Q@fu)) incongruent primitive roots. Proof. Let r be a primitive root modulo rn. Then Theorem 8.3 tells us that the integers r, 12,...,vbh) form a reduced residue system modulo ,,. From Corollary 8.2, we know that r" is a primitive root modulo rn if and only if (u , a( *) ) : l. s i n c e th e re u t" r* " " i l y o @ @)) such i ntegersa, there are exactly 0@@)) primitive roots modulo ru. tr Example. Let m: 11. A little computationtells us that 2is a primitive root m odulo 11. s inc e l l h a s a p ri mi ti v e ro o t, w e know that 11 has a@ ol )) :4 incongruent primitive roots. It is easiry seen that 2, 6,7, and g are four incongruent primitive roots modulo I l.
8.1 Problems 1. Determine the a) order of 2 modulo 5 b) order of 3 modulo l0
c) order of l0 modulo 13 d) order of 7 modulo 19.
237
8.1 The Order of an Integer and Primitive Roots
2.
Find a primitive root modulo
il4 b)5 c) l0
d) 13 e) 14 f) 1 8 .
3.
Show that the integer 12 has no primitive roots'
4.
How many incongruent primitive roots does 13 have? Find a set of this many incongruent primitive roots modulo 13.
5.
Show that if dis an inverseof c modulo n, then ordna:
6.
Show that if n is a positive integer and a and 6 are integers relatively prime to n : ordna'ordnb' such that (ordna, ordnD) : l, then ord'(ab)
7.
when Find a formula for ordn Gil if a and b are integers relatively prime to n ordna and ordrb are not necessarily relatively prime'
ordnd.
g.
Decide whether it is true that if n is a positive integer and d is a divisor of Qh), then there is an integer a with ordna : d.
g.
Show that if a is an integer relatively prime to the positive integer m and ord^a : s/, then ord^at : s .
10. Show that if m is a positive integer and a is an integer relatively prime to z such that ord^a - tlt - 1, then rr is prime. I 1. Show that r is a primitive root modulo the odd prime p if and only if ,e_D/e *
I (modp)
for all prime divisors q of P-1.
12.
Show that if r is a primitive root modulo the positive integer m, then i is also a primitive root modulo m, if i is an inverse of r modulo m '
1 3 . Show that ordp 2 ( 2'*1, where Fn : 2T * I is the nth Fermat number. 1 4 . Let p be a prime divisor of the Fermat number Fn:2v a)
Show that ordo2 :Zn*r.
b)
From part (a), conclude that 2n+r | (p-1), z"+rk + l.
* l'
so that p must be of the form
15.
: n and Let m: an - 1, where a andn are positiveintegers. Show that ordra conclude that n I O@).
16.
a)
Show that if p and q are distinct odd primes, then pq is a pseudoprime to and ordo2 | Q-D. the base 2 if and only if ordo2 | 0-t)
b)
Use part (a) to decide which of the following integers are pseudoprimes to the base 2: 13'67, 19'73,23'89,29'97.
238
PrimitiveRoots
1 7 . Show that if p and q are distinct odd primes, then pq is a pseudoprime to the base 2 if and only if MoMo:
(2p-r)ei-D
ir" prrriJoprime to the base 2.
1 8 . There is a method for deciphering messagesthat were enciphered by an RSA
cipher, without knowledge of the deciphering key. This method is based on iteration. Suppose that the public key ie,il ir"o ro. enciphering is known, but the deciphering key (d,il is not. To decipher a ciphertext block C, we form a s e q u e n cCet , C z , C 3 , . . . s e t t i n g C r = C " ( m o d n ) , 0 < C 1 1 n a n d C ; + 1E C7Y(mod n), 0 < Ci+t 1 n for j - 1,2,3,.... a)
Show that C1 = Cd (mod n), 0 1 C1 1 n.
b)
Show that there is an index such that C1: C and Cj_t : p, where p is 7 the original plaintext message. Show that this indei 7' is a divisor of ord,61n,1e
c)
Let n:47'59 and e :17. to the ciphertext 1504.
Using iteration, find the plaintext corresponding
(Note: This iterative method for attacking RSA ciphers is seldom successfulin a reasonable amount of time. Moreover, the primes p and q may be chosen so that this attack is almost always futile. See pioblem l3 of Section g.2.) 8.1 Computer Projects Write projects to do the following: l.
Find the order of c modulo rn, when a and m are relatively lntegers.
2 . Find primitive roots when they exist. 3 . Attempt to decipher RSA ciphers by iteration (see problem g). r
8.2 PrimitiveRootsfor primes In this section and in the one following, our objective is to determine which integers have primitive roots. In this ,..tion, we show that every prime has a primitive root. To do this, we first need to study porynomial congru"nces. Let c is a c is a also a
f (x) be a polynomial with integer coefficients. We say that an integer root of f (x) modulo m it f(c) = 0 (mod z). It i, *ryio rr. that if root of f (x) modulo m, then every integer congruent to c modulo m is root.
Example. The polynomial f (i : x2 * x * t has exactly two incongruent roots modulo T,namely x = 2 (mod 7) andx = 4 (mod 7).
239
8.2 PrimitiveRoots for Primes
Example. The polynomial gG) : x7 * 2 has no roots modulo 5. Example. Fermat's little theorem tells us that if p is prime, then the polynomial hQ) - rP-t - t has exactly p-l incongruent roots modulo p, n a m e l yx = I , 2 , 3 , . . . ,P - l ( m o dP ) . We will need the following important theorem concerning roots of polynomials modulo p where p is a prime. + afi * cs be a Lagrange'sTheorem. Let f (x) : arxn + an4xn-r * coefficient an leading with potyno.nial of degree n with integer coefficients and p. modulo roots noi Oiuirible by p. Then f k) has at most n incongruent rt : l' Proof. To prove the theorem, we use mathematical induction' When s olution p r s a m o d u l o o f atx I aowithp f c1. A root /G) * e h a u ef ( ; : -as since (mod 3'7, Theorem p). By 2 of the linear congruence a 1x is there that so one solution, (a1,p): l, this linear congruencehas exactly : l ' n for true is theorem exactly one root modulo p of f G). Clearly, the - l' and Now supposethat the theorem is true for polynomials of degree n by let fk) U" a polynomial of degree n with leading coefficient not divisible p' modulo roots incongruent f I n has polynomial G) ihe that p. Assume f :0 ,1,,...,,fl . W e have s? r!cs , c r , , . . , c sn,o t hat f k ) = 0 (mo d p ) fo r k
rG)- rGo) ]] i .,a_ii',[.,,", =i:l:'_-,iirr;.,:,;'y,"_;,;;q "+
ar)y(x-cs) (xn-z * x'-3cg* * a1(x-cs) + : ( x -c s )g (x ),
+ xcfi-3 + c6-2')
- | with leading coefficient a,. we where g(x) is a polynomial of degree n g(x) modulop. Letk be an integer, are all roots of now show that c r,cz,....,cn : : (mod (c) we have p), 0 1 < k ( r. Sincef G) f : (ct -co)skt) = 0 (mod P) ' f Gr,) f (rr) : 0 (mod p), since gk) know that Corollary 2.2, we From This shows p' c1,- co# 0 (modp). Hence, c1 is a root of g(x) modulo - | and has a leading that the polynomial g(x), which is of degree n coefficient not divisible by P, has n incongruent roots modulo p' This contradicts the induction hypothesis. Hence, f G) must have no more than n incongruent roots modulo p. The induction argument is complete' tr We use Lagrange's theorem to prove the following result.
240
PrimitiveRoots
Theorem 8.6. Let p be prime and let d be a divisor of p-1. polynomial xd - I has exactly d incongruent roots modulo p. Proof. Let p-l
Then the
: de. Then
xP-r- | : (xd-1;1"d(e-t) a rdG-D I : (xd-l)g(x) .
* x, * l)
From Fermat's little theorem, we see that xP-r - I hasp-l incongruent roots modulo p. Furthermore, from Corollary 2.2, we know that any root of xP-t - I modulo p is either a root of x7 - I modulo p or u rooi of g(x) modulo p. Lagr ange' st h e o re m te l l s u s th a t g (x ) h as at most dG-l ): p - d - | roots modulo p. Since every root of xP-r - I modulo p that is not a root of - I modulo p, we know that the g(x) modulo .p must be a root of xd poly nom ial x d - | h a s a t l e a s t Q -D d i ncongruent roots Q-d-r): modulo p. On the other hand, Lagrange's theorem tells us that it has at most d incongruent roots modulo p. Consequently, xd - I has precisely d incongruent roots modulo p. tr Theorem 8.6 can be used to prove the following result which tells us how many incongruent integers have a given order modulo p. Theorem 8.7. Let p be a prime ancl let d be a positive divisor of p-1. Then the number of incongruent integers of order d modulo p is equat to o@). Proof. For each positive integer d dividing p-1, let F@) denote the number of positive integers of order d modulo p that are less than p. Since the order modulop of an integer not divisiblebyp dividesp-1, it follows that p-l : d lp-l
From Theorem6.6,we knowthat p-l : dlp-r
We will showthat F(d) < O@) when d I e-D. with the equality
dlp-r
dlp-r
This inequality,together
241
8.2 Primitive Roots for Primes
implies that F (d) : O@) for each positive divisor d of p-1.
If F(d) :0, it is clear that F(d) < O@). Otherwise, L e t d l b-l). of orderd modulop. Sinceotdra : d, the integers a integer is an there a, a2t .", Qd
are incongruent modulo p. Furthermore, each of these powers of a is a root - (ad)k = | (modp) for all positive of *d -1 modulo p, since bk)d - I has exactly d integers k. From Theorem 8.6, we know that xd incongruent roots modulo P, So every root modulo p is congruent to one of these powers of a. However, from Theorem 8.4, we know that the powers of l' There are exactly a with order d are those of the form a& with (kd): if there is one consequently, and d, O@) such integers k with I < k < exactly be p, must there 0U) such positive element of order d modulo 'd(d). integerslessthan d. Hence, FU) < Therefore, we can conclude that F (d) : OU), which tells us that there are precisely O@) incongruent integers of order d modulo p ' D The following corollary is derived immediately from Theorem 8'7' Corollary 8.3. Every prime has a primitive root' Proof. Let p be a prime. By Theorem 8.7, we know that there ate |Q-l) modulo p. Since each of these is, by incongruent integers of order p-l primitive roots. p has 6Q-l) definition, a primitive root, The smallest positive primitive root of each prime less than 1000 is given in Table 3 of the APPendix.
8.2 Problems 1. Find the numberof primitive rootsof the followingprimes: a)
b) c) 2.
3.
7 l3 t7
d) e) f)
19 29 47.
-r Let r be a primitive root of the prime p with p = | (mod 4)' Show that also a primitive root.
is
: I (mod 4), there is an integer x such that Show that if p is a prime and p -l (Hint: (modp). Use Theorem 8.7 to show that there is an integer x x2 = of order 4 modulo P.)
242
PrimitiveRoots
4 . a) b)
5 . il
6.
Find the number of incongruent roots modulo 6 of the polynomialx2 - x. Explain why the answer to part (a) does not contradict Lagrange's theorem. Use Lagrange's theorem to show that if p is a prime and is a /(x) polynomial of degree n with integer coefficients and more than n roots modulo p, then p divides every coefficientof /(x).
b)
Let p be prime. Using part (a), show that every coefficient of the p o l y n o m i afl ( x ) : ( x - l ) ( x - D . . . ( * - p + l ) - x p - t + I i s d i v i s i b t e b yp .
c)
Using part (b), give a proof of Wilson's theorem. (Hint: constant term of f (x).)
Find the least positive residue of the product of a set of d(p_t) primitive roots modulo a prime p.
Consider the incongruent
7 . A systematic method for constructing a primitive root modulo a prime p is outlined in this problem. Let the prime factorization of ee) : q\'q'; q',, whereQr, ez, ..., qt areprime.
: p-l
be
p-l a)
Use Theorem 8.7 to show that there are integers d1, a2,...,a, such that o r d r a t : q ' i , o r d r a 2 : q | , . . . , o r d o a ,: q : , .
b)
Use problem 6 of section 8.1 to show that a : aflz-.. a, is a primitive root modulo p.
c)
Follow the procedure outlined in parts (a) and (b) to find a primitive root modulo 29.
8 . Let the positive integer n have prime-power factorization n:
pl,pi,...p?. Show that the number of,incongruent bases modulo n for *tti.tt n is a pseudoprimeto that base is I (n -1, pi-D .
9 . Use problem 8 to show that every odd composite integer that is not a power of 3 is a pseudoprimeto at least two basesother than i l.
1 0 . Show that if p is prime and p :2q
! l, where q is prime and a is a positive integer with I 1 a I p-1, then p -a2 is a primitive root modulo p.
I l.
il
Suppose that /(x) is a polynomial with integer coefficientsof degree n-1. Let x1,x2,...,xn be n incongruent integers modulo p. Show that for all integers x, the congruence
.f k) i-t
i-_t,
t^rold^s' is an inverse of xj-xi (mod n ). This technique -.*h"1". F for finding f (x) modulo p is called Lagrange interpolation.
243
8 .3 Th e E x is t enc e o f P ri mi ti v e R o o ts
b)
Find the least positive residue of /(5) modulo 1l if /(x) is a polynomial of -S,f Q) = 2,andf G) = 4 (mod l1). d e g r e e3 w i t h f 0 )
12. In this problem, we develop a threshold scheme for protection of master keys in a computer system, different than the scheme discussed in Section 7.6. Let f (x) be a randomly chosen polynomial of degree r-1, with the condition that K, the master key, is the constant term of the polynomial. Let p be a prime, such that p > K and p ) s. The s shadows krkz, ..., k, are computed by finding the least positiveresidueof f G) modulo p for i :1,2,..., s where xt,xz,...,.xr are randomly chosenintegers incongruent modulo p, i.e., ki = f(x;)
(modp), o (
k; ( p,
for; a)
Use Lagrange interpolation, described in problem I l, to show that the master key K can be determined from any r shadows.
b)
Show that the master key K shadows.
c)
4x3+xz+ Let fG): t:4, and s:7. p:47, Let K:33, 3lx + 33. Find the seven shadows correspondingto the values of /(x) at 1 , 2 , 3 , 4 , 5 , 6a,n d 7 .
d)
Show how to find the and / (4) .
cannot be determined from less than r
key from the four shadows f 0), f Q), f Q),
13. Show that an RSA cipher with enciphering modulus n: pq is resistant to attack l, I and q:2q'* b y i t e r a t i o n ( s e e p r o b l e m 1 8 o f S e c t i o n8 . 1 ) i f p : 2 p ' + where p' and q' are primes. 8.2 Computer Projects Write programs to do the following: 1.
Find a primitive root of a prime using problem 7.
2.
Implement the threshold schemegiven in problem 12.
8.3 The Existenceof Primitive Roots In the previous section,we showed that every prime has a primitive root. In this section, we will find all positive integers having primitive roots. First, we will show that every power of an odd prime possessesa primitive root. We begin by consideringsquaresof primes. Theorem 8.8. If p is an odd prime with primitive root r, then either r or
244
PrimitiveRoots
r * p is a primitive root modulo p2. Proof. Since r is a primitive root modulo p, we know that
ordrr:0Q):p-1. Let n : ordozr,so that
r'=
I (modp2).
since a congruencemodulo p'obviously holds modulo p, wa have rn = I (modp). From Theorem 8.1, it follows that p-l:
ordrrl n.
On the other hand, Corollary g.l tells us that
nlOQ2):p(p-t). Since n I p(p-t) and p-l I n,, either n : p-l o r n : p ( p - l ) . If n : p (p-l), then r is a primitive root modulop2, since ordrrr : Q(pz). Otherwise, we haven : p-1, so that
(s.1)
rP-t=1(modp2).
Let s : r+p. Then, sinces E r (mod p), s is also a primitive root modulo p. Hence, ordo"r equals either p-l or p (p-l). we will show that ordo,r * p-1. The binomial theorem tells us that . r p- r : ( r t p) o -r
: 7 p -t + Q _ D ro -rp z
* 1p;I)rr_rp, +
v 4 -t + (p -D p .rP-2 (mod p2).
Hence, using (S.t), we seethat sP-r = I + (p-l)p.70-2:
l - prp-z (modp2).
From this last congruence,we can conclude that sp-t# l (modp2). To see this, note that if 5P-l : l^(mod p2), then prp-z = 0 (modp2). This last congruence implies that rp-2 = 0 (mod p), which is impossible, since
245
8 .3 Th e E x is t enc e o f Pri m i ti v e R o o ts
: p tr , (remember r is a primitive root of p). Hence, ordrus : a p' ' r*p is a primitive root of Consequently,s O $\.
p (p -l)
:
Example. The prime p :7 has r : 3 as a primitive root. From the proof of :49' si nce Th e o rem8. 8, we s eet h a t r : 3 i s a l s o a p ri mi ti v e ro ot modul op2 rP-t - 36 + I (mod 49) ' We note that it is extremelyrare for the congruence rP-t = I (modp2) to hold when r is a primitive root modulo the prime p. Consequently,it is very seldom that a primitive root r modulo the prime p is not also a primitive root modulo p'. The smallestprime p for which there is a primitive root that is not also a primitive root modulo p2 is p : 497. For the primitive root l0 mo d u l o 487, we hav e 10486: 1 (mod 4872). Hence, l0 is not a primitive root modulo 4872,but by Theorem 8.8, we know that 497: 10 + 487 is a primitive root modulo 4872. We now turn our attention to arbitrary powersof primes. Theorem 8.9. Let p be an odd prim e, then pk has a primitive root for all positive integers ft . Moreover, if r is a primitive root modulo p2, then r is a primitive root modulo po, for all positiveintegersk. Proof. From Theorem 8.8, we know that p has a primitive root r that is also a primitive root modulo P2, so that
(8.2)
rp-t # 1 (modp2).
Using mathematicalinduction,we will prove that for this primitive root r,
(8.3)
yn'-'$-t) 1 I (m o d p ft)
for all positive integersk. Once we have establishedthis congruence,we can show that r is also a primitive root modulo pk by the following reasoning. Let n : ord6r. From Theorem 6.8, we know that n I OQ\: h a n d , s inc e
O*-r(p-l).
On the other
246
PrimitiveRoots
7n -
I (modpk),
we also know that rn = I (modp). Fr om T heor em 8 .1 , w e s e e th a t p -l : 6 e ) r, and | n. B ecausee-D l n I o*-rQ-I), we know that n:'p'(p-l), w h ' e r el i s a n i n t e g e rs u c h t h a t 0 ( r ( k-t. If n: p'(p-l) with/ < k-2, then 7p'-2(p-t): (7p'@-t)1r'-rn:
l (mod pk),
whic h would c o n tra d i c t (8 .3 ). H e n c e , ordotr : pk-t b-D Consequently,r is also a prirnitive root modulo pk.
: oeo).
All that remains is to prove (8.3) using mathematical induction. The case of k:2 follows from (8.2). Let us assumethe assertionis true for the positive integerk>2.Then 7 n t-t(t_ t)# l (mo dpk). since G,p) : l, we know that (r,pk-t) : 1. consequently, from Euler's theorem,we know that vPL-2(o-D :
Therefore,there
,Q(Pk-tt
an integer d such that y o ' -' Q -t): I * d p k-t,
wherep trd, sinceby hypothesisyP'-'(P-t)* t (moApk). W e take the pth powerof both sidesof the aboveequation,to obtain, via the binomial theorem, yP'-'(P-l)
-
0 + dp*-t1o | + p@pt-r, * (|)o'Urk-t)2 +
* (dpk-t1n
| * dpk (modpo*'). Sincep I d, we can conclude that ,.P^-'(P-r) # I (mod po*t). completesthe proof by induction. tr Example. From a previous example, we know that r : 3 is a primitive root
247
8.3 The Existenceof PrimitiveRoots
: 3 is also a primitive modulo 7 and 72. Hence, Theorem 8.9 tells us that r root modulo 7k for all positive integers k. It is now time to discusswhether there are primitive roots modulo powers of Z. We first note that both 2 and 22: 4 have primitive roots, narnely 1 and 3, respectively. For higher powers of 2, the situation is different, as the following theorem shows;there are no primitive roots modulo these powers of 2. Theorem 8.10. If a is an odd integer, and if k is an integer, k ) : e 2 ' -' : a O QL )/2
3, then
1 (mo d 2 k).
We prove this result using mathematical induction. If a is an odd integer, then a : 2b t 1, where b is an integer. Hence,
proof.
a 2 : ( 2 b + 1 ) 2:
4 b 2+ 4 b * I : 4 b $ + 1 ) + 1 .
Since either b or b * 1 is even, we see that 8 | 4b (b + l), so that a2 :- I (mod 8). This is the congruenceof interestwhen k :3. Now to complete the induction argument, let us assumethat a2'-' = I (mod 2k) . Then there is an integer d such that e2'-': l+d'zk. Squaring both sides of the above equality, we obtain e 2 ' -' : | + d 2 k + r q 4 2 2 zk. This yields e2'-'= 1 (modzk+r), which completes the induction argument. n Theorem 8.10 tells us that no power of 2, other than 2 and 4, has a primitive root, since when a is an odd integer, ord2ta # OQk) , since a6Q')lz : 1 (mod 2k) . Even though there are no primitive roots modulo 2k for k > 3, there always is an element of largest possible order, namely OQ\ I 2, as the following theorem shows.
248
PrimitiveRoots
Theorem 8.11. Let k 7 3be an integer. Then o r d 2 . 5: O ( Z k ) D : 2 k - 2 . Proof. Theorem 8.10 tells us that 52'-' = I (mod 2k). for k 2 3. From Theorem 8.1, we see that ordr.S I Z*-2. Therefore, if we show that ordr.5 | 2l"-t , we can conclude that ord2.5- 2k-2. To show that ordr,S tr 2k-3, we will prove by mathematical induction that fork)3, 52,-'= | + 2k_t *
I (mod 2k).
For k : 3. we have
5:l+4(mod8). Now assumethat
52'-': l+zk-I (mod2ft). This meansthat thereis a positiveintegerd suchthat S 2 ' - ' _ ( 1+ 2 k - r ) + d Z k . Squaringboth sides,we find that 52'-': (l + 2k-t)2 + 20 + zk-t)dZk + (dzk)z so that 52,-,= 0 + 2k-r)2 : | + 2k + 22k-2 :
I + 2t (mod Zk+\ .
This completesthe induction argument and showsthat ordr'5 : O(2k)/2' tr We have now demonstratedthat all powers of odd primes possessprimitive roots, while the only powers of 2 having primitive roots are 2 and 4. Next, we determine which integers not powers of primes, i.e. those integers divisible by two or more primes, have primitive roots. We will demonstrate that the only positive integers not powers of primes possessingprimitive roots are twice
249
8.3 The Existenceof PrimitiveRoots
powers of odd primes. We first narrow down the set of positive integers we need consider with the following result. Theorem 8.12. If r is a positive integer that is not a prime power or twice a prime power, then n does not have a primitive root. Proof. Let n be a positive integer with prime-power factorization
,-p\,p'i...p';. Let us assume that the integer n has a primitive root r. This means that (r,n ) : I and or dn r :6 h ). Si n c e (r,n ) : l , w e know that (r,p' ) : l , wheneverpt is one of the prime powers occurring in the factorization of r. By Euler's theorem, we know that ro@') :
I (mod P) .
Now let U be the least common multiple of Q(p'r), OQ'il,..-,0(p';), i-e.
u : [oQ\'),aQ'il,...,0b'il1. SinceObh I U, we know that ru = t (modP,l') we seethat for i : l, 2 ,...,m . From this last congruence, ordrr:6Q) Z. Hence,the numberse(p'r'),Oe'il,..., Oe,;\ are not p air wis er elat iv e l yp ri m e u n l e s sm: I a n d n i s a pri mspow er o, * :2 and the factorization of n is n : 2p', where p is an odd prime and / is a positive integer. tr
We have now limited considerationto integers of the form n : 2p,, where p is an odd prime and r is a positive integer. We now show that all such integers have primitive roots. Theorem 8.13. rf p is an odd prime and r is a positive integer, then 2pt possesses a primitive root. In fact, if r is a primitive root modulopt, then if r is odd it is also a primitive root modulo 2pt, while if r is even, r * pt is a primitive root modulo 2pt. Proof. If r is a primitive root modulo pt , then rob') = I (modp,), and no positive exponent smaller than 6(pt) has this property. From Theorem -6.4, we note that O(zp') : 0Q) 66t7 : e(p,), so that ,6(2n') 1 (mod p') . If r is odd, then ,o(zp')= I (mod 2). Thus, by corollary 3.2, we see that rQQp';: I (mod 2p,). since no smaller power of r is congruent to I modulo 2pt , we conclude that r is a primitive root modulo 2pt . On the other hand, if r is even, then r * p ' (r + P'10{zP')
Hence,
I (mod 2)
Since r * p' = r (mod p'), we see that G * pt )QQP')
I (mod p' )
Therefore, (r + ot1oQfl: I (mod 2p'), and as no smaller power of r *pr is congruent to 1 modulo 2pt , we conclude that r * p' is a primitive root modulo 2p'. rt Example. Earlier
this section we showed that 3
a primitive root modulo
8.3 The Existenceof PrimitiveRoots
251
7t for all positive integers /. Hence, since 3 is odd, Theorem 8.13 tells us that 3 is also a primitive root modulo 2'7t for all positive integers /. For instance, 3 is a primitive root modulo 14. positive Similarly, we know that 2 is a primitive root modulo 5' for all * 5t is a integers/. Hence, since 2 + 5t is odd, Theorem 8.13 tells us that 2 primitive root modulo 2.5t for all positive integers f. For instance,2T is a primitive root modulo 50. Combining Corollary 8.3 and Theorems8.9, 8.12,8.13, we can now describe which positive integers have a primitive root. Theorem 8.14. The positive integer n possessesa primitive root if and only if fr :2,4, p', or 2pt, where p is an odd prime and / is a positive integer.
8.3 Problems l.
Which of the integers 4,10,16,22and 28 have a primitive root?
2.
Find a primitive root modulo a) b)
3.
c) d)
r72 D2.
Find a primitive root, for all positive integers k, modulo a) b)
4.
lf B2
3k lle
c) d)
l3k nk.
Find a primitive root modulo a)6c)26 18 b)
e)
338.
5.
Find all the primitive roots modulo 22.
6.
Show that there are the same number of primitive roots modulo 2pt as there are of p' , where p is an odd prime and r is a positive integer.
7.
Show that if rn has a primitive root, then the only solutions of the congruence x2 = I (mod m) are x E t I (mod z).
252
PrimitiveRoots
8.
Let n be a positive integer possessinga primitive root. Using this primitive root, prove that the product of all positive integers less than n and relatively prime to n is congruent to -l modulo n. (When n is prime, this result is Wilson's Theorem.)
9.
Show that although there are no primitive roots modulo 2& where k is an integer, k > 3, every odd integer is congruent to exactly one of the integers (-1)"50, where a:0 or I and B is an integer satisfying0 < B ( 2ft-2-1.
8.3 Computer Projects Write computer programs to do the following: l.
Find primitive roots modulo powers of odd primes.
2.
Find primitive roots modulo twice powers of odd primes.
8.4 Index Arithmetic In this section we demonstrate how primitive roots may be used to do modular arithmetic. Let r be a primitive root modulo the positive integer m (so that m is of the form describedin Theorem 8.14). From Theorem 8.3, we know that the integers r, 12, 13
form a reduced system of residuesmodulo nr. From this fact, we see that if a is an integer relatively prime to m, then there is a unique integer x with 1(x46@)suchthat r'
a (modm).
This leads to the following definition. Definition. Let m be a positive integer with primitive root r. If a is a positive i n t eger wit h ( a, m): l , th e n th e u n i q u e i n t eger x w i th I (x(d(z) and r* = a (mod m) is called the index of a to the base r modulo m. With this definition, we have a - ,ind'a (mod m ). If x is' the index of a to the base r modulo m, rhen we write x : indra, where we do not indicate the modulus m in the notation, since it is assumed"to be fixed. From the definition, we know that if a and b are integers relatively prime lo m and a = b (mod m), then ind,a : indrb. Example. Let m : 7. We have seen that 3 is a primitive root modulo 7 and
253
8 .4 l n dex A r it hm eti c
(mod7), 3 r = 3 ( m o d 7 ) , 3 2 = 2 ( m o d 7 ) , 3 3= 6 ( m o d 7 ) , 3 4 = 4 that (mo d = ( m od 7 ). I 5) . and 3 6 35= 5 Hence, modulo 7 we have i n d 3 l : 6 , i n d t2 : 2 , i n d l 3 : 1, i n d 3 4: 4 , i n d r5 : 5 , i n d r6 : 3. With a different primitive root modulo 7, we obtain a different set of indices. For instance,calculationsshow that with respectto the primitive root 5, i n d 5 l : 6 , i n d s 2: 4 , i n d s 3: 5, ind54 : 2, ind.55: l, inds6 : 3. We now develop some properties of indices. These properties are somewhat similar to those of logarithms, but instead of equalities, we have congruences mo d ulo6@) . Theorem 8.15. Let m be a positive integer with primitive root r, and let a and b be integersrelativelyprime to m. Then ( i) (ii) (iii)
ind, l = 0 (mo d Q fu )). ind,Gb) = ind,a * ind,b (mod O@)) -la. ind,a (mod 6h)) if k is a positive integer. ind,ak
Proof of G). From Euler's theorem, we know that ,6(m): I (mod z). Since r is a primitive root modulo m, no smaller positive power of r is congruentto 1 modulo rn. Hence, ind,l : 6(m) = O (mod Qfu)) . Proof of (ii). indices,
To prove this congruence, note that from the definition of ,ind'Qil :
ab (mod ,,, )
and ,ind,a*ind,b-
,ind,o
,ind,b = Ab (mOd ,, ).
Hence, ,ind,Gb) =
7ind,a
* ind,D
(mod
rn ).
Using Theorem 8.2, we concludethat in d ,(a b ) :
i n d ,a * i n d ,b (m o d 6@ )).
254
PrimitiveRoots
Proof of Gii). To prove the congruence of interest, first note that, by definition, we have -: ,ind',ar ak (mod m ) and ,k'ind'a
(rind'o)P :
=
(mod rn).
ak
Hence, ,ind,aL =
rk'
ind'o
(mod
rn ).
Using Theorem 8.2, this leads us immediately to the congruence we want, namely ind,ak
-
ft. ind,a (mod 6fuD,
a
Example. From the previous examples,we see that modulo 7, ind52: 4 and i n d 5 3 : 5 . S i n c eA Q ) : 6 , p a r t ( i i ) o f T h e o r e m8 . 1 5 t e l l su s t h a t i n d 5 6- i n d s 2 . 3 : i n d s 2t i n d 5 3: 4
t 5:9
= 3 ( m o d6 ) .
Note that this agreeswith the value previously found for ind56. From part (iii) of Theorem 8.15, we seethat ind53a= 4'inds3 = 4.5 : 20 = 2 (mod 6). Note that direct computation gives the same result, since i n d 5 3 a- i n d s Sl - i n d s4 : 2. Indices are helpful in the solution of certain types of congruences. Consider the following examples. Example. We will use indices to solve the congruence 6xr2 : I 1 (mod 17). We find that 3 is a primitive root of 17 (since 38 = -l (mod l7)). The indicesof integersto the base 3 modulo l7 are given in Table 8.1. a ind3a
I
2
3
16 14 I
4
6
7
8
9
r2 5 l 5
5
ll
l0
2
10 1l 3 7
t2
13 l4
t5
16
l3
4
6
8
9
Table8.1. Indicesto the Base3 Modulo 17. Taking the index of each side of the congruenceto the base 3 modulo 17, we obtain a congruencemodulo d(t7) : 16, namely
255
8.4 Index Arithmetic
in d 3 (6 x r2 )= i n d 3 l| :' l
(m o d 16).
Using (ii) and (iii) of Theorem 8.15, we obtain :, (mod 16). ind3( 6x r 2)- i n d 3 6* i n d 3 (x 1 2 ) 1 5 + 1 2 ' i nd3x Hence, 15+12'ind3x=7(mod16) or 12'ind3x=8(mod16). Using Corollary 3.1, upon division by 4 we find that ind3x : 2 (mod 4). Hence, ind3x :
2 , 6 , 1 0 ,o r 1 4 ( m o d 1 6 ) .
consequently, from the definition of indices,we find that x 2 3 2 , 3 6 ,3 t o o r 3 l a ( m o d 1 7 ) , (note
this that 32:- 9,36 : 15,310
17)' modulo holds congruence ( m o d t hat c o n c l u d e w e l 7 ) , 2 8, and 314:
Since
x 3 9 , 1 5 , 8 , o r 2 ( m o d1 7 ) . Since each step in the computations is reversible, there are four incongruent solutions of the original congruencemodulo l7' (mod 17). Example. We wish to find all solutionsof the congruence7'= 6 of this sides both When we take indices to the base 3 modulo 17 of congruence,we find that i n d 3 (7 ' ) :
i n d 3 6: 1 5 (m o d 16).
From part (iii) of Theorem 8.15, we obtain i n d 3 ( 7 ' ) : x ' i n d 3 7: l l x Hence.
(mod 16).
256
PrimitiveRoots
llx
:
15 (mod16).
Since 3 is an inverseof I I modulo 16, we multiply both sides of the linear congruence aboveby 3, to find that x = 3 . 1 5: 4 5 :
1 3 ( mod 16).
All stepsin this computationare reversible.Therefore, the solutionsof 7* = 6 (mod 1 7 ) are given by x = t3 (mod 16). Next, we discusscongruencesof the form xk = a (mod m), where m is a positive integer with a primitive root and (a,m) : l. First, we present a definition. Definition' lf m and k are positive integers and a is an integer relatively prime to ffi, then .we say that a is a kth power residue if * if the congruencexk = a (mod,m) has a solution. When z is an integer possessinga primitive root, the following theorem gives a useful criterion for an integer a relatively prime to m to be a kth power residue of m. Theorem 8.16. Let m be a positive integer with a primitive root. If k is a positive integer a1d o is an integer relatively prime to m, then the congruence xk = a (mod m) has a solutioriif and only-ii oQh)ld=l(modln) where d : (k,6(m)). Furthermore, if there are solutions of xk : a (mod m)' then there are exactly d incongruentsolutionsmodulo rn. Proof. Let r be a primitive root modulo the positive integer 17. We note that the congruence xk
(mod z)
holds if and only ( 8 .1 ) Now let d:
k ' i n d ,x ( k ,e (m))
i n d ,a (m o d 6@ )).
a n d y : i n d ,x , s o that x
(mod z ).
From
257
8 .4 In d ex A r it hm et ic
Theorem 3.?, we note that it d tr indra, then the linear congruence (8 .2 ) k y : i n d " o (m o d Q fu )) (8 has no solutions, and hence, there are no integers x satisfying l). If d lind'a, then there are exactly d integersy incongruentmodulo d(z) such that (8.2) holds, and hence,exactly d integersx incongruentmodulo z such rhat (8.1) holds. Since d I ind,a if and only if @@)/ilind,a
= o (mod Q(m)),
and this congruenceholds if and only if ooh)/d:1(modrz). the theorem is true. tr We note that Theorem 8.16 tells us that if p is a prime, k is a positive integer, and a is an integer relatively prime to p, then a is a kth power residue of p if and only if oQ-D/d: 1 (modp), where d : (k,p-l).
We illustrate this observationwith an example.
Example. To determine whether 5 is a sixth power residue of 17, i.e. whether the congruence x 6 = 5 (mo d 1 7 ) has a solution, we determine that 5 t6 /(6 ,1:6 ) 5 8 = -l
(m o d l 7).
Hence, 5 is not a sixth power residueof 17. A table of indices with respectto the least primitive root modulo each prime lessthan 100 is given in Table 4 of the Appendix. We now present the proof of Theorem 5.8. We state this theorem again for convenience. Theorem 5.8. If n is an odd compositepositive integer, then r passesMiller's te st for at m os t f u- l) / 4 b a s e sb w i th I < , 1 n -1 . We need the following lemma in the proof of Theorem 5.8.
258
PrimitiveRoots
Lemma 8.1. Let p be an odd prime and let e and q be positive integers. Then the number of incongruent solutions of the congruence x e - t = I ( m o dp r ) i s ( q , p r - r e - D . Proof' Let r be a primitive root of p' . By taking indiceswith respectto r, we see that x4: I (modp,) if and only if qy = 0 (mod 6e,D where y : ind'x . using Theorem3.j, we see that there are exactli e,6er)) incongruentsolutionsof gy :0 (mod|e"D. consequently,there are Q,6Q")) : (q,p'-tb-l)) incongruent solutions of xe = 1 {-oAp'). tr We now proceedwith a proof of Theorem5.g. Proof. Let n-l : 2't, wheres is a positiveinteger and,t is an odd positive integer. For n to be a strongpseudoprime to the baseD, either bt :
b2tt :
I (mod n )
-1 (mod n)
( s - l.
f o r s o m e i n t e g e r T w i t h 0( 7
bn-t=
Ineithercase,wehave
I (modn).
Let the prime-powerfactorizationof n be n : pi,pi, . . . p',,. From Lemma 8.1, we know that there are (n-r, p'/Qi-l)) : h-l,pi-l) incongruent solutionsof xn-r: I (modp7) , j :1,2,...,r. Consequently, the Chinese remaindertheoremtells us that thereare exactlv h-\,p1-l) fI solutionsof x'-l
= I (mod n ).
incongruent
j-r
To prove the theorem, we first consider the case where the prime-power flactorizationof n contains a prime power p[. with exponente* 2 2. Since
bo-D /pt : t/p't-t - t/p't < z/g (the largest possiblevalue occurswhen pj :3
and ei :2),
we seethat
259
8.4 Index Arithmetic
r
tu-r,pj-r)< fI Q;t) fI j -r ;:l
l+,r)
li-l
ll**
"+" Since
?"*f
0n-l) for n > 9 , we seethat r
u (n-l ,p,-l) (
(r -r)14.
j:r
Consequently,there are at most Q-Dla is a strong pseudoprimeto the base b. T h e o t h e r c a s et o c o n s i d e ri s w h e n n : distinct odd primes. Let
integersb, I < 6 ( n , for which n w h e r eP t , P z , . - . , Par r e
PPz"'P.
p t - | : 2 t' tr, i : 1 ,2 ,.. .,r, where s; is a positive integer and /; is an odd positive integer. We reorder the ( s, ' We note that primespr,p2,...,p,,(if necessary)so thatsr ( sz ( h-l,pi-l)
: 2*ink') (t,t,).
: (t,t;). From The number of incongruentsolutionsof x' = I (mod pi) is T solutions of incongruent 2il; are there problem 15 at the end of this section, * y''= - l ( m odp; ) w h e n O ( f ( s i -I, a n d n o sol uti onsotherw i se. H ence, i ncongruent u si n g t he Chines e r e ma i n d e r th e o re m , th e re a r e TrTz" ' 7, incongruent solutions of solutions of xt : I (mod n), and 2i' TrTz"'7, x/, = - 1 ( m od n) w h e n 0 ( 7 ( s 1 -1 . T h e re fo re,there area total of
[ ,,-' I
I
Z"'-t I
TrTz"' T, lt* > 2t'l- TrTz"' T,lt + .;; l,r-oJtL)
I
integers b with 1< D ( n-1, for which n is a strong pseudoprimeto the Uasetr. (We have used Theorem l.l to evaluatethe sum in the last formula.) Now note that
260
PrimitiveRoots
6h) : (pr-l) (pz-l)
(pr-l)
:
tiz
tr1t'*s'*
"' *s,
We will showthat
rrrz'" r,[,*ro] 2 ' ,-t
|
)
*,,r,ro,
which provesthe desired result. Because TrTz. . . 7, ( r1r, achieveour goal by showing that
(8.3)
*r,< r/4. [,*l'-t lrr',*',*'' z',-t | )
Since sr ( sz (
( s, , we seethat
tr, we can
' as, * Uf ( f^,* ''.'-t ,r',*',* f, f,r,,, 2 ' t | )' l . 2 ,- l J''
I
--
2"r-l 2"r(2, -l)
2",
:l++-l 2,-l
2"t
| 2'-l - -< l
I-
2rtr(2, -l)
2',-2 2"'(2'-l)
2r-r
From this inequality,we concludethat (s.r) is valid when r ( When r:2, w e h a v en : p p 2 w i t h p r | : 2 t r t 1 rr ( sz. If s1 ( s2, then (S.f) is againvalid, since
I
(
3.
and pz-l:2trtz,
with
''"
rt',-, I -L. I r ^ ) . . ?)/2',*',: +]/lz",z',-',) [t ['
:[+.#),,"-"
*+
W h e n s r : J 2 , w e h a v e( n - l , p r l ) : 2 ' T r and(n-l,pz-l):2tTz. Let us assume that pr ) pz. Note that T1 * t1, for if Tr: tr, then
261
8.4 Index Arithmetic
( p t - l ) I ( n - l ) , s ot h a t n : p r p z Z p z = 1 ( m o dp r - l ) , which impliesthat P2 ) Pr, a c o n tra d i c ti o n . S i n c e T1# t' 1 , we know that T r ( t r / 3 . S i m i l a r l v , l f t 1 pz then T2 # tr, so that 7"2( t2l3 . Hence, 7 ^2s, , I 2 '":t , w eh a v e T r T z4 t 1 2 / 3 , a n ds i n c el r * l/r"'* |
-,2 r, , l
: 6h)16, | < r t222"16
TtTzlr+ f lr)
proves
which
the
;
3)
t
theorem
for
this
final
case'
since
oh) /6 ( (n -r) /6 < (/,-r) /4. tr By analyzing the inequalities in the proof of Theorem 5.8, we can see that the probability that n is a strong pseudoprimeto the randomly chosenbase D, 1 < b ( n-1, is close to ll4 only for integers n with prime factorizations of t h e f o r m n : p r p 2 w i t hP r : | + 2 q 1a n d P z : I t 4 q 2 , w h e r e{ 1 a n d Q 2 a r e o d d p r i m e s , o r n : q f l z Q t w i t h P r : | + 2 q r ,P 2 : | * 2 q 2 , a n d pz: I t 2q3, wher e Q r,e z ,a n dq 3 a re d i s ti n c to d d pri mes (seeprobl em 16).
8.4 Problems l.
Write out a table of indices modulo 23 with respectto the primitive root 5.
2.
Find all the solutions of the congruences a) 3xs = I (mod 23)
3.
b) 3xta = 2 (mod 23).
Find all the solutionsof the congruences il
3' :- 2 (mod 23)
b) 13" = 5 (mod 23)'
4.
For which positive integers a is the congruence axa =
2 (mod 13) solvable?
5.
For which positive integers 6 is the congruence 8x7 :
b (mod 29) solvable?
6.
Find the solutionsof 2x = x (mod 13), using indices to the base 2 modulo 13.
7.
Find all the solutionsof x' :
8.
Show that if p is an odd prime and r is a primitive root of p, then ind,(p-|)
(p-r) /2.
x (mod 23). :
262
9.
Primitive Roots
Let p be an odd prime. Show that the congruence x4 = solution if and only if p is of the form gfr + l.
_l(modp)
has a
1 0 . Prove that there are infinitely many primes of the form 8ft*1.
(Hint: Assume that p6p2,...,pn are the only primes of this form. Let . . p)a+l . (ppz. e Show that Q must lave an odd prime factor different than j1p2,...,pn, and by problem 9, necessarilyof the form 8k+l .)
ll.
From problem 9 of Section 8.3, we know that if a is a positive integer, then there are unique integers a and B with a : 0 or I and 0 < B ( Z*-i-t such that a = (-l)" 5p (mod 2ft). Define the index system of a modulo 2k to be equal to the pair (a,B). a)
Find the index systemsof 7 and 9 modulo 16.
b)
Develop rules for the index systems modulo 2& of products and powers analogousto the rules for indices.
c)
Use the index system modulo 32 to find all solutions of j xs = I I (mod 32) and 3' = 17 (mod 32).
12. Let n : 2"p\'pj ' ' ' ph be the prime-power factorization of n. Let a be an integer relatively prime to n. Let r1,r2,...,r^ be primitive roots of pti,p'i,..., p';, respectively, and let 71 : ind", a (mod p'1), 72 : ind", a (mod ptl), (mod p'il. rc /o ( 2, let rs be a primitive root of 2t,,and let ...,1m:ind,.a : (mod ind,. a 2t). If ls 2 3,let (a,p) be the index systemof c modulo 2k, 7e (-l)'5P (mod 2t). Define the index system of a modulo n to be = so that a ( 1 o , 1 r , 7 2 , . . . , y ) i f t o ( 2 a n d ( a , 8 , 7 t , ^ 1 2 , . . . , 1i ^f )t o Z 3. a)
Show that if n is a positive integer, then every integer has a unique index system modulo n.
b)
Find the index systemsof 17 and 4l (mod lZ0) (in your computations, use 2 as a primitive root of the prime factor 5 of 120).
c)
Develop rules for the index systems modulo n of products and powers analogousto those for indices.
d)
Use an index system I lx7 : 43 (mod 60).
modulo
60
to
find
the
solutions
of
Let p be a prime, p ) 3. Show that if p =2 (mod 3) then every integer not divisible by 3 is a third-power, or cubic , residue of p, while if p : I (mod 3), an integer a isa cubic residueof p if and only i1 o@-t)/3: I (modp). Let e be a positive integer with e 7 2. il
Show that if ft is a positive integer, then every odd integer a is a kth power residue of 2" .
b)
Show that if /c is even, then an integer a isa /
7y urc pr..isely thosepairs satisfyingI ( x ( 3 and 1 ( y ( 11xl7. For a fixed integerx with 1 ( x ( 3, there are lttx/ll allowablevaluesof y. Hence, the total number of pairs satisfying I ( x < 3, 1 ( / ( 5, and llx ) 1y is 3
(3,4)' th e s eeight pair s ar e (l ,l ), (2 ,D , (2 ,2 ), (2 ,3 ), (3 ,1), (3,2), (3,3) and The pairs of integers G,y) with I ( x < 3, I ( y ( 5, and llx 1 7y For a *r. pr..isely those pairs satisfying I ( y ( 5 and 1 ( x 4 7y /tt. allowable values of x. fixed integer y with I ( y ( 5, there are lly/ttl Hence, the total number of pairs satisfying I ( x < 3, I ( y ( 5, and llx ( 7y is
310
Quadratic Residues
5 j-r
ltj /ttl : Ij lrrl + [ t L l t r ] + [ 2 r / r t l+ I 2 8 l n] + [ 3 s l l1 ] :0*l
1 5: ) t r r j l l l + > l t j l t l l : 8 * 7 . j-r j-r
T;:5'3: Hence,
rr-l .7-l (_t)
2
2:(_l);*'
i,rrrr,r,* i, rtinl i-l
35
2lni/tl )Iti/rrl (- I )i-' (- I )r-' 3
Since Lemma
(t
'l
l#l
r,'J
g.2
t e l l s rrs .^
5t/
: ( -.1. )I it-ttr,rw"et s e e t h a t
+ L^+ | rr I that
Z,'rj/tl
: (-1;r-t
17 |
lI t ll fl r r" l | : ( - t ) [11J|.7 )
and
t-'rr-r 2
2
This establishesthe special case of the law of quadratic reciprocity when p:7andq:ll. We now prove the law of quadratic reciprocity, using the idea illustrated in the example. We consider pairs of integers (x,y) with I ( x ( Q -l) /2 and o -l such pairs. We divide t-hesepairs I ( y ( ( q - D/ 2. T h e re u r" 2 -l ; T into two groups, dependingon the relative sizesof qx and py.
Proof.
First, we note that qx I py for all of these pairs. For if qx : py, then q l p y , w h i c h i m p l i e st h a t q l p o r q l y . H o w e v e r ,s i n c e q a n d p a r e w e know d i s t inc t pr im es ,w e k n o w th a t q l p ,a n d s i n ce I ( y ( (q-i 12, that q I y. w i th I ( x ( Q-I)/z, To enum er at e th e p a i rs o f i n te g e rs (x y) -l) (q ( ( y 1 /2, and qx > py, we note that these pairs are precisely those (p-l)/2and ( ( x For each fixed value of the I (y where I 4qx/n. ( with are 1 x 4 b-1012, there Iqx/pl integers satisfying integer x, ( number of pairs of integers G,y) y qx total the Consequently, I 4 /n.
311
9.2 The Law of Quadratic Reciprocity
Q-t)t2
withl (x
( Q-D/2,andqx>
( Q-D/2,t (v
Pvis
Iqilpl'
?,
-l) 12, We now considerthe pairs of integersG,il with 1 ( x ( b 1 ( y ( (q-D 12,and qx < py . These pairs are preciselythe pairs of i n t e g l r sG , i l w i t h 1 ( y ( ( q - D / Z a n d 1 ( x 4 p y l q . H e n c e , f o r e a c h -1) 12, there are exactly fixed value of the integer y, where I ( y ( (q ( shows that the total This py x I 4 lq. lpy lql integers x satisfying (q-t)/z, ( (i,y) ( x I with b-D/2,1 (y ( nurnu..of pairselil/r.g"rt andqx < py is
j- r
Adding the numbers of pairs in these classes,and recalling that the total ' = rt ' + ,w e s e eth a t n u mb er of s uc h pair s ,,
')'' j-|
,r,,d:+'+ hilpt*'ni'' i-r
,
or using the notation of Lemma 9.2, p-l .q-l 22
T(q,p) + TQ,q) Hence,
1-11r{n'c): (-t) ,-t1rQ'il+r@,q): (- 11r(e'n) Lemma 9.2 tellsus that 1-1yr(a,r): f
lf
["'l
lp J
\
lzll4l:(-t) l . qJ l . pJ
p-l .q-r 22
."0 1-gr{o.o): [" .|
H ence
lq)
P-t.q-l
2 2
This concludesthe proof of the law of quadratic reciprocity. n The law of quadratic reciprocity has many applications. One use is to prove the validity of the following primality test for Fermat numbers. Pepin's Test. The Fermat number F^ : 22' + I is prime if and only if 3 G ' -r)1 2 : -l
(m o d F - ).
proof. We will first show that F* is prime if the congruencein the statement of the theorem holds. Assume that
312
QuadraticResidues
3G^-r)/2: -l
(mod F*).
Then, by squaring both sides,we obtain 3F.-1 = I (mod F*). From this congruence,we seethat if p is a prime dividing F*,then 3F.-l = I (modp), and hence, ordo3 | {f ^-I)
: 22'.
Consequently,ordr3 must be a power of 2. However,
ordo3tr2''-': (F^-D/2, since 3G^-t)/2 - -l (mod F*) . Hence, the only possibility is that o 1do3: 22^ : F ^ - l . Si n c e o rd o 3 : F m-t ( p - I and p F*, we see I that p : F^, and consequently,F^ must be prime. C o n v e r s e l y , i fF r : 2 2 ' * reciprocity tells us that
(e.5)
I is prime for m )
l , t h e n the law of quadratic
:[+] t*l:[+J
since F^ = | (mod 4) and F^ = 2 (m o d 3 ). Now, using Euler's criterion, we know that
(e.6)
t*l
3 G' -t)/' (-o d
F-).
From the two equationsinvolving I I I (9.5)and (s.e),we conclude that
[". j'
_ _1 (mod 3(J'._r)/2 F). This finishesthe proof. E x a m p l e .L e t m : 2 .
tr Then F2: 2 2 ' + l : 1 7 a n d aFr-t)lz _ 3 8 :
-1 (mod l7).
9.2 The Law of QuadraticReciprocity
313
By Pepin'stest, we seethat F2 : l7 is prime' : 4 2 9 4 9 6 7 2 9 7W - e n o t et h a t Let m :5. Then Fs:22' + l:232 t I -l (mod 4294967297). 3G,-D/2: 12": 32t4148364810324303 * Hence, by Pepin'stest, we seethat F5 is composite'
9.2 Problems l.
Evaluate the following Legendre symbols
[-u]
d)
a,
[ 6 4 r. J
[*]
u,[+l c,t*l 2.
f:ul
e)
l e e rJ
Iros]
l*'l
prime, then Using the law of quadratic reciprocity, show that if p is an odd
: [;] 3.
{lii
p = tl (mod 12) p = t 5 ( m o d 12 ) .
Show that if p is an odd Prime, then
[-r I :
[7J
{l
ifp=t(mod6) if p = -l (mod 6).
4 . Find a congruencedescribing all primes for which 5 is a quadratic residue' 5 . Find a congruencedescribing all primes for which 7 is a quadratic residue. (Hint: Let n be 6 . Show that there are infinitely many primes of the form 5Ic * 4'
of a positive integer and form Q : 5(tnr'\2+ 4' Show that Q has a prime divisor reciprocity quadratic of law the use do this, To n. greater than + 4 5k the form - t I to show that if a primep dividesQ, then | ? | t)l
314
Quadrati c R esi dues
7 . Use Pepin'stest to show that the following Ferntat numbersare primes a)
Fr : 5
b)
F3 - z5i
c)
F4: 65537.
8.
From Pepin'stest, concludethat 3 is a primitive root of every Fermat prime.
9.
In this problem, we give another proof of the law of quadratic reciprocity. Let p and q be distinct odd primcs. Let R be the interior of the rectanglewith vertices
o:
( o , o )A, : b / 2 , 0 , B : Q / 2 , 0 ,a n dC : b / 2 , q / D .
a)
Show that the number of lattice points (points with integer coordinates)in R i, P-l .q-l 22
b)
Show that there are no lattice points on the diagonalconnectingO and C.
c)
Show that the number of lattice points in the triangle with verticesO, A, C Q-D/2
is i-l
d)
Show that the number of lattice points in the triangle with verticesO, B, Q_r)/2 and C is j-l
e)
Concludefrom parts (a), (b), (c), and ( d ) t h a t Q-t)/2
Q-D/2
j-t
j-l
Derive the law of quadratic reciprocityusing this equationand Lemma 9.2 Computer Projects Write programsto do the following: l.
Evaluate Legendresymbols,using the law of quadratic reciprocity.
2.
Determine whether Fermat numbersare prime using Pepin'stest.
9.3 The Jacobi symbol I n t his s ec t ion ,w e d e fi n eth e J a c o b is y m b o l . Thi s symboli s a general i zati on of the Legendresymbol studied in the previoustwo sections. Jacobi symbols a r e us ef ul in t he e v a l u a ti o no f L e g e n d res y m bol sand i n the defi ni ti onof a type of ps eudop ri me . Definition. n : p' ipt i
Let n be a positive integer with prime factorization ' p; a n d l e t a b e a p o s i ti v ei n te ger rel ati vel ypri me to n. Then,
315
9 .3 The J ac obi s Y mb o l
the Jacobi symbol
:
[.]
l, ,|
t
; I
bY t' denned
I
p\'p'; " ' p';
l:[*]'t;l lh)'
Legendre S on the right-hand side of the equality are where the symbol symbols. Example. From the definition of the Jacobi symbol, we see that
: lz)'let:(-r)2(-r):-r' ['l: lzl :lil l45,11."ij
l;l
#l:[+*l:[+l[+l[+]:[+l[+l l*l -r
and
:
: '-D2 t2(-'l): [+]'[+l'[+]
When r is prime,the Jacobisymbolis the sameas the Legendresymbol' the valueof the Jacobisymbol ' However,whenn is composite, lq I Oott nor
lr)
tell us whether the congruencex2 = a (mod n) has solutions..,*. that if the congruencex2 = a (mod n) has solutions,then l*
ln)
|
- t
do know To see
(modn) has th i s, not e t hat if p i s a p ri me d i v i s o r o f n and i f x2 = a solutions, then the congruencex2 = a (mod p) also has solutions. Thus,
r I Ii | : t lp).. tl
that I
g
m ( ^ )t f -l : l. To seethat it is possible : Consequently, ' | + I II | * I ln) i-1lPi)
: | : 1 when there are no solutions to xz
a (mod n), let a : 2 and
ln )
: (-r)(-1): r. However, : are there that[+l n: t5.Nore t?l t+.| ) ^l. ,l t J t r no solutionsto x2 i 2 (mod i S), rin* x2 = 2 (mod 5) have no solutions.
the congruencesx2 = 2 (mod 3) and
We now show that the Jacobi symbol enjoys some propertiessimilar to those of the Legendresymbol.
316
QuadraticResidues
Theorem 9.5. Let n be an odd positive integer and let a and b be integers relativelyprime to n. Then
(i)
(ii)
(iii)
if a:
D (modn),then
ll: l*)
lol: l["] fql n ) ln )
I n )
r )- t | | : t _ 1 1 h - D / z' f tr ) /)
(iv)
. I Ll :1-1) (n':-r)/a ln )
Proof- In the proof of all four parts of this theorem we use the prime factorizationn : p\,p'i . . p';. Proof of (i). we knowthat if p is a rrime.,dividinqn,then a =b (modp). Hence,from Theoremg.z G\ we have : we see l* | l+ | consequentry, IDJ lp) that
: f*l"l+J" [-tL'lo)"lol" I ol'': fal :lr'l i*l f,,J lo,Jlp,) lo^,| lo,t lp^):l;j Proof of (i). From r v " ' Theorem r r r v v r w t t9.2 7t ' L (ii), w s know \ I r ' f ' we K l l u w that fq) lo, ,l
4 e l - t ) ) = | * t ; e ? _ D+ t , A ? t ) ( m o d 64).
Hence,
n2:t+tJp?-D+tze?-D+
+ t ^ ( p T - l ) ( m o d6 4 ) .
This implies that
( n 2 - t ) / 8 : t J p ? - D / B+ t z e ? - D / s + . . . + t * ( p 3 , _ l ) / (8m o ds ) . combiningthis congruence for (n2- l)/g with the expression for [el teils ln ) f u s t h a t l L"l' l : 1 - 1 ; ( n ' - t ) / 8 . D
ln )
We now demonstratethat the reciprocity law holds for the Jacobi symbol as well as the Legendre symbol. Theorem 9.6. Let n and m be relatively prime odd positive integers. Then m-t n-l f lf I
l r l -| l L l : lm )l n )
( _t ) ,
Proof. Let the prime factorizations of rn and n : ql' q! , . . . qo r,.w e s e eth a t
, .
n be m : pl,pl, . " p!' and
w)'"'
lr):,4 tt)':,q,s and
l*): t
( n l4/
IIl;l j-t I'J
Thus,
I
)
s r :rtrt j-t
i-t
It)"''
319
9.3 The Jacobi symbol
,sti*lt l+l[*]:,g
q'l
h)
10tu'
l
From the law of quadratic reciProcity, we know th at
[ o , - ,f n,-, 1 I
t*ltr)
lr
:(-rllrj
t-)
l
Hence,
|^) [ , I [7Jl;): We note that
r
( '
f| ff(-l)
(-l)'-'l-' \
r \ "):
/
j-l
t-l
:z",1+] ',[+] ,.a''t+] ",1+l t,p,
As we demonstratedin the proof of Theorem 9.5 (iii),
(mod2)
=*
Doif+] j-t(o)z and
5u,[+]=
n-l 2
(m od 2).
Thus,
(e.8)
r s i-t
^fr,-tl
^[Qr-tl =.-l J
i-r
+(mod2).
\
Therefore,from (g.Z) and (9.8), we can concludethat f
)f
)
l Lnl l a l : ( _ r ) I
m-l
2
n-l
2 tr
)lm )
We now develop an efficient algorithm for evaluating Jacobi symbols. Let a : and b be relatively prime positive integers with a < b. Let Ro Q and R r : D Using the division algorithm and factoring out the highest power of two dividing the remainder, we obtain
32A
Quadratic Residues
Ro:
Rflr+2t'R2,,
where s1 is a nonnegativeinteger and R2 is an odd positive integer less than R I ' When we successivelyuse the division algorithm, and factor out the highest power of two dividing remainders,we obtain Rr: *r:
Rr-r : R n -z :
Rzez+2"'R3 Rflt+2"Ra
Rn_2Qn_2 * 2t.-rRn_1 R n -tQ r-, + 2 t .-t. I ,
where s; is a nonnegativeinteger and R; is an odd positive integer less than : 2,3,...,n-l Note that the number of division, ,"qu-ir"d to reach &-r for i the final equation does not exceed the number of divisions requiied to find the greatestcommon divisor of a and b using the Euclidean algorithm. we illustrate this sequenceof equationswith the following example. E x a m p l e .L e t a : 4 0 1
andb:
lll.
Then
4 0 1: 1 1 1 . 3 + 2 2 . n lll17.6+20.9 17:9.1+23.1. Using the sequence of equations we have described, together with the properties of the Jacobi symbol, we prove the following theorem, which gives an algorithm for evaluating Jacobi symbols. Theorem 9.7. Let a and b be positive integers with a > b . Then ni-r R,-r f ^'l + " ' + s ' - r& - !a!**f, +...+R"_,-tR._r_r t 8 r z 2 2 2 l+l:(-l)'' lb ) where the integersR; and s;,,t :1,2,...,n-l
: i+l:[+]
'
, are as previouslydescribed.
Proof. From the first equation and (i), (ii) and (iv) of Theorem 9.5. we have
fglla,|-
: (-1)
321
9 .3 The J ac obi s y m b o l
we have using Theorem9.6,the reciprocitylaw for Jacobisymbols,
+ :'-')+ t#l t*l
so that f ^ I
R,-l
l+l:(-r)T LDJ
R,-l
ni-t-
[ n, I
IR,J
Similarly, using the subsequentdivisions,we find that
ry*n#i+l :,-,rT '/ lgl ^, 1R;+rJ ,| [ * n e n w e c o m b i n ea l l th e e q u al i ti es,w e obtai n the desi red
fo rT :2, 3, . . . , n- t \
for l+ I tr expression ' [b ,l The followingexampleillustratesthe useof Theorem9.7. Example. To evaluate
we use the sequenceof divisionsin the
[++], previousexampleand Theorem9.7. This tells us that
[+orl:,-,lt F*o'"lt*'
n't'.ttr!:r +*!+
+:r.
l.111 J
The following corollary describes the computational complexity of the algorithm for evaluating Jacobi symbols given in Theorem 9.7. relatively prime positive integers with a > b ' ,,be O(loezb)3) bit Then the Jacobi symbol l+ | can be evaluated using " lb) operations.
Corollary 9.1. Let a and D
rt Proof. To find lf
of O1ogzb) a sequence I uting Theorem9.7,we perform
t . DJ
divisions. To see this, note that the number of divisions does not exceed the number of divisions needed to find G,b) using the Euclidean algorithm. Thus, by Lam6's theorem we know that O (log2b) divisions are needed. Each
322
QuadraticResidues
divisioncan be doneusing o ((lo^gzD2) operations. Each pair of integers si can be found using o(logzb).bit bit operationson"" ih" appropriate fl.u.nd divisionhasbeencarriedout. consequently,o((log2D)3)bit operationsare required to find the integers R;,s7,i :1,2,"',n-t a andb. Finaily,to evaluate the exponent of -l lr.T in the expression for l+l in Theorem9.7, we usethe last threebits in the lD ) binary expansion:of Ri,i : r,2,...,,n-r and the last bit in the binary expansions of sy,,r: r,,2,...,n-r. Therefore,we use 0(lo926) additional bit operations to find I+l Sinceo((log2D)3)+ ooog2b): o(tog2,D2) the , lD ) corollarvholds. tr
9.3 Problems I.
Evaluatethe followingJacobisymbols
a, t+]
b, [*]
b, [*]
, lx)
c,[*] 'tml
2 . For which positive integers n that are relatively
to 15 does the Jacobi
symbor equar r? t*l 3 . For which positive integers n that are relatively
to 30 does the Jacobi
symbor equar r? |.+l 4 . Let a and b be relatively prime integers such that b is odd and positive and a :
(-l)'2'q
where q is odd. Show that b-l
:
(-l)--'r
+
br-l
l-''
["1 lb )
5.
Let n be an odd square-free., positive integer. Show that there is an integer a
: -t such that(a,n): I and l;,J
323
9 .3 Th e J ac obi s Y m b o l
6.
Let n be an odd square-freepositive integer' r\ w h e r et h e s u m i s t a k e n o v e r a l l k i n a r e d u c e ds e t a ) S h o wt h a t ) l + l : 0 ,
ln )
of residuesmodulon. (Hint: Use problem5') b)
,n. numberof integersin a reduc?O"ti'ofresidues From part (a), show 11"\ O : -t. - r - - to the number*itn l* I modulon suchttut I | : I" -is- equal
l'J
lrj
7 . Let a and b:ro be relatively prime odd positive integers such that A :
lOQt *
e1r1
tO:
rlQ2 I
e2r2
enfn
fn-tQn-t*
fn-l:
with where q; is a nonnegative even integol, €; : t l, r; iS a positive integer by : obtained are l. These equations ri 1 ri t, for t : 1,2,...,frj , and rn Section l0 of problem in given algorithm successivelyusing the modified division t.2.
f^'l a)
Show that the Jacobi symbol |*
f"l
Irl b)
I i, given by
l . DJ
:(-l)[
l++*++:. 2
t
2
2
*t-f'+l 2
2
)
Showthat the Jacobisymbol [+.| t, givenbv lD ) t'^l
l+ | : (-r)r' lb;
w h e r e T i s t h e n u m b e r o f i n t e g e r si , I < , (mod 4). 8.
( n, with ri-r 7 ciri = 3
Show that if a and b are odd integers and (a,b): reciprocity law holds for the Jacobi symbol: I
(
" lt
a-t b-t
b l -:l - ( - r ) ; - ; a-'b-'
' ) \ll;l-J '--'J lr;l-l l,_ [(-l)2
2
l, then the following
ira aidi (mod 22r+2). Therefore.
t2'-t : h-D/2
m
) r s Z/ a ; d i ( m o d 2 ' + t ) . i-l
329
9.4 EulerPseudoprimes
This congruenceimPlies that 12s-t-r = i
aidi (mod 2)
i-l
and (9.10)
66-r\/2 : (6rt7z:-'- :
(-t)'.*
2 o'd' (mod n). (-1)t-t
:
On the other hand, from (9.9), we have
m ^) : fI el)"'"' : ((-r)d,)., : : fr lnl ft [+.|. I n J , . : r| . p , J i _ r
.fo,o, (-1)i-t
t-l
Therefore, combining the previousequation w i th (9 .10),w e seethat
- [ql 6(n-t)/z ln)
(m o d n ).
Consequently,n is an Euler pseudoprimeto the base D' tr Although every strong pseutloprimeto the base D is an Euler pseudoprime to this base, note that not every Euler pseudoprimeto the base b is a strong pseudoprime to the base b, as the following example shows. Example. We have previously shown that the integer 1105 is an Euler pseudoprimeto the base 2. However, 1105 is not a strong pseudoprimeto the base 2 since :2552: 2(llos-l)/2
I (mod 1105),
while 2 0 t 0 s - r ) / 2: 222 7 6 :
7gl + t
1 (mod ll05).
Although an Euler pseudoprime to the base b is not always a strong pseudoprime to this base, when certain extra conditions are met, an Euler pseudoprimeto the base D is, in fact, a strong pseudoprimeto this base. The following two theoremsgive results of this kind. Theorem 9.9. If n : 3 (mod 4) and n is an Euler pseudoprime to the base b, then n is a strong pseudoprimeto the baseb.
330
Quadratic Residues
Proof. From the congruence n = 3 (mod 4), we know that n-l : 22.t where t : (n-l)/z is odd' Since n is an Euler pseudoprime to the base b, it follows that
- ql (mod bt : 6..'-t)/2 n). f ln ) r\ tbl : Drnce l- | +1, we know that either bt = l (mod n) or ln ) -l (modn). Hence,oneof the congruences b' = in the definitionof a strong pseudoprimeto the base b must hold. consequently, n is a strong pseudoprime to the baseb. tr Theorem9.10. If n is an Euler pseudoprime to the base6 and lal
: -r.
l\ n l '/
then n is a strong pseudoprimeto the base b.
Proaf. We write n-l : 2't , where / is odd and s is a positive integer. Since n is an Euler pseudoprimeto the base b, we have
br-,t: 6,.'-r)/2 fa l (modn). ln) r) B u t s i n c el 4 I : - t , w e s e et h a t
ln)
b ' r-' = -l
(m o d r).
This is one of the congruencesin the definition of a strong pseudoprime to the base b. Since n is composite,it is a strong pseudoprimeto ihe base ,. tr Using the concept of Euler pseudoprimality, we will develop a probabilistic primality test. This test was first suggestedby Solovay and Stiassen [7g]. Before presentingthe test, we give some helpful lemmata. Lemma 9.3. If n is an odd positive integer that is not a perfect sguare,then there is at least one integer b with | < b I
ft,(b ,n) :
r , a n dl 4 | : - , , ln )
where
is the Jacobi symbol.
331
9 .4 E uler P s eudop ri me s
Proof. If n is prime, the existence of such an integer b is guaranteed by Theorem 9.1. If n is composite,since n is not a perfect square,we can write n : rs wher e ( r , s ) : I a n d r: p ' , w i th p a n odd pri me and e an odd positive integer. Now let / be a quadratic nonresidue of the prime p; such a / exists by Theorem 9.1. We use the Chinese remainder theorem to find an integer b with 1 < b 1 n, (b ,n) : 1, and such that b satisfiesthe two congruences b = t (mod r) b = | (mods). Then,
fal : (ul
|,bl"-(_r),-_r,
f;J l7): tp)
that : -' r ro,,ows and : , Since : [*] [*] [*] ii] t1],', Lemma 9.4. Let n be an odd compositeinteger. Then there is at least one integerD with | < b I n, (b,n) : 1, and r\ 6 6 - D / z1 l 4 | ( m o dn ) . ln) Proof. Assume that for primeto n, that
positiveintegers not exceeding n and relatively r) 6h-t)/2 :
( e . 1l )
d). l4 | (mon ln)
Squaring both sides of this congruence tells us that r t2
b,-t :
lAl
l 3 I = ( + l ) z : I ( m o dn ) , ln )
if (b,n) : I Hence, n must be a Carmichael number. Therefore, from a rr e d i s t i n c t T h e o r e m8 . 2 1 , w e k n o w t h a t n : Q t 4 z " ' e , , whereQt,Qz,...,Q odd primes. We will now show that
332
QuadraticResidues
6 h - t ) / 2= 1 ( m o d n ) for all integers b with I ( b ( n and (b,n) :1. integer such that 6 h -r)/2 :
-l
Suppose that b is an
(mod n).
we use the chinese remainder theorem to find an integer a | 1 a { fl, (a,n): l. and
with
a=b(modq1) a : - | ( m o d Q z Q s .. . q , ) . Then, we observethat
o.r2)
o G - 1 ) / 2-
6b-D/z:
_ l ( m o dq 1 ) ,
while
(e.13)
= I (mod ezQt...Q,). o(n-r)/Z
From congruences O . l D a n d ( 9 . 1 3 ) ,w e s e et h a t o h _ t ) / 2* contradictingcongruence(q.tt).
+ 1(modn),
Hence, we must have
6 (,-t)/2= I (m o d n), for all D with I < , ( n and (b,n) - r. Consequentry, from the definition of an Euler pseudoprime,we know that
6".-t)/2:|,aj : I (modn)
l, )
for all D with I < b ( n and (b,n) : r. However, Lemma 9.3 tells us that this is impossible. Hence, the original assumption is false. There must be at l e as tone int eger6 w i th | < b 1 fl , (b ,,D : l , and 6G-D/z1
|r l4 | (modn). tr
ln ) We can now state and prove the theorem that probabilistic primality test.
the basis of the
333
9.4 Euler Pseudoprimes
Theorem 9.11. Let n be an odd composite integer. Then, the number of positive integers less then n, relatively prime to n , that are basesto which n is an Euler pseudoprime,is less than 6fu) /2. Proof. From Lemma 9.4, we know that there is an integer b with I < b 1 n, (b,n): l, and
ql (mod n). 6b-r)/2 l f lnJ
(s.rq
Now, let e1,e2,...,e^denote the positive integers less than n satisfying 1 ( a ; ( n, ( ai, n) : l , a n d
r) n), afn-rtrzlLl (mod
(e.ls)
In )
for; : 1,2,...,m. Let rr{2,...,rm be the least positive residuesof the integers bayba2,...,ba^ I for modulo n. We note that the integers rj are distinct and (ri,n): j : 1,Z,...,frt.Furthermore,
, ( n - , ) t 2 1 ( m ond) . [+]
(e.16) For, if it were true that
,e-,)/2-
[+]
(mod n),
then we would have
$a)(n-,)/2 l+l r-"0,r This would imply that,
: t+l 6h-t)/2o(n-t)/2
I r 1J
and since (9.14) holds.we would have
[+]
(mod n ),
334
QuadraticResidues
_ fqI 6."-t\/2
l, )'
c ont r adic t ing( 9 .1 4 ). S inc e aj, j :1 ,2 ,...,m , s a ti s fi e s th e congruence (9.15) w hi l e r j, j : 1, 2, . . . , n, d o e sn o t, a s (g .to ) s h o w s ,w e know thesetw o setsof i ntegers share no common elements. Hence, looking at the two sets together, we have a total of 2m distinct positive integers less than n and, relativ-elyprime to n. Since there are Qh) integers less than n that are relatively prime to /r, we -filis can conclude that 2m < qfu), so that m < proves the eh)/2. theorem. tr From Theorem 9.1l, we see that if n is an odd composite integer, when an integer b is selectedat random from the integers 1,2,,....,n-1, th; probability that n is an Euler pseudoprimeto the base 6 is less than I/2. This leads to the following probabilistic primality test. The Solovay-StrassenProbabilistic Primality Test. Let n be a positive integer. Select, at random, ft integers bpb2,...,boLorr the integers i,2,...,r-r. For each of theseintegersbj,j : 1,2,...,k,determinewhether 6Q-t)/2
t+]
(modn)
If any of these congruencesfails, then n is composite. If n is prime then all these congruences hold. If n is composite, the probability that all k congruenceshold is less than l/2k. Therefore, if n passesthis test n is ,,almost certainly prime." Since every strong pseudoprime to the base b is an Euler pseudoprime to this base, more composite integers pass the Solovay-Strassenprobabilistic primality test than the Rabin probabilistic primality test, altirough both require O(kQag2n)3) bit operations.
9.4 Problems l.
Show that the integer 561 is an Euler pseudoprimeto the base 2.
2.
Show that the integer 15841 is an Euler pseudoprime to the base 2, a strong pseudoprimeto the base 2 and a Carmichael number.
3.
Show that if n is an Euler pseudoprimeto the basesa and 6. then n is an Euler pseudoprimeto the base a6.
335
9.4 EulerPseudoprimes
4.
Show that if n is an Euler pseudoprimeto the base b, then n is also an Euler pseudoprimeto the basen-b.
5 . Show that if n= 5 (mod 8) and n is an Euler pseudoprimeto the base 2, then r is a strong pseudoprimeto the base 2. 6.
Show that if n = 5 (mod 12) and n is an Euler pseudoprimeto the base 3, then n is a strong pseudoprimeto the base 3.
7.
Find a congruencecondition that guaranteesthat an Euler pseudoprimeto the base 5 satisfying this congruencecondition is a strong pseudoprimeto the base 5.
8.
Let
the
composite positive integer
, : pl,pi, . . . ph,
where pi : | *
kr ( kz ( < k-, and where n: pseudoprimeto exactly
n
have
prime-power factorization
where for zfqi i:1,2,...,ffi, | * 2kq. Show that n is an Euler
6" II ((n-l)/2, p1-t) j-l
different basesb with l < b ( n , w h e r e
(
12
D r : 1 1/Z It t
if kr:
1,
if kj < k and a; is odd for some j otherwise.
9.4 ComputerProjects Write programsto do the following: Determine if an integer passesthe test for Euler pseudoprimesto the base b. Perform the Solovay-Strassenprobabilistic primality test.
10 Decimal Fractions and GontinuedFractions
10.1 DecimalFractions In this chapter, we will discuss rational and irrational numbers and their representationsas decimal fractions and continued fractions. we begin with definitions. Definition. The real number a is called rational are integers with b * 0. If a is not rational. then
a - a /b, where a and b say that u is irrational.
If a is a rational number then we may write a as the quotient of two integers in infinitely many ways, for if ot : a b, where o f uni b are integers with b ;t' 0, then a : ka f kD whenever fr is a nonzero integer. It is easy to see that a positive rational number may be written uniquely as the quotient of two relatively prime positive integers; when this is done we say that the rational number is in lowest terms. Example. We note that the rational number ll/Zl also see that
is in lowest terms. We
-tt/-21 - tt/2r : 22/42: 33/63: The following theorem tells us that the sum, difference, product, and quotient (when the divisor is not zero) of two rational number is again rational.
337
1O.1 DecimalFractions
Then a + 0, a - 0' a9' Theorem 10.1. Let a and B be rational numbers. and a/0 (when P+0 are rational' : alb and B : cld' where Proof. Since a and p are rational, it follows that a * O' Then' each of the e, b, c, and d are integers with b * 0 and d numbers a * B : a /b + c l d : (a d * b c)/bd' a - 0: a/b - c/d : (ad-bc)lbd' a0-b/b)'k/d)-acfbd, a/0 : b /b) lG ld) : ad lbc @*0 ' denominatcr different is rational, since it is the quotient of two integers with from zeto. D We start by The next two results show that certain numbers are irrational' considering ,/T Proposition 10.1. The number '/T is irrational' prime integers Proof. Suppose that .,,6 : a lb, where c and b are relatively with b I 0. Then, we have 2:
a2lb2,
so that 2b2 : a2. Since 2lor,problem 3l of Section2.3 tells us that2la. b2:2c2.
Let q :2c,
so that
6. H ow ever, He n c e, 21b, , and b y p ro b l e m 3 l o f Se c ti o n2 .3 ,2 al so di vi des a nd b' This a b o t h d i v i d e c a n n o t we^know that 2 since G,b)':1, B contradiction shows that .6 is irrational' it We can also use the following more general result to show that .6 irrational. * cnlxn-t * Theorem 10.2. Let o( be a root of the polynomial x' with cs * 0. integers * cp * cs where the coefficientsca, ct,...,cn-r,are Then a is either an integer or an irrational number' and b Proof. Supposethat a is rational. Then we can write ot: alb whete a
338
DecimafFractionsand ContinuedFractions
are relatively prime integers with b o. x' + c r - 1x n- l * * c p * ,0 , w e h a v e b/b),
rc,_tG/6y,-t *
Since ot is
+cJa/D
a
root
of
*ca:0.
Multiplying by bn, we find that an + cn_pn-tb +
* c p b o - r + c s b n: 0 .
Since
' '!n',*n', ^:,,;;'i-. ,,n*'u* * , u'^o!,', u"rli-" o;ui, orp x,'-::'il Since p I b and b I an , we know that p
Hence, by problem 3l of I a, Sec t ion 2. 3, w: s e e th a t p l a . H o w i v e r, si nce (a, b) : l , thi s i s a contradiction which shows that b : t 1. Consequently, if a is rational then d : * o, so that a must be an integer. tr we illustrate the use of Theorem 10.2 with the following example. Example' Let a be a positive integer that is not the mth power of an integer, so that "\/i it not an integer. ThJn x/i i, irrationat by Theorem 10.1, since
" l. L e t a b e a re a l n u mb e r, a n d ret a:Ial be the i ntegerpart of a, so that r:o--[a] i s t h e f r a c t i o n a lp a r t o f a a n d o t : a * 7 w i t h 0 < 7 < I' From Theorem 1.3, the integer a has a unique baseb expansion. We now show that the fractional part ^yalso has a unique base 6 expansion. Theorem 10.3. Let 7 be a real number with 0 ( y ( l, and let b be a positive integer, b > | . Then can be uniquely written T as r:
; ci/bi j-r
where the coefficientsc; are integers with 0 ( c; < 6-l for j : 1,2,..w ., ith the restriction that for every positive integer l/ there is an integer n with n2Nandc, lb-1.
339
1 O,1 D ec im al F r ac t i o n s
series' We will use the In the proof of Theorem 10.3, we deal with infinite geometric series' following formula for the sum of the terms of an infinite < t. Then Theorem 10.4. Lets and r be real nurnberswith lr[
V o r i: a / 0 - ' ) .
j-0
(Most calculusbookscontain a proof') For a proof of Theorem 10.4,see [62]. We can now ProveTheorem 10'3' Proof. We first let c1: IbTl , l et so th a t 0 ( c r ( b_ 1 , s i n c e0 < b 7 < b . In a d di ti on, ^ fr : b l - c r : b ^ Y- l b l l ' sothat0(?r(land ^Y:
c1 , 7l ' 1 b b
^yg for k : 2,3,..., bY We recursivelYdefine c1 and ck :
[bfr-r]
and
nlk-t:+.+' so that 0(cr follows that
(b-t,
C"t
C1
7:T* Si n ce 0 ( ln (
and 0(rt
s i n c e0 ( b z t - r 1 b ,
Ur*
l, w e s e eth a t a 4 l r/b n
)tgntO' Therefore. we can conclude that
*
< I'
Cn
n,
+^Y,
b,
< l /b n . consequentl y,
:0.
Then'
340
DecimalFractionsand ContinuedFractions
lim
7:
n , /uo.
while (10.3) j:k+t
j-k+l
:(b-l)
l lLK+l
, "u | _ t/b
: l / b k, where we have used Theorem 10.4 to evaluatethe sum on the right-hand side of the inequality. Note that equality holds in (10.3) if and only if d j - c . i: b- l f o r a l ! i w i th 7 ) t 1 t, a nd thi s occurs i f and onl y i f d j : . b- l- and c i:0 fo r i 2 k + t. H o w e v e r,such an i nstancei s excl uded by the hypothesesof the theorem. Hence, the inequality in (tO.:) is strict, and therefore, (to.z) and (10.3) contradict (to.t). ttris shows that the baseb \ expansionof a is unique. tr
341
1 O.1 Dec im al F r ac ti o n s
The unique expansion of a real number in the form ). c1/bi is called the J-t
base b expansionof this number and is denotedby kp2ca..)6. To find the base b expansion(.cp2ca..)6 of a real number 7, wo can use the recursive formula for the digits given in the proof of Theorem 10.3, namely ^ fk : b y * -t - l bl t -J ,
ck : lbt*-J , where ^Yo: ^Y,for k : 1,2,3,...
Example. Let ( . c p2 c a ..)6 b e th e b a s e8 e x p a n s ionof l /6. Then tc 1: [ 8 ' ; l : o _
1,,
l_
c2:[8';'l:2, J
_ )_ ca:[8']l-5, J
_ tca:[8'Tl:2, J
cs:[8'?t:t,
^yt:8 -l : I + T, ^y2:s -2: 2 t' + ^y3:B -5 - I T' + 2 74:8 + -2 - T' I ^ys-s +-s: T,
and so on. We see that the expansionrepeatsand hence, t/6 : (1 2 5 2 5 2 5 ..)8. We will now discussbase b expansionsof rational numbers. We will show that a number is rational if and only if its base D expansion is periodic or terminates. Definition. A base D expansion (.cp2ct..)r is said to terminate if there is a : 0. positiveinteger n such that c, - cn*l - cn+z: Example. The decimal expansionof l/8, (.125000...)ro: (.125)ro,terminates. Also, the base 6 expansionof 419, (.24000...)o- (24)6, terminates. To describethose real numbers with terminating base b expansion,we prove the following theorem.
342
DecimalFractionsand ContinuedFractions
Theorem 10.5. The real number a, 0 < q I 1, has a terminating base D expansion if and only if a is rationaland a : r/s, where 0 ( r ( s
and every
prime factor of s also divides D.
Proof. First, supposethat a has a terminating base 6 expansion, (c 1c2...c)6 .
d:
Then Q:
b' so that a is rational, and can be written with a denominator divisible only by primes dividing b. Conversely,supposethat 0 ( a (
l, and
a:
rfs .
where each prime dividing s also divides 6. Hence, there is power a of D, say bN, that is divisible by s (for instance, take N to be the largest exponent in the prime-power factorization of s). Then bNot:b*r/t:er, where sa : bN ,, and a is a positive integer since slbr. (a*a^-1...aps)6 be the baseb expansionof or. ln"n a^b^*o^-tb^-r + . . . * atb*ag
Now
let
ar/bN :
a:
6u :
d*b--N
:
(.00...a m o m - t . . . a , a s )y .
+ am_tbm-l-fl
+
*a1b|-tr+ aob-N
Hence, a has a terminating base6 expansion. D Note that every terminating base b expansion can be written as a nonterminatingbase6 expansionwith a tail-end consistingentirely of the digit b-1, since (.cp2... c^)r- (cp2... pir cm-lb-lbi...lu (.ttl l l ...)ro . T h i s i s w h y w e requi re i n Theorem i n stanc e,( 12) t o: 10.3 that for every integer N there is an integer n, such that n ) N and
343
1 O.1 Dec im al F r ac ti o n s
cn# b-l; A base
without this restrictionbaseb expansionswould not be unique. instance b expansionthat does not terminate may be periodic, for I 1 3 : ( . 3 3 3 . . .1)s' | / 6 : ( . 16 6 6 . ' . t) o '
and | /7 : (.t+ztst 142857142857..) rc' if there are Definition. A base b expansion (.cp2ca..)6 is called periodic : ' N n for cn 7 positive integers N and k such that cn11 Wedenoteby(cp2...cv1-,']]-"*1-')6theperiodicbaseb (.cp 2...c7,1"') a' For instance'we have t -( t t...cN+t-rc.nv rclr...cry+
expanslon
r/3 : (.J)_.,0 , 7 1 6: ( . 1 6r)o, and
ll7 : (.taxsz)ro. begin Note that the periodic parts of the decimal expansionsof 1/3 and l/7 the proceeds immediately, while in the decimal expansion of l/6 the digit I b base periodic periodic pirt of the expansion. We call the part of a part periodic L*punsion preceding the periodic part the pre-period, and the thi period, where we take the period to have minimal possiblelength' (.ootorzr)r. Example. The base 3 expansionof 2/45 is (0 0 1) 3and t he per io di s (O t2 l )3 .
The pre-period is
The next theorem tells us that the rational numbers are those real numbers gives with periodic or terminating base b expansions. Moreover, the theorem of rational expansions b base periods of and the lengths of the pre-period numbers. Theorem 10.6. Let b be a positive integer. Then a periodic base b expansion representsa rational number. Conversely,the base b expansionof a rational ( 1, a: rfs, number either terminates or is periodic. Furthero if 0 < a : T(J where every where r and J are relatively prime positive integers, and s prime factor af T divides 6 and (U ,b) : 1, then the period length of the base of a is ordy b, and the pre-period length is .l/, where N is the b ""punrion smaliestpositiveinteger such that TlbN.
344
DecimalFractionsand ContinuedFractions
Proof. First, suppose that the baseD expansion of a is periodic,so that
a: (.crrr...r*ffi)o c1
ct I-J-
b62 C1
C'; I-J-
b62 where we have used Theorem 10.4 to see that €l
6tc
s^_ t"^ ojo
I
,r - . _
bk-l
bk
Since a is the sum of rational numbers, Theorem l0.l rational.
tells us that a is
Conversely,supposethat 0 ( a ( l, a : r /s, where r and s are relatively prime positive integers, s : T(J , where every prime factor of T divides b, Ql,b): 1, and I/ is the smallestinteger such-that Tlb* Since Tlb*, we have aT:
(10.4)
bN, where c is a positiveinteger. Hence bNa:bN
LTUU
or
Furthermore,we can write (r0.5)
ar
c
i:n*i,
where A and C are integers with
0 < I < 6N, and (c,u):
0 < c < u.
l. (the inequalityfor A followssince0 ( bNa: +
< bN.
U which results from the inequality 0 ( a ( I when both sides are multiplied by bN) . The fact that (C,tl): I follows easily from the condition (r,s) : l. Fr om T heor em 1 .3 ,A h a s a b a s eb e x p a n s i o nA : (anan_t...epo)u.
lf U : l, then the base b expansion of a terminates as shown above. Otherwise, Iet v : ord,ub. Then,
34s
1O.1 DecimalFractions
b'#:
(10.6)
Q u+ t )c U
+t,
where/ is an integer, since b' = | (mod U). However, we also have (t
(-
+ c' * al. b')
-C+j 62
b'+:b'l]+ U
(10.7)
LA
b'
that o' where(cp2ca...)6is the baseb expansion t,so c k : l b l t -J , where To :
C
T, f o r k
(10.8)
: 1 , 2 , 3 , . . . . F r o m ( 1 0 . 7 )w e s e et h a t
(-( b' *: U\
^ y k- b ' y t -r - l bl * -J
l r , b u - t+ c 2 b ' - z+
* r"] t ru.
( T, ( l, Equatingthe fractionalparts of (10.6) and (tO.S),notingthat 0 we find that C 4 t : -
Iv
u'
ConsequentlY,we seethat
^Yv: ": t' so that from the recursivedefinition of c1,c2,...we can concludeIhzt cpau: c1, nuta periodic baseb expansion for k : 1,2,3,.,.. Hence $ c - (n-rcr-Q6. U Combining (tO.+) and (10.5), and inserting the base b expansionsof A and
9. *. huu, U'
(ro.s)
bNa :
( a n a n - 1 . . . a t a o. c p 2 . . . c v 6) .
Dividing both sidesof (10.9) by bN, we obtain a : ( . 0 0... a n a n - r . . . o p o f f i )
u,
(where we have shifted the decimal point in the base b expansion of brya N
346
D e c i ma l F ra c ti ons and C onti nued Fracti ons
spaces to the left to obtain the base b expansion of a). In this base D expansionof a, the pre-period (.00...a,an-t...ipo)a is of length N, beginning with.A/ - h*1) zeros,and the period f.ngit, ir r. We have shown that there is a base b expansionof a with a pre-period of length r/ and a period of length v. To finish the proof, we must ,t o* that we cannot regroup the base b expansion of a, so that either the pre-period has length less than ry', or the period has length less than v. To do this, suppose that
q: (.crrr...trffi)u :
C1
b
Ct
*;*
*#*(*)la.
k f t M - t + c2 b M - 2 q
+cM)(bk-t) + Gyar6k-t+ bM (bk -t)
, cM+k -;m
f cTaap)
S i n c eq . : r f s , w i t h ( r , s ) : l , w e s e et h a t s l b M $ k _ D . C o n s e q u e n t l y , TlbM uTd ul(tk-o. H e n c e , M > N , a n d v l k ( f r o m T h e o r e mg . l , s i n c e bk = I (mod tD and v : ord,ub). Therefore,'the pre-period length cannot be less than ,^/ and the period length cannot be less than v. D We can use Theorem 10.6 to determine the lengths of the pre-period and p e r iod of dec im a l e x p a n s i o n s . L e t a : r/s , 0 < a ( l , and , :2" , 5r,, , where (1,10) : l. Then, from Theorem 10.6 the pre-period has length max (s1,s2)and the period has length ord,l0. Example. Let ot:5/28. since 2g - 22.7,,Theorem10.6 tells us that the prehas length 2 and the period has length ord710 : 6. Since rylt:d: (fiasll4z), 5/28 we seethat theselengthsare correct. Note that the pre-period and period lengths of a rational numb er r f s, in lowestterms, dependsonly on the denominators, and not on the numerator /. we observe that from Theorem r 0.6, a base b expansion that is not terminating and is not periodic representsan irrational number. Example. The number with decimal expansion o r: . 1 0 1 0 0 1 0 0 0 1 0 0 0 0 . . . , consisting of a one followed by a zero, a one followed by two zeros, a one followed by three zeroes, and so on, is irrational because this decimal expansiondoes not terminate, and is not periodic.
347
1O.1 DecimalFractions
so that its decimal The number d in the above example is concocted occurring numbers expansion is clearly not periodic. To show that naturally becausewe do 10.6, Theorem such as e and 7( are irrational, we cannot use No matter numbers' these of not have explicit formulae for the decimal digits cannot still we compute, we how many decimal digits of their expansions could period the because conclude that they are irrational from ihis evidence, be longer than the number of digits we have computed'
10.1 Problems l.
Show that dE is irrational a)
by an argument similar to that given in Propositionl0'l'
b)
using Theorem 10.2.
2.
Show that :/i
3.
Show that a)
+ ..6 is irrational.
log23 is irrational.
which logob is irrational, where p is a prime and b is a positive integer is not a Power of P rational or 4 . show that the sum of two irrational numbers can be either irrational. either rational or 5. Show that the product of two irrational numbers can be irrational. b)
6.
Find the decimal expansionsof the following numbers
d) 8lrs
a) 2/5 b) slt2 c) r2113 7.
e) lllll f) 1/1001.
Find the base 8 expansionsof the following numbers
d) r16 e) rlrz f) r122.
a) rl3 b) rl4 c) rls 8.
Find the fraction, in lowest terms, representedby the following expansions
a) .rz
b) .i
c) n.
348
D e c i ma l F ra c t i ons and C onti nued Fracti ons
9'
Find the fraction, in lowest terms, representedby the following expansions
a) (.rzi, b) (.oar6 l0' Il'
For which positive integers D does the base 6 expansion of l r/zro terminate? Find the pre'period and period lengths of the decimal expansions of the following rational numbers
il 7/t2 b) tt/30 c) t/7s 12'
c) (.iT),, d) (M),6.
d) rc/23 e) B/s6 f) t/6t.
Find the pre'period and period lengths of the base 12 expansions of the following rational numbers
a) t/+ b) r/B c) 7/ro
d) s/24 e) 17h32 f) 7860.
13' Let b be a positiveinteger.Showthat the period lengthof the base6 expansion of l/m is m - I if andonlyif z is piimeand, i, primitiveroot of m. " 14. For which primesp doesthe decimalexpansion of l/p haveperiodlengthof a)l b)2 c)3
d)4 e)5 f) 6?
15. Find the baseb expansions of
a) r/(b-r)
b) r/6+D .
16. Showthat the baseD expansion of t/G-1)z;, 1.9ffirJp1;u. 17. Showthat the real numberwith base6 expansion
(otzt.,.o-tlol rr2..)t, constructed by successivelylisting the base b expansions of the integers, is irrational. 18. Show that
+.#.#.#.#
349
1 O.1 Dec im al F r ac t i o n s
r9.
one. is irrational, whenever D is a positive integer larger than integers greater than one' Let byb2,fur... !s an infinite sequence of positive as represented be can Show that every real number
,o*?.#+#;+, ( ct ( bp for k : I'2'3'"" where cs,c1,cz,c!,...are integers such that 0
20.
a)
Show that every real number has an expansion CrCtrt+
to+l!
*
zl* 3!
: are integers and 0 ( ct ( k for k where cs,c1,c2,c!,-.-
l'2'3'""
of the type show that every rational number has a terminating expansion (a). describedin Part llp is ('t,tr'-oJ" Supposethat p is a prime and the base b expansionof is p - l. show that llp of expansion b base so that the period length of the ( p, then. if z is a positive integer with I ( ln
b)
Zl.
( 2...c1sacP) 6' m /p : (.cya1...coac where k : indtm modulo P. has an even period length'
2 2. Show that if p is prime and l/p - ('ffi)6 k :2t,
f o r . , ;:r 1 , 2 , " ' , t
thenci * ci+t: b-l
whete h and' k 2 3 . The Farey series Fn of order n is the set of fractions hlk (h,k): are integers,0 ( ft < k ( n, and include 0 and I in the forms i
1, in ascendingorder' Here, we
and I respectively' For instance, the Farey I
seriesof order 4 is
3l
0l112
T ' T , T ' T ' 7 , 7 ,T a)
Find the Farey series of order 7.
b)
Show that if a/b bd - ac :1.
c)
Show that if a/b, c/d, and e/f then
and c/d
c
are successiveterms of a Farey series' then
a*e
are successiveterms of a Farey series,
7- E7'
3so
DecimalFractions and ContinuedFractions
d)
Show that if a/b ordern, then b*d
and, c/d ) n.
are successiveterms of the Farey series of
24. Let n be a positiveinteger,n ) l. Show that I not an integer. l0.l
ComputerProjects
Write computerprogramsto do the following: I' 2'
Find the base 6 expansionof a rational number, where b is a positive integer. Find the numerator and denominator of a rational number in lowesr rerms from its base b expansion.
3'
Find the pre-period and period lengths of the base D expansion of a rational number, where b is a positive integer.
4'
List the terms of the Farey series of order n where n is a positive integer (see problem 23).
10.2 Finite Continued Fractions Using the Euclidean algorithm we can express rational numbers as continued fractions. For instance, the Euclidean algorithm produces the following sequenceof equations:
62:2.23 + 2 3 : l . 1 6+ 1 6: 2 - 7 + 7:3-2 +
lG 7 2 l.
When we divideboth sidesof eachequationby the divisorof that equation,we obtain 62:r*16:,)r 23 23
I nlr6 I ?3-:t+L:t* 16 16 16/7 16 : I I Z : r + + 7 7 7/2 L
+ !. +:3 2 2' By combiningtheseequations, we find that
351
1 O.2 F init e Cont inu e d F ra c ti o n s
62 :2+ 23 :2+
1 23116 t
r '- L :
I
I
rc17 I
:2*
1+h I
:2*
1+
2++3*;
in the abovestring of equationsis a continuedfraction The final expression of 62123. expansion We now definecontinuedfunctions' of the form . A finite continuedfraction is an expression Definition I aot
atl ctz *
+-
1 a n - rt L
an an positive' The real ale real numbers with Q1,Q2,Q3',"'' where Qg,a1,a2,...,an continued fraction' the quotients of numbers ej,a2,...,Q'nare called lhe partial as,c r,..., an are all numbers real the if The continued fraction is called simple integers. we use the Because it is cumbersome to fully write out continued fractions, the above in fraction to represent the continued notation Lso;a1,e2,...,Ctn| definition. a We will now show that every finite simple continued fraction represents can number rational every that will demonstrate we rational number. Later be expressedas a finite simple continued fraction'
352
DecimalFractions and ContinuedFractions
Theorem l0'7 ' Every finite simple continued fraction represents a rational number. Proof' we will prove the theorem using mathematical induction. For n : 1 we have [ao;arl:oo+
I *aoar*l al og
which is rational. Now assume.that for the positive integer k the simple continuedfraction [ag;at,e2,...,eklis rational whlnevst as,or,...,okare integers with a r,...,ak positive. Let as,at,...,ek+tbe integers with er,...,ek+t positive. Note that [ a g . a 1 , . . . , a k +: t la g + Ia;a2,..., a1r.a1ra1l
By the induction hypothesis,[a ria2,...,ek,ek+r] is rational; hence, there are integers r and s, with s*0, such that this continued fraction equals r/s. Then l a o ; a 1 , . . . ,a k , o k + t l : a g +
I r/s
agr*S
which is again a rational number. tr We now show, using the Euclidean algorithm, that every rational number can be written as a finite simple continued fraction. Theorem 10.8. Every rational number can be expressed by u finite simple continued fraction. Proof. Letx:a/b w h e r ea a n d b a r e i n t e g e r s w i t h b > 0 . L e t r s - a and r't : b. Then the Euclidean algorithm prodr.", the following sequenceof equations:
353
1O.2 Finite ContinuedFractions
rO : r| :
r1Q1* 12 r2Q2* 13
Q 1r2 ( tt, 0(131rr,
12:
r3Qtl 14
0(ra113,
: ln-3
:
fn'ZQn-Z*
:
tnQn
fn-1Qn-1*fn
fn-Z: fn-l
0(rn-11tn-z, 0(rnlrn-t
fr-t
Writing these In the above equations 4z,Qt,.",Qn are positive integers. equations in fractional form we have L: b
lo
tt
:
tt:
.
6
13
I
q2+;:Q2.Trt
r2 rZ:
ta,
nr*;:et*
r3
ln-3
:
rn-2 ln-2: rn-l' fn-l
I
Qr*;:qt+
/1
tn-l
:
Qn-2
tn-2 L Qn-l t
,n
I
rrt^
I -L -t rn-2/rn-t : - nq- -n.-+l 4- , n - r , / r ,
;
: ,QN
rn
first equation' Substitutingthe value of r1/r2from the secondequation into the we obtain
(l 0.10)
al T:4tt
, 4z r
t ,rlry
into (10.10) Similarly, substituting the value of r2fr3 from the third equation we obtain
3 54
DecimalFractionsand ContinuedFractions
c
Qr*
b
Qz*
Q t *+rilrt Continuing in this manner, we find that
T:
I
q ' t+ Qz* Qt*
*
Qn-t
,l Qn
Hence
q n l . T h i s s h o w s t h a t e v e r yrational number can be t:rnriQz,..., written as a finite simple continuedfraction. ! We note that continued fractions for rational numbers are not unique. From the identity an :
Gn-l)
+
we seethat [ a g ; a1 , e 2 , . .e. ,n _ t , o n l: I a g ; a 1 , c t 2 ,e. .n. ,_ t , e n whenevera, )
L
Example. We have 1
#I I
: [ o ;I , l , l , 3 1: [ o ; l, l , l , 2 ,I ] .
In fact, it can be shown that every rational number can be written as a finite simple continued fraction in exactly two ways, one with an odd number of terms, the other with an even number (see problem 8 at the end of this se c t ion) . Next, we will discussthe numbers obtained from a finite continued fraction by cutting off the expressionat variousstages. Definition. The continued fractions [as;a1,o2,..., a1l, where ft is a nonnegative integer less than n, is called the kth convergenr of the continued fraction
355
1O.2 Finite ContinuedFractions
by Ct ' [ao;a1,e2,...,Qnl The kth convergentis denoted the convergentsof In our subsequentwork, we will need some properties of starting with a properties, these a continued fraction. We now develop formula for the convergents. an be real numbers,with a 1;a/;...,a, positive' Theorem 10.9. Lel ag,a1,e2,..., recursivelyby Let the sequencesP0,Pt,..., Pn and qs,qt,"', Qn be defined Qo: I Po: aO : q1: ar a s o l * l Pt and P * : o k P k - t t P*-z
Qk:
q*-z
apQt-t t
t k : I' ao;at,.' .,okl i s gi ven by fo r /c : 2, 3, . . . ,n . Then the k th c o n v e rg e n C Cp -- P*lqr' : 0 proof. we will prove this theorem using mathematical induction. For k we have Co: lael : asll : Polqo. For k : l, we seethat Cr : l a o ;a 1 l : a s + ! :
a1
aoat*l a1
:Pt Qt
Hence. the theorem is valid for k : 0 a n d k : l where Now assume that the theorem is true for the positive integer k Thismeansthat 1n 2 Crj*ro )
Cz*'
-numbered so that every odd-numberedconvergentis greater than every even convergent. tr
360
D e c i ma l F ra c ti ons and C onti nued Fracti ons
Example. Consider the finite simple continued fraction 12:3,1,1,2,41. Then the convergentsare CoC1 CzC: : C+: Cs :
We seethat Co : 2 1 Cz: 2.25I Ca : 2.2777... ( Cs :2.2784... ( Cr :2.2957... ( Cr :2.3333...
10.2 Problems l'
2'
Find the rational number, expressedin lowest terms, representedby each of the following simple continued fractions
a) b) c)
IZ;ll [t;z,z] [0;5,0]
e) f) e)
[ r ;r ] [ l ;l , l ] [ I ; t , l, l ]
d)
5 , 1] [3;7,1
h)
[ l; I ,l ,l,l ].
Find the simple continued fraction expansion not terminating with the partial quotient one, of each of the following rational numbers
il
6/s
d)
b) c)
22t7 t9/29
e) f)
slsss
-4311001 873/4867.
Find the convergentsof each of the continued fractions found in problem 2 . Let up denote the kth Fibonaccci number. Find the simple continued fraction, terminating with the partial quotient of one, of u1,-,1fup,where ft is a positive lnteger. 5. Show that if the simple continued fraction expressionof the rational number a , a . ) 1 , i s [ a 6 ; a t , . . . , a kthen l, the simple continued fraction expressionof l/a is l};a o,ar,...,a k'l. 6.
S h o w t h a t i f a e * 0, then
1O.3 InfiniteContinuedFractions
P*/p*-r
361
: I o o i a * - t ., - . , a 1 , a s l
and q* / q tr-r: I'au:ar-r,"',a2,a11, convergentsof the where Ck-r: p*-t/qrr-r and C* : pt lq*,k ) l,are successive : (Hint: a*P*-1 * pp-2 to relation the Use P* continued fraction la6;a1,...,an1 * I / ( p x t / p * ) . a r s h o wt h a t p t / p * - r : of the 7 . Show that q1,) u1, for k:1,2,... where c*: p*lqr is the kth convergent and all denotesthe kth Fibonacci number' simple continued fraction las;a1,...,an1
8 . Show that every rational number has exactly two finite simple continued fraction expansions. be the simple continued fraction expansion of rls where 9 . Let lao;ar,a2,...,a211 Show that this continued fraction is symmetric, i'e. I and r)l : o s : a 2 1 t a t a n - t d 2 : a n - 2 , . .i.f, a n d o n l y i f s l ( r 2 + t ) i f n i s o d d a n d s l ( r 2 - t ) i f n is even. (Hint: Use problem 6 and Theorem 10.10). (r,s):
10.
Explain how finite continued fractions for rational numbers, with both plus and minus signs allowed, can be generated from the division algorithm given in problem 14 of section1.2'
ll.
be real numbers with a r,o2,...positiveand let x be a positive Let as,ar,a2,...,ak real number. Show that Ias;a1,.'.,ar,l1 lao;a6--.,a1,*xl if k is odd and I a s ; a 1 , . . . , a t>1 [ a o ; a 1 , . ' . , o 1 r * xi f] t i s e v e n .
10.2 Computer Projects Write programs to do the following: l.
Find the simple continued fraction expansionof a rational number
2.
Find the convergentsof a finite simple continued fraction.
10.3 InfiniteContinuedFractions . Supposethat we have an infinite sequenceof positive integersQo,Qt,ay,... How can we define the infinite continued fraction Las,at,a2,...l? To make sense of infinite continued fractions, we need a result from mathematical analysis. We state the result below, and refer the reader to a mathematical analysisbook, such as Rudin lezl, for a proof. Theorem ll.l2. Let xs,x r,x2,... be a Sequenceof real numbers Such that xo ( x r ( x z ( . . . a n d x 7 , < u fo r k : 0 ,1 ,2 ,... for somereal number u, or x o 2 x r 2 x z 7 . . . a n d x t 2 L f o r k : 0 , 1 , 2 , . . . f o r s o m er e a l n u m b e rl .
362
D e c i ma l F ra cti ons and C onti nued Fracti ons
Then the terms of the sequencexu,xr,x2,... tend to a limit x, i.e. there exists a real number x such that
14to:"' Theorem 10'12 tells us that the terms of an infinite sequencetend to a limit in two specialsituations,when the terms of the sequence are increasingand all less than an upper bound, and when the terms of the sequenceare decreasing and all are greater than a lower bound. We can now define infinite continued fractions as limits of finite continued fractions, as the following theorem shows. Theorem 10.13. Let as,e1,ct2,...be an infinite sequenceof integers with ar,Qz,... positive, and let ck : lag;a1,a2,...,e1a1Then the convergents cp tend to a limit ot.i.e
J4to:"' Before proving Theorem l0.l 3 we note that the limit a described in the statement of the theorem is called the value of the infinite simple continued fraction [as;at,o2,...1. To prove Theorem 10.13, we will show that the infinite sequenceof evennumbered convergents is increasing and has an upper bound and that the infinite sequenceof odd-numbered convergentsis decreasingand has a lower bound. We then show that the limits of these two sequences,guaranteedto exist by Theorem 10.12,are in fact equal. W e now will p ro v eT h e o re m 1 0 .1 3 . Proof. Let m be an even positive integer. From Theorem 10.1l, we seethat
cr ) ct) cs ) ca1cz1cq1
)
C^-t
1C^,
and C2i 7 Czn+t whenever 2j 4 m and 2k + | . Cs) co(czlc+(
) C z n - t ) C zn+ , 1 Czn-z 1 C2n I
and czi ) Cz**t for all positive integers j and k. we see that the hypothesesof Theorem rc.12 are satisfied for each of the two sequences C 1, C3, C2, . . and . C s ,C z ,C 4 ,.... H e n c e , th e sequenceC 1,C 3,C 5,...tends to a
363
1O.3 lnfinite Continued Fractions
a2 ' i'e' limit d1 and the sequenceCs,C2,C4,"' tends to a limit : dr )i*c"*r and : o(2'
)*c"
Using Our goal is to show that these two limits a1 and oQ are equal' Corollary 10.2 we have (-l)(z'+tl-t : lzn*t - Pzn * zt n C z n +-r C n Qzn+t
Qzn
Qzn+lQz,
Qzn+lQzn
Since e* 2 k for all positive integers /c (see problem 7 of Section 10.2), we know that I ( z n + l )Qn) ezn+rQzn and hence Czn*t - Cz,
Qzn+tQzn
tends to zero, i.e. nlim
(C z ra 1- C 2 n ) : 0 .
s 1,C 3 ,C s ,...a n d C g ,C 2 ,C 4 ,...have the S amel i mi t, si nce H e n c e,t he s equenc eC
j*
(cr,*t - cz) :
,lg
Czn*t-
,lg
cz, : o.
Therefore ayr: aq, z11dwe conclude that all the convergentstend to the limit d : (rr : dz. This finishesthe proof of the theorem' D Previously, we showed that rational numbers have finite simple continued fractions. Next, we will show that the value of any infinite simple continued fraction is irrational. Th e o r em 10. 14. Le t o s ,,o 1 ,e 2 ,...b e i n te g e rs w i th a1,Q2,...posi ti ve. Then Ia o ;ar , , a2, . . . 1is ir r ati o n a l . Proof. Let a : las;at,ctz,...land let
364
DecimalFractionsand ContinuedFractions
Cr : pr/qp : [ a o ; at , . . . , a k l denote the /cth c o n v e r g e n t o af . W h e n n is positive a integer,Theorem 10.I I shows that C2, ( a ( C z r + t , s o t h a t 0 ( a - Czn I
Czn*t - Czo .
However, from Corollary 10.2, we know th a t I
Czn*t - C2n :
' 4zn+tQzn
this meansthat Pzn
0(a-Czn:a-
4zn
a Qzn+ tQzn
and therefore, we have 0 1 a q 2 , - p z n 1 l / qzr+ t . Assume that a is rational, so that ot : e /b where a and b are integerswith b + A. Then oaoQr" b
-pzn b, so that b/Qzr+t < I . This is a contradiction,sincethe integer aQzn- bprn cannot be between0 and I . We concludethat a is irrational. n We have demonstrated that every infinite simple continued fraction representsan irrational number. We will now show that every irrational number can be uniquely expressedby an infinite simple continuedfraction, by first constructing such a continued fraction, and then by showing that it is unique.
365
1O.3 Infinite Continued Fractions
and define the sequence Theorem f0.15. Let a: cvObe an irrational number Q0 ,Qt, Q 2, ' . . r eCuf s iv e l bYY Qk : lapl,
c r k + :l I / b t - a )
continued fo r k : 0, l, 2, . . . . Th e n a i s the value of the infinite, simple fra cti o n Lag;ar , az , - ..1 .
is an integer Proof. From the recursivedefinition given above, we see that ap that induction mathematical using show easily we can for every k. Further, : a is irrational' Next, if d0 that note first We k. every for a7, is irrational is also we assume that a1, is irrational, then we can easily see that a,p1' relation irrational, sincethe dk+r:l/(at-a*)
impliesthat (10.12)
otk:A**Ls
I qk+l
and if d;611were rational, then by Theorem10.1,a7. would also be rational' Now, since a7, is irrational andap is an integer,we know that 47, I at, and aplatlap*|,
so that 0(a1-ap t (we know that sP*-rQr is a nonzero integer sincer ls #pplqr), it follows that
372
DecimalFractionsand Continued Fractions
-x
|
sQ*
lspt-rq*l
-
': lor tl sl ,
sQ*
lqo ll
I
qrl
.l*l 2tq*
F:l
2s2
(where we have used the triangle inequality to obtain the second inequality above). Hence, we seeth a t t/2sqp I
t/2s2
Consequently, Zsqp ) 2s2, which implies that q1, ) s, contradicting the assumption. tr
10.3 Problems L
2'
Find the simple continued fractions of the following real numbers
a)
,rf2
b)
^f3
c) d)
-,/i r+.6
.
Find the first five partial quotients of the simple continued fractions of the following real numbers
a) b)
1/, 2r
c) d)
(e-l)/(e+l) (e 2 -t)/(e 2 + D .
Find the best rational approximation to zr with a denominator less than 10000. The infinite simple continued fraction expansionof the number e is
e : l 2 ; 1 , 2 , 1 , 1l , 1 4 , 61, ,1 , g , . . . 1 . a)
the first eight convergents of the continuedfractionof e
1 O.3 I nf init e Cont in u e d F ra c ti o n s
b)
373
less than Find the best rational approximation to e having a denominator 100.
expansion 5 . Let d be an irrational number with simple continued fraction -ot is Show that the simple continued fraction of o : loo;ot,a2,...f at: 1' a n d I [ a s l ; a 2 l l d v " ' l i f a 1 2 [-as-l;1,a,-l,as,a3,...lif simple 6 . Show that if p*lqx and,p1,a/q1a1 2f€ consecutive convergents of the continued fraction of an irrational number a, then
l o - p r/q rl < tl z q o '
( l /2 q l a. l o - p o * r/q o * ,1 ( Hint : F ir s t s h o wth a t l o - p r* r/q * * ,1+ l o - pol qol- l po* r/q& +- r pr,/qtl : l/q*q**t using CorollarY 10.2.) 7.
Let a be an irrational number , a ) I . Show that the kth convergent of the simple continued fraction of l/a is the reciprocal of the (k-t)th convergent of the simple continued fraction of a .
8 . Let a be an igational number, and let pllei denote the jth convergent of the simple continued fraction expansion of a. Show that at least one of any three consecutiveconvergentssatisfiesthe inequality
la- pileil < t/G/-sqil. Conclude that there are infinitely many rational numbers plq, where p and q are integers with q # O, such that
l''- plql 0. c # 0. and b not a perfect square such that
a:
(a+Jb)/c.
fur*cl)+rJb (at rcu) +t Jt I Gr + cil + r JF lI ht + cil -t.'.6 | IGt *cu) +t .,/blt(at +cu)-t ./n I lGr *cs\ (at*cu) -rtblt[r (attcD -t Gr *cl)l../T (at *cu)2-t2b
377
1 O.4 P er iodic Cont i n u e d F ra c ti o n s
i s a q u a drati ci rrati onal ' unl essthe H e n ce ,f r om Lem m a l 0 .l (ra * s )/Qa + d rational' tr G is zero, which would imply that this number is ;;;d;i";, "t fractions of quadratic In our subsequentdiscussionsof simple continued irrational' quadratic irrationals we *iil use the notion of the conjugateof a -- (a+JD lc be a quadratic irrational' Then the coniugate Definition. Let a : (a -J b )l c ' o f a , denot edby o' , i s d e fi n e db y a ' the polynomial Lemma 10.3. If the quadratic irrational d. is a root of the conjugate a', is Axz + Bx * C : 0, then the other root of this polynomial of a. Proof. From the quadratic formula, we see that Axz+Bx*C:0are
the two
roots of
_B*[EW ZA of If a is one of these roots, then a' is the other root, because the sign is reversedto obtain a' from a. tr tr4AC The following lemma tells us how to find the conjugates of arithmetic expressionsinvolvingquadratic irrationals' L e mma 10. 4. I f a' : (a ftb ffd )/c 1 irrationals,then (i)
(a1+a2)' -- al t
(ii)
(a;c.2)'
a n d ,,2 : (a2* bzJd)f cz are quadrati c
a'2
: o| - d'2 : d'td2
(iii)
(ap)'
(iv)
(c"rlc.)':
a't/o.z.
parts are easier. The proof of (iv) will be given here; the proofs of the other reader' the problems for as section this of These appear at the end Proof
of
(iv).
Note that
378
D e c i m a l F ra cti ons and C onti nued Fracti ons
G ftbr.'./Z) /r,
t
".'
v l l q )
Gr+bz,/cl)/cz _ cr(a ,+b r/7) G 2-.bz,/T) lb2)''/7
: ,, While , - t--, " "
.^lrsl---7
G;brE)/cz (or-brrE) /cz cz(arbtQ)Gr+br,/V)
_
c {a 2- b 2,/7 ) (a z+ b 2,/7 ) k z a p z -c z b ftz d ) - (czazbrczaft)fi
Hence (at/a)' : or'r/a'2. D The fundamental result about periodic simple continued fractions is Lagrange's Theorem. (Note that this theorem is different than Lagrange,s theorem on polynomial congruncesdiscussedin Chapter 8. In this chapter we do not refer to that result.) Lagrange'sTheorem. The infinite simple continued fraction of an irrational number is periodic if and only if this number is a quadratic irrational. We first prove that a periodic continued fraction represents a quadratic irrational. The converse,that the simple continued fraition of a quadratic irrational is periodic, will be proved after a special algorithm for obtaining the continued fraction of a quadratic irrational is developed. Proof. Let the simple continued fraction of a be periodic, so that a : la g;at,,e2,..,,a N -r,ffi| Now let 0 : la1s;aN+r,...,41r+ft l Then
379
1 O.4 P er iodic G on ti n u e d F ra c ti o n s
g : lal;aN*I,...,4N **,01, and from Theorem 10.9,it follows that (10.13)
^ t) -
1 P * tP* -t oq*tq*-r'
Since the where p*lq* and p1r-r/Q1r-1ata convergentsof Ia11;av"1'"''oru+kl' (tO't3) we from and simple continued f.u.tlon of p is infinite, B is irrational, have
qr,02t Qr,-r-P)0 - P*-r : a' so that p is a quadratic irrational. Now note that a : l a g ;a1 ,Q 2 ,...,Q N -r, 01, so that from Theorem 10'9 we have
'a;;:fr; ' 0pr,r-ftPN-z
Since B where pN-t/qN-1 and pr,t-zlqN-2uteconvergentsof [ao;a t.a2'"''o7'1-11' quadratic a is also a that us tells 10.2 Lemma is a q*Oruii. irrational, irrational (we know that at is irrational because it has an infinite simple continuedfraction exPansion). D To develop an algorithm for finding the simple continued fraction of a quadratic irrational, we need the following lemma' Lemma 10.5. If a is a quadratic irrational, then d. can be written as
: @+,/V)/Q, w h e r eP , Q , a n d d a r e i n t e g e f s , Q* O , d QIQ-P2) .
> O , d i s n o t a p e r f e c ts q u a r ea, n d
Proof. Since a is a quadratic irrational, Lemma 10.1 tells us that
, : (a+Jb)lc, where a,b, and c are integers, b > 0 , and c # 0 . We multiply both the numerator and denominator of this expressionfor q by Itl to obtain
380
DecimalFractionsand Continued Fractions
a.-
(wherewe haveusedthe fact that lrl: -,tr\. Now let p : alcl, clcl, e: a n dd : b c 2 . T h e np , e , a n dd a r e i n t e g e r s , l 0 s i n c e, 7 0 , d e >O (since6 > 0), d is not iperfect sinceb is not a perfectsquare,and f i n a l l ye l @ - p \ s i n c ed - p 2 : 6 r z 'lQuare oirz :;rbjoif:;T'(ilorl. n We now presentan algorithmfor findingthe sample continuedfractionsof quadraticirrationals. Theorem 10.19. Let a be a quadratic irrational, so that by Lemma 10.5there are integers Ps,Qs, and d such that
@o+,/7)/Qo , whereQ0*0,d > 0, d is not a perfectsquare, and eel @-p&). define
Recursively
dk:(ro+,/7)/Qr, C tk: [a 1 ], Pk+r:atQt-Pk, Q**r : (d-roL*t)/Q*, for k : 0,1,2,... Thena : fag;at,a2,...1. Proof. using mathematical induction, we will show that pk and e* are i n t e g e r sw i t h Q 1 ,* 0 a n d e * l @ - r p , for k:0,r,2,.... F i r s t ,n o t e t h a t t h i s assertion is true for k : 0 from the hypothesesof the theorem. Now assume that P1 and Qp are integerswith e* * 0 and e*l@_p?i. Then Pk+r:
a*Qt - Pp
is also an integer. Further,
Q*+r: @-rf *r11qo : [d-(o*Q,,-pr)2]/e* : @-rfi/Qo + (2a1,P1,-a?er). Since Qrl@-pil, by the induction hyporhesis,we see that Qpal is an integer, and since d is not a perfect square, we see that d I Pi, so that t o . Since Q*+t : @-rf*;/Qo
Q* : U-rf*1/Qo*t
381
1O.4 PeriodicContinuedFractions
we can concludethat Q1,ql@-pt*t)
. This finishesthe inductive argument.
To demonstratethat the integerses,a1,a2,...are the partial quotientsof the simple continuedfraction of a', we use Theorem 10.15. If we can show that o ( k + t:
llbr-ap),
t he n w e k n o w th a t a : fa s ;a 1 ,a 2,...1.N ote that
fork:
ap-ak:
Pk + ,/7
-ap
Af
: l^/7 - G*Qr,- P)llQ* : G/7 - pt +) lQ*
: G/V- P**')(JV+ P*+)/er,G/T+ P**r) : @-rl*)/Q*QI + Pr*r) : Q*Qr,n/Qr,G/7+ Pt*,) : Q**r/('/i + Pr,*) : lla*+r , where we have used the definingrelation for Qp* to replaced-Ppzar with that a : las;a1,e2,...f . D QtQ**r. Hence,we canconclude We illustratethe use of the algorithmgiven in Theorem10.19with the followingexample. Example. Let a : Q+J1)/2 . Using Lemma 10.5,we write
: G+.,/N)/4 wh e r e we s et P o : 6 , Q.o : 4 , a n d d : 2 8 . H e n ceoo: 2'4-6:2, (28-22)/4:6,
a1
Qr
: :
P2
:
l'6-2:4,
ot2
Og-+2)/o:2,
A2
Pr
Qz :
O1
[a] : 2, and
Q + ..E)/e, : r, IQ+,/z$/61 G+,,/Tg/2,
t
382
Decimal Fractions and Continued Fractions
P3 Qt :
4'2-!:4, Qg-+2)/2:6
d3 : o3 :
e+.,m)/6, tG+6>Jil:r,
P4 Qq
: -
l'6-4:2, (28-22)/6:4,
d4 a4
: :
e+rFZ$/q, t7+.'-z$/il:
Ps Qs
-
l'4-2:2, Q8-22)/4:6,
a5 a5
: :
e+r/-Z$/6, t ( z + , , / N ) / 6 :1 l ,
andso,with repetition, sincepr:
t,
p5 and
er: es. Hence,we seethat : G + . n ) / 2 I 2 ; 1 , 4 , 1 , 1 , r , 41,,r. ,.I . : I2;1,4,1,11.
We now finish the proof of Lagrange'sTheoremby showingthat the simple continuedfractionexpansion of a quadraticirrationalis periodic. Proof (continued). Let a be a quadraticirrational,so that by Lemma 10.5 we can write a as o : (po + .,8) /eo . Furthermore, by Theorem10.19we haveo: dk ap Pwr Q*r
Taking conjugates of both sides of this equation, and using Lemma 10.4, see that
(ro.r+)
o' : (pr,-p'* * p*-) /(qt,-p'n * q * - ) .
When we solve (tO.t4) for ol1,, ws find that
383
1O.4 Periodic Continued Fractions
,
dk:
( - P*-zI -ex-,l" tr- | qk^ t ,
p*t t
,*t l to a as k tends to Note that the convergents p*-z/Q1r-2 and p*-rlqrr-t tend infinity, so that
| , - P*-z la. Q*-z I
t fr' -
P*-t
I
Q*-t
Since tends to 1. Hence, there is an integer N such that a ' * 1 0 f o r k > N . o ' t > - 0 for k > l, we have Pp
otk-Otk :
+ Jd Q*
Po-Jd Q*
Zfi r0. Qr
sothatQ*> 0fork>N. SinceQ*Qrr*,- d - P?*r, we seethat for k 2 ly', 0t ( Q*Q**r-- d P?*t < d . Alsofork>N,wehave Pl*, (d:
Pl*t-Q*Qx*r,
sothat - ,/7 I P*+r < -,/7. - -,[d < P*+r N , we see that there are only a finite number of possiblevalues for the pair of integers Px,Qx for k > N . Since there are infinitely many integers k with k > N,therearetwointegersi andT suchthatPi:Pi andQi:Qi : with i < j . Hence, from the defining relation for cu;., we see that o(i di
I a g ; al , o 2 , . . . , a i - 1 , Q i i,+o 1 , . . . ,ia- t l .
This shows that a has a periodic simple continued fraction.
D
384
DecimalFractionsand ContinuedFractions
Next, we investigate those periodic simple continued fractions that are purely periodic, i.e. those without a pre_period. Definition. The continued fraction [as;at,ez,...f is called purely periodic if t h e r ei s a n i n t e g e rn s u c h t h a t a 1 r : e n t k , f o r k : 0 , 1 , 2 , . . . , s ot h a t
lag;at,az,...l:Iffi. Example' The continued fraction tl;jl: [2;2,41: JA is not.
(t+.1:) /2 is purely periodic while
The next definition and theorem describe those quadratic irrationals with purely periodic simple continued fractions. Definition. A quadratic irrational at if called reduced if -l ( a' ( 0, w h e rea ' i s th e c o n j u g a teo f a .
a )
I
and
Theorem 10.20. The simple continuedfraction of the quadratic irrational a is purely periodic iI-and only if a is reduced. Further, if a is reduced and a: l,as;at,e2,...,enl then the continuedfraction of - l/oi i, to;o,,_ffi Proof. First, assume that a is a reduced quadratic irrational. Recall from Theorem 10.15 that the partial fractions of the simple continuedfraction of a are given by ek :
fork:
where ato: d
lapl, otk+t :
l/@tr-o*),
We see that l/qt+t:ek-ak,
and taking conjugates,using Lemma 10.4, we see that
(ro. rs)
l/a'*+t:
c , ' k- a 1 r .
we can prove, by mathematical induction, that - I ( a1 ( 0 for k:0,1,2,.... F i r s t , n o t e t h a t s i n c e c . 0 : a i s r e d u c e d ,- l l a o < 0 . N o w a ssum et hat - r 1 a ' 1 ,< 0 . T h e n , s i n c ea * 2 1 for k :0,1,2,-... (note that a o 2 I s i n c ea > 1 ) , w e s e ef r o m ( t O . t 5 ) t h a t l / o t t+ r < - 1 , so that -l
1 a'k+t < 0 . Hence, -l
< a) 10
for /c :
38s
1 O.4 P er iodic Conti n u e d F ra c ti o n s
Next. note that from ( t o . t 5 ) w e h a v e d'k:a**lla'*+t and since -l
1 a'* < 0 , it follows that -l 1a**lfa'1ra1
t
I , s o t h a t - l < s 7 ' : - l / p < 0 . Hence, a is a reduced quadratic irrational. Furthermore, note that since fi :
-l/ot,. it follows that
387
10.4 PeriodicContinuedFractions
tr
-l/o':ffiol'
fraction of '/D , We now find the form of the periodic simple continued Although \6 is not where D is a positive integer that is not a perfect square' -l -,/D and 0, the quadratic is not between reduced, since its conjug-ate
.6-ii
r.*,o*r"i6-t;
l,/Dl - '[5 ' doeslie r.duced,sinceits conjugate,
that the between-1 and 0. Therefore,from Theorem 10.20, we know initialpartial the continuedfractionor [.lill +.,/D is purely periodic. Since is quotient of the simple continued fraction of tJD | + "/D w h e r ea o : I . . / D l ' w e c a nw r i t e if faf + ,/Dl:21,/Dl:2a0,
I,/DI+-,/D:tml-
: I 2 ao ; at , Q2 , . . . ,na, 2 Qg , al , . . . , Q rl'
Subtracting ao : ,/6
from both sidesof this equality, we find that ./ D : l a g ;a3 a 2 ,...,2 a g 1 0,...1 ,a2 ,...2a ,,a
:log;orro'zmol. To obtain even more information about the partial quotients of the continued fraction of ,/D, we note that from Theorem 10.20, the simple be obtained from that continued fraction expansionof -l /$'IDl "/D) can period, that so ..lD the reversing by + for t.,6l ,
r/G/D-t.D1):tffi. But also note that
-t-6-l:lo;orprGol,
6
so that by taking reciprocals,we find that
| / G/D - t.D-l) - tor;orGrl
-
for the simple continued Therefore,when we equatethese two expressions we obtain t.D]) , fractionof llG/D Al:
QnrQ2:
Cln-ys...;On: Ol,
so that the periodic part of the continued fraction for ..lD is symmetricfrom the first to the penultimate term. In conclusion, we see that the simple continued fraction of 16
..ld:loo;ffi.
has the form
388
Decimal Fractions and Continued Fractions
We illustrate this with some examples. Example. Note that
where each continued fraction has a pre-period of rength l and a period ending with twice the first partial quotient which is symmetric from the first to the next to the last term. The simple continued fraction expansionsof ,E fo, positive integers d such that d is not a perfect square and d < 100 can be found in Table 5 of the Appendix.
10.4 Problems l.
Find the simplecontinuedfractionsof a)
Jt
b) c)
d)
,/41
Jr r Jzt
e) r)
6 ,/-gq.
2 . Find the simple continued fractions of
il
o+,fi /z
b) Qq+,81)lt c) (tt-.E)t. 3 . Find the quadratic irrational with simple continued fraction expansion
il [z;t,5] b) tz;rSI c) t2JJI. 4.
il
Letd
,,/N
beapositive
isla:Tdl.
Show that the simple continued fraction of
389
1 O.4 P er iodic Cont i n u e d F ra c ti o n s
fractionsoi tffit't'fZgg' and b) Uggrrt (a) to find the simplecontinued J22r0. 5.
Let d be a integer,d 2 2' a)
Show that the simple continued fraction of ,/F
b)
show that the simple continued fraction of JFd
c)
Ugparts
is [d-l ;@l' is [d- t;zla-zl.
(a) and (b) to find the simple continued fractions of rfg9' tffg'
,lnz. and..G60' 6.
a)
of Shory lhat if d ,l un int"g.t, d > 3 , then the simple continued fraction
,tm b)
of Show that if d is a positive integer, then the simple continued fraction
'/fu. c) 7.
i s[ d - 1 ' l H , l 2 d - 2 1 .
rsld;c$71. -l,ft-gt , anO
Find the simple continued fraction expansionsof ,/6,.6f
Let d be an odd positive integer' a)
that
Show
the
simple
continued
fraction
of
JF+
continued
fraction
of
J d2-q
is
ld;ffil,ird>l' b)
that
Show
thr __qgple
la-lM,zd-zi,\f
d>3.
, where d is a positive integer, : a is a nonnegativeinteger. *here a2+l has period length one if and only if d
8 . Show that the simple continued fraction of Ji
, where d is a positive integer, : where a and b are integers, + b a2 if d only if and has period length two . b l \ a > a n d l , b
9 . Show that the simple continued fraction of Jd
6,1: (ar+brJrl)lct
10. prove that if
and a2-- (a2*urJd)/c,
^re quadratic
irrationals, then a)
(a1*42)'
:
c , ' t*
o''2
b)
(a1-a2)'
:
d'r -
d2
c)
(c''c.z)'
:
ot't'or2.
1 1 . Which of the following quadratic irrationals have purely periodic continued fractions
a) b)
l+.6 2 + ,/-B
c) 4+',m
c) d) e)
(tt - ,/-toltg e + ,f?l)/z (tz + -'.ft-g)l:t
12. Supposethat a : G+JF)/c, where 4,b, and c are integers,b ) 0, and b is noi u perfecl square. Show that is a reduced quatratic irrational if and only if <JU andJb-a 1c 1'Jb *a 12Jb ola
390
DecimalFractionsand ContinuedFractions
13. Show that if ir-u reduced quadratic jrrational, then _ l/a, is also a reduced 1 quadratic irrational. 14'
Let k be a positive integer. Show that there are infinitely mgy positive integers D, such that the simple continued fraction expansion of ,/6 h., , period of length k. (Hint: Let at:2, e2:5, and for k > 3 let a1,:2ak_t I a*_z Show that if p : (tar + l)2 * 2a1,-1* r, where / is a nonnegativeinteger, then rD has a period of length k + l.)
15' Let k be a iF:r. Let Dk - (3k+t)2 + 3 lgsitiu: continued fraction of JOp has a period of length 6ft.
Show that the simple
10.4 Computer Projects Write computer programs to do the following: 1'
Find the quadratic irrational that is the value of a periodic simple continued fraction.
2'
Find the periodic simple continued fraction expansionof a quadratic irrational.
11 some NonlinearDiophantine Equations
11.1 PythagoreanTriPles The Pythagoreantheorem tells us that the sum of the squaresof the lengths of the legs of a right triangle equals the square of the length of the hypothenrur.. Conversely, any triangle for which the sum of the squares of the lengths of the two shortest sides equals the square of the third side is a right triangle. Consequently,to find all right triangles with integral side lengths, we need to find all triples of positive integ ers x ,y ,z satisfying the diophantine equation
(rr.t) positive Triples of Pythagorean triPles.
x2+!2:22
integers
satisfying
this
equation
are
called
Example. The triples 3,4,5; 6,8,10; and 5,12,,13are Pythagorean triples b e ca us e32 + 42 : 5 ' .6 2 + 8 2 : 1 0 2 ,a n d 5 2 + 1 22: 132. Unlike most nonlinear diophantine equations, it is possible to explicitly Before developing the result describe all the integral solutions of (ll.l). definition. we a need triples, Pythagorean all describing : l. Definition. A Pythagoreantriple x,!,2 is calledprimitive if (x,y,z) Example. The Pythagoreantriptes 3,4,5 and 5,I2,I3 are primitive' whereas 391
392
S o m e N onl i near D i ophanti ne E quati ons
the Pythagoreantriple 6,g,10 is not. Let x,!,2 be a pythagorean triple with (x,y,z) : d . Then, there are " i -r' r,,r1,21): int eger s x r , t,z r w i th x : d x i ,y : d yt,, J i r, l. Furthermore, because ""A x2+y2:22, we have G/d)2+(y/il2:(z/d)2, s o t hat
x?+y?:r?. Hence, xt,!t,21 is a primitive pythagoreantriple, and the original triple x,!,2 is simply an integral multiple of this primitive pytgagoreantriple. Also, note that any integral multiple of a primitive (or for that matter any) Pythagoreantriple is again a pythagorean triple. If x1 ])t,zt is a primitive Pythagoreantriple, then we have
x?+ y?: r?,, and hence. @x)2+(dyr)r:(dz)2, so that dx 1,dy1,dz1 is a Pythagoreantriple. Consequently, all Pythagorean triples can be found by forming integral multiples of primitive Pythagorean triples. To find all primitive pythago*un triples, we need some lemmata. The first lemma tells us that any two integers of a primitive Pythagoreantriple are relatively prime. Lemma 11.1. If x,!,z is G,y) : (x ,z) : (y,z) : l.
a
primitive
Pythagorean
triple,
then
Proof. suppose x ,! ,z is a primitive pythagorean triple and (x ,y) > l. Then, ther e is a pr im e p s u c h th a ,tp ^ l (x y ), s o th at p I x andp y. S i ncep x I I a n d p l . - y ,* . k n o w t h a t p | ( r ' + y ' ) : 2 2 . B e c a u s p e l;r,'*..un conclude that p I z (using problem 32 of Section 3.2). This is a contradiction since (x ,y ,z) : l. Therefore, (x g) : l. In a similar manner we can easilv show that ( x , z ) : ( y ,z ) : l . D
393
1 1 .1 P y t hagor ean T ri Pl e s
integers of a primitive Next, we establish a lemma about the parity of the PythagoreantriPle. then x is even and y Lemma 11.2. If x,y,z is a primitive Pythagoreantriple, is odd or x is odd and Y is even' 1l '1, we know Proof. Let x ,!,z be a Primitive Pythagoreantriple. By Lemma x and y cannot that (x ,y\ : 1, so that x and y cannot both be even. Also (from 2 problem of Section 2'1) both be odd. If x and Y were both odd, then we would have ) x - = v z = I (mo d 4 ), so that 22:x2*y2
= 2(mod4).
x is even This is impossible (again from problem 2 of Section2.1). Therefore, and y is odd, or vice versa. E The final lemma that we need is a consequenceof the fundamental theorem of arithmetic. It tells us that two relatively prime integers that multiply together to give a square must both be squares' (r,s) : I and Lemma 11.3. If r,s, and t are positive integers such that : m2 and s : n2. ; : t2, then there are integersz and n such that r Proof. If r :1 ,upptr. that r ) lbe
or s : l, then the lemma is obviously true, so we may I and s ) 1. Let the prime-power factorizationsof r,,s, and
,:p1,pi2... p:", p:" s : p:,i\ p:,it and
t : ql' ql'
quo'.
Since (r,s ) : l, the primes occurring in the factorizations of r and s are distinct. Since rs : t2, we have
pi'pi'
pi"pi,+ipi,n pl,': q?"q'ru'
qiur'
From the fundamental theorem of arithmetic, the prime-powers occurring on
394
S o m e N onl i near D i ophanti ne E quati ons
the two sides of the above equation are the same. Hence, eachpi must be equal to Qi for some j with matching exponents, so that a; : 2bi. consequently,every exponenta; is even,and therefore ai/2 is an integer. we seethat r - m2 and , : 12, where m and n arethe integers a./2 a-/z m : pt' P2'
a/2
Pu"
a nd
n : pi,r('pi,C'
a/2
Pr"
!
We can now prove the desired result that describes all Pythagoreantriples.
primitive
Theorem ll.l. The positive integers x,l,z form a primitive pythagorean triple, with y even,if and only if there are relatively prime positiveintegers 172 and n, |/t ) n, with m odd and n even or m even and,n odd, such that x : m2-n2
'r7-'#ir' Prot{. Let x ,y ,z be a primitive Pythagoreantriple. Lemma I 1.2 tells us that x is odd and y is even, or vice versa. Since we have assumed that y is even, x and z are both odd. Hence, z*x and z-x are both even,so that there are p os it iv eint eger sr a n d s w i th r : (z + i /2 a n d s : (z-i l /2. S i n c ex 2 + y 2 : 2 2 , w e h a v ey 2 :
Ir)'
z2-x2:
(z*x)G-x).
Hence.
lz+x] f ,-"1
lr): I , .lt ' J:" w e n o t et h a t ( r , s ) : 1 . T o s e et h i s , l e t ( r , s ) : d . S i n c ed l , a n d d l s , dlG+s)z and,dl(r-s):x. T h i s m e a n st h a t d l ( * , r ) : 1 , sothat d :1. Using Lemma I 1.3, we see that there are integers la and n such that r : m 2 and,s : n 2 . W ri ti n g x ,y ,a n d z i n te r msof m andn w e have x:r-.s:m2-n2.
y:rM:rffi:2mn.
395
1 1 . 1 PY t hagor ean Tri P l e s
z:r*s:m2+n2. and n must also - xalso that (m ,n) : 1, since any common divisor of m we see (x,y,z) : l ' that : know w e * ' + r' , a n d Oi "i O" : m 2- n2' ,y :2 m n , a n d z then x y ' were' if they We also note that rn and n cannot both be odd, for : (x,y l ' Since ,z) and z would all be even, contradicting the condition n is odd, and is even (m,n) : I and m and n cannot both be odd, we seem has the triple or vice versa. This shows that every primitive Pythagorean appropriate form. To seethat everYtriPle x : m2-n2 y:2mn :2m2*n2, : 1, are positive integers, m ) n, (m,n) where m and n that note first m * n (mod 2), forms a primitive Pythagoreantriple, x 2 + y 2 : ( m 2 - n 2 ) 2+ ( 2 m n ) 2 : (ma -2 m2 n 2 + n 4 )* 4m2n2 : ^ 4 * 2 m 2 n 2t n a : (m2+n2)2 : 22.
and
To see that these values of x,y, and z are mutually relatively .prime, assume t h a t ( x , y , z ) : d ) ! . T h e n , t h e r e i s a p r i m e p - s u c h t h a t p l ^ ( x , y , z ) ^ .W e note that p * 2, since x is odd (becausex: m2-n2 where mz and n2 have o fp o rit " par it y ) . A l s o , n o te th a t b e c a u s ep I,x and p l t, p I G+ i :2m2 H e n c e p I m a n d p I n , c o n t r a d i c t i n gt h e f a c t t h a t a n ' dp l i t - ; : 2 n 2 . (* ,i ) : 1. T her efo re , (r,y ,z ) : l , a n d x o y ,z i s a pri mi ti ve P ythagorean triple. This concludesthe proof. D The following example illustrates the use of Theorem I I .l to produce PythagoreantriPles. so that (m,n): and n:2, Example. Let m:5 us that I .1 tells 1 m ) n. Hence, Theorem x:m2-n2:52-22:21 Y:2mn:2'5'2:20 z:m2+n2:52+22:29 is a primitive Pythagoreantriple.
I , f f i * n ( m o d2 ) , a n d
396
S o m e N o nl i near D i ophanti ne E quati ons
We list the primitive pythagorean triples generated using Theorem I l.l with rn : < 6 in T abl e I l .l .
m
n
2 3 4 4 5 5 6 6
I 2 I 3 2 4 I 5
x :
m2-n2
y:2mn
3 5 15 7 2l 9 35 1l
t : m2+n2
4 t2 8 24 20 40
5 l3 l7 25 29 4l 37 6t
r2 60
Table 11.1. Some Primitive pythagoreanTriples.
I l.l l.
Problems Find all il
primitive Pythagoreantriples x,l,z
b)
Pythagoreantriples x,!,2 with z < 40.
2 . Show that if x,!,2 divisibleby 3.
with z
< 40.
is a primitive pythagorean triple, then either x or y is
3 . Show that if x ,!,z is a Pythagorean triple, then exactly one of x,y and,z is , divisibleby 5.
4 . Show that if x,l,z is a Pythagorean triple, then at least one of x,y, and z is divisible by 4.
5 . Show that every positive integer greater than three is part of at least one Pythagoreantriple.
6 . L e t x l - 3 ,l t : recursivelv bv
4,zt:
5, and let
for n :2,3,4, ..., be defined
397
11.2 Fermat'sLast Theorem
xntl- 3xn*Zzn*l !n+r-3xn*2zo*2 zn+t-4xn*3zn*2' Show that xnln,zn is a Pythagoreantriple' + l, thenx,l,Z isoneof
7.
S h o w t h a t i f x , ! , 2 i s a P y t h a g o r e a tnr i p l e w i t h y : x the Pythagorean triples given in problem 6'
g.
: Find all solutions in positive integers of the diophantine equation x2 I 2y2 t2'
g.
Find all solutions in positive integers of the diophantine equation x2 * 3y2:
10. Find all solutions in w2+xzry':t'. I l.
positive integers of
the
t2-
diophantine equation
Find all Pythagorean triples containing the integer 12.
1 2 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y*l 1 3 . Find formulae for the integers of all Pythagoreantriples x,l,z with z y * 2'
1 4 . Show that the number of Pythagorean triples x,-y,z (with x2 + y2 : z2) with a fixed integer x is (rk2)-l)/2if
x is odd, and (r!2l4-1)/2
if x is even.
1 5 . Find all solutions in positive integers of the diophantine equation *' * py' : 22, wherep isaprime. 11.1 Computer Projects Write programs to do the following: with xy,and
z lessthan a given bound.
l.
Find all Pythagoreantriples xJ,z
2.
Find all Pythagorean triples containing a given integer'
ll.2
Fermat's Last Theorem
In the previous section, we showed that the diophantine equation x2 + y2 : z2 has infinitely many solutionsin nonzerointegersx, !, z . What happens when we replace the exponent two in this equation with an integer grrut.. than two? Next to the discussionof the equation xz + y2 : z2 in his copy of the works of Diophantus, Fermat wrote in the margin: "However, it is impossibleto write a cube as the sum of two cubes, a fourth power as the sum of two fourth powers and in general any power the sum of two similar powers. For this I have discovereda truly wonderful proof, but the margin is too small to contain it."
398
So me N onl i near D i ophanti ne E quati ons
Since Fermat made this statement many people have searchedfor a proof of this assertion without success. Even trrouitr no ,or...t proof has yet been discovered,the foilowing conjecture is knowi as Fermat,s rasttheorem. Fermat's Last Theorem.
The diophantine equation x'+ln:zn
has no solutionsin nonzerointegersx, r, z when n is an integer with n D 3. Currently' we know that Fermat's last theorem is true for all positive integers n wit h 3 ( n < 1 2 5 0 0 0 . In th i s s e c ti o n ,w e wi l l show that the speci alcaseof Fermat's last theorem with n: 4 is true. That is, we will ,ho* that the diophantineequation xa+!4:24 has no solutionsin nonzerointegersx, !, z. Note that if we could also show that the diophantineequations xP + YP:7P has no solutionsin nonzero integersx,!,2 wheneverp is an odd prime, then we would know that Fermat's last theorem is true (seeproblem 2 at the end of this section). The proof we will give of the special case of n - 4 uses the method of infnite descent devised by Fermat. This method is an offshoot of the well-ordering property, and shows that a diophantine equation has no solutions by showing that for every solution there is a "smaller', solution. contradicting the well-ordering property. Using the method of infinite descent we will show that the diophantine equationxa + !4 : 22. has no solutionsin nonzerointegersx, !, and z. This is strongerthan showingthat Fermat's last theorem is true for n: 4, because a n y s o l u t i o no f x a + y 4 : t a : ( 2 2 ) 2g i v e sa s o l u t i o no f x a * v a : 2 2 . Theorem 11.2. The diophantine equation
**',ro,r: t' hasnosolutions in nonzer" ,",.*1, Proof. Assume that the above equation has a solution in nonzero integers x,l,z. Since we may replaceany number of the variableswith their negatives
399
1 1 .2 F er m at ' s Las t T h e o re m
we may assumethat x,Y,z are without changing the validity of the equation' positiveintegers' : 1' To see this, let (x,Y) : d. Then We may also supposethat (x,y) (x v Yt) : 1 ' w h e re x 1 and y 1 itro Positiveintegers' x : dx 1 and y = dY ,, w i th since xa + Y4 : '2 ' vte have (dx)4+(dYr)4:22, so that
d a ( x f + Y f ): ' 2 ' 2'2' we know t h a t d ' I t . Hence do | ,', and, by problem 32 of Section Thus' integer' positive Therefore, z : d'r r, where z 1is a da(xf + yf): (d2tr)': dor?, so that
xf+yl:t?. Th i s giv esa s olut io no f x a + y a : with (xr,yr) : 1.
: l r' z : zr ' 2 i n p o s i ti v ei n tegersx : xt' !
z2'where t h a t x : x , , l : 1 0 , z : z . ' i s a . s o l u t i o no f x a + y 4 : So, suppose : that there (xe,-/o) will show 1 ' We xo, lo, andzsare positiveintegerswith : 1' (xr' yl ) : : w i th zt x r,! l t, z: i s a not hers olut ioni n p o s i ti v ei n te g e rsx su ch t hat 21 1 z s . S i n c ex d + y t : z l , w e h a v e
G i l z + ( y & ) 2 :z E , we have so that x&, y&, ,o is a Pythagoreantriple. Furthermore, p I xs y&' then p and I l-fi, r&> - i, ro. if p is a prime suchthat p I x3 is a zs (xq,lrq): *3,yE, Hence, l. the fact that contradicting ;;';'l'ro, afe there that know we 11.1, prim-itiveiythagoreantriple, and by Theorem(mod (z 2) and rl ' ,n), m # positiveintegersz andn with x& : m2-n2 !& : Zmn zo: m2+n2, yfr the even where we have interchangedx62 andyfr, if necessary'to make integerof this Pair.
400
So me N onl i near D i ophanti ne E quati ons
From the equationfor xfr, we seethat x&+n2:m2. Since (m,n) : l, it foilows that x,s,n,m is a primitive pythagorean tripre. Again using Theorem I I .1, we seethat there are fositive integersr and s with (r,s) : l, r # s (mod 2). and ro : ,2-s2 n:2rs m - r2+s2. Si nc e m is odd a n d (m,n ) : l , w e k n o w that (m,2d : l . W e note that b e c aus ey & : ( 2 d m, L e mma l l .3 te l l s u s th at there are posi ti vei ntegersz1 andw with m:t? a n d 2 n : w 2 . S i n c ew i s e v e n ,w : 2 v w h e r ev i s a positiveinteger,so that v2: n/2:
rs.
si nc e ( r , s ) : I , L e m m a 1 1 .3 te l l s u s th a t th ere are posi ti vei ntegersx1 erd y1 s uc h t hat r : x l a n d s : y ? . N o te th a t si nce (r,s) : l , i t easi ryfol ow s th at ( x l, - y r ) : l. H e n c e .
x{+yf:
-2
zl
where x t,! t,z 1 ?re positive integers with (r r,y1) : l. zt I 26, because
Moreover, we have
zr(zf:m2<m2+n2-ro. To complete the proof, assumethat xa * y4 : z2 has at least one integral solution' By the well-orderingproperty, we know that among the solutionsin positiveintegers,there is a solution with the smallestvalue is of the variable z However, we have shown that from this solution we can find another solution with a smaller value of the variable z, leading to a contradiction. This completesthe proof by the method of infinite descent. n Readers interested in the history of Fermat's last theorem and how investigationsrelating to this conjecture led to the genesisof the theory of algebraicnumbers are encouragedto consult the books of Edwards Il4l and Ribenboim Irt]. A great deal of researchrelating to Fermat's last theoremis underway. Recently, the German mathematicianFaltings establisheda result that showsthat for a fixed positiveinteger n, n > 3, the diophantineequation xn + yn : z' has at most a finite number of solutions where x g, and,z are integersand (x,-y) : l.
401
1 1.3 Pell's Equation
Problems
ll.2
n is an integer n ) 2' then show that if x,! ,z is a Pythagorean triple and x"*yn#zn. of Theorem I l '2' and the 2.. Show that Fermat's last theorem is a consequence integers when p is an nonzero : in solutions no zP has assertion that xP * yp odd prime. l.
prime and Using Fermat's little theorem, show that if p is
3.
a)
if xp-l * yn-t : zP-r, then p | *yt .
b)
if xP + lP : zP, then p | (x+Y-z).
Show that the diophantine equation xo-yo: integers using the method of infinite descent'
4.
z2 has no solutions in nonzero
5.Usingproblem4,showthattheareaofarighttriangle never a Perfect square.
with integer sides is
in nonzero Show that the diophantine equation xa + 4ya z2 has no solutions integers. - 8y4 : z2 has no solutions in nonzero i. Show that the diophantine equation x' integers. : many solutions' 8 . Show that the diophantine equation xa + 3ya z4 has infinitely square' 9 . Show that in a Pythagorean triple there is at most one perfect many integer 1 0 . Show that the diophantine equation xz + y2: z3 has infinitely k the integers solutions by showing that for each positive integer : a solution. k2 * I form x : 3k2-1, | - k(k2-3), z 6.
tt.2 l.
Computer Proiects such Write a computer program to search for solutions of diophantine equations asxn
*Yn:zn.
11.3 Pell's Equation In this section,we study diophantine equationsof the form
( 11 . 2 )
x2-dy',:r,
(0, there are no where d and n are fixed integers. When d