Mathematics is the Queen ofSciences and Arithmetic is theQueen of Mathematics

Carl Friedrich Gauss

1 Prime numbers

1.1 Definitions, examples and basic properties

Let us start with recalling/formalising the principle of division with remainder.

Theorem 1.1 (The division algorithm). Let a and b be natural numbers withb 6= 0. There exist unique natural numbers q and r such that

a = bq + r and 0 6 r < b.

Proof. To show existence, note that if a < b then q = 0 and r = a will do;otherwise consider q = bab c, i.e. the largest integer such that bq 6 a, and definer = a − bq. It follows that a = bq + r and r > 0. Furthermore, r > b wouldimply a > b(q + 1) contradicting our choice of q, and so 0 6 r < b as required.

To show uniqueness, suppose there exist q, q′, r r′ such that

a = bq + r = bq′ + r′ and 0 6 r, r′ < b.

Note that if r = r′, then bq = bq′ and, since b 6= 0, we have q = q′ as required.So suppose r < r′ or r > r′. Without loss of generality r < r′, which, in turn,impllies that q > q′ (as otherwise a = bq + r < bq′ + r′ = a), and so

b · 1 = b > r′ > r′ − r = (a− bq′)− (a− bq) = b(q − q′) > b · 0,

which implies that 0 < q − q′ < 1 giving a contradiction.

Note 1.2. The division algorithm can be extended to the whole set Z of integers.

Definition 1.3. Using the same notation as in Theorem 1.1, we say that b isthe divisor, q is the quotient and r is the remainder.

Definition 1.4. Suppose that a and b are integers. We say that b divides a,which is denoted by b|a, if there exists an integer x such that

a = bx.

We also say that a is divisible by b or that b is a divisor or a factor of a.

So, for example, 4 divides 8; 15 is divisible by 3; and 7 is a divisor of 14.Note also that every integer is divisible by 1 and itself.

Definition 1.5. Let a > 2 be an integer. We say that a is prime if its onlypositive divisors are 1 and a. If a has other divisors, we say a is composite.[Consequently, a is composite if there exist b, c with 2 6 b, c < a and a = bc.]


Note 1.6. The integer 1 is neither composite nor prime.

Examples 1.7.

• Primes: 2, 3, 5, 104729.

• Twin primes: (3, 5), (5, 7), (821, 823).

• Mersenne primes (of the form 2n − 1): 7, 127.

• Fermat primes (of the form 22n

+ 1): 3, 5, 17, 257, 65537.

• James Bond primes: 4007, 6007, 9007.

• Grothendieck prime: 57.

We shall now proceed to describe some results associated with the conceptprime numbers, but before that let us state some basic divisibility properties.

Lemma 1.8. Let a, b and c be integers. Then

(a) if a|b and b|c then a|c;

(b) if a|b and a|c then a|(λb+µc) for any integers λ, µ. In particular, a|(b±c);

(c) if a|b then a|bc.

Proof. ad (a) Suppose that a|b and b|c. There exist x and y such that b = axand c = by. But then c = by = (ax)y = a(xy) and so a|c.

The remaining statements can be proved in a similar manner and are left asan exercise for the reader.

Prime numbers are the building blocks the integers are made of.

Lemma 1.9. Let a > 2 be an integer. Then a has a prime divisor.

Proof. We argue by contradiction. Suppose the statement is not true, andlet a be the smallest positive integer with no prime divisor. Then a cannot beprime, and so, in particular, there exists b such that 2 6 b < a and b|a. Byassumption, b has a prime divisor p, which then, by Lemma 1.8 (a), divides a.

Note 1.10. For those familiar with the terminology, note that what we used inthe proof was actually the method of (strong) mathematical induction.

In fact, a much stronger result is true.

Theorem 1.11 (Fundamental Theorem of Arithmetic). Any integer greaterthan 1 can be expressed as a product of (not necessarily distinct) prime numbers.Furthermore, such a representation is unique up to the order of the factors.

So, for example, 10 = 2× 5 and 1200 = 24 × 3× 52.


Sketch proof. The proof of existence is almost identical to that of Lemma 1.9.The proof of uniqueness (usually) relies on the fact that if p is prime and p|abthen p|a or p|b, which we shall discuss next week. For a detailed proof we referthe reader to, for example, [1, p. 41].

Theorem 1.12 (Euclid). There are infinitely many primes.

Proof. Suppose, for a contradiction, that there are only finitely many primes.List them as p1, p2, . . . , pk, and consider

N = p1 × p2 × · · · × pk + 1.

Clearly N > 2 (2 is on our list). Lemma 1.9 implies that N has a divisor p thatis prime and as such must have appeared on our list. In other words, p = pi forsome i. But then p|(p1 × · · · × pk) = (N − 1), which means, by Lemma 1.8 (b),that p|1 and p = ±1. Contradiction.

1.2 Primality testing. Sieve of Eratosthenes

Suppose we are given a number n and we want to check whether it is prime.A naive approach would be to check whether n is divisible by 2, 3, . . . , n−1.

In fact, if n is composite, it must have a factor not exceeding√n, so it is enough

to only check integers 2, . . . ,√n.

We can shrink the list even further by removing all even integers exceptfor 2, for if n is divisible by an even integer, it must be divisible by 2. Likewise,it is not necessary to check any multiples of 3 except for 3 itself, and so on.

These observations lie at the heart of the Sieve of Eratosthenes (κοσκι-νον Ερατοσθενους) algorithm, which allows us to find the prime numbers be-tween 2 and n:

(1) Write out the integers we are interested in: 2, 3, . . . , n.

(2) Set p = 2, the first prime number.

(3) Remove all multiples of p that do not exceed n: 2p, 3p, . . . .

(4) Find the first number remaining on the list after p and replace p with thisnumber. Note that this number must be prime.

(5) Repeat the last two steps until p2 does not exceed n.

(6) The numbers that remained on the list are prime.

There are many other tests for primality, for example Fermat’s Little Theorem,which we shall see in a few weeks.


1.3 A practice example

We shall show that the square of any integer is either of the form 3k or 3k + 1.Indeed, let n be an integer. By the division algorithm, there exist q, r with

n = 3q + r and 0 6 r < 3.

Three cases are possible:

• r = 0, so that n = 3q and n2 = (3q)2 = 3(3q2),

• r = 1, so that n = 3q + 1 and n2 = 3(3q2 + 2q) + 1,

• r = 2, so that n = 3q + 2 and n2 = 3(3q2 + 4q + 1) + 1,

and we get the required result in each case.


We might call Euclid’s methodthe granddaddy of all algorithms,because it is the oldest nontrivialalgorithm that has survived tothe present day

Donald Knuth

2 Highest common factor. Euclidean algorithm

Definition 2.1. Let a and b be integers. We say that d > 0 is the highestcommon factor (or greatest common divisor) of a and b, denoted by (a, b),hcf(a, b) or gcd(a, b), if

(a) d|a and d|b (“common factor”), and

(b) if c|a and c|b then c|d (“highest”).

If hcf(a, b) = 1, we say that a and b are coprime (or relatively prime).

So, for example hcf(4, 6) = 2 whereas 2 and 5 are coprime.One approach for finding hcf(a, b) is via the prime factorisation of a and b

(which exists by the Fundamental Theorem of Arithmetic). For example,

180 = 22 × 32 × 5, 24 = 23 × 3,

and sohcf(180, 24) = 22 × 3 = 12.

However, when it comes to large numbers, prime factorisation is not very com-putationally efficient, and Euclidean Algorithm comes into the picture.

We need an intermediate result first.

Lemma 2.2. Let a and b be positive integers, and let q, r be such that

a = bq + r and 0 6 r < b

If hcf(b, r) exists then so does hcf(a, b) and moreover

hcf(a, b) = hcf(b, r).

Proof. For simplicity denote d = hcf(b, r). We want to show that d = hcf(a, b)so we need to check that it satisfies the conditions of Definition 2.1.

(a) To show that d is a common factor of a and b: by assumption, d|b, andwe also have that d|r, so d|(bq + r) = a.

(b) To show that any common factor of a and b must divide d: let c be acommon factor of a and b. Then c|(a − bq) = r. But also c|b. Thus, bydefinition, c|hcf(b, r) = d.


So instead of looking at hcf(a, b), we can try to find hcf(b, r), which shouldbe easier because the numbers are smaller. And, unless r = 0, we can divide bby r to get even smaller numbers, and so on.

Theorem 2.3 (Euclidean algorithm). Let a and b be positive integers. Then

(a) hcf(a, b) exists and is unique.

(b) (Bezout’s identity) There exist integers x, y such that

hcf(a, b) = ax+ by. (1)


(a) Without loss of generality assume that a > b. We know that there exist q0and r0 such that

a = bq0 + r0 and 0 6 r0 < b.

If r0 6= 0, then we can continue the process: there exist q1 and r1 with

b = r0q1 + r1 and 0 6 r1 < r0

and, providing r1 6= 0, we can do this again:

r0 = r1q2 + r2 and 0 6 r2 < r1

· · ·Suppose we continue this process for as long as we can, which is knownas the Euclidean algorithm. We obtain a strictly decreasing sequence ofnonegative integers

b > r0 > r1 > · · · > 0.

But such sequence can only have finitely many terms, which means that atsome point we cannot continue. This can only happen if the correspondingremainder is zero (otherwise we could divide by it):

rk−2 = rk−1qk + rk and 0 6 rk < rk−1; rk 6= 0;

rk−1 = rkqk+1 + 0.

Now, rk is a factor of rk−1 and so rk = hcf(rk−1, rk). Therefore, applyingLemma 2.2 recursively, we get

rk = hcf(rk−1, rk) = hcf(rk−2, rk−1)

= . . .

= hcf(r0, r1) = hcf(b, r0)

= hcf(a, b)

that is, hcf(a, b) exists and is equal to the last nonzero remainder in theEuclidean algorithm.

For uniqueness note that if d = hcf(a, b) = d′ then d|a and d|b implyingthat d|d′ (as every common factor of a and b is divisible by d′), and, bythe same reasoning, d′|d so that d = d′.


(b) To express hcf(a, b) in terms of a and b, we retrace back the steps of ourEuclidean algorithm:

hcf(a, b) = rk

= rk−2 − rk−1qk= rk−2 − (rk−3 − rk−2qk−1) qk [rk−1 = rk−3 − rk−2qk−1]

= rk−2 (1− qk−1qk)− rk−3qk= · · ·= ax+ by.

Example 2.4. Find hcf(112, 20) and express it as a combination of 112 and 20.

112 = 20× 5 + 12

20 = 12× 1 + 8

12 = 8× 1 + 4

8 = 4× 2 + 0,

and so hcf(112, 20) = 4. Furthermore,

hcf(112, 20) = 4 = 12− 8× 1

= 12− (20− 12× 1)× 1

= 20× (−1) + 12× 2

= 20× (−1) + (112− 20× 5)× 2

= 112× 2 + 20× (−11).

Theorem 2.3 provides a number of interesting corollaries.

Corollary 2.5. Let a, b, c be integers and suppose that c|ab and hcf(c, a) = 1.Then c|b.

Proof. By the Euclidean Algoritm, there exist x, y with

1 = cx+ ay.

After multiplying both parts of the equation by b we get

b = (cx)b+ (ay)b = c(xb) + (ab)y.

Clearly c|c and, by assumption, c|ab, so c|c(xb) + (ab)y = b as required.

Note 2.6. The condition hcf(c, a) = 1 is necessary: 4|(2× 2) but 4 6 |2.

Now, if p is prime and p 6 |a, we must necessarily have hcf(p, a) = 1, and so,rewriting Corollary 2.5 accordingly, we get

Corollary 2.7. Let p be a prime such that p|ab. Then p|a or p|b.


A classical application of this result is the proof of the uniqueness part ofthe Fundamental Theorem of Arithmetic.

Proof of uniqueness of prime factorisation. We shall proceed by contradictionand assume that N is the smallest integer that can be written as a product ofprimes in (at least) two ways:

N = pe11 · · · pekk = qf11 · · · q

fll .

Now, p1|N = qf11 · · · qfll and so, applying Corollary 2.7 repeatedly, we conclude

that there exists i with p1|qfii = qiqi · · · qi. Appealing to Corollary 2.7 again,we conclude that p1|qi. But qi is prime, and p1 > 1, which is only possible ifqi = p1. Without loss of generality assume that i = 1 and so we have

M := pe1−11 · · · pekk =N


q1= qf1−11 · · · qfll .

Since M < N , its factorisation into primes must be unique. Consequently k = land (up to a rearrangement of the indices on the right) p1 = q1, . . . , pk = qk,e1 = f1, . . . , ek = fk. Contradiction.

The proof of the following result is similar to that of Corollary 2.5 and isleft as an exercise on one of the problem sheets.

Corollary 2.8. Suppose that hcf(a, b) = 1, a|c and b|c. Then ab|c.We shall finish with a couple of observations.

Note 2.9.

(a) The worst case scenario occurs when the algorithm is applied to two con-secutive Fibonacci numbers. Since nth Fibonacci number is roughly equalto φn/

√5, the complexity of the algorithm is O(log n).

(b) The integers x, y satisfying (1) are not unique and in fact there are in-finitely many of them. It can be shown that if (x, y) is any solution to (1),then all solutions are described by the set{(


hcf(a, b), y − ka

hcf(a, b)

)| k is an integer


For example,

4 = 112× 2 + 20× (−11) = 112× 7 + 20× (−39).

(c) Equation (1) is an example of a Diophantine equation of first order. It is aneasy consequence of the Euclidean Algorithm that an equation ax+by = cis soluble (in integers) if and only if hcf(a, b)|c.

(d) The concept of hcf can be generalised in several directions. On the onehand, it can be extended to more than two variables. On the other hand,it can be applicable to other structures, such as rings of polynomials (longdivision), Gaussian integers (which are numbers of the form a + ib witha, b integers and i =

√−1) or, more generally, Euclidean domains.


Gauss once said “Mathematics isthe queen of the sciences andnumber-theory the queen ofmathematics.” If this be true wemay add that the Disquisitionesis the Magna Charta ofnumber-theory.


3 Modular (aka clock) arithmetic

3.1 Introduction

Suppose that it is now 9 o’clock. What will the time be in 8 hours? In “normal”arithmetic this would be 9 + 8 = 17 o’clock. But if we live in a 12-hour clockworld, then it will actually be 5. So in the clock arithmetic (which is arithmeticmodulo 12 ) we have

9 + 8 = 5.

We can generalise the notion as follows.

Definition 3.1. Let n be a positive integer. We say that integers a and b arecongruent modulo n if n|(a− b). This is denoted as

a ≡ b (mod n).

[Equivalently, a ≡ b (mod n) if a = b+ kn for some integer k.]Some authors use notation a ≡ b (n) or even a = b (n).

So, for example, 1 ≡ 13 (mod 12) and −1 ≡ 1 (mod 2), but 1 6≡ 5 (mod 3).In general, if we are dealing with arithmetic modulo n, then all multiples

of n can be ignored, and so instead of dealing with original numbers we can lookat their remainder when divided by n thus restricting ourselves to the numbers{0, 1, . . . , n − 1} or {−n + 1, . . . ,−1, 0}. We shall often identify numbers withtheir remainders, so that the sentence “find a (mod n)” will mean “find theremainder of a when divided by n”.

We start with some basic properties of congruences. Their proof is verymuch in the spirit of that of Lemma 1.8 and is left as an exercise for the reader.

Lemma 3.2. Let a, b, c and d be integers and let n be a positive integer. Then

(a) a ≡ a (mod n);

(b) if a ≡ b (mod n) then b ≡ a (mod n);

(c) if a ≡ b (mod n) and b ≡ c (mod n) then a ≡ c (mod n);

(d) if a ≡ b (mod n) and c ≡ d (mod n) then a± c ≡ b± d (mod n);


(e) if a ≡ b (mod n) and c ≡ d (mod n) then ac ≡ bd (mod n). In particular,ak ≡ bk (mod n) for any k.

Note that the implications in part (e) of Lemma 3.2 are not reversible. Forexample, 2×2 ≡ 0×0 (mod 4) but of course 2 6≡ 0 (mod 4). Things are differenthowever if include certain (co-)primality restrictions.

Theorem 3.3. Suppose that ac ≡ bc (mod n). If, in addition, hcf(n, c) = 1,then a ≡ b (mod n).

Proof. By assumption n|(ac − bc) = (a − b)c and hcf(n, c) = 1. Corollary 2.5implies that n|(a− b) as required.

Corollary 3.4. Let p be prime and suppose that ac ≡ bc (mod p) and p 6 |c.Then a ≡ b (mod p).

Examples 3.5.

(a) Calculate the remainder of 25260 + 26025 (mod 3).

Note that 25 ≡ 1 (mod 3) and so

25260 ≡ 1260 = 1 (mod 3).

Similarly, 260 ≡ 2 ≡ −1 (mod 3) and so

26025 ≡ (−1)25 = −1 (mod 3).

Thus25260 + 26025 ≡ 1 + (−1) = 0 (mod 3),

and the remainder is 0.

(b) The square of an integer never has remainder 2 when divided by 3.

Indeed, let a be an integer and let r be its remainder when divided by 3so that a ≡ r (mod 3). Then a2 ≡ r2 (mod 3) and three cases are possible

• if r = 0, then a2 ≡ 02 = 0 (mod 3),

• if r = 1, then a2 ≡ 12 = 1 (mod 3),

• if r = 2, then a2 ≡ 22 = 4 ≡ 1 (mod 3),

so a2 can only have a remainder 0 or 1 when divided by 3.

(c) What is the remainder of 1! + 2! + · · ·+ 100! when divided by 12?

First note that k! contains a factor of 12 = 3 × 4 whenever k > 4, whichmeans that 4! ≡ 0 (mod 12), . . . , 100! ≡ 0 (mod 12). Thus

1! + 2! + · · ·+ 100! ≡ 1! + 2! + 3! + 0 + · · ·+ 0 ≡ 1 + 2 + 6 ≡ 9 (mod 12),

and the remainder is 9.


(d) Show that 230 − 1 is divisible by 31.

Note that 25 = 32 ≡ 1 (mod 31). Hence

230 = (25)6 ≡ 16 = 1 (mod 31),

which means that 31|(230 − 1) as required.

Note 3.6. Parts (a)–(c) of Lemma 3.2 show that ≡ is a reflexive, symmetric andtransitive relation respectively, and hence it is an equivalence relation. For anyinteger a we denote the corresponding equivalence class by [a], so that

[a] = {b : b ≡ a (mod n)} = {. . . , a− 2n, a− n, a, a+ n, a+ 2n, . . .}.

We can then define arithmetic operations by setting

[a] + [b] := [a+ b], −[a] := [−a], [a][b] := [ab],

and, with respect to these operations, the resulting structure, usually denotedby Z/nZ = Zn, forms a commutative ring. If n is prime, then this ring is a field,so that we can not only add, subtract and multiply, but also divide by nonzeroelements.


3.2 Theorems of Fermat and Euler

Theorem 3.7 (Fermat’s Little Theorem). Let p be a prime and a be an integersuch that p 6 |a. Then

ap−1 ≡ 1 (mod p).

Proof. Firstly, consider the set

S = {a, 2a, . . . , (p− 1)a}.

We claim that all elements in S are distinct modulo p. Indeed, let i and j beintegers such that

1 6 i, j 6 p− 1 and ia ≡ ja (mod p). (2)

This means that p|a(i− j) and, since p 6 |a, Corollary 2.7 implies that p|(i− j),so that

i− j = kp

for some integer k. However, the first part of equation (2) implies that

(−1)× p < −p+ 2 = 1− (p− 1) 6 i− j 6 (p− 1)− 1 = p− 2 < 1× p.

This forces k to be 0, which, in turn, implies that i = j as required.So, S consists of p−1 elements, which are all distinct (mod p). Furthermore,

none of these elements can be divisible by p as neither are a, 1, . . . , (p−1). Thismeans that mod p the elements of S are precisely 1, 2, . . . , p − 1, possibly inanother order. Consequently,

a× 2a× · · · × (p− 1)a ≡ 1× 2 · · · × (p− 1) (mod p),

and soap−1(p− 1)! ≡ (p− 1)! (mod p).

Being prime, p does not divide any of the factors of (p − 1)!. Thus, by Corol-lary 3.4, we can cancel (p− 1)! meaning that ap−1 ≡ 1 (mod p) as required.

Note 3.8. There is another proof of Fermat’s Litte Theorem, which can oftenbe found in books. It is actually really neat, but requires some knowledge ofgroup theory. The idea is as follows: the numbers 1, . . . , p−1 are the invertibleelements mod p and as such form a group under multiplication (so that wecan multiply elements and take inverses). Let now a be an element in thisgroup, so that hcf(a, p) = 1 and a 6 |p. By Lagrange’s Theorem, the order of a,i.e. smallest n with an ≡ 1 (mod p), must divide the order of the group, whichis p− 1, and the result follows.

Corollary 3.9. Let a be any integer and p be any prime. Then

ap ≡ a (mod p).


Proof. If p 6 |a, Fermat’s Little Theorem implies that ap−1 ≡ 1 (mod p) and wejust multiply both sides of the congruence by a.

Otherwise p|a, which means that a ≡ 0 ≡ ap (mod p) and we are done.

Corollary 3.10. Let n be an integer. If there exists an integer a with an 6≡ a (mod n),then n is not prime.

For example, 2117 ≡ 44 6≡ 2 (mod 117), and so 117 is not a prime. Indeed,117 = 13× 32.

Examples 3.11.

(a) Example 3.5 (b) revisited: Calculate 230 (mod 31).

31 is prime and 30 = 31− 1, so 230 ≡ 1 (mod 31).

(b) Calculate 542 (mod 11).

Note that 510 ≡ 1 (mod 11), which means that

540 =(510)4 ≡ 14 = 1 (mod 11),

and so542 ≡ 52 = 25 ≡ 3 (mod 11).

Note 3.12. Note that Fermat’s theorem is not a sufficiency result and so cannotbe used for determining primality. As an illustration, it can be shown that

a560 ≡ 1 (mod 561)

for all a coprime to 561, and yet 561 is not prime: 561 = 3 × 11 × 17. Suchnumbers are called Carmichael numbers.

Fermat did not provide a proof of his theorem, saying that it was too long(how typical of him!). Leibniz provided a proof of the result, but did not publishit, and it was Euler who first published his own version of the proof. He alsocame up with a generalisation of the result, which we shall now proceed toexplore, but first we need to establish the terminology.

Definition 3.13. Let n be a natural number. We define φ(n) to be the numberof natural numbers not exceeding n that are coprime to n, i.e.

φ(n) = #{a ∈ N : a 6 n, hcf(a, n) = 1}.

The function φ is also called Euler’s phi-function or totient.

Note 3.14. Continuing with the language of group theory, alternatively, φ(n) isthe number of elements that are invertible mod n.

So, for example, to find φ(12) we need to count all positive integers thatare smaller than 12 and are coprime to 12. These are 1, 5, 7 and 11, and soφ(12) = 4. Similarly, φ(1) = 1 and φ(30) = 8.

If n does not have many divisors, it may be easier to calculate the numberof integers it is not coprime to.


Examples 3.15.

(a) Let p be a prime. There are p numbers that do not exceed p and of thoseonly p is not coprime to p. Consequently,

φ(p) = p− 1.

So, for example, φ(4007) = 4006.

(b) Let p be a prime and e be a positive integer. Then

φ(pe) = pe − pe−1 = pe(

1− 1



So, for example, φ(169) = φ(132) = 132 − 131 = 156.

The proof of the statement is similar and is left as an exercise on one ofthe problem sheets.

(c) Let p and q be two distinct primes. Without loss of generality assumep < q. There are pq elements that do not exceed pq. Of those, the numbersthat are not coprime to pq are multiples of p up to qp and multiples of qup to pq:

p 2p 3p . . . (q − 1)p qp total: qq 2q 3q . . . (p− 1)q pq total: p

But pq appears twice on our list, so

φ(pq) = pq − p− q + 1 = (p− 1)(q − 1). (3)

So, for example, φ(143) = φ(11× 13) = (11− 1)× (13− 1) = 120.

Note that we have shown that if p and q are distinct prime numbers, thenφ(pq) = φ(p)φ(q). In fact, this is a specific case of a more general result, theproof of which can be found for example in [1, p. 133].

Theorem 3.16. The function φ is multiplicative, that is φ(mn) = φ(m)φ(n)whenever m and n are coprime.

The result, combined with the Fundamental Theorem of Arithmetic andExample 3.15 (b) gives a recipe for calculating φ(n) for any n.

Corollary 3.17. Let n be an integer, and let

n = pe11 · · · pekk

be its (unique) representation as a product of distinct primes. Then

φ(n) =(pe11 − p


)· · ·(pekk − p


)= n

(1− 1


)· · ·(

1− 1




To illustrate, 100 = 22 × 52, so

φ(100) = (22 − 21)(52 − 51) = 2× 20 = 40.

Theorem 3.18 (Euler). Let a and n be integers with hcf(a, n) = 1. Then

aφ(n) ≡ 1 (mod n).

Before we proceed, note that if n is a prime not dividing a then hcf(a, n) = 1and φ(n) = (n− 1), and we immediately get Fermat’s Little Theorem.

Proof of Theorem 3.18. We shall proceed in the spirit of our proof of Theo-rem 3.7. Let 1 6 b1 < b2 < · · · < bφ(n) 6 n be the integers not exceeding n thatare coprime to n, and consider the set

S = {ab1, ab2, . . . , abφ(n)}.

Suppose thatabi ≡ abj (mod n)

for some i, j with 1 6 i, j 6 φ(n) so that n|a(bi − bj). Coprimality of a and nimplies that n|(bi − bj) and so bi − bj is an integer multiple of n. However,

(−1)× n < 1− n 6 bi − bj 6 n− 1 < 1× n,

and so bi − bj = 0 meaning that i = j.So S has φ(n) elements, which are all distinct mod n and which are all

coprime to n (since a and all bi are). Consequently modulo n the elements of Sare precisely b1, . . . , bφ(n), perhaps in a different order. So


bi = (ab1)(ab2) · · · (abφ(n)) ≡ b1b2 · · · bφ(n)φ(n)∏i=1

bi (mod n).

Coprimality of n and∏φ(n)i=1 bi implies, by Theorem 3.3, that

∏φ(n)i=1 bi can be

cancelled and so aφ(n) ≡ 1 (mod n) as required.

Note 3.19. There is an alternative proof of Euler’s Theorem, which is identicalto that described in Note 3.8 and follows from the fact that the set of elementsinvertible mod n forms a group under multiplication. The group is often calledthe group of units and its order is consequently φ(n).

Examples 3.20.

(a) Find the remainder of 3201 when divided by 100.

We already saw that φ(100) = φ(22×52) = 40, and so 340 ≡ 1 (mod 100).Consequently, 3200 = (340)5 ≡ 15 = 1 (mod 100) and 3201 ≡ 3 (mod 100).

(b) Find the unit digit of 7100 by means of Euler’s theorem.

Translating the question into the language of congruences, we need toevaluate 7100 (mod 10). Note that φ(10) = φ(2× 5) = (2− 1)(5− 1) = 4,and so 7100 = (74)25 ≡ 125 = 1 (mod 10).


3.3 Linear congruences and Chinese Remainder Theorem

Suppose we want to solve the equation

ax = b. (4)

If there are no restrictions on x then, provided a 6= 0, the equation has aunique solution: x = b

a . If we require all terms to be integers, then (4) has one

solution, ba , if a|b and no solutions otherwise. But suppose now that we work

in modulo arithmetic: given a, b and n we want to find x such that

ax ≡ b (mod n). (5)

In the spirit of the previous section, one approach is just to check whether anyof the numbers a× 0, a× 1, . . . , a× (n− 1) satisfy (5).

Example 3.21. By checking 0, 1 and 2, we see that the solution to the equation2x ≡ 1 (mod 3) is x ≡ 2 (mod 3).

Whilst the trial and error method works in general, let us try to derive ageneral algorithm for solving such equations. Note that

(5) is soluble ⇔ ∃ (there exists) x such that n|(ax− b)⇔ ∃ x such that ∃ y such that ax− b = ny⇔ ∃ x, y such that the equation b = ax− ny is soluble.

Thus solubility of ax ≡ b (mod n) is equivalent to solubility of ax− ny = b.

Theorem 3.22. Let A, B and C be integers. The equation

Ax+By = C (6)

is soluble in integers (in x and y) if and only if hcf(A,B)|C.

Proof. For simplicity we shall denote hcf(A,B) by d.⇒ Suppose there exist x and y satisfying (6). By definition, d|A and d|B,

so d|Ax+By = C as required.⇐ Suppose that d|C, that is, there exists z with C = dz. By Euclidean

Algorithm, there exist x and y with d = Ax+By, which means that

C = dz = (Ax+By)z = A(xz) +B(yz)

and the pair (xz, yz) provide a required solution to (6).

Combined with the previous argument, this gives the following

Theorem 3.23. The equation ax ≡ b (mod n) is soluble if and only if hcf(a, n)|b.

Corollary 3.24. Let p be a prime. The equation

ax ≡ b (mod p)

is soluble if and only if either p 6 |a or p divides both a and b.


Note 3.25. If b = 1 then Theorem 3.23 says that the elements that are invertiblemod n are precisely those that are coprime to n.

In particular, if p is prime, all of 1, 2, . . . , p− 1 are invertible mod p.Consequently, Z/pZ, which consists precisely of (equivalence classes of) these

elements is a field.

Theorem 3.23 provides an algorithm for solving linear congruences via theEuclidean Algorithm (although for small n this may be an overkill).

Note 3.26. As noted above, x is a solution to ax ≡ b (mod n) then so is x+ nkfor any integer k. In fact, if hcf(a, n) = 1 then these are the only solutions.

However, when this is not the case, there may be more than one incongruentsolution mod n. For example, the equation

18x ≡ 30 (mod 42)

has solutionsx ≡ 4, 11, 18, 25, 32, 39 (mod 42),

which are precisely the distinct values of (the unique) solution to

3x ≡ 5 (mod 7).

Notice that 3 = 18/6, 5 = 30/6 and 7 = 42/6. Too much for a coincidence?Indeed, this is just an example of a more general rule: note that h = hcf(a, n),then Theorem 3.23 ensures that h|b. Consequently, a = ha′, b = hb′ andn = hn′. But then

ax ≡ b (mod n) soluble⇔ ax− b = kn for some n⇔ ha′x− hb′ = khn′

⇔ a′x− b′ = kn′

⇔ a′x ≡ b′ (mod n′)

the latter now being uniquely soluble as hcf(a′, b′) = hcf(a, b)/h = 1!

Example 3.27. Find a solution to 11x ≡ 3 (mod 17).Note that hcf(11, 17) = 1. Furthermore, by the Euclidean Algorithm,

17 = 11× 1 + 6

11 = 6× 1 + 5

6 = 5× 1 + 1

5 = 5× 1 + 0,

and so

1 = hcf(11, 17) = 6− 5

= 6− (11− 6× 1)

= 6× 2− 11× 1

= (17− 11× 1)× 2− 11× 1

= 17× 2− 11× 3,


and so

3 = 1× 3 = (17× 2− 11× 3)× 3

= 17× 6− 11× 9

≡ 11× (−9) (mod 17),

and −9 is a solution. As well as −9 + 17k for any integer k, e.g. 8.

Suppose now that we want to solve several linear congruences simultaneously.

Theorem 3.28 (Chinese Remainder Theorem). Let n1, n2, . . . , nr be mutuallycoprime, that is, hcf(ni, nj) = 1 whenever i 6= j, and suppose we are also givenintegers a1, a2, . . . , ar. Then the simultaneous system of congruences

x ≡ a1 (mod n1)

x ≡ a2 (mod n2)

· · ·x ≡ ar (mod nr)

is soluble and, moreover, the solution is unique modulo N = n1n2 · · ·nr.

Proof. To show existence, we define, for each i,

Ni :=N


∏j=1...rj 6=i

nj .

Then (Ni, ni) = 1 and, by Theorem 3.23, there exists xi such that

Nixi ≡ 1 (mod ni).

Furthermore, if j 6= i then ni|Nj and so

Nj ≡ 0 (mod ni).

Consequently, if we define

x =


ajNjxj ,

then, for each i,x ≡ aiNixi ≡ ai (mod ni)

as required.Since N ≡ 0 (mod ni) for each i, for every solution x every x+Nk is also a

solution. Conversely, suppose that y is another simultaneous solution, that is,for every i we have

x ≡ ai (mod ni) and y ≡ ai (mod ni).

This implies that x − y ≡ 0 (mod ni), that is, ni|(x − y). However, the niare mutually coprime, so Corollary 2.8 implies that

∏ri=1 ni|(x − y), and so

x ≡ y (mod N) as required.


Example 3.29 (Sun Tsu, 5th(?) century AD). Find a number that leaves theremainders 2, 3 and 2 when divided by 3, 5 and 7 respectively.

Translating the question into the language of congruences, we are lookingfor x such that

x ≡ 2 (mod 3)

x ≡ 3 (mod 5)

x ≡ 2 (mod 7),

so that n1 = 3, n2 = 5, n3 = 7 (mutually coprime) and a1 = 2, a2 = 3, a3 = 2.Following the proof of the Chinese remainder theorem, we define

N = n1n2n3 = 3× 5× 7 = 105


N1 =N

n1= 5× 7 = 35; N2 =


n2= 3× 7 = 21; N3 =


n3= 3× 5 = 15.

So we now need to solve three equations, either by the Euclidean Algoritm orby trial and error:

(1) 35x ≡ 1 (mod 3). This gives x1 = −1.

(2) 21x ≡ 1 (mod 5). This gives x2 = 1.

(3) 15x ≡ 1 (mod 7). This gives x3 = 1.

Thus one solution is


aiNixi = 2× 35× (−1) + 3× 21× 1 + 2× 15× 1 = 23,

and all solutions are given by the set

{23 + 105k : k is an integer}.

Example 3.30. Solve the following simultaneous system of equations:

10x ≡ 2 (mod 26)

7x ≡ 3 (mod 20).

We first need to solve the congruences separately to transform them into theform x ≡ ai (mod ni). We have

(1) 10x ≡ 2 (mod 26). This is equivalent to 5x ≡ 1 (mod 13), which, in turn,has x ≡ −5 (mod 13) as a solution.

(2) 7x ≡ 3 (mod 20). This gives x ≡ 9 (mod 20).


So, the initial system of equations is equivalent to

x ≡ −5 (mod 13)

x ≡ 9 (mod 20),

and, with notation as above, we have a1 = −5, a2 = 9, N = 13 × 20 = 260,N1 = 20, N2 = 13, and we need to solve

(1) 20x ≡ 1 (mod 13). This gives x1 = 2.

(2) 13x ≡ 1 (mod 20). This gives x2 = −3.

Thus the answer is

x ≡ −5× 20× 2 + 9× 13× (−3) = −31 (mod 260).

Note 3.31. Suppose we are trying to solve the linear congruence

5x ≡ 4 (mod 231).

Note that 231 = 3 × 7 × 11, and so the above is equivalent to simultaneouslysolving

5x ≡ 4 (mod 3)

5x ≡ 4 (mod 7)

5x ≡ 4 (mod 11),

and we are now in the familiar situation of the previous example! The detailsof the remaining calculations are left as an exercise for the reader.


4 Modern Number Theory

Mathematicians are likeFrenchmen: whatever you say tothem they translate into theirown language and forthwith it issomething entirely different

Johann Wolfgang von Goethe

4.1 RSA encryption

RSA is a method of public key cryptography. Officially, the algorithm wasinvented in 1977 by Rivest, Shamir and Adleman (hence the name), however,an essentially the same method was already described by Clifford Cocks in 1973in a classified paper.

The system uses two keys: a public one, used for encryption, and a privateone, used for decryption. The private key is chosen and used by the recipientonly, which means that there is no need for transmitting it to other people,which greatly increases the level of security.

To describe the algorithm, we need three characters:

• Alice, the sender of the message;

• Bob, the recipient of the message;

• (optional) Eve, a malicious eavesdropper.

The process of transmitting the message is as follows:

(i) Bob picks two distinct (large) primes p and q and calculates n = pq. Hethen chooses an integer e satisfying

hcf(e, (p− 1)(q − 1)) = 1.

The values of e and n are then announced publicly.

(ii) Alice picks a secret message she wants to send to Bob, plaintext, andconverts it into a numerical string M , called ciphertext. The conversion isdone using (for example) the following table:

A = 00 , = 26 0 = 29B = 01 . =27 1 = 30C = 02 ? = 28 2 = 32

. . . . . .Z = 25 ! = 39 9 = 38


(iii) Alice then encrypts the message by calculating N := Me (mod n), pos-sibly splitting M into smaller pieces first, if M > n. The value of N isannounced publicly.

(iv) To decrypt the message, Bob picks d with the property

de ≡ 1 (mod (p− 1)(q − 1))

and calculates Nd (mod n).

Note that the string does indeed correspond to Alice’s message:

(mod n) : Nd ≡ (Me)d (mod n)

= Med

= M1+k(p−1)(q−1) as de ≡ 1 (mod (p− 1)(q − 1))

= M ×(Mφ(n)

)kas φ(n) = φ(pq) = (p− 1)(q − 1)

≡ M × 1k by Euler’s Theorem

= M.

Example 4.1. In this example we shall be following the above notation.Suppose that Alice wants to send a secret message “The answer is forty two”

to Bob. She somehow signals to Bob that she is about to send him a message,and so he must generate a public key.

(i) Bob picks two large primes p = 43 and q = 71. In this case n = 3053 and(p− 1)(q − 1) = 2940, and so he needs to choose e with hcf(e, 2940) = 1,say e = 11. The pair (n = 3053, e = 11) is then announced publicly.

(ii) The plaintext Alice wants to send is “The answer is forty two”. Sheconverts it into ciphertext using the table from page 22:

T = 19 H = 07 E = 04A = 00 N = 13 S = 18 W = 22 E = 04 R = 17I = 08 S = 18F = 05 O = 14 R = 17 T = 19 Y = 24T = 19 W = 22 O = 14,

so Alice’s message is

M = 19070400131822041708180514171924292214.

(iii) Alice now needs to calculate N := Me (mod n), but she first needs tosplit M into blocks whose value is less than n = 3053. In our case blocksof length 4 (corresponding to two letters) will do, since we are only usingletters and so the biggest possible value of a two-letter combination is 2525,corresponding to “zz”. So,

M = 1907︸︷︷︸block 1

0400︸︷︷︸block 2

1318︸︷︷︸block 3

2204︸︷︷︸block 4

1708︸︷︷︸block 5

1805︸︷︷︸block 6

1417︸︷︷︸block 7

1924︸︷︷︸block 8

1922︸︷︷︸block 9

14︸︷︷︸block 10



which gives, mod 3053,

190711 ≡ 2611

40011 ≡ 1227

131811 ≡ 2291

220411 ≡ 2558

170811 ≡ 2038

180511 ≡ 2020

141711 ≡ 1134

192411 ≡ 2516

192211 ≡ 2987

1411 ≡ 440.

Thus the public message Alice trasmits to Bob is

N := 2611 1227 2291 2558 2038 2020 1134 2516 2987 440.

(iv) Bob now needs to pick d with the property

11d ≡ 1 (mod 2940),

for which he can use our good old friend Euclidean algorithm:

2940 = 11× 267 + 3

11 = 3× 3 + 2

3 = 2× 1 + 1;

hcf(2940, 11) = 1 = 3− 2× 1

= 3− (11− 3× 3)× 1

= 3× 4− 11

= (2940− 11× 267)× 4− 11

= 2940× 4− 11× 1069,

and so he can pick d = −1069 + 2940 = 1871. He now needs to calcu-


late Nd (mod n = 3053):

26111871 ≡ 1907

12271871 ≡ 400

22911871 ≡ 1318

25581871 ≡ 2204

20381871 ≡ 1708

20201871 ≡ 1805

11341871 ≡ 1417

25161871 ≡ 1924

29871871 ≡ 1922

4401871 ≡ 14,

and so Alice’s ciphertext was

1907 400 1318 2204 1708 1805 1417 1924 1922 14,

which can now be translated into the plaintext message “The answer isforty two” (or, rather, “TH EA NS WE RI SF OR TY TW O”) using theconversion table on page 22.

Note 4.2.

• A bit of terminology: n is called the modulus; e is called the (encryption)exponent and d is known as the decryption exponent.

• In order to apply Euler’s theorem, we need to ensure that M , or each ofits blocks, is coprime to n. This is a very likely event if p and q are verylarge, but still needs to be looked at.

• An efficient way of calculating xd (mod n) is via binary expansion: if

d = a0 + a1 × 2 + a2 × 22 + · · ·+ ak × 2k, ai = 0, 1,

then we can calculate recursively

x0 := x, xi+1 := x2i (mod n)

(so that xi = x2i

(mod n)), in which case

xd = xa00 × xa11 × · · · × x

akk (mod n).

• If Eve manages to discover the value of φ(n), then, also knowing n, shecan easily calculate p and q thus being able to decrypt a message. Other-wise, however, she needs to come up with an efficient prime factorisationalgorithm. To make Eve’s life harder, p and q should be chosen far apart.


• In order to establish security of the system, RSA Laboratories used tooffer money for finding prime factorisation of certain large (around 500digits) numbers that were precisely of the form pq.

• RSA algorithm can be used for creating digital signatures to verify theidentity of the sender.

4.2 Number Theory flavours

It is of course impossible to precisely partition the subject into a list of subtopics— there are many overlaps between the areas and furthermore, many questionsmay be solved using techniques from different areas of mathematics (or physics!).However, depending on the methods used and questions asked, number theoryincludes, although is not limited to, the following branches:

Elementary Number Theory This is the area we have been looking atin this course. The term “elementary” reflects the fact that the results areself-contained and do not require techniques from other areas of mathematics.Examples of topics covered by this branch include divisibility and Euclid’s al-gorithm, arithmetic functions (such as Euler’s φ-function), linear congruencesand quadratic residues.

Many theorems and conjectures may be stated in elementary number-theoreticterms, even though the proof may requre very complex techniques. Examplesinclude Fermat’s Last Theorem, Twin Prime Conjecture and many more.

Analytic Number Theory This is an area that uses techniques from Calcu-lus and (Complex) Analysis to tackle number-theoretic problems. Its classicalresult is

Theorem (Prime Number Theorem, Gauss). For any integer n we define π(n)to be the number of primes not exceeding n, that is,

π(n) := #{p : p 6 n and p is prime}.




n/ ln(n)= 1,

or, equivalently,

π(n) ∼ n


In other words, the probability that a (randomly chosen and large) number n isprime is about 1/ ln(n), and the gap between two consecutive primes near n isabout ln(n).

Another analytic number theory result says that π and e are transcendental,that is, cannot be solutions of a polynomial with rational coefficients.


Algebraic Number Theory Here we use abstract algebra settings in anumber-theoretic environment, and instead of dealing with integers, we oftenlook at bigger structures, for example the ring of Gaussian integers Z[i], inwhich every element has the form a+ib with a, b ∈ Z and i =

√−1, or quadratic

fields Q[√d], in which every element has the form a +

√db with a, b ∈ Q. We

also extend the notion of 1, primality, divisibility, unique factorisation and soon. It turns out that with correct terminology, many results we covered in thiscourse hold in a much more general setting.

Algebraic Number Theory provides provides various methods for solvingDiophantine equations, such as the one in Fermat’s Last Theorem which, amongother things, explored the relation between elliptic curves and modular forms.Elliptic curves are also used in cryptography and prime factorisation.

Combinatorial Number Theory This area looks at the relation betweennumber theory, combinatorics and other related areas. One of the most famousresults in the area is

Theorem (Green–Tao, 2004). The sequence of prime numbers contains arbi-trarily long arithmetic progressions.

Note that the proof is not constructive, so if we want to find an arithmeticprogression of length k, we need to employ other methods.

4.3 Who wants to be a millionaire?

Here are a couple of problems you may want to look at in your spare time. Theyare all unsolved, and the proof of, or a counterexample to, most is associatedwith a prize of up to $ 1,000,000 (not to mention eternal mathematical fame!)

Conjecture. There are infinitely many Mersenne primes.(recall: a prime is called Mersenne if it is of the form 2n − 1.)

Conjecture. Every Fermat number with n > 5 is composite.(recall: a number is called Fermat if it is of the form 22


+ 1.)

Conjecture (Twin primes conjecture).There are infinitely many pairs of twin primes.

Conjecture (Goldbach conjecture).Every even integer greater than 2 can be expressed as a sum of two primes.

Conjecture (Riemann hypothesis). The zeroes of the Riemann zeta function,which is the analytic continuation of the function

ζ(s) =




have the form of either −2k with k positive integer, or 12 + it with t real.


4.4 Further general info

There is of course much more to the subject, but the course is too short for us tobe able to learn about everything so you are encouraged to browse through thenumerous books and web-pages to learn more. In addition to the number theory-specific list provided at the end of the course, here are a few more resources ofgeneral interest:

• G.H. Hardy, A Mathematician’s Apology : a classical well-written essaydescribing the beauty and aesthetics of Mathematics. May be really in-spirational though a bit outdated and depressing at times and should notbe taken too seriously.

• Tim Gowers, Mathematics: A Very Short Introduction: another book onthe subject of mathematics as a subject, with definitions of many com-monly used mathematical concepts and discussions on commonly askedsociological questions.

• http://www.tricki.org/: a wiki-style website developed by Gowers, whichis intended to be a repository of useful problem-solving techniques.

• http://www.theoremoftheday.org/: does what is says on the tin!



[1] D. M. Burton. Elementary number theory. McGraw-Hill, seventh edition,2010.


