september 9dghioca/courses/537/course_notes.pdf · 2020. 9. 23. · thus ris a linear combination...

COURSE NOTES

MATH 437/537: PROF. DRAGOS GHIOCA

1. September 9

Definition 1.1. Given integers a and b with a 6= 0, we say that a divides b (andwe write a | b) if there exists an integer c such that b = ac. In this case, we saythat a is a divisor of b and that b is a multiple of a.

Proposition 1.2. Given integers a, b, c, x, y and m, with a and m being nonzero,then we have the following properties:

(1) if a | b, and m | a, then m | b.(2) if a | b and a | c, then a | (bx+ cy).(3) a | b if and only if am | bm.(4) a | 0 and 1 | b.(5) if a | b and also b ∈ N, then a ≤ b.(6) if a | b then a divides also |b| (the absolute value of b).(7) if a | b and b | a, then |a| = |b|.

Proof. The statements are clear; for example, in order to justify (1), we note thatm | a yield the existence of some integer n such that a = mn. On the other hand,a | b yields the existence of some integer z such that b = az. So, b = m · (nz), i.e.,m | b.

For property (3), we note that a | b yields that b = ax for some x ∈ Z and thenbm = am · x. Conversely, if bm = am · x, then dividing by the nonzero m yieldsthat b = ax.

As for justifying (7), note that a | b yields the existence of some x ∈ Z such thatb = ax, while b | a yields the existence of some integer y such that a = by. Thusa = a · xy and so, xy = 1 (note that a 6= 0 because a | b). Therefore, x = y = ±1,as desired. �

Theorem 1.3. (Division Algorithm) Given integers a and b with a > 0, then thereexist unique integers q and r satisfying

(i) b = aq + r; and(ii) 0 ≤ r < a.

We call q the quotient and r the remainder for the division of b by a.

Proof. We let S be the set of all nonnegative integers of the form b + am, form ∈ Z. We note that S is nonempty since adding any large (positive) multiple ofa to b would yield a nonnegative integer; for example, whenever m >

[−ba

]yields

b+am > 0 (recall that [z] represents the integer part of the real number z, i.e., thelargest integer less than or equal to z). So, we may pick the least element in the setS, call it s0. In particular, there exists some integer m0 such that s0 := b+ am0.

1

2 MATH 437/537: PROF. DRAGOS GHIOCA

We claim that r := s0 and q := −m0 satisfy the properties (i)-(ii) above. Theonly nontrivial thing to prove is that r < a. Now, assuming that r ≥ a, we derivea contradiction. Indeed, if s0 ≥ a, then

b+ a(m0 − 1) = s0 − a ≥ 0

is another nonnegative integer of the form b+am, which therefore must be containedin S. However, s0 − a < s0, which contradicts the minimality of s0 ∈ S; so, indeedwe must have that r < a, as desired.

Finally, we will show that the integers q and r satisfying conditions (i)-(ii) areunique. Indeed, if there were some other integers q′ and r′ satisfying the same twoproperties, then we would have that

r − r′ = a(q′ − q),

which means that a divides r − r′. However, since both r and r′ are in the set{0, 1, . . . , a− 1}, we conclude that

r − r′ ∈ {1− a, . . . ,−1, 0, 1, . . . , a− 1}.

So, 0 ≤ |r − r′| < a and a | |r − r′|; therefore, |r − r′| = 0 (see property (5) ofProposition 1.2), i.e. r = r′. Thus also a(q′ − q) = 0 and therefore q′ = q (becausea > 0), as claimed. �

Proposition 1.4. Given integers a and b with a > 0, we have that a | b if and onlyif the remainder of when we divide b by a equals 0.

Proof. If q and r are the quotient and respectively the remainder for when we divideb by a, then r = b− aq. So, if r = 0, we get that b = aq thus proving that a | b.

Now, if a | b, then also a | (b − aq) and so, a | r. But then 0 ≤ r < a and a | r,which means that r must be equal to 0 (see property (5) in Proposition 1.2). �

2. September 11

Definition 2.1. For the integers a and b, not both equal to 0, we define the greatestcommon divisor of a and b, denoted by gcd(a, b), which is the largest common divisorof a and b.

For example, gcd(4, 6) = 2; gcd(−20, 150) = 10, gcd(−21, 0) = 21. More gener-ally, we have the following easy properties.

Proposition 2.2. If a, b ∈ Z, not both equal to 0, then

gcd(a, b) = gcd(b, a) = gcd(±a,±b).

Also, if a is a nonzero integer, then gcd(a, 0) = |a|.

Proof. This is a consequence of the fact that c and −c have the same set of divisorsfor any integer c (see also property (6) in Proposition 1.2). �

Proposition 2.3. If a, b ∈ Z with a > 0, then a = gcd(a, b) if and only if a | b.

Proof. If a | b, then a is a common divisor of both a and b and it is the largest suchcommn divisor (because any divisor of a cannot be larger than a); so, a = gcd(a, b).

Now, if a = gcd(a, b), then we must also have that a | b, as claimed. �

The next proposition is key for us.

COURSE NOTES 3

Proposition 2.4. Let a and b be integers, not both equal to 0. Then gcd(a, b) isthe smallest positive integer which can be written as ax + by for some integers xand y.

Proof. We let S be the set of all positive integers of the form ax+ by for x, y ∈ Z.We note that S is nonempty since a2 +b2 ∈ S (also, at least one of the two numbersa or b is nonzero). So, S is a nonempty set of positive integers; therefore, thereexists a least element s0 ∈ S. In particular, there exist integers x0 and y0 such thats0 = ax0 + by0.

Next we will prove that s0 = gcd(a, b). We will achieve our goal by proving thefollowing two properties of s0:

(1) s0 | a and s0 | b; and(2) s0 is the largest among the common divisors of a and b.

Now, in order to prove (1), we prove that s0 | a and a similar argment (reversingthe role of a by b) would prove that s0 | b. So, we divide a by s0 and obtain quotientq and remainder r. We have that

r = a− qs0 = a− q(ax0 + by0) = a · (1− qx0) + b · (−qy0).

Thus r is a linear combination of a and b with integer coefficients; if r were positive,then it would have to be contained in the set S. On the other hand, we know thatr < s0 (by the Division Algorithm), so the minimality of s0 (as an element of S)yields that r /∈ S. So, because r /∈ S, then r could not have been positive; so, r = 0,which means that s0 divides a, as desired. As mentioned before, a similar argumentshows that s0 divides also b, which finish our proof of property (1) above.

Now, in order to prove property (2) above, we note that any common divisor dof both a and b would be also a divisor for ax0 + by0 (see property (2) of Proposi-tion 1.2); so, d | s0. Therefore, d ≤ s0, which proves that s0 is the greatest commondivisor of a and b, and concludes our proof of Proposition 2.4. �

Corollary 2.5. Let a and b be integers, not both equal to 0. Then any commondivisor d of both a and b must divide also gcd(a, b).

Proof. This is an immediate consequence of Proposition 2.4 since there must existintegers x and y such that

gcd(a, b) = ax+ by.

So, a divisor d for a and b is also a divisor for ax+ by = gcd(a, b). �

Proposition 2.6. If d = gcd(a, b) and m ∈ N, then dm = gcd(am, bm).

Proof. By Proposition 2.4, we know that d is the least positive linear combinationof a and b with integer coefficients, i.e., d is the least positive integer of the formax + by with x, y ∈ Z. But then dm is the least positive integer of the formamx + bmy with x, y ∈ Z since we simply multiplied by m each element in theabove set of linear combinations of a and b. However, again by Proposition 2.4, theleast positive integer of the form amx+ bmy is the greatest common divisor of amand bm; so, in conclusion, dm = gcd(am, bm). �

3. September 14

Definition 3.1. We say that the integers a and b are coprime if gcd(a, b) = 1.


Proposition 3.2. Let a, b and c be integers such that a | bc. If gcd(a, b) = 1, thena | c.

Proof. Since gcd(a, b) = 1, then 1 can be written as a linear combination of a andb with integer coefficients, i.e., there exist x, y ∈ Z such that(1) 1 = ax+ by.

We multiply (1) by c and get

(2) c = a · cx+ bc · y.Since a | bc, we get that a | bcy and therefore, because also a | a · cx, we concludethat a | c, as desired. �

Proposition 3.3. Let a and b be nonzero integers. Then for any q ∈ Z, we havegcd(a, b) = gcd(a, b+ aq).

Proof. We can see this in two ways. On one hand, any common divisor d of a andb must also divide b + aq (and a); similarly, any divisor d of a and of b + aq mustalso divide b = (b + aq) − a · q. So, indeed, any commn divisor of a and b is alsoa common divisor of a and b + aq, hence the equality between the two greatestcommon divisors.

On the other hand, gcd(a, b) is the least positive integer of the form ax + byfor x, y ∈ Z. Also, gcd(a, b + aq) is the least positive integer of the form az +(b + aq)t = a(z + qt) + b · t. So, each linear combination of a and b + aq is also alinear combination of a and b, which proves that (by Proposition 2.4) gcd(a, b) ≤gcd(a, b + aq). Similarly, since b = (b + aq) + a · (−q), the exact same argumentwith the roles of b and b+ aq inversed yields that gcd(a, b+ aq) ≤ gcd(a, b); so, wemust have that gcd(a, b) = gcd(a, b+ aq). �

3.1. Euclidean Algorithm. Let a, b ∈ N. We can find gcd(a, b) through a seriesof repeated subtractions, or more precisely, repeated applications of the DivisionAlgorithm.

So, without loss of generality, we assume a ≤ b; otherwise we could switch a withb. We divide b by a and get quotient q1 and remainder r1:

b = aq1 + r1,

where 0 ≤ r1 < a. If r1 = 0, then we have a | b and so, gcd(a, b) = a. If r1 > 0,then we note that

gcd(a, b) = gcd(a, r1 + aq) = gcd(a, r1),

where the last equality comes from Proposition 3.3. The advantage is that wereplaced the pair a < b with a “smaller” pair r1 < a. Then we repeat the aboveprocedure, i.e., divide a by r1 with quotient q2 and remainder r2. Once again, we getgcd(a, r1) = gcd(r1, r2); if r2 = 0, then gcd(r1, r2) = r1 = gcd(a, b), while if r2 > 0,then the above procedure goes on. At one moment, this process needs to end sinceeach time we decreased the positive integers we consider. So, the greatest commondivisor of a and b is the last positive remainder rn in the Euclidean Algorithm.

In particular, this process would also generate the linear combination whichyields the greatest common divisor written in terms of the original numbers. Weillustrate this process through an example with a = 42 and b = 110. So,

110 = 42 · 2 + 26;

COURSE NOTES 5

thus q1 = 2 and r1 = 26. Then we write

42 = 26 · 1 + 16;so, q2 = 1 and r2 = 16. Then we write

26 = 16 · 1 + 10,which means that q3 = 1 and r3 = 10. Then we write

16 = 10 · 1 + 6,i.e., q4 = 1 and r4 = 6. Then we write

10 = 6 · 1 + 4and so, q5 = 1 and r5 = 4. Then we write

6 = 4 · 1 + 2and so, q6 = 1 and r6 = 2, which finally means that

4 = 2 · 2 + 0,i.e., r7 = 0 (and q7 = 2), which means that gcd(110, 42) = 2 (= r6, which is thelast positve remainder in our Euclidean algorithm).

So, we have that2 = 6− 4 · 1

and then substituting 4 = 10− 6 · 1, we get2 = 6− (10− 6 · 1) · 1 = 6 · 2− 10 · 1.

We write 6 = 16− 10 · 1 and then again substituting in the above formula, we get2 = (16− 10 · 1) · 2− 10 · 1 = 16 · 2− 10 · 3.

Then using that 10 = 26− 16 · 1, we have2 = 16 · 2− (26− 16 · 1) · 3 = 16 · 5− 26 · 3.

We continue with 16 = 42− 26 · 1 and get2 = (42− 26 · 1) · 5− 26 · 3 = 42 · 5− 26 · 8.

Finally, we have that 26 = 110− 42 · 2 and substituting this into the last equationyields 2 as a linear combination of 42 and 110:

2 = 42 · 5− (110− 42 · 2) · 8 = 42 · 21− 110 · 8.

4. September 16

Definition 4.1. Let a1, . . . , an be integers, not all equal to 0. We define the greatestcommon divisor of a1, . . . , an, denoted by gcd(a1, . . . , an) be the largest commondivisor to all of the numbers a1, . . . , an.

Arguing identically as in the proof of Proposition 2.4, we can prove the followingresult.

Proposition 4.2. Let a1, . . . , an be integers, not all equal to 0. Then gcd(a1, . . . , an)is the smallest positive integer which can be written as a linear combination of thenumbers a1, . . . , an with integer coefficients, i.e., the smallest positive integer of theform

∑ni=1 aixi with xi ∈ Z for each i = 1, . . . , n.

An immediate corollary of Proposition 4.2 is the following result.


Corollary 4.3. Let a1, . . . , an be integers, not all equal to 0. Then each commondivisor of the numbers a1, . . . , an must also divide gcd(a1, . . . , an).

Also, for each positive integer m, we have that

gcd(ma1, . . . ,man) = m · gcd(a1, . . . , an).

Definition 4.4. Let a and b be nonzero integers. We define the least commonmultiple of a and b, denoted lcm[a, b] be the smallest positive integer which is amultiple both of a and of b.

For example, we have lcm[24, 30] = 120 and lcm[−15, 21] = 105. It is immediateto get the following property:

Proposition 4.5. For any nonzero integers a and b, we have

lcm[a, b] = lcm[b, a] = lcm[±a,±b].

Proposition 4.6. Let a and b be nonzero integers. Then each common multiple ofa and b must be also a multiple of lcm[a, b].

Proof. We let m := lcm[a, b] and M be a common multiple of a and b. We divideM by m with quotient q and remainder r. Since

r = M − qm

and both a and b divide both m and M , then we get that both a and b must dividealso r. So, r is a common multiple of both a and b and if r is positive, then r shouldbe at least equal to m = lcm[a, b], which contradicts the Division Algorithm thatgives r < m. So, r must equal 0, which means m |M , as desired. �

Proposition 4.7. If a and b are nonzero integers and m ∈ N, then lcm[am, bm] =m · lcm[a, b].

Proof. We let M := lcm[a, b] and M1 := lcm[am, bm]. We’ll prove that mM | M1and also that M1 | mM , which combined with the fact that m,M,M1 ∈ N wouldyield that M1 = mM (by property (7) in Proposition 1.2).

Indeed, note that a | M and b | M , which means that am | m ·M and alsobm | m ·M . So, mM is a common multiple of both am and bm, which means that(by Proposition 4.6), we must have that

(3) M1 | mM.

On the other hand, since M1 is a multiple of am, it is also a multiple of m andtherefore, M1 = m·x. But then m·a divides M1 = m·x only if a | x (see property (3)in Proposition 1.2). Similary, we get b | x and so, x is a common multiple of both aand b. By Proposition 4.6, we get that lcm[a, b] = M divides x; thus m ·M dividesm ·x = M1. In conclusion, mM |M1 and therefore, combining this divisibility withdivisibility (3), we conclude that indeed M1 = mM , as claimed. �

Proposition 4.8. Let a, b ∈ N. Then gcd(a, b) · lcm[a, b] = a · b.

Proof. We let d = gcd(a, b) and M = lcm[a, b]. Then by Proposition 4.7, we havethat

(4) dM = d · lcm[a, b] = lcm[da, db].

COURSE NOTES 7

On the other hand, d | b yields that da | ab and similarly, from d | a we getdb | ab. Thus ab is a common multiple of da and db; so, dM must divide ab (byProposition 4.6 since dM is the least common multiple of da and db). Hence

(5) dM | ab.

On the other hand, we have

(6) dM = M · gcd(a, b) = gcd(aM, bM),

by Proposition 2.6. Because b | M , then ab | aM ; similarly, using that a | M ,we get that ab | bM . So, ab is a common divisor of aM and bM ; therefore, byCorollary 2.5, we get that ab must divide gcd(aM, bM) = dM . Combining thisdivisibility with (5), we conclude that ab = dM (also note that a, b, d,M ∈ N andproperty (7) in Property 1.2). �

Definition 4.9. Let a1, . . . , an be nonzero integers. We define the least commonmultiple of a1, . . . , an (denoted lcm[a1, . . . , an]) as the smallest positive commonmultiple for the numbers a1, . . . , an.

Arguing identically as in the proof of Propositions 4.6 and 4.7, we obtain:

Proposition 4.10. Let a1, . . . , an be nonzero integers. Then lcm[a1, . . . , an] divideseach common multiple of a1, . . . , an.

Also, if m ∈ N, we have that lcm[ma1, . . . ,man] = m · lcm[a1, . . . , an].

5. September 18

Definition 5.1. A prime number p is an integer greater than 1 whose positivedivisors are only 1 and p.

For example, 2, 3, 5, 7, 11 are primes. On the other hand, 6 or 15 are not primes;they are composite numbers (i.e., an integer greater than 1 which is not a prime).Important to note is that 1 is neither prime nor composite.

Proposition 5.2. Each integer n greater than 1 is divisible by a prime number.

Proof. We proceed by induction on n; the statement is clearly true for n = 2. Now,assuming we proved the desired conclusion whenever n ∈ {2, . . . , N − 1} (for someinteger N > 2), then we prove it next when n = N .

Now, if N is prime, then we’re done (since N | N). Otherwise, assume N is notprime and so, it must have a divisor d ∈ {2, . . . , N − 1}. But then our inductivehypothesis yields the existence of some prime number p dividing d and thus dividingN , as claimed. �

Theorem 5.3. There exist infinitely many prime numbers.

Proof. Assume there exist only finitely many prime numbers; then we can listthem all in a set S = {p1, . . . , pm} (we know the set S is nonempty since S contains2, 3, . . . ). We construct the number N := 1 +

∏mi=1 pi. Then N > 1 and by

Proposition 5.2, we get some prime p dividing N . However, the prime p cannot beone of the primes pj since

pj | N = 1 +m∏i=1

and pj |m∏i=1

pi


would yield that pj | 1, contradiction. But then this means the set S does notcontain all the possible prime numbers; therefore, there exist infinitely many primenumbers. �

Proposition 5.4. Let p be a prime number and let a ∈ Z. Then• either p | a in which case gcd(a, p) = p;• or p 6| a in which case gcd(a, p) = 1.

Proof. If p | a, then gcd(a, p) = p (by Proposition 2.3). On the other hand, if p 6| a,then p and a can only share the positive common divisor 1, i.e., gcd(a, p) = 1. �

Proposition 5.5. Let p be a prime number and let a, b ∈ Z. If p | ab then eitherp | a or p | b.

Proof. Assume p 6| a; we’ll prove that p | b. Since p 6| a, then Proposition 5.4yields that gcd(p, a) = 1. But then combining this condition with p | ab along withProposition 3.2, we obtain that p | b, as desired. �

Corollary 5.6. Let p be a prime number and let a1, . . . , an ∈ Z. If p |∏ni=1 ai,

then there exists i ∈ {1, . . . , n} such that p | ai.

Proof. We argue by induction on n; the case n = 2 is covered by Proposition 5.5.Now, assume the statement holds for n = N and we prove it for n = N + 1 (forsome N ≥ 2). So, we know that

p |N+1∏i=1

ai = (a1a2) · a3 · a4 · · · aN+1.

By the inductive hypothesis, either p | aj for some j = 3, . . . , N + 1, or p | a1a2.But then another application of Proposition 5.5 yields that p | a1 or p | a2, asclaimed. �

6. September 21

Theorem 6.1. (Fundamental theorem of Arithmetic) Each integer greater than 1is written uniquely as a product of prime numbers.

The uniqueness referred to in Theorem 6.1 doesn’t refer to switching around theprime factors in the decomposition of an integer in a product of primes. So, 20 iswritten as 22·5 and this prime factor decomposition is unique (modulo permutationsof the factors), i.e,

20 = 22 · 5 = 2 · 5 · 2 = 5 · 2 · 2.

Proof of Theorem 6.1. First we prove that each integer n greater than 1 can bewritten as a product or prime numbers. Indeed, we prove this statement by in-duction on n; the case n = 2 being clear. So, we assume that all integers in theset {2, . . . , N − 1} (for some N > 2) can be written as a product of primes andnext we show that also N can be written as a product of primes. Indeed, if N isprime, then we’re done. Now, if N is not a prime, then it must have some divisord ∈ {2, . . . , N − 1}; in particular, this means that also ` := Nd is an integer andfurthermore, it has to be in the set {2, . . . , N − 1} (since 1 < d < N). So, N = d · `and the inductive hypothesis gives that both d and ` are products of primes andtherefore, N = d · ` is a product of primes.

COURSE NOTES 9

Next we will prove that modulo permutation of the prime factors, the primefactorization of any integer n > 1 is unique. Now, assume the contrary and there-fore, assume we can write the number n in two distinct ways as a product of primenumbers, i.e.,

(7) n = p1 · · · pk = q1 · · · qm(where the primes pj ’s and qi’s are not necessarily all distinct). Furthermore, weassume the overall number of primes (k + m) appearing in (7) is minimal amongall the possible representations of a positive integer as a product of primes in twodistinct ways.

Since p1 | q1 · · · qm, using Corollary 5.6 yields that p1 | qi for some i = 1, . . . ,m.On the other hand, both p1 and qi are prime numbers, so the only way for p1 | qiis when p1 = qi. But then

(8)n

p1= p2 · · · pk = q1 · · · qi−1 · qi+1 · · · qm.

So, (8) yields a prime factorization of the integer np1 in two distinct ways as a

product of primes (since (7) was already a prime factorization of a number intwo distinct ways). Furthermore, the total number of primes appearing in theprime factorizations from (8) is smaller than k+m, which we assumed to representalready the smallest possible number of primes appearing in two distinct primefactorizations of the same positive integer, contradiction. Therefore, there cannotbe two distinct prime factorizations for the same positive integer.

This concludes our proof of Theorem 6.1. �

The Fundamental Theorem of Arithmetic allows us to write always any integern > 1 as a product of primes, i.e,

n =∏̀i=1

pαii

for some positive integers αi, where the primes pi are assumed to be distinct. Also,this means that any positive divisor the number n above would be of the form∏̀

i=1

pβii ,

for some nonnegative integers βi ≤ αi.In particular, the prime factorization of integers allows us to determine easily

the greatest common divisor and the least common multiple. So, if

m =

r∏i=1

pαii and n =

r∏i=1

pβii ,

where αi, βi ≥ 0 (note that there is no reason for m and n be divisible by the sameset of distinct primes pi, hence the assumption about the exponents αi, βi beingnonnegative, rather than positive), then

gcd(m,n) =

r∏i=1

pmin{αi,βi}i and lcm[m,n] =

r∏i=1

pmax{αi,βi}i .

In particular, this allows us to see immediately that

m · n = gcd(m,n) · lcm[m,n]


because for each i = 1, . . . , r, we have

αi + βi = min{αi, βi}+ max{αi, βi}.

7. September 23

Definition 7.1. Let a, b,m ∈ Z with m 6= 0. We say that a is congruent with bmodulo m and we write a ≡ b (mod m) if m | a− b.

If a is not congruent with b modulo m, we write a 6≡ b (mod m).

For example, 11 ≡ 5 (mod 3), 12 ≡ −4 (mod 8) and −2 6≡ 9 (mod 7).

Proposition 7.2. Let m be a nonzero integer.

(Reflexivity) For each a ∈ Z, we have a ≡ a (mod m).(Symmetry) If a ≡ b (mod m) then b ≡ a (mod m).

(Transitivity) If a ≡ b (mod m) and b ≡ c (mod m), then a ≡ c (mod m).

Proof. The reflexivity property is immediate since m | 0. The symmetry propertyis also clear since m | a−b yields m | b−a. Finally, the transitivity property followsfrom the fact that m | a− b and m | b− c yields (after addition) that m | a− c. �

Proposition 7.2 shows that being congruent modulo m is an equivalence relationon the set of all integers. So, the equivalence classes for this relation will be calledresidue classes modulo m.

Now, assume m ∈ N. Using the Division Algorithm, we get that each integern ∈ Z can be written uniquely as n = qm+r for some r ∈ {0, . . . ,m−1}. So, n ≡ r(mod m) and r is unique for any given n. Therefore, the residue classes modulom are in bijective correspondence to the integers in the set {0, . . . ,m − 1}. Eachresidue class modulo m is of the form

Si := {i+ km : k ∈ Z}for i = 0, . . . ,m − 1. For any integer a, when we refer to its residue class modulom, we write ā (yes, we will always have the moduli m understood from thecontext). So, for the moduli m = 5, we have that

7̄ = 2̄ = −3 = 2022.When we refer to a complete set of residue classes modulo m, we freely use inter-changeably {0, . . . ,m− 1} and {0̄, 1̄, . . . ,m− 1}, though we will always be carefulin understanding that a number i ∈ {0, . . . ,m − 1} is an integer (even though wecould view it sometimes as representing an entire residue class modulo m), while īis a residue class (modulo m), so we cannot treat it as an integer without properlyunderstanding whether the operations we apply to ī make sense. A lot of what wewill study next about congruences will allow us to give proper meaningto various operations with residue classes modulo m.

Now, assuming m is an odd integer greater than 1 (say, m = 2k + 1 for somek ∈ N), we often use the following set of residue classes modulo m:

{−k,−k + 1, . . . ,−1, 0, 1, . . . , k − 1, k}.

Proposition 7.3. Let a, b,m ∈ Z with m 6= 0 such that a ≡ b (mod m).(1) If d | m, then also a ≡ b (mod d).(2) If d is any integer, then also da ≡ db (mod m).(3) If d is any nonzero integer, then also da ≡ db (mod dm).

COURSE NOTES 11

Proof. Property (1) follows because d | m and m | (a − b). Property (2) followsbecause m | (a − b) and so, m | d(a − b). Finally, m | (a − b) also yields dm |d(a− b). �

8. September 25

Proposition 8.1. If a ≡ b (mod m) and c ≡ d (mod m) then(i) a+ c ≡ b+ d (mod m); and

(ii) ac ≡ bd (mod m).

Proof. Property (i) is simple since m | (a− b) and m | (c−d) yields (after addition)that m | (a + c) − (b + d). Property (ii) is more difficult since in order to prove itwe need to express

a− b = mx for some integer x, andc− d = my for some integer y.

Then

ac = (b+mx) · (d+my) = bd+m · (dx+ by +mxy),thus proving that ac ≡ bd (mod m), as claimed. �

Proposition 8.1 yields that we are allowed to add, subtract and multiply con-gruence classes modulo the same integer m just the same way we would add,subtract and multiply integers, i.e.,

ā+ b̄ = a+ b

ā− b̄ = a− bā · b̄ = a · b.

So, working modulo 7, we have that

15 + 6̄ = 21 = 0̄

3̄− 9 = −6 = 1̄2̄ · 20 = 40 = 5̄.

On the other hand, there is no formal division of residue classes modulom. First of all, if we were to divide 3̄ by 4̄ (again modulo 7), we cannot expect to get34 since we never defined congruence classes for rational numbers. But even if wecould make the formal division of integers representing the residue classes modulom, sometimes the answer wouldn’t be unique; we’ll illustrate this phenomenon next.

So, consider m = 6 and the residue classes (modulo 6) of 4̄ and 2̄. Then wecould be tempted to write that the division of 4̄ by 2̄ is the residue class 2̄; howeverthis would be wrong. First of all, the division would be a residue class ī with theproperty that

2̄ · ī = 4̄,i.e., 2i ≡ 4 (mod 6). However, it’s not only 2 (and the entire residue class of 2modulo 6) which solves this congruence equation but also i = 5 (and the entireresidue class of 5 modulo 6) also satisfies the congruence equation 2i ≡ 4 (mod 6).This is the reason we have to be very careful not to take division of residue classesjust the same way as we would divide integers. Another reason for this is thefollowing observation, also made for the congruence classes modulo 6:

2̄ · 3̄ = 0̄,


which means that the product of two residue classes may equal the residue class of0 even though neither one of the two residue classes is the residue class of 0; thisprinciple is opposite to the intuition you would have from multiplying integers, say.

Furthermore, the above phenomenon has the effect that only certain residueclasses admit an inverse for the multiplication of residue classes. Indeed, modulo10, you have that

3̄ · 7̄ = 1̄,i.e., the residue class 3̄ is invertible (see also Definition 8.2) modulo 10; however,there is no residue class ī with the property that modulo 10:

2̄ · ī = 1̄,

since this equality of residue classes would force the congruence equation

2i ≡ 1 (mod 10)

which implies that 2i ≡ 1 (mod 2) (see property (1) in Proposition 7.3), contradic-tion. So, even though there are quite a few similarities for the arithmetic operationsfor residue classes modulo the same integer m with the corresponding arithmeticoperations with integers, certain differences are in place and they cannot be avoided.

Definition 8.2. Let a,m ∈ Z with m 6= 0. We say that a is invertible modulo m,or that the residue class ā of a modulo m is invertible if there exists some integerb such that ab ≡ 1 (mod m), or equivalently ā · b̄ = 1̄.

We call the integer b an inverse for a modulo m; we call the residue class b̄ theinverse of ā modulo m.

For example, 5 is invertible modulo 7 since 5 · 3 ≡ 1 (mod 7) (or 5̄ · 3̄ = 1̄ forresidue classes modulo 7). Clearly, 0 is not invertible modulo any integer m 6= 0;but also, as we previously observed, modulo composite numbers, there are alsononzero residue classes which are not invertible (for example, 2̄, 3̄ and 4̄ are notinvertible modulo 6).

Proposition 8.3. Let a,m ∈ Z with m 6= 0. Then a is invertible modulo m if andonly if gcd(a,m) = 1.

Proof. First of all, if gcd(a,m) = 1 then Proposition 2.4 yields that there existintegers b and x such that

1 = ab+mx,

i.e., ab ≡ 1 (mod m), thus proving that a is invertible modulo m.Now, conversely, if a is invertible modulo m, then there exists some b ∈ Z such

that ab ≡ 1 (mod m), i.e.,1 = ab+mx,

for some integer x. So, 1 is a linear combination of a and m with integer coefficientsand therefore, once again applying Proposition 2.4, we conclude that 1 = gcd(a,m);note that there is no positive integer smaller than 1 and so, 1 is the least positivelinear combination of a and m with integer coefficients, therefore 1 = gcd(a,m), asclaimed. �

Proposition 8.4. Let a,m ∈ Z be coprime. Then the inverse of a modulo m isunique modulo m, i.e., any integer b which is an inverse for a modulo m belongs tothe same residue class modulo m.

COURSE NOTES 13

Proof. Let b1 and b2 two integers that are both inverses for a modulo m; we’llprove that b1 and b2 are in the same residue class modulo m, which is the desiredconclusion in Proposition 8.4.

So, we have

ab1 ≡ 1 (mod m) and ab2 ≡ 1 (mod m)which means that

ab1b2 ≡ (ab1) · b2 ≡ 1 · b2 ≡ b2 (mod m)

but also

ab1b2 ≡ (ab2) · b1 ≡ 1 · b1 ≡ b1 (mod m).Therefore, b1 ≡ b2, as claimed. �

Corollary 8.5. If gcd(a,m) = 1 (i.e., a is invertible modulo m), then for any twointegers x and y we have that

x ≡ y (mod m) if and only if ax ≡ ay (mod m).

Proof. First of all, if x ≡ y (mod m) then clearly ax ≡ ay (mod m) (according toproperty (2) from Proposition 7.3). Now, for the converse, we note that if ax ≡ ay(mod m), then m | a(x− y) and since gcd(a,m) = 1, then Proposition 3.2 deliversthe desired conclusion. Alternatively, we could use the fact that there exists someinteger b such that ab ≡ 1 (mod m) and then multiply the congruence

ax ≡ ay (mod m)

by b and then noting that ab ≡ 1 (mod m), get

x ≡ y (mod m),

as desired. �

9. September 28

Proposition 9.1. Let P ∈ Z[x] be a polynomial with integer coefficients, leta, b,m ∈ Z with m 6= 0. If a ≡ b (mod m) then P (a) ≡ P (b) (mod m).

Proof. We have that P (x) =∑ni=0 cix

i for some integers ci (where n = deg(P )).Now, using that a ≡ b (mod m) along with repeated applications of property (ii)in Proposition 8.1, we get that

(9) ai ≡ bi (mod m)

for all i ≥ 0. (For example, if i = 0, then (9) is simply 1 ≡ 1 (mod m), while for i =2, (9) is obtained by multiplying side-by-side the congruence a ≡ b (mod m) withitself; for any other i > 2, one applies repeatedly property (ii) from Proposition 8.1to a ≡ b (mod m), or alternatively one can use induction on i and then the inductivestep is obtained by applying property (ii) from Proposition 8.1 to a ≡ b (mod m)and ai−1 ≡ bi−1 (mod m).)

Then we multiply each congruence equation (9) by ci and use one more timeProposition 8.1 (this time property (i)) to add up side-by-side all the congruencescia

i ≡ cibi (mod m) for i = 0, . . . ,m, in order to conclude that P (a) ≡ P (b)(mod m), as desired. �


Proposition 9.1 shows us that when we solve a polynomial congruence equation:

(10) P (x) ≡ b (mod m),the integer solutions x will form (finitely many) residue classes modulo m since ifsome integer a satisfies equation (10), then all integers in the same residue class witha modulo m would work for equation (10). Therefore, when we solve a polynomialcongruence equation

P (x) ≡ 0 (mod m),where P ∈ Z[x], we will always be interested in the number of residue classes for thesolutions to the above congruence equation. Note that once there exists an integersolution a to the congruence equation P (x) ≡ 0 (mod m), then any other integer ofthe form a+ km solves the congruence equation; however, for us, the entire residueclass corresponding to the integer solution a counts as just one solution since it isjust one residue class.

We start solving polynomial congruence equations with the simplest case, thelinear case.

Proposition 9.2. Let a, b,m ∈ Z with m 6= 0; let d := gcd(a,m).(A) If d 6| b, then the congruence equation ax ≡ b (mod m) has no solutions.(B) If d | b, then the congruence equation ax ≡ b (mod m) has exactly d solu-

tions.

Proof. The part (A) is easier since if d 6| b, then any integer x0 solving the congruenceequation would yield m | (ax0 − b) and so, because d | m, we get d | (ax0 − b); butthen using that d | a, we would get d | b, contradiction. This proves part (A).

Now, for part (B), we let a = da1, b = db1 and m = dm1 for integers a1, b1,m1.Furthermore, for any solution x0 to our congruence equation, we would have that

(11) dm1 | d(a1x0 − b1).Combining (11) with property (3) from Proposition 1.2, we obtain that congruenceax ≡ b (mod m) is equivalent with the congruence equation(12) a1x ≡ b1 (mod m1).Now, since gcd(a,m) = d and a = da1 and m = dm1, we get that gcd(a1,m1) = 1.But then Proposition 8.3 yields the existence of some c1 ∈ Z such that

a1c1 ≡ 1 (mod m1).Now, the linear congruence equation (12) is equivalent with the divisibility

(13) m1 | (a1x− b1).Because c1 is an inverse of a1 modulo m1, then it is itself invertible modulo m1and then again by Proposition 8.3, we have that gcd(c1,m1) = 1. But then thedivisibility (13) is equivalent with the divisibility

(14) m1 | c1(a1x− b1).Indeed, multiplying the right hand side in the divisibility (13) by c1 yields (14);conversely, if the divisiblity (14) holds, since gcd(c1,m1) = 1, then Proposition 3.2yields the divisibility (13).

Now, divisibility (14) is the same with congruence equation

c1a1x ≡ c1b1 (mod m1).

COURSE NOTES 15

But c1a1 ≡ 1 (mod m1) and so, the congruence equation ax ≡ b (mod m) is equiv-alent with the congruence equation a1x ≡ b1 (mod m1), which is equivalent withx ≡ b1c1 (mod m1). Finally, this means that the original congruence equationax ≡ b (mod m) has solutions all integers of the form(15) b1c1 + km1 for k ∈ Z.However, these integers belong to different residue classes modulo m; more pre-cisely, there are d distinct residue classes modulo m solving the original congruenceequation ax ≡ b (mod m). Indeed, the d distinct residue classes modulo m solvingour original congruence equation correspond to the integers

(16) b1c1 + `m1 for ` = 0, . . . , d− 1.Clearly, all solutions from (15) are in some residue class modulo m correspondingto one of the integers from (16) because m = d ·m1; we could write k from (15)as `+ rd for ` ∈ {0, . . . , d− 1} and r ∈ Z (using the Division Algorithm) and thenderive the residue classes from (16). Furthemore, each integer from (16) are distinctmodulo m because

b1c1 + im1 ≡ b1c1 + jm1 (mod m)for some 0 ≤ i < j ≤ d− 1 is equivalent with m | m1(j − i) and because m = dm1,then this last divisibility is equivalent (according to property (3) from Proposi-tion 1.2) to d | j − i, which is impossible because j − i ∈ {1, . . . , d− 1}.

This concludes our proof of Proposition 9.2. �

10. September 30

Theorem 10.1. (Chinese Remainder Theorem) Let n ∈ N, let a1, . . . , an ∈ Z, letm1, . . . ,mn be nonzero pairwise coprime integers (i.e., gcd(mi,mj) = 1 if i 6= j).Then the congruence system of (linear) equations

x ≡ a1 (mod m1)x ≡ a2 (mod m2)· · · · · · · · · · · ·

x ≡ an (mod mn)has a unique solution modulo

∏ni=1mi.

Proof. First of all, it is easier to see that any two solutions x and y to the givensystem of linear congruences must be in the same residue class modulo M :=∏ni=1mi. Indeed, for each i = 1, . . . , n, we have that

x ≡ ai ≡ y (mod mi),i.e., mi | x − y for each i = 1, . . . , n. So, x − y must be divisible by each mi andthus, it is divisible by lcm[m1, . . . ,mn]. But since gcd(mi,mj) = 1, we have thatlcm[m1, . . . ,mn] = M , i.e.,

x ≡ y (modn∏i=1

mi).

Now, for the existence of a solution to our system of congruence equations, we argueas follows. For each i = 1, . . . , n, we let

Mi :=∏

1≤j≤nj 6=i

mj .


Since gcd(mi,mj) = 1 for i 6= j, then gcd(mi,Mi) = 1 for each i = 1, . . . n. So, Miis invertible modulo mi (by Proposition 8.3); thus there exists bi ∈ Z such that

biMi ≡ 1 (mod mi).

We claim that x0 :=∑ni=1 aibiMi is a solution to the given system of congruence

equations. Indeed, for each i = 1, . . . , n, we have that mi |Mj if j 6= i; so,

x0 ≡ a1b1M1 + · · ·+ anbnMn ≡ aibiMi ≡ ai · 1 ≡ ai (mod mi).


Theorem 10.2. For a polynomial P ∈ Z[x] and for any nonzero integer m, wedenote by NP (m) the number of solutions to the polynomial congruence

P (x) ≡ 0 (mod m),

i.e., the number of distinct residue classes modulo m corresponding to integer solu-tions to the above congruence equation. Then for any two coprime nonzero integersm1 and m2, we have that NP (m1m2) = NP (m1) ·NP (m2).

Proof. The first observation is that for each positive integer m, the number ofsolutions for the polynomial congruence P (x) ≡ 0 (mod m) is the number of in-tegers i ∈ {0, . . . ,m − 1} satisfying m | P (i). We denote by S(m) the subset of{0, . . . ,m−1} consisting of solutions to the congruence equation f(x) ≡ 0 (mod m).

Now, let m1 and m2 be coprime positive integers. We note that for each integeri ∈ {0, . . . ,m1m2 − 1}, we have that m1m2 | P (i) if and only if m1 | P (i) andm2 | P (i) (since m1 and m2 are coprime). So, for each i ∈ {0, . . . ,m1m2 − 1}, welet i1 ∈ {0, . . . ,m1 − 1} and i2 ∈ {0, . . . ,m2 − 1} such that

i ≡ i1 (mod m1) and i ≡ i2 (mod m2);

note that i1 and i2 are the remainders when we divide i by m1, respectively bym2. Since the remainder of an integer when divided by another positive integer isuniquely determined, we see that the function

f : {0, . . . ,m1m2 − 1} −→ {0, . . . ,m1 − 1} × {0, . . . ,m2 − 1}

given by i 7→ (i1, i2) is well-defined. Furthermore, the Chinese Remainder The-orem yields that f is a bijection since for any given a ∈ {0, . . . ,m1 − 1} andb ∈ {0, . . . ,m2 − 1}, there exists a unique i ∈ {0, . . . ,m1m2 − 1} such that i ≡ a(mod m1) and i ≡ b (mod m2).

As previously observed, we see that i ∈ {0, . . . ,m1m2 − 1} is a solution toP (x) ≡ 0 (mod m1m2) if and only if writing f(i) = (i1, i2), we have that i1 is asolution to P (x) ≡ 0 (mod m1) and i2 is a solution to P (x) ≡ 0 (mod m2); indeed,note that

P (i) ≡ P (i1) ≡ 0 (mod m1) because i ≡ i1 (mod m1)

and

P (i) ≡ P (i2) ≡ 0 (mod m2) because i ≡ i2 (mod m2).So, this means we have a well-defined map, denoted f̄ when we restrict f to afunction

f̄ : S(m1m2) −→ S(m1)× S(m2)

COURSE NOTES 17

given by f̄(i) = (i1, i2) as defined above for f . Furthermore, the Chinese RemainderTheorem (CRT) applied to any pair (a, b) ∈ S(m1)× S(m2), i.e., applying CRT tothe system of congruence equations

x ≡ a (mod m1) and x ≡ b (mod m2),

shows that there exists a unique solution x0 ∈ {0, . . . ,m1m2−1}. That correspond-ing solution x0 must satisfy that m1 | f(x0) and also m2 | f(x0), which means thatm1m2 | f(x0) (since gcd(m1,m2) = 1 which means that lcm[m1,m2] = m1m2).Thus x0 ∈ S(m1m2), i.e., for any (a, b) ∈ S(m1) × S(m2), there exists a uniquex0 ∈ S(m1,m2) such that f̄(x0) = (a, b). Therefore, f̄ is a bijection, thus provingthat #S(m1m2) = #S(m1) ·#S(m2), i.e., NP (m1m2) = NP (m1) ·Np(m2). �

11. October 2

Definition 11.1. The function f : N −→ C is called multiplicative if for eachcoprime m,n ∈ N, we have f(m · n) = f(m) · f(n).

If the function f : N −→ C satisfies the property f(mn) = f(m) · f(n) for everym,n ∈ N, then we call f completely multiplicative.

As proven in Theorem 10.2, for any polynomial P ∈ Z[x], denoting by NP :N −→ N∪ {0} the function which assigns to each positive integer m the number ofsolutions for the polynomial congruence equation:

P (x) ≡ 0 (mod m),

then NP is a multiplicative function. This means that whenever we want to deter-mine the number of solutions for a given polynomial congruence equation P (x) ≡ 0(mod m), we first write the prime factorization of m:

m =

r∏i=1

pαii

and then we solve each polynomial congruence

P (x) ≡ 0 (mod pαii ) for i = 1, . . . , r.

Then NP (m) =∏ri=1NP (p

αii ).

Definition 11.2. For each positive integer n, we denote by d(n) the number ofpositive divisors of n.

For example, d(2) = 2, d(3) = 2, d(4) = 3, d(5) = 2, d(6) = 4, and so on.

Proposition 11.3. Let m and n be coprime positive integers. Then each positivedivisor d of m ·n can be written uniquely as a product d1 · d2, where d1 is a positivedivisor of m, while d2 is a positive divisor of n.

Proof. Indeed, we let d1 := gcd(d,m) and d2 = gcd(d, n). Note that this definitionfor d1 and d2 matches the conclusion we seek since if d = d1 · d2 with d1 | m andd2 | n, then necessarily we have that d1 = gcd(d,m) and d2 = gcd(d, n) becausegcd(m,n) = 1. In other words, the uniqueness of d1 and d2 is guaranteed by ourconstruction of d1 and d2; however, we have to prove the existence of such a writingof d in terms of d1 and d2, i.e., we need to prove that letting d1 = gcd(d,m) andd2 = gcd(d, n) would also guarantee that d = d1 · d2.


Now, since d1 | m and d2 | n, while gcd(m,n) = 1, then we have that gcd(d1, d2) =1. Furthermore, since d1 | d and d2 | d and gcd(d1, d2) = 1, then we must have thatd1d2 | d. So, there exists some k ∈ N such that d = d1d2k.

Now, assume k > 1; then there exists some prime p dividing k. Since

p | k | d | mn,then p | m or p | n. We assume that p | m and we will derive a contradiction; asimilar argument would work if we were to assume p | n. So,

pd1 | kd1 | d | mnand also, since p | m and gcd(m,n) = 1, then gcd(p, n) = 1. Along with the factthat also gcd(d1, n) = 1 because d1 | m and gcd(m,n) = 1, then we have thatgcd(pd1, n) = 1. But combining this last fact with the divisibility pd1 | mn, thenusing Proposition 3.2, we conclude that

pd1 | m.So, using that also pd1 | d, we would have that pd1 | gcd(d,m) = d1, contradiction.So, indeed there is no prime p dividing k, which means that k must equal 1 an so,d = d1d2, as claimed in Proposition 11.3. �

In this lecture, when referring to positive divisors of a positive integer,we will often call them simply divisors.

Proposition 11.4. The function d : N −→ N is multiplicative.

Proof. Let m and n be coprime positive integers. According to Proposition 11.3,each divisor d of m · n is of the form d1 · d2 with d1 | m and d2 | n. Conversely, itis clear that for any two divisors d1 of m and d2 of n, then d := d1 · d2 is a divisorof m · n. Therefore, we have a bijection between the sets(17) D(mn) 7→ D(m)×D(n),where for each positive integer k, we denote by D(k) the set of all positive divisorsof k; the map from (17) is given by d 7→ (d1, d2) where d = d1d2 and d1 | m whiled2 | n as in Proposition 11.3. Equation (17) delivers the desired conclusion forProposition 11.4. �

Proposition 11.4 allows us to compute d(n) for any positive integer n. First ofall, if n = 1, then clearly d(1) = 1. Now, if n > 1 then we write

n =

r∏i=1

pαii

and since d : N −→ N is a multiplicative function, then

d(n) =

r∏i=1

d (pαii ) .

However, for any prime power pα, we note that the positive divisors of pα are theα+ 1 integers

1, p, p2, · · · , pα.So, d(pα) = α+ 1 for any prime p and any nonnegative integer α. In conclusion,

d(n) = d

(r∏i=1

pαii

)=

r∏i=1

d (pαii ) =

r∏i=1

(αi + 1).

COURSE NOTES 19

Definition 11.5. For each positive integer n, we define σ(n) be the sum of allpositive divisors of n.

For example, σ(1) = 1, σ(2) = 3, σ(3) = 4, σ(4) = 7, σ(5) = 6, σ(6) = 12 andso on.

Proposition 11.6. The function σ : N −→ N is multiplicative.

Proof. Letm and n be coprime positive integers. Using Proposition 11.3, we observethat

σ(mn) =∑d|mn

d =∑d1|md2|n

d1 · d2 =

∑d1|m

d1

·∑d2|n

d2

= σ(m) · σ(n),as desired in the conclusion of Proposition 11.6. �

Proposition 11.6 allows us to compute the sum of positive divisors for any positiveinteger

n =

r∏i=1

pαii ,

since we obtain

σ(n) =

r∏i=1

σ (pαii ) .

Then for each prime power pα (where p is prime and α is a nonnegative integer),we have that

σ (pα) = 1 + p+ p2 + · · ·+ pα = pα+1 − 1p− 1

.

In conclusion,

σ(n) = σ

(r∏i=1

pαii

)=

r∏i=1

(pαi+1i − 1pi − 1

).

12. October 5

Definition 12.1. For each positive integer n, we denote by φ(n) the number ofintegers from the set {0, . . . , n− 1}, which are coprime with n.

The function φ : N −→ N counts the number of residue classes modulo n whichcontain integers coprime with n (since if gcd(i, n) = 1, then gcd(i+ kn, n) = 1 forall k ∈ Z). The function φ is also called the Euler-totient function.

For example, for any prime p, we have φ(p) = p − 1 since - with the excep-tion of 0 - every other integer from the set {0, 1, . . . , p − 1} is coprime with theprime p. Furthermore, for each prime power pα, we count the numbers in the set{0, 1, . . . , pα − 1} not divisible by p; those are the numbers divisible by p and thereare pα−1 such numbers in the above set, i.e., the numbers:

0, p, 2p, 3p, · · · , pα − p.

So, φ(pα) = pα − pα−1 = pα−1(p− 1).

Proposition 12.2. The function φ : N −→ N is multiplicative.


Proof. Let m and n be coprime positive integers.We constructed in the proof of Theorem 10.2 the function

f : {0, 1, . . . ,mn− 1} −→ {0, 1, . . . ,m− 1} × {0, 1, . . . , n− 1}given by i 7→ (i1, i2), where i1 ∈ {0, . . . ,m − 1} and i2 ∈ {0, . . . , n − 1} are thecorresponding remainders when we divide i ∈ {0, . . . ,mn − 1} by m, respectivelyn; in the proof of Theorem 10.2, we proved that the function f is bijective.

Now, for each positive integer k, we let Sφ(k) be the set of all integers i ∈{0, 1, . . . , k − 1} which are coprime with k; so, φ(k) = #Sφ(k). We claim that therestriction of f to Sφ(mn) induces a well-defined function

g : Sφ(mn) −→ Sφ(m)× Sφ(n).In order to prove that g is well-defined, we need to make sure that when we restrictthe function f to Sφ(mn), then its image lives inside Sφ(m) × Sφ(n). So, leti ∈ Sφ(mn); then gcd(i,mn) = 1. In particular, this means that gcd(i,m) = 1and letting i1 be the remainder of i when we divide by m, then we also get thatgcd(i1,m) = 1 (indeed, note that i = i1+qm for some integer q and therefore, sincei and m share no common divisor, then also i1 and m share no common divisor).So, indeed, the image of i under the function f produces a pair

(i1, i2) ∈ {0, 1, . . . ,m− 1} × {0, 1, . . . , n− 1}for which gcd(i1,m) = 1 and gcd(i2, n) = 1, i.e., actually i1 ∈ Sφ(m) and i2 ∈Sφ(n). So, the function

g : Sφ(mn) −→ Sφ(m)× Sφ(n)is well-defined. Now, in order to prove that φ(mn) = φ(m) · φ(n), it suffices toprove that g is a bijection (since φ(mn) = #Sφ(mn), φ(m) = #Sφ(m) and φ(n) =#Sφ(n)). Now, we get that g is a bijection using Theorem 10.1 because for each

(a, b) ∈ Sφ(m)× Sφ(n),the system of congruences

x ≡ a (mod m) and x ≡ b (mod n)has a unique solution x0 ∈ {0, 1, . . . ,mn − 1}. Because a ∈ Sφ(m) we have thatgcd(a,m) = 1 and since x0 ≡ a (mod m) then also gcd(x0,m) = 1. Similarly, sinceb ∈ Sφ(n), then gcd(b, n) = 1 and because x0 ≡ b (mod n) then also gcd(x0, n) = 1.Combining the fact that x0 is coprime with both m and n yields that gcd(x0,mn) =1, i.e., x0 ∈ Sφ(mn). Therefore, the Chinese Remainder Theorem guarantees thefact that the function

g : Sφ(mn) −→ Sφ(m)× Sφ(n)is a bijection. This concludes our proof of Proposition 12.2. �

Proposition 12.2 allows us to compute the Euler-totient function for each positiveinteger

n =

r∏i=1

pαii .

Indeed, because φ is a multiplicative function and

φ (pα) = pα − pα−1 = pα−1(p− 1) = pα ·(

1− 1p

),

COURSE NOTES 21

we obtain

φ(n) = φ

(r∏i=1

pαii

)=

r∏i=1

φ (pαii )

φ(n) =

r∏i=1

(pαii − p

αi−1i

)=

r∏i=1

pαi−1i (pi − 1) =r∏i=1

pαii

(1− 1

pi

)The next result is one of the most important results from our course.

Theorem 12.3. (Euler’s Theorem) Let m ∈ N and let a ∈ Z be coprime with m.Then

aφ(m) ≡ 1 (mod m).

Since φ(p) = p − 1 for any prime number p, then the following result is animmediate consequence of Theorem 12.3.

Theorem 12.4. (Fermat’s Little Theorem) Let p be a prime number and let a ∈ Zsuch that p 6| a. Then

ap−1 ≡ 1 (mod p).

Corollary 12.5. Let p be a prime number and let a ∈ Z. Then

ap ≡ a (mod p).

Proof. If p | a, then clearly

ap ≡ a ≡ 0 (mod p).

Now, if p 6| a, then Theorem 12.4 yields that

ap−1 ≡ 1 (mod p)

and then multiplying the above last congruence by a yields the desired conclusionin Corollary 12.5. �

13. October 7

Proof of Theorem 12.3. With the notation as before, we let

Sφ(m) = {0 ≤ i ≤ m− 1: gcd(i,m) = 1};

so, φ(m) = #Sφ(m). For each i ∈ Sφ(m), we let h(i) be the remainder of a · i whenwe divide it by m.

Claim 13.1. With the above notation, for each i ∈ Sφ(m) we have that h(i) ∈Sφ(m).

Proof of Claim 13.1. Since both i and a are coprime with m, then also ai is coprimewith m and then its remainder modulo m is coprime with m (see Proposition 3.3).Since by definition, we have that 0 ≤ h(i) ≤ m − 1, then this concludes our proofof Claim 13.1. �

Using Claim 13.1, we get that the function

h : Sφ(m) −→ Sφ(m)

is well-defined.

Claim 13.2. The function h is bijective.


Proof of Claim 13.2. Since h is a function from a finite set into itself, all we need toprove is that h is injective since then it is automatically bijective. Very important,this property about maps from a set into itself is only valid if the set isfinite.

So, let i1, i2 ∈ Sφ(m) and assume h(i1) = h(i2). By definition of the function h,we have that h(i1) is the remainder of ai1 when divided by m, which means that

h(i1) ≡ ai1 (mod m),while h(i2) is the remainder of ai2 when divided by m, which means that

h(i2) ≡ ai2 (mod m).In conclusion, h(i1) = h(i2) would force

ai1 ≡ ai2 (mod m),i.e., m | (ai1 − ai2) and thus m | a(i1 − i2). But since gcd(m, a) = 1, thenProposition 3.2 yields m | (i1 − i2). However, i1, i2 ∈ {0, . . . ,m− 1}, which meansthat the only way we could have that m | i1 − i2 is when i1 = i2. So, indeed, h isan injective function, and therefore it is a bijective function.

This proves our Claim 13.2. �

Since h is bijective, then we have

(18)∏

i∈Sφ(m)

h(i) ≡∏

i∈Sφ(m)

i (mod m), i.e.

(19)∏

i∈Sφ(m)

ai ≡∏

i∈Sφ(m)

i (mod m).

We let P :=∏i∈Sφ(m) i; since each element in Sφ(m) is coprime withm, we conclude

that

(20) gcd(P,m) = 1.

So, congruence (19) yields

(21) m | aφ(m) · P − P

because φ(m) = #Sφ(m). But then m | P ·(aφ(m) − 1

)and combining this divisi-

bility with (20) along with Proposition 3.2, we obtain

m | aφ(m) − 1,as desired in the conclusion of Theorem 12.3. �

14. October 9

Theorem 14.1. (Wilson’s theorem) Let p be a prime number. Then

(22) p | (p− 1)! + 1.

Proof. Equation (22) clearly holds when p = 2 or p = 3; so, from now on, weassume p ≥ 5.

Claim 14.2. For each i ∈ {2, . . . , p− 2}, there exists a unique j ∈ {2, . . . , p− 2},not equal with i, such that

(23) ij ≡ 1 (mod p).

COURSE NOTES 23

Proof of Claim 14.2. Equation (23) tells us that we’re asked to prove that eachinteger in the set {2, . . . , p − 2} admits an inverse modulo p, which is not theinteger itself. Now, the fact that each integer in the set {2, . . . , p − 2} admits aninverse is a consequence of the fact that the prime p is coprime with each suchinteger; also, the inverse is unique, as proved in Proposition 8.4. So, all we need toshow is that the inverse of each i ∈ {2, . . . , p − 2} actually lives in {2, . . . , p − 2}and that the inverse is not i itself.

Now, the fact that the inverse of i ∈ {2, . . . , p− 2} must also live in the same setis because otherwise, the inverse of i is either 1 or p− 1 (note that 0 cannot be aninverse since it’s not coprime with p). But if the inverse of i is 1, then we wouldhave

i · 1 ≡ i 6≡ 1 (mod p),(note that 2 ≤ i ≤ p− 2 and so, i 6≡ 1 (mod p)), while if the inverse of i were p− 1,then we would have

i · (p− 1) ≡ −i 6≡ 1 (mod p)(again note that 2 ≤ i ≤ p − 2 and so, i 6≡ p − 1 (mod p)). So, the inverse j of imodulo p cannot be 1 or p− 1, which means that j ∈ {2, . . . , p− 2}.

Finally, we show that j 6= i since otherwise we would have

1 ≡ i · j ≡ i2 (mod p),

i.e., p | i2− 1 and so, p | (i− 1)(i+ 1), which means that either p | i− 1 or p | i+ 1.But this would mean that either i ≡ 1 (mod p) or i ≡ p− 1 (mod p), both optionsbeing impossible because i ∈ {2, . . . , p− 2}.

This concludes our proof of Claim 14.2. �

Using Claim 14.2, we can define a function

f : {2, . . . , p− 2} −→ {2, . . . , p− 2}

such that f(i) is the inverse of i modulo p. Furthermore, f(i) 6= i for each i ∈{2, . . . , p− 2}. This allows us to split the product of all integers i ∈ {2, . . . , p− 2}in product of pairs (i · f(i)); we would have p−32 such pairs. Clearly, the product ofeach such pair is congruent with 1 modulo p, which means that

p−2∏i=2

i ≡ 1 (mod p).

Therefore,

(p− 1)! ≡ (1 · (p− 1)) ·p−2∏i=2

i ≡ −1 (mod p),

as claimed in equation (22). �

15. October 14

Proposition 15.1. Let p be a prime satisfying p ≡ 1 (mod 4). Then((p− 1

2

)!

)2≡ −1 (mod 4).


Proof. From Wilson’s Theorem, we know that

1 · 2 · · · (p− 1) ≡ −1 (mod p).We define a function

g :

{p+ 1

2, · · · , p− 1

}−→

{1, . . . ,

p− 12

}given by g(i) = p − i. Clearly, g is a well-defined bijective function. Furthermore,g(i) ≡ −i (mod p), which means that

−1 ≡p−1∏i=1

i ≡

p−12∏i=1

·p−1∏i= p+12

i (mod p)

and so,

−1 ≡(p− 1

2

)! ·

p−12∏i=1

g(i) (mod p)

and therefore,

−1 ≡(p− 1

2

)! ·

p−12∏i=1

(−i) ≡(p− 1

2

)! · (−1)

p−12 ·

(p− 1

2

)! (mod p).

Finally, using that p ≡ 1 (mod 4), i.e., p−12 is an even integer, we conclude that

−1 ≡((

p− 12

)!

)2(mod p),

as desired. �

In particular, Proposition 15.1 shows that for a prime p of the form 4k + 1, wehave that the congruence equation

x2 ≡ −1 (mod p)is solvable. Next, we show that the same congruence equation has no solutions if pwere of the form 4k + 3.

Proposition 15.2. Let p be a prime satisfying p ≡ −1 (mod 4). Then the qua-dratic congruence equation

(24) x2 ≡ −1 (mod 4)is unsolvable.

Proof. Assume x0 ∈ Z is a solution to congruence equation (24). Since p | x20 − 1,then p 6| x20 and so, gcd(p, x0) = 1. Therefore, by Theorem 12.4, we have that

(25) xp−10 ≡ 1 (mod p).However, using (24), we get

(26) xp−10 ≡(x20) p−1

2 ≡ (−1)p−12 ≡ −1 (mod p)

because p−12 is an odd integer (note that p ≡ −1 (mod 4)). So, congruences (25)and (26) are contradictory, thus proving that there exists no solution to the qua-dratic congruence equation (24). �

COURSE NOTES 25

Corollary 15.3. Let p ≡ −1 (mod 4) be a prime number. Then for any twointegers a and b, if p | (a2 + b2), then we must have that p | a and p | b.

Proof. First of all, if p | a, then since p | (a2 + b2), we would get that p | b2 andtherefore, p | b, as desired. So, from now on, we assume p 6| a.

But then there exists some integer c such that ac ≡ 1 (mod p) and so, multiply-ing by c2 the congruence relation:

a2 + b2 ≡ 0 (mod p),we get

0 ≡ c2 · (a2 + b2) ≡ (ca)2 + (cb)2 ≡ 1 + (cb)2 (mod p).But this last congruence shows that the quadratic congruence equation

x2 + 1 ≡ 0 (mod p)is solvable, therefore contradicting Proposition 15.2.

This concludes our proof of Corollary 15.3. �

16. October 16

Theorem 16.1. Let p be a prime satisfying p ≡ 1 (mod 4). Then there exista, b ∈ N such that a2 + b2 = p.

Proof. We let

S = {m ∈ N : there exists x, y ∈ Z such that mp = x2 + y2}.Clearly, S is nonempty since p ∈ S because p · p = p2 + 02. So, we can pick theleast element m0 ∈ S; our goal is to prove that m0 = 1. In particular, we knowthere exist some x0, y0 ∈ Z such that

x20 + y20 = m0p.

First we prove the following:

Claim 16.2. With the above notation, m0 < p.

Proof of Claim 16.2. We know (by Proposition 15.1) that there exists some m1 ∈ Nsuch that

(27)

((p− 1

2

)!

)2+ 1 = m1p.

We let i ∈{−p−12 ,−

p−32 , . . . ,−1, 0, 1, . . . ,

p−12

}such that

(28)

(p− 1

2

)! ≡ i (mod p).

Combining (27) and (28), we get that there exists some m2 ∈ N such that(29) i2 + 1 = m2p.

Equation (29) yields that m2 ∈ S and since m0 is the least element of S, then wehave that m0 ≤ m2. On the other hand, because |i| ≤ p−12 , we conclude that

(30) m2p = i2 + 1 ≤

(p− 1

2

)2+ 1 < p2

because p ≥ 5. Inequality (30) along with the inequality m0 ≤ m2 delivers thedesired inequality m0 < p, as claimed. �


We recall that x20 + y20 = m0p; so, next we prove:

Claim 16.3. gcd(x0,m0) = gcd(y0,m0) = 1.

Proof of Claim 16.3. We will prove that x0 and m0 are coprime; an identical argu-ment (replacing only x0 with y0) proves that also y0 and m0 are coprime.

So, assume gcd(x0,m0) > 1 and thus, let q be a prime dividing both x0 and m0.Then q | y20 = m0p− x20 and so, q | y0. But then q2 | x20 + y20 and so, q2 | m0p.

We note that q < p since m0 < p and q2 | m0p (which means that q2 ≤ m0p <

p2). In particular, gcd(q2, p) = 1 and because q2 | m0p, then Proposition 3.2 yieldsthat q2 | m0.

So, we let m3 :=m0q2 ; then m3 ∈ N. Also, we let x1 :=

x0q and y1 :=

y0q ; then

x1, y1 ∈ Z. So, we havex21 + y

21 = m3p,

which means that m3 ∈ S. Because m0 = m3 · q2, we get that m3 < m0, thuscontradicting the minimality of m0; so, indeed, gcd(x0,m0) = 1, as desired.

This concludes our proof of Claim 16.3. �

From now on, we assume m0 > 1 and we will derive a contradiction which willtherefore prove that m0 must be equal to 1, i.e., p = x

20 +y

20 . Moreover, note that if

p = x20 +y20 , then x0 and y0 must be nonzero (because p is not a perfect square); so,

letting a := |x0| and b = |y0| proves that indeed p is a sum of two perfect squares(of positive integers).

So, we assume now that m0 > 1. Let x2, y2 ∈ Z satisfying the following twoproperties:

(i) x2 ≡ x0 (mod m0) and y2 ≡ y0 (mod m0); and(ii) |x2| ≤ m02 and |y2| ≤

m02 .

The existence of x2 and y2 satisfying properties (i)-(ii) follows from the fact thatfor any odd integer 2k + 1, the set

{−k, k + 1, · · · ,−1, 0, 1, · · · , k}

represents a complete set of residue classes modulo 2k+1, while for an even integer2k, the set

{−k,−k + 1, · · · ,−1, 0, 1, . . . , k − 1}represents a complete set of residue classes modulo 2k.

Now, for the integers x2, y2 satisfying properties (i)-(ii), we observe that

(31) x2 and y2 are nonzero.

In order to obtain (31), we use the fact proven in claim 16.3 that

gcd(x0,m0) = gcd(y0,m0) = 1

and also that

(32) gcd(x2,m0) = gcd(y2,m0) = 1

because of property (i) above. Furthermore, our assumption that m0 > 1 coupledwith (32) yields the desired claim from (31).

Property (i) above along with the fact that m0 | (x20 + y20) yields the existenceof some m2 ∈ N such that

(33) x22 + y22 = m0m2.

COURSE NOTES 27

Property (ii) above yields that

m0m2 = x22 + y

22 ≤

m204

+m204

< m20,

which proves that

(34) m2 < m0.

Next we use the identity:

(35) (A2 +B2)(C2 +D2) = (AC +BD)2 + (AD −BC)2

and get that

(36) (x20 + y20)(x

22 + y

22) = (x0x2 + y0y2)

2 + (x0y2 − x2y0)2.

On one hand, we have (see also (33))

(37) (x20 + y20)(x

22 + y

22) = m0p ·m0m2.

On the other hand, using that m0 | x20 + y20 and also using property (i) above, weget

x0x2 + y0y2 ≡ x20 + y20 ≡ 0 (mod m0)which means that

(38) a0 :=x0x2 + y0y2

m0∈ Z.

Similarly, using property (i) above, we get

x0y2 − x2y0 ≡ x0y0 − x0y0 ≡ 0 (mod m0),

which means that

(39) b0 :=x0y2 − x2y0

m0∈ Z.

Combining (36), (37), (38) and (39), we obtain

(40) a20 + b20 = m2p.

So, m2 ∈ S (note that x22 + y22 = m2p and (31) yields that x2 and y2 are nonzero,which means that m2 ∈ N). But then (34) contradicts the minimality of m0; so,we got a contradiction, which all started from our assumption that m0 > 1 whichallowed us to derive property (31) and eventually get the contradiction from (34)and (40). This concludes our proof of Theorem 16.1. �

17. October 19

Theorem 17.1. Let n be an integer greater than 1; we write the prime factorizationof n as

(41) n = 2α ·k∏i=1

pβii ·∏̀j=1

qγjj ,

where α and each βi and each γj are nonnegative integers, while the pi’s are distinctprimes of the form 4k+ 1 and the qj’s are distinct primes of the form 4k+ 3. Thenthere exist a, b ∈ Z such that a2 + b2 = n if and only if for each j = 1, . . . , `, wehave that γj is even.


Proof. We first prove that whenever n is a sum of two perfect squares, then eachγj must be even. Indeed, assume n = a

2 + b2 and fix some q := qj (and also writeγ := γj); we’ll prove that γ must be even.

For any prime p and any nonzero integer m, we denote by expp(m) theexponent of p in m, i.e., writing m as a product of powers of primes,then expp(m) is the exponent in the power of the prime p appearing inthe prime factorization of m. If p 6| m, then we have expp(m) = 0. Thisnotation for expp(m) will be useful beyond this theorem and will be usedthroughout the rest of our lectures.

So, with the above notation, we let

(42) e := min{expq(a), expq(b)}.

Then q2e | a2 + b2 and thus q2e | n, which means that γ ≥ 2e. We let

a1 :=a

qeand b1 :=

b

qe

and also, n1 :=nq2e ; then a1, b1, n1 are integers and we have

a21 + b21 = n

21.

Furthermore, (42) shows that not both a1 and b1 are divisible by q. In particular,then corollary 15.3 yields that n1 cannot be divisible by q (because then that wouldforce that both a1 and b1 be divisible by q). So, since expq(n1) = 0, we concludethat expq(n) = 2e, i.e., γ is even, as claimed in the conclusion of Theorem 17.1.This proves that if n is a sum of two perfect squares then indeed the exponent ofeach prime of the form 4k + 3 in the prime power factorization of n must be even.

Next, we assume that each exponent γj as in (41) is even and we show that n isindeed a sum of two perfect squares. For this part, we use once again the identity:

(43) (A2 +B2) · (C2 +D2) = (AC +BD)2 + (AD −BC)2,

which proves that products of integers which are sums of two perfect squares areonce again expressible as sums of two perfect squares. So, for our integer m, wehave that

2 = 12 + 12,

which combined with (43) proves that 2α is a sum of perfect squares (note thateven if α = 0, then still 2α = 12 + 02 is a sum of to perfect squares). Then byTheorem 16.1, we get that each prime pi is a sum of two perfect squares and then

combined with (43), we have that each prime power pβii is a sum of two perfectsquares. Finally, since each γj is even (say, equal to 2ej for some nonnegativeinteger ej), then also

qγjj =

(qejj

)2+ 02

is a sum of two perfect squares. So, each of 2α, pβii and also qγjj is a sum of two

perfect squares; then one last application of (43) shows that n is also a sum of twoperfect squares, which concludes our proof of Theorem 17.1. �

COURSE NOTES 29

18. October 21

Theorem 10.2 shows that in order to solve any polynomial congruence equation

(44) P (x) ≡ 0 (mod m),

where P ∈ Z[x], it suffices to split it into finitely many polynomial congruencesmodulo prime powers; more precisely, letting (for the positive integer m),

m :=

r∏i=1

pαii

be its prime powers factorization, then solving (44) is equivalent with solving thesystem of polynomial congruences modulo prime powers moduli:

(45) P (x) ≡ 0 (mod pαii ) for i = 1, . . . , r.

So, this shows that we always can reduce to solving a polynomial congruence to thecase the moduli m is a prime power pα. First we will deal with the case of solvingpolynomial congruences modulo primes (i.e., with the above notation, α = 1).

There are two reductions we can always apply when we deal with a polynomialcongruence modulo a prime:

(46) P (x) ≡ 0 (mod p).

Reduction 1. Using Corollary 12.5, we can divide the polynomial P (x) by thepolynomial xp−x and obtain a quotient polynomial Q ∈ Z[x] and also a remainderpolynomial R ∈ Z[x], i.e.,

(47) P (x) = (xp − x) ·Q(x) +R(x).

Note that the two polynomials Q and R have integer coefficients (and notjust rational coefficients which you would generally expect from usingthe long division of the polynomial P (x) by another polynomial) simplybecause the polynomial we divide by (i.e., polynomial xp− x) is a monicpolynomial (i.e., a polynomial whose leading coefficient equals 1). Thefact that Q,R ∈ Z[x] is an important feature for us; also, important forus is the fact that deg(R) < p which comes from the long division, whichis essentially the Division Algorithm applied inside Q[x] (which worksjust as the Division Algorithm we developed for integers, only that thedegree of polynomials serves the purpose of ordering the polynomials).

Now, since for any integer a we have that ap − a is divisible by p (by Corol-lary 12.5), then (47) shows that if a ∈ Z is a solution to congruence equation (46),then we must have that a is a solution to the polynomial congruence equation:

(48) R(x) ≡ 0 (mod p).

So, solving (46) is the same as solving (48); however, the advantage for us is thatthe polynomial R has smaller degree than p and therefore, it’s likely that solving(48) will be much simpler than solving (46).

Reduction 2. So, we showed in the above reduction, that we may assume thatthe polynomial P ∈ Z[x] from (46) has degree less than p. We write

P (x) = adxd + ad−1x

d−1 + · · ·+ a1x+ a0.

We claim that we may assume that P (x) is monic, i.e, ad = 1.


Indeed, first of all, we can first assume ad is not divisible by p since all of theterms in P (x) with coefficients divisible by p may be disregarded since for anyaj ∈ Z, those terms will always be divisible by p. Now, since we can assume ad isnot divisible by p, then there exists some integer b (not divisible by p) such that

ad · b ≡ 1 (mod p),

i.e., b is an inverse for ad modulo p. But then solving (46) is the same as solvingthe congruence

(49) bP (x) ≡ 0 (mod p).

Then we can replace each coefficient c of bP (x) with its corresponding representativefrom the complete set of residue classes {0, 1, . . . , p− 1}; in particular, the leadingcoefficient of bP (x) can be replaced with 1. Hence, we may assume from now onthat the leading coefficient of the polynomial in the congruence equation (46) equals1.

As explained above, we may also assume that each coefficient of thepolynomial P (x) from (46) is from the set {0, 1, . . . , p − 1}, however insome specific examples, when we work with odd primes p, we mayprefer to replace each coefficient of P (x) by the corresponding repre-sentative from the complete set of residue classes modulo p: {−(p −1)/2, · · · ,−1, 0, 1, · · · , (p− 1)/2}.

So, with the above two reductions, we know that when solving a poly-nomial congruence equation P (x) ≡ 0 (mod p), we may assume deg(P ) < pand that P is monic. However, the next result is true for monic polyno-mials of arbitrary degree (though it becomes trivial when the degree isat least equal to p).

Theorem 18.1. Let P ∈ Z[x] be a monic polynomial of degree d and let p be aprime number. Then the polynomial congruence equation

(50) P (x) ≡ 0 (mod p)

has at most d (distinct) solutions.

Proof. We proceed by induction on d. The case when d = 1 is for monic linearpolynomials P (x) := x+ c for some c ∈ Z and in this case, clearly, the congruenceequation (50) has only one solution (−c modulo p).

So, from now on, we assume d ≥ 2 and furthermore, we assume that Theo-rem 18.1 holds for all polynomials of degree less than d.

Now, if the congruence equation (50) has no solution, then we’re done. So,assume there exists a solution x0 ∈ Z of polynomial congruence (50). Then wedivide P (x) by x− x0 and obtain quotient Q(x) and remainder R(x), i.e.,

(51) P (x) = (x− x0) ·Q(x) +R(x),

with deg(R) < deg(x− x0) = 1, i.e., R(x) := r ∈ Z is a constant polynomial (actu-ally, r = P (x0)). However, since P (x0) ≡ 0 (mod p) (according to our assumption),then (51) yields that

(52) R(x) ≡ r ≡ 0 (mod p).

So, solving (50) reduces (according to (51) and (52)) to the congruence equation

(53) (x− x0) ·Q(x) ≡ 0 (mod p).

COURSE NOTES 31

Now, if congruence equation (50) has another solution x1 which is different thanx0 modulo p, i.e.,

(54) x1 6≡ x0 (mod p),

then (53) (which is equivalent with (50)) yields

(55) (x1 − x0) ·Q(x1) ≡ 0 (mod p).

But then (54) and (55) imply that

(56) Q(x1) ≡ 0 (mod p).

So, the (distinct modulo p) solutions to congruence equation (50) are x0 (modulop) and the solutions to congruence equation (56). However, because of (51), wehave that deg(Q) = d− 1 and so, the inductive hypothesis tells us that the polyno-mial congruence equation (56) has at most d− 1 solutions (modulo p). Therefore,the original congruence equation (50) cannot have more than d distinct solutionsmodulo p.


19. October 23

Going from a polynomial congruence equation P (x) ≡ 0 (mod p) to anotherpolynomial congruence equation P (x) ≡ 0 (mod pα) (for some integer α > 1), weneed the following result.

Theorem 19.1. (Hensel’s Lemma) Let p be a prime number, let f ∈ Z[x] and letx1 ∈ Z satisfying the following two properties:

(1) f(x1) ≡ 0 (mod p), and(2) f ′(x1) 6≡ 0 (mod p) (where f ′(x) is the derivative of f(x)).

Then for any n ∈ N there exists xn ∈ Z satsfying the following two properties:(A) f(xn) ≡ 0 (mod pn), and(B) xn ≡ x1 (mod p).

Proof. It suffices to argue by induction on n and construct a sequence of integers{xn}n≥1 satisfying the following two properties:

(i) f(xn) ≡ 0 (mod pn), and(ii) xn+1 ≡ xn (mod pn)

for each n ≥ 1. Clearly, property (i) is the same as property (A) above, whileusing repeatedly property (ii), we conclude that property (B) from the conclusionof Theorem 19.1 must hold.

Now, we already know that property (i) holds for n = 1 and therefore, all weneed to show is that for every n ≥ 1, if

(57) f(xn) ≡ 0 (mod pn),

then we can choose an integer xn+1 satisfying property (ii) for which

(58) f(xn+1) ≡ 0 (mod pn+1).

So, we let xn+1 = xn + pn · ` so that property (ii) would hold; furthermore, since

for solving congruence equation (58) all that matters is the residue class of xn+1modulo pn+1, we only need to solve for ` ∈ {0, . . . , p − 1} such that equation (58)holds.


We write

f(x) =

d∑i=0

cixi,

for some integers ci (and d ≥ 1). Then

f(xn+1)

= f(xn + pn`)

=

d∑i=0

ci (xn + pn`)

i

=

(d∑i=0

cixin

)+ pn` ·

∑i=1

icixi−1n +

d∑i=2

ci

i∑j=2

xi−jn

(i

j

)· (pn`)j ,

thus proving that

(59) f(xn+1) ≡ f(xn) + pn` · f ′(xn) (mod pn+1)

since in the last double-sum above each term is divisible by at least p2n (and2n ≥ n+ 1). So, in order to achieve (58), we note that (57) yields the existence ofan integer kn ∈ Z such that

(60) f(xn) = pn · kn.

Using (60) in (59), we get that the congruence equation (58) holds if and only if

(61) pn+1 | (pn · kn + pn · `f ′(xn)) .

However, divisibility (61) is equivalent with the divisibility

p | kn + `f ′(xn) i.e.,

(62) `f ′(xn) ≡ −kn (mod p).

However, our inductive hypothesis tells us that xn ≡ x1 (mod p) (since condi-tion (ii) above holds for x1, . . . , xn); so,

(63) f ′(xn) ≡ f ′(x1) (mod p),

by Proposition 9.1. But then hypothesis (2) shows that f ′(xn) 6≡ 0 (mod p), i.e.,f ′(xn) is invertible modulo p. Therefore, the linear congruence equation (62) hasa unique solution ` modulo p (according to Proposition 9.2). Hence, there existsa unique ` ∈ {0, . . . , p − 1} such that xn+1 = xn + pn` satisfies the congruenceequation (58).


20. October 26

Our focus for most of remaining part of the semester is studying thepolynomial congruence equation xd ≡ a (mod pα) for some given d ∈ N,a ∈ Z not divisible by the prime p, and α ∈ N.

First we consider the case α = 1; after all, using Theorem 19.1, as long as p 6| d(we already assumed p 6| a), we can always lift a solution to the congruence equation:

xd ≡ a (mod p)

COURSE NOTES 33

to a solution of the congruence equation:

xd ≡ a (mod pα).

Essential for our approach to solving the congruence equation xd ≡ a(mod p) is to know whether there exists some g ∈ Z such that the smallestinteger e such that ge ≡ 1 (mod p) is e = p− 1.

Indeed, assuming we can prove that there exists such an integer g, then we obtainthat a complete set of nonzero residues modulo p is given by

{1, g, g2, · · · , gp−2}.

So, solving the congruence equation

(64) xd ≡ a (mod p)

reduces to solving a linear congruence equation. Indeed, since {1, g, · · · , gp−2}represents a complete set of nonzero residues modulo p, then there exists somej ∈ {0, 1, . . . , p− 2} such that

(65) a ≡ gj (mod p).

Also, we’re searching for some x ∈ {1, . . . , p− 1} solving equation (64); this is thesame as searching for some i ∈ {0, 1, . . . , p− 2} such that the integer

(66) x ≡ gi (mod p)

solves the equation (64). So, solving (64) reduces to the congruence equation

(67) gid ≡ gj (mod p).

Finally, solving (67) reduces (since e = p − 1 is the smallest positive integer suchthat ge ≡ 1 (mod p)) to the linear congruence equation

di ≡ j (mod p− 1),

which we know precisely how to solve due to Proposition 9.2.So, our goal for the next several lectures is to prove that for each

prime p, there exists an integer g with the property that e = p− 1 is thesmallest positive integer such that ge ≡ 1 (mod p).

Definition 20.1. Let a ∈ Z and m ∈ N such that gcd(a,m) = 1. We define theorder of a modulo m, denoted ordm(a) as the smallest positive integer e such thatae ≡ 1 (mod m).

Note that since gcd(a,m) = 1, Theorem 12.3 yields that aφ(m) ≡ 1(mod m) and so, we know that the order of a modulo m, as in Defini-tion 20.1 is well-defined; furthermore, ordm(a) ≤ φ(m).

Proposition 20.2. Let a and m be nonzero coprime integers. Then for any positiveinteger e satisfying ae ≡ 1 (mod m), we have that ordm(a) | e.

Proof. Indeed, we divide the positive integer e (for which ae ≡ 1 (mod m)) byordm(a) and obtain quotient q and remainder r, i.e.,

e = ordm(a) · q + r;


we’ll prove that r must be 0. Now, we know from Theorem 1.3 that 0 ≤ r <ordm(a). On the other hand, we know (since both a

ordm(a) ≡ 1 (mod m) andae ≡ 1 (mod m)) that

1 ≡ ae ≡(aordm(a)

)q· ar ≡ ar (mod m).

So, if r > 0, then we get that ar ≡ 1 (mod m) and r is a smaller than ordm(a),which is the least positive integer i satisfying ai ≡ 1 (mod m), contradiction.Therefore, we must have r = 0, as desired in the conclusion of Proposition 20.2. �

Corollary 20.3. Let a ∈ Z and m ∈ N be coprime integers. Then ordm(a) | φ(m)

Proof. Since aφ(m) ≡ 1 (mod m) (by Theorem 12.3), then Proposition 20.2 deliversthe desired conclusion for Corollary 20.3. �

Definition 20.4. Let a ∈ Z and m ∈ N be coprime integers. We say that a is aprimitive root modulo m if ordm(a) = φ(m).

21. October 28

The immediate goal for us is to prove that for each prime p, thereexists some primitive root modulo p. We will even prove that wheneverp is an odd prime number and α ∈ N, there exists a primitive root modulopα.

Proposition 21.1. Let a ∈ Z and let m ∈ N such that gcd(a,m) = 1. Then forany positive integer n, we have that

(68) ordm (an) =

ordm(a)

gcd(n, ordm(a)).

Proof. We let D := ordm(a) and d := gcd(D,n). Then bothDd and

nd are positive

integers and moreover,

(an)Dd ≡

(aD)nd ≡ 1nd ≡ 1 (mod m),

which proves that the order D1 := ordm(an) must satisfy (according to Proposi-

tion 20.2 applied to the integer an modulo m) the divisibility

(69) D1 |D

d.

On the other hand, we have

aD1n ≡ (an)D1 ≡ 1 (mod m),which proves (once again applying Proposition 20.2, this time applied to the integera modulo m) the divisibility

(70) D | D1n.Furthermore, since d = gcd(D,n), we have that the integers Dd and

nd must be

coprime. In particular, we get that the divisibility (70) yields

(71)D

d| nd·D1.

But using in (71) that gcd(Dd ,

nd

)= 1 along with Proposition 3.2, we conclude that

(72)D

d| D1.

COURSE NOTES 35

Combining (72) with (69) allows us to conclude that D1 =Dd , as claimed in the

conclusion of Proposition 21.1. �

Proposition 21.2. Let a1, a2 ∈ Z and m ∈ N with the property that

(73) gcd (ordm(a1), ordm(a2)) = 1.

Then ordm(a1a2) = ordm(a1) · ordm(a2).

Proof. We let dj := ordm(aj) for j = 1, 2 and d := ordm(a1a2) (note that since a1and a2 are coprime with m, then so is a1 · a2). We see that

(a1a2)d1d2 ≡

(ad11

)d2·(ad22

)d1≡ 1d2 · 1d1 ≡ 1 (mod m),

thus proving (by Proposition 20.2) that

(74) d | d1d2.

Now, on the other hand, since (a1a2)d ≡ 1 (mod m), then we also know that

1 ≡ (a1a2)dd1 ≡(ad11

)d· add12 ≡ 1 · a

dd12 ≡ a

dd12 (mod m).

So, then using Proposition 20.2 to a2 for which we know that add12 ≡ 1 (mod m),

we conclude that

(75) d2 | dd1.

But then using Proposition 3.2 (note that d1 and d2 are coprime) to divisibility(75), we conclude that

(76) d2 | d.

Running the exact same argument but applied to a2 instead of a1, we derive thatd1 | d. Indeed,

1 ≡ (a1a2)dd2 ≡ (a1)dd2 ·(ad22

)d≡ add21 · 1 ≡ a

dd21 (mod m)

and so, d1 | dd2 and because gcd(d1, d2) = 1, we conclude that

(77) d1 | d.

Equations (76) and (77) coupled with the fact that d1 and d2 are coprime yieldsthat

(78) d1d2 | d.

Equations (74) and (78) show that indeed, d = d1d2, as desired in the conclusionof Proposition 21.2. �

22. October 30

Proposition 22.1. Let p be a prime and d ∈ N a divisor of p − 1. Then thepolynmial congruence equation

(79) xd ≡ 1 (mod p)

has precisely d solutions.


Proof. First of all, Theorem 18.1 yields that congruence equation (79) doesn’t havemore than d solutions. On the other hand, we know that the congruence equation

xp−1 ≡ 1 (mod p)

has precisely p− 1 solutions {1, . . . , p− 1} modulo p. We see that

xp−1 − 1 = (xd − 1) ·(xp−1−d + xp−1−2d + · · ·+ xd + 1

)and so, for each integer i ∈ {1, . . . , p − 1} satisfying ip−1 ≡ 1 (mod p), it meansthat

(80) either p | id − 1

(81) or p |(ip−1−d + ip−1−2d + · · ·+ id + 1

).

However, another application of Theorem 18.1 applied to (81) yields that therecannot be more than p−1−d integers i ∈ {1, . . . , p−1} satisfying divisibility (81).In conclusion, there must be d integers i ∈ {1, . . . , p−1} satisfying divisibility (80).So, indeed, as claimed in Proposition 22.1, there are precisely d solutions to thecongruence equation (79). �

Proposition 22.2. Let p and q be primes and α be a positive integer such thatqα | p− 1. Then there exists a ∈ Z such that ordp(a) = qα.

Proof. By Proposition 22.1, we know that there exist qα solutions to the congruenceequation

(82) xqα

≡ 1 (mod p).

Now, for any of these qα solutions x1 to congruence equation (82), if ordp(x1) 6= qα,then we still have (according to Proposition 20.2) that ordp(x1) is a power of q; so,if ordp(x1) 6= qα, then we must have that ordp(x1) = qβ for some β ≤ α− 1. Thus

(83) xqα−1

1 ≡ 1 (mod p),

because ordp(x) | qα−1 in this case. However, according to Proposition 22.1, thereare precisely qα−1 solutions to the congruence equation (83). In conclusion, allsolutions to congruence equation (82), which are not also solutions to congruenceequation (83) must be an integer of order precisely qα modulo p; as shown byProposition 22.1 applied to the two congruence equations (82) and (83), there areqα − qα−1 such integers modulo p of order qα.

This concludes our proof of Proposition 22.2. �

Theorem 22.3. Let p be a prime number. Then there exist precisely φ(p− 1) dis-tinct residue classes modulo p containing integers a with the property that orda(p) =p− 1.

Proof. We write φ(p − 1) =∏`j=1 q

βjj (its prime power factorization). Then by

Proposition 22.2 yields that for each j = 1, . . . , `, there exists some integer aj

with ordp(aj) = qβjj . But then (since the primes qj are distinct), Proposition 21.2

(applied repeatedly) yields that

ordp

∏̀j=1

aj

= ∏̀j=1

qβjj = p− 1.

COURSE NOTES 37

So, there exist primitive elements modulo p; next we prove that there exist φ(p−1)such primitive elements modulo p.

Now, the fact that we have an integer g of order p− 1 modulo p means that thenonzero residue classes modulo p may also be represented by the integers:

{1, g, g2, · · · , gp−2}.So, for an integer in the residue class of gi (for i ∈ {0, . . . , p− 2}), we have that itsorder modulo p is p− 1 if(84) ordp(g

i) = p− 1.However, Proposition 21.1 yields that

ordp(gi) =

ordp(g)

gcd(i, ordp(g))=

p− 1gcd(i, p− 1)

.

Coupling this last formula with (84), we obtain that gi is also a primitive elementmodulo p if and only if gcd(i, p − 1) = 1; therefore, there exist precisely φ(p − 1)integers i from {0, 1, . . . , p− 2} such that gi has order p− 1 modulo p.


23. November 2

Theorem 23.1. Let p be an odd prime number and let α ∈ N. Then there existsan integer a with ordpα(a) = φ(p

α).

Proof. We already established in Theorem 22.3 that there exists g1 ∈ Z whose ordermodulo p is indeed p − 1. Next we show that there exists an integer g2 of orderφ(p2) modulo p2, where g2 = g1 + p` for a suitable ` ∈ {0, . . . , p− 1}.

First of all, letting d2 = ordp2(g2), we see that gd22 ≡ 1 (mod p2) and so, g

d22 ≡ 1

(mod p). Because g2 ≡ g1 (mod p), we also have

(85) gd21 ≡ 1 (mod p).Using (85) coupled with Proposition 20.2 (and the fact that ordp(g1) = p− 1), weget that

(86) p− 1 | d2.The using (86), in order to prove that d2 = φ(p

2) = p(p− 1), all we need to show isthat d2 6= p− 1; in other words, we need to find some ` ∈ {0, . . . , p− 1} such that

(87) gp−12 6≡ 1 (mod p2).Now, g2 is coprime with p; so, we see that (87) holds if and only if

(88) gp2 6≡ g2 (mod p2).

(All we’re

september 9dghioca/courses/537/course_notes.pdf · 2020. 9. 23. · thus ris a linear combination...

Documents