Elementary Number Theory : An Algebraic Approach

Corollary.

less than

is the number of positive integers

For example, 1, 5, 7, and 11 are the units in Z12 and
Congruence

16

9.4

Corollary.

p

is prime if and only if fP{p) = p - 1.

Proof. p has no proper factors if and only if none of the integers I, 2, ... ,p - 1 shares a factor with p. 9.5

Theorem.

p is prime if and only if ZP is a field.

Proof. ZP is a field if and only if each of the p - 1 elements of z; is a unit, that is, if and only if (()(p) = p- 1. Here is a second proof of half the theorem. Suppose p is prime. If (a,p) = (b, p) = 1, then Theorem 2. 6 implies (ab,p) = 1. Consequently z; is closed under multiplication, so Zp is an integral domain. But every finite integral domain is a field· (Problem 11.11) . We can now deduce some classical parts of elementary number theory from familiar facts about groups. Let G be a group with identity element e and g e G. Then the order of g divides the order n of G, so that gn = e and g"-1 = g-1 . 9.6

Euler's Theorem.

k'P(nl

=

1(n ) when (k, n) = 1.

({J(n) is the order of the group cl>(n) which contains k. i s the identity element of cl>(n).

Proof. 9.7

p,f' k.

Fermat's (Little) Theorem.

Thus k'P
1 If p i s prime then kp- = 1(p) when

Let p be prime. Then ((J{p) = p - 1 and (p, k) = 1 if p ,r k. Fermat's theorem is a special case of Euler's theorem.

Proof. 9.8

Fermat's (Little) Theorem, second version.

kP =: k{p).

If pI k, then pI kP, so kP= so multiplying through by k,

Proof.

0 =k(p).

If

p

Thus

is prime, then

If p ,r k, then kP-1 =

l(p),

kP =: k{p). Fermat's (great) or (last) "Theorem " is the subject of Chapter 7. We can sometimes use Euler's theorem t o shorten the solutions of con­ gruences. If (a, n) = 1, then ax= b(n) has a solution. In Z n

10.

17

More about rp(n)

so x=

oii-1

= Diiq>(n) -1

(Euler's theorem)

= baq>(n) 1 . Thus x = ba'�'-1 i s a solution t o the original congruence.

For example,

5x = 4(12) has X = 4 5'1'(1Z)-1 •

as a solution.

=

4 53= 500 •

Of course, since

500

=

41 . I2 + 8

500= 8

=

-4 (12)

so x = -4 and x = 8 are also solutions. We can also prove the Chinese remainder. theorem (8. 1) in the following new way. Suppose (n;, ni) = I when i =1: j. As in the proof in Section 8, let N= n n, and N; = N/n;. Then (n;, N;) = I and N;= O(ni) when 1 j =1: j. Let • • •

Then

and Theorem 8.1 is proved. This construction of x has the computational advantage of requiring no long division, though x is likely to be large. 10.

MORE A BOUT

rp(n)

Consider the n rational numbers

1 2 '

n n

'

. . .. '

n . n

(9)

18

Congruence

How many of these fractions are written in lowest terms? Since mfn is in lowest terms if and only if (m, n) = I, the answer to this question is qJ(n). Suppose now that we reduce each fraction in (9) to lowest terms. The denominators which occur when we have finished are just the divisors of n. How often does each divisor appear? If d I n, then each of the rational numbers 1/ d, . . . , dfd is mfn for some m and hence appears in (9). However, of these d fractions with denominator d just qJ(d) are in lowest terms. There­ fore the denominator d appears just qJ{d) times when the fractions in (9) are written in lowest terms. But all the fractions have now been accounted for, so n, the number of fractions, is just the sum of the numbers qJ(d) for d dividing n. We have notation summarizing that clumsy sentence:

n

=} c/J(d).

(10)

dr,.

Note that implicit in Eq. (10) are the assumptions that and that d = 1 and d = n are counted as divisors. If we rewrite Eq. (10) as

n

qJ(n) = n - ) ({J(d) dr,.

d
and dare positive

(11)

it becomes a formula for computing qJ(n) recursively in terms of qJ(d) for the proper divisors d of n. The reader should work through the derivation of Eq. (10) for some particular values of n. The value n = 12 is good because 12 is the smallest number with a varied set of divisors. For primes p, Eq. ( 1 1) becomes

qJ(p) = p - qJ(l) = p - 1 ,

( 12)

an old friend. All the fractions in the sequence (9) except pfp are in lowest terms. We can use Eq. (11) to gain new knowledge. If pis prime, then the divisors of p 2 are just I, p, and p 2, so that

qJ(p2 ) = p2 - qJ(p) - qJ(l) =p2 - (p - 1) - 1 = p2 -p. We employ this device inductively in the next theorem.

10.

More about f{l(n)

Theorem.

10.1

19

If p is prime and a

;;;::

1, then

Proof. We already know this theorem is true for a = 1 and a = 2. Suppose that it is true for all a < p. The proper divisors of pfl are just 1 , p, . . . , pP - 2 , and pP - 1 • Therefore, Eq. ( 1 1 ) implies cp(pP )

=

pfl - [cp(pfl - 1 ) + cp(pfl - 2 ) + . . .

+

cp(p) + 1 ]

fl = p fl - [(pfl - 1 - pfl - 2 ) + (p - 2 - pfl - 3) (the inductive hypothesis)

+ .

. . + (p - 1 ) + 1 ]

= [1 - pfl - 1 .

The telescoping sum above i s pretty but un­ cnlightening . We shall give another proof of Theorem 1 0 . 1 which is a straight­ forward counting argument. A positive integer k < pfl satisfies (k, pfl ) > 1 if and only if k is a multiple of p. How many multiples of p less than pfl are there ?

Proof (Second version).

so that of the pfl integers 1, 2, . . . , pfl

pfl .

The others are in 4>(pfl ).

- 1 exactly pfl - 1 - 1 share a factor with

Therefore

Notice that we used Greek letters for exponents in Theorem 1 0. 1 . We shall to adhere to this convention in the following pages .

try

10.2

\l'(mn)

Definition. A function '¥ : Z � Z is multiplicative if and only if '¥ (m)'¥ (n) whenever m and n are relatively prime.

=

The identity function is multiplicative ; so is the absolute value function, since for these '¥, 'P(mn) '¥(m)'¥(n) for all m and n. Problems 11.18, 1 1 .25, and 1 1 .29 consider examples of multiplicative functions. Problem 1 1 .30 concerns the theory of such functions. A multiplicative function '¥ is known when its values for prime powers are known, because if n = p�' · · · p'k", then

=

Our

next

task is to show cp is multiplicative.

20

Congruenc

10.3

Lemma.

Suppose (m, n) = 1 . Then (xm + yn, mn) = (x, n)(y, m).

(13

Proof. It suffices to show that the two members of Eq. 1 3 have the sam( prime power divisors. Suppose pa. divides either member. Then pa. l mn Since (m, n) 1 , ei ther pa. l m and (pa., n) = 1 or pa. l n and (pa., m) = 1. Sincf the theorem and the alternatives above are symmetrical in m and n, we shall treat only the first. That is, suppose pa. l m and, necessarily, (pa. , n) = 1 .

=

Then

pa. l (xm

+ yn, mn) pa. l xm + yn <;:!;>Pa. l Y

<;!:>Pa. l (y, m) <;!:>Pa. l (x, n)(y, m). 10.4

Theorem.

The Euler qJ-function is multiplicative.

Let X be a set of coset representatives of the cosets in W(n). We may as well take for X the positive integers less than n and relatively prime to n. Similarly define Y using m i nstead of n. Then X ha s qJ(n) e lements ; Y has qJ (m) . We shall show that the set

Proof.

W = {xm

+ nyI x e X, y e

Y}

has qJ{m) qJ (n) elements and is a complete set of representatives of the cosets in w(mn). The theorem will then be proved .

Suppose x E X and implies that

y E Y.

Then (x, n) = (y, m) = 1 so Lemma

10.3

(xm + yn, mn) = 1 . That is, W represents only cosets in (mn). Next, w e show no two elements of W are congruent modulo mn. It wil l follow that the elements of W represent different cosets in (mn) and hence , a fortiori, no two elements of W are equal and W has qJ(m)qJ(n) eleme nts .

Suppose

xm

+ yn =

x'm + y'n (mn)

(14)

10.

21

More about rp(n)

for x, x' E X and y, y' E (14) implies that

We must prove x = x' and y = y'. Congruence

Y.

mn I (x - x')m + (y -y')n. Apply Lemma 10.3 :

mn I (x - x', n)(y - y ', m).

Since m and n are relatively prime, it follows that and

n l x - x'

m I Y - y' ,

but distinct elements of X are incongruent modulo n, so x must equal x'. Similarly, y = y'. Finally, we must show that W represents every coset in cl>(mn). Since (m, n) = 1 , we can always solve the Diophantine equation

w = xm + ny (Theorem 3.1). If w lies in an element of cl>(mn) then (w, mn) = 1. Lemma then implies that

10.3

(x, n) = (y, m) = 1 .

[f we replace x by the element of X to which i t i s congruent modulo n and similarly replace y, we do not change w in Zmn · Therefore W represents every coset in (mn). 10.5

Theorem

cp(n) = n n

primes pl n

(1 - �)P

Proof. First a remark O:Q. the notation. The symbol n is to products as L iN to sums. That is, Theorem 10.5 may be restated as : if P1 > , p, are

d i fferent

primes and

• • •

(15)

then

cp(n)

=

=

( 1 - :J ( 1 - :J ( ;) n ft ( �)· ···

n

1 -

1 -

22

Congruence

For example, cp( 12)

=

cp(22 3 ) •

=

12(1 -!)( 1

- j)

=

4

with what we already know. Now to prove the theorem. Suppose n = p"', a prime power. Then

which checks

(Theorem 10.1) so the theorem is true. Now suppose n any integer. Write n as in Eq. (1 5). Since cp is multiplicative,

. . . cp(p�·) p�· ( 1 - :J . . . p�· ( 1 - :J p�· . . p�· ( - :J . . . ( 1 - :J = n TI ( 1 - .!.) . Pi

cp(n) = cp(p�') =

.

=

1

primes p! l n 11.

is odd, then a 2 6.1 and 6.4.

PROBL EMS =

11.1

Prove : If a

11.2

When do es ax = bx(n) imply a =

facts help in Problems 11.3

11.4

-

···

1,

b(n) ?

n,).

Prove the

of order n

If a is even, then a 2 = 0(4).

a = b(n,) for mutually relatively

Prove: If

then a = b(n,

1 (8).

prime

i ntegers n . ,

These

.. .

, n, ,

following theorem due to Lucas : If
then

11.5 If m I n then nZ c. mZ, so there is a natural map Trm" : Z/nZ -+ Z/mZ. Use this map to describe the uniqueness assertion of Theo rem 7 . 1. 11.6

Solve each of the following sets of simultaneous congruences :

{x

= 1 (2),

{z

=

{y = 1 (9), 11.7

Let n�o

1

(9),

X ::

2 1

(5), (5),

Prove this more general

...

, n, a, ,

.. .

, a, ,

2 (3),

and b.,

X =:

3

1 (7)} 3 (7)}.

(5),

X ::

4 (7) }

version of the Chinese remainder theorem : , b, be integers such that (n, , nJ) 1 when

...

=

11.

Problems

23

I '# j and such that each of the congruences a, x = b,(n,) has a solution.

Then

these congruences have a simultaneous solution.

11.8 Prove this more general version of the Chinese remainder theorem : The congruences x = a, (n,), i = 1, . . . , r, have a simultaneous solution if and only if a, = a1 l (n , , n1) l whenever i '# j. 11.9 Use Problem 11.5 to discuss the uniqueness of the solution produced by the Chinese remainder theorem.

11.10 An ideal-theoretic version of the Chinese remainder theorem. Let /1, , I. be ideals in Z no two of which are contained in a common maximal ideal. Then for any integers b 1 , . . . , b. there is an x e Z such that x - b1 e 11 for all j. • • •

11.11

Prove that every finite integral domain is a field.

11.12 Divisibility tests. Write m = at v at _ 1 v · v ao for the integer m i n base 10 notation. That is, 0 � a1 � 9 and m = at10k + · · · + a d O + ao . Prove : (a) m = ao (2), (b) m = ao + a1 + · · · + Ot (3), (c) m = a 1 v ao = 2a t + ao (4), (d) m = ao (5), (c) m = a,_ V a1 v ao = 4az + 2a 2 + ao (8), (f) m = ao + Ot + · · · + at (9), (g) m = ao (10), (h) m = ao - at + az - · + ( - 1)kat (1 1). · ·

· ·

11 .13 1 1.14

Devise a test for d ivisi bility by 7.

Use part (f) of Problem 1 1 . 1 2 to justify the well known method of " casting

n u t nines " to check arithmetical computations.

1 1 .15 Generalize the results of Problem 1 1 . 1 2 to find tests for the divisibility of m by q in terms of the digits of the expansion of m in the base b.

1 1 .16

When is rp(n) odd ?

l l .17

For which n do each of the following hold ?

l l.l 8

1 1 .19 l i .:ZO

l l .:Z l 1 1 .22

rp(2n) > rp(n),

=

rp (n) ,

rp(2n) < rp (n) .

Show that (x, y) ·is a multiplicative function of x for each fixed y.

Find a ll solutions t o rp(n) Prove

=

24 ..

I: k = lnrp(n) .

k
(t,n) = l

Prove o r disprove the following generalization o f Lemma 10.3 :

(m , n) (xm + yn, mn)

=

(x, n)(y, m).

Show that the ring z. is naturally isomorphic to the endomorphism ring

(Z. , 1'). Deduce that
u l' t he add itive grou p

lll'llll l l

rp (2n)

24

Congruence

11.23 For which integers n does z. contain element X -:1:- 0, 1 for which X 2 = X ? 11.Z4"'

=

(b)

(c) (d)

nontrivial idempotent, that is, an

Let �.(d) be the annihilator of d in Z, . �.(d) .= { X E z. I

(a)

a

That is,

Xd = O}

{ x E Z I xd = O(n)}.

Show �.(d) �.(d') if d = d'(n). Show �.(d) = �.(xd) if (x, n) = 1 . Prove that �.(d) is an ideal of the ring z Part (c) shows �.(d) is itself a ring. Prove that it is a field if and only if (d, n) is a prime whose square does not divide n. (This is Advanced Problem No. 5469 in the American Mathematical Monthly, (1967) 74, 208 . The solution is in the same Monthly, 15, (1 968) 306.) =

• .

11.25 Let a(n) be the sum of the divisors of n. Thus a(1 ) a(6) = 1 + 2 + 3 + 6 1 2 , and so on. Prove (a) a is multiplicative. (b) If p is prime then a(p•) = (p• + l - 1)/{p - 1).

=

=

(c)

1 , a(2)

=

1

+

2

=

3,

Derive a formula for a(n) analogous to the one for cp(n) established in Theorem 10.5.

11.26 An integer is perfect if it is the sum of its proper divisors. For example, 6 1 + 2 + 3 and 2 8 1 + 2 + 4 + 7 + 14 are perfect ; N is perfect if and only if a(N) = 2N. Prove that 2" - 1M, is perfect if M, is a Mersenne prime (Problem 6. 1 8) . Euclid knew this fact. =

=

11.27* Prove that if N is an even perfect number, then N 2" - l M. for som� Mersenne prime M. . Euler first proved that theorem. It is not known whether there is an odd perfect number. For more facts about these numbers see Martin Gardner's " Mathematical Games : A Short Treatise on the Useless Elegance of Perfect Numbers and Amicable Pairs," Scientific American, March, 1 968, p. 1 2 1 . =

11.28

Prove : cp(n) i s a power of 2 i f and only if

n = l"P 1

· · ·

P�<

where the P• are distinct Fermat primes (Problem 6.1 7). Gauss proved that a regular n-gon can be constructed with ruler and compass for just these values of n. 11.29

Let p(n) be the number of integers 1 :::;; k � n such that (k, n)

=

(k + 1 , n)

=

1.

Show p i s multiplicative, evaluate p at prime powers, and deduce p(n) = n TI PI•

( �) . 1 -

p

I I.

25

Problems

1 1.30* Arithmetic functions. Let z + = { 1 , 2, 3, . . . } and R the set of functions fmm Z + to Z. Such a function is called arithmetic. Some useful members of R nrc rp, a (defined in Problem 1 1 .25), p (Problem 1 1 .29), (x, y) for fixed y (Problem 1 1 . 1 8), and 0, e, i, 8, -r defined by

O(n) = 0, all n e Z + ,

e(n) =

Define

+

{

1

if n = l

0

otherwise,

i(n) = 1 , all n e Z + , 8(n) = n, all n e Z + , -r(n) = the number of positive divisors of n.

and • in R by

(ex + {3)(n) = ex(n) + {3(n) (ex * {3)(n) =

L u.(d){3 dl•

(S) ·

(n) Show -r i • i, a = i • 8, 8 = rp • i, rp • -r = a (see (d)). (b) Prove that (R, + . •) is an integral domain in which 0 is the additive and e the multiplicative identity. (c) The function ex is a unit in R if and only if ex(1) = ± 1 . (d) The set of nonzero multiplicative arithmetic functions is a subgroup of the group of units of R. (c) The function f' i- 1 is called the Mobius function. Deduce the Mobius inversion formula =

=

ex(n) = L {3(d) => {3(n) dl•

=

L cx(d)f' dl•

(S)

(16)

from the implication

(f) .Show that

(1

if n = 1

f'(n) = 0 if m2 I n for some m ( - 1)t

>0

if n is the product of k distinct primes.

L f'(d) = 0

(g)

Show 8 - 1(n) = 8(n)f'(n), all

(h)

Take (fl ) as the definition of f' , and prove the inversion formula (16) directly, that is, without (b).

n,

and

dl•

(n > 1 ).

3 Polynomials

In this chapter we shall prove Wilson's theorem and a theorem of Fermat's which says that a prime congruent to 1 modulo 4 is a sum of two squares. These results and others we shall use later follow easily from facts about the algebra of polynomials. 12.

THE AL GEBRA. OF POL YNOMIALS

Let R be a commutative ring with identity 1 # 0; write R[x] for the ring of polynomials in the variable x with coefficients in R. The subring of R[x] consisting of " constant " polynomials is naturally identified with R. Suppose r e R. Then the map a, : R[x] - R obtained by " substituting " r for x in each polynomial is a ring homomorphism. We follow the custom­ ary convenient practice and write f(r) for a,(f) . If s e R is thought of as the constant polynomial s e R [x] , then s(r) s for all r; r is a root of f when f(r) 0. If S is a ring and p : R -+ S is a ring homomorphism, then p extends naturally to the homomorphism from R [x] to S[x] obtained by applying p to the coefficients of each polynomial. We shall also call this extended homomorphism p. If fe R [x] and r e R, then p(f(r)) p(f)(p(r)). In particular, the function assigning to each polynomial with integral =

=

=

12.

The Algebra of PolyJWmials

27

coefficients the polynomial with the same coefficients reduced modulo n is a homomorphism from Z [x] to Zn [x] . When fe Z [x] we write J for its image in Zn [x] ; J is the polynomial whose coefficients are the coefficients of f modulo n. Iff has an integral root r, then clearly r is a root of J, but the converse is false. For example, 2 is a root of x2 + 1 in Z5 , but x2 + 1 has no root in Z. In fact, J has a root in Zn if and only if the Diophantine equation f (x) = ny has a solution. When this happens we say fhas a root modulo n. Let fe Z[x] . Since f(m) = O(f(m)), f has a root modulo f(m) for every m E Z. Thus every nonconstant polynomial has roots modulo n for infinitely many integers n. We are about to prove more. 12.1 Theorem. Every nonconstant polynomial fe Z [x] has roots modulo p for infinitely many primes p.

/'roof

Let

where n > 0 and an ¥- 0. If f has f(k) = O(p) for every prime p, and

an integral root k, then f(k) = 0 so the theorem is true for f Therefore, ussume f has no integral root. In particular, /(0) = a0 ¥- 0. Suppose that I'm primes Pt > . . , p, , f(x)= O(p;) has a solution. We shall find another pt"i me with that property. Consider the polynomial g in Z [x] defined by .

f (p , · · · p, ao x) = a0 (en � + · · · + c1x + 1) = a0 g (x).

J Inch of the coefficients c1 , , en ¥- 0 of g is divisible by p1 p, . Since is not constant, there is an integer x0 such that g(x0) ¥- ± 1. Let p be a pri me factor of g(x0). Since g(x0) = 1(p1), p is not one of the primes p , , . . . , p, . But p I a0 g(x0) = /(p1 p, a0 x0), so fhas a root modulo p. 11

•

. .

• • •

• • •

We are now ready to settle a question left open in Section 5 : the infinitude primes congruent to 1 modulo 4.

of t he

1 2.2 Lemma. t hen p = 1 (4).

If p is an odd prime and

x2

+

1 = O(p)

has a solution,

28

Polynomials

Proof.

Let k be a root of x2

+ 1 modulo p. {p)

1 1 = kp-

(k 2 )(p - 1 )/ 2 {p) = ( - 1 ) (p - 1 /2) (p).

=

Then k2 = - 1(p) s o

(Fermat's theorem)

Thus (p - 1)/2 is even and hence p = 1(4). 12.3

Corollary.

There are infinitely many primes congruent to 1

modulo 4. Each of the infinitely many odd primes modulo whichever x2 has a root is congruent to 1 modulo 4.

Proof.

+1

The converse to Lemma 12.2 is true. We shall prove it in the next section using some properties of Z,[x] which follow from the fact that z, is a field. 13 .

WILSON'S THEOREM

Let F be a field. Then F[x] possesses a Euclidean norm and hence is a unique factorization domain (Appendix 1 , Example 9 , and Theorem 1 6). a e F is a root off e F[x] if and only if (x - a) I f. Thus a polynomial of degree n has at most n roots in F (Appendix 1, Theorem 1 7, and Corollary 1 8). Since z, is a field when p is prime (Theorem 9.5), these remarks apply to Z,[x] . 13.1

If p is prime, then

Wilson's Theorem.

(p - 1) !

=

- 1 {p).

1 Proof. Consider the polynomial f(x) = x" - - 1 in Z, [x] . Fermat's theorem implies that the p - 1 elements 1 , 2, . . . , p - 1 of z, are all roots of J, which is of degree p - 1 . Then the introductory remarks above show

x"- 1 - 1 in

Z,[x].

=

Now substitute

(x - 1){x - 2) . . (x - (p - 1)) ·

x = 0 in Z, :

- 1 = ( - 1 )" - 1 {p - 1) ! = (p - 1) ! {p)

since either p - 1 is even or p 13.2

valently,

=

2, in which case - 1 = I(p).

Theorem. x2 + I h as a root modulo the odd prime = 2 x = - l(p) has a solution, if and only if p 1(4).

p,

or equi­

14.

The

Diophantine Equation x2 + y2

=

p

29

Proof " Only if " is Lemma 1 3.2, so suppose is even. Now

.

1 . 2 . 3 . . (p - 2)(p - 1)

p=

=-

1(4).

Then (p - 1 )/2 (1)

1 (p)

(Wilson's theorem) and -r

for r

=

1, 2, . . . , (p - 1)/2.

= p - r (p)

Thus rearranging the factors in (1) yields

- . 2 . ( - 2) . . . p ; 1 (- p ; 1) (p) = ( - 1)(p- 1)/2 e ; 1 !r (p) ( - 1 l) 2 (p . = p

- 1 = 1 . ( 1)

)

-2- .

The two square roots of - 1 in 1 p, are thus ±

� ; )'.

14 .

ZP , and hence the roots of x2 + 1

THE DIOPHANTINE E Q UA TION

x2

+ y2

=

modulo

p

Which primes p are the sums of two squares ; that is, which primes are 1·epresentable in the sense of Section 1 ? Fermat knew the answer we are about 2 Henceforth to give. Since 2 = 1 2 + 1 , the only even prime is disposed of. let p be an odd prime. 14.1

Lemma.

If x2

+ y 2 = p, then (x, p) = (y, p) =

1.

If p I x, then p 2 1 x2 , so p l y 2 • Since p is prime, this implies p l y, and hence p2 lp, which is absurd. Thus p ,t x, so (x, p) = 1 . Similarly, (y, p) = 1. Proof

II<>

p2 l y 2

14.2

Proof

Lemma.

If x2

+ y2

= p,

then p

Reduction modulo p yields

= 1(4).

30

Polynomials

and thus

where y - 1 is the inverse of y in the group �{p).

p = 1(4).

Lemma 1 2.2 then implies

Here is a second proof. Suppose x2 + y 2 = p. Since p is odd, x and y have opposite parity. Then one of x2 or y 2 is divisible by 4 ; the other is congruent to I modulo 4 (Problem 1 1 . 1 . Also compare Problem 1 . 1 ) .

The second proof is simpler than the first, but the first can be made to run backwards to prove the converse of Lemma 1 4.2. Suppose p is a prime congruent to 1 modulo 4. Then there is an integer z such that z2 = l (p) (Theorem 1 3.2). We shall try to write z = xy - 1 in �{p) for small values of lx l and l y l , for then -

implies

so

for some integer k. If lxl and I Y I are small enough, k will have t o b e 1 . This motivates the next theorem and its application to the problem at hand. Before stating it we shall make explicit the obvious combinatorial fact on which its proof depends, Dirichlet's famous " pigeonhole principle " . 14.3 Lemma. If n objects are filed in fewer than n pigeonholes, then at least two are filed together. More mathematically, though less vividly : If an n element set is a union of m < n of its subsets, then at least one of those subsets has more than one element .

14.4

.

Theorem

(Thue). Suppose n is not a perfect square and z E Z

Then the congruence

xz = y (n) has a solution (x, y) for which both zero.

lxl and

IY I are both less than Jn but are not

14.

The Diophantine Equation x3 + y3

=

31

p

Proof Con sider a ll the integers xz - y such that x and y are nonnegati ve and les s tha n Jn. Let m be the least integer greater than Jn. Then there are m c hoi ces for x and m for y. Since m 2 > n and Zn has n e lement s, there must be two une qua l pairs (x, y) and (x', y') such that ( xz - y) (x'z - y') i n Zn . (This i s the pigeonho le prin ci ple .) The n

=

( x - x ' )z

=

y - y'

(n) .

I Y - y' I are both le ss than Jn a nd are not both

Si nce lx - x' I and are done .

ze ro, we

14.5 Theorem (Fermat). An odd prime is the sum of two squares i f and on ly i f it i s congr uent t o 1 mod ulo 4.

Proof

" On ly if " is Lemma 14.2, so suppose p z2

=

=

1 (4).

Let

- 1 (p)

z

sat isfy

(2)

(T heorem 2.2). C hoo se x and y sati sfyi ng the co ncl usion s o f Th ue 's theore m ( 1 4.4). Then (2) and xz= y (p) i mply

NO

for some integer k.

Si nce lxl < JP and I Y I < posit i ve integer, k 1 and

=

Jp,

x2

+

y 2 < 2p so k < 2 .

Si nce k i s a

( 3) ns

desired.

This is o ur first enco unter with a member of the c la ss of Diophantine equation s

We shall hav e a lot to sa y a bo ut t his e qua tio n for some sma ll va lue s o f l m l nnu arbitrary n.

32

Polynomials

We close this section by studying the Diophantine equation x2

_

yz

=

p.

(4)

+

The seemingly innocuous change of sign makes the problem trivial. Suppose p is a positive prime and x > y > 0 . Then since x2 - y2 = (x - y)(x y), Eq. (4) implies x

-y

so x

=

=

1

p+l

2-

-

and x+ y

and

y

=

p

p-1

""" -- . 2

Thus the prime p is a difference of integral squares if and only if it is odd. In fact, we have discovered a little more. 14.6

Theorem.

Every odd integer is the difference of two consecutive

squares.

Proof.

If n is odd, then (n ± 1)/2 e Z and

n (n ;· lr - (n ; lr. =

Problem 15. 10 considers the representation of an even integer as a difference of squares.

15.1

Let F be a field.

15.

PRO BLEMS

Show that the units in F[x] are the constant polynomials.

15.2 If h e z.[x], we may regard h as a function from Zp _. zp by substituting for x the elements of z. . Show that for fand g e Z[x] the following are equivalent :

(a) f(n) = g(n)(p) for all n e Z. (b) I = g(x• - x) in z.[x]. That is, xP - X I I - g in Zp[X]. (c) I and ii yield the same function from z. -+ z• .

Show by example that none of these conditions implies I = g.

15.3* Prove that there are infinitely many prime (that is, irreducible) poly­ nomials in Z,[x). Write down the pl'ime polynomials of degree less than or equal to 3 in Z2[x] and Z3[x]. 15.4 Show that n is prime if and only if every linear polynomial in Z.[x] has at most one root in z. .

15.5 Let f e Z[x] be monic, that is, suppose its leading coefficient is 1. that the only rational roots of f are integers.

Show

I '.

l'roblc•nl.l'

1 �.6

()ed u ce

power of ul'

33

an

from Problem 1 5. 5 that m 1 1" is irrational unless m is the nth integer.

1�.7"' Prove Wilson's theorem by counting the number of p-Sylow subgroups t he symmetric group on p symbols.

1 5.8

1 5.9"'

Prove the converse of Wilson's theorem.

Then

The kth elementary symmetric function of n variables, St", is defined by

}J

(X -xJ) =

j� ( - 1)• - •st•(xl , . . . , x.)x•

in F[X] for every field F. The fundamental theorem on symmetric functions that any polynomial in n variables with coefficients in F which is invariant 1111der all permutations of its arguments is a polynomial in the elementary symmetric functions. For example, i� true

snys

x2 +

y 2 + z2

=

(St 3(x, y, z)) 2 - 2S23(x, y, z).

I nvestigate s.•(l , 2, . . . , p - 1) modulo A 1- 2 2 + · · · + (p - 1 ) 2 in Zp .

1

15.10

p

when

p

is an odd prime.

Investigate

Show that an even integer is a difference of squares if and only if it is

doubly even, that is, divisible by 4.

15.11 The argument preceding Theorem 14.6 shows that the representation of a prime as a difference of squares is unique. However

1 5 = 82 - 72 = 42 - P.

We can count the number· of solutions to the Diophantine equation (5)

Let be the factorization of n as a product of powers of distinct primes. Let N = (ex - l)(ex 1

+

1)

• · ·

(ext + 1).

Prove that Eq. (5) kas N/2 positive solutions if N is even and (N + 1)/2 if N is odd. 15.12"'

integers ? 15.13"'

Which integers can be written as a sum of consecutive odd positive Of two or more consecutive odd positive integers ? .

Answer the questions posed in Problem 1 5 . 12 when the word " odd "

is deleted. 15.14"' Reread Section 1 and Problems 6.1 , 6.2, and 6.3. Theorem 1 4.5 and Problem 1 5. 11 may suggest new conjectures on representable integers and the number of ways to represent them.

4 The

Group of Units of Zn

We shall show in this chapter that �. regarded as a group valued function of n, is multiplicative. That fact together with an analysis of the structure of �(n) when n is a power of a prime will allow us to answer classical questions about the congruence X'= m(n). -

16.

DECIMAL EXPANSIONS

In this section we shall investigate the form of the decimal expansion of l/n ; the questions raised by th at investigation motivate the subsequent discussion

of the group �(n). First we shall do some arithmetic to provide ourselves with numerical examples .

7 = 0.142857 . 1

--

The digits under the bar are to be repeated, that is,

7 = 0. 142857 1

142857 142857 . . . . 34

(1)

11'1.

35

f)£'dmal Expansions

ignore all questions about the convergence of the infinite decimals Any question the reader wishes to raise he must answer for himself. l!quation (1) follows from

We Nhall

we u sc.

1 428 57 711.000000 .

-7

30

- 28 20 - 14 60 - 56

40

- 35

50 - 49 1

The sequence of remainders, "

"

which

1 , 3, 2, 6, 4, 5 = 1 , 3, 2, 6, 4,

appear in bold face, is

5,

1 , 3,

2, 6, 4,

5,

. . . .

Similar computations show that

1 = 0.01250, 80 where the remainders are

(2)

1, 10, 20, 40, 0 ; that 1 = 0.076923, 13 --

where the remainders are 1 , 10, 9,

12, 3,

4; and that

1 = 0 .01 136 , 88 -

where the remainders are 1,

(3 )

10, 12, 32, 56.

(4)

The Group of Units of Z

36

Now fix a positive integer n.

S u pp o se that

1

-=

n

where 0

::;;

O.a1a2

• • •

,

a1 � 9, and that

where 0 ::;; r1 < n, is the sequence of remainders which occurs in the Ion� division algorithm. We wish to consider the remainders r1 both as integer� and as elements of Zn . The rule " bring down the next 0 " shows that

( 7)

Therefore

r1 + 1 = 1 0r1 (n).

(8)

r;+ 1 = 101

(9)

Since r0 = 1 , (8) implies (n).

The infinite sequence (6) of remainders lies in the finite set {0, 1 , . . . , s o there must be a first repetition

n

- 1 },

( 1 0) Then the long division algorithm implies that the sequence of remainders is just (1 1) and the corresponding decimal fraction is (12) We call A the period of the expansion in Eq. (12) ; that expansion is p urely if and only if Jl = 0, or, equivalently, the first repetition in the sequence (1 1 ) i s r;. = 1 . The expansion terminates if and only if rP. = 0. In that case all succeeding remainders will be 0. We wish to discover how Jl and A depend on n. To do so we review some elementary group theory. Let G be a finite group with i dentity e, and g an element of G. Then the

periodic

l fl ,

l>t•C'Imal Expansions

l i l'll l

•·cpctition in the sequence

37

e, g, g 2 , . . . iN

of the form g

"

(13)

=

e and A. is the order of g. The map 'P : Z � G given by g" is then a homomorphism with kernel A.Z, so that it may be regarded us an isomorphism between the additive group z, Z/A.Z and the subgroup j c•, g, . . , g A - l } of G spanned by g.

'l'(n)

=

·=

.

I 6.1 Theorem. Each of the following three groups of statements consists ,,r equivalent statements. For any particular positive integer n exactly one uf these groups consists of true assertions. I

(a) (b) (c) II (a) (b) (c) III (a) (b) (c)

The decimal expansion for 1/n is purely periodic. (10, n) 1 ; that is, neither 2 nor 5 divides n. For some A. > 0, r, 1. The decimal expansion for 1/n terminates. For some Jl, n 1 10" ; that is, n has no prime factors other than 2 or 5. For some Jl, r,. = 0. The decimal expansion for 1/n is not purely periodic and does not terminate. 2 or 5 and some third prime divide n. For i > 0, r; is never 0 or 1 .

=

=

Proof Let n be a positive integer. Elementary logic shows just one of I(a), II(a), or III(a) and just one of I(c), II(c), and III(c) is true. A little reflection shows just one of l(b) , II(b) , or III(b) is true. Thus to prove the theorem it suffices to show I(a) <:> l(b) <:> I(c) and II(a) <:> II(b) e- II(c). We treat case I first. Suppose (10, n) = 1 (I(b)). Then 10 e Cl»(n) (Theorem . 9.2). Congruence (9) now implies that sequence (6) of remainders is just the sequence ( 1 3) when g = 10 in the group Cl»(n). Therefore the first repetition is r, = 1 and I(a) is true. Suppose I(a) true. Then r, r0 1 , so I(c) follows. Finally, suppose I(c) true. Then

=

1

=

=

1 0" = 10 10" - 1(n). ·

That is, 10 is invertible in Zn , so (10, n) = 1 (I(b)) (Theorem 9.2). Case II is simpler. We show II(a) => II(b) => II(c) => II(a). If the decimal expansion for n is

11re Group of U11its of z.

38

then 1 0"/n i s an integer, so n 1 10". If n 1 10", then (9) shows r�" = 0. If r�" = 0, then for all k ;;:;: 0, rp, + k and hence ap, + k + l is zero. In our examples above, 7 and 1 3 are covered by Case I, 80 by Case II, and 88 by Case III. For the remainder of this section we shall restrict our attention to Case I. 16.2 Corollary. Suppose (10, n) = 1 . Let A be the subgroup of (n) generated by 10. Then the period .A.(n) of the decimal expansion of 1/n is the order of A and hence divides qJ(n).

The only special significance of 10 in this section is the fact that we have 10 fingers and so write numbers decimally. The methods we used really prove more than we have so far made explicit. The following theorem states a consequence of Case I for expansions to any base. 16.3 Theorem. Suppose (m, n) = 1 . Let Am be the subgroup of (n) generated by m. Then the period .A.m(n) of the expansion of lfn in the base m is the order of Am and hence divides qJ(n).

We shall continue to write .A.(n) for .A.1 0(n). A question commonly asked is : For which n does .A.(n) = qJ(n) ? The integer 7 enjoys this property ; 1 3 does not. The question is equivalent to : For which n is (n) cyclic with 1 0 as a generator ? The bulk of this chapter is devoted to the structure of (n) ; when we are done we shall know when (n) is cyclic. The problem of deciding whether 10 happens to be a generator is unsolved. For example, we shall see that the 1 2 element group <1>(13) is cyclic, though we know that the order of 1 0 in that group is only 6. In general (p) is always cyclic when p is prime. Part of a conjecture due to Artin asserts that 10 generates (p) for infinitely many primes p. We close this section with some remarks on the decimal expansion of kfn. Suppose (10, n) = 1 and that k/n is in lowest terms, so that (k, n) = 1 . If k happens to be in A, then it is just one of the remainders which appeared when we worked out the decimal expansion of 1/n. Then the decimal expansion of k/n is purely periodic ; its block of digits is a cyclic permutation of the block for n. For example,

10/13 = 0.769230

and

9/1 3 = 0.692307.

( 'y('/lr Groups

I I,

I I' k

39

¢ A we must begin again. Then the successive remainders in the

d i v ision algorithm for kfn are just the numbers l O ;k. Thus they exhaust 11 coset of A in �(n). Therefore, k/n too has a purely periodic expansion w i l h period A.(n), and the cyclic permutations of its block of digits determine I he expansions of the other elements of the A coset of k in �(n). 1 7.

In

C YCLIC GRO UPS

this section we shall find criteria for decidi�g when a group is cyclic or a

llruduct of cyclic groups. Using them we shall be able to prove that �(p'") is cyclic when p is an odd prime and that �(n) is a product of cyclic groups in n useful way when n is divisible by several primes.

g

17.1 Definition. Let generate a cyclic group G of order n. For G let the index of a relative to g be the least nonnegative integer m for wh ich a

uE

= gm. Write m = ind11{a).

Then 0 � ind11(a) � n -

g indf;� = a.

1,

and

� �nd� (a� Q. .

{14)

When we regard the index as a map ind11 : G -+ Z,. , + from G to the additive group of the ring Z,. , then it is a group isomorphism. That is, to multiply two elements of G simply add their indices modulo n. The index of e is 0, the index of is 1 . The index map should be thought of as a logarithm to the base for it turns multiplication in G into addition in Z,. :

g

·

g,

indg(a � b) = ind11(a) + indg{b) (n ). Choosing a generator

g as a base for the indices is equivalent to choosing

a particular isomorphism of G with Z,. ,

+.

These introductory remarks show that the study of finite cyclic groups is equivalent to the study of the groups Z,. , + . For the remainder of this section Z,. will mean simply the additive group of the ring Z,. . 17.2

Lemma.

The order of a e Z,. is nf(a, n).

Proof. Remember that we are discussing Z,. as an additive group. Thus the order of a is the least positive k for which ka = O(n). But Theorem 7. 1

40

The Group of Units of z.

tells us how to find all such k ; 0 is a soluti on and the solutions are unique modul o n/(a, n). Therefore nf(a, n) is the least positive s o l uti o n Note that this result is valid eve n for a = 0 since the order of 0 is 1 and (0, n) = n. .

17.3 Corollary. The element a generates Z, if and only if a e
Proof. The e lement a generate s Z, the order of a is n (a, n) = 1 (Lemma 17 .2) a e
Proof. S uppose g e G has order d. Then the cyclic subgroup of G generated by g has d elements and hence qJ(d) generators (Corollary 17.3) all of which are elements of G of order d. 17.5 Corollary. The additive group Z, has exactly qJ(d) elements of order d for each divisor d of n.

Proof. Let d I n and let 'P(d) be the number of elements of order d in z• . Since the order of nfd is d, 'l'(d) ;;;::: 1. Then 'P(d) ;;;::: cp(d) (Lemma 17.4). But every element of Z, has order d for some d I n, so

n = L 'P(d) ;;;::: L cp(d) = din

din

n.

(Eq . (10), Chapter 2)

This can happen only if 'P(d) = cp(d) for all d. A si milar argument proves a kind of converse to this corollary. 17.6 Theorem. l-et G be a group of order n. If G has at most cp(d) elements of order d for each divisor d of n, the n G is cycli c.

Proof. Let d and 'l'(d) be as in the pr oof of C orollary 17.5. hypothesis 'P(d) :::;; cp(d) for all d, so n

= )' 'l'{d) :::;; )' qJ(d) =

din

din

Then by

n.

This implies 'l'(d) = cp(d) for all d. In particular, 'l'(n) = cp(n) =I= 0, so there is an element of order n. Thu s G is cyclic .

I I,

41

C 'ycllc oro ups

We shall be p ar ticu l a rly interested later in products of cyclic groups. The topic is quite general because every finite abelian group is such a prod uct , h u t we make no use of that fact. Su ppose G and H are groups. Then the set G x H of ordered pair s \!1, h) with g e G and h e H is a group when equipped with the multiplication

(g, h)(g', h')

=

(gg', hh').

' J 'hc gr oup G x H is called the product of the groups G and H. The definition 111' 0 = G1 x x Gn for any finite sequence of groups is straightforward ; (,' will be abelian if lmd only if every factor G; is abelian. · · ·

n l'

17.7

Lemma. The order of (g, h) in G the orders of g in G and h in H.

x

His the least common multiple

l'roof The i dentity element e of G x H i s (eG , eH), so (g, h)n = e if and nn l y if gn = eG in G and hn eH in H. That happens if and only if b oth t he order of g and the order of h divide n. The le mma follows. =

17.8

!'roof

Corollary.

The group Zm

x

Zn is cyclic if and only if (m, n) = 1. x

Lemmas 1 7.2 and 1 7.7 imply that the order d of (a, b) in Zm d

=

I .c.m.

Zn is

{(a�m) ' (b�n)}

which divides l.c.m. {m, n} = mnj(m, n). If (m, n) > 1, then no d c an be ns large as mn, which is the order of Zm x Zn , so that group is not cy­ clic. Conversely, if (m, n) = 1 , then ( 1 , 1) has order mn and so generates Zm X zn . 17.9

Proof Then

Theorem.

If G

x

H is cyclic, then G and H are cyclic.

Let (g, h) generate G

mn

=

x

H.

S uppose G has order m and H order n.

order of (g, h) in G

x

H

= l.c.m. {order of g, order of h}

which is a divisor of mn. 17.10

Theorem.

Thus the order of g is m, and the order of h is n.

Let G be an abelian group.

Supp ose

g1 ,

• • •

,

g, are

Tile

42

elements of G of orders nl >

. • •

, n, respectively.

Group of Units of z.

Then the map

given by

( 1 5) is a group homorphism onto the subgroup G' of G generated by g1 , =

Proof If the order of g is n, gkg1 is performed modulo n. Thus

. . . , g, .

gk+ 1 where the addition in the exponent

-r((kl, . . . ' k,) ( 11> . . . ' 1,)) = g�· . . . g�·g't' . . . g� = -r(( kl + 11,

where addition in the ith place is modulo n1 • morphism. Since -r((O, when the

.

.

.

, 1,

.

.

.

.

. ' k,

+ 1,))

Therefore -r is a group homo­

. , 0)) = g1

1 is in the ith place, the image of -r contains each g1 and thus is G'.

The proof above depends in a subtle way on the notation we used. We implicitly invoked the identification of Zn, with { I , 2, . . . , n;} in order to define -r by Eq. ( 1 5) and then conveniently ignored the identification for the rest of the proof. The argument is however essentially correct. Rather than make it more pedantic by resolving the ambiguities of the notation we shall give another, more abstract version. Write zr for z X X z (r times). The map • • •

T: Z' --. G given by

T( (k1,

• • •

,

k,)) = g�'

···

g:·

is clearly a group homomorphism, and no notational ambiguity besets its definition. The kernel of T contains the subgroup H = n1 Z x · · · x n,Z of zr' so the fundamental theorem of group homomorphisms implies that there is a homomorphism

frlt,

'11tl'

Group
43 r:

klll.' h that T = r o n , where W hen Z'/H and Z,, x · · ·

Z'/H : G

( 1 6)

is the natural projection of Z' onto Z'/H. Z,, are identified in the obvious way, the homomorphism r introduced in (16) agrees with the one defined by Eq. ( 1 5) . W h e n the homomorphism r i n Theorem 17. 10 i s a n isomorphism, we can ddinc the index of g E G with respect to the generators g1 , , g, as the u n i q ue element a = (k1 , , k,) of Z,, x · · · x z., for which r(a) = g . 'I' hen the analogues of the remarks following Definition 1 7. 1 are true. Index 1 s the group isomorphism r-1 ; it allows us to perform a multiplication in G hy adding indices. Each index is an r-tuple and the addition is modulo n; i n the ith place. n

x

• • •

• . .

18.

THE GRO UP


This section is devoted to proving the following theorem and exploring its consequences. 18.1

Theorem.

The group
Proof The theorem follows immediately from the fact that ·

licld (Theorem 9.5) and the theorem we are about to prove.

18.2 is cyclic.

Theorem.

Zp

is a finite

A finite subgroup of the multiplicative group of a field

Proof Let F be a field and n the order of a subgroup G of the multiplicative

group F* of nonzero elements of F. For each divisor d of n let 'I'( d) be the n umber of elements of G of order d. Suppose b E G has order d. Then each of the d elements of the cyclic subgroup B generated by b is a root of the polynomial xd - 1 in F[x] . Since that polynomial has at most d roots (Appendix I , Corollary 1 8), we have found them all. Thus if g E G has order d it is in B and hence is one of the
The

44

Group of Units of z.

belongs to the exponent 6 modulo both 7 and 1 3 . An elem ent g e (n) is a primitive root fo r n if and only if g belongs to the exponent cp(n) modulo n. That is, g is a primitive root for n if and only if �(n) is cyclic and g is a genera­ tor. Corollary 1 6.2 says that A.(n) = cp(n) if and only if 10 is a primi tive root for n. Theorem 1 8. 1 says that primes have primitive roots. Some other integers do too ; we shall soon see pre ci sely which. Before we reach that poin t in our exposition you should experiment with the integers n � · 24 to see which have primitive roots. Whenever n has a primitive root g, computation in <J>(n) can be simplified by the construction of a table of indices. For example, successive doubling and reduction modulo 1 3 yields the data k

2k mod 13

10 1

1 2 3 4 2 4 8 3

5 6

6 12

1

11

8 9

9 5

10 10

11 7

12 . 1

( - 1) ( - 2) ( - 4) ( - 8) ( - 3) ( - 6)

Once we reach the entry 26 = 12

¢ 1 ( 1 3)

we know 2 is a primitive root for 13, for the exponent to which it belongs must divide cp(1 3) = 1 2 and is greater than 6. The last entry 21 2 = 1 (1 3)

merely confirms Fermat's theorem. Fin all y, the entry above x in the second line of the table is just ind2 x. As we remarked following Definiti on 1 7. 1 , ind2 : <1>(13) --+ Z1 2 is a group isomorphism. Let us use that fact to find the other primitive roots for 13. The element x is a primitive root for 1 3 if and only if X generates <1>(13), or, equivalently, indz X generates z1 2 . Corollary 17.3 shows that h appen s just when (ind2 x, 12) = 1 that is, when

ind2 x = 1 , 5, 7, or 1 1 so th at 2, 6, 1 1 , and 7 are the pri miti ve roots for 1 3 . Here are two more examples which demonstrate uses o f the index calcul us .

18.

45

The Group «>(p)

What is the period of the decimal expansion of 1/1 3 ?

A. (1 3) = order of 10 in (13) =

order of indz{10) 12 (10, 12)

= --=

=

10 in Z1 2

(Lemma 1 7 .2)

6,

which we already knew. Solve

X8 =

3 in (13) - 8 ind2 X = ind23 in Z1 2 - 8 ind2 x = 4 (12) - ind2 x

- ind2 x -

x

=

=

=

2 + 3n (12)

(Theorem 7. 1)

2 , 5, 8 or 1 1

4, 6, 9, or 7.

We showed above that 6 and 7 are primitive roots for 1 3. each solve (17), we know

Since 6 and 7

That equality is a coincidence ; ind2 3 = 4 -:1- 8. In general the index of x in (n) depends on the existence and the choice of a primitive root for n. So far we know of their existence only for primes. The index calculus is only useful once a primitive root has been found ; we have given no procedure other than trial and error for finding one. No universal shortcut is known though we shall show that in some special cases it is possible to find a primitive root for n without doing as much arithmetic as we required to find 2 for 1 3. When we locate a primitive root g by trial and error, the computations which prove g a primitive root also serve to build the table of indices to the base g. Appendix 2 contains a short table of primitive roots for primes. The index calculus is of practical value if we have many actual computations to make modulo a fixed prime p. For most theoretical purposes what is important is just the existence of a primitive root. That is, we are often interested in consequences of the fact that (p) is cyclic. For example,

Tlte Gro11p of UJtlts of z.

46

Theorem 17. 5 shows that when d I P - 1 , (l)(p) contains
19.

(1)(2) has just one element and (1)(4) has cyclic.


However since

=

2, so each of these groups is

(18) (see Problem 1 1 . 1), each of the four elements of (1)(8) is of order 2, so (1)(8) is not cyclic. The group (1)(16) has 8 elements ; 5 belongs to the exponent 4 modulo 16, but a little computation shows no element belongs to the exponent 8, so 1 6 has no primitive root. This behavior persists. Just the odd integers between 1 and 2" are relatively prime to 2", so
Theorem.

If a is odd and

a. �

1 3 then a 2" - = 1(2"').

Proof The congruences in (1 8) prove the theorem for ex = 3. by induction. Suppose the theorem true for a.. Then

for some integer

t.

W...e proceed

Squaring, a 2 '" -

'

=

1

+ 2 (2"t) + 22,.t 2

= 1 (2"' + 1 ) .

Here is another proof ofTheorem 19. 1 which is longer but more illuminating. 19.2 Lemma. Let t : G -+ H be a group homomorphism. Suppose e G has order m and -r(g) has order n in H. Let k be the order of tho kernel K of t. Then

g

n l m l nk. The proof is an exercise for the reader (Problem 22.1 1).

Theorem 19. 1 is equivalent to the assertion that every element of w(2,.) has order �2,. - 2 for a � 3 . To prove that statement, reason as follows.

1 9.

47

The Group <J>(2•)

The natural ring homomorphism -r : Z � -+ Z8 (see Problem 1 1 .5) restricted 2 to $(2") yields a group homomorphism of $(2") onto $(8). The kernel of this homomorphism has
Theorem.

IX �

when Proof

3.

The integer

Theorem 19. 1 shows

5

belongs to the exponent 2" - 2 modulo

5 2 �-2 = 1 (2«).

2«

We need only show (19)

To do this it is convenient to prove a little more, namely, (20) Since I + 2"- 1 ¢. 1{2"), congruence {20) implies congruence { 1 9). = 3, (20) says simply that

IX

5= which is true.

Suppose (20) true for

for s0me integer t.

=

1 1

1

When

+ 4 (8) IX.

Then

Square this trinomial :

+ 2" + 2"+ 1v

for some integer v whose exact value i s irrelevant

= + 211. (2«+ 1 ) .

Now we need only discover what is left over in $(2«) outside the cyclic subgroup G2 generated by 5. Since the order of G2 is just half that of $(2"), G2 is of index 2 in C))(2«). Once we find a single element b ¢ G2 , we can write C))(2") as the disjoint union of the cosets G2 and bG2 • 19.4

Lemma.

- 1 ¢ G2 •

Tile Group of Units of z.

48

Proof

5 = 1(4) so 5P = 1(4) for all p > 0. Then 5P ;;f= - 1(4) and hence 5P

0

t= - 1 (2'" )

for all p > and ex :0::: 3. But that says - 1 is not congruent modulo 2'" to a power of 5. That is, - 1 ¢ G2 • We have done more than to find· an element outside G2 • The one we have generates a subgroup (with two elements) which meets G2 only at 0, so that we can prove Theorem 1_9 .5. 19.5

Theorem.

cJ>(2'") is isomorphic to Z2

X

Z2• - 2 when

ex :0::

3.

Proof Apply Theorem 1 7 . 1 0 with 91 = - 1, 92 = 5, n1 = 2, and n2 = 2'" - 2 • The map -r : z 2 X z 2 . - 2 � <1>(2'") s o constructed i s surjective because - 1 and 5 generate C1>(2'"). Since both the domain and range of -r have q> (2'") = 2'"- 1 elements, -r is injective as well and hence is an isomorphism. 20.

THE GRO UP !f}(p")

In this section we use techniques similar to those we just developed to study W(p'") when p is an odd prime. The results are nicer than those in Section 1 9. We shall discover that (p") is always cyclic by finding an integer 9 which is a primitive root for p" for all ex ; 9 plays a role for p analogous to that played by 5 for 2. 20. 1

Theorem.

following is true :

(a) (b)

Let

9

be a primitive root for p".

Then just one of the

The integer 9 is a primitive root for p" + 1 ; 9"'(P"') =

1 (p'"+ 1).

Proof Let m be the exponent to which 9 belongs modulo m I q>(p'" + 1 ). Moreover

so 9m = 1 (p'").

Hence q> (p"')I m

«+ 1

p

•

Then

20.

49

The Group G>(p•)

since g is a primitive root for p«.

Therefore (21)

19.2.

which we could have proved directly by applying Lemma or

(b) m

=

({)

Thus either

(p«)

since p is prime.

Suppose g is a primitive root for p. Then gP - 1 = 1(p), so gp- 1 = 1 + mp for some integer m. If p ,.f' m, then Theorem 20. 1 tells us g is a primitive root for p2 as well. In fact , more will be true. We can prove the following analogue of Theorem 19.3. 20.2

Theorem.

Let g be a primitive root for p such that

gP - 1 = 1 + mp

and p ,.f' m. Proof.

Then g is a primitive root for p« for all oc

>

0.

Let the induction hypothesis be g 'P



=

1

+

m p"', «

which is true by assumption for oc = 1 . Eq. (22) to the pth power :

=

P ,r m��. ,

Suppose i t true for an oc

(22) �

1.

Raise

(1 + m., p)P

= 1 + m., p« + 1 + tp2"' =

1 + m., + 1 Pa + 1

where t is an integer computed by collecting powers of ma , binomial co­ efficients , and powers of p, and

Since p ,.f' ma , p ,.f' m., + 1 , and (22) is true for all know g

tf>(p� )

¢. 1 (p"' + 1 )

oc.

In particular, we

n ow

'111<' Group of Unlls of z.

50

for all r.x. Since g is a primitive root for p, repeated application of Theorem 20. 1 yields alternative (a) each time. Now all we need do is produce a g which satisfies the hypotheses of Theorem 20.2. For example, 2 is a primitive root for 3 and

so 2 will do for 3. However - 1 is also a primitive root for 3 but clearly is not one for 9. Similarly, 2 is a primitive root for all powers of 5 since it is one for 5 and 25 - 1 = 16 = 1 + 3 · 5,

5 .f 3.

The integer 7 is also a primitive root for 5, but

Alternative (b) in Theorem 20. 1 occurs. 20.3

Lemma.

Thus 7 is not a primitive root for 25.

There is a primitive root g for p such that

g 11 - 1

=

1 + pm

(23)

and p .f m. Proof. Let g be any primitive root for p. If p .f m in (23), we are done. If we are unlucky and m = kp let g ' = g + p = g (p). Then g' is also a primitive root for p, and

{g ')p- 1

=

=

=

(g

+

p)p- 1

g r 1 + (p - 1)pg r 2 + kp 2 for some integer k 1 + m'p

where

Since g is a primitive root for p, (p, g) = 1 so p .f g �'-2• and g ' satisfies the requirements of the lemma.

Hence p .f m',

21.

The Group <1>(11)

20.4

0.

Theorem.

cyclic for all rx >

51

Let p be an odd prime.

Then (p«) and <1>(2p«) are

Proof. We have just found a primitive root g for p«, so {p«) is cyclic. Moreover, we may assume g is odd, for if it is even then g + pf¥. is odd and is still a primitive root for p«. Then (g, 2p«) = I . The exponent n to which g belongs modulo 2pf¥. can be no less than that to which it belongs modulo pf¥., which is cp(p«). But cp (2p") so

n =

=

cp (2)cp (p")

=

cp (p«)

cp(2p«), and g is a primitive root for <1>(2p").

In the next section we shall show that we have found all the integers n for which (n) is cyclic, namely, n = 2, 4, p«, or 2pf¥.. 21.

THE GRO UP (f)(n)

We are now ready to complete our study of (n). We shall show that (mn) is isomorphic to (m) X (n) when m and n are relatively prime. Then we can find out all about (n) by factoring n as a product of powers of primes and using our knowledge of the structure of the groups (p«) . The route we follow is straightforward and comput ational . In the next theorem we use the Chinese remainder theorem and Theorem 17.10 to write (n) as a product of cyclic groups. Let n = 2«p�1 • • • p�· be the factorization of n into products of primes. Then (n) is isomorphic to 21.1

Theorem.

which is in turn isomorphic to the product of cyclic groups (24) when rx � 3. When rx = 0 or 1 , omit the first two factors in Eq. (24) ; when rx = 2, omit the second factor. Proof. We shall prove explicity only the case rx � 3. When rx = 0, 1 , or 2, the argument is similar but simpler. Begin by choosing a primitive root b; for p�', i = 1 , . . . , r (Theorem 20.4). Let b00 = - 1 and b0 = 5 ; these are the analogues of primitive roots for 2...

52

TIU! Group of Units ofZn

Let h00 simultaneously solve the X =:

r

+ 1 congruences

- 1 (2")

(25)

X =: 1 (pj')

Let h0 simultaneously solve X =: X =:

i = 1,

.

..

, r.

(26)

·

(27)

5 (2'")

1 (pj')

i

= 1,

.

.

.

, r.

(28)

For each j between 1 and r let h1 simultaneously solve X =:

X =:

X =:

h0 , h1 ,

1 (2")

bJ (pji)

1 (pj')

(29) (30)

1 � i � r, i =F j.

(3 1)

The Chinese remainder theorem (8 . 1) guarantees the existence of h00 , , h, . Finally let • • •

i = 00, 0, 1 , . . . ,

r.

The order of 9; in
2'"- 2 when i = 0 and qJ(pj') when i = 1 , . . .

implies

g l = 1 (p�') so (/)

(p�') I y

because g1 is a primitive root for p�' . But the congruences (29), (30), and h1
(3 1) imply

hf
21 .

The

53

Group
Therefore

Now we are ready to apply Theorem 1 7. 10. Let T : K -+ <J>(n) be the homomorphism constructed by that theorem from the data g00, g 0 , , g, given above. We wish to show 't' is an isomorphism. Since K and W{n) each have order q>(n), it will suffice to show that 't' is injective. To that end suppose P
=

(32) for some integer t. Our choice of the h� and subsequent definition of the g1 shows that reducing Eq. (32) modulo pj' yields

(33) Since b1 is a primitive root for pj', {32) implies P1 0 in Z · This argument works for each i between 1 and r, so we have reduced our problem to showing Poo = Po = 0 if =

(34) Reduce Eq. (34) modulo 211 :

( - 1 )/loo 5/lo

=:

1 (211)

which implies P - 1 = o in Z2 , and Po = o in Z211 - 2 (Theorem 19.5). The theorem is proved. We have made explicit the idea suggested in Example 8.3 : To study congruences modulo n study first the corresponding congruences modulo the prime power divisors of n. In Appendix 3 we demonstrate that Theorem 2 1 . 1 is constructive by using it to answer a family of questions about W(3 1 5). In Problems 22.20 through 22.23 the reader is invited to apply Theorem 21 . 1 to develop the theory of the congruence

x11 = m (n).

(35)

We now close this section and chapter with some corollaries to Theorem 21 . 1 .

The Group of Units of z•

. 54

21.2

Corollary.

isomorphic to W(m)

The function c)) is multiplicative. X W(n) when (m, n) = l .

That is,

W(mn)

is

Proof. The hypothesis (m, n) = 1 means that no prime which divides m divides n. Thus to prove the corollary we need only group the cyclic factors of c)) (mn) provided by Theorem 21. 1 . 2J.3 Definition. The universal exponent v(n) of n is the maximum of the orders of the elements of W(n). Thus v(n)flrp(n), and v(n) = rp(n) if and only if w(n) is cyclic.

In Section 1 9 we discovered that v(4) = rp(4) = 2 while v(2«) = 2� - z = rp(2�)/2 if ex � 3. Since W(2) is the one element group, v(2) = 1 . 21.4

Let n

Theorem.

=

2«p�1

• • •

p�'. Then

v(n) = l.c.m. { v(2�, rp(p�'), . . . , rp(p�') }.

(3 6)

Proof. Apply Lemma 17.7 to the element of c))(n) whose index is ( 1 , 1 , . . . , 1 ) with respect to the isomorphism 't' constructed i n Theorem 21. 1 . For example, rp(240)

=

rp(24 • 3 . S)

= rp(24) • rp(3) . rp(5)

=8.2.4 = 64

so W(240) has 64 elements.

However

v(240) = l.c.m. { v(24), rp(3), rp(5) } =

l.c.m. {4, 2, 4 }

=4

so no element of W(240) has order greater than 4. Since 64 is a power of 2 so is the order of every element of W(240). Therefore whenever (a, 240) implies only

a4 = av<240> =

1 . That

=

1 (240)

is much stronger than Euler's theorem, which

21.

The Group (n)

55

a64 = 1 (240) . This suggested generalization of Euler's theorem is true even when qJ(n) and v(n) are not powers of 2. The proof is Problem 22. 17. 21.5

Corollary.

If (m, n)

=

1 , then v(mn)

=

l.c.m. {v(m), v(n)} .

The proof i s easy, s o we omit it. 21.6 Theorem. The group Cll(n) is cyclic if and only if n 2p" for an odd prime p.

= 2, 4, p'",

or

Proof We know that Cll(n) is cyclic for those n (Thorem 20.4 and the intro­ ductory paragraphs of Section 19) . Suppose n is not one of those numbers. If n is a power of 2, then we showed in Section 19 that Cll(n) is not cyclic, so suppose n is divisible either by two odd primes p and q or by 4 and p. Con· sider the first alternative. Suppose p" and qP are the exact powers of p and q which divide n. Then Cll(p'"qP) is a factor of Cll (n) (Corollary 21 .2). We shall show Cll (p"qP) is not cyclic ; Theorem 1 7.9 will then imply that Cll(n) is not cyclic. Since p and q are odd, qJ(p") p'" - p" - 1 and q1(qP) are both even. Therefore =

v(p'"q P) = l.c.m. {qJ(p'"), qJ(qP)} <

< =

qJ(p")qJ(qP)

2 qJ(p'") qJ(q P) qJ(p"qP).

Thus Cll(p"qP) is not cyclic. A similar argument covers the second alternative. If 8 1 n, then Cll(n) has the noncyclic factor C11(2") and hence is not cyclic. If 4 1 n but 8 does not, then

v(4p")

=

l.c.m. {2, qJ(p'")}

= qJ(p'")

< 2q>(p'") =

qJ(4)qJ(p'")

= ({J(4p'")

implies Cll(n) has the noncyclic factor C11(4p'").

. 56

1'/tc Group of Units ofz. 22.

PROBL EMS

22.1 Divisibility tests again. Let m, ao , a . , . . . , Ot be as and n, r . , r2 , . . . , as in Section 1 6. Prove

in

Problem

1 1 .12

(37) Show that Problem 1 1 . 1 2 consists of.special cases of (37). How does this problem solve Problem 1 1 . 1 3 ? 22.2 Show that the usual " long division algorithm " does in fact yield the decimal expansion of 1/n.

22.3* In the expansion of 1 / 7 given by Eq. (1) the sum of the digits in places i and i + 3 is always nine : 1 + 8 = 4 + 5 = 2 + 7 9. Call n a nines number when ( 1 0, n) = 1 and the digits in places i and (A(n)/2) + i in its decimal expansion always sum to 9. (a) A necessary condition that n be a nines number is that A(n) be even. Does that condition suffice ? (b) Show that n is a nines number if and only if 1 0).<•>12 = - l (n). (c) Prove. If p is prime, then ,\(p) is even if and only if p is a nines number. You will find these and related results in Leavitt, W. G., "A Theorem on Repeating Decimals," Amer. Math. Monthly, 74, (1 967), 669-673. =

22.4 Let g and h both generate the cyclic group G. Derive a formula (analogous to the one you learned in secondary school relating logarithms to different bases) with which you can compute indg(x) from ind.(x). 22.5 Prove that every subgroup of a cyclic group is cyclic. Use that fact to replace the part of the proof of Corollary 1 7.5 which depends on Eq. (10) of Chapter 2. Then deduce that equation from Corollary 17.5.

22.6 Let g and h be commuting elements of the group G . Show that the order of gh divides the least common multiple m of the orders of g and h. Need it equal m ? (Compare Lemma 1 7.7.) Write n p�1 . . p:t as a product of powers of distinct primes. Show that the least m for which Sm (the group of permutations of + p:t . m symbols) contains an element of order n is m = p�1 + =

•

· · ·

22.7

Deduce Theorem 1 0.4 from Corollaries 17.5 and 17.8.

22.8

Prove :

Generalize.

If a

belongs to the exponent 3 modulo the prime p, then

Can you do without the assumption that p is prime?

22.9 Find a primitive root the congruences

for 1 7 ;

prepare a table of indices and use it to solve

x20 = x12 = x48

=

x11 =

1 3 ( 1 7) 13 (1 7)

9 (17) 9 (17).

22. Problems

57

What are the periods of the decimal and binary expansions of 1 /1 7 ? 22.10

Let p be an odd prime, and suppose p ,t a.

Show that

x 2 = a (p" )

has a solution if and only if

has and that when solutions exist there are two of them modulo p•. 22.11

Prove Lemma 19.2.

22.12 Let a be an odd integer and ex :;:::: 3 . of
Use the knowledge of the structure

·

x 2 = a (2")

can be solved if and only if a = 1 (8)

and that when solutions exist there are four of them modulo 2 •. 22.13* Work out a new proof of Theorem 20.3 along the following lines. The kernel K of the natural map

contains the elements of
Let g be a primitive root for n > 2. ind, ( - 1)

Prove rp(n)

=

2

and deduce ind, (-a) = ind. (a) + rp

;n

)

(rp(n)).

Thus only half a table of indices need be prepared with brute force. This problem explains the presence of the parenthetical negative integers beneath the second half of the table in Section 1 8. 22.15

Let g be a primitive root for the odd prime p.

When will -g be one too ?

22.16 Show that the product of the primitive roots of the prime p > 3 is con­ gruent to 1 modulo p.

58

Tlte Group of Units ofz. Prove

22.17

21 .4.)

a•<•)

=

1(n) when (a, n)

1.

=

(See the example following Theorem

22.18 Prove that 3 belongs to the universal exponent v(2 •) every « � 3 .

=

Call n an F-number if Fermat's theorem (9.7) is true

22.19

a• - 1

=

2 •- 2 modulo 2" for

for n, that is, if

1 (n)

whenever (a, n) 1 . Show 561 i s an F-number. It happens to be the smallest composite F-number ; The next two are 1 105 and 1 729. For more information on F-numbers see Ore, Chapter 14 (Reference 6 in the Bibliography). =

In the next problems we build a theory for solving the congruence

(m, n)

x ' = m (n),

=

1.

(38)

The method is to establish some easy facts about products of groups and then to apply Theorem 21 . 1 . The results generali ze parts of Problems 22. 10 and 22. 12. Let

22.20

fJ be an integer and

This definition makes sense whenever x belongs to a group. When G is an abelian group u, : G --+ G is a homomorphism (why ?) ; then let G6 be its kernel. Prove (a) (G x H)11 Gp X Hp . (b) Given g e G the solutions (if any) in G to =

xfl = g form a coset Let

22.21

(a)

(b) (c)

of Gp .

k11(n) be the number of solutions in cll (n) to the congruence xll

=

1

(n).

Prove k11 is multiplicative. Sho w kp(p•) (fJ, cp(p")) when p is an odd prime. What is ki2") ? =

(a) Show (38) can be solved for rp(n)fkp(n) elements m of il>(n). When (38) has a solution, it has exactly k6(n) of them in «P(n). If f3 = fJ' ( v(n)), then (38) is equivalent to

22.22

(b) (c)

x11 ' (d)

=

m (n).

Congruence (38) has a solution for every

m if and only if (fJ, v(n)) = 1 .

22. Problems 22.23

59

Solve x

8

=

256 (3 1 5)

X5 =

256 (3 1 5)

8 x =

x5 =

263 (3 1 5) 263 (3 1 5)

using either the techniques of the problems above or those developed in Appendix 3.

22.24*

Show that x4

=

- 1 (p)

has a solution for the odd prime p if and only if p infinitely many primes of this kind. 22.25*

When

have a solution ?

=

1 (8).

Deduce that there are

does

(Compare Problem 22.4 and Theorem 1 3 .2.)

5 Q,uadratic Reciprocity

In this chapter we shall discuss the congruence

x2 = a (p)

(1)

where p is a prime which does not divide a. We solved this problem in principle in Section 1 8 ; choose a primitive root g for p and solve

2 ind9 (x) = ind9 (a) (p

-

1 ).

(2)

Unfortunately, the computation of indices is nontrivial. Our objective now is Gauss's Quadratic Reciprocity Law, with which we can decide quite easily whether or not (I) has a solution. Finding one still requires the index calculus or some equivalent. We have already seen and solved one special case of (I), namely, x2

=

- 1 (p)

has a solution if and only if p = 1(4) (Theorem 1 3 .2). This fact allowed us to prove that there are infinitely many primes congruent to 1 modulo 4.

60

23.

lk�·idues

61

The Quadratic Reciprocity Law will help us show that some other arithmetic progressions contain infinitely many primes. We shall also use it to study the Di ophanti n e equation

which we looked at in Chapter 3 for m 23.

=

1 and m =

-

1.

R ESID UES

We say that a is an mth power residue of congruence

n

x"' = a (n)

when (a, n)

=

1 and the (3)

has a solution. Problems 22.9, 22. 10, 22. 12, and 22.20 through 22.25 take up various aspects of the theory of mth power residues. We are interested now in the special case m = 2, n prime, when (3) coincides with (1). We say then that a is a quadratic residue, or residue, of p. Numbers which are not residues are nonresidues. Si nce every odd integer a is an mth power residue of 2 for every m, we shall restrict our attention to odd prime s p. The intro­ ductory remarks ab ove show that - 1 is a residue of p if and only if p is congruent to 1 modulo 4. We shall follow our customary useful but ambiguous procedure and think of the residues of p b oth as integers and as elements of ZP . We can find the residues of p by squaring each of the elements of (p). For example,

( ± 1) 2 = 1 (7)

( ± 2) 2 = 4 (7) and ( ± 3) 2

=

2 (7)

so 1 , 2, and 4 are the residues of 7. 23.1 Lemma. Let g be a primitive root for p. of p if and only if indg(a) is even.

Then a e
Proof Congruence (2) can be solved for ind9(x) E Zp - l if and only if (2, p - 1) = 2 1 indg(a) (Theorem 7. 1). 23.2 Theorem.

qJ(p)/2

=

(p - 1)/2.

The set R of residues of p is a subgroup of
Quadratic Reciprocity

62

Proof The set R is a subgroup since it is the image of the homomorphism x -'11\1\.-- x2 mapping (p) into itself. Since just half the elements of (p) have even indices, R has order (p

- 1)/2.

It is customary to identify the two element group (p)/R with the group { ± 1 } under multiplication. Let {p)

T : {p) -t � = { ± 1 }

(4)

be the natural map. The classical and useful Legendre symbol is defined for integers a and odd primes p by

(;) = {�(a)

when p ,jt a when when

PIa a

is a residue of p

when a is not a residue of p =

{ -�

When p ,r a, think of of p ? " 23.3

�) as the answer to the question " Is a a residue

The answer + 1 means yes, - 1 , no.

Theorem.

(;) (�) if a (a;) (;)(�) (b) (a)

when p I a.

=

==

b (p)

=

(c) (d)

(�) 1

if p ,r a

=

G) = 1 .

Proof Part {a) is obvious ; (b) is clearly true when p I ab. If neither a nor b is a multiple of p, then (b) foll ows from the fact that reduction modulo p is a ring homomorphism from z to zp ' and 1: is a group homomorphism. Part (c) is a special case of (b) and (d) a special case of (c).

23.

Residues

63

The results of our computations above of the residues of 7 may now be

summarized as

(�) G) G) = (�) (�) = (�) = (�) = 0. =

=

1

-1

=

(5)

Our knowledge of the solvability of x2 = - 1 (p) becomes

(�1)

= ( - 1 )

(6)

since the exponent in the right member of Eq. (6) is even if and only if p = 1 (4). Eq. (6) is a special case of the following theorem due to Euler. 23.4

Theorem.

(�) =

a (P - 1 >1 2 (p)

Proof Since both members of the desired congruence are 0 when p I a, we may restrict our attention to the case p ,.f" a. Then Fermat's theorem implies

(7 ) Since the polynomial x2 1 = (x - 1)(x + 1) has just two roots ± 1 in the field zp ' congruence (7) implies -

a (p - 1 ) /2 = ±1 (p) .

We need only decide which. of p,

(8)

When a = b2(p) is one of the (p - 1)/2 residues

so + 1 occurs in (8). Thus the residues of p are the roots of the polynomial x(P - 1 >12 1 in ZP . Since that polynomial has at mo s t (p 1)/2 roots, all the roots are accounted for, so - 1 must occur in (8) when a is a nonresidue. -

-

Quadratic Reciprocity

' 64 24.

THE LEMMA OF GA USS

In this section we count again in (p) to find two more expressions for We start by introducing the " greatest integer " function [ 24.1

by [x].

Definition.

Thus

�) .

].

The largest integer less than or equal t o x is denoted [2. 1 ]

=

[n] = 3,

2,

[ - 6.4] = - 7.

[1 ] = 1 ,

If n is an integer, then the largest multiple of n which is less than or equal to x is [xfn]n, so that x

=

[�] n + r,

(9)

O !:: r < n

for every real number x. When x is an integer, Eq. (9) shows that the func­ tion [ ] is useful for describing the quotient in the long division algorithm (Lemma 2.2). That is the property of [ ] we need now. 24.2

prime.

a

Suppose and the odd prime p are relatively Consider the (p - 1)/2 principal remainders r1 defined by

The Lemma of Gauss.

a p+ . [jP1

Ja

=

for j = 1 , 2, . . . , (p - 1)/2. Each r1 satisfies 0 number ofj for which r1 > p/2. Then

(�)

(10)

'J <

r1 < p.

Let n be the

= ( - 1)".

That is, a is a residue of p if and only if n is even. Before we prove the lemma let us see what it says in two familiar cases and one unfamiliar one. Suppose = 1 . Then

a

ja = j = O p + j ·

24.

The Lemma of Gauss

65

so

) = 1, . .

No remainder is larger than p/2,

n

. .

= 0, and

p-1

2,-

which is nothing new. Suppose

a=

-

1 . Then

ja = -j = -p + (p -j),

that is,

for j = 1 , . . . , (p - 1)/2. n = (p - 1)/2 and

which is Eq. (6) again. Suppose a = 2. Then

Thus

every

ja = 2j = 0

remainder

·

p + 2j

so

p- 1

. ) = 1 , . , -2- . . .

Now

r · = 2 . > -p J

,, �

2

is

larger

than p/2,

Quadratic Reciprocity

66 if and only if

Since there are [p/4] positive integers less than p/4, there are

n=

p

; l - [�]

remainders ri greater than p/2. How can we discover the parity of n in terms of p ? The key is to write p modulo 8. Since p is odd

p = 8k + v where v = 1 , 3, 5, or 7. v

Next compile the table (8k + v) - 1

[8k: ]

n

4k

2k

2k

2

1

4k +

5

4k + 2

7

4k + 3

Thus n is even if and only if v = 24.3

1

3

Theorem.

1 or 7.

24.4

Corollary.

Proof

2k + 1 2k + 1

2k

2k + 1 2k + 1

2k + 2.

We have proved the next theorem.

(�) 1 if and only if =

( 1�) = (�) = 1 modulo 8 .

v

but

p ==

± 1(8).

(1�)

=

For example,

-

1

.

There are infinitely many primes congruent to ± I

There are infinitely many primes modulo which the polynomial for which 2 is a residue. (Compare Problem 22.24.)

x2

-

2 has a root (Theorem 12. 1) ; these are the primes

The Lemma of Gauss

24.

67

Now we return to the general stituation and prove the lemma of Gauss. s1 , , sn be the remainders ri > p/2. Let m ((p - l)/2) - n and t1 , tm be the remainders ri < p/2. Let

Let

• • •

=

• • • ,

Ut

=

p

St ,

-

• • •

, Un

p - Sn

=

•

Then

p 1 < - u - < J 2

j

=

1, . . . ,

n

and p

2

•

p-1

.

z

1 ::;; t. < ­

=

- - n. 1, . . . , m = 2

(1 1)

Let us show that the (p - 1)/2 integers

(12)

are incongruent m o dulo p. numbers

Observe

that for any choice of signs the (p - 1)/2

p-1 ± 1 , ± 2 , . . . , ± -2 Then since (p) is a group, the sequence

are mutually inco ngruent modulo p.

± a , ± 2a, . . . , ± also

p- 1

2- a

-

( 1 3) .

represents (p - 1 )/2 distinct elements of (p) for any ch oice of signs. some i

If ri < p/2, then for

t; while if ri > p/2,

=

ri

=. ja (p)

then for some i u;

=p -

s;

=

p - ri = -ja (p).

Therefore the sequence (12) of t;'s and u/s is congruent modulo p to a of the sequence (1 3) for a particular choice of n minus signs.

rearran gement

Quadratic Reciprocity

. 68

Hence the t /s and u/s are mutually incongruent modulo p. This fact and the inequalities in (11) together imply that the sequence (12) is just a re­ arrangement of the sequence I , 2, . , (p - 1)/2. Therefore

.. (E..:_!) ' = t . . . . . . u 2 P 1 = ( - 1t ( ; )! a
Cancel

t

1

0

m

(p � 1 )'. in congruence (14).

u

1

n

( 14)

Then since ( - 1)" = (:-- 1)-",

a

- 1t (p)

which together with Theorem 23.4 proves the lemma of Gauss. 24.5

Theorem.

( �2) = 1 if and only if p = 1 or 3 modulo 8 ; there are

infinitely many primes of this kind.

We could compute this directly from the lemma Problem 27. 1 1) but prefer to use an algebraic shortcut.

Proof.

of

Gauss (see

( �2) (�1)(�) =

(Part (b) ofTheorem 23.1), so

( �2) = 1 if and only if

(�1 ) = G) = ± 1 . The right member of Eq. (15) is p

=

+

1

when

1(4) and p = ± 1(8),

that is, when p = 1(8). The right member is p=

that is, when p = 3(8).

1

( 5)

3(4)

and p =

-1

±

when

3(8),

24.

The Lemma

69

of Gauss

The proof of the infinitude of primes congruent to 1 or 3 m odulo 8 is just like the proof of Corollary 24.4.

( �2). at evaluating (�) when a is odd . Now we know all about

24.6

Lemma.

Let a be

Since

(�) (�)(;) , we need only work =

odd, p ../' a, and (16)

Then

We shall keep the notation established in the proof of the lemma of Gauss. In light of that lemma we need only prove M = n(2), for then

Proof

( - l)M = ( - 1)". Let

T= 1 + 2 +

(T happens

-1 . . · + p-2 .

to be (p2 - 1)/8, but we shall not need its exact val e .) Now sum Eq. (10) over j for j = 1 , . . , (p - 1)/2. Then

Thus modulo 2

.

a T = pM +

u

L ri .

(p - 1 )/2 j =" 1

(2) = pM + L'i (2) = M + L 'i

T :: aT

(a is odd)

(2)

(p is odd).

( 1 7)

We also know from our proof of the lemma of Gauss that T = I ui + I t i i =" 1 m

n

I ="

= np

1

- 1I= 1 si + iL= 1 t i . "

m

(18)

Quadratic Reciprocity

· 70

Modulo 2 we may ignore the p and the minus sign in Eq. (1 8), so

+ L s i + L t i (2) = n + I r1 .

T=

n

( 19)

Compare (17) with (19) to deduce M = n (2). 25.

THE Q UA DRA TIC RECIPR O CIT Y L A W

We must keep the notation introduced in Section 24 a little while longer. A lattice point in the Cartesian plane R x R is a point both of whose coordin­ ates are integers. 25.1

Suppose the odd prime p does not divide Consider the right triangle 1::::.. in the Cartesian plane with

Lemma (Eisenstein).

the odd integer sides

a.

y

=0

x = -

p 2'

(the

x

axis),

and y = - X.

a

p

Then there are no lattice points other than (0, 0) on the hypotenuse of A and exactly M lattice points in its interior. Proof Figure 1 may help. The hypotenuse cannot contain a lattice point other than the origin since if j is a positive integer less than p/2, then ajfp is not an integer. Let us count the lattice points inside 1::::.. by looking at each vertical line. Suppose j is an integer, and 1 � j � (p - 1) /2 < p/2 There are exactly [ajfp] positive integers less than ajfp , so there are exactly [ajfp] lattice points inside A on the line x = j. Then sum over j. .

25.2

then

Theorem (Quadratic Reciprocity).

(�) (�)

=

If

p

and

( - 1)((p - 1 )/2}((q - 1)/2)_

q

are odd primes

25.

The

71

Quadratic Reciprocity Law

-+------

-- - - - - -

a

y= 2

•

•

..-"

"' "

..-"

/

/'

,.,,.,

/ ·

""

.-"'

•

6

•

X = f!_ 2

• •

•

•

�11"---- - - - - - - -- - - - - - - ------+-• y p - l j 2 0 2

=0

Figure 1

Proof.

As usual, let M=

and define

N=

Then Lemma 24.6

L

[jq]

L

[jp] - .

(p - 1 )/2 j: l

(q - 1 )/2 j: l

implies

p

q

and

Thus it suffices to show

p-1 q-1

M + N = -- · -- (2). 2 2

We shall in fact show more ; th e two members of (20) are equal . Consider the rectangle r with sides y

=

0,

y =

q

2,

X

= 0,

(20)

72

The diagonal

Quadratic Reciprocity

D of r has the equation

y = -q x. p

Lemma 25. 1 shows D contains no lattice points and that there are M lattice points inside r under D. Since q too is an odd prime, we may apply Lemma 25.1 with p and q in place of a and p. If we also interchange the roles of x and y, it follows that there are N lattice points inside r over D. Since (p/2] = (p - 1)/2, and [q/2] = (q - 1)/2 there are p-1 q-1 2 2

-- · -- =

M

+N

lattice points inside R. Theorem 25.2 is too important to be stated so starkly.

Let us rephrase it.

All that matters in the formula connecting the Legendre symbols is the parity

of the exponent. The integer (p - 1)/2 is even if and only if p = 1(4) so that the Law of Quadratic Reciprocity says that

(�)(�) = 1 unless bo th p and q are congruent to 3 modulo 4, in which case

(�)(�)

=

- 1.

Restated again,

(�) (�) =

unless p = q = 3(4), in which case

(�) = - (�)·

We can use quadratic reciprocity to answer questions such as " Is 3 a residue of 41 ? " Both 3 and 41 are prime, and 3 = 3(4) while 41 = 1 (4).

25.

The Quadratic Reciprocity Law

73

Therefore

Now apply Theorem 23.3 :

41

= (�)

(�)

=

2(3) so

(�) = G)· Finally,

(�) either bec�use 3

=

-1

3 =f:. ± 1(8) (Theorem 24.3) or, better, because by inspection

x2 has no solution.

=

=

2(3)

Therefore

(;1) and 3 is not a residue of 41. Here is a similar computation. each step.

=

-1

The reader should provide a reason for

(!�) = (��0) (�:) (:1)(�) 1 . (�) · 1 = G) = 1 =

=

so the congruence

x2 has a solution.

=

3 1 (41)

Quadratic Reciprocity

74

is 3

For which primes a residue ? Clearly 3 is a residue of 2. Suppose p is a prime other than 2 or 3 . Since 3 = 3(4),

(3)

p =

We know p

==

1 (4) p = 3 (4).

if p =

(�)

if

G) = 1 ; (�) =

if and

-1

G) = 1

only if

or

and

p

==

1 (4)

p

==

3 (4) and

p

==

p2

1

=

(3)

(21)

(3).

(22)

The conditions in (21) are equivalent to p = 1(12) ; those - 1 (1 2). Thus we have proved the following theorem.

==

==

Theorem.

=

( �3)

in (22) to

only if p

= 1 if and only if p The Legendre symbol 1(6) ; there are infinitely many primes of this kind.

25.4

p=

G)

The Legendre symbol 1 if and ± 1(12) ; there are infinitely many primes of this kind.

25.3

p

�

1 or 2(3) and that

so

p

( (�)

Theorem.

Theorem 25.4 is to Theorem as easy. Suppose p ¥: 2. Then

Proof.

25.3

= 2 or

=

2

or

as 24.5 is to 24.3. The proof is

(�3) = (��) (�)

26.

The Diophantine J:."quation x2 - my 2 ,. , J:. p

which is

75

1 if and only if p

=

I (4)

and

3 (4)

and

p

= ± I (12)

(23)

or p =

p

=

± I (I2).

(24)

The conditions in (23) imply p = I ( I 2) ; those in (24) imply p Both cases are covered exactly by p = I(6). 26.

=

-5

=

7(12).

THE D IOPHA NTINE E Q UA TIO N x2 - my2 = ± p

In this section we shall exploit the Law of Quadratic Reciprocity and Thue's theorem to study

(25) for a few sm all values of m. S o me cases have been covered already. discovered in Section I 4 that

has a solution if and only if

p =

2 or p = I (4) or, equivalently,

I n the same section we also proved that

has a solution for every odd prime p. too.

Of course

G)

=

These remarks should suggest a connection between of solutions to Eq. (25). 26.1

Theorem.

( �1)

We

=

1.

1 for every odd prime

(;) and the existence

Let us formalize and generalize the suggestion.

If (26)

and p is an odd prime which divides neither k nor m, then

(;)

=

1.

Quadratic Reciprocity

76

Proof Fi rst we show that (p, x) = (p, y) 1 , in analogy to Lemma 14. 1. If p divides x or then Eq. (26) implies p divides x and y since p -f m. Thus

y,

but

=

p _.r k, a contradiction.

N
p:

so

(27) The formal fraction in (27) looks out of place and must be explained. Here y - 1 is the inverse of y in (p) ; we could write yp - z i n ste ad (Euler's Theorem) . Equation (27) says m is a residue of p, so

26.2

If x

Corollary.

2

- my

2

( ;) =

=

1.

± p has a solution and p _.r m, then

Unfortunately, the converse of C or o llary 26.2 is false.

Diophantine equati on

This

two

5y2 (-;5) (�) = 1.

is not a square when lu es of y for which it is positive. Nevertheless

has no solution since 7 -

va

y

=

Consider the

0 or I ,

the

o n ly

=

can prove a par ti al converse of Theorem 26. 1 from which the converse of Corollary 4.2 follows for some special values of m. We start by trying to generalize the argument in Theor em 1 4.5.

We

26.3

Lemma.

l k l ::;; l m l and

If

(i)

= I , t hen there are integer s

x, y,

and k such that (28)

26.

The Diophantine Equation

Since

Proof.

c;)

=

x2

- . my2

_

:l p

77

1 , there is an integer z such that z2 = m (p).

Thue's theorem (14.4) implies the existence of integer s satisfying / x l < JP, I YI < JP, an d zy

x

and

y, not

both 0,

= x (p).

Then

so

for some integer k.

Finally,

/k /p

=

/ kp / = j x2 - m y 2 j

:::;; x2 + /m /y2 < p + / m /p

= p(l + l m l) . Since both k an d m are integers, this implies l k l :::;; / m / . Now our problem in

Eq. (28) .

When

Sometimes we are

26.4

Theorem.

on ly if p

Proof. 22. 5.

=

1

i s reduced to deciding when k can be taken to be ± 1 - 5 and p = 7, the best we can manage is k = 2 :

m

=

luckier. x2 + 2y2

=

or 3 modulo 8, or,

p has a solution fQ.r the odd prime p if and equivalently,

(� ) = 1.

" Only if " follows i m m edi at el y from

2

Corollary 26.2

an d Theorem

Quadratic Reciprocity

'78

To prove the converse suppose are integers

x,

y, and k with

We are done if k remains. Suppose

= 1.

Then x is even ; suppose x

0

::5:

(�2)

lkl

=

1 , and apply Lemma 26.3 ; there

2, and

::5:

Since k is clearly positive, only the case k

=

2u.

=2

Then

4u2 2y2 +

=

2p

implies

so p is the sum of a square and twice a square, as desired. 26.5

Theorem.

Let p be a prime other than 2 or

x2 3 y 2 +

=

p

3.

has a solution if and only if p = 1(6), or, equivalently, Proof.

( �3)

=

1.

As before, " only if " follows from Corollary 26.2 and Theorem

Conversely, if

x, y, and

( �3)

k for which

=

=

25.4.

1 , then Lemma 26.3 implies the existence of integers

3.

x2 + 3y

2

=

kp

where 0 ::5: k ::5: As before, k = 0 is impossible. If k 1 the theorem is true for p. Suppose k Then

x = 3u.

Then

so and the theorem is true for p.

=

3.

Then 3 1 x; say

26.

The Diophantine Equation x2 - my2 .......

We shall be done when we show k

=

J.:. p

79

2 cannot occur.

Supp ose

x2 + 3y 2 = 2p.

(29)

Since p = 1(6), p = 1 (3), so reducing Eq. (29) modulo 3 yields x 2 = 2p = 2 (3). But this is impossible because 2 is not a residue of 3. The next natural problem is Eq. (24) when m = We have already studied that problem, because

-

4 and p is an odd prime.

Thus if

(3 0) has a solution (x, y), then

(x, 2y ) s olves (3 1)

Conversely, suppose p is an odd prime and (u, v) solves Eq. (3 1). Then just one of u and v is even ; say v = 2y. Then (u, y) s olve s Eq. (30). Thus (30) and (3 1 ) are essentially equivalent problems. In general we need con­ sider Eq. (25) only for square free integers m. We have already remarked on the intractability of m = - 5. The cases m = - 6 and m = - 7 are considered in Problems 27.7, 27.8, and 27.9. So far we have discussed Eq. (25) only when m < 0. Then the existence of a solution for any particular prime p can be decided by trial and error in finitely many steps, for I Y I must be less than JP!Iml . This argument clearly fails for m > 0. Nevertheless we can make some progress for a few positive values of m. 26.6

Theorem.

Let p be an odd prime.

Then

(32) has a solution if and only if p = ± 1(8), or, equivalently,

G)

=

1.

80

Quadratic Reciprocity

Proof.

The start of the proof is familiar.

If Eq. (32) has a solution, then

G) = 1 (Corollary 26.2), and hence p = ± 1 (8) (Theorem 24.3). Conversely, suppose p = ± 1 (8).

26.3.

k

for

There are integers x and y

=

1, so we may apply Lemma

= 0 is impossible because J2 is irrational. Suppose = ± 2. Then x = 2u is even, so

k = 0, ± 1 , or ± 2 ; k

= 1 , we are done.

G)

Then . such that

k

4u2 - 2u2 =

If

± 2p.

Therefore

k

Thus if = - 2 we are done, while the case only case we have yet to consider. Suppose

k

=

2 reduces to

We shall see in Section 30 why the following trick works.

k

=

- 1 , the

Let

u = x + 2y v = x + y.

Then

u2

-

2v 2

(x + 2y) 2 - 2(x + y) 2 = x2 + 4xy + 4y2 - 2x2 - 4xy - 2y2

=

= - x2 + 2y 2 = p.

This same trick also shows that x2 - 2y 2 = - n has one.

x2 - 2y2 = n

has a solution if and only if

27.

81

Problems 2 7.

PROBL EMS

Let p > 3 be prime. Investigate the sum and product modulo p of the of p between 0 and p. This problem and Problem 15.9 are related, though independent. 27.1

residues a

27.2 27.3

prime p

Can

a primitive root for a prime p > 2 be a residue of p ?

Show that the polynomial (x2 + 1 )(x4 - 4) has a root modulo p for every but no integral root.

27.4 Prove that p is a Fermat prime (Problem 6. 1 7) if and only if every non­ residue of p is a primitive root for p. Prove that 3 is a primitive root for every Fermat prime > 3.

(��!) (���) . G) (� )

27.5

Compute

27.6

Prove :

27.7

Prove :

27.8

Prove that

and

(The integers 501 , 503, and 773 are prime.)

= ( - 1) 0•2 - t Jts.

7

= 1

if and only if p = 1,

2,

or 4(7).

has a solution for the odd prime p if and only if p = 1 , 2, or 4 modulo 7. Hint : 2 or 4 should require ingenuity. Mimic the proof o f Theorem 26.5. Only k Then try computing modulo 4 or 8. =

27.9* 27.10*

Investigate the converse of Corollary 26.2 for m = -6. Use Theorem 25.3 to decide when

has a solution.

Watch the signs.

27.1 1 * Prove Theorems 25.4 and 25.3 by applying the lemma of Gauss directly, as in the proof of Theorem 24.3. 27.12 Show that 10 is a nonresidue of a prime p (different from 2 and 5) if and only if p = ±7, ± 11 , ± 1 7, or ± 1 9(40). Deduce that these primes are nines numbers. (See Problem 22.3.)

, 27.13* Find a prime simultaneously of each of the forms x2 + y2, x2 + 2y2, x2 + 1 0y2• (See Elementary Problem E 1 922, Amer. Math. Monthly, 73, (1 966), 891 . The solution is in the same Monthly, 15, (1968), 193.) • • •

27.14

Suppose p« I n ! ; p« + 1 k n ! .

Show

oc

=

(nfp) + [n/p 2 ] + [n/p3] +

· · ·.

6 Quadratic Number Fields

In Section 14 and Problem 1 5. 1 1 we solved the Diophantine equation XZ y2 = n. The heart of that solution was the fact that x2 - y2 = (x y) (x + y). The analogous identity (x - y .jm)(x2 + y Jin) = x2 - my2 moti­ vates this chapter, in which we study a class of rings each of which contains Z as a subring. Our results about arithmetic in these rings will generalize some number theory in Z and shed much light on the Diophantine equation -

-

(1)

for some values of m . .

28.

THE FIEL D

Q(VmJ

Let m be an integer other than 0 or 1 which has no square factors ; we say then that m is square free. Only such integers concern us in this chapter. We write .jm for the positive square root when m > 0 and for i� when m < Problems 6. 12 and 1 5.6 each imply .jimi is irrational. The symbol Q denotes the field of rational numbers, C the field of complex numbers. Let

0.

Q(.jm) = {a + bJm l a, b e Q} = Q + Qfo. 82

28. The Fleld Q(vm)

We have lost nothing by assuming m square free, for if m' =

Q(#) = Q(fo). 28.1

Proof.

The set

lbeorem.

Q(jm)

n

2m

83 ,

then

Q(fo) is a subfield of C.

is obviously closed under subtraction.

Since

(a + bj;;,)(c + dJ;;,) (ac + mbtl) + (ad + bc)fm =

it is closed under multiplication as well. To show it is a field suppose 0#a

=

Thus

Q(fo)

(2)

is a subring of C.

a + bfo e Q(fo).

We know a has an inverse in C ; we must prove a - 1 e Q(fo). To that end we " rationalize the denominator," an elementary trick we shall formalize in Theorem 28.5 and systematically exploit throughout this chapter :

1 a + bj"m

1 . a - bfo = a + bfm a bfo -

-

_

The denominator a2

a b � a 2 - m b2 a 2 - m b2 Y m .

(3)

_

- mb2 cannot be zero since m is square free.

When m > 0 , Q(fo) is called a real quadratic field, when m < 0, a complex one. The complex fields turn out to be much simpler than the real ones. ·

28.2

Lemma.

is unique. Proof.

Thus

The representation a = a + bfo of an element of Q(fo) is rational if and only if b = 0 .

a

Suppose a =

a + bfo

=

c

+ ifm.

r= y rn =

d-b

If b # d, then

a-c

--

which would contradict the irrationality of course, a = c.

fo.

Thus

b = d and

so, of

Quadratic Number Fields

84

28.3

Definition.

are defined by

The conjugate iX and the norm N(a.) of

· a = a - bfo N(a) = a.a = a2 - mb2•

This definition makes sense only because a. determines a and b (Lemma 28.2). When m < 0 the conjugate of a. is its traditional complex conjugate, and N(a.) is the square of the usual norm of a. regarded as a complex number. The norm links the study of the field Q(fo) to the Diophantine equation x2 - my 2 = n, for that equation can be solved if and only if n is the norm of an element x + yfo of Q(fo) for which x and y are integers. 28.4

Q(fo).

Lemma.

The conjugation map

That is

a. -'\N\r iX is a field

a. + P = a + P

automorphism of

(4)

and (5) Moreover

iX = a.

(6)

and a. = iX if and only if a. is rational. Proof Equation (4) is obvious. Equation (5) is true because Eq. (2) remains true when fo is replaced by fo Equation (6) is also obvious ; moreover it implies that the conjugation map is its own inverse and hence is one to one and onto. Finally, a. = iX if and only if b = 0, so the last assertion follows from Lemma 28.2. -

28.5

(a) (b) (c)

Theorem.

N(a.p) = N(a.)N(p) . N(a.) is rational. N(a.) = 0 if and only if a. = 0.

.

29.

Algebraic Integers

(d) (e)

85

only if rx is rational.

N(rx) = rx2 if and

If rx '=I: 0, then

Proof.

(a) (b)

(c)

(d) (e)

N(rxfJ) = rxprxp = rxpa.p = rxa.pp = N(rx)N(P).

Part (b) is obvious. Clearly N(O) = 0. If N(rx) = rxa = 0, then rx = 0 or a. = 0, which means rx = 0 . N(rx) = rxa = rx2 if and only if rx = a., that is, if and only if rx is rational. Part (e) is obvious ; cross multiply. Note that (c) implies N(rx) '=I: 0.

Part (e) of Theorem 28.5 is the promised formalization of the trick we used to prove Theorem 28. 1 . Part (a) is the most useful part. It shows that the norm is multiplicative, or, equivalently,

N:Q<Jni>• -+ Q* is a group homomorphism. 29.

A L GEBRA IC INTEGERS

The characteristic polynomial P of rx = a + hj;z e Q(j;z) is defined by P(x)

=

(x - rx)(x

- a)

= x2 - (rx + IX)x + rxiX. The polynomial P has rational coefficients since are rational.

(7) 1 , rx + IX = 2a

and

N(rx)

29. 1 Definition. The number rx e Q(j;z) is an algebraic integer if and only if its characteristic polynomial has integer, not just rational, coefficients. Let A(m) be the set of algebraic integers in Q(j;z). Thus rx e A(m) if and only if rx + IX and N(rx) are ordinary integers. Elements of A( - 1) are called Gaussian integers.

We shall call the elements of Z rational integers whenever the adjective is required to avoid confusion. Every rational integer n is an algebraic integer since whatever value m may have, n e Z will have characteristic polynomial

Quadratic Number Fields

86

x2 - 2nx + n2• No other rational numbers are algebraic integers. That follows from Problem 1 5.5. The next lemma provides another proof. 29.2

Lemma.

A(m)

n

Q = Z ; A(m) = A(m).

Proof. We have just noted that Z c A(m). Of course Z c Q. To prove · the reverse inclusion suppose rx is rational. Then N(rx) = rx2 is a rational integer only if ex is one. Since rx and iX have the same characteristic polynomial, one is in A(m) when the other is. Thus A(m) = A(m) .

There are, of course, algebraic integers which are not rational. The number .jm is in A(m) since its characteristic polynomial is x2 - m. The number 1 + 2i is in A( - 1) since 1 + 2i + (1 + 2i) = 2, and N(1 + 2i) = 1 2 + 22 = 5. These examples suggest the next lemma. When a and b are (rational) integers, z.jm s;; A(m).

29.3 Lemma.

That is, Z + Proof.

rx

+ iX = 2a E Z

N(ex) =

and

ex =

a + b.jm E A(m).

a2 - mb2 E Z.

Lest the reader hastily jump to a false conclusion, note that ro =

2 1

--+

J-3 2

--

(8)

is an integer in A( - 3) since m +m = -1

(9)

N(w) = row = (!)2 - ( - 3)(!)2 = 1 .

(10)

and

The number ro is extremely important. Let us digress briefly now to compute some of its properties for use later. 29.4 Lemma. The characteristic polynomial of ro is

P(x) = xl

+X

+1

(1 1)

29.

Algebraic Integers

87

so w2

+

w+1

=

The three cube roots of 1 in C are 1 ,

w2 + w + 1 ro,

and ro 2 •

=

o.

(12)

Proof. Equations (9) and (10) imply that Eq. (1 1) gives the characteristic polynomial P of w. Since

x3 - 1 = (x - 1)P(x) we have found the cube roots of 1 .

=

(x - 1)(x - w)(x - w)

Note that ( 1 3)

The conclusion to which you might have jumped, the converse of Lemma 29.3, is true only two thirds of the time. Since m is a square free integer, 4 % m. Thus m = 1 , 2, or 3 modulo 4.

If m =f: 1 (4), then a = a + hjm is in A(m) if and only if a and b are rational integers. If m = 1(4), then a + hjm e A(m) if and only if 2a and 2b are rational integers of the same parity. 29.5

Proof.

Theorem.

Let a

= a + bjm e A(m).

Then 2a e Z and

4N(a) = 4(a2 - mb2)

=

(2a)2 - m(2b)2

e

Z

so m(2b)2 e Z. Since m has no square factors, it follows that 2b e Z. More­ over 4 1 (2a)2 - m(2b)2• If 2b is even, then 4 1 (2a)2, so 2a is even. If 2a is even, then 4 1 m(2b)2, but 4 % m, s o 2b is even too. Thus 2a = 2b (2). Next we show a and b must themselves be rational integers unless m = 1(4). This together with Lemma 29.3 will complete the first part of the theorem. Suppose a ¢ Z. Since 2a e Z, 2a is odd. Then 2b is also odd, so (2a)2 = (2b) 2 = 1 (4). But (2a)2 - m(2hi = 0(4), so m = 1(4). An analogous argument shows b ¢ z � m = 1(4). Finally, we must show that if m = 1(4) and 2a = 2b(2) in Z, then a = a + bjm e A(m). Clearly a + iX = 2a is an integer. Let us check the norm : N(a + hjm)

=

=

a2 - mb2 !((2a)2

_

m(2b)2).

(14)

88

QUIJdratlc Number Fields

Since 2a = 2b(2) and m = 1{4), the factor in parentheses on the right in Eq. (14) will always be divisible by 4.

,

Note that when m = 1(4) there are " more " algebraic integers than those given by Lemma 29.3. This is the anomaly we first discovered in A( - 3) : - 3 = 1(4), so -! + ! f-3 E A( - 3). Here 2a = - 1 and 2b 1 ; 1 = - 1(2). When m = 2 or 3(4), A(m) = Z + zfm; we shall always write algebraic integers as bfm where and b are rational integers. This form is awkward when m = 1(4) ; we should have to allow a and b to be halves of odd integers as well. Here is another alternative description of A(m). Let e = em be defined by

OJ =

a+

=

a

e=

fm

(15)

if m ¢ 1 (4)

(16) The minus sign in Eq. (16) is not traditional. It does no harm for other values of m. 29.6

Lemma.

A(m) =

{a + be I a, b E Z}

We include it so that e 3

Theorem 29.5 says

and

= a + be

a. E A(m)

a+b -

29.5.

( � �m) = a - 2b + 2b fm.

=

if and only if

OJ.

= z + ze .

Proof When m ¢ 1(4), this is si mply Theorem Then for any a and b oc

=

+

Suppose m = 1(4).

29.

89

Algebraic Integers

are integers of the same parity. That happens if and only if a and integers. In particular , e e A(m). We shall need the following facts about e when m = 1 (4).

ez = - � +

(

b

are

�r

.jm =4- - 2 1+m

m-1 =4 - - e.

(17)

� = - ! _ fm 2

=

-1 -

e.

2

(1 8)

1-m

(19)

4

which is an integer because 4 1 m - l. Observe that Eqs. ( 1 7), ( 1 8), and (19) generalize (9), (10), (12), and ( 1 3). Finally,

N(a + b e) = (a + he)(a + be) = a 2 + a b(e + �) + b 2e� (1 - m) = a2 - a b + b 2 -4

which is an integer when a and 29.7

Theorem.

(20)

b are rational integers.

A(m) is a subring of Q(Jm).

Proof Represent the algebraic integers in the form established by Lemma

29.6. Then it is clear that sums, differences, and rational integral multiples of algebraic integers are again algebraic integers. Now note that ez E A(m)

Quadratic Number Fields

90

either because e 2 = m (if m ;f:. 1(4)) or by virtue of Eq. (17) (if Thus A(m) is closed under multiplicati o n because

(a + be)(c + ae) = ac + (b + d)e

m =

1(4)).

+ bde 2 •

This proof of Theorem 29.7 is short but unsatisfactory. It ought not be necessary first to identify A(m) explicitly, as we did in The orem 29 .5, in order to show that it is closed under subtraction and multiplication. The reader is invited to try to find a more straigh tfor ward proof. Problem 4 1 .4 may help. 30.

Since

NO R MS A ND UNITS

x2 + y2 = (x + iy)(x - iy)

a rational integer is a sum of two squares if and only if it is the norm of a Gaussian integer . The consequences and generalizations of that simple observation will occupy us for much of thi s chapter. When m is a square free integer let B(m) be the set of norms of nonzero algebraic integers of Q(J;;;) . Since norms of algebraic integers are integers , B(m) s; Z. Since 1 e A(m), 1 = N(l) e B(m). 30.1

Lemma.

If m ;f:. 1(4), then

equation

n e B(m) if and

only if the Diophantine

(21) has a s oluti on . Proof

Equation (21) says just

N(x + yJ;;;) = n .

The lemma then follows from Theorem 29.5, which says if and o n ly if x and y are integers.

x + yJm e A(m)

Thus, for exa ple , an odd prime is in B( - 1) if and only if it is congruent to 1 modulo 4 (Theorem 14.5) and is in B(2) if and only if it is congruent to ± 1 modulo 8 (Theorem 26.6). As usual the s i tuati o is more complicated when m = 1 (4). m

n

30.

Norms

and Units

91

30.2 Lemma. If m = 1 (4), then the following three statements are equivalent. (a) n E B(m). (b) The Diophantine equation x

(c)

2

- xy

(1 - m) 4

+

--

y

2

=

n =F 0

(22)

has a solution . The Diophantine equation (23) has a solution.

Proof The equivalence of (a) and (b) follows easily from Lemma 29.6 and Eq. (20). Suppose (a) is true, so that n where 0 =F a+

bJ-;;; E A(m).

=

N(a + bfo)

2a and 2b are integers,

Then

so

and hence Eq. (23) has a solution. Conversely, suppose (c) ; let (x, y) solve Eq. (23). Since m = 1(4), m is odd. But 4n is even, so Eq. (23) implies x and y have the same parity. Then ex = (x/2) + (yj2)Jm E A(m) (Theorem 29. 5) and

N(cx) =

x

2

- -

4

2

m -4 y

=

n

so n E B(m). Although it is no longer logically necessary, we can prove the equivalence of (b) and (c) directly by consulting the proof of Lemma 29.6. If (x, y) solves Eq. (23), then (2x - y, y) solves Eq. (22) ; while if (u, v) solves Eq. (22), then (u + v)/2 E Z and ((u + v)/2, v) solves Eq. (23) . If m < 0, then B(m) contains only positive integers. Since N(x + yfo) = N( lxl + I Y i fo) is an increasing function of l x l and l y l , all the elements of B(m) less than some fixed k may be found by computing N(x + yfo) for l xl < Jk and I Y I < Jk;jml, where x and y are either integers or appropriate

92

Quadratic Number

Fields

half integers , depending on m modulo 4. We used this fact implicitly in the example following Corollary 26.2 and in Section 1 , where we found the first few integers which are sums of two squares. That is B( - 1) begins : 1 , 2,

4,

5 , 8, 9,

10, 13, 1 6, 17, 18, 20, . . . .

(24)

An initial segment of B( - 5) can be similarly computed :

1 , 4, 30.3 Lemma.

5,

6, 9, 14, 20, 21, 25,

29, 30, . . . .

(25)

If b1 and b2 are in B(m) so is b1b2 •

Proof There are algebraic integers cx1 and cx2 such that b1 b2 = N(cx2). Then a1 o:2 E A(m), so

=

N(cx1) and

We have used Theorem 29.7 and Part (a) of Theorem 28.5, the multiplicativity of the norm. We can now see what motivated the trick used to finish the proof of Theorem 26.6. There we had to show that - p E B(2) implied p E B(2). That implication now follows from Lemma 30.3 and the fact that N(l so that - 1

E

B(2) .

+ j2) = 12 - 2 12 = - 1 ·

(26)

What we did then was to set

u + vJ2 = (1 + j2)(x + yjl)

and verify that the norm is multiplicative in this special case. In the special case m = - 1 Lemma 30.3 says that a sum of two squares times a sum of two squares is again such a sum (Problem 6.3). That follows directly from Diophantos' identity

(27) which, unmotivated, might be hard to guess. What we have done and are doing is to see how such identities naturally occur in the proper abstract algebraic context. Lemma 30.3 may be restated as : B(m) is a subsemigroup of Z*, the semi­ group of nonzero integers under multiplication. Most of the rest of this chapter concerns divisibility in B(m) and in A(m)*, the multiplicative semi-

30.

Norms t11ul

Units

93

group of nonzero algebraic integers of Q(j;). These semigroups are related by the norm, which is a semigroup homomorphism from A(m)* onto B(m). The reader unfamiliar with the definitions of divisibility, units, associates, and primes in semigroups like A(m)* and B(m) will find them in Appendix l . For example, 1 + i di vides 2 + 3 i in the Gaussian integers because ( 1 + i) x (2 + i) 2 + 3i. We then write (1 + i) I (2 + 3i). We see from the sequence (24) that 2 1 1 8 in B( - 1 ). Note however that 6 ¢ B( - 1), so of course it cannot divide 18 there. =

30.4

Proof =

Lemma. If a I P in A(m)*, then N(a) I N(P) in B(m) . If a I p, then there is a

N(p), so N(a) I N(p).

ye

A(m) such that ay

The converse of Lemma 30.4 is false.

N(3)

in

=

9 1 81

=

Suppose m

N(2

+ FTI)

but 3 A' 2 + F77 i n A( - 77) because integer.

B( - 77),

al gebrai c

30.5

=

=

p.

- 77.

Then N(a)N(y)

Then

(2 + J - 77)/3

(28) is not an

Lemma. The algebraic integer a I N(a) in A(m).

Proof Here we regard N(a) as a rational integral element of A(m) rather than as an element of B(m) . Since iX e A(m) and aiX = N(a), the lemma is proved. Recall that J1 e A(m) is a unit if and o nly if it divides 1 , that is, if and only i f J1V 1 for some v e A(m). The units are the invertible elements of A(m) ; they form a group (Appendix 1). The number i is a unit in A( - 1) because i( - i) = 1. Equation (13) shows =

that w is a unit in A( - 3). since

The number

J1 =

t +tJ5 i s a unit in A(5)

(29) The factors on the left in Eq. (29) are algebraic integers because 5

=

30.6 Lemma. The algebraic integer J1 is a unit if and only if N(JL) = that is, N(JL) i s a unit in B(m).

1 (4).

± 1,

Quttdrtltic Number Helds

94

Proof If JlV = 1 i n A(m), then N(p.)N(v) = 1 in B(m). in B(m), hence in Z, so N(p.) = ± 1 . C o nversely, if N(p.) then ± ji is the inverse

of p.

=

Thus N(p.) is invertible

p.ji = ± 1

in A(m).

A unit J1. of A(m) is proper i f N(p.) = 1 , improper if N(p,) = - 1 . Note that N( - 1) 1 , so - 1 is always a proper unit. There are no improper units when m < 0. Equati on (26) shows 1 + .ji is an improper unit in A(2). =

30.7

Proof

Lemma.

The ring A(3) has no improper

If

N(x + yj3)

=

x2

-

unit.

3y2 = - 1

then x2 = - 1(3), which is impossible. (We have just solved Problem 6.6.) Lemmas 30. 1 , 30.2, and 30.6 imply that finding the units in A{m) is equivalent to solving the Diophantine equations (30) when m :jE. 1 (4) or to solving (3 1) when m = 1(4).

These are easy

to

handle

when

m < 0.

30.8 Theorem. The u nits in A( - 1) are ± 1 and ± i. The units in A( - 3) are ± 1, ± ro, and ± ro2• When m < 0 and m #- - 1 , - 3, the only units in A(m) are ± I. ·

Proof

Suppose m =

implies lxl Then

=

-

I

.

Then

1 and y = 0, or x

=

0 and I Y I = I .

Suppose m = - 3

=

1 (4).

31.

Units in

Real

Fields: Pel/'s J.:,'quatiun

95

implies l x l = 2 and y = 0, or lx l = I Y I = 1 . The case - x = y = 1 corre­ sponds to the unit w and the solution N(w) 1 . The reader can check the other cases. If m < - 1 , then ( ± I , 0) are the only solutions to Eq. (30). If m < - I and m =I= 1(4), then m < - 3 so ( ± 1 , 0) are the only solutions to Eq. (3 1). =

Finding the units in A(m) when m > 0 is much harder. problem in the next section. 11 .

UNITS IN

REAL

FIEL D S : PELL ' S

We discuss the

E Q UA TION

We proved in Theorem 30. 8 that A(m) has only finitely many units when m < 0. That is false when m > 0. We know 11 1 + J2 is a unit in A(2) (Eq. (26)). Since 11 is real and greater than I, its powers Jln are different units, so the group of units of A(2) is infinite. In fact, every unit of A(2) is ± /l.n for some n. That fact is typical of A(m) for positive m. For the remainder of this section m is a square free positive integer. Since Q(fo) i � a subfield of the field of real numbers, we will be able to use arguments based on the order structure of A(m). Recall that A(m) Z + Z�, where � = fo if m =I= 1(4), and =

=

if m = 1(4) (Lemma 29.6). � is always greater than 0. In A(m)

Since the second case first occurs when m

m =I= 1 (4) m

=

1 (4).

=

5,

(32)

31. 1 Lemma. Let 11 = a + b� be a unit other than ± 1 in A(m). Then just one of the four units ± Jl., ± ji lies in each of the intervals ( - oo, - 1 ) , ( - 1 , 0), (0, 1), (I , oo). Moreover, 11 > 1 if and only if a > 0 and b > 0.

Proof The four units ± Jl., ± 11 - 1 distribute themselves one each among the intervals in question. Since

11 1 =

ji

N(Jl.)

+ 11= -

that i s true of the units ± Jl., ± ji, so the first assertion is true.

96

Quadratic NumbL•r Fields

Clearly c + d� > 1 if c and d are positive integers. Since Jl "# ± 1 , we know a "# ± 1 and b "# 0. Then Eq. (32) implies just one of the units ± Jl , ± ji has two positive coefficients ; that must b e the one i n ( 1 , oo ) . Both parts of the lemma are false for arbitrary integers. For example, 73 + sJ2 > 73 - sfi > 1 . 31.2

Proof

Corollary.

The interva l (1 , M] contains only finitely many units.

There are only finitely many positive rational integers a, b for which

a + b� ::::;

M.

Most of the work of this section will be in the proof of the next theorem ; we shall postpone its proof until we have examined its consequences. 31.3

Theorem.

There are integers

y

"# 0 and x such that

or, equivalently, A(m) has a proper unit other than ± 1 . Proof

See 3 1 .9.

31.4 Theorem. There is a unit is of the form ± Jl on for some n.

Jlo

"# ± 1 in A(m) such that every unit

Proof Theorem 3 1 .3 implies that there is a unit Jl = x + yJ; "# ± 1 . Lemma 3 1 . 1 implies we may assume Jl > 1 . Then there are finitely many units in the interval ( 1 , Jl] (Corollary 3 1 .2) ; let Jlo be the least one. The theorem will be proved once we show every unit v > 1 is a positive power of Jlo , for then by Lemma 32.1 , ± Jl o " will exhaust the units. Suppose v > 1 is a unit. There is an n > 0 such that 0 < Jlo- 1 < v :::;; Jl on ·

(3 3 )

Multiply (33) through by Jlo n + 1 : o< 1

< VJl o " + 1 ::::; Jlo .

But VJlo" + 1 is a unit, and Jlo is the least unit greater than 1 , so

(34)

31.

Units in

Real fields: Pel/'s Equation

97

and thus v

=

Jl o

"

as desired. 31.5

Corollary.

The group of units of A(m ) is isomorphic to Z2

x

Z.

Theorem 31.4 is a special case of Dirichlet's unit theorem, which asserts that in any number field K (we have defined and studied only the quadratic number fields) the group U of units in the ring of algebraic integers is iso­ morphic to G x zk where G is a finite group and k is an integer which measures the extent to whi ch K is real. For quadratic fields k 0 w hen m < 0 (Theorem 30. 8) ; k 1 wh en m > 0 (Theorem 3 1 . 5). =

=

31.6 Definition. The Jl o constructed in Theorem 3 1 .4 is the fundamental unit of A(m). The algebraic integer 1 + J2 is the fundamental unit of A(2) since it is a unit (Eq. (26)) and is clearly the least algebraic integer > 1 which has positive coefficients ; 2 + J3 is the fundamental unit of A(3) since N(2 + j3) 4 3 1 and 1 + J3 is not a unit. This kind of argument shows that the fundamental unit can always be found in finitely many steps once some unit is known. But we can always find a unit by trying y 1 , 2, . . in 1 + my 2 and waiting for the result to be a perfect square. This procedure is not recommended. If m = 3 1 , success first occurs when y 273. Then x 1 520. The hardest part of the argument is yet to come. The technique just outlined may be impractical, but Theorem 3 1 .3 shows it is possible. We must now prove that theorem by finding a nontrivial solution to the Diophantine =

-

=

=

.

=

=

equation

(35) Fermat challenged John Walli s and Lord Brouncker to solve Eq. (3 5). Though Fermat never published a solution, he probably knew one, for his challenge singled out the cases m 109, 149, and 433, which require l arge values of x and y. Wallis eventually published Brouncker's answer to Fermat's challenge ; this work fell into Euler's hands. He mysteriously credited the solution to Pell ; Eq. (35) is therefore always called Pel/ 's equation. For a more detailed history consult E. E. Whitford's The Pel/ Equation, Dissertation, Columbia University, New York, 1 9 12. =

Quacii'Otlt•

98

Number Fields

The solution we give below is due to Dirichlet ; it uses his pigeonhole principle (Lemma 14.3) several times and so is not an efficient algorithm for computing. Lagrange used the theory of continued fractions, which we shall not discuss, to give an elegant and efficient algorithm for finding not only a solution to Pell's equation but the one which minimizes or; x + y fo for x > 1 and y > 0; or; will be the fundamental unit in A(m) when m ¢. 1 (4) and A(m) has no improper units. Otherwise it will be a power of the funda­ mental unit (see Problem 41 .9). Moreover, if improper units exist, the con­ tinued fraction algorithm will find one. That is, it is good for solving the Diophantine equation x 2 - my 2 = - 1 . Appendix 4 contains a table which lists the fundamental units of the rings A(m) and the fundamental solutions to Pell's equation. The argument which follows depends on the existence of " good " rational approximations to the irrational number fo, for if (x, y) satisfies Eq. (35) and y =F 0, then =

·

x - yfm = ---= x + yfm 1

so

1 �y - Fml -< y(x + ly,Jm) < _!_y2 "

(36)

We shall look for pairs (x, y ) which satisfy (36) and try to reverse the implications to find solutions to Eq. (35). 31.7

integer.

Let o: > 0 be irrational and M a positive Then there are integers 0 < y :::;;; M and x � 0 such that

Lemma (Dirichlet).

lx - yocl

Proof. Recall that 25) so that

[t]

1

< M.

(37)

is the greatest integer less than or equal to t (Section 0 :::;;;

t - [t] <

1.

Divide the interval [0, 1 ) into the M subintervals

31.

Units

in

R(!a/

Hl!!ds: Pel/'s Equation

99

each of length 1/M. Then the pigeonhole pri nciple (Lemma 14.3) implies that two of the M + 1 numbers a - [a ] , 2a - [ 2a] , . . . , Ma - [Ma], (M + l)a - [(M + 1 )a] must lie in the same interval. 0 < y' < y" :::;; M + 1 and

i ([y"a] Let x Then

=

[y"a] - [y'a]

That is, there are integers y' and

y

"

for w hich

1

-

and

[y 'a]) - (y " - y')ai < - . y

=

y" - y' <

M.

M

1

i x - ya i < ­ M

and we are done.

31.8 Lemma. Let a > 0 be irrational. Then there are infinitely many pairs (x; y) of integers for which y "# 0 and

(3 8 ) That there is o ne such p ai r is obvio u s : Let y = 1 an d x = [a]. S upp o s e we have found n pairs (xi , y i>. Let f> be the minimum of th e n distances

Proof

S in ce a is irrational , f> > 0. Le t M be an i ntege r > 1 /f>. Then apply Lemma 3 1 .7 to a and M to find x a nd y "# 0 satisfying (37) ; (x, y) is not one of the pairs (x i , y;) since 1/M < f>. But 0 < y :::;; M, so (37) implies

Thus (x, y) is an (n 31.9

+

l ) s t pair satisfying (38).

z + zjm £

Proof of Theorem 31 .3.

k for infinitely a

E

We s t a rt by fi n di ng a k for which N(a) A(m). Suppose

=

Quadratic Number Fields

100

Then

= y21 � - jm II � jm I < I � + Jm l = l� - fo + 2fol � l � - fol + 2fo < y21 + 2fo < 1 + 2fo. +

Lemma 3 1 .8 then implies N(x + yjm) is an integer between - 1 and 1 2jm for infinitely many pairs (x, y), y =/: 0, so there is a rational integer k with lkl < 1 + 2jm such that

+

N(ex)

=

N(x

+ yjm)

=

for infinitely many ex e Z + zjm. Suppose ex =/: ± P, and both satisfy Eq. (39).

N(exp - 1)

=

kk- 1

=

2jm (3 9)

k

Then exp - 1

=/: ± 1,

and

1

so exp- 1 will be a nontrivial unit if it is an algebraic integer.

Now

so exp - 1 will be an algebraic integer if k I ex/1 in A(m). We shall produce ex =/: ± P with this property. There are only k 2 possible values modulo lkl for the pairs (x, y), so among the infinitely many ex which satisfy (39) there are two, ex =/: ± P, such that k l ex p . Then

-

k l(ex - P)/1

so k l a/1 and we are done.

=

ex/1 - PP

=

ex/1 - k

32.

Primes

101 32.

PRIMES

Recall that IX and f3 are associates in A(m)* if and only if each divides the other or, equivalently, IX = p./3 for some unit p.. (See Definition 4 and Theorem 5 in Appendix 1 .) For example, in A( - 3)

3 J-3

.A. = l - w = - 2

and F3 are associates since

and w is a unit in A( - 3). In A(2), 3 + J2 and 75

F3 =

--

2

- w.A.

(40)

+ 53j2 are associates since the quotient

75 + 53j2 - (75 + 53ji)(3 - J2) 7 3 + J2 1 19 + 84j2 -

=

--::--..!-

7

12j2 = (1 + j2)4 = 17 +

(41 )

is a unit. 32.1

Lemma.

If

IX

I f3 in A(m) and IN(1X) I = I N(/3) 1 , then

IX

and f3 are.

associates. Proof

We can write f3

=

IXy.

Then

I N{/3) 1 = IN(1X) I I N{y) l so IN(y) l = 1 .

Lemma 30.6 impl ie s y i s a unit, hence

IX

and f3 are associates.

Recall that a nonunit 1t in A(m)* (or B(m)) is prime if and only if its only divisors are its associates and the units. Thus 1t is prime if and only if 1t = IX/3 always implies IX or P is a unit. Since conjugation is an automorphism of the ring A(m), 1t is prime in A(m) if and only if 1t is prime.

Quadratic Number Fields

102

Inspection of the sequences (24} and (25) shows that 2, 5, 9, 1 3, 1 7 are the first few prim es i n B( - 1), while 4, 5, 6, 9, 14, 2 1 , 29, . . .

(42)

are prime in B( - 5). The next easy theorem gives a quick test for finding primes in 32.2

Theorem.

If N(n) is prime in B(m}, then n is prime in

A(m). A(m).

Suppose oc l n. Then N(oc) I N(n) (Lemma 30.4), so either N(oc) ± 1 , in which case oc i s a unit (Lemma 30.6), or N(oc) ± N(n}, in which case oc and 1t are associates (Lemma 32. 1 ) . Thus n i s prime.

Proof.

=

=

32.3

Proof. 32.4

Corollary.

If N(n) is prime in Z, then n is prime in A(m).

An element of B(m) which is prime in Z is a fortiori prime in

Corollary.

There are infinitely many primes in

A(m)

and

B(m). B(m).

Since elements of A(m) with norms prime in B(m) are prime (Theorem 32.2), it suffices to prove the corollary for B(m). Let p be a rational prime. Then p2 N(p) e B(m) ; p2 will be prime in B(m) unless ± P e B(m), in which case ± p is prime in B(m). Since there are infinitely many rational primes, we are done.

Proof.

=

32.5 Examples. Let us illustrate how Theorem 32.2 and Corollary 32.3 are used. Since N(1 + 2i) 5, 1 + 2i is prime in A( - 1) . There are, however, primes in A(m) whose norms are not rational primes. The converse of Corollary 32. 3 is false ; we really need the full strength of Theorem 32.2. To see that, note that 1 + � is prime in A( - 5) because its norm is 6, which is prime in B( - 5) (see (42)). Of course 6 is not prime in Z. Note too for later reference that 2 and 3 are prime in A( - 5) because their norms, 4 and 9, are prime in B( - 5). The converse of Theorem 32.2 is false too. Just after we proved Lemma 30.4, we observed that 8 1 N(2 + Ffi> was not prime in B( - 77). However, it is easy to see that 2 + Ffi is prime in A( - 7 7) , for suppose oc is a proper divisor of 2 + J - 77. Then N(oc) is a proper divisor of 8 1 (Lemma 30.4), s o N(oc) 3 , 9 , or 27. But the Diophantine equation =

=

=

33.

Euclidean Number Fields

103

has no solutions when n = 3 or 27 and only the solutions ( ± 3, 0) when = 9. Thus the only possible proper divisors of 2 + J - 7 7 are a = ± 3, and neither of these does divide it. Hence 2 + J - 77 is prime in A( - 77), but its norm is composite in B( - 77). n

32.6

Theorem.

Every nonunit in A(m)* (or B(m)) is a product of primes.

Proof. The proof below is for A(m) ; the method is induction on IN(a) l for a E A(m). To construct the proof for B(m), simply replace I N(a) I by I a I throughout. (Compare the proof of Corollary 1 2 in Appendix 1 .) It is clear that every nonunit IX with I N(1X) I ::; 2 is prime and hence is a product of primes. Suppose every IX with 1 < IN(1X) I < n is a product of primes, and suppose I N(y) l = n. lf y is prime, it is a product ofprimes, and we are done. If y is not prime, then y = ap where neither IX nor P is a unit. Thus I N(1X) I > I and I N(P) I > I , so I N(1X) I < I N(y) l n, and I N(P) I < IN(y) l < n. Our inductive hypothesis implies IX and p are products of primes, so y is too. =

The riatural question to raise next is that of the uniqueness of the factoriza­ tion established in Theorem 32.6. Consider A( - 5). There

6=2

·

3=o

+

J'- 5)(1 - FS). F5

(43)

Since 1 - F5

However, 1 + F5 is not an associate of = I + F5, it too is prime. 2 or of 3 since its norm is different from N(2) and from N(3). Therefore 6 has been factored into a product of primes in two essentially different ways. That is unfortunate. The structure of the domain A(m) and corresponding information about . the Diophantine equation We showed in 32. 5 that 2, 3, and I +

are prime.

is beyond the scope of this book unless factorization in A(m) is unique. In the next section we shall exhibit some values of m for which A(m) has that property. Then we proceed to some of its consequences. 33.

E UCL ID EA N N UMBER FIEL DS

We have twice used the theorem that an integral domain in which " long division , is possible enjoys unique factorization. We shall show now that it applies to A(m) for some small values of m. To save page turning we repeat here some definitions from Appendix 1 .

Quadratic Number

Fields

Euclidean domain if it

has a

104 33.1

An integral domain R is a

Definition.

Euclidean norm, that is, a function E : R* (a) (b) 33.2

Proof

�

Z + which satisfies

E(ab) = E(a)E(b). Given a =F 0 and b in R there are elements q b = aq + r and either r = 0 or E(r) < E(b). Theorem.

and

reR

such that

A Euclidean domain is a unique factorization domain.

This is Theorem 1 6 of Appendix 1 .

Now consider A(m). The obvious candidate absolute value of the norm. Since

for a Euclidean norm i s the

I N(ocP) I = IN(oc) I I N(P) I condition (a) of Definition 33. 1 is satisfied. 33.3 Lemma. The function I N I is a Euclidean norm for oc =F 0 and p e A(m) there is a -r e A(m) such that

A(m) if given

We need only check condition (b) in Definition 33. 1 . Given oc =F and p, let q = -r and r = p - oc-r E A(m). Then P = ocq + r, and

Proof

I N(r) l

I ( (� ) )I l N(� - )I

= I N(P - r) l = N oc =

I N(oc)l

< I N(a)l

0

-

T

-r

so either r = 0 or 0 < I N(r) l < IN(a) l as required. Note that (P/oc) - -r is probably not an algebraic integer ; we have taken advantage of the fact that N is defined and multiplicative on all of Q(fm). 33.4

Theorem.

The function INI is a Euclidean norm for

A(m)

when

m = - 2, - l , 2, or 3.

Suppose oc =F 0 and P in A(m). Lemma 33.3 suggests that we look for an algebraic integer T near the quotient Pfoc = u + vfm in Q(fm).

Proof

33.

Euc/M•an Number Fields

105

Here u and v are rational numbers, so there are rational integers s and t such that l u - s l ::s; t,

l v - t l ::s; t.

Let -r = s + tJm e A(m). Then

� - -r (u =

ct

-

s)

+ (v - t)Jm

so

IN(� - )I = J(u T

s )2 -

m(v - t)2l

::s; (u - s) 2 + Jml (v - t)2 1 J ml ::s; 4 + 4 .

(44)

-

The last quantity i n (44) is strictly less than 1 if m = - 2, 1, or 2. When m = 3, we must work a little harder. Since 3 < 0, the first inequality in (44) will be strict unless s or t = v. In these cases one of the terms is zero ; the other is clearly less than 1 . Thus !N(CP/ct) - -r) J < 1 in all cases. = u

-

=-

Even that patched up argument fails when m 3 because no cancellation occurs inside the absolute value bars. Nevertheless I N I is a Euclidean norm for - 3 because A( - 3) has " more " integers than A(3). That is, there is more freedom in choosing s and t. If we let x + yJm correspond to the point (x, y) in the Cartesian plane, then when m � 1(4), A(m) consists of the lattice points (Section 25). When m = 1(4), the centers of the smalL squares formed by lattice points are also integers ; they correspond to the numbers (s + tJm)/2 where s and t are both odd integers (Theorem 29.5). 33.5 Theorem. The function JNI is a m = 1 1 - 7, - 3, 5, or 13. -

Euclidean norm for

A(m)

when

,

Proof Note that each of these m is congruent to 1 modulo 4. Suppose a # 0 and p are in A(m). We must look for an algebraic integer near Pia = u + vJm i n Q(Jm). First find the nearest rational integer t to the

rational number 2v. Then

Quadratic Number

106

Let s be the nearest integer to 2u which has the same parity as Is - 2ul :::;; 1 so

Since

m

=

1(4),

T

=

t.

Field$

Then

(s/2) + (t/2)j;, E A(m) (Theorem 2.8). Then

(m

< 0)

(m > 0)

<1

for each of the five relevant values of m. We have just proved that A(m) is a Euclidean domain and hence a unique factorization domain, for m = - 1 1 , - 7, - 3, - 2, - 1 , 2, 3, 5, and 13. It is known that IN! is a Euclidean norm for A(m) if and only if m = - 1 , ± 2 , ± 3, 5, 6, ± 7, ± 1 1 , 13, 17, 19, 21 , 29, 33, 37, 41 , 57, or 73. No other complex quadratic number fields are Euclidean (Problem 41.50). There may be values of > 0 different from those listed above for which A(m) has a Euclidean norm different from JNJ. We do not know, though their number is known to be finite. A(m) is a unique factorization domain, but not necessarily Euclidean, for just the square free m < 100 in Table 2. m

TA BLE 2

-1

-2

-3

-7

- 11 - 19

-43 -

67 - 1 63

2 3

5

6 7

11 13

17 19

21 22

46

29

57

3

71 73 77

61 62 67 69

93 94 97

23

47 5

33

59

37 38

41 43

83

86 89

34.

Consequem·es of Unique P'actorlzatlon

107

Note th at there are exactly nine negative m in the table. Gauss knew these nine numbers ; it has only re ently been proved that there are no others (Stark, Harold , Proc. Nat. Acad. Sci. U.S.A., 57, ( 1967), 216-221). It i s not known whether A(m) enjoys unique factorization for infinitely many c

positive m. 34.

CONSE Q UENCES OF UNI Q UE FA CTORIZA TIO N

Throughout this secti on , m is a square free integer for which A{m) is a un i que factorization domain. We gave a partial list of such m at the end of the last section (Table 2). 34.1 Definitions and Discussion. Let p be a rational prime. Then B(m) may or may not contain ± p. If neither p n or -p is in B(m), then p 2 = N(p) E B{m) is prime in B{m) , so p is prime in A(m) (Theorem 32.2). When that occurs we call p inertial. Suppose p is not inertial . Then ± p i s a norm, so for some n E A(m) ,

N(n)

=

nn

=

± p E B(m) .

(45)

Then n and n are pri e in A{m) (Corollary 32.3), and Eq. (45) give s the uni que factorization of ± p into primes in A(m). When n and n a re associates in A(m) , we say p ramifies, otherwise p splits. Thus p ramifies when it is an associate of the square of a pri me in A(m). m

34.2

Examples.

The rational prime 5 is inertial in A(3). The equation

has no solution in integers 2 ramifies in A(3) since

because (0 = - 1 (Theorem 26. 1). The prime

- 2 = (1 where the factors on the

and 2 + J3 is a unit because - 11

1

+ J"j)(l

- J3)

right are associates : +

J3 = (1

- J3)(2 + J3)

in A(3) (Definiti o n 3 1 .6).

=

N( 1

+ 2J"j)

=

(1

The prim e 1 1 s pli ts in A(3)

+ 2jJ)(l

- 2jJ).

Quadratic Number Fields

108

The factors on the right are not associates since

1 + 2j3 - (1 + 2jJ)2 1 - 2j3 - - 1 1

-

13 +

4j3

- 11

is not an algebraic integer. We must allow the possibility p in Definition 34. 1 . In the preceding example we found that - 1 1 e B(3). However, 1 1 ¢ B(3), for if for some et e A(3) ·-

then 1 1

=

a2(3).

But

e ) (�) 1

3

=

-1.

=

A similar argument shows 1 3 e B(3) while - 1 3 ¢ B(3). These facts prompted the warning in Problem 27. 10. This difficulty can not arise when m < 0, for then - p is never in B(m), or when A(m) has an improper unit, for then both or neither of ± p are norms. Moreover, no comparable trouble occurs with p2• 34.3

- p2 e B(m) then - 1 B(m). Either - p2 is prime in B( ) or - p2 = p( - p) e B(m). Lemma.

e

If

m In both cases Proof there is a prime 1t in A(m) such that both N(1t) and - N(1t) are in B(m). Then - N(1t) = N(u) for some u, and

1tn Then 1t I u (or

1t

I iT), so

1tJI.

=

u

=

- uii.

for some p. e A(m), and

N(1t) N(p.) = N(u) implies

N(p.) = - 1

e

B (m).

34.4 Definition We shall say e = ± 1 is an appropriate sign for n > 0 when en e B(m). Thus + I is always appropriate for p 2 ; if - 1 is appropriate for some p 2, then - 1 e B(m) and ± 1 are both appropriate for all n e B(m) . We can decide which rational primes ramify or split using the unique factorization of A(m) .

34.

109

Consequences of Unique Factorization

34.5

Theorem.

domain.

Then

Let

p be an odd prime and A(m) a unique factorization

p ramifies ..;:;.. p I m ..;:;..

(;) p is inertial ..;:;.. (;) p splits .;:;.

=

=

(;)

=

0 (46)

1 - 1.

Proof. Since the three conditions in each column of (46) are exclusive and exhaustive, it suffices to prove each of the implications the last. Suppose

(�)

=

- 1.

�.

We start with

Then the Diophantine equations

have no solutions (Theorem 26. 1 and Corollary 26.2). Consequently ± p ¢ B(m) (Lemma 30. 1 or 30.2) , and p is inertial. Consider the two remaining possibilities. If p I m, then p I p 2 - m ; if

(�)

=

1 , then the congruence

x2 = m(p) has a solution,

so in both of these

cases

p l x2 - m (x + fm)(x - j;) =

for some x e Z. If p were prime in A(m), then it would divide either x + fm or x - fm, but since p 1= 2, neither (x + J;)fp or (x - j;)/p is an algebraic integer. Therefore p is not prime in A(m). We need only decide now when it splits, and when it ramifies. We know ± p e B(m), so there are integers a and b such that 1t = a + hj;, e A (m)

and 1tit = N(1t) = ± p = a2

- mb2

Quadratic Number Fields

110

if m ;;j:. 1(4), or 1t =

a + bJ;;; e 2

A (m)

and

4n1t = 4N(n) = ± 4p = a 2 if m

=

1(4).

-

mb2

Then for either kind of m, p

We wish to decide when But

A(m).

p

(47)

l a ¢> p l m .

ramifies, or, equivalently, when nfn is a unit in

so p ramifies if and only if p I n2• We shall show

which, coupled with (47), will prove the theorem.

Now

so clearly pIa

Finally, suppose

p

l 1t2•

If p I a, we are done.

so we are done.

Then

If p

I b,

implies p

p l 1t 2 •

so p, which is odd, divides a or b. must also divide a since p I a 2 + mb 2 ,

l 2ab,

then

p

Note that we have achieved a long sought goal ; we have proved the con­ verse of Corollary 26. 2 for some values of m. The case-by-case arguments using Thue's theorem for m = - 1 (Theorem 14.5), m = 2 - 3, 2 (Theorems 26.4, 26.5, and 26.6), and m = - 7, 3 (Problems 27.8 and 27. 10) are obsolete. Moreover, we now know the source of the counterexample following Corollary 26.2. The domain A( - 5) does not enjoy unique factorization. -

,

34.

Consequences of Unique Factorization

In Theorem separately.

34. 5

111

we considered only odd primes p; 2 must be treated

34.6 Theorem. Suppose A(m) a unique factorization domain. Then 2 ramifies in A(m) if m :f= 1(4), splits if m = 1(8), and is inertial if m = 5(8).

Since we will not need this theorem later, its proof is relegated to Problem Let us check it in a few cases :

4 1 . 1 7.

2

=

(1

+

i)(1 - i)

=

- i( 1 +

i)2

so 2 ramifies in the Gaussian integers A( - 1), as it should, because - 1 = 3(4). Since 2 ( j2)2, 2 ramifies in A(2). In A( - 7) =

(48)

The factors in Eq. (48) are not associates since ± 1 are the only units (Theorem 30.8). Thus 2 splits in A( - 7) which verifies the assertion of Theorem 34.6 since - 7 = 1(8). Finally, - 3 = 5(8), and 2 is inertial in A( - 3) because the Diophantine equation ,

has no solution. We saw in 32.5 that 1 + J=5 is prime in A( - 5) because its norm is 6, a prime in B( - 5). The integer 6 is neither a rational prime nor the square of one. That anomaly does not occur when A(m) enjoys unique factorization. 34.7 Theorem. If A(m) is a unique factorization domain, and n is prime in A(m), then N(n) = ±p or ± p2 for some rational prime p.

Since n divides the positive integer I N(n) l , there is a least positive integer p such that n I p in A(m). Suppose p = rs in Z. Then n I r or n I s in A(m). The minimality of p then tells us p = or p = s. That is p is prime in Z. Now

Proof

r

nn

so

=

N(n) I N(p) = p 2

112

Quadratic Number Fields

34.8 Corollary. The primes in A(m) are the inertial rational primes and the prime factors of the rational primes which ramify or split.

Suppose 1t prime in A(m). If N(1t) = ± p, then 1t is one of the prime factors of p. If N(7t) ± p2 , then 1t I ± p2 and hence I p in A(m). But I N(7t) l = IN(p) l so 1t and p are associates (Lemma 32. 1), and hence p is an inertial prime.

Proof.

=

1t

·

34.9 Theorem. When A(m) is a unique factorization domain, B(m) enjoys unique factorization. The primes in B(m) are the squares of the inertial rational primes and the rational primes which split or ramify, taken with appropriate signs.

Proof. If n e B(m) is prime in B(m), then it is the norm of a prime 1t of A(m) (Theorem 32.2), so Corollary 34.8 implies n = ± p or ± p2 for a rational prime p. To show B(m) enjoys unique factorization we must show n I a or n I b whenever n I ab in B(m)J.l. (Appendix 1 , Theorem 7.) Now in A(m) 1t I N(1t) I n I ab

cx�pp.

is prime in A(m), it divides one of the four factors on the right; we assume 1t I Then N(1t) I N(cx). That is, n I a.

Since 1t

may

=

34.10

ex.

Corollary.

If

n E B(m) if and only if

A(m) is a unique factorization domain, then

where the q1 are inertial primes, the p1 split or ramify, and e is an appropriate sign. (See Problem 41. 19.) Recall that B(m) was defined simply as the set of norms of the integers Thus Corollary 34. 10 together with Theorem 34.5 and Lemma 30. 1 or 30.2 shows that when A(m) is a unique factorization domain we have discovered when the Diophantine equation

A(m).

or the equations

35.

The Diophantine Equation x2 1 2ya

and xz

-

xy

+

_,

n

(1---m) yz 4

113

= n

can be solved. We have done much more. In the next few sections we shall show by example in some special cases how we can use Corollary 34. 10 constructively to compute and count solutions to those equations. THE D IOPHA NTINE E Q UA TIO N x2 + 2y2 = n

Let us collect and exploit what we know about A(- 2) to solve the Diophantine equation 35.

(49)

The domain A( - 2) is a Euclidean {Theorem 33.4) and hence a unique factorizatipn domain. The only units in A( - 2) are ± 1 (Theorem 30.8). The prime 2 ramifies since - 2 N(j - 2), and J -2 and -F2 are associates. An odd prime p is inertial if it is congruent to 5 or 7 modulo 8 and splits if congruent to 1 or 3 modulo 8 (Theorems 34. 5 and 24.5 or Theorem 26.4). Lemma 30. 1 links these facts about A( - 2) to the equation we are studying : (x, y) solves Eq. (49) if and only if =

-r

and N(-r)

=

n.

=

X

+

Moreover, if -r

'

=

YF2 E A( - 2)

x ' + y 'F2

then -r = if and only if (x, y) = (x', y') (Lemma 28.2), so there are as many solutions to Eq. (49) as there are integers in A( - 2) with norm n. We wish to count in a more sophisticated way. We do not want to consider ( 1 , .3) and ( 1 , - 3) different solutions to -r

'

x2 + 2y2 = 19. 35.1 Definition. The solutions (x, y) and (x', y ') are solutions to Eq. (49) if and only if x = ± x' and y = ± y'.

equivalent

Fortunately, A(- 2) has a built-in device which identifies equivalent solutions.

Quadratic Number 'Fields

114

35.2

-r =

± -r

Lemma. ± i.

or

The solution

(x, y)

is equivalent to (x', y') if and only if

The proof is short and straightforward. Now we can count the number of inequivalent solutions to Eq. (49) and simultaneously give an algorithm for finding them when they are known for n prime. The reader who solved Problem 1 5. 1 1 discovered the technique the following proof exploits. 35.3

Theorem.

The Diophantine equation (50)

has a solution if and only if (51)

where the p1 are rational primes congruent to 1 or 3 modulo 8 , and the q1 are rational primes congruent to 5 or 7 modulo 8. When n is of this form Eq. (50) has

inequivalent solutions. The existence of solutions for just those n satisfying Eq. (51) is Corollary 34.10. Next we count solutions when they exist. We must find all -r e A( - 2) of norm n. Begin by factoring n in A( - 2). The p, are the primes which split; let p1 n1 7i1 (see Definition 34. 1). Then and 7i1 are primes which are not associates. Since 2 - (J-=2) 2 ,

Proof

=

n1

=

is the " unique " factorization of n into distinct primes in A( - 2). Now suppose N(-r) = -ri n. What can be ? If is prime in A( - 2) and uY I then iJY I i, so -ri will equal if and only if the prime factorization of is : -r,

=

n

T

u

-r

(52)

for some integers y10 , Yk with 0 � y1 � The primes q1 and J=2 must appear to the same power in -r and i because q 1 q and J-=2, while not quite A. is J-=2, its associate. • • •

oc 1 •

=

-

1

35.

The Diophantine Equation xl

Since and the sign in Eq. t

-t

(52)

1

2yl

1 15

. n

lead to equivalent solutions of Eq. (50), we must ignore when we count. Different choices for the y 1 then yield

possible choices for no two of which are associates. However, we also must avoid counting both and i since they too lead to equivalent solutions. Since ± i results when we interchange y 1 and IX1 y 1 in the right member of Eq. (52) , the solutions corresponding to y 1 , , Yk and oc1 y 1 , ock - Yk are equivalent. Thus each solution to Eq. (50) has been counted twice except in the special case in which = ± i, which can happen only when every is even and y1 = oc;/2. Then that solution has been counted just once. Both cases are covered by the expression t,

t

-

-

• • •

• • •

,

t

IX;

[A ; 1 ]

for the number is even and

of

inequivalent solutions. If at least one oc1 is odd, then A

[A + 1] 2

=

�

2'

If all the oc1 are even, that is, if n is a power of 2 times a square, then A is odd, and

the correct answer. There is an anomaly in the count when n 2a.t2 , for then (2£a.l21t, 0) or (0, 2£a.l 2 1t) solves Eq. (50) (depending on whether oc is even or odd), and that solution is equivalent to one rather than to three others. =

35.4 Example. Whenn = 3, there should be [((1 solution, and in fact

+

1)

+ 1)/2]

=

[3/2] = 1

is obviously the only way to write 3 as the sum of a square and twice a square. general when p is a rational prime congruent to 1 or 3 modulo 8, that is, when p splits, Theorem 35.3 implies

In

x2 + 2y2 = p

Quadratic Number Fielc

1 16

h a s exactly one solution in positive integers x and y. This uniquene� asserti on is implicit in Definition 3 4 .1 but is an addi tio n to Theorem 26.4. When n = 18 = 2 3 2 , the anomalous case occurs. ·

The two

solutions are 18

35.5

Suppose

Example.

solutions, and Theorem 3 and 1 1 in A( - 2) :

n

35.3

= 02 + 2 . 3 2 = 42 + 2 · 1 2 •

= 2475 = 3 2 •

11

· 5 2•

There are

shows how to find them.

We must first factoJ

3 = (1 + j=2)(1 - J - 2)

1 1 = (3 + j=2)(3 - j=2). Then

Here a

= 0,

The inequivalent solutions }'2 = 0. These yield T

T

a1

= 2,

and

to N('r) = 2475

a

2

=

P1

= 1.

correspond

to

y1 =

j-=2)2 (3 - j-=2) • 5 = ( - 1 - sj-=2) . s = - 35 - 25j-=2, = (1 + j-=2)(1 - J - 2)(3 - j-=2) 5 = (3 - J - 2) . 1 5 = 45 - 1 5j-=2, = (1

-

'

0,

1,

and

2,

36.

The Sum of Two Squares

and 'r

117

j=2) 2 (3 - J- 2) . 5 = (1 + 7j=2) . 5 = 5 + 35)=2 . =

(1

+

You can then check that, in fact, 2475

=

=

=

(35) 2 + 2(25) 2 = (45) 2 + 2( 1 5) 2 = = 5 2 + 2(35) 2

5 2 (7 2 + 2 . 5 2) 1 5 2 (3 2 + 2 . 1 2 ) 5 2 (1 2 + 2 . 7 2).

These are the only solutions to x 2 + 2y 2

=

2475.

A close reading of this exampl e hints at the possibility and desirability of counting solutions (x, y) for which (x, y) = 1, or is as small as possible. You are invited to try in Proble m 41 .33. 36.

THE S UM O F T WO SQ UA RES

We are ready to answer all the questions raised in Section 1 . We shall apply the methods of the last section and our knowledge of the Gaussian integers A( - 1) to discover in how many ways an integer n may be written as a sum of two squares. The domain A( - 1) is Euclidean (Theorem 33.4) and hence a unique factorization domain ; the units in A( - 1) are ± I and ± i (Theorem 30.8). The prime 2 ramifies in A( - 1) (34.6). The odd primes congruent to 1 modulo 4 split, the others are i nerti al . That we knew as early as Theorem 14.5. It is, of course, also a consequence of Theorem 34.5 and Theorem 1 3.2. The pair (x, y) solves the Diophantine e quati on

(53) if and only if -r = x + iy e A( - 1)

and N(-r)

=

n.

Moreover if -r'

=

x ' + iy'

118

Quadratic Number Fields

then 't' = 't'' if and only if (x, y) (x', y'), so Eq. ( 5 3) has as many solutions as there are Gaussian integers of norm n. However that is too refined a way to count. The pairs (2, 1 ) and ( - 1 , 2) should not be counted as different solutions to =

The difference between this section and the last is that Eq. (53) is symmetric x and y , while Eq. (49) is not. That is why we considered A( - 2) before

A{ - 1). in

36.1 Definition. Two solutions (x, y) and (x', y') to Eq. (53) are equivalent if and only if x ± x' and y ± y' or x = ± y' and y ± x'.

Thus there can be eight solutions equivalent to a given one. A( - 1) has four units rather than two. =

36.2

if't''

=

=

=

Fortunately,

The solution (x, y) is equivalent to (x', y') if and only or Jl.i where J1. is one of the four units ± 1 , ± i.

Lemma.

Jl.'t'

Again the proof is easy ; so we proceed immediately to the analogue of Theorem 35.3. 36.3

Theorem.

The Diophantine equation (54)

has a solution if and only if (55)

where the P; are rational primes congruent to 1 modulo 4, and the q ; are rational primes congruent to 3 modulo 4. When n is of this form, Eq. ( 54) has

inequivalent solutions.

Proof We can almost copy the proof of Theorem 35.3. Corollary 34. 10 implies that solutions exist for just those n satisfying Eq. (55). the solutions we look for Gaussian integers 't' of norm n.

To count

36.

TIIC'

119

Sum of Two Squares

When Pi = 1 (4) is a rational prime, it splits. are different primes. Since 2 = (1

i)(l -

+

= - i(l

Let Pi = ni ni ; ni and ni

i)

+ i) 2 ,

in A( - 1), and

for some unit J1 and rational integers y 1 , , Yk with 0 5 Yi 5 ai . We ignore J1 since changing it does not change the equivalence class of the so l u tion -r produ ce s . The • • •

different choices for the Yi yield different Gaussian integer s no two of which are ass oci ate s . The search for conjugate pairs among them proceeds exactly as in the proof of Theorem 35.3, and gives the same result. Strictly speaking we seek not just conjugate pairs but pairs -r, -r' for which f an d -r ' are associates. That means only that we must write J1 where ± appears in the proof of Theorem 35.3. To illustrate Theorem 36.3 let us verify the statement made in Section I that 325 is the least integer representable three ways as a sum of two squares.

If n is so representable, we must have <

3-

(a1

+ l)

· · ·

(ak

2

+ 1) +

1 <

4

so

5 5 (a1 +

I)

· · ·

(ak + I)

<

7.

This occurs only when k = 1, rx1 4, 5, or k = 2 , ct1 = 2, ct2 = 1 . The two smallest primes congruent to 1 m o du lo 4 are 5 an d 1 3 , so t he smalle st integer s for which these sequences of exponents occur are 5 4 and 52 13. Of these the second, 325, is smaller. Other q ue sti on s about sums of squares are raised in Problems 41 .34-41 .38. =

•

120

Quadratic Number 3 7.

Fields

A(- 3) A ND REL A TED DIOPHA NTINE E Q UA TIONS

Our next task is to s tudy the Diophantine equations

(56) x2 + 3y2 = 4n

(57)

and x

2

-

xy + y 2 = n.

(58)

The domain A( - 3) i s Euclidean and hence a unique factorization domain (Theorem 33.5). The units in A( - 3) are ± 1 , ± w, and ± w 2 , where - 1 + J=3 w = ---'--2

(Theorem

30.8).

The prime

(5 9)

2 is inerti al (34.6) ; 3 ramifies since

Every other rational prime p is congruent to 1 or 5 modulo 6 ; the former split, the latter are inertial (Theorems 25.4 and 34.5 or Theorem 26.5 and Lemma 30.2). We shall use this information first to study Eq. (58). The pair (x, y) solves Eq. ( 5 8) if and only if -r =

X+

yw E A( - 3)

and

(Lemma 29.6,

N(-r) = n

Eq. (20), and Lemma 30.2). -r'

=

Moreover, if

x' + y'w

then -r = r ' if and only if (x, y) = (x' , y ' ), so Eq. (58) has as many solutions as there are integers of A( - 3) of norm n. As before, however, we wish to consider some solutions equivalent to o thers. Clearly (x, y), ( - x, y), and (y, x ) should not all be counted. Note however, that (x, y) and ( x, y) are not both solutions. To define equivalence we shall reverse the roles of Lemma 36.2 and Definition 36. 1 . -

-

37.

121

A(- 3) A nd Related Diophantine• b'quatlons

37.1 Definition. Algebraic integers T and -r' yield equivalent solutions (x, y) and (x', y') of Eq. (58) if and only if -r' = p.-r or p.i where p. = ± 1 , ± w, ± w 2 • 37.2

Lemma.

The solutions equivalent to (x,

y)

are

y ) , ( - y, x - y), (y - x, - x), ( x - y, - y ) , ( y, x ), ( - x, y - x)

(x,

and their negatives. 2 Proof These correspond in order to -r, ro-r, ro -r , i, wi, w 2 i and their nega­ tives. The verification of that assertion, which we omit, is an easy exercise using Eqs. (9), (10), (12), and (1 3).

Note that Definition 37. 1 was almost forced upon us. We wished to have and (y, x) equivalent. These correspond to -r and wi ; it would be irrational then not to call -r and ro-r equivalent, which leads to the unsuspected equivalent solution

(x, y)

( - y, X - y). We have now arranged the definition of equivalent solutions so that the analogue of Theorems 35.3 and 36.3 is true. 37.3

Theorem.

The Diophantine equation x2

- xy + y2 = n

(60)

has a solution if and only if

(61) where the P ; are rational primes congruent to 1 modulo 6, and the q; are rational primes congruent to 5 modulo 6. When n is of this form, there are

unequivalent solutions. The proof is just like those of Theorems 35.3 and 36.3.

122

Qrwdratlr: Number Fields

We proved in Lemma 30.2 that the Diophantine equation (62)

has solutions if and only if Eq. (x, y) solves Eq. (60), then (u, v)

(60)

has. In fact, we noted there that if

= (2x - y, y)

solves Eq. (62). We can use this fact together with Lemma the next theorem. 37.4

Theorem.

(63) 37.2

to prove

The Diophantine equation (64)

has a solution if and only if n e B( - 3), or, equivalently, n satisfies Eq. (6 1). Proof.

If the integers w and z solve Eq. 64, then w + zF3 e A( - 3), so N(w +

zF3) = n e B( - 3).

Conversely, suppose n e B( - 3). Then we can find a solution (x, y) At least one of the equivalent solutions (x, y), (y, x) , or has an even second component, so we may assume y even from the start. Then both u and v in Eq. (63) are even, and (u, v) solves Eq. (62). We can then divide Eq. (62) through by 4 to produce a solution to Eq. (64). to Eq. (60). ( - y, x - y)

We leave as an exercise the problem of counting the solutions to Eqs. and (64) (Problem 41 .39).

(62)

38.

THE DIOPHA NTINE E Q UA TION x2 - 2y2 = n

It should be clear by now that information about (65)

can be deduced from knowledge of the arithmetic of the unique factorization domain A(2) (Theorem 33 .4). The prime 2 ramifies in A(2) since it is the square of the algebraic integer J2. An odd prime p splits if it is congruent to ± 1 modulo 8, otherwise it is inertial (Theorem 26.6 or Theorems 24.3 and 34.5). Since 2 > 0, A(2) has infinitely many units ; they are given by

38.

123

,n

The Diopltantl11e Equation x 2 - 2y2

for k e Z (Theorem 3 1 .4 and Definition 3 1 .6). The pair (x, y) solves Eq. (65) if and only if T

= X

+

y.J2 E A(2)

and N(-r) = n. Moreover, if -r' = x'

+ y ' J2

then -r = -r' if and only if (x, y) = (x', y '). Thus Eq. (65) has as many solutions as there are algebraic integers of A(2) with norm n. That statement is not much use in view of the next lemma. 38.1 Lemma. For all integral k, N(t) = N( ± (l Eq. (65), has one solution it has infinitely many.

Proof

The norm is multiplicative and N( ± (I

For example,

(3,

+

+

.j2)2kt), so that if

.j2)2� =

1.

1 ) solves

Therefore so does (x, y) when X+

y.J2 =

± (3 +

J2)(1

+ j2)2k,

The first few solutions in this sequence are (13, 9), (5, - 3), and (75, 53 ) , corresponding to k 1 , - 1 , and 2. (See Eq. (41).) We cannot hope to count solutions, but we can count equivalence classes. =

The solutions (x, y) and (x', y ' ) to Eq. ( 6 5) are equivalent if and only if t = ± .u�k-r or ± .u6ki for some k. We omit the routine argument which shows that this does in fact define an equivalence relation on the set of solutions. 38.2

Definition.

38.3

Theorem.

The Diophantine equation (66)

has a solution if and only if (67)

Quadratic Number Fields

124

where the p 1 are rational primes congruent to ± 1 modulo 8 and the q1 are rational primes congruent to ± 3 modulo 8. When n is of this form, there are

infinite equivalence classes of so_lutions. Proof Corollary 34. 10 shows that solutions exist if and only if n satisfies Eq. (67) ; both signs are appropriate (Definition 34.4) since - 1 = N(l + j2) E B(2). Let p1 = n1 n1 in A(2). Then in A(2). Every solution (x, y) of Eq. (66) corresponds to a divisor in A(2). Then . . . nl"n:" - y"q�� . . . q�· -r = ± llo Y(J2Y'n it;t�t

-r

-y�

for some integers y, y1 ,

• • •

n

of n (68)

, Yk with 0 ::; y1 ::; rx1 • Since

=

-ri

= (/lo Ji0Yn = ( - 1)Yn

it follows that y is even. Then the solution which corresponds to + llo 1-r is equivalent to (x, y), so we may ignore the sign and the first factor in Eq. (68). There are thus A ( rx1 + 1) · · · (rxk + 1) different choices for -r no two of which are associates. The usual argument shows that the conjugate of each such occurs once among the A choices, so that there are A/2 equivalence classes unless -r and i are associates for some That happens just once when A is odd ; in that case there are ((A - 1)/2) + 1 = (A + 1)/2 equivalence classes of solutions. It is clear from Definition 38.2 that each equivalence class is infinite. =

-r

-r.

39.

Q UA DRA TIC FORMS A ND Q UA D R A TIC N UMBER FIEL D S

We have succeeded in studying successfully the Diophantine equations xz - y2 = n x2 + 2y2 = n x2 + yz n n x2 + 3y2 x2 - xy + y 2 = n 2 x - 2y 2 = n =

=

39.

Quadratic Forms

and

125

Quadratic Number Fields

because in each case the appropriate ring A(m) of integers is a unique factori­ zation domain. The first of these equations is particularly simple because A(l) = Z. We solved it in Section 14 and Problems 1 5. 1 0 and 1 5. 1 1 . In general, the study of ax2

(69)

+ bxy + cy 2 = n

is intimately related to the arithmetic of A(m) where

2{b 2 b (�) b - 4ac

m =

-

ac

if is odd

if is even.

In order to study Eq. (69) we need a theory which works even when unique factorization fails in A(m). The theory of ideals developed by Kummer and Dedekind in order to study the Fermat conjecture (Chapter 7) does that job. We shall briefly sketch its outlines for the ring A( - 5). The details do not belong in a book titled " Elementary . . . . We know that in A( - 5) "

6

2

3 = (I + J - 5)(1 �)

(70)

where 2, 3, 1 + J - 5, and 1 J - 5 are all prime (Example 32. 5). Suppose we did not believe that these were primes be�ause we felt factorization should be unique. We might then imagine that 2, 3, 1 + �. and 1 - � had " ideal " prime factors, much as - 1 has an " imaginary " square root. Suppose n: were one of the ideal prime divisors of 6. Then we should have =

·

-

-

n: 1 2

or n: 1 3

and n: l 1 + � or

n: l 1 -

�.

For definiteness suppose the first alternative in each case. Then would be a common divisor of 2 and 1 + �· But we know how to look for common divisors in Z. To find the greatest common divisor of m and n (and hence all common divisors) we form the set n:

� = {mx +

ny I x, y E Z}

and look for t}le integer d for which � = dZ.

Q�tutlratlc Number Fields

126

Then d = (m, n)

(Theorem 14 in Appendix 1). Thus our search for 1t leads us to form !) = {2x+ ( 1

+

j=s)y l x, y e A( - 5) }

.

Now we ask for the algebraic integer J for which Unfortunately, no such J exists. We must settle for less. The subset of A( - 5) is an ideal of A( - 5) (in the ring theoretical sense). Let us look for a context in which we can reasonably say that !) itself, rather than its " ideal " (but nonexistent) generator J, is the greatest common divisor of 2 and 1 + J=-5. Write !)

!) = (2,

Note that (2, 1

1

+

j=s).

+ j=s) = (2,

1

-

j=s).

Consider the set S of ideals (again, in the ring theoretical sense) of A( - 5). if 2( and !B are in S define

The set S equipped with this multiplication is a semigroup in which all the definitions of Appendix 1 make sense. The ideal A( - 5) is the identity of S; in S we can talk of prime ideals and divisibility. The miracle is that S enjoys unique factorization. To see how that helps us, let us see how the multiplicative structure of A( - 5) is given by a part of S. If a. E A( - 5), write (a.) for the principal ideal a.A( - 5) consisting of all multiples of a.. Then a. and a.' are associates if and only if (a.) = (a.'), and I P in A( - 5) if and only if (a.) I (p) in S. Thus if we wish to factor in A( - 5), nothing is lost by passing to S, and much is in fact gained . We have found the " ideal " prime which was to divide both 2 and 1 + J=S. In S a.

1t

(2, 1

+

j=S)(2, 1 -

J - 5) (2, 1 + J=Sf = (2) =

40.

Sums

127

of Four Squares

and

J- 5)(3, 1 + J - 5) = (1

(2, 1 +

+ J - 5)

so (2, 1 + J - 5) is a common divisor of (2) and of (1 (2, 1 + �) is prime in S, and (6) = (2,

1 +

�)2(3,

1 +

�)(3,

1 -

+ �).

In

�)

fact (71)

is the unique factorization of (6) into prime ideals. The expressions (6) = (2)(3) = (1

+

J - 5)(1 - �)

result from collecting the factors in Eq. (71). Our original naive faith that the source of the difficulty in Eq. (70) was that the factors on the right were not " really " prime leads to a new, beautiful, useful theory in which unique factorization is restored and with which we could renew our attack on or more generally, on Eq. (69). 40.

S UMS OF FO UR S Q UA R ES

In this section we shall prove a theorem guessed by Fermat and first proved by Lagrange : Every positive integer is a sum of four squares. The proof we give is due to Hurwitz. It depends on the fact that enough of the machinery we have developed for Euclidean number fields works in a convenient non­ commutative subring of the division ring of rational quaternions. We wish now to introduce quaternions as rapidly as possible. A more elegant approach will be found in Problem 4 1 .44. Let i, j, k be fixed symbols. Consider the set of formal sums H = {a + bi + cj + dk I a, b,

c,

d e Q}

where a = a + b i + cj + dk and a' = a' + b'i + c 'j + d'k are equal in and only if a = a', b = b', c c', and d d'. Define =

and

=

a + a' = (a + a' ) + (b + b')i + (c + c')j + (d + d')k

aa

=

a" + b"i

+

c''j + d"k

H

if

Quadratic Number Fields

128

where

a

"

=

aa' - bb' - ee' - dd'

b" = ab' + ba' + ed' - de' e"

=

ae' + ea' + db' - bd'

d" = ad' + da' + be' - eb'.

There is no need to remember these equations, for they are the result of formally expanding the product r:t.a' under the assumptions that both distri­ butive laws hold and that

:� : �: ) for all rational

ak = ka j2 = j 2

=

a

k2 = - 1

ij = -ji = k

jk = - kj =

i

ki = - ik = j.

We naturally regard Q as a subset of

a + 0 i + Oj + Ok e H. 40.1

Theorem.

ring with identity 1

The set

H

(72) H; a e R

corresponds to

with these operations is a noncommutative The center of H is Q.

= 1 + Oi + Oj+ Ok.

The proof is left to the reader, who may tediously verify the associativity of multiplication and both distributive laws or consult Problem 41 .44 instead. 40.2

Definition.

defined by

The conjugate a* and the norm N(a) of

aeH

are

ex* = a - bi - ej - dk (73)

(Compare Definition 28.3.) 40.3

Lemma.

Conjugation is a ring antiautomorphism. That is, (a + P ) * = ex * + P *

(74)

(ap)* = P*a*.

(75)

40.

Sums of Four Squares

129

Moreover (et*)*

=

Ct

(76)

and et = et* if and only if et is rational.

Equations (74) and (76) follow trivially from Definition 40.2. Equation (7 5) requires verification which we leave to the reader. Finally, rx = rx* if and only if b = c = d = 0, so that the last assertion is trivial given our identification of Q with a subset of H. Proof

Next we prove the analogue of Theorem 28.5.

40.4

(a) (b) (c)

Theorem.

N(ap) = N(et)N(p). N(et) is rational. N(et) 0 if and only if et = 0. (d) N(et) = et 2 if and only if et is rational. (e) If et 1= 0, then N(et) - 1 rx* is an inverse for rx in H. =

Proof Parts (b), (c), and (d) are immediate consequences of Eq. (73). To prove (e) observe that N(rx) = N(rx*) and that N(rx) commutes with rx so that

and Finally, (a) follows from N(rxp) = etP(rxP)* = app*a*

=

etN(P)rx*

=

etet*N(P)

=

N(rx)N(p).

(Eq. (75)) since N(p) is rational and hence commutes with rx*

40.5 Corollary. The quaternions are a division ring; that is, nonzero quaternions have multiplicative inverses.

Next we introduce a subring of integers we have been studying.

H

analogous to the rings of algebraic

Quadratic Number Fields

130

40.6 D=

Definition.

{a + bi + cj + dk 1 2a,

2b, 2c, 2d are

integers of the same parity}

We call quaternions in D integral. 40.7

The set D is a subring of H ;

Theorem.

N(IX) E Z.

Proof. Let e = !(1

+ i + j + k). D =

a: e

D implies

a: + a*

and

Then it is easy to verify that

ze + Zi + Zj + Zk.

Thus D is closed under subtraction. Since e = e 1 , which is integral, an argument analogous to that in Theorem 29.7 shows D is closed under multiplication. Clearly IX + IX* = 2a e Z. Moreover 4N(1X) = (2a)2 + (2b)2 + (2c)2 + (2d)2 e Z by assumption. Since 2a = 2b = 2c = 2d (2), we have (2a)2 = (2b)2 = (2c)2 = (2d)2 (4), and hence N(1X) E Z. The converse of these remarks is false; a = (l/3)i + (2/3)j + (2/3)k rt D, but IX + a* = 0 e Z and aiX* = 1 e Z. That is why we used 40.6 rather than the analogue of 29. 1 to define integral quaternions. -

Let E be the set of norms of integral quaternions. Then E s;; Z. 40.8

Proof.

Lemma.

b1 = N(a1 )

b1 , b2 E E => b1 b2

and b2 = N(1X2)

e E. for IX1 ,

IX2

E D. Then

so (Compare Lemma 30.3.) 40.9 Theorem. The following are equivalent : (a) n is the norm of an integral quaternion (n E E). (b) 4n is a sum of four squares. (c) n is a sum of four squares. Proof. Suppose (a) is true ; say n = N(IX) and IX e D. Then so (b) is true.

4n

=

(2a)2 + (2b)2 + (2c)2 + (2d)2

40.

Sums of Four Squares

131

Suppose the even number 2m satisfies

y,

for rational integers x, z, and w. Then these integers are either all even, all odd, or just two are even (Problem 1 1 .1). We may thus assume x = y(2) ; = w(2). Then

z

m=

(x -2 y) 2 + (x +2 y) 2 + (z -2 w) 2 + (z +2 w) 2 --

--

--

--

so m is a sum of four integral squares. Two applications of these remarks show (c) follows from (b). If (c) is true, then n = a2 + c 2 d = N(a) ; a e D because a, b, c, d E Z. (Compare Problem 6.2, Theorem 37.4, and Lemma 30.2.) Thus we wish to show E = Z u {0 } . In light of Lemma 40.8 it suffices to show p e E for every prime p. Our method will be to show that D is close enough to being a Euclidean domain for us to apply the arguments in Defini­ tion 34. 1 and Theorem 34. 5. As usual, p. e D is a unit when.it is invertible in D. The proof of Lemma 30.6 applies here to show that p. is a unit if and only if N(p.) = 1 . As usual, the units form a group under multiplication, although the proof in Lemma 3 of Appendix 1 will not work; we argue instead as follows : If p. and v are units, then N(p.v) N(p.)N(v) = 1, so p.v is one too.

+ b2

+2

=

40.10 Definition. The integral quaternion a is a left divisor of P e D if and only if p ay for some y e D. We say then that a left divides P and that p is a right multiple of a and write a I p. We need no symbol like a I L P because we shall make no use of right divisors. The set of right multiples of a is just the right ideal aD. A quaternion � is a greatest common left divisor of a and p if it left divides a and p and any y which left divides a and p. We say a and p are left associates when P = ap. for some unit p. or, equivalently, a I p and p I a (Theorem 5 of Appendix I , in the proof of which no com­ mutativity is used). The quaternion n is a left prime if and only if its only left divisors are units and its left associates. =

40.1 1

Lemma.

N(T - a- 1 p) <

1.

If

a =F 0

and

P

are in

D,

there is a

Te

D such that

+

Proof. We modify the argument in Theorem 33.5. Let a- 1 p = w xi e H. We can choose a e (1-)Z such that Ia - wl :::=:;; t ; then find

+ yj + zk

Quadratic Number Fields

'132

b, c,

and

de a +

Z such that l b - x l :::;; !, Then

-r = a + bi + cj + dk e D.

N(-r - tt.. - 1{3) = ( a

-

lc - Yl

:::;;

t

and I

d - zl

:::;;

Let

t.

w)2 + (b - x)2 + (c - y)2 + (d - z)2

:::;; -t6 + ! + ! + !

< 1. 40.12

such that

Corollary.

If

tt..

=f. 0

and {3 are in {3

and either p = 0 or N(p) < N(tt..) . Proof

= tl.. 't

D,

there are elements

't,

p

eD

+p

Reread the proof of Lemma 33.3, substituting tt.. - 1{3 for {3/tt.. .

40.13 Corollary. Let 3 =f. {0} be a right ideal in D. Then 3 = tt..D for any tt.. e 3 whose norm is minimal among norms of. elements of 3.

Proof

See Theorem

10

in Appendix

I.

40.14 Theorem. Let tt.. and {3 be nonzero integral quaternions. Then and {3 have a greatest common left divisor (), and there are integral quater­ nions p and u such that

ex

Proof

See Theorem

(j = tt..p + {3u.

14

of Appendix

1.

Lemma. Suppose the left prime n i n D left divides the product and that na = an. Then n left divides ex or {3.

40.15

ex{3

Suppose n..t' {3. Then the only common left divisors of n and {3 are units, so 1 is a greatest common left divisor of n and {3 and there are integral quaternions p and for which

Proof

u

1 = np + {3u.

Then a = anp + ex{Ju = nexp + nyu

40.

Sums of Four Squares

133

where we have used the facts that n commutes with a and that n I af3. Thus = n(ap + ya), so n I a.

a

Next we prove an analogue of Lemma 26.3 . 40.16

Lemma. Let p be an + x2 + y2 = O(p).

for which 1

odd prime. Then there are integers x and y

Let n = (p - 1)/2 and let r1 , rn be the quadratic residues of p (Theorem 23.2). Set r0 = 0 2 0. Then the two n + 1 element subsets {r0 , r1 , . . . , rn } and { - 1 - r0 , - 1 - r1 , - 1 - rn } of the p = 2n + 1 element set ZP must intersect. Thus ri = - 1 r; for some i and j. If x2 = r/p) and y2 = r;(p), then 1 + x2 + y2 = O(p). Note that when p = 1(4) we may take y 0.

Proof in Zp

• • • ,

=

• • • ,

-

=

·

40.17

Theorem.

An odd prime p is a sum of four squares.

Proof Let p be such a prime. We wish to show p is not a left prime in D. Use Lemma 40. 17 to find integers x and y for which p 1 1 + xz + y2 • Let y 1 + xi + yj E D ; then p l yy* in Z and hence in D. Clearly py = yp, so if p were a left prime it would left divide y or y* (Lemma 40. 1 5), but neither yjp nor =

y* p

1

X

y .

- = - - - t - -}

p p

•

p

is integral. Thus we can write p = af3 where a is neither a unit nor a left associate of n ; that is, neither nor [3 is a unit. Then et

p2 = N(p)

=

N(a)N({3).

Since N(a) > 1 and N(f3) > 1 we have N(a) = N(f3) = p ; hence p is a sum of four squares (Theorem 40.9). 40.18

Theorem.

Every positive integer is a sum of four squares.

The set of integers so representable is closed under multiplication (Theorem 40.9 and Lemma 40.8) and contains 2 = 1 2 + 12 + 02 + 02 and every odd prime (Theorem 40. 17). Proof

Quadratic· Number Fields

134 41 .

41 .1

Prove : If

m

PROBLEMS

::f:. 11 and both are square free, then

Q('Vm) n Q(Vn)

=

Q.

41.2 Show Q(Vm) has no field automorphisms other than the identity and conjugation. 41.3 Prove : If m > 0 then conjugation in Q(Vm) cannot be extended to be a continuous automorphism of R. 41.4 Prove a e Q(Vm) is an algebraic integer if and only if it is a root of some monic polynomial in Z[x]. 41.5 If m > 0 has a prime factor congruent to 3 modulo 4, then A(m) has no improper unit. (See Lemma 30.7.) The converse is false ; show A(34) has no no improper unit. 41.6

Find the fundamental unit in A(5), A(6), and A(7).

41.7 Prove : If A(m) has an improper unit, then the fundamental unit /Lo is improper, and the proper units are ± !L�·. 41.8

The fundamental solution <xo , Yo > to Pell's equation

is the one which minimizes x + yVm for x and y positive. Show that if m =1= 1 (4), x0 + YoVm is either the fundamental unit of A(m) or its square, depending on whether or not /Lo is proper. When m = 1 (4), Xo + YoVm JLo1 for some k. Show k 6 when m 5. =

=

=

41.9 If p is a prime congruent to 1 modulo 4, then A(p) has an improper unit. Hint : let (xo , Yo> be the fundamental solution to the Pell equation x2 - py2 1 =

(Problem 4 1 . 8). unit.

Show x + yVp has a square root in A(p) which is an improper

41.10 Suppose m = 3(4), 11 is odd, and ± n i s appropriate if and only if n = 3(4). 41 . 1 1 "'

e

B(m).

Show that the minus sign

Learn how to solve Pell's equation using continued fractions.

41.12"' Show that the semigroup of integers congruent to 1 modulo 4 does not enjoy unique factorization. (This example is due to Hilbert.) 41.13 Show A( - 6) and A(l O) are not unique factorization domains (compare Problem 27.9).

41 .14 Let R be the subring of Q containing those rational numbers which can be written with odd denominators. Show that R is a unique factorization domain with just one prime (up to associates). 41.15

Find a unique factorization domain which contains just n primes.

41.16

Is I N I a Euclidean norm for the subring Z + ZV - 3 of A( - 3) ?

41.

Problems

41 .17

135 Factor 2 in A(m) when m

Prove Theorem 34.6.

=

-

1 1 5, 6, and 1 7. ,

Need A(m) be a unique factorization domain when B(m) enjoys unique factorization ? 41.18*

41.19 Show that - 1 is an appropriate sign for n in Corollary 34. 10 if and only if - 1 E B(m), or o:1 is odd for an odd number of primesp1 for which - 1 is appropriate. 41 .20*

Let p and q be odd rational primes, and suppose A(p) is a unique factor­

ization domain. case

(�)

=

-1.

Prove

(�)

=

1 implies

(�)

=

1 unless p = q = 3(4), in which

That is, when A(p) is a unique factorization domain, Theorem

34.6 implies half of the Quadratic Reciprocity Law. In fact with the ideal theory sketched in Section 39 we could drop the assumption above that A(p) is a unique factorization domain and thus prove the Quadratic Reciprocity law by a method somewhat better motivated than the elementary one we used in Chapter 5. For details see Sommer (listed in the Bibliography). The next five problems show that when m < 0, A(m) is rarely a unique factoriza­ tion domain. 41 .21 Suppose m < 0 and A(m) enjoys unique factorization. Let p be a prime < J m J (if m =I= 1 (4)) or < ( J m J /4) (if m = 1 (4)). Show p is inertial in A(m).

41.22

Prove : m < - 1 and A(m) a unique factorization domain imply -m is

prime.

41 .23 Prove : m < -7 and A(m) a unique factorization domain imply -m is a prime congruent to 3 modulo 8. Hint : How does 2 factor in A(m) ?

Prove : m < - 1 1 and A(m) a unique factorization domain imply 1 9(24).

41.24

-m

=

41 .25* Extend the method of Problems 41 .23 and 41 .24 far enough to show A(m) is not a unique factorization domain when -200 < m < 0 except possibly for the m listed in Table 2 (Section 33).

41.26

Suppose m < -1 and A(m) enjoys unique factorization.

Show that

x2 + x + (1 - m)/4 is a rational prime for x 0, 1 , . . . , ((I - m)/4) - 2. Hint : Look at N(x + g). When m - 1 63, this yields the famous prime producing polynomial x2 + x + 41 . =

=

The next five problems show that when A(m) enjoys unique factorization it behaves very much like Z. When o: E A(m) let A(m) . be the quotient ring A(m)/o:A(m). For some hints look ahead to Section 45. 41.27* Show A(m) . has J N(o:) J elements. Let (a) be the group of units in A(m). and �f�(a) the order of (a) . Show that the image of fJ E A(m) in A(m). is in (a) if and only if (a, {J) = 1. (Compare Definition 9. 1 and Theorem 9.2. ) 41 .28*

Prove 111 is multiplicative.

41.29*

Prove Euler's theorem for A(m) . .

(Theorem 9.6.)

Quadratic Number Fields

136 41.30

Suppose

7T

is prime in

A(m).

A(m),

Show

is a field with

I N(TT)I elements.

Deduce that primes have primitive roots.

2 and 4 to A(m).

41 .31 *

Generalize as much as you can of Chapters

41.32*

Read about the Lucas test for determining which Mersenne numbers

are prime (Problem 41.33

6. 1 8). See Hardy

and Wright (listed in Bibliography), p.

Count the number of relatively prime solutions to

in terms of the factorization of n in Z (see Example 41 .34

223.

Euler knew how to factor an integer

squares two different ways.

35.5).

n when he could write it

as a sum of

In our language his method is : If

± ib must share a Gaussian integral factor 8 with one of c ± id. Then 8 can be found using the Euclidean algorithm in A( - 1) (Theorem 33.4 and Example 1 5 in Appendix 1). Then 8'8 will be a proper factor of n.

then one of a

Factor

2501 = 502 + 1 2

41.35

Prove the following theorem of Niven's : The Gaussian integer

=

492 + 102

by this method.

is a sum of two squares (of Gaussian integers) unless

a + bi b is odd or a = b = 2(4).

(See Mordell, L. J.," The Representation of a Gaussian Integer as a Sum of Two Squares," Mathematics Magazine 40, (1967), 209.)

x2 + y 2 = 21 125.

41.36

Solve the Diophantine equation

41.37

Find the least integer representable four ways as a sum of two squares.

41.38 Let a be the number of positive divisors number of positive divisors with d = 3(4). Show

has

max(a

41.39

-

b, 0) solutions when they are properly counted.

State and prove

Diophantine equations r+

41.40

d of n with d = 1{4) and

a

theorem analogous to Theorem

3y2 = 4n

and

Solve

x2 - xy + y 2

=

1 729

x2 + 3y 2 4 1 729 x 2 + 3y 2 = 1729. =

·

37.3

b the

for each of the

41.

Problems

137

41.41 Theorem 37.4 is an accident peculiar to - 3 . That is, A(m) a unique factorization domain, m = 1 (4), and n E B(m) do not imply

has a solution.

Find an example to show this.

(Compare Problem 27.7.)

Prove the following generalization of Theorem 37.4. If n is odd, 1 (8), and A(m) enjoys unique factorization, then x2 - my2 = n has a solution if and only if n E B(m). 41.42

m=

41.43"' Write the analogues of Section 35 through 38 for m Watch the signs for m > 0. (See Problems 27. 10 and 41 . 1 9.) 41.44

=

-

7, 3, 5, and 6.

Let ft be the set of 2 x 2 matrices of the form

where oc, {3 E Q(i) (Section 28). (a) Show that ft is a subring of the ring of all 2 x 2 matrices with coefficients in Q(i) and that every nonzero element of ft is invertible in ft. (b) Let /, J, and K be the elements

of ft ; when a E Q, identify a with the diagonal matrix

(c)

Show that the map if! given by if!(a + bi + cj + dk) = a + bl + cJ + dK is an isomorphism between the rational quatemions H (defined in Section 40) and ft. We could thus have avoided a tedious proof of Theorem 40. 1 by defining " rational quatemion " as " element of ft." Let oc be an element of H. Prove : if!(oc"') if!(oc)*, the conjugate of the transpose of the matrix l/l(oc), and that N(oc) = det .p(oc). Reprove Lemma 40.3 and Theorem 40.4 using these facts. =

41.45 Show that every rational quatemion is a root of a quadratic polynomial with rational coefficients but that such polynomials can have more than two roots in H. 41.46

There are 24 units in D.

41.47

Can

oc

Find them.

and {3 be left associates in D without being right associates ?

41.48 Show by example that Lemma 40. 1 1 is false when D is replaced by its proper subring Z + Zi + Zj + Zk. (Compare Problem 41 1 6 .) .

41.49

Can we do without the hypothesis "p is prime " in Lemma 40. 1 6 ?

Quadratic Number Fields

1�8 41.50*

Prove : If

Euclidean.

Hint :

m

< 0 and

nonunit of minimal norm. modulo

u

m

#

- 1 , -2,

- 1 1 , then A(m) is not Let u E A(m) be a a E A(m) is congruent to 0 or ± 1 3

-7,

Suppose E is a Euclidean norm for

and hence that

Show that every

N(u) :S: 3

-

,

A(m).

(Dubois, D. W. , and Steger, A. , "A Note on

Division Algorithms in Imaginary Quadratic Number Fields,"

Canadian Journal

of Mathematics 10, (1958), 285-286). p.

41.51*

214.)

Show

INI

is a Euclidean n9rm for

A(6).

(See Hardy and Wright,

7 The Fermat Conjecture

The most famous elementary conjecture in mathematics was left to us by Fermat in the margin of his copy of Bachet's edition of Diophantos's Arithmetic. He stated it (originally in Latin) as a theorem : " It is impossible to write a cube as the sum of two cubes, a fourth power as the sum of two fourth powers, and, in general, any power beyond the second as the sum of two similar powers. For this I have discovered a truly wonderful proof, but the margin is too small to contain it." Fermat gave no proof and none has been found since, nor is a counter­ example known. It is doubtful that Fermat knew a correct proof. We shall call his statement the Fermat conjecture rather than the more common Fermat's last theorem. Conjecture.

The Diophantine equation X' +

has no nontrivial solutions when is to be regarded as trivial. Since

y" = z"

n >

2.

The " solution "

X"" = (X" )" 139

(1)

1 3 + ( - 1) 3 = 03

11w H•rmat Conjecture

140

it would suffice to prove the conjecture whenever n = 4 or an odd prime. Fermat proved his conjecture for n 4; Section 43 contains a proof which uses his methods. He probably knew, or thought he knew, a proof when n = 3 since he proposed it as a challenge to his contemporaries. Euler (1770) was the first to publish a proof in that case. We give one in Section 44, but not one Euler could have invented, for it is based on unique factorization in A( - 3). In Section 45 we comment briefly on Kummer's generalization of that method, which is the starting point for most general assaults on the problem. The special case n = 5 was settled independently by Legendre and Dirichlet in about 1 825. Lame proved the Fermat conjecture for n = 7 in 1839. =

42.

P YTHA GO REA N TRIPLES

In order to prove the Fermat conjecture for n = 4 we must first find all the solutions to (2) Equation (2) expresses the familiar relation among the sides of a right triangle, which motivates the next definition. 42.1 Definition. (x, y, z) is a Pythagorean triple if and only if Eq. (2) holds. We may assume x, y, and z > 0. The triple (x, y, z) is primitive if and only if (x, y) 1 . =

Pythagorean triples exist; three familiar ones are (3, 4, 5),

( 5,

12, 13), and

The first two of these are primitive. If (x, y, z) is a Pythagorean triple, and so d I z. Then

d=

(3)

(6, 8, 10).

(x, y) >

1,

then

jx y \d ' d ' d

z)

is a primitive Pythagorean triple. Thus we will know all the Pythagorean triples once we know all the primitive ones. The observation which motivates the rest of this section is that (4)

42. Pythagorean Triples

141

Thus Eq. (4) yields a Pythagorean triple whenever uv is a square. triples in (3) correspond to

( u, v) 42.2

= (4, 1 ),

(9,

4),

and

(8 ,

The three

2).

If (x, y, z) is a primitive Pythagorean triple, then

Lemma.

(x, y, z)

(5)

x ;;j?. y(2).

Proof. If x and y were both even, would not be primitive. If and y were both odd, then = I(4) would imply = which is impossible (Problem I l . l).

x

x2 =y2

z2 2(4),

x is even and y and z are odd.

Henceforth we shall always write our primitive Pythagorean triples so that

42.3

(x, y,

Theorem.

The equations

x = 2ab y = a2 - b2 z = a2 + b2

(6)

(a, b)

establish a one-to-one correspondence between primitive Pythagorean triples z) and pairs of relatively prime integers of opposite parity for which > > 0.

a b

a > b > 0, (a, b) = I, and a ;;j?. b(2). Then Eq. (4) = a2 b2 shows (x, y, ) defined by Eqs. (6), is a Pythago­ (a, b) = I and a ;;j?. b(2), x is even, y is odd, and (x, y) (2ab, a2 - b2) I. Thus (x, y, z) i s primitive. Since 2a2 = z + y and 2b2 = z - y (x, y, z) determines (a, b). Thus the theorem will be proved once we show Equations (6) construct every primitive Pythagorean triple. Suppose (x, y, ) is such a triple. Then x2 z2 - y2 = (z - y)(z + y). Since x is even, and both z and y are odd, ( y)/2 and (z + y)/2 are integers, and y z (7) Gf e ; )( ; y )· Proof. First suppose with u and v rean triple. Since

z ,

=

=

=

z

=

z -

=

1Yt(' Fermat Cotl]ecture

142

Now (z, y) = 1 , so (z - y)/2 and (z + y)/2 are relatively prime, and hence Eq. (7) implies each is a square, say z+y a 2 = -2 '

where a > b > 0 and (a, b) = 1 . Then Eqs. so we were done.

(6)

are satisfied, and a ¢ b(2),

43. x4 + Y' = z4; THE METHO D OF DESCENT

We can now quickly settle the Fermat conjecture when n = 4. 43.1

Theorem.

The Diophantine equation (8)

has no nontrivial solutions. Thus, for n = 4.

a fortiori,

the Fermat conjecture is true

By nontrivial we mean none of x, y, or z is zero. Suppose (x, y, z) solves Eq. (8). We may certainly assume x, y, and z positive and (x, y) = 1 , by applying the argument following Definition 42. 1 if necessary. Thus

Proof.

is a primitive Pythagorean triple. We may suppose x2 and hence x even. Now apply Theorem 42.3. There are relatively prime integers a > b > 0 of opposite parity such that (9) (10) (1 1) Equation (9) and the fact that (a, b) = 1 imply that the odd member of the pair (a, b) is a square while the even member is twice a square. Thus either (12) or

b = 2s2,

a = ( z')2 =

1 (2).

( 13)

44. The

Dlophantln<' Equation

x3

1

y3

z3

143

Let us show (12) is impossible. It implies But both y and v" are odd, so which is absurd. Thus (13) must be true. Then (14) so

(2s2, y, (z')2) is a primitive Pythagorean triple. Apply Theorem 42.3 again to find relatively prime integers t and that

w

such (15) (16) (1 7 )

Then Eq. (15) implies t and w are squares, so Eq. ( 1 7) implies (z') 2 is a sum of fourth powers, say Now observe that We are ready to apply one of Fermat's favorite tools , a form of induction called the method of descent. We have proved that from any solution (x,y, z) to Eq. (8) we could " descend " to one, (x', y', z'), for which z' < z. Thus the set of positive integers z for which Eq. (8) has a solution has no least member and so must be empty. The theorem is proved. The crucial step in our identification of the Pythagorean triples (Theorem 42.3) and hence in our subsequent proof of the Fermat conjecture for n = 4 (Theorem 43. 1) was the well known factorization of the difference of two squares : xz - yz = (x - y)(x + y). (18)

144

'111C' Fermat

Conjecture

To study the Fermat conjecture for n = 3 we need the analogue of Eq. ( 1 8) for cubes, which begins

( 1 9) We cannot factor further using integral coefficients but can when we allow coefficients from A( - 3), which contains w = ( - 1 + J - 3)/2, a cube root of 1 (Lemma 29.4) : (20) Recall Eq. ( 1 2) of Chapter 6 : w

1 +

+ w 2 = 0.

(2 1)

It follows that (22) for all x and y in A( - 3). In order to take advantage of Eq. (22) we shall prove more than we set out to. We shall show the Fermat conjecture for n = 3 is true for the algebraic integers A( - 3). In our discussion of Pythagorean triples and the Fermat conjecture for n = 4 we often used arguments based on parity, that is, on congruence 3 modulo 2, or on congruence modulo 4. To study x 3 + y 3 = z , congruence modulo 3 is relevant. We define congruence in A( - 3) in the obvious way. 44. 1

Definition.

If cc, p and ' E A( - 3), then

if and only if 't'

I IX - p .

This definition and some of its consequences were explored in greater generality in Problems 41 .27 through 4 1 . 3 1 ; we shall develop here only as much as we need to settle the Fermat conjecture for n = 3. Write (•) for the ideal of multiples of ' in the ring A( - 3), and let n, :

A( - 3) -+ A( - 3)/(•)

be the natural ring homomorphism.

44. The

Diophantine Bquatlon x·1

z3

I · y3

145

If 3 were prime in A( - 3) we would study congruence modulo 3. However so 3 ramifies, and it is more useful to study instead congruence modulo J - 3, the unique prime divisor of 3. We need some notation. 44.2 Definition.

Let A.

= 1 - co = (3 - J - 3 )/2 e A( - 3).

44.3 Lemma. The integer A. is an associate of � and hence is a prime divisor of 3 in A( - 3). Thus N(ll) 3. Moreover, for a , P e A( - 3), =

a

+P=

a

+

Pw = a + pco2 (A.).

(23)

Proof. We just happen to have proved A. and J - 3 associates in Section 32 (Eq. {40)). The last assertion of the lemma follows from the congruence (0

44.4

Corollary.

a rational integer.

=

1

- A. = 1 (A.).

Every element of A( - 3) is congruent modulo

it

to

Proof Every element of A( - 3) may be written in the form a+ bco with rational integers a and b (Lemma 29.6) and a + bco = a + b(it) (Lemma 44.3). 44.5

Lemma.

If c and d are rational integers, then c = d (A.)

in A( - 3)

(24)

in Z.

(25)

if and only if c = d (3)

Proof Since 11. 1 3 in A( - 3), it is clear that congruence (25) implies con­ gruence (24). Conversely, suppose (24) is true. Then A. l e - d

so 3

=

N(ll) I N(c - d) = (c - d)2

'11u• .H!rmat Conjecture

• 146

which in turn implies 31c-

d

since 3 is prime in Z. Now we have collected enough information to identify the quotient ring A( - 3)/(A.). 44.6 Theorem. The integers 0, 1 , and - 1 are a complete set of coset representatives of (A.) in A( - 3) ; A( - 3)/(.l.) is isomorphic to the three element field z 3 .

Proof. Lemma 44. 5 shows that every

e< e A( - 3) is in the same ().)-coset as some rational integer and that every rational integer is congruent to 0, 1 , or - 1 modulo A. . A( - 3)/(A.) thus has three elements which we shall naturally call 0, 1 , and - 1 ; it is clear that this labeling establishes an isomorphism with Z 3 • We have often used the fact that if a is odd then Here is its A( - 3) analogue. 44.7

Lemma.

0(

=

a

2

=

1(8) (Problem 1 1 . 1).

± 1(A.) implies

or, equivalently, 0(3

=

± 1 (9) .

Proof. The proof when 0( = - 1 (A.) is similar to the one we are about to give when 0( = 1 (.l.). We know

(Eq. (22)). Lemma 44.3 implies each factor on the right is congruent to 0( - 1 and hence to 0 modulo A., so ct3 = 1(A.3), but that is not quite good enough ; we want .l.4• We know 0( for some p.

Since

w

=

1 - A.,

=

1 + p;.

44. 1'lu' 1)/oplumtlne IJ'q uatlon

xJ

I · yJ

147

zJ

So tx

3

-

1

=

(tx - 1)(tx -

=

J.. 3{J({J +

w)(a -

= fJ),(fJA + ),)({J), +

w2)

2). - ),2 ) 1)({3 + 2 - J..) .

Now Theorem 44.6 implies {J, {J + 1 and {J + 2 - J.. are incongruent modulo ). and that therefore one of them is divisible by ;.,, Thus ),4 1 tx3 - 1 . Since ;., 1 3 and 3 ramifies, ),4 i s an associate of 9, s o the two assertions of the lemma are equivalent. 44.8 Theorem p3 + a 3 + -. 3 algebraic integers in A( - 3).

=

0 has no solution with p, a, and -r nonzero

Before proceeding to the proof let us show that Theorem 44. 8 implies the next theorem. 44.9

Proof

Theorem.

The Fermat conjecture is true for ,

n =

3.

If x 3 + y 3 = z 3 in Z and xy z # 0, then

in A( - 3), contradicting Theorem 44.8. 44.10

Proof of Theorem 44.8.

Suppose

(26) and pa-r # 0 in A( - 3) . We wish to show that this supposition leads to a contradiction. As in Sections 42 and 43 we can restrict our attention to primitive solutions. That is, we may assume (p, a) 1 , for any common divisor of p and a will divide -r and may be cancelled in Eq. (26). It then follows that =

(p, a) = (a, -r) = (-r, p)

=

1.

(27)

Note that we need the unique factorization of A( - 3) in order to assert the existence of these greatest common divisors. The next step in our treatment of primitive Pythagorean triples was to show that just one of x, y , and z was even.

148

44.11

The Fermat Conjecture Lemma.

The prime A. divides just one of p, u, and ' ·

Since (p, o) is primitive, A. cannot divide more than one. Sup­ pose it divides none. Then

Proof

u,

p = ± 1 (A.), (f = ± 1 (A.), 't'

=

± 1 (A.)

for one of the six possible choices of signs, and thus = ±1 ± 1 ±

1 (9)

(28)

(Lemma 44. 7). But (28) is false for all choices of signs, so the claim is true. We may suppose A. I ,, so that for some n > 0 and '1 e A( - 3),

Then Lemma 44. 1 1 and Eqs. (26) and (27) show (29) and

(p, u) = (p, '1) = (u, '1) = 1 ,

(30) (3 1 )

We wish to apply the method of descent to n ; to do so we must prove slightly more than the impossibility of Eq. (29). Suppose that for some unit J1. of A( - 3) and integer n > 0, (32) while (30) and (3 1) remain true. That is, p, ,, and A. are mutually relatively prime. Equation (29) is the special case J1. = 1 in Eq. (32). We must have n � 2 in Eq. (32), for we have assumed n > 0 and n = 1 is ruled out by the impossibility of ± 1 ± 1 ± p.A. 3 = 0 (9) . (33) u,

To prove (33) impossible try each of the six units ± 1 , ± w, ± w2 in turn for J1. (Theorem 30.8).

44. The

Dlophallllne Equation

Now rearrange

Eq.

x3·

I· y3

149

z·1

(32) and substitute in Eq. (22) : (34)

The three factors on the right are congruent modulo A (Lemma il.3 divides their product, so A. divides each factor. Let

44.3)

and

_p+u fJ 1 - A. - p + wu fJ2 A. z p + w u e A( - 3). fJ = 3 A

For future reference note that fJ 1 + wfJz + w 2fJJ =

1 ( 1 + w + w2) + 1 (1 + w2 + w4)

=0

(3 5 )

by virtue of Eqs. (21) and (20), which implies w4 = w. Next we show {J1, {32 , and {3 3 are mutually relatively prime. Observe that fJ 1 - fJz =

and

(1

-

A

w)u

=

u

Thus any common factor of {J1 and {J2 divides both u and p, so (p, q) = 1 implies ({J1 , {J2 ) = 1 . That ({J1 , {J3) = ({J2 , {J3 ) = 1 follow from similar arguments. Now we know (36) where n > 2. Since the {J1 are mutually relatively prime, Eq. (36) implies each is an associate of a cube in A( - 3), and A.3" - 3 divides one of them.

The Fermai Conjecture

150

We may assume that one is P 3 by replacing u by OJU or ro2u in Eqs. (32) and (34) if necessary. Thus there are units p.1 , p.2 and p. 3 and mutually relatively prime algebraic integers p ', u', and rt' each prime to A. such that Pt = P.tCP ')3 P2

�

p.z (u ') 3

p 3 = ll 3 ;, 3 n - 3 (rl') 3 .

Substitute in Eq. (35) : P.tCP ')3

+

rop.z (u')3

+

(37)

OJ 2p. ;, 3 n - 3('1Y = 0. 3

We are almost done. We need only dispose of two units to make Eq. (37) resemble Eq. (32). Multiply through by p.! 1 • Then (38) for some units to A., so

v

and p.'.

What can v be ? We know p ' and

u'

are prime

p' = ± l (A.)

u' = ± l(A.).

Then

reducing Eq. (38) modulo

A.3 yields

(39) Among the six possibilities Eq. (39), so = ± 1 and v

± 1 , ± ro, ± ro2

for only the first two could fit v

' (p ')3 + ( ± u ) 3 + p.'A.3" - 3(r/')3 = 0.

Our descent from n to n 1 is complete. There is no minimal n > 0 for which Eq. (32) can be solved, so it can never be solved. -

45.

C YCL O TO MIC FIEL D S

Our proof of the Fermat conjecture for n = 3 rests on the fact that A( - 3), unlike Z, contai ns all three cube roots of 1, so that the factorization in Eq. (22) is possible. That suggests that the proper habitat of the Fermat conjecture for a particular prime p is a ring W(p) containing both Z and the p complex pth roots of 1.

45. Cyclotomic Fields

151

The set G of pth roots of 1 is a finite subgroup of the group of nonzero complex numbers. Theorem 1 8.2 implies G is cyclic. The generators of G are called primitive pth roots of unity ; let e be one. The pth roots of unity are the powers of e. When p = 3,

e=

m

=

3 F-3 _-_ _ -_ 1_ +2....!-

is a primitive cube root of 1 . Let (40) and W(p) be the subset of Q(e) for which the rational ai in (40) are all integers. Thus, for example, when p 3, Q(e) = Q(m), and W(3) = A( - 3). Q(�) is a subfield of C (Compare Theorem 28. 1) and W(p), whose elements are called algebraic integers, is a subring which contains precisely those members of Q(�) which are roots of monic polynomials in Z [x] . (Compare Definition 29. 1 , Problem 41 .4, and Theorem 29.7.) In W(p) =

(41) which generalizes Eq. (22). When W(p) enjoys unique factorization, an argument like the one in Section 44 proves the Fermat conjecture for p in W(p) and hence a fortiori in Z. The ring W(p) is a unique factorization domain for all odd primes p less than 23 but not when p 23. It was Dirichlet's observation that unique factorization might fail in W(p) which led Kummer to invent the theory of ideals whose rudiments we sketched for the quadratic case in Section 39. Using that theory he succeeded in proving the Fermat conjecture for a class of primes called regular primes, whose definition is too elaborate to be discussed here. The only irregular primes less than 100 are 37, 59, and 67. Kummer proved the Fermat con­ jecture for them by other methods. Unfortunately there are infinitely many irregular primes and may be only finitely many regular ones. Fermat's conjecture thus remains a conjecture, though many special cases and partial results are known. (For details, consult Vandiver, H. S. , " Fermat's Last Theorem," American Mathematical Monthly 53, (1946), 555-578.) It is important in the history of mathematics primarily because of the fruitfulness of inventions like the theory of ideals which were designed to prove it, failed, and yet served other ends. =

The Fermat Conjecture

152 46.

PRO BL EMS

46.1 Show that no right triangle with integral sides has an area which is a perfect square. 46.2 Find a natural one-to-one correspondence between right triangles whose legs are consecutive integers and the units of A(2). 46.3* Theorem 42. 3 implies that z E B( - 1 ) when (x, y, z) is a primitive Pythagorean triple. Try to prove that directly (without using Theorem 42.3) in order to deduce Theorem 42.3 from the results in Section 36 and an analogue of Problem 41 .33. 46.4 Use the methods of Section 42 to find all the solutions to each of the Diophantine equations

and 46.5* Prove that x 4 + y 4 z 2 has no solutions in the Gaussian integers. (For a solution see Sommer, p. 1 88.) =

7 Prove that 46.6* x4 + y4 = z 4 has a solution in A(m) only when m = theorem, or read about it. (See Aigner, A., " Ober die Moglichkeit von x4 + y4 z4 in quadratischen Korpern," Jahresbericht Deutsch. Math. Verein. 43, (1 934), 226-229.) -

=

46.7

Show that the Diophantine equation

has no nontrivial solution.

.

APPENDIX

1 Unique Factorization

In this appendix we shall state and prove some abstract algebraic theorems with important number theoretical applications (primarily in Sections 2, 12, 33, and 40). Let R be an integral domain, that is, a commutative ring with identity 1 =1= 0 and no 0 divisors. Let R* = R - {0 } . Let S be a subset of R* which contains 1 and is closed under multiplication. Note that R* itself has this property because R is an integral domain. 1. Definition. The element a divides b (written a I b) in S if and only if b = ac for some S. We say then too that a is a divisor of b and that b is a multiple of a. It is clear that a I b and b I imply a I c. c E

2.

c

The element u E S is a unit if it divides 1 , or, equivalently, S such that uv = 1 . The units are thus the invertible elements

Definition.

if there is a in S.

v E

3. Lemma. The set U of units of S is a group under multiplication. Moreover, if ab e U, then a e U and b e U. 153

Appendix

' 154

1

Proof Since 1 1 = 1 , 1 e U. If uv = 1 and rs = 1 , then (uv)(rs) = ur(vs) = 1 , so ur e U. If uv I , then v is a multiplicative inverse for u. If ab e U, then for some c e S, b(ac) = a(be) = (ab)c = I . Hence a and ·

=

b are units.

4. Definition. If a I b and b I a, a and b are associates. When that happens write a ..., b. Since 1 I a for all a, the units are just the associates of 1 . 5. Theorem. There i s a unit u such that a bu if and only i f a and b are associates. The relation ..., is an equivalence relation. =

Proof Suppose a ..., b. Then there are elements c, d e S such that a = be and b = ad. Then a = adc, so de 1 (because S is a subset of an integral domain), and h�nce c and d are units. Conversely if a = bu, then b I a. But u e U, so u - 1 e S, and b = au - 1 • Thus a I b as well, and a .- b. The relation ..., is clearly reflexive (a ..., a because a I a) and symmetric (a ..., b implies b ..., a). To prove it is transitive suppose a .- b and b "' c. Then there are units u and v such that a = bu and b cv. Then a = cvu implies a ..., c since vu is a unit. =

=

6. Definition. A nonunit p e S is prime if and only if its only divisors are units and its associates. If p is prime, so are all its associates. If p and q are prime and p I q, then p and q are associates. The subset S is a factorization semigroup when every non unit in S can be written as a finite product of primes ; S is a unique factorization semigroup when it is a factorization semigroup such that whenever

(1) in S and the P i and qi are primes and u and v are units, then r = k and there is a permutation n of { 1 , . . . , r} such that p,( i l and q are associates for i 1 , . . . , r. We then sometimes say S enjoys unique factorization. The integral domain R is a unique factorization domain (UFO) when R* enjoys unique factorization. i

=

7. Theorem. A factorization semigroup S enjoys unique factorization if and only if whenever a prime in S divides a product it divides one of the factors.

Proof

Let

Suppose S enjoys unique factorization, p is prime in S, and p 1 ab. ab

=

pc.

(2)

Unique Factorization

155

Since p is not a unit, Lemma 3 implies a and b are not both units. Write the nonunits among a, b, as products of primes and consider Eq. (2). The primes on the right are a permutation of associates of those on the left, so p is an associate of a prime divi�or of a or of b. Hence p I a or p I b. Conversely, suppose that when a prime d.ivides a product it divides one of the factors, and suppose c

(3)

where the

and qi are primes and u and v are units. We may assume that is, if the left-hand side of (3) is a unit, then so is the right-hand side (Lemma 3), so k 0 = r. Suppose the theorem true for products of fewer than r0 primes. That is, suppose that when r < r0 the truth of Eq. (3) implies k = r and that the primes p1 , , Pr are associates of the primes q1 , , qk in some order. Examine (3) when the left member has qk and is prime, it divides one of the > 1 prime factors. Since Pro I vq1 factors ; Pro does not divide v, so Pro I qi for some i. We may assume i = k. Then Pro wqk for some unit w, and r

� k.

Pi

If r = 0,

=

• . •

• • •

r0

· · ·

=

uwpl . . . Pro - 1

= vq1 . . . qk- 1 ·

(4)

The induction hypothesis then implies r0 - 1 = k - 1 and that the remaining primes Pi and qi are associates in some order. Thus the theorem is proved. We now proceed to show that an important class of domains are unique factorization domains. A function E : R* z + (the positive integers) is a Euclidean norm if it satisfies (a) E(ab) = E(a)E(b). (b) Given a =f. 0 and b e R there are elements q and r e R such that 8.

-+

Definition.

b = aq +

r

and either r 0 or E(r) < E(a). The domain R is a Euclidean domain i f it possesses a Euclidean norm. =

9. Examples. The integers are a Euclidean domain since E(a) = l a l is a Euclidean norm (Lemma 2.2). When F is a field, the domain F[x] of polynomials with coefficients in F is a Euclidean domain. Each nonzero polynomial a has a nonnegative degree d ; set E(a) = 2d. More examples can be found in Section 33. A noncommutative ring which resembles a Euclidean domain is discussed in Section 40.

Appendix

· 156

1

The next theorem says that ideals in R are principal. It will apply to right ideals in the noncummutative example mentioned above. 10.

Then

Theorem.

Let .3 f= {0} be a (right) ideal in the Euclidean domain R. .3

for any a e 3 whose norm

=

aR

=

{ar I r e R}

is minimal among norms of elements of .3.

E(a)

Since the set of norms of nonzero elements of 3 is a nonempty subset of z + , it has a least element n0 • Suppose a e 3 and E(a) = n0 • Clearly aR s;; 3. Suppose b e 3 ; we wish to prove b e aR. Find q and r satisfying (b) in Definition 8. Since _b - aq e R, we cannot have E(r) < E(a), so r 0. Then b aq e aR, so 3 aR.

Proof

r

=

11.

Proof

=

=

=

The element

Corollary.

u

is a unit of

If u is a unit, then for some v e R, uv E(u)E(v)

=

E(1)

=

E(1 2)

=

=

R

1

if and only if

E(u)

=

1.

so

E( l) z .

Thus E(l ) = E(u) 1 . . Conversely, i f E(u) = 1 , its norm i s minimal because all norms are positive. Then Theorem 10 applied to the ideal .3 R shows uR R. Hence 1 e uR, so 1 = uv for some v e R and u is a unit. =

=

12.

Corollary.

=

A Euclidean domain is a factorization domain.

We proceed by induction on E(a). If E(a) 1 , then a is a unit and there is nothing to prove. Suppose every nonunit r e R* for which E(r) < n is a finite product of primes, and suppose E(a) n � 2. If a is prime, it is a product of primes. If a is not prime, we can write a be where neither b nor c is a unit. Then E(b) > 1 and E(c) > 1 . Since n = E(a) E(bc) E(b)E(c), both E(b) < n and E(c) < n. Thus b and c and hence a can be written as products of primes.

Proof

=

=

=

=

=

Definition. An element d is a common divisor of a and b if d 1 a and d is a greatest common divisor (g. c. d.) if it is a common divisor and a multiple of every common divisor. Any two greatest common divisors are associates ; any associate of a g. c. d. is again one. 13.

d I b;

Unlqw Factorization

157

14. Theorem. Let a and b be o ze o elements of the Euclidean domain R. Then a and b have greatest common divisor d, and there are elements r, s e R such that n

a

n

r

d = ar + bs. Proof. Let l) = {ax + by I x, y e R}. Then l) is a nonzero (right) ideal of R, so l) = dR for some d = ar + bs e l) (Theorem 1 0). Since a = a · 1 + b · 0 e dR, d I a. Similarly, d I b. If c divides both a and b, so that a = ca' and b cb', then d c(a'r + b's), so c I d. Thus d is a g c . d . =

=

.

15. Example. Theorem 1 4 merely asserts the existence of d, r, and s. We shall illustrate below the famous Euclidean algorithm wi th which we can compute them in a predictable number of steps. Suppose a = 102 and b = 258 in Z. Apply (b) of Definiti on 8 to write

258

=

102 . 2 + 54.

(5)

It follows from Eq. (5) that any common divisor of 258 and 102 is one of 102 and 54 and conversely, so the problem has been reduced to the computation of the g. c. d. of the latter, smaller pair. The same method shrinks the numbers again : 1 02 = 1 · 54 + 48 2 . 54 - 6.

=

(6)

The second equation in (6) is more convenient since £( - 6) = 161 < £(48). Any g c d . of - 6 and 54 is one of 54 and 1 02 and hence one of 102 and 258. Since .

.

54 = ( - 9)( - 6) -6

(7)

is a g . c . d . of 1 02 and 258. To solve -6

=

258r

+

1 02s

work backwards. - 6 = 1 02 - 2 . 54

(Eq. (6))

= 102 - 2(258 - 2 . 1 02) = 258( - 2) + 1 02 . 5.

(Eq . (5)) (8)

Appendix 1

158

This algorithm clearly works in any Euclidean domain and produces the analogue of Eq. (8) and hence a g.c.d. of a and b after at most min {E(a), E(b)} applications of (b) in Definition 8 . 16. Theorem. A Euclidean domain R is a unique factorization domain. Proof. In light ofTheorem 7 and Corollary 12 we need only prove that when a prime p in R divides a product ab it divides a or b. Suppose p does not divide b. Then the only common divisors of p and b are units, so 1 is a g.c.d. of p and b. Theorem 14 implies there are elements r, s E R for which

+ bs.

1 = pr Then

(9)

a = apr + abs. Since p I apr and, by assumption p I ab Eq. (9) implies p I a. ,

We close this appendix with two important observations about the Euclidean domain F[x] of polynomials with coefficients in the field F. 17.

Theorem.

if (x - a) lf(x).

The element a of F is a root of f(x) E F[x] if and only

Proof. If (x - a) lf(x), then f(x) = (x - a)g(x) for some polynomial g, sof(a) = (a - a)g(a) = 0, and a is a root off. Conversely, suppose f(a) = 0. Write f(x) = (x - a)q(x) + r(x) where r is a polynomial of degree less than the degree of x - a, which is I . That is, r is a constant polynomial. Then 0 = f(a) = (a a)q(a) + r, so f(x) (x - a)q(x) and (x - a) lf(x). -

=

18.

Corollary.

has at most

n roots.

A

polynomial of degree

n

with coefficients

m

a field

Proof. Let a1 , . . . , a, be the roots of f(x) E F[x] . Then the polynomials , x - a, are different prime divisors of f. Hence (x - a1) x - a1 , (x - a,), which is of degree r, divides J, which is of degree n. Thus r :::;; n. • • •

• • •

APPENDIX

2

Primitive Roots

n

nth prime p

I 2 3 4 5 6 7 8

2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61

9

10 11 12 13 14 15 16 17 18

Least positive primitive root for p

159

2 2 3 2 2 3 2 5 2 3 2 6 3 5 2 2 2

*Means 10 is a primitive root for p

..

..

.. ..

..

.. .. ..

Appendix

• ] 60

n

nth prime p

Least positive primitive root for p

19

67

2

20

71

7

21

73

5

22

79

3

23

83

2

89

25

97

26

101

5

27

1 03

5

28

1 07

2

29

1 09

6

24

3

30

113

3

1 27

3

131

2

33

1 37

3

35

1 39

2

1 49

2

151

6

34 36

37

1 57

5

38

1 63

2

39

1 67

5

1 73

2

40 41 42 43 44 45

1 79

2

1 81

2

191

19

193

5

197

2

46

1 99

3

47

21 1

2

48

223

3

49

227

2

50

229

6

51

233

3

52

239

7

53

241

7

54

251

6

55

257

56

263 269

5

2

58

271

6

57

3

60

277

5

28 1

3

61

283

3

62

293

2

63

307

5

31 1

17

59

64

•

2

31

32

*Means 10 is a primitive root for p

•

• •

•

• •

•

•

* • *

*

*

*

2

l'rlm/tiLJl' Roots

161

n

nth prime p

Least positive primitive root for p

65

313 317

10

*

66

3

*

2

67

331

68

337

69

347

10

349

2

71

353

7

70

72 73

3 59

367

2 3

6

74

373

2

75

379

2

5

76

383

77

389

2

78

397

5

79

401

80

409

81

419

82

421

3

21

•

85

439

15

2

86

443

87

449

3

88

457

13

89

461

2

90

463

3

91

467

2

92

479

13

3

93

487

94

49 1

2

95

499

7

99 100

503 509

2

541

2

521

523

•

5

43 1 433

97

•

•

•

84

98

•

2

2 7

83

96

*Means 10 is a primitive root for p

5

•

•

•

•

•

•

3

2

•

APPENDIX

3 Indices for <1>(315)

In this appendix we shall work through Theorems 2 1 . 1 and 1 7 . 1 0 explicitly for the special case n = 3 1 5 = 3 2 5 7. This exercise should help convince the reader that those theorems are constructive and do not merely show indirectly the existence of an isomorphism. Then we shall answer some questions in !1>(3 1 5) using the index calculus discussed in the last paragraph of Section 17. The prime power factors of 3 1 5 are 9, 5, and 7. A primitive root for 9 and 5 is 2 ; 3 is one for 7. We can thus obtain generators for !1>(3 1 5) by solving the three sets of simultaneous congruences •

g9

= 2 (9),

·

1 (5),

and

1 (7)

g 5 = 1 (9), 2 (5),

and

1 (7)

and

3 (7).

g7

= 1 (9),

1 (5),

The first of these sets we solved in Example 8.2, where we foun d g9

=

28 1 .

162

lmllc('S}cn· (f) (3 15)

163

The second and third sets are in Problem 1 1 .6. g5

= 1 27

U1

=

The an swers are

1 36.

Then ind x = (a, b, c) means

Since rp(9) = rp(7)

=

6,

and rp(5) (a, b, c)

E

=

Z6

4, X

Z4

X

Z6 = K.

The next computations use the table of indices and antiindices at the end of this Appendix. To what exponent d does 256 belong modulo 3 1 5 ? Since ind (256) = (2, 0, 4) we must compute the order of (2, 0, 4) in K. d = l.c.m.

Lemmas 17.2 and 1 7.7 imply

{(2,6 6) ' (0,44) ' (4,6 6)}

= l.c.m. {3,

1, 3}

= 3. Next we solve the congruence x

3

= 244 (3 1 5).

(I )

Set ind x = (a, b, c). Since ind (244)

=

(0, 2, 3)

( 1 ) is equivalent to 3 (a, b, c) = (0, 2, 3 )

(2)

Appendix 3

104

in K and thus to 3 a = 0 (6) 3b = 2 (4) 3c = 3 (6) . These entail a = 0, 2, or 4 ; b = 2 ; and solutions : ind x (0, (0, (0, (2, (2,

2, 2, 2, 2, 2, (2, 2, (4, 2, (4, 2, (4, 2,

1) 3)

5)

1) 3) 5) 1) 3) 5)

c

= 1 , 3 or 5.

There are thus

9

X

199 244 19 94 1 39 229 304 34 1 24

The reader is invited to ask and answer similar questions. It is instructive to write a computer program or flow chart which will produce for a given integer n tables like those that follow. Organizing the arithmetic so that computer time (or one's own time on a desk calculator) is used efficiently will lead to a still better understanding of Theorems 2 1 . 1 and 1 7. 10. Table of Indices for �(3 1 5) ind x = a, b, c means

x

= 28 1 ° 1 27 b 1 36c (3 1 5).

x

ind x

x

1 2 4 8 11 13 16 17 19 22

0, 0, 0 1, 1 , 2 2, 2, 4 3, 3, 0 1 , 0, 4 2, 3 , 3 4, 0, 2 3, 1, 1 0, 2, 5 2, 1, 0

23 26 29 31 32 34 37 38 41 43

ind x 5,

3, 2 3, 0, 5 1, 2, 0 2, 0, 1 5, 1, 4 4, 2, 3 0, 1, 2 1 , 3, 1 5, 0, 3 4, 3, 0

lndlce$' for

([)

(3 /5)

165

X

ind x

X

ind x

44 46 47 52 53 58 59 61 62 64 67 68 71 73 74 76 79 82 83 86 88 89 92 94 97 101 103 104 106 107 109 113 116 118 121 1 22 1 24 127 1 28 131 1 34 136 1 37 1 39 142 143 146 148

3, 2, 2 0, 0, 4 1, 1, 5 4, 1, 1 3, 3, 4 2, 3, 2 5, 2, 1 4, 0, 5 3, 1 , 3 0, 2, 0 2, 1 , 4 5, 3, 5 3, 0, 0 0, 3, 1 1 , 2, 4 2, 0, 3 4, 2, 2 0, 1 , 5 1 , 3, 3 5, 0, 2 4, 3, 4 3, 2, 5 1, 1, 0 2, 2, 1 4, 1 , 3 1, 0, 1 2, 3, 5 5, 2, 3 4, 0, 0 3, 1, 2 0, 2, 4 5, 3, 0 3, 0, 4 0, 3 , 3 2, 0, 2 5, 1 , 1 4, 2, 5 0, 1 , 0 1 , 3, 2 5, 0 , 5 3, 2, 0 0, 0, 1 1 , 1, 4 2, 2, 3 4, 1 , 2 3, 3, 1 1, 0, 3 2, 3, 0

149 1 51 1 52 1 57 158 1 63 1 64 1 66 1 67 1 69 172 173 176 178 1 79 181 1 84 1 87 1 88 191 193 194 197 199 202 206 208 209 21 1 212 214 21 8 221 223 226 227 229 232 233 236 239 241 242 244 247 248 25 1 253

5, 2, 2 4, o, 4 3, 1 , 5 2, 1, 1 5, 3, 4 0, 3, 2 1, 2, 1 2, 0, 5 5, 1, 3 4, 2, 0 0, 1, 4 1 , 3, 5 5, 0, 0 4, 3, 1 3, 2, 4 0, 0, 3 2, 2, 2 4, 1 , 5 3, 3, 3 1 , 0, 2 2, 3, 4 5, 2, 5 3, 1, 0 0, 2, 1 2, 1 , 3 3, 0, 1 0, 3, 5 1 , 2, 3 2, 0, 0 5, 1 , 2 4, 2, 4 1, 3, 0 5, 0, 4 4, 3, 3 0, 0, 2 1, 1, 1 2, 2, 5 4, 1, 0 3, 3, 2 1, 0, 5 5, 2, 0 4, 0, 1 3, 1 , 4 0, 2, 3 2, 1, 2 5, 3, 1 3, 0, 3 0, 3, 0

166

Appendix 3 X

X

ind x

ind x

1 , 2, 2 2, 0, 4

284

5, 2, 4

286

4, 0, 3

257

5, 1 , 5

289

0, 2, 2

262

0, 1 , 1

292

263

1 , 3, 4

293

268

4, 3, 2

296

3, 0, 2

269

3, 2, 1

298

0, 3, 4

299

1 , 2, 5 5, 1 , 0

254 256

o, ·o, 5

271 274

1, 1, 3 2, 2, 0

277

4, 1 , 4

278

3, 3, 5 1 , 0, 0 2, 3, 1

272

281 28 3

ind x 0, 0, 0

X

302 304

2, 1 , 5 5, 3, 3

4, 2, 1

307

311

0, 1 , 3

313

4, 3, 5

314

3, 2, 3

ind x

5,

0, 1

X

1

1, 1 , 0

92

1 36

1 , 1, 1

227

1

0, 0, 2

226

1, 1 , 2

2

0, 0, 3

181

272

0, 0, 4

46 27 1

1, 1, 3 1, 1, 4

1 27

1, 1, 5 1 , 2, 0

47 29

0, 1, 1

262

1 , 2, 1

1 64

0, 1 , 2

37

1, 2, 2

254

1 , 2, 3 1 , 2, 4

209

172 82

1 , 2, 5 1 , 3, 0

299

1 99

1, 3, 1 1, 3, 2

0, 0,

0, 0, 5 0, 1, 0 0, 1 , 3 0, 1, 4 0, 1 , 5 0, 2, 0 0, 2, 1 0, 2, 2

0, 2, 3 0, 2, 4 0, 2, 5 0, 3 , 0

0, 3, 1 0, 3, 2 0, 3, 3

0, 3, 4

307

64

289

218 38 1 28

1 , 3, 3 1, 3, 4 1 , 3, 5

253

73

2, 0, 0 2, 0, 1

21 1

1 63

2, 0, 2

121

118

2, 0, 3 2, 0, 4

256

19

298

2, 0, 5 2, 1 , 0

208

1 , 0, 2

191

2, 1 , 2

1 , 0, 4 1 , 0, 5

146

2, 1 , 3 2, 1 , 4

1, 0, 3

74

244 109

1, 0, 0 1 , 0, 1

0, 3, 5

1 37

281 101

11 236

2, 1 , 1

2, 1 , 5

83 263 1 73 31

76 1 66 22 157

247

202 67 292

lndlccw for
167

(J IS)

ind x 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 3, 2 , 3, 2, 3, 2, 3, 2, 3, 3, 0, 3, 0, 3, 0, 3, 0, 3, 0, 3, 0, 3, 1 , 3, 1 , 3, 1 , 3, 1 , 3, 1 , 3, 1 , 3, 2 , 3, 2, 3, 2, 3, 2, 3, 2, 3, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, 0,

0 1 2 3 4 5 0 1 2

3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5

X 274 94 1 84 1 39 4 229 148 283 58 13 1 93 103 71 206 296 251 116 26 1 97 17 1 07 62 242 1 52 1 34 269 44 314 1 79 89 8 143 233 1 88 53 278 106 241 16 286 151 61

ind x 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,

1, 1, 1, 1,

1,

1, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 0, 0, 0, 0, 0, 0, 1, 1,

1,

1, 1, 1, 2, 2, 2, 2, 5, 2, 5, 2, 5, 3, 5, 3, 5, 3, 5, 3, 5 , 3, 5, 3,

0 1 2 3 4 5 0 1 2

3 4 5 0 1 2 3

4 5 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 0

1

2 3 4 5

X 232 52 142 97 277 1 87 1 69 304 79 34 214 1 24 43 178 268 223 88 313 1 76 311 86 41 221 131 302 1 22 212 1 67 32 257 239 59 149 1 04 28 4 194 113 248 23 293 1 58 68

APPENDIX

4 Fundamental Units in Real Quadratic Number Fields

When m is square free, Jl.o is the fundamental unit. solution to the Pell equation

(x, y) is the fundamental

The value of D appears in the last column ; D = - 1 implies When m is square free and m ¥:- 1 (4), Jl.o = x + yJ;,. Jl. o

m

2 3

1 + Vz 2 + VJ

5

!(t + vs) 5 + 2¥6 s + 3v7

6

7

X

y

Jl.o

D -1 1

2 168

1

-1

is improper.

F'ulldanu.'llltll U11lts /11 RC'al QUtulratlc Number Fields m

Jl.o

10

12 13 14 15 17 18 19 20 21 22 23 24 26

27 28 29 30 31 32 33 34 35 37 38 39 40 41 42 43 44

45 46 47 48

D

y 3

8

11

X

169

1

3 + Vt0 10 -1.- lVil !(3 + VD} 1 5 + 4ffl

-1 7 18

2 5

4 + Vls 4 + Vi7 170

1

4 17

4

9 55

2 12

-1

+ 39v'i9

!{ 5 + V21) 197 + 42v'22 24 + 5v'23

1

1

5

1

5 + VU

l(S + ¥29)

1 -1 1

1 1 1 -1

26 127 70

5

24 13

-1

1 1 + 2VJO 1 520 + 273v'3i 23 + 4V33 35 + 6v'34 6 + v'35

23

3 4

6 + v'37 37 + 6v'38 25 + 4v'39

6

1

-1

19 32

3 5

-1

199

30 24

17

32 + sv'41 13 + 2V42 3482 + 531'V43 24335 + 3588v'46 48 + 7v'47

161

7

1

1

1

Appe11dix

1·70

m 50 51 52 53 54 55 56 57 58 59

60

Jlo

7

t(7 + V53)

1 51 + 20V57 99 + 1 3V5s 530 + 69Vs9

65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80

B + V65 65 + SV66 48842 + 5967'\167

82 83

9 + V82 82 + 9V83

90

649 1 82 485

90 25 66

15

2 20

s9 + 12V55

!( 39 + 5V6i) 63 + SV62

85 86 87 88 89

y

50 + 7VSl

61 62 63

84

X

151

31 29718

D -1 1 1 -1

1

-1 4 3805

-1

8

t(25 + 3V69) 251 + 3oV70 3480 + 41 3V71 1o68 + 125V73 43 + 5V74 t(9 + v'77) 53 + 6V78 80 + 9V79

8

-1

33 7775

4 936

1

17 1068

2 125

1 -1

26 57799 351

3 6630

1

-1

40

9

!(9 + VsS)

-1 55 378

6 41

-1

197 500 19

21 53 2

1 -1 1

10405 + 1 1 22Vs6 28 + 3V87 500 + 53v'89

4

Funclamellltll Units In m

91 92 93 94

95 96 97 98

99

101

RNII

Quatlrt1tlc Num/Jc•r Jl.o

1574 + 1 65V91

t(29 + 3V93) 2143295 + 221o64v'94 39 + 4v'95 5604 + 569v'97

Fields

X

y

1 151 12151

1 20 1260

49 5604

5 569

99 10

1o + V101

10

10

D 1

1

1

1 1

1

-1

-1

1 71

APPENDIX

5 Chronological Table

Mathematicians Prominent in the History of Number Theory or mentioned in the Text ca.

Pythagoras

Euclid Diophantos

540

B.C.

ca. 300 B.c. ca. 250

( ?)

1 58 1 -1 638

Bachet de Meziriac Marin Mersenne

1 5 88-1 648

Pierre de Fermat

1 60 1 - 1 665

John Pen

1 61 0-1 685

Leonhard Euler

1 707-1783

Joseph Louis Lagrange

1 736- 1 8 13

John Wilson

1 741-1 793

Adrien Marie Legendre

1 752-1 833

Augustin-Louis Cauchy

1 789-1 857

Augustus Ferdinand Mobius

1 790-1 868

Karl Fri ed rich Gauss

1 777-1 855

Gabriel Lame

1 795-1 870

G. J. Jacobi

1 804--1 8 5 1

Ernst Eduard Kummer

1 8 1 0-1 893

Peter Gustav Lejeune-Dirich let

Ferdinand Gotthold Eisenstein

1 805-1 859 1 823-1 852

Leopold Kronecker

1 823-1 891

Georg Friedrich Bernhard Riemann

1 826-1 866

Richard Dedekind

1 83 1- 1 9 1 6

Adolph Hurwitz

1 859- 1 9 1 9

David Hilbert

1 862-1943

Axel Thue

1 863-1 922

Hermann Minkowski

1 864--1909

Emil Artin

1 898-1 962

1 72

Bibliography

Cohn, H., A Second Course in Number Theory, Wiley, New York, 1 962.

Gauss, K. F., Disquisitiones Arithmeticae (translated by A. A. Clarke), Yale University Press, New Haven, 1 966. Grosswald, E., Topics from the Theory of Numbers, Macmillan, New York, 1 966. Hardy, G. H., and Wright, E. M., An Introduction to the Theory of Numbers, 4th Ed., Oxford University Press, New York, 1 960. Nagell, T., Introduction to Number Theory, Wiley, New York, 1 95 1 . Niven, 1., and Zuckerman, H., A n Introduction to the Theory of Numbers, Wiley, New York, 1 960. Ore, Oystein, Number Theory and Its History, McGraw-Hill, New York, 1 948. Pollard, H., The Theory of Algebraic Numbers, Carus Mathematical Mono­ graph # 9, Math. Assoc. Amer. , 1 950. Sommer, J., Vorlesungen iiber Zahlentheorie, 1907.

B.

G. Teubner, Leipzig,

Vinogradov, 1., Introduction to the Theory of Numbers, Pergamon, New York, 1 955. Weiss, E. , Algebraic Number Theory, McGraw-Hill, New York, 1 963. 1 73

List

of Symbols

ii image of a in z. , 1 1 a l b a divides b, 3 (a, b) greatest common divisor of a and b, 4
A(m)

a=

b(n)

a p

()

B(m)

C

D

conjugate of a, 84

the algebraic integers of Q(v';;), 85

a

congruent to b modulo n, 1 0

Legendre symbol giving quadratic character of a modulo p, 62 set of norms of nonzero elements of A(m), 90 the field of complex numbers, 82

the ring of integral quaternions, 1 30

product of the groups G and H, 4 1 division ring of rational quaternions, 127 ind.(a) index of a relative to g, 39 G x H H

the

1 74

l.lst

of Symbols

l.c.m. (a, b)

fL

N(x)


cp

Q Q(m)

R*

R(x) 1

w=-2+

a(n) -

3

2

[ x]

Z z.

1 75

least common multiple of a and b, 4

A(m) when m > 0, Q(V;;; ) , 84

fundamental unit in norm of x

e

97

group of units of z. , 1 5 Euler cp-function, 1 5

the field of rational numbers, 82 the least field containing

Q and v;;; ,

82

nonzero elements of the ring R, 1 5

ring of polynomials with coefficients in R, 66

the sum of the divisors of n, 24 a complex cube root of 1 , 24

the largest integer less than or equal to the ring of integers, 3 the ring of integers modulo

n,

10

x,

64

Index

Chinese remainder thcmcm, 1 .1, 1 7, 22,

Algebraic integer, 85-90, 1 34, 1 47, 1 5 1 characteristic p ol yn o m i a l of, 86 conjugate of, 84 norm of (see Norm) Algorithm, Euclidean (see Eucl i dean algo ri thm) Appropriate sign, 108, 1 34, 1 3 5 Arithmetic, fundamental theorem of,

23, 52

Congruence, 1 0, 1 44 Conjecture, Artin, 38 Conjugate, 84, 1 28 Continued fractions , 9!1, I J4 Coset, 1 1 , 20, 39, 47, 5!1, 1 45 Cyclic group, 1 1 , 3 8 , 39, 43, 5 0 , 5 5 Cyclotomic field, 1 50

3, 7

Arithmetic functions, 25 Arithmetic progression, 1 1 , 1 3 primes in (see Primes in ari th metic pr o gress ion) Art i n , Emil, 3 8 , 1 72

Decimal expansion, 34, 45 casting out nines, 23 divisibility t e st s , 23 Dedekind, Richard, 1 25 , 1 72 Difference of squares (see DIOJ,h&t n t l nc equation, x 2 - y 2 11) J)ifference oftwo squares, l 2, 3 3 , 77, 1 4 l Diophantine equation, 2

A r t i n conjecture, 38

Associates, 1 0 1 , 1 54

=

A u to morphism, 23 of fields, 84

Aviary,

O aX1

30

Bachet, 1 39, 1 72

Brou ncker, Lord, 97

.\'" 2

.\'l

Casti n g out nines, 23

Cauchy, Augustus-Louis, 1 72 C h u racteristic polynomial, 8 6

+ ··· +

a.x. = c,

5-6

by = c, 4--5 , 8, 1 2 , 2 1 x 2 - my2 ,; n, 26, 90, 9 1 , 94, 1 03,

ax +

.\"2

,\"A

1 77

+

1 09, 1 1 2 , 1 37 2 = n, 1 1 7-1 1 9, 1 36 y

(see also Sum of two squarea) 2 y = n, 1 2, 3 3 , 77 1 · 2y 2 = n , 1 1 3-1 1 7, 1 36 2 = n, 19, 1 22-1 24 • 2y

Jmlcw

1 78

x2 + 3y2 = n , 78, 1 20, 1 36 x2 - 3y2 = n , 1, 8 1 x 2 + 5y2 = n , 1 6, 92, 1 27 x2 + 6y2 = n , 81 x2 + 1y2 = n , 81 Diophantos, 2, 92, 1 39, 1 72 Dirichlet, Peter Gustav Lejeune, 7, 30, 98, 140, 1 5 1 , 1 74 pigeonhole principle, 30, 99 / Dirichlet's theorem (see Primes, in ?. arithmetic progression) Dirichlet's unit theorem, 97 Divisibility tests, 23, 56 Domain, Euclidean (see Euclidean domain) - -

··

Eisenstehl, , Ferdinand Gotthold, 2, 70, 1 72 Euclid, 6, 24, 1 72 - � Euclidean algorithm, 4, 8, 1 2, 1 04, 1 36, 1 57 Euclidean domain, 1 04, 1 06, 1 55, 1 58 Euclidean norm, 28, 104, 1 05, 1 06, 1 34, 1 38, 1 55 Euclidean number field, 103, 1 1 3, 1 1 7, 1 20, 1 22, 1 38 Euler, Leonhard, 8, 24, 97, 1 36, 1 40, 1 72 Euler q:>-function, 1 5, 1 7, 20, 23, 1 40 Euler's theorem, 1 6, 55, 1 35 Exponent, 44, 46, 48, 5 1 , 56, 1 63 Exponent to which a belongs modulo n, 43 (see also Group, order of an element of) Fermat, Pierre cley 3 1 , 97, 1 27, 1 39, 1 72 Fermat conjecture, 1 35, 1 39, 1 42, 1 50 Fermat prime, 8, 24, 8 1 Fermat's last theorem (see Fermat conjecture) Fermat's theorem, 1 6, 28 , 44, 58, 63 Field, 1 5 , 23, 43, 82 F-number, 58 Fundamental solution, 1 34 Fundamental theorem of arithmetic, 3, 7 (see also Unique factorization)

Fundamenta l u n it, 97, 1 34, .1 68

Gauss, Karl Friedrich, 2, 1 0, 1 07, 1 72 lemma of (see Lemma of Gauss) Gaussian integer, 85, 90, 1 1 1 , 1 1 7- 1 1 9, 1 3 6, 1 52 (see also Sum of two squares) Greatest common divisor, 3, 1 56 ideal, 1 26 of quaternions, 1 3 1 Greatest integer function, 64, 69, 8 1 Group, 1 6, 23, 58 cyclic, 1 1 , 38, 43, 50, 55 generator of (see Primitive roots) order of, t 5 order of an element of, 1 6, 37, 40-43 product of, 4 1 , 48, 57 symmetric, 33, 56 of units, 1 53 of units of z. , 34, 40 Hilbert, David, 1 72 Hurwitz, Adolph, 1 27, 1 72 Ideal, 1 0, 1 1 , 23, 1 3 1 Ideal prime, 1 26 Ideal, principal, 1 56 Ideals, theory of, 1 25, 1 35, 1 5 1 Improper unit, 1 08, 1 34, 1 68 Index isomorphism, 39, 43 Inertial prime (see Prime, inertial) Integral domain, 1 5, 23, 25, 1 53 Isomorphism, 39, 44, 48, 53, 57, 61 , 1 62 Jacobi, G. J. , 1 72 Kronecker, Leopold, 1 72 Kummer, Ernst Eduard, 1 25, 1 40, 1 5 1 , 1 72 Lagrange, Joseph Louis, 98, 1 27, 1 72 Lame, Gabriel, 1 40, 1 72 Lattice points, 70, 1 05 Law of Quadratic Reciprocity, 60, 70-75, 1 35 Least common multiple, 4, 41, 54, 56 Leftovers, 1 3

1 7V

/mfr.\ LCMCildl'l\ Adril'll M u ri�. 1 40, 1 72 Legendre symhul, 62, CIS, 61J, 70 75, H I , I OH , 1 09, 1 35 Lem m a of G auss, 64, 67, 8 1 Lo ng d i v i s i o n algor i t h m ,

64

72,

3, l l , 36, 56,

(see also Euclidean algorithm) Lucas, 22, 1 36 Mersenne, Marin, 1 72 Mersenne prime, 8, 24, 1 36 Method of desce?J t, 1 42, 143, 148 Meziriac, Bachet de, 1 39, 1 72 Minkowski, Hermann, 1 72 Mobius, Augustus Ferdinand, 1 72 Mobius inversion formula, 25 Multiplicative function , 1 9, 23, 24, 34, 54, 58, 1 35 Nines number, 56, 8 1 Norm, 84, 90, 104, 1 28, 1 45 Euclidean (see Euclidean norm) Number field, Euclidean (see Eucli­ dean number field) Pell, John, 97, 1 72 Pell's equation, 7, 94, 97, 1 34, 1 68 fundamental solution to, 1 34 (see also Units in real quadratic number fields) Perfect number, 24 Pigeonhole principle, 30, 90 Polynomials, 26, 43 irreducible, 32 monic, 32 roots of, 27, 66, 81 unique factorization of, 28, 63, 1 58 Primes, 3, 1 3 1 algebraic integral 101-103, 1 1 2 in arithmetic progression, 7, 8, 60, 66 68, 74 in B(m), 1 02 Fermat, 8, 24, 8 1 ideal, 1 26 inertial, 1 07, 1 09, 1 1 2 infinitude of, 6 Mersenne, 8, 24, 1 36

mod u l o fmu·, 7, 28, 63, pmducing polynomiul ,

1 1 8, 1 35

1 34, 1 36

131 1 07, 1 09, 1 1 2 regu lar, 1 5 1 i n semigroup, 1 54 splitting, 1 07 ff. Primitive pth root of unity, ! 5 1 Primitive Pythagorean t r i pl e (see Py· thagorean tri ple) Primitive roots, 44, 45, 46, 48, 49, 5 1 , 57, 8 1 , 1 36, 1 59, 1 62-1 67 Proper unit, 93-94 Pythagoras, 1 72 Pythagorean triple, 1 40-1 42, 1 43, 1 52 q uutcr n i o n , ram i fied,

Quadratic form, 1 24 Quadratic number field, 82-8 5, 1 68 Quadratic Reciprocity Law, 60, 70-75, 1 35 Quaternions, 1 27-1 33, 1 37 Ramified prime (see Primes, ramified) Rational integers, 85 Reciprocity, quadratic (see Quadratic Reciprocity Law) Representable integer (see Sum of two squares) Residues, 8 1 , 1 33 quadratic, 61 Riemann, Georg Friedrich Bernhard, 1 72 Semigroup, 92, 1 26, 1 34 factorization in, 1 54 unique factorization in, 1 34, 1 54 Splitting prime (see Primes, splitting) Square free integer, 82 Stark, Harold, 1 07 Sum of four squares, 7, 1 27 Sum of three squares, 7 Sum of two squares, 1 -2, 7, 9, 33, 92, 1 1 7-1 1 9, 1 3 6 Sylow subgroup, 33 Symmetric functions, 8 1 Symmetric group, 33, 56 Thue, Axel, 30, 1 72

180 Thue's theorem, 30, 3 1 , 77 Unique factorization in A(m), 1 03, 1 07-1 1 3, 1 1 4, 1 34, 1 35-1 36, 1 40 tn B(m), 1 1 2, 1 35 of ideals, 1 27 of polynomials, 28, 43, 63, 1 58 in semigroups, 1 34, 1 54 in Z, 3 Unique factorization domain, 104, 1 06, 134, 1 5 1 , 1 54, 1 58

Index Unit theorem, 97 Units, 1 5, 25, 93, 1 0 1 , 1 3 1 , 1 53 fundamental, 97, 1 34, 1 68 improper, 1 08, 1 34, 1 68 proper, 1 34 in real quadratic number fields, 94, 95-1 00, 1 22-1 23, 1 52 Universal exponent, 54, 58 Wallis, John, 97 Wilson, John, 1 72 Wilson's theorem, 28