Modular Arithmetic

This corresponds to chapter 2 in your book, and especially sections 2.1, 2.2, and 2.3.

1 Examples and introduction

We will reconsider the example before, that a2 + b2 = c2 with a = 2m, m odd implies b, c are even. But ﬁrst, let’s do a slightly easier problem: Problem: Suppose n = 2m with m odd. Then there are not integers x, y with x2 − y2 = n. The idea is to consider remainder when dividing by 4. n = 2m = 2(2r + 1) = 4r + 2, so the remainder is 2. Now, x2 is either

2 2 2 • a multiple of 4, if x is even: x = (2x1) = 4x1, 2 2 2 • or is one more than a multiple of 4, if x = 2x1 + 1 is odd: x = (2x1 + 1) = 4x1 + 4x1 + 1 = 2 4(x1 + x1) + 1. Same goes with y2. But now n + y2 = x2: the LHS is either 2 or 3 more than a multiple of 4, while the RHS is 0 or 1 more than a multiple of 4. So, they cannot be equal. There is a much more eﬃcient way of making this sort of argument.

2 Deﬁnition and ﬁrst properties

Suppose m 6= 0 is an integer.

Deﬁnition 1. We say a is congruent to b modulo m, and write a ≡ b (mod m), if m|a − b (m divides a − b.)

Note that a ≡ b (mod m) if and only if a and b have the same remainder upon dividing by m. Example 7 ≡ −1 (mod 8), if n is odd, then n2 ≡ 1 ≡ 9 (mod 4). You can add, subtract and multiply modular congruences: 7 ≡ 2 (mod 3) and 2 ≡ 11 (mod 3). Consequently:

• 7 + 2 ≡ 1 + 11 ≡ 0 (mod 3)

• 7 · 2 ≡ 1 · 11 ≡ 2 (mod 3)

• 7 − 2 ≡ 1 − 11 ≡ 2 (mod 3).

The following theorem explains that you can always do this.

Theorem 2 (Theorem 2.1 in NZM1). Suppose a, b, cd ∈ Z (are integers).

1. a ≡ b (mod m), b ≡ a, and m|a − b are equivalent

2. a ≡ b and b ≡ c mod m implies a ≡ c mod m

1Niven, Zuckerman, and Montgomery

1 3. a ≡ b and c ≡ d implies a + c ≡ b + d and ac ≡ bd mod m

4. a ≡ b, d|m and d > 0 implies a ≡ b (mod d)

5. a ≡ b mod m implies ac ≡ bc (mod mc).

Proof. Let’s write out the proof of the multiplication property: If a ≡ b (mod m) and c ≡ d (mod m), then a = b + m`1 and c = d + m`2 for certain integers `1 and `2. Multiplying, ac = bd + m(b`2 + d`1 + m`1`2). Thus m|(ac − bd), as needed. Theorem 3 (Thereom 2.2 in NZM). If f is a polynomial with integer coeﬃcients, and a ≡ b (mod m), then f(a) ≡ f(b) modulo m.

For example, −2 ≡ 5 (mod 7) and thus

• (−2)2 + (−2) ≡ 52 + 5 (mod 7) by taking f(x) = x2 + x

• (−2)3 + 53 ≡ −1 (mod 7) by taking f(x) = x3.

Please see the textbook for the proof of this. Example: (2m)2 = c2 − b2 with m odd implies b, c even.

Proof. The LHS is 4 × odd, so is 4 modulo 8. Looking at squares modulo 8, the only possibilities are 0, 1, 4. One sees that in order for the RHS to be 4 mod 8, b and c must both be even.

In the ﬁrst lecture, we claimed that we would eventually prove the following statement:

Theorem 4. A prime number p is a sum of two squares x2 + y2 if and only if p = 2 or p is one more than a multiple of 4.

We are not ready to prove the entirety of this statement, but we can prove part of now. Namely, if p is one less than a multiple of 4 then p is not the sum of two squares:

Lemma 5. Suppose p ≡ −1 modulo 4. Then there does not exist integers x, y so that p = x2 + y2.

Proof. The only possible squares modulo 4 are 0 or 1 (e.g., by checking that 02 ≡ 0, 12 ≡ 1, 22 ≡ 0 and 32 ≡ 1 modulo 4). Adding, x2 + y2 can be 0, 1 or 2 modulo 4. In particular, it can never be 3, or equivalently, −1 modulo 4. Because we cannot solve the congruence p ≡ x2 + y2 (mod 4) for such p, we certainly cannot solve the equality p = x2 + y2.

Here is one more example

Example: Prove that x3 − 7y3 = 9 has no solutions with x, y integers.

Proof. There are probably many ways to do this, but one way that works quickly is to take the equality modulo 7. Then one obtains x3 ≡ 2 modulo 7. By going through the possibilities, one checks quickly that the only cubes modulo 7 are 0, 1 and −1 modulo 7. Thus we cannot solve x3 ≡ 2 (mod 7). We will soon prove a general theorem about the powers xn modulo prime numbers (such as 7) which will imply that 0, −1, and 1 are the only possible cubes modulo p = 7..

2 3 Inverses

Above we discussed addition, multiplication, and subtraction modulo an integer m. But what about division, or said diﬀerently, multiplicative inverses? We postponed division until now because it is a little more subtle. We start with an example and a non-example.

Example Can we solve 5x ≡ 3 (mod 7) for x? Well, by trial and error, one sees quickly that x ≡ 2 modulo 7 works. But is there another possibility for x (other that 2 plus multiples of 7)? Well, if we were working with regular numbers and trying to 5x = 3, we would divide both sides by 5 to 3 get x = 5 , and that would be the only solution. So, can we divide by 5 modulo 7? The thing to do is multiple both sides by 3. Then, one gets 15x ≡ 9 (mod 7). But 15x = 1 14x + x ≡ x mod 7 because 7 divides 14. Thus x ≡ 9 ≡ 2 (mod 7) as desired. So, 3 acts like “ 5 ”, the inverse of 5. So, similarly, if I wanted to solve 5x ≡ 2 modulo 7, I would multiply both sides by 3 to get x ≡ 6 (mod 7), the only solution (modulo 7). Here is a non-example: Can I solve 5x ≡ 3 modulo 10? Well, no. In this case, the LHS is always 0 or 5 modulo 10, never 3. The problem is that 5 and 10 have a common divisor, namely 5. We these examples, we can state the way inverses work modulo m.

Theorem 6. Suppose a, m are integers which have no common divisor. Then there exists an integer b so that a · b ≡ 1 modulo m. Moreover, the class of b is unique modulo m in the sense that if ab1 ≡ 1 and ab2 ≡ 1 then b1 ≡ b2 (mod m). In other words, a has an inverse modulo m, the integer b of the above theorem; we write a−1 for this element. To prove this theorem, let us ﬁrst state something from chapter 1 that we skipped over, that is very useful.

Theorem 7 (Theorem 1.3 in NZM). If g is the gcd of the integers b and c, then there exists integers x0 and y0 so that g = bx0 + cy0. For example, if b = 7 and c = 9, then the gcd is 1 and 1 = 7(4) + 9(−3). We discussed the proof of this in class. Please see your textbook to look at the proof again. Using the theorem, one obtains the various consequences. First, we prove Theorem 6.

Proof of Theorem 6. Because a and m are relatively prime we can write 1 = ax0 + my0. Taking b = x0 proves the ﬁrst part. For the second part, if ab1 ≡ 1 ≡ ab2, then

b1 ≡ b1(ab2) ≡ (ab1)b2 ≡ b2 (mod m) as desired.

Deﬁnition For integers m1, m2 we let (m1, m2) denote the gcd of m1 and m2. Thus, for example, (7, 9) = 1 while (20, 8) = 4. That integers a and m are relatively prime is equivalent to the statement (a, m) = 1.

Here is another consequence:

Proposition 8. Suppose a, b, m, p are integers, and p is prime.

3 1. If (a, m) = 1 and (b, m) = 1 then (ab, m) = 1.

2. If m|ab and (a, m) = 1 then m|b.

3. In particular, if p is prime and p|ab then p|a or p|b.

Proof. This proposition is intuitive from the unique factorization of integers into powers of primes that you learned in grade school. However, if you really want to prove that unique factorization statement, you’d actually prove this proposition first, and then use it on the way to proving unique factorization. So, let’s prove this proposition from more basic principles, namely Theorem 7. For the first part, we can write ax0 + my0 = 1 and ax1 + my1 = 1. Multiplying the two expressions gives abx2 + my2 = 1, where x2 = x0x1 and you can find y2 by multiplying everything out. For the second part, (a, m) = 1 implies 1 = ax0 + my0 and thus b = abx0 + mby0. Because m divides ab, m divides the RHS and thus m divides b, which is the LHS. For the third part, because p is prime, either p|a or (a, p) = 1. If p|a then we are done. If p does not divide a, then (a, p) = 1 and so p|b by part 2.

As an application of what we have already worked out, one has the result that is known as Fermat’s little theorem:

Theorem 9. Suppose p is prime and (a, p) = 1. Then ap−1 ≡ 1 (mod p).

Proof. The idea is that one considers the two lists 1, 2, 3, . . . , p−1 and a, 2a, 3a, . . . , (p−1)a modulo p. Because (a, p) = 1, the second list is a rearrangement of the first, modulo p. Indeed, the second list contains (p − 1) nonzero terms modulo p, so to check that the second list is a rearrangement of the first, it suffices to see that all p − 1 terms are distinct. But if ar1 ≡ ar2 (mod p) for two terms −1 r1, r2 of the first list, then multiplying by a proves that r1 ≡ r2 (mod p). Because the two lists are rearrangements of one another, they have the same product:

1 · 2 ··· (p − 1) ≡ a · (2a) ··· ((p − 1)a) (mod p).

But the RHS is ap−1(1 · 2 ··· (p − 1)). But each of 1, 2, ..., p − 1 is relatively prime to p and thus the product 1 · 2 ··· (p − 1) is as well. Because this product is prime to p, it has an inverse, and so we can cancel to obtain 1 ≡ ap−1 (mod p).

Example: Compute the remainder when 1063 is divided by 13. To do this, one computes

1063 = 1012∗5+3 = (1012)5103 ≡ 15103 ≡ (−3)3 ≡ −1 (mod 13).

Thus, the remainder is 12.

Deﬁnition If m is a positive integer, denote by φ(m) the number of integers between 1 and m in- clusive that are relatively prime to m. So, for example, φ(15) = 8 (the integers 1, 2, 4, 7, 8, 11, 13, 14 are prime to 15) and if p is prime then φ(p) = p − 1.

The next result generalizes Fermat’s little theorem, replacing p by an arbitrary positive integer m and p − 1 by φ(m).

4 Theorem 10 (Theorem 2.8 of NZM). If (a, m) = 1 then aφ(m) ≡ 1 (mod m).

The proof is just like that we gave above for Fermat’s little theorem. Please see the textbook for the proof.

4 Polynomial equations

Our next task is to analyze the solutions of polynomial equations modulo primes p. Let’s do an example to see why it is a good idea to look at primes. Example: Let’s ﬁnd the solutions to the congruence x2 − 1 ≡ 0 (mod 15). We know that ±1 will be solutions. But are there more? Yes, ±4 are also solutions, and one can check that 1, −1, 4, −4 are the only solutions to x2 − 1 ≡ 0 (mod 15). So, even though we have this degree 2 polynomial, there are 4 (bigger than 2) solutions. The problem is that 15 is not prime. More precisely, we will prove the following result.

Theorem 11. Suppose f is a degree d polynomial with integer coeﬃcients and p is prime. Then the number of distinct solutions to f(x) ≡ 0 (mod p) is at most d.

1. Non-example: x2 − 1 ≡ 0 (mod 15). As just mentioned, the solutions are x ≡ ±1, ±4 modulo 15. Thus, there are four solutions, even the polynomial x2 − 1 has degree two.

2. Example: x2 − 1 ≡ 0 (mod p), with p a prime. If r is a solution, then p|(r + 1)(r − 1), so p|(r + 1) or p|(r − 1). Consequently, r ≡ ±1 (mod p), so there are only two solutions.

Consider the case where d = 1, i.e., when f(x) is a linear polynomial. Linear polynomials: Suppose one wants to solve c1x + c0 ≡ 0 (mod p), with c1 not zero modulo p. Then c1x ≡ −c0, −1 and multiplying by the inverse gives x ≡ −c1 · c0 mod p. Thus, there is exactly one solution in this case. Thus, we have proved Theorem 11 in the case d = 1.

4.1 Quadratic polynomials We will now take a detour into the case where d = 2, i.e. quadratic polynomials f. And even more special, we will ﬁrst consider the case of f(x) = x2 − a, that is, we consider the solutions to the congruence x2 − a ≡ 0 (mod p). Deﬁnition Suppose (a, p) = 1. Then a is said to be a quadratic residue modulo p if x2 − a ≡ 0 has a solution, i.e., there exists r with r2 ≡ a (mod p). If there is no such r then a is said to be a quadratic non-residue modulo p.

For example, suppose p = 7. Then 1, 4 and 2 are quadratic residues mod p, and 3, 5, 6 are quadratic non-residues mod p. Note that exactly half of nonzero a modulo p = 7 are quadratic residues and half are quadratic non-residues. The same statement is true for arbitrary p, and we will prove this soon. Let’s begin by considering the following very special congruence.

Proposition 12. Suppose p is an odd prime. If a 6≡ 0 (mod p), then the congruence x2 − a ≡ 0 (mod p) has exactly 0 or 2 solutions.

5 Proof. If there are no solutions, then of course we are done. Thus, suppose there is a solution, so that there is some r so that r2 ≡ a (mod p). Then −r also satisﬁes (−r)2 − a ≡ 0 (mod p), so we have two solutions r and −r. Moreover, r and −r are distinct solutions modulo p, because r ≡ −r implies 2r ≡ 0 which implies r ≡ 0, which cannot happen because r2 ≡ a 6≡ 0 (mod p). Thus, if there is one solution, then there are at least two solutions modulo p. How do we see that there are exactly two solutions, i.e., that there are no other solutions to x2 − a ≡ 0 (mod p)? Well, if r2 ≡ a, then x2 − a ≡ x2 − r2 ≡ (x + r)(x − r) (mod p). So x2 − a ≡ 0 implies p|(x + r)(x − r), which then implies p|(x + r) or p|(x − r), so x ≡ ±r (mod p). Thus, ±r are the only solutions to the congruence.

Let’s now consider the case of a general quadratic polynomial, ax2 + bx + c ≡ 0 (mod p) with p odd and a 6≡ 0 (mod p).

Proposition 13. Suppose b2 − 4ac is 0 or a quadratic residue modulo p, with r2 ≡ b2 − 4ac modulo p. Then the solutions to ax2 + bx + c ≡ 0 (mod p) are (2a)−1 · (−b ± r) modulo p. If b2 − 4ac is a quadratic nonresidue, then the congruence ax2 + bx + c ≡ 0 has no solution modulo p.

Colloquially, the quadratic formula still applies.

Proof. We can argue just as the usual proof of the quadratic formula, by completing the square: We have ax2 + bx + c ≡ 0 if and only if 4a2x2 + 4abx + 4ac ≡ 0, and one has

4a2x2 + 4abx + 4ac ≡ (2ax + b)2 + 4ac − b2.

Thus solving ax2 + bx + c ≡ 0 is equivalent to solving (2ax + b)2 ≡ b2 − 4ac (mod p). Therefore, if b2 − 4ac is not a square modulo p, then there are no solutions. If b2 − 4ac ≡ r2 (mod p), then we obtain 2ax + b ≡ ±r (mod p) or x ≡ (2a)−1(−b ± r) modulo p, as desired.

Example: Solve x2 + 5x + 3 ≡ 0 modulo 7. In this case b2 − 4ac ≡ 52 − 4(1)(3) ≡ 6 (mod 7). But 6 is not a square modulo 7, so there are no solutions.

4.2 Proof of Theorem 11

We now prove Theorem 11. Let r1, r2, . . . , rm be the distinct solutions to f(x) ≡ 0 (mod p). That is f(rj) ≡ 0 modulo p, and ri 6≡ rj mod p if i 6= j. We’d like to show m ≤ d. The proof is by induction. We’ve already handled the case d = 1. Consider the root r1. By division with remainder over the integers, there is a polynomial f1(x) with integer coeﬃcients and degree d − 1 so that f(x) = (x − r1)f1(x) + r, for some integer r. Because f(r1) ≡ 0 (mod p), we obtain r ≡ 0 mod p so f(x) ≡ (x − r1)f1(x) (mod p). Now, plug in rj for j 6= 1 into this congruence. We get 0 ≡ f(rj) ≡ (rj − r1)f1(rj) (mod p). Because rj is distinct from r1 modulo p, we can invert rj − r1 to obtain f1(rj) ≡ 0 (mod p) for j = 2, 3, . . . , m − 1. That is, r2, r3, . . . , rm are distinct solutions to f1(x) ≡ 0 (mod p). By the induction hypothesis, m − 1 ≤ d − 1, which gives m ≤ d, as desired.

6 5 Order

We now discuss the order of elements modulo an integer m. Deﬁnition Suppose (a, m) = 1. Then the order of a modulo m is the least positive integer h so h that a ≡ 1 (mod m). We write ordm(a) = h. Because aφ(m) ≡ 1 (mod m), h exists and h ≤ φ(m).

1 2 Example: Suppose m = 15. Then 4 6≡ 1 but 4 ≡ 1 modulo 15. Thus ord15(4) = 2. If a = 2, 1 2 3 4 then one computes the powers 2 , 2 , 2 , 2 = 16 ≡ 1 (mod 15), so ord15(2) = 4. Finally, if a = 7, 2 3 4 then 7 ≡ 4, 7 ≡ 4 · 7 ≡ −2, 7 ≡ 7 · −2 ≡ 1, so ord15(7) = 4. Note that the orders 4 and 2 divide φ(15) = 8. Thus the example is a special cases of the following proposition.

w Proposition 14. Suppose (a, m) = 1, and a ≡ 1 (mod m). Then ordm(a) divides w. In particular, ordm(a) divides φ(m).

Proof. Set h = ordm(a). By division with remainder, we can write w = qh + r for integers q, r with 0 ≤ r < h. Then 1 ≡ aw ≡ (ah)qar ≡ ar (mod m). As h is the least positive integer for which ah ≡ 1 (mod m), we have r = 0. Thus h|w, as claimed.

It will take us a while, but we will eventually prove the following very useful result:

Theorem 15. Suppose p is prime. Then there exists g with ordp(g) = p − 1.

Example: Suppose p = 7. Then ord7(2) = 3, so the g of the above theorem cannot by 2. However, 0 1 2 computing powers of 3, one gets 1, 3, 2, 6, 4, 5, 1 for 3 , 3 , 3 , ... taken modulo 7. So ord7(3) = 6, and one can take g = 3 in the above theorem. What are the orders of powers of a ﬁxed element? The following proposition answers this question.

d h Proposition 16. Suppose ordm(r) = h. Then ordm(r ) = gcd(h,d) .

2 6 Example: As just computed, ord7(3) = 6. Thus ord7(2) = ord7(3 ) = gcd(2,6) = 3 and ord7(5) = 5 6 ord7(3 ) = gcd(5,6) = 6. Thus, 5 also works as g in Theorem 15 for p = 7. Lemma 17. Suppose h, d, v are integers, g = gcd(h, d) and h|dv. Then h/g divides v.

Proof. One has hq = dv for some integer q. Thus (h/g)q = (d/g)v, so h/g divides (d/g)v. Because g is the gcd of h and d, h/g and d/g are integers, and are relatively prime. Thus h/g divides v, as claimed.

d h/g h d/g d Proof of Proposition 16. . Set g = gcd(h, d). Then (r ) ≡ (r ) ≡ 1 (mod m). Thus ordm(r ) divides h/g. On the other hand, suppose (rd)v ≡ 1 (mod m). Then h|dv, which implies h/g divides d v, by the lemma. Thus h/g divides ordm(r ). The proposition follows.