MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Modules A – F (in lieu of September 7–14 class lectures)

Name:

1. The Euler ϕ-function: number of units in Zn

Let n> 1 be an integer. The units in Zn form a multiplicative subgroup Z• Z Z n := {[a] ∈ n : [a][b] = [1] for some b ∈ }. The Euler ϕ-function ϕ(n) is the order of this group: Z• ϕ(n) := | n|, the number of units in Zn.

Exercise. For each integer n in the table below, list the units in Zn and the value of ϕ(n):

n ϕ(n) units in Zn 2 3 4 5 6 8 9 10 20 27

1 2. The Euler ϕ-function is a multiplicative function Theorem 1. The Euler ϕ-function is a multiplicative function, i.e., if gcd(m,n)=1, then ϕ(mn)= ϕ(m)ϕ(n).

Proof. Consider the natural mapping F : Zmn → Zm × Zn given by

F ([x]mn)=([x]m, [x]n). (i) Why is F is well defined?

(ii) Why is F is onto?

Since the domain and the range have the cardinality, the function F is also one-to-one, and is a bijection.

′ Z• Z• Z• (iii) Why does F restrict to a function F : mn → m × n ?

(iv) Show that F ′ is a bijection and that this completes the proof of the theorem.

 3. Calculation of ϕ(n) (a) Let p be a prime.

(i) What is ϕ(p) ?

(ii) What is ϕ(pk) for an integer k ≥ 1 ?

(b) Make use of the results in (a) to show that 1 ϕ(n)= n 1 − . p Yp|n  

Exercise. For each integer n in the table below, find the value of ϕ(n):

n ϕ(n) Calculation 64 81 100 108 120 MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Module B (in lieu of September 7 class lecture)

4. Fermat-Euler theorem Theorem 2 (Fermat-Euler). If gcd(a,n)=1, aϕ(n) ≡ 1 (mod n).

Proof. Consider the function fa : Zn → Zn given by

fa([x])=[ax].

(a) Why is fa one-to-one?

(b) Why is fa onto?

Z• Z• (c) Why does fa induce a bijection n → n ?

Z• This means that if x1,..., xϕ(n) are the elements of n, then [ax1],..., [axϕ(n)] is a permutation of the same ϕ(n) elements. In other words, [ax1] ··· [axϕ(n)]=[x1] ··· [xϕ(n)], or ϕ(n) (a − 1)x1 ··· xϕ(n) ≡ 0 (mod n). (d) Why can we conclude that aϕ(n) ≡ 1 (mod n) ?

 Corollary 3 (Fermat’s Little Theorem). Let p be a prime, and a an integer. If p does not divide a, then ap−1 ≡ 1 (mod p).

Proof.  Z• 5. The order of an element in n Z• ϕ(n) Let a ∈ n. By the Fermat-Euler theorem a = 1, there is a smallest d Z• positive integer d := ordern(a) such that a = 1 ∈ n. Such an integer is Z• called the order of a in n.

Proposition 4. ordern(a) is a divisor of ϕ(n).

Proof. Let t = ordern(a), and write ϕ(n)= tq + r for some integers q and r, 0 ≤ r

Therefore, r = 0, and ϕ(n) = tq. From this ordern(a) is a divisor of ϕ(n).  Z• Exercise. For each integer n below, consider the elements in n other than 1. Compute the order by listing its successive powers modulo n: (1) n = 12 with ϕ(n)=4:

a ordern(a) powers of a mod 12 5 7 11 (2) n = 15 with ϕ(n)=8:

a ordern(a) powers of a mod 15 2 4 7 8 11 13 14

(3) n = 13 with ϕ(n)=12.

a ordern(a) powers of a mod 13 2 3 4 5 6 7 8 9 10 11 12 Proposition 5. If ordern(a)= t, then t order (ak)= . n gcd(t, k) Proof. Let d = gcd(t, k) and write t = dt′, k = dk′ for integers t′, k′. Note that gcd(t′, k′)=1.

′ (1) Show that (ak)t =1.

′′ (2) Suppose (ak)t = 1 for some t′′ < t′. Show that kt′′ is a multiple of t = dt′.

This means that t′′ is a multiple of t′, an impossibility. k ′ t  This shows that ordern(a )= t = d . 6. Primality test for Mersenne numbers p Theorem 6. Let p be a prime. Every prime divisor of Mp := 2 − 1 is of the form 2kp +1 for some integer k. Show that this follows from Fermat’s little theorem.

11 Exercise. (4). Show that M11 =2 − 1 = 2047 is composite by explicitly factoring it.

13 (5) Show that M13 =2 − 1 = 8191 is a prime. MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Module C (in lieu of September 12 class lecture)

7. The sum d|n ϕ(d)

Lemma 7. IfPf(n) is a multiplicative function, then so is F (n) := d|n f(d). Proof. Let m and n be relatively prime. P F (mn)= f(d) dX|mn

= F (m)F (n). 

Theorem 8. d|n ϕ(d)= n.

Proof. Let F (Pn) := d|n ϕ(d).

(1) For a prime powerP pk, show that F (pk)= pk.

By Lemma 7, F is a multiplicative function. ki (2) Let n = pi . Show that F (n)= n. Q

 Therefore, d|n ϕ(d)= n. P 8. Gauss’ theorem Theorem 9 (Gauss). If F is a finite field, the multiplicative group F • = F \ {0} is a cyclic group. Proof. Let q = |F |. For each d|q − 1, suppose there ψ(d) elements of order d in F ∗ = F \ {0}.

(a) Why is q − 1= d|q−1 ψ(d) ? P

(b) Note that there are at most d elements in F satisfying xd − 1=0. Why?

(c) In fact, if α is element of order d, then the elements satisfying xd−1= 0 are precisely 1, α, α2,..., αd−1. How many of these have order d?

(d) Conclude that ψ(d)=0 or ϕ(d).

(e) Make use of this and Theorem 8 to conclude that there are exactly ϕ(d) elements of order d.

 Corollary 10. Let p be an odd prime. Z• (a) For each divisor t of p − 1, there are exactly ϕ(t) elements of p = Zp \ {0} of order t. (b) There are exactly ϕ(p − 1) primitive roots for p.

Proof.  Z• 9. When is n cyclic? Lemma 11. A cyclic group has at most one element of order 2. Proof. Let G be a cyclic group of order n, and a ∈ G a generator, i.e., an element of order n. Every element of G is of the form ak for some k ≤ n. (a) What is the order of ak?

(b) When is this order equal to 2?

(c) Deduce that if n is odd, there is no element of order 2.

(d) Show that if n is even, there is only one element of order 2.

 Z• Proposition 12. If m = ab for relatively prime integers a, b ≥ 3, then m cannot be cyclic. Proof. Let m = ab for relatively prime integers a, b ≥ 3.

(a) Why are there integers x1 and x2 satisfying the following simultane- ous congruences?

x1 ≡−1 (mod a) x2 ≡ 1 (mod a) and (x1 ≡ 1 (mod b) (x2 ≡−1 (mod b).

Z• (b) How do x1 and x2 give distinct elements of ab of order 2?

Z•  This shows that m cannot be cyclic. Z• k k Theorem 13. m is cyclic if and only if m = 2, 4, or p , 2p for an odd prime p.

Proof. (⇒) Suppose Zm is cyclic, and m is a prime power. (i) For m =2k, k ≥ 3, give two elements of order 2.

Therefore, m =2, 4, or pk for an odd prime p and k ≥ 1. (ii) Suppose m = ab for a,b > 1 with gcd(a,b)=1. Why must one of a, b equal to 2?

Therefore, m =2, 4, pk, or 2pk for an odd prime p and k ≥ 1. (⇐) Give a generator when (iii) m =2:

(iv) m =4:

Z• For an odd prime p, let b ∈ p be a generator. Z• p−1 In Module D, we shall show that it b ∈ p is a generator with b =1+ ap for an integer q, then Z (1) when a 6≡ 0 (mod p), b is a generator of pk , k > 1, Z (2) when a ≡ 0 (mod p), b + p is a generator of pk , k > 1. Z• k (v) Give a generator of m for m =2p by making use the above result.  MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Module D (in lieu of September 12 class lecture)

Z• Z Generators of pk in terms of those of p for an odd prime Let p be an odd prime. The following two propositions A and B establish Z the theorem on generators of pk for an odd prime p and k > 1. Z• Theorem 14. Let p be an odd prime, and b ∈ p a generator with bp−1 =1+ ap for an integer a. Let q = pk, k > 1. Z• (a) If a 6≡ 0 (mod p), then b is a generator of q. Z• (b) If a ≡ 0 (mod p), then b + p is a generator of q.

Proposition A. Suppose a is not divisible by p. For k =1, 2,... , consider the statement pk−1(p−1) k k+1 (P(k)) : b ≡ 1+ akp (mod p ) where ak is an integer not divisible by p. (a) Show that P(1) is true.

k+2 (b) Assume Pk. Then modulo p , k k−1 p bp (p−1) = bp (p−1)  k p ≡ (1 + akp ) p −1 p = 1+ p · a · pk + ap · pkp + aj · pkj k k j k j=2 X  

Show that apart from the first term, every term in this sum is divisible by p. Hence, complete the induction. Proposition B. Suppose a is divisible by p. For k =1, 2,... , consider the statement pk−1(p−1) k k+1 (Q(k)): (b + p) ≡ 1+ bkp (mod p ) where bk is an integer not divisible by p. (a) Show that Q1 is true.

(b) Assume Q(k). Then, modulo pk+2,

k k−1 p (b + p)p (p−1) = bp (p−1)  k p ≡ (1 + bkp ) p −1 p =1+ p · b · pk + pkp · bp + pkj · bj . k k j k j=2 X   Show that beginning with the third term, every term in this sum is divisi- ble by pk+2. Hence, complete the induction.

Exercise. Make use of Propositions A and B to give a proof of Theorem 14. MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Module E (in lieu of September 14 class lecture)

10. Rational points on the unit circle A Pythagorean triangle is a right triangle with integer sides (a,b,c) sat- isfying a2 + b2 = c2. It is primitive if a, b, c are relatively prime. Theorem 15. Points on the unit circle x2 + y2 =1 can be parametrized as 1 − t2 2t (x,y)= , 1+ t2 1+ t2   for t ∈ R. Proof. The point (−1, 0) is clearly on the unit circle. (a) Find the equation of a line through this point with slope t.

(b) Find the coordinates of the second intersection of the circle with the line in (a).



v Suppose t is a rational number u with relatively prime integers u, v. Write the coordinates of the point in (b) in terms of u and v. 11. Construction of Pythagorean triangles Let (a,b,c) be a primitive Pythagorean triangle. (a) Show that there are relatively prime (positive) integers u and v such that a = u2 − v2, b =2uv, c = u2 + v2. v a b What restrictions can we pose on u and v so that t = u yields c , c ? (i) Why is u>v?

(ii) Why can we restrict to u, v with opposite parity?

Exercise. How many Pythagorean triangles are there with sides ≤ 100? In the table below, list in the second column the primitive Pythagorean triangles of sides ≤ 100, using the parameters (u,v) in the first column. Then in the third column, enter the number of multiples of the primitive one which have sides ≤ 100.

(u,v) (a,b,c) multiples (2, 1) (3, 2) (4, 1) (4, 3) (5, 2) (5, 4) (6, 1) (6, 5) (7, 2) (7, 4) (7, 6) (8, 1) (8, 3) (8, 5) (9, 2) (9, 4) Total 12. Fermat’s Theorem: Nonexistence of Pythagorean triangle with square area Theorem 16 (Fermat). The area of a Pythagorean triangle cannot be a square. Proof. Suppose, for a contradiction, that there is one such triangle, which we may assume primitive, with side lengths (u2 − v2, 2uv,u2 + v2), u, v being relative prime of different parity. (a) The area A = uv(u2−v2) is a square. Why are u, v, and u2−v2 squares ?

(b) Write u = a2 and v = b2, so that u2 −v2 = a4 −b4 =(a2 −b2)(a2 +b2). Why are a2 − b2 and a2 + b2 squares?

(c) Write a2 − b2 = r2 and a2 + b2 = s2 for some integers r and s. Show that (i) 2a2 = r2 + s2.

(ii) (2a)2 = 2(r2 + s2)=(r + s)2 +(r − s)2.

(d) Thus, we have a new Pythagorean triangle (s − r, r + s, 2a). Show that the area of this triangle is the square of a smaller integer.

(e) Complete the proof by a descent reasoning.

 13. Fermat Last Theorem for n =4 Corollary 17. The equation x4+y4 = z4 does not have solutions in nonzero integers. Proof. Suppose x4 + y4 = z4 for positive integers x, y, z. Obtain a contradiction by showing that the Pythagorean triangle with sides z4 − y4, 2z2y2 and z4 + y4 has a square area.



Remark. This proof actually shows that the equation x2 + y4 = z4 has no solution in nonzero integers. MAS 6217 (Fall 2017) Number Theory and Cryptography (Yiu) Inquiry Based Learning Module F (in lieu of September 14 class lecture) 14. Incircle of a triangle Consider triangle ABC with side lengths BC = a, CA = b, AB = c, 1 and semiperimeter s = 2 (a + b + c). Let the incircle (with center I and radius r) touch the sides BC, CA and AB respectively at X, Y , and Z. A

s − a

s − a

Y

Z I s − c

s − b

B C s − b X s − c Exercise. (1) Prove that AY = AZ = s − a, BX = BZ = s − b, CX = CY = s − c. 15. Excircle of a triangle Consider also the A-excircle of triangle ABC (with center I′ and radius r′) touching the side BC at X′, and the extensions of AC and AB at Y ′ and Z′ respectively.

A

s − a

Y r Z I s − c

C B X X′ s − b

Y ′

r′ Z′

I′ (2) (a) Show that CY ′ = s − b and BZ′ = s − c.

(b) Show that triangles AIY and AI′Y ′ are similar. Hence deduce that r s−a r′ = s .

(c) Show that triangles ICY and CI′Y ′ are similar. Hence deduce that r s−b s−c = r′ .

(d) Solve the equations in (b) and (c) to find r and r′ in terms of a, b, c, s. 16. The Heron formula for the area of a triangle

A

s − a

s − a

Y

Z I s − c

s − b

B C s − b X s − c (3) (a) Write the area ∆ of triangle ABC in terms of r and s.

(b) Make use of 2(d) to establish the Heron formula: ∆= s(s − a)(s − b)(s − c). p

(c) Show that the Heron formula can be written in the form 16∆2 =2b2c2 +2c2a2 +2a2b2 − a4 − b4 − c4. 17. Heron triangles A Heron triangle is an integer triangle with integer area. Here is a funda- mental fact about Heron triangles. Theorem 18. The perimeter of a Heron triangle is an even number. Equiv- alently, its semiperimeter s is an integer. Proof. It is enough to consider primitive Heron triangles, those whose sides are relatively prime. We shall assume a, b, c not all even. Suppose the perimeter is not even. Then s is a half integer.

This completes the proof that exactly two of a, b, c must be odd. The perimeter being even, the semiperimeter s is an integer.  18. Construction of Heron triangles Suppose you teach the Heron formula in a geometry class, and want to set a test problem to find the area of an integer triangle with integer area. The triangle cannot be a Pythagorean triangle. (a) How can you use the two Pythagorean triangles (3, 4, 5) and (5, 12, 13) to make a primitive Heron triangle?

(b) How many primitive Heron triangles can you make from this pair?

(c) Do you think every primitive Heron triangle can be made in this way? Can you justify your answer?