6 Gaussian Integers and Rings of Algebraic Integers

One way that Euler, Lagrange, Jacobi, Kummer and others tackled Fermat’s Last Theorem was to try to show that the equation xn + yn = zn had no non-zero solutions in a ring containing the integers. Ultimately, proofs for a large number of exponents were obtained this way. Many other number theory problems can be approached similarly. Perhaps the simplest example of such a ring is the following:

Definition 6.1. The Gaussian integers are the set Z[i] = x + iy : x, y Z of complex numbers { ∈ } whose real and imaginary parts are both integers.

Z[i] is a ring (really a subring of C) since it is closed under addition and multiplication:

(x + iy) + (p + iq) = (x + p) + i(y + q), (x + iy)(p + iq) = (xp yq) + i(xq + yp) − Note how the second follows from the fact that i satisfies the quadratic polynomial i2 + 1 = 0.

6.1 The Division and Euclidean Algorithms for the Gaussian Integers Our first goal is to develop unique factorization in Z[i]. Recall how this works in the integers: every non-zero z Z may be written uniquely as ∈ z = upk1 pkn 1 ··· n where k ,..., k N and, more importantly, 1 n ∈ • u = 1 is a unit; an element of Z with a multiplicative inverse ( v Z such that uv = 1). ± ∃ ∈ • p ,..., p are distinct irreducibles/primes; a p = a = 1 or p. 1 n | ⇒ ± ± To do the same in Z[i], we first need to identify the ingredients: what are the units and the Gaussian primes? Since primality depends on divisibility, we start by working towards a division algorithm. . .

Definition 6.2 (Divisibility). Givena α, β Z[i], we write α β γ such that β = γα. ∈ | ⇐⇒ ∃ aFor the duration of this chapter, Greek letters denote complex numbers and Latin letters integers.

Examples 6.3. With the exception of 0 0, testing for divisibility requires the usual ‘multiply by the | conjugate’ trick:

7 + i (7 + i)(1 3i) 10 20i 1. Since = − = − = 1 2i Z[i], we conclude that 1 + 3i 7 + i. 1 + 3i 10 10 − ∈ 4 + i (4 + i)(1 3i) 7 11i 2. Since = − = − Z[i], we see that 1 + 3i - 4 + i. 1 + 3i 10 10 6∈ To obtain a version of the division algorithm we need some a notion that the remainder be smaller than a divisor. Thankfully, the modulus provides such for the complex numbers. In part to avoid nasty square roots, we instead use the square of the modulus.

1 Definition 6.4. The norm of a Gaussian integer α = x + iy is

N(α) := α 2 = x2 + y2 | | The norm has a couple of useful basic properties analogous to the absolute value in Z:

Lemma 6.5. 1. (Multiplicativity) N(αβ) = N(α)N(β): this holds for any complex numbers α, β.

2. (Units) α is a unit if and only if N(α) = 1, whence Z[i] has precisely four units: 1, i. ± ±

Proof. 1. Just multiply it out. We get almost the same formula as when we discussed sums of squares: if α = x + iy and β = u + iv, then

N(αβ) = (xu yv)2 + (xv + yu)2 = (x2 + y2)(u2 + v2) = N(α)N(β) − 2. α Z[i] is a unit if and only if β Z[i] such that αβ = 1. Taking norms, we see that ∈ ∃ ∈ N(α)N(β) = N(1) = 1

Since norms are positive integers, this says that N(α) = 1. Conversely, N(α) = 1 = αα = 1 so that α is a unit. ⇒

Theorem 6.6 (Division algorithm). Let α, β Z[i] with β = 0. Then γ, ρ Z[i] for which ∈ 6 ∃ ∈ α = βγ + ρ and N(ρ) < N(β)

The proof is somewhat algorithmic, so we obtain it before computing an example. First observe:

• The norm gives the required notion that the remainder ρ be smaller than the divisor β.

• Unlike with the division algorithm in Z, we make no claim that γ and ρ are unique.

ρ N(ρ) ρ < Proof. First reframe the goal. Since N( β ) = N(β) , our job is to find ρ such that N( β ) 1. Since the norm is distance squared, and we want ρ α = γ β β − it is enough for us to find any γ Z[i] within distance 1 of α . This is trivial to do, since the Gaussian ∈ β integers form an equally-spaced lattice in the complex plane. Let γ be any suitable value and define ρ = α βγ, whence −  α  N(ρ) = N(α βγ) = N γ N(β) < N(β) − β −

α We could have introduced uniqueness by choosing the closest γ to β , preferenced by lexicographic ordering in case of a tie, but this would be unhelpfully messy!

2 α 4+5i Examples 6.7. 1. Let α = 4 + 5i and β = 3. Then β = 3 is iR within unit distance of four Gaussian integers. In this case 3i we have N(β) = 9 and we may write the division algorithm in four different ways 2i 4+5i 4 + 5i = 3(1 + 2i) + (1 i) N(ρ) = 2 − 3 = 3(2 + 2i) + ( 2 i) = 5 − − i = 3(1 + i) + (1 + 2i) = 5 = 3(2 + i) + ( 2 + 2i) = 8 − 0 R 2. Let α = 2 + 7i and β = 1 + 2i. Then 0123 iR α (2 + 7i)(1 2i) 16 + 3i = − = 4i β 5 5 3i Choose γ = 3 + i and write 2i 2 + 7i = (1 + 2i)(3 + i) + 1

where N(ρ) = N(1) = 1 < 5 = N(β), as required. Two i 16+3i α 5 other Gaussian integers lie within unit distance of β : the corresponding statements of the division algorithm are 0 01234 R 2 + 7i = (1 + 2i) 3 + ( 1 + i) N(ρ) = 2 · − = (1 + 2i)(4 + i) 2i = 4 − Greatest Common Divisors and the Euclidean Algorithm The discussion of greatest common divisors and the Euclidean Algorithm is almost identical to that in the integers, though there are some subtleties.

Definition 6.8. Given α, β Z[i], consider the set ∈ S = κα + λβ : κ, λ Z[i] { ∈ } A greatest common divisor δ of α and β is a non-zero element of S with minimal norm.

The definition is algebraically nice, but awkward to compute with directly, except in special cases.

Example 6.9. If we take α = 2 + i and β = i, observe that

1 = (1 + i)(2 + i) 3i S − ∈ Since no element of S could possibly have smaller positive norm, we conclude that 1 is a greatest common divisor. As previously, we’d say that α, β are relatively prime. Note that there are four distinct greatest common divisors: multiplying the above by any unit shows that 1, i S. Since no other complex numbers have norm 1, these are all the greatest common ± ± ∈ divisors.

3 Trying to guess some linear combination of α, β as above is hopeless in general. Thankfully the Eucldiean Algorithm will provide a systematic method. Before seeing this, we check that greatest common divisors really have the properties their name leads us to expect!

Theorem 6.10. Let δ be any gcd of α, β. Then:

1. (Common divisor) δ divides both α and β;

2. (Maximality) Every common divisor of α, β divides δ (among all such, δ has maximum norm);

3. (Four gcds) S = µδ : µ Z[i] . In particular, δ, iδ are all the greatest common divisors. { ∈ } ± ± Since you should have seen a version of this for the integers, we leave the proof to the Exercises. It is legitimate to write δ = gcd(α, β) as long as you appreciate (part 3) that the gcd is not unique! It is common to normalize a gcd by insisting that x > 0 and y 0 where δ = x + iy: exactly one of the ≥ four choices will satisfy this. Now suppose we have a line from the division algorithm: α = γβ + ρ = κα + λβ = (λ + κ)β + κρ ⇒ The sets S generated by the pairs (α, β) and (β, ρ) are therefore identical, and we conclude that gcd(α, β) = gcd(β, ρ)! The Eucldiean algorithm now proceeds as in the integers: simply iterate the division algorithm and the last non-zero remainder will be a greatest common divisor. Since division of complex numbers is messier than in the integers, any given example of the Eu- clidean algorithm takes much longer. . .

Examples 6.11. 1. We compute gcd(4 + i,3 ).

4+i Observe that 3 is within unit distance of four Gaussian integers 1, 2, 1 + i, 2 + i. We perform the calculation with the first of these.

4 + i = 1 3 + (1 + i) N(1 + i) = 2 < 9 = N(3) · 3 = (1 i)(1 + i) + 1 N(1) = 1 − The algorithm can be reversed to obtain
gcd(4 + i,3 ) = 1 = 3 (1 i)(1 + i) = 3 (1 i) 4 + i 3 − − − − − = (2 i) 3 + (i 1)(4 + i) ( ) − · − ∗ Alternatively, we could have done the following:

4 + i = 2 3 + (i 2) N(i 2) = 5 · − − 3 = ( 1 i)(i 2) + ( i) N( i) = 1 − − − − − from which

gcd(4 + i,3 ) = i = 3 + (1 + i)(i 2) = 3 + (1 + i)(4 + i 2 3) − − − · = ( 1 2i) 3 + (1 + i)(4 + i) − − · This is simply ( ) multiplied through by i. ∗ −

4 2. Find gcd(7 + 17i,8 14i). First apply the division algorithm: − α 7 + 17i (7 + 17i)(8 + 14i) 7 + 9i = = = − β 8 14i 82 + 142 10 − so we choose

γ = 1 + i = 7 + 17i = ( 1 + i)(8 14i) + 1 5i − ⇒ − − − Applying again:

8 14i (8 14i)(1 + 5i) − = − = 3 + i Z[i] = gcd(7 + 17i,8 14i) = 1 5i 1 5i 26 ∈ ⇒ − − − Indeed we have (3 + i)( 7 + 9i) 8 14i = (3 + i)(1 5i) = 7 + 17i = − (1 5i) = ( 3 + 2i)(1 5i) − − ⇒ 10 − − − Normalizing the gcd, we can write

gcd(7 + 17i,8 14i) = 5 + i = i(1 5i) = i(7 + 17i) + (1 + i)(8 14i) − − − Exercises 1. For each part, check whether the Gaussian integer β divides α.

(a) β = 3 + 5i, α = 11 8i − (b) β = 2 3i, α = 4 + 7i − (c) β = 3 39i, α = 3 5i − − (d) β = 3 5i, α = 3 39i − − 2. In the division algorithm, explain why there is at least one γ Z[i] for which N( α γ) 1 . ∈ β − ≤ 2 3. (a) Apply the division algorithm to the pair (11 8i, 3 + 5i) to find Gaussian integers γ, ρ − satisfying α = βγ + ρ with N(ρ) 1 N(β). ≤ 2 (b) Repeat (apply the Euclidean Algorithm in Z[i]) until you compute a gcd of α and β. (c) Express gcd(11 8i, 3 + 5i) as a linear combination of α, β. − 4. Compute gcd(3 + i, 2i) in two ways:

(a) The easy way using the Euclidean Algorithm. (b) The hard way using Definition 6.8: write κ = x + iy and λ = z + iw, compute

N [(x + iy)(3 + i) + (z + iw) 2i] = (3x y 2w)2 + (x + 3y + 2z)2 · − − and try to minimize N...

5. Prove all three parts of Theorem 6.10. (Hint: for part (a), let δ be a gcd and use the division algorithm to divide α by δ)

5 6.2 Primes and Irreducibles: Unique Factorization As in the integers, unique factorization will follow from the equivalence of primes and irreducibles.

Definition 6.12. Let π be a Gaussian integer such that N(π) 2 (π = 0 and not a unit). ≥ 6 • π is a Gaussian prime if π αβ = π α or π β. | ⇒ | | • π is irreducible if π = αβ = α or β is a unit. ⇒

Theorem 6.13. π is a Gaussian prime π is irreducible. ⇐⇒ Proof. ( ) Suppose π is a Gaussian prime and that π = αβ. Certainly π αβ. Since π is prime we ⇒ | assume WLOG that π α. But then α = πγ for some γ Z[i], whence | ∈ π = αβ = πγβ = 1 = γβ ⇒ This says that β is a unit and so π is irreducible.a ( ) Suppose π is irreducible and that π αβ. Let δ = κπ + λα = gcd(π, α). Then δ divides both ⇐ | π, α. But π is irreducible, whence δ is a unit or a unit multiple of π. – If δ is a unit, then δβ = κπβ + λαβ is divisible by π. But δ is a unit, so π β. | – If δ is a unit multiple of π, then π α. | aThis direction holds in any integral domain. The converse requires gcds and thus the norm and division algorithm.

Henceforth we will refer only to Gaussian primes. The term prime (or real prime for clarity) will continue to refer to a positive integer. Identifying some Gaussian primes is easy:

Lemma 6.14. 1. If π is a Gaussian prime, so is its complex conjugate and any unit multiple. 2. If N(π) is a (real) prime, then π Z[i] is a Gaussian prime. ∈ Proof. Part 1. is an easy exercise. For part 2., let π = αβ. Then

N(π) = N(α)N(β) prime = N(α) or N(β) = 1 = α or β is a unit ⇒ ⇒ Examples 6.15. 1. 3 + 2i is a Gaussian prime since N(3 + 2i) = 13 is prime. Any unit multiple is also a Gaussian prime ( 2 + 3i, 3 2i, 2 3i), as are their complex conjugates. − − − − As with gcds, it is common to normalize Gaussian primes: 3 + 2i is already in the desired form. For the complex conjugate we’d likely take 2 + 3i = i(3 2i) − 2. N(2) = 4: is 2 a Gaussian prime? No: 2 = (1 + i)(1 i). However, both factors 1 i are − ± Gaussian primes, since N(1 i) = 2 is prime. ± 3. N(3) = 9: is 3 a Gaussian prime? Suppose 3 = αβ for some α, β Z[i]. Then ∈ N(α)N(β) = 9 = N(α), N(β) = 1, 3 or 9 ⇒ If N(α) = 3, writing α = x + iy forces 3 = x2 + y2; a contradiction. Either α or β must be a unit and so 3 is a Gaussian prime. This shows that the converse to Lemma 6.14 is false.

6 As parts 2 and 3 show, it is not straightforwad to identify Gaussian primes. A complete description is coming, though since it follows from unique factorization, we first establish this.

Theorem 6.16 (Unique Factorization). Every Gaussian integer α is either zero, a unit, or may be written as a product of Gaussian primes:

α = π π ( ) 1 ··· k ∗ This product is unique up to order and multiplication of primes by units. If we normalize the Gaus- sian primes,a then we can write

α = µπ π (†) 1 ··· k where µ is a unit and the factorization is unique up to the order of the πj.

aπ = x + iy where x > 0 and y 0. ≥ The proof is essentially identical to the that for the integers, and comes in two Lemmas.

Lemma 6.17 (Existence). Every α with N(α) 2 is a product of Gaussian primes. ≥ Proof. We prove by induction. (Base Case n = 2) Suppose N(α) = 2. Then N(α) is prime and so α is a Gaussian prime. (Induction step) Fix n 2 and assume that every Gaussian integer with norm at most n may be ≥ factored as a product of Gaussian primes. If N(α) = n + 1, then either: • α is a Gaussian prime, or; • α = βγ where neither factor is a unit. But then 2 N(β), N(γ) n, whence α is a product ≤ ≤ of Gaussian primes.

By induction, every non-zero non-unit Gaussian integer may be factored as in ( ). ∗ This is really factorization into Gaussian irreducibles: it depends only on the existence of the norm.

Lemma 6.18 (Uniqueness). The factorization (†) is unique up to ordering.

Proof. Suppose α has two factorizations into normalized Gaussian primes as in (†). Setting these equal, we may divide both sides by common elements to obtain

π π = µψ ψ 1 ··· s 1 ··· t where π and ψ are distinct sets and µ is a unit. However, π now dividesa some ψ and thus { i} { j} 1 j equals ψj by normalization. This is a contradiction unless the factorizations differ only by ordering.

aThis is where the equivalence of Gaussian primes and irreducibles is used. Since this depends on the division algorithm and gcds, in more general rings, the existence of a factorization into irreducibles is much more likely than its uniqueness!

7 Computing the Prime Factorization We now discuss how to compute the unique factorization of any Gaussian integer α = x + iy. This is built on the factorization of N(α) = x2 + y2 Z and depends on three types of prime p N(α). ∈ | p = 2: Suppose that 2 N(α). Since 2 x2 + y2, we see that x, y have the same parity, and so | |  x + y y x  α = x + iy = (1 + i) + − i 2 2

is a factorization in Z[i]. p 3 (mod 4): This is a generalization of Example 6.15.3. If p = βγ, then N(β)N(γ) = p2. We ≡ cannot have N(β) = N(γ) = p, since p is not a sum of squares. It follows that one of β, γ is a unit, whence p is a Gaussian prime. Since p x2 + y2 we have x2 y2 (mod p). Taking Legendre symbols, | ≡ −  x2   y2   1  y2   y2   x   y  = − = − = = = = 0 p p p p − p ⇒ p p

Clearly x and y are both divisible by p; we conclude that p α. | p 1 (mod 4): Write p = a2 + b2 as a sum of squares, where we may assume both a, b > 0. Plainly ≡ N(a + ib) = p is prime and so π := a + ib is a Gaussian prime. Now compute1

α (a ib)(x + iy) ax + by ay bx α ay + bx by ax = − = + − i and = + − i π a2 + b2 p p iπ p p

We want at least one of these to be a Gaussian integer. Since p N(α), we see that | (ax + by)(by ax) = b2y2 a2x2 = (a2 + b2)y2 a2(x2 + y2) = py2 a2(x2 + y2) − − − − is divisible by p, whence at least one of the LHS factors is also divisible by p. Similarly

(ay bx)(ay + bx) = py2 b2(x2 + y2) is divisible by p − − is divisible by p. There are four cases:

1. If p ax + by and p ay bx then π α. | | − | 2. If p by ax and p ay + bx then π α. | − | | 3. If p ax + by and p ay + bx then p divides | | (ax + by)y (ay + bx)x = b(y2 x2) − − Since p - b (p > b2!) we conclude that p y2 x2. Combined with p x2 + y2, we see that | − | p 2x2 and p 2y2, whence p x and p y. But then both π α and π α. | | | | | | 4. If p by ax and p ay bx, we obtain the same conclusion: π, π both divide α. | − | − 1In the second case we divide by iπ = b + ia so that the calculations are symmetric. This is of no consequence.

8 We summarize this discussion in our major result.

Theorem 6.19 (Classification of Gaussian Primes and the Computation of Unique Factorization). The following comprise all the Gaussian primes. In each case, we also identify when a Gaussian prime divides a given Gaussian integer α.

1. 1 + i: moreover if 2 N(α), then 1 + i α. | | 2. (Real) Primes p 3 (mod 4): if p N(α), then p α. ≡ | | 3. π = x + iy where p = x2 + y2 is a prime congruent to 1 modulo 4: if p N(α), then one or both | π or π divides α.

4. Any unit multiple of the above.

Proof. Given α, compute the prime factorization of N(α). Each real prime corresponds to one of the above Gaussian primes. Divide these out from α until there are no remaining prime divisors of N(α): we are necessarily left with a unit µ and a factorization

α = µπ π 1 ··· n where each πk is one of the Gaussian primes described in the Theorem. By unique factorization (Theorem 6.16), there are no other Gaussian primes.

Examples 6.20. 1. Factorize 7 + 17i and 8 14i into Gaussian primes and thus find their gcd. − N(7 + 17i) = 338 = 2 132 = 7 + 17i has one factor of 1 + i and two factors with norm 13. · ⇒ First divide by 1 + i: 7 + 17i = 12 + 5i 1 + i Since 13 = 22 + 32, the remaining factors come from 2 + 3i, 2 3i : try to divide by the first: { − } 12 + 5i (12 + 5i)(2 3i) 24 + 15 + (10 36)i = − = − = 3 2i = i(2 + 3i) 2 + 3i 13 13 − − = 7 + 17i = (1 + i)(12 + 5i) = i(1 + i)(2 + 3i)2 ⇒ − Repeat: N(8 14i) = 22 5 13 implies that 8 14i has two factors of 1 + i and one each from − · · − the pairs 1 2i and 2 3i. First divide out by (1 + i)2 = 2i: ± ± 8 14i = (1 + i)2(7 + 4i) − − Now try dividing by 2 + 3i: 7 + 4i (7 + 4i)(2 3i) 26 13i = − = − = 2 i = i(1 + 2i) 2 + 3i 13 13 − − = 8 14i = i(1 + 2i)(7 + 4i) = i(1 + i)2(1 + 2i)(2 + 3i) ⇒ − − Clearly gcd(7 + 17i, 8 14i) = (1 + i)(2 + 3i) = 1 + 5i = i(5 + i). Up to multiplication by a − − unit this is the same as we obtained via the Euclidean algorithm on page 5.

9 2. Factorize 39 + 48i into Gaussian primes. − First observe that 39 + 48i = 3( 13 + 16i) and that 3 is a Gaussian prime. Now consider the − − norm of what remains:

N( 13 + 16i) = 169 + 256 = 425 = 52 17 − · Since N(2 i) = 5 and N(4 i) = 17 we have two factors of 2 + i or 2 i and one factor of ± ± − 4 i. Try the latter first: ± 13 + 16i ( 13 + 16i)(4 i) 36 + 73i 68 + 51i − = − ∓ = − , − 4 i 17 17 17 ± Only the latter is a Gaussian integer: 4 + 3i. We check that (2 + i)2 = 3 + 4i, whence − 4 + 3i = i(3 + 4i) = i(2 + i)2 = 39 + 48i = 3i(2 + i)2(4 i) − ⇒ − − Normalizing this we obtain

39 + 48i = 3(2 + i)2(1 + 4i) − Application to sums of squares The discussion on Gaussian primes leads to an alternative way to condider sums of squares:

A positive integer m = x2 + y2 is the sum of two squares if and only if it is the norm of some Gaussian integer m = N(x + iy).

The question of how to write m as a sum of two squares may now be rephrased:

Find all α Z[i] such that N(α) = m. ∈ The prime factorization of m determines all possible factorizations of α, and thus all possible α. Examples 6.21. 1. We find all factorizations of 65 = 5 13 as a sum of squares. · Suppose 65 = N(α). Since 5 = N(2 i) and 13 = N(3 2i), unique factorization tells us that ± ± 65 = x2 + y2 where x + iy = α = µ(2 i)(3 2i) ± ± where any of the four combinations of are possible and µ is a unit for 16 total possibilities. We ± need not compute all these directly, since multiplying by units and taking complex conjugates of the final result merely permutes x, y and changes their signs. We therefore only need to consider two cases:

α = (2 + i)(3 + 2i) = 4 + 7i, α = (2 + i)(3 2i) = 8 i 1 2 − − which produce the representations

65 = 72 + 42 = 82 + 12

If one includes different signs and orders, we obtain the advertised 16 distinct representations.

10 2. 100 = 22 52 = N(α) = α = µ(1 + i)2(2 i)(2 i). Up to complex conjugation and · ⇒ ± ± multiplication by units, we have only two options
100 = N (1 + i)2(2 + i)2 = N( 8 + 6i) = 82 + 62
− = N (1 + i)2(2 + i)(2 i) = N(10i) = 102 + 02 − Including order and signs, we have 12 distinct representations.
3. 19890 = 2 32 5 13 17 = N 3(1 + i)(2 i)(3 2i)(4 i) . Up to complex conjugation, and · · · · ± ± ± multiplying by units, the term inside the norm can be chosen in four different ways:
19890 = N 3(1 + i)(2 + i)(3 + 2i)(4 + i) = N( 69 + 123i) = 1232 + 692
− = N 3(1 + i)(2 + i)(3 + 2i)(4 i) = N( 3 + 141i) = 1412 + 32 −
− = N 3(1 + i)(2 + i)(3 2i)(4 + i) = N(87 + 111i) = 1112 + 872 −
= N 3(1 + i)(2 + i)(3 2i)(4 i) = N(129 57i) = 1292 + 572 − − − These yield 32 representations when orderings and signs are included.

A general result for the number of representations of a positive integer as a sum of two squares can easily be stated in terms of its prime decomposition. The proof is a challenging exercise.

Theorem 6.22. 1. A positive integer m can be written as the sum of two squares if and only if its prime decomposition has the form

m = 2a pb1 pbk q2c1 q2cl 1 ··· k 1 ··· l where a N and each p 1 and q 3 modulo 4. ∈ 0 j ≡ j ≡ 2. Let n = (b + 1) (b + 1). 1 ··· k (a) Counting different signs and orderings, the number of distinct ways to write m as the sum of two squares is 4n. (b) If order and signs are ignored, the number of distinct representations is

( 1 2 n if n even, 1 2 (n + 1) if n odd (equivalently all bi are even).

Exercises 1. Prove Lemma 6.14, part 1. (You should be able to do this without invoking any results coming afterwards. . . )

2. (a) Suppose that a, b, c, d Z. Prove that ∈ (a + bi) (c + di) a2 + b2 divides both ac + bd and ad bc | ⇐⇒ − (b) Prove that (a + bi) (c + di) = (a2 + b2) (c2 + d2) | ⇒ | 3. Check explicitly that part 2 of Theorem 6.22 is satisfied when m = 1.

11 4. Factor each of the following Gaussian integers into a product of Gaussian primes.

(a) 91 + 63i (b) 975 (c) 115 9i − 5. (a) You are given the unique factorization 39 + 48i = 3(2 + i)2(1 + 4i) into Gaussian primes. − Find all possible representations of m = 3825 = 482 + 392 as a sum of squares of integers x, y where x y 0. ≥ ≥ (b) Find all the ways of writing 12 250 and 13 306 as sums of two squares. (Hint: question 4 will help) (c) How many ways are there to write 9752 = 950 625 as a sum of two squares? Find them all!

6. (Hard) Prove Theorem 6.22.

6.3 More General Rings and Factorization: Pell’s Equation revisited To keep the discussion cleaner, throughout this section we assume that d is a square-free integer: i.e. there are no primes p for which p2 d. | Definition 6.23. Suppose d is a square-free integer. In the ring Z[√d] = x + y√d : x, y Z the { ∈ } norm is defined by

N(x + y√d) = x2 dy2 − We have a general analogue of Lemma 6.5: carefully rewrite its proof. . .

Lemma 6.24. 1. N is multiplicative: N(αβ) = N(α)N(β).

2. α is a unit if and only if N(α) = 1. ± We can identify the units in these rings fairly easily, since we’ve seen many of them before.

Theorem 6.25. We classify the units in Z[√d].

1. If d = 1, we have the Gaussian integers with units 1, i. − ± ± 2. If d 2, then the only units are 1. ≤ − ± 3. If d 2, let δ = x + y√d be the fundamental solution of Pell’s equation x2 dy2 = 1; addi- ≥ − tionally, if it exists, let γ = X + Y√d be the fundamental solution to the negative Pell equation X2 dY2 = 1. − − (a) If the negative Pell equation has no solution, the units are δn for all n Z. ± ∈ (b) If γ exists, then δ = γ2 and the units are γn for all n Z. ± ∈ Either way, if d 2, then Z[√d] has infinitely many units. ≥ We could have begun our study of Pell’s equation by proving this result directly: the solutions to Pell’s equation corespond precisely to the units in Z[√d].

12 Primes, Irreducibles and Unique Factorization? We can define irreducibles and primes exactly as in the Gaussian integers. Moreover the ( ) direction ⇒ of Theorem 6.13 and Lemma 6.14 part 2 are proved identically. To summarize, let π Z[√d] be ∈ non-zero and non-unit:

• π is irreducible if π = αβ = one of α, β is a unit. ⇒ • π is prime if π αβ = π α or π β. | ⇒ | | • π prime = π irreducible. ⇒ • N(π) prime (in Z) = π irreducible. ± ⇒ Now re-read the discussion of unique factorization in Z[i]: the proof depends on two things.

Existence (Lemma 6.17) The norm allows us to perform an induction argument showing that a factor- ization into irreducibles exists. This argument translates perfectly to our new situation:

• Every non-zero, non-unit α Z[√d] has a factorization into irreducibles. ∈ Uniqueness (Lemma 6.18) This holds because primes and irreducibles are the same. Our argument depended on the concept of gcd, which in turn used the division algorithm.

We explore this dichotomy via several examples.

Example 6.26. We work in Z[√ 2]. Since − N(1 + √ 2) = 12 + 2 12 = 3 and N(3 + √ 2) = 32 + 2 12 = 11 − · − · are both real primes, we see that

1 + 4√ 2 = (1 + √ 2)(3 + √ 2) ( ) − − − ∗ is a factorization into irreducibles. In fact ( ) is the only factorization of 1 + 4√ 2 into irreducibles (up to multipliction by units 1). To ∗ − ± see this directly, note that the LHS has norm 33 = 3 11. To factorize into irreducibles is therefore to · find β, γ Z[√ 2] such that ∈ − 1 + 4√ 2 = βγ, N(β) = 3, N(γ) = 11 − Clearly a2 + 2b2 = 3 (a, b) = ( 1, 1). Similarly a2 + 2b2 = 11 (a, b) = ( 3, 1). It is a ⇐⇒ ± ± ⇐⇒ ± ± simple exercise to check that only ( ) is possible. ∗ We can say more: both 1 + √ 2 and 3 + √ 2 are in fact prime in Z[√ 2]. Showing this directly is − − − tricky; instead it follows from our next result. . .

Lemma 6.27 (Division algorithm in Z[√ 2]). If α, β are non-zero, then there exist γ, ρ such that − α = βγ + ρ and N(ρ) < N(β).

13 Since the norm in Z[√ 2] is the square of the distance in C, the iR − α proof is almost identical to that of Theorem 6.6. The furthest β can 4√ 2 be from a lattice point is shown in the picture; we can always choose − γ satisfying 3√ 2 − α ! β  α  1 + √ 2 3 N γ N − = < 1 2√ 2 β − ≤ 2 4 − √ 2 The division algorithm produces a Euclidean algorithm and our en- − tire discussion regarding gcds, irreducibles being prime, and unique 0 factorization goes through unchanged! The claim regarding the pri- R mality of 1 + √ 2 is now established 01234 − (1 + √ 2) αβ = (1 + √ 2) α or (1 + √ 2) β − | ⇒ − | − | It is not hard, however, to find examples of Z[√d] without a division algorithm.

For instance, if we attempt to replicate the discussion in Z[√ 3], R − i things go wrong. In the extreme case that 4√ 3 − α 1 = (a + b√ 3) β 2 − 3√ 3 − α is furthest from a lattice point, we can only choose γ such that β √ ! 2 3  α  1 + √ 3 − N γ = N − = 1 β − 2 √ 3 − There is therefore no equivalent to the division algorithm in Z[√ 3], − and we should not expect there to be unique factorization. 0 01234 R Examples 6.28. 1. In Z[√ 3] we have the factorizations − 4 = 2 2 = (1 + √ 3)(1 √ 3) (†) · − − − Suppose one of the factors 2, 1 √ 3 were composite. Since N(2) = N(1 √ 3) = 4, this ± − ± − means α, β Z[√ 3] such that N(α) = N(β) = 2, which is impossible! It follows that (†) ∃ ∈ − represents two distinct factorizations of 4 into irreducibles in Z[√ 3]: unique factorization fails. − This example is related to the idea that irreducibles might not be prime. For instance,

2 (1 + √ 3)(1 √ 3) | − − − in Z[√ 3] and yet 2 does not divide either factor: it follows that 2 is irreducible but not prime. It − can also be checked (challenge) that 1 √ 3 is not prime either. ± − If we consider Z[√ d] where d > 3 the problem becomes more acute as the lattice stretches − vertically. We conclude that there is only a division algorithm when d = 1, 2.

14 2. This time we consider two factorizations in Z[√10]

6 = 2 3 = (√10 2)(√10 + 2) · − Observing that

N(2) = 4, N(3) = 9, N(√10 2) = 6 ± − we see that if any of the elements in the above factorizations were composite, they would have a factor α whose norm was 2 or 3. However the equations ± ± x2 10y2 = 2, 3 = x2 2, 3 (mod 5) − ± ± ⇒ ≡ have no solutions; the squares modulo 5 being 0, 1, and 4. We again have non-unique factor- izations into irreducibles. Moreover

2 (√10 2)(√10 + 2) but 2 - √10 2 | − ± so that 2 is irreducible but not prime.   It can be checked directly, that it is impossible to find γ Z[√10] such that N √10 γ < 1 ∈ 2 − and that, consequently, there is no division algorithm in Z[√10].

There are very few rings Z[√d] for which the norm provides a division algorithm: only d = 1, 2, − − 2, 3, 6, 7, 11 and 19. Since they have a Euclidean algorithm and unique factorization, these rings are known as norm-Euclidean. We check a couple of these facts in the exercises. Exercises 1. Describe the units in the following rings.

(a) Z[i√2] = a + bi√2 : a, b Z . { ∈ } (b) Z[√5] = a + b√5 : a, b Z . { ∈ } a Z (c) Fix a prime p and let R = d : a, d and p - d . { ∈ } a (This is a lot simpler than it might appear: what is the inverse of d , if it has one?) 2. We work in the ring Z[√3] = a + b√3 : a, b Z with norm N(a + b√3) = a2 3b2. { ∈ } − (a) Prove that N(αβ) = N(α)N(β) (don’t just quote Lemma 6.24). (b) If α Z[√3] is a unit, prove that N(α) = 1. ∈ (Hint: first show that N(α) = 1 then show that it cannot be 1) ± − (c) If N(α) = 1, show that α is a unit in Z[√3]. (d) Explicitly find six different units in Z[√3], and describe how to find them all.   (e) Show that for any non-zero α, β there exists γ such that N α γ < 1 β − (It follows that Z[√3] has a division algorithm and thus unique factorization)   3. Show explicitly that there is no γ Z[√10] such that N √10 γ < 1. ∈ 2 − (Hint: Multiply out and think about it modulo 5)

15 4. We work in the ring Z[√ 5] = a + bi√5 : a, b Z with norm N(a + bi√5) = a2 + 5b2. − { ∈ } (a) Verify that 3 + 2i√5 divides 85 11i√5. − (b) Let α = 11 + 2i√5 and β = 1 + i√5. Show that it is not possible to find γ, ρ for which

α = βγ + ρ and N(ρ) < N(β)

whence the norm does not define a division algorithm. (c) Show that 6 has two truly different factorizations into irreducibles by verifying that all four factors in the following are irreducible

6 = 2 3 = (1 + i√5)(1 i√5) · − (d) Show that 2 does not divide either of the factors 1 i√5 and that consequently it is irre- ± ducible but not prime. (e) Find another α Z[√ 5] with two truly different irreducible factorizations. ∈ − (f) Can you find β Z[√ 5] with three truly different factorizations into two irreducibles? ∈ − The last two questions are harder, requiring some comfort with complex numbers

2πi 1 √3 5. We work in the Eisenstein integers Z[ζ] = a + bζ : a, b Z where ζ = e 3 = + i is a { ∈ } − 2 2 cube root of unity. The norm is N(α) = αα.

(a) Check that 1 + ζ + ζ2 = 0 and verify that N(a + bζ) = a2 + b2 ab. − (b) Explain why we can write ( ) c + d√ 3 Z[ζ] = a + bζ : a, b Z = − : c, d Z, c d (mod 2) { ∈ } 2 ∈ ≡

In particular, what is the relationship between (a, b) and (c, d).  c+d√ 3  1 2 2 2 (c) Use N − = (c + 3d ) to prove that 1, ζ, ζ are the only units. 2 4 ± ± ± (d) Given r, s Q, show that one can find integers x, y such that ∈  1 2  1 2 r x y + 3 s y < 1 ( ) − − 2 − 2 ∗ (Hint: choose y to be the integer closest to 2s. . . ) (e) Given α, β Z[ζ] with β = 0, write α = r + s√ 3 where r, s Q. With x, y as in ( ), let ∈ 6 β − ∈ ∗  1 1  ρ = α β x + y + y√ 3 − 2 2 − Prove that ρ Z[ζ] and that N(ρ) < N(β). ∈ The Eisenstein integers therefore have a division algorithm and thus unique factorization

2πi th 3 6. Let ζ = ζ5 = e 5 be a 5 root of unity. Compute the expression λµ = (1 + ζ)(ζ + ζ ). Explain why all of the powers λn are distinct and thus conclude that Z[ζ] has infinitely many units.

16 6.4 Field Norms (non-examinable) This is for those with extra algebra experience only.

Definition 6.29. Let K be an algebraic field extension of Q. The norm of α K is the product of the roots of the minimal polynomial of α over Q raised to the ∈ power of degQ(α) K = [K : Q(α)]. The ring of integers K in K comprises the elements whose minimal polynomial has coefficients in Z. O

Theorem 6.30. Restricted to K, the norm is a multiplicative function N : Z satisfying O OK → N(α) = 1 α is a unit in ± ⇐⇒ OK

Examples 6.31. 1. K = Q. If α K, then its minimal polynomial over Q is simply m Q = x α. ∈ α, − This has integer coefficients if and only if α Z, whence the ring of integers in Q is precisely ∈ Q = Z. Since Q(α) = Q whenever α Q, the norm is simply O ∈ N(α) = α[Q:Q] = α

This is clearly a multiplicative function. Moreover, N(α) = 1 α = 1: these are the ± ⇐⇒ ± only units in Q = Z. O 2. K = Q(√d) where d is square-free. The minimal polynomial of α = p + q√d is ( x p if q = 0 mα,Q = − x2 2px + p2 dq2 = 0 if q = 0 − − 6 In the first case, [K : Q(α)] = [Q(√d) : Q] = 2, whence the norm is N(α) = p2. In the second case, [K : Q(α)] = [Q(√d) : Q(α)] = 1, and N(p + q√d) = p2 dq2. − This recovers all the norms we’ve seen thusfar. By thinking about when mα,Q has integer coef- ficients, we can explicitly calculate the ring of integers:

• If d 1 (mod 4), then = a + b 1+√d : a, b Z = Z[ 1+√d ]. In this form the norm ≡ OQ(√d) { 2 ∈ } 2 2 d 1 2 can be written N = a + ab − b − 4 • If d 2, 3 (mod 4), then = a + b√d : a, b Z = Z[√d], in which case the norm ≡ OQ(√d) { ∈ } is the usual expression N = a2 db2 − The norm can be seen to provide a division algorithm and thus unique factorization in the ring of integers for precisely the following values of d: OQ(√d) 11, 7, 3, 2, 1,2,3, 5,6,7, 11, 13, 17, 19, 21, 29, 33, 37, 41, 57, 73 − − − − − The red values are those for which = Z[√d], as we considered before. Observe that the OQ(√d) Eisenstein integers are Q(√ 3). O − Many other rings of integers have unique factorization, but they require other methods of proof.

17 6.5 Fermat’s Last Theorem for n = 3 (non-examinable) Our discussions of unique factorization lie at the heart of one of the primary historical approaches to Fermat’s equation xn + yn = zn. As an example, we give a descent proof for the n = 3 case using the 2πi Eisenstein integers Z[ζ] = Z[e 3 ], as introduced in Exercise 6.3.5.

Theorem 6.32. It is not possible to find non-zero x, y, z Z[ζ] satisfying x3 + y3 + z3 = 0. ∈ The idea is to show that λ := 1 ζ is an Eisenstein prime, write the general element of Z[ζ] in terms − of λ and then perform a descent argument. We summarize the proof in two lengthy lemmas.

Lemma 6.33. Let λ = 1 ζ. Then: − 1. λ is an Eisenstein prime.

2. Every element of Z[ζ] is congruent to 0 or 1 modulo λ. ± 3. If x 1 (mod λ), then x3 1 (mod λ4). ≡ ± ≡ ± 4. If x3 + y3 + z3 = 0 then at least one of x, y, z is divisible by λ.

Proof. 1. This is trivial since N(λ) = 3 is prime.

2. Write the general element as

a + bζ = (a + b) bλ = c + 3d bλ − − where c = 0 or 1. Since 3 = ζ2λ2, we see that, ± − a + bζ = c ζ2λ2d bλ c (mod λ) − − ≡ 3. Suppose x 1 (mod λ). Then x = 1 + κλ for some κ Z[ζ]. A little algebra shows that ≡ ∈ x3 1 = (x 1)(x ζ)(x ζ2) = λ3κ(κ + 1)(κ ζ2) − − − − − Since ζ2 = 1 + ζ = 1 + 3 λ 1 (mod λ), we see that κ, κ + 1, κ ζ2 are distinct modulo − − − ≡ − − λ. Since one of these must be congruent to zero, we conclude that x3 1 (mod λ4). ≡ The argument when x 1 (mod λ) is similar. ≡ − 4. If none of x, y, z are divisible by λ, then

x3 + y3 + z3 1 1 1 1, 3 (mod λ4) ≡ ± ± ± ≡ ± ± However N( 1) = 1, N( 3) = 9 and N(λ4) = 34 = 81, whence none of 1, 3 are divisible ± ± ± ± by λ4 and the right hand side cannot be zero: contradiction.

By Lemma 6.33, we may assume WLOG that any potential solution to x3 + y3 + z3 = 0 has λ z. To | establish Theorem 6.32 it is now enough to prove the following stronger result.

18 Lemma 6.34. Let n N, let ε Z[ζ] be a unit, and suppose that x, y, w Z[ζ] are non-zero, ∈ ∈ ∈ pairwise coprime solutions to

x3 + y3 + ελ3nw3 = 0 ( ) ∗ where λ does not divide any of x, y, w. Then:

1. n 2. ≥ 2. The three factors of

eλ3nw3 = x3 + y3 = (x + y)(x + ζy)(x + ζ2y) − x+y x+ζy x+ζ2y are divisible by λ and the quotients λ , λ , λ are pairwise coprime. 3. Without loss of generailty, λ3(n 1) x+y . Write − | λ 3n 2 3 3 2 3 x + y = ε1λ − ρ , x + ζy = ε2λσ , x + ζ y = ε3λτ ,

where ε1, ε2, ε3 are units and ρ, σ, τ are pairwise coprime and not divisible by λ. Then there exist units ε4 and ε5 such that

3 3 3(n 1) 3 σ + ε4τ + ε5λ − ρ = 0

Moreover ε = 1 has a cube root (itself!) and so can be absorbed into τ. 4 ± Since 3 3(n 1) < 3n, we conclude by descent that the equation ( ) has no solutions. ≤ − ∗

Proof. 1. We cannot have x y (mod λ), for then, by part 3 of Lemma 6.33, ≡ x3 + y3 2 (mod λ4) = λ3 - x3 + y3 ≡ ± ⇒ Since x, y are distinct modulo λ, and thus congruent to 1 respectively, we see that ± 3n 3 3 3 4 4 3n 3 3n 3 3 ελ w = x + y 0 (mod λ ) = λ λ w = λ λ − w − ≡ ⇒ | ⇒ | Since λ is prime, we see that λ - w = λ - w3, whence 3n 3 1 = n 2. ⇒ − ≥ ⇒ ≥ 2. Since 1 ζ ζ2 (mod λ) we see that ≡ ≡ x + y x + ζy x + ζ2y (mod λ) ≡ ≡ whence all three factors are divisible by λ.

x+y x+ζy If we had a common factor of λ , λ it would divide x + y x + ζy x + y x + ζy = y and ζ + = x λ − λ − λ λ The coprimality of x, y says the common factor is a unit. The other pairs are similar.

19 3. Since 1 + ζ + ζ2 = 0, we have

2 2 3n 2 3 3 2 3 0 = x + y + ζ(x + ζy) + ζ (x + ζ y) = ε1λ − ρ + ζε2λσ + ζ ε3λτ 3 3 3(n 1) 3 = σ + ε τ + ε λ − ρ = 0 ⇒ 4 5 where ε = ζε3 and ε = ε1 . 4 ε2 5 ζε2 Since n 2, observe that σ3 + ε τ3 0 (mod λ2). By Lemma 6.33, σ3 and τ3 are each 1 ≥ 4 ≡ ± (mod λ4) and therefore 1 (mod λ2). We therefore have ε 1 (mod λ2). Since N(λ2) = 9, ± 4 ≡ ± it is easy to check that the only units e for which e 1 is divisible by λ2 are ε = 1. 4 4 ± 4 ±

Kummer’s generalization of the argument One can try to repeat the proof for xp + yp = zp within the cyclotomic extension Z[ζ p]. There are two major problems: 1. Z[ζ ] may have non-trivial units: units which aren’t simply ζk . For example, in Z[ζ ], p ± p 5 (1 + ζ2)(1 + ζ3 + ζ4) = 1 Amongst other things, this skewers step 3 of Lemma 6.34.

2. Unique factorization may fail: indeed only eight of the prime cyclotomic extensions Z[ζ p] have unique factorization: p = 2, 3, 5, 7, 11, 13, 17 and 19. The equivalence of primes and irreducibles is used, for instance, in step 1 of Lemma 6.34. To overcome these problems, Kummer introduced ideal numbers which are a precursor of the modern notion of an ideal in a ring. Here are the important definitions:

Definition 6.35. Every element x in a ring R gives rise to a principal ideal

(x) = xr : r R { ∈ } An ideal I is prime if ab I = a I or b I. ∈ ⇒ ∈ ∈ In the ring of integers, it is easy to check that d m (m) (d), so that divisibility can | ⇐⇒ ⊆ be encoded via ideals. Kummer showed that every proper ideal of Z[ζ p] factorises uniquely as a product prime ideals: this solves problem 2. Problem 1 also vanishes, since x = εy (x) = (y). ⇐⇒ To see the extent of Kummer’s work applied to FLT, we need one further definition.

Definition 6.36. Suppose F Q(ζ ) and x Z[ζ ] are such that xF is an ideal in Z[ζ ]. We call F ⊆ p ∈ p p a fractional ideal: in essence, it comprises the fractions with denominator x.

Fractional ideals I, J are in the same ideal class if (a)I = (b)J for some principal ideals (a), (b) in Z[ζ p].

A prime p is regular if it does not divide the number of ideal classes (the class number) in Q(ζ p).

The class number is 1 precisely when Z[ζ p] has unique factorization. Using these techniques, Kum- mer proved Fermat’s Last Theorem for all regular primes (and some others). There are infinitely many irregular primes (37, 59, 67, 101, 103, 131, 149,. . . ). It is only conjectured that there are infinitely many regular primes, so it is not known whether Kummer’s contribution was an infinite one or not. Since he essentially invented algebraic number theory this was hardly a total loss!

20