Embed Size (px)
Citation preview
A SAMPLER FROM NUMBER THEORY AND MODERN ALGEBRA
§1 Operations on sets
Let S be a set (i.e., a collection, assemblage, class, etc.) of numbers. The
numbers in S are called its members. The expression "x E S" abbreviates the
phrase "x is a member of S". Similarly, "x ~ S" means x is not a member of S.
For example, let I.Z, 14 , and P denote the sets of integers, of integers between
-~ and 7f, and of positive real numbers, respectively. Then 1 E I.Z, ~ ~ I.Z, 0 E 14 ,
An operation on S is a rule which assigns to each ordered pair (a, b) of members
of S another member of S.
For example, subtraction gives an operation on the set I.Z above, but not on 14
or P. And division gives an operation on P but not on I.Z.
If ~ denotes an operation on Sand (a, b) is an ordered pair of members of S,
then we denote the member of S that ~ assigns to (a, b) by the expression a~b.
This is a notation we have used in special cases for years! For example, the addition
operation on the set Z above assigns to the pair (5,7) the number we denote by
5 + 7. Similarly the division operation -;- on the set P above assigns to the pair
(3,7) the number denoted by 3 -;- 7.
1
We now name some properties which an operation might or might not satisfy.
Let b.. be an operation on S.
i) We call A commutative if ab..b = bb..a for all a and b in S.
ii) We call b.. associative if (ab..b)b..c = ab..(bb..c) for all a, band c in S.
iii) A member 8 of S is called a b..-identity for S if 8b..a = ab..8 = a for all a in
S.
iv) Suppose 8 is a b..-identity for S. Say a is any member of S. By a b..-inverse
for a (with respect to 0) we mean a member b of S with ab..b = bb..a = O.
The phrase "with respect to 0" above is unnecessary since if there is a b..-identity,
then there is only one. After all if a and b were both b..-identities, then from the
definition itself we see that a = ab..b = b.
As a first example note that ordinary addition, +, is a commutative and asso
ciative operation on the set Z, °is a +-identity, and every member b of Z has a
+-inverse, namely, -b. A second example. Division (-;-) is an operation on the set
P of positive numbers above; it is neither associative nor commutative, nor does it
have an identity.
Here is a less familiar example. Note the set 14 above consists exactly of the
numbers 0, 1, 2, 3. Define an operation "8" on 14 as follows. For any members a
and b of 14 let a 8 b be the remainder when you divide the product ab by 4. (Note
that long division of any nonnegative integer by 4 always leaves a remainder which
is a member of 14 .) For example, 382 = 2 (the remainder when 6 is divided by 4 is
2), °83 = 0, and 383 = 1. One can show that 8 is commutative and associative
and that 1 is a 8-identity. 1 and 3 are 8-inverses of themselves, but °and 2 have
no 8-inverses. These facts are not all obvious, but they can at worst be checked
2
by an exhaustive enumeration of all possibilities! For example, 2 has no 8-inverse
since
082 = 0 i- 1,1 82= 2 i- 1,282 = 0 i- 1,3 82= 2 i- 1.
(The above assertions will follow easily from the results of the next two sections.)
§1 Exercises
1. Let 14 = {O, 1, 2, 3} be the set studied above. Define a second operation EB
on 14 by letting a EB b be the remainder when a + b is divided by 4 for all a and b
(i) Compute a EB b for all possible choices of a and b. Your results can be
tabulated in the table below.
0 1 2 3~ 0
1
3
3
2
2
(ii) Is EB commutative? How would this property be reflected in the above table?
(iii) Verify that a EB (b EB c) = (a EB b) EB c for three or four different choices of
values for a, b, and c. (E.g., one choice might be "a = b = 3, c = 1".)
(iv) Explain why there is a EB-identity. Which elements have EB-inverses?
2. For each of the following operations on the set of positive real numbers P,
determine whether the operation is commutative, whether it is associative, and
whether it has an identity in P. If there is an identity, find out which elements
have inverses and what they are.
(i) addition
3
(ii) multiplication
(iii) division
(iv) the operation # which assigns to any pair (a, b) the larger of the two num
bers a and b
(v) the operation * which assigns to any pair (a, b) the number ab +a +b
3. Find an operation on 7L which is associative but not commutative. Can you
find one which is commutative but not associative?
4. Suppose ~ is an operation on S which is associative and has an identity o.
Can a member of S have two different ~- inverses?
An afterword. An operation ~ on S is called a group operation if it is associative,
there is a ~-identity, and every member of S has a ~-inverse. Such operations
are ubiquitous in mathematics and have been intensely studied; they also occur
naturally in the natural sciences (e.g., the symmetries of a crystalline structure).
Like many important abstract concepts, group operations had to come up in many
special situations before anyone realized the usefulness of abstracting from these
concrete special cases their common structure. In the case of groups, much of the
credit for this goes to Emmy Noether, and this is one of the reasons she is regarded
as the mother of modern algebra.
§1 Appendix: the well-ordering principle.
In the next section we will need a fundamental property of the integers, which we
review here. Suppose S is a non-empty set of integers such that there is a number
t with t ::; s for all s E S. (Such t is called a "lower bound" for S.) The "well
ordering principle" says that under these circumstances S must have a smallest
member. Taking t = 1 gives the "least integer principle" as a special case: if S is a
4
nonempty set of positive integers then it must have a smallest member. The least
integer principle implies the various forms of mathematical induction. Here is one:
suppose P(l), P(2), ... is a sequence of statements. Suppose P(l) is true and that
whenever P(n) is true for some n then P(n + 1) is also true. Then P(n) is true for
all positive integers n.
Exercises: (1) Give an example of a nonempty set of integers which does not
have a smallest number. Give an example of a nonempty set of rational numbers
that has a lower bound but does not have a smallest member.
(2) Use the least integer principle to prove the above statement of mathematical
induction.
§2 Remainders
Here is our key definition.
Definition. Suppose b E Z and 0 < d E Z. We call an integer r a remainder when
b is divided by d if 0 ::; r < d and there exists an integer q such that b = qd + rj if
this happens we also say that q is a quotient when b is divided by d.
Note that the concept of a remainder is defined by giving properties a remainder
must satisfy and not by specifying any procedure for finding one. Indeed in spite of
the phrase "a remainder when b is divided by d" no process of division is actually
involved; the definition gives a specific meaning to this phrase as a whole and one
must be wary of any interpretation of the phrase based on the common meaning
of the individual words. Of course what is behind this choice of language is the
fact that when b ~ 0, the familiar process of long division of b by d does produce a
remainder and quotient in the sense of the above definition. Some questions arise,
5
however, since we are not defining a remainder in terms of a computational proce
dure. Could there be two different "remainders" which satisfy the given conditions
(notice we said "a remainder", not "the remainder" in the definition)? Second,
must a remainder always exist? For example if b = -3561 and d = 721 is it clear
that there exists r, q E Z with 0 :s; r < 721 and -3561 = 721q +r? These questions
are answered in our first theorem.
Basic Remainder Theorem. Suppose b E Z and 0 < d E Z. Then there is a
unique number which is a remainder when b is divided by d.
Because of the above theorem we will henceforth speak of the remainder when b
is divided by d; we will denote this number by [bk
Examples. [7]6 = 1 and [6h = 6 and [248]5 = 3 and [-1h = 6.
Proof of the "BRT". There is a smallest integer q' with q' > bid (the well-ordering
principle). Let q = q' - 1. Then by the choice of q', q :s; bid < q + 1. Hence
qd :s; b < qd + d, so 0 :s; b - qd < d. Also b = qd + (b - qd). Setting r = b - qd
we see r is a remainder when d is divided by b. Now suppose rl and r2 are such
remainders, so there exists integers qi and q2 with b = qi d + rl = q2d + r2. We
may without loss of generality assume rl :s; r2 (otherwise re-label the remainders).
Then 0 :s; r2 - rl < d. A bit of algebra shows r2 - rl = (qi - q2)d, so d is a factor
of r2 - ri. Since 0 :s; r2 - rl < d, this says r2 - rl = 0, i.e., rl = r2. Thus not only
do remainders always exist, they are unique.
We now define an operation 0d on Z by setting
for all a, b E Z. A special case of this operation appeared in §1.
We will next study some basic properties of 8d; properties of an analogous
operation "EBd" will be developed in the exercises. Since d will be regarded as a
fixed integer (except in examples) we will often omit d as a subscript and abbreviate
8d and [ ]d by 8 and [ ].
Lemma 1. 8 is commutative.
Proof. For all a, b E Z we have a 8 b = lab] = [ba] = b 8 a. Finished!
Lemma 2. If a, b E Z then [a] 8 b = a 8 b.
Proof. There exist rational numbers q and q' such that [a]b = qd + [a] 8 band
a = q'd + [a]. Thus
ab = q'bd + b[a] = q'bd + qd + [a] 8 b = (q'b + q)d + [a] 8 b .
But then by our definitions of a 8 b and of lab],
a 8 b = lab] = [a] 8 b .
(Note a :::; [a] 8 b < d since [a] 8 b = [[alb] is itself a remainder!)
Corollary 3. If a, bE Z then a 8 b = a 8 [b] = [a] 8 [b].
Proof. Exercise 3 below. (Hint: combine Lemmas 1 and 2.)
Corollary 3 is very useful since it lets us replace numbers in computations in
volving 8 by their remainders, which may be much smaller and therefore easier to
work with. For example
33331 83 666662 = [33331Js 83 [666662Js = 183 2 = [2Js = 2 .
It was not necessary to compute the product (33331)(666662).
Lemma 2 also provides the machinery for an easy proof that 8d is associative.
7
Lemma 4. 0d is associative.
Proof. For any a, b, c E Z we have
a 0 (b 0 e) = a 0 [be] = a 0 be = [a(be)] = [(ab)e]
= ab 0 e = lab] 0 e = (a 0 b) 0 e .
(Besides the definition of 0, we have used the associativity of ordinary multiplica
tion and Lemma 2. Where? The reader is expected, of course, to supply an explicit
justification for each equality asserted in each proof.)
Note there is no 0-identity "e" in Z since e 0 a = a is impossible if a 2: d (since
e 0 a = [ea]d < d ~ a by the definition of a remainder when an integer is divided
by d). Hence it does not make sense in this context to talk about 0-inverses. In
the next section we will modify our setting to allow there to be a 0-identity and
some 0-inverses.
§2 Exercises
1. What is the remainder when -13 is divided by 5?
2. Let m be a positive integer. What can you say about [O]m and [mh? How
about [-I]m?
3. Prove Corollary 3.
4. Compute [73,651]6 and [64,129]6 and 73,651 06 64,129.
5. Define an operation EBd on Z by setting aEBdb = [a+b]d for all a, bE Z. State
and prove analogues of Lemmas 1, 2, 4 and Corollary 3 with 0d replaced by EBd.
6. Does 0d distribute over EBd? That is, is it true or false that for all choices of
a, b, c in Z we have
a0(bEBe) = (a0b)EB(a0e)?
8
7. Let a, b, c E Z.
(i) Suppose a 8d b = a 8d c. Can we conclude that b = c? that [b]d = [C]d?
(ii) Suppose aE8db = aE8dc. Can we conclude tht b = c? that [b]d = [C]d?
8. Does 8d distribute over ordinary addition? Does ordinary multiplication
distribute over EBd? (We sayan operation l!.. on S distributes over an operation \J
on S if for all a, b, c in S, a6.(b \J c) = (al!..b) \l (al!..c). See Exercise 6.)
§3 Inverses and Powers.
Let us fix an integer d> 1, and let 8 and [ ] abbreviate 8d and [ ]d.
Let n be an integer greater than 1. We set
aI!:. = a 8 a 8···8 a (nfactors).
We put the bar under the exponent n so as not to confuse aI!:. with the usual power
an = a· a ... . a (n factors). Observe that the notation "aI!:." depends on the
choice of d. When there is any danger of confusion we will write out the product
a 8d'" 8d a.
Lemma 5. For a and n as above, [an] = aI!:..
Proof. We will use mathematical induction. For n = 2 we have a~ = a 8 a = [a2 ]
by our definitions. Now suppose [an] = aI!:. for any n ~ 2. Then an+1 = a 8 aI!:. =
a 8 [an] = a 8 an = [a··· an] = [an+1]. (We have used our induction hypothesis
and Lemma 2 above. Where exactly?) Thus [an] = aI!:. for all integers n ~ 2.
Lemma 6. Say a, b E Z and [a] = [b]. Then for any n ~ 2, we have [an] = [bn].
Proof. [an] = aI!:. = [alI!:. = [b]I!:. = [bn]. (If the second equality above bothers you,
see exercise 1 below.)
9
Innocent looking as it is, the last lemma lets us do some spectacular computa
tions. Here are a few examples.
1. Find the remainder when 361027 is divided by 7.
[1 1027 hSolution. [36h = 1 = [lh, so [361027h = = 1. Done!
2. What is the remainder when 1120 is divided by 120?
Solution. [112°h20 = [12110h20 = [1 10 h20 = 1 since 112 = 121 has remainder 1
when divided by 120.
3. Show 361027 - 36 has 37 as a factor.
= [( -1)1027 h7Solution. Note [-lh7 = 36 = [36h7' so [361027 h7 = [-lh7 = 36.
= 37q + 36, so 361027Thus for some integer q, 361027 - 36 = 37q. That is, 37 is a
factor of 361027 - 36.
We have used the following terminology above. If a, b E Z, then we say a is a
factor of b ifthere is an integer c with b = ac. Note that the definition ofremainders
says r is a remainder when b is divided by d if and only if 0 :S r < d and d is a
factor of b - r.
As remarked at the end of §2, 0 has no identity. This "defect" can be remedied
as follows. Set
1= Id = {O, 1,2, ... ,d - I}.
(We will use the subscript when necessary for clarity, especially in concrete exam
pIes.) Note [a] E I for all a E Z. Thus a 0 bEl for all a, bEl. Hence we may
regard 0 as being an operation only on I, and we adopt this point of view for the
rest of this section. With this understanding we have the following.
Lemma 7. There is an 0 -identity (considering 0 as an operation on I), namely
10
1.
Proof. For all a E I, a = [a· 1] = a 01 = 10 a. Thus 1 is a 0-identity.
Now we let J = Jd denote the set of members of I = Id which have 0-inverses.
Lemma 8. 1 E J, and if a E J and b E J, then a 8 b E J.
Proof. 1 0 1 = 1, so 1 is its own 0-inverse. If a and b have 0-inverses c and
d, respectively, then d 0 c is a 0-inverse for a 0 b and hence a 0 b E J, since
(d 0 c) 0 (a 0 b) = d 0 (c 0 a) 8 b = d 818 b = d 0 b = 1.
Note Lemma 8 implies that all E J whenever a E J and 1 < n E Z.
Euler's Theorem. Let i.p = i.p(d) denote the number of elements in Jd and suppose
a E Jd. Then a'£. = [aCP] = 1.
Proof. Suppose e is the 0-inverse of a. Let
(1)
be the i.p members of Jd. Consider the list
(2) a 8 b1,a 0 b2 , ... ,a 0 bcp.
For any index i :::; i.p, e 0 bi equals bj for some j :::; i.p and hence a 0 bj = a 0 e 0 bi =
1 0 bi = bi . Thus the list (2) is just a rearrangement of the list (1). Hence if 9 is
the 8-inverse of b1 8 ... 8 bcp then
1 = 9 8 (b1 0 .. · 0 bcp) = 9 0 ((a 8 b1 ) 8 (a 8 b2 ) ... (a 8 bcp))
= 9 0 (b1 0··· 0 bcp) 0 a'£. = 10 aCP = acp.
11
With Lemma 5, this completes the proof. Note we have used the associativity and
commutativity of 8 implicitly and repeatedly!
The above result is fundamental in number theory and group theory. It does
raise some questions: which elements of Id have 8-inverses and how many are there
(i.e., what is r.p = r.p(d))? Both these questions are discussed in the exercises. Here
is an application of Euler's theorem of both historical and commercial interest.
Rivest - Shamir - Adleman public cipher system. We study a family of
encryption systems (i.e., "secret codes"). To set up such a code pick two large
prime numbers, say p and q. Let d = pq and m = r.p(pq). Pick members sand t of
Jm which are 8 m -inverses of each other. The messages to be sent are members of
Jd . To encode an element a of Jd replace it by [as]d. To decode a coded message b,
we replace it by W]d.
Why does the above system work? Note s 8 m t = 1 so there exists q E Z with
st = qm + 1. Hence if a E h and b = [as]d, then by Lemma 5
By Euler's Theorem then,
W]d = Ii 8 a = 1 8 a = a.
This proves the decoding process works! (If the manipulation of exponents above
seems questionable, see Exercise 5 below.)
Notice that to encode, one needs to know d and s, but not t. It turns out that
if the code is set up properly then knowledge of d and s does not enable a person
12
to compute t. (More precisely, one can find t in principle, but not in practice be
cause the computing time to do so is measured at least in millenia.) This means
that the coding procedure can be made public without compromising the secrecy
of the decoding method. For more discussion of the code and its many possible
applications one might consult M. Gardner's "Mathematical Games" column in
volume 237 (August, 1977) of the Scientific American. This article was the first
announcing this encryption method; it caused a large stir in the intelligence com
munity since, unlike any earlier code capable of handling a large volume of secure
communications, it appeared unbreakable.
§3 Exercises
1. Prove by induction the second equality in the proof of Lemma 6.
2. Find the remainder when
(a) 657400 is divided by 7;
(b) 657391 is divided by 7;
(c) 653900 is divided by 7 (hint: [2317 = 1).
3. Show 8 is a factor of 97301 - 1.
4. Show 7 is a factor of (738)(657)398 - 3.
5. Let us extend our notation for all (which was defined only for n > 1) by setting
a1 = [ak Prove by induction that for all positive integers m and n, a=+n = a=0aIl
and (a=)Il = a!I!:!3:... (We assume here a fixed choice of d.)
6. Note that EBd gives an operation on I d . Find a EBd-identity and show every
element of Id has a EBd-inverse. (Note the case d = 4 was done in problem 1 of §1.)
7. Call integers a and b strangers if 1 is the only positive integer which is a factor
13
of both a and b. Prove that if 1 < d E Z and a E Z, then a and d are strangers if
and only if [a]d has a 8d-inverse. (Outline. First suppose a has a 8d-inverse, say
b. Then there exists q E Z with ab = qd + 1; deduce that a and d are strangers.
Conversely, suppose a and d are strangers. The set S of positive integers of the
form ax + dy (x, Y E Z) is nonempty. For some x, y E Z, ax + dy is the smallest
member of S. By the Basic Remainder Theorem of §2, there exist q, r E Z with
o~ r < ax+by and a = q(ax+dy)+r. Thus 0 ~ r = (l-qx)a+(-qy)d < ax+by,
so r = O. Thus ax + by is a factor of a, and, similarly, of d. Thus ax + dy = 1, so
[X]d is a 8-inverse for a.)
The next exercises apply exercise 7.
8. Find <p(2), <p(4), <p(8). Generalize.
9. Find <p(3), <p(5), <p(7), <p(ll). Generalize.
10. You may assume p = 1997 and p = 1999 are both prime numbers. Show
<p(pq) = <p(p)<p(q). Conclude that #Jpq/#Ipq ~ .999. (I.e., most elements of I pq
have 8 pq-inverses. Here "#S" denotes the number of elements in the set S.)
11. Suppose a and b are positive integers. Show a and b are strangers if and
only if a and [b]a are strangers.
Repeated application of Exercise 11 gives a good method for determining whether
two positive integers are strangers. For example, 1381 and 457 are strangers if and
only if 10 (= [1381]457) and 457 are strangers, and this happens if and only if
7 = [457]10 and 10 are strangers, which they clearly are (the positive factors of 7
are 1 and 7, while those of 10 are 1, 2, 5 and 10).
12. Use the above method to tell if 1657 and 331 are strangers, and if 723 and
3693 are strangers.
14
13. Does 331 have a 01657-inverse? Does 723 have a 03693-inverse?
14. Prove Fermat's Theorem: If p is a prime number and a E Z, then p is a
factor of aP - a. (HINT: Consider separately the cases when p is, or is not, a factor
of a.)
15. Suppose a Rivest-Shamir-Adleman code is set up with p = 5, q = 179, s = 31
and t = 23. What is the coded form of the message "2"? (It may help to note that
210 = 1024.) Now decode your coded message and make sure you get 2 back. (This
should only take 7 multiplications.)
A last note on terminology. The relation we have called being "strangers" (taken
from French usage) is usually called being "relatively prime". The function <p is
called the Euler phi-function. Our "basic remainder theorem" is usually called the
"division algorithm" , although it is a fact and not an algorithm.
15
