Lecture Notes for Math 492 Fall 2014 (Algebraic Number Theory)

1. Outline: Properties of the integers through unique factorization. Thedivision algorithm and Euclid’s algorithm. Greatest common divisor, leastcommon multiple. Give an overview of the the vector Euclidean algorithm(Section 2.7) and the map of relatively prime pairs (Section 2.8). State thedetails and leave for a project.

Notes:

Natural numbers: N = {1, 2, 3, . . . }. Integers: Z = {0, 1,−11, 2,−2, . . . }.

Prime number: a natural number that cannot be factored into strictly smallerfactors. For example, 2, 3, 5, 7.

Every natural number n ≥ 2 can be factored into prime numbers: use stronginduction on n.

Greatest common divisor of two numbers: maximum common divisor.

Division algorithm: For each pair of natural numbers a and b > 0 there existsa unique pair of integers q and r so that a = qb + r, 0 ≤ r < b. Proof: Thereal number line is partitioned into intervals of the form [qb, (q + 1)b) whereq is a non-negative integer. Find the one containing a and set r = a − qb.From qb ≤ a < qb+ b we obtain q = ba

bc.

Euclid’s algorithm for constructing greatest common divisor of a and b 6= 0:Form the sequence a0, a1, a2, . . . with a1 > a2 > · · · ≥ 0 via a0 = a, a1 = b,and for k ≥ 2, ak−2 = qk−2ak−1 + ak where 0 ≤ ak < ak−1. The sequencehas to terminate with some an = 0 for some n ≥ 2, and an−1 is the greatestcommon divisor. Proof: By definition, an−1|an−2. An induction argumentshows that an−1|an−2, an−1|an−3, . . . , an−1|a0. In particular, an−1 is a commondivisor of a and b, so an−1 ≥ gcd(a, b). If d is any common divisor of a andb then an induction argument shows that d|a0, d|a1, ..., d|an−1. This impliesthat d ≤ an−1, so gcd(a, b) ≤ an−1. Hence equality.

Now we know that gcd(a, b) = xa + yb for two integers x and y. To findthem, use the argument above, or the following matrix calculations:

The recurrence relation can be expressed in the form[ak−2ak−1

]=

[qk−2 1

1 0

] [ak−1ak

].

1

This can be used to obtain[q0 11 0

] [q1 11 0

]· · ·

[qn−2 1

1 0

] [an−1

0

]=

[a0a1

].

Simplifying, [x yz w

] [an−1

0

]=

[pq

].

Hence [xan−1zan−1

]=

[pq

].

So we can see that an−1 is a common divisor of p and q. Moreover if d is adivisor of both p and q then the recurrence relation can be used to show thatd divides each ak, including an−1. Hence d ≤ an−1 and an−1 is the greatestcommon divisor.

Note that the inverse of

[qk 11 0

]is

[0 11 −qk

]. This implies that

[an−1

0

]=

[0 11 −qn−2

] [0 11 −qn−3

]· · ·

[0 11 −q0

] [a0a1

].

Simplifying, [an−1

0

]=

[x′ y′

z′ w′

] [a1a0

],

x′p+ y′q = an−1.

In other words, given integers p and q with greatest common divisor d thereis always a pair of integers j and k such that jp+kq = d. Whenever we havejp+ kq = r we must have d|r. In particular, when jp+ kq = 1 we must haved = 1.

Example: Let a = 108 and b = 93. We have

108 = 1 · 93 + 15

93 = 6 · 15 + 3

15 = 5 · 3 + 0

2

hence a0 = 108, a1 = 93, a2 = 15, a3 = 3, a4 = 0, q0 = 1, q1 = 6, q2 = 5.Therefore gcd(108, 93) = 3. Substituting these values into[

an−10

]=

[0 11 −qn−2

] [0 11 −qn−3

]· · ·

[0 11 −q0

] [a0a1

]yields [

30

]=

[0 11 −5

] [0 11 −6

] [0 11 −1

] [10893

].

Simplifying, [30

]=

[−6 731 −36

] [10893

].

This yields3 = (−6)(108) + 7(93).

A useful lemma is that when (a, b) = 1 and a|bc then a|c. Reason: bc = akand xa+ by = 1 implies c = cxa+ cby = cxa+ aky = a(cx+ ky).

We now prove unique factorization for all integers n ≥ 2. There is only onefactorization of 2 into a weakly descending list of primes. Now assume thatevery integer ≥ 2 up to n has a unique factorization into a weakly descendinglist of primes. Suppose n+ 1 = p1p2 · · · pj = q1q2 . . . qk with p1 ≥ p2 · · · ≥ pjand q1 ≥ q2 ≥ · · · ≥ qk. We will assume wlog that n + 1 is not prime andthat p1 ≥ q1If p1 > q1 then (p1, q1) = 1, therefore by the lemma p1|q2 · · · qk.If p1 6= q2 then (p1, q2) = 1 and p1|q3 · · · qk. After a finite number of steps wearrive at p1 = qi for some i, which implies p1 ≤ q1. Contradiction. Thereforep1 = q1. Dividing both sides by p1 we have two factorizations of (n+1)/p1 ≥ 2into descending lists of primes, so the factorizations must be the same, sothe two factorizations of n+ 1 must be the same.

Note that whenever p1, p2, . . . , pn are the first n primes then p1p2 · · · pn + 1is not divisible by any of these. So it is either prime or has a prime factornot equal to any of these. Hence there are infinitely many primes.

Greatest common divisor and least common multiple construction via primefactorization:

(a) If n|2e23e3 · · · then an inspection of the prime factorization of n showsthat n = 2n23n3 · · · where for each i, ni ≤ ei.

3

(b) If 2e23e3 · · · |n then an inspection of the prime factorization of n showsthat n = 2n23n3 · · · where for each i, ei ≤ ni.Now derive the gcd and lcm formulas.

The Vector Euclidean Algorithm, Section 2.7: (outline and project)

Algorithm yields a systematic way to produce all relatively prime pairs (a, b).It also yields the least positive solution (x, y > 0) to bx − ay = 1 andbx− ay = 0.Run through the Mathematica notebook describing the algorithm. Inputsdo not have to be relatively prime.

The Map of relatively Prime Pairs, Section 2.8: (outline and project)

In the Mathematica notebook, 0 means go right and 1 means go left. Theexpressions at the end of a path are on either side of the last edge taken.When you take a particular path you arrive at the expression in the regionbelow the edge. When you look at the ratios you can see why each primitivevector appears only once (at least once proved in the previous section). Thecorresponding matrices all have determinant 1 (why?).

2. Application of Unique Factorization to Linear Diophantine Equa-tions.

If ax + by = c, any common divisor of a and b is a divisor of c. Writed = gcd(a, b). If d does not divide c, there is no interger solution (x, y) tothe equation. For example, no solution to 108x+ 93y = 20.

Now suppose d|c. We will find all solutions. This is equivalent to finding allsolutions to a0x+ b0y = c0, where a = a0d, b = b0d, c = c0d.

Suppose ja+kb = d. Dividing by d, ja0+kb0 = 1. Note that gcd(a0, b0) = 1.Multiplying through by c0, c0ja0 + c0kb0 = c0. We have found one solution:(x0, y0) = (c0j, c0k).

We want to find all the solutions. Suppose (x, y) is any other solution. Thenxa0 + yb0 = c0. Subtracting c0ja0 + c0kb0 = c0 from this, obtain

(x− c0j)a0 + (y − c0k)b0 = 0.

This implies a0|(y − c0k)b0, hence a0|(y − c0k), and similarly b0|(x − c0j).Factoring,

y − c0k = a0p

4

andx− c0j = b0q.

We just have to find p and q. Substituting,

(b0q)a0 + (a0p)b0 = 0.

This implies q + p = 0, so q = −p. Hence

y = c0k + a0p,

x = c0j − b0p.

In short, any other solution looks like (x, y) = (c0j− b0p, c0k+ a0p). We stillhaven’t found p, but any p willl work. The solution set is therefore

{(c0j − b0p, c0k + a0p) : p ∈ Z}

where ja+ kb = d.

Example: solve 108x + 93y = 27. Earlier we found gcd(108, 93) = 3 =−6(108) + 7(93), so d = 3, a0 = 36, b0 = 31, c0 = 9, j = −6, k = 7, andfinally

(x, y) = (−54− 31p, 63 + 36p).

Using

x[p ]:=-54-31p; y[p ]:=63+36p; Table[{x[p],y[p]},{p,-3,3}]

we obtain

{{39,−45}, {8,−9}, {−23, 27}, {−54, 63}, {−85, 99}, {−116, 135}, {−147, 171}}.

3. Congruence Arithmetic

Definition. Given a natural number n ∈ {1, 2, 3, . . . } we say that integersa and b satisfy a ≡ b (mod n) provided n|(b − a). This is an equivalencerelation.

Properties: (1) a ≡ b and a′ ≡ b′ imply a ± a′ ≡ b ± b′ and aa′ ≡ bb′. (2)a ≡ r where a = qn+ r and 0 ≤ r < n, which implies that there are exactlyn different congruence classes mod n.

5

Divisibility by 3, 4, 11: Reduce the decimal expansion.

Lemma 1: When n = p, ab ≡ 0 mod p forces a ≡ 0 or b ≡ 0 mod p. Falsewhen n is composite.

Lemma 2: When n = p, ab ≡ ac mod p and a 6= equiv0 mod p impliesb ≡ c mod p.Fermat’s little theorem: ap−1 ≡ 1 mod p when gcd(a, b) = 1.Proof: The numbers a, 2a, . . . , (p−1)a are distinct mod p, and none of themare congruent to 0, hence are some permutation of 1, 2, . . . , p−1. Multiplying,ap−1(p− 1)! ≡ (p− 1)!. Canceling, ap−1 ≡ 1.Fermat’s theorem yields inverses. Whenever gcd(a, n) = 1, a has an inversemod n. Inverses are unique mod n: ab ≡ 1 and ac ≡ 1 implies ab ≡ acimplies n|a(b− c). But since gcd(a, n) = 1, n|(b− c) and so b ≡ c.Example: Inverses mod 5 and mod 6.

Wilson’s Theorem: (p− 1)! ≡ −1 mod p.Proof: The numbers 1, . . . , p− 1 all have inverses. Classify into two types:numbers which are their own inverse, and numbers which are not. In theproduct (p − 1)!, numbers which are not their own inverse have product 1mod p, leaving just the numbers which are their own inverse. These satisfyx2 ≡ 1 mod p, p|(x − 1)(x + 1), leaving only x = 1 and x = p − 1. Hence(p− 1)! ≡ 1(p− 1) ≡ −1 mod p.Lagrange’s polynomial congruence theorem: f(x) ∈ Z[x] of degree nhas at most n distinct roots mod p.

Proof: Let x represent an unknown integer. Performing long division modp, f(x) ≡ q(x)(x − a) + r mod p for any integer a. Do an example mod 5.This implies f(a) ≡ r mod p. Hence f(a) ≡ 0 iff r ≡ 0 iff f(x) ≡ q(x)(x−a).Now use an induction argument: a1x+a0 has at most 1 root mod p. Assumef(x) has at most n roots mod p when f(x) has degree n. Let F (x) havedegree n+ 1. Any root a of F (x) has to satisfy F (x) = f(x)(x− a) for f(x)of degree n, therefore any other root of F (x) must be a root of f(x), henceat most n other roots.

For a general n, a has an inverse mod n iff gcd(a, n) = 1. Number of inversesis called φ(n). We will prove later that φ(ab) = φ(a)φ(b) when gcd(a, b) = 1.This allows us to compute φ(n) in general, because φ(pk) = pk − pk−1.Euler’s Theorem: aφ(n) ≡ 1 mod n.

6

Proof: Let x1, . . . , xk be coprime with n. Then so are ax1, . . . , axk, andthese are all distinct, so form a permutation of x1, . . . , xk. This impliesakx1 · · ·xk = x1 · · ·xk, and canceling we obtain the result.Primes of the form x2 + y2: We will show soon that primes in the list1, 5, 9, 13, ... can be written in this form and primes in the list 3, 7, 11, 15, . . .cannot. Proof of the second statement: look at congruence mod 4.

Primes of the form x2 + 2y2: Certain ones ruled out mod 8. What aboutthe others?

Primes of the form x2 + 3y2: Certain ones ruled out mod 3. What aboutthe others?

Project 2: Primitive roots. Non-zero congruence classes mod p can berepresented in the form ak for a given a. Example: p = 7, a = 3. So we cansolve an equation like x5 ≡ 2 mod 7: Replace x by 3k and 2 by 32. Thenwe are solving 35k ≡ 32 mod 7, so 5k ≡ 3 mod 6 and we can determine allpossible k, hence all possible x. Using this, one can say something about thepattern in the decimal expansion of 1

7(for example). See Sections 3.8. In

section 3.9 the fact existence of primitive roots mod p is proved.

4. The RSA Cryptosystem

Goal: send an encrypted message publically in such a way that only certainpeople can decode the message.

How to encode the message “The password is cat”:

1. Encode the message in integer form: 20, 8, 5, 27, ... (27 represents aspace)

2. Pick a number n = pq where p and q are different, very large primes.

3. Pick a number e carefully.

4. Reduce the numbers 20e, 8e, 5e, ... mod n.

5. Publish the list in 4, along with the message “we used e and n to encodethe message.”

6. Make sure the person the message is intended for knows the value of pand q. Using this special knowledge, the person can decrypt the message.Without this knowledge it could take a very long time to decrypt the message.

Example: p = 47, q = 109, n = 5123, e = 5, message is 3248, 2030, 3125,4507, ... . Knowing this, the person who knows p = 47 and q = 109 can

7

figure out that the way to decode the message is to raise each number in thecode to the power 2891 and reduce mod 5123. For eaxmple, 32482891 ≡ 20mod 5123, 20302891 ≡ 8 mod 5123, etc.

5. The Ring of Gaussian Integers. Primes of the form x2 + y2.

The ring of Gaussian Integers is Z[i] = {a + bi : a, b ∈ Z}. Closed underaddition, has additive identity 0 + 0i, has additive inverses, closed undermultiplication, has a multiplicative identity 1 + 0i.

Notation: (a+bi)|(c+di) means c+di = (a+bi)(x+iy) for some x+iy ∈ Z[i].

Example: (1 + 2i)|(11 + 2i). How to tell: divide.

Example: (2 + 5i) 6 |(11 + 2i) does not divide 11. How to tell: divide.

Norm of a+ bi: a2 + b2.

N(αβ) = N(α)N(β): just do it.

Factoring α: suppose β|α. Then N(β)|N(α).

Factoring 9 + 39i: N(9 + 38i) = 1525 = 52 · 61. Sums of squares thatare divisors of this number: must be of the form 4n + 1. Divisors are{1, 5, 25, 61, 305, 1525}. 5 = 12+22, 25 = 32+42, 61 = 52+62, 305 = 172+42.Trying some of these,

9 + 38i

1 + 2i= 17 + 4i

9 + 38i

1− 2i= −67

5+

56i

5

9 + 38i

3 + 4i=

179

25+

78i

25

9 + 38i

3− 4i= −5 + 6i

9 + 38i

5 + 6i=

273

61+

136i

61

So we have 9 + 38i = (1 + 2i)(17 + 4i) = (3− 4i)(−5 + 6i).

Factoring 5 + 6i: Norm is prime, so cannot be non-trivially factored.

Division with remainder: Given α and β 6= 0+0i in Z[i], write αβ

= γ+(x+iy)

where γ ∈ Z[i] and |x|, |y| ≤ 12. Then we have α = γβ + ρ.

8

Example: α = 11 + 2i, β = 2 + 5i, 11 + 2i = (1 − 2i)(2 + 5i) + (−1 + i).Remainder is ρ = −1 + i.

Given α and β, form sequence α0, α1, α2, . . . as in Euclid’s Method. SinceN(α1) > N(α2) > · · · , eventually some remainder is 0.

Example:11 + 2i = (1− 2i)(2 + 5i) + (−1 + i)

2 + 5i = (1− 4i)(−1 + i) + (−1)

−1 + i = (1− i)(−1) + (0 + 0i)

Properties of sequence α0, α1, α2, . . . :

(1) δ|α0 and δ|α1 implies δ|αi for all i, including αn−1.

(2) δ|αn−1 implies δ|αi for all i, including α0 and α1.

Summary: δ|α and δ|β if and only if δ|αn−1. They have the same divisors.We will call αn−1 a greatest common divisor. There could be more than one,because when α

βcould be rounded either up or down if the quotient consists

of half integers.

More generally, we will say that γ is a greatest common divisor of α andβ when γ is a common divisor and when any common divisor of α and βdivides γ.

Relationship between two greatest common divisors γ1 and γ2: γ1 = δ1γ2and γ2 = δ2γ1, therefore γ1 = δ1δ2γ1, therefore δ1δ2 = 1, therefore N(δ1) = 1,therefore δ ∈ {±1,±i}. We will call the elements of norm 1 the units in Z[i]since they are the elements that have multiplicative inverses in Z[i].

Gaussian prime: not zero, not a unit, but when it factors, one of the factorsis a unit or an associate.

Gaussian composite: not prime, so factors into two numbers with strictlysmaller norm.

Every number can be factored into Gaussian primes by repeated splitting.

Associates: α = µβ where µ is a unit. All associates of a prime are prime.

Goal: show prime factorization is unique up to units. In other words, whenp1 · · · pm = q1 · · · qn then m = n and for each pi there is a qj such that pi = uqjfor some unit u.

9

Lemma: When gcd(α, β) = 1 then µα + νβ = δ is possible.

Example: use 11 + 2i and 2 + 5i above.

Lemma: when π is a Gaussian Prime and π 6 |α then gcd(π, α) is a unit.

Proof: Let δ = gcd(π, α). The divisors of π are units and associates of π.But no associate can divide α, otherwise π divides α. Therefore δ is a unit.

Lemma: when π is a Gaussian Prime and π|αβ then π|α or π|β.

Proof: Suppose π 6 |α. We have µπ + να = δ, µπβ + ναβ = δβ, thereforeπ|δβ, therefore π|β.

This lemma can be extended to showing that when π|α1α2 · · · then π|αi forsome i.

To prove unique factorization into Gaussian Primes, cancel off primes as wedid before using this lemma.

Gaussian Primes in Z[i]: Let π be a Gaussian Prime. Then N(π) = ππ′ =p1 · · · pk, therefore π|pi for some i. Hence each Gaussian prime divides a primenumber. The prime must be unique, otherwise π|1 which is impossible. Wewill characterize the Gaussian Primes according to the unique prime numbersthey divide.

Let p be a prime number. Let p = π1 · · · πk be Gaussian Prime factorization.Then k ≤ 2 by consideration of the norm. Cases:

k = 1. p is a Gaussian Prime. Note that in this case we cannot have p =a2+b2 where a, b 6= 0, otherwise we have the factorization p = (a+bi)(a−bi).The Gaussian Primes associated with p are ±p and πpi.

k = 2. We have p = ππ′ = a2 + b2, and corresponding Gaussian Primes areassociates of a± bi.

Standard representation of a Gaussian Prime: up where u is a unit and p is aprime, or u(a+ bi) where |a| > |b| and a > 0. Every number can be uniquelyfactored into a unit times some product of standard Gaussian Primes.

Theorem: an odd prime p is of the form x2 + y2 iff p ≡ 1 mod 4.

Proof: We already know that p = x2 + y2 implies p ≡ 1 mod 4. Now supposep ≡ 1 mod 4. We will show that p is not a Gaussian prime, which by casek = 2 above implies that p = a2 + b2.

10

Given that (p − 1)! ≡ −1 mod p, we have −1 ≡ (p − 1)! = (4n)! ≡ m2 forsome m. Do an example. Therefore p|m2 + 1, p|(m + i)(m − i). Since pdivides neither factor, p is not a Gaussian Prime.

Two derivations of Pythagorean Triples.

First method: Unique Factorization in N.

Our goal is to find all solutions to x2+y2 = z2 when x, y, z ∈ N. A modulus 4argument shows that x and y cannot both be odd. Given a solution (x, y, z)with gcd(x, y) = d > 1, we can obtain another solution (x0, y0, z0) afterdivision by d2. So it suffices to characterize primitive solutions (x, y, z) wherex, y, z > 0, gcd(x, y) = 1, and x is odd and y is even and z is odd. Any othersolution must be of the form (kx, ky, kz) where gcd(x, y) = 1.

A solution satisfies (z+x)(z−x) = y2 = 4y20. The factors z−x and z+x areeven. We claim that gcd(z + x, z − x) = 2. Reason: Any prime divisor p ofz+ x and z− x must be a divisor of (z+ x)− (z− x) = 2x. It cannot dividex, otherwise it divides z and therefore y. Hence p = 2. Hence the greatestcommon divisor is 2k for some k. But 2k|2x, therefore 2k−1|x, and since x isodd, k = 1.

Now write z + x = 2u, z − x = 2v. Then u and v are coprime and satisfyuv = y20. Hence u = a

2, v = b2, z + x = 2a2, z − x = 2b2, x = a2 − b2,z = a2 + b2, y = 2ab, (x, y, z) = (a2− b2, 2ab, a2 + b2). Moreover a > b, a andb must have opposite parity to make x odd, and gcd(a, b) = 1 (the last twoconditions because gcd(x, y) = 1).

To complete our characterization we will show that every such triple is aprimitive Pythagorian triple. It suffices to show that a2 − b2 and 2ab arecoprime. Given that a2 − b2 is odd and 2ab is even, any prime that dividesa2 − b2 and 2ab must divide a or b, hence both. So there are no commonprime divisors.

We can use the Tree of Coprime Pairs to organize the Pythagorean Triples.

Second Proof:

Lemma: α|β implies N(α)|N(β). Proof: β = αγ implies N(β) = N(α)N(γ).Suppose x2+y2 = z2 where x is odd and y is even and z is odd and gcd(x, y) =1. Then we have (x+ iy)(x− iy) = z2. If π|x+ iy and π|x− iy then π|2x andπ|2iy and π|z. Taking norms, N(π)|4x2 and N(π)|4y2 and N(π)|z2. Sincez is odd, N(π) is odd. Therefore N(π)|x and N(π)|y, therefore N(π) = 1,

11

therefore π is a unit. So the unique factorizations of x+ iy and x− iy haveno common Gaussian primes. Since every Gaussian Prime in z2 appears aneven number of times, they do in x + iy and x − iy, so x + iy is a perfectsquare. Hence we can write x+ iy = (a+ bi)2 = a2 − b2 + 2abi, which forcesx = a2 − b2 and y = 2ab.

Project: Section 6.7, Primes of the form 4n+ 1.

Description: characterization. Infinitely many of them.

6. Primality versus Irreducibility.

We have defined primes in N, Z, and Z[i] as non-zero non-units that cannotbe factored into two non-units. In all cases our primes have two properties:irreducibility and primality. Irreducibility: π = αβ implies α or β is aunit. Primality: π|αβ implies π|α or π|β. Irreduciblity is by definition, andprimality is a consequence of Euclid’s method (review proof). We will showthat irreducibility alone does not guarantee primality.

Define a restricted number to be any natural number ≡ 1 mod 4. De-fine the restricted divisors of a restricted number to be all the divisorswhich are ≡ 1 mod 4. For example, the restricted divisors of 225 are{1, 5, 9, 25, 45, 225}, whereas the entire set of divisors also includes 3, 15,and 75. Define a restricted prime number to be any restricted numberthat has exactly two restricted divisors. The first few restricted primes are{5, 9, 13, 17, 21, 29, 33, 37, 41, 49}. The restricted factorization of a restrictednumber is a factorization into restricted numbers. Every restricted num-ber greater than 1 is either a restricted prime or factors into two restrictedprimes. Two restricted prime factorizations of the restricted number 441 are441 = (9)(49) and 441 = (21)(21). The restricted prime 21 violates primality:21|(9)(49) yet 21 divides neither 9 nor 49.

The proof that p|ab implies p|a or p|b rests on p 6 ÷a implies gcd(p, a) = 1,therefore xp+ ya = 1, therefore xpb+ yab = b, therefore p|b. This requires xad y to be integers. There is nothing analoguous to Euclid’s method amongrestricted integers, because a = bq+r among restricted integers is impossible.

Exercise: (a) show that 693 and 1617 are restricted numbers that have non-unique restricted prime factorizations. (b) Find a restricted prime largerthan 49 that violates primality.

12

7. The ring Z[√−2].

Elements are a+ b√−2 where a, b ∈ Z. Closed with respect to addition and

multipication.

N(α) = αα, hence N(a+ b√−2) = a2 + 2b2.

N(αβ) = N(α)N(β).

Units: α ∈ Z[√−2] is a unit iff αβ = 1 for some β ∈ Z[

√−2].

The units are ±1: 1 and −1 are both units. If α is any unit then αβ = 1,N(α)N(β) = 1, N(α) = 1, a2 + 2b2 = 1, a2 = 1 and b2 = 0.

Division: αβ

= αβββ

= αβN(β)

.

Divisiblity: α|β means βα

= γ ∈ Z[√−2], i.e. β = γα.

Divisbility criterion: α|β implies N(α)|N(β).

Composite number: α = βγ where N(β) 6= 1, N(γ) 6= 1.

Prime number: Not a unit and not composite. Equivalently, α = βγ impliesN(β) = 1 or N(γ) = 1.

Standard prime: π = a+b√−2 where the first non-zero coefficient is positive.

Every non-zero non-unit factors into a product of primes by repeated factor-ization, hence a product of standard primes times a unit.

Division algorithm: Given α and β where β 6= 0, let αβ

= γ + µ where γ has

rounded integer coefficients. Then coefficients of µ are ≤ 12

and N(µ) ≤ 34.

Hence we haveα = γβ + ρ

where ρ = µβ. We have ρ = α − γβ ∈ Z[√−2] and N(ρ) = N(µ)N(β) <

N(β).

Euclid algorithm: same as before. Halts after a finite number of steps becauseremainder norms strictly decrease.

If π is prime and π 6 | α then µα+βπ = 1 is possible: Using Euclid’s methodwe can compute

δ = gcd(α, π) = µα + νπ.

Since δ|π, N(δ) = 1 or N(δ) = N(π). To rule out the latter case, supposeN(δ) = N(π) and write α = α0δ and π = π0δ. Then N(π0) = 1, therefore

13

π0 = ±1 and we have δ = ±π, α = α0δ = ±α0π, which contradicts π 6 | α.So N(δ) = 1 and µα + νπ = ±1.

Primes satisfy primality: suppose π is prime and π|αβ. If π|α we’re done.If π 6 | α, write µα + νπ = 1 and αβ = γπ. Then we have µαβ + νπβ = β,µγπ + νπβ = β, π|β.

Since primes satisfy primality, factorization into standard primes is unique:Given θπ1π2 · · · πj = θ′π′1π′2 · · · π′k where j ≤ k, by primality we have wlogπ1|π′1, hence π1 = ±π′1, hence π1 = π′1 since both primes are standard. Cancelthem out. Keep on going until π1 · · · πj is cancelled out, leaving

θ = θ′π′j+1 · · · π′k.

By comparison of norms, j = k, which forces θ = θ′ also.

Determining the primes in Z[√−2]:

1. Any α with prime norm has to be a prime in Z[√−2], because if α = βγ

then N(α) = N(β)N(γ), therefore N(β) = 1 or N(γ) = 1.

2. Every π divides exactly one integer prime p, so the primes in Z[√−2] are

found by the prime factorization of the integer primes.

3. Suppose p does not occur as N(α) for any α. Then p is prime: p = αβimplies p2 = N(α)N(β), and since N(α) 6= p, N(α) = 1 or N(α) = p2, soeither α or β is a unit. The prime factors of p are p and −p.

4. Suppose p = N(α) for some α. In this case p = αα, so p is not prime.However, in this case N(α) = N(α) = p, so both α and α are prime. Byunique factorization, the prime factors of p are ±α and ±α.

Integer primes of the form a2 + 2b2: For a prime p, p = a2 + 2b2 is possibleiff x2 ≡ −2 has a solution mod p. Proof: p = a2 + 2b2 implies a2 ≡ −2b2implies (ab−1)2 ≡ −2. Conversely, x2 ≡ −2 implies p|(x +

√−2)(x−

√−2),

and since p divides neither factor, p violates primality, therefore p is not aprime in Z[

√−2], therefore p = αβ where neither α nor β is a unit, therefore

p = N(α) = a2 + 2b2.

Primes p that permit a solution to x2 ≡ −2 mod p: just look at 12, 22, ..., (p−1)2 and see if p− 2 occurs.

Solving y3 = x2 + 2: Write this as y3 = (x +√−2)(x −

√−2). We would

like to apply unique factorization in Z[√−2] to this, but that requires that

14

x +√−2 and x −

√−2 have no prime factors in common. If π is a prime

satisfying π|(x +√−2) and π|(x −

√−2 then π|2x and π|2

√−2 and π|y3.

Therefore N(π)|4x2 and N(π)|8 and N(π)|y3. So N(π) is even, which forcesy3 even. This forces x even. Reducing y3 = x2 + 2 mod 4 we get 0 ≡ 2 mod4, a contradiction. So there is no common prime divisor. Hence x+

√−2 =

±(a+ b√−2)3 = (A+B

√−2)3 = A3 + 3

√−2A2B− 6AB2− 2

√−2B3. This

yieldsx = A3 − 6AB2

1 = 3A2B − 2B3 = B(3A2 − 2B2).When B = 1 we have 3A2 − 2 = 1, therefore A = ±1. When B = −1 wehave 3A2 − 2 = −1 and there is no solution for A. We obtain

(A,B) = (1, 1) =⇒ x = −5, y = 3

(A,B) = (−1, 1) =⇒ x = 5, y = 3.

Exercises:

1. Factor 28+178√−2 into primes in Z[

√−2]. Hint: compute the norm first,

use Mathematica to factor the norm into prime factors, then try dividing28 + 178

√−2 by one of the primes in Z[

√−2] related to one of these primes.

Keep on going.

2. Find gcd(−2 + 8√−2, 2 + 7

√−2) = δ using Euclid’s Method, then find

µ, ν ∈ Z[√−2] such that

µ(−2 + 8√−2) + ν(2 + 7

√−2) = δ.

8. The rings Z[√−3] and Z[−1+

√−3

2]

First consider the ring Z[√−3]. We can define divisibility and norm and

primes as before. Units: N(α) = 1 implies x2 + 3y2 = 1 implies α = ±1.Unique factorization into primes fails: consider

2 · 2 = (1 +√−3)(1−

√−3).

Each of the factors is prime but none is an associate of the other. What’swrong: unique factorization follows from π|αβ implies π|α or π|β where π is

15

prime. So this must fail. So Euclid’s method must fail. It does: let α = 2,β = 1 +

√−3. Then

2

1 +√−3

= 21−√−3

4=

1

2− 1

2

√−3.

This can be rounded to either 0 + 0√−3, 0 −

√−3, 1 + 0

√−3, 1 −

√−3.

Each yields a bad result:

2

1 +√−3

= (0 + 0√−3) + (1

2− 1

2

√−3)

yields2 = (0 + 0

√−3)(1 +

√−3) + 2.

2

1 +√−3

= (0−√−3) + (1

2+

1

2

√−3)

yields2 = (0−

√−3)(1 +

√−3) + (−1−

√−3).

2

1 +√−3

= (1 + 0√−3) + (−1

2− 1

2

√−3)

yields2 = (1 + 0

√−3)(1 +

√−3) + (1−

√−3).

2

1 +√−3

= (1−√−3) + (−1

2+

1

2

√−3)

yields2 = (1−

√−3)(1 +

√−3)− 2.

So in each case |ρ| = |β| = 4. In the abstract: write αβ

= x+ y√−3. Round

x and y to nearest integers x′ and y′ with remainders |r| ≤ 12, |s| ≤ 2. In

the worst case scenario, |r| = |s| = 12, yielding ρ = (r + s

√−3)β, N(ρ) =

(r2 + 3s2)N(β) = N(β).

A way to fix things: Expand Z[√−3] to Z[ω] = {a + bω : a, b ∈ Z} where

ω = −1+√−3

2. One can check that this produces all a + b

√−3 with a, b ∈ Z

and all r+s√−3 with r and s equal to half-integers. It is closed with respect

to addition and multiplication (addition is clear, multiplication follows fromω2 = −ω − 1. So when Euclid’s method with rounding is performed andαβ

= r + s√−3 where r and s are half-integers, we actually have β|α with

16

remainder 0. Unique factorization is restored. We gain new units: when rand s are half-integers and r2 +3s2 = 1, the only possibilities are |r| = 1

2and

|s| = 12. So we pick up four more units: ±1

2± 1

2

√−3.

Primes in Z[ω]:

1. Any α with prime norm has to be a prime in Z[ω], because if α = βγ thenN(α) = N(β)N(γ), therefore N(β) = 1 or N(γ) = 1.

2. Every π divides exactly one integer prime p, so the primes in Z[ω] arefound by the prime factorization of the integer primes.

3. Suppose p does not occur as N(α) for any α. Then p is prime: p = αβimplies p2 = N(α)N(β), and since N(α) 6= p, N(α) = 1 or N(α) = p2, soeither α or β is a unit. The prime factors of p are p and −p.

4. Suppose p = N(α) for some α. In this case p = αα, so p is not prime.However, in this case N(α) = N(α) = p, so both α and α are prime. Byunique factorization, the prime factors of p are ±α and ±α.

Lemma: Let p be an integer prime number. Then p = N(α) for someα ∈ Z[ω] if and only if x2 ≡ −3 mod p has a solution.

Proof: Suppose p = N(α) for some α. If α = a+ b√−3 where a, b ∈ Z then

p = a2 + 3b2, and if α = 2a+12

+ 2b+12

√−3 then 4p = (2a+ 1)2 + 3(2b+ 1)2, so

in either case a2 + 3b2 ≡ 0 mod p, which implies a2 ≡ −3b2 mod p. If b 6≡ 0mod p then we have (a/b)2 ≡ −3 mod p, as desired. If b ≡ 0 then a ≡ 0 thensomething bad happens:

0 ≡ 4p = (2a+ 1)2 + 3(2b+ 1)2 ≡ 4 mod p,

which forces p = 2 and 8 = (2a + 1)2 + 3(2b + 1)2. There is no solution tothis. Hence we always have a solution to x2 ≡ −3 mod p when p = N(α).

Conversely, suppose that x2 ≡ −3 mod p has a solution. Then p|(x2 + 3),therefore p|(x+

√−3)(x−

√−3). Since p divides neither factor in Z[ω], it is

not a prime in this ring, so p = αβ where N(α) 6= 1 and N(β) 6= 1. Takingnorms, p2 = N(α)N(β), therefore N(α) = p.

Primes p that permit a solution to x2 ≡ −3 mod p: just look at 12, 22, ..., (p−1)2 and see if p− 3 occurs.

Project: Section 7.5, Rational solutions of x3 + y3 = z3 + w3.

17

Project: Sections 7.6 and 7.7. There is no positive integer solution so x3 +y3 = z3.

9. Four Squares Theorem

Quaterions are expressions of the form a + bi + cj + dk with a, b, c, d ∈ Zand i2 = j2 = k2 = −1 and ij = k, jk = i, ji = j and the other productsproducing opposite sign. The quaternions form a non-commutative ring. Theconjugate of a+bi+cj+dk is a−bi−cj−dk and N(α) is defined in the usualway and satisfies N(αβ) = N(α)N(β). This implies that the product of asum of four squares is a sum of four squares. The Eight-Squares Theorem,which is Project 8, is to prove that the product of a sum of eight squares is asum of eight squares. Each nonzero α has an inverse, but αβ−1 is not the sameas β−1α, so division must be done carefully. We will say that α|β if βα−1 is avalid quaterion. The division algorithm is αβ−1 = γ+µ where γ has roundedcoefficients, hence α = γβ+µβ = γβ+ρ, but it is possible for µ to have norm1, hence ρ to have norm β. An example of this is α = 1 + i + j + k, β = 2.Hence primes (defined in the usual way) do not necessarily satisfy primality.An example: We have (1+ i)(1− i) = (1+j)(1−j). The factor 1+ i is prime:1 + i = αβ implies 2 = N(α)N(β) implies N(α) = 1 or N(β) = 1. Yet 1 + idoes not divide 1 + j or 1 − j because (1 + i)(1 + j)−1 = (1 + i)(1

2− 1

2j) =

12

+ 12i− 1

2j − 1

2k and (1 + i)(1− j)−1 = (1 + i)(1

2+ 1

2j) = 1

2+ 1

2i+ 1

2j + 1

2k.

Given the failure of at least one prime to satisfy primality, we can’t proveunique factorization into primes.

Proving that (a + bi + cj + dk)(a − bi − cj − dk) = a2 + b2 + c2 + d2 andN(αβ) = N(α)N(β): observe that all quaternions can be written in the formz + wj where z, w ∈ C. Hence z + wj = z − wj. We also have jw = wj forall w ∈ C and N(z + wj) = N(z) +N(w). Hence

(z + wj)(z + wj) = (z + wj)(z − wj) = zz − zwj − wjz − wjwj =

zz + ww = N(z) +N(w) = N(z + wj).

Also,

(z1+w1j)(z2+w2j) = z1z2+z1w2j+w1jz2+w1jw2j = (z1z2−w1w2)+(z1w2+w1z2)j

hence

N((z1 + w1j)(z2 + w2j)) = N(z1z2 − w1w2) +N(z1w2 + w1z2) =

18

(N(z1) +N(w1))(N(z2) +N(w1)).

An example that shows βα−1 a valid quaternion yet α−1β not a valid quater-nion: β = 1 + 2i+ 3j + 6k, α = 1 + 3j.

Hurwitz numbers are expressions of the form A1+i+j+k2

+Bi+Cj+Dk whereA,B,C,D ∈ Z. These form a ring. The coefficients of 1, i, j, k are all integersor all half-integers (n+ 1

2where n ∈ Z).

An example of Hurwitz factoring: let α = 4 + 5j + k. Then N(α) = 42.If β|α then N(β)|N(α). One of the divisors of N(α) is 2. Any Hurwitznumber with two coefficients equal to 0 and two coefficients equal to ±1 hasnorm 2, and these are potential divisors of α. There is no divisor with half-integer coefficients. There are

(42

)= 6 ways to decide which two positions

are 0, and 4 ways to assign the other two coordinates, for a total of 24possible divisors. Using Mathematica we see that all 24 possibilities produceactual divisors. For example, (4 + 5j + k)(1 + i)−1 = 2 − 2i + 2j + 3k and(4 + 5j + k)(1 + j)−1 = 9

2+ 1

2i+ 1

2j + 1

2k. One can check that

(2− 2i+ 2j + 3k)(1 + i) = (92

+1

2i+

1

2j +

1

2k)(1 + j) = 4 + 5j + k.

Exercise: Factor 3i+ 4j into two quaternions with norm equal to 5.

The ring H of Hurwitz integers has a kind of Euclid’s algorithm: The di-vision algorithm for quaternions fails precisely when αβ−1 has half-integercoefficients. But in H, when αβ−1 has half-integer coefficients, β|α and theremainder is 0, which has norm less than β. We will define gcd(α, β) as αn−1in the following system of equations: α0 = α, α1 = β,

α0 = γ0α1 + α2 (N(α2) < N(α1),

α1 = γ1α2 + α3 (N(α3) < N(α2),

...

αn−2 = γn−2αn−1 + αn (N(αn) = 0).

We can prove by induction (last equation to first) that αn−1|αk for each k,hence αn−1|α and αn−1|β. We can prove by induction (first equation to last)

19

that if δ|α and δ|β then δ|αk for all k, hence δ|αn−1. So δ = gcd(α, β) acts inthe usual way as a greatest common divisor. Moreover, the algorithm shows(by the usual methods) that there exist µ and ν such that µα + νβ = δ.When N(δ) = 1, there is a solution to µα + νβ = 1.

Note: you can find µ and ν using a procedure analogous to the Vector EuclidAlgorithm. For example, let α = 3 + i − 2j + 8k and β = 7 + 3i − 2j + 4k.The first two steps of Euclid’s method yield

3 + i− 2j + 8k = (1 + k)(7 + 3i− 2j + 4k) + (−4i− 3j − 3k)

and

7 + 3i− 2j + 4k = (−1 + 0i+ j + k)(−4i− 3j − 3k) + (1− i− j − 3k).

Symbolically, the progression is

(α, β)

(β, α− (1 + k)β)

(α− (1 + k)β, β − (−1 + 0i+ j + k)(α− (1 + k)β)).

We will eventuall arrive at (δ, 0) and at this point δ will be in the formµα + νβ.

Exercise: Let α = 3+i−2j+8k and β = 7+3i−2j+4k. (a) Find gcd(α, β) = δusing Euclid’s Method. (b) Verify that αδ−1 ∈ H and βδ−1 ∈ H. (c) Find µand ν such that µα + νβ = δ.

Every non-zero non-unit Hurwitz integer that cannot be factored into Hur-witz integers with smaller norm will be called a Hurwitz prime. Every non-zero non-unit can be factored into Hurwitz primes. Now suppose π is aHurwitz prime and α is a Hurwitz integer and π does not divide α. We claimthat δ = gcd(π, α) has norm 1. To see this, let µ be a common divisor offπ and α. We have π = π0µ and α = α0µ. If N(µ) > 1 then N(π0) = 1,hence π0 is invertible and we have µ = π

−10 π. Therefore α = α0π

−10 π, a

contradiction since π does not divide α.

Claim: when an ordinary prime p is a Hurwitz prime, then p|αβ implies p|αor p|β. For suppose p does not divide α. Then the greatest common divisor

20

of p and α has norm 1 and there is a solution to µp + να = 1. This yieldsµpβ + ναβ = β. We can also write αβ = γp. Hence

µpβ + νγp = β.

Since p commutes with Hurwitz integers, we can factor this as

(µβ + νγ)p = β.

Hence p|β.Four Squares Theorem: Every positive integer is the sum of four squares.To prove this we need only prove that every prime number is the norm ofsome quaternion. Given an arbitrary integer n ≥ 2, factor it into the productof primes

n = p1p2 · · · pk = N(α1)N(α2) · · ·N(αk) = N(α1α2 · · ·αk).

We have 2 = N(1 + i). Now let p be an arbitrary odd prime. If we can findintegers a and b such that p|(1 + a2 + b2) then we will have

p|(1 + ai+ bj)(1− ai− bj).

Since p divides neither factor, p is not a Hurwitz prime, therefore p = αβwhere N(α) 6= 1 and N(β) 6= 1. Computing norms we quickly see thatp = N(α). To finish the proof we must show that a and b can always befound and that the norm of any Hurwitz number can always be expressed asthe norm of an appropriate quaternion.

We find a and b as follows: we are really looking for a and b that satisfy1+a2 + b2 ≡ 0 mod p. Write p = 2r+1. The numbers 1+02, 1+12, ..., 1+r2are distinct mod p, and the numbers −02,−12, . . . ,−r2 are distinct mod p. Ifthe lists have no common modulus in the range [0, 2r] then we have identified2r + 2 different numbers in this range, which is one too many. So we musthave 1 + a2 ≡ −b2 mod p, which yields 1 + a2 + b2 ≡ 0 mod p.We now show that the norm of every Hurwitz number α is the norm of somequaternion. If α is already a quaternion then we are done. If not then α hashalf-integer coordinates and we can write α = a.5 + b.5i+ c.5j + d.5k wherea, b, c, d are integers. Since every half-integer is within one unit of an even

21

integer, we have α = (2A + 2Bi + 2Cj + 2Dk) + (x + yi + zj + dk) where|x| = |y| = |z| = |w| = 1

2. Therefore

α(x− yi− zj − wk) =

(2A+2Bi+2cJ+2Dkl)(x−yi−zj−wk)+(x+yi+zj+dk)(x−yi−zj−wk) =

(A+Bi+ Cj +Dk)(2x− 2yi− 2zj − 2wk) + 1.

Since the last expression is a quaternion, α(x−yi−zj−wk) is a quaternion.Moreover we have

N(α) = N(α) · 1 = N(α)N(x− yi− zj − dk) = N(α(x− yi− zj − wk)).

10. The rings Z[√

2] and Z[√

3]

Both are Euclidean:

Let R stand for one of these rings. Let α, β ∈ R with β 6= 0. Write α/β =u+ v

√d where u, v ∈ Q. Choosing x closest to u and y closest to v we have

α = (x+ y√d)β + (r + s

√d)β

where |r|, |s| ≤ 12. For d = 2 we have

|r2 − 2s2| ≤ r2 + 2s2 ≤ 34.

For d = 3 we have

−3/4 ≤ −3s2 ≤ r2 − 3s2 ≤ r2 ≤ 14.

In both cases

|N((r + s√d)β)| ≤ 3

4|N(β)| < |N(β)|.

Units in Z[√

2]: We must find all integer solutions to x2 − 2y2 = 1. By trialand error, one solution is (x, y) = (3, 2), so 3 + 2

√2 is a unit. We want to

find all the others.

22

We will classify the units according to |x|. There are no units with |x| = 0.When |x| = 1 the units are ±1. When |x| = 2 there are no units becausex2 − 2y2 is an even number. So all units not equal to ±1 have |x| ≥ 3.Next, we classify the units according to |y|. The units corresponding to y = 0are ±1. When |y| = 1 there are no integer solutions to x2 − 2y2 = 1, so nounits. So all units not equal to ±1 have |y| ≥ 2.Summary: the units other than ± are of the form x + y

√2 where |x| ≥ 3

and |y| ≥ 2.Classification of units other than ±1 according to the sign of x and y:Type I: x ≥ 3 and y ≥ 2: x+ y

√2 > 1.

Type II: x ≥ 3 and y ≤ −2: This is the conjugate of a Type I unit, hence0 < x+ y

√2 < 1.

Type III: x ≤ −3 and y ≥ 2: This is −1 times a Type II unit, hence−1 < x+ y

√2 < 0.

Type IV: x ≤ −3 and y ≤ −2: This is −1 times a Type I unit, hencex+ y

√2 < −1.

We now find all the Type I units. The smallest one is µ = 3 + 2√

2. Letα > µ be any other one. Since µ > 1, µk →∞ as k →∞, and so

µk ≤ α < µk+1

for some k. Hence1 ≤ α

µk< µ.

Since αµk

is a unit and µ is the smallest Type I unit, the only possiblity

is αµk

= 1. Therefore α = µk. This implies that the Type I units are

µ, µ2, µ3, . . . . All other units can be expressed in terms of these. Hence wecan find all solutions to x2 − 2y2 = 1.There is nothing special about 2 in the remarks above. We will define thenorm of x + y

√n to be x2 − ny2 for any integer n ≥ 2. There has to be

a lower limit to |x| and |y| given that x + y√n = 1 is a unit, and we can

classify the units as we did above and prove that all Type I solutions are ofthe form (a + b

√n)k where a + b

√n is the smallest Type I unit. The only

problem is finding a + b√n in the first place – we can’t do this if there are

no Type I solutions to x2 − ny2 = 1.

23

An application: find infinitely many integer solutions to x2−2y2 = 7. Restateas N(x + y

√2) = 7. One solution is (x, y) = (3, 1). Others are in the form

(x, y) where x + y√

2 = un(3 +√

2) where N(u) = 1. Another application:find infinitely many integer solutions to x2 − 3y2 = 22. One solution is(x, y) = (5, 1). Others are in the form un where N(u) = 1.

It is a theorem that x2 − ny2 = 1 always has a Type I solution. Instead ofdoing this in full generality, we will arguing that x2 − 5y2 = 1 has a non-trivial solution. We will give enough information to indicate how to find thesolution, but will omit the actual solution since the details are messy.

First suppose we can find a sequence X1 + Y1√

5, X2 + Y2√

5, ..., all withthe same norm N . If N = 1, great. If N 6= 1, observe that reducing each(Xk, Yk) mod N , there are only N

2 possible reduced pairs, so after lookingat the first N2 + 1 pairs we will have (Xi, Yi) and (Xj, Yj) with Xi ≡ Xj modN and Yi ≡ Yj mod N . This produces a solution to x2 − 5y2 = 1 as follows:

Xi + Yi√

5

Xj + Yj√

5=

(Xi + Yi√

5)(Xj − Yj√

5)

N=

(XjXj − 5YiYj) + (−XiYj +XjYi)√

5

N.

This works out to A+B√

5 for some A,B ∈ Z, and A2 − 5B2 = 1.

How to produce the sequence X1 + Y1√

5, X2 + Y2√

5, ...: Suppose for eachk we can find xk + yk

√5 such that 1 ≤ yk ≤ k and |xk − yk

√5| < 1

k. Then

|x2k−5y2k| = |xk−yk√

5||xk+yk√

5| ≤ 1k

(1

k+2yk

√5) =

1

k2+

2ykk

√5 ≤ 1+2

√5 < 6.

In other words, each xk+yk√

5 has norm in the range [−5, 5]. Since the normwill never be 0, there are 10 possible values of N(xk + yk

√5). One of these

norms, say N , has to be attained at least N2 + 1 times, say X21 − 5Y 21 = N ,X22 − 5Y 22 = N , etc.

How to produce the sequence x1+y1√

5, x2+y2√

5, ...: Round√

5 up to the in-teger a1, round 2

√5 up to the integer a2, etc. Then the differences ai−i

√5 all

fall between 0 and 1, therefore the differences bi = k(ai−i√

5) all fall between0 and k. Each bi lives in exactly one of the intervals (0, 1), (1, 2), . . . , (k−1, k).Since there only k of these intervals, two of the numbers b1, b2, . . . , bk+1 liein the same interval. This implies |bj − bi| < 1 where 1 ≤ i < j ≤ k + 1. Inother words, |(aj − ai)− (j− i)

√5| < 1

k. We can set xk = aj − ai, yk = j− i.

24

Example using k = 4: a1 = d√

5e = 3, a2 = d2√

5e = 5, a3 = d3√

5e = 7,a4 = d4

√5e = 9, a5 = d5

√5e = 12, b1 = 3.05573, b2 = 2.11146, b3 = 1.16718,

b4 = 0.222912, b5 = 3.27864. Since b1 and b5 both live in (3, 4), we have i = 1,j = 5, x4 = a5− a1 = 12− 3 = 9, y4 = 5− 1 = 4, |9− 4

√5| = 0.0557281 < 1

4.

Continued fraction calculation: see hand-written notes.

11. Positive integers of the form x2 + y2 and x2 + 2y2.

Theorem: Let n be an integer with prime factorization 2e23e35e5 · · · . Then

n = x2 + y2 where x, y ∈ Z if and only if ep is an even number for each primep ≡ 3 mod 4.

Theorem: Let n be an integer. Then n = x2 + y2 if and only if every primefactor of n that is prime in Z[i] appears with even exponent in the primefactorization of n.

Remark: We proved that the ordinary primes that are prime in Z[i] arethose congruent to 3 mod 4.

Proof: Suppose the prime factorization of n has this property. Then n =A2B where the prime divisors of B are not prime in Z[i]. If p is not prime inZ[i] then p = αβ, therefore p2 = N(α)N(β), therefore p = N(α). Hence B =p1p2 · · · pk = N(α1)N(α2) · · ·N(αk) = N(αk) = N(α1α2 · · ·αk) = x2 + y2.This implies n = (Ax)2 + (Ay)2.

Example:

1485154 = 2 · 112 · 17 · 192 = (12 + 12)(42 + 1)112192 = (32 + 52)112192 =

6272 + 10452.

Conversely, assume n is a sum of two squares. If n does not have the desiredprime factorization, then there is a smallest counterexample n0. Write n0 =x20 + y

20. Since n0 does not have the desired prime factorization, there must

be some prime divisor p0 of n0 that is prime in Z[i]. We have p0|(x0 +iy0)(x0 − iy0), so by primality p0 divides one of these factors, so p0|x0 andp0|y0. This implies that p20|n0. Let n1 = n0p20 = (x0/p0)

2 + (y0/p0)2. Since n0 is

the smallest counterexample, n1 must have the desired prime factorization.Since n0 = n1p

2, n0 has the desired prime factorization. Contradiction. Sothere are no counterexamples and n is a sum of two squares.

25

Theorem: Let n be an integer. Then n = x2+2y2 if and only if every primefactor of n that is prime in Z[

√−2] appears with even exponent in the prime

factorization of n.

Proof: The proof above depends only on the fact that Z[i] has uniquefactorization into primes. Since Z[

√−2] also has unique factorization, we

can use the same proof.

This raises the question: exactly which ordinary primes are prime in Z[√−2]?

Theorem: An ordinary prime p is prime in Z[√−2] if and only if x2 ≡ −2

mod p does not have a solution.

Proof: Let p be an ordinary prime which is prime in Z[√−2]. If x2 ≡ −2

mod p has a solution then p|(x2 + 2), therefore p|(x +√−2)(x +

√−2),

therefore p|(x+√−2) or p|(x−

√−2). But neither is possible: contradiction.

So there can be no solution to x2 ≡ −2 mod p.

Conversely, suppose x2 ≡ −2 mod p does not have a solution. If p is notprime in Z[

√−2] then p = αβ, p = N(α), p = a2 + 2b2, a2 ≡ −2b2 mod p.

If b is divisible by p then both a and b are divisible by p, hence a2 + 2b2 isdivisible by p2, which is impossible. Therefore b 6≡ 0 mod p and b−1 existsmod p. This implies (ab−1)2 ≡ −2 mod p, a contradiction. Therefore p isprime in Z[

√−2].

This raises the question: when does x2 ≡ −2 mod p have a solution?

Definition: A quadratic residue mod p is any integer k such that x2 ≡ kmod p has a solution.

Characterizing the inequivalent quadratic residues mod p: When p = 2,both 0 and 1 are quadratic residues. Now let p = 2r + 1 be an odd prime.The numbers 02, 12, . . . , r2 are all distinct mod p, so they represent distinctquadratic residues. Any non-zero quadratic residue a ≡ k2 is a root of xr− 1mod p since ar− 1 = k2r = kp−1 ≡ 1 mod p. There can be at most r distinctroots of xr − 1 mod p (proved earlier), so 12, 22, . . . , r2 represents a completelist of non-zero inequivalent quadratic residues mod p. Any non-quadraticresidue a satisfies a2r = ap−1 ≡ 1 mod p, hence ar ≡ ±1 mod p, hencear ≡ −1 mod p. We have proved the following theorem:

Theorem (Euler’s Criterion): Let p be an odd prime. When (a, p) = 1,

a quadratic residue mod p iff ap−12 ≡ 1 mod p.

26

Let p be an odd prime and assume (p, a) = 1. The Legendre symbol is(a

p

)=

{1 a is a quadratic residue mod p−1 a is not a quadratic residue mod p

}≡ a

p−12 mod p.

We wish to derive a formula for(ap

)for an arbitrary odd prime p that does

not depend on computing ap−12 mod p, which can be difficult when p is large.

Toward this end, observe that given an odd prime p = 2r+1, every integer kis equivalent to a unique number in {−r,−r + 1, . . . ,−1, 0, 1, . . . , r − 1}. Tosee this, use the division algorithm to write k+ r = dp+ s where 0 ≤ s ≤ 2r.Then k ≡ s − r mod p and −r ≤ s − r < r. We will say that k has anegative representation mod p if k ≡ s for some s ∈ {−r,−r + 1, . . . ,−1}where p = 2r + 1.

Theorem: Let p = 2r + 1 be an odd prime and let (a, p) = 1. Then(a

p

)= (−1)n

where n is the number of integers in the set {a, 2a, . . . , ra} that have anegative representation mod p.

Proof: For each i ∈ {1, 2, . . . , r} say that ia ≡ ai mod p where ai ∈{−r,−r+1, . . . , r−1}. Then |a1|, |a2|, . . . , |ar| is a rearrangement of 1, 2, . . . , r.Hence

(r!)ar = (1a)(2a) · · · (ra) ≡ a1a2 · · · ar = |a1||a2| · · · |ar|(−1)n = (r!)(−1)n mod p,

ar ≡ (−1)n mod p,(a

p

)≡ (−1)n mod p,(a

p

)= (−1)n.

Let’s calculate(

2p

)for an odd prime p. Write p = 2r + 1. Then

{−1,−2, . . . ,−r} ≡ {r + 1, r + 2, . . . , 2r − 1}

27

mod p. Using a = 2 we must determine

n = |{2, 4, . . . , 2r} ∩ {r + 1, r + 2, . . . , 2r − 1}|.

If r = 2k then

n = |{2, 4, . . . , 4k}∩{2k+ 1, 2k+ 2, . . . , 4k}| = |{2k+ 2, 2k+ 4, . . . , 4k}| = k

and (2

4k + 1

)= (−1)k.

If r = 2k + 1 then

n = |{2, 4, . . . , 4k+2}∩{2k+2, 2k+3, . . . , 4k+2}| = |{2k+2, 2k+4, . . . , 4k+2}| = k+1

and (2

4k + 3

)= (−1)k+1.

Hence (2

8j + 1

)=

(a

4(2j) + 1

)= (−1)2j = 1(

2

8j + 3

)=

(a

4(2j) + 3

)= (−1)2j+1 = −1(

2

8j + 5

)=

(a

4(2j + 1) + 1

)= (−1)2j+1 = −1(

2

8k + 7

)=

(a

4(2j + 1) + 3

)= (−1)2j+2 = 1.

Hence 2 is a quadratic residue mod an odd prime p iff p ≡ 1, 7 mod 8 and 2is a non-quadratic residue mod p iff p ≡ 3, 5 mod 8.

To determine which integers are of the form x2+2y2 we must decide when −2is a non-quadratic residue mod p. For an odd prime p,

(−2p

)≡ (−2) p−12 =

(−1) p−12 2 p−12 ≡ (−1) p−12(

2p

). This yields(−2

8j + 1

)= (−1)4j = 1

28

(2

8j + 3

)= −(−1)4j+1 = 1(

2

8j + 5

)= −1(−1)4j+2 = −1(

2

8k + 7

)= (−1)4j+3 = −1.

So x2 ≡ −2 mod p has no solution for an odd prime p iff p ≡ 5, 7 mod 8. Son = x2 + 2y2 iff every prime divisor of n congruent to 5 or 7 mod 8 appearswith even exponent.

Recall the example

1485154 = 2 · 112 · 17 · 192 = (12 + 12)(42 + 1)112192 = (32 + 52)112192 =

6272 + 10452.

None of the primes in its prime factorization are congruent to 5 or 7 mod 8,so they appear with exponent 0, so this number should be expressible in theform x2 + 2y2. In fact we have

1485154 = 2 ·112 ·17 ·192 = (02 +2(12))(32 +2(12))2(32 +2(2)2)(12 +2(32)) =

N(0 + 1√−2)N(3 + 1

√−2)2N(3 + 2

√−2)N(1 + 3

√−2)2 =

N((0+1√−2)(3+1

√−2)2(3+2

√−2)(1+3

√−2)2) = N(1124+333

√2) = 11242+2(3332).

Moreover 1485154 · 233 = 18, 069, 868, 718 cannot be expressed in the formx2 + 2y2 since the prime 23 is congruent to 7 mod 8 and appears with oddexponent in the prime factorization.

29