%\documentclass[a4paper,twoside,draft]{article}
\documentclass[a4paper,twoside,reqno,12pt,openany,notitlepage]{amsbook}
\usepackage[headings]{fullpage}

%\usepackage[fulloldstyle]{fourier}
\title{Elementary Number Theory}
\author{David Pierce}
\date{\today}

\address{Mathematics Dept\\
Middle East Technical University\\
Ankara 06531, Turkey}

\email{dpierce@metu.edu.tr}
\urladdr{http://www.math.metu.edu.tr/~dpierce}

\usepackage{amssymb,amsmath}
\usepackage{url}
\usepackage{verbatim}  % allows a comment environment:
\usepackage[all]{xy}
\usepackage{pstricks}
\usepackage{textcomp}  % supposedly useful with \oldstylenums
\usepackage{multicol}
%\usepackage{showlabels}

\usepackage{layout}
\usepackage{hfoldsty} % this didn't work until I added missing
		      % brackets to some of the files.


%\newcommand{\osn}[1]{\oldstylenums{#1}}

\newcommand{\asterism}{\mbox{}\hfill$*\qquad*\qquad*\qquad*\qquad*$\hfill}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\renewcommand{\leq}{\leqslant}
\renewcommand{\geq}{\geqslant}
\renewcommand{\setminus}{\smallsetminus}
%\renewcommand{\phi}{\varphi}

\newcommand{\Iff}{}
\let\Iff\iff
\renewcommand{\iff}{\leftrightarrow}
\newcommand{\Exists}[1]{\exists{#1}\;}
\renewcommand{\emptyset}{\varnothing}
\renewcommand{\epsilon}{\varepsilon}

%%%%%%%%%%%%%%%%%%%%%%%

\newcommand{\lto}{\Rightarrow}
\renewcommand{\land}{\mathrel{\&}}
%\newcommand{\size}[1]{\left|#1\right|}
\newcommand{\size}[1]{\lvert#1\rvert}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\makeindex
\newcommand{\defn}[2]{\textbf{#1#2}\index{#1}}
\newcommand{\defnplain}[2]{\textbf{#1#2}}
\newcommand{\tech}[2]{\textsl{#1#2}\index{#1}}

\renewcommand{\theenumi}{\alph{enumi}}
\renewcommand{\labelenumi}{\textnormal{(\theenumi)}}

\renewcommand{\theenumii}{\roman{enumii}}
\renewcommand{\labelenumii}{\textnormal{(\theenumii)}}

%%%%%%%%%%%%%%%

\newcommand{\divides}{\mathrel{|}}
\newcommand{\ndivides}{\mathrel{\nmid}}

\newcommand{\ord}[2]{\operatorname{ord}_{#1}(#2)}

\newcommand{\ls}[2]{\Bigl(\displaystyle\frac{#1}{#2}\Bigr)}

% set-theoretic relations:

\newcommand{\included}{\subseteq}      % [the name suggests the meaning here]
\newcommand{\nincluded}{\not\subseteq} % not included
\newcommand{\pincluded}{\subset}       % proper inclusion    
\newcommand{\includes}{\supseteq}

\newcommand{\stnd}[1]{\mathbb{#1}}
\newcommand{\N}{\stnd{N}}         % natural numbers
%\newcommand{\varN}{\omega}        % my usual preference for this
%\newcommand{\Zp}{\Z_{+}}          % positive integers
\newcommand{\Z}{\stnd{Z}}         % integers
\newcommand{\Q}{\stnd{Q}}         % rationals
\newcommand{\Pri}{\stnd{P}}         % primes
\newcommand{\R}{\stnd{R}}         % reals
\newcommand{\C}{\stnd{C}}         % complex numbers

\newcommand{\units}[1]{#1^{\times}}
\newcommand{\Zmod}[1][n]{\Z/(#1)}
\newcommand{\Zmodu}[1][n]{\units{(\Zmod[#1])}}

\newcommand{\scr}[1]{\operatorname{s}(#1)}
\newcommand{\pred}[1]{\operatorname{pred}(#1)}
\DeclareMathOperator{\lcm}{lcm}

\DeclareMathOperator{\dee}{d}      % 

\newcommand{\rten}{\sqrt{10}}
\newcommand{\dsp}{\,}   % space between blocks of three digits



\newcommand{\hw}[1]{\hfill{}\textnormal{[#1]}}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%  Theorem-like environments  %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\newtheorem*{theorem*}{Theorem}
\newtheorem*{lemma*}{Lemma}
\newtheorem{theorem}{Theorem}
\newtheorem{axdef}[theorem]{Axiom and definition}
\newtheorem{lemma}[theorem]{Lemma}
\newtheorem{problem}{Problem}[section]
\renewcommand{\theproblem}{\arabic{section}.\arabic{problem}}

\theoremstyle{definition}

\newtheorem{definition}[theorem]{Definition}
\newtheorem{parag}[theorem]{}
\newtheorem{xca}{Exercise}[section]

\renewcommand{\thexca}{\arabic{section}.\arabic{xca}}

\newtheorem*{solution}{Solution}

\theoremstyle{remark}

\newtheorem{remarks}[theorem]{Remarks}
\newtheorem{remark}[theorem]{Remark}

\newtheorem*{remark*}{Remark}

%\numberwithin{section}{chapter}
%\numberwithin{xca}{section}
\numberwithin{equation}{section}
\renewcommand{\theequation}{\fnsymbol{equation}}


\begin{document}
\frontmatter
  \maketitle

\mainmatter

\chapter*{Preface}

%These notes are based on my lectures, in the fall of 2007, in
This book is simply a record of Elementary Number Theory (Math 365), as
taught by me in the fall semester of the 2007/8 academic year at METU.


The contents of the chapters are as follows:

\begin{enumerate}
\renewcommand{\theenumi}{\arabic{enumi}}
\item
Some notes (with
exercises) called `Foundations of number-theory', made available on
the web at the beginning of the semester.
  \item
The lectures themselves (with some mild corrections) as written from
memory and from 
the handwritten notes that I 
used during the lectures.  The main reference for the
course was \cite{Burton}, but I used also \cite{MR2135478}.
The Tuesday lectures were two hours; Thursday, one.  (Each hour
is 50 minutes.)
\item
Exercise sets (with a few corrections and cross-references), offered
nearly every week.
\item
Examinations, with my solutions and remarks.
There were three in-term examinations, on October 23 (Tuesday),
November 27 (Tuesday), and December 27 (Thursday), and there was a
final examination on January 11.
\end{enumerate}

On the day of an examination, I introduced no new material in class.
Class was cancelled November 13
and 15, because I was away at the \emph{Centre Internationale de Rencontres
Math\'ematiques} in Marseilles.  October 11 (Thursday) fell within the
\emph{\c Seker
  Bayram\i;} December 20 (Thursday), the \emph{Kurban Bayram\i.} 

There were originally to be only two examinations in term.  The night
before the second examination, a number of students came to ask to
postpone the exam.  Since it was too late to make such a change, I
offered instead to give a third in-term exam and count the best two
only towards the final grade.

\tableofcontents

\chapter{Foundations of Number-Theory}\label{ch:foundations}

\input{foundations.tex}

\chapter{Lectures}\label{ch:lectures}

\section{September 20, 2007 (Thursday)}

What can we say about the sequence
\begin{equation*}
  3,6,10,15,21,28,\dots?
\end{equation*}
We can add a couple of terms to the beginning, making it
\begin{equation*}
  {0,1,3,6,10,15,21,28,\dots}
\end{equation*}
The terms increase by $1$, $2$, $3$, and so on.  What do the numbers
\emph{look like?}  They are the \defn{triangular number}{s:}
\begin{center}
  \begin{picture}(120,20.8)(0,11.2)
    \put(2,30){\circle*4}

    \put(18,30){\circle*4}
    \put(26,30){\circle*4}

    \put(42,30){\circle*4}
    \put(50,30){\circle*4}
    \put(58,30){\circle*4}

    \put(74,30){\circle*4}
    \put(82,30){\circle*4}
    \put(90,30){\circle*4}
    \put(98,30){\circle*4}

    \put(114,30){\dots}

    \put(22,24.4){\circle*4}

    \put(46,24.4){\circle*4}
    \put(54,24.4){\circle*4}

    \put(78,24.4){\circle*4}
    \put(86,24.4){\circle*4}
    \put(94,24.4){\circle*4}

    \put(50,18.8){\circle*4}

    \put(82,18.8){\circle*4}
    \put(90,18.8){\circle*4}

    \put(86,13.2){\circle*4}
  \end{picture}
\end{center}

Let $t_{0}={0}$, $t_{1}=1$, $t_{2}={3}$, \&c.  The \defn{recursive}{} definition
is
\begin{equation*}
  t_{0}={0},\quad t_{n+1}=t_n+n+1.
\end{equation*}
There is a \emph{closed} form:
\begin{equation}\label{eqn:tn}
  t_n=\sum_{k=1}^nk=\binom{n+1}{2}=\frac{n(n+1)}{2}.
\end{equation}
We can prove this by \defn{induction}:  It is true when $n={0}$ (or
$n=1$), and if it is true when $n=k$, then
\begin{equation*}
  t_{k+1}=t_k+k+1
  =\frac{k(k+1)}{2}+k+1
=\frac{(k+1)(k+{2})}{2},  
\end{equation*}
so it is true when $n=k+1$.  By induction, \eqref{eqn:tn} is true for all $n$. 

But \emph{why} is equation~\eqref{eqn:tn} true?  This can be seen from
a picture: two copies of
$t_n$ fit together to make a rectangle of $n(n+1)$ dots:
\begin{center}
  \begin{picture}(36,28)
    \multiput(2,26)(8,0)4{\circle*4}
    \multiput(2,18)(8,0)3{\circle*4}
    \multiput(2,10)(8,0)2{\circle*4} 
    \multiput(2,2)(8,0)1{\circle*4}
    \multiput(34,26)(8,0)1{\circle4}
    \multiput(26,18)(8,0)2{\circle4}
    \multiput(18,10)(8,0)3{\circle4}
    \multiput(10,2)(8,0)4{\circle4}
  \end{picture}
\end{center}
Similarly, $(n+1)^{2}=t_{n+1}+t_n$, since
\begin{equation*}
  t_{n+1}+t_n=\frac{(n+1)(n+{2})}{2}+\frac{n(n+1)}{2}=\frac{n+1}{2}(n+{2}+n)=(n+1)^{2};
\end{equation*}
but this can be seen in a picture:
\begin{center}
  \begin{picture}(36,36)
    \multiput(2,34)(8,0)5{\circle*4}
    \multiput(2,26)(8,0)4{\circle*4}
    \multiput(2,18)(8,0)3{\circle*4}
    \multiput(2,10)(8,0)2{\circle*4} 
    \multiput(2,2)(8,0)1{\circle*4}
    \multiput(34,26)(8,0)1{\circle4}
    \multiput(26,18)(8,0)2{\circle4}
    \multiput(18,10)(8,0)3{\circle4}
    \multiput(10,2)(8,0)4{\circle4}
  \end{picture}
\end{center}
What can we say about the following sequence?
\begin{equation*}
  {1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,\dots}
\end{equation*}
It is the sequence of odd numbers.  Also, the first $n$ terms seem to
add up to $n^{2}$, that is,
\begin{equation}\label{eqn:n2}
  n^{2}=\sum_{k=1}^n({2}k-1).
\end{equation}
We can prove this by induction:  It is true when $n={0}$, and if it is
true when $n=k$, then
\begin{equation*}
  (k+1)^{2}=k^{2}+{2}k+1=\sum_{j=1}^k({2}j-1)+{2}k+1=\sum_{j=1}^{k+1}({2}j-1),
\end{equation*}
so it is true when $n=k+1$.  Therefore~\eqref{eqn:n2} is true for all $n$.  A
picture shows why:
\begin{center}
  \begin{picture}(36,36)
    \multiput(2,34)(16,0)3{\circle*4}
    \multiput(18,26)(16,0)2{\circle*4}
    \multiput(2,18)(8,0)3{\circle*4}
    \put(34,18){\circle*4}
    \put(34,10){\circle*4} 
    \multiput(2,2)(8,0)5{\circle*4}
    \multiput(10,34)(16,0)2{\circle4}
    \multiput(2,26)(8,0)2{\circle4}
    \put(26,26){\circle4}
    \multiput(26,18)(8,0)2{\circle4}
    \multiput(2,10)(8,0)4{\circle4}
  \end{picture}
\end{center}

Finally, observe:
\begin{equation*}
  {1},\underbrace{{3,5}}_8,\underbrace{{7,9,11}}_{{27}},
  \underbrace{{13,15,17,19}}_{{64}},\underbrace{{21,23,25,27,29}}_{{125}},\dots 
\end{equation*}
Does the pattern continue?  As an exercise, write the suggested
equation, 
\begin{equation*}
n^{3}=\sum_{\dots}^{\dots}\dots, 
\end{equation*}
and prove it.  (The theorem was apparently
known to Nicomachus of Gerasa \cite[II.20.5, p.~263]{Nicomachus},
almost 2000 years ago.) 

\asterism{}

We are studying the natural numbers, 0, 1, 2, \dots.  (Some
people start with 1 instead.)  They compose the set $\N$.
Everything about $\N$ follows from the following five conditions:
\begin{enumerate}
  \item
there is a first natural number, \defn{zero}{} (${0}$);
\item
each $n$ in $\N$ has a \defn{successor}{}, $\scr n$;
\item
${0}$ is not a successor;
\item
distinct numbers have distinct successors: if $n\neq m$, then $\scr
n\neq\scr m$;
\item
\defn{induction}: if $A\included\N$, and
\begin{enumerate}
  \item
${0}\in A$, and
\item
if $n\in A$, then $\scr n$ is
in $A$,  
\end{enumerate}
then $A=\N$.
\end{enumerate}

\section{September 25, 2007 (Tuesday)}

\begin{theorem*}[Recursion]
      Suppose $A$ is a set with an element $b$, and $f\colon A\to A$.
    Then there is a \emph{unique} function $g$ from $\N$ to $A$ such
    that
    \begin{enumerate}
      \item
$g({0})=b$, and
\item
$g(\scr n)=f(g(n))$ for all $n$ in $\N$.
    \end{enumerate}
  \end{theorem*}

For the proof, see~\cite{DPfnth}.  By
recursion, we define addition and multiplication:
\begin{align*}
  m+{0}&=m,& m\cdot{0}&={0},\\
  m+\scr n&=\scr{m+n},& m\cdot{\scr n}&=m\cdot n+m.
\end{align*}
Then the usual properties can be proved, usually by induction
(exercise; see~\cite{DPfnth}).  We write $1$ for $\scr {0}$, so $\scr n=n+1$.

Some books suggest wrongly that everything about $\N$ is a consequence
of:

\begin{theorem*}[Well-Ordering Principle]
     Every non-empty subset of $\N$ has a least element.
\end{theorem*}

But what does \emph{least} mean?  The \defn{least}{} element of $A$ is
some $n$ such that
\begin{enumerate}
  \item
$n\in A$;
\item
if $m\in A$, then $n\leq m$.
\end{enumerate}
On $\N$, we define $\leq$ by
\begin{equation*}
  m\leq n\Iff m+k=n\text{ for some $k$ in $\N$}.
\end{equation*}
Again, the usual properties can be proved (exercise; see~\cite{DPfnth}).

Let's try to prove the WOP (the Well-Ordering Principle).  Suppose
$A\included\N$, and $A$ has no least element.  We want to show that
$A$ is empty, that is, $\N\setminus A=\N$.  Try induction.  For the
base step, we cannot have ${0}\in A$, since then ${0}$ would be the least
element of $A$.  So ${0}\notin A$. 

For the inductive step, suppose $n\notin A$.  This is not enough to
establish $n+1\notin A$, since maybe $n-1\in A$, so $n+1$ can be in
$A$ without being least.

We need:

  \begin{theorem*}[Strong Induction]
    Suppose $A\included\N$, and for all $n$ in $\N$,
if all predecessors of $n$ belong to $A$, then $n\in A$.
Then $A=\N$.
  \end{theorem*}

For the proof, see~\cite{DPfnth}.  Now we can prove
well-ordering:  If $A$ has no least element, and no member of the set
$\{x\in\N\colon x<n\}$ belongs to $A$, then $A$ must not belong
either.  Therefore, by strong induction, $A=\emptyset$.

\asterism{}

Our course is Elementary Number Theory.  Here `elementary' does not
mean easy; it means not involving mathematical analysis.  For example,
although the function given by
\begin{equation*}
  \Gamma(x)=\int_{0}^{\infty}e^{-t}t^{x-1}\dee x
\end{equation*}
satisfies $\Gamma(n+1)=n\Gamma(n)$, and $\Gamma(1)=1$, so that
$G(n+1)=n!$, we shall not study such facts.

\asterism{}

Our main object of study is the \defn{integers}, which compose the set
\begin{equation*}
  \N\cup\{-x\colon x\in\N\setminus\{{0}\}\},
\end{equation*}
denoted by $\Z$.  Then we extend addition and multiplication and the
ordering to $\Z$, 
and we define additive inversion on $\Z$, so that
\begin{gather*}
\begin{aligned}
  a+(b+c)&=(a+b)+c\qquad &\qquad a\cdot(b\cdot c)&=(a\cdot b)\cdot c,\\
b+a&=a+b, & b\cdot a&=a\cdot b,\\
a+{0}&=a, & a\cdot 1&=a,\\
a+(-a)&={0}, &&
\end{aligned}\\
a\cdot (b+c)=a\cdot b+a\cdot c,\\
a<b\lto a+c<b+c,\\
{0}<a\land {0}<b\lto {0}<a\cdot b.
\end{gather*}
So $\Z$ is an \defn{ordered domain}{} (but it is not necessary to know
this term).

If $a\in\Z$, let the set $\{ax\colon x\in\Z\}$ be denoted by $\Z a$ or
$a\Z$ or
\begin{equation*}
  (a).
\end{equation*}
Then $b\in(a)$ if and only if $a$ \defn{divides}{} $b$, which is
denoted by
\begin{equation*}
  a\divides b.
\end{equation*}
If $c-b\in(a)$, then we may also write
\begin{equation*}
  b\equiv c\pmod a:
\end{equation*}
$b$ and $c$ are \defn{congruent \emph{modulo}}{} $a$.  Congruence is
  an equivalence-relation.  The congru\-ence-class of $b$ 
  \emph{modulo} $a$ is
  \begin{equation*}
    \{x\in\Z\colon b-x\in(a)\}.
  \end{equation*}
How many congruence-classes \emph{modulo} $a$ are there?

If $a={0}$, then congruence \emph{modulo} $a$ is equality.  Otherwise,
there are $\size a$ congru\-ence-classes \emph{modulo} $a$, namely the
classes of ${0}$, $1$,\dots, $\size a-1$.  This is by:

\begin{theorem*}[Division]
  If $a\neq{0}$, and $b\in\Z$, then the system
  \begin{equation*}
    b=ax+y\land{0}\leq y<\size a
  \end{equation*}
has a unique solution.
\end{theorem*}

\begin{proof}
  The set $\{z\in\N\colon z=b-ax\text{ for some $x$ in $\Z$}\}$ is
  non-empty (why?).  Let $r$ be its least element, and let $q$ be such
  that $r=b-aq$.  Then $b=aq+r$ and ${0}\leq r<\size a$.
\end{proof}

Consequently, every square has the form ${3}n$ or ${3}n+1$.  Indeed, every
number is ${3}k$ or ${3}k+1$ or ${3}k+{2}$, and
\begin{gather*}
  ({3}k)^{2}={9}k^{2}={3}({3}k^{2}),\\
({3}k+1)^{2}={9}k^{2}+6k+1={3}({3}k^{2}+{2}k)+1,\\
({3}k+{2})^{2}={9}k^{2}+{12}k+4={3}({3}k^{2}+4k+1)+1. 
\end{gather*}
Alternatively, since ongruent numbers have congruent squares,
\begin{gather*}
  {0}^{2}={0},\\
1^{2}=1,\\
{2}^{2}=4\equiv 1\pmod {3}.
\end{gather*}

Similarly, every cube is $7n$ or $7n\pm 1$, since
\begin{equation*}
  {0}^{3}={0},\quad 1^{3}=1,\quad
  {2}^{3}=8=7+1\equiv1\pmod{7},\quad\dots 
\end{equation*}

Facts about divisibility:
\begin{gather}\notag
  a\divides {0};\\\notag
{0}\divides a\Iff a={0};\\\notag
1\divides a\land a\divides a;\\\notag
a\divides b\land b\neq{0}\lto \size a\leq\size b;\\\notag
a\divides b\land b\divides c\lto a\divides c\\\notag
a\divides b\land c\divides d\lto ac\divides bd;\\\label{eqn:bx}
a\divides b\lto a\divides bx;\\\label{eqn:b+c}
a\divides b\land a\divides c\lto a\divides b+c.
\end{gather}
By the last two implications,~\eqref{eqn:bx} and~\eqref{eqn:b+c}, if
$a\divides b$ and $a\divides c$, then
$a$ divides every \defn{linear combination}{} 
\begin{equation*}
ax+by
\end{equation*}
of $a$ and $b$.
Let the set $\{ax+by\colon x,y\in\Z\}$ of these linear combinations be
denoted by
\begin{equation*}
  (a,b).
\end{equation*}
Then $({0},{0})=({0})$.  Otherwise, assuming one of $a$ and $b$ is not
${0}$, let 
$n$ be the least positive element of $(a,b)$.  Then $n$ divides $a$
and $b$.  Indeed, $a=nq+r$ 
and ${0}\leq r<n$ for some $q$ and $r$.  Then
$r=a-nq=a-(ax+by)q=a(1-qx)+b(-qy)$ for some $x$ and $y$, so
$r\in(a,b),$ and hence $r={0}$ by
minimality of $n$, so $n\divides a$.  Similarly, $n\divides b$.

Then $n$ is the \emph{greatest} common divisor of $a$ and $b$.
  Why?
If $d\divides a$
and $d\divides b$, then $d\divides n$, since $n$ is a linear
combination of $a$ and $b$; so $d\leq\size d\leq\size n=n$.  Therefore
  $n$ is the \defn{greatest
  common divisor}{} of $a$ and $b$:
\begin{equation*}
  n=\gcd(a,b).
\end{equation*}
We have also
\begin{equation*}
  (a,b)=(n)
\end{equation*}
(so $\Z$ is a \defn{principal ideal domain}).  Indeed, immediately,
$(n)\included(a,b)$.  Also, as $n$ divides $a$ and $b$, it divides
every element of $(a,b)$, so $(a,b)\included(n)$.

If $\gcd(a,b)=1$, then
$a$ and $b$ are \defn{relatively prime}{} or \defn{co-prime}.  So this
is the case if and only if the equation
\begin{equation*}
  ax+by=1
\end{equation*}
has a solution.

In general, if $\gcd(a,b)=n$, then
\begin{equation*}
  \gcd\left(\frac an,\frac bn\right)=1,
\end{equation*}
since both $ax+by=n$ and $(a/n)x+(b/n)y=1$ have solutions.

Suppose $a$ and $b$ are co-prime, and each divides $c$; then so does
$ab$.  Indeed, the following have solutions:
\begin{gather*}
  ax+by=1,\\
acx+bcy=c,\\
absx+bary=c,\\
ab(sx+ry)=c,
\end{gather*}
where $c=bs=ar$.

\begin{lemma*}[Euclid, VII.30]
  If $a\divides bc$ and $\gcd(a,b)=1$, then $a\divides c$.
\end{lemma*}

\begin{proof}
  Again, the following have solutions:
  \begin{gather*}
    ax+by=1,\\
acx+bcy=c.
  \end{gather*}
Since $a\divides ac$ and $a\divides bc$, we are done.
\end{proof}

\asterism{}

How can we find solutions to an equation like the following?
\begin{equation*}
  {63x+7=23y.}
\end{equation*}
Rewrite as
\begin{equation*}
  {63x-23y=-7.}
\end{equation*}
For a solution, we must have
\begin{equation*}
  {\gcd(63,23)\divides 7.}
\end{equation*}
But how do we know what the $\gcd$ \emph{is?}

\section{September 27, 2007 (Thursday)}

Recall that $(a,b)=\{\text{linear combinations of $a$ and $b$}\}$; its
least positive element (if one of $a$ and $b$ is not ${0}$) is
$\gcd(a,b)$.  Let this be $n$.  We showed
\begin{equation}\label{eqn:abn}
  (a,b)=(n).
\end{equation}
The set $(a)\cap(b)$ consists of the common multiples of $a$ and $b$;
so its least positive element is the \defn{least common multiple}{} of
$a$ and $b$, or
\begin{equation*}
  \lcm(a,b).
\end{equation*}
Suppose this is $m$.  As we showed~\eqref{eqn:abn}, so we can show
\begin{equation*}
  (a)\cap(b)=(m).
\end{equation*}
For example,
\begin{equation*}
  \xymatrix{& \lcm(10,15)=30 &\\
10 \ar@{-}[ur] & & 15 \ar@{-}[ul]\\
& \gcd(10,15)=5 \ar@{-}[ul] \ar@{-}[ur]}
\end{equation*}
Note $5\cdot30=10\cdot15$.  In general, since $ab\in(a)\cap(b)$, we
have
\begin{equation}\label{eqn:lcm}
  \lcm(a,b)\divides ab.
\end{equation}
\begin{theorem*}
  $\gcd(a,b)\lcm(a,b)=\size{ab}$.
\end{theorem*}

\begin{proof}
  Let $n=\gcd(a,b)$ and $m=\lcm(a,b)$.  We can solve
  \begin{gather*}
    ax+by=n,\\
amx+bmy=mn.
  \end{gather*}
But $a,b\divides m$, so $ab\divides am, bm$, so $ab\divides mn$, hence
\begin{equation}\label{eqn:abmn}
  \size{ab}\leq mn.
\end{equation}
Also, $m=ar=bs$ for some $r$ and $s$; and $\gcd(r,s)=1$ by minimality
of $m$ as a divisor of $a$ and $b$.  Hence we can solve
\begin{gather*}
  sx+ry=1,\\
absx+abry=ab,\\
amx+bmx=ab,\\
ax+by=\frac{ab}m
\end{gather*}
(using~\eqref{eqn:lcm}).  As $n\divides a,b$, so $n\divides ab/m$, and
hence
\begin{equation*}
  \size{n}\leq\frac{\size{ab}}m
\end{equation*}
(assuming $ab\neq{0}$), so $mn\leq\size{ab}$.  By this and~\eqref{eqn:abmn},
$mn=\size{ab}$. 
\end{proof}

\asterism{}

How can we \emph{find} $\gcd(a,b)$?  The \defn{Euclidean algorithm}.
What is it?  For
example, $\gcd(9,12)={3}$, by
\begin{align*}
  12&=9\cdot 1+{3},\\
9&={3}\cdot {3}+{0}.
\end{align*}
In general, suppose $a_{0}>a_{1}\geq{0}$.  By \emph{strong} recursion,
define $a_{2}$, $a_{3}$,\dots by
\begin{equation}\label{eqn:anq}
  a_n=a_{n+1}q+a_{n+{2}}\land {0}\leq a_{n+{2}}<a_{n+1}
\end{equation}
(for some $q$) if $a_{n+1}\neq{0}$; but if $a_{n+1}={0}$, then let
$a_{n+{2}}={0}$.  Then the descending sequence
\begin{equation*}
  a_{0}>a_{1}>a_{2}>\dotsb
\end{equation*}
must stop.  That is, let $a_m$ be the least element of $\{a_n\colon
a_n>{0}\}$, so that $a_{m+1}={0}$.  Then 
\begin{equation*}
\gcd(a_{0},a_{1})=a_m;
\end{equation*}
why?  Because, if $a_{n+1}\neq{0}$, then
$\gcd(a_n,a_{n+1})=\gcd(a_{n+1},a_{n+{2}})$ by~\eqref{eqn:anq}; so, by
induction,
\begin{equation*}
  \gcd(a_{0},a_{1})=\gcd(a_{1},a_{2})=\dotsb=\gcd(a_m,a_{m+1})=\gcd(a_m,{0})=a_m.
\end{equation*}
\asterism{}

A cock costs 5 L; a hen, 3 L; 3 chicks, 1 L.  Can we buy 100 birds
with 100 L?  Let
\begin{align*}
  x&=\#\text{ cocks,}\\
  y&=\#\text{ hens,}\\
  z&=\#\text{ chicks.}
\end{align*}
We want to solve
\begin{equation}\label{eqn:sys}
\begin{gathered}
  x+y+z=100,\\
5x+{3}y+\frac13z=100.
\end{gathered}
\end{equation}
Eliminate $z$ and proceed:
\begin{gather}\notag
  z=100-x-y,\\\notag
15x+9y+z=300,\\\notag
15x+9y+100-x-y=300,\\\notag
14x+8y=200,\\\label{eqn:7x+4y=100}
7x+4y=100.
\end{gather}
Since $4\divides 100$, one solution is $({0},25)$, that is, $x={0}$ and
$y=25$.  Then $y=75$.  So the answer to the original question is Yes.
But can we include at least one cock?  What are all the solutions?

Think of linear algebra.  If $(x_{0},y_{0})$ and $(x_{1},y_{1})$ are two
solutions to~\eqref{eqn:7x+4y=100}, then
\begin{gather*}
  7x_{0}+4y_{0}=100,\\
  7x_{1}+4y_{1}=100,\\
  7(x_{1}-x_{0})+4(y_{1}-y_{0})={0}.
\end{gather*}
So we want to solve
\begin{equation*}
  7x+4y={0}.
\end{equation*}
Since $\gcd(7,4)={0}$, the solutions are $(4t,-7t)$.  (Here is a
difference with the usual linear algebra.)  So the original
system~\eqref{eqn:sys} has the general solution
\begin{equation*}
  (x,y,z)=(4t,25-7t,75+{3}t).
\end{equation*}
If we want all entries to be positive, this means
\begin{gather*}
  4t>{0},\quad 25-7t>{0},\quad 75+{3}t>{0};\\
t>{0},\quad 7t<25,\quad {3}t>-75;\\
{0}<t<\frac{25}7;\\
{0}<t\leq{3}.
\end{gather*}
So there are three solutions:
\begin{equation*}
  \begin{array}{c|c|c}
x&y&z\\\hline
4&18&78\\
8&11&81\\
12&4&88
  \end{array}
\end{equation*}

\section{October 2, 2007 (Tuesday)}

A curiosity (from `On Teaching Mathematics' by V. I. Arnold):
\begin{align*}
  1&,\\
{3}&=1+1+1,\\
5&={3}+1+1={2}+{2}+1=1+1+1+1+1,\\
7&=5+1+1=4+{2}+1={3}+{3}+1={3}+{2}+{2}=\\
&={3}+1+1+1={2}+{2}+1+1+1=1+1+1+1+1+1+1,\\
9&=\dotsb.
\end{align*}
Write the odd numbers as sums of odd numbers of summands.  Then we
have
\begin{equation*}
  \begin{array}{c|c}
n &\text{\# sums for }n\\\hline
1&1\\
{3}&{2}\\
5&4\\
7&8\\
9&16\\
11&29
  \end{array}
\end{equation*}
Thus the pattern ${2}^{0},{2}^1,{2}^{2},\dots$ breaks down.  Is there a formula
for the sequence of numbers of sums?

\asterism{}

A positive integer is \defn{prime}{} if it has exactly two distinct
positive divisors.  So, $1$ is not prime.  Also, $p$ is prime if and
only if $p>1$ and
\begin{equation*}
  a\divides p\lto\size a\in\{1,p\}.
\end{equation*}
Let $p$ and $q$ always stand for primes.  Then 
\begin{equation*}
  \gcd(a,p)\in\{1,p\},
\end{equation*}
so either $a$ and $p$ are co-prime, or else $p\divides a$.

Suppose $p\divides ab$.  Either $p\divides a$, or else $\gcd(a,p)=1$,
so $p\divides b$ by Euclid's Lemma.  Hence, by induction, if
$p\divides a_{0}\dotsb a_n$, then $p\divides a_k$ for some $k$.  Indeed,
the claim is true when $n$ is ${0}$ or $1$.  Suppose it is true when
$n=m$.  Say $p\divides a_{0}\dotsb a_{m+1}$.  By the case $n=1$, we have
that $p\divides a_{0}\dotsb a_m$ or $p\divides a_{m+1}$.  In the former
situation, by the inductive hypothesis, $p\divides a_k$ for some $k$.
So the claim holds when $n=m+1$.

\begin{theorem*}[Fundamental, of Arithmetic]
  Every positive integer is uniquely a product
  \begin{equation*}
    p_{1}\dotsb p_n
  \end{equation*}
of primes, where
\begin{equation*}
  p_{1}\leq\dotsb\leq p_n.
\end{equation*}
\end{theorem*}

\begin{proof}
  Note that $1$ is such a product, where $n={0}$.  Suppose $m>1$.  Let
  $p_{1}$ be the least element of $\{x\in\N\colon x>1\land x\divides
  m\}$.  Then $p_{1}$ must be prime; otherwise, if $a\divides p_{1}$, and
  $a>{0}$, but
  $a\notin\{1,p\}$, then $1<a<p$, but $a\divides m$,
  so the minimality of $p_{1}$ is contradicted.  Now
  let $p_{2}$ be the least prime divisor of $m/p_{1}$, and so forth.  We
  have
  \begin{equation*}
    m>\frac m{p_{1}}>\frac m{p_{1}p_{2}}>\dotsb
  \end{equation*}
This must terminate in
\begin{equation*}
  \frac m{p_{1}\dots p_n}=1
\end{equation*}
by the Well-Ordering Principle, so that $m=p_{1}\dotsb p_n$.

For uniqueness, suppose also $m=q_{1}\dotsb q_{\ell}$.  Then
$q_{1}\divides m$, so $q_{1}\divides p_i$ for some $i$, and therefore
$q_{1}=p_i$.  Hence 
\begin{equation*}
  p_{1}\leq p_i=q_{1}.
\end{equation*}
By the symmetry of the argument, $q_{1}\leq p_{1}$, so $p_{1}=q_{1}$.
Similarly, $p_{2}=q_{2}$, \&c.,
and $n=\ell$.
\end{proof}

An analogous statement fails in some similar contexts.  For example,
\begin{equation*}
  (4+\rten)(4-\rten)=6={2}\cdot {3};
\end{equation*}
but among the numbers $a+b\rten$, the numbers $4\pm\rten,{2},{3}$
are ``irreducible'' (like primes).  Such matters are studied in
\emph{algebraic} number theory.

A positive non-prime number is \defn{composite}{} if it has prime
factors.  Then every positive number is uniquely prime,
composite, or $1$. 

\asterism{}

\begin{theorem*}
  The equation
  \begin{equation*}
    x^{2}={2}y^{2}
  \end{equation*}
has no non-zero solution.
\end{theorem*}

\begin{proof}
  Suppose $a^{2}={2}b^{2}$.  Then ${2}\divides a^{2}$, so ${2}\divides a$, so
  $4\divides a^{2}$, so $4\divides {2}b^{2}$, so ${2}\divides b^{2}$, so
  ${2}\divides b$.  But if $a$ and $b$ are not ${0}$, then we may assume
  they are co-prime (otherwise, replace them with $a/d$ and $b/d$,
  where $d=\gcd(a,b)$).  So $a$ and $b$ must be ${0}$.
\end{proof}

\asterism{}

One can find primes with the Sieve of Eratosthenes\dots Eratosthenes
  also measured the circumference 
  of the earth, by measuring the shadows cast by posts a certain
  distance apart in Egypt.  Measuring \emph{this} distance must have needed
  teams of surveyors and a government to 
  fund them.  Columbus was not in a position to make the measurement
  again, so he had to rely on ancient measurements \cite{MR2038833}.

\asterism{}

\begin{theorem*}[Euclid, IX.20]
  If $n\in\N$, then there are more than $n$ primes.
\end{theorem*}

\begin{proof}
  Suppose $p_{0}<\dots<p_{n-1}$, all prime.  Then $p_{0}\dotsb p_{n-1}+1$
  has a prime factor, distinct from the $p_k$.
\end{proof}

An alternative argument by Filip Saidak (2005) is reported in the
latest \emph{Matematik D\"unyas\i:}  Define $a_{0}={2}$ and
$a_{n+1}=a_n(1+a_n)$.  If $k<n$, then $a_k\divides a_{k+1}$, and
$a_{k+1}\divides a_{k+{2}}$, and so on, up to $a_{n-1}\divides a_n$, so
$a_k\divides a_n$.  Similarly, since $1+a_k\divides a_{k+1}$, we have
$1+a_k\divides a_n$.  Therefore $\gcd(1+a_k,1+a_n)=1$.  Thus any two
elements of the infinite set $\{1+a_n\colon n\in\N\}$ are co-prime.

\asterism{}

I state some theorems, without giving proofs; some of them are recent
and reflect ongoing research:

\begin{theorem*}[Dirichlet]
  If $\gcd(a,b)=1$, and $b>{0}$, then $\{a+bn\colon n\in\N\}$ contains
  infinitely many primes.
\end{theorem*}

That is, arithmetic progressions (with the obvious condition\dots) contain
  infinitely many primes.

The textbook \cite{Burton} omits the following.

\begin{theorem*}[Ben Green and Terence Tao \cite{Green--Tao}, 2004]
  For every $n$, there are $a$ and $b$ such that each of the numbers
  $a, a+b, a+{2}b,\dots,a_nb$ is prime (and $b>{0}$).
\end{theorem*}

That is, there are arbitrarily long arithmetic progressions of
  primes. 

Is it possible that each of
the numbers  
\begin{equation*}
a,a+b,a+{2}b,a+{3}b,\dots
\end{equation*}
 is
prime?  Yes, if $b={0}$.
What if $b>{0}$?  Then No, since $a\divides a+ab$.  But what if $a=1$?
Then replace $a$ with $a+b$.

Two primes $p$ and $q$ are \defnplain{twin}{}\index{twin primes} if
$\size{p-q}={2}$.
The list of all primes begins: 
\begin{equation*}
{2},\underbrace{{3},5,7},
\underbrace{11,13},\underbrace{17,19},23,\underbrace{29,31},37,
\underbrace{41,43},47,\dots 
\end{equation*}
and
there are several twins.  Are there infinitely many?  People think so,
but can't prove it.  We do have:

\begin{theorem*}[Goldston, Pintz, Y\i ld\i r\i m \cite{GPY}, 2005]
  For every positive real number $\epsilon$, there are primes~$p$
  and~$q$ such that ${0}<q-p<\epsilon\cdot\ln p$.
\end{theorem*}

\asterism{}

I return to the irrationality of $\sqrt {2}$ (there is no non-zero
solution to $x^{2}={2}y^{2}$).  Geometrically, the claim is that the side
and diagonal of a square are \defn{incommensurable}: there is no line
segment that evenly divides them.  We can see this as
follows~\cite[v.~I, p.~19]{MR17:814b}: 

\begin{center}
  \begin{pspicture}(-0.5,-0.5)(5.8,4.5)
    \psline(0,0)(4,0)(4,4)(0,4)(0,0)(4,4)
    \psline(1.172,1.172)(0,2.343)(4,4)
    \psarc[linestyle=dotted](4,4){4}{180}{225}
    \psline(5,1.8)(5.8,1.8)
    \uput[ul](0,4){$A$}
    \uput[ur](4,4){$B$}
    \uput[dr](4,0){$C$}
    \uput[dl](0,0){$D$}
    \uput[dr](1.172,1.172){$E$}
    \uput[l](0,2.343){$F$}
    \uput[u](5.4,1.8){$d$}
  \end{pspicture}
\end{center}
Let $ABCD$ be a square.  On the diagonal $BD$, mark $BE$ equal to
$AB$.  Let the perpendicular at $E$ meet $AD$ at $F$. Draw $BF$.  Then
triangles $ABF$ and $EBF$ are congruent, so $EF=AF$.  Also, $DEF$ is
an isosceles right triangle, so $DE=EF$.  Suppose $d$ measures both
$AB$ and $BD$.  Then it measures $ED$ and $DF$, since
\begin{align*}
  ED&=BD-AB,\\
DF&=AB-ED.
\end{align*}
Now do the same construction to $DEF$ in place of $DAB$.  Since
${2}ED<AB$, we eventually get segments that are shorter than $d$, but
are measured by it, which is absurd.  So such $d$ cannot exist.

This argument can be made more algebraic.  We have
\begin{equation*}
1={2}-1=(\sqrt{2})^{2}-1^{2}=(\sqrt {2}+1)(\sqrt {2}-1), 
\end{equation*}
so
\begin{equation*}
  \sqrt{2}+1=\frac 1{\sqrt {2}-1}.
\end{equation*}
Then
\begin{align*}
  \sqrt{2}+1&=1\cdot {2}+(\sqrt{2}-1),\\
1&=(\sqrt{2}-1)\cdot {2}+({3}-{2}\sqrt{2}),\\
\sqrt{2}-1&=\dotsb.
\end{align*}
That is, if we let $a_{0}=\sqrt{2}+1$ and $a_{1}=1$, then 
we can define
\begin{equation*}
  a_n=a_{n+1}\cdot{2}+a_{n+{2}}.
\end{equation*}
So we have
\begin{align*}
  a_{0}&=a_{1}\cdot{2}+a_{2},\\
  a_{1}&=a_{2}\cdot{2}+a_{3},\\
  a_{2}&=a_{3}\cdot{2}+a_{4},
\end{align*}
and so on.  Then
\begin{equation*}
  \frac{a_{0}}{a_{1}}={2}+\frac{a_{2}}{a_{1}}
={2}+\cfrac{1}{\displaystyle\frac{a_{1}}{a_{2}}}
={2}+\cfrac{1}{{2}+\displaystyle\frac{a_{3}}{a_{2}}}
={2}+\cfrac{1}{{2}+\cfrac{1}{\displaystyle\frac{a_{2}}{a_{3}}}}
={2}+\cfrac{1}{{2}+\cfrac{1}{{2}+\displaystyle\frac{a_4}{a_{3}}}}
=\dotsb,
\end{equation*}
which means
\begin{equation}\label{eqn:sqrt2}
  \sqrt{2}+{1}={2}+\cfrac{1}{{2}+\cfrac{1}{{2}+\cfrac{1}{{2}+\cfrac{1}{{2}+\cfrac{1}{\ddots}}}}}
\end{equation}

\section{October 4, 2007 (Thursday)}

Last time we obtained~\eqref{eqn:sqrt2} by the Euclidean
Algorithm.

\begin{center}
  \begin{pspicture}(-0.5,-0.5)(4.5,4.5)
    \psline(0,0)(4,0)(4,4)(0,4)(0,0)(4,4)
    \psline(1.172,1.172)(0,2.343)
    \uput[r](4,2){$s$}
    \uput[d](2,0){$s$}
    \uput[u](2,4){$s$}
    \uput[dr](2,2){$d$}
    \uput[ul](2.586,2.586){$s$}
%    \uput[l](0,3.172){$d-s$}
%    \uput[ur](0.586,1.756){$d-s$}
%    \uput[ul](0.586,0.586){{$d-s$}}
  \end{pspicture}
\end{center}
Let $d$ and $s$ be the diagonal and side of a square.  Then we have
\begin{equation*}
  \frac{d+s}s=\frac s{d-s}
\end{equation*}
since $d^2-s^2=s^2$.  Applying the Algorithm, we have
\begin{align*}
  d+s=s\cdot2&+d-s,\\
s=(d-s)\cdot 2&+\dotsb,\\
d-s=\dotsb 2&+\dotsb,
\end{align*}
so that
\begin{equation*}
  \frac{d+s}s=2+\cfrac1{2+\cfrac1{2+\cfrac1{\ddots}}}
\end{equation*}
Compare with an ordinary application of the Algorithm.  What is
$\gcd(134,35)$?  We have
\begin{align*}
  134=35\cdot 3&+29,\\
35=29\cdot 1&+6,\\
29=6\cdot 4&+5,\\
6=5\cdot 1&+1,\\
5=1\cdot 5&.
\end{align*}
Therefore $\gcd(134,35)=1$; but what is the significance of the
numbers 3, 1, 4, 1,~5?  They appear in the continued fraction:
\begin{multline*}
  \frac{134}{35}
=3+\frac{29}{35}
=3+\cfrac1{\displaystyle\frac{35}{29}}
=3+\cfrac1{1+\displaystyle\frac{6}{29}}
=3+\cfrac1{1+\cfrac1{\displaystyle\frac{29}6}}\\
=3+\cfrac1{1+\cfrac1{4+\displaystyle\frac{5}6}}
=3+\cfrac1{1+\cfrac1{4+\cfrac1{\displaystyle\frac65}}}
=3+\cfrac1{1+\cfrac1{4+\cfrac1{1+\displaystyle\frac15}}}
\end{multline*}

\asterism{}

Let $\Pri$ be the set of primes; an alternative proof of its infinity,
using the full Fundamental Theorem of Arithmetic, is
as follows.  Consider the product
\begin{equation*}
  \prod_{p\in\Pri}\frac1{1-\frac1p}.
\end{equation*}
If $\Pri$ is finite, then so is this product.  But what can we say
about
$\displaystyle\frac1{1-\frac1p}$?
We have
\begin{equation*}
\frac1{1-\frac1p}=1+\frac1p+\frac1{p^2}+\dotsb
=\sum_{k=0}^{\infty}\frac1{p^k}. 
\end{equation*}
Hence
\begin{equation*}
\prod_{p\in\Pri}\frac1{1-\frac1p}
=\prod_{p\in\Pri}(1+\frac1p+\frac1{p^2}+\dotsb). 
\end{equation*}
Alternatively, if $\Pri=\{p_1,p_2,\dots\}$, then this product is
\begin{equation*}
  \left(1+\frac1{p_1}+\frac1{p_1{}^2}+\dotsb\right)\cdot
  \left(1+\frac1{p_1}+\frac1{p_1{}^2}+\dotsb\right)\dotsm
\end{equation*}
which is the sum of terms
\begin{equation*}
  \frac1{p_0{}^{e(0)}p_1{}^{e(1)}\dotsb p_n^{e(n)}},
\end{equation*}
where $e(i)\geq0$.  Rather, the product is the sum of terms
\begin{equation*}
  \frac1{q_0{}^{f(0)}q_1{}^{f(1)}\dotsm q_{m-1}{}^{f(m-1)}},
\end{equation*}
where $q_i$ are prime and $f(i)>0$.  But every positive integer is
\emph{uniquely} a product $q_0{}^{f(0)}q_1{}^{f(1)}\dotsm
q_{m-1}{}^{f(m-1)}$, by the Fundamental Theorem.  Therefore
\begin{equation*}
  \prod_{p\in\Pri}\frac1{1-\frac1p}=\sum_{n=1}^{\infty}\frac1n.
\end{equation*}
If $\Pri$ is infinite, then we must talk about convergence; but if
$\Pri$ is finite, there is no problem.
But the harmonic series $\sum_{n=1}^{\infty}\frac1n$
diverges:
\begin{equation*}
  1+\frac12 +\underbrace{\frac13+\frac14}_{\geq\frac12}
  +\underbrace{\frac15+\frac16+\frac17+\frac18}_{\geq\frac12}+\dotsb  
\end{equation*}
Therefore $\Pri$ must be infinite.  Using similar ideas, one can show
that
$\sum_{p\in\Pri}\frac1p$ diverges.

\asterism{}

Suppose $p\in\Pri$.  If $p\divides ab$, but $p\ndivides a$, then $p\divides
b$.  

If $p=ab$, but $p\ndivides a$, then $p\divides b$, but also
$b\divides p$, so $b=\pm p$, and then
$a=\pm1$. 

Among the integers, what property do $1$ and $-1$ have uniquely?  They
have multiplicative inverses:
\begin{equation*}
  (-1)\cdot(-1)=1,\qquad 1\cdot 1=1,
\end{equation*}
but if $\size n>1$, then the equation $nx=1$ has no solution.  In a
word, $\pm1$ are \defn{unit}{s} in $\Z$.  Then an integer $n$ is
called \defn{irreducible}{} if
\begin{enumerate}
  \item
$n=ab\lto(\text{$a$ or $b$ is a unit})$;
\item
$n$ is not a unit.
\end{enumerate}
Then the irreducibles of $\Z$ are $\pm p$, where $p$ is prime.

But irreducibility of primes is not enough to prove \emph{uniqueness}
of prime factorizations.  If
\begin{equation*}
  p_1\dotsm p_m=q_1\dotsm q_n,
\end{equation*}
where $p_1\leq\dotsb p_m$ and $q_1\leq\dotsb q_m$, how do we know
$p_1=q_1$, \&c.?  We need the stronger property that $p\divides
ab\lto(p\divides a\text{ or }p\divides b)$. 

Again, there is a situation where the stronger property fails for
arbitrary irreducibles:
\begin{equation*}
  (4+\rten)(4-\rten)=6=2\cdot3,
\end{equation*}
but $4\pm\rten$, $2$, and $3$ are irreducible in
$\{x+y\rten\colon x,y\in\Z\}$, which is denoted by
$\Z[\rten]$.  Let $\sigma\colon\Z[\rten]\to\Z[\rten]$,
where
\begin{equation*}
  \sigma(a+b\rten)=a-b\rten.
\end{equation*}
(Compare this with complex conjugation.)  Now define
$N(x)=x\cdot\sigma(x)$, so that
\begin{equation*}
  N(a+b\rten)=a^2-10b^2.
\end{equation*}
Then one can show $N(xy)=N(x)\cdot N(y)$.  Also, $N(c)$ is always a
square \emph{modulo} $10$.  We have 
\begin{align*}
  0^2&=0,\\
1^2&=1,\\
2^2&=4,\\
3^2&=9\equiv-1\pmod{10},\\
4^2&=16\equiv-4\pmod{10},\\
5^2&=25\equiv5\pmod{10},
\end{align*}
so $N(c)$ is congruent to $0$, $\pm1$, $\pm 4$ or $5$ \emph{modulo}
$10$. 

\section{October 9, 2007 (Tuesday)}

We have implicitly used that congruence respects arithmetic:
If $a\equiv b\pmod n$ and $c\equiv d\pmod n$, then
\begin{align*}
  a+c&\equiv b+d\pmod n,\\
  a\cdot c&\equiv b\cdot d\pmod n.
\end{align*}
Indeed, we assume $n\divides b-a$ and $n\divides d-c$, so $n\divides
b-a+d-c$, that 
is, 
\begin{equation*}
n\divides b+d-(a+c), 
\end{equation*}
which means $a+c\equiv b+d\pod n$;
likewise,
$n\divides(b-a)c+(d-c)b$, that is, $n\divides bd-ac$, so $ac\equiv
bd\pod n$.  In short, if set $\Z/(n)$ or $\Z_n$ of congruence-classes
\emph{modulo} $n$ is a \defn{commutative ring}.

Hence we can solve $35^{14}\equiv x\pod{43}$ as follows:  First,
$35\equiv-8\pod{43}$, so
\begin{equation*}
  35^{14}\equiv(-8)^{14}\equiv 8^{14}\pod{43}.
\end{equation*}
Also, $14=8+4+2=2^3+2^2+2^1$, so $8^{14}=8^8\cdot8^4\cdot8^2$; and
\begin{gather*}
  8^2=64\equiv21\pod{43},\\
21^2=441\equiv11\pod{43},\\
11^2=121\equiv35\equiv-8\pod{43},
\end{gather*}
so that
\begin{align*}
  35^{14}&\equiv-8\cdot11\cdot21\pod{43}\\
&\equiv-88\cdot21\pod{43}\\
&\equiv-2\cdot21\pod{43}\\
&\equiv-44\equiv1\pod{43}.
\end{align*}

\asterism{}

For another use of congruences, recall $\Z[\rten]=\{x+y\rten\colon
x,y\in\Z\}$, closed under addition 
and multiplication; and
\begin{align*}
  \sigma\colon\Z[\rten]&\longrightarrow\Z[\rten],\\
x+y\rten&\longmapsto x-y\rten,
\end{align*}
and
\begin{align*}
  N\colon\Z[\rten]&\longrightarrow\Z,\\
x&\longmapsto x\cdot\sigma(x).
\end{align*}
Then $N(ab)=N(a)\cdot N(b)$.  If $a$ is a unit (that is, invertible)
of $\Z[\rten]$, then 
$ab=1$ for some $b$ in $\Z[\rten]$, so $N(ab)=N(1)$, that is,
$N(a)\cdot N(b)=1$, so $N(a)=\pm1$.  Conversely, if $N(a)=\pm1$, then
$a\cdot(\pm\sigma(a))=1$, so $a$ is a unit.

We observed
\begin{equation*}
  (4+\rten)(4-\rten)=6=2\cdot3.
\end{equation*}
All of these factors are irreducible in $\Z[\rten]$.  For example, if
$2=ab$, then $N(2)=N(ab)$, that is, $4=N(a)\cdot N(b)$, so
$N(a)\in\{\pm1,\pm2,\pm4\}$.  But $N(a)$ is a square \emph{modulo}
  $10$, so $N(a)\equiv0,\pm1,\pm4,5\pod{10}$.  Therefore one of $N(a)$
  or $N(b)$ is $\pm1$, so it is a unit.

\asterism{}

\label{passage:division}
If $a\equiv b\pod n$, then $ac\equiv bc\pod n$.  But do we have the
converse?
We do if $c$ is invertible (is a unit) \emph{modulo} $n$.  In that
case, $cd\equiv1\pod n$ for some $d$, and then 
\begin{align*}
  ac\equiv bc\pmod n&\implies acd\equiv bcd\pmod n\\
&\implies a\equiv b\pmod n.
\end{align*}
Invertibility of $c$ \emph{modulo} $n$ is equivalent to solubility of
$cx\equiv1\pod n$, or equivalently
\begin{equation*}
  cx+ny=1.
\end{equation*}
Thus $c$ is invertible \emph{modulo} $n$ if and only if $c$ and $n$
are co-prime.

Alternatively, if
$ac\equiv bc\pod n$, and $c$ and $n$ are co-prime,
then we can argue by Euclid's Lemma that, since $n\divides bc-ac$,
that is, $n\divides(b-a)c$, we have $n\divides b-a$, that is, $a\equiv
b\pod n$.

Suppose we simply have $\gcd(c,n)=d$.  Then $\gcd(c,n/d)=1$.  Hence
\begin{align*}
  ac\equiv bc\bmod n&\implies ac\equiv bc\bmod{\frac nd}\\
&\implies a\equiv b\bmod{\frac nd}.
\end{align*}
Conversely,
\begin{align*}
  a\equiv b\bmod{\frac nd}&\implies\frac nd\divides b-a\\
&\implies\frac{cn}d\divides bc-ac\\
&\implies n\divides bc-ac\\
&\implies ac\equiv bc\bmod n.
\end{align*}
In short,
\begin{equation*}
  ac\equiv bc\bmod n\Iff a\equiv b\bmod{\frac n{\gcd(c,n)}}.
\end{equation*}
For example, $6x\equiv 6\pod 9\Iff x\equiv 1\pod 3$.

A longer problem is to solve
\begin{equation}\label{eqn:70}
  70x\equiv18\pod{134}.
\end{equation}
This reduces to
\begin{equation*}
  35x\equiv9\pod{67},
\end{equation*}
or $35x+67y=9$.  So there is a solution if and only if
$\gcd(35,67)\divides9$.  To \emph{find} the solutions, we should solve
$35x+67y=1$, which we can do with the Euclidean Algorithm:
\begin{align*}
  67&=35\cdot1+32,\\
35&=32\cdot1+3,\\
32&=3\cdot10+2,\\
3&=2\cdot1+1,
\end{align*}
so $\gcd(35,67)=1$.  We now have
\begin{align*}
  32&=67-35,\\
3&=35-32=35-(67-35)=35\cdot2-67,\\
2&=32-3\cdot10=67-35-(35\cdot2-67)\cdot10=67\cdot11-35\cdot21,\\
1&=3-2=35\cdot2-67-67\cdot11+35\cdot21=35\cdot23-67\cdot12.
\end{align*}
In particular, $35\cdot23\equiv1\pod{67}$, so~\eqref{eqn:70} is
equivalent to
\begin{align*}
  x&\equiv23\cdot9\pod{67}\\
   &\equiv207\pod{67}\\
  x&\equiv6\pod{67},\\
  x&\equiv6,73\pod{134}.
\end{align*}

\asterism{}

A puzzle from a recent newspaper [\emph{Guardian Weekly}] is
mathematically the same as one attributed \cite[Prob.~4.4.8--9,
  p.~83]{Burton} to Brahmagupta (7th century \textsc{c.e.}):  A man
dreams he runs up a flight of stairs.  If he takes the stairs 2, 3, 4,
5, or 6 at time, then one stair is left before the top.  If he takes
them 7 at a time, then he reaches the top exactly.  How many stairs
are there?

If $x$ is that number, then
\begin{align*}
  x&\equiv1\pmod{2,3,4,5,6},\\
x&\equiv0\pmod7.
\end{align*}
But $\lcm(2,3,4,5,6)=60$, so $x=60n+1$, where $7\divides 60n+1$.  We
have this when $n=5$, hence when $n=12,19,\dots$

The general problem is to solve systems
\begin{equation}\label{eqn:crt}
  x\equiv a_0\bmod{n_0}\land
  x\equiv a_1\bmod{n_1}\land\dotsb\land
  x\equiv a_k\bmod{n_k}.
\end{equation}
Let's start with two congruences:
\begin{equation}\label{eqn:xan}
  x\equiv a\bmod n\land x\equiv b\bmod m.
\end{equation}
A solution will take the form
\begin{align*}
  x&=a+nu\\
   &=mv+b.
\end{align*}
So we should like to make $a\equiv mv\pod n$ and $nu\equiv b\pod m$.
We can do this if $\gcd(n,m)=1$.  Then we have $nr\equiv1\pod m$ and
$ms\equiv1\pod n$ for some $r$ and $s$, so that a solution
to~\eqref{eqn:xan} is
\begin{equation*}
  x=ams+bnr.
\end{equation*}
This solution is unique \emph{modulo} $\lcm(n,m)$, which is $nm$ since
$\gcd(n,m)=1$.  

We can solve~\eqref{eqn:crt} similarly, under the assumption
\begin{equation*}
  \gcd(n_i,n_j)=1
\end{equation*}
whenever $i<j\leq k$.  We have
\begin{equation*}
  x=a_0m_0n_1\dotsm n_k+a_1n_0m_1n_2\dotsm n_k+\dotsb+a_kn_0\dotsm
  n_{k-1}m_k, 
\end{equation*}
where the $m_i$ are chosen so that
\begin{equation*}
  m_0n_1\dotsm n_k\equiv1\pod{n_0},
\end{equation*}
and so forth; this is possible since
\begin{equation*}
  \gcd(n_0,n_1\dotsm n_k)=1.
\end{equation*}
The solution is unique \emph{modulo} $n_0\dotsm n_k$.  This is the
\defn{Chinese Remainder Theorem}.

\section{October 16, 2007 (Tuesday)}

Of the 13 books of Euclid's \emph{Elements,} VII, VIII and IX concern
number-theory.  The last proposition in these books is:

\begin{theorem*}[Euclid, IX.36]
  If $1+2+4+\dotsb+2^n$ is prime, then the product
  \begin{equation*}
  2^n\cdot(1+2+\dotsb+2^n)
  \end{equation*}
is \tech{perfect}.
\end{theorem*}

A number is \defn{perfect}{} if it is the sum of its positive proper
divisors:
\begin{align*}
  6&=1+2+3,\\
28&=1+2+4+7+14.
\end{align*}

\begin{proof}[Proof of theorem]
  Let $M_{n+1}=1+2+4+\dots+2^n=\sum_{k=0}^n2^k=2^{n+1}-1$.  If
  $M_{n+1}$ is prime, then the positive divisors of $2^n\cdot M_{n+1}$
  are the divisors of $2^n$, perhaps multiplied by $M_{n+1}$.  So they are
  \begin{equation*}
    1,\ 2,\ 4,\ \dots,\ 2^n,\ M_{n+1},\ 2\cdot M_{n+1},\ 4\cdot
    M_{n+1},\ \dots,\ 2^n\cdot M_{n+1}.
  \end{equation*}
The sum of these is $(1+2+4+\dotsb+2^n)\cdot(1+M_{n+1})$, which is
$M_{n+1}\cdot 2^{n+1}$.  Subtracting $2^n\cdot M_{n+1}$ itself leaves
the same.
\end{proof}

The number $2^n-1$, denoted by $M_n$, is called a \defn{Mersenne
  number}; if it is prime, it is a \defn{Mersenne
  prime}.  (Mersenne 
  was a 17th-century 
  mathematician.)  We do not know whether there are infinitely many
  Mersenne primes.  However, if $M_n$ is prime, then so is $n$, since
  $2^a-1\divides 2^{ab}-1$, because of the identity
  \begin{equation*}
    x^m-y^m=(x-y)\cdot(x^{m-1}+x^{m-2}\cdot y+x^{m-3}\cdot
    y^2+\dots+x\cdot y^{m-2}+y^{m-1}).
  \end{equation*}

\asterism{}

One method of factorizing $n$ is to get a table of primes and test
whether $p\divides n$ when $p\leq\sqrt n$.

Fermat's method is to solve
\begin{equation*}
  x^2-y^2=n,
\end{equation*}
since then $n=(x+y)(x-y)$.  This method always works in principle,
since
\begin{equation*}
  ab=\left(\frac{a+b}2\right)^2-\left(\frac{a-b}2\right)^2.
\end{equation*}
We may assume $n$ is odd, so if $n=ab$, then $a\pm b$ are even.

For example, the first square greater than $2\dsp279$ is $2\dsp304$, or
$48^2$, and $2\dsp304-2\dsp279=25=5^2$, so
\begin{equation*}
  2\dsp279=(48+5)(48-5)=53\cdot43.
\end{equation*}

We can generalize the method by solving
\begin{equation*}
  x^2\equiv y^2\pmod n.
\end{equation*}
If $x^2-y^2=mn$, then find $\gcd(x+y,n)$ and $\gcd(x-y,n)$.

\asterism{}

Suppose $p\ndivides a$, that is, $\gcd(p,a)=1$.  What is $a^{p-1}$
\emph{modulo} $p$?  Consider $a$, $2a$, \dots,
$(p-1)a$.  These are all incongruent \emph{modulo} $p$, since
\begin{equation*}
  ia\equiv ja\pmod p\implies i\equiv j\pmod p.
\end{equation*}
But $1$, $2$, \dots, $p-1$ are also incongruent.  There are only $p-1$
numbers incongruent with each other and $0$ \emph{modulo} $p$; so the
numbers  $a$, $2a$, \dots,
$(p-1)a$ are congruent respectively with
 $1$, $2$, \dots, $p-1$ in some order.  Now multiply: 
\begin{equation*}
(p-1)!\cdot a^{p-1}\equiv(p-1)!\pmod p.
\end{equation*}
Since $(p-1)!$ and $p$ are co-prime, we conclude:
\begin{equation*}
 \gcd(a,p)=1\implies a^{p-1}\equiv 1\pmod p.
\end{equation*}
This is \defn{Fermat's Little Theorem}.
Equivalently,
\begin{equation*}
  a^p\equiv a\pmod p
\end{equation*}
for \emph{all} $a$.

Hence $m\equiv n\pmod{p-1} a^m\equiv a^m\pmod p$.  For example,
\begin{equation*}
  6^{58}\equiv 6^{48+10}\equiv(6^{16})^3\cdot 6^{10}\equiv
  6^{10}\pmod{17}. 
\end{equation*}
Since $10=8+2$, we have $6^{10}=6^8\cdot 6^2$; but
$6^2\equiv36\equiv2\pod{17}$, so
$6^8\equiv2^4\equiv16\equiv-1\pod{17}$, and hence
\begin{equation*}
  6^{58}\equiv -2\pmod{17}.
\end{equation*}

If $a^n\not\equiv a\pmod n$, then $n$ must not be prime.  For example,
  what is $2^{133}$ \emph{modulo} $133$?  We have 
  $133=128+4+1=2^7+2^2+1$, so $2^{133}=2^{2^7}\cdot 2^{2^2}\cdot 2$.
  Also,
  \begin{align*}
2^2&=4;\\
    2^{2^2}&=4^2=16;\\
2^{2^3}&=16^2=256\equiv123\equiv-10\pmod{133};\\
2^{2^4}&\equiv(-10)^2=100\equiv-33\pmod{133};\\
2^{2^5}&\equiv(-33)^2=1089\equiv25\pmod{133};\\
2^{2^6}&\equiv25^2=625\equiv-40\pmod{133};\\
2^{2^7}&\equiv(-40)^2=1600\equiv4\pmod{133}.
  \end{align*}
Therefore
\begin{equation*}
  2^{133}\equiv4\cdot16\cdot2\equiv-5\pmod{133},
\end{equation*}
so $133$ must not be prime.  Indeed, $133=7\cdot19$.

The converse of the Fermat Theorem fails:  It may be that $a^n\equiv
a\pmod n$ for all $a$, although $n$ is not prime.  First, $n$ is a
\defn{pseudo-prime}{} if $n$ is not prime, but
\begin{equation*}
  2^n\equiv 2\pmod n.
\end{equation*}
Then $341$ is a pseudo-prime.  Indeed, $341=11\cdot31$; but
\begin{align*}
2^{11}&=2048=31\cdot 66+2\equiv 2\pmod{31},\\
  2^31&=(2^{10})^3\cdot 2\equiv2\pmod{11}.
\end{align*}
Hence $2^{11\cdot31}\equiv 2\pmod{11\cdot31}$ by the following.

\begin{lemma*}
  If $a^p\equiv a\pod q$ and $a^q\equiv a\pod p$, then $a^{pq}\equiv
  a\pod{pq}$. 
\end{lemma*}

\begin{proof}
  Under the hypothesis, we have
  \begin{gather*}
    a^{pq}=(a^p)^q\equiv a^q\equiv a\pmod q,\\
    a^{pq}=(a^q)^p\equiv a^p\equiv a\pmod p,
  \end{gather*}
and hence $a^{pq}\equiv a\pmod{\lcm(p,q)}$; but $\lcm(p,q)=pq$.
\end{proof}

Again, we now have $2^{361}\equiv2\pmod{361}$, so $361$ is
pseudo-prime. 

\begin{theorem*}
  If $n$ is a pseudo-prime, then so is $2^n-1$.
\end{theorem*}

\begin{proof}
  Since $n$ factors non-trivially as $ab$, but $2^a-1\divides
  (2^a)^b-1$, we have that $2^a$ is a non-trivial factor of $2^n-1$.
  So $2^n-1$ is not prime.  We assume also $2^n\equiv2\pmod n$; say
  $2^n-2=kn$.  Then
  \begin{equation*}
    2^{2^n-1}-2=2\cdot(2^{2^n-2}-1)=2\cdot(2^{kn}-1),
  \end{equation*}
which has the factor $2^n-1$; so $2^{2^n-1}\equiv2\pmod{2^n-1}$. 
\end{proof}

One can ask whether $3^n\equiv3\pmod n$, for example.  But a number
$n$ is called an \defn{absolute pseudo-prime}{} or a \defn{Carmichael
  number}{} if
\begin{equation*}
  a^n\equiv a\pmod n
\end{equation*}
for all $n$.  Then $561$ is a Carmichael number.  Indeed,
\begin{equation*}
  561=3\cdot11\cdot17;
\end{equation*}
and
\begin{align*}
  3-1&=2\divides 560=561-1;\\
11-1&=10\divides 560;\\
17-1&=16\divides 560.
\end{align*}
Hence
\begin{align*}
  3\ndivides a&\implies a^2\equiv 1\pmod 3\implies a^{560}\equiv 1\pmod 3;\\
  11\ndivides a&\implies a^{10}\equiv 1\pmod{11}\implies a^{560}\equiv
  1\pmod{11};\\ 
  17\ndivides a&\implies a^{17}\equiv 1\pmod{17}\implies a^{560}\equiv
  1\pmod{17}.
\end{align*}
Hence $a^{561}\equiv a\pmod{3,11,17}$ for \emph{all} $a$, so
\begin{equation*}
  a^{561}\equiv a\pmod{561}.
\end{equation*}
In general, if $n=p_0\cdot p_1\dotsm p_k$, where $p_0<p_1<\dotsb<p_k$,
and $p_i-1\divides n-1$ for each $i$, then the same argument shows
that $n$ is an absolute pseudo-prime.

It is necessary here that $n$ have no square factor.  Indeed, if
$a^n\equiv a\pmod n$ for all $a$, but $m^2\divides n$, then $m^n\equiv
m\pmod n$, so
\begin{equation*}
  m^n\equiv m\pmod{m^2}.
\end{equation*}
But if $n>1$, then $m^n\equiv0\pmod{m^2}$, so
$m\equiv0\pmod{m^2}$, which is absurd unless $m=\pm1$.

\section{October 18, 2007 (Thursday)}

Can we solve $(p-1)!\equiv x\pmod p$?  The answer is certainly not
$0$.

\begin{theorem*}
Suppose $n>1$.  Then
  $(n-1)!\equiv-1\pmod n$ if and only if $n$ is prime.
\end{theorem*}

This is called `Wilson's Theorem,' though Wilson did not prove it.  It
was supposedly \cite{MR2135478} known to al-Haytham (964--1040).  It
gives a theoretical test for primality, though not a practical one.

\begin{proof}[Proof of theorem]
  One of the two directions should be easier; which one?
  Suppose $n$
  is not prime, so that $n=ab$, where $1<a<n$.  Then $a\leq n-1$, so
  $a\divides(n-1)!$, so $a\ndivides(n-1)!+1$, so $n\ndivides(n-1)!+1$.

Now suppose $n$ is a prime $p$.  Each number on the list
$1,2,3,\dots,p-1$ has an inverse \emph{modulo} $p$.  Also,
$x^2\equiv1\pmod p$ has only the solutions $\pm1$, that is, $1$ and
$p-1$, since it requires $p\divides x\pm1$.  So the numbers on the
list $2,3,\dots,p-2$ have inverses different from themselves.  Hence
we can partition these numbers into pairs $\{a,b\}$, where
$ab\equiv1\pmod p$.  Therefore $(p-1)!\equiv p-1\equiv-1\pmod p$.
\end{proof}

For example,
\begin{align*}
  2\cdot 4&\equiv1\pmod 7,\\
  3\cdot 5&\equiv1\pmod 7,\\
  4\cdot 2&\equiv1\pmod 7,\\
  5\cdot 3&\equiv1\pmod 7,\\
  6\cdot 6&\equiv1\pmod 7;
\end{align*}
so $6!=(2\cdot 4)\cdot(3\cdot 5)\cdot 6\equiv 6\equiv-1\pmod7$.  How
can one find the inverses, other than by trial?  Take successive
powers:
\begin{equation*}
\begin{aligned}
  2^2&=4,\\
2^3&=8\equiv1\pmod 7;
\end{aligned}
\qquad
\begin{aligned}
  3^2&=9\equiv 2\pmod 7,\\
3^3&\equiv 2\cdot 3\equiv 6\pmod 7,\\
3^4&\equiv 6\cdot 3\equiv 4\pmod 7,\\
3^5&\equiv 4\cdot 3\equiv 5\pmod 7,\\
3^6&\equiv 5\cdot 3\equiv 1\pmod 7.
\end{aligned}
\end{equation*}
So the invertible numbers \emph{modulo} $7$ compose a multiplicative
group generated by $3$, and we have
\begin{equation*}
  3\cdot 3^5\equiv 3^2\cdot 3^4\equiv 1\pmod 7.
\end{equation*}
An application of Wilson's Theorem is the
following.\label{passage:wilson-app} 

\begin{theorem*}
  Let $p$ be an odd prime.  Then the congruence $x^2\equiv-1\pmod p$
  has a solution if and only if $p\equiv 1\pmod 4$.
\end{theorem*}

\begin{proof}
  Suppose $a^2\equiv-1\pmod p$.  By the Fermat Theorem,
  \begin{equation*}
    1\equiv a^{p-1}\equiv(a^2)^{(p-1)/2}\equiv(-1)^{(p-1)/2}\pmod p,
  \end{equation*}
so $(p-1)/2$ must be even: $4\divides p-1$, so $p\equiv1\pmod 4$.

Conversely, by Wilson's Theorem, we have
\begin{align*}
  -1\equiv(p-1)!
&\equiv 1\cdot 2\dotsm\frac{p-1}2\cdot\frac{p+1}2\dotsm(p-1)\\
&\equiv 1\cdot(p-1)\cdot 2\cdot(p-2)\dotsm\frac{p-1}2\cdot\frac{p+1}2\\
&\equiv 1\cdot(-1)\cdot 2\cdot(-2)\dotsm\frac{p-1}2\cdot\frac{1-p}2\\
&\equiv(-1)^{(p-1)/2}\left(\left(\frac{p-1}2\right)!\right)^2.
\end{align*}
So if $p\equiv1\pmod 4$, then $x^2\equiv-1\pmod p$ is solved by $((p-1)/2)!$.
\end{proof}

For example, 
\begin{equation*}
  -1\equiv 4!\equiv 1\cdot(-1)\cdot 2\cdot(-2)\equiv 2^2\pmod 5,
\end{equation*}
while, \emph{modulo} $13$, we have
\begin{equation*}
-1\equiv 12!\equiv
1\cdot(-1)\cdot 2\cdot (-2)\cdot 3\cdot (-3)\cdot 4\cdot (-4)\cdot
5\cdot (-5)\cdot 6\cdot (-6)\equiv (6!)^2 \pod{13}. 
\end{equation*}

%\section{October 23, 2007 (Tuesday)}

%[There is an exam in the evening, so during the lecture I merely take
%students' questions on the recommended homework problems.]  

\section{October 25, 2007 (Thursday)}

We work now with positive integers only.  If $n$ is
  one of them, we 
define
\begin{equation*}
  \sigma(n)
\end{equation*}
as the sum of the (positive) divisors of $n$.  Hence $n$ is
\tech{perfect}{} if and only if $\sigma(n)=2n$.  For the \emph{number}
of positive divisors of $n$, we write
\begin{equation*}
  \tau(n).
\end{equation*}
For example,
\begin{equation*}
\begin{array}{r@{{}={}}c@{{}+{}}c@{{}+{}}c@{{}+{}}c@{{}+{}}c@{{}+{}}c@{{}={}}l}
\tau(12)& 1& 2& 3& 4& 6& 12& 28,\\
\sigma(12)& 1& 1& 1& 1& 1& 1& 6.
  \end{array}
\end{equation*}
Indeed, $12=2^2\cdot3$, so the divisors of $12$ are
\begin{gather*}
  2^0\cdot 3^0,\\
2^1\cdot 3^0,\\
2^2\cdot 3^0,\\
2^0\cdot 3^1,\\
2^1\cdot 3^1,\\
2^2\cdot 3^1.
\end{gather*}
So the factors of $12$ are determined by a choice from $\{0,1,2\}$ for
the exponent of $2$, and from $\{0,1\}$ for the exponent of $3$.
Hence
\begin{equation*}
  \tau(12)=(2+1)\cdot(1+1).
\end{equation*}
Similarly, each factor of $12$ itself has two factors: one from
$\{1,2,4\}$, and the other from $\{1,3\}$; so
\begin{align*}
  \sigma(12)
&=(1+2+4)\cdot(1+3)\\
&=(1+2+2^2)\cdot(1+3)\\
&=\frac{2^3-1}{2-1}\cdot\frac{3^2-1}{3-1}.
\end{align*}
These ideas work in general:

\begin{theorem*}
If $n=p_1{}^{k(1)}\cdot p_2{}^{k(2)}\dotsm p_n{}^{k(n)}$, 
where $p_1<p_2<\dots p_n$, then
\begin{align*}
  \tau(n)
&=(k(1)+1)\cdot(k(2)+1)\dotsm(k(n)+1),\\
\sigma(n)
&=(1+p_1+p_1{}^2+\dots+p_1{}^{k(1)})\cdot
(1+p_2+p_2{}^2+\dots+p_2{}^{k(2)})\dotsm\\
&=\frac{p_1{}^{k(1)+1}-1}{p_1-1}\cdot
\frac{p_2{}^{k(2)+1}-1}{p_2-1}\dotsm
\frac{p_n{}^{k(n)+1}-1}{p_n-1}
\end{align*}
\end{theorem*}

We can abbreviate the definitions of $\sigma$ and $\tau$ as follows:
\begin{align*}
  \sigma(n)&=\sum_{d\divides n}d,\\
\tau(n)&=\sum_{d\divides n}1.
\end{align*}
Implicitly here, $d$ ranges over the \emph{positive} divisors of $n$.

Is there a relation between $\sigma(n)$ and $\tau(n)$?  We have
\begin{equation*}
  \begin{array}{c|c|c|l}
n & \tau(n) & \sigma(n) & \displaystyle\prod_{d\divides n}d\\\hline
1&1&1&1\\
2&2&3&2\\
3&2&4&3\\
4&3&7&8=2^3=4^{3/2}\\
5&2&6&5\\
6&4&12&36=6^2\\
7&2&8&7\\
8&4&15&64=8^2\\
9&3&13&27=3^3=9^{3/2}\\
10&4&18&100=10^2
  \end{array}
\end{equation*}
It appears that
\begin{equation*}
  \prod_{d\divides n}d=n^{\tau(n)/2}.
\end{equation*}
We can prove it thus:
\begin{equation*}
  \Bigl(\prod_{d\divides n}d\Bigr)^2
= \Bigl(\prod_{d\divides n}d\Bigr)\cdot \Bigl(\prod_{d\divides
  n}d\Bigr)
= \Bigl(\prod_{d\divides n}d\Bigr)\cdot \Bigl(\prod_{d\divides
  n}\frac nd\Bigr)
= \prod_{d\divides n}n
=n^{\tau(n)}.
\end{equation*}

\section{October 30, 2007 (Tuesday)}

Suppose $\gcd(n,m)=1$.  Then $n=p_1{}^{k(1)}\dotsm p_r{}^{k(r)}$, and
$m=q_1{}^{\ell(1)}\dotsm q_s{}^{\ell(s)}$, where the $p_i$ and $q_j$
are all distinct primes.  Hence the prime factorization of $nm$ is
\begin{equation*}
  p_1{}^{k(1)}\dotsm p_r{}^{k(r)}\cdot q_1{}^{\ell(1)}\dotsm
  q_s{}^{\ell(s)}, 
\end{equation*}
so we have
\begin{align*}
  \sigma(nm)
&=\frac{p_1{}^{k(1)+1}-1}{p_1-1}\dotsm
\frac{p_r{}^{k(r)+1}-1}{p_r-1}\cdot
\frac{q_1{}^{\ell(1)+1}-1}{q_1-1}\dotsm
\frac{q_s{}^{k(s)+1}-1}{q_s-1}\\
&=\sigma(n)\cdot\sigma(m).
\end{align*}
Similarly, $\tau(nm)=\tau(n)\cdot\tau(m)$.  We say then that $\sigma$
and $\tau$ are \tech{multiplicative}; in general, a function $f$ on
the positive integers is \defn{multiplicative}{} if
\begin{equation*}
  f(nm)=f(n)\cdot f(m)
\end{equation*}
whenever $n$ and $m$ are co-prime.  We do not require the identity to
hold in general.  For example,
\begin{equation*}
  \sigma(2\cdot 2)=\sigma(4)=1+2+4=7\neq
  9=(1+2)\cdot(1+2)=\sigma(2)\cdot\sigma(2). 
\end{equation*}
The identify function $n\mapsto n$ and the constant function $n\mapsto
1$ are multiplicative.  Since $\sigma(n)=\sum_{d\divides n}d$ and
$\tau(n)=\sum_{d\divides n}1$, the multiplicativity of $\sigma$ and
$\tau$ is a consequence of the following.

\begin{theorem*}
  If $f$ is multiplicative, and $F$ is given by
  \begin{equation}\label{eqn:Ff}
    F(n)=\sum_{d\divides n}f(d),
  \end{equation}
then $F$ is multiplicative.
\end{theorem*}

Before working out a formal proof, we can see why the theorem ought to
be true from an example.  Note first that, if $f$ is multiplicative
and \emph{non-trivial,} so that $f(n)\neq0$ for some $n$, then
\begin{equation*}
  0\neq f(n)=f(n\cdot1)=f(n)\cdot f(1),
\end{equation*}
so $f(1)=1$.
If also $f$ and $F$ are related
by~\eqref{eqn:Ff}, then
\begin{align*}
  F(36)
&=F(2^2\cdot 3^2)\\
&=f(1)+f(2)+f(4)+f(3)+f(6)+f(12)+f(9)+f(18)+f(36)\\
&=\begin{aligned}[t]
f(1)\cdot f(1)&+f(2)\cdot f(1)+f(4)\cdot f(1)+{}\\
{}+f(1)\cdot f(3)&+f(2)\cdot f(3)+f(4)\cdot f(3)+{}\\
{}+f(1)\cdot f(9)&+f(2)\cdot f(9)+f(4)\cdot f(9)
  \end{aligned}\\
&=(f(1)+f(2)+f(4))\cdot(f(1)+f(3)+f(9))\\
&=F(4)\cdot F(9).
\end{align*}

\begin{proof}[Proof of theorem]
  If $\gcd(m,n)=1$, then every divisor of $mn$ is uniquely of the form
  $de$, where $d\divides m$ and $e\divides n$.  This is because every
  \emph{prime} divisor of $mn$ is uniquely a divisor of $m$ or $n$.
  Hence
  \begin{align*}
    F(mn)
&=\sum_{d\divides mn}f(d)\\
&=\sum_{d\divides m}\sum_{e\divides n}f(de)\\
&=\sum_{d\divides m}\sum_{e\divides n}f(d)\cdot f(e)\\
&=\sum_{d\divides m}f(d)\cdot\sum_{e\divides n}f(e)\\
&=\Bigl(\sum_{d\divides m}f(d)\Bigr)\cdot\sum_{e\divides n}f(e),
  \end{align*}
which is $F(m)\cdot F(n)$ by~\eqref{eqn:Ff}.
\end{proof}

If $F$ is defined from $f$ as in~\eqref{eqn:Ff}, can we recover $f$
from $F$?  For example, when $f$ is $n\mapsto n$, so that $F$ is
$\sigma$, then
\begin{equation*}
  \begin{array}{r@{{}={}}c@{}c@{}c@{}c@{}c@{}c@{}c@{}c@{}c@{}c@{}c}
\sigma(12)&1&{}+{}&2&{}+{}&3&{}+{}&4&{}+{}&6&{}+{}&12\\
\sigma(6)&1&+&2&+&3&&+&&6&&\\
\sigma(4)&1&+&2&&+&&4&&&&\\
\sigma(3)&1&&+&&3&&&&&&\\
\sigma(2)&1&+&2&&&&&&&&\\
\sigma(1)&1&&&&&&&&&&
  \end{array}
\end{equation*}
so that
\begin{equation*}
  12=\sigma(12)-\sigma(6)-\sigma(4)+\sigma(2).
\end{equation*}
Why are some terms added, others subtracted?  Why didn't we need
$\sigma(3)$ or $\sigma(1)$?
Note that $12/3=4=2^2$, a square.

We have also
\begin{equation*}
  \begin{array}{r@{{}={}}c*{14}{@{}c}}
\sigma(30)&1&{}+{}&2&{}+{}&3&{}+{}&5&{}+{}&6&{}+{}&10&{}+{}&15&{}+{}&30\\
\sigma(15)&1& &+& &3&+&5& & &+&  &&15&&\\
\sigma(10)&1&+&2& &+& &5& &+& &10&&  &&\\
 \sigma(6)&1&+&2&+&3& &+& &6& &  &&  &&\\
 \sigma(5)&1& & &+& & &5& & & &  &&  &&\\
 \sigma(3)&1& &+& &3& & & & & &  &&  &&\\
 \sigma(2)&1&+&2& & & & & & & &  &&  &&\\
 \sigma(1)&1& & & & & & & & & &  &&  &&
  \end{array}
\end{equation*}
so that
\begin{equation*}
  30=\sigma(30)-\sigma(15)-\sigma(10)-\sigma(6)
  +\sigma(5)+\sigma(3)+\sigma(2)-\sigma(1).  
\end{equation*}
Here we have $30/15=2$, $30/10=3$, and $30/6=5$: each of these numbers
has one prime factor.  But $30/5=2\cdot 3$, $30/3=2\cdot 5$, and
$30/2=3\cdot 5$; each number here has two prime factors.

The \defn{M\"obius function}, $\mu$, is given by
\begin{equation*}
  \mu(n)=
  \begin{cases}
    0,&\text{ if $p^2\divides n$ for some prime $p$};\\
(-1)^r,&\text{ if $n=p_1\dotsm p_r$, where $p_1<\dotsb< p_r$}.
  \end{cases}
\end{equation*}
In particular, $\mu(1)=1$.

\begin{theorem*}[M\"obius Inversion Formula]
  If $f$ determines $F$ by the rule~\eqref{eqn:Ff}, then $F$
  determines $f$ by the rule
  \begin{equation}\label{eqn:fF}
    f(n)=\sum_{d\divides n}\mu\Bigl(\frac nd\Bigr)\cdot F(d).
  \end{equation}
\end{theorem*}

\begin{proof}
  We just start calculating:
  \begin{align*}
    \sum_{d\divides n}\mu\Bigl(\frac nd\Bigr)\cdot F(d)
&=\sum_{d\divides n}\mu\Bigl(\frac nd\Bigr)\cdot\sum_{e\divides d}f(e)\\
&=\sum_{d\divides n}\sum_{e\divides d}\mu\Bigl(\frac nd\Bigr)\cdot f(e).
  \end{align*}
For all factors $d$ and $e$ of $n$, we have
\begin{equation*}
  e\divides d\Iff\frac nd\divides\frac ne.
\end{equation*}
Therefore
\begin{align*}
  \sum_{d\divides n}\mu\Bigl(\frac nd\Bigr)\cdot F(d)
&=\sum_{e\divides n}\sum_{c\divides(n/e)}\mu(c)\cdot f(e)\\
&=\sum_{e\divides n}f(e)\cdot\sum_{c\divides(n/e)}\mu(c).
\end{align*}
We want to obtain $f(n)$ from this.  It will be enough if we can show
that $\sum_{c\divides(n/e)}\mu(c)$ is $0$ unless $e=n$, in which case
the sum is $1$.  So it is enough to show
\begin{equation}\label{eqn:m}
  \sum_{d\divides n}\mu(d)=
  \begin{cases}
    1,&\text{ if }n=1;\\
0,&\text{ otherwise.}
  \end{cases}
\end{equation}
This is easy when $n=p^r$.  Indeed, we have
\begin{align*}
  \sum_{d\divides p^r}\mu(d)
&=\mu(1)+\mu(p)+\mu(p^2)+\dotsb+\mu(p^r)\\
&=  \begin{cases}
    1,&\text{ if }r=0;\\
1-1,&\text{ if }r\geq1.
  \end{cases}
\end{align*}
But also, $\mu$ is multiplicative.  Indeed, suppose $\gcd(m,n)=1$.  If
$p^2\divides mn$, then we may assume $p^2\divides m$, so
$\mu(mn)=0=\mu(m)=\mu(m)\cdot\mu(n)$.  But if $m=p_1\dotsm p_r$, and
$n=q_1\dotsm q_s$, where all factors are distinct primes, then
$\mu(mn)=(-1)^{r+s}=(-1)^\cdot(-1)^2=\mu(m)\cdot\mu(n)$.  So $\mu$ is
multiplicative.  But then we have~\eqref{eqn:m}.  For, if $n\neq1$,
then $n$ has a prime factor $p$, and $n=p^r\cdot a$ for some positive
$r$, where $\gcd(a,p)=1$.  Then $\mu(n)=\mu(p^r)\cdot\mu(a)=0$.
So~\eqref{eqn:m} holds.  This
completes the proof of the theorem.
\end{proof}

\asterism{}

The Chinese Remainder Theorem can be understood with a picture.  Since
$\gcd(5,6)=1$ for example, the Theorem gives us a solution to
\begin{equation*}
  \begin{cases}
    x\equiv a_1\pmod 5,\\
x\equiv a_2\pmod 6,
  \end{cases}
\end{equation*}
---a solution that is unique \emph{modulo} $30$.  In theory, we can
   find this solution by filling out a table diagonally as follows:
   \begin{equation*}
     \begin{array}{|r|rrrrrr|}\hline
 &0&1&2&3&4&5\\\hline
0&0& & & & & \\
1& &1& & & & \\
2& & &2& & & \\
3& & & &3& & \\
4& & & & &4& \\\hline
     \end{array},
\quad\text{ then }\quad
     \begin{array}{|r|rrrrrr|}\hline
 &0&1&2&3&4&5\\\hline
0&0& & & & &5\\
1& &1& & & & \\
2& & &2& & & \\
3& & & &3& & \\
4& & & & &4& \\\hline 
     \end{array},
   \end{equation*}
then
\begin{equation*}
     \begin{array}{|r|rrrrrr|}\hline
 &0&1&2&3&4&5\\\hline
0&0& & & & &5\\
1&6&1& & & & \\
2& &7&2& & & \\
3& & &8&3& & \\
4& & & &9&4& \\\hline 
     \end{array},
\quad\text{ then }
     \begin{array}{|r|rrrrrr|}\hline
 &0&1&2&3&4 &5 \\\hline
0&0& & & &10&5 \\
1&6&1& & &  &11\\
2& &7&2& &  &  \\
3& & &8&3&  &  \\
4& & & &9&4&   \\\hline
     \end{array},
\end{equation*}
and ultimately
\begin{equation*}
     \begin{array}{|r|rrrrrr|}\hline
 & 0& 1& 2&3 & 4& 5 \\\hline
0& 0&25&20&15&10& 5 \\
1& 6& 1&26&21&16&11\\
2&12& 7& 2&27&22&17\\
3&18&13& 8& 3&28&23\\
4&24&19&14& 9& 4&29\\\hline
     \end{array}.  
\end{equation*}
Hence, for example, a solution to $x\equiv 2\pmod 5\land x\equiv
3\pmod 6$ is $27$ (in row 2, column 3).  

Making such a table is not
always practical.  But the possibility of making such a table will
enable us to establish a generalization of Fermat's Theorem.
Fermat tells that, if $\gcd(a,p)=1$, then
\begin{equation*}
  a^{p-1}\equiv1 \pmod p.
\end{equation*}
\tech{Euler's Theorem}{} will give us a certain function $\phi$ such
that, if $\gcd(a,n)=1$, then 
\begin{equation*}
  a^{\phi(n)}\equiv 1\pmod n.
\end{equation*}

\section{November 1, 2007 (Thursday)}

We have defined
\begin{equation*}
  \mu(n)=(-1)^r,
\end{equation*}
if $n$ is the product of $r$ \emph{distinct} primes; otherwise,
$\mu(n)=0$.  In particular, $\mu(1)=(-1)^0=1$.  We have shown that
$\mu$ is multiplicative, that is, 
\begin{equation*}
  \mu(mn)=\mu(m)\cdot\mu(n),
\end{equation*}
provided $\gcd(m,n)=1$.  We have shown~\eqref{eqn:m}.  From, this, we
have established the M\"obius Inversion Formula: if~\eqref{eqn:Ff},
then~\eqref{eqn:fF}.

Now we define a new multiplicative function, the \defn{Euler
  phi-function}: $\phi(n)$ is the number of $x$ such that $0\leq
  x<n$
  and $x$ is prime to $n$.  Then
  \begin{enumerate}
    \item
$\phi(1)=1$;
\item
$\phi(p)=p-1$;
\item
$\phi(p^r)=p^r-p^{r-1}$ when $r>0$.
  \end{enumerate}
Indeed, suppose $\gcd(a,p^r)\neq1$.  Then $\gcd(a,p^r)=p^k$ for some
positive $k$.  In particular, $p\divides a$.  Conversely, if
$p\divides a$, then $p\divides\gcd(a,p^r)$, so $\gcd(a,p^r)\neq1$.
Therefore $\phi(p^r)$ is the number of integers $x$ such that $0\leq
x<p^r$ and $p\ndivides x$; so
\begin{equation*}
  \phi(p^r)=p^r-\frac{p^r}p=p^r\cdot\Bigl(1-\frac1p\Bigr).
\end{equation*}
If we can show $\phi$ is multiplicative, and $n=p_1{}^{k(1)}\dotsm
p_r{}^{k(r)}$, then
\begin{align*}
  \phi(n)
&=\phi(p_1{}^{k(1)})\dotsm\phi(p_r{}^{k(r)})\\
&=p_1{}^{k(1)}\cdot\Bigl(1-\frac1{p_1}\Bigr)\dotsm
  p_r{}^{k(r)}\cdot\Bigl(1-\frac1{p_r}\Bigr)\\
&=p_1{}^{k(1)}\dotsm
  p_r{}^{k(r)}\cdot\Bigl(1-\frac1{p_1}\Bigr)\dotsm\Bigl(1-\frac1{p_r}\Bigr)\\
&=n\cdot\Bigl(1-\frac1{p_1}\Bigr)\dotsm\Bigl(1-\frac1{p_r}\Bigr).
\end{align*}
But again, we must show $\phi$ is multiplicative.  We do this with the
Chinese Remainder Theorem.  

Let us denote the set $\{x\in\Z\colon
0\leq x<n\}$ by $[0,n)$.  Assume $\gcd(m,n)=1$.  If $x\in[0,mn)$, then
    there is a unique $a$ in $[0,m)$ such that $x\equiv a\pmod m$;
      likewise, there is a unique $b$ in $[0,n)$ such that $x\equiv
	b\pmod n$.  Thus we have a function $x\mapsto(a,b)$ from
	$[0,mn)$ into $[0,m)\times[0,n)$.  Moreover, if $x$ is prime
	      to $mn$, then it is prime to $m$ and to $n$, so $a$ is
	      prime to $m$, and $b$ is prime to $n$.

Convsersely, by the Chinese Remainder Theorem, for every $a$ in
$[0,m)$ and $b$ in $[0,n)$, there is a unique $x$ in $[0,mn)$ such
      that 
      \begin{equation*}
	\begin{cases}
	  x\equiv a\pmod m,\\
x\equiv b\pmod n.
	\end{cases}
      \end{equation*}
Moreover, if $a$ is prime to $m$, and $b$ is prime to $n$, then $x$ is
prime to $m$ and to $n$, hence to $mn$ (that is, $\lcm(m,n)$).
Therefore we have a bijection between the sets
\begin{equation*}
  \{x\in[0,mn)\colon\gcd(x,mn)=1\}
\end{equation*}
and
\begin{equation*}
  \{x\in[0,m)\colon\gcd(x,m)=1\}\times
  \{x\in[0,n)\colon\gcd(x,n)=1\}.
\end{equation*}
Therefore the sizes of these sets are equal; but by definition of
$\phi$, these sizes are $\phi(mn)$ and $\phi(m)\cdot\phi(n)$. 

The idea can be seen in a table, as
\begin{equation*}
  \begin{array}{|r|rrrrrrr|}
\hline
 & 0& 1& 2& 3& 4& 5& 6\\\hline
0& 0& 8&16&24& 4&12&20\\
1&21& 1& 9&17&25& 5&13\\
2&14&22& 2&10&18&26& 6\\
3& 7&15&23& 3&11&19&27\\\hline
  \end{array}
\end{equation*}
This gives the function $x\mapsto(a,b)$ from $[0,28)$ to
  $[0,4)\times[0,7)$.  For example, $18$ is in row
$2$ and column $4$, so the function takes $18$ to $(2,4)$.  As $0$ and
  $2$ are not prime to $4$, we delete rows $0$ and $2$; as $0$ is
  not prime to $7$, we delete column $0$.  The numbers remaining
  are prime to $28$; and the \emph{number} of these numbers---by
  definition, $\phi(28)$---is $2\cdot
  6$, which is $\phi(4)\cdot\phi(7)$.
\begin{equation*}
  \begin{array}{|r|ccccccc|}
\hline
 & 0& 1& 2& 3& 4& 5& 6\\\hline
0&  &  &  &  &  &  &  \\
1&  & 1& 9&17&25& 5&13\\
2&  &  &  &  &  &  &  \\
3&  &15&23& 3&11&19&27\\\hline
  \end{array}
\end{equation*}
Burton \cite{Burton} also uses a table of numbers, but written in the
usual order:
\begin{equation*}
  \begin{array}{|ccccccc|}
\hline
 0& 1& 2& 3& 4& 5& 6\\
 7& 8& 9&10&11&12&13\\
14&15&16&17&18&19&20\\
21&22&23&24&25&26&27\\\hline
  \end{array}
\end{equation*}
The numbers prime to $7$ are all in the first column, so delete it:
\begin{equation*}
  \begin{array}{|ccccccc|}
\hline
  & 1& 2& 3& 4& 5& 6\\
  & 8& 9&10&11&12&13\\
  &15&16&17&18&19&20\\
  &22&23&24&25&26&27\\\hline
  \end{array}
\end{equation*}
Then the number of remaining columns is $\phi(7)$.
In each of these columns, just two numbers are prime to $4$ (since
each column contains a complete set of residues \emph{modulo}
$4$).  If we delete the numbers
\emph{not} prime to $4$, what remains is the following:
\begin{equation*}
  \begin{array}{|ccccccc|}
\hline
  & 1&  & 3&  & 5&  \\
  &  & 9&  &11&  &13\\
  &15&  &17&  &19&  \\
  &  &23&  &25&  &27\\\hline
  \end{array}
\end{equation*}
Again, there are $\phi(4)\cdot\phi(7)$ numbers left, or $\phi(28)$.

\section{November 6, 2007 (Tuesday)}

We have defined
\begin{equation*}
  \phi(n)=\size{\{x\in\Z\colon0\leq x<n\land\gcd(x,n)=1\}}.
\end{equation*}
To find a particular value, we can use a variant of the Sieve of
Eratosthenes.  For example, say we want $\phi(30)$.  As
$30=2\cdot3\cdot 5$, we write down the numbers from $0$ to $29$ (or
$1$ to $30$) and eliminate the multiples of $2$, $3$, or $5$:
\begin{equation*}
  \begin{array}{*{10}{r}}
    0&1&2&3&4&5&6&7&8&9\\
10&11&12&13&14&15&16&17&18&19\\
20&21&22&23&24&25&26&27&28&29\\\hline
     &1& &3& &5& &7& &9\\
  &11&  &13&  &15&  &17&  &19\\
  &21&  &23&  &25&  &27&  &29\\\hline
     &1& & & &5& &7& & \\
  &11&  &13&  &  &  &17&  &19\\
  &  &  &23&  &25&  &  &  &29\\\hline
     &1& & & & & &7& & \\
  &11&  &13&  &  &  &17&  &19\\
  &  &  &23&  &  &  &  &  &29\\
  \end{array}
\end{equation*}
As $8$ numbers remain, we have $\phi(30)=8$.

Our list of numbers had $10$ columns and $3$ rows.  When we eliminated
multiples of $2$ and $5$, we eliminated the columns headed by $0$,
$2$, $4$, $5$, $6$, and $8$.  The remaining columns were headed by
$1$, $3$, $7$, and $9$: four 
numbers.  Therefore $\phi(10)=4$.  In each of the remaining columns,
the entries are incongruent \emph{modulo} $3$.  Indeed, the numbers
differ by $10$ or $20$, and these are not divisible by $3$.  So, in
each column, exactly one entry is a multiple of $3$.  When it is
eliminated, there are $4\cdot 2$ entries remaining: this is
$\phi(10)\cdot\phi(3)$.  Thus, multiplicativity of $\phi$ is
established.  Alternatively, as last time, we can tabulate the numbers
from $0$ to $29$ thus:
\begin{equation*}
  \begin{array}{|r|*{10}{r}|}\hline
 & 0& 1& 2& 3& 4& 5& 6& 7& 8& 9\\\hline
0& 0&21&12& 3&24&15& 6&27&18& 9\\
1&10& 1&22&13& 4&25&16& 7&28&19\\
2&20&11& 2&23&14& 5&26&17& 8&29\\\hline
  \end{array}
\end{equation*}
Eliminating multiples of $2$, $3$, and $5$ means eliminating certain
columns \emph{and} rows:
\begin{equation*}
  \begin{array}{|r|*{10}{r}|}\hline
 & 0& 1& 2& 3& 4& 5& 6& 7& 8& 9\\\hline
0&  &  &  &  &  &  &  &  &  &  \\
1&  & 1&  &13&  &  &  & 7&  &19\\
2&  &11&  &23&  &  &  &17&  &29\\\hline
  \end{array}
\end{equation*}

In general, we have
\begin{align*}
  \phi(p)&=p-1;&\\
\phi(p^s)&=p^s-p^{s-1}=p\cdot\Bigl(1-\frac1p\Bigr),&&\text{ if }s>0;\\
\phi(mn)&=\phi(m)\cdot\phi(n),&&\text{ if }\gcd(m,n)=1.
\end{align*}
Hence, if $n$ has the distinct prime divisors $p_1$, \dots, $p_s$,
then
\begin{equation*}
  \phi(n)=n\cdot\prod_{k=1}^s\Bigl(1-\frac1{p_i}\Bigr).
\end{equation*}
We can write this more neatly as
\begin{equation*}
  \phi(n)=n\cdot\prod_{p\divides n}\Bigl(1-\frac1p\Bigr).
\end{equation*}
For example,
\begin{equation*}
  \phi(30)=30\cdot\Bigl(1-\frac12\Bigr)\cdot\Bigl(1-\frac13\Bigr)\cdot\Bigl(1-\frac15\Bigr)=30\cdot\frac12\cdot\frac23\cdot\frac45=8.
\end{equation*}
Since $180$ has the same prime divisors as $30$, we have
\begin{equation*}
  \frac{\phi(180)}{\phi(30)}=\frac{180}{30}=6,
\end{equation*}
so $\phi(180)=6\phi(30)=48$.  But $15$ and $30$ do not have the same
prime divisors, and we cannot expect $\phi(15)/\phi(30)$ to be
$15/30$, or $1/2$; indeed, $\phi(15)=\phi(3)\cdot\phi(5)=2\cdot
4=8=\phi(30)$.  

\begin{theorem*}[Euler]
  If $\gcd(a,n)=1$, then
  \begin{equation*}
    a^{\phi(n)}\equiv1\pmod n.
  \end{equation*}
\end{theorem*}

Fermat's Theorem is the special case when $n=p$.  But we do \emph{not}
generally have $a^{\phi(n)+1}\equiv a\pmod n$ for arbitrary $a$.  For
example,
$\phi(12)=4$, but $2^5=32\equiv 8\pmod{12}$; so 
\begin{equation*}
  2^{\phi(12)+1}\not\equiv2\pmod{12}.
\end{equation*}

\begin{proof}[Proof of Euler's Theorem]
Assume $\gcd(a,n)=1$.
  We can write $\{x\in\Z\colon0\leq x<n\land\gcd(x,n)=1\}$ as
  \begin{equation*}
    \{b_1,b_2,\dots,b_{\phi(n)}\}.
  \end{equation*}
Then we can obtain $a^{\phi(n)}$ from
\begin{equation*}
  \prod_{k=1}^{\phi(n)}(ab_k)=a^{\phi(n)}\cdot\prod_{k=1}^{\phi(n)}b_k.
\end{equation*}
As the two products are invertible \emph{modulo} $n$, it is enough now
to show that the two products are congruent 
\emph{modulo} $n$.
As $a$ is invertible \emph{modulo} $n$,
there is a function $f$ from $\{0,1,\dots,\phi(n)\}$ to itself
such that
\begin{equation*}
  ab_i\equiv b_{f(i)}\pmod n
\end{equation*}
for each $i$.  Moreover, if $f(i)=f(j)$, then
\begin{equation*}
  ab_i\equiv b_{f(i)}\equiv b_{f(j)}\equiv ab_j\pmod n,
\end{equation*}
so $b_i\equiv b_j\pmod n$, hence $i=j$.  So $f$ is a permutation.
Therefore
\begin{equation*}
  \prod_{k=1}^{\phi(n)}b_k\equiv
  \prod_{k=1}^{\phi(n)}b_{f(k)}\equiv
  \prod_{k=1}^{\phi(n)}(ab_k)\pmod n.
\end{equation*}
As noted, the claim now follows.
\end{proof}

For example, to solve
\begin{equation*}
  369^{19587}x\equiv1\pmod{1000},
\end{equation*}
we compute
\begin{equation*}
  \phi(1000)=\phi(10^3)=\phi(2^3\cdot
  5^3)=\phi(2^3)\cdot\phi(5^3)=4\cdot100=400. 
\end{equation*}
Now reduce the exponent:
\begin{equation*}
  \frac{19587}{400}=48+\frac{387}{400}.
\end{equation*}
So we want to solve
\begin{align*}
  369^{387}x&\equiv1\pmod{1000},\\
x&\equiv369^{13}\pmod{1000}.
\end{align*}
Now proceed, using that $13=8+4+1=2^3+2^2+1$.  Multiplication
\emph{modulo} $1000$ requires only three columns:
\begin{gather*}
  \begin{array}[t]{@{}r@{\,}r@{\,}r@{}}
    3&6&9\\
    3&6&9\\\hline
    3&2&1\\
    1&4& \\
    7& & \\\hline
    1&6&1
  \end{array}\quad\text{ so }
369^2\equiv161\pod{1000};\quad
  \begin{array}[t]{@{}r@{\,}r@{\,}r@{}}
    1&6&1\\
    1&6&1\\\hline
    1&6&1\\
    6&6& \\
    1& & \\\hline
    9&2&1
  \end{array}\quad\text{ so }
369^4\equiv161^2\equiv921\pod{1000};\\
  \begin{array}[t]{@{}r@{\,}r@{\,}r@{}}
    9&2&1\\
    9&2&1\\\hline
    9&2&1\\
    4&2& \\
    9& & \\\hline
    2&4&1
  \end{array}\quad\text{ so }
369^8\equiv921^2\equiv241\pod{1000};\\
369^{13}\equiv369^8\cdot369^4\cdot369\equiv241\cdot921\cdot369\pod{1000};\\
  \begin{array}[t]{@{}r@{\,}r@{\,}r@{}}
    2&4&1\\
    9&2&1\\\hline
    2&4&1\\
    8&2& \\
    9& & \\\hline
    9&6&1
  \end{array}\qquad
  \begin{array}[t]{@{}r@{\,}r@{\,}r@{}}
    9&6&1\\
    3&6&9\\\hline
    6&4&9\\
    6&6& \\
    3& & \\\hline
    6&0&9
  \end{array}
\end{gather*}
So the solution is \fbox{$x\equiv609\pmod{1000}$.}

\asterism{}

Euler's Theorem gives a neat theoretical solution to
Chinese-Remainder-Theorem problems:  Suppose the integers $n_1$,
\dots, $n_s$ are pairwise co-prime.  Say we want to solve the system
\begin{equation*}
  \begin{cases}
    x\equiv a_1\pmod{n_1},\\
\dots\\
x\equiv a_s\pmod{n_s}.
  \end{cases}
\end{equation*}
Define
\begin{gather*}
  n=n_1\dotsm n_s;\\
N_i=\frac n{n_i}.
\end{gather*}
Then the system is solved by
\begin{equation*}
  x\equiv a_1\cdot N_1{}^{\phi(n_1)}+\dotsb+ a_s\cdot N_s{}^{\phi(n_s)}
\end{equation*}
Indeed, we have
\begin{equation*}
  N_i{}^{\phi(n_i)}\equiv
  \begin{cases}
    1\pmod{n_i};&\\
0\pmod{n_j},&\text{ if }j\neq i.
  \end{cases}
\end{equation*}

\asterism{}

As $\phi$ is multiplicative, so is
\begin{equation*}
  n\mapsto\sum_{d\divides n}\phi(d).
\end{equation*}
What \emph{is} this function?  The function is
determined by its values at prime powers; so look at these.  We have
\begin{multline*}
  \sum_{d\divides
  p^s}\phi(d)=\sum_{k=0}^s\phi(p^k)=1+\sum_{k=1}^s(p^k-p^{k-1})=\\
  =1+(p-1)+(p^2-p)+\dotsb+(p^s-p^{s-1})=p^s.
\end{multline*}
Thus, the equation
\begin{equation*}
  \sum_{d\divides n}\phi(d)=n
\end{equation*}
holds when $n$ is prime power.  As both sides are
\emph{multiplicative} functions of $n$, the equation holds for all
$n$.  Thus we have

\begin{theorem*}[Gauss]
  $\sum_{d\divides n}\phi(d)=n$ for all positive integers $n$.
\end{theorem*}

For an alternative proof, partition the set $\{0,1,\dots,n-1\}$
according to greatest common divisor with $n$.  For example, suppose
$n=12$.  We can construct a table as follows, where the rows are
labelled with the divisors of $12$.  Each number $x$ from $0$ to $11$
inclusive is assigned to row $d$, if $\gcd(x,12)=d$.
\begin{equation*}
  \begin{array}{|r|cccccccccccc|}\hline
  &0&1&2&3&4&5&6&7&8&9&10&11\\\hline
12&0& & & & & & & & & &  &  \\
 6& & & & & & &6& & & &  &  \\
 4& & & & &4& & & &8& &  &  \\
 3& & & &3& & & & & &9&  &  \\
 2& & &2& & & & & & & &10&  \\
 1& &1& & & &5& &7& & &  &11\\\hline
  \end{array}
\end{equation*}
But we have
\begin{equation*}
0\leq x<12\land\gcd(x,12)=d\Iff\gcd\Bigl(\frac xd,\frac{12}d\Bigr)=1
\land0\leq\frac xd<\frac{12}d. 
\end{equation*}
So the number of entries in row $d$ is just
$\phi(12/d)$.  There are $12$ entries in some row, so
$12=\sum_{d\divides 12}\phi(d)$.

Is there anything noticeable about the table?  Try $n=20$:
\begin{equation*}
  \begin{array}{|r|*{19}{p{15pt}@{}}p{15pt}|}\hline
%  \begin{array}{|r|*{19}{c@{\ }}c|}\hline
  &$0$&$1$&$2$&$3$&$4$&$5$&$6$&$7$&$8$&$9$&
    $10$&$11$&$12$&$13$&$14$&$15$&$16$&$17$&$18$&$19$\\\hline  
20&$0$& & & & & & & & & &  &  &  &  &  &  &  &  &  &  \\
10& & & & & & & & & & &$10$&  &  &  &  &  &  &  &  &  \\
 5& & & & & &$5$& & & & &  &  &  &  &  &$15$&  &  &  &  \\
 4& & & & &$4$& & & &$8$& &  &  &$12$&  &  &  &$16$&  &  &  \\
 2& & &$2$& & & &$6$& & & &  &  &  &  &$14$&  &  &  &$18$&  \\
 1& &$1$& &$3$& & & &$7$& &$9$&  &$11$&  &$13$&  &  &  &$17$&
    &$19$\\\hline     
  \end{array}
\end{equation*}
The entries are symmetric about a vertical axis, except for $0$.  Is
there a theorem here?  
Define
\begin{equation*}
  S_n=\{x\in\Z\colon 0\leq x<n\land\gcd(x,n)=1\},
\end{equation*}
so $\size{S_n}=\phi(n)$.
It appears that, when $n>1$, then the average member of $S_n$ is~$n/2$:
\begin{equation*}
  \frac{\sum_{x\in S_n}x}{\phi(n)}=\frac n2.
\end{equation*}
Indeed, when $n>1$, then $S_n$ has the permutation $x\mapsto n-x$, so
\begin{equation*}
  2\cdot\sum_{x\in S_n}x
=\sum_{x\in S_n}x+\sum_{x\in S_n}(n-x)
=\sum_{x\in S_n}(x+(n-x))
=\sum_{x\in S_n}x=n\cdot\phi(n).
\end{equation*}
Therefore
\begin{equation*}
n>1\implies  \sum_{x\in S_n}=\frac{n\cdot\phi(n)}2.
\end{equation*}

\section{November 8, 2007 (Thursday)}

Recall Gauss's Theorem: 
\begin{equation}\label{eqn:sum-phi}
\sum_{d\divides n}\phi(d)=n.  
\end{equation}
We gave two
proofs; each one exhibits some useful techniques.

Let us make the tabular proof more precise.  If $d\divides n$, let
\begin{equation*}
  S_d^n=\{x\colon0\leq x<n\land\gcd(x,n)=d\}.
\end{equation*}
Then $[0,n)=\bigcup_{d\divides n}S_d^n$, and the sets $S_d^n$ are
  disjoint as $d$ varies over the divisors of $n$.  Therefore
  \begin{equation}\label{eqn:n0n}
    n=\size{[0,n)}=\sum_{d\divides n}\size{S_d^n}.
  \end{equation}
But we also have
\begin{align*}
  x\in S_d^n
&\Iff0\leq x<n\land\gcd(x,n)=d\\
&\Iff0\leq\frac xd<\frac nd\land\gcd\Bigl(\frac xd,\frac nd\Bigr)=1\\
&\Iff\frac xd\in S_1^{n/d}.
\end{align*}
So we have a bijection $x\mapsto x/d$ from $S_d^n$ to $S_1^{n/d}$,
which means
\begin{equation*}
  \size{S_d^n}=\size{S_1^{n/d}}.
\end{equation*}
Also,
\begin{equation*}
  \size{S_1^{n/d}}=\phi\Bigl(\frac nd\Bigr).
\end{equation*}
So~\eqref{eqn:n0n} now becomes
\begin{equation*}
n=\sum_{d\divides n}\phi\Bigl(\frac nd\Bigr)
=\sum_{d\divides n}\phi(d).  
\end{equation*}

The idea behind the last equation is frequently useful.  For any
function $f$ (on the positive integers), we have
\begin{equation*}
\sum_{d\divides n}f\Bigl(\frac nd\Bigr)=\sum_{d\divides n}f(d).  
\end{equation*}
This is because the function $x\mapsto n/x$ is a permutation of the
set of divisors of $n$.

Our other proof of Gauss's Theorem used the multiplicativeness
of~\eqref{eqn:sum-phi}.
It was enough to show that
these are equal when $n$ was a prime power.  This technique is
frequently useful.

\asterism{}

To~\eqref{eqn:sum-phi} we can apply the M\"obius Inversion Formula to get
\begin{equation*}
  \phi(n)
=\sum_{d\divides n}\mu\Bigl(\frac nd\Bigr)\cdot d
=\sum_{d\divides n}\mu(d)\cdot\frac nd
=n\cdot\sum_{d\divides n}\frac{\mu(d)}d
\end{equation*}
and therefore
\begin{equation*}
  \frac{\phi(n)}n=\sum_{d\divides n}\frac{\mu(d)}d.
\end{equation*}
But we also have $\phi(n)=n\cdot\prod_{p\divides n}(1-1/p)$,
so $\phi(n)/n=\prod_{p\divides n}(1-1/p)$.  Therefore
\begin{equation*}
  \prod_{p\divides n}\Bigl(1-\frac1p\Bigr)=\sum_{d\divides n}\frac{\mu(d)}d.
\end{equation*}
For example,
\begin{multline*}
  \sum_{d\divides12}\frac{\mu(d)}d
=\frac{\mu(1)}1+
\frac{\mu(2)}2+
\frac{\mu(3)}3+
\frac{\mu(4)}4+
\frac{\mu(6)}6+
\frac{\mu(12)}{12}=\\
=1-\frac12-\frac13+\frac16=\Bigl(1-\frac12\Bigr)\Bigl(1-\frac13\Bigr)
=\prod_{p\divides12}\Bigl(1-\frac1p\Bigr).
\end{multline*}

\asterism{}

Recall Euler's Theorem:
\begin{equation*}
  \gcd(a,n)=1\implies a^{\phi(n)}\equiv1\pmod n.
\end{equation*}
This can be improved in some cases.  For example,
$255=3\cdot5\cdot17$, so
$\phi(255)=\phi(3)\cdot\phi(5)\cdot\phi(17)=2\cdot4\cdot16=128$, and
hence
\begin{equation*}
  \gcd(a,255)=1\implies a^{128}\equiv1\pmod{255}.
\end{equation*}
But by Fermat's Theorem,
\begin{align*}
  3\ndivides a&\implies a^2\equiv1\pmod 3\implies
  a^{16}\equiv1\pmod{3};\\
  5\ndivides a&\implies a^4\equiv1\pmod 5\implies
  a^{16}\equiv1\pmod{5};\\
  17\ndivides a&\implies a^{16}\equiv1\pmod{17}.
\end{align*}
Therefore $\gcd(a,255)=1\implies a^{16}\equiv1\pmod{3,5,17}$, that is,
\begin{equation*}
  \gcd(a,255)=1\implies a^{16}\equiv1\pmod{255}.
\end{equation*}

In general, the \defn{order}{} of $a$ \emph{modulo} $n$ is the least
positive $k$ such that
\begin{equation*}
  a^k\equiv1\pmod n.
\end{equation*}
If such $k$ does exist, then $a^k-1=n\cdot\ell$ for some $\ell$, so
\begin{equation*}
  a\cdot a^{k-1}-n\cdot\ell=1,
\end{equation*}
and therefore $\gcd(a,n)=1$.  Conversely, if $\gcd(a,n)=1$, then
$a^{\phi(n)}\equiv 1\pmod n$, so $a$ has an order \emph{modulo} $n$.

Assuming $\gcd(a,n)=1$, let us denote the order of $a$ \emph{modulo}
$n$ by
\begin{equation*}
  \ord na.
\end{equation*}
For example, what is $\ord{17}2$?  Just compute powers of $2$
\emph{modulo} $17$:
\begin{equation*}
  2,\ 4,\ 8,\ 16\equiv-1,\ -2,\ -4,\ -8,\ -16\equiv 1.
\end{equation*}
Then $\ord{17}2=8$.  We also have
\begin{multline*}
  3,\ 9\equiv-8,\ -24\equiv-7,\ -21\equiv-4,\ -12\equiv5,\
  15\equiv-2,\ -6,\ -18\equiv-1,\\ 
-3,\ 8,\ 7,\ 4,\ -5,\ 2,\ 6,\ 1.
\end{multline*}
Note how, halfway through, we just change signs.  So $\ord{17}3=16$.

\section{November 20, 2007 (Tuesday)}

We have computed
\begin{equation*}
  \begin{array}{|c*{8}{|r}|}\hline
    k&1&2&3&4&5&6&7&8\\\hline
3^k\pmod{17}&3&-8&-7&-4&5&-2&-6&-1\\\hline\hline
k&9&10&11&12&13&14&15&16\\\hline
3^k\pmod{17}&-3&8&7&4&-5&2&6&1\\\hline
  \end{array}
\end{equation*}
Hence $16$ is the least positive $k$ such that $3^k\equiv1\pmod{17}$,
so $\ord{17}3=16$.  From the table we extract
\begin{equation*}
  \begin{array}{|c*{8}{|r}|}\hline
    k&1&2&3&4&5&6&7&8\\\hline
(-8)^k\pmod{17}&-8&-4&-2&-1&8&4&2&1\\\hline
  \end{array}
\end{equation*}
which means $\ord{17}{-8}=8$.    Likewise, $\ord{17}{-4}=4$, and
$\ord{17}{-1}=2$.  So we have
\begin{equation*}
  \begin{array}{|c*{8}{|r}|}\hline
          a & 1& 2& 3& 4& 5& 6& 7& 8\\\hline
\ord{17}  a & 1&  &16&  &  &  &  &  \\\hline
\ord{17}{-a}& 2&  &  & 4&  &  &  & 8\\\hline
  \end{array}
\end{equation*}
How can we complete the table?  For example, what is
$\ord{17}{-7}$?  Since $-7\equiv3^3\pmod{17}$, and
$\gcd(3,16)=1$, we have $\ord{17}{-7}=16$.  Likewise, $\ord{17}5=16$.
But $\ord{17}{-2}=16/\gcd(6,16)=8$, since $-2\equiv3^6\pmod{17}$.
This is by a general theorem to be proved presently.  We complete the
table thus:
\begin{equation*}
  \begin{array}{|c*{8}{|r}|}\hline
          a & 1& 2& 3& 4& 5& 6& 7& 8\\\hline
\ord{17}  a & 1& 8&16& 4&16&16&16& 8\\\hline
\ord{17}{-a}& 2& 8&16& 4&16&16&16& 8\\\hline
  \end{array}
\end{equation*}

\begin{theorem*}
  Suppose $\gcd(a,n)=1$.  Then
  \begin{enumerate}
    \item\label{item:ak1}
$a^k\equiv1\pmod n$ if and only if $\ord
      na\divides k$.
\item\label{item:nas}
$\ord n{a^s}=\ord na/\gcd(s,\ord na)$.
\item\label{item:akal}
$a^k\equiv a^{\ell}$ if and only if $k\equiv\ell\pmod{\ord na}$. 
  \end{enumerate}
\end{theorem*}

\begin{proof}
  For~\eqref{item:ak1}, the reverse direction is easy.  For the
  forward direction, suppose $a^k\equiv1\pmod n$.  Now use division:
  \begin{equation*}
    k=\ord na\cdot s+r
  \end{equation*}
for some $s$ and $r$, where $0\leq r<\ord na$.  Then
\begin{equation*}
  1\equiv a^k\equiv a^{\ord na\cdot s+r}\equiv(a^{\ord na})^s\cdot
  a^r\equiv a^r\pmod n.
\end{equation*}
By minimality of $\ord na$ as an integer $k$ such that $a^k\equiv
1\pmod n$, we conclude $r=0$.  This means $\ord na\divides
k$.

To prove~\eqref{item:nas}, by~\eqref{item:ak1} we have, \emph{modulo} $n$,
\begin{equation*}
  (a^s)^k\equiv 1\Iff a^{sk}\equiv1\Iff \ord na\divides
  sk\Iff\frac{\ord na}{\gcd(s,\ord na)}\divides k,
\end{equation*}
but also
\begin{equation*}
  (a^s)^k\equiv 1\Iff \ord n{a^s}\divides k
\end{equation*}
Hence
\begin{equation*}
  \frac{\ord na}{\gcd(s,\ord na)}\divides k\Iff
\ord n{a^s}\divides k.
\end{equation*}
This is true for all $k$.  Since orders are
  positive, we conclude
\begin{equation*}
  \frac{\ord na}{\gcd(s,\ord na)}=
\ord n{a^s}.
\end{equation*}
Finally,~\eqref{item:akal} follows from~\eqref{item:ak1}, since
\begin{align*}
  a^k\equiv a^{\ell}\pmod n&\Iff a^{k-\ell}\equiv 1\pmod n\\
&\Iff\ord na\divides k-\ell\\
&\Iff k\equiv\ell\pmod{\ord na}.
\end{align*}
(We have used that $\gcd(a,n)=1$, so that $a^{-\ell}$ exists.)
\end{proof}

Hence, from
\begin{equation*}
  \begin{array}{|c*{9}{|r}|}\hline
    k&1&2&3&4&5&6&7&8&9\\\hline
2^k\pmod{19}&2&4&8&-3&-6&7&-5&9&-1\\\hline
2^{k+9}\pmod{19}&-2&-4&-8&3&6&-7&5&-9&1\\\hline
  \end{array}
\end{equation*}
we obtain
\begin{equation*}
  \begin{array}{|c*{9}{|r}|}\hline
a&1&2&3&4&5&6&7&8&9\\\hline
\ord{19}a&1&18&18&9&9&9&3&6&9\\\hline
\ord{19}{-a}&2&9&9&18&18&18&6&3&18\\\hline
  \end{array}
\end{equation*}
since
\begin{align*}
  \ord{19}{2^k}=18
&\Iff\gcd(k,18)=1\\
&\Iff k\equiv1,5,7,11,13,17\pmod{18}\\
&\Iff 2^k\equiv2,-6,-5,-4,3,-9\pmod{19};\\
\ord{19}{2^k}=9
&\Iff\gcd(k,18)=2\\
&\Iff k\equiv2,4,8,10,14,16\pmod{18}\\
&\Iff 2^k\equiv4,-3,9,-2,6,5\pmod{19},\\
\ord{19}{2^k}=6
&\Iff\gcd(k,18)=3\\
&\Iff k\equiv3,15\pmod{18}\\
&\Iff 2^k\equiv8,-7\pmod{19},\\
\ord{19}{2^k}=3
&\Iff\gcd(k,18)=6\\
&\Iff k\equiv6,12\pmod{18}\\
&\Iff 2^k\equiv7,-8\pmod{19},\\
\ord{19}{2^k}=2
&\Iff\gcd(k,18)=9\\
&\Iff k\equiv9\pmod{18}\\
&\Iff 2^k\equiv-1\pmod{19}.
\end{align*}
If $d\divides 19$, let $\psi(d)$ be the number of incongruent residues
\emph{modulo} $19$ that have order $d$.  Then we have
\begin{equation*}
  \begin{array}{|r|r|}\hline
d&\psi(d)\\\hline
18&6\\\hline
9&6\\\hline
6&2\\\hline
3&2\\\hline
2&1\\\hline
1&1\\\hline
  \end{array}
\end{equation*}
Note that $\psi(d)=\phi(d)$ here.

\asterism{}

We can understand what we are doing algebraically as follows.  The set
of congruence-classes \emph{modulo} $n$ is denoted by
\begin{equation*}
  \Z/(n)
\end{equation*}
or $\Z/n\Z$.  On this set, addition and multiplication are
well-defined: the set is a \defn{ring}.  The set of multiplicatively
invertible elements of the ring is denoted by
\begin{equation*}
  (\Z/(n))^{\times}.
\end{equation*}
This set is closed under multiplication and inversion: it is a
(multiplicative) \defn{group}.  Suppose $k\in(\Z/(n))^{\times}$.
(More precisely one might write the element as $k+(n)$ or $\bar k$.)
Then we have the function
\begin{equation*}
  x\mapsto k^x
\end{equation*}
from $\Z$ to $(\Z/(n))^{\times}$.  Since $k^{x+y}=k^x\cdot k^y$, this
function is a \defn{homomorphism}{} from the additive group $\Z$ to the
multiplicative group $(\Z/(n))^{\times}$.

We have shown that the function $x\mapsto 2^x$ is
surjective onto $(\Z/(19))^{\times}$, and its kernel is $(18)$.  Hence
(by the First Isomorphism Theorem for Groups), this function is an
\defn{isomorphism}{} from $\Z/(18)$ onto $(\Z/(19))^{\times}$:
\begin{align*}
  \Z/(18)&\cong(\Z/(19))^{\times},\\
(\{0,1,2,\dots,17\},+)&\cong(\{1,2,3,\dots,18\},{}\cdot{}).
\end{align*}

\asterism{}

If $\gcd(a,n)=1$, and $\ord na=\phi(n)$, then $a$ is called a
\defn{primitive root}{} of $n$.  So we have shown that $3$, but not
$2$, is a primitive root of $17$, and $2$ is a primitive root of
$19$.  There is no formula for determining primitive roots: we just
have to look for them.  But once we know that $2$ is a primitive root
of $19$, then we know that $2^5$, $2^7$, $2^{11}$, $2^{13}$, and $2^{17}$
are primitive roots---or rather, $-6$, $-5$, $-4$, $3$, and $-9$ are
primitive roots.

\begin{theorem*}
  Every prime number has a primitive root.
\end{theorem*}

\begin{proof}
If $d\divides p-1$, let $\psi(d)$ be the number of incongruent
residues \emph{modulo} $p$ that have order $d$.  We shall show
$\psi(p-1)\neq0$.  In fact, we shall show $\psi(d)=\phi(d)$.

Every number prime to $p$ has an order \emph{modulo} $p$, and this
order divides $\phi(p)$, which is $p-1$; so
\begin{equation*}
  \sum_{d\divides p-1}\psi(d)=p-1.
\end{equation*}
By Gauss's Theorem we have $\sum_{d\divides p-1}\phi(d)=p-1$;
therefore
\begin{equation}\label{eqn:sum_d|p-1}
  \sum_{d\divides p-1}\psi(d)=\sum_{d\divides p-1}\phi(d).
\end{equation}
Hence, to establish $\psi(d)=\phi(d)$, it is enough to show that
$\psi(d)\leq\phi(d)$ whenever $d\divides p-1$.  Indeed, if we show
this, but $\psi(e)<\phi(e)$ for some divisor $e$ of $p-1$, then
\begin{equation*}
  \sum_{d\divides p-1}\psi(d)
=\sum_{\substack{d\divides p-1\\d\neq e}}\psi(d)+\psi(e)
<\sum_{\substack{d\divides p-1\\d\neq e}}\phi(d)+\phi(e)
=  \sum_{d\divides p-1}\phi(d),
\end{equation*}
contradicting~\eqref{eqn:sum_d|p-1}.

If $\psi(d)=0$, then certainly $\psi(d)\leq\phi(d)$.  So suppose
$\psi(d)\neq0$.  Then $\ord pa=d$ for some $a$.  In particular, $a$
is a solution of the congruence
\begin{equation}\label{eqn:x^n-1}
  x^n-1\equiv0\pmod p.
\end{equation}
But then every power of $a$ is a solution, since $(a^k)^n=(a^n)^k$.
Moreover, if $0< k<\ell\leq n$, then 
\begin{equation*}
  a^k\not\equiv a^{\ell}\pmod p
\end{equation*}
by the earlier theorem.  Hence the numbers $a$, $a^2$, \dots, $a^n$
are incongruent solutions to the congruence~\eqref{eqn:x^n-1}.  Among these
solutions, those that have order $n$ \emph{modulo} $p$ are just
those powers $a^k$ such that $\gcd(k,n)=1$.  The number of such powers
is just $\phi(n)$.

Every number that has order $n$ \emph{modulo} $p$ is a solution
to~\eqref{eqn:x^n-1}.  So we have that $\psi(d)=\phi(d)$ (under the
assumption $\psi(d)>0$), \emph{provided} we can show that \emph{every}
solution to~\eqref{eqn:x^n-1} is on the list $a$, $a^2$, \dots,
$a^n$.  But this is a consequence of the following theorem.
\end{proof}

\section{November 22, 2007 (Thursday)}

\begin{theorem*}[Lagrange]
  Every congruence of the form
  \begin{equation*}
    x^n+a_1x^{n-1}+\dotsb+a_{n-1}x+a_n\equiv0\pmod p
  \end{equation*}
has $n$ solutions or fewer (\emph{modulo} $p$).
\end{theorem*}

\begin{proof}
  Use induction.  The claim is trivially true when $n=0$.  Suppose it
  is true when $n=k$.  Say the congruence
  \begin{equation}\label{eqn:x^(k+1)}
    x^{k+1}+a_1x^k+\dotsb+a_kx+a_{k+1}\equiv0\pmod p
  \end{equation}
has a solution $b$.  Then we can factorize the left member, and
rewrite the congruence as
\begin{equation*}
  (x-a)\cdot(x^k+c_1x^{k-1}+\dotsb+c_{k-1}x+c_k)\equiv0\pmod p.
\end{equation*}
Any solution to this that is different from $a$ is a solution of
\begin{equation*}
  x^k+c_1x^{k-1}+\dotsb+c_{k-1}x+c_k\equiv0\pmod p.
\end{equation*}
But by inductive hypothesis, there are at most $k$ such solutions.
Therefore~\eqref{eqn:x^(k+1)} has at most $k+1$ solutions.  This
completes the induction and the proof.
\end{proof}

How did we use that $p$ is prime?  We needed
to know that, if $f(x)$ and $g(x)$ are polynomials, and $f(a)\cdot
g(a)\equiv0\pmod p$, then either $f(a)\equiv0\pmod p$, or else
$g(a)\equiv0\pmod p$.  That is, if $mn\equiv0\pmod p$, then either
$m\equiv0\pmod p$ or $n\equiv0\pmod p$.  That is, if $p\divides mn$,
then $p\divides m$ or $p\divides n$.  This fails if $p$ is replaced by
a composite number.

From analysis, we have
\begin{equation*}
  \exp\colon\R\to\units\R.
\end{equation*}
Here, $\units{\R}=\R\setminus\{0\}$ (the multiplicatively invertible
real numbers), and $\exp(x+y)=\exp(x)\cdot\exp(y)$.  The range of
$\exp$ is $(0,\infty)$, which is closed under multiplication and
inversion.  So $\exp$ is an isomorphism from $(\R,+)$ onto
$((0,\infty),{}\cdot{})$.  We have been looking at a similar
isomorphism in discrete mathematics.

We have $\size{\Zmodu}=\phi(n)$.  A primitive root of $n$, if it
exists, is a generator of the multiplicative group $\Zmodu$.  In
particular:
\begin{enumerate}
  \item
$\Zmodu[2]=\{1\}$, so $1$ is a primitive root of $2$.
\item
$\Zmodu[3]=\{1,2\}$, and $2^2\equiv1\pmod3$, so $2$ is a primitive
  root of $3$.
\item
$\Zmodu[4]=\{1,3\}$, and $3^2\equiv1\pmod4$, so $3$ is a primitive
  root of $4$.
\item
$\Zmodu[5]=\{1,2,3,4\}$, and $2^2\equiv4$, $2^3\equiv3$, and
  $2^4\equiv1\pmod 5$, so $2$ is a primitive root of $5$.
\item
$\Zmodu[6]=\{1,5\}$, and $5^2\equiv1\pmod6$, so $5$ is a primitive
  root of $6$.
\item
$\Zmodu[7]=\{1,2,3,4,5,6\}$, and we have
  \begin{equation*}
    \begin{array}{|c*{6}{|r}|}\hline
k  &1&2&3&4&5&6\\\hline
2^k&2&4&1& & & \\\hline
3^k&3&2&6&4&5&1\\\hline      
    \end{array}
  \end{equation*}
so $3$ (but not $2$) is a primitive root of $7$.
\item
$\Zmodu[8]=\{1,3,5,7\}$, but $3^2\equiv1$, $5^2\equiv1$, and
  $7^2\equiv1\pmod 8$, so $8$ has no primitive root.
\end{enumerate}

We have shown that primes have
primitive roots, but the converse
fails: not every number with a primitive root is prime.  In fact, the
following numbers have primitive roots:
\begin{enumerate}
  \item
powers of odd primes;
\item
$2$ and $4$;
\item
doubles of powers of odd primes.
\end{enumerate}

%\section{November 27, 2007 (Tuesday)}

%[Exam day; I work problems only.]

\section{November 29, 2007 (Thursday)}

\emph{Modulo} $17$, we have 
\begin{equation*}
  \begin{array}{*{17}{|r}|}\hline
  k&0&1&2& 3& 4&5& 6& 7& 8& 9&10&11&12&13&14&15\\\hline
3^k&1&3&9&10&13&5&15&11&16&14& 8& 7& 4&12& 2& 6\\\hline
  \end{array}
\end{equation*}
Reordering, we have
\begin{equation*}
  \begin{array}{*{17}{|r}|}\hline
3^k&1& 2&3& 4&5& 6& 7& 8&9&10&11&12&13&14&15&16\\\hline
  k&0&14&1&12&5&15&11&10&2& 3& 7&13& 4& 9& 6& 8\\\hline  
  \end{array}
\end{equation*}
If $3^k=\ell$, then we can denote $k$ by $\log_3\ell$.  But we can
think of these numbers as congruence-classes:
\begin{equation*}
  3^k\equiv\ell\pmod{17}\Iff k\equiv\log_3\ell\pmod{16}.
\end{equation*}
The usual
properties hold:
\begin{equation*}
  \log_3(xy)\equiv\log_3x+\log_3y\pmod{16};
  \qquad\log_3{x^n}\equiv n\log_3x\pmod{16}.  
\end{equation*}
For example, 
\begin{equation*}
\log_3(11\cdot 14)\equiv\log_311+\log_314\equiv7+9\equiv16\equiv0\pmod{16},
\end{equation*}
and therefore $11\cdot17\equiv3^0\equiv1\pmod{17}$.

In general, the base of logarithms will be a primitive root.  If $b$
is a primitive root of $n$, and $\gcd(a,n)=1$, then there is some $s$
such that
\begin{equation*}
  b^s\equiv a\pmod n.
\end{equation*}
Then $s$ is unique \emph{modulo} $\phi(n)$.  Indeed, recall that
\begin{equation*}
  b^x\equiv b^y\pmod n\Iff x\equiv y\pmod{\phi(n)}.
\end{equation*}
The least non-negative such $s$ is defined to be $\log_ba$,
\emph{modulo} $n$.

Another application of logarithms, besides multiplication problems, is
congruences of the form
\begin{equation*}
  x^d\equiv a\pmod n.
\end{equation*}
This is equivalent to
\begin{gather*}
  \log_bx^d\equiv\log_ba\pmod{\phi(n)},\\
d\log_bx\equiv\log_ba\pmod{\phi(n)}.
\end{gather*}
If this is to have a solution, then we must have
\begin{equation*}
  \gcd(d,\phi(n))\divides \log_ba.
\end{equation*}
For example, let's work \emph{modulo} $7$:
\begin{equation*}
  \begin{array}{*{7}{|r}|}\hline
  k&0&1&2&3&4&5\\\hline
3^k&1&3&2&6&4&5\\\hline
  \end{array}
\quad
  \begin{array}{*{7}{|r}|}\hline
      \ell&1&2&3&4&5&6\\\hline
\log_3\ell&0&2&1&4&5&3\\\hline    
  \end{array}
\end{equation*}
Then we have, for example,
\begin{equation*}
  x^3\equiv2\pmod7
\Iff3\log_3x\equiv2\pmod6,
\end{equation*}
so there is no solution, since $\gcd(3,6)=3$, and $3\ndivides 2$.
But we also have
\begin{align*}
  x^3\equiv6\pmod7
&\Iff3\log_3x\equiv3\pmod6\\
&\Iff\log_3x\equiv1\pmod2\\
&\Iff\log_3x\equiv1,3,5\pmod6\\
&\Iff x\equiv 3^1,3^3,3^5\pmod7\\
&\Iff x\equiv3,6,5\pmod7.
\end{align*}
We expect no more than $3$ solutions, by the Lagrange's Theorem.  Is
there an alternative to using logarithms?  As $6\equiv3^3\pmod7$, we
have
\begin{equation*}
  x^3\equiv6\pmod7\Iff x^3\equiv3^3\pmod7;
\end{equation*}
but we cannot conclude from this $x\equiv3\pmod7$.

\section{December 4, 2007 (Tuesday)}

For congruences \emph{modulo} $11$, we can use the following table:
\begin{equation*}
  \begin{array}{*{11}{|r}|l|}\hline
           k& 1& 2& 3& 4& 5& 6& 7& 8& 9&10&\log_2\ell\pmod{10}\\\hline
2^k\pmod{11}& 2& 4&-3& 5&-1&-2&-4& 3&-5& 1&\ell\\\hline    
  \end{array}
\end{equation*}
We have then
\begin{align*}
  4x^{15}\equiv7\pmod{11}
&\Iff4x^5\equiv7\pmod{11}\\
&\Iff\log_2(4x^5)\equiv\log_27\pmod{10}\\
&\Iff\log_24+5\log_2x\equiv\log_27\pmod{10}\\
&\Iff2+5\log_2x\equiv7\pmod{10}\\
&\Iff5\log_2x\equiv5\pmod{10}\\
&\Iff\log_2x\equiv1\pmod{2}\\
&\Iff\log_2x\equiv1,3,5,7,9\pmod{10}\\
&\Iff x\equiv 2^1,2^3,2^5,2^7,2^9\pmod{11}\\
&\Iff x\equiv2,8,10,7,6\pmod{11}.
\end{align*}
Why are there five solutions?

\begin{theorem*}
  Suppose $n$ has a primitive root $r$, so that logarithms with base
  $r$ are defined.  (So $a\equiv r^b\pmod{n}$ if and only if
  $\log_ra\equiv b\pmod{\phi(n)}$, when $\gcd(a,n)=1$.)  Assume
  $\gcd(a,n)=1$.  Let $d=\gcd(k,\phi(n))$.  Then
  the following are equivalent:
  \begin{enumerate}
    \item\label{item:x^k}
The congruence $x^k\equiv a\pmod n$ is soluble.
\item\label{item:d}
The congruence has $d$ solutions.
\item\label{item:a^phi}
$a^{\phi(n)/d}\equiv1\pmod n$.
  \end{enumerate}
\end{theorem*}

\begin{proof}
  The following are equivalent:
  \begin{gather*}
    x^k\equiv a\pmod n\text{ is soluble};\\
k\log x\equiv a\pmod{\phi(n)}\text{ if soluble};\\
d\divides\log a;\\
\phi(n)\divides\frac{\phi(n)}d\cdot\log a;\\
\frac{\phi(n)}d\cdot\log a\equiv0\pmod{\phi(n)};\\
\log a^{\phi(n)/d}\equiv0\pmod{\phi(n)};\\
a^{\phi(n)/d}\equiv1\pmod n.
  \end{gather*}
Thus~\eqref{item:x^k}$\Iff$\eqref{item:a^phi}.
Trivially,~\eqref{item:d}$\implies$\eqref{item:x^k}.  Finally,
assume~\eqref{item:x^k}, so that $d\divides\log a$, as above.  Then
\begin{align*}
  x^k\equiv a\pmod n
&\Iff k\log x\equiv\log a\pmod{\phi(n)}\\
&\Iff\frac kd\cdot\log x\equiv\frac{\log a}d\pmod{\frac{\phi(n)}d}\\
&\Iff\log x\equiv\frac{\log a}k\pmod{\frac{\phi(n)}d}\\
&\Iff\begin{aligned}[t]
\log x&\equiv\frac{\log a}k+\frac{\phi(n)}d\cdot
  j\pmod{\phi(n)},\\
& \text{ where }j\in\{0,1,\dots,d-1\}
     \end{aligned}\\
&\Iff
  \begin{aligned}[t]
    x&\equiv r^{(\log a)/k}\cdot(r^{\phi(n)/d})^j\pmod n,\\
&\text{ where }j\in\{0,1,\dots,d-1\}.
  \end{aligned}
\end{align*}
These $d$ solutions are incongruent, as $\ord nr=\phi(n)$.
\end{proof}

\asterism{}

We know that all primes have primitive roots.  Now we show that the
numbers with primitive roots are precisely:
\begin{equation*}
  2,4,p^s,2\cdot p^s,
\end{equation*}
where $p$ is an odd prime, and $s\geq1$.  We shall first show that the
numbers \emph{not} on this list do \emph{not} have primitive roots:

\begin{lemma*}
  If $k>2$, then $2\divides\phi(k)$.
\end{lemma*}

\begin{proof}
  Suppose $k>2$.  Then either $k=2^s$, where $s>1$, or else
  $k=p^s\cdot m$ for some odd prime $p$, where $s>0$ and
  $\gcd(p,m)=1$.  In the first case, $\phi(k)=2^s-2^{s-1}=2^{s-1}$,
  which is even.  In the second case, $\phi(k)=\phi(p^s)\cdot\phi(m)$,
  which is even, since $\phi(p^s)=p^s-p^{s-1}$, the difference of two
  odd numbers.
\end{proof}

\begin{theorem*}
  If $m$ and $n$ are co-prime, both greater than $2$, then $mn$ has no
  primitive root.
\end{theorem*}

\begin{proof}
  Suppose $\gcd(a,mn)=1$.  (This is the only possibility for a
  primitive root.)  Then $a$ is prime to $m$ and $n$, so
  \begin{gather*}
    a^{\phi(m)}\equiv 1\pmod m;\qquad
    a^{\phi(n)}\equiv 1\pmod n;\\
a^{\lcm(\phi(m),\phi(n))}\equiv 1\pmod{m,n},\\
a^{\lcm(\phi(m),\phi(n))}\equiv 1\pmod{\lcm(m,n)},\\
a^{\lcm(\phi(m),\phi(n))}\equiv 1\pmod{mn}.
  \end{gather*}
By the lemma, $2$ divides both $\phi(m)$ and $\phi(n)$, so
\begin{equation*}
  \lcm(\phi(m),\phi(n))\divides\frac{\phi(m)\phi(n)}2,
\end{equation*}
that is, $\lcm(\phi(m),\phi(n))\divides\phi(mn)/2$.  Therefore
\begin{equation*}
  \ord{mn}a\leq\frac{\phi(mn)}2,
\end{equation*}
so $a$ is not a primitive root of $mn$.
\end{proof}

\begin{theorem*}
  If $k\geq0$, then $2^{3+k}$ has no primitive root.
\end{theorem*}

\begin{proof}
  Any primitive root of $2^{3+k}$ must be odd.  Let $a$ be odd.  We
  shall show by induction that
  \begin{equation*}
    a^{\phi(2^{3+k})/2}\equiv1\pmod{2^{3+k}}.
  \end{equation*}
This means, since $\phi(2^{3+k})=2^{3+k}-2^{2+k}=2^{2+k}$, that we
shall show
\begin{equation*}
  a^{2^{1+k}}\equiv1\pmod{2^{3+k}}.
\end{equation*}
The claim is true when $k=0$, since $a^2\equiv1\pmod8$ for all odd
numbers $a$.  Suppose the claim is true when $k=\ell$: that is,
\begin{equation*}
  a^{2^{1+\ell}}\equiv1\pmod{2^{3+\ell}}.
\end{equation*}
This means
\begin{equation*}
  a^{2^{1+\ell}}=1+2^{3+\ell}\cdot m
\end{equation*}
for some $m$.  Now square:
\begin{equation*}
  a^{2^{2+\ell}}
=(a^{2^{1+\ell}})^2
=(1+2^{3+\ell}\cdot m)^2=1+2^{4+\ell}\cdot m+2^{6+2\ell}\cdot m^2.
\end{equation*}
Hence $a^{2^{2+\ell}}\equiv1\pmod{2^{4+\ell}}$, that is,
\begin{equation*}
  a^{2^{1+(\ell+1)}}\equiv1\pmod{2^{3+(\ell+1)}};
\end{equation*}
so our claim is true when $k=\ell+1$.  This completes the induction
and the proof.
\end{proof}

Now for the positive results.  These will use the following.

\begin{lemma*}
  Let $r$ be a primitive root of $p$, and $k>0$.  Then
  \begin{equation*}
    \ord{p^k}r=(p-1)p^{\ell}
  \end{equation*}
for some $\ell$, where $0\leq\ell<k$.
\end{lemma*}

\begin{proof}
  Let $\ord{p^k}r=n$.  Then $n\divides\phi(p^k)$.  But
  $\phi(p^k)=p^k-p^{k-1}=(p-1)\cdot p^{k-1}$.  Thus,
  \begin{equation*}
    n\divides(p-1)\cdot p^{k-1}.
  \end{equation*}
Also, $r^n\equiv1\pmod{p^k}$, so $r^n\equiv1\pmod p$, which means
$\ord pr\divides n$.  But $r$ is a primitive root of $p$, so $\ord
pr=\phi(p)=p-1$.  Therefore
\begin{equation*}
  p-1\divides n.
\end{equation*}
The claim now follows.
\end{proof}

\begin{lemma*}
  $p^2$ has a primitive root.  In fact, if $r$ is a primitive root of
  $p$, then either $r$ or $r+p$ is a primitive root of $p^2$.
\end{lemma*}

\begin{proof}
  Let $r$ be a primitive root of $p$.  If $r$ is a primitive root of
  $p^2$, then we are done.  Suppose $r$ is not a primitive root of
  $p^2$.  Then $\ord{p^2}r=p-1$, by the last lemma.  Hence,
  \emph{modulo} $p^2$, we have
  \begin{align*}
    (r+p)^{p-1}
&\equiv r^{p-1}+(p-1)\cdot r^{p-2}\cdot p+\binom{p-1}2\cdot r^{p-3}\cdot
    p^2+\dotsb\\
&\equiv r^{p-1}+(p-1)\cdot r^{p-2}\cdot p\\
&\equiv 1+(p-1)\cdot r^{p-2}\cdot p\\
&\equiv 1-r^{p-2}\cdot p\\
&\not\equiv1,
  \end{align*}
since $p\ndivides r$.  (Note that this argument holds even if $p=2$.)
Hence $\ord{p^2}{r+p}\neq p-1$, so by the lemma, the order must be
$(p-1)\cdot p$, that is, $\phi(p^2)$.  This means $r$ is a primitive
root of $p^2$.
\end{proof}

\begin{theorem*}
  All odd prime powers (that is, all powers of odd primes) have
  primitive roots.  In fact, a primitive root of $p^2$ is a primitive
  root of every power $p^{2+k}$.
\end{theorem*}

\begin{proof}
Assume $p$ is an odd prime.
  We know $p$ and $p^2$ have primitive roots.  Let $r$ be a primitive
  root of $p^2$.  We prove by induction that $r$ is a primitive root
  of $p^{2+k}$.  The claim is trivially true when $k=0$.  Suppose it
  is true when $k=\ell$.  This means
  \begin{equation*}
    \ord{p^{2+\ell}}r=(p-1)\cdot p^{1+\ell}.
  \end{equation*}
In particular,
\begin{equation*}
  r^{(p-1)\cdot p^\ell}\not\equiv1\pmod{p^{2+\ell}}.
\end{equation*}
However, since $\phi(p^{1+\ell})=(p-1)\cdot p^\ell$, we have
\begin{equation*}
  r^{(p-1)\cdot p^\ell}\equiv 1\pmod{p^{1+\ell}}.
\end{equation*}
These two congruences imply that
\begin{equation*}
  r^{(p-1)\cdot p^\ell}=1+p^{1+\ell}\cdot m
\end{equation*}
for some $m$ that is indivisible by $p$.  Now raise both sides of this
equation to the power $p$:
\begin{align*}
r^{(p-1)\cdot p^{\ell+1}}
&=(r^{(p-1)\cdot p^\ell})^p\\
&=(1+p^{1+\ell}\cdot m)^p\\
&=1+p\cdot p^{1+\ell}\cdot m+\binom p2\cdot(p^{1+\ell}\cdot m)^2+ \binom
p3\cdot(p^{1+\ell}\cdot m)^3+\dotsb\\
&=1+p^{1+(\ell+1)}\cdot m+\binom p2\cdot p^{2+2\ell}\cdot m^2+ \binom
p3\cdot p^{3+3\ell}\cdot m^3+\dotsb.
\end{align*}
Since $p>2$, so that $p\divides\binom p2$, we have
\begin{align*}
  r^{(p-1)\cdot p^{\ell+1}}
&\equiv1+p^{1+(\ell+1)}\cdot m\pmod{p^{2+(\ell+1)}}\\
&\not\equiv 1\pmod{p^{2+(\ell+1)}}.
\end{align*}
Therefore we must have
\begin{equation*}
  \ord{p^{2+(\ell+1)}}r=(p-1)\cdot p^{1+(\ell+1)}=\phi(p^{2+(\ell+1)}),
\end{equation*}
which means $r$ is a primitive root of $p^{2+(\ell+1)}$.
\end{proof}

It remains to show that $2\cdot p^s$ also has a primitive root.

\section{December 6, 2007 (Thursday)}

If $\gcd(r,n)=1$, then the following are equivalent:
\begin{enumerate}
\item
  $r$ is a primitive root of $n$;
\item
$\ord nr=\phi(n)$;
\item
if $\gcd(a,n)=1$, then $a\equiv r^b\pmod n$ for some $b$.
\end{enumerate}
We have shown:
\begin{enumerate}
  \item
Every prime $p$ has a primitive root, $r$;
\item
either $r$ or $r+p$ is a primitive root of $p^2$;
\item
if $p$ is odd, then every primitive root of $p^2$ is a primitive root
of $p^{2+k}$.
\end{enumerate}
For example, $3$ has the primitive root $2$, since
$2\not\equiv1\pmod3$, but $2^2\equiv1\pmod3$.  Hence, either $2$ or
$5$ is a primitive root of $9$.  In fact, both are.  Using
$5\equiv-4\pmod9$, we have:
\begin{equation*}
  \begin{array}{|c*{3}{|r}|l|}\hline
    k&1&2&3&6=\phi(9)\\\hline
2^k\pmod9&2&4&-1&1\\\hline
(-4)^k\pmod9&-4&-2&-1&1\\\hline
  \end{array}
\end{equation*}
Therefore
$2$ and $-4$ 
must be primitive roots of $27$, and indeed
\begin{equation*}
  \begin{array}{|c*{9}{|r}|l|}\hline
    k&1&2&3&4&5&6&7&8&9&18=\phi(27)\\\hline
2^k\pmod{27}&2&4&8&-11&5&10&-7&13&-1&1\\\hline
(-4)^k\pmod{27}&-4&-11&-10&13&2&-8&5&7&-1&1\\\hline
  \end{array}
\end{equation*}
But does $18$ have a primitive root?  We have
\begin{equation*}
  \begin{array}{|c*{7}{|r}|}\hline
    k&1&2&3&4&5&6&7\\\hline
(-4)^k&-4&-2&8&4&2&-8&-4\\\hline
5^k&5&7&-1&-5&-7&1&5\\\hline
  \end{array}
\end{equation*}
The powers of $-4$ and $5$ cycle through six numbers in each case.
Corresponding powers differ by $9$:  Since $-4\equiv5\pmod9$, we have
$(-4)^k\equiv5^k\pmod9$. 
But
the powers of $-4$ are not prime to $18$, so $-4$ is not a primitive
root of $18$.  However, $5$ is.

\begin{theorem*}
  If $p$ is an odd prime, and $r$ is a primitive root of $p^s$, then
  either $r$ or $r+p^s$ is a primitive root of $2p^s$---whichever one
  is odd.
\end{theorem*}

\begin{proof}
Let $r$ be an odd primitive root of $p^s$, so that $\gcd(r,2p^s)=1$.
  Let $n=\ord{2p^s}r$.  We want to show $n=\phi(2p^s)$.  We
  have
  \begin{equation*}
    n\divides\phi(2p^s).
  \end{equation*}
Also $r^n\equiv1\pmod{2p^s}$, so $r^n\equiv1\pmod{p^s}$, and therefore
\begin{equation*}
  \ord{p^s}r\divides n.
\end{equation*}
But $\ord{p^s}r=\phi(p^s)=\phi(2p^s)$.  Hence
\begin{equation*}
  \phi(2p^s)\divides n.
\end{equation*}
So $n=\phi(2p^s)$.
\end{proof}

\asterism{}

Now we return to high-school-like problems.  For example, how can we
solve
\begin{equation*}
  x^2-4x-1\equiv0\pmod{11}?
\end{equation*}
\emph{Modulo} $11$, we have $x^2-4x-1\equiv
x^2-4x-12\equiv(x-6)(x+2)$, so
the solutions are $6$ and $-2$, or 
rather $6$ and $9$.  Alternatively, $x^2-4x-1\equiv
x^2+7x+10\equiv(x+5)(x+2)$, so $x$ is $-5$ or $-2$, that is, $6$ or
$9$ again.

To solve
\begin{equation*}
  3x^2-4x-6\equiv0\pmod{13},
\end{equation*}
we can search for a factorization as before; but we can also
\defn{complete the square}:
\begin{align*}
  3x^2-4x-6\equiv0
&\Iff x^2-\frac43x-2\equiv0\\
&\Iff x^2-\frac43x+\frac49\equiv2+\frac49\\
&\Iff\Bigl(x-\frac23\Bigr)^2\equiv\frac{22}9\equiv1\\
&\Iff x-\frac23\equiv\pm1\\
&\Iff x\equiv\frac23\pm1\\
&\Iff x\equiv\frac53\text{ or
  }\frac{-1}3\\
&\Iff x\equiv6\text{ or }4.
\end{align*}
Here we can divide by $3$ because it is invertible \emph{modulo} $13$;
indeed, $3\cdot9\equiv1\pmod{13}$, so
$1/3\equiv9\pmod{13}$.

If we take this approach with the first problem, we have, \emph{modulo} $11$,
\begin{align*}
    x^2-4x-1\equiv0
&\Iff x^2-4x+4\equiv5\\
&\Iff(x-2)^2\equiv5.
\end{align*}
If $5$ is a square \emph{modulo} $11$, then there is a solution; if
not, not.  But $5\equiv16\equiv4^2$, so we have
\begin{align*}
    x^2-4x-1\equiv0
&\Iff(x-2)^2\equiv4^2\\
&\Iff x-2\equiv\pm4\\
&\Iff x\equiv 2\pm 4\\
&\Iff x\equiv 6\text{ or }9,
\end{align*}
as before.  But the congruence
\begin{equation*}
  x^2\equiv5\pmod{13}
\end{equation*}
has no solution.  How do we know?  One way is by trial.  As $2$ is a
primitive root of~$13$, and $0$ is not a solution of the congruence,
every solution would be a power of $2$.  But we have, \emph{modulo} $13$,
\begin{equation*}
  \begin{array}{*{13}{|r}|}\hline
k&1&2&3&4&5&6&7&8&9&10&11&12\\\hline
2^k&2&4&-5&3&6&-1&-2&-4&5&-3&-6&1\\\hline
2^{2k}&4&3&-1&-4&-3&1&4&3&-1&-4&-3&1\\\hline
  \end{array}
\end{equation*}
and $5$ does not appear on the bottom row.

In general, if $p\ndivides a$, we say $a$ is a \defn{quadratic
  residue}{} of $p$ if the congruence
\begin{equation*}
  x^2\equiv a\pmod p
\end{equation*}
is soluble; otherwise, $a$ is a \defn{quadratic non-residue}{} of $p$.
So we have just seen that the quadratic residues of $13$ are $\pm1$,
$\pm 3$, and $\pm4$, or rather $1$, $3$, $4$, $9$, $10$, and $12$; the
quadratic non-residues are $2$, $5$, $6$, $7$, $8$, and $11$.  So
there are six residues, and six non-residues.

\begin{theorem*}[Euler's Criterion]
  Let $p$ be an odd prime, and $\gcd(a,p)=1$.  Then $a$ is a quadratic
  residue of $p$ if and only if
  \begin{equation*}
    a^{(p-1)/2}\equiv1\pmod p.
  \end{equation*}
\end{theorem*}

\begin{proof}
  Let $r$ be a primitive root of $p$.  If $x^2\equiv a\pmod p$ has a
  solution, then that solution is $r^k$ for some $k$.  Then
  \begin{equation*}
    a^{(p-1)/2}\equiv((r^k)^2)^{(p-1)/2}\equiv(r^k)^{p-1}\equiv1\pmod{p}
  \end{equation*}
by Euler's Theorem.

In any case, $a\equiv r^{\ell}\pmod p$ for some $\ell$.  Suppose
$a^{(p-1)/2}\equiv1\pmod p$.  Then
\begin{equation*}
  1\equiv(r^{\ell})^{(p-1)/2}\equiv r^{\ell\cdot(p-1)/2}\pmod p,
\end{equation*}
so $\ord pr\divides \ell\cdot(p-1)/2$, that is,
\begin{equation*}
  p-1\divides\ell\cdot\frac{p-1}2.
\end{equation*}
Therefore $\ell/2$ is an integer, that is, $\ell$ is even.  Say
$\ell=2m$.  Then $a\equiv r^{2m}\equiv(r^m)^2\pmod p$.
\end{proof}

\section{December 11, 2007 (Tuesday)}

Henceforth $p$ is an odd prime, and $\gcd(a,p)=1$.  We have defined
quadratic residues and non-residues of $p$, and we have established
Euler's Criterion: $a$ is a quadratic residue of $p$ if and only if
$a^{(p-1)/2}\equiv1\pmod p$.  What other congruence-class can
$a^{(p-1)/2}$ belong to, besides $1$?  Only $-1$, since
$a^{p-1}\equiv1\pmod p$, by Euler's Theorem.  So
$a^{(p-1)/2}\equiv-1\pmod p$ if and only if $a$ is a quadratic
non-residue of $p$.

Another way to prove this is the following:  Suppose $a$ is a
quadratic non-residue of $p$.  If $b\in\{1,\dots,p-1\}$, then the
congruence
\begin{equation*}
  bx\equiv a\pmod p
\end{equation*}
has a unique solution in $\{1,\dots,p-1\}$, and we may denote the
solution by $a/b$.  Then $b\neq a/b$, since $a$ is not a quadratic
residue of $p$.
Now we define a sequence $(b_1,\dots,b_{p-1})$
recursively.  If $b_k$ has
been chosen when $k<\ell<p-1$, then let 
$b_{\ell}$ be the least element of
$\{1,\dots,p-1\}\setminus\{b_1,a/b_1,\dots,b_{\ell-1},a/b_{\ell-1}\}$.
We now have
\begin{equation*}
  \{1,\dots,p-1\}= \Bigl\{b_1,\frac a{b_1},\dots,b_{p-1},\frac
  a{b_{p-1}}\Bigr\}.
\end{equation*}
Now multiply everything together:
\begin{equation*}
  (p-1)!\equiv a^{(p-1)/2}\pmod p.
\end{equation*}
But we know $(p-1)!\equiv-1\pmod p$ by Wilson's Theorem.  Thus
\begin{equation*}
  a^{(p-1)/2}\equiv-1\pmod p
\end{equation*}
when $a$ is a quadratic non-residue of $p$.

Now suppose $a$ is a quadratic residue of $p$.  We choose the $b_k$ as
before, except this time let $b_1$ be the least positive solution of
$x^2\equiv a\pmod p$, and replace $a/b_1$ with the next least positive
solution, which is $p-b_1$.  Multiplication now gives us
\begin{align*}
  (p-1)!
&\equiv b_1\cdot(p-b_1)\cdot b_2\cdot a/b_2\dotsm b_{(p-1)/2}\cdot
  a/b_{(p-1)/2}\\
&\equiv -a\cdot a^{(p-1)/2-1}\\
&\equiv-a^{(p-1)/2}\pmod p.
\end{align*}
By Wilson's Theorem again, we have
\begin{equation*}
  a^{(p-1)/2}\equiv 1\pmod p
\end{equation*}
when $a$ is a quadratic residue of $p$.

\asterism{}

Recall how division works in congruences (see
p.~\pageref{passage:division}:  We have
\begin{equation*}
  ax\equiv ay\pmod n\implies x\equiv y\pmod{\frac n{\gcd(a,n)}}.
\end{equation*}
Indeed, let $d=\gcd(a,n)$.  Then
\begin{align*}
  ax\equiv ay\pmod n
&\implies n\divides a(x-y)\\
&\implies\frac nd\divides\frac ad(x-y)\\
&\implies\frac nd\divides x-y\\
&\implies x\equiv y\pmod{\frac nd}.
\end{align*}

\asterism{}

Again, $p$ is an odd prime, and $p\ndivides a$.  We define the
\defn{Legendre symbol}, $(a/p)$, by
\begin{equation*}
  \ls ap=
  \begin{cases}
    1,&\text{ if $a$ is a quadratic residue of $p$};\\
-1,&\text{ if $a$ is a quadratic non-residue of $p$}.
  \end{cases}
\end{equation*}
Then by Euler's Criterion we have immediately
\begin{equation*}
  \ls ap\equiv a^{(p-1)/2}\pmod p.
\end{equation*}
We can now list the following properties of the Legendre symbol:
\begin{enumerate}
\item
  $a\equiv b\pmod p\implies(a/p)=(b/p)$;
\item
$(a^2/p)=1$;
\item
$(1/p)=1$;
\item\label{item:cases}
$(-1/p)=(-1)^{(p-1)/2}=
  \begin{cases}
    1,&\text{ if }p\equiv 1\pmod 4;\\
-1,&\text{ if }p\equiv3\pmod 4.
  \end{cases}$
\end{enumerate}
(We proved this equation, in effect, on
p.~\pageref{passage:wilson-app}.)
Finally, we have
\begin{enumerate}\setcounter{enumi}{4}
\item
  $\ls{ab}p=\ls ap\ls bp$,
\end{enumerate}
since $(ab/p)\equiv(ab)^{(p-1)/2}\equiv
a^{(p-1)/2}b^{(p-1)/2}\equiv(a/p)(b/p)\pmod p$, and equality of
$(ab/p)$ and $(a/p)(b/p)$ follows since each is $\pm1$ and $p>2$.
With these properties, we can calculate many Legendre
symbols.  For example, 
\begin{gather*}
  \ls{50}{19}=\ls{12}{19}=\ls2{19}^2\ls3{19}=\ls3{19},\\
3^{(19-1)/2}\equiv 3^9\equiv 3^8\cdot3\equiv
9^4\cdot 3\equiv 81^2\cdot 3\equiv5^2\cdot 3\equiv6\cdot3\equiv
18\equiv-1\pmod{19}, 
\end{gather*}
so $(50/19)=-1$, which means the congruence $x^2\equiv50\pmod{19}$ has
no solution.

\asterism{}

\begin{theorem*}
  There are infinitely many primes $p$ such that $p\equiv3\pmod
  4$.
\end{theorem*}

\begin{proof}
  Suppose $(q_1,q_2,\dots,q_n)$ is a list of primes.  We shall prove
  that there is a prime $p$, not on this list, such that
  $p\equiv3\pmod 4$.  Let
  \begin{equation*}
    s=4q_1\cdot q_2\dotsm q_n-1.
  \end{equation*}
Then $s\equiv3\pmod 4$.  Then $s$ must have a prime factor $p$ such
that $p\equiv 3\pmod 4$.  Indeed, if all prime factors of $s$ are
congruent to $1$, then so must $s$ be.  But $p$ is not any of the $q_k$.
\end{proof}

This argument fails when $3$ is replaced by $1$, since
$3^2\equiv1\pmod4$.  Nonetheless, we still have:

\begin{theorem*}
  There are infinitely many primes $p$ such that $p\equiv1\pmod
  4$.  
\end{theorem*}

\begin{proof}
  Suppose $(q_1,q_2,\dots,q_n)$ is a list of primes.  We shall prove
  that there is a prime $p$, not on this list, such that
  $p\equiv1\pmod 4$.  Let
  \begin{equation*}
    s=2q_1\cdot q_2\dotsm q_n.
  \end{equation*}
Then $s^2+1$ is odd, so it is divisible by some odd prime $p$.
Consequently, $s$ is a solution of the congruence $x^2\equiv-1\pmod
p$.  This means $(-1/p)=1$, so $p\equiv 1\pmod 4$,
by~\eqref{item:cases} above. 
\end{proof}

\asterism{}

\begin{theorem*}
  $\displaystyle\sum_{k=1}^{p-1}\ls kp=0$.
\end{theorem*}

\begin{proof}
  Let $r$ be a primitive root of $p$.  Then
  \begin{equation*}
    \sum_{k=1}^{p-1}\ls kp
=\sum_{k=1}^{p-1}\ls{r^k}p
=\sum_{k=1}^{p-1}\ls rp^k
=\sum_{k=1}^{p-1}(-1)^k=0,
  \end{equation*}
since $r^{(p-1)/2}\equiv-1\pmod p$, since $r$ is a primitive root.
\end{proof}

\asterism{}

\begin{lemma*}[Gauss]
  Let $p$ be an odd prime, and $\gcd(a,p)=1$.  Then
  \begin{equation*}
    \ls ap=(-1)^n,
  \end{equation*}
where $n$ is the number of elements of the set
\begin{equation*}
  \bigl\{a,2a,3a,\dots,\frac{p-1}2a\bigr\}
\end{equation*}
whose remainders after division by $p$ are greater than $p/2$.
\end{lemma*}

For example, to find $(3/19)$, we can look at
\begin{equation*}
  3,\; 6,\; 9,\; 12,\; 15,\; 18,\; 21,\; 24,\; 27,
\end{equation*}
whose remainders on division by $19$ are, respectively,
\begin{equation*}
  3,\; 6,\; 9,\; 12,\; 15,\; 18,\; 2,\; 5,\; 8.
\end{equation*}
Of those, $12$, $15$, and $18$ exceed $19/2$, and these are three; so
\begin{equation*}
  \ls3{19}=(-1)^3=-1.
\end{equation*}

\begin{proof}[Proof of Gauss's Lemma]
  If $1\leq k\leq p-1$, let $b_k$ be such that
  \begin{gather*}
    1\leq b_k\leq p-1,\\
ka\equiv b_k\pmod p.
  \end{gather*}
Then $\{1,2,\dots,p-1\}=\{b_1,b_2,\dots,b_{p-1}\}$, because the $b_k$
are distinct:
\begin{equation*}
  b_k=b_{\ell}\Iff ka\equiv\ell a\Iff k\equiv\ell.
\end{equation*}
In the set $\{b_1,b_2,\dots,b_{(p-1)/2}\}$, let $n$ be the number of
elements that are greater than $p/2$.  We want to show
\begin{equation*}
  (-1)^n=\ls ap.
\end{equation*}
There is some permutation $\sigma$ of $\{1,2,\dots,(p-1)/2\}$ such that
\begin{equation*}
  b_{\sigma(1)}>b_{\sigma(2)}>\dotsb>b_{\sigma(n)}>\frac
  p2>b_{\sigma(n+1)}>\dotsb >b_{\sigma((p-1)/2)}.
\end{equation*}
Observe now that
\begin{equation*}
  b_{p-k}=p-b_k;
\end{equation*}
indeed, both numbers are in $\{1,2,\dots,p-1\}$, and
\begin{equation*}
  b_{p-k}\equiv(p-k)a\equiv-ka\equiv-b_k\equiv p-b_k\pmod p.
\end{equation*}
In particular, if $1\leq k\leq(p-1)/2$, then
$p-b_k\notin\{b_1,b_2,\dots,b_{(p-1)/2}\}$.  Therefore
\begin{equation*}
\{p-b_{\sigma(1)},p-b_{\sigma(2)},\dotsc,p-b_{\sigma(n)},
b_{\sigma(n+1)},\dotsc
b_{\sigma((p-1)/2)}\}=\Bigl\{1,2,\dots,\frac{p-1}2\Bigr\}. 
\end{equation*}
Now take products:
\begin{align*}
  \frac{p-1}2!
&\equiv(p-b_{\sigma(1)})(p-b_{\sigma(2)})\dotsm(p-b_{\sigma(n)})
b_{\sigma(n+1)}\dotsm b_{\sigma((p-1)/2)}\\
&\equiv(-1)^n\cdot b_{\sigma(1)}\dotsm b_{\sigma((p-1)/2)}\\
&\equiv(-1)^n\cdot b_1\dotsm b_{(p-1)/2}\\
&\equiv(-1)^n\cdot a\cdot2a\cdot3a\dotsm\frac{p-1}2a\\
&\equiv(-1)^n\cdot\frac{p-1}2!\cdot a^{(p-1)/2}\pmod p.
\end{align*}
Therefore, since $p\ndivides((p-1)/2)!$, we have
\begin{equation*}
  1\equiv(-1)^n\cdot a^{(p-1)/2}\equiv(-1)^n\cdot(a/p)\pmod p.
\end{equation*}
As both $(-1)^n$ and $(a/p)$ are $\pm1$, the claim follows.
\end{proof}

We shall use Gauss's Lemma to prove the Law of Quadratic Reciprocity,
by which we shall be able to relate $(p/q)$ and $(q/p)$ when both $p$
and $q$ are odd primes.  Meanwhile, besides the direct application of
Gauss's Lemma to computing Legendre symbols, we have:

\begin{theorem*}
  If $p$ is an odd prime, then
  \begin{equation*}
    \ls2p=
    \begin{cases}
      1,&\text{ if }p\equiv\pm1\pmod 8;\\
-1,&\text{ if }p\equiv\pm3\pmod 8.
    \end{cases}
  \end{equation*}
\end{theorem*}

\begin{proof}
  To apply Gauss's Lemma, we look at the numbers
  \begin{equation*}
    2\cdot1,\;2\cdot2,\;\dotsc,\; 2\cdot\frac{p-1}2.
  \end{equation*}
Each is its own remainder on division by $p$.  Hence $(2/p)=(-1)^n$,
where $n$ is the number of integers $k$ such that
\begin{equation*}
  \frac p2<2k\leq p-1,
\end{equation*}
or rather $p/4<k\leq(p-1)/2$.  This means
\begin{equation*}
  n=\frac{p-1}2-\Bigl[\frac p4\Bigr],
\end{equation*}
where $x\mapsto[x]$ is the greatest-integer function.  Now consider
the possibilities:
\begin{enumerate}
  \item
$p=8k+1\implies n=4k-[2k+1/4]=2k$, even;
\item
$p=8k+3\implies n=4k+1-[2k+3/4]=2k+1$, odd;
\item
$p=8k+5\implies n=4k+2-[2k+5/4]=4k+1$, odd;
\item
$p=8k+7\implies n=4k+3-[2k+7/4]=4k+2$, even.
\end{enumerate}
In each case then, $(2/p)$ is as claimed.
\end{proof}

\section{December 13, 2007 (Thursday)}

As usual now, we assume $p$ is an odd prime, and $p\ndivides a$.  Then
the Legendre symbol
$(a/p)$ is in $\{1,-1\}$, and $(a/p)=1$ if and only if
$\Exists{x\in\Z:}x^2\equiv a\pmod p$.  Rules that we have established
include:
\begin{gather*}
a\equiv b\pmod p\implies\ls ap=\ls bp;\\
  \ls{a^2}p=1;\qquad \ls{ab}p=\ls ap\cdot\ls bp; \\
\ls{-1}p=(-1)^{(p-1)/2}=
\begin{cases}
  1,&\text{ if }p\equiv 1\pmod 4;\\
-1,&\text{ if }p\equiv3\pmod 4.
\end{cases}
\end{gather*}
From these, we obtain the following table:
\begin{equation*}
  \begin{array}{|c*{12}{|r}|}\hline
     a&1&2&3&4&5&6&7&8&9&10&11&12\\\hline
(a/13)&1& &1&1& & & & &1& 1&  & 1\\\hline
  \end{array}
\end{equation*}
Indeed, under the squares $1$, $4$, and $9$, we put $1$.  Also
$4^2=16\equiv3$, so $(3/13)=1$.  Finally, $(-1)^{(13-1)/2}=(-1)^6=1$,
so $(-1/13)=1$, hence $(13-a/13)=(-a/13)=(-1/13)\cdot(a/13)=(a/13)$;
  in particular, $(10/13)=1$ and $(12/13)=1$.  So
half of the slots have been filled with $1$; the other half must get
$-1$:  In general, if $r$ is a primitive root of $p$, then $(r/p)=-1$,
and so $(r^k/p)=-1$ if and only if $k$ is odd.  So now we have
\begin{equation*}
  \begin{array}{|c*{12}{|r}|}\hline
     a&1& 2&3&4& 5& 6& 7& 8&9&10&11&12\\\hline
(a/13)&1&-1&1&1&-1&-1&-1&-1&1& 1&1-& 1\\\hline
  \end{array}
\end{equation*}


We proved Gauss's Lemma, and used it to show
\begin{equation*}
    \ls2p=
    \begin{cases}
      1,&\text{ if }p\equiv\pm1\pmod 8;\\
-1,&\text{ if }p\equiv\pm3\pmod 8.
    \end{cases}  
\end{equation*}
As $13\equiv-3\pmod 8$, we have $(2/13)=-1$, as we saw.  We can also
use this result about $(2/p)$ to find some primitive roots:

\begin{theorem*}
  If $p$ and $2p+1$ are both odd primes, then $2p+1$ has the primitive
  root $(-1)^{(p-1)/2}\cdot2$, which is $2$ if $p\equiv1\pmod 4$, and
  is otherwise $-2$.
\end{theorem*}

Hence, for example, we have
\begin{equation*}%\mbox{}\hspace{-1cm}
\setlength{\arraycolsep}{2.5pt}
  \begin{array}{*{17}{|r}|}\hline
                     p& 3& 5&11&23&29&41& 53& 83& 89&113&131&173&179&191&233\\\hline
                  2p+1& 7&11&23&47&59&83&107&167&179&227&263&347&359&383&467\\\hline
\text{p.r.\ of $2p+1$}&-2& 2&-2&-2& 2& 2&  2& -2&  2&  2& -2&  2& -2& -2&  2\\\hline
  \end{array}
\end{equation*}

\begin{proof}[Proof of theorem]
  Denote $2p+1$ by $q$.  Then $\phi(q)=2p$, whose divisors are $1$,
  $2$, $p$, and $2p$.  Let $r=(-1)^{(p-1)/2}\cdot2$.  We want to show
  $\ord qr\notin\{1,2,p\}$.  But $p\geq3$, so $q\geq7$, and hence
  $r^1,r^2\not\equiv1\pmod q$.  Hence $\ord qr\notin\{1,2\}$.  It
  remains to show $\ord qr\neq p$.  But we know, from Euler's
  Criterion,
  \begin{equation*}
    r^p\equiv r^{(q-1)/2}\equiv\ls rq\pmod q.
  \end{equation*}
So it is enough to show $(r/q)=-1$.
We consider two cases.  If $p\equiv1\pmod4$, then $r=2$, but also
$q\equiv3\pmod 8$, so $(r/q)=(2/q)=-1$.  If $p\equiv3\pmod4$, then
$r=-2$, but also $q\equiv7\pmod8$, and
$(-1/q)=(-1)^{(q-1)/2}=(-1)^p=-1$, so $(r/q)=(-2/q)=(-1/q)(2/q)=-1$.
\end{proof}

We now aim to establish the Law of Quadratic Reciprocity:  If $p$ and
$q$ are distinct odd primes, then
\begin{equation*}
  \ls pq\cdot\ls qp=(-1)^n,\quad\text{ where }\quad
  n=\frac{p-1}2\cdot\frac{q-1}2. 
\end{equation*}
Equivalently,
\begin{equation*}
  \ls qp=
  \begin{cases}
    (p/q),&\text{ if }p\equiv1\text{ or }q\equiv 1\pmod 4;\\
   -(p/q),&\text{ if }q\equiv3\equiv p\pmod 4.
  \end{cases}
\end{equation*}
Then we shall be able to compute as follows:
\begin{align*}
  \ls{365}{941}
&=\ls{5}{941}\ls{73}{941}&&\text{[factorizing]}\\
&=\ls{941}5\ls{941}{73}&&[5,73\equiv1\pod 4]\\
&=\ls15\ls{65}{73}&&\text{[dividing]}\\
&=\ls5{73}\ls{13}{73}&&\text{[factorizing]}\\
&=\ls{73}5\ls{73}{13}&&[5,13\equiv1\pod 4]\\
&=\ls35\ls8{13}&&\text{[dividing]}\\
&=\ls53\ls2{13}^3&&\text{[$5\equiv1\pod 4$; factorizing]}\\
&=\ls23\ls2{13}&&[(p/q)^2=1]\\
&=(-1)(-1)=1&&[3\equiv3\pod8;\;13\equiv-3\pod 8].
\end{align*}

To prove the Law, we shall use the following consequence of Gauss's
Lemma:

\begin{lemma*}
  If $p$ is an odd prime, $p\ndivides a$, and $a$ is odd, then
  \begin{equation*}
    \ls ap=(-1)^n,\quad\text{ where }\quad
    n=\sum_{k=1}^{(p-1)/2}\left[\frac{ka}p\right]. 
  \end{equation*}
\end{lemma*}

\begin{proof}
  As in the proof of Gauss's Lemma, if $1\leq k\leq p-1$, we define
  $b_k$ by
  \begin{equation*}
    1\leq b_k\leq p-1\qquad\&\qquad ka\equiv b_k\pmod p.
  \end{equation*}
Then 
\begin{equation*}
  ka=p\cdot\left[\frac{ka}p\right]+b_k,
\end{equation*}
so
\begin{equation}\label{eqn:G}
  \sum_{k=1}^{(p-1)/2}ka=p\cdot\sum_{k=1}^{(p-1)/2}\left[\frac{ka}p\right]+ 
\sum_{k=1}^{(p-1)/2}b_k.
\end{equation}
For Gauss's Lemma, we introduced a permutation $\sigma$ of
$\{1,\dots,(p-1)/2\}$ such that, for some $n$,
\begin{equation*}
  b_{\sigma(1)}>\dotsb>b_{\sigma(n)}>\frac p2>b_{\sigma(n+1)}>\dotsb
  b_{\sigma((p-1)/2)},
\end{equation*}
and we showed $(a/p)=(-1)^n$ after first showing
\begin{equation*}
\Bigl\{1,2,\dots,\frac{p-1}2\Bigr\}=
\{p-b_{\sigma(1)},\dotsc,p-b_{\sigma(n)},
b_{\sigma(n+1)},\dotsc
b_{\sigma((p-1)/2)}\}. 
\end{equation*}
Now take sums:
\begin{equation*}
  \sum_{k=1}^{(p-1)/2}k=\sum_{k=1}^n(p-b_{\sigma(k)})+
  \sum_{\ell=n+1}^{(p-1)/2}b_{\sigma(\ell)}. 
\end{equation*}
Subtracting this from~\eqref{eqn:G} (and using that
$\sum_{k=1}^{(p-1)/2}b_{\sigma(k)}=
\sum_{k=1}^{(p-1)/2}b_k$)
gives
\begin{equation*}
(a-1)\cdot\sum_{k=1}^{(p-1)/2}k
=p\cdot\Bigl(\sum_{k=1}^n\left[\frac{ka}p\right]-n\Bigr)
+  2\cdot\sum_{k=1}^nb_{\sigma(k)}. 
\end{equation*}
Since $a-1$ is even, but $p$ is odd, we conclude
\begin{equation*}
  \sum_{k=1}^n\left[\frac{ka}p\right]\equiv n\pmod 2,
\end{equation*}
which yields the claim.
\end{proof}

\section{December 18, 2007 (Tuesday)}

A \defn{Germain prime}{} (named for Sophie Germain, 1776--1831) is an
odd prime $p$ such that $2p+1$ is also prime.  We showed that, if $p$
is a Germain prime, then $2p+1$ has the primitive root
$(-1)^{(p-1)/2}\cdot2$.  (However, it is not known whether there
infinitely many Germain primes.)  We used that
\begin{equation*}
    \ls2p=
    \begin{cases}
      1,&\text{ if }p\equiv\pm1\pmod 8;\\
-1,&\text{ if }p\equiv\pm3\pmod 8.
    \end{cases}  
\end{equation*}
Another consequence of this formula is:
\begin{theorem*}
  There are infinitely many primes congruent to $-1$ \emph{modulo} $8$.
\end{theorem*}

\begin{proof}
  Let $q_1$, \dots, $q_n$ be a finite list of primes.  We show that
  there is $p$ not on the list such that $p\equiv-1\pmod8$.  Let
  \begin{equation*}
    M=(4q_1\dotsm q_n)^2-2.
  \end{equation*}
Then $M\equiv-2\pmod{16}$, so $M$ is not a power of $2$; in
particular, $M$ has odd prime divisors.
Also, for every odd prime divisor $p$ of $M$, we have
\begin{equation*}
  (4q_1\dotsm q_n)^2\equiv2\pmod p,
\end{equation*}
so $(2/p)=1$, and therefore $p\equiv\pm1\pmod 8$.  Since
$M/2\equiv-1\pmod8$, we conclude that not every odd prime divisor of
$M$ can be congruent to $1$ \emph{modulo}~$8$.
\end{proof}

Finally, for the proof of Quadratic Reciprocity, we showed that, if
$p$ is an odd prime, $p\ndivides a$, and $a$ is odd, then
  \begin{equation*}
    \ls ap=(-1)^n,\quad\text{ where }\quad
    n=\sum_{k=1}^{(p-1)/2}\left[\frac{ka}p\right]. 
  \end{equation*}
Now we can establish:

\begin{theorem*}[Law of Quadratic Reciprocity]
  If $p$ and $q$ are distinct odd primes, then
\begin{equation*}
\ls pq\ls qp=(-1)^n,\quad\text{ where }\quad
n=\frac{p-1}2\cdot\frac{q-1}2. 
\end{equation*}
\end{theorem*}

This Law was:
\begin{itemize}
\item
  conjectured by Euler, 1783;
\item
  imperfectly proved by Legendre, 1785, 1798;
\item
discovered and proved independently by Gauss, 1795, at age 18.
\end{itemize}

\begin{proof}[Proof of Quadratic Reciprocity
    \textnormal{(due to Gauss's student Eisenstein)}]
  By the lemma just mentioned,
  \begin{equation*}
    \ls pq\ls qp=(-1)^n,\quad\text{ where }\quad
    n=\sum_{k=1}^{(q-1)/2}\left[\frac{kp}q\right]+
\sum_{\ell=1}^{(p-1)/2}\left[\frac{\ell q}p\right].
  \end{equation*}
So it is enough to show
\begin{equation*}
\frac{p-1}2\cdot\frac{q-1}2=
  \sum_{k=1}^{(q-1)/2}\left[\frac{kp}q\right]+
\sum_{\ell=1}^{(p-1)/2}\left[\frac{\ell q}p\right].
\end{equation*}
First consider the example where $p=5$ and $q=7$.  Then
\begin{gather*}
  \frac{p-1}2\cdot\frac{q-1}2=2\cdot3=6;\\
\begin{split}
  \sum_{k=1}^{(q-1)/2}\left[\frac{kp}q\right]+
\sum_{\ell=1}^{(p-1)/2}\left[\frac{\ell q}p\right]
&=
\left[\frac{5}7\right]+
\left[\frac{10}7\right]+
\left[\frac{15}7\right]+
\left[\frac{7}5\right]+
\left[\frac{14}5\right]\\
&=
0+1+2+1+2=6.
\end{split}
\end{gather*}
Here $6$ is the number of certain points in a lattice:
\begin{center}
  \begin{pspicture}(-1,-6)(8,1)
    \multips(0,0)(1,0){8}{\psdots[dotsize=1pt
    1](0,0)(0,-1)(0,-2)(0,-3)(0,-4)(0,-5)} 
\psline(0,0)(7,-5)
\uput[ul](0,0){$(0,0)$}
\uput[ur](7,0){$(0,7)$}
\uput[dl](0,-5){$(5,0)$}
\uput[dr](7,-5){$(5,7)$}
    \multips(1,-1)(1,0){3}{\psdots[dotsize=3pt
    1](0,0)(0,-1)} 
\uput[u](1,0){$\left[\displaystyle\frac57\right]$}
\uput[u](2,0){$\left[\displaystyle\frac{10}7\right]$}
\uput[u](3,0){$\left[\displaystyle\frac{15}7\right]$}
\uput[l](0,-1){$\left[\displaystyle\frac75\right]$}
\uput[l](0,-2){$\left[\displaystyle\frac{14}5\right]$}
  \end{pspicture}
\end{center}
In general, $((p-1)/2)\cdot((q-1)/2)$ is the number of ordered pairs
$(\ell,k)$ of integers such that
\begin{equation*}
  1\leq\ell\leq\frac{p-1}2,\quad\land\quad1\leq k\leq\frac{q-1}2.
\end{equation*}
Then $\ell/k\neq p/q$, since $p$ and $q$ are co-prime.  Hence the set
of these pairs $(\ell,k)$ is a disjoint union $A\cup B$, where
\begin{align*}
  (\ell,k)\in A&\Iff \frac{\ell}k<\frac pq;\\
(\ell,k)\in B&\Iff\frac{\ell}k>\frac pq\Iff\frac k{\ell}<\frac qp.
\end{align*}
Hence
\begin{gather*}
  A=\Bigl\{(\ell,k)\in\Z\times\Z\colon 1\leq k\leq\frac{q-1}2\land
  1\leq\ell\leq\left[\frac{kp}q\right]\Bigr\},\\
  B=\Bigl\{(\ell,k)\in\Z\times\Z\colon 1\leq\ell\leq\frac{p-1}2\land
  1\leq k\leq\left[\frac{\ell q}p\right]\Bigr\},
\end{gather*}
so
\begin{equation*}
\frac{p-1}2\cdot\frac{q-1}2=\size{A\cup B}=\size A+\size B=
  \sum_{k=1}^{(q-1)/2}\left[\frac{kp}q\right]+
\sum_{\ell=1}^{(p-1)/2}\left[\frac{\ell q}p\right],  
\end{equation*}
which is what we wanted to show.
\end{proof}
Again, the more useful form of the theorem is
\begin{equation*}
  \ls qp=
  \begin{cases}
    (p/q),&\text{ if }p\equiv1\text{ or }q\equiv 1\pmod 4;\\
   -(p/q),&\text{ if }q\equiv3\equiv p\pmod 4.
  \end{cases}
\end{equation*}
Hence, for example,
\begin{equation*}
  \ls{47}{199}
=-\ls{199}{47}
=-\ls{11}{47}
=\ls{47}{11}
=\ls3{11}
=-\ls{11}3
=-\ls23=-(-1)=1.
\end{equation*}
We have used here the formula for $(2/p)$.  What about $(3/p)$?  We
can compute:
\begin{equation*}
  \ls 3p=\left\{
  \begin{aligned}
    \ls p3,&\text{ if }p\equiv1\pmod 4\\
-\ls p3,&\text{ if }p\equiv 3\pmod 4
  \end{aligned}\right\},\quad
\ls p3=
\begin{cases}
  1,&\text{ if }p\equiv1\pmod 3\\
-1,&\text{ if }p\equiv2\pmod 3.
\end{cases}
\end{equation*}
By the Chinese Remainder Theorem, we have
\begin{align*}
  \left\{
  \begin{aligned}
    p&\equiv1\pod 4\\
    p&\equiv1\pod 3
  \end{aligned}
\right\}&\Iff p\equiv1\pod{12},&
  \left\{
  \begin{aligned}
    p&\equiv1\pod 4\\
    p&\equiv2\pod 3
  \end{aligned}
\right\}&\Iff p\equiv5\pod{12},\\
  \left\{
  \begin{aligned}
    p&\equiv3\pod 4\\
    p&\equiv1\pod 3
  \end{aligned}
\right\}&\Iff p\equiv7\pod{12},&
  \left\{
  \begin{aligned}
    p&\equiv3\pod 4\\
    p&\equiv2\pod 3
  \end{aligned}
\right\}&\Iff p\equiv11\pod{12}.
\end{align*}
Therefore
\begin{equation*}
  \ls 3p=
  \begin{cases}
    1,&\text{ if }p\equiv\pm1\pmod p,\\
-1,&\text{ if }p\equiv\pm5\pmod p.
  \end{cases}
\end{equation*}

\asterism{}

Assuming $\gcd(a,n)=1$, we know when the congruence $x^2\equiv a\pmod
n$ has solutions, provided $n$ is an odd prime; but what about the
other cases?  When $n=2$, then the congruence always has the solution
$1$. 
If $\gcd(m,n)=1$, and $\gcd(a,mn)=1$, then the congruence $x^2\equiv
a\pmod{mn}$ is soluble if and only if the system
\begin{equation*}
\left\{
  \begin{aligned}
    x^2&\equiv a\pmod m,\\
x^2&\equiv a\pmod n
  \end{aligned}
\right.
\end{equation*}
is soluble.  By the Chinese Remainder Theorem, the system is soluble
if and only if the individual congruences are separately soluble.
Indeed, suppose $b^2\equiv a\pmod m$, and $c^2\equiv a\pmod n$.  By
the Chinese Remainder Theorem, there is some $d$ such that $d\equiv
b\pmod m$ and $d\equiv c\pmod n$.  Then $d^2\equiv b^2\equiv a\pmod
m$, and $d^2\equiv c^2\equiv a\pmod n$, so $d^2\equiv a\pmod{mn}$. 

For example, suppose we want to solve
\begin{equation*}
  x^2\equiv365\pmod{667}.
\end{equation*}
Factorize $667$ as $23\cdot29$.  Then we first want to solve
\begin{equation*}
  x^2\equiv365\pmod{23}\quad\land\quad x^2\equiv365\pmod{29}.
\end{equation*}
But we have $(365/23)=(20/23)=(5/23)=(23/5)=(3/5)=-1$ by the formula
for $(3/p)$, so the first of the two congruences is insoluble, and
therefore the original congruence is insoluble.  It doesn't matter
whether the second of the two congruences is insoluble.

Contrast with the following: $(2/11)=-1$, and
$(7/11)=-(11/7)=-(4/7)=-1$; so the congruences
\begin{equation*}
  x^2\equiv2\pmod{11},\qquad x^2\equiv7\pmod{11}
\end{equation*}
are insoluble; but $x^2\equiv14\pmod{11}$ is soluble.

Now consider
\begin{equation*}
  x^2\equiv361\pmod{667}.
\end{equation*}
One may notice that this has the solutions $x\equiv\pm19$; but there
are others, and we can find them as follows.  We first solve
\begin{equation*}
  x^2\equiv16\pmod{23},\qquad x^2\equiv13\pmod{29}.
\end{equation*}
The first of these is solved by $x\equiv\pm4\pmod{23}$ (and nothing
else, since $23$ is prime.  For the second, note
$13\equiv42,71,100\pmod{29}$, so $x\equiv\pm10\pmod{29}$.  So the
solutions of the original congruence are the solutions of one of the
following systems:
\begin{align*}
&  \left\{
  \begin{aligned}
    x&\equiv 4 \pmod{23},\\
    x&\equiv 10\pmod{29}
  \end{aligned}
\right\},
&&
 \left\{
  \begin{aligned}
    x&\equiv 4\pmod{23},\\
    x&\equiv -10\pmod{29}
  \end{aligned}
\right\},\\
&  \left\{
  \begin{aligned}
    x&\equiv -4\pmod{23},\\
    x&\equiv 10\pmod{29}
  \end{aligned}
\right\},
&&
 \left\{
  \begin{aligned}
    x&\equiv -4\pmod{23},\\
    x&\equiv -10\pmod{29}
  \end{aligned}
\right\}.
\end{align*}
One finds
 $x\equiv19,648,280,387\pmod{667}$.

So now $x^2\equiv a\pmod n$ is soluble if and only if the congruences
\begin{equation*}
  x^2\equiv a\pmod{p^{k(p)}}
\end{equation*}
are soluble, where $n=\prod_{p\divides n}p^{k(p)}$.  Assuming $p$ is
  odd, and $(a/p)=1$, we can
  show by induction that $x^2\equiv a\pmod{p^k}$ is soluble for all
  positive $k$.  Indeed, suppose $b^2\equiv a\pmod{p^{\ell}}$, where
  $\ell\geq1$.  This 
  means
  \begin{equation*}
    b^2=a+c\cdot p^{\ell}
  \end{equation*}
for some $c$.  Then
\begin{align*}
  (b+p^{\ell}\cdot y)^2
&=b^2+2bp^{\ell}\cdot y+p^{2\ell}\cdot y^2\\
&=a+(c+2by)p^{\ell}+p^{2\ell}\cdot y^2
\end{align*}
Therefore
  $(b+p^{\ell}\cdot y)^2\equiv a\pmod{p^{\ell+1}}
\Iff c+2by\equiv0\pmod p$.  But the latter congruence is soluble,
  since $p$ is odd.

\section{December 25, 2007 (Tuesday)}

Assuming $\gcd(a,n)=1$, we have shown that $x^2\equiv a\pmod n$ is
soluble if and only if $x^2\equiv a\pmod{p^{k(p)}}$ is soluble
whenever $p\divides n$, where $n=\prod_{p\divides n}p^{k(p)}$.  We
also have that, if $p$ is an odd prime, and $p\ndivides a$, then the
following are equivalent: 
\begin{enumerate}
  \item
$(a/p)=1$;
\item
$x^2\equiv a\pmod p$ is soluble;
\item
$x^2\equiv a\pmod{p^k}$ is soluble for some positive $k$;
\item
$x^2\equiv a\pmod{p^k}$ is soluble for all positive $k$.
\end{enumerate}
We must finally consider powers of $2$.  

\begin{theorem*}
  Suppose $a$ is odd.  Then:
  \begin{enumerate}
    \item
$x^2\equiv a\pmod 2$ is soluble;
\item
$x^2\equiv a\pmod 4$ is soluble if and only if $a\equiv 1\pmod 4$;
\item
the following are equivalent:
  \begin{enumerate}
    \item\label{item:8}
$x^2\equiv a\pmod 8$ is soluble;
\item\label{item:some}
$x^2\equiv a\pmod{2^{2+k}}$ is soluble for some positive $k$;
\item\label{item:all}
$x^2\equiv a\pmod{2^{2+k}}$ is soluble for all positive $k$;
\item\label{item:a18}
$a\equiv 1\pmod 8$.
  \end{enumerate}
  \end{enumerate}
\end{theorem*}

\begin{proof}
  The first two parts are easy.  So,
  are~\eqref{item:8}$\Leftrightarrow$\eqref{item:a18}
  and~\eqref{item:all}$\Rightarrow$\eqref{item:some}$\Rightarrow$\eqref{item:8}.
  We shall show~\eqref{item:8}$\Rightarrow$\eqref{item:all} by
  induction.  Suppose $b^2\equiv a\pmod{2^{2+\ell}}$ for some positive
  $\ell$.  Then $b^2=a+2^{2+\ell}\cdot c$ for some $c$.  Hence
  \begin{align*}
    (b+2^{1+\ell}\cdot y)^2
&=b^2+2^{2+\ell}\cdot by+2^{2+2\ell}\cdot y^2\\
&=a+2^{2+\ell}\cdot c+2^{2+\ell}\cdot by+2^{2+2\ell}\cdot y^2\\
&=a+2^{2+\ell}\cdot(c+by)+2^{2+2\ell}\cdot y^2,
  \end{align*}
and this is congruent to $a$ \emph{modulo} $p^{3+\ell}$ if and only if
$c+by\equiv 0\pmod 2$.  But this congruence is soluble, since $b$ is
odd (since $a$ is odd).
\end{proof}

\asterism{}

A \emph{Diophantine equation}{} is an equation for which the solutions
sought are integers.  We have considered such equations, as for
example $ax+by=c$.  Now we shall show that, if $n$ is a natural
number, then the Diophantine equation
\begin{equation*}
  x^2+y^2+z^2+w^2=n
\end{equation*}
is soluble.

If $p$ is an odd prime, we know that the congruence $x^2\equiv-1\pmod
p$ is soluble if and only if $(-1/p)=1$, that is, $(-1)^{(p-1)/2}=1$,
that is, $p\equiv 1\pmod 4$.

\begin{lemma*}
  For every prime $p$, the congruence
  \begin{equation*}
    x^2+y^2\equiv-1\pmod p
  \end{equation*}
is soluble.
\end{lemma*}

\begin{proof}
  The claim is easy when $p=2$.  So assume now $p$ is odd.  We define
  two sets:
  \begin{gather*}
    A=\Bigl\{x^2\colon0\leq x\leq\frac{p-1}2\Bigr\},\\
    B=\Bigl\{-y^2-1\colon0\leq x\leq\frac{p-1}2\Bigr\}.
  \end{gather*}
We shall show that $A$ and $B$ have elements representing the same
congruence-class \emph{modulo} $p$; that is, $A$ contains some $a$,
and $B$ contains some $b$, such that $a\equiv b\pmod p$.  To prove
this, note first that distinct elements of $A$ are incongruent, and
likewise of $B$.  Indeed, if $a_0$ and $a_1$ are between $0$ and
$(p-1)/2$ inclusive, and $a_0{}^2\equiv a_1{}^2\pmod p$, then
$a_0\equiv\pm a_1\pmod p$.  If $a_0\equiv-a_1$, then $a_0=p-a_1$,
which is absurd.  Hence $a_0\equiv a_1\pmod p$, so $a_0=a_1$.  

Hence the elements of $A$ represent $(p-1)/2+1$ distinct
congruence-classes \emph{modulo} $p$, and so do the elements of $B$.
Since $2((p-1)/2+1)=p+1$, and there are only $p$ distinct
congruence-classes \emph{modulo} $p$, there must be a class
represented both in $A$ and in $B$, by the Pigeonhole Principle.
\end{proof}

Another way to express the lemma is that, for all primes $p$, there
are $a$, $b$, and $m$ such that
\begin{equation*}
  a^2+b^2+1=mp.
\end{equation*}
Hence there are $a$, $b$, $c$, $d$, and $m$ such that
\begin{equation*}
  a^2+b^2+c^2+d^2=mp.
\end{equation*}
We shall show that we can require $m=1$.  We can combine this with the
following:

\begin{theorem*}[Euler]
  The product of two sums of four squares is the sum of four squares.
\end{theorem*}

\begin{proof}
  One can confirm that
  \begin{equation*}
    (a^2+b^2+c^2+d^2)(q^2+r^2+s^2+t^2)=
    \begin{aligned}[t]
      (aq&+br+cs+dt)^2+{}\\
(ar&-bq+ct-ds)^2+{}\\
(as&-bt-cq+dr)^2+{}\\
(at&+bs-cr-dq)^2
    \end{aligned}
  \end{equation*}
by expanding each side.
\end{proof}

\begin{theorem*}[Lagrange]
  Every positive integer is the sum of four squares.
\end{theorem*}

\begin{proof}
  By the lemma Euler's theorem, it is now enough to show the
  following.  Let $p$ be a prime.  Suppose $m$ is a positive integer
  such that 
  \begin{equation}\label{eqn:abcd}
    a^2+b^2+c^2+d^2=mp
  \end{equation}
for some $a$, $b$, $c$, and $d$.  We shall show that the same is true
for some smaller positive $m$, unless $m$ is already $1$.  

First we show that, if $m$ is even, then we can replace it with
$m/2$.  Indeed, if $a^2+b^2=n$, then
\begin{equation*}
  \Bigl(\frac{a+b}2\Bigr)^2+
  \Bigl(\frac{a-b}2\Bigr)^2=\frac n2,
\end{equation*}
and if $n$ is even, then so are $(a\pm b)/2$.  In~\eqref{eqn:abcd} then,
if $m$ is even, then we may assume that $a^2+b^2$ and $c^2+d^2$ are
both even, so
\begin{equation*}
  \Bigl(\frac{a+b}2\Bigr)^2+
  \Bigl(\frac{a-b}2\Bigr)^2+
  \Bigl(\frac{c+d}2\Bigr)^2+
  \Bigl(\frac{c-d}2\Bigr)^2=\frac m2\cdot p.
\end{equation*}
Henceforth we may assume $m$ is odd.  Then there are $q$, $r$, $s$ and
$t$ \emph{strictly} between $-m/2$ and $m/2$ such that
\begin{equation*}
  q\equiv a,\quad r\equiv b,\quad s\equiv c,\quad t\equiv d\pmod m.
\end{equation*}
Then
\begin{equation*}
  q^2+r^2+s^2+t^2\equiv0\pmod m,
\end{equation*}
but also
$q^2+r^2+s^2+t^2<m^2$, so
\begin{equation*}
  q^2+r^2+s^2+t^2=km
\end{equation*}
for some positive $k$ less than $m$.  We now have
\begin{equation*}
(a^2+b^2+c^2+d^2)(q^2+r^2+s^2+t^2)=km^2p.
\end{equation*}
By Euler's theorem, we know the left-hand side as a sum of four
squares.  Moreover, each of the squared numbers in that sum is
divisible by $m$.  Therefore we obtain $kp$ as a sum of four squares.
\end{proof}

\chapter{Exercises}\label{ch:exercises}

\input{exercises.tex}

\chapter{Examinations}\label{ch:exams}

\input{exams.tex}

\backmatter

\bibliographystyle{plain}
\bibliography{../../../../TeX/references}

\printindex

%\layout



\end{document}