NUMBER THEORY AND CRYPTOGRAPHY

Gopikrishnan C R
Integrated BS MS Student
IMS 10026
Yr. IV, Batch 2010
Indian Institute of Science Education and Research Thiruvananthapuram
September 17, 2013
Contents
1 Three Major Theorems 3
1.1 Multiplicative group modulo an integer . . . . . . . . . . . . . . . . . . . . . . 3
1.1.1 Defenition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.2 Eulers Totient Function . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.3 Special cases of U(Z
n
) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Fermats Little Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Eulers Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4 Wilsons Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Division 5
2.1 Division Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Greatest Common Devisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Diophantine Equations 7
3.1 Linear Diophantine Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4 Modular Arithmetic 9
4.1 Prime Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.2 Linear Congruence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3 Quadratic Congruence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5 Chinese Remainder Theorem 13
5.1 Analytical Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.2 Ring Theoretic Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6 Polynomials 16
6.1 Lagranges Polynomial Congruence Theorem . . . . . . . . . . . . . . . . . . . . 16
6.2 Division Algorithm for Polynomial Rings . . . . . . . . . . . . . . . . . . . . . . 17
7 Some Important Theorems 19
7.1 Fundamental Theorem of Finitely Generated Abelian Groups . . . . . . . . . . . 19
7.2 Primary Decomposition Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 19
7.2.1 Primitive Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8 Cyclic groups 21
8.1 Existence of Primitive Root Modulo a Prime . . . . . . . . . . . . . . . . . . . . 21
8.2 Existence of Primtive Root Modulo Odd Prime Power . . . . . . . . . . . . . . . 22
9 Quadratic Reciprocity 25
9.1 Quadratic Residue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.2 Legendre Symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.3 Eulers Criterion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1
CONTENTS 2
9.4 Gauss Sum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.4.1 Roots of Unity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.4.2 Gauss Sum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Bibliography 31
Chapter 1
Three Major Theorems
1.1 Multiplicative group modulo an integer
1.1.1 Defenition
For an integer n Z, multiplicative group modulo an integer n is dened as
U(Z
n
) = {x Z
n
| (x, n) = 1} (1.1)
where (a, b) denotes the greatest common devisor of a and b.
1.1.2 Eulers Totient Function
Eulers totient function is dened as,
(n) =| {x | (n, x) = 1} | (1.2)
It is trivial to conclude from (1) and (2) that, cardinality of U(Z
n
) = (n).
1.1.3 Special cases of U(Z
n
)
If p is a prime number, then | U(Z
p
) | is p1, since all numbers less than p are relatively prime
to it. For an odd prime p, | U(Z
p
l ) | is p
l1
(p 1). Beacuse the numbers less that p
l
having
a common factor with p are p, 2p, 3p . . . (p
l1
)p. Expect these p
l1
numbers, all other numbers
less than p
l
are realtively prime to p
l
. There fore (p
l
) = p
l
p
l1
= p
l1
(p 1).
1.2 Fermats Little Theorem
Theorem 1.2.1. For p a prime number and a an integer, a
p
a (mod p).
Proof. Consider the unit group (multiplicative group modulo p) U(Z
p
). Since the order of this
group is (p) = p 1, for any integer a, [a]
p1
= [1] [a]
p
= [a]. But this is equivalent to
saying that, a
p
a (mod p).
3
CHAPTER 1. THREE MAJOR THEOREMS 4
1.3 Eulers Theorem
Theorem 1.3.1. For any two integers r and a with (a, r) = 1, a
(r)
1 (mod r).
Proof. Consider the unit group U(Z
r
). Since the order of this group is (r), for any integer
with (a, r) = 1, [a]
(r)
= [1]. But this is equivalent to saying that a
(r)
1 (mod r).
Note : Eulers theorem is a generalisation of Fermats Little theorem.
1.4 Wilsons Theorem
Theorem 1.4.1. For any prime number p, (p 1)! 1 (mod p).
Proof. Consider the unit group U(Z
p
), the product of all elemets in this group, 1 2
(p 1) = (p 1)! . Since U(Z
p
) is an abelian group, all the elements except which are inverses
of itself will get cancelled from this product. Note that, only two elements with this property
in U(Z
p
) are 1 and p 1. There fore (p 1)! = 1 (p 1) [(p 1)!] = [p 1] = [1]. But
this is same as saying (p 1)! 1 mod p.
Chapter 2
Division
2.1 Division Algorithm
Theorem 2.1.1. For any two integers a and b with 0 < a < b, there exists unique integers q
and r such that b = aq + r, where 0 r < a.
Proof. Consider the arithmetic progression . . . , b 3a, b 2a, b a, b, b + a, b + 2a, b + 3a . . . .
Let r is the smallest non negative number in this sequence. Then r = b qa, for some q Z.
By denition 0 r < a. For this choice of q and r we have b = qa + r, with 0 r < a.
So we established the existence of a pair of such integers q and r. If possible suppose there
exists distinct pair of integers q
1
and r
1
such that, b = aq
1
+ r
1
. Then aq
1
+ r
1
= aq + r.
Suppose r < r
1
, then 0 < r
1
r < a. Since (r
1
r) = a(q q
1
) a|(r
1
r). But it is not
possible since 0 < r
1
r < a. The same contradiction arises also when r > r
1
. There fore
r
1
= r a(q q
1
) = 0 q
1
= q. There fore uniqueness is proved.
2.2 Greatest Common Devisor
Greatest common devisor of two integers a and b is an integer d > 0, such that d|a, d|b and for
all d

, with d

|a, d

|b d

|d. Greatest common devisor of two integers a and b is denoted by

(a, b).
Theorem 2.2.1. Euclids Algorithm: Given any two positive two positive integers a and b,
with a > b, by the repeated application of division algorithm we can have a series of equations,
a = q
1
b + r
1
0 < r
1
< b
b = r
1
q
2
+ r
2
0 < r
2
< r
1
r
1
= r
2
q
3
+ r
3
0 < r
3
< r
2
.
.
.
r
j2
= r
j1
q
j
+ r
j
0 < r
j
< r
j1
r
j1
= r
j
q
j+1
5
CHAPTER 2. DIVISION 6
The process stops when the division is exact, and the last non zero remainder is the g.c.d of a
and b. Moreover there exists x and y two integers such that ax + by = d
Proof. By division of algorithm we can obtain this series of equations. In division algorithm
we have 0 r
j
< r
j1
, while here the inequality is strict, because if r
j
= 0, then the division
will become exact, and the process stops. Now we shall show that r
j
is the greatest common
devisor.But it is straight forward since, (a, b) = (aq
1
b, b) = (r
1
, b) = (r
1
, b r
1
q
2
) = (r
1
, r
2
) =
(r
1
r
2
q
3
, r
2
) = (r
3
, r
2
), and continuing inductively, the chain simply boils down to (a, b) =
(r
j1
, r
j
) = (r
j
, 0) = r
j
.
Note that r
1
is a linear combination of b and c. r
2
is linear combination of b and r
1
, and
therefore of a and b. Proceeding inductively we will obtain r
j
is a linear combination of r
j2
and r
j1
, which are in turn the linear combination of a and b, which proves the theorem.
Theorem 2.2.2. Consider the ideal (a,b). If (a,b) = (d), principal ideal generated by d, then
greatest common devisor of a and b is d.
Proof. We have a (d) and b (d). Therefore a = r
1
d and b = r
2
d, for r
1
, r
2
Z d|a, d|b.
Now suppose r|a, r|b. d (a, b) d = ax+by, where x, y Z. But r|a, r|b r|ax+by r|d,
which was the precise condition for d = (a, b).
Lemma 2.2.3. Euclid: If a|bc and (a, b) = 1, then a|c.
Proof. (a, b) = 1 ax + by = 1 for some x, y Z. Multiplying the expression by c, we will
get, acx + bcy = c. Now a|ac, and a|bc (given) a|acx + bcy a|c.
Chapter 3
Diophantine Equations
3.1 Linear Diophantine Equations
A linear Diophantine equations is an equation of the form ax +by = c, where the variables are
integers. Given a, b and c, we want to know for what all integer values of x and y the equality
is satised. For example consider 10x + 2y = 17. It is apparent that this equation has no
solutions, since RHS is odd and LHS is even. This may not be the case always. Some times it
will be quiet untrivial to guess the existence of solutions. More over we want to know which
all integers can be the solutions, therefore we present the following thorem.
Theorem 3.1.1. The linear Diophantine equation ax + by = c has a solution i (a, b) = d|c.
More over if x
0
, y
0
is a particular solution then all solutions are of the form
x = x
0
+ (
b
d
)t
y = y
0
(
a
d
)t
where t Z.
Proof. Suppose x
0
, y
0
is a solution of equation ax+by = c. Then ax
0
+by
0
= c. But d|a, d|b
d|ax
0
+ by
0
d|c.
Conversly assume the d|c c = kd, k Z, now since (a, b) = d, there exists x

, y

such that
ax

+ by

= d a(kx

) + b(ky

) = kd = c. Then x
0
= kx

, y
0
= ky

is a solution.
Let x, y is a general solution. ax + by = c = ax
0
+ by
0
a(x x
0
) = b(y
0
y). Since
d = (a, b) there exists r, s Z such that a = dr, b = ds.
a(x x
0
) = b(y
0
y)
dr(x x
0
) = ds(y
0
y)
r(x x
0
) = s(y
0
y)
But observe that (ka, kb) = |k|(a, b). From this (a, b) = (dr, ds) = d(r, s) (since d 0)
7
CHAPTER 3. DIOPHANTINE EQUATIONS 8
(r, s) = 1. We have s|r(x x
0
), but (s, r) = 1 s|(x x
0
).
st = x x
0
t Z
x = x
0
+ st
x = x
0
+ (
b
d
)t
str = r(x x
0
) = s(y
0
y)
tr = y
0
y
y = y
0
rt
y = y
0
(
a
d
)t
which nishes the proof.
Chapter 4
Modular Arithmetic
4.1 Prime Numbers
We begin this section by giving a strong theorem without proof but proving a special case of
it.
Theorem 4.1.1. Dirichlet: There are innitely many primes of the form ax + b, where (a,b)
= 1.
Lemma 4.1.2. If p
1
and p
2
are primes of the form 4k + 1, so is p
1
p
2
.
Proof. Let p
1
= 4k
1
+ 1 and p
2
= 4k
2
+ 1.
p
1
p
2
= (4k
1
+ 1)(4k
2
+ 1)
= 4(4k
1
k
2
+ k
1
+ k
2
) + 1
= 4k
3
+ 1,
where k
3
= 4k
1
k
2
+ k
1
+ k
2
Theorem 4.1.3. There are inntely many primes of the form 4x + 3.
Proof. Suppose there are only nitely many primes of the form 4x + 3. Let p
1
, p
2
, . . . p
n
is an
enumeration of them. Dene
p
N
= 4p
1
p
2
. . . p
n
1;
We can write this is the form
p
N
= 4(p
1
p
2
. . . p
n
1) + 3
By fundamental theorem of arithmetic each integer has a prime factorisation. Let p
N
=
r
1
r
2
. . . r
k
. Since p
N
is odd, so is r
1
r
2
. . . r
k
. Therefore each r
i
has to be odd. If all r
i
is
an odd number of the form 4x+1 then so is p
N
by lemma 4.2. Therefore at least one of the r
i
s
must be of the form 4x + 3, say r
q
= 4x + 3 for some q between 1 and k. Now r
q
|p
N
, meaning
r
q
devides 4(p
1
p
2
. . . p
n
1) + 3 r
q
|4(p
1
p
2
. . . p
n
1). Since r
q
is odd, r
q
|p
1
p
2
. . . p
n
1, r
q
is of the form 4x + 3, therfore it belongs to {p
1
, p
2
, . . . p
n
}. Therefore r
q
|p
1
p
2
. . . p
n
. Then r
q
9
CHAPTER 4. MODULAR ARITHMETIC 10
must devide 1, which is not possible. Therefore the enumeration of primes was wrong and there
exists innintely many primes of the form 4x + 3.
Theorem 4.1.4. There are innitely many primes.
Proof. Suppose {p
1
, p
2
, . . . p
n
} is an enumeration of primes. Then consider,
p
N
= p
1
p
2
. . . p
n
+ 1
p
N
> p
i
for each i from 1 to n. Observe that no number less p
N
devides it, therefore p
N
is
a prime, but not present in the former enumeration. Therefore there exists inntiely many
primes.
4.2 Linear Congruence
Theorem 4.2.1. Let ca cd mod n and (c, n) = d. Then a b mod (
n
d
)
Proof.
ca cb mod n
n|(ca cb)
n|c(a b)

n
d
|
c
d
(a b)
The last step is beacuse (c, n) = d. But this means
n
d
|(a b), since (
n
d
,
c
d
) = 1. Therefore
a b mod
n
d
Theorem 4.2.2. The linear congruence ax b mod n has a solution if and only if (a, n) = d
and d|b. If d|b then the congruence has exactly d mutually incongruent solutions.
Proof. Given congruence can be written as,
ny = b ax
ny + ax = b
But from theroem 3.1 of chapter 3, this linear Diophantine equation has a solution i (a, n) =
d|b. One of the solution of x is of the form x
0
+(
n
d
)t where t Z. Consider the set of solutions
{x
0
, x
0
+
n
d
, x
0
+
2n
d
, x
0
+
3n
d
. . . , x
0
+
(d1)n
d
}. If possible suppose,
x
0
+
t
1
n
d
x
0
+
t
2
n
d
mod n
CHAPTER 4. MODULAR ARITHMETIC 11
, where 0 t
1
< t
2
< n. Therefore,
t
1
n
d

t
2
n
d
mod n
t
1
t
2
mod n
n|t
1
t
2
n < t
1
t
2
But n > |t
1
t
2
|, which makes a contradiction. There for all the solutions listed above are
incongruent, so there exists d incongruent solutions.
Let x = x
0
+(
n
d
)t is a solution mod n with t > d, we shall prove that is one among solutions
we previously listed. By division algorithm there exists integers q and r such that t = qd + r,
0 r d 1. Therefore ,
x = x
0
+ (
n
d
)(qd + r)
= x
0
+ nq +
nr
d
x
0
+
nr
d
mod n
which was exactly what we wanted. Therefore there exists precisely d solutions.
Theorem 4.2.3. Base b representation theorem: Let b 2, an integer. Then we can represent
any integer a > 0, in the form,
a = r
0
+ r
1
b + r
2
b
2
+ . . . r
n
b
n
Proof. Proof is by induction.
If a = 1, then a = 1.b
0
. Therefore the base case holds. Assume that the theorem holds
for any integer strictly less than a. We shall prove the theorem also hold for a. By division
algorithm there exists integers q, r such that a = bq + r where 0 r b. q is less than a,
therefore q has a base b representation, let q = r
0
+ r
1
b + r
2
b
2
+ . . . r
n
b
n
. Therefore,
a = b(r
0
+ r
1
b + r
2
b
2
+ + r
n
b
n
) + r
= br
0
+ r
1
b
2
+ r
2
b
3
+ + r
n
b
n+1
+ r
= r

0
+ r

1
b + r

2
b
2
+ + r

n+1
b
n+1
where r

0
= r, r

j
= r
j1
, and each r

< b by defenition. Therefore a has a base b representation,

which proves the theorem.
4.3 Quadratic Congruence
Theorem 4.3.1. For a prime number p, the quadratic congruence x
2
1 mod p has a solu-
tion i p = 2 or p 1 mod 4
Proof. Wilsons theorem states that (p 1)! 1 mod p, for a prime number p. Therefore
if p = 2, we have 1 1 mod 2. Therefore if p = 2, x = 1 is a solution to the quadratic
congruence.
CHAPTER 4. MODULAR ARITHMETIC 12
Let p > 2, and is a prime of the form 4k + 1, k Z, again by Wilsons theorem (p 1)!
1 mod p. Observe that (p 1)! = 1 2 . . .
p1
2

p+1
2
(p 1), which can be written
as,
(p 1)! =
p1
2

j=1
j(p j) (4.1)

p1
2

j=1
j(p j) 1 mod p (4.2)
But j(p j) = pj j
2
. Therefore if j(p j) 1 mod p j
2
1 mod p. Therefore (4)
reduces to,
p1
2

j=1
j
2
1 mod p (4.3)
(1)
p1
2
p1
2

j=1
j
2
1 mod p (4.4)
Since p 1 mod 4,
p1
2
is even and the rst factor in the last product is 1, reducing (6)
to

p1
2
j=1
j
2
1 mod p (

p1
2
j=1
j)
2
1 mod p. Therefore x = (
p1
2
)! is a solution the
quadratic congruence.
Conversly assume that x
2
1 mod p has a solution, for p > 2, a prime number. Raising
the congruence to the power
p1
2
we have x
p1
1
p1
2
mod p. But by Fermats little theorem
x
p1
1 mod p. For both of the last expressions to be consistent 1
p1
2
= 1
p1
2
= 2k, k
Z p 1 = 4k p 1 mod 4. Other case p = 2 is trivial.
Chapter 5
Chinese Remainder Theorem
This is one of the classic theorems in Analytical number theory, having a large number of
applications. There are two versions of this theorem. First we will present an analytical version
which deals about solving simultaneous congruences and later we will have a more general ring
theoretic version.
5.1 Analytical Version
Theorem 5.1.1. Let m
1
, m
2
, . . . m
r
are distinct coprime integers, and a
1
, a
2
, . . . a
r
are arbitrary
integers. Then the simultaneous congruences,
x a
1
mod m
1
x a
2
mod m
2
x a
3
mod m
3
.
.
.
x a
r
mod m
r
has a solution. Moreover if x
0
is a particular solution all solutions are of the form x = x
0
+km,
where m = m
1
m
2
m
3
. . . m
r
and k Z.
Proof. Writing m = m
1
m
2
m
3
. . . m
r
, and note that (m/m
j
, m
j
) = 1. Then there exists y
j
and
b
j
such that m
j
y
j
+
m
m
j
b
j
= 1. Therefore
m
m
j
b
j
1 mod m
j
. If i = j then
m
m
j
0 mod m
i
. Take,
x
0
=
r

i=1
(m/m
j
)b
j
a
j
(5.1)
Then x
0
(m/m
i
)b
i
a
i
a
i
mod m
i
. Therefore x
0
a
i
mod m
i
for all i, making x
0
as a
solution to the system of congruences.
Now suppose x is a solution to the system, then x a
i
mod m
i
, and x
0
a
i
mod m
i

x
0
x 0 mod m
i
(by subtraction property of congruences). Therefore x
0
x mod m
i
for all
i. Since m
1
, m
2
. . . m
r
are coprime integers, x
0
x mod m. Therefore x = x
0
+ km, k Z.
13
CHAPTER 5. CHINESE REMAINDER THEOREM 14
Example
Find an integer x such that x 5 mod 7, x 7 mod 11 and x 3 mod 13.
Solution Following from the theorem, m
1
= 7, m
2
= 11, m
3
= 13 all coprime to each other,
and a
1
= 5, a
2
= 7, a
3
= 3. Then m = m
1
m
2
m
3
= 1001. Let us write k
1
= m/m
1
= 143, k
2
=
m/m
2
= 91, k
3
= m/m
3
= 77. Using Euclids algorithm for g.c.d we can nd b
1
, b
2
, b
3
and turns
out to be b
1
= 2, b
2
= 4, b
3
= 1. Then x
0
= k
1
a
1
b
1
+ k
2
a
2
b
2
+ k
3
a
3
b
3
= 887.
5.2 Ring Theoretic Version
Theorem 5.2.1. Let R is a commutative ring with unity, and I
1
, I
2
, ...I
n
are coprime ideals
of R, meaning I
i
+ I
j
= R whenever i = j. Dene as a natural homomorphism, : R
R/I
1
R/I
2
R/I
n
such that (r) = (r + I
1
, r + I
2
, . . . , r + I
n
). Then,
1.

n
j=1
I
j
=

n
j=1
I
j
2. is a surjective homomorphism i I
j
s are coprime.
3. is injective i

n
j=1
I
j
= {0}.
Proof. 1. Proof is by induction. First we will check base case for n = 2. Let x I
1
I
2
, then
there exists a I
1
, b I
2
such that x = ab. By the multiplicative closureness of ideals
ab I
1
and ab I
2
, therefore ab I
1
I
2
I
1
I
2
I
1
I
2
. For the reverse containment,
I
1
I
2
= R(I
1
I
2
)
= (I
1
+ I
2
)(I
1
I
2
)
= I
1
(I
1
I
2
) + I
2
(I
1
I
2
)
I
1
I
2
+ I
1
I
2
= I
1
I
2
Therefore I
1
I
2
= I
1
I
2
. So base case is proved.
Let J =

n1
j=1
I
j
. We claim that J + I
n
= R. Assume that this does not hold, then
there exists a proper maximal ideal such that J + I
n
P R. A maximal ideal is
a prime ideal. Therefore P is a prime ideal. By the property of prime ideals since
J + I
n
= I
1
I
2
. . . I
n1
+ I
n
P, we have I
n
P and I
t
P, t = n. I
n
+ I
t
= R,
since I
n
s are coprime. Collecting all the arguments we will get R = I
n
+ I
t
P R,
which is a contradiction to our assumption. Therefore J + I
n
= R. Now apply the
base case to I
1
= J, I
2
= I
n
to obatin JI
n
= J I
n
. But by induction hypothesis
J =

n1
j=1
I
j
=

n1
j=1
I
j
. Therefore
n

j=1
I
j
=
n1

j=1
I
j
I
n
= JI
n
= J I
n
=
n1

j=1
I
n
=
n

j=1
I
j
(5.2)
CHAPTER 5. CHINESE REMAINDER THEOREM 15
which proves part 1.
2. Assume that is surjective. Clearly I
1
+ I
t
R, t = 1. We have (1 + I
1
, I
2
, . . . I
n
)
R/I
1
R/I
2
. . . R/I
n
. By the surjectivity of there exists y R such that (y) =
(y + I
1
, y + I
2
, . . . y + I
n
) = (1 + I
1
, I
2
, . . . I
n
). But this implies 1 y I
1
, y I
t
, t = 1.
But then 1 y + y = 1 I
1
+ I
t
. Since I
1
and I
t
are ideals we have R I
1
+ I
t
, t = 1
R = I
1
+ I
t
, t = 1. This way taking (I
1
, I
2
, . . . , 1 + I
j
, . . . I
n
) R/I
1
R/I
2
. . . R/I
n
we
will get I
i
+ I
j
= R, j = i.
Conversly assume that I
j
s are coprime to each other. Let (a
1
+I
1
, a
2
+I
2
, . . . , a
n
+I
n
)
R/I
1
R/I
2
R/I
n
. Dene e
i
= (I
1
, I
2
, . . . , 1 + I
i
, . . . I
n
). Then (a
1
+ I
1
, a
2
+
I
2
. . . a
n
+ I
n
) = (a
1
)e
1
+ (a
2
)e
2
+ + (a
n
)e
n
. We claim that e
i
Im(). Suppose
the claim is true then there exists y
i
R such that e
i
= (y
i
). Then we will get
(a
1
+I
1
, a
2
+I
2
. . . a
n
+I
n
) = (a
1
)e
1
+(a
2
)e
2
+ +(a
n
)e
n
=

n
i=1
(a
i
)(y
i
). Since
is a ring homomorphism we have (a
1
+ I
1
, a
2
+ I
2
. . . a
n
+ I
n
) = (

n
i=1
a
i
y
i
). Thus we
will get is surjective.
So it suces to prove the claim. We shall prove the claim for e
1
and the rest follow in a
similar way. By the assumption we have I
1
+ I
2
. . . I
n
= R. 1 R 1 I
1
+ I
2
. . . I
n
.
Therefore there exists x I
1
and y I
2
. . . I
n
such that x+y = 1. But this gives y = 1x.
Consider (y) = (y + I
1
, y + I
2
, . . . y + I
n
) = (1 x + I
1
, y + I
2
, . . . , y + I
n
). x I
1
and
y I
2
I
3
. . . I
n
gives (y) = (1 + I
1
, I
2
, . . . , I
n
) = e
1
. Therefore the claim is threw.
3. is injective i Ker() = 0. Consider,
Ker() = {r R|(r) = (I
1
, I
2
, . . . , I
n
)}
= {r R|(r + I
1
, r + I
2
, . . . , r + I
n
) = (I
1
, I
2
, . . . , I
n
)}
= {r R|r I
,
. . . , r , I
n
}
= {r R|r
n

j=1
I
j
}
=
n

j=1
I
j
Therefore is injective i

n
j=1
I
j
= 0
Chapter 6
Polynomials
6.1 Lagranges Polynomial Congruence Theorem
Theorem 6.1.1. If f(x) is a polynomial of degree n with integer coecients and p is a prime,
then the congruence f(x) 0 mod p has at the most n incongrunet solutions mod p.
Proof. Proof is by induction. If no solutions exists, then the proof is trivial.
Suppose that r is a solution.Then we have
f(r) 0 mod p (6.1)
where f(x) = a
0
+ a
1
x + a
2
x
2
+ + a
n
x
n
.Then we have
f(x) f(r) (a
n
x
n
+ + a
0
) (a
n
r
n
+ + a
0
) mod p
a
n
(x
n
r
n
) + a
n1
(x
n1
r
n1
) + + a
1
(x r) mod p
Each of the factors in the last congruence can be factorised into (x r) and some other
polynomials to obtain,
f(x) f(r) (x r)g(x) mod p (6.2)
where deg(g(x)) = n 1.
Being x is a root of the polynomial f(x) we have f(x) f(r) 0 mod p. Using the additive
property of congruences we can write, (x r)g(x) 0 mod p. But this precisely means either
(x r) 0 mod p or g(x) 0 mod p since p is a prime. Since degree of g(x) is n 1 is can
have at the most n1 incongruent roots modulo p by induction hypothesis. (xr) 0 mod p
has one and only one root. Therefore the polynomial f(x) can have at the most n incongruent
solutions modulo p.
Example
In Lagranges polynomial congruence theorem primeness of p is an important condtion.
Consider the polynomial x
2
1 in the ring
Z
15Z
[X]. Then one can gure out that 1,14,4 and
16
CHAPTER 6. POLYNOMIALS 17
11 are incongruent roots of the equation (for example 14
2
1 = 196 1 = 195 = 15 13
14
2
1 0 mod 15). In the proof for concluding (x r)g(x) 0 mod p (x r) 0 mod p
or g(x) 0 mod p we need that the ring
Z
pZ
[X] is an integral domain. But
Z
15Z
[X] is not an
integral domain.
6.2 Division Algorithm for Polynomial Rings
Theorem 6.2.1. Let R be a commutative ring and g R[X], with leading coeents invertible
in R. To each f R[X], there exists a unique pair of polynomials q, r R[X] such that
f = qg + r (6.3)
where deg(r) < deg(g) ()
Proof. Proof is by induction on the degree of f = n. Let deg(g) = m. Suppose m > n
f = 0 g + f, and holds. Therefore we can assume that m n. Let the leading coeent
of f be f
n
and that of g be g
m
. Consider the polynomial f

= f (f
n
g
1
m
x
nm
)g. Degree of
g is m. There fore degree of (f
n
g
1
m
x
nm
)g is n m + m = n. Therefore leading coecient of
(f
n
g
1
m
x
nm
)g is the coecient of x
n
= f
n
g
1
m
g
m
= f
n
. Therefore the term of x
n
in f cancels
with that in (f
n
g
1
m
x
nm
)g, making f

, a degree n 1 polynomial.
Now by induction hypothesis, there exists polynomials q

, r

R[X] with f

= q

g + r

f (f
n
g
1
m
x
nm
)g = q

g +r

f = (f
n
g
1
m
x
nm
+q

)g +r

. Also deg(r) < deg(g). This proves

the exsitence of such a pair.
Uniqueness: Suppose these exists two such pairs q

, r

and q, r. Then,
qg + r = q

g + r

r r

= g(q

q)
g|r

r
But this is already a contradiction, since deg(g) > deg(r r

), makes (r r

) not divisible by
g.
Now we will present some quick consequences of these theorems.
Theorem 6.2.2. Remainder theorem: Let R be a commutative ring. If a polynomial f R[X]
is devided by a monic linear polynomial g(x) = x c, then the remainder is f(c).
Proof. By Division algortihm, f(x) = q(x)(x c) + r(x), where deg(r) < deg(x c), meaing c
is a constant. Now evaluating the last expression at c, we will get,
f(c) = 0 + r = r (6.4)
CHAPTER 6. POLYNOMIALS 18
Therefore f(c) is the remainder.
Corollary 6.2.3. A polynomial f(x) is divisble in R[X] by a monic linear polynomial x c i
c is a zero of f(x).
Proof. If c is a zero of f(x) then by above theorem, remainder when x c|f(x) is f(c) = 0.
Therefore x c devides f(x). Suppose x c devides f(x), then f(c) = 0, again by the above
theorem, making c as a zero of f(x).
Corollary 6.2.4. Let R be an integral domain, a polynomial f R[X] of degree k 0 has at
the most k zeros in R
Proof. Proof is by induction. Let c is a root of the polynomial f(x) then f(x) = (x c)q(x).
But degree of q(x) is k 1. By induction hypothesis it can have at the most k 1 roots.
Therefore f(x) has at the most k roots.
Chapter 7
Some Important Theorems
We will state two important decompostion theorems with out proof, that we will be using in
the further course.
7.1 Fundamental Theorem of Finitely Generated Abelian
Groups
Let G be a nitely generated abelian group. Then
G

= Z
r
Z
n
1
Z
n
2
Z
n
s
(7.1)
for some integers r, n
1
, n
2
, . . . , n
s
satisfying
1. r 0, n
j
2 for all j
2. n
i+1
|n
i
for all 1 i s 1
This decomposition is called invariant factor decompostion.
7.2 Primary Decomposition Theorem
Let G be an abelian group of order n > 1 and let the unique factorization of n into distinct
prime powers be n = p
a
1
1
p
a
2
2
. . . p
a
k
k
. Then
G

= A
1
A
2
A
k
(7.2)
, where |A
i
| = p
a
i
i
7.2.1 Primitive Roots
A primitive root modulo an integer n is an element of U(nZ) of order (n). The existence of a
primitive root shows that the group is cyclic.
Theorem 7.2.1. Any subgroup G of the multiplicative group of a nite eld F is cyclic.
Proof. Let G F\{0}. Let G

= Z
r
Z
n
1
Z
n
2
Z
n
s
, by the fundamental theorem of
nitely generated abelian groups. Let m = n
s
. Consider the polynomial x
m
1 F[X]. This
polynomial has at the most m roots. Let a Z
n
i
. Then a
n
i
= 1. But since n
i
|n
s
= m, a
m
= 1.
19
CHAPTER 7. SOME IMPORTANT THEOREMS 20
That means all element of Z
n
i
for all i are roots of x
m
1, therefore x
m
1 has n
1
n
2
. . . n
s
roots, which is clearly greater than m, which is not possible. Fot this to admit we must have
o(G) = m = n
s
, that is G is cyclic.
Proposition 7.2.2. Let p be a prime and d be devisor of p-1. Then the polynomial
f(x) = x
d
1 U(pZ) (7.3)
has exactly d roots in U(pZ)
Proof. Let e =
p1
d
. Then
x
p
1 = (x
d
)
e
1
= (x
d
1)((x
d
)
e1
+ (x
d
)
e2
+ + 1)
= g(x)(x
d
1)
where deg(g) = p 1 d.
By Fermats little theorem, (p, a) = 1 a
p1
1 mod p. But this gives 1, 2, . . . , p 1 all
are roots of x
p1
1 in U(pZ). But g(x) can have at the most p 1 d roots and x
d
1 has
at the most d roots in U(pZ). For the product of these two polynomials which is x
p1
1 to
have exactly p 1 roots both must have the maximum possible roots they can have. Therefore
x
d
1 has precisley d roots.
Lemma 7.2.3. Let G be a group and let g, h G having relatively prime orders m,n respectively.
Then (g) (h) = {1}.
Proof. Let x (g) (h). That is o(x)|o(g) = m, o(x)|o(h) = n o(x) = 1 since m, n are
relatively prime. That means x = 1 (g) (h) = {1}.
Lemma 7.2.4. Let G be a group and let g, h G be commuting elements of relatively prime
orders m, n respectively. Then |gh| = mn
Proof. By the commutativity property we have (gh)
mn
= g
mn
h
mn
= 1 o(gh)|mn. Let
o(gh) = r (gh)
r
= 1 g
r
= h
r
(g) (h) = {1} (by previous lemma). But this gives
g
r
= 1 = h
r
. Therefore m = o(g)|r, n = o(h)|r mn|r (since m and n are relatively prime).
But then mn|o(gh) mn = o(gh).
Chapter 8
Cyclic groups
8.1 Existence of Primitive Root Modulo a Prime
In this section we will prove that there exists a primtive root modulo p a prime number.
Equivalently we will prove that U(pZ) is cyclic.
U(2Z) is trivilally cyclic. Therefore assume that p is odd. Let the unique prime power
factorization of p 1 is
p 1 = q
n
1
1
q
n
2
2
. . . q
n
r
r
(8.1)
Note that q
n
i
i
|p 1 for all i. Then by proposition 7.2 of chapter 7 we have x
q
n
i
i
1 has exactly
q
n
i
i
roots for all i. Similarly x
q
n
i
1
i
1 has q
n
i
1
i
roots for all i. Therefore q
n
i
i
q
n
i
1
i
elements
a of U(pZ) are such that a
q
n
i
i
= 1 but a
q
n
i
1
i
= 1. That is o(a) = q
n
i
i
.
For each i choose such an a
i
of order q
n
i
i
. Now consider a = a
1
a
2
. . . a
r
. Then o(a) =
o(a
1
) o(a
2
) o(a
r
) by Lemma 7.4 of chapter 7. This gives o(a) = p 1 = (p).
Therefore there exists a primitve root modulo p, and the group is cyclic.
In the following course we will establish that the only cyclic groups are U(nZ) where n =
p, p
a
, 2p
a
, p is an odd prime or n = 2, 4. We present some important lemmas.
Lemma 8.1.1. If l 1 and a b mod p
l
then a
p
b
p
mod p
l+1
.
Proof. Since a b mod p
l
, we can write
a = b + kp
l
a
p
= (b + kp
l
)
p
a
p
= b
p
+ b
p1
p
l+1
+
_
2
p
_
b
p2
(p
l
)
2
+ + (p
l
)
p
a
p
b
p
= b
p1
p
l+1
+ A;
Each term in A contains at least p
2l
, and therefore p
l+1
|A. Therefore p
l+1
|b
p1
p
l+1
+ A
p
l+1
|a
p
b
p
which gives a
p
b
p
mod p
l+1
21
CHAPTER 8. CYCLIC GROUPS 22
Lemma 8.1.2. If l 2 and p = 2, then (1 + ap)
p
l2
1 + ap
l1
mod p
l
Proof. Proof is by induction. We have, (1 + ap)
p
l2
1 + ap
l1
mod p
l
. Then by previous
lemma, ((1 + ap)
p
l2
)
p
(1 + ap
l1
)
p
mod p
l+1
(1 + ap)
p
l1
(1 + ap
l1
)
p
mod p
l+1
. Again
by taking the binomial expansion we will get,
(1 + ap)
p
l1
1 + ap
l
+
_
2
p
_
(ap
l1
)
2
+ + (ap
l1
)
p
mod p
l+1
(1 + ap)
p
l1
1 + ap
l
+ B mod p
l+1
Each term in B contains at least the factor p
2l1
, l 2 l + 1 2l 1. Therefore p
l+1
|B
p
l+1
|(1 + ap)
p
l1
(1 + ap
l
) (1 + ap)
p
l1
1 + ap
l
mod p
l+1
, which completes the induction
process, and proves the lemma.
Denition 1. Let (a, n) = 1. Then a has the order e mod n if e is the smallest integer such
that a
e
1 mod n.
Lemma 8.1.3. If p = 2 and p does not devide a, then p
l1
is the order of 1 + ap mod p
l
.
Proof. By Lemma 8.2 we have
(1 + ap)
p
l1
1 + ap
l
mod p
l+1
(8.2)
(1 + ap)
p
l1
1 mod p
l
(8.3)
Also by the same lemma,
(1 + ap)
p
l2
1 + ap
l1
mod p
l
(8.4)
(1 + ap)
p
l2
1 mod p
l
(8.5)
Therefore p
l1
is the smallest one with (1 + ap)
p
l1
1 mod p
l
, which proves the lemma.
8.2 Existence of Primtive Root Modulo Odd Prime Power
We shall now prove that U(p
l
Z) is cyclic for any odd prime p and l Z
We already proved the existence of primtive root modulo p for a prime number p. Let g is
a primtive root modulo p such that g
p1
1 mod p
2
. We claim that there always exists such a
choice of g. Suppose that g
p1
1 mod p
2
. Then g + p will be such a choice.
(g + p)
(p)
= (g + p)
p1
= g
p1
+ pK 1 mod p (8.6)
(g + p)
p2
= g
p2
+ pK

1 mod p (8.7)
CHAPTER 8. CYCLIC GROUPS 23
(22) is since g is a primtive root modulo p. Together we will get g +p is a primitive root modulo
p. Now observe that,
(g + p)
p1
= g
p1
+ (p 1)g
p2
p + Kp
2
= g
p1
+ p
2
g
p2
g
p2
p + Kp
2
1 + p
2
g
p2
g
p2
p mod p
2
1 mod p
2
Therefore g + p serves as the desired choice, proving our claim. We further clain that such
a g is already a primtive root mod p
l
. It suces to show that if g
n
1 mod p then (p
l
) =
p
l1
(p 1)|n. But,
g
n
1 mod p
l
g
n
1 mod p
(p 1)|n
g
p1
1 mod p g
p1
= 1 + Ap, p |A
(1 + ap)
n
1 mod p
l
(Raising to the power n)
p
l1
|n
(p 1)p
l1
|n
Lemma 8.2.1. Let n = 2
k
p, k 3. Then there are no primitive roots modulo n.
Proof. We have a
2
k2
1 mod 2
k
. Also we have (2
k
) = 2
k1
. But 2
k1
|2
k2
(2
k
) |2
k2
.
But this exactly means that there does not exists any primitive roots modulo n, for n = 2
k
.
Next we shall prove that primitive roots exists for 2p
n
where p being a prime number. It is
a simple consequence of the chinese remainder theorem. We have,
Z
2p
n
Z

=
Z
2Z

Z
p
n
Z
(8.8)
Taking the unit group on both sides we will get,
U(2p
n
Z)

= U(2Z) U(p
n
Z) (8.9)
But U(2Z) is simply {e, e
1
} and U(p
n
Z) is already cyclic making LHS also cyclic.
We will complete this chapter by proving primitive roots does not exists for mn, with
(m, n) = 1, which together with the previous lemmas and theorems will span the whole integers.
Lemma 8.2.2. Primitive roots does not exists for mn where (m, n) = 1.
CHAPTER 8. CYCLIC GROUPS 24
Proof. Again by chinese remainder theorem,
U(mnZ)

= U(mZ) U(nZ) (8.10)
Recall Cauchys Theorem, states that if a prime devides the order of a group G, then there
exists a unique element of that prime order. Order of U(mZ) is (m) and U(nZ) is (n). But
2|(m), (n). Therefore U(nZ) contains a unique element of order 2, and similarly U(mZ)
contains an element of order 2.
Now recall that for a cyclic group for every devisor of order of that group, there exists a
unique element of that order. But we have already proved that U(mnZ) contains two elements
of order 2, one from U(mZ) and other from U(nZ), which violates the uniqueness. Therefore
U(mnZ) is not cyclic.
Chapter 9
Quadratic Reciprocity
9.1 Quadratic Residue
Fix a prime p, an integer b is called a quadratic residue mod p if p |b and b is a square mod p.
If b is not a quadratic residue mod p, we will call it as a quadratic non residue.
Example Fix p = 5, then 1
2
= 1, 2
2
= 4, 3
2
= 4 and 4
2
= 1. Therefore the quadratic
residues are 4, 1 and quadratic non residues are 2, 3. Similarly for p = 7, quadratic residues are
1, 2, 4 and quadratic non residues are 3, 5, 6.
9.2 Legendre Symbol
Let p is an odd prime integer and a is any integer, then Legendre symbol read as a over p, is
dened as,
_
a
p
_
=
_
_
_
0 if p|a
1 if a is a quadratic residue
1 if a is a quadratic non residue
(9.1)
Theorem 9.2.1. The map : U(pZ) {1, 1} dened by
(p) =
_
a
p
_
(9.2)
is a surjective group homomorphism.
Proof. We have U(pZ) is a cyclic group. Let g is a primitive root modulo p. Then g generates
U(pZ). Therefore all elements in U(pZ) can be writen as g, g
2
, g
3
, . . . , g
p1
2
, g
p+1
2
, . . . , g
p1
=
e. Taking squares of all elements we have U(pZ) = {g
2
, g
4
, . . . , g
p1
, g
p+1
, . . . , g
2(p1)
}. Now
g
p+m
= g
p1
g
m+1
= g
m+1
g
p+1
= g
2
, . . . , g
2(p1)
= e. Therefore the quadratic residues mod
p are g
2
, g
4
, . . . , g
p1
and quadratic non residues are g, g
3
, . . . , g
p2
, both are
p1
2
in number,
which shows that is a surjective map. Now it is enough to prove that is a homomorphism.
We will prove it case by case. For that let g
s
, g
t
U(pZ).
Case 1. Let s,t both even. Then (g
s
) = (g
t
) = 1. s + t is also even, there fore (g
s
g
t
) =
(g
s+t
) = 1 = (g
s
) (g
t
)
25
CHAPTER 9. QUADRATIC RECIPROCITY 26
Case 2. Let s is even, and t is odd. Then (g
s
) = 1 and (g
t
) = 1. s + t is odd, there fore
(g
s
g
t
) = (g
s+t
) = 1 = (g
s
) (g
t
)
Case 3. Let both s and t are odd, then (g
s
) = 1 = (g
t
), s+t is even there fore (g
t
)(g
s
) =
1 = (g
s+t
) = (g
s
.g
t
)
9.3 Eulers Criterion
Eulers criterion provies a strong tool to determine quadratic reciprocity for small integers, but
fails for larger integers. The precise statement is, let p be an odd prime and a is an integer,
then
_
a
p
_
= 1 i a
p1
2
1 mod p, where p |a.
Consider the map : U(pZ) U(pZ) dened as,
(a) = a
p1
2
(9.3)
and : U(pZ) 1, 1, dened as,
(a) =
_
a
p
_
(9.4)
Observe that and are group homomorphisms. Let a Ker() (a) = 1
_
a
p
_
= 1.
This means a = b
2
for some b U(pZ) a
p1
2
= b
p1
= 1 a Ker(). There fore
Ker() Ker(). Now we have the chain Ker() Ker() U(pZ) = G, this gives
[G : Ker()] = [G : Ker()] [Ker() : Ker()]. But [G : Ker()] = 2, since there are only
two distinct cosets. There fore we will get two cases.
Suppose that [G : Ker()] = 1 G = Ker() (a) = 1 a
p1
2
= 1, for all a G.
|G| = p1. Therefore the polynomial x
p1
2
1 has p1 solutions in U(pZ). But the polynomial
x
p1
2
1 can at the most have
p1
2
solutions, which is a contradiction. There fore we abandon
this case.
Otherways suppose that [Ker() : Ker()] = 1. This means that Ker() = Ker()
(a) = 1 i (a) = 1 a
p1
2
1 mod p i
_
a
p
_
= 1, which was precisely required.
9.4 Gauss Sum
9.4.1 Roots of Unity
nth roots of unity is a complex number such that
n
= 1, and if n is the least such integer
then is the primitive nth root of unity.
CHAPTER 9. QUADRATIC RECIPROCITY 27
9.4.2 Gauss Sum
Fix an odd prime p, then the Gauss sum associated to an integer a is dened as
g
a
=
p1

n=0
_
n
p
_

an
(9.5)
, where = e
2i
p
, 0 i p 1
Lemma 9.4.1. For any integer a
p1

n=0

an
=
_
p if p|a
0 else
(9.6)
Proof. Let p|a, then a = kp
an
=
kpn
= (
p
)
kn
= 1. Therefore,
p1

n=0

an
=
p1

n=0
1 = p (9.7)
Else let p |a. Therefore
a
1 = 0, Observe that
ap
1 = 0. Therefore we have
p1

n=0

an
=

ap
1

a
1
= 0 (9.8)
which proves the theorem.
Lemma 9.4.2. g
0
= 0
Proof.
g
0
=
p1

n=0
_
n
p
_
= 0 (9.9)
, since half of the Legendre symbols in the sum goes to +1 and half goes to -1.
Lemma 9.4.3. g
a
=
_
a
p
_
g
1
Proof. Let p|a then,
g
a
=
p1

n=0
_
n
p
_

an
=
p1

n=0
_
n
p
_
= g
0
= 0 (9.10)
Also we have
_
a
p
_
g
1
= 0. Therefore this case is threw.
CHAPTER 9. QUADRATIC RECIPROCITY 28
Otherways assume that p |a. Then,
_
a
p
_
g
a
=
_
a
p
_
p1

n=0
_
n
p
_

an
=
p1

n=0
_
a
p
__
n
p
_

an
=
p1

n=0
_
an
p
_

an
=
p1

n=0
_
m
p
_

m
(since multiplication by a only permutes the elements)
= g
1

_
a
p
__
a
p
_
g
a
=
_
a
p
_
g
1

_
a
2
p
_
g
a
= g
a
=
_
a
p
_
g
1
which proves the lemma.
Proposition 9.4.4.
g
2
a
= p(1)
p1
2
(9.11)
Proof. Consider,
p1

a=0
g
a
g
a
(9.12)
We have g
a
g
a
=
_
a
p
_
g
1
_
a
p
_
g
1
=
_
1
p
__
a
2
p
_
g
2
1
= (1)
p1
2
g
2
1
. Therefore,
p1

a=0
g
a
g
a
=
p1

a=1
g
a
g
a
=
p1

a=0
(1)
p1
2
g
2
1
= (1)
p1
2
g
2
1
(p 1)
CHAPTER 9. QUADRATIC RECIPROCITY 29
Now we will evaluate this sum in a another way,
p1

a=0
g
a
g
a
=
p1

a=0
p1

n=0
p1

m=0
_
n
p
__
m
p
_

a(nm)
=
p1

a=0
p1

n=0
p1

m=0
_
nm
p
_
(m, n)
=
p1

n=0
p1

m=0
_
mn
p
_
p1

a=0
(m, n)
=
p1

n=0
p1

m=0
p((m, n))
=
p1

n=0
_
a
2
p
_
p
= p(p 1)
Combining both the evaluations,
(1)
p1
2
g
2
1
(p 1) = p(p 1)
(1)
p1
2
g
2
a
= p
g
2
a
= p(1)
p1
2
which was precisely required.
For p, q distinct odd primes,
_
p
q
_
= (1)
p1
2
q1
2
_
q
p
_
(9.13)
Proof of Quadratic Reciprocity Theorem employs many of the machinaries we have so far
developed. Set p

= (1)
p1
2
p. Then,
p

= g
2
1
= g
2
(9.14)
Now by Eulers Criterion,
(p

)
q1
2

_
p

q
_
mod q (9.15)
Observe that,
g
q1
= (g
2
)
q1
2
= (p

)
q1
2
(9.16)
Substitute 16 in 15 to obatain,
g
q
g
_
p

q
_
mod q (9.17)
Note that in Z[],
q| g
q
g
_
p

q
_
(9.18)
CHAPTER 9. QUADRATIC RECIPROCITY 30
Consider the ring
Z[]
(q)
having characteristic q, then
g
q
=
_
p1

n=0
_
n
p
_

n
_
q
=
p1

n=0
_
n
p
_
q

nq
= g
q
(9.19)
Now g
a
=
_
a
p
_
g
1
, which gives,
g
q

_
a
p
_
g mod q (9.20)
17,19 and 20 gives,
_
q
p
_
g g
_
p

q
_
mod q
_
q
p
_
=
_
p

q
_
(9.21)
The last step is since g
2
= p

and p = q. Conclusively,
_
p

q
_
=
_
(1)
p1
2
p
q
_
=
_
(1)
p1
2
q
_
_
p
q
_
=
_
1
q
_
p1
2
_
p
q
_
= (1)
p1
2
q1
2
_
p
q
_

_
q
p
_
= (1)
p1
2
q1
2
_
p
q
_
which proves the theorem.
Bibliography
[1] Ivan Niven, Herbert S Suckerman and Hugh L Montgomery An Introduction To The Theory
Of Numbers. New York: Wiley 5th Edition, 2008.
[2] Kenneth Ireland and Michael Rosen, A Classical Introduction To Modern Number Theory.
Springer Verlag New York, Inc. Second Edition, 1990
31