Link back to Home page

HTML version

1. Introduction to Proofs and Logic

Definition A statement (or proposition) is an expression that can be assigned the value of true or false

Anything that’s a question is not a statement.
In the example below, it’s a statement as the variable is “used up”. We really need to specify what’s happening to the variable for it to be a statement.

\sum_{i = 1}^{4} i = 10

Definition A predicate is a ‘statement’ whose truth is dependent on one or more variables

For a predicate, the variable is not “used up”

\sum_{i = 1}^{n} i = 10

Definition A variable is a placeholder which gives a name to some entity that we want to consider

We can turn a predicate into a statement by specifying the set of values it applies to. Consider the example below:
This is a predicate unless we specify $\forall n, \in Z$

\sum_{i = 1}^{n} i = \frac{n (n + 1)}{2}

Definition A set is a collection of elements which can be any type of mathematical objects

Set notation

The notation $x \in X$ means that $x$ is an element of the set $X$ .
Eg: $n \in Z$ means $n$ is an element of the set of integers

Building a subset:
If $P (x)$ means $x$ is even, then this subset below is just the set of even number

{x \in X : P (x)}

Axiom If all $x \in A$ are also in $B$ and all $x \in B$ are also in $A$ then $A$ and $B$ are the same set.

Proper subset ( $\subset$ ) - Every element of $A$ is also in $B$ but not equal to $B$
Subset ( $\subseteq$ ) - Set $A$ is a subset of $B$ if every element of $A$ is also in $B$

Quantifiers - they help us turn predicates into statements

$P (n)$ Is a predicate
But $\forall n \in Z \exists P (n)$ is a statement

Universal quantifier

\forall n \in Z n^{2} \geq 0

The expression above in words means “for every integer $n$ , $n^{2}$ is greater than or equal to 0”

Existential quantifier

\exists n \in Z n^{2} = 289

“There exists at least integer $n$ such that $n^{2}$ is 289

Logical operators

Probably the best way to think about these, is to form a truth table (warning: may trigger past CS trauma…) - think of True as 1 and False as 0, binary

Definition

Conjunction - both statements are true - like the AND logic gate

P \land Q

P	Q	P $\land$ Q
0	0	0
0	1	0
1	0	0
1	1	T

Disjunction - at least one statement is true - like the OR logic gate

P \lor Q

P	Q	P $\lor$ Q
0	0	0
0	1	1
1	0	1
1	1	1

Negation - the statement is false - like the NOT logic gate

P	$\neg$ P
0	1
1	0

Definition. Tautology: A statement that is always true
Definition Contradiction: A statement that is always false

Logical equivalent - two statements have the same truth table

P \equiv Q

Rules - flashback to AQA CS being actually useful

Idempotent - something that squares to itself
- Eg: $0^{2} = 0$ or $1^{2} = 1$
Notice how there’s a difference between associative and distributive
- Associate - the symbol is the same all the way
- Distributive - it’s like mixing the signs for $\times$ and $+$

Proving the De Morgan’s Laws - on Anki

“Break the line, change the sign”

Well, you can do it using truth table, or Venn diagram probably

Think about this analogy, let $P$ be the statement: “A in even” and $Q$ be the statement: “Q is even”.

Then $P \land Q$ would be the statement: A is even and B is even
If we were to negate that statement, i.e $\neg (P \land Q)$ would be result in the statement: “Either one of A or B is not even”

So $$ \neg (P \wedge Q) = (\neg P) \vee (\neg Q)$$
Consider the absorption rule below

P \land (P \lor Q) \equiv P

P \lor (P \land Q) \equiv P

But how can we prove this?
Think back to the identity rule where we had: $$ P \equiv P \wedge T $$
So we have

P \lor (P \land Q) \equiv (P \land T) \lor (P \land Q)

After substituting, we can use the distributive rule, to factorise this:

(P \land T) \lor (P \land Q) \equiv P \land (T \lor Q)

Note, $T \lor Q \equiv T$ (annihilation rule), so we’re left with $P$ given the identity rule
Another way to think about it: $T \lor Q \equiv (Q \lor \neg Q) \lor Q$
Then after using communicative and associate rules by moving the brackets around, we have: $$ (Q \vee Q) \vee (\neg Q) $$
Then by the idempotent rule: $Q \lor Q \equiv Q$
And then $Q \lor \neg Q \equiv T$
Look at the gold example on notes…

Negating quantifiers

Consider this statement below:

\forall n \in Z n^{2} \geq 0

What does it mean for the statement to be false?
It means $\exists n \in Z s . t . n^{2} < 0$

In general…

\neg (\forall n P (x)) \equiv \exists n \neg (P (x))

Implications

P ⟹ Q \equiv (\neg P) \lor Q

If $P$ is false, then the statement doesn’t tell us anything about $Q$ , the latter can be true or false

If we know that $P ⟹ Q$ is true, then:

$P$ and $Q$ can be both true
$P$ is false and $Q$ is true
$P$ and $Q$ can be both false

But.. if $P ⟹ Q$ is true and $P$ is also true, then:

$Q$ is also true

This principle above is called modus ponens

Definition - A counterexample is where the first statement is true, but the second statement is false, which makes the implication false

If we were to negate the implication, we’d get:

\neg (P ⟹ Q) \equiv \neg (\neg P \lor Q)

Using De Morgan’s, we get

\equiv \neg (\neg P) \land \neg Q \equiv P \land \neg Q

So a counterexample by definition is when $P$ is true and $Q$ is not true

∴ \neg (P ⟹ Q) \equiv P \land \neg Q

To claim that a statement is false is the same as claiming that its negation is true

Consider this example in words:
What’s the negation of $\forall p \in Z, p$ is prime $⟹$ $2^{p} - 1$ is prime

\exists p \in Z \neg (\dots)

So this would be $\exists p \in Z s . t . p$ is prime and $2^{p} - 1$ is not prime

Converse and Contrapositive

Definition Converse of an implication $P ⟹ Q$ is the reversed implication $Q ⟹ P$

Definition Equivalence $P ⟺ Q$ is the same as $P ⟹ Q \land Q ⟹ P$ . It’s an if and only if statement

Definition Contrapositive of an implication $P ⟹ Q$ is the implication $\neg Q ⟹ \neg P$

P ⟹ Q \equiv \neg Q ⟹ \neg P

Proof by contrapositive can be useful in some case. Consider the proof, $n^{2}$ is even $⟹ n$ is even. The contrapositive version of this would be $n$ is not even $⟹$ $n^{2}$ is not even. So if we start by taking $n$ to be odd and then proving that $n^{2}$ is odd, we have our proof for the original statement.

When $P$ is true, then $Q$ must also be true, but this also means that $Q$ is false could only happen when $P$ is false
We can prove this using the commutative and double negation rule

P ⟹ Q \equiv (\neg P) \lor Q

Using the commutative rule we get:

\equiv Q \lor (\neg P)

Then using the double negation rule we have:

\neg (\neg Q) \lor \neg P

Notice how this is the definition of implies:

\neg Q ⟹ \neg P \equiv \neg (\neg Q) \lor \neg P

Modus ponens

P \land (P ⟹ Q) \equiv P \land Q

Proofs

Definition A Proof is a sequence of steps used to demonstrate that a statement is true

Proofs begin with a premise, aka a collection of statements/predicates that we accept as true (axioms).

The result that we want to show is the conclusion

Rules of Equality

When we say $a = b$ , it means that $a$ and $b$ refer to the same indistinguishable objects

reflexive $a = a$
symmetric $a = b ⟺ b = a$
Transitive $a = b \land b = c ⟹ a = c$

Proof by contradiction

The idea behind this is to take our premise and negation of conclusion as the assumption
The formal justification is that if we show $\neg P$ implies another false statement, then we have proved that:

\neg P ⟹ F

And by using our logical equivalences

\neg P ⟹ F \equiv \neg (\neg P) \lor F \equiv P \lor F \equiv P

So if we have problem that the negation is false, then we proven that the original statement is true

Example- proving $\sqrt{2}$ is irrational

First we need by take our premise and the negation of our conclusion, i.e assuming that $\sqrt{2}$ is rational

\sqrt{2} rational ⟹ \exists a, b, \in Z s . t . a / b = \sqrt{2}

And now we need to show that $\exists a, b, \in Z$ is false

So suppose $\exists a, b, \in Z, s . t . a^{2} = 2 b^{2}$ - this is our premise

Let $d$ be the greatest common divide of $a, b$ (definition)

Then $d$ is a divisor of $a$ and $d$ is a divisor of $b$ (by defn of g.c.d)

$\exists u \in Z s . t . a = d u$
$\exists v \in Z s . t . b = d v$

So we have $(d u)^{2} = 2 (d v)^{2}$ (substitution)
After expanding an simplifying, we have:
$(u^{2}) = 2 v^{2}$
We’ve kind of got to where we started, but instead of having $a$ and $b$ , we have $u$ and $v$ , but instead this time, $u$ and $v$ cannot be even due to our introduction of the g.c.d.

But look again at our expression, $u^{2}$ is even (defn of even), so $u$ is even (previous result)
Therefore, $\exists k \in Z s . t . u = 2 k$
So $(2 k)^{2} = 2 v^{2}$ (substitution)

After some expanding and simplifying, we have that
$(2 k)^{2} = v^{2}$
So this means that $v^{2}$ is even (by defn of even) and $v$ is even

So now $\exists l \in Z s . t . v = 2 l$

And after we substitute back into the definitions of $a$ and $b$ , we get:

a = d (2 k) $ $ $ $ b = d (2 l) $ $ W e s t a r t e d b y a s s u m i n g t h a t $ d $ w a s t h e g . c . d o f $ a $ a n d $ b $, b u t h e r e, $ 2 d $ i s t h e g . c . d A s $ d < 2 d $, $ d $ i s n o t t h e g . c . d o f $ a $ a n d $ b $, h e n c e, w e h a v e r e a c h e d a c o n t r a d i c t i o n I f o u r s t a t e m e n t $ P $ w a s “ $ d $ i s t h e g . c . d o f $ a $ a n d $ b $, t h e n $ \neg P $ w a s $ d $ i s n o t t h e g r e a t e s t g . c . d o f $ a $ a n d $ b $ . T h e r e f o r e, w e h a v e $ P \land \neg P $, w h i c h i s a c o n t r a d i c t i o n H e n c e, o u r p r e m i s e i s f a l s e, s o $ $ \forall a, b \in Z, a^{2} \neq b^{2}

2. Integers

Axioms - set of properties that we accept without requiring a proof
How do we know that axioms are axioms?

There is a list of algebraic axioms and order axioms:

[Operations (Op)] The integers are equipped with two binary operations addition and multiplication. These operations are denoted by the symbols $+, \cdot$ respectively.
[Identity (Id)] Z contains two special elements, denoted $0$ and $1$ , with $0 \neq 1$ such that for any integer $m, m + 0 = 0 + m = m$ and $m \cdot 1 = 1 \cdot m = m$ .
[Negation (Neg)] For every integer $m$ , there exists an integer denoted $- m$ such that $m + (- m) = (- m) + m = 0.$
We write $a - b$ as a shorthand for $a + (- b) .$
[Commutative (Comm)] Addition and multiplication are commutative, i.e. $m + n = n + m a n d m \cdot n = n \cdot m \forall m, n \in Z$
[Associative (As)] Addition and multiplication are associative, i.e. $(m + n) + p = m + (n + p)$ and $m \cdot (n \cdot p) = (m \cdot n) \cdot p \forall m, n, p \in Z$
[Distributive (Dist)] Multiplication distributes over addition, i.e, $m \cdot (n + p) = m \cdot n + m \cdot p \forall m, n, p \in Z .$
[Zero divisors (ZD)] If $m \cdot n = 0$ then $m = 0$ or $n = 0$ .
[Order relation (Ord)] $Z$ is equipped with a relation $\leq$ called “less than or equal to”.
[Reflexive (Ref)] Every integer $m$ satisfies $m \leq m$ .
[Antisymmetric (ASy)] Given two integers $m, n$ , if $m \leq n$ and $n \leq m$ then $m = n$ .
[Transitive (Tr)] If $m, n, p$ are integers with $m \leq n$ and $n \leq p$ then $m \leq p$ .
[Comparability (Comp)] Given any two integers $m, n$ , $m \leq n$ or $n \leq m$ .
[Shift (Sh)] If $m, n, p$ are integers with $m \leq n$ , then $m + p \leq n + p$
[Scale (Sc) ] If $m, n, p$ are integers with $m \leq n$ and $0 \leq p$ then $m \cdot p \leq n \cdot p$ .
[Well ordering (WO)] The well ordering principle – any non-empty subset of non-negative integers has a unique least element.

All of these axioms will hold true even if we work with the reals, naturals, and complex numbers, and that’s why we have the ordering axioms - which work for the set of integers.

For $m, n \in Z$ , exactly one of the properties below hold:

$m < n$
$m = n$
$m > n$
We can prove the other inequalities from the properties above

Proof that $0 < 1$ (proof by contradiction)

Our starting point to take the premise and negation of our conclusion as the assumption:

So suppose $\neg (0 < 1) ⟹ 1 \leq 0$

The scaling axiom says something about 0.

According to the shift axiom:

1 + (- 1) \leq 0 + (- 1)

Then using the negation, and identity axiom:

0 \leq - 1

Scaling axiom, we can rescale by $- 1$

1 (- 1) \leq 0 (- 1)

And by identity axiom:

- 1 \leq 0 $ $ T h i s i s n^{'} t a p r o p e r c o n t r a d i c t i o n, e v e n t h o u g h i t m a y f e e l l i k e o n e, b u t f e e l i n g s, a s w e k n o w, a r e n o t a l w a y s f a c t s . S o l e t^{'} s k e e p g o i n g B y t h e A n t i - s y m m e t r i c c o n d i t i o n : $ $ 0 = - 1

Substitution:

0 + 1 = - 1 + 1

By identity and negation

1 = 0

And by the identity axiom once again:

1 \neq 0

And hence we have contradiction

Note on the Well-ordering principle

Essentially, $n$ is the least element of a set $S$ if:

$n \in S$
$\forall m \in S, m \leq n ⟹ m = n$
This is just means that $n$ is the smallest element in the set, and if there is a smaller element $m$ than $n$ , then that element just equals $n$ .

Proof of $1$ being the least element of the set $N_{1}$ of positive integers

Let $n$ be least element of $N_{1}$

We can say that

1 \leq n and n \leq 1

Assume $1 \leq n$
But as $n$ is the last element of $N_{1}$ and $1 \in N$ , so $n = 1$

Now let’s assume that $n \leq 1$ . What we’re trying to show that there are no elements between $0$ and $1$

We know that $n \in N$ , so we can apply the scaling axiom to say that:

n \cdot n \leq 1 \cdot n

So now is $n^{2} \in N$ ?
We can use scaling axiom to say that:

0 \cdot n \leq n \cdot n

By the zero divisor axiom we have that $n \cdot n = 0 ⟹ n = 0 or n = 0$
This is a contradiction as $0 \leq n$

So we know that $n \cdot n \in N$

But we know that $n$ is the lease element of $N_{1}$

So $n \cdot n \leq n$

n \cdot n + (- 1) \cdot n = 1 \cdot n + (- 1) \cdot n

(n - 1) \cdot n = 0 \cdot n = 0

So we have
$n \cdot 1 = 0$ or $n = 0$

So $n = 1$

Proof by Induction

If P (1) \land [\forall n \geq 1, P (n) ⟹ P (n + 1)] ⟹ P (n) \equiv T \forall n \geq 1

The first step is called the base step where use a starting case for induction
Second step is the inductive step
The premise $P (n)$ in the inductive step is called the inductive hypothesis

Proof of the proof by induction

What we want to prove that is $P (1)$ is true, then $\forall n \geq 1, P (n) ⟹ P (n + 1)$ , then $P (n)$ is true $\forall n \geq 1$

And we'll prove it by contradiction. So we assume the conclusion is false, i.e. $\exists k \in N_{1} s . t . P (n) \equiv F$

So if there exists at lease one number $k$ where $P (k)$ is false, we can collect all of them into a set:

S = {k \in Z : k \geq 1 : P (k) \equiv F}

This set $S$ is non-empty, because we're assuming that there's at least one false case

By the W.O (well ordering) principle, every non-empty subset of $N$ has a least (smallest) element, and since $S$ is non-empty, there must be a smallest number, let that number be $m$ .
This means that:

$P (m)$ is false as $m \in S$
Every smaller number has $P (n)$ True because $m$ is the first smallest number for which $P$ fails

Now we have a few cases to consider:

If $m = 1$ , we've contradicted the premise, which says that $P (1)$ is true, so this is a contradiction. So $m \neq 1$
$P (m - 1)$ is true, because $m - 1 < m$ and all the numbers smaller than $m$ are true
The inductive steps means that if $P (n)$ is true, then $P (n + 1)$ is true

If $m$ is the smallest number where $P$ fails, then consider $n = m - 1$ , for which $P (n)$ is true, by the inductive step we have:

P (m - 1) ⟹ P (m)

So $P (m)$ must be true, but as we've defined $m$ to be the first case where $P (m)$ is false as $m \in S$ , this leads to a contradiction.

This means there are no numbers in the $S$ which satisfy the property, so there is no point where induction fails.

Example

Suppose we want to prove that $$ \forall n \geq 1, n! \leq n^n$$
So we start with the base case, $n = 1$

$1! = 1$ and $1^{1} = 1$

Now for the inductive step, we want to prove the statement below:

\forall n \geq 1, n! \leq n^{n} ⟹ (n + 1)! \leq (n + 1)^{n + 1}

We assume the statement holds for some $n$ , and this is the induction hypothesis, so assume $$ P(n) = n! \leq n^n$$
And now we want to prove this for $(n + 1)$

P (n + 1) = (n + 1)! \leq (n + 1)^{n + 1}

By the def. of factorial, we have

(n + 1)! = (n + 1) \times n!

Now, using our scaling axiom and the inductive hypothesis ( $P (n) = n! \leq n^{n}$ ), we have:

(n + 1) \times n! \leq (n + 1) \times n^{n}

As we know that $n < n + 1$ , we have that $n^{n} < (n + 1)^{n}$ . Using the scaling axiom again we have:

(n + 1) \times n^{n} < (n + 1) \times (n + 1)^{n} = (n + 1)^{n + 1}

Notice how this gives us the following:

(n + 1)! < (n + 1)^{n + 1}

Hence the result follows by mathematical induction

Weak vs Strong induction

In weak induction, we only look one step back, i.e. assume that $P (n)$ is true and then use that to show that $P (n + 1)$ .

Strong induction is slightly difference, as we assume all the past results to prove the next step in the induction step, i.e. use all $P (1), P (2), . . ., P (n) ⟹ P (n + 1)$

Decimal expansions, as covered in the next section, are an application of strong induction as we need the fact that every smaller number has a representation.

Decimal Expansions

#finishexplaination

Remainder Theorem

Useful for modular arithmetic which is useful for cryptography

Definition
If $a$ and $b$ are integers with $b \neq 0$ , then there is a unique pair of integers $q$ (quotient) and $r$ (remainder) such that $$a = qb +r , \quad 0 \leq r < |b|$$
It's $| b |$ because the absolute value makes it work whether $b$ is positive or negative
Consider two cases below:

10 = 3 \times 3 + 1

10 = 0 \times 3 + 10

The second case is wrong because we can still take away 3 from 10. So that’s the idea of the proof, just keep taking away from the remainder until we’re left with a negative number as the remainder must be positive

Proof of the remainder theorem

The proof has few parts

Existence - showing there are such integers $q$ and $r$ that work
Show that the remainder $r$ is less than $| b |$
Uniqueness - showing they are the only such pair

Existence

Let's start with case 1: $a \geq 0$

The idea is that we keep subtracting $| b |$ from $a$ until what's less is less than $| b |$
Formally, we define a set:

S = {r^{‘} \in Z : r^{‘} \geq 0 and \exists q^{‘} \in Z, a = q^{‘} | b | + r^{‘}}

So $S$ is essentially the set of all non-negative remainders we can get when subtracting multiples of $| b |$ from $a$

Consider case 2: $a < 0$

If $a$ is negative, we just flip the sign:

a = q | b | + r ⟹ - a = (- q) | b | - r

So the theorem works for all $a$ , positive and negative

Showing $r < | b |$

Notice that $S$ is non-empty as for $q = 0, a - 0 | b | = a \geq 0$ , so by the well-ordering, every non-empty set of non-negative integers has a smallest element

Let that smallest element be $r$ .
Suppose for contradiction that $r \geq | b |$
Then we can make a new remainder: $r^{‘} = r - | b |$

Notice that:

a = q | b | + r = (q + 1) | b | + (r - | b |) = (q + 1) | b | + r^{‘}

This means that $r^{‘} = r - | b | \leq 0$ , so $r^{‘} \in S$

We've just shown that $r^{‘} < r$ which leads to a contradiction as $r$ is meant to be the smallest element, so $r^{‘} \notin S$ , which means that $r < | b |$

Uniqueness

Suppose that there were two pairs:

a = q_{1} | b | + r_{1} = q_{2} | b | + r_{2}, 0 \leq r_{1}, r_{2} < | b |

We subtract one from the other to get:

(q_{1} - q_{2}) | b | = r_{2} - r_{1}

This means that the left side is a multiple of $b$ , but the right side is smaller than $| b |$ as both remainders are between $0$ and $| b |$

Now, if the left side is a non-zero multiple of $b$ , then its absolute value must at least be $b$ , but the right side is strictly less than $b$ . So the only way this equality can hold true is if the right side is $0$

So $r_{1} = r_{2}$ and therefore $q_{1} = q_{2}$

So the pair $(q, r)$ is unique

3. Divisibility and Euclid’s Theorem

Definition An integer $d$ is a divisor of the integer $a$ iff there is an integer $b$ such that $d b = d$

Notation - $d | a$ means $d$ is the divisor of $a$ (i.e $\frac{a}{d}$ is a integer but we’re not allowed to write it in division/fraction form)

Fun fact - not every integer is a divisor of every other integer

Greatest Common Divisor

Definition The greatest common divisor of $a$ and $b$ is the unique integer $d$ satisfying:

$d | a$ and $d | b$
If $c | a$ and $c | b$ then $c \leq d$ so that no common divisor exceeds $d$

Notation - the greatest common divisor of $a$ and $b$ is given by: $gcd (a, b)$

Euclidean Algorithm

Essentially, the Euclidean Algorithm finds the gcd of two integers $a$ and $b$

Consider the example below: $a = 252$ and $b = 105$

We do repeated division:

252 = 2 \times 105 + 42 remainder 42

105 = 2 \times 42 + 21 remainder 21

42 = 2 \times 21 + 0

When the remainder becomes $0$ , the last non-zero remainder is the greatest common divisor. Hence $gcd (252, 105) = 21$

Basically, we repeatedly apply the remainder theorem on numbers and do some shifting until the remainder is 0. The proof of the Euclidean will be covered later in the module

a = q_{0} b + r_{0}, 0 \leq r_{0} < b

b = q_{1} r_{0} + r_{1}, 0 \leq r_{1} < r_{0}

r_{0} = q_{2} r_{1} + r_{2}, 0 \leq r_{2} < r_{1}

\dots

r_{i} = q_{i + 2} r_{i + 1} + r_{i + 2}, 0 \leq r_{i + 2} < r_{i + 1}

\dots

r_{n - 2} = q_{n} r_{n - 1} + r_{n}, 0 \leq r_{n} < r_{n - 1}

r_{n - 1} = q_{n + 1} r_{n} + 0, 0 \leq 0 < r_{n}

where $r_{n} = gcd (a, b)$

Each line $a = q b + r$ says the same common divisor that divide $a$ and $b$ will also divide $r$ . And this is where the linear combination in the section will come in.

Divisors and Linear Combination

Cancellation Lemma - if $m, b, p \in Z$ s.t. $m p ⟹ n p$ and $p \neq 0$ , then $m = n$

We can use this lemma and the linear combination to prove Eucledian's Algorithm

If $a, b$ are integers with $a = q b + r$ then $gcd (a, b) = gcd (b, r)$

Now, if we can show that any common divisor of $(a, b)$ also divides $(b, r)$ and any common divisor of $(b, r)$ also divides $(a, b)$ , this is means common divisors are the same, so their greatest common divisor must be the same, i.e. $gcd (a, b) = gcd (b, r)$

Let the common divisor of $(a, b)$ and $(b, r)$ be $d$ . And we want to show that $d | r$ and $d | a$ . It's like showing that two subsets are equal, which means they are the same set.

So if $d | a$ and $d | b$ , then $a = d k_{1}$ and $b = d k_{2}, k \in Z$

Now, using the remainder theorem we have:

d k_{1} = q (d k_{2}) + r

⟹ d k_{1} - q d k_{2} = r

⟹ d (k_{1} - q k_{2}) = r

Hence $d | r$

Now to prove the converse - if $d | b \land d | r ⟹ b | a$

$b = d k_{3}$ and $r = d k_{4} k \in Z$

Using the definition again we have:

a = q (d k_{3}) + d k_{4} = d (q k_{3} + k_{4})

Hence, by definition, we have $d | a$

And therefore, $gcd (a, b) = gcd (b, r)$

Proof of Euclid’s Algorithm

The Euclid algorithm is essentially the step above repeated

a = q_{1} b + r

b = q_{2} r_{1} + r_{2}

r_{1} = q_{3} r_{2} + r_{3}

\dots

until the remainder becomes 0:

There's a nice proof by contradiction to show that this process does not go on forever. So assume this goes on forever, then the set containing all the remainders is: $S = {r_{1}, r_{2} \dots r_{n}}$ will have no least element-- which contradicts the W.O axiom, so there must be a least element, which is $r_{n} = 0$

By the rule, we've just proved that:

gcd (a, b) = gcd (b, r_{1}) = gcd (r_{1}, r_{2}) = \dots = g c d (r_{n - 1}, r_{n})

So when we finally hit $r_{k} = 0$ , the gcd is the last non-zero remainder:

gcd (a, b) = r_{n - 1}

Euclid’s Algorithm for Polynomials

The operation on polynomials satisfy all of the algebra axioms as the integers do, so they are an example of a commutative ring. But matrices are an example of non-commutative ring as they don’t saying the commutativity axiom

Definition A commutative ring is a set $R$ equipped with two binary operations: $+, \cdot$ and satisfying the axioms Op, Id, Neg, Comm, As, Dist

Bezout’s (Bucket) Identity

Definition If $a$ and $b$ are integers, then $\exists u$ and $\exists v$ s.t.

gcd (a, b) = a u + b v

And then $gcd (a, b)$ is the least positive integers of the form of $a u + b v (u, v) \in Z$

Consider two buckets, one 4 litre and one 7 litre, now, can we measure 1 litre using those two?
Well, fill up the 4l twice and then pour it in the 7l, whatever’s left in the 4l is 1l, and that’s what Bezout’s Identity is telling us - we can solve the bucket problem when the gcd is what we’re trying to measure.

Ideals

The proof of Bezout’s Identity involves a set called ideals

Definition Let $R$ be a ring, then the subset of $I$ in $R$ is an ideal if:

$I$ is non-empty
$\forall a, b, \in I, a + b \in I$ - closed under addition
$\forall a \in I$ and $r \in Z, r a \in I$ - closed under multiplication by any non-negative integer

Notice how this is similar to vector sub spaces in linear algebra.

For example:

The set $I = {0}$ is an ideal of $Z$
The set of even numbers is an ideal of $Z$
The set of odd numbers is not an ideal as it’s not closed under addition nor multiplication by all other integers

Closed means that we don’t have to move outside the set if we apply an operation, i.e. if set $S$ has an operation $*$ , then $S$ is closed under $*$ if

S_{1}, S_{2} ⟹ S_{1} * S_{2} \in S

Proof of Bezout’s Identity

Lemma 3.14 Let $a, b \in Z$ , then the set:

I = {a u + b v : u, v \in Z}

Is an ideal in $Z$ as it's is non-empty because we can have $a (1) + b (0) \in I$ and it's is closed under addition and multiplication

Now, let $I$ be a non-zero ideal in $Z$ , then $\exists d \in I$ s.t.:
Lemma 3.15

x \in I ⟺ d | x

In other words, take any non-zero ideal $I \in Z$ , then $\exists d \in Z$ s.t.

Every element of $I$ is a multiple of $d$
Every multiple of $d$ is in $I$
Among all the elements of $I$ , $d$ is the smallest

This means $I$ has the form:

I = {n d : n \in Z}

What this basically means is that every ideal in $Z$ is made of all the multiples of one single number. And that one number is the smallest positive element in that ideal.
Why do we care? Because Bezout's identity is about showing that the $gcd$ of this idea is the smallest positive element in that ideal. In other words, for any ideal $I \in Z$ , when we input the ideal of all linear combinations $a, b$ , the the output $d$ gives us exactly $gcd (a, b)$ -- which is very cool!!

So we let $d$ be the least positive element of $I$ (W.O principle)

Now we want to show for the iff that:

$x \in I ⟹ d | x$
$d | x ⟹ x \in I$

2.Suppose $d | x$
$⟹ \exists q \in Z s . t . x = q d$
$d \in I$ by definition
$q \in Z$
$I$ is an ideal
So $x = q \cdot d \in I$ because by definition an ideal is closed under multiplication by any integer, all multiples of $d \in I$

Let $x \in I$
Then by the remainder theorem we have $x = q d + r q, r \in Z 0 \leq r < | d |$
We know that $d \in I ⟹ (- q) d \in I$ as by definition, multiplies of $d$ are in $I$ as ideal is closed under multiplication

Now, $r = x - q d = x + (- q) d$
as $x \in I$ and $(- q) d \in I$ $⟹$ $x + (- q) d \in I ⟹ r \in I$
As $r < d$ by definition of the remainder theorem, and $d$ is the least a positive positive element of $I$ , $r$ is not positive $⟹ r \leq 0$ , but as we have that $r > 0 ⟹ r = 0$

Hence, we have shown that $x = q d + 0 = q d$ , so every element of $I$ is in fact a multiple of $d$

Now, all that remains is to show that $d$ is the $gcd (a, b)$

So let:

I = {a u + b v : u, v \in Z}

This is an ideal by Lemma 3.14, and so by Lemma 3.15, $\exists d \in I$ s.t. $d | x \forall x \in I$

Since $d \in I$ , by definition, $\exists u, v$ s.t. $d = a u + b v$

Now, we want to show that $d$ divides both $a$ and $b$ .
Note that both $a$ and $b$ are in $I$ , so:

$a = a \cdot 1 + b \cdot 0 \in I$
$b = a \cdot 0 + b \cdot 1 \in I$

Therefore, $d$ is a common divisor of $(a, b)$

Let $c$ be any common divisor of $(a, b)$

If $c | a$ and $c | b$ , then $c$ divides any combination of $a u + b v$
So $c$ divides element of $I$ and in particular, $c$ divides $d$

So any common divisor of $c$ of $(a, b)$ satisfies:

c | d ⟹ | c | \leq | d |

This means that $d$ is at least as big as any other common divisor, but since $d$ is positive, we have:

c \leq | c | \leq d

Therefore, $d = gcd (a, b)$

◻

Lamé’s Theorem

Definition
The number of steps in the Euclidean algorithm does not exceed 5 times the number of decimal digits in the smaller of the two numbers.

Eg: if we apply the Eucledian algorithm to integers with 100 digits, then we require no more than 500 steps in the algorithm.

The proof of this beautifully involves the Fibonacci and the golden ratio.

Co-prime integers

Definition Two integers $a$ and $b$ are co-prime if $gcd (a, b) = 1$

Definition Integers $a_{1}, a_{2}, \dots, a_{n}$ are mutually co-prime if $gcd (a_{i}, a_{j}) = 1, i \neq j$

Eg: integers $6, 10, 15$ are co-prime but not mutually co-prime

Two integers are co-prime $⟺$ $\exists x, y s . t . a x + b y = 1$

If $gcd (a, b) = d$ , then

gcd (m a, m b) = m d \forall m > 0 gcd (u, v) = 1

Where $a = u d$ and $b = v d$

Let $a$ and $b$ be co-prime, then:

a | c \land b | c ⟹ a b | c

a | b c ⟹ a | c

Note how this only works if the numbers are co-prime. The proof of both of them are in in notes.

Least Common Multiple

Pretty much self-explanatory, the lowest common multiple of two numbers is just the product of those numbers divided by the greatest common divisors of two numbers
If $a, b \in Z$ and if $d = gcd (a, b)$ and $l = l c m (a, b)$ . Then:

d l = a b \equiv l = \frac{a b}{gcd (a, b)}

Linear Diophantine Equations

Let $a, b, c \in Z$ and $a, b \neq 0$ , let $d = gcd (a, b)$ . Then the equation

a x + b y = c

Has integer solutions $⟺ gcd (a, b) | c$ and if it does, then there are infinitely many solutions:

x = x_{0} + q n, y = y_{0} - p n (n \in Z)

Where $a = p d, b = q d$ and $(x_{0}, y_{0})$ is any particular solutions. It’s a bit like doing differential equations.

Proof

The if an only if part is just Bezout’s identity. Any common divisor of $a$ and $b$ divides every intger linear combination of $a$ and $b$

So now we just need to prove what the general solution looks like

So assume we have one particular solution, so let $(x_{0}, y_{0})$ satisfy $a x_{0} + b y_{0} = c$ . And now we want to find out all the other pairs ( $x, y$ ) that also make $a x + b y = c$

Let $n \in Z$ s..t

x = x_{0} + q n, y = y_{0} - p n

Where $a = p d$ and $b = q d$

Now we put this in the $a x + b y = c$ to get:

a (x_{0} + q n) + b (y_{0} - p n) = a x_{0} + b y_{0} + a q n - b p n = c + d (p q - q p) n = c

So this works for any integer $n$

Now we need to show that these two are the only solutions, so we suppose that ( $x, y$ ) is any integer solutions

We subtract the two equations to get:

a (x - x_{0}) + b (y - y_{0}) = 0

After substituting $a = p d$ and $b = q d$ we get:

p d (x - x_{0}) + q d (y - y_{0}) = 0

After dividing through by $d$ (the cancellation lemma), we have:

p (x - x_{0}) = - q (y - y_{0})

What this tells us that the difference between any two solutions is related by $p$ and $q$ . And since $p$ and $q$ are co-prime, because that’s what happens when we divide by the gcd, the only way this equality holds in integers is if:

x - x_{0} = q n, y - y_{0} = - p n, n \in Z

Which is exactly the formula for the infinitely many solutions

4. Prime Numbers

Definition An integer $p > 1$ is irreducible if the only positive divisors of $p$ are $1$ and itself

Definition An integer $p > 1$ is prime if $\forall a, b \in Z$ , whenever $p | a b$ either $p | a$ or $p | b$

For example, to prove that $2$ is a prime number, we need to show that $2 | a b ⟹ 2 | a$ or $2 | b$

By the remainder theorem, $\exists q_{i} r_{i} s . t . a = 2 q_{1} + r_{1}, b = 2 q_{2} + r_{2}, 0 \leq r < 2$

So we have:

a b = (2 q_{1} + r_{1}) (2 q_{2} + r_{2}) = 2 (2 q_{1} q_{2} + q_{1} r_{2} + r_{1} q_{2}) + r_{1} r_{2}

We also know that $a b$ is even, so $a b = 2 k + 0$
As the remainder theorem only gives unique values:

r_{1} r_{2} = 0 ⟹ r_{1} = 0 or r_{2} = 0 by Z.D ⟹ 2 | a ⟹ 2 | b

Therefore, $2$ is a prime number

Primes and Irreducible

Prime and irreducible really mean the same thing, at least for the integers.

Fermat was said to be confused about this difference too. If factorisation of irreducible numbers was unique, then Fermat’s last Theorem would’ve been a lot easier (why?) In other things however, this is not always true. For instance, consider the ring:

R = {a + b \sqrt{5}, a, b, \in Z}

Now, I hope we can agree that

2 | 4 = (\sqrt{5} + 1) (\sqrt{5} - 1)

But $2$ does not divide $\sqrt{5} + 1$ , so by definition of a prime, $2$ is not prime

prime $⟹$ irreducible:

Assume $p$ is prime and $p = a b, b > 0$ (premise)
By definition, $p | a$ or $p | b$ .
WLOG (without loss of generality), assume that $a = p k, k \in Z$ Then:

p = a b = p k (b) = p (k b)

By the cancellation lemma, we have $1 = k b$ so $b \leq 1$ . But as $b > 0 ⟹ b = 1 ⟹ a = p$ . Therefore, $1, p$ are the only positive divisors of $p$ , so $p$ is irreducible

Irreducible $⟹$ prime

Note that this is not always true, as with our example in the ring, but in integers, this will work
So let $p$ be irreducible and suppose $p | a b$ . Then we want to show that $p | a$ or $p | b$

As $p$ is irreducible and since $gcd (a, p)$ is a positive divisor of $p$ , then $gcd (a, p)$ must be $1$ or $p$

If the $gcd (a, p) = p$ , then as $gcd (a, p)$ also divides $a$ , it follows that $p | a$

On the other hand if the $gcd (a, p) = 1$ , then by definition $a$ and $p$ are co-prime and by Bezout's identity, we have that:

1 = p x + a y

Multiplying the entire equation by $b$ we have:

b = p b x + a b y

By our assumption, as $p | a b ⟹ p | a b y$ and $p | a b x$ . Therefore the RHS is divisible by $p$ and therefore $p | b$

Lemma 4.4: If $p$ is prime and $p | a_{1}, \dots a_{k} ⟹ p | a_{i}$ for some $i$ - this can be proved by induction, which is in the notes

The Fundamental Theorem of Arithmetic

Each integer $n > 1$ has prime-power factorisation:

n = p_{1}^{e_{1}} \dots p_{k}^{e_{k}}

Where $p_{1}, \dots, p_{k}$ are distinct primes and $e_{1}, \dots e_{k}$ are positive integers. The factorisation is unique, apart from permutation of the factors

Say I wrote a prime factorisation of $12$ , how can I know that the prime factorisation is unique? That's exactly what the fundamental theorem of arithmetic allows us to do - every integer $n > 1$ is can be written as a product of primes, and this factorisation is unique up to reordering.

The proof of this has two parts:

Existence - every integer has a prime-power factorisation
Uniqueness - this factorisation is the only one

Existence - using strong induction

Base case: $n = 2$ . We proved earlier that $2$ is prime, so its factorisation is simply: $2 = 2^{1}$

Induction hypothesis: assume every integer strictly between $1$ and $n$ already has a prime-power factorisation.

Inductive step: prove it for $n$ . There are two cases here:

1 - $n$ is prime, which case $n = n^{1}$ and we're done
2 - $n$ is composite

In case 2, let $n = a b, 1 < a, b < n$

Now both $a, b$ have prime power decomposition by the induction hypothesis, so by substituting these into the equation $n = a b$ , and then collecting powers of each prime $p_{i}$ , we get a prime-power factorisation for $n$

Uniqueness

This will also be done by strong induction.

Base case: Suppose $n = 2$ has factorisation $2 = p_{1}^{e_{1}} p_{2}^{e_{2}} \dots p_{k}^{e_{k}}$

Then by definition each prime $p_{i} \geq 2$ . If there is any prime $p_{1} > 2$ contradicts $p_{1}^{e_{1}} p_{2}^{e_{2}} \dots p_{k}^{e_{k}} = 2$
Hence the only factorisation of $2$ is $2^{1}$

Induction step: assume that $n > 2$ and that for every integer strictly between $1$ and $n$ has a unique prime factorisation up to ordering

Now suppose we had two different factorisation:

n = p_{1}^{e_{1}} p_{2}^{e_{2}} \dots p_{k}^{e_{k}} = q_{1}^{f_{1}} q_{2}^{f_{2}} \dots q_{l}^{f_{l}}

Where all $p_{i}$ and $q_{i}$ are primes. Then our aim to show that these two sets of distinct primes are the same, up to reordering

From the first factorisation, we have that: $p_{1} | n$
So in the second factorisation, by Lemma 4.4 earlier, we know that:

p_{1} | q_{1}^{f_{1}} q_{2}^{f_{2}} \dots q_{l}^{f_{l}}

Since $p_{1}$ is prime, it must divide one of the $q_{j}$ , but each $q_{j}$ is prime too. So the only possibility is that: $p_{1} = q_{j}$

This essentially allows us to match up one prime from each factorisation. WLOG, we can order the primes so that: $p_{1} = q_{1}$

Now we have that

p_{1}^{e_{1}} p_{2}^{e_{2}} \dots p_{k}^{e_{k}} = q_{1}^{f_{1}} q_{2}^{f_{2}} \dots q_{l}^{f_{l}}

We can cancel $p_{1} = q_{1}$ from both sides to get:

p_{1}^{e_{1} - 1} p_{2}^{e_{2}} \dots p_{k}^{e_{k}} = q_{1}^{f_{1} - 1} q_{2}^{f_{2}} \dots q_{l}^{f_{l}}

And this new number is strictly smaller than $n$ .

If this new number is $1$ , the $k = l = 1, e_{1} = f_{1}, p_{1} = q_{1}$ , so the two factorisation were the same.

Otherwise, $p_{1}^{e_{1} - 1} p_{2}^{e_{2}} \dots p_{k}^{e_{k}}$ is strictly between $1$ and $n$ so by the induction hypothesis, it has a unique prime factorisation up to reordering. So $k = l, e_{1} - 1 = f_{1} - 1$ and $p_{2}^{e_{2}} \dots p_{k}^{e_{k}} = q_{2}^{f_{2}} \dots q_{l}^{f_{l}}$ up to reordering.

Hence by induction, this holds $\forall n > 1$

We can how take this theorem and show that if a positive integer $n$ is not a perfect square, then $\sqrt{n}$ is irrational, i.e. if $n$ is not a perfect square, then there are no non-zero integers s.t. $b^{2} n = a^{2}$
This can be done by a proof by contrapositive, look at the notes for this.

Distribution of Primes

Euclid’s Proof of Infinitely Many Primes

Our strategy here is fairly simple:

Assume that we have a finite number of primes
Use them to build a new prime number that cannot be divisible by any of them
So we've missed at least one prime
Therefore, there must be infinitely many

Assume we have all the primes are:

p_{1}, p_{2}, \dots p_{k}

Now we define a new number:

N = p_{1} p_{2} \dots p_{k} + 1

Now we look at the product of the primes in $N$ . We can notice that every prime $p_{i}$ divides that product, but $N$ is exactly $1$ more than the product of all the primes.

So none of the primes $p_{1} . . . p_{k}$ divide $N$

By the fundamental theorem of arithmetic that we proved earlier, every integer has a unique prime factorisation, so $N$ must have at least one prime divisor, say $q$

But since none of the primes in our list can divide $N$ , this new prime $q$ cannot be one of the primes in $p_{1}, . . . p_{k}$ , therefore $q$ is another prime, which contradicts the assumption that we had all the primes

Estimating Distributions

I won't go into a lot of detail for this section, mostly because it's explained in the notes, but there are few decent, and not so decent, ways of estimating primes which can be proved by strong induction.

A very weak estimation is given by:

The n th prime p_{n} satisfies p_{n} \leq 2^{2^{n - 1}} \forall n \geq 1

The Prime Number Theorem however, is more of the interesting side of things, which uses this function:

li x = \int_{2}^{x} \frac{d t}{\ln t}

It tells us how the proportion of primes goes, something else which might be of interest is to look up Skewe's number

5. Congruences

Fun fact: a perfect square must leave a remainder $0$ or $1$ when divided by $4$

Definition Let $n$ be a positive integer, and let $a$ and $b$ any integers, we say that $a$ is congruent to $b \mod n$ written as:

a \equiv b \mod n

If $a$ and $b$ leave the same remainder when divided by $n$ , then the remainder if the residue of $a$ (or $b$ ) module $n$ And the number $n$ is the modulus

There is more than one way to think about congruence, the following are equivalent:

What the above essentially means is that is a divide $a$ or $b$ by $n$ , then both of those remainders are the same. So $a = q_{1} n + r$ and $b = q_{2} n + r$ and when we rearrange, we get: $a = b + (q_{1} - q_{2}) n$

a \equiv b \mod n ⟺ \exists k \in Z s . t . a = b + k n

Proving the next statement is just a rearrange to get: $(a - b) = k n$ which is the same as:

a \equiv b \mod n ⟺ n | (a - b)

so $a \equiv b \mod 2$ means both $a$ and $b$ have the same parity, either they’re both even or both odd

The properties of reflexive, symmetric and transitivity can also be seen for congruence:

a \equiv a \forall a \in Z

a \equiv b ⟹ b \equiv a

a \equiv b \land b \equiv c ⟹ a \equiv c

Modular Arithmetic

We can also think of modular arithmetic as the arithmetic in the quotient ring $Z / (n)$ . It's like all the numbers that differ by a multiple of $n$ where $n$ is the ideal $(n) = {n k : k \in Z}$

Another intuition is to think of digits in base $n$ , so working on $\mod 7$ is like throwing away full multiples of $7$ and only taking the last digit.

Arithmetic of Congruences

For any $n \geq 1$ , if $a \equiv b \mod n \land u \equiv v \mod n$ :

a + b \equiv u + v \mod n

a b \equiv u v \mod n

Now, if $a \equiv b \mod n$ and $i \in N_{0}$ , then

a^{i} \equiv b^{i} \mod n

However, it’s important to note that if $a, b \in Z$ and $i \equiv j \mod n$ , then:

a^{i} ≢ a^{j} \mod n

A simple example is that, $2^{1} ≢ 2^{10} \mod 9$ even though $1 \equiv 10 \mod 9$

Cancelling factors in congruences

Suppose $a x \equiv a y \mod n$

Now, we want to cancel out $a$ , but can we do that? By using another equivalent definition we get that:

a x \equiv a y \mod n ⟺ n | a (x - y)

Now, cancellation is allowed $⟺ gcd (a, n) = 1$ , i.e. $a, n$ are co-prime. This is because then the only way for $n$ to divide $a (x - y)$ is for it to divide $(x - y) ⟹ x \equiv y \mod n$

Once again, notice the pattern, happens to links back to primes and composites and irreducibility

Multiplicative Inverses

Definition

A multiplicative inverse modulo $n$ for a number $a \in Z$ is a number $x \in Z$ s.t. $a x \equiv 1 \mod n$

And this inverse exists $⟺$ $gcd (a, n) = 1$

We can notice that this comes directly from Bezout's Identity, as if $gcd (a, n) = 1$ , then $\exists x, y \in Z$ s.t. $a x + n y = 1$ . So solving a multiplicative inverse is the same as finding solution to linear Diophantine equation, which we have proved before.

And similar to linear Diophantine equations, if it has one solution, then it has infinitely many solutions, form a congruence class (more on this in the later section)

Divisibility

If one number divides another, then we can say that:

n | m ⟺ m \equiv 0 \mod n

So if $n$ divides $m$ , then $m$ leaves remainder $0$ when divided by $n$

For example, consider want to prove that $6 | a (a + 1) (2 a + 1)$
We can use the fact above to rewrite this as:

a (a + 1) (2 a + 1) \equiv 0 \mod 6

Now, instead of trying to expand the expression, we can see that integer is congruent to one of $0, 1, 2, 3, 4, 5 \mod 6$ , i.e. $a \equiv 0, 1, 2, 3, 4, 5 \mod 6$ . It's like the remainder theorem. So by checking those $6$ cases proves the statement for all integers

Another example is suppose we want to show that:

a^{2} \equiv a \mod 2

Now we don't need to test this for all the integers, all we need to do is test this for $a = 0, 1$ and we're done. Because when we divide by $2$ , we only have $2$ possible remainders.

So to prove something for all integers, we can only check for possible remainders, because modulo $n$ every integer behaves like its remainder.

Theorem 5.17
If $p$ and $q$ are co-prime, then $a, b \in Z$ ,

a \equiv b \mod (p 1) ⟺ a \equiv b \mod (p) \land a \equiv b \mod (q)

What this basically means is that to check divisibility by $p q$ , it's enough to check divisibility by $p$ and $q$ when $p$ and $q$ are co-prime. And so with our previous example, we can say that:

6 | a (a + 1) (2 a + 1) ⟺ 2 | a (a + 1) (2 a + 1) \land 3 | a (a + 1) (2 a + 1)

This works as $2, 3$ are co-prime

Residues

A complete set of resides modulo $n$ is a set of $n$ integers containing a unique element from each congruence class $\mod n$ .

What this means is that every integer $m$ is congruent to exactly one residue:

m \equiv r \mod (n) for a unique r \in {0, 1, . . . n - 1}

By the remainder theorem, we have that every integer $a$ can be written in the form of:

a = q n + r 0 \leq r < n

So $r$ in this cases it the residue of $a \mod n$ . It's the remainder theorem rephrased.

And then, two numbers are congruent $\mod n$ if they give the same residue

The least non-negative residues of any number then is just the remainder when we divide by $n$

And then least absolute residues just allows us to work with both positive and negative residues. Sometimes, the usual residues are to big. Consider $\mod 100$ , the residue of a number might be $99$ , but it would be nice to work with $- 1$ because $99 \equiv - 1 \mod 100$ . So instead of choosing a remainder between $0, n - 1$ , we just choose the one closest to $0$

So when $n$ is odd:

r = 0, \pm 1, \pm 2 \dots \pm \frac{n + 1}{2}

And when $n$ is even:

r = 0, \pm 1, \pm 2 \dots \pm \frac{n}{2} - 1, + \frac{n}{2}

Polynomials over $Z_{n}$

If $f (x)$ is a polynomial with integer coefficients, and $n \geq 1$ , then if

a \equiv b \mod (n) ⟹ f (a) \equiv f (b) \mod (n)

The proof of this is fairly trivial, as using the previous lemma we can show that all powers can be written using powers which work with the congruence rules of addition and multiplication. So $Z_{n}$ is just a ring

Showing that a polynomial has no integer roots

First, to show that a polynomial has a root, say $f (x) = a_{n} x^{n} + . . . + a_{1} x + 0$ , we have to show that $\exists r \in Z$ s.t. $f (r) = 0$ . Therefore, to show a polynomial has no integer roots, we're essentially trying to show that $f (r) \neq 0 \forall r \in Z$

However, we cannot test infinitely many integers, so instead we pick a modulus $n$ and show that for every possible residual class $\mod n, f (r) ≢ 0 \mod n$ . This works well because every integer is congruent to exactly one residual class.

The reason is this works is because if a polynomial has an integer root, then it must have a root $\mod n$ , so a proof by contrapositive means that if an integer has no root $\mod n$ , then it cannot have integer root.

Consider the example: show that $f (x) = x^{2} + x + 1$ has no integer roots

We can do a proof by contrapositive to show that if $f (x)$ has no root $\mod n$ , then $f (x)$ has no integer root. We need to find an $n$ s.t. for all resides $r$ , $f (r) ≢ 0 \mod n$

Now, choosing a value for $n$ is trial-and-error.

If a polynomial has even/odd patterns - $\mod 2$
Sums like $x^{2} + x$ - $\mod 2, 3$
Squares or cubes - $\mod 4$
Constant term is small - try a divisor of it

So for the example, we can try $\mod 2$ , which has only two resides: $0, 1$

r = 0 : f (0) = 0 + 0 + 1 = 1 \equiv 1 \mod 2

r = 1 : f (1) = 1 + 1 + 1 = 3 \equiv 1 \mod 2

So for both residuals, we don't have a $0 \mod 2$ , and therefore by proof by contrapositive, $f (x)$ has no integer solutions.

Congruence Classes

Using the property of equalities, we define an equivalence relation $\sim$ if:

$a \sim a$ (reflexive)
$a \sim b ⟹ b \sim a$ (symmetric)
$a \sim b \land b \sim c ⟹ a \sim c$ (transitive)

Equivalence class

Let's start with a simple question: how many different types of integers are there $\mod 4$ ?
Every integer is either something that leaves remainder $0, 1, 2, 3$ when divided by $4$ , so there are only $4$ kinds of integers $\mod 4$ .

So an equivalence class is just the set of all integers that are equivalent under some rule

So the equivalence class of $x_{0}$ is just the set of all integers that give the same remainder as $x_{0}$ when divided by $n$

[x_{0}] = {x \in X : x \equiv x_{0} \mod n}

The class are disjoint, i.e. each integer belongs to exactly one class and this is what makes a partition

Partitions

A partition is just a collection of subsets that satisfy:

The set is disjoint
The union is the whole set

Congruence classes form a partition has every integer is congruent to exactly one remainder
No two integers can have two different remainders $\mod n$

So the congruence classes form a partition in $Z$ , and each equivalence class is one pieces in that partition:

[a] = {b \in Z | b \equiv a \mod n} = {a + k n : k \in Z} {. . ., a - 2 n, a - n, a, a + n, a + 2 n, . . .}

This is also a set of sets of numbers

$Z_{n}$ is a ring

Things being well-defined is just about addition and multiplication giving the same equivalence class when working with congruences. And once both of those operations are well-defined, then $Z_{n}$ by definition is a ring.

Linear Congruences

The process for solving linear congruences is very much the same as for solving linear diophantine equations:

If $d = gcd (a, n)$ then the linear congruence

a x \equiv b \mod n has a solution ⟺ d | b

And if $d$ does divide $b$ and if $x_{0}$ is any solution, then the general solution is given by:

x = x_{0} + \frac{n}{d} t

And like mentioned before, the solutions form exactly $d$ congruence classes $\mod n$ with representatives:

x = x_{0}, x_{0} + \frac{n}{d} t, x + \frac{2 n}{d} t, \dots x_{0} + (d - 1) \frac{n}{d} t

Congruence class of solutions

Consider the congruence $x \equiv 3 \mod 7$ . What this means is that $x$ leaves a remainder $3$ when divided by $7$ , so the solutions to all such values of $x$ is the set of all numbers which we call a congruence class:

[3]_{7} = {3, 10, 17, 24 \dots - 4, - 11, - 18 \dots}

And this set is another way of all the numbers in the form of: $x = 3 + 7 k$

Simplifying congruences

Now, say we want to simplify a congruence like $a x \equiv b \mod n$

Recall that division $\mod n$ is not always allowed, so we need to be careful when simplifying or cancelling factors. Look up Lemma 5.40 for a more concise explanation.

There are essentially to cases we need think about when dealing with simplification

Case 1: general case

Suppose $m$ divides $a, b$ and $n$ , then

a = a^{‘} m, b = b^{‘} m, n = n^{‘} m

And

a x \equiv b \mod n ⟺ a^{‘} x \equiv b^{‘} \mod n^{‘}

So if everything has a common factor of $m$ , then we can cancel that factor from the congruence exactly as we do in normal arithmetic

Case 2: coprime case

If $a, n$ are coprime, and $m$ divides $a, b$ , then

a x \equiv b \mod n ⟺ a^{‘} x \equiv b^{‘} \mod n

So if $a, n$ share no common factors, we can divide by any common factor of $a$ and $b$ without changing the modulus.

It's important to keep the two cases above in mind when solving congruences in the next section

Algorithm to solve congruences

Suppose we have the congruence: $10 x \equiv 6 \mod 14$

What this is asking is essentially, which integer $x$ produces a number that has a remainder $6$ when multiplied by $10$ and then divided by $14$ . i.e. we want to find all values of $x$ s.t. $14 | 10 x - 6$ which is equivalent to solving:

10 x - 6 = 14 k

It's important to point out that congruences themselves are not equations, they describe a pattern of remainders. So when we're solving a congruence, we're not looking for a single number, but rather finding a whole equivalence class.

Step 1: check whether a solutions exists

A congruence $a x \equiv b \mod n$ has a solution $⟺ gcd (a, n) | d$

The $gcd (10, 6) | 14$ so a solution exists

Step 2: Simplify the congruence

Since the $gcd$ is $2$ , we can divide everything by $2$ using Case 1

10 x \equiv 6 \mod 14 ⟹ 5 x \equiv 3 \mod 7

This essentially makes the numbers smaller and ensures that the new coefficients and modulus are coprime

Then we check the $gcd (5, 7) = 1$ which means $5$ and $7$ and now we can solve the congruence by finding a multiplicative inverse

We can see that $5 \cdot 3 = 15 \equiv 1 \mod 7$ , so $5^{- 1} \equiv 3 \mod 7$

So we can multiply both sides by $3$ to get:

3 \cdot (5 x) \equiv 3 \cdot 3 \mod 7

The LHS becomes: $(3 \cdot 5) x \equiv 1 \cdot x$ and the RHS is: $3 \cdot 3 = 9 \equiv 2 \mod 7$

Therefore:

5 x \equiv 3 \mod 7 ⟹ x \equiv 2 \mod 7

So $x_{0}$ is a particular solution, so the general solution has the form: $x = 2 + 7 t$

Simultaneous Linear Congruences

If we think of congruence like clock arithmetic, then simultaneous congruence is just finding a value for $x$ that satisfies more than one 'clock condition' simultaneously

Chinese Remainder Theorem (CRT)

Imagine we want to solve the congruence:
$x \equiv 4 \mod 5$
$x \equiv 2 \mod 3$

Intuitively, we want to think of numbers have coordinates modulo primes. So take $\mod 3$ and $\mod 5$ for example. A number $x$ can be described by:

Its $\mod 3$ coordinate
Its $\mod 5$ coordinate

So with the original problem we're looking for a number $x$ s.t. when we divide it by $5$ , we get remainder $4$ and when we divide it by $3$ , we get a remainder of $2$

So we can check the numbers $0 - 14$ and see that the solution is $x = 14$
As if $x = 14$ , then

$14 \equiv 2 \mod 3$
$14 \equiv 4 \mod 5$

So what the CRT tells us is that every pair of these coordinates corresponds to exactly one number $\mod 15$ . The lecture notes explain this intuition fairly well with the grid

We can also think of uniqueness as a bijection, since $\mod 3$ gives up $3$ options and $\mod 5$ gives us $5$ options. So a total of $15$ possible pairs and each pair corresponding to one $x \mod 15$

Formally, the CRT gives us a complete solution to such problems:
Definition

Let n_{1}, n_{2} \dots n_{k} \in Z^{+} with gcd (n_{i}, n_{j}) = 1, i \neq j, Let a_{1}, a_{2} \dots a_{k} \in Z . Then

x \equiv a_{1} \mod (n_{1}), x \equiv a_{2} \mod (n_{2}), . . ., x \equiv a_{k} \mod (n_{k})

form a single congruence class \mod n, n = n_{1}, n_{2} \dots n_{k}

6. Lagrange's Theorem and Fermat's Little Theorem

Before we introduce Lagrange's Theorem it's important to know that it works only for congruence class of $Z_{p}$ where $p$ is prime. This means $Z_{p}$ is a field, where:

Every non-zero element has a multiplicative inverse

If $p$ was not prime, then polynomials would have more than $d$ roots, eg: $x^{2} - 1$ has $4$ congruence class roots $\mod 8$

Lagrange's Theorem

Definition
If $p$ is prime and $f(x) = a_d x

... + a_1x + a_0$ is a polynomial with integer coefficients and at least one coefficient is not $0 \mod p$ , then then congruence $f (x) \equiv 0 \mod p$ has at most $d$ solutions in $Z_{p}$

The proof is given in notes and it pretty good, so I won't bother rewriting it here, but I will convey the general idea.

Say $u$ was a root, then $f (u) \equiv 0$ and $(x - u)$ would divide $f (x) \mod p$

This is just the modular version of the factor theorem:

f (u) = 0 ⟺ (x - u) is a factor of f (x)

So every single root takes out one factor, and if we had more than $d$ roots, then we'd get more than $d$ factors of the form $(x - u_{i})$ which is not possible for a degree $d$ polynomial

Fermat's Little Theorem

a^{p - 1} \equiv 1 \mod p, a ≢ 0 \mod p

There are a few ways of proving this, without any knowledge of group theory, we think of multiplying all non-zero residues $\mod p$

1 \cdot 2 \dots p - 1

Then:

(p - 1)! \equiv (p - 1)! a^{p - 1} \mod p ⟹ (p - 1)! (1 - a^{p - 1}) \equiv 0 \mod p

And since $p$ and $(p - 1)!$ are coprime, we have that $a^{p - 1} \mod p \equiv 1$

This helps us finding roots of polynomials congruent to polynomials mod primes

Wilson's Theorem

Definition

An integer n > 1 is prime ⟺ (n - 1)! \equiv - 1 \mod n

This is an application of Fermat's Little Theorem, and it was first actually proved by Lagrange.

What this means is that when we are working $\mod p$ , we multiply all the nonzero elements: $1, 2, 3. . . p - 1$

So if $p$ is prime, that means everything cancels except $- 1$ , so all the elements have a multiplicative inverse. i.e. in the set ${1, 2. . . p - 1}$ every element can be paired with its inverse so they cancel out

For instance, take $p = 7$ , and then take all the set of numbers mod 7: ${1, 2, 3, 4, 5, 6}$

$2^{- 1} \equiv 4$
$3^{- 1} \equiv 5$
$1^{- 1} \equiv 1$
$6^{- 1} \equiv 6$

This gives us the pairings: $(2 \cdot 4) (3 \cdot 5) (1) (6) \equiv 1 \cdot 1 \cdot 1 \cdot (- 1)$

This gives us:
$6! \equiv - 1 \mod 7$

It's important to think for understanding why this won't work for composite numbers, because if $n$ was composite, then not every nonzero element would have any inverse, so we wouldn't have the pairings that lead to the cancellations.

For some supplementary resources/notes, I highly recommend watching Michael Penn videos which go through the proof of CRT, and everything else below.

Square roots $\mod p q$

Let $p$ be an odd prime, then:

x^{2} \equiv - 1 \mod p has a solution ⟺ p \equiv 1 \mod 4

Instead of thinking of this as a new theorem, consider the question that for $x^{2} \equiv a \mod p$ to have solutions, we want to know if $a$ is a square in the multiplicative system mod $p$

We want a formula for square roots: $x^{2} \equiv a \mod p$
Using FilT, we have that $a^{p - 1} \equiv 1 \mod p$

And if $a$ is a square, we have that

a^{\frac{p - 1}{2}} \equiv 1 ⟹ a^{\frac{p + 1}{2}} \equiv a ⟹ (a^{\frac{p + 1}{4}})^{2} = a^{\frac{p + 1}{2}}

So we have that $a^{\frac{p + 1}{2}}$ is a square root of $a$ only if $\frac{p + 1}{4}$ is an integer, and this only happens when $p \equiv 3 \mod 4$

Linking back to Wilson's theorem, we have that:

(p - 1)! \equiv - 1 ⟹ (- 1)^{\frac{p - 1}{2}} \equiv - 1 \mod p

Now, if $x^{2} \equiv - 1 ⟹ x^{4} \equiv 1$ . So the order of $x$ divides $4$ which can only happen if:

4 | (p - 1) ⟺ p \equiv 1 \mod 4

7. Euler's Function

This section does not contain any proofs as they were covered in good detail in the lectures notes.

Euler’s Totient Function

When working $\mod n$ , we want to know how many of those numbers are coprime to $n$ , because those numbers behave nicely under multiplication. And all Euler's function does is count how many of such numbers exist:

ϕ (n) = number of integers 1 \leq k \leq n that are co-prime to n

Euler’s Theorem

gcd (a, n) = 1 ⟹ a^{ϕ (n)} \equiv 1 \mod n

When $n = p$ is prime, we can see that every $1 \leq a \leq p - 1$ is co-prime to $p$
So $ϕ (p) = p - 1$

And by Euler's theorem, we have that: $a^{p - 1} \equiv 1 \mod p$

Which is just Fermat's Little Theorem! So FLT is just a special case of Euler's

Euler’s Product Formula

This formula tells us how to compute $ϕ (n)$

n = p_{1}^{k_{1}} \dots p_{r}^{k_{r}} ⟹ ϕ (n) = n \prod_{p | n} (1 - \frac{1}{p})

$m, n$ coprime $⟹ ϕ (m n) = ϕ (m) ϕ (n)$

8. Applications to Cryptography

RSA is a type of encryption which is essentially solving the problem of - how can two people communicate using only public information. You might've heard that RSA works well assuming that it's really hard to factorise really large prime numbers.

We we want to a function that is:

Easy to compute
Hard to reverse unless we know something

And exponentiation $\mod n$ is the perfect solution for this

We already know that computing $x^{k} \mod n$ is easy, and with Euler's Theorem, we know that exponents cycle modulo $ϕ (n)$

Suppose we choose two exponents $e$ and $d$ such that:

e d \equiv 1 \mod ϕ (n) ⟹ e d = 1 + k ϕ (n)

Now take any message $m$ with $gcd (m, n) = 1$ and compute:

(m^{e})^{d} = m^{e d} = m^{1 + k ϕ (n)} ⟹ m \cdot (m^{ϕ (n)})^{k}

Euler's theorem gives us:

m^{ϕ (n)} \equiv 1 \mod n ⟹ m^{e d} \equiv \mod n

What this tells us that we can encrypt with $e$ and decrypt with $d$

If we want to apply Euler's Theorem, we need control over $ϕ (n)$ , and the invertibility of exponents $\mod ϕ (n)$ , therefore, we must choose $n = p q$ with $p, q$ being prime numbers as then:

ϕ (n) = (p - 1) (q - 1)

So to summarise, it's easy to:

Multiply two big primes $n = p q$ - this is public
Compute $m^{e} \mod n$

And it's hard to:

Factor $n$ back into $p q$
Compute $ϕ (n)$ from $n$
Find the inverse of $e \mod ϕ (n)$

Therefore the public key in RSA is $(n, e)$ is the private key is $d$ or equivalently $(p, q)$

Link back to Home page

HTML version

1. Introduction to Proofs and Logic

Set notation

Quantifiers - they help us turn predicates into statements

Logical operators

Rules - flashback to AQA CS being actually useful

Proving the De Morgan’s Laws - on Anki

Negating quantifiers

Implications

Converse and Contrapositive

Proofs

Rules of Equality

Proof by contradiction

Example- proving 2 is irrational

2. Integers

Proof that 0<1 (proof by contradiction)

Note on the Well-ordering principle

Proof of 1 being the least element of the set N1 of positive integers

Proof by Induction

Proof of the proof by induction

Example

Weak vs Strong induction

Decimal Expansions

Remainder Theorem

Proof of the remainder theorem

Existence

Showing r<|b|

Uniqueness

3. Divisibility and Euclid’s Theorem

Greatest Common Divisor

Euclidean Algorithm

Divisors and Linear Combination

Proof of Euclid’s Algorithm

Euclid’s Algorithm for Polynomials

Bezout’s (Bucket) Identity

Ideals

Proof of Bezout’s Identity

Lamé’s Theorem

Co-prime integers

Least Common Multiple

Linear Diophantine Equations

Proof

4. Prime Numbers

Primes and Irreducible

prime ⟹ irreducible:

Irreducible ⟹ prime

The Fundamental Theorem of Arithmetic

Existence - using strong induction

Uniqueness

Distribution of Primes

Euclid’s Proof of Infinitely Many Primes

Estimating Distributions

5. Congruences

Modular Arithmetic

Arithmetic of Congruences

Cancelling factors in congruences

Multiplicative Inverses

Divisibility

Residues

Polynomials over Zn

Showing that a polynomial has no integer roots

Congruence Classes

Equivalence class

Partitions

Zn is a ring

Linear Congruences

Congruence class of solutions

Simplifying congruences

Case 1: general case

Case 2: coprime case

Algorithm to solve congruences

Step 1: check whether a solutions exists

Step 2: Simplify the congruence

Simultaneous Linear Congruences

Chinese Remainder Theorem (CRT)

6. Lagrange's Theorem and Fermat's Little Theorem

Lagrange's Theorem

Fermat's Little Theorem

Wilson's Theorem

Example- proving $\sqrt{2}$ is irrational

Proof that $0 < 1$ (proof by contradiction)

Proof of $1$ being the least element of the set $N_{1}$ of positive integers

Showing $r < | b |$

prime $⟹$ irreducible:

Irreducible $⟹$ prime

Polynomials over $Z_{n}$

$Z_{n}$ is a ring

Square roots $\mod p q$