 This lecture is part of Berkeley Math 115, an introductory undergraduate course on number theory. And it will be about solving equations like fx is congruent to zero, modulo p, where p is a prime modulus. So just as background, we would recall that we've considered equations fx is congruent to zero, modulo m for m and arbitrary number. And we first showed that we can reduce the case when m is arbitrary to the case when we're working modulo p to the n using the Chinese remainder theorem. Next, we can reduce the case of working mod p to the n, the case of working mod p most of the time using Newton's method or Hensel's lemma. And so the third case is the case when p is a prime. So if we can solve the case when p is a prime, then we can sort of solve the case working modulo any number. And this lecture will be about this case here and previous lectures were about the other two cases. So how can we solve modulo p a prime? Well, first of all, there's the stupid method where we check x equals zero, one, two, up to p minus one. And this is fine if p is small, less than about 10 if you're doing by hand or maybe less than a million or a billion if you're doing it by computer, but it's quite hopeless if p is really large, maybe p has 100 digits in it or something and this would take far too long. So we want to find some methods for solving this equation, even when p is a really large prime. Well, let's start by looking at some advantages of p being prime as opposed to an arbitrary modulus. So the first example is there are no zero divisors. So a zero divisor is something that divides zero but isn't zero. So what this means is that if a b is common to zero modulo p, then either a is common to zero mod p or b is common to zero mod p, which is very useful. We recall that this definitely fails if p is not prime. For instance, two times three is common to zero mod six, but two is not common to zero mod six and three is not common to zero mod six. So it's sort of very disconcerting to have a product of two non-zero things that can be zero. The next nice property is that inverses exist, at least provided something is not zero. So if a is not common to zero mod p, then a b is common to one for some number b. And remember, we can find b quite rapidly using Euclid's algorithm or something like that. And of course, inverses obviously don't exist modulo six because two doesn't have an inverse, for example. These two properties are very closely related. In fact, if inverses of non-zero elements exist, this immediately implies there are no zero divisors. Another nice property is that polynomials of degree n have at most n roots. You sort of may remember this from high school algebra and you may think, well, we know that all polynomials of degree n have at most n roots, but it's actually not true if you're not working modulo a prime. For example, we just recall that x squared minus one mod eight has four roots, one, three, five, and seven. So if you're not working modulo a prime, then usually polynomials of degree n may have an unexpectedly large number of roots, which is, again, rather inconvenient. Next, we've got Fermat's theorem, which says that x to the p is congruent to x mod p. And this is one of the absolute basic results in number theory we use all the time. And you may say, well, if we're not working modulo a prime, we've got Euler's theorem x to the phi of m is congruent to one modulo m. But this just isn't as easy to use. I mean, we've got to start using Euler's totient function, which is a little bit messy, and being able to raise things to the power of the prime p makes life so much easier. And another advantage is primitive roots. So primitive roots exist modulo p. And I'm not gonna say anything very much about primitive roots this lecture, but we'll be covering them in a later lecture. Anyway, this is another big advantage of primes that we have primitive roots. So let me first say a little bit more about why the polynomials of degree n, if this is a polynomial mod p, has at most n roots provided p is prime. So in order to understand why we need p to be prime, let's go through the usual proof of this and see why it works for p prime and fails if p is not prime. So suppose we've got a polynomial fx of degree n. And suppose a is a root. This means f of a is equal to zero. Now, what we do is we take f of x and we divide it by the polynomial x minus a, and we get g of x plus some remainder r. So we can always divide a polynomial by some other polynomial of leading coefficient one, and we get a quotient and a remainder. And now if we put x equals a, we have f of a equals a minus a times g of a plus the remainder. And this is zero because a is a root and this is obviously zero. So r equals zero. So f of x is equal to x minus a times g of x. So whenever a is a root of a polynomial, the polynomial is divisible by x minus a. And now we can try and show that f has at most n roots by induction. Well, we know g has at most n minus one roots as the degree of g is equal to n minus one and we're applying some sort of inductive hypothesis to g. So if b is a root, so if fb equals zero, this implies b minus a times g of b equals zero, which implies b equals a or b is a root of g. And this is the key point of the proof because this step here, we're using the fact that there are no zero divisors, modulo p, I guess. And so if there are zero divisors, we can't conclude that b must be either a or a root of g. Well, obviously if b is a or a root of g, this immediately implies there are at most n roots of f. So polynomials to the degree n modulo p have at most n roots. And let's just see this step actually failing if we're not working modulo of prime. So I suppose we take f of x to be x squared minus one and we work mod eight. Then obviously there's a root, which is just one. So we write x squared minus one is equal to x minus one, x plus one. But the problem is if this is zero, it doesn't imply that one of the two factors is zero. For instance, if we put x equals three, we get factor three minus one times three plus one. And this is not congruent to zero. And this is not congruent to zero, mod eight of course, but this product is congruent to zero, mod eight. So we found a new root of x squared minus one that isn't a root of either of its factors. So let's have a look at a particularly important polynomial. And look at its roots. So let's take the polynomial x to the p minus x. And we know it's roots by firma. So the roots are just zero, one, two, up to p minus one, mod p. Of course anything else is a root, but these are the p distinct roots modulo p. So as before, we can take this polynomial and divide it by x minus a root. And we see that it's divisible by x times x minus one times x minus two all the way up to times x minus p minus one because these are all distinct roots. And now we notice that these polynomials have the same degree and the same leading term. So they must actually be the same. And we find extra p minus x is congruent to this modulo p. And now we can get some nice identities by just expanding this out. So let's first do a few explicit examples. So we have x times x minus one times x minus two is equal to x cubed minus three x plus two x. So this is p equals three. I guess I should do the case p equals two with x, x minus one equals x squared minus x. So this is p equals two. For p equals five with x, x minus one, x minus two, x minus three, x minus four is equal to x to the five minus 10x plus 35, so 10x to the four plus 35x cubed minus 50x squared plus 24x. And we notice that a lot of the coefficients are divisible by p. So this coefficient is divisible by three. These coefficients are divisible by five. And if we go on like this, let's do the one more case, x, x minus one, all the way up to x minus six. And this is equal to x to the seven minus 21x to the six plus 175x to the five minus 735x to the four plus 1624x cubed minus 176x squared plus 720x. And again, if you're really good at mental arithmetic, you will have noticed that all these numbers are divisible by seven. And these two aren't, of course, because those are the ones that are the x to the seven minus x. And how do we calculate these coefficients? Well, if we expand this out, we see all these coefficients come by adding up various products of the numbers here. So for example, this 10 is one plus two plus three plus four. And I guess I should have a plus zero. This number 35, we get by adding up all products of pairs. So zero times one plus zero times two and so on. See these zero times something are a bit silly. We get plus one times two plus one times three plus one times four plus two times three plus two times four plus three times four. And the 50 is going to come from, I'll miss out the ones with the zero and I'm getting bored of them. So we get one times two times three plus one times two times four plus one times three times four plus two times three times four and so on. So if we multiply this out explicitly, we see we get x times x minus one all the way up to x minus p minus one is equal to x to the p minus sigma one x to the p minus one plus sigma two x to the p minus two minus sigma three x to the p minus three all the way up to plus or minus sigma to the p minus one x plus zero because the sigma p is zero. Where sigma p is the sum of all the products of, sorry, sigma i is the sum of all products of i of these. So for example, sigma one is equal to one plus two plus three. So I should have a plus zero and sigma two is equal to zero times one plus zero times two plus one times two and so on. And sigma three is all sums of one times two times three plus one times two times four and so on. And we get all the way up to sigma p minus one is just one times two all the way up to times p minus one plus zero times various factors which is a bit stupid to write out. So in fact, sigma p minus one is just p minus one factorial. Well, all of these things are just congruent to zero mod p by what we said earlier. This one must be congruent to minus one mod p because it's the coefficient of x in x to p minus x. At least if x is odd, if x is even, this is actually also true but you sort of think slightly more about it. So we in fact get another proof of Wilson's theorem that p minus one factorial is congruent to minus one mod p, so this is Wilson's theorem all over again. So you can think of all these others as being a sort of variation of Wilson's theorem except we've got some slightly more complicated sums and they're all congruent to zero. So we can give an application of this to something called Volstein-Holm's theorem. Actually, there are several slightly different theorems called Volstein-Holm's theorem. So I'll first do the sort of easy in fact rather trivial case of it and then I'm a slightly more interesting one. So this is the one where you look at the denominator one plus a half plus a third all the way up to plus one over p minus one. And Volstein-Holm's theorem says that the numerator is divisible by p. Well, we should start off by checking this for a few small values of p. So let's try p equals two and this sum is one over one plus, oops. Well, this is just one and the numerator of this is certainly not divisible by p. It's odd not even. So, so Volstein-Holm's theorem seems to be wrong in the most silly possible way. Well, that's because I missed out a condition it's divisible by p if p is greater than two. It looks like a rather stupid condition. It looks as if I just sort of randomly added the simplest possible condition I can think of to avoid the obvious counter example. Well, let's check it for a few other cases just to make sure I haven't forgotten any other conditions. So for p equals three, we get one plus a half which is three over two. For p equals five, we add up one plus a half plus a third plus a quarter which is 25 over 12. For p equals seven, we get 49 over 20 and for p equals 11 we get 7381 over 2520 and so on. And you notice this is divisible by three, by five, by seven. And if you think for a moment you can see this is divisible by 11 unless I've made a stupid mistake. So this theorem does seem to be okay. And now let's see why it's true. Well, that follows easily because if we take one plus a half plus a third plus one over p minus one we can expand this out. So it's one times two times three times p minus one on the bottom. And then on the top we've got one times two times all the way up to p minus two plus one times two all the way up to p minus three times p minus one and so on plus all the way up to two times all p minus one. So we've got all the sums of p minus two of these. So this is sigma P minus two, and this is sigma P minus one. And we know that sigma P minus two is common to zero mod P if P is greater than two. Because if P equals two, this is the sum of the zero. This doesn't work. Um, incidentally, there's another somewhat easier way of proving this. What we do is we look at all these fractions modulo P and we see that the numbers one, a half up to one over P minus one are all non-zero numbers modulo P. Because if you take all the numbers, non-zero numbers modulo P and then take all their inverses, you've again got all the numbers modulo P. So these are all congruent to one, two, three up to P minus one in some order. I don't mean that half is congruent to two and a third is congruent to three. That would be kind of stupid. What I mean is a half is congruent to one of these numbers and a third is congruent to another one of them. So one plus a half, plus all the way up to plus one over P minus one is congruent to one plus two plus P minus one, which is equal to P times P minus one over two. And this is divisible by P if P is not equal to two, because if P is equal to two, this factor of two on the bottom cancels out P. So that gives us second proof of the easy version of Volstein-Holm's theorem. Next, if we go back and look at our calculations, what we notice is that we've actually got something a bit better because we notice that this thing here is actually divisible by five squared. And this thing is divisible by seven squared. And think about a bit, this is divisible by 11 squared. So the numerator is not just divisible by P. It's actually divisible by P squared. And this gives us the sort of better version of Volstein-Holm's theorem. The numerator of one plus a half plus one over P minus one is divisible by P squared. Well, of course, it's enough to show that the numerator, instead of doing the numerator being divisible by P squared, we can, all we need to do is to show that sigma P minus two is divisible by P squared because the numerator is this time, something co-pront of P. So let's go back to our polynomial F of X, which is X minus one up to, all the way up to X minus P minus one. And we're going to put X equals P. And we get this as F of P is equal to P minus one times P minus two down to one, which is P minus one factorial. On the other hand, it's also equal to P to the P minus one minus sigma one P to the P minus two all the way down to plus sigma P minus three times P squared minus sigma P minus two times P plus sigma P minus one. And now we notice that sigma P minus one is just equal to this term here, P minus one factorial. So all this bit here is equal to zero. And now we notice that this bit here, everything except the last two terms is divisible by at least P cubed because we've always got P to the three or something there. So we find that sigma P minus three P squared minus sigma P minus two P is divisible by P cubed. So this just means that sigma P minus two is congruent to P times sigma P minus three modulo P squared. Well, sigma P minus three is going to be zero mod P if P is greater than three because all these all these sigmas were zero and less the subscript was zero. But if P is three, then this is sigma zero, which is not divisible by P. So this gives us sigma P minus two is congruent to zero modulo P squared if P is greater than three, which is what we are trying to show. It shows the denominator is divisible by P squared. So now that we've looked at the polynomial X, the P minus one minus one in some detail, let's look at the following general problem. Given a solution FX is congruent to zero, mod P, we have the following problems. Does it have solutions? So for instance, we might ask, does X squared is congruent to minus one, mod P have any solutions? Are there square roots of minus one? In this particular case, we saw that was true if P is congruent to two or one, mod four. Secondly, we can ask how many? And thirdly, we might want to find them. So these are increasingly difficult problems. And what I want to do is to start on showing how to solve these reasonably faster. Of course, all of these problems are easy to solve just by trial and error provided P is small. The real problem is try and solve them and P is too large to just check every possible case. Well, there's one neat way to find the number of solutions. Let's take the greatest common divisor of F of X and X to P minus X. So you remember this is X times X minus one times X minus P minus one. So the greatest common divisor will just be the product of X minus A where F of A is equal to zero. So the greatest common divisor will just be the linear factors of X to the P minus X that divide F of X. So we can find the number of distinct solutions is just the degree of this. So how many solutions, the number of distinct solutions is just going to be the degree of the greatest common divisor of F and X to the P minus X. So that's rather neat because we can find it how many solutions there are without actually finding them all. So let's do a rather trivial example. So let's do the number of solutions of X cubed minus X squared plus X minus one mod three. And of course, mod three, it would be faster just to check zero one and two to see if there's solutions. But I want to show this more an example of this more general method. Well, we just take the greatest common divisor with X cubed minus X. So we have X cubed minus X is equal to one times X cubed minus X squared plus X minus one plus X squared plus X plus one. So we're using Euclid's method. So we take this polynomial, divide it by that and take the remainder, which is X squared plus X plus one. Then we take this polynomial, X cubed minus X plus X squared minus, minus X squared plus X minus one, sorry, and we divide it by X squared plus X plus one and we get X plus one times X squared plus X plus one. And we have a remainder, which is minus X minus one. And then we take this X squared plus X plus one and we write it as X minus one times X minus one. And now there's no remainder, so we're finished. And the greatest common divisor is X minus one. And now we notice the degree is equal to one. So there is one root. Notice this won't detect multiple roots. If a polynomial has the root one three times, that will still only count as one root because X to P minus X only has single roots. Well, at first sight, this seems to give a neat method of finding the number of solutions. At second sight, to set your eyes, it seems to be useless because the time taken to find the greatest common divisor of two polynomials, F and G, is something to do with the degree of F plus the degree of G number of steps because each time you divide a polynomial by another, you're going to reduce the degree by one unless you're really lucky. And the problem here is that the degree of X to P minus X is P, which might be huge. So if P has 100 digits, you don't seem to, I mean, taking the greatest common divisor of X to P minus X is going to take about 10 to the 100 steps. And this is no better than just finding the roots one by one. Fortunately, there's a cunning method of speeding things up. So we want to speed up finding the greatest common divisor of X to P minus X and F of X. And how can we do this? Well, the key point, although the degree is huge, this is a sparse polynomial that most coefficients are zero, in fact, all but two of them are zero. And if one of the polynomials is sparse, then you can enormously speed up finding the greatest common divisor. Actually, this one is sparse and this one has small degree. And if one polynomial has small degree and the other is sparse, we can speed up the greatest common divisor by using the Russian peasant method. So what do I mean by this? Well, the key point is we want to work out, we want to find X to the P modulo F of X. And then once we found X to the P, it's easy to subtract X. So the key point is we want to work out this exponent. And now we can just use the Russian peasant method to find an X to the P. So we write P in binary and we calculate X, X squared, X to the four, X to the eight and so on, modulo F of X. And at each step, we should of course remember to reduce the polynomial modulo F of X so these powers don't get too big. And we should also reduce modulo P in order that the coefficients don't get too big. And once we've done that, we can actually calculate X to the P modulo F of X, actually rather fast. So although at first sight, this method seems to be rather slow, there's this cunning method of speeding it up. So we really can find the number of roots of a polynomial quite fast without actually finding the roots. By the way, I should say that by extending these ideas, you can not just find the number of roots of a polynomial, but you can actually find the roots explicitly and more generally, we can actually factor the polynomial into irreducible factors. I might say something more about this in a later lecture. In the meantime, we're just going to use this simple idea for finding the number of roots. So let's do an example. Suppose we take F of X to be X squared minus A. So we can ask when is A a square modulo P? And we can just look at the greatest common divisor the greatest common divisor of X squared minus A and X to the P minus X. So to do this, we take X to the P minus X and we divide it by X minus A. And this isn't actually very difficult to do. Let's write this as X to the P minus one minus one. So I don't have to worry about X equals zero, which is annoying. So we have X to the P minus one minus one is equal to X squared minus A. And then if we divide it, we get X to the P minus three plus A X to the P minus five plus A squared X to the P minus seven. So all the way down to plus A to the P minus three over two and then we get a remainder is A to the P minus one over two minus one. So this is the remainder. Here I'm taking, I should have said I'm taking P odd because if P is even, something always goes wrong. Not like you couldn't divide P minus one by two. And so we see that the greatest common divisor is going to be given like this. If A to the P minus one minus one is not zero. So if A to the P minus one over two minus one is not zero mod P, it means there's no root. And if A to the P minus one over two minus one is common to zero, there's a root. Well, A to the P minus one over two is common to plus or minus one because it's square is one by Fermat's theorem. So we have the following neat result which is originally due to Euler. A to the P minus one over two is common to plus one if A is square modulo P and minus one if A is not square. So this gives us a fast method to check if A is square mod P. All we have to do is to calculate this which we can do using the Russian peasant method of exponentiating and we just see whether it's one or minus one. Actually, this is a rather bad fast method. So I'll just say later on, we're going to replace by a faster method using something called the Jacobi or Jacobi symbol. So don't actually use this method to check whether A is a square or not. Although it's fast it's there is a much better method coming up in a few lectures. So let's have another example. If D divides P minus one then x to the D minus one congruent to zero mod P has exactly D roots. And we can see this by noting that x to the P minus one minus one is divisible by x to the D minus one if D divides P minus one. This is just because y to the N minus one is divisible by y. Here we take y equals x to the D and N is equal to P minus one over D. So that means the greatest common divisor of x to the P minus one minus one and x to the D minus one is just x to the D minus one. So all which has degree D so there must be exactly D roots of it. We can take a look at this. Let's take a look at cubes modulo seven and modulo 11. So modulo 11 all numbers are cubes. So that x cubed congruent to one has only one solution because there can't be any other number of order three because three doesn't divide 11 minus one. But modulo seven, if we look at the numbers modulo seven there's zero, one, two, three, four, five, six. So these two are cubes. And we notice that one cubed equals two cubed equals four cubed equals one and three cubed equals five cubed equals six cubed equals six. So three is dividing seven minus one. So there are three cubes of one and in fact three cubes of all the other numbers. So the number of cubes of one modulo some prime depends on whether P minus one is divisible by three or not. Okay, next lecture will be another theorem about solving equations modulo P called the Chevelle warning theorem where we will show an equation always as roots modulo P provided it has enough variables.