 This lecture is part of Berkeley Math 115, an introductory undergraduate course on number theory. Today I'll be talking mostly about some applications of Fermat's theorem. So in the previous lecture, I did Fermat's theorem and you remember it says that A to the p is congruent to A mod p whenever p is prime. There's a slightly alternative version which says that A to the p minus 1 is congruent to 1 mod p whenever p is prime and A and p are coprime. So in particular there's some power of A which is congruent to 1 mod p, at least under this condition here. And more generally, if we're given a number A and a number p, which will take to be prime for the moment, we say the order of A mod p is the smallest number n greater than 0 with A to the n is congruent to 1 mod p. So let's just work out the order of a few numbers. So let's take p equals 7 and try and work out the order of all numbers. So we can have A being 0, 1, 2, 3, 4, 5 or 6 modulo 7. If A is 0 mod p, it doesn't really have an order because there's no power of 0 that's going to be congruent to 1 mod 7. So we can cross that out. The remainder, well let's just work them out by hand. So here we have 1 to the power of 1 is congruent to 1, so what's the order? Well the order of 1 will be 1. If we take 2 we have 2 to the 1, 2 squared is 4 and 2 cubed is 8 which is congruent to 1, so the order of 2 is 3. If we take 3 we look at the powers, we have 3 with 3 squared which is 9 which is congruent to 2, then 3 cubed is going to be congruent to 6, then we get 4, then we get 5 and then we finally get 1. So 3 to the power of 1, 2, 3, 4, 5, 6 is equal to 1 so the order is 6. If we look at 4 we get the powers of 4 go 1, 4, 2, 1, so the order is 3, 5. If you work it out it's a bit like 3, you can do that for yourself. It turns out to order 6 and 6 squared equals 1, so 6 is order 2. So here are the orders mod 7. And what you notice about the orders there's 1, 3, 6, 3, 6, 2. They all divide 6. And the reason for this is as follows, the order of a mod p divides p minus 1. So we'll prove this in a moment but just before proving that I'll point out that we can also define negative powers of a. So what is a to the minus n? Well it's obviously just a to the minus 1 to the n. So we need to know when we can form the inverse of a. And we notice that if a and p is equal to, if a and p are co-prime, then a has an inverse modulo p. And what we're trying to solve is we're trying to show ax is congruent to 1 modulo p. And that just says that ax is equal to 1 plus p times y for some x and y. And this has a solution if a and p are co-prime by Euclid's algorithm. So this is just a linear equation which we can solve if these coefficients a and p are co-prime. Similarly, if p is replaced by any number m, we can say that the number has an inverse modulo m if it's co-prime to m. But we're just going to use the prime case for the moment. So if p does not divide a, we can form a to the n for all integers n. And just obeys the usual formulas that a to the m plus n is equal to, is congruent to a to the m times a to the n modulo p and so on. And now let's look at all the integers. So let's look at all the integers with a to the n is congruent to 1 modulo p. So all integers n. And we notice that this is closed under addition and subtraction because if a to the m is congruent to 1 and a to the n is congruent to 1, then it's easier to check that a to the m plus n is congruent to 1 because that's just this times this and a to the m minus n is congruent to 1. So since it's closed under addition and subtraction, it forms an ideal of the integers. So any subset of the integers closed under addition and subtraction is called an ideal. And we found all the ideals. These just consist of all multiples of some number k where this is the smallest element of the ideal. Well, what does this mean? Well, the smallest element of the ideal is just a fancy way of saying it's the smallest number such that a to the k equals 1. So in other words, so congruent to 1. So in other words, k is equal to the order of a modulo p. So we found the following result that a to the n is congruent to 1 modulo p if and only if the order of a divides n. Well, let's go back and we recall we've got Fermat's theorem which says that a to the p minus 1 is congruent to 1 modulo p. So obviously the order of a divides p minus 1. Very useful. If we go back to the example we had for 7, we saw that we checked this. The order of any element is always 1, 3, 6, 3, 6, 2. And we notice this always divides 6, which is in fact 7 minus 1. So now let's have some applications of this. So I can have the following theorem. Suppose p and q are primes and suppose p divides 2 to the q minus 1. We might look at something like we might be checking 2 to the q minus 1 to see if it's a prime. And we might have to sort of test all primes less than it to see if they divide it. Well, suppose that p does divide q minus 1. Well, this then puts a condition on p. So then p must be congruent to 1 modulo q. And let's see why this is true. Well, by assumption we have 2 to the q is congruent to 1 modulo p. So the order of 2 divides q by what we just said. The order of a number divides q if the number to the power of q is equal to 1. q is prime by assumption. So the order of 2 must divide q. It must be 1 or q. And we notice it can't be 1 because 2 to the power of 1 is not congruent to 1. So the order of 2 must actually be equal to q. Well, we also know that 2 to the p minus 1 is congruent to 1 by Fermat. So the order divides p minus 1. So q divides p minus 1 because q is equal to the order, which is what we are trying to prove. This says that q divides p minus 1. In other words, p is just congruent to 1 modulo q. So how can we do this? Well, let's apply this. Let's give a proof of the fact that 2 to the 13 minus 1 is a prime. Well, of course, this isn't terribly difficult to do except we want to do it by hand. Well, 2 to the 13 is 8191. And we could do it by checking all primes q less than the square root of 8191 to see if they divide it. And this will come down to checking all primes less than about, say, 91. 91 isn't actually prime, but never mind. Well, we could do that. I mean, there are only about 20 or so of them. But we can speed things up a lot because we know that if q divides 2 to the 13 minus 1, then q is congruent to 1 modulo 13. So that aren't actually all that many primes to check. We just look at all the numbers that are 1 mod 13. Well, in fact, since q is even, it must actually be 1 mod 26. We have 26 plus 1 equals 27. 52 plus 1 equals 53. 78 plus 1 equals 79. And then the next one is bigger than 100. Well, we don't need to bother checking 27 because that's not prime. So there are only two numbers to check. So all we have to do is we just check that 53 and 79 do not divide 8191. And I'm not actually going to do that because it's a fairly straightforward piece of long division. But you see, using Fermat's theorem has reduced the amount of effort by a factor of 10. Instead of checking the 20 or so primes less than that, we just reduced to checking two primes, which is a lot easier. Now let's apply this to Fermat primes. So I'll just give a quick review of these. You remember Fermat was looking at primes of the form 2 to the n plus 1. And if n has an odd factor bigger than 1, then it's not prime. And the reason for this is that x to the 2n plus 1 plus 1 is divisible by x plus 1, because it just sort of factorizes as x plus 1 times x to the 2 to the n minus x to the 2 to the n minus 1 plus and so on, plus 1. And you need this to be odd because otherwise you would find you needed a minus sign there which wouldn't work. So in other words, odd powers of numbers plus 1 have a strong tendency to have factors here. So if it's suppose n equals a b with a odd, then 2 to the n plus 1 equals 2 to the a b plus 1, which is equal to 2 to the b to the a plus 1, which is going to be divisible by 2 to the b plus 1. So that's no good. So if 2 to the n plus 1 is prime, this implies n is a power of 2. And as I mentioned earlier, Fermat showed that this is prime for 2 to the 1 plus 1, 2 to the 2 plus 1, 2 to the 4 plus 1, 2 to the 8 plus 1 and 2 to the 16 plus 1. So these are 3, 5, 17, 257 and 65537. And what we're going to do is try and check this as prime by hand. Okay, well we could do it by checking all primes up to the square root of this, which would be slightly less than 257. That would be possible and it wouldn't take more than a half an hour or an hour or something, but it's a bit tedious. However, we can speed things up a lot by using Fermat's theorem. So let's suppose that p divides 2 to the 2 to the n plus 1, and let's try and find some conditions on p. Well this says that 2 to the 2 to the n is congruent to minus 1 modulo p. And if we square this, we find that 2 to the 2 to the n plus 1 is just the square of this, is going to be congruent to minus 1 squared, which is congruent to 1 modulo p. So let's ask what is the order of 2 modulo p? Well the order divides 2 to the n plus 1, because here we've seen that that works. So it must be some power of 2 less than 2 to the n plus 1. So the order can be 1, 2, 4, up to 2 to the n, or 2 to the n plus 1. But the order does not divide 2 to the n. And the reason is that if we raise 2 to the power of 2 to the n, we get minus 1. So the order definitely can't be 1 for anything less than that. So the order is exactly 2 to the n plus 1. Well we also notice that 2 to the p minus 1 is congruent to 1 modulo p. So we know the order of 2 divides p minus 1. Well we worked out what the order of 2 was, it's 2 to the n plus 1. So 2 to the n plus 1 divides p minus 1, so p must be congruent to 1 modulo 2 to the n plus 1. Recall we were assuming that p divides 2 to the 2 to the n plus 1. So we've got a very strong condition on possible prime factors of Fermat numbers. So let's give a couple of applications of this. First of all let's show that 65537 which is 2 to the 16 plus 1 is prime. Well if p divides 65537 we know that by what we just said above p must be congruent to 1 modulo 2 to the 5 which is 32. We also know the smallest prime, dividing it if this isn't prime must be less than or equal to the square root of 65537 which is 2 to the 16 plus 1. So that's going to be at most say 2 to the 8 plus 1 which is 257. So we only have to check primes up to that. Well that's not very difficult to do. All we do is we write out all possible numbers of the form 1 modulo 32 up to this and we get 33, 65, 97, 129, 161, 193, 225, 257 and that's already too big so we can stop. So we should check all these. Well we don't need to check all these because some of these aren't actually primes. So this one's divisible by 3, this one's divisible by 3 and this one's divisible by 3. And then we find this one we don't need to check it's divisible by 5 and I guess this one's divisible by 5 and this one here if you look very carefully it's actually divisible by 7 so we don't need to bother checking that one. So this just leaves two numbers to do, 97 and 193 and again that just takes a couple of minutes to do by long division. So Fermi's theorem has reduced the checking this is prime from about an hour of tedious numerical calculation to a couple of minutes of tedious numerical calculation. Well there's a famous puzzle in mathematics in that Fermat sort of seemed to claim that 2 to the 5 plus 1 which is 2 to the 32 plus 1 is suggested it was prime. So is this prime? And the answer is no and this was found by Euler. So let's just reproduce how Euler did this. Well just as before we see that if p divides 2 to the 2 to the 5 plus 1 and p is not actually... Never mind. Then this implies p is congruent to 1 modulo 2 to the 5 plus 1 which is equal to 64. So as before we're just going to write down the numbers that are 1 mod 64 and we just get 65, 129, 193, 257, 321, 385, 449, 513, 577, 641 and so on. So that's several to check but again we don't need to check all of these and cross off quite a lot of them. That's divisible by 5, 1, 2, 3, 4. That's divisible by 5 and then several of them are divisible by 3. So 129 is divisible by 3, 321 is divisible by 3, that's divisible by 3 and so on. So we're actually reduced to checking at most 5 numbers up to 641 and we find that in fact 641 divides 2 to the 2 to the 5 plus 1. So why did I stop at 641? Well the reason I stopped at 641 is that if you check these 1 by 1 you discover that 641 actually divides this so there's no need to go any further. If we hadn't been lucky enough to hit 641 we would have had to go quite a bit further. We would have had to go all the way up to about 2 to the 16 and this would have given us a few hundreds of primes to check which would have been pretty tedious if we hadn't been lucky. So it would have taken a few hours of calculation if we hadn't happened to run into this number here. The other thing is how do we check that 641 divides 2 to the 2 to the 5 plus 1 without too much work? Well you could do it just by writing out 2 to the 2 to the 5 plus 1 and doing some long division. In fact there's an easier way to do it, at least this is an easier way for large numbers. What we do is we first of all work out 2 to the 16 is 65536 and we notice that this is congruent to 154 modulo 641 if you do some long division. Then you know 2 to the 32 is 2 to the 16 squared which is 154 squared which turns out to be congruent to minus 1 modulo 641. So the point is you don't need to work with big numbers like of the size of 2 to the 32 because you can keep reducing modulo 641 every step. So for instance if we wanted to check whether 2 to the 2 to the n plus 1 is divisible by some prime p what we do instead of working out 2 to the 2 to the n plus 1 and dividing it by p what we do is we take 2 and we keep repeatedly squaring it. So we take 2 and then we take it mod p and then we take 2 squared which is congruent to something mod p of course that would be just 4 and we take something squared which is congruent to something else modulo p and then we square this and reduce it mod p. So you keep reducing mod p at every step and this makes the numbers reasonably small and manageable. This means you can check quite quickly whether 2 to the some very large power of 2 is divisible by p without actually multiplying this out. So I'll just finish with one more example which isn't quite related to Fermat's last theme but is sort of something you've got to be a little bit careful of. Suppose a squared is congruent to b squared modulo m. Does this imply that a is congruent to b mod, sorry, plus or minus b modulo m? So you know if a squared equals b squared then a must be plus or minus b over the real numbers but this isn't necessarily true over the integers. So this isn't necessarily true modulo m. Let's take m equals 8. Then we notice that 1 squared is congruent to 3 squared is congruent to 5 squared is congruent to 7 squared modulo m. So 1 is congruent to minus 7 and 3 is congruent to minus 5 but 1 is definitely not congruent to plus or minus 3. So we notice that a squared equals b squared doesn't imply a equals minus b in general. It does if m is prime and we can see this because a squared is congruent to b squared just says that a squared minus b squared is congruent to 0. So this means a minus b times a plus b is congruent to 0. So this implies a minus b is congruent to 0 or a plus b is congruent to 0 mod p if p is prime. So you remember for prime numbers if a product is congruent to 0 then one of the numbers is congruent to 0 but for composite numbers this isn't actually true. Well there's a variation of this you could try asking. Suppose a squared is congruent to b squared modulo m squared. Does this imply a is congruent to plus or minus b modulo m? So maybe if we put a stronger condition on a squared and b squared we can find that a is congruent to plus or minus b. And the answer to this is still no. For example let's pick two numbers, pick primes p and q. And let's take a is congruent to b modulo p squared and a is congruent to minus b modulo q squared. Then we see that a squared is congruent to b squared modulo p squared and also modulo q squared. So a squared is congruent to b squared modulo p squared modulo pq or squared. However a is not congruent to plus or minus b modulo pq because it can't be congruent to minus b because of this condition here I should have said p and q should not be equal to 2 otherwise and this breaks down. So for an explicit example we could just take p equals 3, q equals 5, let's take a equals 1 and we want b is congruent to 1 modulo 3 squared and b is congruent to minus 1 modulo 5 squared. And this is just solving a linear congruence relation which we can easily do using Euclid's algorithm and you can check that b equals 1, 9, 9 will I think do. So here we have an example where a squared is congruent to b squared modulo 15 squared but a is not congruent to plus or minus b modulo 15. Okay so we've been discussing Fermat's theorem modulo prime and the question is what happens, what can we say about composite numbers. So can we say a to the power of something is congruent to 1 modulo m for m not prime. And this will be the subject of the next lecture which we'll discuss a solution to this given by Euler.