Lectures: MWF 11:00-12:00 in LSK 460
Office hours: MW 9:50-10:50 and by appointment, LSK 300C
Instructor: Laura Peskin, lpeskin at math dot ubc dot ca
Grader: Zoe Hamel, zhamel at math dot ubc dot ca Textbook: Rosen, Elementary Number Theory & Its Applications, 6th ed.
Syllabus and Course Policies -- updated 10.1
Announcements -- updated 11.28
Assignments --updated 11.26
Schedule -- updated 11.28
Assignments are due on Wednesdays at 11am in class, except for HW 6 which is due on Friday, Oct. 17 and HW 12 which is due on Friday, Nov. 28. No late homework will be accepted. The lowest two scores will be dropped.
|#||Due date||Assignment||Grading scheme||Solutions|
|1||9.10||Homework 1|| 5 pts each for #2, #4, #10
5 pts for completeness
|Solutions to HW 1|
|2||9.17||Homework 2|| 5 pts each for #3, #5, #7
5 pts for completeness
|Solutions to HW 2|
|3||9.24||Homework 3|| 9 pts for #5, 6 pts for #7
5 pts for completeness
|Solutions to HW 3|
|4||10.1||Homework 4|| 5 pts each for #2, #8, #11
5 pts for completeness
|Solutions to HW 4|
|5||10.8||Homework 5|| 6 pts for #2, 9 pts for #7
5 pts for completeness
|Solutions to HW 5|
|6||10.17 (!!)||Homework 6||6 pts for #1, 5 pts for #2
9 pts for #3
|Solutions to HW 6|
|7||10.22||Homework 7||6 pts for #3, 3 pts for #6
6 pts for #7, 5 pts for completeness
|Solutions to HW 7|
|8||10.29||Homework 8||9 pts for #3, 6 pts for #9
5 pts for completeness
|Solutions to HW 8|
|9||11.5||Homework 9||5 pts each for #4, #5, #8
5 pts for completeness
|Solutions to HW 9|
|12||11.28 (!!)||Homework 12
Updated on 11.26
with several hints and
a correction in #7
and #8. Make sure to
|Week||Date||Topics||Required reading||In-class exercise||Optional reading||Comments|
|1||9.3||Course overview & policies; survey|| Course syllabus
|9.5|| Review of induction;
| Induction: §1.3, focusing on the first principle of induction.
Extra example: proving the Binomial Theorem by induction.
Divisibility: §1.5. (We didn't get to the final part of §1.5, "Greatest common divisors," and will begin there on Monday.)
|To see a true "division algorithm" which produces q and r given a dividend a and divisor b, look here.
Both the principle of induction and the division algorithm can be justified using the Well-Ordering Property of the natural numbers. Read p.6 of the text, then proofs of Thm 1.5 (p.25) and of Thm. 1.10 (p.37).
|2||9.8|| Greatest common divisor;
Prime numbers: definition, Euclid's
proof of infinitude, sieving
| GCD: last page of §1.5.
Primes and sieves: §3.1 through Example 3.3
| Sieve of Eratosthenes
Graph of π(x) with scaled and unscaled axes
|Here is an animation of the Sieve of Eratosthenes on the integers up to 121. The sieve "meshes" are 2, 3, 5, 7, and 11 = sqrt(121).|
|9.10|| Finish up Sieve of Eratosthenes; Properties of gcd: Bezout's theorem,
|§3.3 through Theorem 3.9. (The main topics of lecture were Thm. 3.8 and Thm. 3.9.)||HW 1 due|
|9.12|| Euclidean algorithm
(calculating gcd, part 1),
Solving linear equations with the Extended Euclidean algorithm
|§3.4, also see "in-class exercise" notes for several examples||Euclidean algorithm|
|3||9.15||Linear Diophantine equations:
no solution vs. infinitely many
|§3.7 through Example 3.29. The main topic was Thm. 3.23. To prove it, we needed (and proved) Lemma 3.4 (p.113) and Thm. 3.6 (p.94).
Also see the in-class exercise from 9.17 for examples.
|Here is a scan of a 1910 English translation by Thomas Heath of Diophantus's Arithmetica. (With commentary; text begins on p.129.) Offered mainly for historical value; it's pretty hard to read!|
|9.17|| gcd of > 2 numbers;
linear Diophantine equations in > 2 variables
| gcd of > 2 numbers: §3.3, p.98-end
Linear equations in > 2 variables: §3.7, Thm. 3.24-end
|Solving linear Diophantine equations in 2 variables||We have an algorithmic way to tell whether any linear Diophantine equation has an integer solution: just find the gcd of the coefficients (e.g. using Euclid's algorithm) and check if this gcd divides the constant term.
But it's impossible to construct an algorithm to decide whether a general Diophantine equation has an integer solution: this impossibility was proved by Matiyasevich in 1970, answering a question posed by Hilbert in 1900. Here (log in through UBC library) is a paper by Martin Davis explaining the proof.
|HW 2 due|
|9.19|| Finish up Diophantine equations;
Fundamental Theorem of Arithmetic
| Diophantine equations: Finish proof of Thm. 3.24 in §3.7
Fundamental Thm of Arithmetic: §3.5 through Lemma 3.7. (We'll finish the uniqueness part of the FTA on Monday. We won't do Lemma 3.7 in class but please read it.)
|4||9.22||Uniqueness part of the Fund. Thm. of Arith;
Congruences: definition, existence, and basic properties
| Proof of uniqueness part of FTA: Thm. 3.15 in §3.5.
Congruences: §4.1 Defn. of congruence modulo m (p. 145), defn. of complete system of representatives/residues mod m (p. 148)
|9.24|| Arithmetic with congruences;
Representing integers with respect to a base;
| Arithmetic with congruences: §4.1 Thms. 4.2, 4.4, and 4.8.
Representations of integers: §2.1 (though we used a different method for finding binary representations; see "in-class exercise").
|Binary and hexadecimal||HW 3 due|
|9.26||Arithmetic with congruences||§4.1 Thms. 4.4, 4.6, and 4.8.||Finish binary/hex exercise (posted above)|
|5||9.29||Modular exponentiation; division with congruences; solvability criterion for linear congruences|| Modular exponentiation: final section of §4.1 (omit Thm. 4.10), and two more examples
Division with congruences: §4.1 Thm. 4.5
Solvability of linear congruences: §4.2 intro + Thm. 4.11
|10.1||Proof of solvability criterion for linear congruences (Thm. 4.11); modular inverses||§4.2||Solving linear congruences: Problems, Solutions||HW 4 due|
|10.3||Solving systems of congruences, part 1: Chinese Remainder Theorem||§ 4.3 through Example 4.16; proof of Thm. 4.13 will be done on Monday. You just need to know the process for the exam.|| Look at Example 4.17 for another way of solving systems of linear congruences (probably similar to the method you used to solve systems of linear equations in high school).
The Chinese Remainder Theorem is going to be important when we learn about the RSA cryptosytem (p. 323-329 in the text). In particular, we'll look at systems of two congruences, where the two moduli are distinct primes.
|6||10.6||Proof of uniqueness (mod M) in the Chinese Remainder Theorem||§4.3 proof of Thm. 4.13|
|10.8||CRT with non-relatively prime moduli; Review Q & A; Prime Number Theorem||Notes on CRT not assuming moduli are relatively prime||HW 5 due|
|10.9||Midterm Exam 1||Material of Sept 5 through Oct 3, info here.||6:30-7:30pm||202 Macleod|
|10.10||Polynomial congruences||§4.4 through case (1) of Hensel's Lemma|
|7||10.13||No lecture (Thanksgiving)|
|10.15||Hensel's Lemma: statement, proof sketch, and examples; recursive formula in Case 1||§4.4 from Thm. 4.15-end. (Focus on the examples rather than the proof of HL. The statement of Cor. 4.15.1 is useful: it is a recursive formula for the unique lifts of a Case 1 solution to the congruence mod p.)|
|10.17|| More examples of lifting polynomial congruences; Wilson's theorem
||Wilson's Theorem: §6.1 through the proof of Thm. 6.1.||HW 6 due|
|8||10.20||Converse of Wilson's theorem; Fermat's Little Theorem; pseudoprimes and Carmichael numbers|| Converse of Wilson's theorem: §6.1, Thm. 6.2 and Example 6.3.
Fermat's Little Theorem and applications: §6.1, Thm. 6.3 through Cor. 6.5.1.
Pseudoprimes and Carmichael numbers: §6.2 through Example 6.12. (No need to spend a lot of time on this section now; we will come back to it.)
|10.22|| Euler's theorem;
calculating values of Euler's φ-function
|§6.3 (just the statement of Euler's Theorem and the examples)||HW 7 due|
|10.24||Proof of Euler's Theorem; examples and applications||Proof of Euler's Theorem: §6.3, proofs of Thm. 6.13 and 6.18.||Applications of FLT and Euler's Theorem: Problems, Solutions|
|9||10.27||Order of an integer; Primitive roots (definition, examples, nonexamples)||§9.1: Thm. 9.1 through the statement of Thm. 9.3, omitting Thm. 9.2|
|10.29||More examples of primitive roots; generating all primitive roots from one||§9.1: Thm. 9.2 and Thm. 9.3, statement of Thm. 9.4, and Corollary 9.4.1.||HW 8 due|
|10.31||Existence/nonexistence of integers with certain order (mod n); criterion for existence of primitive root; Lagrange's Theorem||§9.2: Lagrange's Theorem on the number of roots (mod p) of a degree-n polynomial|
|10||11.3||Finish proof that every prime number has a primitive root; observations about orders (mod 13)||§9.2, and these notes about orders (mod 13) (may be useful for HW 9!)||Review problems handed out (solutions below)|
|11.5||Solutions to review problems||See 11.3 entry for problem list||Solutions to review problems||HW 9 due|
|11.6||Midterm Exam 2||Material of Oct 6 through Nov 3, info here.||6:30-7:30pm||202 Macleod|
|11.7||Quadratic residues and nonresidues: Euler's criterion and Quadratic Reciprocity|| Quadratic residues and Euler's criterion: §11.1 Thms. 11.1, 11.2, 11.3, and 11.4, though with different proofs (most of which you've written yourself on HW!) using primitive roots.
Law of Quadratic Reciprocity: §11.2 Thm. 11.7 (just the statement)
|There are over 200 different proofs of the Law of Quadratic Reciprocity (so far), using incredibly various techniques. Here's a list of 246 proofs, starting with Legendre's incomplete 1788 proof, continuing with 6 different complete proofs by Gauss in 1801-1818, and with at least one new proof in almost every year since.|
|11||11.10||Supplements to the Law of Quadratic Reciprocity; examples||§11.1 Thm. 11.5 and 11.6 (just the statements); §11.2 Example 11.10|
|11.12||Diophantine equations: the technique of descent, proof of the two-square theorem||Lecture notes are here. As a first example of Fermat's technique of descent, we proved that 2 has no rational square root. Then we used the descent technique (plus our knowledge of when -1 is a square modulo a prime p) to prove the classic "two-square theorem": a prime p can be written as a sum of two integer squares if and only if p = 2 or p is congruent to 1 (mod 4). This proof uses Fermat's ideas, but is somewhat different: I learned it from the article linked in today's "Optional reading".||You can read much more about descent in this article by Keith Conrad.
The two-square theorem we proved can be generalized to say, for any positive integer n (not necessarily prime), whether the equation x^2 + y^2 = n has an integer solution. (The answer is: if any prime congruent to 3 (mod 4) appears with an odd exponent in the prime factorization of n, then there's no solution. Otherwise, a solution exists.) See Thm. 13.6 in the text for a proof!
|HW 10 due|
|11.14||Quadratic forms and the Hasse-Minkowski Theorem||Lecture notes to be posted. As noted before, there is no general algorithm which decided whether a nonlinear Diophantine equation has a solution. Back when we started looking at congruences, I told you that we'd use congruences to solve that problem for certain kinds of equations. You soon learned how to use congruences to show that some equations have no integer solutions; in this class and the previous one, we use congruences to show that some equations do have integer solutions. This is our last classic theorem in pure number theory before we dive in to applications!|
|12||11.17||Big-O notation, bit operations, complexity of arithmetic operations||O-notation: §2.3 through Example 2.12
Bit operations: §2.2
Complexity: §2.3 from Example 2.13-end.
|11.19||Fermat pseudoprimes and Carmichael numbers; inefficiency of trial division; idea of probabilistic primality testing||§6.2 through Example 6.13||HW 11 due|
|11.21||Miller-Rabin probabilistic primality test||§6.2, Example 6.14-end.
You can try out the code used in lecture here:
|Demo with code (to the left). Highlights: the Carmichael number 561 is declared composite; numbers with >700 binary digits can be tested in a fraction of a second.||Pomerance, Selfridge, and Wagstaff computed a list of composite numbers (up to 25*10^9) which pass the Miller-Rabin test for certain values of a. This is enough to turn the Miller-Rabin test into a deterministic test, as long as the number you're testing is smaller than 25*10^9. See the introduction and then p.1021 of their paper for details. (The paper is from 1980 and various improvements have been found since.)|
|13||11.24||Pollard Rho factorization algorithm||The idea of the algorithm is explained in §4.6.
You can try out the code from lecture here. To load and run it, follow the same instructions as for the previous demo just above.
|11.26||The RSA cryptosystem||§8.4, omitting the final section (Rabin cryptosystem)||The original RSA paper.|
|11.28||Security of RSA|| Proof that knowledge of RSA private exponent allows one to efficiently factor the modulus.
RSA key generation example. Also includes a simulation of the SSL/TLS key exchange protocol, which is what's happening when you see this.
The link above is to a non-interactive record of what we did in class. Here's the same code as a Sage worksheet which you can download and play with.
|A classic paper on the security of RSA:
20 years of attacks on the RSA cryptosystem
by Dan Boneh.
|HW 12 due|
| ||12.8||Review session||11am-1pm||460 LSK|
|12.8||Office hours||By appointment||300C LSK|
|12.9||Office hours||11am-1:30pm||300C LSK|
|12.10||Final exam||Cumulative with a few exceptions, info TBA||3:30-6:30pm||201 LSK|