1 Divisibility and GCD
Preliminaries
Remark 1.1 • Recommended textbooks
All the material you need to know is in this script, but you might find some of the books below useful for an alternative viewpoint on the same topics:
Chapters I–III of Davenport’s classic text The Higher Arithmetic are a very readable account of elementary number theory (i.e. everything in chapters 1–4 and 6–7 of these notes). Since Davenport died in 1969, the copyright on this book expired long ago and you can download it for free – entirely legally – from
https://archive.org/details/h.-davenport-the-higher-arithmetic/.RSA cryptography (chapter 5) is too recent to be in Davenport’s book, but is covered in many more recent texts, such as Coutinho’s book The Mathematics of Ciphers.
For algebraic number fields (chapters 8–10), I highly recommend Stewart and Tall’s Algebraic Number Theory and Fermat’s Last Theorem, although this goes a long way beyond what we can cover here. Cox’s lovely book Primes of the form \(x^2 + n y^2\) gives a very interesting and original perspective on some of these ideas.
Gouvêa’s book P-adic Numbers: An Introduction is an excellent reference for p-adic arithmetic (chapters 10–11). There is also a (somewhat more advanced) text by Koblitz, P-adic numbers, p-adic analysis and zeta-functions, which is a good read.
Remark 1.2 • General notations
In this module we use the following symbols:
\(\mathbb{N}\) denotes the natural numbers \(\{0, 1, 2, 3, \dots \}\);
\(\mathbb{Z}\) the integers (positive, negative or zero);
\(\mathbb{Q}, \mathbb{R}, \mathbb{C}\) the fields of rational, real, and complex numbers respectively.
\(\mathbb{N}_+\) denotes the positive1 integers \(\{1, 2, 3, \dots\}.\)Beware that some other texts use \(\mathbb{N}\) for positive integers!
If \(a\) is in \(\mathbb{R}\) (and in particular if \(a \in \mathbb{Z}\)), the symbol \(|a|\) means the absolute value of \(a,\) i.e. \(|a| = a\) if \(a \geqslant 0,\) and \(|a| = -a\) if \(a \leqslant 0.\)
For \(n \in \mathbb{N},\) we write \(n!\) (read as “\(n\) factorial”) for the product \(1 \times 2 \times \dots \times n,\) with \(0!\) defined to be 1.
The logical symbols \(\Rightarrow,\) \(\iff,\) \(\exists,\) \(\forall\) have their usual meanings.
The symbol \(\square\) denotes the end of a proof.
The symbol \(\circledast\) is used to mark unsolved problems and conjectures.
Remark 1.5 • Reminders on inductionIt’s not immediately obvious that this has anything to do with induction at all! But it’s clearly something quite special about \(\mathbb{N}\): it’s obviously false for \(\mathbb{Z},\) or for the non-negative reals2.
We’re going to use induction quite a lot in this module, so it might be a good idea to revise it if your memory has got rusty.
As a reminder: the principle of mathematical induction, which you saw way back in M01 Algorithmics, is a very powerful tool for proving statements about \(\mathbb{N}.\) It goes as follows. Suppose \(P(n)\) is some statement about the natural number \(n,\) and:
\(P(0)\) is true,
for any \(n \in \mathbb{N}\) the implication \(P(n) \implies P(n+1)\) is true.
Then \(P(n)\) is true for all \(n.\)
There are a few variants of induction which are useful:
Different starting points: Let \(t \in \mathbb{N}\) be given. If \(P(t)\) is true, and for any \(n \geqslant t\) we have \(P(n) \implies P(n+1),\) then \(P(n)\) is true for all \(n \geqslant t.\) (The usual induction is \(t = 0,\) but the \(t = 1\) case also occurs frequently.)
This can, of course, easily be derived from “usual” induction applied to the new statement \(Q(n)\) defined by “if \(n \geqslant t\) then \(P(n)\)”, which is vacuously true for \(n < t.\)
Strong induction: Suppose \(P\) is a statement such that:
for any \(n \in \mathbb{N},\) if \(P(r)\) is true for all \(r < n,\) then \(P(n)\) is true.
Then \(P(n)\) holds for all \(n.\)
This looks far more powerful than usual induction (because we have to prove only one thing, and we’re allowed to assume something that looks a lot stronger); but in fact it easily follows from usual induction.
Exercise 1.3
Deduce Strong Induction from usual Induction. (Hint: consider the statement \(Q(n)\) defined as “\(P(r)\) holds for all \(r\) with \(r < n\)”.)
Minimal elements: Our final induction variant is known as the well-ordering principle for \(\mathbb{N}.\)
Let \(S \subset \mathbb{N}\) be a non-empty set. Then \(S\) has a minimal element; that is, there exists \(n \in S\) such that every \(m \in S\) satisfies \(m \geqslant n.\)
Of course, it’s hugely important in real analysis that any bounded-below subset of the real numbers has a greatest lower bound, but this is not the same thing as a minimal element (why?)
To see this, suppose \(S\) doesn’t have a minimal element, and let \(P(n)\) be the statement “\(m \geqslant n\) for all \(m \in S\)”. Clearly \(P(0)\) holds, since every natural number is \(\geqslant 0.\) Now, if \(P(n)\) holds, then we must have \(n \notin S,\) since otherwise \(n\) would be the minimal element of \(S.\) So for \(m \in S,\) we have \(m \geqslant n\) and \(m \ne n.\) So \(m \geqslant n + 1,\) and thus \(P(n+1)\) holds. By induction, \(P(n)\) holds \(\forall n\); so \(S\) is empty, a contradiction.
Exercise 1.4
Give an example of a subset of the non-negative reals \(\mathbb{R}_{\geqslant 0}\) which does not have a minimal element.
1.1 Divisibility
Recall the following familiar definition:
Definition 1.6
Let \(a, b \in \mathbb{Z}.\) We say “\(a\) divides \(b\)”, or “\(b\) is a multiple of \(a\)”, if there exists \(n \in \mathbb{Z}\) such that \(n a = b.\) If so, we write “\(a \mid b\)”; otherwise we write “\(a \nmid b\)”; and we say \(a\) is a divisor or factor of \(b.\)
Example 1.7
We have \(3 \mid -15,\) since \(3 \times (-5) = -15.\)
Notice that this still makes sense if \(a\) or \(b\) is zero; and since \(n \cdot 0 = 0\) for all \(n,\) it follows that everything divides 0, but 0 does not divide anything except itself. On the other hand, \(1\) and \(-1\) both divide everything, and nothing except \(\pm 1\) can divide them. (So \(0\) is the “most divisible” element of \(\mathbb{Z},\) while \(1\) and \(-1\) are the “least divisible”.)
Remark 1.8
The “divides” symbol is a relation: for any given values of \(a\) and \(b,\) “\(a \mid b\)” is a self-contained statement which is either true or false. Don’t confuse it with division \(a / b,\) which is a number (if it is defined at all, which it might not be if \(b = 0\)).
Exercise 1.9
Check that if \(a, b \in \mathbb{N},\) then \(a \mid b\) if and only if there exists \(n \in \mathbb{N}\) such that \(n a = b.\) (Take care with the case \(a = 0\)!)
Proposition 1.10 • Elementary properties of divisibility
Let \(a, b, c, \dots \in \mathbb{Z}.\) Then:
If \(a \mid b,\) then \(a \mid kb\) for all \(k \in \mathbb{Z}.\)
If \(a \mid b\) and \(a \mid c,\) then \(a \mid b \pm c.\)
If \(a \mid b\) and \(b \mid c\) then \(a \mid c.\)
If \(a \mid b\) and \(b \mid a,\) then \(a = \pm b.\)
If \(a \mid b\) and \(b \ne 0,\) then \(|a| \leqslant|b|\); so nonzero integers have only finitely many divisors.
We have \(a\, \mid\,|a|\ \) (the notation is awkward; read it as “\(a\) divides the absolute value of \(a\)”).
If \(k \ne 0,\) then \(a \mid b \iff ka \mid kb.\)
Proof. Exercise.
The following innocent-looking proposition will turn out to be crucial in understanding divisibility and factorisation of integers:
Proposition 1.11 • Division with remainder
Let \(a, b \in \mathbb{Z}\) with \(a \ne 0.\) Then there exists a unique pair of integers \((q, r)\) such that \(0 \leqslant r < |a|\) and \(b = q a + r.\)
Example 1.12
For \(a = 5\) and \(b = 21,\) we have \((q, r) = (4, 1).\)
For \(a = 5\) and \(b = -21,\) we have \((q, r) = (-5, 4)\)
Proof. Let \(S\) be the set of of integers which are of the form \(b - qa,\) for some \(q \in \mathbb{Z}\); and let \(S' = S \cap \mathbb{N}\) be the non-negative elements of \(S.\)
The set \(S'\) is always non-empty (if \(b \geqslant 0,\) then \(b \in S',\) and if \(b < 0,\) then one checks that \((|a| - 1) \cdot |b| \in S'\)).
We know that a non-empty subset of \(\mathbb{N}\) always has a smallest element. So let \(r\) be the smallest element of \(S'.\) If \(r \geqslant|a|,\) then \(r - |a|\) is a strictly smaller element of \(S',\) contradiction; so \(0 \leqslant r < |a|.\) By definition of \(S'\) there exists \(q\) with \(r = b - qa\) so we are done.
Remark 1.13
More concretely, if \(a > 0,\) then \(q\) is given by \(\lfloor b / a \rfloor,\) where \(\lfloor x \rfloor\) is the floor function: the function which converts a real (or rational) number to an integer by rounding towards \(-\infty\) (meaning that \(\lfloor 1.5 \rfloor = 1\) and \(\lfloor -1.5\rfloor = -2\)). Thus we can easily compute \(q\) and \(r\) from the decimal expansion of \(b / a.\)
1.2 The greatest common divisor
Proposition 1.14
Let \(a, b \in \mathbb{Z}.\) Then there exists \(c \in \mathbb{Z}\) such that the following holds: \[\forall x \in \mathbb{Z}, \qquad x \mid c\quad \iff \quad x \mid a\ \text{ and }\ x \mid b.\] This \(c\) is uniquely determined by \(a\) and \(b\) up to sign; and we write \(\operatorname{gcd}(a, b)\) for the unique non-negative \(c\) with this property, which we call the greatest common divisor of \(a\) and \(b.\)
Example 1.15
If we let \(a = 20\) and \(b = 30,\) the integers dividing \(a\) are \(\{ \pm 1, \pm 2, \pm 4, \pm 5, \pm 10, \pm 20\},\) and the integers dividing \(b\) are \(\{ \pm 1, \pm 2, \pm 3, \pm 5, \pm 6, \pm 10, \pm 15, \pm 30\}.\) The intersection of these sets, i.e. the set \(\{x : x \mid a \text{ and } x \mid b\},\) is \(\{ \pm 1, \pm 2, \pm 5, \pm 10\},\) which are precisely the divisors of 10. So \(\gcd(20, 30) = 10.\)
Proof. It is clear that if \(c\) and \(c'\) both satisfy the condition, then \(c \mid c'\) and \(c' \mid c,\) so \(c' = \pm c.\) Conversely, if \(c\) works then \(-c\) does too. So it suffices to prove existence.
If \(a, b\) are both zero, then the result is trivial; so assume not. Let \(T\) denote the set of integers of the form \(m a + n b\) for \(m, n \in \mathbb{Z},\) and \(T'\) its intersection with the strictly positive integers. We check easily that \(T'\) is non-empty (since at least one of \(|a|\) and \(|b|\) is in \(T'\)); so it contains a smallest element. Let \(c\) be this element. Clearly \(c\) has the form \(ma + nb,\) so anything which divides \(a\) and \(b\) also divides \(c.\)
We claim \(c\) itself divides both \(a\) and \(b.\) By symmetry it suffices to show \(c \mid a.\) By division-with-remainder, we can write \(a = q c + r,\) for some \(r\) with \(0 \leqslant r < c.\) But \(r = a - qc = a - (m a + n b)\) is also in \(T,\) and it is non-negative and strictly smaller than \(c.\) If \(r > 0,\) then \(r \in T',\) contradicting the minimality of \(c.\) So we must have \(r = 0,\) i.e. \(q\) divides \(a.\)
Remark 1.16
Note that (except in the trivial case \(a = b = 0\)), the greatest common divisor \(\gcd(a, b)\) is, as its name suggests, the largest element of the set of common divisors of \(a\) and \(b\) (the set \(\{x \in \mathbb{Z}: x \mid a\ \text{and}\ x \mid b\}\)). This follows from the much stronger fact proved above that this set consists precisely of the divisors of \(c\) (and since \(c > 0,\) the largest divisor of \(c\) is clearly \(c\) itself).
However, if we just defined \(\gcd(a, b)\) to be the largest element of this set, it wouldn’t be clear that all other elements of this set divided it.
Corollary 1.17 • Bézout’s identity
We can always write \(\gcd(a, b)\) in the form \(m a + n b,\) for some \(m, n \in \mathbb{Z}.\)
Proof. Clear from the proof of existence above.
Example 1.18
Since \(11\) and \(13\) are distinct primes, their GCD must be 1; and indeed we have \(6 \cdot 11 + (-5) \cdot 13 = 66 - 65 = 1.\)
Exercise 1.19 • Basic Properties of GCD
For all \(a, b, k, m\in \mathbb{Z}\):
\(\gcd(a, b) = gcd(b, a) = gcd(|a|, |b|)\);
\(\gcd(ka, kb) = |k| \gcd(a, b)\);
\(\gcd(a, 0) = |a|\) and \(\gcd(a, 1) = 1\);
\(\gcd(a,b)=\gcd(a, b+ka).\)
Pairs of numbers whose greatest common divisor is 1 are quite special. We call such pairs coprime.
Lemma 1.20 • Euler’s Lemma
If \(a \mid bc,\) and \(a\) and \(b\) are coprime, then \(a \mid c.\)
Proof. Write \(1 = a m + bn.\) Then \(c = c (a m + bn) = (m c) a + n (b c).\) Since \(a \mid bc,\) it divides both terms in the sum, so it divides \(c.\)
Exercise 1.21
Show that if \(x\) has the form \(m a + n b,\) for some \(m, n \in \mathbb{Z},\) and \(x\) divides both \(a\) and \(b,\) then \(x = \pm \gcd(a, b).\)
1.3 Euclid’s algorithm
From our existence proof of the GCD, it’s very difficult to see how one could compute it explicitly: we’re asking for the smallest element of an infinite set. We can do slightly better using Remark 1.16 – in principle we can make a list of the (finitely many) divisors of both \(a\) and \(b,\) and find the greatest element appearing in both lists. But there is a way to do much better.
Proposition 1.22
Let \(a, b \in \mathbb{Z}\) with \(a \ne 0,\) and suppose \(b = a q + r\) for some \(q, r.\) Then \[\gcd(a, b) = \gcd(a, r).\]
Proof. Clear from 1.19 (iv).
If \(r \ne 0\) then we can now repeat the process, replacing the larger number with its remainder on division by the smaller. Since the quantity \(\max(|a|, |b|)\) gets strictly smaller each time, we must eventually reach a remainder of zero; and since \(\gcd(a, 0) = |a|\) for all \(a,\) we are done.
It’s convenient to arrange this in a table. Suppose we want to calculate \(\gcd(113, 251).\) Then we write \[\begin{aligned} 251 &=& \textcolor{gray}{2 \times} 113 &+ 25 \\ 113 &=& \textcolor{gray}{4 \times} 25 &+ 13 \\ 25 &=& \textcolor{gray}{1 \times} 13 &+ 12\\ 13 &=& \textcolor{gray}{1 \times} 12 &+ 1\\ 12 &=& \textcolor{gray}{12 \times} 1 &+ 0. \end{aligned}\] Note how the numbers move diagonally to the left each time. The grey numbers (the \(q\)’s in the division-with-remainder steps) aren’t important for calculating the GCD (although we’ll find a different use for them in a moment); the key things are the remainders.
We claim that the last non-zero remainder in the table is always equal to the GCD of the original two numbers. In the above example, this is 1, so 251 and 113 are coprime. To see this, apply the last proposition repeatedly, once for each division step: \[\begin{aligned} \gcd(251, 113) &= \gcd(113, 25) \\ &=\gcd(25, 13)\\ &=\gcd(13, 12)\\ &=\gcd(12, 1)\\ &=\gcd(1, 0) = 1. \end{aligned}\] So we have a method for computing GCD’s: Euclid’s algorithm. It’s actually a very effective algorithm in practice.
Exercise 1.23
Recall the Fibonacci numbers, defined by \(F_0 = 0, F_1 = 1,\) and \(F_n = F_{n - 1} + F_{n-2}\) for \(n \geqslant 2.\) Show that \(\gcd(F_n, F_{n-1}) = 1\) for all \(n \geqslant 1.\)
Now let’s see how to use the grey numbers. Working up the table from the last-but-one row, we have \[\begin{aligned} 1 &= 13 - \textcolor{gray}{1} \times 12\\ &=13 - 1 \times (25 - \textcolor{gray}{1} \times 13) &=& - 1 \times 25 + 2 \times 13 \\ &= - 1 \times 25 + 2 \times (113 - \textcolor{gray}{4} \times 25) &=& \phantom{-}2 \times 113 - 9 \times 25\\ &= 2 \times 113 - 9 \times (251 - \textcolor{gray}{2} \times 113) &=& - 9 \times 251 + 20 \times 113 \end{aligned}\] So we’ve written 1 as a sum of integer multiples of 251 and 113. This is a “free bonus” that Euclid’s algorithm gives us: for any \(a, b,\) we can compute an expression for \(\gcd(a, b)\) in the form \(m a + n b.\)
xgcd, or something similar3Not to be confused with xkcd, an online comic strip popular with mathematicians.
Exercise 1.25
Show that \(351\) and \(451\) are coprime, and find integers \(m, n\) such that \(351m + 451n = 1.\)
Solution
We compute that \[\begin{aligned} 451 &= 1 \times 351 + 100 \\ 351 &= 3 \times 100 + 51 \\ 100 &= 1 \times 51 + 49 \\ 51 &= 1 \times 49 + 2 \\ 49 &= 24 \times 2 + 1. \end{aligned}\]
So the GCD is 1.
Working back up the table, we have \[\begin{aligned} 1 &= 49 - 24 \times 2 \\ &= 49 - 24 \times (51 - 49) = -24 \times 51 + 25 \times 49\\ &= -24 \times 51 + 25 \times (100 - 51) = 25 \times 100 - 49 \times 51 \\ &= 25 \times 100 - 49 \times (351 - 3 \times 100) = -49 \times 351 + 172 \times 100 \\ &= -49 \times 351 + 172 \times (451 - 351) = 172 \times 451 - 221 \times 351. \end{aligned}\] So we may take \(m = -221\) and \(n = 172.\)