Number Theory | MathFlux

Introduction to Number Theory

Number theory is a branch of pure mathematics devoted primarily to the study of the integers and integer-valued functions. Its origins stretch back to antiquity — the ancient Greeks, especially Euclid and Diophantus, investigated properties of numbers that continue to fascinate mathematicians today.

Carl Friedrich Gauss famously remarked, "Mathematics is the queen of the sciences, and number theory is the queen of mathematics." For centuries number theory was considered the purest of pure mathematics — beautiful but seemingly impractical. That changed dramatically in the late 20th century when number-theoretic ideas became the backbone of modern cryptography and computer security.

Number theory asks deceptively simple questions: Which numbers are prime? How are the primes distributed among the integers? Can every even number greater than 2 be written as the sum of two primes? These questions are easy to state, yet many remain unsolved to this day.

Number theory is unique in mathematics: many of its deepest open problems can be understood by anyone who knows basic arithmetic, yet their proofs (or lack thereof) challenge the brightest minds in the world. The Goldbach Conjecture, the Twin Prime Conjecture, and the Riemann Hypothesis are all examples.

Major Areas of Number Theory

Elementary number theory: Divisibility, primes, congruences — studied without advanced tools
Analytic number theory: Uses calculus and complex analysis to study prime distribution
Algebraic number theory: Extends integer concepts to algebraic number fields
Computational number theory: Algorithms for primality testing, factoring, and cryptography
Additive number theory: Representing integers as sums (e.g., Goldbach's Conjecture, Waring's Problem)

Natural Numbers and Integers

Number theory begins with the most fundamental objects in mathematics: the natural numbers ℕ = {1, 2, 3, 4, …} (some authors include 0) and the integers ℤ = {…, -3, -2, -1, 0, 1, 2, 3, …}.

The Peano Axioms

In the late 19th century, Giuseppe Peano formalized the natural numbers with a set of axioms that capture their essential structure:

Base element: 1 is a natural number (or 0, depending on convention).
Successor function: Every natural number n has a unique successor S(n), which is also a natural number.
No predecessor of base: There is no natural number whose successor is 1 (i.e., 1 is not the successor of any natural number).
Injectivity: If S(m) = S(n), then m = n (different numbers have different successors).
Axiom of Induction: If a property holds for 1, and whenever it holds for n it also holds for S(n), then the property holds for all natural numbers.

The Axiom of Induction is the engine that drives most proofs in number theory. It guarantees that you can prove a statement for all natural numbers by verifying a base case and an inductive step.

Mathematical Induction

Mathematical induction is the proof technique derived directly from the Peano axioms. To prove a statement P(n) for all natural numbers n ≥ 1:

Base case: Show P(1) is true.
Inductive step: Assume P(k) is true for some k ≥ 1 (inductive hypothesis), and prove that P(k + 1) follows.

Example: Prove that 1 + 2 + 3 + … + n = n(n + 1)/2

Base case (n = 1): Left side = 1. Right side = 1(2)/2 = 1. ✓

Inductive step: Assume 1 + 2 + … + k = k(k + 1)/2.

Then 1 + 2 + … + k + (k + 1) = k(k + 1)/2 + (k + 1)

= (k + 1)[k/2 + 1] = (k + 1)(k + 2)/2

This is exactly the formula with n = k + 1. ✓

By induction, the formula holds for all n ≥ 1.

The Well-Ordering Principle

The Well-Ordering Principle states that every non-empty subset of the natural numbers has a least element. Although this sounds obvious, it is logically equivalent to the Principle of Mathematical Induction and is a powerful proof tool.

Many fundamental results in number theory — including the existence of prime factorizations — rely on well-ordering. The typical proof strategy is proof by contradiction: assume a counterexample exists, then use well-ordering to find a minimal counterexample, and derive a contradiction.

Example: Using Well-Ordering

Claim: Every integer n ≥ 2 has a prime factor.

Proof: Suppose for contradiction that there exists an integer n ≥ 2 with no prime factor. By well-ordering, there is a smallest such integer, call it m.

Since m has no prime factor, m is not itself prime (otherwise m would be its own prime factor). So m is composite: m = a · b where 2 ≤ a, b < m.

Since a < m and a ≥ 2, the minimality of m implies a has a prime factor p. But then p also divides m — contradiction.

Therefore every integer n ≥ 2 has a prime factor. ✓

Divisibility

Divisibility is the most basic concept in number theory. We say that an integer a divides an integer b if there exists an integer k such that b = a · k. We write a | b (read "a divides b").

a | b ⟺ ∃ k ∈ ℤ such that b = a · k

Basic Properties of Divisibility

For integers a, b, c:

Reflexivity: a | a for every nonzero integer a (since a = a · 1)
Transitivity: If a | b and b | c, then a | c
Linearity: If a | b and a | c, then a | (bx + cy) for any integers x, y
Comparison: If a | b with a, b > 0, then a ≤ b
Multiplication: If a | b, then a | (b · c) for any integer c
Sign: a | b if and only if (-a) | b if and only if a | (-b)

Example: Proving Transitivity

Claim: If a | b and b | c, then a | c.

Proof: Since a | b, we have b = a · k₁ for some integer k₁.

Since b | c, we have c = b · k₂ for some integer k₂.

Substituting: c = (a · k₁) · k₂ = a · (k₁ · k₂).

Since k₁ · k₂ is an integer, a | c. ✓

The Division Algorithm

The Division Algorithm is a cornerstone of number theory. Despite its name, it is a theorem, not an algorithm.

For any integers a and b with b > 0, there exist unique integers q (quotient) and r (remainder) such that: a = b · q + r, where 0 ≤ r < b

Example: Applying the Division Algorithm

Divide 47 by 5:

47 = 5 · 9 + 2, so q = 9 and r = 2.

Divide -23 by 7:

-23 = 7 · (-4) + 5, so q = -4 and r = 5.

(Note: the remainder is always non-negative, so we need 7 · (-4) = -28, and -23 - (-28) = 5.)

Divisibility Rules

Quick tests to determine whether a number is divisible by small primes:

By 2: Last digit is even (0, 2, 4, 6, 8)
By 3: Sum of digits is divisible by 3
By 4: Last two digits form a number divisible by 4
By 5: Last digit is 0 or 5
By 6: Divisible by both 2 and 3
By 7: Double the last digit and subtract from the rest; repeat until testable
By 8: Last three digits form a number divisible by 8
By 9: Sum of digits is divisible by 9
By 11: Alternating sum of digits is divisible by 11

Example: Testing Divisibility of 2,574

By 2: Last digit is 4 (even) → Yes ✓

By 3: 2 + 5 + 7 + 4 = 18, and 18 ÷ 3 = 6 → Yes ✓

By 9: Digit sum = 18, and 18 ÷ 9 = 2 → Yes ✓

By 11: 2 - 5 + 7 - 4 = 0, and 0 is divisible by 11 → Yes ✓

So 2,574 is divisible by 2, 3, 6, 9, and 11.

Prime Numbers

A prime number is an integer greater than 1 whose only positive divisors are 1 and itself. An integer greater than 1 that is not prime is called composite.

p is prime ⟺ p > 1 and the only positive divisors of p are 1 and p

The first few primes are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, …

The number 2 is the only even prime. Every other even number is divisible by 2, making it composite. This makes 2 a very special prime — sometimes called "the oddest prime."

Euclid's Theorem: Infinitude of Primes

One of the most elegant proofs in all of mathematics, dating back over 2,300 years:

Proof: There are infinitely many primes

Proof (Euclid): Suppose, for contradiction, that there are only finitely many primes: p₁, p₂, …, pₙ.

Consider the number N = p₁ · p₂ · … · pₙ + 1.

N is greater than 1, so it has a prime factor p (by the result proved earlier).

But p cannot be any of p₁, p₂, …, pₙ, because dividing N by any pᵢ leaves remainder 1.

This contradicts our assumption that p₁, …, pₙ are all the primes. ✓

Therefore, there are infinitely many primes.

The Fundamental Theorem of Arithmetic

This theorem establishes that primes are the "building blocks" of all integers:

Every integer n > 1 can be written uniquely as a product of primes (up to the order of the factors): n = p₁^a₁ · p₂^a₂ · … · pₖ^aₖ

The existence part is proved by strong induction; the uniqueness part uses a key property of primes called Euclid's Lemma: if a prime p divides a product ab, then p | a or p | b.

Example: Prime Factorizations

360 = 2³ · 3² · 5

1,001 = 7 · 11 · 13

2,310 = 2 · 3 · 5 · 7 · 11

10,000 = 2⁴ · 5⁴

Each factorization is unique (aside from rearranging the order).

The Sieve of Eratosthenes

The Sieve of Eratosthenes is an ancient and efficient algorithm for finding all primes up to a given limit N:

Write down all integers from 2 to N.
Start with the smallest unmarked number (2). Circle it — it's prime.
Cross out all multiples of 2 (4, 6, 8, 10, …).
Move to the next unmarked number (3). Circle it — it's prime.
Cross out all multiples of 3 (9, 15, 21, …) that haven't been crossed out already.
Continue this process. You only need to sieve up to √N.
All remaining unmarked numbers are prime.

Example: Primes up to 30

Start: 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30

Sieve by 2: Keep 2; cross out 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30

Sieve by 3: Keep 3; cross out 9, 15, 21, 27

Sieve by 5: Keep 5; cross out 25

We stop at √30 ≈ 5.47, so we're done.

Primes up to 30: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29

The Sieve of Eratosthenes has time complexity O(N log log N), making it remarkably efficient for generating all primes up to N. It remains a practical tool even for large values of N.

Distribution of Primes

Although primes become less frequent among larger numbers, they never "run out." The Prime Number Theorem, proved independently by Hadamard and de la Vallée Poussin in 1896, describes their asymptotic distribution:

π(x) ~ x / ln(x) as x → ∞

Here π(x) denotes the number of primes less than or equal to x. Informally, the "probability" that a randomly chosen number near x is prime is approximately 1/ln(x).

π(10) = 4 (primes: 2, 3, 5, 7)
π(100) = 25
π(1,000) = 168
π(1,000,000) = 78,498
π(1,000,000,000) = 50,847,534

Twin Primes

Twin primes are pairs of primes that differ by exactly 2. Examples include (3, 5), (5, 7), (11, 13), (17, 19), (29, 31), (41, 43), and (71, 73).

The Twin Prime Conjecture asserts that there are infinitely many twin prime pairs. Despite intensive effort, this remains unproven. In 2013, Yitang Zhang made a breakthrough by proving that there are infinitely many pairs of primes differing by at most 70 million — a bound later reduced to 246 by the Polymath project.

Other Famous Conjectures

Goldbach's Conjecture (1742): Every even integer greater than 2 is the sum of two primes. Verified up to 4 × 10¹⁸ but unproven.
Legendre's Conjecture: There is always a prime between n² and (n + 1)² for every positive integer n.
Mersenne Primes: Primes of the form 2ⁿ - 1 (e.g., 3, 7, 31, 127). It is unknown whether infinitely many exist.

Greatest Common Divisor and LCM

The greatest common divisor (GCD) of two integers a and b (not both zero) is the largest positive integer that divides both a and b. We write gcd(a, b).

gcd(a, b) = max{ d ∈ ℤ⁺ : d | a and d | b }

The least common multiple (LCM) of two positive integers a and b is the smallest positive integer that is divisible by both a and b. We write lcm(a, b).

lcm(a, b) = min{ m ∈ ℤ⁺ : a | m and b | m }

GCD and LCM from Prime Factorizations

If a = p₁^α₁ · p₂^α₂ · … · pₖ^αₖ and b = p₁^β₁ · p₂^β₂ · … · pₖ^βₖ (using all primes from both factorizations, with zero exponents where needed), then:

gcd(a, b) = p₁^min(α₁,β₁) · p₂^min(α₂,β₂) · … · pₖ^min(αₖ,βₖ)

lcm(a, b) = p₁^max(α₁,β₁) · p₂^max(α₂,β₂) · … · pₖ^max(αₖ,βₖ)

Example: GCD and LCM of 360 and 756

360 = 2³ · 3² · 5¹ · 7⁰

756 = 2² · 3³ · 5⁰ · 7¹

gcd(360, 756) = 2^min(3,2) · 3^min(2,3) · 5^min(1,0) · 7^min(0,1) = 2² · 3² · 1 · 1 = 4 · 9 = 36

lcm(360, 756) = 2^max(3,2) · 3^max(2,3) · 5^max(1,0) · 7^max(0,1) = 2³ · 3³ · 5 · 7 = 8 · 27 · 5 · 7 = 7,560

Key Identity

gcd(a, b) · lcm(a, b) = a · b

This elegant relationship connects the GCD and LCM. Using the example above: 36 · 7,560 = 272,160 = 360 · 756. ✓

The Euclidean Algorithm

The Euclidean Algorithm is one of the oldest and most important algorithms in mathematics (dating to ~300 BCE). It computes gcd(a, b) efficiently without needing prime factorizations, using the key property:

gcd(a, b) = gcd(b, a mod b)

Repeatedly apply this until the remainder is 0. The last nonzero remainder is the GCD.

Example: gcd(252, 198) using the Euclidean Algorithm

252 = 198 · 1 + 54 → gcd(252, 198) = gcd(198, 54)

198 = 54 · 3 + 36 → gcd(198, 54) = gcd(54, 36)

54 = 36 · 1 + 18 → gcd(54, 36) = gcd(36, 18)

36 = 18 · 2 + 0 → Done!

gcd(252, 198) = 18

The Extended Euclidean Algorithm

The Extended Euclidean Algorithm not only computes gcd(a, b) but also finds integers x and y such that:

a · x + b · y = gcd(a, b) (Bézout's Identity)

This is crucial for solving linear congruences and in the RSA cryptosystem.

Example: Extended Euclidean Algorithm for gcd(252, 198)

From our work above, we back-substitute:

18 = 54 - 36 · 1

18 = 54 - (198 - 54 · 3) · 1 = 54 · 4 - 198 · 1

18 = (252 - 198 · 1) · 4 - 198 · 1 = 252 · 4 - 198 · 5

So 252 · 4 + 198 · (-5) = 18, giving x = 4, y = -5.

Check: 252 · 4 = 1,008 and 198 · 5 = 990; 1,008 - 990 = 18. ✓

Two integers a and b are called coprime (or relatively prime) if gcd(a, b) = 1. In that case, Bézout's Identity guarantees integers x and y with ax + by = 1. This is the foundation for modular inverses.

Modular Arithmetic

Modular arithmetic is the arithmetic of remainders. Introduced systematically by Gauss in Disquisitiones Arithmeticae (1801), it is one of the most powerful concepts in number theory and has vast applications in computer science, cryptography, and pure mathematics.

Congruences

We say that a is congruent to b modulo m (written a ≡ b (mod m)) if m divides the difference a - b:

a ≡ b (mod m) ⟺ m | (a - b) ⟺ a and b have the same remainder when divided by m

Example: Congruences

17 ≡ 2 (mod 5) because 17 - 2 = 15, and 5 | 15. ✓

-3 ≡ 4 (mod 7) because -3 - 4 = -7, and 7 | (-7). ✓

100 ≡ 0 (mod 4) because 100 - 0 = 100, and 4 | 100. ✓

38 ≡ 14 (mod 12) because 38 - 14 = 24, and 12 | 24. ✓

Properties of Congruences

Congruence modulo m is an equivalence relation (reflexive, symmetric, transitive) and is compatible with addition and multiplication:

Addition: If a ≡ b (mod m) and c ≡ d (mod m), then a + c ≡ b + d (mod m)
Subtraction: If a ≡ b (mod m) and c ≡ d (mod m), then a - c ≡ b - d (mod m)
Multiplication: If a ≡ b (mod m) and c ≡ d (mod m), then ac ≡ bd (mod m)
Exponentiation: If a ≡ b (mod m), then aⁿ ≡ bⁿ (mod m) for any positive integer n

Warning: You cannot freely divide congruences! If ac ≡ bc (mod m), you can only conclude a ≡ b (mod m/gcd(c, m)). Division is only straightforward when gcd(c, m) = 1.

Example: Computing Large Powers Modulo m

Find 3¹⁰⁰ mod 7:

3¹ ≡ 3 (mod 7)

3² ≡ 9 ≡ 2 (mod 7)

3³ ≡ 6 ≡ -1 (mod 7)

3⁶ ≡ (-1)² ≡ 1 (mod 7)

Since 100 = 6 · 16 + 4:

3¹⁰⁰ = (3⁶)¹⁶ · 3⁴ ≡ 1¹⁶ · 3⁴ ≡ 81 ≡ 4 (mod 7)

3¹⁰⁰ ≡ 4 (mod 7)

Residue Classes

The integers modulo m fall into m distinct residue classes: {0, 1, 2, …, m - 1}. This set, denoted ℤ/mℤ (or ℤₘ), forms a ring under addition and multiplication modulo m.

Modular Inverses

An integer a has a multiplicative inverse modulo m — an integer a⁻¹ such that a · a⁻¹ ≡ 1 (mod m) — if and only if gcd(a, m) = 1. We find it using the Extended Euclidean Algorithm.

Example: Find the inverse of 7 modulo 11

We need x such that 7x ≡ 1 (mod 11).

Using the Extended Euclidean Algorithm:

11 = 7 · 1 + 4

7 = 4 · 1 + 3

4 = 3 · 1 + 1

Back-substitute: 1 = 4 - 3 = 4 - (7 - 4) = 2 · 4 - 7 = 2(11 - 7) - 7 = 2 · 11 - 3 · 7

So 7 · (-3) ≡ 1 (mod 11), meaning 7⁻¹ ≡ -3 ≡ 8 (mod 11).

Check: 7 · 8 = 56 = 5 · 11 + 1, so 56 ≡ 1 (mod 11). ✓

Solving Linear Congruences

A linear congruence ax ≡ b (mod m) has a solution if and only if gcd(a, m) | b. If d = gcd(a, m) divides b, there are exactly d incongruent solutions modulo m.

Example: Solve 6x ≡ 15 (mod 21)

d = gcd(6, 21) = 3. Since 3 | 15, solutions exist (and there will be 3 of them).

Divide through by 3: 2x ≡ 5 (mod 7).

Find 2⁻¹ mod 7: 2 · 4 = 8 ≡ 1 (mod 7), so 2⁻¹ ≡ 4 (mod 7).

Multiply both sides by 4: x ≡ 20 ≡ 6 (mod 7).

The 3 solutions modulo 21 are: x ≡ 6, 13, 20 (mod 21).

Check: 6 · 6 = 36 ≡ 15 (mod 21) ✓; 6 · 13 = 78 ≡ 15 (mod 21) ✓; 6 · 20 = 120 ≡ 15 (mod 21) ✓

Fermat's Little Theorem and Euler's Theorem

Fermat's Little Theorem

One of the most important results in number theory, stated by Pierre de Fermat in 1640:

If p is prime and gcd(a, p) = 1, then: a^(p-1) ≡ 1 (mod p)

An equivalent formulation that works for all integers a (including multiples of p):

aᵖ ≡ a (mod p) for every integer a

Example: Verifying Fermat's Little Theorem

Let a = 3, p = 7:

3⁶ = 729. Now 729 ÷ 7 = 104 remainder 1.

So 3⁶ ≡ 1 (mod 7). ✓

Let a = 2, p = 13:

2¹² = 4,096. Now 4,096 ÷ 13 = 315 remainder 1.

So 2¹² ≡ 1 (mod 13). ✓

Example: Using Fermat's Little Theorem to Compute Large Powers

Find 2³⁴⁰ mod 11:

Since 11 is prime and gcd(2, 11) = 1, Fermat says 2¹⁰ ≡ 1 (mod 11).

340 = 10 · 34, so 2³⁴⁰ = (2¹⁰)³⁴ ≡ 1³⁴ ≡ 1 (mod 11).

Euler's Totient Function

Euler's totient function φ(n) counts the number of integers from 1 to n that are coprime to n:

φ(n) = |{ k : 1 ≤ k ≤ n, gcd(k, n) = 1 }|

Computing φ(n)

If p is prime: φ(p) = p - 1 (all integers 1 through p - 1 are coprime to p)
If p is prime: φ(pᵏ) = pᵏ - pᵏ⁻¹ = pᵏ(1 - 1/p)
Multiplicativity: If gcd(m, n) = 1, then φ(mn) = φ(m) · φ(n)
General formula: For n = p₁^a₁ · p₂^a₂ · … · pₖ^aₖ:

φ(n) = n · (1 - 1/p₁) · (1 - 1/p₂) · … · (1 - 1/pₖ)

Example: Computing Euler's Totient

φ(12): 12 = 2² · 3. So φ(12) = 12 · (1 - 1/2) · (1 - 1/3) = 12 · 1/2 · 2/3 = 4.

Check: integers coprime to 12 in {1, …, 12} are {1, 5, 7, 11} — indeed 4 elements. ✓

φ(36): 36 = 2² · 3². So φ(36) = 36 · (1 - 1/2) · (1 - 1/3) = 36 · 1/2 · 2/3 = 12.

φ(100): 100 = 2² · 5². So φ(100) = 100 · (1 - 1/2) · (1 - 1/5) = 100 · 1/2 · 4/5 = 40.

Euler's Theorem

Euler's Theorem generalizes Fermat's Little Theorem from primes to all positive integers:

If gcd(a, n) = 1, then: a^φ(n) ≡ 1 (mod n)

When n = p is prime, φ(p) = p - 1, so this reduces to Fermat's Little Theorem.

Example: Euler's Theorem in Action

Find 7¹⁰⁰ mod 12:

gcd(7, 12) = 1 ✓. φ(12) = 4 (computed above).

By Euler's Theorem: 7⁴ ≡ 1 (mod 12).

100 = 4 · 25, so 7¹⁰⁰ = (7⁴)²⁵ ≡ 1²⁵ ≡ 1 (mod 12).

Euler's Theorem is the mathematical foundation of the RSA cryptosystem, which secures most of the internet's encrypted communications. The theorem guarantees that encryption and decryption are inverse operations.

Chinese Remainder Theorem

The Chinese Remainder Theorem (CRT) is a result about simultaneous congruences that dates back to the 3rd century Chinese mathematician Sun Tzu (Sunzi). It says that a system of congruences with pairwise coprime moduli has a unique solution.

If m₁, m₂, …, mₖ are pairwise coprime (gcd(mᵢ, mⱼ) = 1 for i ≠ j), then the system:
x ≡ a₁ (mod m₁)
x ≡ a₂ (mod m₂)
⋮
x ≡ aₖ (mod mₖ)
has a unique solution modulo M = m₁ · m₂ · … · mₖ.

Constructive Solution

To find the solution explicitly:

Compute M = m₁ · m₂ · … · mₖ.
For each i, compute Mᵢ = M / mᵢ.
For each i, find yᵢ such that Mᵢ · yᵢ ≡ 1 (mod mᵢ) (the modular inverse of Mᵢ mod mᵢ).
The solution is x ≡ a₁M₁y₁ + a₂M₂y₂ + … + aₖMₖyₖ (mod M).

Example: Solve the system

x ≡ 2 (mod 3)

x ≡ 3 (mod 5)

x ≡ 2 (mod 7)

Step 1: M = 3 · 5 · 7 = 105.

Step 2: M₁ = 105/3 = 35, M₂ = 105/5 = 21, M₃ = 105/7 = 15.

Step 3: Find inverses:

35y₁ ≡ 1 (mod 3): 35 ≡ 2 (mod 3), 2 · 2 = 4 ≡ 1 (mod 3), so y₁ = 2.

21y₂ ≡ 1 (mod 5): 21 ≡ 1 (mod 5), so y₂ = 1.

15y₃ ≡ 1 (mod 7): 15 ≡ 1 (mod 7), so y₃ = 1.

Step 4: x ≡ 2 · 35 · 2 + 3 · 21 · 1 + 2 · 15 · 1 = 140 + 63 + 30 = 233 ≡ 233 - 2 · 105 = 23 (mod 105).

Solution: x ≡ 23 (mod 105)

Check: 23 = 3 · 7 + 2, so 23 ≡ 2 (mod 3) ✓; 23 = 5 · 4 + 3, so 23 ≡ 3 (mod 5) ✓; 23 = 7 · 3 + 2, so 23 ≡ 2 (mod 7) ✓

Example: Two-Congruence System

Solve: x ≡ 3 (mod 8) and x ≡ 5 (mod 13).

From the first: x = 8k + 3 for some integer k.

Substitute into the second: 8k + 3 ≡ 5 (mod 13), so 8k ≡ 2 (mod 13).

Find 8⁻¹ mod 13: 8 · 5 = 40 ≡ 1 (mod 13), so 8⁻¹ ≡ 5.

k ≡ 2 · 5 ≡ 10 (mod 13).

x = 8 · 10 + 3 = 83.

Solution: x ≡ 83 (mod 104)

Check: 83 = 8 · 10 + 3 ✓; 83 = 13 · 6 + 5 ✓

The CRT has important applications beyond pure math. In computer science, it's used for large-integer arithmetic: instead of computing with one huge number, you can work modulo several smaller coprime moduli simultaneously, then combine the results using the CRT.

Diophantine Equations

Diophantine equations are polynomial equations where we seek integer solutions. They are named after Diophantus of Alexandria (c. 200–284 CE), who studied them extensively. Unlike ordinary algebra — where solutions can be any real or complex number — Diophantine equations restrict solutions to integers, making them much harder to analyze.

Linear Diophantine Equations

The simplest type is the linear Diophantine equation in two variables:

ax + by = c, where a, b, c are given integers and we seek integer solutions (x, y)

Existence of solutions: The equation ax + by = c has integer solutions if and only if gcd(a, b) | c.

Finding all solutions: If (x₀, y₀) is one particular solution, then all solutions are:

x = x₀ + (b/d) · t, y = y₀ - (a/d) · t, where d = gcd(a, b) and t ∈ ℤ

Example: Solve 15x + 21y = 12

Step 1: Check existence. gcd(15, 21) = 3, and 3 | 12. ✓ Solutions exist.

Step 2: Simplify by dividing by 3: 5x + 7y = 4.

Step 3: Find one particular solution using the Extended Euclidean Algorithm.

gcd(5, 7): 7 = 5 · 1 + 2; 5 = 2 · 2 + 1; so 1 = 5 - 2 · 2 = 5 - 2(7 - 5) = 3 · 5 - 2 · 7.

Therefore 5 · 3 + 7 · (-2) = 1. Multiply by 4: 5 · 12 + 7 · (-8) = 4.

A particular solution is x₀ = 12, y₀ = -8.

Step 4: General solution: x = 12 + 7t, y = -8 - 5t for any integer t.

Check (t = 0): 15(12) + 21(-8) = 180 - 168 = 12. ✓

Check (t = -1): 15(5) + 21(-3) = 75 - 63 = 12. ✓

Famous Diophantine Equations

Pythagorean Equation: x² + y² = z²

Integer solutions are called Pythagorean triples. The complete parametric solution for primitive Pythagorean triples (where gcd(x, y, z) = 1) is:

x = m² - n², y = 2mn, z = m² + n²

where m > n > 0, gcd(m, n) = 1, and m - n is odd.

Example: Generating Pythagorean Triples

m = 2, n = 1: x = 4 - 1 = 3, y = 4, z = 4 + 1 = 5 → (3, 4, 5)

m = 3, n = 2: x = 9 - 4 = 5, y = 12, z = 9 + 4 = 13 → (5, 12, 13)

m = 4, n = 1: x = 16 - 1 = 15, y = 8, z = 16 + 1 = 17 → (8, 15, 17)

m = 4, n = 3: x = 16 - 9 = 7, y = 24, z = 16 + 9 = 25 → (7, 24, 25)

Fermat's Last Theorem: xⁿ + yⁿ = zⁿ

Pierre de Fermat conjectured in 1637 that the equation xⁿ + yⁿ = zⁿ has no positive integer solutions for n ≥ 3. He famously wrote that he had "a truly marvelous proof that this margin is too narrow to contain."

This conjecture stood unsolved for 358 years until Andrew Wiles proved it in 1995, in one of the greatest mathematical achievements of the 20th century. The proof uses deep ideas from algebraic geometry and modular forms, far beyond elementary number theory.

Pell's Equation: x² - Dy² = 1

For a positive non-square integer D, Pell's equation always has infinitely many solutions. The fundamental solution can be found using continued fractions.

Example: Pell's Equation x² - 2y² = 1

We seek integer solutions. Trying small values:

y = 0: x² = 1, so x = 1. Solution: (1, 0).

y = 1: x² = 3, no integer solution.

y = 2: x² = 9, so x = 3. Solution: (3, 2). ✓

From the fundamental solution (3, 2), all solutions can be generated via:

(xₙ₊₁, yₙ₊₁) = (3xₙ + 4yₙ, 2xₙ + 3yₙ)

Next solution: x = 3·3 + 4·2 = 17, y = 2·3 + 3·2 = 12. Check: 17² - 2·12² = 289 - 288 = 1. ✓

Next: x = 3·17 + 4·12 = 99, y = 2·17 + 3·12 = 70. Check: 99² - 2·70² = 9801 - 9800 = 1. ✓

When solving Diophantine equations, always check necessary conditions first. Modular arithmetic can quickly rule out the existence of solutions: for instance, x² + y² = 4k + 3 has no integer solutions, because squares modulo 4 are only 0 or 1, so the sum of two squares mod 4 can only be 0, 1, or 2 — never 3.

Applications in Cryptography

Modern cryptography relies heavily on number theory. The security of many encryption systems depends on the computational difficulty of certain number-theoretic problems — particularly integer factorization and the discrete logarithm problem.

One-Way Functions

A one-way function is easy to compute in one direction but computationally infeasible to reverse. Number theory provides natural one-way functions:

Multiplication vs. Factoring: Multiplying two large primes p · q is trivial; factoring the product N = pq back into p and q is extremely hard for large N.
Modular exponentiation vs. Discrete logarithm: Computing aˣ mod n is fast (via repeated squaring); recovering x from aˣ mod n is very hard.

The RSA Cryptosystem

The RSA algorithm, invented by Rivest, Shamir, and Adleman in 1977, is one of the first and most widely used public-key cryptosystems. It rests entirely on results from number theory: Euler's Theorem, modular inverses, and the difficulty of factoring large numbers.

Key Generation

Choose two large distinct primes p and q (in practice, each 1024+ bits).
Compute n = p · q. This is the modulus.
Compute φ(n) = (p - 1)(q - 1). (Euler's totient of n.)
Choose an integer e with 1 < e < φ(n) and gcd(e, φ(n)) = 1. This is the public exponent. (A common choice is e = 65537.)
Compute d ≡ e⁻¹ (mod φ(n)) using the Extended Euclidean Algorithm. This is the private exponent.

Public Key: (n, e) — shared openly
Private Key: (n, d) — kept secret

Encryption and Decryption

Encryption: C ≡ Mᵉ (mod n)
Decryption: M ≡ Cᵈ (mod n)

where M is the plaintext message (as a number less than n) and C is the ciphertext.

Why Decryption Works

By construction, e · d ≡ 1 (mod φ(n)), so e · d = 1 + k · φ(n) for some integer k. Then:

Cᵈ ≡ (Mᵉ)ᵈ = M^(ed) = M^(1 + k·φ(n)) = M · (M^φ(n))ᵏ ≡ M · 1ᵏ ≡ M (mod n)

The crucial step uses Euler's Theorem: M^φ(n) ≡ 1 (mod n) when gcd(M, n) = 1.

Example: RSA with Small Numbers

Key Generation:

Choose p = 61, q = 53.

n = 61 · 53 = 3,233.

φ(n) = (61 - 1)(53 - 1) = 60 · 52 = 3,120.

Choose e = 17 (gcd(17, 3120) = 1 ✓).

Find d: 17d ≡ 1 (mod 3120). Using the Extended Euclidean Algorithm: d = 2,753.

Check: 17 · 2,753 = 46,801 = 15 · 3,120 + 1, so 17 · 2,753 ≡ 1 (mod 3,120). ✓

Public key: (3233, 17). Private key: (3233, 2753).

Encryption: Encrypt the message M = 65.

C ≡ 65¹⁷ (mod 3233).

Using repeated squaring: 65² = 4,225 ≡ 992 (mod 3233); 65⁴ ≡ 992² = 984,064 ≡ 2,149 (mod 3233); … continuing: C = 2,790.

Decryption: Recover M from C = 2,790.

M ≡ 2,790²⁷⁵³ (mod 3233) = 65. ✓

The original message is recovered!

Security of RSA

RSA's security rests on the assumption that factoring n = pq is computationally infeasible when p and q are sufficiently large. If an attacker could factor n, they could compute φ(n) = (p - 1)(q - 1) and then recover the private key d. Current RSA implementations use keys of 2048 bits or more.

RSA is not unbreakable in principle. A sufficiently powerful quantum computer could factor large numbers efficiently using Shor's Algorithm, rendering RSA insecure. This has motivated active research into post-quantum cryptography — encryption schemes believed to resist quantum attacks.

Other Number-Theoretic Cryptosystems

Diffie-Hellman Key Exchange: Based on the difficulty of the discrete logarithm problem in modular arithmetic.
ElGamal Encryption: Also based on discrete logarithms.
Elliptic Curve Cryptography (ECC): Uses the group structure of elliptic curves over finite fields, achieving strong security with shorter keys than RSA.
Primality Testing: The Miller-Rabin and AKS algorithms, rooted in number theory, are essential for generating the large primes RSA requires.

Number theory's journey from "pure" mathematics with no practical use to the backbone of internet security is one of the great stories of science. Gauss, Euler, and Fermat could never have imagined that their work on primes and congruences would one day protect bank transactions, medical records, and private communications for billions of people.