Elementary Number Theory

Divisibility, congruences, arithmetic functions, and the fundamental theorem of arithmetic.

Elementary number theory is the study of integers through the lens of divisibility, primality, and congruence — questions that are easy to state but often surprisingly deep to answer. It is one of the oldest branches of mathematics, stretching back to ancient Greece, and yet its results underpin modern cryptography, coding theory, and computer science. What makes number theory so compelling is this dual nature: the objects are familiar (whole numbers), yet the landscape they inhabit is vast, structured, and full of mystery.

Divisibility and the Euclidean Algorithm

At the heart of elementary number theory lies a single, simple relation. We say that an integer aa divides an integer bb, written aba \mid b, if there exists an integer kk such that b=akb = ak. When this holds, aa is called a divisor or factor of bb, and bb is a multiple of aa. For instance, 3123 \mid 12 because 12=3412 = 3 \cdot 4, but 5125 \nmid 12 because no integer kk satisfies 12=5k12 = 5k.

Divisibility is a partial order on the positive integers: it is reflexive (aaa \mid a), antisymmetric (if aba \mid b and bab \mid a with a,b>0a, b > 0, then a=ba = b), and transitive (if aba \mid b and bcb \mid c, then aca \mid c). These properties, elementary as they are, provide the scaffolding for everything that follows.

The Division Algorithm formalizes the familiar act of long division. Given any integers aa and bb with b>0b > 0, there exist unique integers qq (the quotient) and rr (the remainder) satisfying

a=bq+r,0r<b.a = bq + r, \quad 0 \leq r < b.

The uniqueness of qq and rr is just as important as their existence: it means every integer has a canonical decomposition with respect to any modulus. This theorem was known to ancient mathematicians in various forms, but its precise statement and proof became standard in European mathematics by the eighteenth century.

When we want to understand what two integers have in common, we turn to the greatest common divisor. For integers aa and bb not both zero, the GCD gcd(a,b)\gcd(a, b) is the largest positive integer that divides both aa and bb. A fundamental fact, known as Bézout’s identity, asserts that the GCD is always a linear combination of aa and bb: there exist integers ss and tt such that

gcd(a,b)=sa+tb.\gcd(a, b) = sa + tb.

This is not obvious, but it follows from the Euclidean algorithm, one of the oldest algorithms in mathematics. Described by Euclid in his Elements around 300 BCE, the algorithm repeatedly applies the division algorithm: since gcd(a,b)=gcd(b,r)\gcd(a, b) = \gcd(b, r) where r=amodbr = a \bmod b, we reduce the problem to smaller and smaller inputs until the remainder is zero. The last nonzero remainder is the GCD.

For example, to compute gcd(252,105)\gcd(252, 105):

252=2105+42,gcd(252,105)=gcd(105,42)252 = 2 \cdot 105 + 42, \quad \gcd(252, 105) = \gcd(105, 42) 105=242+21,gcd(105,42)=gcd(42,21)105 = 2 \cdot 42 + 21, \quad \gcd(105, 42) = \gcd(42, 21) 42=221+0,gcd(42,21)=21.42 = 2 \cdot 21 + 0, \quad \gcd(42, 21) = 21.

The extended Euclidean algorithm traces back through these steps to express 21=3105125221 = 3 \cdot 105 - 1 \cdot 252, giving the Bézout coefficients s=1s = -1 and t=3t = 3. This is not merely a theoretical curiosity: the extended algorithm is the standard method for computing modular inverses, which lie at the core of RSA encryption.

Two integers are coprime (or relatively prime) if gcd(a,b)=1\gcd(a, b) = 1. In that case, Bézout’s identity guarantees integers s,ts, t with sa+tb=1sa + tb = 1, which means sa1(modb)sa \equiv 1 \pmod{b}: ss is a multiplicative inverse of aa modulo bb. The complementary notion is the least common multiple lcm(a,b)\text{lcm}(a, b), the smallest positive integer divisible by both aa and bb. The identity

gcd(a,b)lcm(a,b)=ab\gcd(a, b) \cdot \text{lcm}(a, b) = |ab|

connects these two concepts in an elegant way that will reappear when we discuss prime factorizations.

Congruences and Modular Arithmetic

Congruence is divisibility repackaged for comparison. We say that aa is congruent to bb modulo nn, written ab(modn)a \equiv b \pmod{n}, if n(ab)n \mid (a - b), that is, if aa and bb leave the same remainder when divided by nn. Carl Friedrich Gauss introduced this notation in his landmark 1801 treatise Disquisitiones Arithmeticae, which effectively founded modern number theory as a unified discipline. Gauss was twenty-four years old when it was published.

Congruence modulo nn is an equivalence relation: it is reflexive, symmetric, and transitive. The equivalence class of aa is its residue class [a]n={a+kn:kZ}[a]_n = \{a + kn : k \in \mathbb{Z}\}. There are exactly nn residue classes modulo nn, and the set of all of them is written Z/nZ\mathbb{Z}/n\mathbb{Z} (or sometimes Zn\mathbb{Z}_n). What makes congruences genuinely powerful is that they are compatible with arithmetic: if aa(modn)a \equiv a' \pmod{n} and bb(modn)b \equiv b' \pmod{n}, then

a+ba+b(modn)andabab(modn).a + b \equiv a' + b' \pmod{n} \quad \text{and} \quad ab \equiv a'b' \pmod{n}.

This means Z/nZ\mathbb{Z}/n\mathbb{Z} is a ring — it inherits addition and multiplication from the integers, with all arithmetic “wrapping around” at multiples of nn.

A linear congruence axb(modn)ax \equiv b \pmod{n} has solutions if and only if gcd(a,n)b\gcd(a, n) \mid b. When this condition holds, there are exactly d=gcd(a,n)d = \gcd(a, n) distinct solutions modulo nn, equally spaced by n/dn/d. In particular, if gcd(a,n)=1\gcd(a, n) = 1, the congruence has a unique solution modulo nn, obtained by multiplying both sides by the modular inverse of aa.

Systems of simultaneous congruences can often be solved using the Chinese Remainder Theorem (CRT). In one of the earliest number-theoretic results from any civilization, problems of this type appear in the Sun Tzu Suanjing (ca. 3rd–5th century CE): “find a number that leaves remainder 2 when divided by 3, remainder 3 when divided by 5, and remainder 2 when divided by 7.” The CRT states that if n1,n2,,nkn_1, n_2, \ldots, n_k are pairwise coprime, then the system

xa1(modn1),xa2(modn2),,xak(modnk)x \equiv a_1 \pmod{n_1}, \quad x \equiv a_2 \pmod{n_2}, \quad \ldots, \quad x \equiv a_k \pmod{n_k}

has a unique solution modulo N=n1n2nkN = n_1 n_2 \cdots n_k. The proof is constructive: one builds the solution as x=i=1kaiMiyi(modN)x = \sum_{i=1}^k a_i M_i y_i \pmod{N}, where Mi=N/niM_i = N/n_i and yiy_i is the inverse of MiM_i modulo nin_i. In abstract algebra terms, the CRT asserts an isomorphism of rings Z/NZZ/n1Z××Z/nkZ\mathbb{Z}/N\mathbb{Z} \cong \mathbb{Z}/n_1\mathbb{Z} \times \cdots \times \mathbb{Z}/n_k\mathbb{Z}.

The multiplicative structure of Z/nZ\mathbb{Z}/n\mathbb{Z} is governed by Euler’s totient function φ(n)\varphi(n), which counts the integers from 11 to nn that are coprime to nn. The set of such residues forms the multiplicative group (Z/nZ)×(\mathbb{Z}/n\mathbb{Z})^\times, which has order φ(n)\varphi(n). Euler’s theorem generalizes Fermat’s Little Theorem: if gcd(a,n)=1\gcd(a, n) = 1, then

aφ(n)1(modn).a^{\varphi(n)} \equiv 1 \pmod{n}.

For prime pp, this reduces to Fermat’s Little Theorem: ap11(modp)a^{p-1} \equiv 1 \pmod{p} for a≢0(modp)a \not\equiv 0 \pmod{p}, a result Pierre de Fermat stated (without proof) in a letter to Bernard Frénicle de Bessy in 1640. Euler provided the first published proof in 1736. The formula for the totient of a general integer is

φ(n)=npn(11p),\varphi(n) = n \prod_{p \mid n} \left(1 - \frac{1}{p}\right),

where the product runs over the distinct prime divisors of nn.

Prime Numbers and the Fundamental Theorem of Arithmetic

A prime number is an integer greater than 1 whose only positive divisors are 1 and itself. All other integers greater than 1 are composite. Primes are the atoms of multiplicative arithmetic — the irreducible building blocks from which every other positive integer is assembled. The first few primes are 2,3,5,7,11,13,17,19,23,2, 3, 5, 7, 11, 13, 17, 19, 23, \ldots, and their distribution among the integers has fascinated mathematicians since antiquity.

The Fundamental Theorem of Arithmetic asserts that every integer greater than 1 can be written as a product of primes, and that this factorization is unique up to the order of the factors. More precisely: for any integer n>1n > 1, there exist primes p1p2pkp_1 \leq p_2 \leq \cdots \leq p_k such that

n=p1e1p2e2pkek,n = p_1^{e_1} p_2^{e_2} \cdots p_k^{e_k},

and any two such representations are identical. The existence half is straightforward by strong induction: if nn is not prime, it factors as n=abn = ab with 1<a,b<n1 < a, b < n, and each of aa and bb factors by induction. The uniqueness half requires more care — it uses the crucial fact that if a prime pp divides a product abab, then pap \mid a or pbp \mid b (sometimes called Euclid’s lemma).

Though the theorem feels obvious, its uniqueness can fail in other algebraic settings. In the ring Z[5]\mathbb{Z}[\sqrt{-5}], for instance, one has 6=23=(1+5)(15)6 = 2 \cdot 3 = (1 + \sqrt{-5})(1 - \sqrt{-5}), two distinct factorizations into irreducibles. Understanding why such failures occur, and how to restore uniqueness, was a central motivation for the development of ideal theory by Ernst Kummer and Richard Dedekind in the nineteenth century — and ultimately led to algebraic number theory, which is explored more deeply in later sub-topics of this branch.

The prime factorization of nn gives a formula for gcd\gcd and lcm\text{lcm}: if n=piain = \prod p_i^{a_i} and m=pibim = \prod p_i^{b_i} (taking ai=0a_i = 0 or bi=0b_i = 0 for primes not appearing), then

gcd(n,m)=pimin(ai,bi),lcm(n,m)=pimax(ai,bi).\gcd(n, m) = \prod p_i^{\min(a_i, b_i)}, \quad \text{lcm}(n, m) = \prod p_i^{\max(a_i, b_i)}.

Are there infinitely many primes? Euclid showed they are, in one of the most elegant proofs in all of mathematics. Suppose, for contradiction, that p1,p2,,pkp_1, p_2, \ldots, p_k are all the primes. Form N=p1p2pk+1N = p_1 p_2 \cdots p_k + 1. Then NN is not divisible by any of p1,,pkp_1, \ldots, p_k, so any prime factor of NN is a prime not on our list — a contradiction. This argument appears in Book IX of Euclid’s Elements.

The distribution of primes, while irregular locally, becomes predictable on large scales. The prime counting function π(x)\pi(x) denotes the number of primes at most xx. Adrien-Marie Legendre conjectured around 1798 that π(x)x/lnx\pi(x) \approx x / \ln x. This was proved independently by Jacques Hadamard and Charles-Jean de la Vallée Poussin in 1896 using complex analysis, giving the celebrated Prime Number Theorem:

π(x)xlnxas x.\pi(x) \sim \frac{x}{\ln x} \quad \text{as } x \to \infty.

The exact rate of convergence is connected to the zeros of the Riemann zeta function and the Riemann Hypothesis, one of the great open problems of mathematics.

Primitive Roots and Orders

Every nonzero element aa in Z/pZ\mathbb{Z}/p\mathbb{Z} (for prime pp) generates a cyclic subgroup {a,a2,a3,}\{a, a^2, a^3, \ldots\} of the multiplicative group (Z/pZ)×(\mathbb{Z}/p\mathbb{Z})^\times. The order of aa modulo pp, written ordp(a)\text{ord}_p(a), is the smallest positive integer kk such that ak1(modp)a^k \equiv 1 \pmod{p}. By Fermat’s Little Theorem, the order always divides p1p - 1.

A primitive root modulo pp is an element gg whose order equals p1p - 1, meaning the powers g1,g2,,gp1g^1, g^2, \ldots, g^{p-1} form a complete set of nonzero residues modulo pp. In other words, (Z/pZ)×(\mathbb{Z}/p\mathbb{Z})^\times is cyclic and gg is a generator. The existence of primitive roots modulo every prime is a nontrivial theorem, first proved by Euler and later given a clean treatment by Gauss in the Disquisitiones Arithmeticae. For p=7p = 7, for instance, g=3g = 3 is a primitive root: 31=33^1 = 3, 32=23^2 = 2, 33=63^3 = 6, 34=43^4 = 4, 35=53^5 = 5, 36=13^6 = 1 modulo 7.

The existence of primitive roots extends beyond primes. Primitive roots exist modulo nn if and only if n{1,2,4,pk,2pk}n \in \{1, 2, 4, p^k, 2p^k\} for odd prime pp and k1k \geq 1. For all other moduli, (Z/nZ)×(\mathbb{Z}/n\mathbb{Z})^\times is not cyclic — it decomposes into a product of cyclic groups of smaller orders. Understanding this structure requires the classification of finitely generated abelian groups, a topic developed in abstract algebra.

The notion of order is the key to discrete logarithms. If gg is a primitive root modulo pp and a≢0(modp)a \not\equiv 0 \pmod{p}, then there exists a unique exponent x{0,1,,p2}x \in \{0, 1, \ldots, p-2\} satisfying gxa(modp)g^x \equiv a \pmod{p}. This xx is called the discrete logarithm of aa to the base gg modulo pp, written x=loggax = \log_g a. Computing discrete logarithms efficiently is believed to be computationally hard — no polynomial-time algorithm is known for general pp — and this hardness assumption underpins the security of the Diffie-Hellman key exchange and related protocols in modern cryptography.

The structure of orders modulo prime powers is more subtle. The lifting the exponent lemma and Hensel’s lemma (discussed more fully in the context of pp-adic numbers) give methods for bootstrapping solutions modulo pp to solutions modulo higher powers pkp^k. This lifting perspective recurs throughout number theory: a local solution over Z/pZ\mathbb{Z}/p\mathbb{Z} is a candidate for a global solution over Z\mathbb{Z}, and the extent to which local solutions combine to give global ones is measured by the Chinese Remainder Theorem and, more deeply, by class field theory.

Applications of Modular Arithmetic

The abstract machinery of congruences and orders connects directly to concrete problems in computing, cryptography, and everyday life. Modular arithmetic provides both the theoretical foundation and the practical algorithms for a range of modern technologies.

Primality testing is the first major application. To verify that a large integer nn is prime, one cannot afford to trial-divide by all integers up to n\sqrt{n} when nn has hundreds of digits. Fermat’s test offers a shortcut: if nn is prime, then an11(modn)a^{n-1} \equiv 1 \pmod{n} for every aa coprime to nn. A failure means nn is composite. However, certain composite numbers — called Carmichael numbers — pass Fermat’s test for every coprime base, with 561=31117561 = 3 \cdot 11 \cdot 17 being the smallest example. The Miller-Rabin primality test, introduced independently by Gary Miller (1976) and Michael Rabin (1980), refines this by checking additional conditions derived from the factorization of p1=2sdp - 1 = 2^s \cdot d. A composite nn fools Miller-Rabin for at most 1/41/4 of all possible bases, making the test highly effective when run with multiple random bases. The deterministic AKS test, published by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena in 2002, settled a long-open question by showing that primality can be verified in polynomial time without any unproven assumptions.

RSA cryptography is the most famous application of elementary number theory. To set up an RSA key pair, one chooses two large primes pp and qq, forms n=pqn = pq, and selects an encryption exponent ee coprime to φ(n)=(p1)(q1)\varphi(n) = (p-1)(q-1). The decryption exponent is de1(modφ(n))d \equiv e^{-1} \pmod{\varphi(n)}, computed via the extended Euclidean algorithm. Encryption and decryption operate by modular exponentiation: a message mm becomes ciphertext cme(modn)c \equiv m^e \pmod{n}, and decryption recovers mcd(modn)m \equiv c^d \pmod{n}, valid by Euler’s theorem since ed1(modφ(n))ed \equiv 1 \pmod{\varphi(n)} implies cdmedm(modn)c^d \equiv m^{ed} \equiv m \pmod{n}. The security of RSA rests on the apparent difficulty of factoring nn without knowledge of pp and qq — the integer factorization problem, for which no efficient general algorithm is known. RSA was introduced in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, though an equivalent system had been discovered earlier (and kept classified) by Clifford Cocks at the UK’s GCHQ in 1973.

Check digit systems offer a more quotidian application. The ISBN-10 system for book identification assigns a 10-digit code d1d2d10d_1 d_2 \cdots d_{10} satisfying

i=110idi0(mod11).\sum_{i=1}^{10} i \cdot d_i \equiv 0 \pmod{11}.

The final digit d10d_{10} is the check digit, chosen to make this congruence hold. If a single digit is transcribed incorrectly, the checksum fails, alerting the reader to an error. Transposition of adjacent digits — the most common human transcription error — is also always detected, because the weights 1,2,,101, 2, \ldots, 10 are all different modulo 11. The Luhn algorithm used for credit card numbers is a similar but simpler scheme using modulo 10, though it detects only a subset of transpositions.

Efficient computation by repeated squaring is the final cornerstone. Computing gk(modn)g^k \pmod{n} naively requires k1k - 1 multiplications, which is useless when kk is a 256-bit exponent. The square-and-multiply (or binary exponentiation) algorithm reduces this to O(logk)O(\log k) modular multiplications: write kk in binary, and at each bit position either square (for a 0 bit) or square-and-multiply (for a 1 bit). For instance, g13=g11012g^{13} = g^{1101_2} is computed as ((g2)2g)2g((g^2)^2 \cdot g)^2 \cdot g, requiring only 5 multiplications instead of 12. This algorithm is the computational engine behind RSA, Diffie-Hellman, and virtually every other modular-exponentiation-based protocol. The interplay between the theoretical structures developed in this topic and their efficient algorithmic implementation is what makes elementary number theory not just a historical curiosity, but a living and economically vital field of mathematics.

The ideas introduced here — divisibility, primes, congruences, orders — are the foundation on which the rest of number theory is built. Moving deeper into the branch, one encounters quadratic residues and the law of quadratic reciprocity, Diophantine equations such as the Pell equation, and the rich arithmetic of algebraic number fields, all of which extend the elementary machinery developed in this topic to dramatically broader and more powerful settings.

Edit on GitHub