Modular Arithmetic from
Fermat and Euler to Carmichael and beyond...
(2004-11-25) The Chinese Remainder Theorem
Let the product of several pairwise coprime integers
m_{1}, m_{2} ... m_{k} be M.
It turns out that, up to a multiple of M,
there is one and only one integer which leaves prescribed remainders when
divided by each of these.
This result is universally known as the
Chinese Remainder Theorem, although
it is sometimes butchered and/or generalized beyond recognition.
Proof:
The general result for any number (k) of moduli
(plural of modulus) is easily obtained by induction
from the special case of two coprime moduli m and m'.
Leaving this induction up to the reader, we'll only prove the
k = 2 case:
Given the remainders r and r', we want an n such that (for some q,q'):
n = q m + r
n = q'm' + r'
Since m and m' are known to be coprime, there are integers u and v such that
um + vm' =1.
(One possibility for u and v may be obtained explicitly by retracing backwards the steps
of Euclid's algorithm which lead to the greatest common factor [= 1]
of m and m'. This result is now known as
Bezout's Lemma.)
So:
n = vm'(qm+r) + um(q'm'+r') = (uq'+vq)mm' + [umr'+vm'r]
This shows that n is equal to the integer [umr'+vm'r]
up to a multiple of mm'.
Conversely, any such number is easily shown to leave the correct remainders.
(HINT:
Add umr to the square bracket to discover the remainder modulo m.)
Note that, when the moduli are not pairwise coprime, some potential sets
of "remainders" are ruled out:
For example, no integer can leave a remainder of 2 when divided by 6 and a remainder
of 3 when divided by 4...
If M is the product of several pairwise coprime moduli such as m,
an explicit formula (in terms of our
Bézout function) can be given
for the number n
(defined up to a multiple of M) which leaves a remainder of r_{m}
when divided by m :
Explicit Solution of the
Chinese Remainder Problem
n =
å_{m}^{M}/_{m}bezout
( ^{M}/_{m} , m )
r_{m}
If you've read the rest of this page or are otherwise familiar with
modular arithmetic, you may memorize and/or prove the above formula
by recalling that bezout (x,y) is essentially the
reciprocal of x modulo y
For example, counting by 7's, 8's, 9's and 11's, we obtain:
There's one important trivial case
(often used in schoolwork or in recreational
mathematics)
where the whole computational machinery is not needed:
When the remainders are all equal to x
(e.g., x=1) then the number itself must be equal to
x (modulo M).
With coprime moduli, the Chinese Remainder Theorem
guarantees that this obvious solution is the only one.
(2003-11-18) Modular Arithmetic: The Algebra of Congruences
Remainders in the divisions by a fixed modulus (m) obey simple rules...
The first clean presentation of modular arithmetic was published
by Carl Friedrich Gauss
[ the name rhymes with house ]
in Disquisitiones Arithmeticae (1801).
The basic observation is that any integer n belongs to one
of m so-called residue classes modulo m.
The residue class (or simply residue) of n is represented by the
remainder (0 to m-1)
obtained when we divide m into n.
Thus, two numbers that differ by a multiple of m have
the same residue modulo m.
(You may use this to find the residue of a negative number.)
The modulus m is usually positive,
but there's no great difficulty in allowing negative moduli
(classes modulo m and -m are the same).
For a zero modulus, there would be infinitely many
residue classes, each containing only one element.
[This need not be disallowed.]
The interesting thing is that a sum [or a product]
has the same residue as the sum [or the product] of the residues involved...
For example, the last digit of a positive integer identifies its
residue modulo 10.
If you want to know what the last digit is when you multiply
12546549023 by 9802527, just multiply 3 by 7 and take the last digit of that.
Much easier.
Another example:
Prove quickly
that 11^{n} - 4^{n}
is divisible by 7.
Answer.
Notations:
Various notations are used to indicate that "9802527 is
congruent to 7 modulo 10".
Formally, congruences have the structure of equations:
9802527
º
7 [10]
9802527
º
7 (mod 10)
9802527 mod 10
=
7
[9802527]_{ 10}
=
[7]_{ 10}
When the modulus used is otherwise specified, every number may stand for
its own residue class and straight equations can be written
which would look strange outside of this context.
For example, modulo 10:
When n is coprime to the modulus m,
Bézout's Theorem
states there are integers x and y such that
n x + m y = 1
(In practice, such values for x and y may be obtained by tracing back the
steps of Euclid's algorithm in the computation of
the greatest common divisor of n and m.)
This is to say that the residue of n has a reciprocal modulo m,
namely the residue class of x.
Modulo 10, for example, the reciprocal of 7 is 3,
whereas 1 and 9 are their own reciprocals
(the residues 0,2,4,5,6,8 are not coprime to 10 and have therefore
no reciprocal modulo 10).
Prime moduli are especially interesting,
because all nonzero residues have a reciprocal
(we're dealing with a field).
With a prime modulus p, the p-1 nonzero residues thus form
a multiplicative group.
This fact may be used to prove the very important Little Theorem
of Fermat presented in the next article,
and it suggests a generalization due to Euler.
(2003-11-18) Fermat's "Little Theorem"
For any a not multiple of a prime p,
(a^{ p-1}-1)
is divisible by p.
Fermat's so-called little theorem states that
for any prime p, raising any number not divisible by p to the power of p-1
gives a result which is just one unit above a multiple of p.
This was first stated without proof by Fermat in 1640.
A proper proof was given in 1736 by Euler,
generalized to any modulus (see below).
(2003-11-18) Euler's Totient Function
f
[ Sloane's
A000010 ]
f(n) is the number of positive integers
coprime to n, between 1 and n.
The key to generalizing Fermat's little theorem
from a prime modulus p [above]
to any positive modulus n [below] is an accurate count of
how many integers between 1 and n are coprime to n.
Such numbers are called the totatives of n.
The number of totatives of n is denoted f(n)
and is called the totient of n...
Every integer from 1 to p-1 is a totative of a prime p. So:
f(p) = p-1.
When n is the power of a prime (p^{k }), the only numbers between 1 and n
that are not coprime to n are the n/p multiples of p.
Therefore, f(n) = n-n/p.
f( p^{k }) =
p^{k-1 }(p-1).
Finally, we observe that defining f over prime powers is
enough, because it happens to be a
multiplicative function, which is to say
that if p and q are coprime integers, then
f(pq) = f(p)f(q).
This is a direct consequence of the Chinese Remainder Theorem,
since each residue modulo pq which is coprime to pq is
uniquely obtained by choosing independently one of the
f(p)
residues modulo p coprime to p and one of the
f(q) residues modulo q coprime to q.
So, if
a^{a }b^{b }c^{g }...
is the factorization of a positive integer n into primes:
f (n) =
f (
a^{a }b^{b }c^{g }...) =
a^{a-1 }(a-1)
b^{b-1 }(b-1)
c^{g-1 }(c-1) ...
Sierpinski's
Conjecture (now a theorem):
For any integer m greater than 1,
there is at least one integer y
such that the equation
f(x) = y
has exactly m solutions in x.
This was originally conjectured by Waclaw Sierpinski (1882-1969)
in the 1950s.
A conditional proof was given by A. Schnizel in 1961.
In 1998, the conjecture was finally proven by Kevin Ford
(arXiv:math/9907204v1).
Carmichael's Conjecture (still an open question):
Does the above hold for m=1 ?
Is there a totient with multiplicity 1 ?
(2003-11-18) Euler's Generalization of Fermat's "Little Theorem"
For any number acoprime to n, a to the power of
f(n) is 1 modulo n.
This is one of the most basic and most beautiful early results of Number Theory.
The residues modulo n that are coprime to n constitute a multiplicativegroup,
which is to say that the product of two such residues is also a residue coprime to n,
and that any such residue has a reciprocal modulo n (whose value may be obtained by
tracing backward the steps of Euclid's algorithm
that lead to a greatest common divisor equal to unity).
Lagrange's Theorem
(arguably the first great result of Group Theory)
states that the order of any subgroup divides the order of the whole group.
In particular, we may consider the order of an element,
defined as the order of the [multiplicative] subgroup it generates:
It's the least of its positive powers which equals unity.
The order of each coprime residue modulo n thus divides the orderf(n) of the
entire multiplicative group of coprime residues
(as specified above).
This implies, as advertised, that we obtain a unity residue when any residue coprime to
n is raised (modulo n) to the power of f(n).
Order of a residue modulo n :
If the k-th power of a residue is unity, then this residue is coprime
with the modulus n and k is necessarily
a multiple of its order (as defined above).
(2003-11-21) Carmichael's Function
l (Reduced Totient Function)
The least exponent that makes allcoprime
powers equal to 1, modulo n.
The Fermat-Euler theorem
says that a^{ k } is congruent to 1 modulo n
for any base a coprime to n if k = f(n).
It doesn't say that f(n) is the least such k...
The least exponent k with the above property is a
particular divisor of the totient
f(n), called the "reduced totient of n", for
which the notation l(n)
was introduced in 1910 by R.D. Carmichael
(some authors use "y"
instead of "l").
The reduced totient function l is called the
Carmichael function (or Carmichael's lambda)
although it was known to
Gaussmuch earlier
[Disquisitiones Arithmeticae,
Art. 92].
n
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
l(n)
1
1
2
2
4
2
6
2
6
4
10
2
12
6
4
4
16
6
18
4
6
10
f(n)
1
1
2
2
4
2
6
4
6
4
10
4
12
6
8
8
16
6
18
8
12
10
The function l may be computed using the
following rules:
[See A002322]
l(1) = 1; l(2) = 1;
l(4) = 2;
l(2^{n }) = 2^{n-2}
for n > 2.
l(q) = f(q)
if q is a power of an odd prime.^{ }
If a and b are coprime, then
l(ab) is the LCM
of l(a) and
l(b).^{ }
Unlike Euler's function (f),
Carmichael's function (l) is notmultiplicative.
In the vocabulary of Group Theory,
f(n) and l(n) are called,
respectively, the order and the
exponent of the group of invertible
classes modulo n.
91 is a pseudoprime to base a if and only if
a^{ 90 } is congruent to 1, modulo 91.
This happens if a belongs to one of
the following 36 residues classes, modulo 91:
There are 72 residues coprime to 91
( 72 is the Euler totient of 91 ).
This is exactly twice as many as above.
Such a simple ratio is the rule...
(2003-11-18) Carmichael Numbers (Absolute Pseudoprimes)
A Carmichael number is a composite number n dividing
a^{n}-a for any a.
A Carmichael number is thus a pseudoprime
to any base a to which it's coprime.
The term "Carmichael number" was introduced in 1950,
by N.G.W.H. Beeger (discoverer of
the second Wieferich prime in 1922).
In 1899, Korselt conjectured the existence of such numbers and
characterized them (see "Korselt's criterion" below).
The smallest of these (561) was discovered in 1910 by Robert D. Carmichael,
who subsequently found fifteen examples and conjectured there were infinitely many,
a fact which was finally proved by Alford, Granville and Pomerance,
in 1992.
A Carmichael number is an odd
squarefree number
congruent to 1 modulo (p-1) for any prime p dividing it
(Korselt's criterion).
Thus, 1729 is a Carmichael number because its prime factorization
is 7.13.19 while 1728 happens to be divisible by 6, 12 and 18.
The above
definition of Carmichael's function (l)
tells that Carmichael numbers are the composite numbers n for which
l(n)
divides (n-1).
The way l(n)
is explicitely computed shows this to be equivalent to Korselt's criterion.
Here are the first Carmichael numbers.
[Sloane's A002997
sequence]
Other integer sequences related to Carmichael numbers
include the following:_{ }
A055553
Number of Carmichael numbers with n decimal digits or less:
0, 0, 1 (561 has 3 digits), 7,
16, 43, 105, 255, 646, 1547, 3605, 8241, 19279,
44706, 105212, 246683, and 585355 with 16 digits or less_{ }...
A006931
Least Carmichael numbers with n prime
factors, namely:
(2003-11-22) The Chernik formulas for generic Carmichael numbers :
Explicit products that form Carmichael numbers iff
all factors are prime.
In 1939, J. Chernik remarked that
the product (6k+1)(12k+1)(18k+1)
is a Carmichael number if the three factors are prime.
Furthermore, the thing may be multiplied by
(36k+1) if that factor is also prime,
to produce another Carmichael number with 4 prime factors.
For k = 1 this does give two Carmichael numbers:
1729 = 7.13.19
63973 = 7.13.19.37
It has been wrongly reported [in at least one published paper]
that the process would continue with an additional (72k+1) prime factor.
The above example (k = 1) shows that this is not so:
73 is prime, but the number 7.13.19.37.73 (4670029) is not congruent to 1
modulo 72 and is therefore not a Carmichael number.
In fact, a fifth prime factor (72k+1) is acceptable if and only if k has
an even value.
Similarly, a sixth prime factor (144k+1) would yield yet another Carmichael
number only when k is a multiple of 4.
A seventh prime factor (288k+1) is fine whenever k is a multiple of 8...
Such restrictions on k for extensions of Chernik's formula beyond 4 factors
may or may not have been an oversight of Chernik himself (we've not checked)
but this elementary mistake is tainting some otherwise nice discussions of the subject.
Here are integer sequences related to Chernik-type
Carmichael numbers:_{ }
Carmichael numbers of the form (6k+1)(12k+1)(18k+1) :
1729, 172081, 294409, 1773289, 4463641, 13992265, 47006785,
56052361, 118901521, 172947529,
216821881 ...
(2003-11-23) Generic Carmichael Numbers
Other explicit expressions in the spirit of
Chernik's formulas.
When the 4 factors are prime,
(ak+1)(bk+1)(ck+1)(dk+1)
is a Carmichael number provided
a, b, c and d all divide
their own symmetric functions:
(a+b+c+d),
(ab+ac+ad+bc+bd+cd) and
(abc+abd+acd+bcd).
A similar sufficient
condition holds for products of at least 3 factors of this type.
Here's the complete list of the 6 types of such "generic" 4-factor Carmichael
numbers, discovered and posted here by the author on 2003-11-23.
*
Products of the form (20m+1) (80m+1) (100m+1) (200m+1) are allowed by the sole
divisibility of the symmetric functions
but m has to be divisible by 3 (m = 3k)
or else at least one factor would be so divisible.
3-Factor Formulas :
"Generic" forms for 3-factor Carmichael numbers are easy to construct.
For example, in his presentation of all Carmichael numbers below
10 000 000 000 000 000, Richard G.E. Pinch notes that the
Carmichael number whose lowest prime factor is highest in this range
happens to be 9585921133193329, which is a product of 3 prime factors of the form:
( 7m + 1 ) ( 8m + 1 ) ( 11m + 1 )
It's not difficult to show that such a product of 3 primes is a Carmichael
number if and only if m is
congruent to 314 modulo 616.
Furthermore, m must be divisible by 3, or else at least one of the factors would be.
All told, m must be 1848k+942 for some k, which gives a product of the form shown
in the following table.
The number noted by Pinch is for k = 13,
which is the lowest value that makes the 3 factors prime:
A formula
giving Carmichael numbers
whenever the 3 factors are prime
Here are the highest acceptable
values of k having a given number of digits:
13,
928,
9996,
99778,
999588,
9999963,
99999466,
999999223,
9999997803,
99999997841,
999999999166,
9999999998098,
99999999997131,
999999999996618,
9999999999998481,
99999999999999018,
etc.
For example, k = 999 999 223 yields
a 40-digit Carmichael number (3887636054124102392503405910694993617809)
with three 14-digit prime factors:
12935989955323 . 14783988520369 . 20327984215507.
For k = 9999999999999999999999999994976 (31 digits) we would get
a 106-digit Carmichael number which is the product of three 36-digit primes.
With k = 10^{ 329 }- 4624879
we obtain a 1000-digit Carmichael number
with three prime factors that are each 334 digits in length:
Using a 600 MHz computer, it took us about 2 days to reach this result,
after testing for primality 4624879 triplets of factors.
The expected number of such tests is roughly proportional to the
cube of the target number of digits.
Hard testing may be skipped when k is congruent to a
residue that makes one of the 3 factors divisible by 5, 13, 17, 19, 23, etc.
These residues are:
0, 2, 4 (mod 5); 1, 7, 9 (mod 13); 1, 11, 16 (mod 17); 3, 4, 7 (mod 19); 9, 17, 19 (mod 23); etc.
(Shunning these five explicit cases makes the search about 5 times faster.)
Nevertheless, when a nontrivial primality test is required
[for lack of a small divisor]
its duration is proportional to the square or the cube of the number of digits involved
(depending on the duration of a single multiplication,
which could theoretically
be proportional to the number of digits,
but is proportional to the square of that
with ordinary computer implementations).
All told, this method is thus not very efficient to generate
extremely large Carmichael numbers...
Below is the sequence of the values of m for which (7m+1)(8m+1)(11m+1)
is a Carmichael number
(A101188).
Underlined values indicate Carmichael numbers
with at least 4 prime factors, which are not discussed above:
Of course, there's nothing special about 7, 8 and 11.
The above idea can be used with other triplets of
pairwise coprime
integers to construct 3-factor Carmichael numbers with special features.
In a private communication (on 2012-07-10)
Dr. Gottfried Barthel
used the technique with the triplet 999, 1000, 1001 to obtain an example of
a Carmichael number whose factors would be only about 0.2% apart from each other.
He obtained a 42-digit Carmichael number with 3 prime factors, after only 95 trials:
870980350028752028326948209713490300000001
= (999 m + 1) (1000 m + 1) (1001 m + 1) with
m = 95 (999 . 1000 . 1001) + 499998000 = 95499903000
(2003-11-29) Generating Large Carmichael Numbers
Efficient ways to find very large Carmichael numbers.
Generic Carmichael numbers are obtained from the methods presented in the
preceding articles when several predetermined
numbers are simultaneously prime, a rarely satisfied condition when
such numbers are extremely large.
A similar remark applies to an interesting general approach,
known as Chernik's extension method, which is based on the following observation:
If a Carmichael number n is considered in its canonical form
n = k l(n) + 1
and if some divisor d of k is such that the number
p = d l(n) + 1
happens to be prime, then pn is another Carmichael number.
(2003-11-18) _{ } Facts and Conjectures about Carmichael Divisors
Does any odd prime p have a Carmichael multiple?
[True if p < 10000]
Is the same true of any odd number coprime
to its Euler totient?
Consider a number n and let q be the lowest common multiple of the numbers
(p-1)
for all the prime factors p of n.
Any multiple of n may be expressed in the form
n(qk+r).
For such a multiple of n to be a Carmichael number, it must be congruent to 1 modulo any
(p-1)
and thus also modulo the lowest common multiple of all those quantities, which is q.
This means that nr must be congruent to 1 modulo q.
In other words, r must be the reciprocal of n modulo q.
Such a reciprocal exists if and only if n and q are coprime,
which is thus a necessary condition for n to divide any Carmichael number.
It's also necessary for n to be odd and squarefree.
We may call a Carmichael divisor a number that has a Carmichael multiple,
and combine both conditions into one short statement:
Carmichael divisors are odd numbers coprime to their totients.
I've been conjecturing (since 1980 or so)
that the converse holds, namely: Any odd number
coprime to its Euler totient divides some Carmichael number.
With encouragements from Max Alexseyev (thanks!) I teamed up with Joe Crump
in
the last days of 2007 and we did check the conjecture for all relevant numbers
below 10000. For many years,
the smallest number I had not been able to deal with was 885...
Here's part of the story:
On Carmichael numbers divisible by 885 = 3 . 5 . 59
The above general considerations imply that a Carmichael multiple of 885 must be of the
form 885 (116k+89) [since 116 = LCM(3-1,5-1,59-1) and 89 is the reciprocal of
885 modulo 116]. Such a Carmichael number can't be divisible by 7,
because this would make its totient divisible by 6
and thus not coprime with itself (since 885 is not coprime with 6).
Similarly, no prime factor of (116k+89) can be of the form 6m+1, 10m+1 or 118m+1.
Furthermore, a prime divisor can't be 3, 5 or 59 (as those divide 885).
It can't be 29 either, because 29 divides the totient of 885.
All told, such a prime factor is different from 29 and 59
and is congruent to 17, 23 or 29 modulo 30 (all primes congruent to
1 modulo 59 must also be ruled out, starting with 827 and 1889).
Lemma:
If p is prime and kp is a Carmichael number, then p-1 divides k-1.
Proof:
By Korselt's criterion,
there's an integer m for which m(p-1) = kp-1.
This means, indeed, that (m-k)(p-1) = k-1
A consequence of that lemma is that
there are no Carmichael numbers of the form 885 p where p is prime.
Indeed, such a prime would make p-1 equal to one of the 12 divisors of 884.
This restriction leaves only two possible prime values for p, besides 3 and 5
(namely, 53 and 443) and neither of them works!
Similarly, if both p and q are prime, then 885 pq can only be a Carmichael number
when p-1 divides 885q-1 (and q-1 divides 885p-1).
So, we may just let q run through the aforementioned "allowed" values and examine
the finitely many values of p which make p-1 a divisor of 885q-1.
Although the smallest Carmichael multiple of 885 remains unknown,
one explicit example was discovered on 2007-12-21 by Joe K. Crump
who used his own
prior work
to search quickly through numbers n which
divide 2^{n}-2.
Starting with a multiple of 2517 (found on 2007-12-20, with the same tactics)
Joe plugged the gaps which had been present since 2003-12-01
in my own table of Carmichael multiples by
providing Carmichael multiples of 885, 2391, 2517, 2571, 2589, 2595, 2685 and 2949
(we put together jointly a larger table shortly thereafter).
Although Joe Crump's approach doesn't necessarily provide the least such multiples,
his breakthrough provides stronger
computational support for my conjecture (formulated around 1980) that such Carmichael multiples
exist for all odd numbers coprime to their Euler totient.
Joe's attention had been caught by Max
Alekseyev ("Maxal")
who posted "Michon's conjecture" in the Open Problem Garden on 2007-08-04
A weaker conjecture applies only to prime numbers and merely states that:
Any odd prime has Carmichael multiples.
See our table of the least
Carmichael multiples of odd primes below 10000.
I came up with the above conjectures around 1980.
At the time, it was not yet known that there were infinitely many Carmichael numbers.
Therefore, an early proof of either conjecture would have established that...
Numbers coprime to their Euler totients are sometimes called
cyclic numbers
(A003277)
because a group whose order is such a number must
be cyclic.
The number 2 is cyclic but all the other cyclic numbers are odd.
Thus,
the main conjecture is that 2 is the only cyclic number without
Carmichael multiples. This can be stated even more compactly:
Any odd cyclic number has Carmichael multiples.
A formulation stressing that this is a necessary and sufficient
condition is:
A positive integer has Carmichael multiples if and only if it's odd and cyclic.
References
Carl Friedrich Gauss
"Disquisitiones Arithmeticae" (1801)._{ }
A. Korselt
( Alwin Reinhold Korselt, 1864-1947;
Ph.D. in 1902)
"Problème Chinois" L'Intermédiaire des Mathématiciens,
6, pp.142-143 (1899)._{ }
Robert D. Carmichael
"Note on a new number theory function" (1910) Bulletin of the American Mathematical Society,
XVI, pp.232-238._{ }
Robert D. Carmichael
"On composite numbers which satisfy the Fermat congruence"
American Mathematical Monthly, XIX, pp.22-27 (1912)._{ }
N.G.W.H. Beeger
[MR-12:159e]
"On composite numbers n for which a^{n-1}
º 1 (mod n) for every a prime to n"
Scripta Mathematica, 16, pp.133-135 (1950)._{ }
William R. Alford, Andrew Granville,
Carl Pomerance "There are infinitely many Carmichael numbers" (1992 result)
Annals of Mathematics, 139, pp.703-722 (1994).
[pdf]
Richard G.E. Pinch
"The Carmichael Numbers up to 10^{15 }"
Mathematics of Computation, 61, pp.381-391 (1993).