leads to Definition 2. DEFINITION 2 A
composite integer n that satisfies the
congruence bn1 1 (mod n) for all
positive integers b with gcd(b, n) = 1 is
called a Carmichael number. (These
numbers are named after Robert
Carmichael, who studied them in the e

words, gcd(a, b) can be expressed as a
linear combination with integer
coefficients of a and b. For example, gcd(6,
14) = 2, and 2 = (2) 6 + 1 14. We state
this fact as Theorem 6. THEOREM 6
BZOUTS THEOREM If a and b are
positive integers, then there exist

combination has integer coefficients.) The
method proceeds by working backward
through the divisions of the Euclidean
algorithm, so this method requires a
forward pass and a backward pass
through the steps of the Euclidean
algorithm. (In the exercises we

13, 2011 10:24 4.4 Solving Congruences
275 Linear Congruences A congruence of
the form ax b (mod m), where m is a
positive integer, a and b are integers, and
x is a variable, is called a linear
congruence. Such congruences arise
throughout number theory a

theory that this test relies on. These
probabilistic primality tests can be used,
and are used, to find large primes
extremely rapidly on computers. Primitive
Roots and Discrete Logarithms In the set
of positive real numbers, if b > 1, and x =
by, we say

it can be most easily carried out using the
method of mathematical induction,
covered in that section.) LEMMA 3 If p is a
prime and p | a1a2 an, where each ai is
an integer, then p | ai for some i. We can
now show that a factorization of an
integer into p

both sides of a congruence by the same
integer. We have shown (Theorem 5 in
Section 4.1) that we can multiply both
sides of a congruence by the same integer.
However, dividing both sides of a
congruence by an integer does not always
produce a valid congru

modulo m is easy when m is small. To find
this inverse, we look for a multiple of a
that exceeds a multiple of m by 1. For
example, to find an inverse of 3 modulo 7,
we can find j 3 for j = 1, 2,., 6, stopping
when we find a multiple of 3 that is one
more

seed x0 = 1? 6. What sequence of
pseudorandom numbers is generated
using the linear congruential generator
xn+1 = (4xn + 1) mod 7 with seed x0 = 3?
7. What sequence of pseudorandom
numbers is generated using the pure
multiplicative generator xn+1 = 3xn mo

that 18 = 4 (252 1 198) 1 198 = 4
252 5 198, completing the solution.
We will use Theorem 6 to develop several
useful results. One of our goals will be to
prove the part of the fundamental
theorem of arithmetic asserting that a
positive integer has at m

use an integer other than 2 as the base
when we study pseudoprimes.
DEFINITION 1 Let b be a positive integer.
If n is a composite positive integer, and
bn1 1 (mod n), then n is called a
pseudoprime to the base b. Given a
positive integer n, determining wh

every nonempty set of positive integers
has a least element (by the well-ordering
property, which will be discussed in
Section 5.2). Suppose that the prime
factorizations of a and b are as before.
Then the least common multiple of a and
b is given by lcm(

are relatively prime to 12? 15. Which
positive integers less than 30 are
relatively prime to 30? 16. Determine
whether the integers in each of these sets
are pairwise relatively prime. a) 21, 34, 55
b) 14, 17, 85 c) 25, 41, 49, 64 d) 17, 18,
19, 23 17. De

7, the original problem has been solved.
We now describe how the Euclidean
algorithm works in generality. We will use
successive divisions to reduce the
problem of finding the greatest common
divisor of two positive integers to the
same problem with small

is a positive integer. 52. Prove or disprove
that p1p2 pn + 1 is prime for every
positive integer n, where p1, p2,.,pn are
the n smallest prime numbers. 53. Show
that there is a composite integer in every
arithmetic progression ak + b, k = 1, 2,.
where a

r, we will have shown that gcd(a, b) =
gcd(b, r), because both pairs must have
the same greatest common divisor. So
suppose that d divides both a and b. Then
it follows that d also divides a bq = r
(from Theorem 1 of Section 4.1). Hence,
any common diviso

exponents if necessary. Then gcd(a, b) is
given by gcd(a, b) = p min(a1, b1) 1 p
min(a2, b2) 2 pmin(an, bn) n , where
min(x, y) represents the minimum of the
two numbers x and y. To show that this
formula for gcd(a, b) is valid, we must
show that the inte

We find that 1 + 1 + 0 + 1 + 0 + 1 + 1 1
(mod 2), so the parity check is incorrect.
We conclude that the first string may have
been transmitted correctly and we know
for certain that the second string was
transmitted incorrectly. We accept the
first strin

46. Find the smallest positive integer with
exactly n different positive factors when n
is a) 3. b) 4. c) 5. d) 6. e) 10. 47. Can you
find a formula or rule for the nth term of a
sequence related to the prime numbers or
prime factorizations so that the in

3 + 1. From this equation we see that 2
3 + 1 7 = 1. This shows that 2 and 1 are
Bzout coefficients of 3 and 7. We see that
2 is an inverse of 3 modulo 7. Note that
every integer congruent to 2 modulo 7 is
also an inverse of 3, such as 5, 9, 12, and
so

these integers is inefficient. The reason is
that it is time-consuming to find prime
factorizations. We will give a more
efficient method of finding the greatest
common divisor, called the Euclidean
algorithm. This algorithm has been
known since ancient t

Solution: When we computed the powers
of 2 modulo 11 in Example 12, we found
that 28 = 3 and 24 = 5 in Z11. Hence, the
discrete logarithms of 3 and 5 modulo 11
to the base 2 are 8 and 4, respectively.
(These are the powers of 2 that equal 3
and 5, respect

pairs of integers as a linear combination
of these integers. a) 9, 11 b) 33, 44 c) 35,
78 d) 21, 55 e) 101, 203 f ) 124, 323 g)
2002, 2339 h) 3457, 4669 i) 10001,
13422 The extended Euclidean algorithm
can be used to express gcd(a, b) as a
linear combinat

between the set of positive rational
numbers and the set of positive integers if
K(m/n) = p 2a1 1 p 2a2 2 p 2as s q
2b11 1 q 2b21 2 q 2bt1 t , where
gcd(m, n) = 1 and the prime-power
factorizations of m and n are m = pa1 1
pa2 2 pas s and n = q b1 1 q b2

and Cryptography THEOREM 2 THE
CHINESE REMAINDER THEOREM Let m1,
m2,.,mn be pairwise relatively prime
positive integers greater than one and a1,
a2,.,an arbitrary integers. Then the
system x a1 (mod m1), x a2 (mod m2),
x an (mod mn) has a unique solution

these pairs of relatively prime integers
using the method followed in Example 2.
a) a = 2, m = 17 b) a = 34, m = 89 c) a =
144, m = 233 d) a = 200, m = 1001 7.
Show that if a and m are relatively prime
positive integers, then the inverse of a
modulo m is

gcd(1529, 14039). e) gcd(1529, 14038).
f ) gcd(11111, 111111). 33. Use the
Euclidean algorithm to find a) gcd(12,
18). b) gcd(111, 201). c) gcd(1001, 1331).
d) gcd(12345, 54321). e) gcd(1000,
5040). f ) gcd(9888, 6060). 34. How many
divisions are required

10 i=1 iyi = 10 i=1 ixi + j a j a 0 (mod
11). P1: 1 CH04-7R Rosen-2311T
MHIA017-Rosen-v5.cls May 13, 2011
10:24 292 4 / Number Theory and
Cryptography These last two congruences
hold because 10 i=1 xi 0 (mod 10) and
11| j a, because 11| j and 11| a. We
co