# Number Theory

## Introduction

Number theory emerged as a fun area of mathematics without practical applications during the 18th century. It wasn't until the invention of computers, that people found real applications.

Nowadays, it's used in many cryptographic systems, in decentralized areas, such as blockchain, etc.

In this course, we will only cover a few basic algorithms on number theory.

## Divisibility and divisors

The notion of one integere being divisible by another is key to the theory of numbers. The notation $d \ | \ a$ (read "d **divides** a") means that $a = k d$ for some integer $k$. Every integer divides $0$. If $a > 0$ and $d | a$, then $|d| < |a|$. If $d | a$, then we also say that $a$ is a **multiple** of $d$. If $d$ doesn't divide $a$, we write $d \nmid a$.

If we have a positive $d$ and $d \ | \ a$, we say that $d$ is a **divisor** of $a$. Note that $d$ is a divisor of $a$ iff $-d$ is a divisor of $a$, so that we can always talk in terms of positive divisors, and not lose generality.

A divisor of a number $a, (a \ne 0)$ is at least $1$ but not greater than $|a|$. For example, the divisors of $24$ are $1, 2, 3, 4, 6, 8, 12, 24$.

### Finding divisors.

Given some $n$, how to find its divisors.

#### Finding divisors of $n$ in $\mathcal{O(n)}$ time.

Well, the basic approach would be just iterating through the numbers from $1$ to $n$ checking if they divide $n$.

In [7]:
def compute_divisors(n: int) -> list[int]:
    '''
    returns a list with the divisors of n
    '''

    divisors = []
    for i in range(1, n + 1):
        if n % i == 0:
            divisors.append(i)
    return divisors

compute_divisors(24)

[1, 2, 3, 4, 6, 8, 12, 24]

This solution clearly has $\mathcal{O}(n)$ time complexity and $\mathcal{O}(1)$ space complexity, because we go through every number from $1$ to $n$. But as we can guess, the number of divisors of $n$ is not of the same order as $n$. For example, $24$ has only $8$ divisors.

#### Bound on the number of divisors of $n$

Now we'll try to find a bound on the number of divisors of $n$.


If $a$ is a divisor of $n$, then there exists a unique $b$ such that $a \cdot b = n$. That means that the divisors always come in pairs $(a, b)$, and we can assume that $a \le b$.

Now here comes a very important lemma:


**Lemma:**

If $1 \le a \le b \le n$ and $a \cdot b = n$, then:
- $a \le \sqrt{n}$
- $b \ge \sqrt{n}$

**Proof:**
- Suppose $a > \sqrt{n}$. Then, because $a \le b$, it's hold that $b > \sqrt{n}$. Therefore, $a \cdot b > \sqrt{n} \sqrt{n} \implies a \cdot b > n$, which is contradiction, because we had that $a \cdot b = n$. This proves that $a \le \sqrt{n}$.
- On other hand, suppose $b < \sqrt{n}$. Then, because $a \le b$, it's hold that $a < \sqrt{n}$. Therefore, $a \cdot b < \sqrt{n} \sqrt{n} \implies a \cdot b < n$, which is also a contradiction. This proves that $b \ge \sqrt{n}$.

QED.


We can use that lemma to give a bound on the numer of divisors of $n$. Because the divisors come in pairs $(a, b)$ where $a \le \sqrt{n}$, that means that $n$ has at most $2\sqrt{n}$ divisors, which means that **the number of divisors of $n$ is bounded by $\mathcal{O}(\sqrt{n})$.**


#### Finding divisors of $n$ in $\mathcal{O}(\sqrt{n})$ time.


So, we see that the number of divisors of $n$ is much lower than $n$.

Can we do an algorithm that performs better than $\mathcal{O}(n)$?

Of course we can! We can try every $a \in [1, \sqrt{n}]$ and for each one compute the corresponding $b$.

In [8]:
def compute_divisors(n: int) -> list[int]:
    '''
    returns a list with the divisors of n
    complexity: O(\sqrt{n})
    '''

    divisors = []
    a = 1
    while a * a <= n: # iterating a from 1 to sqrt(n)
        if n % a == 0:
            divisors.append(a)
            if a * a != n:
                b = n // a
                divisors.append(b)

        a += 1

    return divisors

compute_divisors(24)

[1, 24, 2, 12, 3, 8, 4, 6]

#### Finding the divisors of all numbers from $1$ to $n$

What if we want to find the divisors of every number from $1$ to $n$?

We can use the previous algorithm with every number from $1$ to $n$, and it would take $\mathcal{n \sqrt{n}}$ time, but we can actually do better.

The problem with that algorithm is that for every $m \in [1, n]$ it is trying to check if each number $a$ from $1$ to $m$ is a divisor of $m$. It tries $\mathcal{n \sqrt{n}}$ pairs $(a, m)$ checking if $a \ | \ m$.

We can do it the other way around. For every $a$, iterate through every multiple $m$ of $a$. That way we're not gonna try any useless pair, so it would be better (we'll see later how much better).

In [6]:
n = 20
divisors = [[] for _ in range(n + 1)] # divisors[x] contains a list with all the divisors of x

for i in range(1, n + 1):
    for j in range(i, n + 1, i): # j iterates through all multiples of i
        divisors[j].append(i)

for i in range(1, n + 1):
    print(f"Divisors of {i}: {divisors[i]}")

Divisors of 1: [1]
Divisors of 2: [1, 2]
Divisors of 3: [1, 3]
Divisors of 4: [1, 2, 4]
Divisors of 5: [1, 5]
Divisors of 6: [1, 2, 3, 6]
Divisors of 7: [1, 7]
Divisors of 8: [1, 2, 4, 8]
Divisors of 9: [1, 3, 9]
Divisors of 10: [1, 2, 5, 10]
Divisors of 11: [1, 11]
Divisors of 12: [1, 2, 3, 4, 6, 12]
Divisors of 13: [1, 13]
Divisors of 14: [1, 2, 7, 14]
Divisors of 15: [1, 3, 5, 15]
Divisors of 16: [1, 2, 4, 8, 16]
Divisors of 17: [1, 17]
Divisors of 18: [1, 2, 3, 6, 9, 18]
Divisors of 19: [1, 19]
Divisors of 20: [1, 2, 4, 5, 10, 20]


Let's try to analyze the time complexity of this algorithm.

For every $i$, we're iterating through $\lfloor\frac{n}{i}\rfloor$ values: $i, 2\cdot i, 3\cdot i, 4\cdot i, \dots$.
Therefore, the number of operations is:

$$\mathcal{O}(\left\lfloor\frac{n}{1}\right\rfloor + \left\lfloor\frac{n}{2}\right\rfloor + \left\lfloor\frac{n}{3}\right\rfloor + \dots + \left\lfloor\frac{n}{n}\right\rfloor) < \mathcal{O}\left(n \cdot \left(\frac{1}{1} + \frac{1}{2} + \dots + \frac{1}{n} \right)\right) = \mathcal{O}(n\ln n)$$




So, that means that the sum of the number of divisors of every number from $1$ to $n$ is bounded by $\mathcal{O}(n \ln n)$, and that's the exact time and space complexity of the algorithm.

## Prime Numbers

An integer $a > 1$ whose only divisors are $1$ and $a$ is a **prime number**, or more simply, a **prime**. Primes have many special properties and play a critical role in number theory. The first 20 primes, in order, are:

2, 3, 5, 7, 11, 13, 17, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71

*There's an infinite amount of primes.*

An integer $a > 1$ that is not prime is a **composite number**, or, more simply, a **composite**. For example, $39$ is composite because $3 \ | \ 39$. We call the integer $1$ a unit, and it's neither prime nor composite.

### Checking if a number is prime or not

Because a prime is a positive integer with exactly 2 divisors, we can just compute all the divisors and then check that we only have two

In [9]:
def is_prime(n: int):
    '''
    checks if `n` is prime
    '''

    divisors = compute_divisors(n)
    if len(divisors) == 2:
        return True
    return False 

print([i for i in range(20) if is_prime(i)]) 

[2, 3, 5, 7, 11, 13, 17, 19]


We can do it a bit better, by just stopping the first time that we find a divisor after $1$. The complexity would still be $\mathcal{O}(\sqrt{n})$

In [11]:
def is_prime(n: int):
    '''
    checks if `n` is prime
    '''

    if n < 2:
        return False 
        
    a = 2
    while a * a <= n:
        if n % a == 0:
            return False 
        a += 1
    return True 

print([i for i in range(20) if is_prime(i)]) 

[2, 3, 5, 7, 11, 13, 17, 19]


### Finding all primes until $n$.

The first approach would be to iterate through every number from $1$ to $n$, and check for each of them, if it's prime or not by checking its divisors.

Similarly to when we were dealing with the divisors of all numbers up to $n$, we can do better.
For every number $a > 1$, we can iterate through the multiples of $a$ that are greater than $a$, and then mark them as composites, because they are **multiples of smaller numbers greater than 1**.

This is a very old Greek Algorithm called Erathostenes' Sieve.
It starts with all the numbers from $2$ to $n$, (considering them primes initially), and it goes in order, and for every number that it finds, it deletes all its multiples, and at the end only the primes will remain.

https://en.wikipedia.org/wiki/Sieve_of_Eratosthenes

In [12]:
def sieve(n: int):
    is_prime = [True for _ in range(n + 1)]
    is_prime[0], is_prime[1] = False, False 

    for i in range(2, n + 1):
        if is_prime[i]:
            for j in range(i * i, n + 1, i):
                is_prime[j] = False 

    return [i for i in range(n + 1) if is_prime[i]]

sieve(20)

[2, 3, 5, 7, 11, 13, 17, 19]

Let's analyze its complexity.

For every $i$ in the first loop, we're iterating through its multiples on the inner loop. Thus, we can assume that the complexity is $\mathcal{O}(n\ln n)$.

But notice that we only execute the inner loop, when $i$ is prime. Thus, it's more efficient, and indeed there's a better bound.

Due to the [sum of the reciprocal of primes](https://en.wikipedia.org/wiki/Divergence_of_the_sum_of_the_reciprocals_of_the_primes), a better bound is $\mathcal{O}(n\log\log n)$.

## Factorization (TO BE ADDED SOON...) but not included in the course

## Modular arithmetic

Given an integer $n$, we can partition the integers into those that are multiples of $n$ and those that are not multiples of $n$. Much number theory is based upon refining this partition by classifying the nonmultiples of $n$ according to their remainders when divided by $n$.

**Division theorem**

For any integer $a$, and any positive integer $n$, there exist unique integers $q$ and $r$ such that $0 \le r < n$ and $a = q n + r$.

The value $q = \left\lfloor\frac{a}{n}\right\rfloor$ is the **quotient** of the division. The value $r = a \% n$ is the remainder of the division. 

As an example, for $a = 15$ and $n = 4$, we obtain $q = 3$ and $r = 3$, because $15 = 3\cdot 4 + 3$.

We can partition the integers into $n$ *equivalence classes* according to their remainders modulo $n$. The **equivalence class modulo $n$** containing an integer $a$ is the set of all numbers expressable by $a + nk : k\in \Z$.

For example, given $n = 7$, the equivalence class containing $3$ is the set $\{\dots, -11, -4, 3, 10, 10, 17, \dots\}$. Saying that two numbers $a$ and $b$ belong to the same class **modulo n** is the same as saying that `a % n == b 
% m`, or mathematically $a \equiv b\ (mod\  n)$.

This means that we can substitute them whenever we're doing operations under some **modulo n**. So, $-1 \equiv n-1 \ (mod\ n)$, $0 \equiv n \ (mod\ n)$ and so on..

The great thing about equivalence classes modulo $n$ is that most arithmetic operations are preserved.

If $a \% m = r_a$, and $b \% m = r_b$, then:
- $(a + b) \% m = (r_a + r_b) \% m$
- $(a \cdot b) \% m = (r_a \cdot r_b) \% m$
- $(a - b) \% m = (r_a - r_b + m) \% m$
- $a^n\ \% \ m = (r_a\ \% \ m)^n\ \% m$


Notice that it's not hold with the division. Division is something harder, and we'll explain it a bit later.

### Binary exponentiation:

Problem:

Given $a$ and $n$, compute $a^n\ \%\  m$, where $m = 10^9 + 7$ (which is a prime). And well, $a, n \le 10^9$.

The first solution would be something like:
```Python
mod = 10**9 + 7
def power(a, n):
    result = 1
    for _ in range(n):
        result = (result * a) % mod
    return result
```

But this clearly takes linear time w.r.t. $n$, and $n$ is quite big.

We can do better.

Notice that $a^{2n} = a^{n} \cdot a^{n}$. Then, we can do a recursive algorithm:

$$
a^n = \begin{cases}
1 \iff n = 0\\
(a \cdot a)^{n/2} \iff 2 \ | \ n\\
a^{n-1} \cdot a \iff 2\ \nmid n
\end{cases}
$$

In [14]:
mod = 10**9 + 7
def quick_power(a: int, n: int):
    if n == 0:
        return 1
    if n % 2 == 0:
        return quick_power(a * a % mod , n // 2)
    return a * quick_power(a, n - 1) % mod 

quick_power(3, 5)

243

Because we go dividing $n$ by two, the time complexity is $\mathcal{O}(\log n)$.

### What's the problem with division

As we said, the rules of arithmetic operations under modulo $n$ do not apply to division.

As an example, consider $mod = 5$, and we're trying to divide $30/15 = 3 \equiv 3\ (mod\ 5)$. If we naively apply the `%` operator on both numerator and denominator, we get $0/0$ which is impossible to compute.

Moreoever, if we have $1/3 \mod \ \ 5$, what does it mean?

Here comes a concept called multiplicative inverse.
Given a number $x$, we want to find a number $y$ such that $x \cdot y \equiv 1 \mod 5$. Due to this definition, we denote $y$ as $x^{-1}$.

Well, this number doesn't always exist. In fact, it only exists if the greates common divisor of $x$ and the $modulo$ is $1$.

*The multiplicative inverse of $x$ modulo $n$ exists if and only if $\gcd(x, n) = 1$. And if it does, it's unique under modulo $n$*.

We won't prove it though.

As an example, the inverse of $3$ modulo $5$ is $2$, because $3 \cdot 2 = 6 \equiv 1 \mod 5$.
But we can't find an inverse of $12$ modulo $15$, because they share $3$ as a commond divisor.

Ok, we know how to check for the existence. Now, how to find it. And just for simplicity, let's consider the case where the modulo $n$ is prime.

There's a theorem called *Fermat's little theorem* that says that if $p$ is a prime number and $a$ is any integer, then $a^p \equiv a \mod p$, or in other words, if $a$ is has no common divisors with $p$ rather than 1, then $a^{p-1} \equiv 1 \mod p$.

Then, $a^{p-1} = a^{p-2} \cdot a \equiv 1 \mod p$, which means that the multiplicative inverse of $a$ modulo $p$ is $a^{p-2}$.

And that's how we find it, if $\gcd(a, m) \ne 1$, then there's no inverse of $a$. Otherwise, if $m$ is prime, the inverse of $a$ is $a^{m-2}$, and we can find it by using the `quick_power` method.