6-29-2008

Quadratic Residues
a is a quadratic residue mod m if x2 = a (mod m). Otherwise, a is a quadratic nonresidue. Quadratic Reciprocity relates the solvability of the congruence x2 = p (mod q ) to the solvability of the congruence x2 = q (mod p), where p and q are distinct odd primes. If p is an odd prime, there are equal numbers of quadratic residues and quadratic nonresidues among {1, 2, . . . , p 1}. a is dened by If p is an odd prime, a > 0, and (a, p) = 1, the Legendre symbol p a = p 1 if a is a quadratic residue mod p . 1 if a is a quadratic nonresidue mod p

Legendre symbols provide a computational tool for determining whether a quadratic congruence has a solution. Eulers theorem says that if p is an odd prime, a > 0, and (a, p) = 1, then a = a(p1)/2 (mod p) . p Gauss considered the proofs he gave of quadratic reciprocity one of his crowning achievements; in fact, he gave 6 distinct proofs during his lifetime. Reciprocity is a deep result: Proofs eluded both Euler and Legendre. The reciprocity law is simple to state. For p and q odd primes, it relates solutions to the two congruences x2 = p (mod q ) and x2 = q (mod p) .

(Note how p and q switch places: This explains why its called a reciprocity law.) The law of quadratic reciprocity says: The congruences are either both solvable or both unsolvable, unless both primes are congruent to 3 mod 4. In that case, one is solvable while the other is not. Gauss rst gave a proof of this when he was 19! Gausss masterwork, the Disquisitiones Arithmeticae, was published in 1801 when Gauss was 24. It changed the course of number theory, collecting scattered results into a unied theory. Denition. Let (a, m) = 1, m > 0. a is a quadratic residue mod m if the following equation has a solution: x2 = a (mod m) . Otherwise, a is a quadratic nonresidue mod m.

Example. 8 is a quadratic residue mod 17, since 52 = 8 (mod 17) . 1

However, 8 is a quadratic nonresidue mod 11, because x2 = 8 (mod 11) has no solutions. n n (mod 11)
2

0 0

1 1

2 4

3 9

4 5

5 3

6 3

7 5

8 9

9 4

10 1

As the table shows, 1, 3, 4, 5, and 9 are quadratic residues mod 11. (0 is not considered a quadratic residue, since (0, 11) = 11 = 1.) But 8 is a quadratic nonresidue mod 11. Notice the symmetry in the nonzero elements of the table. Do you see why this is happening?

Lemma. Let p be an odd prime. The congruence x2 = a (mod p) has: (a) Only the solution x = 0 if a = 0. (b) Exactly 0 or 2 solutions if p | a. Proof. x = 0 solves x2 = 0 (mod p). Conversely, if x2 = 0 (mod p), then p | x2 , so p | x, and hence x = 0 (mod p). Suppose p | a. To show there are 0 or 2 solutions, suppose there is at least one solution b. Then b2 = a (mod p), so (b)2 = a (mod p). I claim that b and b are distinct. If not, then b = b (mod p), so p | 2b. p is an odd prime, so p | 2. Therefore, p | b, b = 0 (mod p), b2 = 0 (mod p), and nally a = 0 (mod p) contradicting p | a. Hence, b = b (mod p). Now I have two distinct solutions; since a quadratic equation mod p has at most two solutions (Prove it!), there are exactly two.

Example. x2 = 8 (mod 17) has 5 and 12 as solutions, and 5 = 12 (mod 17). But note that the result is false if p = 2: x2 = 1 (mod 2) has exactly one solution (x = 1 (mod 2)).

Example. Take p = 7. k k (mod 7)

2

0 0

1 1

2 4

3 2

4 2

5 4

6 1

Thus, 1, 2, 4 are quadratic residues mod 7. Notice that there are equal numbers of residues and nonresidues.

Corollary. Let p be an odd prime. There are p in {1, . . . , p 1}.

p1 p1 quadratic residues and quadratic nonresidues mod 2 2

Proof. k and k = p k have the same square mod p. That is, 1 and p 1 have the same square, 2 and p1 p1 and + 1 have the same square. p 2 have the same square, . . . , and 2 2 p1 these squares are the quadratic residues, and the other Thus, the number of dierent squares is 2 p1 numbers in {1, 2, . . . , p 1} are quadratic nonresidues. 2 2

The fact observed in the rst sentence of the proof explains the symmetries in the table of squares mod 11 and mod 7 that I gave above. a is dened by Denition. Let p be an odd prime, and let (a, p) = 1. The Legendre symbol p a = p 1 if a is a quadratic residue mod p 1 if a is a quadratic nonresidue mod p

Note that a = 0 is disallowed (since (0, p) = p = 1) even though x2 = 0 (mod p) has a solution.

5 11 = 1, since 42 = 5 (mod 11). Likewise, = 1, since 62 = 11 (mod 5). Example. (5, 11) = 1. 11 5 Note that 5 is congruent to 1 mod 4; as predicted by reciprocity, both of the following the congruences have solutions: x2 = 5 (mod 11) and x2 = 11 (mod 5) .

You might wonder about the case where p = 2, or the case where the modulus is composite. For p = 2, there are only two quadratic congruences: x2 = 0 (mod 2) and x2 = 1 (mod 2) .

These have the solutions x = 0 (mod 2) and x = 1 (mod 2) nothing much is going on. rk 1 If the modulus has prime factorization n = pr 1 pk , then relative primality implies that its enough ri 2 to solve the congruences x = a (mod pi ) for each i. It turns out that solving such a congruence reduces to determining whether a is a quadratic residue mod pi . Therefore, there is little harm in concentrating on the case of a single prime.

Example. x2 = 14 (mod 35) can be reduced to the simultaneous congruences x2 = 14 (mod 5) These can be rewritten as x2 = 4 (mod 5) and x2 = 0 (mod 7) . and x2 = 14 (mod 7) .

The rst equation has solutions x = 2 (mod 5) or x = 3 (mod 5). The second equation has the single solution x = 0 (mod 7). So I have two cases. If x = 2 (mod 5) and x = 0 (mod 7), the Chinese Remainder Theorem gives x = 7 (mod 35). If x = 3 (mod 5) and x = 0 (mod 7), the Chinese Remainder Theorem gives x = 28 (mod 35). Thus, I have two solutions mod 35 to the original quadratic congruence.

Here are some tools for computing Legendre symbols. Theorem. (Euler) Let p be an odd prime, a > 0, (a, p) = 1. Then a = a(p1)/2 (mod p) . p 3

 a = 1. Then there is a number b such that b2 = a (mod p). Proof. There are two cases. Suppose that p So (b2 )(p1)/2 = a(p1)/2 (mod p) , bp1 = a(p1)/2 (mod p) . If p | b, then p | b2 = a . So p | b, and little Fermat implies that bp1 = 1 (mod p). So a = a(p1)/2 (mod p) . a(p1)/2 = 1 (mod p) , and p a = 1. In this case, consider the set {1, 2, . . . , p 1}. I claim that these The other possibility is p integers occur in pairs s, t, such that st = a. First, if s {1, 2, . . . , p 1}, then s is invertible mod p. So I can write s(s1 a) = a, and the pair s, 1 s a, multiplies to a. a = 1. Moreover, s and s1 a are distinct. If not, s = s1 a, or s2 = a, which contradicts p p1 Since the integers {1, 2, . . . , p 1} divide up into pairs, each multiplying to a, and since there are 2 pairs, I have 1 2 (p 1) = a(p1)/2 (mod p) . By Wilsons theorem, 1 = a(p1)/2 (mod p) , so a = a(p1)/2 (mod p) . p

Example. Suppose p = 13 and a = 10. Then a(p1)/2 = 1012 = 1006 = 96 = 813 = 33 = 1 (mod 13) . 10 = 1, and x2 = 10 (mod 13) should have a solution. Indeed, Hence, 13 72 = 49 = 10 (mod 13) .

Proof. If a = b (mod p), then x2 = a (mod p) if and only if x2 = b (mod p). Thus, one these equations of b a . = is solvable or not solvable if and only if the same is true for the other which means p p a for a < 0 by simply replacing a with Note that I can use this result to apply Eulers formula to p b > 0 such that a = b (mod p). Lemma. Let p be an odd prime, a, b > 0, (a, p) = (b, p) = 1. Then a b ab = . p p p Proof. By Euler, a b = a(p1)/2 b(p1)/2 (mod p) , p p and ab = (ab)(p1)/2 (mod p) . p

a b = . Lemma. If a = b (mod p), then p p

Therefore, a b ab = (mod p) . p p p

The two sides of this equation are 1. Since p is an odd prime, the two sides cant dier by 2. Hence, they must be equal as integers: a b ab = . p p p Corollary. Let p be an odd prime, a > 0, (a, p) = 1. Then 2 a = 1. p

Proof. By Eulers formula,

a for specic values of a and arbitrary p. You can use the results above to compute p 1 if p = 4k + 1 = 1 Lemma. 1 if p = 4k + 3 p 1 p 1 = = (p 1)(p1)/2 = (1)(p1)/2 = p p (1)2k (1)2k+1 if p = 4k + 1 = if p = 4k + 3 1 1 if p = 4k + 1 . if p = 4k + 3

Using Gausss lemma, which Ill prove shortly, you can also show that 2 2 = (1)(p 1)/8 . p

Note that the exponent on the right is actually an integer: Since p = 2k + 1, p2 1 = 4k(k + 1). And 4k(k + 1) is divisible by 8, because one of k, k + 1, must be even.

1 = 1, because 13 = 4 3 + 1. Thus, x2 = 1 (mod 13) has solutions. And in fact, Example. 13 52 = 25 = 12 = 1 (mod 13) . 1 = 1, because 23 = 4 5 + 3. Hence, x2 = 1 (mod 23) has no solutions. Likewise, 23 Finally, 2 2 = (1)(7 1)/8 = 1. 7 Therefore, x2 = 2 (mod 7) has solutions. x = 3 works, for instance.

c 2008 by Bruce Ikenaga