sign in sign up
<<
Home , Algebraic integer, Cubic reciprocity, Gauss sum, Multiplicative character, Quadratic Gauss sum, Quadratic integer

RINGS OF , GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS

CHAOFAN CHEN

Abstract. In this paper we shall explore the structure of the of algebraic integers in any quadratic extension of the field of rational Q, develop the concepts of Gauss and Jacobi sums, and apply the theory of algebraic integers and that of Gauss-Jacobi sums to solving problems involving power congruences and power sums as well as to proving the quadratic and laws. In particular, we shall address the problem of when a rational prime (that is, a prime in Z) stays a prime in the ring of algebraic integers in any quadratic extension of Q, discuss when a rational prime can be written as the sum of two squares, and find the of solutions to congruence equations of the form xn + yn ≡ 1 mod p when n = 2 or 3.

Contents 1. Introduction 1 2. Finite Fields and Multiplicative Characters 2 2.1. Finite Fields 2 2.2. Multiplicative Characters 5 2.3. An Example of Multiplicative Characters: The 7 3. Extensions and Rings of Integers 8 3.1. Field Extensions 8 3.2. Rings of Algebraic Integers in Extension Fields of Q 9 3.3. The Ring of Gaussian Integers Z[i] 13 3.4. The Ring Z[ω] 15 4. Gauss and Jacobi Sums 19 4.1. Gauss Sums 19 4.2. Jacobi Sums 21 n n 4.3. The Equations of the Form x + y = 1 in Fp for n = 2 or 3 25 5. Law of 27 6. Law of Cubic Reciprocity 28 7. Conclusion 30 Acknowledgments 30 References 30

1. Introduction The concept of ordinary integers 0, ±1, ±2, ±3, ..., is a familiar one. Observe that each ordinary r is a root to the polynomial x − r, which is monic with

Date: August 8, 2012. 1 2 CHAOFAN CHEN ordinary integer coefficients. It will then be natural for us to extend the concept of ordinary integers and define algebraic integers as complex numbers which are roots to some with ordinary integer coefficients. Thus,√ algebraic integers include more than just ordinary integers; for example, i = −1 is an because it is a root to the polynomial x2 + 1. Now, consider the Z[i] = {a + bi : a, b ∈ Z}. It is easy to check that all the elements of the set are algebraic integers, for any a + bi ∈ Z[i] is a root to the polynomial x2 − 2a + (a2 + b2), and that the set Z[i] forms a ring under ordinary and of complex numbers. We call Z[i] the ring of Gaussian integers. We observe that an ordinary p ∈ Z has the property that if p divides ab for a, b ∈ Z, then p divides a or p divides b (Here, p divides x ∈ Z means x = qp for some q ∈ Z). Of course, we can extend both the concepts of divisibility and of prime elements to Z[i], by defining an element p ∈ Z[i] to be prime when p satisfies the property that if p divides ab for a, b ∈ Z[i], then p divides a or p divides b (Here, p divides x ∈ Z[i] means x = qp for some q ∈ Z[i]). We will then discover that 2 is no longer a prime in Z[i], for 2 divides the product of 1 + i and 1 − i but divides neither of them individually in Z[i]. On the other hand, 3 is a prime in both Z and Z[i]. This observation leads to an interesting question: When does a prime number in Z stay a prime in Z[i]? More generally, when does a prime number in Z stay a prime in the ring of algebraic integers in any quadratic extension of Q? To avoid confusion, we shall speak of primes in Z as rational primes. Another interesting (and classical) question in is under what conditions a rational prime can be written as the sum of squares of two integers in Z. If we define the norm of a a + bi ∈ Z[i] by N(a + bi) = a2 + b2, the question above is equivalent to under what conditions a rational prime is the norm of some Gaussian integer. It turns out that a rational prime p is the sum of squares of two integers in Z if and only if p = 2 or p ≡ 1 mod 4, as we shall see. Of course, besides the ring of Gaussian integers [i], there are other rings of √ Z −1+ −3 algebraic integers. Let ω = 2 throughout this paper. The ring Z[ω] = {a + bω : a, b ∈ Z} will be of particular interest to us, as the law of cubic reciprocity will be stated in terms of cubic characters of primary elements in Z[ω]. To prove the law of cubic reciprocity, we shall develop the concepts of Gauss and Jacobi sums, which will also be used to prove the law of quadratic reciprocity and to count the number of solutions to congruence equations of the form xn + yn ≡ 1 mod p when n = 2 or 3.

2. Finite Fields and Multiplicative Characters 2.1. Finite Fields. We shall begin by investigating some of the properties of finite fields. In particular, we shall prove that the number of elements in a finite field is some positive integral power of a rational prime, and that the multiplicative of a finite field is cyclic. Theorem 2.1. The number of elements in a finite field is some positive integral power of a rational prime.

Proof. Let F be a finite field. Define the map ϕ : Z → F by ϕ(k) = k1F where 1F denotes the multiplicative identity of F . Then ϕ is a ring homomorphism. The image of ϕ, ϕ(Z) is a (finite) of the finite field F ; in particular it RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 3 must be an . Since we have ϕ(Z) =∼ Z/kerϕ, Z/kerϕ is an integral domain, so kerϕ is a prime in Z. Thus, we have kerϕ = pZ, and consequently ∼ ϕ(Z) = Z/pZ for some rational prime p. Note that we have ϕ(Z) = {k1F : k ∈ Z}, so we have proved that the integer multiples of the (multiplicative) identity of a finite field F forms a subfield of F isomorphic to Z/pZ for some rational prime p. We shall identify Z/pZ with the image of ϕ, ϕ(Z), in F and think of F as a finite dimensional vector space over Z/pZ. Let n be the dimension and {x1, ..., xn} be a basis of F over Z/pZ. Then every element x ∈ F can be written uniquely in the n form a1x1 + ... + anxn with ai ∈ Z/pZ. It then follows that F has p elements.  Let 0 and 1 denote the additive and multiplicative identities (respectively) of a finite field F , and let p be the least positive integer such that p1 = 0. The first part of the proof of Theorem 2.1 tells us that p must be a prime number. It is called the characteristic of F . For all x ∈ F , we have px = p(1x) = (p1)x = 0x = 0. This observation leads to the following proposition.

d d d Proposition 2.2. If F has characteristic p, then (a + b)p = ap + bp for all a, b ∈ F and all positive integers d. Proof. For d = 1, we have p−1 X p (a + b)p = ap + ap−kbk + bp = ap + bp k k=1 p because p divides k for 1 ≤ k ≤ p − 1. d d d Now suppose that (a + b)p = ap + bp is true for some d ≥ 1. It then follows d+1 d d d d d d+1 d+1 (a + b)p = ((a + b)p )p = (ap + bp )p = (ap )p + (bp )p = ap + bp . The induction is complete.  Let F be a finite field with q elements. The multiplicative group F × of F is F − {0}, and has q − 1 elements. Thus every element x ∈ F × satisfies xq−1 = 1, and every element x ∈ F satisfies xq = x. To show that F × is cyclic, we will prove a stronger result that every finite subgroup of the multiplicative group of a field is cyclic (Our main reference is [3]). We need the following lemmas before we proceed. Lemma 2.3. Let G be a group and let g, h ∈ G be commuting elements of finite orders m, n respectively with (m, n) = 1. Then we have |gh| = mn. Proof. We have (gh)mn = (gm)n(hn)m = 1, where 1 denotes the identity of G, so l = |gh| divides mn. Then we have gl = h−l ∈ hgi ∩ hhi = {1}, so m and n both divide l. It then follows, from (m, n) = 1, that mn divides l = |gh|. Thus, we have |gh| = mn.  Lemma 2.4. Let G be a finite , and let m = max {|g| : g ∈ G}. Then |g| divides m for every g ∈ G.

Qn ri Proof. Let h ∈ G have m, and let g be any element of G. Let m = i=1 pi be the prime of m in Z. If there exists a rational prime p which divides |g| but not m, then G contains an element x of order p. Since we have (p, m) = 1, by Lemma 2.3, we have |xh| = pm > m, which contradicts the maximality of m. Thus, every rational prime divisor of |g| must be a divisor of m. Suppose now r that there exists i with pi dividing |g| and r > ri. Then G contains an element r ri r ri of order pi and an element of order m/pi . Since we have (pi , m/pi ) = 1, by 4 CHAOFAN CHEN

r−ri Lemma 2.3, G contains an element of order mpi > m, which again contradicts the maximality of m. Thus, every rational prime power divisor of |g| divides m, so |g| divides m.  We are now ready to prove that every finite subgroup of the multiplicative group of a field is cyclic, and consequently the multiplicative group of a finite field is cyclic. Theorem 2.5. Every finite subgroup of the multiplicative group of a field is cyclic. Proof. Let G be a finite subgroup of the multiplicative group of a field F . Then G is a finite abelian group. Let m = max {|g| : g ∈ G}. By Lemma 2.4, we have gm = 1 for every g ∈ G. Thus, every element of G is a root to the polynomial xm − 1, which has at most m roots in F , so we have |G| ≤ m. On the other hand, by Lagrange’s Theorem, m divides |G|, so we have m ≤ |G|. It follows |G| = m. Since G contains an element of order |G|, G must be cyclic.  Corollary 2.6. The multiplicative group of a finite field is cyclic. Let F be a finite field. The fact that F × is cyclic allows us to give a criterion for deciding when xn = a (a ∈ F ×) has solutions in F ×, as we shall see. Lemma 2.7. Let a, m ∈ Z and d = (a, m). For b ∈ Z, the congruence ax ≡ b mod m has solutions if and only if d divides b. If d divides b, then there are exactly d solutions which are not equivalent mod m.

Proof. If x0 is a solution, then we have ax0 − b = my0 for some integer y0, which gives ax0 − my0 = b. Since d divides both a and m, it follows that d divides ax0 − my0 = b. Conversely, suppose that d divides b. Since we have d = (a, m), there exist 0 0 0 0 0 integers x0 and y0 such that ax0 − my0 = d. Let c = b/d. Then we have a(x0c) − 0 0 m(y0c) = dc = b. Let x0 = x0c and we clearly have ax0 ≡ b mod m. Suppose that d divides b. To show that ax ≡ b mod m has exactly d solutions, suppose that x0 and x1 are solutions, i.e. they satisfy ax0 ≡ b mod m and ax1 ≡ b mod m, which imply a(x1 − x0) ≡ 0 mod m. Thus, m divides a(x1 − x0), and m a a m consequently d divides d (x1 − x0). Note that d and d are relatively prime. It m m then follows that d divides x1 − x0, so we have x1 = x0 + k d for some integer m k. On the other hand, any integer of the form x0 + k d is a solution, since we m a m have a(x0 + k d ) = ax0 + mk d ≡ b mod m. Also, the solutions x0, x0 + d , ..., m m m x0 + (d − 1) d are not equivalent, for if we have x0 + r d ≡ x0 + s d mod m for some nonnegative integers r, s with r 6= s and r, s ≤ d − 1, then m would divide m |r−s| m |r − s| d , and we would have d ∈ Z, which is impossible. Now let x1 = x0 +k d be another solution. Then there are integers q and r such that k = qd + r and m m 0 ≤ r ≤ d − 1. Thus, we have x1 = x0 + r d + qm ≡ x0 + r d mod m. We have m m shown that x0, x0 + d , ..., x0 + (d − 1) d are all the solutions, so there are exactly d solutions which are not equivalent mod m.  Proposition 2.8. Let F be a finite field with q elements, and let a ∈ F ×. Then xn = a has solutions if and only if a(q−1)/d = 1, where d = (n, q − 1). If there are solutions, then there are exactly d solutions. Proof. We have shown that F × is cyclic. Let g be a generator of F × and set a = gb and x = gy. Then xn = a is equivalent to the congruence ny ≡ b mod q − 1. The result follows by applying Lemma 2.7.  RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 5

To conclude our discussion on finite fields, we shall prove the following proposi- tion, using the fact that the multiplicative group of a finite field is cyclic. Proposition 2.9. For all integers k and rational primes p, we have 1k + 2k + ... + (p − 1)k ≡ 0 mod p if p − 1 does not divide k, and −1 mod p if p − 1 divides k.

× Proof. Let g be a generator of Fp , so g has order p − 1. By identifying 1, 2, ..., × ∼ × ri p − 1 as elements of (Z/pZ) = Fp and letting i = g for all integers i with 1 ≤ i ≤ p − 1, we have p−1 p−2 X X 1k + 2k + ... + (p − 1)k = (gr1 )k + (gr2 )k + ... + (grp−1 )k = (gk)ri = (gk)j. i=1 j=0 Note that we also have p−2 p−2 X X (gk − 1) (gk)j = gk(j+1) − gkj = gk(p−1) − g0 = 1 − 1 = 0 j=0 j=0 k in Fp. Suppose that p − 1 does not divide k in Z. Then we have g 6= 1 in Fp, so we Pp−2 k j k k k must have j=0 (g ) = 0 in Fp, which is equivalent to 1 + 2 + ... + (p − 1) ≡ 0 mod p. If p−1 divides k in Z, then we have 1k +2k +...+(p−1)k = 1+1+...+1 = k k k p − 1 = −1 in Fp, which is equivalent to 1 + 2 + ... + (p − 1) ≡ −1 mod p.  2.2. Multiplicative Characters. We shall now introduce multiplicative charac- ters which will later be used to define Gauss and Jacobi sums.

Definition 2.10. Let Fp denote a finite field with p elements, where p is a rational × prime. A multiplicative χ on Fp is a from Fp to × × C , i.e. it satisfies χ(ab) = χ(a)χ(b) for all a, b ∈ Fp . An example of a multiplicative character is the trivial multiplicative character  × defined by (a) = 1 for all a ∈ Fp . It is often useful to extend the domain of a multiplicative character to all of Fp. If χ 6= , we do this by defining χ(0) = 0. For the trivial character , we define (0) = 1. The following proposition summarizes some basic properties of multiplicative characters.

Proposition 2.11. Let χ be a multiplicative character on Fp,  be the trivial char- × acter, and a ∈ Fp . Then (a) χ(1) = 1. (b) χ(a) is a (p − 1)st . (c) χ(a−1) = χ(a)−1 = χ(a). (d) P χ(t) = 0 for χ 6= , and P (t) = p. t∈Fp t∈Fp Proof. (a) Since we have χ(1) = χ(1 · 1) = χ(1)χ(1) and χ(1) 6= 0, we must have χ(1) = 1. × p−1 p−1 (b) For all a ∈ Fp , we have a = 1, which implies that 1 = χ(1) = χ(a ) = χ(a)p−1. × −1 −1 (c) For all a ∈ Fp , we have 1 = χ(1) = χ(aa ) = χ(a)χ(a ), which implies χ(a−1) = χ(a)−1. Since we have |χ(a)| = 1 by part (b), we have χ(a)χ(a) = |χ(a)|2 = 1, which implies χ(a) = χ(a)−1. 6 CHAOFAN CHEN

× (d) Suppose χ 6= . In this case there is an a ∈ Fp such that χ(a) 6= 1. Let T = P χ(t). Then we have χ(a)T = P χ(a)χ(t) = P χ(at) = T , t∈Fp t∈Fp t∈Fp which gives (χ(a) − 1)T = 0, but χ(a) − 1 6= 0, so we must have T = 0. It is clear that P (t) = P 1 = p. t∈Fp t∈Fp 

The multiplicative characters on Fp form a group by means of the following definitions: (1) If χ and λ are multiplicative characters on Fp, then χλ is the map × given by χλ(a) = χ(a)λ(a) for all a ∈ Fp . (2) If χ is a multiplicative character on −1 −1 −1 Fp, χ is the map given by χ (a) = χ(a) . It is not difficult to verify that χλ −1 and χ defined above are multiplicative characters on Fp and that these definitions make the set of multiplicative characters on Fp into a group. The identity of this group is the trivial character .

Theorem 2.12. The group of multiplicative characters on Fp is a cyclic group of × order p−1. For any a ∈ Fp with a 6= 1, there is a character χ on Fp with χ(a) 6= 1. × Proof. We have shown that Fp is a cyclic group of order p−1. Let g be a generator × × of Fp . If a is any element of Fp and χ is a multiplicative character on Fp, then we have a = gl for some l ∈ Z and χ(a) = χ(g)l. This shows that χ is completely determined by the value of χ(g). Since χ(g) is a (p − 1)st root of unity, and since there are exactly p−1 of these, it follows that the group of multiplicative characters on Fp has order at most p − 1. × k 2πi(k/(p−1)) Now define a function λ : Fp → C − {0} by λ(g ) = e . It is not difficult to check that λ is well defined and is a multiplicative character. Suppose λn = . Then we have λn(g) = (g) = 1. However, we also have λn(g) = λ(gn) = e2πi(n/(p−1)). It follows that p − 1 divides n. Since we have λp−1(a) = λ(ap−1) = λ(1) = 1, we have λp−1 = . It then follows that λ is a character of order p − 1, and that , λ, λ2, ..., λp−2 are all distinct. Since there are at most p − 1 characters 2 p−2 on Fp, , λ, λ , ..., λ must be all the characters on Fp. Thus, the group of multiplicative characters is a cyclic group of order p − 1, with λ as a generator. × l For any a ∈ Fp with a 6= 1, we have a = g and p − 1 does not divide l. l 2πi(l/(p−1)) Consequently, we have λ(a) = λ(g ) = e 6= 1.  × Corollary 2.13. Let a ∈ Fp with a 6= 1, and G be the group of multiplicative P characters on Fp. Then we have χ∈G χ(a) = 0. P Proof. Let S = χ∈G χ(a). Since we have a 6= 1, there is a character λ on Fp with P P λ(a) 6= 1. Then we have λ(a)S = χ∈G λ(a)χ(a) = χ∈G λχ(a) = S. Thus, we have (λ(a) − 1)S = 0 and consequently S = 0.  Multiplicative characters are useful in the study of power congruences. To il- n × lustrate this, consider the equation x = a for a ∈ Fp . By Proposition 2.8, we know that it has solutions if and only if a(p−1)/d = 1, where d = (n, p − 1), and that if there are solutions, then there are exactly d solutions. We shall now derive n a formula for the number of solutions in Fp of the equation x = a where a ∈ Fp using characters. For simplicity, we shall assume that n divides p − 1, and in this case we have d = (n, p − 1) = n.

× n Proposition 2.14. Let a ∈ Fp and suppose that n divides p − 1. If x = a has n no solutions in Fp, then there is a character χ such that χ =  and χ(a) 6= 1. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 7

Proof. Let g and λ be the same as in Theorem 2.12. Set χ = λ(p−1)/n. Then we have χn = λp−1 = . Now, we have χ(g) = λ(p−1)/n(g) = λ(g(p−1)/n) = e2πi/n, and l n a = g for some l ∈ Z. Since x = a has no solutions in Fp, n does not divide l and l 2πi(l/n) consequently χ(a) = χ(g) = e 6= 1.  n For a ∈ Fp, let N(x = a) denote the number of solutions in Fp of the equation xn = a. n P Proposition 2.15. If n divides p − 1, then we have N(x = a) = χn= χ(a). Proof. We shall first show that there are exactly n characters of order dividing n. × Let χ be a character of order dividing n, and g be a generator of Fp . Since the value of χ(g) must be an nth root of unity, there are at most n characters of order dividing n. Now the character χ given by χ(g) = e2πi/n is a character of order n, and it follows that , χ, χ2, ..., χn−1 are n distinct characters of order dividing n. n To prove the formula, note that x = 0 has one solution in Fp, namely, x = 0. P Now, it is not difficult to see that χn= χ(0) = 1 since we have (0) = 1 and χ(0) = 0 for χ 6= . n Now suppose a 6= 0. Suppose, furthermore, that x = a has solutions in Fp. Then Proposition 2.8 tells us that there are exactly d = (n, p − 1) = n solutions. n n Let b be an element of Fp with b = a. For all characters χ on Fp with χ = , we n n P have χ(a) = χ(b ) = χ (b) = (b) = 1. Thus, we have χn= χ(a) = n, which is equal to N(xn = a) in this case. n Finally, suppose that x = a has no solution in Fp (a 6= 0). We must show P P χn= χ(a) = 0. Let R = χn= χ(a). By the proposition above, there is a n P character ρ with ρ =  and ρ(a) 6= 1. Then we have ρ(a)R = χn= ρ(a)χ(a) = P χn= ρχ(a) = R, which gives (ρ(a) − 1)R = 0 and consequently R = 0.  2.3. An Example of Multiplicative Characters: The Legendre Symbol. We shall now introduce the Legendre symbol, which is a multiplicative character of order 2 on Fp. Definition 2.16. Let a and m be two integers with (a, m) = 1. Then a is a mod m if the congruence x2 ≡ a mod m has a solution. Otherwise a is a quadratic nonresidue mod m. Definition 2.17. Let p be an odd rational prime. The Legendre symbol, denoted  a  by p , equals 1 if a is a quadratic residue mod p, −1 if a is a quadratic nonresidue mod p, and 0 if p divides a. The following proposition summarizes some properties of the Legendre symbol.

Proposition 2.18. Let a, b ∈ Z, and p be an odd rational prime. Then  a  (p−1)/2  −1  (p−1)/2 (a) p ≡ a mod p; in particular, we have p = (−1) .  a   b  (b) a ≡ b mod p implies p = p .  ab   a   b  (c) p = p p .

(p−1)/2  a  Proof. (a) If p divides a, then we have a ≡ 0 = p mod p. Suppose that p does not divide a. Then we have ap−1 ≡ 1 mod p, which gives (a(p−1)/2 + 1)(a(p−1)/2 − 1) = ap−1 − 1 ≡ 0 mod p. Thus, we have a(p−1)/2 ≡ ±1 mod p. By 8 CHAOFAN CHEN

Proposition 2.8, a(p−1)/2 ≡ 1 mod p if and only if the congruence x2 ≡ a mod p has a solution, i.e. if and only if a is a quadratic residue mod p. This establishes  a  (p−1)/2  −1  (p−1)/2 p ≡ a mod p. Letting a = −1, we have p = (−1) . (b) Part (b) is obvious from the definition.  ab  (p−1)/2 (p−1)/2 (p−1)/2  a   b  (c) By part (a), we have p ≡ (ab) = a b ≡ p p mod  ab   a   b   ab   a   b  p. Thus, we have p ≡ p p mod p, which implies p = p p .  Corollary 2.19. Let p be an odd rational prime. Then −1 is a quadratic residue mod p if and only if p ≡ 1 mod 4.

(p−1)/2  −1  Proof. −1 is a quadratic residue mod p if and only if (−1) = p = 1 if and only if (p − 1)/2 is even if and only if p ≡ 1 mod 4.  Corollary 2.20. Let p be an odd rational prime. Then there are (p−1)/2 quadratic residues mod p and as many quadratic nonresidues mod p. Proof. Proposition 2.8 implies that a(p−1)/2 ≡ 1 mod p has (p − 1)/2 solutions. Thus, there are (p−1)/2 quadratic residues mod p and (p−1)−((p−1)/2) = (p−1)/2 quadratic nonresidues mod p.   a  Proposition 2.18(b) allows us to regard the Legendre symbol p as a function of the coset of a mod p, and consequently as a function on Fp. Proposition 2.18(c) then allows us to regard the Legendre symbol as a multiplicative character on Fp. 2  a  Note that for all a 6≡ 0 mod p, we have p = 1. This, together with Corollary 2.20, implies that the Legendre symbol is a character of order 2.

Pp−1  t  Proposition 2.21. Let p be an odd rational prime. Then we have t=0 p = 0.

Proof. This is a special case of Proposition 2.11(d).  The law of quadratic reciprocity is stated in terms of the Legendre symbol: Let  p   q  ((p−1)/2)((q−1)/2) p and q be odd rational primes. Then we have q p = (−1) . Two proofs will be given in Section 5.

3. Field Extensions and Rings of Integers In this section, we shall solve two of the questions we have posed in the Intro- duction: (1) When does a prime number in Z stay a prime in the ring of algebraic integers in any quadratic extension of Q? (2) Under what conditions can a rational prime be written as the sum of squares of two integers in Z? 3.1. Field Extensions. Definition 3.1. (1) K is an extension field of F , denoted by K/F , if K is a field containing the subfield F . (2) The degree of a field extension K/F is the dimension of K as a vector space over F . (3) K is a quadratic extension of F if the degree of the field extension K/F is 2. We shall now give a characterization of quadratic extensions of Q, as follows: √ Proposition 3.2. If K is a quadratic extension of Q, then we have K = Q( d) for some square-free ordinary integer d. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 9

Proof. Let β be any element of K not contained in Q. Then β is a root to a polynomial f(x) of degree at most 2 in Q[x]. Now, f(x) cannot be of degree 1, since β is not an element of Q by assumption. It follows that f(x) must be of degree 2, and that Q(β) is a quadratic extension of Q; since we have Q ⊂ Q(β) ⊆ K, we must have K = Q(β). Suppose f(x) = ax2 + bx + c (a 6= 0). Then the quadratic formula tells us √ √ β = −b± b2−4ac . (Here b2−4ac is not a square in and b2 − 4ac denotes a root to 2a Q √ 2 2 2 the polynomial x −(b√−4ac) in K.) Consequently, we have Q(√β) ⊆ Q( b − 4ac). 2 2 Conversely, we have b −√4ac = ±(b + 2aβ),√ which gives Q√( b − 4ac) ⊆ Q(β). 2 2 Thus, we have Q(β) = Q( b − 4ac); since b − 4ac = y√d for some nonzero√ y ∈ Q and some square-free ordinary integer d, we have Q( b2 − 4ac) = Q( d). The proof is now complete.  √ For the rest of the paper, we shall define the norm N : Q( d) →√Q (where 0 0 d is a square-free√ ordinary√ integer) by N(γ) = γγ where γ = a − b d for all γ = a + b d ∈ Q( d) (Note that γ0 = γ is the complex conjugate of γ when d is a negative integer in Z). It is easy to check that N is multiplicative, i.e. N(αβ) = N(α)N(β).

3.2. Rings of Algebraic Integers in Extension Fields of Q. We shall now extend the concept of ordinary integers and define algebraic integers in an extension field of Q. Let K be an extension field of Q. Definition 3.3. An element α ∈ K is an algebraic integer if α is a root to some monic polynomial with coefficients in Z. The set of all algebraic integers in an extension field of Q forms a ring. To prove this, we need a lemma. Lemma 3.4. Suppose that α belongs to a ring R in K that is a finitely generated Z module. Then α is an algebraic integer.

Proof. Let R be a ring which is also the Z module generated by g1, ..., gn. Then Pn for each i ∈ Z with 1 ≤ i ≤ n, we have αgi = j=1 cijgj for some cij ∈ Z. Let g denote the column vector with entries gi. Then we have αg = Mg where M is the n × n matrix with entries cij. Thus, α is an eigenvalue of M in K, and satisfies the characteristic polynomial of M, which is a monic polynomial with coefficients in Z. 

Theorem 3.5. The set of all algebraic integers in K, denoted by OK , forms a ring (an integral domain, in fact). n n−1 Proof. Let α and β be algebraic integers in K. Suppose α +an−1α +...+a1α+ m m−1 a0 = 0 and β + bm−1β + ... + b1β + b0 = 0 with ai, bj ∈ Z. Let R be the set of all Z linear combinations of αiβj with i, j ∈ Z, 0 ≤ i < n and 0 ≤ j < m. Then R is a ring in K that is a finitely generated Z module. Since α + β and αβ belong to R, by the lemma above, we conclude that α + β and αβ are algebraic integers in K. 

We can extend the concept of congruence from Z to OK , as follows: If γ1, γ2 and λ are elements of OK with λ 6= 0, we say that γ1 is congruent to γ2 mod λ (γ1 ≡ γ2 mod λ) if we have γ1 − γ2 = δλ for some δ ∈ OK . The following proposition gives a useful property of congruences in OK . 10 CHAOFAN CHEN

Proposition 3.6. Let ω1, ω2 be any elements of OK and p be a rational prime. p p p Then we have (ω1 + ω2) ≡ ω1 + ω2 mod p. Proof. We have p−1 X p (ω + ω )p = ωp + ωp−kωk + ωp. 1 2 1 k 1 2 2 k=1 p Since p divides k for 1 ≤ k ≤ p−1 and OK is a ring, we have the desired result.  To illustrate the usefulness of the notion of congruence in a ring of algebraic  2  integers, we shall compute p where p is an odd rational prime.

 2  (p2−1)/8 Proposition 3.7. Let p be an odd rational prime. Then we have p = (−1) . Proof. Let ζ = e2πi/8. Then we have (ζ4 + 1)(ζ4 − 1) = ζ8 − 1 = 0, which implies ζ4 = −1. Consequently, we have ζ2 + ζ−2 = ζ4ζ−2 + ζ−2 = −ζ−2 + ζ−2 = 0, and (ζ + ζ−1)2 = ζ2 + 2 + ζ−2 = 2. Let τ = ζ + ζ−1. Note that both ζ and τ are algebraic integers in C. We may thus work with congruences in the ring of algebraic integers in C. p−1 2 (p−1)/2 (p−1)/2  2  p  2  Now, since τ = (τ ) = 2 ≡ p mod p, we have τ ≡ p τ mod p. By Proposition 3.6, we also have τ p = (ζ + ζ−1)p ≡ ζp + ζ−p mod p. Since ζ8 = 1, we have ζp + ζ−p = ζ + ζ−1 = τ for p ≡ ±1 mod 8 and ζp + ζ−p = ζ3 + ζ−3 for p ≡ ±3 mod 8. Note that we have ζ3 = ζ4ζ−1 = −ζ−1 and ζ−3 = −ζ, so we have ζp + ζ−p = −(ζ + ζ−1) = −τ for p ≡ ±3 mod 8. Thus, we have ζp + ζ−p = (p2−1)/8  2  (p2−1)/8 (−1) τ, and consequently p τ ≡ (−1) τ mod p; multiplying both  2  (p2−1)/8 sides of the congruence relation by τ, we obtain p 2 ≡ (−1) 2 mod p,  2  (p2−1)/8 which implies p = (−1) .  We shall now present two important properties of algebraic integers. The first proposition establishes the existence of a minimal polynomial for each algebraic integer (in fact, for each , which is a root to some polynomial in Q[x]), and the second gives a simple criterion for α to be an algebraic integer in terms of the minimal polynomial for α. Proposition 3.8. If α is an algebraic number then α is a root to a unique monic f(x) ∈ Q[x]. Furthermore, if we have g(x) ∈ Q[x], g(α) = 0, then f(x) divides g(x). Proof. Let f(x) be a monic polynomial in Q[x] of the smallest degree for which α is a root. Then f(x) is irreducible in Q[x]. For any g(x) ∈ Q[x] with g(α) = 0, if f(x) does not divide g(x), then we have (f(x), g(x)) = 1 and consequently f(x)s(x) + g(x)t(x) = 1 for some polynomials s(x), t(x) ∈ Q[x]. However, we also have f(α)s(α) + g(α)t(α) = 0 6= 1. Thus, we must have f(x) | g(x). Uniqueness of f(x) now follows immediately.  The polynomial f(x) defined in the above proposition is called the minimal polynomial of α. Thus, a minimal polynomial for an algebraic number α is a monic polynomial in Q[x] of the smallest degree for which α is a root; it is irreducible in Q[x], is unique and has the property that if g(x) is a polynomial in Q[x] with g(α) = 0, then f(x) divides g(x). RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 11

Proposition 3.9. An element α in some field extension K of Q is an algebraic integer if and only if α is a root of some nonzero polynomial in Q[x] and its minimal polynomial has coefficients in Z. In particular, the algebraic integers in Q are the ordinary integers Z. Proof. If α is a root of some nonzero polynomial in Q[x] and its minimal polynomial has coefficients in Z, then α is an algebraic integer by definition. Conversely, suppose that α is an algebraic integer. Let f(x) be a monic polynomial in Z[x] of the smallest degree having α as a root. If f(x) were reducible in Q[x], then f(x) would be reducible in Z[x] and we would have f(x) = g(x)h(x) for some monic polynomials g(x), h(x) ∈ Z[x] of degree at least one but smaller than the degree of f(x) (This is a special case of a result known as Gauss’ Lemma, which states that if R is a unique factorization domain with field of fractions F and f(x) ∈ R[x] is reducible in F [x], then f(x) is reducible in R[x]; for a proof of Gauss’ Lemma, see [2] pp. 303-304). Consequently, α would be a root of either g(x) or h(x), contradicting the minimality of the degree of f(x). Hence, f(x) is irreducible in Q[x], and it is the minimal polynomial of α. It then follows that the minimal polynomial of α has coefficients in Z. Finally, the minimal polynomial of α = a/b ∈ Q (a/b reduced to the lowest terms and b > 0) is x − (a/b). Hence, α is an algebraic integer if and only if b = 1. This shows that the algebraic integers in Q are the ordinary integers Z. 

√We shall now determine the ring of algebraic integers in any quadratic extension Q( d) (where d ∈ Z is square-free) of Q.

Proposition√ 3.10. Let d ∈ Z be a square-free integer. The ring of algebraic√ integers in ( d) (known as the ring) is [α] where α = d if Q √ Z 1+ d d ≡ 2 or 3 mod 4, and α = 2 if d ≡ 1 mod 4. Proof. Since α satisfies α2 − d = 0 for d ≡ 2 or 3 mod 4 and α2 − α + (1 − d)/4 = 0 for d ≡ 1 mod 4, it follows that α is√ an algebraic integer, so Z[α] is contained in the ring of algebraic√ integers in Q( d). To√ show that Z[α] is the full ring of algebraic integers in Q( d), we let γ = a + b d with a, b ∈ Q, and suppose that γ is an algebraic integer. If b = 0, then we have γ = a ∈ Q and consequently γ ∈ Z ⊆ Z[α]. If b 6= 0, the minimal polynomial of γ is x2 − 2ax + (a2 − b2d). Then the proposition above tells us that 2a and a2 − b2d are both elements of Z. Then we have 4(a2 − b2d) = (2a)2 − (2b)2d ∈ Z, which implies (2b)2d ∈ Z. Since d ∈ Z is square-free, we must have 2b ∈ Z. Write a = x/2 and b = y/2 for some x, y ∈ Z. Since we have a2 − b2d ∈ Z, we must have x2 − y2d ≡ 0 mod 4. Since 0 and 1 are the only squares mod 4 and d is not divisible by 4, the only possibilities are the following: (1) d ≡ 2 or 3 mod 4 and x, y are both even, or (2) d ≡ 1 mod 4 and x, y are both even or both√ odd. In case√ (1), we have a, b ∈ Z and γ ∈ Z[ d] = Z[α]. In case (2), we have γ = a + b d = r + sα with r = (x − y)/2 ∈ Z and s = y ∈√Z, so again γ ∈ Z[α]. Thus, we conclude that the ring of algebraic integers in Q( d) is Z[α]. 

For the rest of the paper, let Z[α] denote the quadratic integer ring as in the proposition above. Recall that a p in an integral domain R is one which satisfies the property that if p divides ab for a, b ∈ R, then p divides a or 12 CHAOFAN CHEN p divides b. In the language of ideals, p is a prime element of R if it satisfies the property that ab ∈ (p) implies a ∈ (p) or b ∈ (p). We have seen that a rational prime needs not be a prime in Z[α]. To answer the question when a rational prime stays a prime in Z[α], we shall give a simple criterion in terms of the Legendre symbol. Proposition 3.11. Let p be an odd rational prime. For any prime ideal P in Z[α], define P 0 = {γ0 : γ ∈ P }.  d  (a) If p = −1, then we have (p) = P for some prime ideal P in Z[α] (In this case, we say that p is inert).  d  0 0 (b) If p = 1, then we have (p) = PP and P 6= P for some prime ideal P in Z[α] (In this case, we say that p splits).  d  2 (c) If p = 0, then we have (p) = P for some prime ideal P in Z[α] (In this case, we say that p ramifies).

 d  Proof. (a) Suppose p = −1. Let f(x) be the minimal polynomial of α. Note that we have f(x) = x2 − d for d ≡ 2 or 3 mod 4, and f(x) = x2 − x + (1 − d)/4 for d ≡ 1 mod 4, and f(x) is reducible in Fp[x] if and only if d is a quadratic residue mod p. Thus, f(x) is irreducible in Fp[x], which means that (f(x)) is a prime ideal ∼ in Fp[x]. It then follows that Z[α]/(p) = Fp[x]/(f(x)) is an integral domain, and consequently, (p) is a prime ideal in Z[α].  d  (b) Suppose = 1. Then we have a2 ≡ d mod p for some a ∈ Z. Note p √ √ √ √ 2 that we√ have (p,√ a + d)(p, a − d) = (p)(p, a + d, a − d, (a − d)/p). Since 2 (p, a + d,√ a − d,√(a − d)/p) contains p and 2a which are relatively prime in 2 Z,(p, a + d, a − d, (a −√d)/p) contains√ 1 and is consequently√ the whole√ ring Z[α]. Thus,√ we have (p, a + d)(p, a − d) = (p). If (p, a + d) = (p, a − d), then (p, a+ d) would contain p and 2a, and would be the whole ring Z[α]. Consequently,√ (p) would be the whole ring Z[α], which is impossible. Setting P = (p, a + d), we have the desired result.   √ √ (c) Suppose d = 0. Note that we have (p, d)2 = (p)(p, d, d/p). Since √ p (p, d, d/p) contains√ p and d/p which are relatively prime in Z (because d ∈ Z is square-free),√ (p, d, d/p) contains 1 and√ is consequently the whole ring Z[α]. Thus, 2 we have (p, d) = (p). Setting P = (p, d), we have the desired result.  The case where p = 2 requires separate treatment. Proposition 3.12. Let p = 2. For any prime ideal P in Z[α], define P 0 in the same way as in the proposition above. (a) If d ≡ 5 mod 8, then we have (2) = P for some prime ideal P in Z[α]. (b) If d ≡ 1 mod 8, then we have (2) = PP 0 and P 6= P 0 for some prime ideal P in Z[α]. (c) If d ≡ 2 or 3 mod 4, then we have (2) = P 2 for some prime ideal P in Z[α]. Proof. (a) Suppose d ≡ 5 mod√ 8. Then we have d ≡ 1 mod 4. Let f(x) be the minimal polynomial of α = (1 + d)/2. Then we have f(x) = x2 − x + (1 − d)/4 = 2 2 x −x+1 in F2[x]. Note that f(x) = x −x+1 is irreducible in F2[x], which means ∼ that (f(x)) is a prime ideal in F2[x]. It then follows that Z[α]/(2) = F2[x]/(f(x)) is an integral domain, and consequently, (2) is a prime ideal in Z[α]. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 13 √ √ (b) If d √≡ 1 mod 8,√ we have d ≡ 1 mod 4 and (2, (1 + √d)/2)(2, (1 −√ d)/2) = (2)(2, (1 + d)/2, (1 − d√)/2, (1 − d)/8).√ Note that (2, (1 + d)/2, (1 − d)/2, (1 − d)/8) contains 1 = (1 + d)/2√ + (1 − d)/2,√ and is consequently the whole√ ring Z[α]. Thus,√ we have (2, (1√ + d)/2)(2, (1 − d)/2) = (2). If (2, (1 + d)/2) = (2, (1− d)/2), then (2, (1+ d)/2) would√ contain 1, and we would have (2) = Z[α], which is impossible. Setting P = (2, (1 + d)/2), we√ have the desired√ result. 2 (c)√ Suppose d ≡ 2 mod 4. Note that we have (2, d) = (2)(2√, d, d/2). Since (2, d, d/2) contains 2 and d/2 which are relatively prime in Z, (2√, d, d/2) contains 2 1 and is√ consequently the whole ring Z[α]. Thus, we have (2, d) = (2). Setting P = (2, d), we have the desired result. √ √ √ 2 Suppose d ≡ 3 mod 4. Note that we have (2, 1+ d)2 = (2)(2, 1+ d, (1+ d) ) = √ √ √ √ 2 (2)(2, 1 + d, 1+d + d). Since (2, 1 + d, 1+d + d) contains 2 and 1−d = (1 + √ √2 2 √ √ 2 d) − ( 1+d + d), which are relatively prime in , (2, 1 + d, 1+d + d) contains 1 2 Z √2 2 and is consequently√ the whole ring Z[α]. Thus, we have (2, 1 + d) = (2). Setting P = (2, 1 + d), we have the desired result.  To conclude our discussion on quadratic integer rings, we shall use the norm defined on quadratic extensions of Q to characterize the units in quadratic integer rings.

Proposition 3.13. The element γ is a in Z[α] if and only if N(γ) = ±1. Proof. Suppose N(γ) = ±1. Then we have γγ0 = ±1, so ±γ0 = γ−1. Since ±γ0 lies in Z[α], we see that γ is a unit in Z[α]. Suppose that γ is a unit in Z[α]. Then there exists a δ ∈ Z[α] satisfying γδ = 1. Thus, we have N(γ)N(δ) = 1. Since N(γ) and N(δ) are ordinary integers, we must have N(γ) = ±1.  √ 3.3. The Ring of Gaussian Integers Z[i]. Let i = −1. The ring of Gaussian√ integers Z[i] is the ring of algebraic integers in the quadratic extension Q( −1) of Q. The elements of Z[i] are complex numbers of the form a + bi with a, b ∈ Z. If γ = a + bi is an element of Z[i√], then the complex conjugate of γ is γ = a − bi, and the norm of γ (defined on Q( −1) as in Section 3.1) is N(γ) = γγ = a2 + b2. We shall now use Propositions 3.11, 3.12 and 3.13 to characterize the prime elements and the units in Z[i]. Proposition 3.14. Let p be a rational prime. If p ≡ 3 mod 4, then p is inert in Z[i]. If p ≡ 1 mod 4, then p splits in Z[i]. Finally, 2 ramifies in Z[i].

 −1  (p−1)/2 Proof. If p ≡ 3 mod 4, we have p = (−1) = −1; consequently, by Proposition 3.11, p is inert in Z[i].  −1  (p−1)/2 If p ≡ 1 mod 4, we have p = (−1) = 1; consequently, by Proposition 3.11, p splits in Z[i]. Finally, we have −1 ≡ 3 mod 4; consequently, by Proposition 3.12, 2 ramifies in Z[i]. 

Proposition 3.15. The element γ ∈ Z[i] is a unit if and only if N(γ) = 1. The units in Z[i] are 1, −1, i, and −i. 14 CHAOFAN CHEN

Proof. The first assertion follows from Proposition 3.13 and the observation that N(γ) is a nonnegative integer for all γ ∈ Z[i]. Now suppose that γ = a + bi is a unit in Z[i]. Then we have N(γ) = a2 + b2 = 1. The only possibilities are a = ±1 and b = 0, or a = 0 and b = ±1. It then follows that the units in Z[i] are 1, −1, i, and −i.  Recall that a R is an integral domain with the property that there is a function η : R − {0} → Z≥0 such that if a and b are two elements of R with b 6= 0, then there exist q, r ∈ R satisfying a = qb + r and either r = 0 or η(r) < η(b). We shall now prove that Z[i] is a Euclidean domain, and make use of the fact that Euclidean domains are domains (PIDs).

Proposition 3.16. The ring of Gaussian integers Z[i] is a Euclidean domain. √ Proof. Let N denote the norm on Q( −1). Let γ = a + bi and δ = c + di be two elements of Z[i] with δ 6= 0. γ Then we have δ = r + si for some r, s ∈ Q. Choose integers m and n satisfying 1 1 |r − m| ≤ 2 and |s − n| ≤ 2 . Set ρ = m + ni. Then we have ρ ∈ Z[i] and γ 2 2 1 2 1 2 1 N( δ − ρ) = (r − m) + (s − n) ≤ 2 + 2 = 2 . γ Set τ = γ −ρδ. Then we have τ ∈ Z[i] and either τ = 0 or N(τ) = N(δ( δ −ρ)) = γ 1 N(δ)N( δ − ρ) ≤ 2 N(δ) < N(δ). Thus, N makes Z[i] into a Euclidean domain.  Theorem 3.17. (Fermat’s Theorem on sums of squares) A rational prime p is the sum of the squares of two integers in Z, i.e. p = a2 + b2 for some a, b ∈ Z, if and only if p = 2 or p ≡ 1 mod 4.

Proof. Note that p = 2 or p ≡ 1 mod 4 if and only if p ramifies or splits in Z[i] (Proposition 3.14), if and only if p = γδ for some nonunits γ, δ ∈ Z[i] (Here, we uses the fact that Z[i] is a PID). If p = γδ for some nonunits γ, δ ∈ Z[i], then we have p2 = N(p) = N(γ)N(δ); since N(γ) 6= 1 and N(δ) 6= 1, we must have p = N(γ) = a2 + b2 for some a, b ∈ Z. Conversely, if p = a2 + b2 for some a, b ∈ Z, then we have p = (a + bi)(a − bi), and both a + bi and a − bi are nonunits in Z[i]. The desired result now follows.  The same reasoning can be used to characterize the rational primes p which can 2 2 be written√ as p = a + 2b √for some a, b ∈ Z. Instead of Z[i], we shall now work with Z[ −2]. Like Z[i], Z[ −2] is also a Euclidean domain, and consequently a PID. We shall now prove that a rational prime p can be written as p = a2 + 2b2 for some a, b ∈ Z if and only if p = 2, or p ≡ 1 mod 8, or p ≡ 3 mod 8, or p ≡ 1 mod 16, or p ≡ 11 mod 16, as follows: Note that p = 2, or p ≡ 1 mod 8, or p ≡ 3 mod 8, or p ≡ 1 mod 16, or p ≡ 11 p−1 p2−1 (p−1)(p+5) mod 16 if and only if p = 2, or 2 + 8 = 8 is an even integer in Z, 2  −2   −1   2  p−1 + p −1 if and only if p = 2, or = = (−1) 2 8 = 1, if and only if p √ p p p √ ramifies or splits in Z[ −2], if and only√ if p = γδ for some nonunits γ, δ ∈ Z[ −2]. If p = γδ for some nonunits γ, δ ∈ Z[ −2], then we have p2 = N(p) = N(γ)N(δ); 2 2 since N(γ) 6= 1 and N(δ) 6= 1, we must have p = N(γ) = a +2b for√ some a,√b ∈ Z. 2 2 Conversely, if p√= a +2b for some√ a, b ∈ Z, then we have√ p = (a+b −2)(a−b −2), and both a + b −2 and a − b −2 are nonunits in Z[ −2]. The desired result now follows. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 15

In general, the question whether a rational prime p can be written as p = a2 +nb2 for some a, b ∈ Z is much more difficult to answer, and the technique used above to characterize the rational primes p which can be written as p = a2 +b2 or p = a2 +2b2 for some a, b ∈ Z cannot be generalized√ for an arbitrary√ ordinary integer√n, because it relies on the fact that Z[i] = Z[ −1] and Z[√−2] are PIDs, but Z[ −n] is, in general, not necessarily a PID. For example, Z[ −5] is not a PID, and the above technique cannot be used to characterize the rational primes p which can be written as p = a2 + 5b2. √ √ −1+ −3 2 −1− −3 3.4. The Ring Z[ω]. Let ω = 2 . Note that we have ω = 2 = ω 2 2 and 1 + ω + ω =√ 0, and 1, ω and ω are the three cubic roots of unity. The ring [ω] = [ 1+ −3 ] is the ring of algebraic integers in the quadratic extension √Z Z 2 Q( −3) of Q. The elements of Z[ω] are complex numbers of the form a + bω with a, b ∈ Z. Let γ = a + bω ∈ Z√[ω], and γ denote the complex conjugate of γ. Then the norm of γ (defined on Q( −3) as in Section 3.1) is N(γ) = γγ = a2 − ab + b2. We shall prove that Z[ω] is also a Euclidean domain, and use Propositions 3.11, 3.12 and 3.13 again to investigate the units and the prime elements in Z[ω]. For notational convenience we shall set D = Z[ω]. Proposition 3.18. D is a Euclidean domain. √ Proof. Let N denote the norm on Q( −3). Let γ and δ be two elements of D with δ 6= 0. Then we have γ = γδ = r + sω for some r, s ∈ . We have used the facts δ δδ Q that δδ = N(δ) is a positive integer and that γδ lies in D since both γ and δ are elements of D and D is a ring. 1 1 Choose m, n ∈ Z with |r − m| ≤ 2 and |s − n| ≤ 2 . Set ρ = m + nω. Then we γ 2 2 1 2 1 1 1 2 3 have ρ ∈ D and N( δ −ρ) = (r−m) −(r−m)(s−n)+(s−n) ≤ 2 + 2 2 + 2 = 4 . γ Set τ = γ − ρδ. Then we have τ ∈ D and either τ = 0 or N(τ) = N(δ( δ − ρ)) = γ 3 N(δ)N( δ − ρ) ≤ 4 N(δ) < N(δ). Thus, N makes D into a Euclidean domain.  Proposition 3.19. The element γ ∈ D is a unit if and only if N(γ) = 1. The units in D are 1, −1, ω, −ω, ω2, and −ω2. Proof. The first assertion follows from Proposition 3.13 and the observation that N(γ) is a nonnegative integer for all γ ∈ D. Now suppose that γ = a+bω is a unit in D. Then we have N(γ) = a2−ab+b2 = 1 and consequently (2a − b)2 + 3b2 = 4. There are two possibilities: (1) 2a − b = ±1 and b = ±1, or (2) 2a − b = ±2 and b = 0. Solving the six pairs of equations, we see γ = 1, −1, ω, −ω, −1 − ω = ω2 or 2 2 2 1+ω = −ω . It then follows that the units in D are 1, −1, ω, −ω, ω , and −ω .  The following propositions characterize the prime elements of Z[ω]. Proposition 3.20. If π is a prime in D, then there is a rational prime p such that N(π) = p or p2. In the former case, π is not an associate to a rational prime; in the latter case π is associate to p.

Proof. Since π is a prime in D, we have N(π) = ππ = n for some n ∈ Z with n > 1. Since n is a product of rational primes, π divides p for some rational prime p. Suppose p = πγ for some γ ∈ D. Then we have N(π)N(γ) = N(p) = p2. Thus, 16 CHAOFAN CHEN we must have N(π) = p, or N(π) = p2 and N(γ) = 1. In the former case, if we had π = uq for some unit u ∈ D and some rational prime q, then we would have p = N(π) = N(u)N(q) = q2, which is impossible. Thus, π is not an associate to a rational prime. In the latter case, since γ is a unit, π is associate to p.  Proposition 3.21. If π ∈ D satisfies N(π) = p where p is a rational prime, then π is a prime element of D. Proof. If π were not prime in D, π would be reducible in D (since D is a Euclidean domain), so we could write π = ργ for some ρ, γ ∈ D with N(ρ) > 1 and N(γ) > 1. Then we would have p = N(π) = N(ρ)N(γ), which is impossible since p is a rational prime. Thus, π is a prime element of D.  Proposition 3.22. Let p be a rational prime. If p ≡ 2 mod 3, then p is a prime element of D. If p ≡ 1 mod 3, then we have p = ππ, where π is prime in D. Finally we have 3 = −ω2(1 − ω)2, and 1 − ω is prime in D. Proof. Suppose p ≡ 2 mod 3. If p is odd, then by the law of quadratic reciprocity (which is stated in Section 2 and will be proved in Section 5), we have −3 −1 3 = p p p p = (−1)(p−1)/2(−1)((p−1)/2)((3−1)/2) 3 p = 3 2 = 3 = −1, and consequently, by Proposition 3.11, p is a prime element of D. If p = 2, since −3 ≡ 1 mod 4 and −3 ≡ 5 mod 8, by Proposition 3.12, 2 is a prime element of D.  −3  p  1  Suppose p ≡ 1 mod 3. A similar calculation shows p = 3 = 3 = 1. By Proposition 3.11, we have (p) = PP 0; since D is a PID, we have P = (π) and P 0 = (γ) for some π, γ ∈ D with N(π) > 1 and N(γ) > 1. Consequently, we have p = uπγ for some unit u ∈ D, and p2 = N(p) = N(π)N(γ), which implies p = N(π) = ππ. Finally, since x2 +x+1 = (x−ω)(x−ω2), setting x = 1, we have 3 = (1−ω)(1− ω2) = (1 + ω)(1 − ω)2 = −ω2(1 − ω)2. Since 32 = N(3) = N(−ω2)N((1 − ω)2) = (N(1 − ω))2, we must have N(1 − ω) = 3. By Proposition 3.21, 1 − ω is prime in D.  We need a notion of primary primes to eliminate the ambiguity caused by the fact that every nonzero element of D has six associates. Definition 3.23. If π is a prime element of D, we say that π is primary if π ≡ 2 mod 3. If π = a + bω is a complex prime, the definition above is equivalent to a ≡ 2 mod 3 and b ≡ 0 mod 3. Proposition 3.24. Let π be a prime element of D with N(π) = p ≡ 1 mod 3. Among the associates of π exactly one is primary. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 17

Proof. Let π = a + bω. The associates of π are π, −π, ωπ, −ωπ, ω2π and −ω2π, which, in terms of a and b, are (a) a + bω, (b) −a − bω, (c) −b + (a − b)ω, (d) b + (b − a)ω, (e) (b − a) − aω, and (f) (a − b) + aω. Since we have p = a2 −ab+b2, not both a and b are divisible by 3. By comparing (a) and (d), we may assume that 3 does not divide a. By considering (a) and (b), we may assume a ≡ 2 mod 3. Under these assumptions, p = a2 − ab + b2 implies 1 ≡ 4 − 2b + b2 mod 3, which gives b(b − 2) ≡ 0 mod 3. If b ≡ 0 mod 3, then a + bω is primary. If b ≡ 2 mod 3, then b + (b − a)ω is primary. To show the uniqueness of a primary prime among its associates, suppose that a + bω is primary. Then we have a ≡ 2 mod 3 and b ≡ 0 mod 3. Since we have −a ≡ 1 mod 3, −b ≡ 0 mod 3 and b ≡ 0 mod 3, (b), (c) and (d) are not primary. Since we have −a ≡ 1 mod 3 and a ≡ 2 mod 3, (e) and (f) are not primary. 

Let λ 6= 0 be a nonunit in D. Just as in Z, the congruence classes mod λ in D can be made into a ring D/λD, called the residue class ring mod λ.

Proposition 3.25. Let π ∈ D be a prime. Then D/πD is a finite field with N(π) elements.

Proof. We shall first prove that D/πD is a field. Note that D/πD is an integral domain. Let γ be an element of D with γ 6≡ 0 mod π. Since D is a Euclidean domain, there exist δ, ρ ∈ D with γδ + πρ = 1, which gives γδ ≡ 1 mod π. This shows that every nonzero element of D/πD is a unit. Thus, D/πD is a field. To show that D/πD has N(π) elements, we shall consider three cases: (1) Suppose that π = q is a rational prime congruent to 2 mod 3. We claim that {a + bω : a, b ∈ Z, 0 ≤ a < q, 0 ≤ b < q} gives a complete set of representatives mod q. This will establish that D/qD has q2 = N(q) elements. Let µ = m + nω ∈ D. Then we have m = qs+a and n = qt+b for some s, a, t, b ∈ Z with 0 ≤ a, b < q, and µ ≡ a + bω mod q. Now, suppose a + bω ≡ a0 + b0ω mod q with 0 ≤ a, b, a0, b0 < q. Then we have ((a − a0)/q) + ((b − b0)/q)ω ∈ D, implying (a − a0)/q ∈ Z and (b − b0)/q ∈ Z. This is possible only if we have a = a0 and b = b0. (2) Suppose that π is a prime element of D with ππ = N(π) = p, where p is a rational prime congruent to 1 mod 3. We claim that {0, 1, ..., p − 1} gives a complete set of representatives mod π. This will establish that D/πD has p = N(π) elements. Let π = a + bω. Since p = N(π) = a2 − ab + b2, p does divide b (for otherwise p would divide π and π, and p would be a unit in D, which is impossible). Let µ = m + nω. Then there exists some c ∈ Z with cb ≡ n mod p, and we have µ − cπ ≡ m − ca mod p, so µ ≡ m − ca mod π. Thus, every element of D is congruent to an ordinary integer mod π. For each l ∈ Z, we have l = ps + r for some s, r ∈ Z with 0 ≤ r < p. Thus, we have l ≡ r mod p, so l ≡ r mod π. We have shown that every element of D is congruent to an element of {0, 1, ..., p − 1} mod π. Now, suppose r ≡ r0 mod π with r, r0 ∈ Z and 0 ≤ r, r0 < p. Then we have r − r0 = πγ for some γ ∈ D, and (r − r0)2 = pN(γ), which implies that p divides r − r0, i.e. r ≡ r0 mod p. Consequently, we must have r = r0. 18 CHAOFAN CHEN

(3) Suppose π = 1 − ω. Then we have N(π) = 3. We claim that {0, 1, 2} gives a complete set of representatives mod π. This will establish that D/πD has 3 = N(π) elements. Let µ = m + nω. Then we have µ + nπ = m + n, so µ ≡ m + n mod π. Thus, every element of D is congruent to an ordinary integer mod π. To show that every element of D is congruent to an element of {0, 1, 2} mod π, and that 0, 1 and 2 are distinct residues mod π, we use the same technique as in case (2), with p replaced by 3.  Corollary 3.26. Let π be a prime element of D. The multiplicative group (D/πD)× of D/πD is cyclic with order N(π) − 1. Consequently, if π does not divide γ ∈ D, then we have γN(π)−1 ≡ 1 mod π. Corollary 3.27. Let π be a prime element of D with N(π) 6= 3, and γ be an element of D such that π does not divide γ. Then the residue classes of 1, ω, ω2 are distinct in D/πD, and there is a unique integer m = 0, 1 or 2 such that γ(N(π)−1)/3 ≡ ωm mod π. Proof. To see that the residue classes of 1, ω, ω2 are distinct in D/πD, suppose, first, ω ≡ 1 mod π. Then π would divide 1−ω, and since 1−ω is prime in D, π and 1−ω would be associate, and we would have N(π) = N(1−ω) = 3, a contradiction. Suppose ω2 ≡ 1 mod π. Then π would divide 1 − ω2 = (1 + ω)(1 − ω). Since π is prime in D and π does not divide 1 − ω, π would have to divide 1 + ω = −ω2, but this is impossible since −ω2 is a unit. Finally, suppose ω2 ≡ ω mod π. Then π would divide ω − ω2 = ω(1 − ω). Since π is a prime in D and π does not divide 1 − ω, π would have to divide ω, but this is again impossible since ω is a unit. We know that π divides γN(π)−1−1 = (γ(N(π)−1)/3−1)(γ(N(π)−1)/3−ω)(γ(N(π)−1)/3− ω2). Since π is prime in D, it must divide at least one of the three factors; on the other hand, π can divide at most one of the three factors, since if it divided two factors, it would divide the difference. Thus, π divides exactly one of the three factors. The desired result now follows.  On the basis of Corollary 3.27 we can define the cubic residue character as follows: Definition 3.28. Let π be a prime element of D with N(π) 6= 3. For all γ ∈ D, γ  the cubic residue character of γ mod π, π 3, is given by γ  (a) π 3 = 0 if π divides γ. γ  (N(π)−1)/3 γ  2 (b) π 3 ≡ γ mod π, with π 3 = 1, ω or ω , if π does not divide γ. The cubic residue character plays an analogous role in the theory of cubic residues as the Legendre symbol plays in the theory of quadratic residues. For the rest of γ  this paper, let χπ(γ) = π 3 denote the cubic residue character of γ mod π for all γ ∈ D. The following proposition summarizes some of the properties of the cubic residue character. Proposition 3.29. Let π be a prime element of D with N(π) 6= 3. Then for all γ, δ ∈ D, we have 3 (a) χπ(γ) = 1 if and only if x ≡ γ mod π is solvable, i.e. if and only if γ is a cubic residue mod π. (N(π)−1)/3 (b) χπ(γ) ≡ γ mod π. (c) χπ(γ) = χπ(δ) if γ ≡ δ mod π. (d) χπ(γδ) = χπ(γ)χπ(δ). RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 19

2 2 (e) χπ(γ) = χπ(γ) = χπ(γ ). (f) χπ(γ) = χπ(γ). Proof. (a) This is a special case of Proposition 2.8 with F = D/πD, q = N(π), a = γ, and n = 3. (b) This is immediate from the definition. (N(π)−1)/3 (N(π)−1)/3 (c) If γ ≡ δ mod π, we have χπ(γ) ≡ γ ≡ δ ≡ χπ(δ) mod π, which implies χπ(γ) = χπ(δ). (N(π)−1)/3 (N(π)−1)/3 (N(π)−1)/3 (d) Since we have χπ(γδ) ≡ (γδ) ≡ γ δ ≡ χπ(γ)χπ(δ) mod π, we must have χπ(γδ) = χπ(γ)χπ(δ). 2 (e) χπ(γ) is by definition 0, 1, ω, or ω , and each of these squared is equal to its complex conjugate. (N(π)−1)/3 (f) Since we have χπ(γ) ≡ γ mod π, we must also have χπ(γ) ≡ (N(π)−1)/3 (N(π)−1)/3 γ = γ ≡ χπ(γ) mod π, which implies χπ(γ) = χπ(γ).  Proposition 3.29 allows us to regard the cubic residue character as a multiplica- tive character of order 3 on D/πD. Corollary 3.30. Let q be a rational prime with q ≡ 2 mod 3. Then we have 2 χq(γ) = χq(γ ) and χq(n) = 1 if n ∈ Z is relatively prime to q. In particular, if q1 6= q2 are two rational primes congruent to 2 mod 3, then q1 and q2 are prime elements of D and we have χq1 (q2) = χq2 (q1). Proof. Since q is a rational prime with q ≡ 2 mod 3, q is prime in D and we have 2 q = q. Consequently, we must have χq(γ) = χq(γ) = χq(γ) = χq(γ ). Since we 2 have n = n, we must have χq(n) = χq(n) = χq(n) ; if n ∈ Z is relatively prime to q, we have χq(n) 6= 0, which implies χq(n) = 1. If q1 6= q2 are two rational primes congruent to 2 mod 3, then q1 and q2 are prime elements of D and they are relatively prime to each other in Z; consequently, we must have χq1 (q2) = 1 and χq2 (q1) = 1, and the desired result follows immediately.  Corollary 3.30 gives a special case of the law of cubic reciprocity. We shall now state the general law: Let π1, π2 ∈ D be primary primes with N(π1), N(π2) 6= 3 and N(π1) 6= N(π2).

Then we have χπ1 (π2) = χπ2 (π1). A proof will be given in Section 6.

4. Gauss and Jacobi Sums In this section, we shall develop the concepts of Gauss and Jacobi sums, which will be used later to find the number of solutions to congruence equations of the form xn + yn ≡ 1 mod p when n = 2 or 3, and to prove the laws of quadratic and cubic reciprocity.

4.1. Gauss Sums. Definition 4.1. Let ζ = e2πi/p be a pth root of unity, χ be a multiplicative character on F , and a be any element of F . Define g (χ) = P χ(t)ζat. Then p p a t∈Fp ga(χ) is called a on Fp belonging to the character χ. 20 CHAOFAN CHEN

When χ is the Legendre symbol, ga(χ) is called a , and will   be denoted simply as g . Thus, we have g = P t ζat. a a t∈Fp p To prove some of the properties of Gauss sums, we need a lemma.

Pp−1 at Lemma 4.2. t=0 ζ is equal to p if a ≡ 0 mod p; otherwise it is zero. a Pp−1 at Pp−1 Proof. If a ≡ 0 mod p, we have ζ = 1, so t=0 ζ = t=0 1 = p. If a 6≡ 0 mod a Pp−1 at ap a p, we have ζ 6= 1 and t=0 ζ = (ζ − 1)/(ζ − 1) = 0. 

−1 Pp−1 t(x−y) Corollary 4.3. p t=0 ζ = δ(x, y), where δ(x, y) = 1 if x ≡ y mod p and δ(x, y) = 0 if x 6≡ y mod p. The following propositions summarize the properties of Gauss sums. Again,  denotes the trivial character on Fp. −1 Proposition 4.4. If a 6= 0 and χ 6= , we have ga(χ) = χ(a )g1(χ). If a 6= 0 and χ = , we have ga() = 0. If a = 0 and χ 6= , we have g0(χ) = 0. If a = 0 and χ = , we have g0() = p. Proof. Suppose a 6= 0 and χ 6= . Then we have χ(a)g (χ) = χ(a) P χ(t)ζat = a t∈Fp P χ(at)ζat = g (χ), so g (χ) = χ(a)−1g (χ) = χ(a−1)g (χ). t∈Fp 1 a 1 1 If a 6= 0, we have g () = P (t)ζat = P ζat = 0, by Lemma 4.2. a t∈Fp t∈Fp Now, for all characters χ on F , we have g (χ) = P χ(t)ζ0t = P χ(t), p 0 t∈Fp t∈Fp which is equal to 0 if χ 6= , and is equal to p if χ = , by Proposition 2.11(d). 

 a  Corollary 4.5. ga = p g1.

From now on we shall denote g1(χ) simply as g(χ) and g1 simply as g. √ Proposition 4.6. If χ 6= , we have |g(χ)| = p.

Proof. We shall evaluate P g (χ)g (χ) in two ways. a∈Fp a a −1 If a 6= 0, then by Proposition 4.4, we have ga(χ) = χ(a )g(χ) and ga(χ) = −1 −1 2 χ(a )g(χ) = χ(a)g(χ), so ga(χ)ga(χ) = χ(a )χ(a)g(χ)g(χ) = g(χ)g(χ) = |g(χ)| . Since g (χ) = 0, we have P g (χ)g (χ) = (p − 1) |g(χ)|2. 0 a∈Fp a a On the other hand, we have

X X a(x−y) ga(χ)ga(χ) = χ(x)χ(y)ζ .

x∈Fp y∈Fp By Corollary 4.3, we have X X X ga(χ)ga(χ) = χ(x)χ(y)δ(x, y)p = (p − 1)p.

a∈Fp x∈Fp y∈Fp 2 Thus, we have (p − 1) |g(χ)| = (p − 1)p, which gives the desired result.  Corollary 4.7. g(χ)g(χ) = χ(−1)p; in particular, g2 = (−1)(p−1)/2p. Proof. Since g(χ) = P χ(t)ζ−t = χ(−1) P χ(−t)ζ−t = χ(−1)g(χ), we t∈Fp t∈Fp have g(χ) = χ(−1)g(χ), so g(χ)g(χ) = χ(−1)g(χ)g(χ) = χ(−1)p. Letting χ be the 2 (p−1)/2 Legendre symbol, we have g = (−1) p.  RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 21

4.2. Jacobi Sums.

Definition 4.8. Let χ1, χ2, ..., χr be characters on Fp. A Jacobi sum is defined by the formula X J(χ1, χ2, ..., χr) = χ1(t1)χ2(t2)...χr(tr).

t1+...+tr =1 It is useful to define another sum X J0(χ1, χ2, ..., χr) = χ1(t1)χ2(t2)...χr(tr).

t1+...+tr =0 Some properties of Jacobi sums are given in the following propositions.

Proposition 4.9. Let χ1, χ2, ..., χr, χ be characters on Fp, and  denote the trivial character. r−1 (a) J0(, , ..., ) = J(, , ..., ) = p . (b) J0(χ1, χ2, ..., χr) = J(χ1, χ2, ..., χr) = 0, if some but not all of the χi are trivial. (c) J(χ, χ−1) = −χ(−1), if χ is nontrivial. (d) Suppose χr 6= . Then J0(χ1, χ2, ..., χr) is equal to 0 if χ1χ2...χr is nontrivial, and is equal to χr(−1)(p − 1)J(χ1, χ2, ..., χr−1) if χ1χ2...χr is trivial. r−1 Proof. (a) Note that there are p distinct r-tuples (t1, t2, ..., tr) satisfying t1 + X r−1 t2 + ... + tr = 0. Thus, we have J0(, , ..., ) = 1 = p . The same

t1+...+tr =0 reasoning shows J(, , ..., ) = pr−1. (b) Suppose that χ1, χ2, ..., χs are nontrivial and χs+1, χs+2, ..., χr are trivial. Then we have X J0(χ1, χ2, ..., χr) = χ1(t1)χ2(t2)...χr(tr)

t1+...+tr =0 X = χ1(t1)χ2(t2)...χs(ts)

t1,t2...,tr−1 ! ! ! r−s−1 X X X = p χ1(t1) χ2(t2) ... χs(ts)

t1 t2 ts = 0.

The same reasoning shows J(χ1, χ2, ..., χr) = 0. (c) Note that we have X X a X  a  J(χ, χ−1) = χ(a)χ−1(b) = χ = χ . b 1 − a a+b=1 a+b=1,b6=0 a6=1 a Setting c = 1−a , we have X J(χ, χ−1) = χ(c) = −χ(−1). c6=−1 (d) Note that we have   X X J0(χ1, χ2, ..., χr) =  χ1(t1)...χr−1(tr−1) χr(s). s t1+...+tr−1=−s 22 CHAOFAN CHEN

Since χr is nontrivial, we have χr(0) = 0, and we may assume s 6= 0 in the above 0 0 sum. For s 6= 0, define ti by ti = −sti. Then we have X X 0 0 χ1(t1)...χr−1(tr−1) = χ1χ2...χr−1(−s) χ1(t1)...χr−1(tr−1) t +...+t =−s 0 0 1 r−1 t1+...+tr−1=1

= χ1χ2...χr−1(−s)J(χ1, ..., χr−1). Combining these results, we have X J0(χ1, χ2, ..., χr) = χ1χ2...χr−1(−1)J(χ1, ..., χr−1) χ1χ2...χr(s). s6=0 P The desired result follows since s6=0 χ1χ2...χr(s) is equal to 0 if χ1χ2...χr is non- trivial, and is equal to p − 1 if χ1χ2...χr is trivial.  Corollary 4.10. Let χ be a nontrivial character. Then we have (a) J(, ) = p. (b) J(, χ) = 0.

Proposition 4.11. Suppose that χ1, χ2, ..., χr are nontrivial characters on Fp and χ1χ2...χr is also nontrivial. Then we have

g(χ1)g(χ2)...g(χr) = J(χ1, χ2, ..., χr)g(χ1χ2...χr). t Proof. For t ∈ Fp, define ψ(t) = ζ . Then we have ψ(x + y) = ψ(x)ψ(y) and g(χ) = P χ(t)ψ(t). Now, t∈Fp ! ! X X g(χ1)g(χ2)...g(χr) = χ1(t1)ψ(t1) ... χr(tr)ψ(tr)

t1 tr ! X X = χ1(t1)χ2(t2)...χr(tr) ψ(s).

s t1+...+tr =s If s = 0, then by Proposition 4.9(d), we have X χ1(t1)χ2(t2)...χr(tr) = 0.

t1+...+tr =s 0 0 For s 6= 0, define ti by ti = sti, and then we have X X 0 0 0 χ1(t1)χ2(t2)...χr(tr) = χ1χ2...χr(s) χ1(t1)χ2(t2)...χr(tr) t +...+t =s 0 0 1 r t1+...+tr =1

= χ1χ2...χr(s)J(χ1, χ2, ..., χr). Combining these results, we have X g(χ1)g(χ2)...g(χr) = J(χ1, χ2, ..., χr) χ1χ2...χr(s)ψ(s) s6=0

= J(χ1, χ2, ..., χr)g(χ1χ2...χr). 

Corollary 4.12. Suppose that χ1, χ2, ..., χr are nontrivial characters on Fp but χ1χ2...χr is trivial. Then we have

g(χ1)g(χ2)...g(χr) = χr(−1)pJ(χ1, χ2, ..., χr−1) RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 23 and J(χ1, χ2, ..., χr) = −χr(−1)J(χ1, χ2, ..., χr−1).

If r = 2, set J(χ1) = 1. Proof. By Proposition 4.11, we have

g(χ1)g(χ2)...g(χr−1) = J(χ1, χ2, ..., χr−1)g(χ1χ2...χr−1).

Multiply both sides of the equation by g(χr). The desired result follows since we −1 have g(χ1χ2...χr−1)g(χr) = g(χr )g(χr) = g(χr)g(χr) = χr(−1)p. Note that when r = 2, the second equation is equivalent to Proposition 4.9(c). Suppose r > 2. Using the same reasoning as in the proof of Proposition 4.11 with the hypothesis that χ1χ2...χr is trivial, we have X g(χ1)g(χ2)...g(χr) = J0(χ1, χ2, ..., χr) + J(χ1, χ2, ..., χr) ψ(s). s6=0 P P Note that we have s ψ(s) = 0, so s6=0 ψ(s) = 0 − ψ(0) = −1. By Proposition 4.9(d), we have J0(χ1, χ2, ..., χr) = χr(−1)(p − 1)J(χ1, χ2, ..., χr−1). Also, we have g(χ1)g(χ2)...g(χr) = χr(−1)pJ(χ1, χ2, ..., χr−1). Combining these results, we have

J(χ1, χ2, ..., χr) = J0(χ1, χ2, ..., χr) − g(χ1)g(χ2)...g(χr)

= −χr(−1)J(χ1, χ2, ..., χr−1).  Corollary 4.13. If χ, λ, and χλ are nontrivial characters, then we have g(χ)g(λ) J(χ, λ) = . g(χλ)

Proposition 4.14. Suppose that χ1, χ2, ..., χr are nontrivial. If χ1χ2...χr is nontrivial, then we have (r−1)/2 |J(χ1, χ2, ..., χr)| = p .

If χ1χ2...χr is trivial, then we have (r/2)−1 |J0(χ1, χ2, ..., χr)| = (p − 1)p and (r/2)−1 |J(χ1, χ2, ..., χr)| = p . √ Proof. We know |g(χ)| = p for any nontrivial character χ. Thus, if χ1χ2...χr is nontrivial, by Proposition 4.11, we have

|g(χ1)| ... |g(χr)| √ r−1 (r−1)/2 |J(χ1, χ2, ..., χr)| = = ( p) = p . |g(χ1...χr)|

If χ1χ2...χr is trivial, by Proposition 4.9(d) and Corollary 4.12, we have (r−2)/2 (r/2)−1 |J0(χ1, χ2, ..., χr)| = (p − 1) |J(χ1, χ2, ..., χr−1)| = (p − 1)p = (p − 1)p , and (r−2)/2 (r/2)−1 |J(χ1, χ2, ..., χr)| = |J(χ1, χ2, ..., χr−1)| = p = p .  Corollary 4.15. If χ, λ, and χλ are nontrivial characters, then we have |J(χ, λ)| = √ p. 24 CHAOFAN CHEN

Proposition 4.16. Suppose that n ∈ Z is an ordinary integer with n > 2, and that p is a rational prime with p ≡ 1 mod n. Then there is a character of order n on Fp. Let χ be a character of order n on Fp. Then we have g(χ)n = χ(−1)pJ(χ, χ)J(χ, χ2)...J(χ, χn−2).

Proof. We know that the group of multiplicative characters on Fp is cyclic with order p − 1. Let λ be a generator of the group. Since n divides p − 1, the character λ(p−1)/n has order n. This proves existence. 2 Let χ be a character of order n on Fp. By Corollary 4.13, we have g(χ) = J(χ, χ)g(χ2). Multiplying both sides of the equation by g(χ), we have g(χ)3 = J(χ, χ)g(χ2)g(χ) = J(χ, χ)J(χ, χ2)g(χ3). Continuing in this way, we shall obtain g(χ)n−1 = J(χ, χ)J(χ, χ2)...J(χ, χn−2)g(χn−1). The desired result follows from multiplying both sides of the equation above by n−1 −1 g(χ), since we have g(χ )g(χ) = g(χ )g(χ) = g(χ)g(χ) = χ(−1)p.  Corollary 4.17. If p is a rational prime with p ≡ 1 mod 3, then there is a cubic 3 character on Fp. Let χ be a cubic character on Fp. Then we have g(χ) = pJ(χ, χ). Proof. Set n = 3 in the proposition above. The desired result follows since we have 3 3 χ(−1) = χ((−1) ) = χ (−1) = 1.  The following proposition characterizes the Jacobi sum J(χ, χ) when χ is a cubic character.

Proposition 4.18. Suppose that p is a rational prime with p ≡ 1 mod 3, and√ that −1+ −3 χ is a cubic character on Fp. Then we have J(χ, χ) = a + bω, where ω = 2 , for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3. Proof. Since χ is a cubic character, the values of χ must be cubic roots of unity, i.e. the values of χ are in the set 1, ω, ω2 . By the definition of Jacobi sums, we have P 2 J(χ, χ) = x+y=1 χ(x)χ(y), which is a Z linear combination of 1, ω, ω = −1 − ω, ω3 = 1 and ω4 = ω. Thus, we have J(χ, χ) = a + bω for some a, b ∈ Z. Note that we have !3 X X g(χ)3 = χ(t)ζt ≡ χ(t)3ζ3t mod 3. t t 3 P 3 3t P 3t Since χ(0) = 0 and χ(t) = 1 for t 6= 0, we have t χ(t) ζ = t6=0 ζ = −1. Thus, we have g(χ)3 = pJ(χ, χ) ≡ a + bω ≡ −1 mod 3. Since g(χ) = g(χ), we also have g(χ)3 = pJ(χ, χ) ≡ a + bω ≡ −1 mod 3. √ Consequently, we have b(ω − ω) ≡ 0 mod 3, or b −3 ≡ 0 mod 3. It then follows that 9 divides −3b2, so 3 divides b. Since 3 divides b and we have a + bω ≡ −1 mod 3, we must have a ≡ −1 mod 3.  Corollary 4.19. Suppose that p is a rational prime with p ≡ 1 mod 3. There exist A, B ∈ Z such that 4p = A2 + 27B2 and A ≡ 1 mod 3. RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 25

Proof. Since p is a rational prime with p ≡ 1 mod 3, there is a cubic character on Fp. Let χ be a cubic character on Fp. Then we have shown that J(χ, χ) = a + bω for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3. Set A = 2a − b and B = b/3. Note that we have A = 2a − b ≡ −2 ≡ 1 mod 3. Since p = |J(χ, χ)|2 = |a + bω|2, we have p = a2 − ab + b2. Thus, we have 2 2 2 2 4p = (2a − b) + 3b = A + 27B .  n n 4.3. The Equations of the Form x + y = 1 in Fp for n = 2 or 3. Let N(xn +yn = 1) denote the number of solutions to equations of the form xn +yn = 1 in Fp. To illustrate the usefulness of Gauss and Jacobi sums, we shall use them to determine N(xn + yn = 1) when n = 2 or 3. Lemma 4.20. Let p be an odd rational prime, and let N(xn = a) denote the number n 2  a  of solutions to the equation x = a in Fp. Then we have N(x = a) = 1 + p .

Proof. This is a special case of Proposition 2.15.  Proposition 4.21. Let p be an odd rational prime. We have N(x2 + y2 = 1) = p − (−1)(p−1)/2. Proof. Let χ denote the Legendre symbol mod p. Then we have χ−1 = χ, and X N(x2 + y2 = 1) = N(x2 = a)N(y2 = b) a+b=1 X  a   b  = 1 + 1 + p p a+b=1 X a X  b  X a  b  = p + + + p p p p a b a+b=1 X = p + 0 + 0 + χ(a)χ(b) a+b=1 X = p + χ(a)χ−1(b) a+b=1 = p + J(χ, χ−1) = p − χ(−1) = p − (−1)(p−1)/2.

 Proposition 4.22. Suppose that p is a rational prime with p ≡ 2 mod 3. Then we have N(x3 + y3 = 1) = p.

3 Proof. It is clear that x = 0 has exactly one solution in Fp, namely, x = 0. For × (p−1)/1 p−1 each a ∈ Fp , since (3, p − 1) = 1 and a = a = 1, by Proposition 2.8, 3 3 x = a has exactly one solution in Fp. Thus, we have N(x = a) = 1 for all a ∈ Fp, and p−1 X X N(x3 + y3 = 1) = N(x3 = a)N(y3 = b) = 1 = p. a+b=1 a=0  26 CHAOFAN CHEN

Proposition 4.23. Suppose that p is a rational prime with p ≡ 1 mod 3. Then there are A, B ∈ Z with 4p = A2 + 27B2. If we require A ≡ 1 mod 3, then A is uniquely determined, and we have N(x3 + y3 = 1) = p − 2 + A. Proof. We have proved the existence of A, B ∈ Z satisfying 4p = A2 + 27B2 (Corollary 4.19). To show that A is uniquely determined if we require A ≡ 1 mod 3, we shall write 4p = A2 + 27B2 √ √ = (A + 3B −3)(A − 3B −3) = (A + 3B(2ω + 1))(A − 3B(2ω + 1)) = (A + 3B + 6Bω)(A − 3B − 6Bω) = (A + 3B + 6Bω)(A + 3B + 6Bω). Since p is a rational prime with p ≡ 1 mod 3, by Proposition 3.22, we have p = ππ for some prime element π of Z[ω], and consequently, 4p = 2π2π. Note that there are 12 choices of π, because π and π each has six associates, and we can interchange π and π. Since Z[ω] is a UFD, there is at least one choice of π such that A+3B+6Bω = 2π. Let such a π be equal to x + yω. Then we have A + 3B + 6Bω = 2x + 2yω, i.e. A+3B = 2x and 6B = 2y (or equivalently, 3B = y). Consequently, we have A ≡ 2x mod 3 and y ≡ 0 mod 3. If we require A ≡ 1 mod 3, then we have 2x ≡ 1 mod 3, i.e. x ≡ 2 mod 3. It then follows that π = x + yω must be a primary prime. There are only two primary primes among the 12 choices of π, and they are conjugate to each other. Suppose that a+bω and a + bω = a−b−bω are the two primary primes such that p = (a + bω)(a − b − bω). If A + 3B + 6Bω = 2(a + bω), then we have A + 3B = 2a and 6B = 2b, which give A = 2a − b; if A + 3B + 6Bω = 2(a − b − bω), then we have A + 3B = 2a − 2b and 6B = −2b, which again give A = 2a − b. This shows that A is uniquely determined. Since 3 divides p − 1, the proof of Proposition 2.15 shows that there are exactly 3 distinct characters , χ and χ2 of order dividing 3, where  is the trivial character and χ and χ2 both have order 3, and the proposition itself tells us N(x3 = a) = 1 + χ(a) + χ2(a). Note that we have χ(−1) = χ((−1)3) = χ3(−1) = 1 and χ2 = χ−1 = χ. We are now ready to compute N(x3 + y3 = 1): X N(x3 + y3 = 1) = N(x3 = a)N(y3 = b) a+b=1 2 2 X X X = χi(a) χj(b) a+b=1 i=0 j=0 2 2 ! X X X = χi(a)χj(b) i=0 j=0 a+b=1 = p + J(χ, χ) + J(χ2, χ2) + J(χ, χ2) + J(χ2, χ) = p + J(χ, χ) + J(χ, χ) + 2J(χ, χ−1) = p + J(χ, χ) + J(χ, χ) − 2χ(−1) = p − 2 + 2Re J(χ, χ). We have shown that J(χ, χ) = a + bω for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3. As in the proof of Corollary 4.19, set A = 2a−b and B = b/3, and we RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 27 have 4p = A2 + 27B2 and A ≡ 1 mod 3. Furthermore, we have shown that this A is unique. Now, since Re J(χ, χ) = (2a − b)/2, we have 2Re J(χ, χ) = 2a − b = A. The proof is now complete. 

5. Law of Quadratic Reciprocity In this section, we shall work with congruences in the ring of algebraic integers in C, and also with Gauss and Jacobi sums, to give two proofs of the law of quadratic reciprocity. Theorem 5.1. Let p and q be odd rational primes. Then we have p  q  = (−1)((p−1)/2)((q−1)/2). q p Proof. The first proof uses quadratic Gauss sums:   Let g = P t ζt and p∗ = (−1)(p−1)/2p. Then we have g2 = p∗, by t∈Fp p Corollary 4.7. Let q 6= p be another odd rational prime. Then we have p∗ gq−1 = (g2)(q−1)/2 = p∗(q−1)/2 ≡ mod q, q which gives p∗ gq ≡ g mod q. q We also have q   q X  t  X  t   q  gq = ζt ≡ ζqt = g = g mod q.  p  p q p t∈Fp t∈Fp Thus, we have  q  p∗ g ≡ g mod q. p q Multiplying both sides of the congruence equation by g, we have  q  p∗ p∗ ≡ p ∗ mod q, p q which implies  q  p∗ ≡ mod q, p q so  q  p∗ −1(p−1)/2 p p = = = (−1)((q−1)/2)((p−1)/2) . p q q q q The second proof uses Gauss and Jacobi sums: Let q be an odd rational prime not equal to p, and χ be the Legendre symbol  a  mod p (i.e. χ(a) = p . Then χ is a character of order 2 on Fp, and Corollary 4.12 implies g(χ)q+1 = χ(−1)pJ(χ, χ, ..., χ) = (−1)(p−1)/2pJ(χ, χ, ..., χ), 28 CHAOFAN CHEN where there are q components in the Jacobi sum. Since q + 1 is even and χ = χ, we also have g(χ)q+1 = (g(χ)2)(q+1)/2 = (g(χ)g(χ))(q+1)/2 = (χ(−1)p)(q+1)/2 = (−1)((p−1)/2)((q+1)/2)p(q+1)/2. Thus, we have (−1)((p−1)/2)((q−1)/2)p(q−1)/2 = J(χ, χ, ..., χ). X Now, J(χ, χ, ..., χ) = χ(t1)χ(t2)...χ(tq). If t = t1 = t2 = ... = tq, then

t1+t2+...+tq =1 −1 −1 q −1 we have t = q and χ(t1)χ(t2)...χ(tq) = χ(q ) = χ(q ) = χ(q). If not all the ti’s are equal, then there are q different q-tuples obtained from (t1, t2, ..., tq) by cyclic permutation, and the corresponding terms χ(t1)χ(t2)...χ(tq) of the sum all have the same value. Thus, we have (−1)((p−1)/2)((q−1)/2)p(q−1)/2 ≡ χ(q) mod q.

(q−1)/2  p   q  Since p ≡ q mod q and χ(q) = p , we have p  q  (−1)((p−1)/2)((q−1)/2) ≡ mod q, q p which gives p  q  (−1)((p−1)/2)((q−1)/2) = . q p 

6. Law of Cubic Reciprocity Set D = Z[ω]. Let π be a complex prime with N(π) = p ≡ 1 mod 3 for some rational prime p. Since D/πD is a finite field with N(π) = p elements, we have ∼ D/πD = Fp and we may identify the two fields. This identification allows us to consider the cubic residue character mod π, χπ, as a cubic character on Fp. Thus, we may work with the Gauss sums ga(χπ) and the Jacobi sum J(χπ, χπ). 3 If χ is any cubic character on Fp, we have proved g(χ) = pJ(χ, χ) and J(χ, χ) = a + bω for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3, which, since we have J(χ, χ)J(χ, χ) = |J(χ, χ)|2 = p, implies that J(χ, χ) is a primary prime in D of norm p. To prove the law of cubic reciprocity, we need the following lemma. Let p be a rational prime, and π be a primary prime with N(π) = p ≡ 1 mod 3. Then we have

Lemma 6.1. J(χπ, χπ) = π.

0 0 Proof. Let J(χπ, χπ) = π , where π is a primary prime in D of norm p. Since ππ = p = π0π0, we have π | π0 or π | π0. Since all the primes involved are primary, we must have π = π0 or π = π0. By the definition of Jacobi sums, we have

X X (p−1)/3 (p−1)/3 J(χπ, χπ) = χπ(x)χπ(1 − x) ≡ x (1 − x) mod π.

x∈Fp x∈Fp RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 29

Now, Proposition 2.9 implies

(p−1)/3 p−1 ! X X (p − 1)/3 X x(p−1)/3(1−x)(p−1)/3 = (−1)k x((p−1)/3)+k ≡ 0 mod p. k x∈Fp k=0 x=1 0 0 Thus, we have J(χπ, χπ) ≡ 0 mod π, i.e. π | π , so π = π .  3 Corollary 6.2. g(χπ) = pπ. 3 Proof. g(χπ) = pJ(χπ, χπ) = pπ.  We are now ready to prove the law of cubic reciprocity.

Theorem 6.3. Let π1, π2 ∈ D be primary primes with N(π1), N(π2) 6= 3 and

N(π1) 6= N(π2). Then we have χπ1 (π2) = χπ2 (π1).

Proof. We have shown that if q1 6= q2 are two rational primes congruent to 2 mod

3, then q1 and q2 are prime elements in D and we have χq1 (q2) = χq2 (q1) (Corollary 3.30). We shall now consider the case in which we have π1 = q ≡ 2 mod 3 and π2 = π with N(π) = p ≡ 1 mod 3, where p and q are rational primes. 3 q2−1 (q2−1)/3 Since g(χπ) = pπ, we have g(χπ) = (pπ) ≡ χq(pπ) mod q. Since χq(p) = 1 (Corollary 3.30), we have

q2 g(χπ) ≡ χq(π)g(χπ) mod q. On the other hand, we have !q2 q2 X t X q2 q2t X q2t g(χπ) = χπ(t)ζ ≡ χπ(t) ζ = χπ(t)ζ = gq2 (χπ) mod q, t t t 2 where we have used q ≡ 1 mod 3 and the fact that χπ is a cubic character. By −2 Proposition 4.4, we have gq2 (χπ) = χπ(q )g(χπ) = χπ(q)g(χπ). Combining these results, we have

χπ(q)g(χπ) ≡ χq(π)g(χπ) mod q.

Multiplying both sides of the congruence equation by g(χπ), we have

χπ(q)p ≡ χq(π)p mod q, where we have used g(χπ)g(χπ) = p. Thus, we have

χπ(q) ≡ χq(π) mod q, which implies

χπ(q) = χq(π).

It remains to consider the case in which we have two complex primes π1 and π2 with N(π1) = p1 ≡ 1 mod 3 and N(π2) = p2 ≡ 1 mod 3, where p1 and p2 are rational primes. Let γ1 = π1 and γ2 = π2. Then γ1 and γ2 are primary primes, and we have p1 = π1γ1 and p2 = π2γ2. 3 p2−1 (p2−1)/3 Since g(χγ1 ) = p1γ1, we have g(χγ1 ) = (p1γ1) , and consequently,

p2−1 g(χγ1 ) ≡ χπ2 (p1γ1) mod π2, or equivalently, p2 g(χγ1 ) ≡ χπ2 (p1γ1)g(χγ1 ) mod π2, 30 CHAOFAN CHEN

On the other hand, we have !p2 p2 X t X p2 p2t X p2t g(χγ1 ) = χγ1 (t)ζ ≡ χγ1 (t) ζ = χγ1 (t)ζ = gp2 (χγ1 ) mod π2, t t t where we have used p2 ≡ 1 mod 3 and the fact that χγ1 is a cubic character. By −1 2 Proposition 4.4, we have gp2 (χγ1 ) = χγ1 (p2 )g(χγ1 ) = χγ1 (p2)g(χγ1 ). Combining these results, we have 2 χγ1 (p2)g(χγ1 ) ≡ χπ2 (p1γ1)g(χγ1 ) mod π2.

Multiplying both sides of the congruence equation by g(χγ1 ), we have 2 χγ1 (p2)p1 ≡ χπ2 (p1γ1)p1 mod π2, where we have used g(χγ1 )g(χγ1 ) = p1. Thus, we have 2 χγ1 (p2) ≡ χπ2 (p1γ1) mod π2, which implies 2 χγ1 (p2) = χπ2 (p1γ1). 3 The same reasoning, beginning with g(χπ2 ) = p2π2, and then raising both sides of the equation to the power (p1 − 1)/3 and taking congruences mod π1, shows 2 χπ2 (p1) = χπ1 (p2π2). 2 2 2 2 2 We also need the relation χγ1 (p2) = χπ1 (p2) = χπ1 (p2) = χπ1 (p2) = χπ1 (p2), which follows from Proposition 3.29(e), (f). Since we have 2 χπ1 (π2)χπ2 (p1γ1) = χπ1 (π2)χγ1 (p2)

= χπ1 (π2)χπ1 (p2)

= χπ1 (p2π2) 2 = χπ2 (p1)

= χπ2 (p1π1γ1)

= χπ2 (π1)χπ2 (p1γ1) and χπ2 (p1γ1) 6= 0, we have the desired result.  7. Conclusion As we can see, the concepts of algebraic integers and of Gauss and Jacobi sums are extremely powerful; indeed, they can be used to solve a wide range of problems in number theory. Acknowledgments. It is a pleasure to thank my mentor, Daniel Le, for his guid- ance and support.

References [1] K. Ireland and M. Rosen. A Classical Introduction to Modern Number Theory. Second Edition. Springer-Verlag New York, Inc. 1972. 1982. 1990. [2] D. Dummit and R. Foote. Abstract Algebra. Third Edition. John Wiley and Sons, Inc. 2004. [3] S. Rankin. A finite subgroup of the multiplicative group of a field is cyclic. http://www.math.uwo.ca/~srankin/courses/4123/2011/finite_subgroup_field_cyclic.pdf.