Chapter 12 Quadratic Residues 12.1 Quadratic residues ∈ Z• Let n>1 be a given positive integer, and gcd(a, n)=1. We say that a n is a quadratic residue mod n if the congruence x2 ≡ a mod n is solvable. Otherwise, a is called a quadratic nonresidue mod n. 1. If a and b are quadratic residues mod n, so is their product ab. 2. If a is a quadratic residue, and b a quadratic nonresidue mod n, then ab is a quadratic nonresidue mod n. 3. The product of two quadratic nonresidues mod n is not necessarily a quadratic Z• { } residue mod n. For example, in 12 = 1, 5, 7, 11 , only 1 is a quadratic residue; 5, 7, and 11 ≡ 5 · 7 are all quadratic nonresidues. Proposition 12.1. Let p be an odd prime, and p a. The quadratic congruence ax2 + bx + c ≡ 0modp is solvable if and only if (2ax + b)2 ≡ b2 − 4ac mod p is solvable. Z• Theorem 12.2. Let p be an odd prime. Exactly one half of the elements of p are quadratic residues. 1 − Proof. Each quadratic residue modulo p is congruent to one of the following 2 (p 1) residues. p − 1 2 12, 22, ...,k2, ..., . 2 ≤ ≤ p−1 2 ≡ We show that these residue classes are all distinct. For 1 h<k 2 , h k2 mod p if and only if (k − h)(h + k) is divisible by p, this is impossible since each of k − h and h + k is smaller than p. Corollary 12.3. If p is an odd prime, the product of two quadratic nonresidues is a quadratic residue. 302 Quadratic Residues 12.2 The Legendre symbol Let p be an odd prime. For an integer a, we define the Legendre symbol a +1, if a is a quadratic residue mod p, := p −1, otherwise. ab a b Lemma 12.4. p = p p . Proof. This is equivalent to saying that modulo p, the product of two quadratic residues (respectively nonresidues) is a quadratic residue, and the product of a quadratic residue and a quadratic nonresidue is a quadratic nonresidue. − 1 − 1 − 2 (p 1) For an odd prime p, p =( 1) . This is a restatement of Theorem 12.6 that −1 is a quadratic residue mod p if and only if p ≡ 1mod4. Theorem 12.5 (Euler). Let p be an odd prime. For each integer a not divisible by p, a 1 − ≡ a 2 (p 1) mod p. p Proof. Suppose a is a quadratic nonresidue mod p. The mod p residues 1, 2,...,p− 1 are partitioned into pairs satisfying xy = a. In this case, 1 − (p − 1)! ≡ a 2 (p 1) mod p. On the other hand, if a is a quadratic residue, with a ≡ k2 ≡ (p − k)2 mod p, apart from 0, ±k, the remaining p − 3 elements of Zp can be partitioned into pairs satisfying xy = a. 1 − 1 − (p − 1)! ≡ k(p − k)a 2 (p 3) ≡−a 2 (p 1) mod p. Summarizing, we obtain a 1 − (p − 1)! ≡− a 2 (p 1) mod p. p Note that by putting a =1, we obtainWilson’s theorem: (p − 1)! ≡−1modp.By a comparison, we obtain a formula for p : a 1 − ≡ a 2 (p 1) mod p. p 12.3 −1 as a quadratic residue modp 303 12.3 −1 as a quadratic residue modp Theorem 12.6. Let p be an odd prime. −1 is a quadratic residue mod p if and only if p ≡ 1mod4. p−1 − Proof. If x2 ≡−1modp, then (−1) 2 ≡ xp 1 ≡ 1modp by Fermat’s little p−1 ≡ theorem. This means that 2 is even, and p 1mod4. ≡ p−1 Conversely, if p 1mod4, the integer 2 is even. By Wilson’s theorem, p−1 p−1 p−1 p − 1 2 2 2 (( )!)2 = j2 = j · (−j) ≡ j · (p − j)=(p − 1)! ≡−1modp. 2 i=1 i=1 i=1 2 ≡− ≡± p−1 The solutions of x 1modp are therefore x ( 2 )!. Here are the square roots of −1 mod p for the first 20 primes of the form 4k +1: √ √ √ √ √ p −1 p −1 p −1 p −1 p −1 5 ±2 13 ±5 17 ±4 29 ±12 37 ±6 41 ±9 53 ±23 61 ±11 73 ±27 89 ±34 97 ±22 101 ±10 109 ±33 113 ±15 137 ±37 149 ±44 157 ±28 173 ±80 181 ±19 193 ±81 Theorem 12.7. There are infinitely many primes of the form 4n +1. Proof. Suppose there are only finitely many primes p1, p2,...,pr of the form 4n+1. Consider the product 2 P =(2p1p2 ···pr) +1. Note that P ≡ 1mod4. Since P is greater than each of p1, p2, ..., pr, it cannot be prime, and so must have a prime factor p different from p1, p2, ..., pr. But then modulo p, −1 is a square. By Theorem 12.6, p must be of the form 4n +1,a contradiction. In the table below we list, for primes < 50, the quadratic residues and their square roots. It is understood that the square roots come in pairs. For example, the entry (2,7) for the prime 47 should be interpreted as saying that the two solutions of the congruence x2 ≡ 2mod47are x ≡±7mod47. Also, for primes of the form p =4n +1, since −1 is a quadratic residue modulo p, we only list quadratic p p residues smaller than 2 . Those greater than 2 can be found with the help of the square roots of −1. 304 Quadratic Residues Quadratic residues mod p and their square roots 3 (1, 1) 5 (−1, 2) (1, 1) 7 (1, 1) (2, 3) (4, 2) 11 (1, 1) (3, 5) (4, 2) (5, 4) (9, 3) 13 (−1, 5) (1, 1) (3, 4) (4, 2) 17 (−1, 4) (1, 1) (2, 6) (4, 2) (8, 5) 19 (1, 1) (4, 2) (5, 9) (6, 5) (7, 8) (9, 3) (11, 7) (16, 4) (17, 6) 23 (1, 1) (2, 5) (3, 7) (4, 2) (6, 11) (8, 10) (9, 3) (12, 9) (13, 6) (16, 4) (18, 8) 29 (−1, 12) (1, 1) (4, 2) (5, 11) (6, 8) (7, 6) (9, 3) (13, 10) 31 (1, 1) (2, 8) (4, 2) (5, 6) (7, 10) (8, 15) (9, 3) (10, 14) (14, 13) (16, 4) (18, 7) (19, 9) (20, 12) (25, 5) (28, 11) 37 (−1, 6) (1, 1) (3, 15) (4, 2) (7, 9) (9, 3) (10, 11) (11, 14) (12, 7) (16, 4) 41 (−1, 9) (1, 1) (2, 17) (4, 2) (5, 13) (8, 7) (9, 3) (10, 16) (16, 4) (18, 10) (20, 15) 43 (1, 1) (4, 2) (6, 7) (9, 3) (10, 15) (11, 21) (13, 20) (14, 10) (15, 12) (16, 4) (17, 19) (21, 8) (23, 18) (24, 14) (25, 5) (31, 17) (35, 11) (36, 6) (38, 9) (40, 13) (41, 16) 47 (1, 1) (2, 7) (3, 12) (4, 2) (6, 10) (7, 17) (8, 14) (9, 3) (12, 23) (14, 22) (16, 4) (17, 8) (18, 21) (21, 16) (24, 20) (25, 5) (27, 11) (28, 13) (32, 19) (34, 9) (36, 6) (37, 15) (42, 18) Chapter 13 The law of quadratic reciprocity 13.1 Gauss’ lemma Theorem 13.1 (Gauss’ Lemma). Let p be an odd prime, and a an integer not divis- a − μ ible by p. Then p =( 1) where μ is the number of residues among p − 1 a, 2a, 3a,......, a 2 p falling in the range 2 <x<p. Proof. Every residue modulo p has a unique representative with least absolute − p−1 ≤ ≤ p−1 value, namely, the one in the range 2 x 2 . The residues described in the statement of Gauss’ Lemma are precisely those whose representatives are negative. Now, among the representatives of the residues of p − 1 a, 2a, ··· a, 2 say, there are λ positive ones, r1,r2,...,rλ, and μ negative ones −s1, −s2,...,−sμ. p−1 p Here, λ + μ = 2 , and 0 <ri,sj < 2 . Note that no two of the r’s are equal; similarly for the s’s. Suppose that ri = sj for some indices i and j. This means ha ≡ ri mod p; ka ≡−sj mod p 1 − ≡ for some h, k in the range 0 <h,k< 2 (p 1). Note that (h + k)a 0modp. But this is a contradiction since h + k<p− 1 and p does not divide a. It follows that r1,r2,...,rλ,s1,s2,...,sμ 306 The law of quadratic reciprocity 1 − are a permutation of 1, 2,..., 2 (p 1). From this p − 1 p − 1 a · 2a ··· a =(−1)μ1 · 2 ··· , 2 2 1 − 2 (p 1) − μ a − μ and a =( 1) . By Theorem 12.5, p =( 1) . Example Let p =19and a =5. We consider the first 9 multiples of 5 mod 19. These are 5, 10, 15, 20 ≡ 1, 25 ≡ 6, 30 ≡ 11, 35 ≡ 16, 40 ≡ 2, 45 ≡ 7. 5 4 of these exceed 9, namely, 10, 15, 11, 16. It follows that 19 =1; 5 is a quadratic residue mod 19. 1 Theorem 13.2. 2 1 1 2− =(−1) 4 (p+1) =(−1) 8 (p 1). p Equivalently, 2 +1 if p ≡±1mod8, = p −1 if p ≡±3mod8. Proof. We need to see how many terms in the sequence p − 1 2 · 1, 2 · 2, 2 · 3, ..., 2 · 2 p are in the range 2 <x<p.Ifp =4k +1, these are the numbers 2k +2,...,4k, and there are k of them.