A First Course in Number Theory

3.4 Quadratic Residues

Letpbe an odd prime andaan integer not divisible byp. Thenais called a quadratic residue modulopif there exists an integerxsuch that

x²≡a (modp). (3.9)

3.4 Quadratic Residues 101 If this congruence has no solution, thenais called a quadratic nonresidue modulo p.Thus, an integer a is a quadratic residue modulop if and only if (a, p) = 1 andahas a square root modulo p. By Theorem 3.11, exactly half the congruence classes relatively prime tophave square roots modulo p.

We define the Legendre symbol for the odd primep as follows: For any integer a,

a p

=





1 if (a, p) = 1 andais a quadratic residue modulop,

−1 if (a, p) = 1 andais a quadratic nonresidue modulop, 0 ifpdividesa.

The solvability of congruence (3.9) depends only on the congruence class ofa (modp), that is,

a p

= b

p

ifa≡b (mod p),

and so the Legendre symbol is a well-defined function on the congruence classesZ/pZ.

We observe that if pis an odd prime, then, by Theorem 3.2, the only solutions of the congruencex²≡1 (mod p) arex≡ ±1 (mod p). More- over, ifε, ε∈ {−1,0,1}andε≡ε (modp), thenpdividesε−ε, and so ε=ε. In particular, if

a p

≡ε (modp), then a

p

=ε.

Theorem 3.12 Let pbe an odd prime. For every integera, a

p

≡a^(p−1)/2 (modp).

Proof. Ifpdividesa, then both sides of the congruence are 0. Ifpdoes not dividea, then, by Fermat’s theorem,

a^(p−1)/2

2

≡a^p−1≡1 (modp), and so

a^(p−1)/2≡ ±1 (modp).

Applying Theorem 3.11 withk= 2, we have a^(p−1)/2≡1 (modp) if and only if

a p

= 1, and so

a^(p−1)/2≡ −1 (modp) if and only if a

p

=−1.

This completes the proof.2

For example, 3 is a quadratic residue modulo the primes 11 and 13, and a quadratic nonresidue modulo the primes 17 and 19, because

3 11

≡3⁵≡1 (mod 11), 3

13

≡3⁶≡1 (mod 13), 3

17

≡3⁸≡ −1 (mod 17), 3

19

≡3⁹≡ −1 (mod 19).

The next result states that the Legendre symbol is a completely multi- plicative arithmetic function.

Theorem 3.13 Let pbe an odd prime, and let aandb be integers. Then ab

p

= a

p b p

.

Proof. Ifpdivides aorb, then pdividesab, and ab

p

= 0 = a

p b p

.

Ifpdoes not divideab, then, by Theorem 3.12, ab

p

≡ (ab)^(p−1)/2 (modp)

≡ a^(p−1)/2b^(p−1)/2 (modp)

≡ a

p b p

(modp).

The result follows immediately from the observation that each side of this congruence is±1.2

Theorem 3.13 implies that the Legendre symbol ·

p

is completely de- termined by its values at −1, 2, and odd primesq. If a is an integer not divisible by p, then we can write

a=±2^r0q^r₁¹q₂^r2· · ·q^r_k^k,

3.4 Quadratic Residues 103 whereq1, . . . , qk are distinct odd primes not equal top. Then

a p

= ±1

p 2 p

r0 q₁

p r1

· · · q_k

p rk

.

We shall first determine the set of primespfor which−1 is a quadratic residue. By the following result, this depends only on the congruence class ofpmodulo 4.

Theorem 3.14 Let pbe an odd prime number. Then −1

p

=

1 if p≡1 (mod 4),

−1 if p≡3 (mod 4).

Equivalently,

−1 p

= (−1)^(p−1)/2. Proof. We observe that

(−1)^(p−1)/2=

1 if p≡1 (mod 4),

−1 if p≡3 (mod 4).

Applying Theorem 3.12 witha=−1, we obtain −1

p

≡(−1)^(p−1)/2 (modp).

Again, the theorem follows immediately from the observation that both sides of this congruence are±1.2

Letpbe an odd prime, and letS be a set of (p−1)/2 integers. We call S a Gaussian set modulo p if S∪ −S = S∪ {−s : s ∈ S} is a reduced system of residues modulop. Equivalently,S is a Gaussian set if for every integer anot divisible by p, there exists ∈S and ε ∈ {1,−1} such that a ≡ εs (modp). Moreover, s and ε are uniquely determined by a. For example, the sets{1,2, . . . ,(p−1)/2} and{2,4,6, . . . , p−1}are Gaussian sets modulopfor every odd primep. If S is a Gaussian set,s, s ∈S, and s≡ ±s (modp), thens=s.

Theorem 3.15 (Gauss’s lemma) Let pbe an odd prime, and a an in- teger not divisible byp. LetS be a Gaussian set modulop. For everys∈S there exist unique integers ua(s)∈S andεa(s)∈ {1,−1} such that

as≡ε_a(s)u_a(s) (mod p).

Moreover,

a p

=

s∈S

ε_a(s) = (−1)^m, wherem is the number of s∈S such that εa(s) =−1.

Proof. Since S is a Gaussian set, for every s ∈ S there exist unique integersua(s)∈S andεa(s)∈ {1,−1}such that

as≡εa(s)ua(s) (mod p).

Lets, s∈S. Ifua(s) =ua(s), then

as ≡ εa(s)ua(s)≡εa(s)ua(s) (mod p)

≡ εa(s)εa(s)εa(s)ua(s) (mod p)

≡ ±as (modp).

Dividing bya, we obtain

s ≡ ±s (mod p),

and so s =s. It follows that the mapu_a :S →S is a permutation ofS,

and so

s∈S

s=

s∈S

u_a(s).

Therefore,

a^(p−1)/2

s∈S

s ≡

s∈S

as (modp)

≡

s∈S

ε_a(s)u_a(s) (modp)

≡

s∈S

ε_a(s)

s∈S

u_a(s) (modp)

≡

s∈S

εa(s)

s∈S

s (mod p).

Dividing by

s∈Ss, we obtain a

p

≡a^(p−1)/2≡

s∈S

ε_a(s) (mod p).

The proof is completed by the observation that the right and left sides of this congruence are ±1.2

We shall use Gauss’s lemma to compute the Legendre symbol₃

11

. Let S be the Gaussian set{2,4,6,8,10}. We have

3·2 ≡ 6 (mod 11), 3·4 ≡ (−1)10 (mod 11), 3·6 ≡ (−1)4 (mod 11), 3·8 ≡ 2 (mod 11), 3·10 ≡ 8 (mod 11).

3.4 Quadratic Residues 105 The number ofs∈S withε3(s) =−1 ism= 2, and so₃

11

= (−1)²= 1, that is, 3 is a quadratic residue modulo 11. Indeed,

5²≡6²≡3 (mod 11), and so 5 and 6 are the square roots of 3 modulo 11.

Theorem 3.16 Let pbe an odd prime. Then 2

p

=

1 ifp≡ ±1 (mod 8),

−1 ifp≡ ±3 (mod 8).

Equivalently,

2 p

= (−1)^(p2−1)/8.

Proof. We apply Gauss’s lemma (Theorem 3.15) to the Gaussian set S={1,2,3, . . . ,(p−1)/2}. Then

{2s:s∈S}={2,4,6, . . . , p−1},

and

2 p

= (−1)^m,

wheremis the number of integerss∈S such thatε2(s) =−1. If 1≤2s≤ (p−1)/2, then 2s∈ S, and so u2(s) = 2s and ε2(s) = 1. If (p+ 1)/2 ≤ 2s≤p−1, then 1≤p−2s≤(p−1)/2, and sop−2s∈S. Since

2s≡ −(p−2s) (mod p),

it follows thatu₂(s) =p−2sandε₂(s) =−1. Therefore,mis the number of integers s∈S such that (p+ 1)/2≤2s≤p−1, or, equivalently,

p+ 1

4 ≤s≤p−1

2 . (3.10)

Since every odd primepis congruent to 1, 3, 5, or 7 modulo 8, there are four cases to consider.

(i) If p≡1 (mod 8), thenp= 8k+ 1, ands∈S satisfies (3.10) if and only if

2k+1

2 ≤s≤4k, and som= 2k and

2 p

= (−1)^2k= 1.

(ii) If p≡3 (mod 8), thenp= 8k+ 3, ands∈S satisfies (3.10) if and only if

2k+ 1≤s≤4k+ 1, and som= 2k+ 1 and

2 p

= (−1)^2k+1=−1.

(iii) Ifp≡5 (mod 8), thenp= 8k+ 5, ands∈S satisfies (3.10) if and only if

2k+ 1 + 1

2 ≤s≤4k+ 2, and som= 2k+ 1 and

2 p

= (−1)^2k+1=−1.

(iv) If p≡7 (mod 8), thenp= 8k+ 7, ands∈S satisfies (3.10) if and only if

2k+ 2≤s≤4k+ 3, and som= 2k+ 2 and

2 p

= (−1)^2k+2= 1.

Finally, we observe that p²−1

8 ≡0 (mod 2) ifp≡1 or 7 (mod 8) and

p²−1

8 ≡1 (mod 2) ifp≡3 or 7 (mod 8).

This completes the proof.2

Exercises

1. Find all solutions of the congruences x² ≡2 (mod 47) andx²≡2 (mod 53).

2. Prove that S = {3,4,5,9,10} is a Gaussian set modulo 11. Apply Gauss’s lemma to this set to compute the Legendre symbols ₃

11

and₇

11

3. Let pbe an odd prime. Prove that{2,4,6, . . . , p−1} is a Gaussian set modulop.

4. Use Theorem 3.14 and Theorem 3.16 to find all primes pfor which

−2 is a quadratic residue.

5. Use Gauss’s lemma to find all primes pfor which−2 is a quadratic residue.

6. Use Gauss’s lemma to find all primes p for which 3 is a quadratic residue.

7. Find all primespfor which 4 is a quadratic residue.

3.4 Quadratic Residues 107 8. Let pbe an odd prime. Prove that the Legendre symbol is a homo- morphism from the multiplicative group (Z/pZ)^× into {±1}. What is the kernel of this homomorphism?

9. For every odd prime p, define theMersenne number Mp= 2^p−1.

A prime number of the form M_p is called a Mersenne prime (see Exercise 5 in Section 1.5).

Letqbe a prime divisor ofMp.

(a) Prove that 2 has orderpmoduloq, and sopdivides q−1.

Hint:Fermat’s theorem.

(b) Prove thatpdivides (q−1)/2, and so q≡1 (mod 2p) and

2^(q−1)/2≡1 (modq).

Hint:Bothpandqare odd.

(c) Prove that 2

q

= 1, and soq≡ ±1 (mod 8).

10. For every positive integern, define theFermat number F_n= 2²ⁿ+ 1.

A prime number of the formFn is called a Fermat prime(see Exer- cise 7 in Section 1.5).

Letn≥2, and letq be a prime divisor ofF_n. (a) Prove that 2 has order 2ⁿ⁺¹ moduloq.

Hint:Exercise 8 in Section 2.5.

(b) Prove that

q≡1 (mod 2ⁿ⁺¹).

(c) Prove that there exists an integerasuch that a²ⁿ⁺¹ ≡ −1 (mod q).

Hint:Observe that 2

q

= 1, and so 2≡a² (mod q).

(d) Prove that

q≡1 (mod 2ⁿ⁺²).

Remark.By Exercise 7 in Section 1.5, the Fermat numberF5 is di- visible by the prime 641, and 641≡1 (mod 2⁷).

11. Abinary quadratic formis a polynomial

f(x, y) =ax²+bxy+cy², where a, b, care integers.

Thediscriminant of this form is the integerd=b²−4ac. Show that 4af(x, y) = (2ax+by)²−dy².

12. Let p be an odd prime, and let f(x, y) = ax² +bxy +cy² be a binary quadratic form with a ≡ 0 (modp). We say that f(x, y) has a nontrivial solution modulo p if there exist integers x and y not both divisible bypsuch that f(x, y)≡0 (mod p). Prove that f(x, y) has a nontrivial solution modulopif and only if eitherd≡0 (modp) or dis a quadratic residue modulop.

13. Prove that the binary quadratic form

f(x, y) = 2x²−15xy+ 27y²

has a nontrivial solution modulopfor all primesp. Find a nontrivial solution of the congruence

f(x, y)≡0 (mod 11).

14. Letpandqbe distinct odd prime numbers. Prove that

x1 +···+xq≡q (modp) 1≤xi≤p−1

x1· · ·xq

p

≡1 (modq),

where the sum is over all orderedq-tuples of integers (x₁, . . . , x_q) such thatx1+· · ·+xq≡q (mod p) and 1≤xi≤p−1 fori= 1, . . . , q.

Hint: If qx ≡ q (modp), then x ≡ 1 (mod p). If the q-tuple (x1, . . . , xq) contains k distinct integers y1, . . . , yk such that integer yj appears uj times in theq-tuple, so that k

j=1ujyj≡q (modp) and_k

j=1u_j=q,then the number of permutations of thisq-tuple is the multinomial coefficient

q u1!···uk!

. Show that q

u1!· · ·uk!

≡0 (modq).