Lecture 18: Legendre Symbols and Euler's Criterion

Summary

In today's class we began by talking about quadratic residues once again. We noticed that we could list the quadratic residues by squaring the first $\frac{p-1}{2}$ residues mod p, and that there were an equal number of quadratic residues and nonresidues. We then introduced the Legendre symbol $\left(\frac{a}{p}\right)$ as the "square indicator function modulo p". Finally we discussed Euler's Criterion for evaluating the Legendre symbol $\left(\frac{a}{p}\right)$ and a few of its consequences.

Quadratic Residues

Just to get a feel for quadratic residues, let's compute the quadratic residues mod 17

n n2
1 1
2 4
3 9
4 $16 \equiv -1$
5 $25 \equiv 8$
6 $36 \equiv 2$
7 $49 \equiv -2$
8 $64 \equiv 13 \equiv -4$
9 $(-8)^2 \equiv -4$
10 $(-7)^2 \equiv -2$
11 $(-6)^2 \equiv 2$
12 $(-5)^2 \equiv 8$
13 $(-4)^2 \equiv -1$
14 $(-3)^2 \equiv 9$
15 $(-2)^2 \equiv 4$
16 $(-1)^2 \equiv 1$

This means that the quadratic residues mod 17 are

  • 1, 2, 4, 8, 9, 13, 15, 16

and the quadratic nonresidues mod 17 are

  • 3, 5, 6, 7, 10, 11, 12, 14

From this example we noticed two things: first that the quadratic residues are given by the squares of the first $\frac{p-1}{2}$ residue classes, and second that the number of quadratic residues is the same as the number of quadratic non-residues. Let's try to prove these observations.

Lemma: The residue classes of $1^2, 2^2, 3^2,\cdots, \left(\frac{p-1}{2}\right)^2$ are distinct and give a complete list of the quadratic residues modulo p.

Proof: First, notice that for any $1 \leq i \leq \frac{p-1}{2}$, the number $i^2$ is a quadratic residue modulo p: indeed, we can "see" that this is a square, and moreover cannot be divisible by p (since the number i isn't divisible by p). Hence the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are all quadratic residues.

Moreover we know that for any $\frac{p+1}{2} \leq j \leq p-1$, the number $j^2$ must occur in the list $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$. This is true because the number $p-j$ must have residue which sits in the list $1,2,\cdots, \frac{p-1}{2}$, and of course we know that

(1)
\begin{align} j^2 \equiv (-j)^2 \equiv (p-j)^2 \mod{p}. \end{align}

So we only have to prove that all the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are distinct. So let i and j be distinct residues between 1 and $\frac{p-1}{2}$, and suppose that $i^2 \equiv j^2 \mod{p}$. We'll derive a contradiction from this assumption. Notice first that the given congruence implies $p \mid i^2-j^2 = (i-j)(i+j)$. Now Euclid's Lemma says that either $p \mid i-j$ or $p \mid i+j$. The former implies that $i \equiv j \mod{p}$, a possibility we've already ruled out by assuming i and j are distinct residues. Hence we must be in the case $p \mid i+j$. But notice that if i and j are taken as least non-negative residues, then we have

(2)
\begin{align} 3 \leq i+j \leq \frac{p-3}{2}+\frac{p-1}{2} = p-2. \end{align}

But if $i+j$ satisfy these inequalities, then it is impossible for $p \mid i+j$. This is a contradiction, and so we conclude that $i^2 \equiv j^2 \mod{p}$ is impossible. $\square$

As a consequence of this result, we verify our second observation.

Corollary: There are precisely $\frac{p-1}{2}$ distinct quadratic residues and $\frac{p-1}{2}$ distinct quadratic nonresidues.

Proof: The previous lemma says that the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are distinct and give a complete list of the quadratic residues. Since there are $\frac{p-1}{2}$ numbers in this list, this means that there are $\frac{p-1}{2}$ quadratic residues.

How many quadratic nonresidues does this leave us with? There are p-1 nonzero residues modulo p, and $\frac{p-1}{2}$ are quadratic residues. This means the remaining

(3)
\begin{align} p-1-\left(\frac{p-1}{2}\right) = \frac{p-1}{2} \end{align}

are quadratic nonresidues. $\square$

The Legendre Symbol

For the rest of this chapter, we're going to focus on the problem of giving good criteria to determine when a given nonzero residue class a is a square modulo p. Notice that right now, if I asked whether a given integer a is a square modulo p, the only way you could answer this question is by computing all the quadratic residues modulo p (i.e., by computing $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$) and seeing if a wound up on the list. This isn't a very efficient means for determining whether a is a residue or not.

We start by defining a "square indicator" function.

Definition: For an odd prime p and $p \nmid a$, the Legendre symbol $\left(\frac{a}{p}\right)$ is defined as

$\displaystyle \left(\frac{a}{p}\right) = \left\{\begin{array}{rl}1,&\mbox{ if } x^2 \equiv a \mod{p} \mbox{ has a solution,}\\-1 ,&\mbox{ if } x^2 \equiv a \mod{p} \mbox{ has no solutions.}\end{array}\right.$

WARNING: This notation could easily be confusing, as it looks as if the Legendre symbol has something to do with the fraction $\frac{a}{p}$. Hopefully in practice you won't be confused, since context will often tell you whether $\left(\frac{a}{p}\right)$ means the rational number "a divided by p" or the Legendre symbol "is a a square modulo p?" If you are ever confused, though, please ask so you can get things clarified sooner (rather than later).

Example: Legendre symbols modulo 17

We know that

(4)
\begin{align} \left(\frac{2}{17}\right) = \left(\frac{-1}{17}\right) = \left(\frac{8}{17}\right) = 1 \end{align}

whereas

(5)
\begin{align} \left(\frac{3}{17}\right) = \left(\frac{10}{17}\right) = \left(\frac{11}{17}\right) = -1 \end{align}

since we already computed the quadratic residues (and nonresidues) mod 17. $\square$

It might seem that defining this Legendre symbol doesn't buy us anything, but we'll see that capturing the question "is this number a square mod p?" in the form of a function will have some real benefits.

Euler's Criterion

To begin, though, we note that there are different ways for computing $\left(\frac{a}{p}\right)$ than simply computing all the quadratic residues mod p. The first real theorem in this direction is the following

Theorem (Euler's Criterion): For p an odd prime and $p \nmid a$ we have

$\displaystyle \left(\frac{a}{p}\right) \equiv a^{\frac{p-1}{2}} \mod{p}$

This theorem tells us that if we can compute the residue of $a^{\frac{p-1}{2}}\mod{p}$, then we can determine whether or not a is a square. Before we prove Euler's Criterion, though, let's see some consequences of this important result.

Is -1 a square?

Corollary: For an odd prime p, we have

$\left(\frac{-1}{p}\right) = \left\{\begin{array}{rl}1,&\mbox{ if } p \equiv 1 \mod{4}\\-1,& \mbox{ if }p \equiv 3 \mod{4}.\end{array}\right.$

Proof: Euler's criterion tells us that

(6)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} \mod{p}. \end{align}

Hence to prove the corollary, we just need to show that $\frac{p-1}{2}$ is even whenever $p\equiv 1 \mod{4}$ and that $\frac{p-1}{2}$ is odd whenever $p \equiv 3 \mod{4}$. So let's try it out.

Suppose that $p \equiv 1 \mod{4}$. This means that $p = 4k+1$ for some integer k. Hence we have

(7)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} = (-1)^{\frac{4k+1-1}{2}} = (-1)^{\frac{4k}{2}} = (-1)^{2k} = 1 \mod{p}. \end{align}

But since the Legendre symbol is either 1 or -1, this congruence implies equality as integers.

On the other hand, suppose that $p \equiv 3 \mod{4}$. Then we have $p = 4k+3$ for some integer k, and we get

(8)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} = (-1)^{\frac{4k+3-1}{2}} = (-1)^{\frac{4k+2}{2}} = (-1)^{2k+1} = -1 \mod{p}. \end{align}

Again, since the Legendre symbol is either 1 or -1, this congruence tells us that we actually have an equality of integers. $\square$

Remark: One of the questions that came up in class is: why are we looking at the congruence class of p modulo 4, instead of the congruence class of p modulo some other number (like 2 or 8). The reason is that the information about the parity of $\frac{p-1}{2}$ is captured in the congruence of p modulo 4; if instead we only knew the congruence of p mod 2, say, then we wouldn't have enough information to determine whether $\left{p-1}{2}$ was even or odd. This, in turn, would keep us from applying Euler's Criterion to evaluate $\left(\frac{-1}{p}\right)$. On the other hand, we could express all these things as congruence statements modulo 8, but we choose not to since they are already captured by congruence conditions modulo 4.

Example: Is -1 a square modulo 503?

Suppose you want to know whether -1 is a square modulo 503. Without Euler's Criterion, we'd be stuck computing 251 quadratic residues, trying to see if -1 showed up amongst them. But without our new condition, we simply note that $503 \equiv 3 \mod{4}$, and this tells us automatically that $\left(\frac{-1}{503}\right) = -1$. Hence -1 is not a square modulo 503. Easy! $\square$

Multiplicative behavior of the Legendre Symbol

Another bonus of Euler's Criterion is that it gives us a kind of "multiplicativity" for the Legendre symbol.

Lemma: For p and odd prime and $p \nmid a,b$, we have

  1. $\left(\frac{a^2}{p}\right) = 1$;
  2. if $a \equiv b \mod{p}$, then $\left(\frac{a}{p}\right) = \left(\frac{b}{p}\right)$; and
  3. $\left(\frac{ab}{p}\right) = \left(\frac{a}{p}\right)\left(\frac{b}{p}\right)$.

Proof: The first two statements aren't hard to prove. The first just says that if you can visibly see that the top part of the Legendre symbol is a square, then you can immediately conclude that — well — it's a square. The second just says that the Legendre symbol is only defined for the congruence class of a given integer a; but of course we know this, because if $a \equiv b \mod{p}$ then the equation $x^2 \equiv a \mod{p}$ has solutions if and only if $x^2 \equiv b \mod{p}$ does.

So we have left to prove the last fact. For this, we'll use Euler's criterion twice (marked using $\star$ in the equation below):

(9)
\begin{align} \left(\frac{ab}{p}\right) \stackrel{\star}{\equiv} (ab)^{\frac{p-1}{2}} = a^{\frac{p-1}{2}}b^{\frac{p-1}{2}} \stackrel{\star}{\equiv} \left(\frac{a}{p}\right)\left(\frac{b}{p}\right) \mod{p}. \end{align}

Notice that since the Legendre symbol is either 1 or -1, this congruence is enough to give us a bona fide equality of integers. $\square$

Example: Computing the Legendre symbol of a random numbers

Suppose, as usual, that p is an odd prime and that $p \nmid a$. Let's write a as its prime factorization: $a = \pm 2^e p_1^{e_1}\cdots p_k^{e_k}$. Then the previous lemma tells us that

(10)
\begin{align} \left(\frac{a}{p}\right) = \left(\frac{\pm 2^ep_1^{e_1}\cdots p_k^{e_k}}{p}\right) = \left(\frac{\pm 1}{p}\right)\left(\frac{2}{p}\right)^{e}\left(\frac{p_1}{p}\right)^{e_1}\cdots \left(\frac{p_k}{p}\right)^{e_k}. \end{align}

This means that if we want to know whether any given number a is a square mod p, it's enough for us to know whether -1 is a square mod p, and also to know which other primes q are squares mod p. $\square$

Proving Euler's Criterion

Now that we've seen some applications of Euler's Criterion, let's prove it. To do this, we'll break things down into 2 cases.

Case 1: a is a quadratic residue In this case, we have $\left(\frac{a}{p}\right) = 1$, and also that there is a solution to the equation $x^2 \equiv a \mod{p}$. Let $x_0$ be such a solution. Then we get

(11)
\begin{align} a^{\frac{p-1}{2}} = (x_0^2)^{\frac{p-1}{2}} = x_0^{p-1} \equiv 1 \mod{p} \end{align}

with the last equality coming from Fermat's Little Theorem. But we also know that $1 = \left(\frac{a}{p}\right)$, so the previous equation tells us that

(12)
\begin{align} a^{\frac{p-1}{2}} \equiv \left(\frac{a}{p}\right) \mod{p} \end{align}

in this case.

Case 2: a is not a quadratic residue In this case, we know that $\left(\frac{a}{p}\right) = -1$, and we also know that there is no solution to $x^2 \equiv a \mod{p}$. Now we claim that in this case we can pair up the residues between 1 and p-1 so that each pair has product a. To see that this is true, let m be any number between 1 and p-1. Now the equation $mx \equiv a \mod{p}$ has precisely one solution, since $(m,p) = 1$. Hence for each number between 1 and p-1, there is a unique "partner" n between 1 and p-1 so that $mn = a \mod{p}$. Notice that $m \not \equiv n$ since this would imply that $m^2 \equiv a \mod{p}$, impossible since we're in the quadratic nonresidue case.

Now let's compute $\prod_{i=1}^{p-1}i$ in two ways. On the one hand, we know that

(13)
\begin{align} \prod_{i=1}^{p-1} = 1\cdot 2 \cdot 3 \cdots (p-1) = (p-1)! \equiv -1 \mod{p} \end{align}

because of Wilson's Theorem. On the other hand, since we can split the set $\{1,2,\cdots, p-1\}$ into $\frac{p-1}{2}$ pairs, each with product a, we get

(14)
\begin{align} \prod_{i=1}^{p-1} = \prod_{\textrm{\tiny{pairs }}m_in_i} m_in_i = \prod_{\textrm{\tiny{pairs}}} a = a^{\frac{p-1}{2}}. \end{align}

Hence we get $a^{\frac{p-1}{2} \equiv -1 \mod{p}$, and since $\left(\frac{a}{p}\right) = -1$ in this case, we have

(15)
\begin{align} a^{\frac{p-1}{2}} \equiv \left(\frac{a}{p}\right) \mod{p}. \end{align}

$\square$

Example: Computing quadratic residue-ness through exponents

Let's see Euler's Criterion in action by determining whether 2 is a square modulo 19. For this, Euler's Criterion says that

(16)
\begin{align} 2^{\frac{19-1}{2}} \equiv \left(\frac{2}{19}\right) \mod{19}. \end{align}

Now the left hand side is clearly $2^9 \mod{19}$, so we'll compute this power. For this, we'll use successive squaring. We have

(17)
\begin{split} 2^1 &\equiv 1\\ 2^2 &\equiv 4\\ 2^4 &\equiv 4^2 \equiv 16\\ 2^8 \equiv (16)^2 \equiv (-3)^2 \equiv 9. \end{split}

Hence we have

(18)
\begin{align} \left(\frac{2}{19}\right) \equiv 2^9 \equiv 2 \cdot 2^8 \equiv 2 \cdot 9 \equiv 18 \equiv -1 \mod{19}. \end{align}

Hence we have $\left(\frac{2}{19}\right) =-1$, and so we know that 2 is not a square mod 19. $\square$

A Final Note

To finish class I mentioned the following

Theorem: For an odd prime p, we have

$\displaystyle \left(\frac{2}{p}\right) = \left\{\begin{array}{rl}1, &\mbox{ if }p \equiv 1 \mbox{ or }p \equiv 7 \mod{8},\\-1, &\mbox{ if }p \equiv 3\mbox{ or }p \equiv 5 \mod{8}.\end{array}\right.$

We'll cover the proof next time in class, but I point it out because it will be a useful tool for answering questions on the homework. Here's a typical example of a problem that involves this result.

Example: Is -2 a square modulo 503?

Suppose you want to know whether -2 is a square mod 503, but you don't feel like writing out all 251 quadratic residues to answer the question. Instead, you'll use the fact that

(19)
\begin{align} \left(\frac{-2}{503}\right) = \left(\frac{-1}{503}\right)\left(\frac{2}{503}\right). \end{align}

To calculate the first factor, you first notice that $503 \equiv 3 \mod{4}$. This means that

(20)
\begin{align} \left(\frac{-1}{503}\right) = -1 \end{align}

according to our congruence condition of primes for which -1 is a square. Now you also can compute that $503 \equiv 7 \mod{8}$, and according to the previous lemma this tells you that

(21)
\begin{align} \left(\frac{2}{503}\right) = 1. \end{align}

Putting these two factors together and substituting back into Equation (19), we have

(22)
\begin{align} \left(\frac{-2}{503}\right) = \left(\frac{-1}{503}\right)\left(\frac{2}{503}\right) = (-1)(1) = -1. \end{align}

Therefore we see that -2 is not a square modulo 503. $\square$

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License