Lecture 18: Legendre Symbols and Euler's Criterion

# Summary

In today's class we began by talking about quadratic residues once again. We noticed that we could list the quadratic residues by squaring the first $\frac{p-1}{2}$ residues mod p, and that there were an equal number of quadratic residues and nonresidues. We then introduced the Legendre symbol $\left(\frac{a}{p}\right)$ as the "square indicator function modulo p". Finally we discussed Euler's Criterion for evaluating the Legendre symbol $\left(\frac{a}{p}\right)$ and a few of its consequences.

Just to get a feel for quadratic residues, let's compute the quadratic residues mod 17

n n2
1 1
2 4
3 9
4 $16 \equiv -1$
5 $25 \equiv 8$
6 $36 \equiv 2$
7 $49 \equiv -2$
8 $64 \equiv 13 \equiv -4$
9 $(-8)^2 \equiv -4$
10 $(-7)^2 \equiv -2$
11 $(-6)^2 \equiv 2$
12 $(-5)^2 \equiv 8$
13 $(-4)^2 \equiv -1$
14 $(-3)^2 \equiv 9$
15 $(-2)^2 \equiv 4$
16 $(-1)^2 \equiv 1$

This means that the quadratic residues mod 17 are

• 1, 2, 4, 8, 9, 13, 15, 16

and the quadratic nonresidues mod 17 are

• 3, 5, 6, 7, 10, 11, 12, 14

From this example we noticed two things: first that the quadratic residues are given by the squares of the first $\frac{p-1}{2}$ residue classes, and second that the number of quadratic residues is the same as the number of quadratic non-residues. Let's try to prove these observations.

Lemma: The residue classes of $1^2, 2^2, 3^2,\cdots, \left(\frac{p-1}{2}\right)^2$ are distinct and give a complete list of the quadratic residues modulo p.

Proof: First, notice that for any $1 \leq i \leq \frac{p-1}{2}$, the number $i^2$ is a quadratic residue modulo p: indeed, we can "see" that this is a square, and moreover cannot be divisible by p (since the number i isn't divisible by p). Hence the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are all quadratic residues.

Moreover we know that for any $\frac{p+1}{2} \leq j \leq p-1$, the number $j^2$ must occur in the list $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$. This is true because the number $p-j$ must have residue which sits in the list $1,2,\cdots, \frac{p-1}{2}$, and of course we know that

(1)
\begin{align} j^2 \equiv (-j)^2 \equiv (p-j)^2 \mod{p}. \end{align}

So we only have to prove that all the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are distinct. So let i and j be distinct residues between 1 and $\frac{p-1}{2}$, and suppose that $i^2 \equiv j^2 \mod{p}$. We'll derive a contradiction from this assumption. Notice first that the given congruence implies $p \mid i^2-j^2 = (i-j)(i+j)$. Now Euclid's Lemma says that either $p \mid i-j$ or $p \mid i+j$. The former implies that $i \equiv j \mod{p}$, a possibility we've already ruled out by assuming i and j are distinct residues. Hence we must be in the case $p \mid i+j$. But notice that if i and j are taken as least non-negative residues, then we have

(2)
\begin{align} 3 \leq i+j \leq \frac{p-3}{2}+\frac{p-1}{2} = p-2. \end{align}

But if $i+j$ satisfy these inequalities, then it is impossible for $p \mid i+j$. This is a contradiction, and so we conclude that $i^2 \equiv j^2 \mod{p}$ is impossible. $\square$

As a consequence of this result, we verify our second observation.

Corollary: There are precisely $\frac{p-1}{2}$ distinct quadratic residues and $\frac{p-1}{2}$ distinct quadratic nonresidues.

Proof: The previous lemma says that the numbers $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$ are distinct and give a complete list of the quadratic residues. Since there are $\frac{p-1}{2}$ numbers in this list, this means that there are $\frac{p-1}{2}$ quadratic residues.

How many quadratic nonresidues does this leave us with? There are p-1 nonzero residues modulo p, and $\frac{p-1}{2}$ are quadratic residues. This means the remaining

(3)
\begin{align} p-1-\left(\frac{p-1}{2}\right) = \frac{p-1}{2} \end{align}

are quadratic nonresidues. $\square$

# The Legendre Symbol

For the rest of this chapter, we're going to focus on the problem of giving good criteria to determine when a given nonzero residue class a is a square modulo p. Notice that right now, if I asked whether a given integer a is a square modulo p, the only way you could answer this question is by computing all the quadratic residues modulo p (i.e., by computing $1^2, 2^2, \cdots, \left(\frac{p-1}{2}\right)^2$) and seeing if a wound up on the list. This isn't a very efficient means for determining whether a is a residue or not.

We start by defining a "square indicator" function.

Definition: For an odd prime p and $p \nmid a$, the Legendre symbol $\left(\frac{a}{p}\right)$ is defined as

$\displaystyle \left(\frac{a}{p}\right) = \left\{\begin{array}{rl}1,&\mbox{ if } x^2 \equiv a \mod{p} \mbox{ has a solution,}\\-1 ,&\mbox{ if } x^2 \equiv a \mod{p} \mbox{ has no solutions.}\end{array}\right.$

WARNING: This notation could easily be confusing, as it looks as if the Legendre symbol has something to do with the fraction $\frac{a}{p}$. Hopefully in practice you won't be confused, since context will often tell you whether $\left(\frac{a}{p}\right)$ means the rational number "a divided by p" or the Legendre symbol "is a a square modulo p?" If you are ever confused, though, please ask so you can get things clarified sooner (rather than later).

#### Example: Legendre symbols modulo 17

We know that

(4)
\begin{align} \left(\frac{2}{17}\right) = \left(\frac{-1}{17}\right) = \left(\frac{8}{17}\right) = 1 \end{align}

whereas

(5)
\begin{align} \left(\frac{3}{17}\right) = \left(\frac{10}{17}\right) = \left(\frac{11}{17}\right) = -1 \end{align}

since we already computed the quadratic residues (and nonresidues) mod 17. $\square$

It might seem that defining this Legendre symbol doesn't buy us anything, but we'll see that capturing the question "is this number a square mod p?" in the form of a function will have some real benefits.

## Euler's Criterion

To begin, though, we note that there are different ways for computing $\left(\frac{a}{p}\right)$ than simply computing all the quadratic residues mod p. The first real theorem in this direction is the following

Theorem (Euler's Criterion): For p an odd prime and $p \nmid a$ we have

$\displaystyle \left(\frac{a}{p}\right) \equiv a^{\frac{p-1}{2}} \mod{p}$

This theorem tells us that if we can compute the residue of $a^{\frac{p-1}{2}}\mod{p}$, then we can determine whether or not a is a square. Before we prove Euler's Criterion, though, let's see some consequences of this important result.

## Is -1 a square?

Corollary: For an odd prime p, we have

$\left(\frac{-1}{p}\right) = \left\{\begin{array}{rl}1,&\mbox{ if } p \equiv 1 \mod{4}\\-1,& \mbox{ if }p \equiv 3 \mod{4}.\end{array}\right.$

Proof: Euler's criterion tells us that

(6)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} \mod{p}. \end{align}

Hence to prove the corollary, we just need to show that $\frac{p-1}{2}$ is even whenever $p\equiv 1 \mod{4}$ and that $\frac{p-1}{2}$ is odd whenever $p \equiv 3 \mod{4}$. So let's try it out.

Suppose that $p \equiv 1 \mod{4}$. This means that $p = 4k+1$ for some integer k. Hence we have

(7)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} = (-1)^{\frac{4k+1-1}{2}} = (-1)^{\frac{4k}{2}} = (-1)^{2k} = 1 \mod{p}. \end{align}

But since the Legendre symbol is either 1 or -1, this congruence implies equality as integers.

On the other hand, suppose that $p \equiv 3 \mod{4}$. Then we have $p = 4k+3$ for some integer k, and we get

(8)
\begin{align} \left(\frac{-1}{p}\right) \equiv (-1)^{\frac{p-1}{2}} = (-1)^{\frac{4k+3-1}{2}} = (-1)^{\frac{4k+2}{2}} = (-1)^{2k+1} = -1 \mod{p}. \end{align}

Again, since the Legendre symbol is either 1 or -1, this congruence tells us that we actually have an equality of integers. $\square$

Remark: One of the questions that came up in class is: why are we looking at the congruence class of p modulo 4, instead of the congruence class of p modulo some other number (like 2 or 8). The reason is that the information about the parity of $\frac{p-1}{2}$ is captured in the congruence of p modulo 4; if instead we only knew the congruence of p mod 2, say, then we wouldn't have enough information to determine whether $\left{p-1}{2}$ was even or odd. This, in turn, would keep us from applying Euler's Criterion to evaluate $\left(\frac{-1}{p}\right)$. On the other hand, we could express all these things as congruence statements modulo 8, but we choose not to since they are already captured by congruence conditions modulo 4.

#### Example: Is -1 a square modulo 503?

Suppose you want to know whether -1 is a square modulo 503. Without Euler's Criterion, we'd be stuck computing 251 quadratic residues, trying to see if -1 showed up amongst them. But without our new condition, we simply note that $503 \equiv 3 \mod{4}$, and this tells us automatically that $\left(\frac{-1}{503}\right) = -1$. Hence -1 is not a square modulo 503. Easy! $\square$

## Multiplicative behavior of the Legendre Symbol

Another bonus of Euler's Criterion is that it gives us a kind of "multiplicativity" for the Legendre symbol.

Lemma: For p and odd prime and $p \nmid a,b$, we have

1. $\left(\frac{a^2}{p}\right) = 1$;
2. if $a \equiv b \mod{p}$, then $\left(\frac{a}{p}\right) = \left(\frac{b}{p}\right)$; and
3. $\left(\frac{ab}{p}\right) = \left(\frac{a}{p}\right)\left(\frac{b}{p}\right)$.

Proof: The first two statements aren't hard to prove. The first just says that if you can visibly see that the top part of the Legendre symbol is a square, then you can immediately conclude that — well — it's a square. The second just says that the Legendre symbol is only defined for the congruence class of a given integer a; but of course we know this, because if $a \equiv b \mod{p}$ then the equation $x^2 \equiv a \mod{p}$ has solutions if and only if $x^2 \equiv b \mod{p}$ does.

So we have left to prove the last fact. For this, we'll use Euler's criterion twice (marked using $\star$ in the equation below):

(9)
\begin{align} \left(\frac{ab}{p}\right) \stackrel{\star}{\equiv} (ab)^{\frac{p-1}{2}} = a^{\frac{p-1}{2}}b^{\frac{p-1}{2}} \stackrel{\star}{\equiv} \left(\frac{a}{p}\right)\left(\frac{b}{p}\right) \mod{p}. \end{align}

Notice that since the Legendre symbol is either 1 or -1, this congruence is enough to give us a bona fide equality of integers. $\square$

## Example: Computing the Legendre symbol of a random numbers

Suppose, as usual, that p is an odd prime and that $p \nmid a$. Let's write a as its prime factorization: $a = \pm 2^e p_1^{e_1}\cdots p_k^{e_k}$. Then the previous lemma tells us that

(10)
\begin{align} \left(\frac{a}{p}\right) = \left(\frac{\pm 2^ep_1^{e_1}\cdots p_k^{e_k}}{p}\right) = \left(\frac{\pm 1}{p}\right)\left(\frac{2}{p}\right)^{e}\left(\frac{p_1}{p}\right)^{e_1}\cdots \left(\frac{p_k}{p}\right)^{e_k}. \end{align}

This means that if we want to know whether any given number a is a square mod p, it's enough for us to know whether -1 is a square mod p, and also to know which other primes q are squares mod p. $\square$

# Proving Euler's Criterion

Now that we've seen some applications of Euler's Criterion, let's prove it. To do this, we'll break things down into 2 cases.

Case 1: a is a quadratic residue In this case, we have $\left(\frac{a}{p}\right) = 1$, and also that there is a solution to the equation $x^2 \equiv a \mod{p}$. Let $x_0$ be such a solution. Then we get

(11)
\begin{align} a^{\frac{p-1}{2}} = (x_0^2)^{\frac{p-1}{2}} = x_0^{p-1} \equiv 1 \mod{p} \end{align}

with the last equality coming from Fermat's Little Theorem. But we also know that $1 = \left(\frac{a}{p}\right)$, so the previous equation tells us that

(12)
\begin{align} a^{\frac{p-1}{2}} \equiv \left(\frac{a}{p}\right) \mod{p} \end{align}

in this case.

Case 2: a is not a quadratic residue In this case, we know that $\left(\frac{a}{p}\right) = -1$, and we also know that there is no solution to $x^2 \equiv a \mod{p}$. Now we claim that in this case we can pair up the residues between 1 and p-1 so that each pair has product a. To see that this is true, let m be any number between 1 and p-1. Now the equation $mx \equiv a \mod{p}$ has precisely one solution, since $(m,p) = 1$. Hence for each number between 1 and p-1, there is a unique "partner" n between 1 and p-1 so that $mn = a \mod{p}$. Notice that $m \not \equiv n$ since this would imply that $m^2 \equiv a \mod{p}$, impossible since we're in the quadratic nonresidue case.

Now let's compute $\prod_{i=1}^{p-1}i$ in two ways. On the one hand, we know that

(13)
\begin{align} \prod_{i=1}^{p-1} = 1\cdot 2 \cdot 3 \cdots (p-1) = (p-1)! \equiv -1 \mod{p} \end{align}

because of Wilson's Theorem. On the other hand, since we can split the set $\{1,2,\cdots, p-1\}$ into $\frac{p-1}{2}$ pairs, each with product a, we get

(14)
\begin{align} \prod_{i=1}^{p-1} = \prod_{\textrm{\tiny{pairs }}m_in_i} m_in_i = \prod_{\textrm{\tiny{pairs}}} a = a^{\frac{p-1}{2}}. \end{align}

Hence we get $a^{\frac{p-1}{2} \equiv -1 \mod{p}$, and since $\left(\frac{a}{p}\right) = -1$ in this case, we have

(15)
\begin{align} a^{\frac{p-1}{2}} \equiv \left(\frac{a}{p}\right) \mod{p}. \end{align}

$\square$

#### Example: Computing quadratic residue-ness through exponents

Let's see Euler's Criterion in action by determining whether 2 is a square modulo 19. For this, Euler's Criterion says that

(16)
\begin{align} 2^{\frac{19-1}{2}} \equiv \left(\frac{2}{19}\right) \mod{19}. \end{align}

Now the left hand side is clearly $2^9 \mod{19}$, so we'll compute this power. For this, we'll use successive squaring. We have

(17)
\begin{split} 2^1 &\equiv 1\\ 2^2 &\equiv 4\\ 2^4 &\equiv 4^2 \equiv 16\\ 2^8 \equiv (16)^2 \equiv (-3)^2 \equiv 9. \end{split}

Hence we have

(18)
\begin{align} \left(\frac{2}{19}\right) \equiv 2^9 \equiv 2 \cdot 2^8 \equiv 2 \cdot 9 \equiv 18 \equiv -1 \mod{19}. \end{align}

Hence we have $\left(\frac{2}{19}\right) =-1$, and so we know that 2 is not a square mod 19. $\square$

# A Final Note

To finish class I mentioned the following

Theorem: For an odd prime p, we have

$\displaystyle \left(\frac{2}{p}\right) = \left\{\begin{array}{rl}1, &\mbox{ if }p \equiv 1 \mbox{ or }p \equiv 7 \mod{8},\\-1, &\mbox{ if }p \equiv 3\mbox{ or }p \equiv 5 \mod{8}.\end{array}\right.$

We'll cover the proof next time in class, but I point it out because it will be a useful tool for answering questions on the homework. Here's a typical example of a problem that involves this result.

#### Example: Is -2 a square modulo 503?

Suppose you want to know whether -2 is a square mod 503, but you don't feel like writing out all 251 quadratic residues to answer the question. Instead, you'll use the fact that

(19)
\begin{align} \left(\frac{-2}{503}\right) = \left(\frac{-1}{503}\right)\left(\frac{2}{503}\right). \end{align}

To calculate the first factor, you first notice that $503 \equiv 3 \mod{4}$. This means that

(20)
\begin{align} \left(\frac{-1}{503}\right) = -1 \end{align}

according to our congruence condition of primes for which -1 is a square. Now you also can compute that $503 \equiv 7 \mod{8}$, and according to the previous lemma this tells you that

(21)
\begin{align} \left(\frac{2}{503}\right) = 1. \end{align}

Putting these two factors together and substituting back into Equation (19), we have

(22)
\begin{align} \left(\frac{-2}{503}\right) = \left(\frac{-1}{503}\right)\left(\frac{2}{503}\right) = (-1)(1) = -1. \end{align}

Therefore we see that -2 is not a square modulo 503. $\square$

page revision: 7, last edited: 13 Oct 2008 19:28