RATIONAL AND INTEGRAL POINTS ON CURVES. Andrew Granville. Table of Contents

Transcription

1 RATIONAL AND INTEGRAL POINTS ON CURVES Andrew Granville Abstract. These are notes that have been extracted from a book that I am writing on elementary number theory. I make no attemt here to organize this well; it is just some notes for your convenience. Please turn to the course books for more details. Chater 1. Table of Contents The Euclidean Algorithm 1.1. Finding the gcd 1.2. Linear combinations 1.3. Continued Fractions Chater 2. Congruences 2.1. Basic Congruences Chater 3. The basic algebra of number theory 3.1. The Fundamental Theorem of Arithmetic 3.2. Irrationality 3.3. Dividing in congruences 3.4. Linear equations in two unknowns 3.5. Congruences to several moduli Section B. Basics B1. Linear congruences B2. The Chinese Remainder Theorem in general Chater 6. Diohantine roblems 6.1. The Pythagorean equation 6.2. No solutions to a Diohantine equation through rime divisibility 6.3. No solutions through geometric descent 6.4. Fermat s infinite descent 6.5. Fermat s Last Theorem Chater 8. Quadratic residues Tyeset by AMS-TEX

2 Squares mod 8.2. Squares mod m 8.3. The Jacobi symbol 8.4. The quadratic character of a residue 8.5. The residue The law of quadratic recirocity 8.7. The residues +2 and Small residues and non-residues 8.9. Proof of the law of quadratic recirocity Chater 9. Sums of two squares 9.1. Sums of two squares 9.2. The values of x 2 + dy Solutions to quadratic equations Chater 11. The igeonhole rincile Rational aroximations to real numbers Pell s equation Transcendental numbers Chater 12. Binary quadratic forms Reresentation of integers by binary quadratic forms Equivalence classes of binary quadratic forms Class number one Section A. Elementary Additional Sections A6. Solving the cubic A7. Constructibility A8. Resultants and Discriminants A9. Möbius transformations: Lines and circles go to lines and circles B4. Grous Section C. Algebra C1. Ideals C2. Continued Fractions C3. Unique Factorization C4. Binary quadratic forms with ositive discriminant, and continued fractions. C5. SL(2, Z)-transformations. Forms-Ideals-Transformations. C6. Minkowski and lattices C7. Connection between sums of 3 squares and h(d). C10. Finite fields C11. Affine vs. Projective

3 1 C12. Descent and the quadratics. D2. Lifting solutions D*. The class number formula Section F. Analytic number theory F2. Character Sums F4. Some basic sums F5. Sums of two squares, 4 squares and quaternions, etc etc G1. Partitions Section H. Ellitic curves and beyond H1. The grou of rational oints on ellitic curves H2. Ellitic curves and finite fields H3. More L-functions H4. FLT and Sohie Germain H5. Rational oints on curves H6. The local-global rincile H7. Modularity and e π The Euclidean Algorithm 1.1. Finding the gcd. You robably know the Euclidean algorithm, used to find the greatest common divisor of two given integers. For examle, to determine the greatest common divisor of 85 and 48, we begin by subtracting the smaller from the larger, 48 from 85, to obtain = 37. Now gcd(85, 48) = gcd(48, 37) and we aly the algorithm again to the air 48 and 37. So we subtract the smaller from the larger to obtain = 11, so that gcd(48, 37) = gcd(37, 11). Next we should subtract 11 from 37, but then we would only do so again, and a third time, so let s do all that in one go and take = 4, to obtain gcd(37, 11) = gcd(11, 4). Similarly we take = 3, and then 4 3 = 1, so that the gcd of 85 and 48 is 1. This is the Euclidean algorithm that you learnt in school, but did you ever rove that it really works? To do so, we must first carefully define what we have imlicitly used in the above aragrah: We say that a is divisible by b (or a is a multile of b), or b is a divisor of a (or b is a factor of a), if there exists an integer q such that a = qb. For convenience we write b a. Exercise 1.1.1a. Prove that if b divides a then either a = 0 or a b. Exercise 1.1.1b. Deduce that if a b and b a then b = ±a. Exercise 1.1.1c. Prove that if a divides b and c then a divides bx + cy for all integers x, y. Exercise 1.1.1d. Prove that if a divides b, and b divides c, then a divides c. In general we have

4 2 Lemma 1.1. If a and b > 0 are integers then there exist integers q and r, with 0 r b 1, such that a = qb + r. We call q the quotient, and r the remainder. Proof. Let r be the smallest element of the set S := {a + nb 0 : n Z}. Evidently the set is non-emty (as may be seen by selecting n sufficiently large) so that r exists. Now r 0 by definition, and if r = a qb then we have r < b else a bq b so that r b = a (q + 1)b S, contradicting the minimality of r. Exercise (i) Let [t] be the integer art of t, that is the largest integer t. Prove that q = [a/b]. (ii) Let {t} to be the fractional art of t, that is {t} = t [t]. Prove that r = b{r/b} = b{a/b}. We say that d is a common divisor of a and b if d divides both a and b. We are interested here in the greatest common divisor of a and b, which is often written gcd(a, b) or simly (a, b). 1 Exercise Show that if a and b are not both 0, then gcd(a, b) is a ositive integer. We say that a is corime with b, or a and b are corime integers or relatively rime if (a, b) = 1. Corollary 1.2. If a = qb + r as in Lemma 1.1, then gcd(a, b) = gcd(b, r). Proof. Let g = gcd(a, b) and h = gcd(r, b). Now g divides a and b, so g divides a qb = r. Therefore g is a common divisor of both r and b, and therefore g h. Similarly h divides b and r, so h divides qb + r = a and hence h is a common divisor of both a and b, and therefore h g. We have shown that g h and h g, which together imly that g = h. Exercise Use Corollary 1.2 to deduce that the Euclidean algorithm indeed yields the greatest common divisor of the two given integers Linear combinations. Another asect of the Euclidean algorithm is that one can find a linear combination of a and b, over the integers, which equals gcd(a, b); that is, one can find integers u and v such that au + bv = gcd(a, b). We roceed as follows in our examle above: 1 = , and so we have 1 = = (11 2 4) = , as we had 3 = This then imlies, since we had 4 = , that Continuing in this way, we deduce: 1 = 3 ( ) 1 11 = = (48 37) = = 13 (85 48) = , 1 In the UK this is known as the highest common factor of a and b, and written hcf(a, b).

5 3 that is, we have the desired linear combination of 85 and 48. To rove that this method always works, we use Lemma 1.1 again: Suose that a = qb + r so that gcd(a, b) = gcd(b, r) by Corollary 1.2, and we have bu rv = 1 for some integers u and v. Then gcd(a, b) = gcd(b, r) = bu rv = bu (a qb)v = b(u + qv) av, the desired linear combination of a and b. This yields a roof of the following: Theorem 1.3. If a and b are given integers then there exist integers u and v such that au + bv = gcd(a, b). Exercise Prove that if there exist integers u and v such that au + bv = 1 then gcd(a, b) = 1. Exercise Prove that if d divides both a and b then d divides gcd(a, b). Exercise Prove that if a divides m, and b divides n then gcd(a, b) divides gcd(m, n). In articular show that if a divides m, and b divides n where gcd(m, n) = 1 then gcd(a, b) = 1. Corollary 1.4. If gcd(a, m) = gcd(b, m) = 1 then gcd(ab, m) = 1 Proof. By Theorem 1.3 there exist integers r, s, u, v such that au + mv = br + ms = 1. Therefore ab(ur) + m(bvr + aus + msv) = (au + mv)(br + ms) = 1. Hence gcd(ab, m) divides 1 by exercise 1.2.2, and the result follows from exercise Corollary 1.5. We have gcd(ma, mb) = m gcd(a, b) for all integers m 1. Proof. By Theorem 1.3 there exist integers r, s, u, v such that au + bv = gcd(a, b) and (ma)r + (mb)s = gcd(ma, mb). Now gcd(ma, mb) divides ma and mb so it divides mau + mbv = m gcd(a, b). Similarly gcd(a, b) divides a and b, so that m gcd(a, b) divides ma and mb, and therefore gcd(ma, mb) by exercise The result follows for exercise 1.1.1b. Exercise Deduce that if A and B are given integers with g =gcd(a, B) then gcd(a/g, B/g) = 1. (Hint: Try m = g, A = ma, B = mb in Corollary 1.4.) Exercise Show that any rational number u/v where u, v Z with v 0, may be written as r/s where r and s are corime integers with s > 0. We define the set of linear combinations of two integers as follows: I(a, b) := {am + bn : m, n Z}. This definition can be extended to an arbitrary set of integers in lace of {a, b}; that is I(a 1,... a k ) := {a 1 m 1 + a 2 m a k m k : m 1, m 2,..., m k Z}.

6 4 Corollary 1.6. If a and b are given non-zero integers then we have I(a, b) = I(g) where g :=gcd(a, b); that is {am + bn : m, n Z} = {gk : k Z}. Proof. By Theorem 1.3 we know that there exist u, v Z such that au+bv = g. Therefore a(uk) + b(vk) = gk so that gk I(a, b) for all k Z; that is I(g) I(a, b). On the other hand, as g divides both a and b, there exist integers A, B such that a = ga, b = gb, and so any am + bn = g(am + Bn) I(g). That is I(a, b) I(g). The result now follows from the two inclusions. Exercise Show that I(a 1,... a k ) = I(g) for any non-zero integers a 1,... a k, where g =gcd(a 1,... a k ). Exercise Deduce that if we are given integers a 1, a 2,..., a k, not all zero, then there exist integers m 1, m 2,..., m k such that m 1 a 1 + m 2 a m k a k = gcd(a 1, a 2,..., a k ). We say that the integers a 1, a 2,..., a k are relatively rime if gcd(a 1, a 2,..., a k ) = 1. We say that they are airwise corime if gcd(a i, a j ) = 1 whenever i j. We have seen how the Euclidean algorithm can be used to find the gcd of two given integers a and b, and to find integers u, v such that au + bv = gcd(a, b). This is more than the mere existence of u and v, which is all that was claimed in Theorem 1.3; the rice for obtaining the values of u and v is a somewhat comlicated analysis of the Euclidean algorithm. However if we only want to rove that such u and v exist, we can give an easier roof: Non-constructive roof of Theorem 1.3. Let h be the smallest ositive integer that belongs to I(a, b), say h = au + bv. Then g := gcd(a, b) divides h, as g divides both a and b. Lemma 1.1 imlies that there exist integers q and r, with 0 r h 1 such that a = qh + r. Therefore r = a qh = a q(au + bv) = a(1 qu) + b( qv) I(a, b), which contradicts the minimality of h, unless r = 0; that is h divides a. An analogous argument reveals that h divides b, and so h divides g by exercise Hence g divides h, and h divides g, so that g = h as desired. U until now we have considered the Euclidean algorithm, one ste at a time. It is convenient to give aroriate notation for the stes of the Euclidean algorithm, so that we can consider all the stes together: 1.3. Continued Fractions. If a > b > 1 with (a, b) = 1 then Lemmas 1.1 and 1.2 yield that there exists integers q and r, with b > r 1 such that a b = q+ r b = q+ 1 b r.

7 And then we can reeat this with the air of integers b and r. Thus going back to our original examle, where we were finding the gcd of 85 and 48, we begin by noting that and then We continue like this: so that = = = , = 1+, so that = = = , 11 4 = , and 4 3 = , = = This is the continued fraction for and is more conveniently written as [1, 1, 3, 2, 1, 3]. Notice that this is the sequence of quotients a i from the various divisions, that is a b = [a 0, a 1, a 2,..., a k ] := a a a 2 + a a 1 k Exercise Show that if a k > 1 then [a 0, a 1,..., a k ] = [a 0, a 1,..., a k 1, 1]. Prove that the set of ositive rational numbers are in 1 1 corresondence with the finite length continued fractions that do not end in 1. Taking the rationals corresonding to the first art of the continued fraction, namely [1] = 1, [1, 1] = 2, [1, 1, 3],... gives = 7 4, = , = 23 13, which are increasingly good aroximations (1.75, , ) to 85/48 = We call these the convergents j /q j, j 1 for a continued fraction, defined by j q j = [a 0, a 1, a 2,..., a j ], so that a/b = r k /s k. We will show in section C2.1 that j q j 1 j 1 q j = ( 1) j 1, so if u = ( 1) k 1 q k 1 and v = ( 1) k k 1 then au + bv = 1. This is really just a convenient reworking of the Euclidean algorithm, as we exlained it above, for finding u and v. Bachet de Meziriac, the celebrated editor and commentator of Diohantus, introduced this method to Renaissance mathematicians in the second edition of his brilliantly named book Pleasant and delectable roblems which are made from numbers (1624). Such methods had been known from ancient times, certainly to 8th century Indian scholars, robably to Archimedes, and ossibly to the Babylonians.. 5

8 6 3. The basic algebra of number theory A rime number is an integer n > 1 whose only ositive divisors are 1 and n. Hence 2, 3, 5, 7, 11,... are rimes. Integer n > 1 is comosite if it is not rime The Fundamental Theorem of Arithmetic. All the way back to ancient Greek times, mathematicians recognized that abstract lemmas allowed them to rove sohisticated theorems. The archetyal result is Euclid s Lemma, an imortant result that first aeared in Euclid s Elements (Book VII, No. 32). Euclid s Lemma. If c divides ab and gcd(c, a) = 1 then c divides b. This has the following imortant consequence, taking c = rime: Theorem 3.1. If rime divides ab then must divide at least one of a and b. The hyothesis in Theorem 3.1 that is rime, and the hyothesis in Euclid s Lemma are certainly necessary, as may be understood from the examle where 4 divides 2 6, but 4 does not divide either 2 or 6. We begin by giving Gauss s roof of Theorem 3.1, which is (arguably) more intuitive than the usual roof of Euclid s lemma: Gauss s roof of Theorem 3.1. Suose that this is false so there exist ositive integers a and b that are not divisible by, and yet ab is divisible by (if a or b is negative, relace them by a or b, resectively). Pick the counterexamle with b as small as ossible, and note that 0 < b < else if n is the least residue of b mod, then n b 0 (mod ) and an ab 0 (mod ), contradicting the minimality of b. We also have b > 1 else divides a 1 = a. Let B be the least ositive residue of (mod b), so that 1 B < b <, and therefore B. Writing B = kb for some integer k we have ab = a( kb) = a (ab)k 0 (mod ), since ab is divisible by. However does not divide either a or B, and so this contradicts the minimality of b. The slick, but unintuitive roof of Euclid s lemma. Since gcd(c, a) = 1 there exist integers m and n such that cm + an = 1 by Theorem 1.3. Hence c divides c bm + ab n = b(cm + an) = b. Exercise Prove that if rime divides a 1 a 2... a k then divides a j for some j, 1 j k. The first great theorem of number theory, which aears in Euclid s Elements : The Fundamental Theorem of Arithmetic. Every integer n > 1 can be written as a roduct of rimes in a unique way (u to re-ordering). It is useful to write the factorizations of natural numbers in a standard form, like n = 2 n 2 3 n 3 5 n 5 7 n 7...,

9 7 with each n i 0, and where only finitely many of the n i are non-zero. Usually we only write down those rime owers where n i 1, for examle 12 = and 50 = Exercise Prove that every natural number has a unique reresentation as 2 k m with k 0 and m an odd natural number. Exercise Prove that if a, b, c,... are airwise corime and they each divide m, then abc... divides m. Gauss s roof of Euclid s Lemma. Since ab is divisible by both a and c, and since (a, c) = 1, therefore ab is divisible by ac by exercise Therefore ab/ac = b/c is an integer, and so c divides b. Using the reresentation of an integer in terms of its rime ower factors can be useful when considering owers: Exercise Prove that if a, b, c,... are airwise corime, ositive integers and their roduct is an nth ower then they are each an nth ower. Exercise Prove that if ab is a square then a = ±ga 2 and b = ±gb 2 where g = gcd(a, b). Exercise Let be an odd rime. Suose that x, y and z are integers for which x + y = z. Show that there exist an integer r such that z y = r, r or 1 r. (Hint: Factor z y = (z y)(z 1 + z 2 y zy 2 + y 1 ) and find the ossible gcds of the two factors.) Rule out the ossibility that z y = r Irrationality. Are there irrational numbers? How about 2? Proosition is irrational. This is a consequence of Proosition 3.4. If d is an integer for which d is rational, then d is an integer. Therefore if integer d is not the square of an integer than d is irrational. Proof. We may write d = a/b where a and b are corime ositive integers, and a 2 = db 2. Write a = a, b = b, d = d where each a, b, d 0, so that 2a = 2b +d for each rime, as a 2 = db 2. Therefore if b > 0 or d > 0 then a = b + d /2 > 0, and so b = 0 as (a, b) = 1; but then d = 2a. Therefore b = 1 and d = a Dividing in congruences. Lemma 3.5. If d divides both a and b and a b (mod m) where g = gcd(d, m) then a/d b/d (mod m/g). Corollary 3.6. If (a, m) = 1 then u v (mod m) if and only if au av (mod m).

10 8 Corollary 3.7. If (a, m) = 1 then there exists an integer r such that ar 1 (mod m). We call r the inverse of a (mod m). We often denote this by 1/a (mod m). Exercise Deduce that, whenever (a, m) = 1, for all given integers b and c, there is a unique value of x (mod m) for which ax + b c (mod m) Linear equations in two unknowns. Given integers a, b, c can we find all solutions in integers m, n to am + bn = c? Theorem 3.8. Let a, b, c be given integers. There are solutions in integers m, n to am + bn = c if and only if gcd(a, b) divides c. If there are solutions then one solution, call it r, s, can be found using the Euclidean algorithm. All other integer solutions are given by m = r + l b (a, b), n = s l a (a, b) where l is an integer. Proof 1. If there are solutions m, n then gcd(a, b) divides am + bn = c by exercise 1.1.1c. Hence there are no solutions when gcd(a, b) does not divide c. On the other hand, we have seen that there exists integers u, v such that au + bv = (a, b) and so if c = k(a, b) then a(ku) + b(kv) = c. Given one solution r, s to ar + bs = c we can find all other solutions by noting that if am + bn = c = ar + bs then a(m r) = b(s n). Hence b/(a, b) divides m r by Corollary 3.2, so we can write m = r + lb/(a, b) for some integer l, and then n = s la/(a, b). Note that the real solutions to ax + by = c are given by x = r + kb, y = s ka, k R. The integer solutions come when k = l/(a, b) where l Z. An equation involving a congruence is said to be solved when integer values can be found for the variables so that the congruence is satisfied. For examle 6x (mod 11) has the unique solution x 5 (mod 11), that is all integers of the form 11k + 5. Proof 2. For a given integer m there exists an integer n such that am + bn = c if and only if am c (mod b). In that case c am 0 (mod (a, b)) as (a, b) b. If so write a = (a, b)a, b = (a, b)b, c = (a, b)c and then we are looking for solutions to Am C (mod B) where (A, B) = 1. If q 1/A (mod B) then this is equivalent to m qam qc (mod B). That is the set of solutions m is a residue class mod B = b/(a, b) and the result follows. There is another way to interret our Theorem:

11 The Local-Global Princial for Linear Equations. Let a, b, c be given integers. There are solutions in integers m, n to am + bn = c if and only if for all ositive integers r there exist residue classes u, v (mod r) such that au + bv c (mod r). Proof. If am + bn = c then am + bn c (mod r) for all r 1. On the other hand if au + bv c (mod b) and m is any integer u (mod b/(a, b)) then am au + bv c (mod b), as a b/(a, b) = b a/(a, b) 0 (mod b), and so there exists an integer n such that am + bn = c. Remark. Note that it suffices to take only the modulus r = b in this result. The Frobenius ostage stam roblem: If we only have ostage stams worth a cents and b cents where (a, b) = 1, what amounts can we make u? That is, what is the set P(a, b) := {am + bn : m, n Z, m, n 0}? (Note that in P(a, b) we only allow non-negative coefficients for a and b in our linear combinations, whereas in I(a, b) there is no such restriction.) Suose that r is an integer with 0 r b 1. If N = am + bn P(a, b) with N ar (mod ab) then am N ar (mod n) so that m r (mod b) and hence m = r + bk for some integer k 0. Therefore N = am + bn = ar + b(n + ak), and so the elements of P(a, b) in the arithmetic rogression ar (mod b) are all those elements of the arithmetic rogression that are ar. Hence a(b 1) b = ab a b is the largest integer that is not in P(a, b). Exercise Show that if 1 M, N ab with (M, ab) = 1 and M + N = ab then exactly one of M and N is in P(a, b). (Hint: Given a reresentation of M, find one of N.) Determining, in general, the largest integer that does not belong P(a, b, c), is an oen roblem. The Chinese Remainder Theorem. Suose that m 1, m 2,..., m k are a set of airwise corime ositive integers. For any set of residue classes a 1 (mod m 1 ), a 2 (mod m 2 ),..., a k (mod m k ), there exists a unique residue class x (mod m), where m = m 1 m 2... m k, such that x a j (mod m j ) for each j. 9 Exercise Suose that 1 < 2 <... < k are rimes, and that f(x) Z[x]. Prove that there exist integers a 1,... a k such that f(a i ) 0 (mod i ) for 1 i k, if and only if there exists an integer a such that f(a) 0 (mod k ). a m b m Exercise B2.1. Prove that a b (mod m) if and only if is an integer. With an abuse of our notation we can write this as a m b m (mod 1); or even that a m = b in R/Z (that is, R (mod Z)). Let m b j be the inverse of m/m j mod m j. Show that x in the Chinese Remainder Theorem is given by x m a 1b 1 m 1 + a 2b 2 m a kb k m k in R/Z. If the difference between the two sides is the integer n then we can relace a 1 b 1 by a 1 b 1 + mn in the first fraction on the right side so that the two sides are equal. This shows us how we can always decomose a fraction with a comosite denominator e into a sum of fractions whose denominators are the rime owers e, and whose numerators are fixed mod e.

12 10 The Chinese Remainder Theorem revisited. Suose that m 1, m 2,..., m k are a set of ositive integers. For any set of residue classes a 1 (mod m 1 ), a 2 (mod m 2 ),..., a k (mod m k ), there exist integers x such that x a j (mod m j ) for each j if and only if a i a j (mod (m i, m j )) for all i j. In this case the integers are those that belong to a unique residue class mod m = lcm[m 1, m 2,..., m k ]. Linear congruences with several unknowns. We will restrict our attention to the case that there are as many congruences as there are unknowns. That is we wish to find all integer (vector) solutions x (mod m) to Ax b (mod m), where A is a given n-by-n matrix of integers, and b is a given vector of n integers. Let a i be the ith column vector of A. Let V j = {v R n : v a i = 0 for all i j}. Basic linear algebra gives us that V j is itself a vector sace of dimension n (n 1) = 1, and has a basis made u of vectors with only integer entries. Hence we may take a non-zero vector in V j with integer entries, and divide through by the gcd of those entries to obtain a vector c j whose entries are corime. Therefore c j a i = 0 for all i j. Let d j = c j a j Z. Let C be the matrix with ith row vector c i, and D be the diagonal matrix with (j, j)th entry d j. Then Dx = (CA)x = C(Ax) Cb = y (mod m), say. This has solutions if and only if there exists a solution x j to d j x j y j (mod m) for each j. As we saw earlier there are solutions if and only if (d j, m) divides (y j, m) for each j, and we have also seen how to find all solutions. Examle: Given x 1 x (mod 12) we have x x = x = 4 5 (mod 12), and so x 1 1 (mod 3), x 2 1 (mod 12), x 3 0 (mod 3). To obtain all solutions mod 12 we substitute x 1 = 2+3t, x 2 = 1, x 3 = 3u into the original equations, we obtain 3 1 ( ) 2 2 t 1 2 (mod 4) which is equivalent to t u 1 (mod 4). So we end u u with x 3 0 (mod 3) with x 1 x 3 1, x 2 1 (mod 12).

13 11 6. Diohantine roblems Diohantus lived in Alexandria in the third century A.D. His thirteen volume Arithmetica dealt with solutions to equations in integers and rationals (though only arts of six of the volumes have survived). Diohantus s work was largely forgotten in Western Euroe during the Dark Ages, as ancient Greek became much less studied; but interest in Arithmetica was revived by Bachet s 1621 translation into Latin. 2 In his honour, a Diohantine equation is a olynomial equation for which we are searching for integer or rational solutions The Pythagorean equation. We wish to find all solutions in integers x, y, z to x 2 + y 2 = z 2. We may assume that x, y, z are all ositive and so z > x, y. Given any solution we may divide through by any common factor of x, y and z to obtain a solution where (x, y, z) = 1. Exercise Prove that if (x, y, z) = 1 and x 2 + y 2 = z 2 then x, y and z are airwise corime. Now x and y cannot both be odd else z 2 = x 2 + y (mod 8), which is imossible. Interchanging x and y if necessary we may assume that x is even and y and z are odd. Now (z y)(z + y) = z 2 y 2 = x 2. We rove that (z y, z + y) = 2: Since y and z are both odd, we know that 2 divides (z y, z +y). Moreover (z y, z +y) divides (z +y) (z y) = 2y and (z +y)+(z y) = 2z, and hence (2y, 2z) = 2(y, z) = 2. Therefore, by exercise , there exist integers r, s such that z y = 2s 2 and z + y = 2r 2, so that x = 2rs, y = r 2 s 2, and z = r 2 + s 2. To ensure these are airwise corime we need (r, s) = 1 and r + s odd. If we now add back in any common factors we get the general solution (6.1) x = 2grs, y = g(r 2 s 2 ), and z = g(r 2 + s 2 ). There is also a nice geometric roof of this arametrization: Exercise Prove that the integer solutions to x 2 + y 2 = z 2 with z 0 and (x, y, z) = 1 are in 1-to-1 corresondence with the rational solutions u, v to u 2 + v 2 = 1. Where else does a line going though (1, 0) intersect the circle x 2 + y 2 = 1? Unless the line is vertical it will hit the unit circle in exactly one other oint, which we will denote (u, v). Note that u < 1. If the line has sloe t then t = v/(u 1) is rational if u and v are. 2 Translations of ancient Greek texts into Latin heled insire the Renaissance.

14 12 In the other direction, the line through (1, 0) of sloe t is y = t(x 1) which intersects x 2 + y 2 = 1 where 1 x 2 = y 2 = t 2 (x 1) 2 so that either x = 1 or 1 + x = t 2 (1 x). Hence u = t2 1 t and v = 2t t are both rational if t is. We have therefore roved that u, v Q if and only if t Q. Writing t = r/s where (r, s) = 1 we have u = r2 s 2 r 2 +s and v = 2rs 2 r 2 +s, the same arametrization to 2 the Pythagorean equation as in (6.1) when we clear out denominators. In around 1637, Pierre de Fermat was studying the roof of (6.1) in his coy of Bachet s translation of Diohantus s Arithmetica. In the margin he wrote: I have discovered a truly marvelous roof that it is imossible to searate a cube into two cubes, or a fourth ower into two fourth owers, or in general, any ower higher than the second into two like owers. This margin is too narrow to contain it. by P. de Fermat (1637), in his coy of Arithmetica. In other words, Fermat claimed that for every integer n 3 there do not exist ositive integers x, y, z for which x n + y n = z n. Fermat did not subsequently mention this roblem or his truly marvelous roof elsewhere, and the roof has not, to date, been re-discovered, desite many efforts No solutions to a Diohantine equation through rime divisibility. One can sometimes show that a Diohantine equation has no non-trivial solutions by considering the divisibility of the variables by various rimes. For examle we will give such a roof that 2 is irrational. Proof of Proosition 3.3 by 2-divisibility: Let us recall that if 2 is rational then we can write it as a/b so that a 2 = 2b 2. Let us suose that (b, a) give the smallest non-zero solutions to y 2 = 2x 2 in non-zero integers. Now 2 divides 2b 2 = a 2 so that 2 a. Writing a = 2A, thus b 2 = 2A 2, and so 2 b. Writing b = 2B we obtain a solution A 2 = 2B 2 where A and B are half the size of a and b, contradicting minimality. Exercise Show that there are no non-zero integer solutions to x 3 + 3y 3 + 9z 3 = No solutions through geometric descent. We will give yet another roof of both Proositions 3.3 and 3.4 on irrationality, this time using geometric descent. Proof of Proosition 3.3 by geometric descent: Again we may assume that 2 = a/b with a and b ositive integers, where a is minimal. Hence a 2 = 2b 2 which gives rise to the smallest right-angle, isosceles triangle, OP Q with integer side lengths OP = OQ = b, P Q = a and angles P OQ ˆ = 90 o, P QO ˆ = QP ˆ O = 45 o. Now mark a oint R which is b units along P Q from Q and then dro a erendicular to meet OP at the oint S. Now RPˆ S = QP ˆ O = 45 o, and so RSP ˆ = 180 o 90 o 45 o = 45 o by considering the angles in the triangle RSP, and therefore this is a smaller isosceles, right-angled triangle. This

15 imlies that RS = P R = a b. Now two sides and an angle are the same in OQS and RQS so these triangles are congruent; in articular OS = SR = a b and therefore P S = OP OS = b (a b) = 2b a. Hence RSP is a smaller isosceles, right-angled triangle than OP Q with integer side lengths, giving a contradiction. This same roof can be written: As a 2 = 2b 2, so a > b > a/2. Now (2b a) 2 = a 2 4ab + 2b 2 + 2b 2 = a 2 4ab + 2b 2 + a 2 = 2(a b) 2. However 0 < 2b a < a contradicting the minimality of a. Proof of Proosition 3.4 by geometric descent: Suose that a is the smallest integer for which d = a/b with a and b ositive integers. Let r be the smallest integer db/a, so that db db a +1 > r a, and therefore a > ra db 0. Then (ra db) 2 = da 2 2rdab + d 2 b 2 + (r 2 d)a 2 = da 2 2rdab + d 2 b 2 + (r 2 d)db 2 = d(rb a) 2 However 0 ra db < a contradicting the minimality of a, unless ra db = 0. In this case r 2 = d db 2 /a 2 = d Fermat s infinite descent. Theorem 6.1. There are no solutions in non-zero integers x, y, z to x 4 + y 4 = z 2. Proof. Let x, y, z give the solution in ositive integers with z minimal.. We may assume that gcd(x, y) = 1 else we can divide out the common factor. Here we have (x 2 ) 2 + (y 2 ) 2 = z 2 with gcd(x 2, y 2 ) = 1, and so, by (6.1), there exist integers r, s with (r, s) = 1 and r + s odd such that x 2 = 2rs, y 2 = r 2 s 2, and z = r 2 + s 2. Now s 2 + y 2 = r 2 with y odd and (r, s) = 1 and so, by (6.1), there exist integers a, b with (a, b) = 1 and a + b odd such that and so s = 2ab, y = a 2 b 2, and r = a 2 + b 2, x 2 = 2rs = 4ab(a 2 + b 2 ). Now a, b and a 2 + b 2 are airwise corime integers whose roduct is a square so they must each be squares by exercise , say a = u 2, b = v 2 and a 2 + b 2 = w 2 for some ositive integers u, v, w. Therefore u 4 + v 4 = a 2 + b 2 = w 2 yields another solution to the original equation with contradicting the minimality of z. w w 2 = a 2 + b 2 = r < r 2 + s 2 = z, 13

16 Fermat s Last Theorem. Corollary 6.2. There are no solutions in non-zero integers x, y, z to x 4 + y 4 = z 4. Exercise Prove this! (Hint: Use Theorem 6.1.) Proosition 6.3. If Fermat s Last Theorem is false then there exists an odd rime and airwise corime non-zero integers x, y, z such that x + y + z = 0. Hence, to rove Fermat s Last Theorem, one can restrict attention to odd rime exonents. Proof. Suose that x n + y n = z n with x, y, z > 0 and n 3. If two of x, y have a common factor then it must divide the third and so we can divide out the common factor. Hence we may assume that x, y, z are airwise corime ositive integers. Now any integer n 3 has a factor m which is either = 4 or is an odd rime. Hence, if n = dm then (x d ) m + (y d ) m = (z d ) m, so we get a solution to Fermat s Last Theorem with exonent m. We can rule out m = 4 by Corollary 6.2. If m = is rime and we are given a solution to a + b = c then a + b + ( c) = 0 as desired. There is a great history of Fermat s Last Theorem, some of which we will discuss in the additional sections. For a very long time Fermat s Last Theorem was the best known and most sought after oen question in number theory. It insired the develoment of much great mathematics, in many different directions. For examle ideal theory, as we will see in section C1. In 1994 Andrew Wiles announced that he had finally roved Fermat s Last Theorem, from an idea of Frey and Serre involving modular forms, a subject far removed from the original. The roof is extraordinarily dee, involving some of the most rofound themes in arithmetic geometry. If the whole roof were written in the leisurely style of, say, this book, it would robably take a coule of thousand ages. This could not be the roof that Fermat believed that he had could Fermat have been correct? Could there be a short, elementary, marvelous roof still waiting to be found? Such a roof came to Lisbeth Salander in The girl who layed with fire just as she went into the final tense moments of that novel can truth follow fiction, as it so often does, or will this always remain a mystery?

17 15 8. Quadratic residues We are interested in understanding the squares mod m; that is the residues a (mod m) for which there exists b (mod m) with b 2 a (mod m). By the Chinese Remainder Theorem we know that a is a square mod m if and only if a is a square modulo every rime ower factor of m, so it suffices to study only the case where m is a rime ower. We begin by considering only m = an odd rime Squares mod. We define those non-zero residues a (mod ) congruent to a square modulo to be quadratic residues (mod ). All other numbers are quadratic nonresidues. If there is no ambiguity we simly say residues and non-residues. Note that 0 is always a square mod (as (mod )). Examles: Modulus Quadratic residues 5 1, 4 7 1, 2, , 3, 4, 5, , 3, 4, 9, 10, , 2, 4, 8, 9, 13, 15, 16 In each case we see that there are 1 2 quadratic residues mod. One sees immediately that ( b) 2 b 2 (mod ) so the distinct quadratic non-residues are 1 2, 2 2,..., ( ) (mod ). Lemma 8.1. The distinct quadratic residues mod are given by 1 2, 2 2,..., ( ) (mod ). Proof. If r 2 s 2 (mod ) where 1 s < r 1 then r 2 s 2 = (r s)(r + s) and so r s or r + s. Now < r s < and so if r s then r = s. Moreover 0 < r + s < 2 and so if r + s then r + s =. Hence the residues of 1 2, 2 2,..., ( ) (mod ) are distinct, and if s = r then s 2 ( r) 2 r 2 (mod ). Exercise One can write each non-zero residue mod as a ower of a rimitive root. Prove that the quadratic residues are recisely those residues that have even index, and the quadratic non-residues are those that have odd index. Exercise Are rimitive roots ever quadratic residues? Exercise Prove that for every m (mod ) there exist a and b mod such that a 2 +b 2 m (mod ). (Hint: Consider the sizes of the set of residues a 2 (mod ) and the set of residues m b 2 (mod ), as a and b vary.) Deduce that there are three squares, not all divisible by, whose sum is divisible by. Define the Legendre symbol as follows: ( a ) = 0 if a 0 (mod ) 1 if a is a quadratic residue (mod ), 1 if a is a quadratic non-residue (mod ).

18 16 ( ) ( ) Exercise Prove that if a b (mod ) then a = b. Exercise Prove that ( ) 1 a a=0 = 0. ( Corollary 8.2. There are exactly 1 + (mod ). a ) residues classes b (mod ) for which b 2 a Proof. This is immediate if a is a quadratic non-residue. For a = 0 if b 2 0 (mod ) then b 0 (mod ) so there is just one solution. If a is a quadratic residue then, by definition, there exists b such that b 2 a (mod ), and then there are the two solutions ( b) 2 b 2 a (mod ) and no others, by the roof in Lemma 8.1 (or by Lagrange s Theorem). ( ) ( ) ( ) ab a b Theorem 8.3. = for any integers a, b. Exercise Prove Theorem 8.3 by considering the arity of ind (a) and ind (b). Exercise What is the value of We deduce from the theorem that ( ) a/b? (Hint: Comare this to have a factorization of a into rime factors as a = q e 1 1 qe qe k k (. ( ) a = ) ( ) ab ). is a multilicative function. Therefore if we k i=1 e i odd ( ) qi. ( ) a This imlies that, in order to determine for all integers a, it is only really necessary ( ) ) to know the values of, and for all rimes q. 1 ( q 8.2. Squares mod m. We show how to recognize squares modulo rime owers, in terms of the squares mod : Proosition 8.4. Suose that r is not divisible by rime. If r is a square mod k then r is a square mod k+1 whenever k 1, excet erhas in the cases k = 2 or 4. Proof. Let x be an integer, corime with, such that x 2 r (mod k ), so that there exists an integer n for which x 2 = r + n k. Therefore then (x j k ) 2 = x 2 2jx k + x 2 2k r + (n 2jx) k (mod k+1 ); and this is r (mod k+1 ) for j n/2x (mod ) when is odd. If = 2 then rovided k 3. (x n2 k 1 ) 2 = x 2 nx2 k + x 2 2 2k 2 r (mod 2 k+1 ),

19 17 Exercise Deduce that integer r is a quadratic residue mod k if and only if r is a quadratic residue mod, when is odd, and if and only if r 1 (mod gcd(2 k, 8)) where = 2. Notice that this imlies that exactly half of the reduced residue classes mod k are quadratic residues, when is odd, and exactly one quarter when = 2 and k 3. Using the Chinese Remainder Theorem we deduce from exercise that if (a, m) = 1 ( then a is a square mod m if and only if a 1 (mod gcd(m, 8)). a ) = 1 for every odd rime dividing m, and 8.3. The Jacobi symbol. It is useful to extend the definition of the Legendre symbol as follows: If m is odd, with m = e then ( a = m) ( ) e a. Observe that if a is a square mod m then (a/) = 1 for all m and so (a/m) = 1. However the converse is not always true: The squares mod 15 that are rime to 15 are (±1) 2 (±4) 2 1 (mod 15) and (±2) 2 (±7) 2 4 (mod 15). Therefore 2 is not a square mod 15 but ( 2 3 ) = Exercise Prove that ( ) 2 = 1 so that 5 ( ) ab = ( ) ( ) a b. m m m ( ) 2 = 15 Exercise Prove that ( ) ( ) a m = b whenever a b (mod m). m ( 2 3 Exercise For how many residues a mod m do we have (a/m) = 1? ) ( ) 2 = The quadratic character of a residue. We have seen that 1th ower of any reduced residue mod is congruent to 1 (mod ) but are there erhas other atterns amongst the lower owers? a a 2 a 3 a a a 2 a 3 a 4 a 5 a The owers of a mod 5. The owers of a mod 7. As exected the 1st column is all 1s, but one also observes that the middle column, a 2 (mod 5) and a 3 (mod 7), is all 1s and 1s. This column reresents the least residues of numbers of the form a 1 2 (mod ). Euler showed that, not only is this always 1 or 1, but that it determines the value of the Legendre symbol:

20 18 Euler s criterion. ( a ) a 1 2 (mod ), for all rimes and integers a. Exercise Prove Euler s criterion by considering the arity of ind (a). One of the beautiful consequences of Euler s criterion is that one can test whether a is a square mod without determining the square root of a (mod ) (which may be difficult). Taking a high ower of a mod is not difficult. Moreover when 3 (mod 4) it is easy to find the square root of a (mod ): ( ) Exercise Let be a rime 3 (mod 4). Show that if a x 2 a (mod ). Can one adat this method when 1 (mod 4)? = 1 and x a +1 4 (mod ) then Although half of the residues mod are quadratic non-residues we do not know how to find one quickly (and thus we do not know how to find rimitive roots quickly either). Theorem is a quadratic residue (mod ) if and only if = 2 or 1 (mod 4). Exercise Prove that if n is odd then ( ) { 1 1 if n 1 (mod 4); = n 1 if n 1 (mod 4) The law of quadratic recirocity. We have already seen that if is an odd rime then ( ) { 1 1 if 1 (mod 4); = 1 if 1 (mod 4). One also has that ( ) { 2 1 if 1 or 1 (mod 8); = 1 if 3 or 3 (mod 8). To be able to evaluate Legendre symbols we will also need the law of quadratic recirocity. This states that if and q are distinct odd rimes then ( ) ( ) { q 1 if q 1 (mod 4) = q 1 otherwise. These rules, taken together, allow us to raidly evaluate any Legendre symbol, as follows: Suose that we wish to evaluate (m/). First we reduce m mod, so that (m/) = (n/) where n m (mod ) and n <. Next we factor n and, by the multilicativity of the Legendre symbol, as discussed at the end of section 8.1, we can evaluate (n/) in terms of ( 1/), (2/) and the (q/) for those rimes q dividing n. We can easily determine the values of ( 1/) and (2/) from determining (mod 8), and then we need to evaluate each (q/) where q n <. We do this by the law of quadratic recirocity so that (q/) = ±(/q) deending only on the values of and q mod 4. We reeat the rocedure on each (/q). Clearly this rocess will quickly finish as the numbers involved are always getting smaller.

21 This is an efficient rocedure rovided that one is caable of factoring the numbers n that arise. Although this may be the case for small examles, it is not ractical for large examles. We can by-ass this difficulty by using the Jacobi symbol. The three rules above hold just as well rovided and q are any two odd corime integers. Hence to evaluate (m/) we find n m (mod ) with n < as above, and then write n = qn, where q = ± a ower of 2, and N is an odd ositive integer, so that N n <. Therefore (m/) = (n/) which may be evaluated in terms of ( 1/), (2/) and the (N/). This last equals ±(/N) deending only on and N mod 4, and then we reeat the rocedure with (/N). This rocess only involves dividing out owers of 2 and a ossible minus sign, so goes fast and avoids serious factoring; in fact it is guaranteed to go at least as fast as the Euclidean algorithm since it involves very similar stes. Gauss gave four roofs of the law of quadratic recirocity, and there are now literally hundreds of roofs. None of the roofs are easy. The one that has been long referred stems from an idea of Eisenstein, which ends u with an elegant lattice oint counting argument though the intermediate stes are difficult to follow and motivate. Gauss s very first roof was long and comlicated yet elementary and the motivation is quite clear; it rests on roving, by induction, that for any odd integers m and n with (m, n) = 1 we have ( where we define m n ( m ) ( { n 1 if m n 1 (mod 4) = n m) 1 otherwise ) = ( ) m 1 m n. Note that we can write the right side as ( 1) 2 n Small residues and non-residues. 1 is always a quadratic residue mod, as are 4, 9, 16,... If 2 and 3 are quadratic non-residues then 2 3 = 6 is a quadratic residue. Hence one is always guaranteed lots of small quadratic residues. How about quadratic non-residues? Since half the residues are quadratic non-residues one might exect to find lots of them, but a riori one is only guaranteed to find one Can one do better? This is an imortant question in number theory, and one where the best results known are surrisingly weak. One amusing roblem is to find strings of consecutive quadratic residues. Develoing the discussion in the last aragrah rove the following: Exercise ( ) ) Prove that for every rime 7 there exists an integer n = n 9 for which one has n = = 1. Can you extend this result to three consecutive quadratic residues? ( n+1 More comlicated is to ask whether, for a given integer m, one can find small rimes and q for which ( ) ( ) m m = 1 and = 1. q We shall study here just the second of the two roblems (more on the first in section F3): ) Theorem 8.9. If is a rime 1 (mod 4) there exists a rime q < such that = 1. Actually we will get much better bounds on q than this. ( q 19

22 20 Part I. If 5 (mod 8) then there exists a rime q < 2( 2 1) with ( ) q = 1. Proof. Choose integer a as large as ossible so that 2a 2 < ; in articular we may choose a > (/2) 1/2 1. Now 2a 2 3 or 5 (mod 8) ( and ) so has a rime) divisor ( q) 3 or 5 (mod 8). But then, by Theorem 8.7, we have = 1 and so = = 1. Finally 2 q q 2a 2 < 2( 2 1). The next case involves a remarkable roof given by Gauss: Part II. If 1 (mod 8) then there exists an odd rime q < with ( q 2a 2 q ( ) q = 1. Proof. Let m = [ ] ) and consider the roduct ( 1 2 )( ) 2 2 )... ( m 2 ), under the assumtion that = 1 for all q 2m + 1. Now since = 1 there exists a such that ( q a 2 (mod q); in fact there exists a q such that a 2 q (mod q n ) for any given integer n 1 (by the discussion in section 8.2). Since this is true for each q 2m + 1, and since (2m + 1)! is divisible only by owers of rimes q 2m + 1, we use the Chinese Remainder Theorem to construct an integer A for which A 2 (mod (2m + 1)!). Thus and so ( 1 2 )( 2 2 )... ( m 2 ) (A )(A )... (A 2 m 2 ) (A + m)! (A m 1)! 1 A Now (, (2m + 1)!) = 1 and so (A, (2m + 1)!) = 1; moreover (A + m)! (A m 1)! 1 A = 1 ( ) A + m (2m + 1)! A 2m + 1 ( q (mod (2m + 1)!). ( ) A + m is an integer, 2m (mod (2m + 1)!). Therefore (2m + 1)! divides ( 1 2 )( 2 2 )... ( m 2 ). However < (m + 1) 2 and so (2m + 1)! ( 1 2 )( 2 2 )... ( m 2 ) giving a contradiction. < ((m + 1) )((m + 1) )... ((m + 1) 2 m 2 (2m + 1)! ) = m + 1

23 21 9. Quadratic equations 9.1. Sums of two squares. What rimes are the sum of two squares? If we start comuting we find that 2 = , 5 = , 13 = , 17 = , 29 = , 37 = , 41 = ,... so we might guess that the answer is 2 and any rime 1 (mod 4). Proosition 9.1. If is an odd rime that is the sum of two squares then 1 (mod 4). Proof. If = a 2 + b 2 then a, else b and so 2 a 2 + b 2 = which is imossible, and similarly b. Now a 2 b 2 (mod ) so that 1 = and therefore 1 (mod 4). ( ) 2 a = ( 1 The other direction is more comlicated ) ( ) 2 b = ( ) 1, Theorem 9.2. Any rime 1 (mod 4) can be written as the sum of two squares. Proof. Since 1 (mod 4) we know that there exists an integer b such that b 2 1 (mod ). Consider now the set of integers {i + jb : 0 i, j [ ]} The number of airs i, j used in the construction of this set is ([ ] + 1) 2 >, and so by the igeonhole rincile, two must be congruent mod ; say that i + jb I + Jb (mod ) where 0 i, j, I, J [ ] and {i, j} {I, J}. Let r = i I and s = J j so that r bs (mod ) where r, s [ ] <, and r and s are not both 0. Now r 2 + s 2 (bs) 2 + s 2 = s 2 (b 2 + 1) 0 (mod ) and 0 < r 2 + s 2 < = 2. The only multile of between 0 and 2 is, and therefore r 2 + s 2 =. Exercise Suose that b (mod ) is given, and that R 1 and S are ositive numbers such that RS =. Prove that there exist integers r, s with r R, 0 < s S such that b r/s (mod ). What integers can be written as the sum of two squares? Note the identity (9.1) (a 2 + b 2 )(c 2 + d 2 ) = (ac bd) 2 + (ad + bc) 2.

24 22 Exercise Use this to show that the roduct of two or more integers that are the sum of two squares is itself the sum of two squares. We see that (9.1) is a useful identity, yet we simly gave it without indicating how one might find such an identity. Let i be a comlex number for which i 2 = 1. Then we have x 2 + y 2 = (x + iy)(x iy), a factorization in the set {a + bi : a, b Z}. Therefore (a 2 + b 2 )(c 2 + d 2 ) = (a + bi)(a bi)(c + di)(c di) = (a + bi)(c + di)(a bi)(c di) = ((ac bd) + (ad + bc)i)((ac bd) (ad + bc)i) = (ac bd) 2 + (ad + bc) 2, and so we get (9.1). A different re-arrangement leads to a different identity: (9.2) (a 2 + b 2 )(c 2 + d 2 ) = (a + bi)(c di)(a bi)(c + di) = (ac + bd) 2 + (ad bc) 2. Exercise Prove that if rime = a 2 + b 2 is corime with c 2 + d 2 then ac bd ad+bc a b (9.1); and ac+bd ad bc a b b (mod ) in (9.2). a (mod ) in In Theorem 9.2 we saw that every rime 1 (mod 4) can be written as the sum of two squares. A few examles indicate that erhas there is a unique such reresentation, u to signs and changing the order of the squares. This will now be roved: Exercise Suose that is a rime 1 (mod 4) with = a 2 + b 2 = c 2 + d 2 where a, b, c, d > 0. (i) Prove that (a, b) = (c, d) = 1. (ii) Prove that a/b c/d or c/d (mod ). (iii) Assuming that a/b c/d (mod ) in (ii), use (9.2) to deduce that (ac + bd). (iv) Use (iii) and (9.2) to deduce that ad = bc, and then (i) to deduce that a = c and b = d. (v) Work through the case where a/b c/d (mod ) using (9.1). Exercise tells us that any rime 1 (mod 4) can be written as the sum of two squares in a unique way, thus 5 = , 13 = , 17 = and there are no other reresentations. For a comosite number like 65 we can use the formulae (9.1) and (9.2) to obtain that 65 = = , and indeed any comosite that is the roduct of two distinct rimes 1 (mod 4) can be written as the sum of two squares in exactly two ways, for examles 85 = = and 221 = = = We will discuss the number of reresentations further in section F5. Theorem 9.3. (Fermat) Positive integer n can be written as the sum of two squares of integers if and only if for every rime 3 (mod 4) which divides n, the exact ower of dividing n is even. Proof. exercise Exercise Deduce that ositive integer n can be written as the sum of two squares of rationals if and only if n can be written as the sum of two squares of integers. In section 6.1 we saw how to find all solutions to x 2 + y 2 = 1 in rationals x, y. How about all rational solutions to x 2 + y 2 = n? It is not difficult to do this in the case that n = rime, and this argument can be generalized to arbitrary n:

25 23 Proosition 9.4. Suose that rime can be written as a 2 + b 2. Then all solutions in rationals x, y to x 2 + y 2 = are given by the arametrization: (9.3) x = 2ars + b(s2 r 2 ) r 2 + s 2, y = 2brs + a(r2 s 2 ) r 2 + s 2, or the same with b relaced by b. Proof sketch. Let x, y be rationals for which x 2 +y 2 =. Let z be the smallest integer such that X = xz, Y = yz are both integers, so that X 2 +Y 2 = z 2. Now (X, Y ) 2 X 2 +Y 2 = z 2 so that (X, Y ) z. Therefore Z = z/(x, Y ) is an integer with X/(X, Y ) = xz, Y/(X, Y ) = yz both integers imlying, by the minimality of z that Z = z and so (X, Y ) = 1. Now X 2 + Y 2 0 (mod ), and so (X/Y ) 2 1 (mod ) as (X, Y ) = 1. But then X/Y ±a/b (mod ), say +, so that (bx ay ). Now 2 z 2 = (a 2 + b 2 )(X 2 + Y 2 ) = (ax + by ) 2 + (ay bx) 2 and so (ax + by ). Hence z 2 = ((ax + by )/) 2 + ((ay bx)/) 2, and so by (6.1) there exist integers g, r, s such that The result follows. ax + by = 2grs, ay bx = g(r 2 s 2 ), z = g(r 2 + s 2 ) The values of x 2 + dy 2. How about x 2 + 2y 2? We have the identity (a 2 + 2b 2 )(c 2 + 2d 2 ) = (ac + 2bd) 2 + 2(ad bc) 2, analogous to (9.1), so can focus on what rimes are reresented. Now if odd rime = x 2 + 2y 2 then ( 2/) = 1. On the other hand if ( 2/) = 1 then select b (mod ) such that b 2 2 (mod ). We take R = 2 1/4, S = 2 1/4 in exercise 9.1.1, so that divides r 2 + 2s 2, which is 2 3/2 < 3. Hence r 2 + 2s 2 = or 2. In the latter case 2 2 2s 2 = r 2 so that 2 r. Writing r = 2R we have s 2 + 2R 2 =. Hence we have roved that can be written as m 2 + 2n 2 if and only if = 2 or 1 or 3 (mod 8). Exercise What integers can be written as x 2 + 2y 2? Exercise Fix integer d 1. Give an identity showing that the roduct of two integers of the form a 2 + db 2 is also of this form. Exercise Try to determine what rimes are of the form a 2 + 3b 2, and a 2 + 5b 2, a 2 + 6b 2, etc Solutions to quadratic equations. It is easy to see that there do not exist nonzero integers a, b, c such that a 2 + 5b 2 = 3c 2. For if we take the smallest non-zero solution then we have a 2 3c 2 (mod 5) and since (3/5) = 1 this imlies that a c 0 (mod 5) and so b 0 (mod 5). Therefore a/5, b/5, c/5 gives a smaller solution to x 2 + 5y 2 = 3z 2, contradicting minimality.