Representation of primes as the sums of two squares in the golden section quadratic field

Transcription

1 Representation of primes as the sums of two squares in the golden section quadratic field Michele Elia Politecnico di Torino Dipartimento di Elettronica Corso Duca degli Abruzzi Torino Italy Abstract In the quadratic number field with the golden section unit, any prime p has associated primes that are the sums of two integer squares, if and only if its field norm N(p) is not a rational prime congruent to 11 or 19 modulo 20. A proof of this property is presented, along with a method for computing the two squares with deterministic polynomial complexity, that is, using a number of arithmetical operations proportional to a power of log 2 N(p) of bounded exponent. Keywords : Golden section, real quadratic fields, polynomial complexity. 1. Introduction Fermat stated that every rational prime p congruent to 1 modulo 4 is the sum of two squares of natural numbers. Fermat s theorem has received many proofs [22, p. 66], although early ones did not offer a method of deterministic polynomial complexity for computing the representation p = s 2 + r 2, i.e. one using a number of sums and products proportional to some small power of the logarithm of p. However, a reduction algorithm of binary quadratic forms, which can be traced back to Gauss [6], produces Presented at XXIVième Journées Arithmétiques, Marseille (FR), July 4-8, eliamike@tin.it Journal of Discrete Mathematical Sciences & Cryptography Vol. 9 (2006), No. 1, pp c Taru Publications

2 26 M. ELIA r and s with deterministic polynomial complexity once a square root of 1 modulo p is known [13]. The question was then settled by Schoof, who discovered an algorithm for evaluating the number of points on elliptic curves over finite fields, which also furnishes a square root of small numbers, in particular 1, modulo p with deterministic polynomial complexity [18]. Fermat also stated, and Lagrange proved, that every natural integer is the sum of at most four squares of natural numbers [17, p. 7]. Some two centuries later, Siegel proved that the only real algebraic number fields in which exist a four-square-sum representation of the totally positive integers are the rational field Q and the quadratic field Q(ω) with golden section unit ω = 1 + 5, [20]. A direct consequence 2 of Siegel s theorem is that any prime integer p Q(ω) has an associated prime which is the sum of two squares in the same field, if its field norm is a rational prime not congruent to 11 or 19 modulo 20. The paper shows that the same tools used in Q can be employed to give a proof of the two-square-sum property for primes π in Q(ω), and provides a way of computing their representation π = a 2 + b 2 with deterministic polynomial complexity. 2. Preliminaries The real quadratic field F = Q(ω) is a principal ideal domain whose integers are the elements of Z(ω) [5]. The conjugate of an element z = a + bω is z = a + b ω = (a + b) bω, and the field norm is N F (z) = z z = a 2 + ab b 2. The elements of Z(ω) with norm ±1 are called units, and form a group which is the direct product of a torsion group T 2 = {1, 1} of order 2, and an infinite group U of rank 1, which is generated by ω. Two integers α, β Z(ω) are said to be associated if their ratio α/β is a unit. A positive integer number α = a + bω Z(ω) is said to be totally positive if its conjugate a is also positive [15, p. 378]. Given α, one of the four associates α, α, αω, and αω is certainly totally positive; moreover, let U 2 be the subgroup of U generated by ω 2, every totally positive element α Z(ω) uniquely identifies a class αu 2 = {αu : u U 2 } of totally positive associates. The set of primes in Q(ω) consists of: (i) a prime π 5 = 2 + ω of field norm 5, and its associates; (ii) all rational primes q ±2 mod 5, and their associates; and (iii) all pairs of prime factors π q = a + bω and π q =

3 REPRESENTATION OF PRIMES 27 a + b bω of every rational prime q ±1 mod 5, and their respective associates [5, p. 25], in particular π q may be chosen totally positive and such that q = π q π q = a 2 + ab b 2. This explicit representation is obtained from the process that reduces the quadratic form px 2 + s 5 XY + s p Y2 of discriminant 5 to the canonical form X 2 + XY Y 2, where s 5 is the odd root of x 2 = 5 mod p. This reduction algorithm, outlined by Gauss and cleverly reported in Buell [3], was described in a masterly fashion in Mathews book [13], and thus it will be referred to as Mathews reduction. It can be applied to any quadratic form of a non-perfect square discriminant. The square root s 5 may be computed with deterministic polynomial complexity by distinguishing whether p is congruent 3 or 1 modulo 4. In the first case, s 5 is one of the two square roots ±5 p+1 4 mod p, and the computation clearly has deterministic polynomial complexity. In the second case Schoof s algorithm [18, 21] is applied to compute both 1 and 5 modulo p, thus s 5 is one of the two values ± 1 5 mod p. Schoof s algorithm evaluates a square root modulo p in a number of arithmetical operations of order O(log t p) with t 10, that is with deterministic polynomial complexity [18]. A description of Schoof s algorithm can be found in the original paper [18] or in Washington s book [21], and is based on properties of elliptic curves that are briefly summarized. Let L be an algebraic number field of degree m over Q, which has an imaginary quadratic subfield Q( d), d > 0. Let P = (x, y) L 2 be a point of an elliptic curve E(L) over L, whose coordinates satisfy the cubic y 2 = x 3 + ax + b, with a, b L. Let q = p m be a power of a prime p. If E(L) is taken modulo p, an elliptic curve E(F q ) over a Galois field F q is obtained. The number of points on E(F q ), including the point at infinity, is N q = q t q + 1, where t q satisfies the Hasse bound t q 2 q. For elliptic curves having a complex multiplier in Q( d), a theorem of Deuring s [4, 18] states that if p = π π splits in Q( d), and E(F q ) is obtained considering E(L) modulo p, then with q = p m we have t q = π m + π m, and q = t2 q 4 + dw2 t q, w Z, t q 0 mod 2. (1)

4 28 M. ELIA Thus a square root of d mod p is obtained as d = mod p. 2w In particular, if p = 1 mod 4, the representation p = r 2 + s 2 is computed considering the elliptic curve E(Q) of equation y 2 = x 3 x, which has complex multiplier i, Schoof s algorithm gives r = t p, and by equation (1) 2 s = p r 2, furthermore 1 = r mod p. s If p is congruent 1 mod 4 and ±1 mod 5, 5 mod p is computed from p 2 = f 2 + 5g 2 which is obtained from the elliptic curve E(Q( 5)) of equation y 2 = x 3 j j x 2 j, with complex multiplier 1728 j The j-invariant is a root of a second degree Hilbert polynomial 2 for Q( 5) H 20 (z) = z z , since Q( 5) has class number 2. Schoof s algorithm gives the number of points on the elliptic curve E(F p 2), and we get p 2 = t2 p 2 t q 4 + 5z2 p 2, 5 = t p 2 2z p 2 mod p. Lastly, in this section we collect the main properties of a totally complex field K = Q(ρ) useful in our proofs, where ρ is a root of the irreducible polynomial m(x) = X 4 + 3X with discriminant = K is a Euclidean field [11], thus factorization is unique. The only ramified rational prime is 5 = π 2 5 = (2ρ2 + 3) 2, with inertia index 1, while 2 splits as 2 = π 2 σ(π 2 ) = (1 2ρ ρ 3 )(1 + 2ρ + ρ 3 ). In K, ρ is a generator of the unit group of rank 1, and the torsion group is T 4 = {1, 1, i, i}. An integral basis of K is B = {1, ρ, ρ 2, ρ 3 }, thus every a in the maximal order O K is represented as a = a 0 + a 1 ρ 2 + a 2 ρ 3 + a 3 ρ with a 0, a 1, a 2, a 3 Z. The Galois group G(K) = {e,σ, η,ση} of m(x) is isomorphic to the Klein group, and K is a Galois extension of Q with subfields Q(ω), Q(i), and Q(ξ), where ξ = 5. We will assume that the action of the automorphisms of the Galois group G(K) restricted to the subfields Q(i) and Q(ω) is specified as σ(i) = i, and η(ω) = 1 ω, respectively. Since it is immediate to check that ρ = iω, we have i = 2ρ ρ 3, and ω = 1 ρ 2, hence the action of G(K) on the roots of m(x) is as follows e(ρ) = ρ, σ(ρ) = ρ, η(ρ) = 3ρ ρ 3, σ(η(ρ)) = 3ρ + ρ 3. The following factorization of m(x) in the subfields of K is immediately

5 REPRESENTATION OF PRIMES 29 verified: m(x) = (x ω)(x ω) = (x 2 + xξ 1)(x 2 xξ 1) = (x 2 + xi + 1)(x 2 ix + 1). (2) Field trace and norm of any a K are invariant under the Galois group, thus they are rational expressions of a i s. Explicitly the trace Tr(a) = a + σ(a) + η(a) + η(σ(a)) is Tr(a) = 4a 0 6a 2, and the norm Nr(a) = aσ(a)η(a)η(σ(a)) is Nr(a) = a a4 1 + a4 2 + a4 3 6(a3 0 a 2 + a 3 2 a 0 + a 3 1 a 3 + a 3 3 a 1) + 3(a 2 0 a2 1 + a2 1 a2 2 + a2 2 a2 3 ) + 18a2 0 a (a2 0 a2 2 + a2 1 a2 3 ) 4(a 0 a 2 1 a2 2 + a 1a 2 2 a 3) 14(a 2 a 2 3 a 0 + a 3 a 2 0 a 1) + 12a 0 a 1 a 2 a 3. (3) 3. Representation of primes in Z(ω) In Q(ω), a representation r = a 2 + b 2, a, b Z(ω) of every totally positive integer r is obtained from the representations of its prime factors using the identity (a 2 + b 2 )(c 2 + d 2 ) = (ac bd) 2 + (ad + bc) 2. Hence, limited to primes π Q(ω), it will be shown that a two-square-sum representation is computed with deterministic polynomial complexity. To this aim, it is convenient to consider the rational primes separately by their remainders 1, 3, 7, 9, 11, 13, 17, 19 modulo 20, plus the primes 2 and 5. The rational prime 2 is inert in Z(ω), thus its representation 2 = is trivial. The rational prime 5 ramifies in Z(ω), thus it is a perfect square Π 2 5 = (2ω 1)2 of a non positive prime. The associated prime π 5 = ωπ 5 = 2 + ω is positive, and admits of the representation π 5 = 1 + ω 2. Primes congruent to 3, 7, 13, 17 modulo 20 are inert and remain primes in Z(ω), and thus their representation as the sum of squares is almost direct. Primes congruent to 1, 9, 11, 19 modulo 20, on the contrary, split into pairs of conjugate primes π o and π o, and their representation may require the solution of a Diophantine equation of degree 4 provided by the norm in K. These representations are disposed of in the following Theorems, working in the quartic field K, where any rational prime splits into at least two factors: (i) the decomposition containing ω holds for every prime p 1, 9, 11, 19 mod 20, in which case 5 Z p ;

6 30 M. ELIA (ii) the decomposition containing ξ holds for every prime p 3, 7 mod 20, in which case 5 Z p ; and (iii) the decomposition containing i holds for every prime p 13, 17 mod 20, in which case 1 Z p. Theorem 1. Let p be a rational prime congruent to 11, 19 mod 20, then p splits in Q(ω) with factors π o = x 0 + y 0 ω and π o = x 0 + y 0 y 0 ω. Furthermore, π o cannot be represented as a sum of two squares in Q(ω), hence it is inert in Q(ρ). Proof. Since every p = ±1 mod 5 splits in Q(ω), let π o denote a totally positive prime factor. If π o can be written as the sum of two squares, then π o splits in Q(ρ), that is π o = pσ(p) and p = pσ(p)η(p)η(σ(p)), thus p can be written as the sum of two rational squares, a condition that is contradicted by p = 3 mod 4. The following Theorems establish that the remaining primes are representable as sums of two squares, and how such representations can be computed. Theorem 2. Every rational prime p 3, 7, 13, 17 mod 20 is inert in Q(ω), and is represented with deterministic polynomial complexity as the sum of two squares in Z(ω). Precisely: (a) if p 13, 17 mod 20, then p is the sum of two squares of natural numbers; (b) if p 3, 7 mod 20, then p is the sum of two conjugate squares p = (a + bω) 2 + (a + b ω) 2. Proof. Every rational prime p 3, 7, 13, 17 mod 20 is inert in Q(ω). If p 13, 17 mod 20, then p 1 mod 4, thus p is the sum of two squares of natural numbers by Fermat s theorem. If p 3, 7 mod 20, then p 3 mod 4, thus p is the sum of two squares of conjugate numbers p = (x 1 + y 1 ω) 2 + (x 1 + y 1 ω) 2 = 2x x2 1 y 1 + 3y 2 1 and 2x x 1y 1 + 3y 2 1 is the non-principal genus of discriminant 5 and represents every prime congruent 3, 7 modulo 20 [4].

7 REPRESENTATION OF PRIMES 31 Lemma 1. Every rational prime p 1, 9 mod 20 fully splits in Q(ρ), and is the field norm Nr(p) of a prime p = a 0 + a 1 ρ + a 2 ρ 2 + a 3 ρ 3 Q(ρ). The product π i = pη(p) = u + vi is unique except for a sign change and complex conjugation. Moreover, the components u and v of π i satisfy the congruences v 0 mod 5 if p 1 mod 5, u 0 mod 5 if p 1 mod 5. Proof. Since p = ±1 mod 5, then p = p 1 η(p 1 ) for some p 1 Q(ω), furthermore, since p = 1 mod 4, then p = p 2 σ(p 2 ) for some p 2 Q(i). All factors are in the PID Q(ρ), therefore, if p 2 is prime, then either p 1 = u a p 2, or p 1 = u b σ(p ). In any case, the real product p 1 η(p 1 ) is either u a η(u a )p 2 2 or u a η(u b )σ(p 2 2 ), which force p 2 to be real, a contradiction. Given that Q(ρ) is a PID, the factorization of a rational prime is unique except for a unit factor u = i k 1ω k 2, with k 1 {0, 1, 2, 3}, and k 2 Z. Let p and p = up be associated primes, since η(u) = i k 1 ω k 2, then pη( p) = i 2k 1 ω k2 ω k 2 pη(p) = ( 1) k 1+k 2 pσ(p) = ( 1) k 1+k 2 (u + vi). It follows that π i is uniquely specified except for a sign change and complex conjugation, thus among the four complex numbers u + vi, (u + vi), u vi, and (u vi), one has positive real and imaginary parts. The congruence property satisfied by u and v is proved by writing p Q(p) as p = (a 0 + a 2 ) + 3i(a 1 + a 3 ) + π 5 [ a 2 + i(a 1 2a 3 ) i π 5 a 3 ], where π 5 = 2 + ω satisfies π 5 π 5 = 5 and π 5 + π 5 = 5, from which it follows that p = η(p) = (a 0 + a 2 ) + 3i(a 1 + a 3 ) mod π 5, and in turn π i = pη(p) = (a 0 + a 2 ) 2 + (a 1 + a 3 ) 2 + i(a 0 + a 2 )(a 1 + a3) mod π 5 p = [(a 0 + a 2 ) 2 + (a 1 + a 3 ) 2 ] 2 + [(a 0 + a 2 )(a 1 + a 3 )] 2 mod π 5. Hence, if p 1 mod 5, necessarily (a 0 + a 2 ) 2 = (a 1 + a 3 ) 2 mod π 5, which implies u 0 mod 5. While, if p 1 mod 5 necessarily (a 0 + a 2 ) (a 1 + a 3 ) 0 mod π 5, which implies v mod 5. (It is remarked that whenever a is a rational integer then a 0 mod 5 a 0 mod π 5 ). Theorem 3. Let p be a prime in Q(ρ). With the same hypotheses as Lemma 1, we have 1. π o = pσ(p) = x 0 + y 0 ω Q(ω) with x 0 > y 0 > 0 is unique except for a factor ω 2m ; furthermore, we have π o = pσ(p) = (a 0 + a 2 ρ 2 ) 2 (a 1 ρ + a 3 ρ 3 ) 2 = (a 0 a 2 ω 2 ) 2 + ω 2 (a 1 a 3 ω 2 ) 2.

8 32 M. ELIA Proof. Since σ(pσ(p)) = pσ(p) and η(pη(p)) = pη(p), then pσ(p) Q(ω) and pη(p) Q(i). Thus we have π o = pσ(p) = x 0 + wy 0, π i = u + iv = pη(p), and the two representations p = u 2 + v 2 = x x 0y 0 y 2 0. (4) The representation π o = [(a 0 a 2 ) a 2 ω] 2 + [ a 3 + (a 1 2a 3 )ω] 2, is obtained by writing iω for ρ in p = a 0 + a 1 iω a 2 (1 + ω) a 3 i(1 + 2ω) = [(a 0 a 2 ) a 2 ω] + i[ a 3 + (a 1 2a 3 )ω]. Since p is unique except for a unit, its associated primes are i n 1ρ n 2p, then π o is unique except for a unit factor ω n 2, and π i is unique except for a unit factor ( 1) n 3. As previously observed, both π i = u + iv and π o = x 0 + y 0 ω are computed with deterministic polynomial complexity. Finally, it is remarked that finding a representation of π o Q(ω) as the sum of two squares is equivalent to factorizing p in Q(ρ). 4. Computational remarks The representations of primes π Q(ω) as the sums of two squares, established by Theorems 2 and 3, are computed with deterministic polynomial complexity using procedures that will be described separately for the different cases. 4.1 Primes p 13, 17 mod 20 The representation p = a 2 + b 2 does not need any further comment, since p = 1 mod 4 is the sum of two integer squares by Fermat s theorem, and its computation was shown in Section Primes p 3, 7 mod 20 The representation p = (x 1 + y 1 ω) 2 + (x 1 + y 1 ω) 2 = 2x x 1y 1 + 3y 2 1 is the representation of p by the non-principal genus of discriminant 20 [4]. Since p 3 mod 4, 5 mod p is computed as s5 = ( 5) p+1 4 mod p, thus Mathews reduction is applied to the quadratic form Q(x, y) = px 2 + 2s 5 xy + s y 2 p when the non-principal genus 2x 2 + 2xy + 3y 2 is obtained, then x 1 and y 1 are also obtained [3].

9 REPRESENTATION OF PRIMES Primes p 1, 9 mod 20 The representation π o = [(a 0 a 2 ) a 2 ω] 2 + [ a 3 + (a 1 2a 3 )ω] 2 of a totally positive prime π o = x 0 + ωy 0 of norm p is computed solving a norm equation, namely a quartic Diophantine equation N(p) = p in four variables, with p = a 0 + a 1 ρ + a 2 ρ 2 + a 3 ρ 3, an element in the order of Q(ρ). This quartic is solved by applying the method of infinite descent to a sequence of quadratic Diophantine equations in two variables. The descent ends when a quadratic form representing 1 is obtained, which is then solved using Mathews reduction. The most cumbersome part of this procedure is to show that all operations are done with deterministic polynomial complexity. To begin, both representations π i = u + iv, and π o = x + ωy of factors of p are computed with deterministic polynomial complexity, and respecting certain compatibility conditions. As regards π i of the eight choices (±u ± iv), and (±v ± iu), only one, denoted u 0 + iv 0, satisfies the conditions of Theorem 3, v 0 0 mod 5 if p 1 mod 5, or u 0 0 mod 5 if p 1 mod 5, and contemporarily has u 0 > 0, v 0 > 0. As regards π o, of the eight choices ±(x + wy), ±(y + ω(x + y)), ±(y + ωx), and ±(x + ω(x + y)), only one, denoted x 0 + ωy 0, is totally positive and contemporarily satisfies the conditions x 0 > 0, y 0 > 0. Since any totally positive associate π o = x k + ωy k π o U 2 may be used in our procedure, this freedom will be exploited to facilitate the solution of the norm equation by satisfying certain conditions obtained as follows. Since pσ(p) = π o and pη(p) = π i, the chain pη(p)σ(p) = (u 0 + iv 0 )σ(p) = (x 0 + ωy 0 )η(p) of equalities yields a linear system for the unknowns a 0, a 1, a 2, and a 3 : v 0 a 0 + (y 0 x 0 )a 1 v 0 a 2 + ( 2y 0 + 3x 0 + u 0 )a 3 = 0 y 0 a 0 + v 0 a 1 + ( u 0 x 0 + y 0 )a 2 2v 0 a 3 = 0. Solving for a 1 and a 3 we have: a 1 = 2x 0 + y 0 + 2u v 0 a 3 = x 0 + u v 0 a 0 + 5x 0 3y 0 u v 0 a 2 a 0 + 2x 0 y 0 u v 0 a 2. Furthermore, from pη(p) = u 0 + iv 0 we get a quadratic equation a 0 a 1 + a 1 a 2 + a 2 a 3 4a 0 a 3 = v 0 in four variables, which is reduced to a quadratic (5)

10 34 M. ELIA Diophantine equation in two variables using (5): (2x 0 +y 0 2u 0 )a ( 3x 0+y 0 +3u 0 )a 2 a 0 +(7x 0 4y 0 2u 0 )a 2 2 = v2 0. (6) Let the quadratic form on the left side of (6) be written as Q (0) (x, y) = Ax 2 + 2Bxy + Cy 2 with A = 2u 0 +2x 0 +y 0, B = 3x 0 +3u 0 +y 0, C = 4y 0 2u 0 +7x 0, and discriminant (0) = 4B 2 4AC = 20v 2 0. Furthermore, rewriting Q (0) (x, y) = v 2 0 as (Ax + By) 2 + 5v 2 0 y2 = Av 2 0, we have Ax + By = tv 0, and A = t 2 + 5y 2 > 0. Analogously, exchanging the roles of A and C we have Bx + Cy = sv 0 and C = s 2 + 5x 2 > 0. Thus (x 0, y 0 ) must be chosen so that A and C are both positive integers, and contemporarily both are also quadratic residues modulo 5. As previously observed, (x 0, y 0 ) uniquely identify a set Π(ω) = {(x k, y k ) : x = x 0 F 2k 1 + y 0 F 2k, y = x 0 F 2k + y 0 F 2k+1, k Z} where F n denotes a Fibonacci number. Then (x 0, y 0 ) Π(ω) may be chosen to make 1 the greatest common divisor G d = gcd{a, 2B, C}. Since of A and C at least one is odd, because x 0 and y 0 cannot both be even, we also have G d = gcd{a, B, C}, thus, we have G d = gcd{2x 0 + y 0 2u 0, 3x 0 + y 0 + 3u 0, 7x 0 4y 0 2u 0 } = gcd{2x 0 + y 0 2u 0, ( x 0 + y 0 + 2y 0 ), ( 5y 0 + 5x 0 )} = gcd{5y 0, ( x 0 + u 0 + 2y 0 ), ( 5y 0 + 5x 0 )} = gcd{5y 0, ( x 0 + y 0 + 2y 0 ), 5x 0 }. If L 1 = x 0 + u 0 + 2y 0 = 0 mod 5, then some k exists such that L 1 = ( x k + u 0 + 2y k ) = 0 mod 5, as shown in Table 4.3, in conclusion G d = 1. In general, equation Q (0) (x, y) = v 2 0 cannot be solved with deterministic polynomial complexity in a straightforward way, but an infinite descent may be devised which gives at each step a Diophantine equation Q (i) (x, y) = vi 2, with discriminant (i) = 20vi 2, and v i a divisor of v 0 strictly less than v i 1 The idea behind the descent is to perform a linear transformation X = v 0 X + βy y = θy

11 REPRESENTATION OF PRIMES 35 u 0 mod 5 x 0 mod 5 y 0 mod 5 L 1 = 0 mod 5? k L 1 mod = 0 0 2y 0 = 0 0 = 0 x 0 = 2y 0 3 2y 0 = 0 = 0 0 = 0 u 0 = 2y 0 1 2y 0 = 0 = 0 = 0 u 0 = x 0 2y 0 2 x 0 = 0 L 1 = (x 0F 2k 1 + y 0 F 2k ) + u 0 + 2(x 0 F 2k + y 0 F 2k+1 ) on variables x and y, with the aim of obtaining an equation A 0 v 2 0 X2 + 2B 0 v 2 0 XY + v2 0 Y2 = v 2 0 all of whose coefficients are multiples of v2 0 and which has the solution X = 0, Y = 1. This is always possible, with β and θ satisfying Q (0) (α, β) = v 2 0, and linearly expressed in terms of two variables κ and µ satisfying A 1 µ 2 + 2B 1 κµ + C 1 κ 2 = d2 0 d 2, where 1 d 0 = gcd{a, B}, d 1 = gcd{a, B, v 0 }, and B1 2 A 1C 1 = 5 d2 0. This quadratic equation can be solved by Mathews reduction when d 0 = d 1, otherwise it is a quadratic equation of the same sort as Q (0) (x, y) = v 2 0, but with a smaller known term: this is sufficient to show the existence of an infinite descent. As we have proved it is not restrictive to assume that gcd{a, 2B, C} = 1 and 5 A, furthermore, clearly d 0 v 2 2 since 5v 2 0 = B2 AC, but d 0 v 0 if d 1 < d 0. Moreover, if d 1 = d 0 then d 2 0 A because we have 5v 2 0 d 2 = B2 AC = B62 d 0 0 d 2 C A 0 d 2. 0 Specifically, parameters β,θ, and A 0, B 0, C 0 = 1 are computed to satisfy the conditions Av 2 0 = A 0 v 2 0 v 0 (βa + θb) = B 0 v 2 (7) 0 Aβ 2 + 2Bβθ + Cθ 2 = v 2 0. We immediately have A 0 = A. Setting B 0 = µd 1, the second equation is β A d 0 + θ B d 0 = µv 0 d 1 d 0. (8) A B Let β 0 and θ 0 be two integers satisfying the condition β 0 +θ 0 = d 0 d 0 1, computed with the generalized Euclidean algorithm, thus a general d 2 1

12 36 M. ELIA solution of (8) is d β = µv 1 0 β 0 + κ B d 0 d 0 d θ = µv 1 0 θ 0 κ B. d 0 d 0 The third equation in (7) turns out to be a quadratic form in µ and κ { d 2 1 d 2 v } [Aβ Bβ 0θ 0 + Cθ0 2]µ2 10 v 0 θ 0 µκ + 5 A d 1 d 2 κ 2 = v 2 0. (9) 1 Defining d a = d 0, we obtain A 1 µ 2 2B 1 µκ + C 1 κ 2 = d 2 d 1, where the 1 discriminant of the quadratic form is 20d 2 a. This last equation completes the description of a step of the infinite descent. At the end of the descent, say after l steps, we obtain a quadratic equation of the form A l µ l 2 2B l µ l κ l + C l κl 2 = 1, with discriminant 20, which is solved by Mathews reduction. Thus, proceeding backwards, a 0 and a 2 are computed, and finally a 1 and a 3 are obtained from equation (5). 5. Conclusions The representation of primes as sums of two squares in Z(ω) allows us to formulate a theorem concerning the representation of any integer in Z(ω): Theorem 4. In the field Q(ω), any totally positive integer n = ζ 2β j j j π α i i i where ζ j and π i are primes, whose norms respectively are and are not primes congruent 11 and 19 mod 20, is a sum of two integer squares. The computation of the two-square representation of any element in Z(ω) is equivalent to factoring, as in Z, therefore at the present time only the two-square representations of primes can be computed with deterministic polynomial complexity. References [1] B. Berndt and R. Evans, Sums of Gauss, Jacobi and Jacobsthal, Journal of Number Theory, Vol. 11 (1979), pp

13 REPRESENTATION OF PRIMES 37 [2] J. Brillhart, Note on representing a prime as a sum of two squares, Mathematics of Computation, Vol. 26 (1972), pp [3] D. A. Buell, Binary Quadratic Forms, Springer-Verlag, New York, [4] D. A. Cox, Primes of the Form, Wiley, New York, [5] F. W. Dodd, Number Theory in the Quadratic Field with Golden Section Unit, Polygonal Pub. House, Paissac, [6] C.F. Gauss, Disquisitiones Arithmeticae, Springer-Verlag, New York, [7] G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, Oxford University Press, Oxford, [8] K. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, Springer-Verlag, New York, [9] D. E. Knuth, The Art of Computer Programming: Seminumerical Algorithms, Addison-Wesley, Reading, [10] S. Lang, Elliptic Functions, Springer-Verlag, New York, [11] F. Lemmermeyer, Reciprocity Laws, Springer-Verlag, New York, [12] R. Lidl and H Niederreiter, Finite Fields, Addison-Wesley, Reading (MA), [13] G.B. Mathews, Theory of Numbers, Chelsea, New York, [14] J. Neukirch, Algebraic Number Theory, Springer-Verlag, New York, [15] P. Ribenboim, The Theory of Classical Valuations, Springer-Verlag, New York, [16] N. Robbins, On gibonacci and Lucas numbers which are sums of precisely four squares, Fibonacci Quarterly, Vol. 21 (1) (1983), pp [17] W. Scharlau and H. Opolka, From Fermat to Minkowski, Springer- Verlag, New York, [18] R. Schoof, Elliptic curves over finite fields and the computation of the square roots mod p, Mathematics of Computation, Vol. 44 (170) (April 1985), pp [19] J. P. Serre, Cours d Arithmtétique, P.U.F., Paris, [20] C. L. Siegel, The trace of totally positive and real algebraic integers, Annals of Math., Vol. 46 (1945), pp [21] L.C. Washington, Elliptic Curves, Number Theory and Cryptography, Chapman & Hall, New York, [22] A. Weil, Number Theory, Birkhäuser, Boston, Received October, 2005