Diohantine Equations Winter Semester 018/019 University of Bayreuth Michael Stoll Contents 1. Introduction and Examles 3. Aetizers 8 3. The Law of Quadratic Recirocity 1 Print version of October 5, 018, 11:59.
This course is a so-called Vertiefungsvorlesung within the area Algebra/Number Theory/Discrete Mathematics. It can be taken during the bachelor or the master hase of the Mathematics study rogram in Bayreuth. Some arts of these notes are rinted in a smaller font. They usually contain additional comments that do not belong to the core material of these lectures, but that might still be interesting for you. In the screen version of these notes you can find some links like this one (it oints to my homeage. Most of them oint to Wikiedia entries of mathematicians. For the uroses of this course, we will consider zero to be a natural number: occasionally we will use the notation N {0, 1,, 3,...} ; N + {1,, 3,...} for the set of ositive natural numbers (or integers. To avoid ossible confusion, we will mostly use Z 0 and Z >0 to denote these two sets. As usual, we use Z to denote the ring of integers, Q to denote the field of rational numbers, R to denote the field of real numbers and C to denote the field of comlex numbers. We write A B for a non necessarily strict inclusion of sets (A B is allowed; a strict inclusion (with A B will be written A B. The notation a b means that the integers a and b are corime (i.e., gcd(a, b 1.
1. Introduction and Examles 3 1. Introduction and Examles What are Diohantine Equations? Here is a definition. 1.1. Definition. A Diohantine Equation is an algebraic equation over Z (in DEF several variables that is to be solved in integers or rational numbers. Diohantine Equation An algebraic equation over Z is an equation of the form F (x 1, x,..., x n 0 with F Z[x 1, x,..., x n ] a olynomial with integral coefficients. The imortant art of this definition is not the form of the equation, but the fact that we are looking for integral or rational solutions. Which of the two is the more interesting question deends on the secific roblem. The definition can be extended to include systems of equations. (But note that since x 1 +...+x m 0 is equivalent to x 1... x m 0 when the x j are rational numbers, any system F 1 (x 1,..., x n... F m (x 1,..., x n 0 is actually equivalent to the single equation so this is not really a generalization. F 1 (x 1,..., x n +... + F m (x 1,..., x n 0, In some cases, one treats one or several of the exonents as variables (for nonnegative integers. Such an equation is also called an exonential Diohantine Equation. The name honors Diohantus of Alexandria. Not much is known about him. It is reasonably certain that he was active between 150 BC and 350 AD; it aears most likely that he lived in the third century AD. There is a riddle whose solution urorts to give his age; it is contained in a collection that was created around 500. Here lies Diohantus, the wonder behold. Through art algebraic, the stone tells how old: God gave him his boyhood one-sixth of his life, One twelfth more as youth while whiskers grew rife; And then yet one-seventh ere marriage begun; In five years there came a bouncing new son. Alas, the dear child of master and sage Passed away when attaining half father s final age. After consoling his fate with the science of numbers, For four years, then Diohantus did slumber. (Solution as an exercise. Still, some of his writings have survived. His main achievement is the Arithmetika, of whose originally 13 books six, or erhas ten, have been reserved. In these books, Diohantus studies the solution of equations in rational numbers; this is the first known systematic treatment of the subject. To this end, he introduces as one of the first symbolic notation for an indeterminate and its owers. The first usable translation (into Latin and annotation of the Greek text, which was also available to the general ublic, was ublished by Bachet in 161. Fermat obtained a coy of this translation, which insired him to do some research of his
1. Introduction and Examles 4 own. This is the beginning of the study of Diohantine Equations in the modern era. It is also this coy of Bachet s book in which Fermat wrote his infamous marginal note, claiming what is now known as Fermat s Last Theorem. Fermat s son ublished a version of Bachet s translation together with the notes his father left in his coy. Here is a (fairly arbitrary selection of examles of Diohantine Equations. (1 ax + by c with given a, b, c Z; we are looking for solutions X, Y Z (there are always rational solutions, unless a b 0 and c 0. This simle linear equation is solvable if and only if the greatest common divisor of a and b divides c. If (x 0, y 0 is some solution, then all solutions have the form (x 0 + tb, y 0 ta with t Z, where a a/ gcd(a, b and b b/ gcd(a, b. ( X + Y Z with X, Y, Z Z (or Q, this does not make an essential difference. This equation is homogeneous (i.e., each term has the same total degree, in the examle. This imlies that we can scale solutions: if (x, y, z is a solution, then so is (λx, λy, λz for any λ. Excet for the trivial solution X Y Z 0, which is uninteresting, all (integral or rational solutions are multiles of a rimitive integral solution, i.e., an integral solution such that gcd(x, Y, Z 1. We will see soon that all rimitive integral solutions can be given in a simle arametric form. Since the equation looks like the equation a + b c in the Pythagorean Theorem, integral solutions (like (3, 4, 5 of this equation are called Pythagorean Triles. (3 X n + Y n Z n This equation is again homogeneous, so that we can reduce to rimitive integral solutions. This is the famous Fermat Equation: Fermat claimed in a marginal note in his coy of Bachet s translation of Diohantus Arithmetika that this equation has no solution in ositive integers as soon as n 3 (this excludes solutions like (1, 0, 1. He claimed to have found a wonderful roof, which unfortunately the margin was too small to contain. Fermat actually did have a roof for the case n 4 and ossibly also for n 3. Exerts mostly agree that Fermat s alleged roof for the general case was faulty and that Fermat realized this quickly (he never reeated this claim for n 5 in his letters to other mathematicians, for examle. In the centuries following Fermat s death, the quest for a roof of Fermat s Last Theorem led to a treasure trove of mathematical results and theories, u to Wiles roof of the Modularity Theorem for Ellitic Curves. Unfortunately, there are still many amateurs, who think they have found Fermat s original (wrong! roof... (4 X 1 + X + X 3 + X 4 m with given m Z 0 ; we look for integral solutions. This means that we ask which natural numbers can be written as a sum of four squares. Diohantus guessed, Fermat knew and Lagrange roved that this is always ossible. We will see a roof later.
(5 X 409Y 1 1. Introduction and Examles 5 We look for nontrivial (meaning Y 0 integral solutions. Equations of this form (where instead of 409 we can ut an arbitrary ositive integer that is not a square are called Pell Equations. This name goes back to Euler and is based on a misunderstanding, since Pell did not have anything to do with this kind of equation. We will see later that there are always (nontrivial solutions and that they can all be generated from a fundamental solution. In our examle, the smallest ositive solution is X 5 05 977 73 09 47 986 049, Y 1 38 789 998 647 18 58 160. (6 X + Y U, X + Z V, Y + Z W, X + Y + Z T We look for nontrivial (X, Y, Z 0 and w.l.o.g. ositive rational solutions. This is an examle of a system of Diohantine Equations. The system describes a rectangular box whose sides (X, Y, Z, face diagonals (U, V, W and long diagonal (T all have rational lengths. No solution is known, but there is also no (known roof that no solution exists an oen roblem! If one of the conditions is removed (so one side, one face diagonal or the long diagonal is allowed to have irrational length, then solutions are known. (7 Y X 3 + 783 Here we are interested in rational solutions (integral ones do not exist. The equation describes an Ellitic Curve; such a curve is given by an equation of the form Y X 3 + ax + b. There is a very rich theory of Ellitic Curves (which can easily fill several semesters of lecture courses. Among other alications, Ellitic Curves layed an imortant role in Wiles roof of Fermat s Last Theorem. In our concrete case one can show that all solutions are generated by one basic solution, which is given by X 63581433141501000933517777 11981673410095561 Y 18639815584633056483755148559677008144776655756 11981673410095561 3 and was found by me in 00. (8 X + Y 3 Z 7 This is an instance of the Generalized Fermat Equation. For somewhat less obvious, but still very good reasons, one is again interested in rimitive (corime integral solutions. Considering more generally X + Y q Z r (with, q, r, it is known that there are infinitely many solutions (which fall into finitely many arameterized families, if χ : 1/ + 1/q + 1/r > 1, and only finitely many, if χ 1 (the case χ 1 is classical and was dealt with by Fermat and Euler, see Section for (, q, r (4, 4,. Together with two colleagues, I was able to show for the equation above that the list of known solutions (±1, 1, 0, (±1, 0, 1, ±(0, 1, 1, (±3,, 1, (±71, 17,, (±13459, 1414, 65, (±153183, 96, 113, (±106398, 7671, 17
1. Introduction and Examles 6 is comlete. 1 When a Diohantine Equation has only finitely many solutions, then it is usually fairly easy to find them. The hard art is to show that there are no others! ( ( Y X (9 (or 60Y (Y 1 X(X 1(X (X 3(X 4 5 We look for integral solutions. Equations of this tye can be solved in rincile, and nowadays there are even ractical algorithms. The solutions of our equation that have X > 4 are given by (5, 1, (5,, (6, 3, (6, 4, (7, 6, (7, 7, (15, 77, (15, 78, (19, 15, (19, 153. Also in this case, the hard art is to show that these are all solutions. (10 X + 7 n We look for solutions with X Z and n Z 0. This roblem was roosed by Ramanujan and first solved comletely by Nagell. This is an examle for an equation with a variable exonent. Its solutions are given by n {3, 4, 5, 7, 15}. Before we look at a few classical roofs, I would like to mention a negative result that tells us that we should not exect too much in general. The famous mathematician David Hilbert gave an equally famous seech at the International Congress of Mathematicians in Paris in 1900, in which he roosed a list of 3 roblems whose solution he thought would lead to rogress in mathematics in the 0. century. One of these roblems, Hilbert s Tenth Problem, asked for a rocedure (today one would say algorithm that decides for any given olynomial F Z[X 1,..., X n ], whether the equation F (X 1,..., X n 0 can be solved in integers or not. It took until the 1970s to reach a conclusion, when Yuri Matiyasevich, building on essential rior work of Putnam, Davis and Julia Robinson, was able to rove that such an algorithm does not exist. 3 Such a roof became ossible only after the notion of comutability was formalized and sufficiently understood. The idea of the roof, ut very concisely, is as follows. First, it is easy to see (exercise that Hilbert s formulation of the roblem is equivalent to a formulation where solvability in integers is relaced by solvability in natural number (i.e., in N Z 0. A diohantine set D is a set of the form D {a N x 1,..., x n N: F (a, x 1,..., x n 0}, where F Z[x 0, x 1,..., x n ] is a suitable olynomial. A recursively enumerable set is the set of all a N such that a suitable algorithm eventually halts when given a as inut. It is easy to show (exercise that every diohantine set is recursively enumerable. What Matiyasevich really roved is that the converse is true as well: every recursively enumerable set is diohantine. Since it is a standard result in mathematical logic that there exist recursively enumerable sets that are not decidable (i.e., there is no algorithm that decides for a given a N whether a is 1 B. Poonen, E.F. Schaefer, M. Stoll: Twists of X(7 and rimitive solutions to x + y 3 z 7, Duke Math. J. 137, 103 158 (007. Y. Bugeaud, M. Mignotte, S. Siksek, M. Stoll, Sz. Tengely: Integral oints on hyerellitic curves, Algebra & Number Theory, No. 8, 859 885 (008. 3 Yuri V. Matiyasevich, Hilbert s tenth roblem, Foundations of Comuting Series, MIT Press, Cambridge, MA, 1993. D. Hilbert 186 1943 Y. Matiyasevich 1947 c Y. Matiyasevich H. Putnam 196 016 c H. Putnam unchanged, License M. Davis 198 c G. Bergman License J. Robinson 1919 1985 c G. Bergman License
1. Introduction and Examles 7 an element of the set or not, it follows that there is a olynomial F as above such that, given a N, one cannot decide whether F (a, x 1,..., x n 0 has solutions in natural numbers (or, for a different F, in integers.
. Aetizers 8. Aetizers Before entering into a systematic study of some tyes of Diohantine Equations, I would like to resent comlete solutions of two such equations. The first of these is the equation describing ythagorean triles, X + Y Z. We want to find its rimitive integral solutions. As a first ste, we consider the arity of the variables: which of them can take even, which can take odd values? It is clear that not all of them can be even, since then the solution would not be rimitive. For the equation to hold mod, we then need two of the variables to be odd and one to be even. However, since the square of an odd integer is always 1 mod 4, it is not ossible that both X and Y are odd, since then the left hand side would be divisible by, but not by 4 and so could not be a square. It follows that Z must be odd, and we can assume (after interchanging X and Y if necessary that X is even and Y is odd. For the next ste, we need an auxiliary result..1. Lemma. If a, b, c are integers with a and b corime and satisfying ab c, LEMMA then there exist (corime untegers u and v such that either ab c or a u, b v and c uv a u, b v and c uv. Proof. We first assume that c 0. Then a, b 0, too, and so we can consider the rime factorizations of a and b. Let be a rime that divides a (say. Since a and b are corime, it follows that does not divide b. This imlies that the exonent of in the factorization of a is the same as that in the factorization of c and is therefore even. This shows that every rime occurs with an even exonent in the rime factorization of a, so there is u Z with a ±u. In the same way, we see that there is v Z with b ±v. Since ab c > 0, both signs must agree. We also see that c ±uv. If necessary, we can change the sign of u to get c uv. If c 0, then we must have (a, b (±1, 0 or (0, ±1, and the claim also holds (with (u, v (1, 0 or (0, 1. We now write our equation as X Z Y (Z Y (Z + Y. Both factors on the right are even (since Y and Z are both odd, hence there are U, V Z such that U Z Y and V Z + Y. We can also set X W with W Z (since X is even. Every common divisor of U and V is also a common divisor of Y V U and Z V + U and then also a divisor of X. Since we assume that X, Y, Z are corime, it follows that U and V are corime as well. Note that we now have that W UV with U and V corime. By Lemma.1 there are S, T Z such that U S, V T, W ST or U S, V T, W ST. In the first case we get X ST, Y T S, Z T + S,
and in the second case. Aetizers 9 X T S, Y S T, Z (S + T. We also know that S and T are corime and of different arity (meaning that one of them is even, the other is odd, since S + T ±Z is odd. We have therefore roved the following... Theorem. The rimitive ythagorean triles (X, Y, Z with X even and THM Z > 0 have the form X ST, Y S T, Z S + T ythagorean triles with S, T Z corime and of different arity. It is clear (and easy to check indeendently that each such trile actually is a rimitive ythagorean trile. I will now resent a second, geometric, roof of this theorem (as oosed to the algebraic roof given above. To this end, we note that in any nontrivial solution (i.e., (X, Y, Z (0, 0, 0, we must have Z 0. This allows us to divide the equation by Z, resulting in x + y 1, where x X/Z and y Y/Z. We now want to determine the rational solutions of this equation. We obtain the rimitive integral solutions of the original equation (with Z > 0 by multilying with the least common denominator Z of x and y. The way geometry comes into lay is that we can visualize the real solutions of x + y 1 as the 1 oints on the unit circle in the xy-lane. The P rational solutions then corresnd to the oints such oints, namely (x, y (±1, 0 and (0, ±1. Let P 0 ( 1, 0 be one of them. If P (x, y P 0 is another rational oint, then the line through with rational coordinates, the so-called rational P 0 t oints of the unit circle. There are four obvious 0 1 x P 0 and P has rational sloe t y. We therefore x+1 obtain all rational oints P 0 by taking lines with rational sloe through P 0 and considering the second intersection oint with the unit circle. This second oint of intersection is indeed rational; this is because it is determined by a quadratic equation with rational coefficients, whose other solution is also rational. The equation of the line through P 0 with sloe t is given by y t(x + 1. We substitute the right hand side for y in the equation of the circle: 0 x + y 1 x 1 + t (x + 1 (x + 1 ( x 1 + t (x + 1. We have that x 1 at the second intersection oint, so we can divide by (x + 1 and obtain x 1 t t, y t(x + 1 1 + t 1 + t. This rational arametization of the unit circle gives all rational solutions of x + y 1 excet P 0. We can think of P 0 as given by the limit as t. In our y
. Aetizers 10 construction, we would need a line that meets the circle twice in P 0 ; this is the tangent to the circle in P 0. This tangent is vertical, so has sloe. To go back to rimitive integral solutions of X + Y Z, we must write our exressions for x and y as fractions in lowest terms. To this end, we first write t U/V as a fraction in lowest terms, giving x V U V + U, y UV V + U. (In this formulation, P 0 is included if we allow U 1, V 0. The fraction giving x is in lowest terms when U and V are of oosite arity. Otherwise (when U and V are both odd the gcd of numerator and denominator is, and the same is true for the fraction giving y. In the first case, we therefore get X V U, Y UV, Z V + U with U and V corime and of different arity. In the second case, we write V + U R, V U S with integers R and S; then x RS R + S, y R S R + S are fractions in lowest terms, and we obtain the rimitive ythagorean trile X RS, Y R S, Z R + S. This recovers Theorem. in a version that covers both the cases when X is even and when Y is even. What we did here is actually quite close to what Diohantus is doing (in a urely algebraic formulation, in that we reduce the degree of the equation so that it becomes linear. The rational arametization of the unit circle has further alications. It exresses sin α and cos α rationally in terms of t tan α and can be used, for examle, to transform integrals over rational exressions in sin x and cos x into integrals over rational functions in t, which can be more easily comuted. As a further aetizer, I would like to resent Fermat s roof that X 4 + Y 4 Z has no integral solutions with X, Y, Z 0. Of course, this immediately imlies that X 4 + Y 4 Z 4 has no ositive integral solutions either. We first note that we only need to consider solutions with X, Y, Z corime in airs. If is a rime that divides two of the variables, then it also has to divide the third, and we obtain a smaller solution when we relace (X, Y, Z by (X/, Y/, Z/. Note that Z must be divisible by, since both sides of the equation are divisible by 4. We can continue in this way, until we obtain a solution with X, Y, Z corime in airs. Fermat s great idea was, given a rimitive solution with X, Y, Z > 0, to construct another smaller (i.e., with smaller Z such solution. Since there are no infinite strictly descending sequences of natural numbers, this leads to a contradiction. Fermat called this method of roof the infinite descent. P. de Fermat 1607 1665
. Aetizers 11 So let (X, Y, Z be a rimitive solution with X, Y, Z > 0. Then (X, Y, Z is a rimitive ythagorean trile. We can assume that X is even; then Theorem. tells us that there are corime integers R and S of different arity such that X RS, Y R S, Z R + S. Without loss of generality, R and S are ositive. Since Y is odd, the second equation imlies that S must be even. (If R is even and S is odd, then the right hand side is 3 mod 4, but the left hand side is 1 mod 4. We write S T and X W ; this results in W RT with R and T corime. According to Lemma.1, there are corime integers U, V > 0 such that R U, T V, hence S V and therefore Y U 4 4V 4. We also have that U U R R < Z. We see that (Y, V, U is another rimitive ythagorean trile. corime integers P, Q > 0 such that Y P Q, V P Q, U P + Q. So there are We can again aly Lemma.1 to the second equality; this gives us corime integers A, B > 0 with P A and Q B. Plugging this into the third equality, this finally gives A 4 + B 4 U. This shows that (A, B, U is another rimitive solution of X 4 + Y 4 Z with A, B, U > 0 and U < Z. By Fermat s rincile, this roves the following..3. Theorem. The only rimitive integral solutions of THM X 4 + Y 4 Z Y 4 + Y 4 Z are given by X 0, Y ±1, Z ±1 and X ±1, Y 0, Z ±1. Since in the course of the roof, we have seen that a nontrivial solution of Y U 4 4V 4 leads to a nontrivial solution of X 4 + Y 4 Z, we have also shown the following..4. Theorem. The only rimitive integral solutions of THM Y 4 4Y 4 X 4 4Y 4 Z Z are given by X ±1, Y 0, Z ±1.
3. The Law of Quadratic Recirocity 1 3. The Law of Quadratic Recirocity We can use the Chinese Remainder Theorem and the Euclidean Algorithm to solve linear congruences or systems of linear congruences. A natural next ste is to consider quadratic congruences. 3.1. Definition. Let be an odd rime number and a Z not a multile of. DEF Then a is a quadratic residue mod if the congruence x a mod has solutions quadratic in Z. Otherwise a is a quadratic nonresidue mod. (nonresidue 3.. Examle. EX qu. residues qu. nonresidues quadratic 3 1 (nonresidues 5 1, 4, 3 7 1,, 4 3, 5, 6 11 1, 3, 4, 5, 9, 6, 7, 8, 10 Let g be a rimitive root mod (i.e, the residue class ḡ F generates the multilicative grou F ; such rimitive roots always exist, since the grou is cyclic. Then every a Z with a is congruent to some g k mod, where k Z is uniquely determined modulo 1. In articular, the arity of k is uniquely determined, since 1 is even. We write k logḡ ā Z/( 1Z for the discrete logarithm of ā with resect to ḡ. 3.3. Theorem. Let be an odd rime and a Z with a. Assume further THM that g is a rimitive root mod. Then the following are equivalent. (1 a is a quadratic residue mod. Euler s criterion ( logḡ ā is even. (3 a ( 1/ 1 mod (Euler s criterion. Proof. We have that a g k mod with k logḡ ā. ( (1 : If k l is even, then a x mod with x g l, imlying that a is a quadratic residue mod. (1 (3 : If a is a quadratic residue, so that a x mod with some x Z, then a ( 1/ x 1 1 mod by Fermat s little theorem. (3 ( : If a ( 1/ 1 mod, then we have that g k( 1/ 1 mod. Since g is a rimitive root, this means that 1 divides the exonent k( 1/, which imlies that k is even. This already tells us that there are exactly ( 1/ residue classes mod consisting of quadratic residues and ( 1/ classes consisting of quadratic nonresidues. 3.4. Corollary. Kee the notations of Theorem 3.3. We have the following COR equivalences. Criterion for a is a quadratic nonresidue mod logḡ ā is odd a ( 1/ 1 mod. nonresidues Proof. We only have to show that a ( 1/ ±1 mod (assuming a. Set b a ( 1/. Then b a 1 1 mod, so ( b 1( b + 1 0 in the field F. So one of the factors must vanish, which means that b 1 or b 1 mod.
3. The Law of Quadratic Recirocity 13 3.5. Definition. We define the Legendre symbol for an odd rime and a Z DEF by ( a 1 if a and a is a quadratic residue mod, 1 if a and a is a quadratic nonresidue mod, It follows that ( a ( Euler s criterion imlies that 0 if a. ( b when a b mod. a can be comuted efficiently: The ower ā ( 1/ F can be comuted using O ( (log 3 bit oerations(o(log multilications in F to comute the ower by successive squaring; one multilication can be done in O ( (log bit oerations or faster. It is a comletely different roblem to actually exhibit a square root of a mod (some x Z with x a mod. There are robabilistic algorithms that have olynomial running time, but so far there is no efficient deterministic algorithm. 4 3.6. Corollary. The number of solutions of X ā in F is exactly 1 + ( Proof. If ā 0, then there is exactly one solution X 0, and a 0. If ā 0 is ( a square in F, then there are exactly two solutions (differing only by a sign, and 1. ( If ā is a non-square in F, then there is no solution, and 1. a Legendre symbol ( a. COR Number of square roots of ā 3.7. Corollary. Let be an odd rime and a Z. Then COR ( Legendre a a ( 1/ mod, via Euler and this congruence determines the value of the Legendre symbol uniquely. Proof. If a, then both sides are zero mod. In the other two cases, the congruence follows from Theorem 3.3 and Corollary 3.4. The uniqueness statement follows from the fact that the Legendre symbol takes one of the values 1, 0, 1, which are all distinct mod (since 3. 3.8. Theorem. Let be an odd rime and a, b Z. Then THM ( ( ( Legendre ab a b. symbol is multilicative Proof. By Corollary 3.7, we have that ( ( ( a b ab a ( 1/ b ( 1/ (ab ( 1/ mod. Equality follows again, since the ossible values 1, 0, 1 that the left and right hand sides can take are distinct mod. 4 htt://en.wikiedia.org/wiki/quadratic residue#comlexity of finding square roots
3. The Law of Quadratic Recirocity 14 We see in articular that the roduct of two quadratic nonresidues mod is a quadratic residue mod. The statement of Theorem 3.8 can also be formulated in the following way. The ma ( a F {±1}, ā is a grou homomorhism. Since there always exist quadratic nonresidues (e.g., every rimitive root mod is a quadratic nonresidue, this homomorhism is surjective; its kernel consists recisely of the squares in F. ( 3.9. Examle. We can factor that a ± e q f 1 1 q f... q f k k ( a ( ±1 a using the rime factorization of a. Assume with airwise distinct odd rimes q j. Then we get that ( e ( f1 ( f ( fk q1 q qk.... EX Legendre symbol and rime factorization We will now study how we can comute the various factors in this roduct. The first and simlest case is a 1. 3.10. Theorem. Let be an odd rime. Then THM ( { First 1 ( 1 ( 1/ 1 if 1 mod 4, sulement 1 if 3 mod 4. to LQR Proof. By Corollary 3.7, we have that ( 1 ( 1 ( 1/ mod. Equality follows, since both sides are ±1. This says that when 1 mod 4, there is a square root of 1 mod. It is even ossible to write down such a square root exlicitly. Let m + 1. Then (m! ( 1 m 1 m ( m ( ( 1 ( 1 m 1 m (m + 1 ( 1 ( 1 m ( 1! ( 1 m+1 mod. In the last ste, we have used Wilson s Theorem ( 1! 1 mod. This can be roved by airing each factor with its inverse mod in the roduct giving the factorial ( 1!. The only unaired factors are 1 and 1 (which are there own inverses. We see therefore that (m! 1 mod, when m is even and hence 1 mod 4. There is however no efficient way of comuting m! mod, so that this formula is useless for ractical uroses. In the other case, 3 mod 4, we have that (m! 1 mod, and so m! ±1 mod. One can ask which sign we get. It turns out that for > 3, the sign is determined by the residue class mod 4 of the class number h of Q(. If h 1 mod 4, then m! 1 mod, and if h 3 mod 4, then m! 1 mod (in this case, h is always odd.
3. The Law of Quadratic Recirocity 15 The next ste is to consider a. Here is a small table. 1 3 5 7 9 11 13 15 17 19 1 3 5 7 9 31 ( + + + + ( Extending this table, one is led to the conjecture that deends only on mod ( ( 8; more recisely, it looks like 1 when 1 or 7 mod 8 and 1 when 3 or 5 mod 8. If we want to rove such a statement, we need to exress the Legendre symbol in some other way. This is achieved by the following result due to Gauß. 3.11. Lemma. Let be an odd rime number. Let further S Z be a subset with LEMMA #S ( 1/ and such that {0} S S is a comlete system of reresentatives mod. (For examle, we can take S {1,,..., ( 1/}. Then for a Z with Gauß Lemma on a, we have that ( quadratic a residues ( 1 #{s S as S}. Here S { s s S} denotes the set of residue classes mod reresented by elements of S. Whether a is a quadratic residue or not therefore deends on how many of the residues in S change sides when multilied by a. Proof. For each s S there are unique t(s S and ε(s {±1} such that as ε(st(s mod. The ma S s t(s S is then a ermutation of S. It is sufficient to show that it is injective. So assume that s, s S with t(s t(s. Then as ±as mod, so (since a is invertible mod s ±s mod. By the choice of S. this is only ossible when s s. Modulo, we then have the following congruences. ( a s a ( 1/ s s S s S s S(as C.F. Gauß (1777 1855 s S(ε(st(s ε(s s s S s S ( 1 #{s S ε(s 1} s. s S Since does not divide the roduct s S s, it follows that ( a ( 1 #{s S ε(s 1} ( 1 #{s S as S} mod, which imlies the desired equality (both sides are ±1. If we take a 1 in the lemma, then we recover Theorem 3.10. ( We can now rove our conjecture regarding.
3. The Law of Quadratic Recirocity 16 3.1. Theorem. Let be an odd rime. Then THM ( { Second 1 if ±1 mod 8, ( 1 ( 1/8 sulement 1 if ±3 mod 8. to LQR Proof. We use Lemma 3.11 with the standard choice { S 1,, 3,..., 1 }. We have to count the elements of S that (when considered mod end u outside of S after doubling. For a given s S, this is the case exactly when s > ( 1/, so for ( 1/4 < s ( 1/. (Note that s <, so there is no ossibility of wraing around. The number of these elements is given by n( 1 1. 4 We determine n( for the various residue classes of mod 8 in the following table. ( n( ( What about q 8k + 1 k +1 8k + 3 k + 1 1 8k + 5 k + 1 1 8k + 7 k + +1 when q is a fixed odd rime and we let vary? As before for a, we can make tables for a 3 and a 5 (say. This leads us to conjecture that ( { } { ( 3 1 if ±1 mod 1, 3 if 1 mod 4, 1 if ±5 mod 1; ( if 1 mod 4; 3 ( { } 5 ( 1 if ±1 mod 5,. 1 if ± mod 5. 5 For larger rimes q we observe similar atterns: for q 1 mod 4, it looks like the result deends only on mod q, and for q 4 mod 4, it looks like the result deends only on mod 4q. Both cases can be combined into the following result, whose first comlete roof was found by Gauss in 1796. (Gauss found quite a few more roofs in the course of his life. 3.13. Theorem. Let and q be distinct odd rimes. Then THM ( ( ( Law of q ( 1 1 q 1 Quadratic q q Recirocity ( if 1 mod 4 or q 1 mod 4, q ( if 1 mod 4 and q 1 mod 4. q Here we use the notation ( 1 ( 1/, so for 1 mod 4 and for 1 mod 4.
3. The Law of Quadratic Recirocity 17 q - 1 X q + 1 4 1 1 + 1 4-1 Figure 1. Sketch for the roof of Theorem 3.13. Here 47, q 9 with m 11, n 7. Proof. This roof is again based on Gauss Lemma 3.11. Since there are now two Legendre symbols to deal with, we need to fix two sets { S 1,,..., 1 } { and T 1,,..., q 1 }. Set m #{s S qs S} (mod and n #{t T t T } (mod q. Then ( ( q ( 1 m ( 1 n ( 1 m+n. q The task is therefore to determine the arity of m + n. If qs s mod for some s S (so that s contributes to m, then there is a uniquely determined t Z such that t qs s S, so 0 < t qs ( 1/. This number t must be in T, since t > qs > 0 and t 1 + qs (q + 1 1 < q + 1 which imlies that t < (q + 1/. Since q is odd, this means t (q 1/. This gives { m # (s, t S T 0 < t qs 1 }. In the same way, we obtain that { n # (s, t S T q 1 } t qs < 0. Since t qs is never zero when s S and t T, this shows that m + n #X with { X (s, t S T q 1 t qs 1 }. We claim that this set X lies symmetrically with resect to the midoint or the rectangle [1, 1 q 1 +1 ] [1, ]. Reflection in the oint (, q+1 moves (s, t 4 4,
to (s, t ( +1 s, q+1 t, and ( q + 1 t qs t This imlies that t qs 1 t qs q 1 3. The Law of Quadratic Recirocity 18 ( + 1 q s q (t qs. t qs q 1 t qs 1, i.e., (s, t X (s, t X. Since the only fixed oint of the reflection is the midoint ( +1, q+1 and this oint is in X if and only if it has integral coordinates, 4 4 we see that #X is odd + 1 4, q + 1 Z 1 mod 4 and q 1 mod 4. 4 This roves the theorem. 3.14. Examle. We can use the Law of Quadratic Recirocity to comute Le- EX gendre symbols in the following way. Legendre ( ( ( ( ( ( ( 67 109 4 3 7 3 7 symbol via LQR 109 67 67 67 67 67 67 ( ( ( ( 67 67 1 4 ( 1( ( 1 3 7 3 7 The disadvantage of this method is that we need to factor the numbers occurring on the way. This can be very involved when these numbers are large. (There is no known efficient factorization algorithm. We can avoid this roblem by extending the definition of the Legendre symbol in such a way that we allow arbitrary odd integers in the denominator instead of just odd rime numbers. 3.15. Definition. Let a, n Z with n odd, where n has rime factorization DEF n ± e 1 1 e... e k k. We define the Jacobi symbol by Jacobi ( symbol a k ( ej a. n j1 j and Of course, the Jacobi symbol agrees with the Legendre symbol whenever n is an odd rime, so it makes sense to write them in the same way. The Jacobi symbol has the following roerties that generalize the corresonding roerties of the Legendre symbol. ( a (1 0 if and only if gcd(a, n 1. n ( ( a b ( If a b mod n, then. n n ( ab ( b (3. (3 n ( a mn ( a n ( a m n ( a. (This is imlied by the definition. n C.G.J. Jacobi (1804 1851
(4 3. The Law of Quadratic Recirocity 19 ( a 1 if a n and a is a square mod n. n Warning. The converse of the last imlication is false in general when n is not a rime. For examle, we have that ( ( ( ( 1 ( 1 1, 15 3 5 but is not a square mod 15 (since is a quadratic nonresidue mod 3 and also mod 5.! However, the most imortant roerty of the Jacobi symbol is that the Law of Quadratic Recirocity and its sulements remain valid in this more general setting. 3.16. Theorem. Let m, n Z be ositive and odd. Then THM ( 1 (1 n ( ( n ( m (3 n ( 1 n 1. ( 1 n 1 8. ( 1 m 1 n 1 ( n m. LQR for the Jacobi symbol Proof. We first show that n ( 1 (n 1/ and n ( 1 (n 1/8 are multilicative as mas from 1 + Z to {±1}. Since the value deends only on n mod 4 (res., n mod 8, this is a finite verification. In a similar way one checks that (m, n ( 1 (m 1(n 1/4 is multilicative in both arguments. Alternatively, we can roceed as follows. nn 1 n 1 n 1 (n 1(n 1 Z, since n and n are both odd. Similarly, (nn 1 8 This imlies that n 1 8 (n 1 8 (n 1((n 1 8 ( 1 nn 1 ( 1 n 1 ( 1 n 1 and ( 1 (nn 1 8 ( 1 n 1 8 ( 1 (n 1 8. Z. There is an argument along the same lines that shows the multilicativity of ( 1 (m 1(n 1/4 in m and n. This now imlies that in all three statements above, both sides are multilicative in m and in n. This allows us to reduce the claims to the case of rime numbers (m and n, which gives us exactly the known theorems 3.10, 3.1 and 3.13.
3. The Law of Quadratic Recirocity 0 3.17. Examle. We comute ( 67 109 again. EX ( ( ( ( ( ( ( Using the 67 109 4 1 67 4 ( 1 1 Jacobi 109 67 67 67 67 1 1 symbol This shows that one can comute Legendre (or Jacobi symbols essentially in the same way as one comutes a gcd using the Euclidean Algorithm. The only difference is that one has to ull out factors of and treat them searately. Euler s Criterion 3.7 does not generalize to aly to the Jacobi symbol. Euler s generalization of Fermat s little theorem says that a ϕ(n 1 mod n for all n Z 1 and all a Z with a n, where ϕ(n #{a Z : 0 a < n, a n} denotes the Euler totient function. So one could hoe that a ϕ(n/ ( a n mod n for odd n. But we have for examle that a ϕ(15/ 1 mod 15 for all a such that a 15, even though the Jacobi symbol ( a 15 also takes the value 1 (e.g., for a 7. The exectation that a (n 1/ ( a n mod n is even more wrong. However, this can be turned around to give a test that can show that n is not a rime number: we ick an a {, 3,..., n } at random and check the congruence above (we can comute both sides mod n efficiently. If it does not hold, then n cannot be a rime number. This is the so-called Solovay-Strassen Primality Test. The Jacobi symbol allows us to rove the following result (that can also be formulated for the Legendre symbol by restricting n to be a rime number in an elegant way.! 3.18. Theorem. Let a Z\{0}. Then the value of ( a n (for n > 0 odd deends THM n ( a only on n mod 4a. n is eriodic Proof. We write a ε e m with m odd, m > 0, and ε ±1. By Theorem 3.16, ( ( ( e ( a ε m n n n n ( ( e ( ε n ( 1 (m 1(n 1/4 n n m ( ε( 1 (m 1/ (n 1/( ( ( 1 e (n 1/8 n. m The first factor deends at most on n mod 4. If the second factor is nontrivial, then e > 0, imlying that m a, and the second factor deends only on n mod 8. Finally, the last factor deends only on n mod m. In total, ( a n deends only on n mod m, if a 4 k m with m 1 mod 4; n mod 4m, if a 4 k m with m 3 mod 4; n mod 8m, if a 4 k m with m mod 4. We have in all cases that m, 4m or 8m divides 4a. I will now demonstrate how the Law of Quadratic Recirocity can be used to show that a Diohantine Equation has no solution. The following equation was
3. The Law of Quadratic Recirocity 1 studied indeendently by Lind 5 and Reichardt. 6 We can reduce from nontrivial to rimitive integral solutions in the same way as for Fermat s equation in Section. 3.19. Theorem. The equation X 4 17 Y 4 Z has no rimitive integral THM solutions. It can be shown that the equation has nontrivial real solutions (this is clear and that it has rimitive solutions mod n for all n 1. (A trile (x, y, z Z 3 is a rimitive solution mod n, if x 4 17y 4 z mod n and gcd(x, y, z, n 1. So reduction mod n is not sufficient to rove the theorem, and we need a better method. Proof. Let (X, Y, Z Z 3 be a rimitive solution. Let be an odd rime divisor of Z. Note that Z 0, since 17 is not a fourth ower in Q. cannot be 17, since otherwise X and then also Y would have to be divisible by 17, contradicting gcd(x, Y, Z 1. Considering the equation mod, we get that X 4 17 Y 4 ; in articular, 17 must be a quadratic residue mod. The LQR 3.13 then shows that ( 17 ( 17 1. By the two sulements 3.10 and 3.1, we also have that ( ( 1 1. 17 17 Since Z is a roduct of owers of 1, and its odd rime divisors, it follows that Z is a quadratic residue mod 17, so there is some W Z such that W Z mod 17. This leads to the congruence X 4 W 4 mod 17, where W 0 mod 17. Multilying by an inverse of W 4 mod 17, this gives U 4 mod 17 for a suitable U Z. This congruence now has no solution, which gives the desired contradiction. (Note that the square roots of mod 17 are ±6, neither of which is a quadratic residue mod 17. Thm. of Lind and Reichardt 5 Carl-Erik Lind, Untersuchungen über die rationalen Punkte der ebenen kubischen Kurven vom Geschlecht Eins, Usala: Diss. 97 S. (1940. 6 Hans Reichardt, Einige im Kleinen überall lösbare, im Grossen unlösbare diohantische Gleichungen, J. reine angew. Math. 184, 1 18 (194.